Cryptography-Digest Digest #905, Volume #13 Thu, 15 Mar 01 12:13:01 EST
Contents:
Re: PGP "flaw" (Tony L. Svanstrom)
Re: Quantum Computing & Key Sizes (Tony L. Svanstrom)
Re: PGP "flaw" (Tony L. Svanstrom)
Between Silk And Cyanide - Identity checks. (Matthew GC)
Win98 .PWL files ([EMAIL PROTECTED])
RSA ("Joost van der Meer")
Re: Between Silk And Cyanide - Identity checks. (Joe H. Acker)
Re: Between Silk And Cyanide - Identity checks. (Joe H. Acker)
Re: RSA ("Tom St Denis")
Re: Crypto idea (John Joseph Trammell)
Is SHA Copyrighted? Can It Be Exported? ("Ace Bezerka")
Re: Between Silk And Cyanide - Identity checks. (Joe H. Acker)
Re: Is SHA Copyrighted? Can It Be Exported? ("Tom St Denis")
ERRATA "Secret key" should be "private key" (Frank Gerlach)
Re: Between Silk And Cyanide - Identity checks. (Matthew Stanfield)
Re: Is SHA Copyrighted? Can It Be Exported? (Kent Briggs)
Re: SSL secured servers and TEMPEST (Mark Currie)
Re: Between Silk And Cyanide - Identity checks. (Matthew Stanfield)
re: pgp flaw ("Public " <[EMAIL PROTECTED]>)
Re: Is SHA Copyrighted? Can It Be Exported? (Jerry Coffin)
----------------------------------------------------------------------------
Subject: Re: PGP "flaw"
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Date: Thu, 15 Mar 2001 13:14:11 GMT
Mxsmanic <[EMAIL PROTECTED]> wrote:
> "Tony L. Svanstrom" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
>
> > You can't help but think about that - first a serious(ish) security
> > problem is discovered, then a few months after patching that up they
> > stop releasing the source code.
>
> I think they are motivated by greed, not a desire to compromise security.
So do I, but I think that a lil bit of paranoia might make them look at
what they market actually wants... ;-)
/Tony
------------------------------
Subject: Re: Quantum Computing & Key Sizes
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Date: Thu, 15 Mar 2001 13:14:10 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> Simon Johnson wrote:
> > Whats special about a quantum computer ...?
>
> The idea is that it can process a superposition of possible
> states simultaneously, a way of getting massive parallelism.
> That raises further questions, like how can one read out the
> answer. Best to read a tutorial somewhere.
Reading the answer... hmmm... binary code that you get in dead / not
dead cats? ;-)
/Tony
------------------------------
Subject: Re: PGP "flaw"
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Date: Thu, 15 Mar 2001 13:14:12 GMT
Brian D Jonas <[EMAIL PROTECTED]> wrote:
> The reason I am on this so much, is that I have spent the last 8 months of
> my college free time writing an encryption e-mail client. PGP would
> obviously be an alternative to my program. These are reasons why someone
> would not want to use PGP, but instead perhaps use my program (not that
> there is a direct comparison). However, PGP is obviously the major player
> here. With 10mil users out of 400mil on the net, they are the microsoft of
> the encryption world.
Just make sure that your client talks openPGP - that way your users will
get the security as well as actually having some to send
encrypted/signed messages to.
/Tony
------------------------------
From: Matthew GC <[EMAIL PROTECTED]>
Subject: Between Silk And Cyanide - Identity checks.
Date: Thu, 15 Mar 2001 14:11:27 GMT
Hi,
I have just finished the excellent book by Leo Marks _Between Silk And
Cyanide_, about Marks's work as head of agent's codes in the Special
Operations Executive during WWII, and have a question.
Marks mentions a method of creating identity checks for agents recruited
in the field. Lets say Alice is an agent for Bob and they use one time
pads (OTP) to communicate. Alice is behind enemy lines and trains Roger
(a Resistance member) to use OTP's and gives him some pads. Alice has an
identity check so that if caught and tortured by Gerald (the Gestapo)
Bob will know if their communication is compromised; such an identity
check might be to add 2 to the first letter in a grouping on an OTP and
three to the fifth and might also involve the omission of a specific
phrase ("I miss London", say).
But how does Alice give Roger an identity check that won't be
compromised even if Alice is caught by Gerald so that Roger can still
safely communicate with Bob? In other words Alice somehow gives Roger a
security check that even Alice doesn't know so she can't reveal it under
torture to Gerald.
Marks says that the solution is astonishingly simple, but has been asked
not to reveal it in his book. I am intrigued. What was his solution?
Many thanks and regards,
..matthew
------------------------------
From: [EMAIL PROTECTED]
Subject: Win98 .PWL files
Date: Thu, 15 Mar 2001 14:45:26 GMT
I was wondering if anyone knows the format for windows 98's
.PWL files. Basically I need to know how to recreate one
from scratch. Im looking for any information on how it stores
the initial login password as well. I read a document by Peter
Gutmann about .PWL files but it appears to be related to Win95
.PWL files? Am I mistaken? I appreciate any help.
-Moe Harley
[EMAIL PROTECTED]
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: "Joost van der Meer" <[EMAIL PROTECTED]>
Subject: RSA
Date: Thu, 15 Mar 2001 16:10:06 +0100
Hello,
I've got to make an assignment for school about the RSA encryption system. I
want to write a example, but I can't calculate the private key D. Is there
anybody who can give me a whole example (prime numbers ( P&Q) and exponents
(e&d) ???
Thanks,
Joost
------------------------------
From: [EMAIL PROTECTED] (Joe H. Acker)
Subject: Re: Between Silk And Cyanide - Identity checks.
Date: Thu, 15 Mar 2001 16:19:52 +0100
Matthew GC <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I have just finished the excellent book by Leo Marks _Between Silk And
> Cyanide_, about Marks's work as head of agent's codes in the Special
> Operations Executive during WWII, and have a question.
>
> Marks mentions a method of creating identity checks for agents recruited
> in the field. Lets say Alice is an agent for Bob and they use one time
> pads (OTP) to communicate. Alice is behind enemy lines and trains Roger
> (a Resistance member) to use OTP's and gives him some pads. Alice has an
> identity check so that if caught and tortured by Gerald (the Gestapo)
> Bob will know if their communication is compromised; such an identity
> check might be to add 2 to the first letter in a grouping on an OTP and
> three to the fifth and might also involve the omission of a specific
> phrase ("I miss London", say).
>
> But how does Alice give Roger an identity check that won't be
> compromised even if Alice is caught by Gerald so that Roger can still
> safely communicate with Bob? In other words Alice somehow gives Roger a
> security check that even Alice doesn't know so she can't reveal it under
> torture to Gerald.
>
> Marks says that the solution is astonishingly simple, but has been asked
> not to reveal it in his book. I am intrigued. What was his solution?
Okay, Alice knows her identity check and will reveal it to Gerald, but
she should not be able to reveal Rogers identity check to Gerald. Why
can't she just tell Roger to add number 2 of the OTP to number 6 of the
OTP as an identity check? If she doesn't know Rogers OTPs by heart, she
cannot reveal this check to Gerald, because he doesn't posses Rogers
OTPs.
Or would this weaken the OTP?
Regards,
Erich
------------------------------
From: [EMAIL PROTECTED] (Joe H. Acker)
Subject: Re: Between Silk And Cyanide - Identity checks.
Date: Thu, 15 Mar 2001 16:27:35 +0100
Joe H. Acker <[EMAIL PROTECTED]> wrote:
> Okay, Alice knows her identity check and will reveal it to Gerald, but
> she should not be able to reveal Rogers identity check to Gerald. Why
> can't she just tell Roger to add number 2 of the OTP to number 6 of the
> OTP as an identity check? If she doesn't know Rogers OTPs by heart, she
> cannot reveal this check to Gerald, because he doesn't posses Rogers
> OTPs.
Nah, sorry for this dumb quickshot. Of course, the identity check is for
the case when Gerald finds Rogers OTPs, so this won't work...
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: RSA
Date: Thu, 15 Mar 2001 15:34:32 GMT
"Joost van der Meer" <[EMAIL PROTECTED]> wrote in message
news:98qlev$e4h$[EMAIL PROTECTED]...
> Hello,
>
> I've got to make an assignment for school about the RSA encryption system.
I
> want to write a example, but I can't calculate the private key D. Is there
> anybody who can give me a whole example (prime numbers ( P&Q) and
exponents
> (e&d) ???
>
What big num library are you using? Most good ones come with mod inverse
functions.
Tom
------------------------------
From: [EMAIL PROTECTED] (John Joseph Trammell)
Subject: Re: Crypto idea
Date: Thu, 15 Mar 2001 15:43:02 GMT
On Thu, 15 Mar 2001 08:58:17 +0200, Panu H�m�l�inen <[EMAIL PROTECTED]> wrote:
> br wrote:
>> Cryptanalysis use dictionaries as way to find a solution. They suppose
>> that the clear message is wrote without spelling mistakes.
>> I can write a message like "I love you" as " Ay lov u" or "Ilovu"etc....
>> So how cryptanalists could know before my specific spelling of I love
>> you.
> Couldn't you just translate the message into another language?
Navajo code talkers, anyone?
------------------------------
From: "Ace Bezerka" <[EMAIL PROTECTED]>
Subject: Is SHA Copyrighted? Can It Be Exported?
Date: Thu, 15 Mar 2001 09:56:45 -0500
Does anyone know if SHA is copyrighted? Can it be freely used in programs
(like Blowfish)? Can it be exported?
------------------------------
From: [EMAIL PROTECTED] (Joe H. Acker)
Subject: Re: Between Silk And Cyanide - Identity checks.
Date: Thu, 15 Mar 2001 16:52:12 +0100
Here's my second trial :)
When Alice hands out the OTPs to Roger, she may not take a look at them.
Then, Roger learns some numbers of the first OTP he got, and immediately
destroys the OTP. From now on, he uses these numbers as identity. Alice
does not know the numbers, but the recipient overseas knows them. Gerald
does not know the numbers if he finds Rogers remaining OTPs, only when
he catches Roger himself.
Regards,
Erich
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Is SHA Copyrighted? Can It Be Exported?
Date: Thu, 15 Mar 2001 16:09:58 GMT
"Ace Bezerka" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Does anyone know if SHA is copyrighted? Can it be freely used in programs
> (like Blowfish)? Can it be exported?
Um apparently you have some to learn about crypto. SHA is not a block
cipher and is therefore not guarded against like one. SHA is free and you
can use it in anything you like.
Tom
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: ERRATA "Secret key" should be "private key"
Date: Thu, 15 Mar 2001 17:12:35 +0100
sorry for using wrong terminology..
------------------------------
From: Matthew Stanfield <[EMAIL PROTECTED]>
Subject: Re: Between Silk And Cyanide - Identity checks.
Date: Thu, 15 Mar 2001 16:10:34 GMT
"Joe H. Acker" wrote:
> Nah, sorry for this dumb quickshot. Of course, the identity check is for
> the case when Gerald finds Rogers OTPs, so this won't work...
Exactly. Or if Roger is captured and can't successfully lie about his
identity checks.
BTW I didn't mention that Marks also says that the solution doesn't
involve the passing of paper. So Alice can't have a load of id checks
written down in numbered sealed envelopes that only Bob has seen - for
obvious reasons concerning Gerald.
I've just thought of a possible solution. Could the ID check be based on
the date of the first communication between Bob and Roger? Add the day
number to the first letter in an OTP grouping and then something similar
with the month? Roger then doesn't tell Alice when he first
communicates. However this wouldn't work if Alice and Roger are captured
before Roger has communicated at all or if it's hard for Alice not to
know when Roger first communicates with Bob. Also Gerald might intercept
Roger's first transmission before he is captured and realizes this is so
because of details forced out of Alice. So I don't think this is correct
although it could be improved on by using the hour of transmission in 24
hr clock instead of the day/month.
..matthew
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: Is SHA Copyrighted? Can It Be Exported?
Date: Thu, 15 Mar 2001 10:16:29 -0600
Ace Bezerka wrote:
> Does anyone know if SHA is copyrighted? Can it be freely used in programs
> (like Blowfish)? Can it be exported?
Algorithms are not subject to copyright. Patents are another story. SHA was
developed by the U.S. government and is unencumbered. Hashing functions are
not subject to U.S. export restrictions. So No, Yes, and Yes are the answers
to your questions.
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
Subject: Re: SSL secured servers and TEMPEST
From: [EMAIL PROTECTED] (Mark Currie)
Date: 15 Mar 2001 16:15:38 GMT
OK, perhaps I didn't understand you. Many (most?) SSL servers don't use
security modules, the private key is used in the app server itself. Some (many
?) SSL servers use a hardware signature accelerator to ease the load on the app
server. The hardware accelerator has no tamper proofing or shielding and in
fact the private key may even be sent to the accelerator by the app server.
Some (few ?) use tamper-proof and shielded security modules. In the security
module case, the private key can be generated, stored and used only within the
security module. The FIPS 104-1 level 4 spec is the highest commercial security
module standard in America covering hardware security mechanisms. It only
requires commercial EMI certification (FCC). Well designed security modules are
much quieter than that.
Where your coming from is - can you completely hide emmissions ? No you can't,
but for an outside attacker to exploit the emmissions that you are talking
about you would probably need to have the resources that only government
agencies may have. Commercial security can only hope to follow government
security due to available resources and budget. Commercial security vendors can
only charge so much for their products.
Mark
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>Mark Currie wrote:
>>
>> Hi,
>>
>> A TEMPEST-hardened security module can be used which only allows the
clear-text
>> private key to exist during a signature operation. At all other times, the
>> private key is encrypted with a long-term key that is protected with in
>> the security module's tamper-proof memory. This way the clear-text
signatures
>It seems that you did not understand me. I was referring to the
>emanations generated by the cryptographic processor (which is embedded
>in the "tamper proof"/"TEMPEST hardened" module). It is not possible to
>create an airtight faraday cage (because you need to transfer a lot of
>bits) - only an approximation of that. This means that electromagnetic
>emanations will be created on every RSA operation.
>And by the way, the secret key *cannot* ly idle in memory, it must be
>transferred to the crypto processor's RSA arithmetic processor every
>time a symmetric SSL key is to be exchanged. Which happens hundreds of
>times a second on busy sites.
>The problem is that even very faint signals might be recovered, if they
>are transmitted millions of times, although I think it is on one hand
>more difficult than with CRT signals, as the RSA operations are not
>occuring in strictly synchronous intervals.
------------------------------
From: Matthew Stanfield <[EMAIL PROTECTED]>
Subject: Re: Between Silk And Cyanide - Identity checks.
Date: Thu, 15 Mar 2001 16:29:38 GMT
> Here's my second trial :)
>
> When Alice hands out the OTPs to Roger, she may not take a look at them.
> Then, Roger learns some numbers of the first OTP he got, and immediately
> destroys the OTP. From now on, he uses these numbers as identity. Alice
> does not know the numbers, but the recipient overseas knows them. Gerald
> does not know the numbers if he finds Rogers remaining OTPs, only when
> he catches Roger himself.
An expansion of this idea might work.
On OTPs there are groupings of letters that are transmitted in plain
text to identify which OTP is in use. What Roger could do in his first
message to Bob is within the cypher text to specify another OTP by its
id letter group and then specify which of this OTP's letter groupings he
will use to modify every OTP he uses in future. Then of course he would
destroy the OTP that he is using for his identity check. This however
wouldn't work if Roger and Alice are captured before Roger has
transmitted his first communication to Bob.
Any other ideas? I must admit that I assumed there would be a widely
known solution to this problem, it being perfect as a text book exercise
or one taught in cryptography classes.
Regards,
..matthew
------------------------------
Date: Thu, 15 Mar 2001 11:00:46 -0600
From: "Public <Anonymous_Account>" <[EMAIL PROTECTED]>
Subject: re: pgp flaw
=====BEGIN PGP SIGNED MESSAGE=====
with regard to the ADK bug, it did not work on v3 RSA keys at all
{even though the original discoverer, Ralf Senderek, described a way of
altering an rsa3 key into an an rsa v4 type, and adding an adk key, this
would be rejected by pgp classic 2.6.x}
it was further fixed in the c-kt builds of 6.5.8 so that a user could
choose to disallow the ADK option altogether.
All c-kt builds have released source code, and are available at Imad R.
Faiad's PGP page: http://www.ipgpp.com
vedaal
=====BEGIN PGP SIGNATURE=====
Version: 6.5.8ckt: build 4 < http://www.ipgpp.com/>
Comment: { Acts of Kindness better the World, and protect the Soul }
Comment: KeyID: 0x6A05A0B785306D25
Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA
iQEVAwUBOrDwlmoFoLeFMG0lAQG4QAgAm1f+gYJfaUc87ThGLWOcp8dKrwVeqfkh
ZD2rDBKEWGqb1fvXyrdUcZiPbwdcuwXAVmGSh761Fl2ZNWHR0jCKsC9WaVySMtee
LOxH7of/2ZvyYhK0+iR/WCL9jHxY/9qLupUcMT529RFHp+setHVX3Ph53XjwqLtI
ttnpXL8hYCovKNK4ZNfQYzBV0jpSTN/hHE4At3fa8MmEbTcP5VP1nX7z11K67OGn
zo6oitzNsW4lfZWvMe86noQGDqHswAepmuGQ4xcloiL1dcCnp28v9k/y0QCrpZkf
rY+bpF/6fbklaSqjv+C8R3JELaFHX8h1sO+6hLvCSxS1KbP4ordAhg==
=thes
=====END PGP SIGNATURE=====
---
This message did not originate from the Sender address above.
It was posted with the use of anonymizing software at
http://anon.xg.nu
---
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Is SHA Copyrighted? Can It Be Exported?
Date: Thu, 15 Mar 2001 10:08:30 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> Does anyone know if SHA is copyrighted? Can it be freely used in programs
> (like Blowfish)? Can it be exported?
SHA is freely usable for almost any purpose (including export)
without getting permission from anybody. More importantly, SHA-1
(its improved replacement) is as well. It's theoretically possible
that some patent could apply to almost anything, so you could get hit
with something after the fact, but if there's a patent that covers
SHA or SHA-1, that fact is not widely known at the present time -- if
you get sued for infringement, you're likely to have a LOT of
company. Given that SHA and SHA-1 are based on the MD- series of
hashes, most of the concepts involved are old enough that even if
somebody had patented something about them at one time, chances are
pretty good that the patents would have expired by now anyway.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
