Cryptography-Digest Digest #938, Volume #13 Mon, 19 Mar 01 03:13:01 EST
Contents:
Re: Is SHA-1 Broken? (Jim Steuert)
Re: Is SHA-1 Broken? (Paul Rubin)
Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (SCOTT19U.ZIP_GUY)
Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (SCOTT19U.ZIP_GUY)
Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (SCOTT19U.ZIP_GUY)
Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (SCOTT19U.ZIP_GUY)
Re: Idea (SCOTT19U.ZIP_GUY)
Re: Idea (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: Jim Steuert <[EMAIL PROTECTED]>
Subject: Re: Is SHA-1 Broken?
Date: Mon, 19 Mar 2001 00:19:57 -0500
Reply-To: Jim, Steuert
Yes, it is a doctoral thesis (dated Jan 99) that I found at
www.cs.princeton.edu/sip/pub/ddean-dissertation.php3
To quote (except) from the abstract:
"...Finally, we turn our attention to cryptographic hash functions
and their analysis with binary decision diagrams (BDDs). We show
that three commonly used hash functions (MD4, MD5, and SHA-1)
do not offer ideal strength against second preimages..."
Paul Rubin wrote:
> Jim Steuert <[EMAIL PROTECTED]> writes:
> > Is SHA-1 Broken? In a recent thesis by Richard Drews Dean, he
> > supplies initial values for SHA-1's A,B,C,D,and E for which the
> > input block "abc" (in ascii, padded and Merkle-Damgard
> > strenghtened), is a fixed point.
>
> What precisely does the result say?
>
> Is the thesis available online? How about offline?
>
> Thanks.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Is SHA-1 Broken?
Date: 18 Mar 2001 22:04:16 -0800
Jim Steuert <[EMAIL PROTECTED]> writes:
> Yes, it is a doctoral thesis (dated Jan 99) that I found at
> www.cs.princeton.edu/sip/pub/ddean-dissertation.php3
>
> To quote (except) from the abstract:
> "...Finally, we turn our attention to cryptographic hash functions
> and their analysis with binary decision diagrams (BDDs). We show
> that three commonly used hash functions (MD4, MD5, and SHA-1)
> do not offer ideal strength against second preimages..."
Thanks, that's interesting. I wonder if anyone is using the BDD tools
to examine other ciphers, like AES/Rijndael.
I wouldn't say the hash functions are "broken", or anyway they're less
"broken" than MD5 is due to Dobbertin's finding collisions in the
compression function. However, easily discovered short cycles in a
hash function are surely not a good thing.
I haven't looked at the description carefully enough to figure out whether
the attack is stopped by constructions like HMAC.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION
Date: 19 Mar 2001 06:36:40 GMT
[EMAIL PROTECTED] (John Savard) wrote in
<[EMAIL PROTECTED]>:
>On 18 Mar 2001 19:21:41 GMT, [EMAIL PROTECTED]
>(SCOTT19U.ZIP_GUY) wrote, in part:
>
>> Getting back to some of your stuff. I liked the write up on
>>the huffman table you did for english letters. I just wished you
>>did it with a space as well as the 26 letters.
>
>Well, it certainly can be done with a space, although then the tree
>isn't quite as good a fit. I just did this as an example.
>
>Since in English text, you don't have two spaces in a row, and you
>have spaces regularly every so many letters, what you *really* should
>do for English text is have a second Huffman code table based on the
>frequency of different word lengths.
Yes at least use a varing tree so based on possible words
that your in the tree is optimized for next possible letter.
And when a space has occured you could make it so that it even
is not allowe in next tree.
>
>Then you alternate between two states: first, a word length symbol,
>then as many letter symbols as the specified word length, and then
>back to the word length symbol and so on. This is a better fit to text
>than a straight Huffman code including a space symbol would be.
>
>Of course, it isn't as good as using a dictionary of words either, but
>for something short to type in as a program, one can add a Lempel-Ziv
>type on-the-fly dictionary builder (but this time using *real words*
>instead of bit strings!!! and so the pointer would be "n words back",
>not "n bits back" or even "n characters back", making it smaller).
>
>I think good compression is worth looking into; I just don't claim
>that it is going to solve a lot of problems necessarily, because I
>don't want to start arguments.
>
>John Savard
>http://home.ecn.ab.ca/~jsavard/crypto.htm
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION
Date: 19 Mar 2001 06:32:17 GMT
see.signature (Nicol So) wrote in <[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" wrote:
>>
>> Whan an attacker tries a wrong key it will always decrypt to
>> a valid message full of english words.
>
>I understand that you're a proponent of compression schemes in which
>arbitrary bit strings are valid encodings (or valid encodings of
>sentences in some source language). I've considered compression schemes
>like that before and came to several conclusions.
>
>(1) Regardless of whether arbitrary bit strings are decodable, a good
>compression scheme generally removes many possibly useful patterns in
>the source language.
>
>(2) Compression improves utilization of bandwidth.
>
>(3) A compression (encoding) scheme in which arbitrary strings are
>encodings decodes to a natural language is *not* a robust means to
>confuse the adversary.
>
>For the present discussion, (3) is the most relevant.
>
>As I have explained in another thread, achievable compression ratio is
>dependent on a prior knowledge of the properties of the message source.
>Characterizing messages from a source as valid English sentences
>represents only one degree of approximate knowledge; better predictive
>power (and hence compression ratio) can be achieved with more precise
>knowledge of the distribution of sentences based on the *context*. To
>see this, just look at some arbitrarily generated syntactic English
>sentences; the vast majority are non-sensical despite being
>syntactically correct. Even when individual sentences in a passage are
>grammatical, they don't look plausible if each one is on an unrelated
>subject. Even if all the sentences seem coherent, they still look
>implausible if they contradict each other or if they contradict known
>facts.
>
Yes most sentences coming from decompressing a random string of bits
that came from the wrong encryption key would be random nosense.
However when one use something like the AES 256 bit key RIHNDAEL
who cares if 99.99% are pure nonsense. At least a machine can not reject
the bad message as fast as one could when one is using poor decompression
that can't decompress the string from the wrong key.
This is only a first step to the compression. As programs get better
at detecting bad unreal sentences. So could those some principals
used in the detection be used in new compressors that use the same
principals. You have to start some where.
>It would take an extraordinarily intelligent compressor to assign
>codewords adaptively so that the most probable ideas to be expressed
>will be assigned the shortest codewords. It is far from clear how this
>can be done mechanically yet reliably.
>
It would take an extraordinary intelligent key testor to
quickly assertain that the sentence decoded was pure nonsense
so that the message could be totally rejected.
>Even if perfect compression of English based on context is achieved, an
>adversary with access to side-channels can still recognize redundancy in
>perfectly compressed messages--something *information-theoretically
>impossible* for a decompressor that doesn't have access to the
>side-channels.
>
>For a general purpose communication mechanism, you want to allow
>arbitrary messages to be sent. That means the set of support for the
>input message distribution is the set of all possible strings, not just
>valid English sentences. You can think of escape sequences in codes as
>an example means to achieve this goal.
I don't think this is needed. This was for only english sentences
as the way one talks. However after its is working one could extend it
if they wanted.
>
>The bottom line: (1) Characterizing messages from a source as valid
>English sentences is insufficient to achieve perfect compression; with
>enough message blocks, the accumulated residual redundancy will allow an
>adversary to discern valid decrypts from invalid ones. (2) It is
>possible that an adversary is in a superior position knowledge-wise than
>the intended recipient (because of side-channels), so even perfect
>compression may not be sufficient. This last point has robustness
>implications as you cannot control what side-information your adversary
>may or may not be able to learn.
>
Obviously the compression will not be perfect in ever sense of the
word, For a first start though it could eaily compress such that any
string would decompress uniquely to a set of english words. As to weather
they have meaning that is a different story. Most will not have meaning.
I think most of my writting have liitle meaning. I use the wrong
word all the time. I hate english. Simple words like read somtines
sound like the word reed and sometimes it sounds like the word red
yet the stupid thind is written as read. Why not just have one spelling
for a word. Hell is color color or is it colour. I think the Brits
spell differently than the Americans. It may be far better is used
code a set of phonetic sounds. You could have each work broken in
to phonetic sounds and just encrypt the sounds. ANyway its just an
idea.
I sm not trying to get perfect compression. I am trying to get
bijective compression from some fixed message set to the set of
all possible binary 8-bit files so that when a wrong key is tried
it will not be imediately rejected as bad when the compressor does
not properly decompress it to something that could have been the
original message. No matter how nonsenseacal it looks. One could
also have specail nonsense message meain something "alsa babalyon"
for a classic example.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION
Date: 19 Mar 2001 06:40:08 GMT
[EMAIL PROTECTED] (Henrick Hellstr�m) wrote in
<9936er$6p4$[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> skrev i meddelandet
>news:[EMAIL PROTECTED]...
>> I don't know much about DELPHI except it was part of a
>> general motors at one time. I prefer C. Was your code
>> perfectly bijective from english to encrypted binary files.
>> In otherwords could I take a 2 or 3 byte random file and
>> come back with words in such a way that for "any decryption key"
>> tested it would generate english words that when reencrypted
>> would come back to the same file.
>
>No, not really, but close enough. It created a dictionary tree and
>assigned a unique index to each leaf (word in the list). A plain text
>was coded by substituting each word for it's index. So if there were
>2**16 or less words in the list, each word was substituted for a 16-bit
>word, etc. A perfect transform would have to use arithemtic operations
>instead of cutting and pasting bytes.
>
From this last comment if you did not have quite 2**16 words
and used flat 16 bit words to paste in. Then it could not have
been fully bujective. But it still sounds like fun coding.
>
>> If so way to go. I would be more interested in your
>> dictionary file than the code. Since I have all the tools
>> necessary to do this in C. Just really lacking a good code
>> dictionary. Also I yet to see any fully bijective code
>> written for RIJNDEAL except the work of MATTs and the recent
>> thing I post where I use a batch stream and several bijective
>> programs to create a ture bijective encryption with RIJNDEAL to
>> the set of all binary 8-bit files.
>
>I did not use a fixed dictionary. The component was designed to parse
>any text file and create a dictionary out of it.
>
>>
>> David A. Scott
>> P.S. you never stated the name of the file that has this
>> having searched the net for many programs of this type I
>> have never come across one that does what your implying
>> your does. Also is not the dictionary very large is it
>> a seperate file. If so where is at and what is its format.
>
>Search Google with my name as search word. I named the file
>fhhsmtri.zip. It is a zip file, and it contains compiled files for
>Delphi 4. I will probably rewrite the code and release it freely when I
>get the time.
>
>
>--
>Henrick Hellstr�m [EMAIL PROTECTED]
>StreamSec HB http://www.streamsec.com
>
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION
Date: 19 Mar 2001 06:42:06 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>Joe H. Acker <[EMAIL PROTECTED]> wrote:
>: SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
>
>: I like your idea as well. Getting wordlists should be no problem, there
>: are plenty of them available on the Net as well as tools for joining
>: them into larger ones (search for "wordlist").
>
>For example: http://wordlists.security-on.net/download.html
>
>However, I think most wordlists are targetted towards password cracking,
>crossword solvers and other non-compression applications. Compression has
>some unique requirements. I think it's probably best to write a program
>to analyse lots of target text.
I think your correct best to do it all
and write code to make the list.
>
>: I think "hidden Markov models" is another keyword you might want
>: to watch out for.
>
>A huge HMM might - in principle - offer better compression of English than
>a big wordlist.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Idea
Date: 19 Mar 2001 06:50:01 GMT
[EMAIL PROTECTED] (Sundial Services) wrote in
<[EMAIL PROTECTED]>:
>:-/ Blunt words from someone who knows, never conceal the truth.
>
>"Pieces of paper" are merely products. They can be lucrative products
>to sell. They can be what they are supposed to be -- symbols that you
>have actually learned something, symbols that you can prove it -- but
>they rarely are.
>
>It's an irrefutable fact (1) that human beings are acutely aware of what
>they don't know, and (2) that they seek affirmation from external
>sources that they have actually accomplished something. The classical
>education system responded to this in a positive way by setting a high
>standard for students to cross and rewarding only those students who
>were capable of doing so. The "modern" system .. and this applies not
>only to traditional scholastics but also to industry training .. simply
>ensures that "no one will fail, therefore everyone will buy." It
>produces as a work-product a certificate that is actually worth much
>less in the marketplace than the person who is touting it believes it to
>be.
>
>"Retired engineers who worked on programming inertial guidance systems,"
>just like "programmers who learned their craft on university computers
>after browsing through the one and only book on programming that existed
>in their high school libraries, without knowing what the hell they were
>doing," stare at these certifications with disbelief and scorn.
>
Actually I did far more programming than the above. From DTL boolen
logic gate level design to numerous micro contorllers and computers
in all sorts of languages. To system programing on a UNIVAC where I
was on 24 hour call.
>And I suspect that employers, in the long run, do likewise. Somehow, we
>have entirely lost the concept of "apprenticeship." We have somehow
>espoused the notion that you can "earn a degree" and thus acquire the
>same level of =practical= education. But employers simply cannot afford
>to risk their businesses on this hypothesis: they are compelled to
>produce results, "or else." And well do they know this.
>
Sorry I am slow. I feel like I just watched a movie that was
building up to an ending and then stopped. Did you finish this
or was it cut off.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Idea
Date: 19 Mar 2001 06:58:53 GMT
[EMAIL PROTECTED] (John Joseph Trammell) wrote in
<[EMAIL PROTECTED]>:
>On 18 Mar 2001 19:50:25 GMT, SCOTT19U.ZIP_GUY wrote:
>>[EMAIL PROTECTED] (John Joseph Trammell):
>>>If you are so confident, prove to me that you're qualified to
>>>write a cryptosystem. :-)
>[rant snipped]
>
>What an emotional response. I must have touched a nerve.
>
>Let me know when you all decide to get around to working
>on cryptography instead of (a) frothing at the mouth or
>(b) taking wild stabs at cryptosystems.
>
I am working on crypto and will post in the next few days
an extension to my last batch post showing a use of RIJNDAEL
for simple character messages. That will be totally bijective
and yet have full authentication for users and message.
The encrypted out could be a short as one byte yet still
be a valid authenticated message. Shades of Benny and MTB.
>Oh, and lighten up. There's a smiley in the message for
>a reason. And learn how to use a spellchecker.
Time is to precious wasting it using a spell checker. Also
I would lose the thought mid sentence if trying to get every
word correct. Hell I did look up authentication and
RIJNDAEL is spelled write I hop.
Beside what good is it when I spell a word correctly but
write a different word than what I meant to write.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
