Cryptography-Digest Digest #941, Volume #13 Mon, 19 Mar 01 13:13:01 EST
Contents:
Re: Q: ANSI X9.68 certificate format standard (Anne & Lynn Wheeler)
Re: How to eliminate redondancy? (SCOTT19U.ZIP_GUY)
Re: Are prime numbers illegal ? (SCOTT19U.ZIP_GUY)
Re: SSL secured servers and TEMPEST (Mark Currie)
Re: How to eliminate redondancy? (SCOTT19U.ZIP_GUY)
Re: [OT] Why Nazis are evil (SCOTT19U.ZIP_GUY)
Re: How to eliminate redondancy? (SCOTT19U.ZIP_GUY)
Re: IP ("Henrick Hellstr�m")
AES encryption speed vs decryption speed ("Thierry Falissard")
Re: NTRU, continued... ("Dr. Yongge Wang")
My cypher system ("bookburn")
Re: Is SHA-1 Broken? (David Wagner)
Re: Is SHA-1 Broken? (David Wagner)
----------------------------------------------------------------------------
Subject: Re: Q: ANSI X9.68 certificate format standard
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Mon, 19 Mar 2001 15:54:22 GMT
Tom�s Perlines Hormann <[EMAIL PROTECTED]> writes:
> I was wondering whether someone of you have a clue where to get the
> draft (or already standard) from ANSI X9.68 certificate format as I have
> been searching through ANSI webpages and some other sites and just found
> a draft dated from march 1st, 1999.
>
> I guess there must be a recently updated draft versionor even the full
> standard.
>
> Does anybody know anything about the current state of this certificate
> format for mobile applications?
>
> I would be very satisfied if you could pelase help me out regarding this
> issue.
x9.68 work on compressed/compact certificates for account-based
financial transactions addresses a situation that would frequently be
associated with relying-party-only certificates. The X9.59 work
demonstrates that X9.68 techniques for relying-party-only certificates
can compress all redundant fields located in the certificate (and at
the relying-party) to zero resulting in a X9.68 certificate of zero
bytes ...
... or since the relying party built and kept the original certificate
at publickey registration time and transmitted a copy of the
certificate to the public key owner; to then have the publickey owner
return a copy of the original certificate appended to every
transaction sent to the relying-party ... when the relying party has
the original certificate is redundant and superfulous.
the nominal objective of x9.68 compatc/compressed certificate was to
operate in a highly optimized account-based financial transaction
environment that typically might involve existing transaction sizes of
80 bytes or less. The addition to such transactions of both a digital
signature and a 4k-12k byte publickey certificate would represent
significant bloat in the size of the financial transactions
random refs:
http://www.garlic.com/~lynn/aadsm5.htm#x959
http://www.garlic.com/~lynn/2001c.html#72
http://www.x9.org/
from old x9.68 draft introduction (ISO 15782-1 is the work of ISO
TC68/SC2 international financial standards body):
This standard defines syntax for a more compact certificate than that
defined in ISO 15782-1 and X.509. This syntax is appropriate for use
in environments with constraints imposed by mobility and/or limited
bandwidth (e.g., wireless communications with personal digital
assistants), high volumes of transactions (e.g., Internet commerce),
or limited storage capacity (e.g., smart cards). This syntax is also
geared towards use in account-based systems.
--
Anne & Lynn Wheeler | [EMAIL PROTECTED] - http://www.garlic.com/~lynn/
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: How to eliminate redondancy?
Date: 19 Mar 2001 15:29:17 GMT
[EMAIL PROTECTED] (Benjamin Goldberg) wrote in
<[EMAIL PROTECTED]>:
>>
>> Actaully most Lossless compressors that are not bijective
>
>A compressor which is lossless is bijective.
>
Actually for encryption purposes we should be compressing
to the set of message which can be encrypted. The problem
is that when you start the decryption process and use a different
key than what the encryptor used you get a file that will not
compress properly. Since it does decompress correctly you don't
have a BIJECTION from your message set to the set of files
the encryptor is working with. Most lossless compressor fail
this,
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Are prime numbers illegal ?
Date: 19 Mar 2001 15:17:13 GMT
[EMAIL PROTECTED] (Bob C.) wrote in
<[EMAIL PROTECTED]>:
>From the article at:
>http://www.utm.edu/research/primes/glossary/Illegal.html
>
>A DVD (Digital Versatile Disk) can store much more information than a
>CD, for this reason they are often used to store movies. To prevent
>copying, these movies are protected by CSS (Content Scramble System) a
>proprietary code licensed to DVD player manufacturers.
>Soon after DVD's were encrypted, code to decrypt them (called DeCSS)
>appeared on the internet (October 1999). This code is now available in
>many forms (see the Gallery linked below). The shortest versions of
>the code take well under 600 key strokes.
>
>The Motion Picture Association of America recently sued to stop
>distribution of this code under the Digital Millennium Copyright Act.
>There are many interesting issues involved in this case, for example,
>is code a protect form of free speech? The court's Memorandum Order
>(linked below) provides a nice summary.
>
>So what has this all to do with prime numbers? At first glance:
>nothing. But everything stored on a computer, including poems,
>pictures, spreadsheets and programs, are stored as a sequence of
>binary bits--so they are simply numbers. Phil Carmody decided to make
>a version of DeCSS which was a prime number.
>
>First Carmody took the original anonymous version of the DeCSS C-code
>and gzip'ed it (a standard UNIX program for making files smaller).
>Suppose we call the resulting number k. By Dirichlet's theorem on
>primes in arithmetic progression, we know that for each fixed integer
>b relatively prime to k, there are infinitely many primes ak+b.
>
>For technical reasons, if we choose a to be a power of 256 larger than
>b, the resulting number can still be unzipped to get the original
>file. This means there are infinitely many prime numbers which yield
>the same code. These include: k*256^2+2083 and k*256^211+99. At the
>time these were found they both were large enough to fit on the list
>of largest known primes (because of the method of proof).
>
>If distributing code is illegal, and these numbers contain the code,
>does that make these number illegal?
>
>
>
If you have money enough to pay the best laywers then
of course its illeagal. Legealness is more a function of
money and political clout then anything based in logic.
Just like at Microsoft they suppossed lost the antitrust
thing but they are still going strong.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
Subject: Re: SSL secured servers and TEMPEST
From: [EMAIL PROTECTED] (Mark Currie)
Date: 19 Mar 2001 15:59:28 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>
>Mark Currie wrote:
>
>>
>>
>> You say that you may be able to record these accelerator emanations on VCR's
>> in a previous thread, but the private key word movement/handling at this
level
>> may be happening at clock frequencies of several 100Mhz. Now assuming that
you
>
>As I wrote in another posting, the signals can be down-converted to the
>recording-devices bandwith.
>This is a basic principle of electronic engineering: A signal of n Hz can be
split
>in x signals of n/x Hz without
>losing information (at least theoretically).
>This means you would need ca. 400 VCRs for a Bandwith of 2GHz.
>
OK, I agree theorically, but this is a pretty tall order practically. As a
theoretical argument I understand where you are coming from, but the way I see
it is that there is probably many more cheaper methods, i.e. hack the server
based on the fact that it probably doesn't have the latest security
patches/fixes. The only advantage with your method is that it is non-intrusive
(passive attack) albeit highly impractical.
Mark
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: How to eliminate redondancy?
Date: 19 Mar 2001 15:24:17 GMT
[EMAIL PROTECTED] (Benjamin Goldberg) wrote in
<[EMAIL PROTECTED]>:
>If a transformation is simultaneously one to one and onto, then it is a
>bijection. If a transformation and its inverse are bijections, and
>their range and domain are identical, then the transformation and it's
>inverse are both permutations.
>
>Joe prefers a compressor which is a bijection. Scott, your compressors
>are permutations. Since permutations are bijections, your compressors
>are a subset of the type of compressor Joe prefers.
>
I agree that from what he claimed he was looking for was my
type of compression. Yet at the same time he seemed to exclude
my compressors as not being his type. So I was curious than what
does he use. I think may be he uses a compressor that really
does not do what he thinks it does.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: [OT] Why Nazis are evil
Date: 19 Mar 2001 15:20:04 GMT
[EMAIL PROTECTED] (Benjamin Goldberg) wrote in
<[EMAIL PROTECTED]>:
>Paul Schlyter wrote:
>>
>> In article <[EMAIL PROTECTED]>,
>> Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
>>
>> > The problem with bringing up Nazis, is that *they* didn't believe
>> > that what they did was unethical or immoral. In fact, if you were
>> > to accept one single premise -- that anyone who isn't a male aryan
>> > isn't a person -- you would consider everything they did to be
>> > perfectly reasonable. Further, and possibly more importantly wrt
>> > your argument, the way they acted towards those who they *did*
>> > consider persons, was as moral and as ethical as you or I would act
>> > towards each other. The only thing that made them evil was their
>> > perception and treatment of non-aryans as non-persons.
>>
>> So you're claiming that it's perfectly OK to torture a creature as
>> long as it's not a human?
>
>Torturing animals makes people less emotionally disinclined to hurt
>humans, therefor it's wrong to torture animals. But ignoring the
>emotional changes it produces... if you had mice in your house, would
>you have any qualms about getting rid of them? Even if the only traps
>you had were the wood-wire-spring ones, which sometimes don't kill, but
>might result in a lingering death for the rodent? Also, how do you feel
>about testing makeup on animals?
>
Acatually this may be off topic. But as far as TORTURE goes
it has been recently in the news that Isreal wants to make there
torture policy offical. Its kind of ironic isn't?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: How to eliminate redondancy?
Date: 19 Mar 2001 16:42:10 GMT
[EMAIL PROTECTED] (Joe H. Acker) wrote in
<[EMAIL PROTECTED]>:
>Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
>
>> SCOTT19U.ZIP_GUY wrote:
>> >
>> > see.signature (Nicol So) wrote in <[EMAIL PROTECTED]>:
>> >
>> > >
>> > >That's not true. Lossless compression works exactly by reducing the
>> > >redundancy in the representation of information.
>> > >
>> >
>> > Actaully most Lossless compressors that are not bijective
>>
>> A compressor which is lossless is bijective.
>
>...if you compare possible outputs of the compressor with possible
>inputs of the compressor. But if I understand David A. Scott correctly,
>he compares possible inputs of the compressor with all permutations of
>the possible outputs. That is, if you feed 64 bits of binary data into
>the compressor and it compresses them to 32 bit, it should also
>decompress any arbitrary sequence of 32 bits to something. If you feed
>128 bit and it compresses them to 63 bit, then it should also decompress
>any arbitrary sequence of 63 bits to something, and so on.
Yes that basically it. But one can also take the compressor
output and bijectively transform it to the size necessary for
the encryption process that follows the compression.
>
>At least to me, it seems plausible why a bijective compressor in Scott's
>sense is desirable. The question is rather, wether the overall
>enhancement of security by this kind of compression is significant or
>almost neglectible.
Actually how could one see if its significant or not. The
fact is it removes weakness in the encryption process and that
alone should help. If one has an easy fix to limit added information
to a file. Does one wait for the enemy to exploit it. NO a total
encryption package should strive to limit any current or future
possiblity of weaknesses.
>
>Regards,
>
>Erich
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: IP
Date: Mon, 19 Mar 2001 18:33:37 +0100
"Mxsmanic" <[EMAIL PROTECTED]> skrev i meddelandet
news:xInt6.20497$[EMAIL PROTECTED]...
> "David Schwartz" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
>
> > Anonymity is not a defense against any vulnerability
> > I know of.
>
> Do you know of any anonymous banks that have been robbed? You have to
> be able to identify something before you can target it for attack.
No, you don't have to. It is perfectly possible to attack anything,
regardless of your knowledge about it. For example, it makes sense to say
that you target something unidentified for an attack against its anonymity.
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
From: "Thierry Falissard" <[EMAIL PROTECTED]>
Subject: AES encryption speed vs decryption speed
Date: Mon, 19 Mar 2001 18:40:47 +0100
Unless I am badly mistaken, I have the impression
that decryption with AES must be somewhat slower
than encryption. Computations in the InvMixColumns
transformation should take more time than in MixColumns,
because of the matrix that is used for multiplication.
Could somebody confirm this ?
http://os390-mvs.hypermart.net/crypto.htm
------------------------------
From: "Dr. Yongge Wang" <[EMAIL PROTECTED]>
Subject: Re: NTRU, continued...
Date: 19 Mar 2001 17:56:31 GMT
Daniel Lieman <[EMAIL PROTECTED]> wrote:
: I'd like to offer a few comments. Context: I work for NTRU.
: 1) the NTRU sig method IS still on the web site - click on technology, then
: on technical center. This paper has been accepted by EUROCRYPT, and will be
: presented (in full) there in May.
This is the revised version. The version presented at Crypto'00 rump
sesion was broken. The NTRU web page does not mention this.
: 2) The answer to Don's second question is "no, no one broke it." Instead,
: when the EUROCRYPT paper was updated and the final version was submitted, we
: posted that one on the web site.
REally? what the paper on IACR crypto-library?
--
========================
Yongge Wang
http://cs.uwm.edu/~wang/
========================
------------------------------
From: "bookburn" <[EMAIL PROTECTED]>
Subject: My cypher system
Date: Mon, 19 Mar 2001 08:55:17 -0800
This is a "what if" by a mere bumbler who looked at an encyclopedia
article, so I expect to be shot down.
My cipher system is basically a simple three-layered process using: 1)
clear text; 2) use of a published text, like a page of a daily
newspaper, which is chosen by a formula based on something variable
like time and temperature of alternating cities on certain days, with
identification of letters of the alphabet by numbered spaces in the
text; 3) random use of the numbered spaces identifying letters of the
alphabet, blank spaces, and punctuation, producing a long list of
single numbers in bytes (spaces before and after set off numbers) ; 4)
use of a mask to select only words in the clear text that are the
message; 5) in addition, a key list of coded terms could be used to
refer to some things.
I'm basically thinking my system could be set up with computer
programs at each end so that the long list of numbers can be instantly
converted with the use of the same key text.
Is this a workable cipher system? How could you ever break it?
bookburn
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Is SHA-1 Broken?
Date: 19 Mar 2001 18:04:10 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Jim Steuert wrote:
>Is SHA-1 Broken? In a recent thesis by Richard Drews Dean, he supplies
>initial values for SHA-1's A,B,C,D,and E for which the input block "abc"
>(in ascii, padded and Merkle-Damgard strenghtened), is a fixed point.
Isn't this the case for all chaining-based hash functions (MD5,SHA,...)?
The chaining-based hashes have a compression function E_k(x) which takes
a chaining variable x and a message block k and mixes them together; then
the new chaining variable becomes x + E_k(x). Note that E_k(.) is invariably
a bijective function, whose inverse is easy to compute given k (essentially,
you can think of E_.(.) as a block cipher, and the inverse is the decryption
function). Thus, we may readily compute x such that E_k(x) = 0; then x is
a fixed point of the hash.
This doesn't seem like a terribly important concern to me. So long as
it is infeasible to choose a message prefix that brings the chaining variable
to this fixed point (i.e., if it is secure against inversion attacks), there
seems to be little way to exploit this property of the compression function.
Did I overlook something?
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Is SHA-1 Broken?
Date: 19 Mar 2001 18:06:14 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
There seems to be no need to use BDD's to compute the fixed point.
You can just run the compression function in reverse: If you know the
message block, all the rounds are easily invertible (just like in a
block cipher). And isn't this a known property of SHA-like hashes?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
