Cryptography-Digest Digest #972, Volume #13 Thu, 22 Mar 01 15:13:01 EST
Contents:
Re: Multiple encryption, more secure ciphers ("Joseph Ashwood")
Re: Most secure way to add passphrase verification to "CipherSaber"
(SCOTT19U.ZIP_GUY)
Re: Most secure way to add passphrase verification to "CipherSaber"
(SCOTT19U.ZIP_GUY)
cryptography using the method of elliptic curve. ("Mauro")
Re: Multiple encryption, more secure ciphers ("Tom St Denis")
Re: Idea (SCOTT19U.ZIP_GUY)
Re: Multiple encryption, more secure ciphers (SCOTT19U.ZIP_GUY)
Re: Crypto Contest? (SCOTT19U.ZIP_GUY)
Re: Crypto Contest? ("Tom St Denis")
Re: Fill-in-the-blank codes (similar to Error-correcting codes) (Jerry Avins)
Re: cryptography using the method of elliptic curve. ("Tom St Denis")
Re: NSA in the news on CNN (John Hairell)
Re: Fill-in-the-blank codes (similar to Error-correcting codes) (John Rickard)
Re: cryptography using the method of elliptic curve. (Mok-Kong Shen)
Re: Fill-in-the-blank codes (similar to Error-correcting codes) (Jerry Avins)
Re: FYI: trivia regarding DES terminology (John Savard)
----------------------------------------------------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Multiple encryption, more secure ciphers
Date: Thu, 22 Mar 2001 10:51:58 -0800
A few caveats first:
1) We don't know if it might even weaken it against cryptanalysis
2) It's a lot slower, but that's what you wanted
Key1 = hash(inputKey)
Key2 = hash(hash(Key1, inputKey), inputKey)
Key3 = hash(hash(hash(Key2, inputKey), inputKey), inputKey)
Key4 = hash(hash(hash(hash(Key3, inputKey), inputKey), inputKey), inputKey)
Key5 = hash(hash(hash(hash(hash(Key4, inputKey), inputKey), inputKey),
inputKey), inputKey)
(you can add more or less if needed)
D1 = Encrypt(Data, Key1)
D2 = Encrypt(D1, Key2)
D3 = Encrypt(D2, Key3)
D4 = Encrypt(D3, Key4)
D5 = Encrypt(D4, Key5)
D6 = Decrypt(D5, Key1)
D7 = Decrypt(D6, Key2)
D8 = Decrypt(D7, Key3)
D9 = Decrypt(D8, Key4)
D10 = Decrypt(D9, Key5)
D11 = Encrypt(D10, Key1)
D12 = Encrypt(D11, Key2)
D13 = Encrypt(D12, Key3)
D14 = Encrypt(D13, Key4)
D15 = Encrypt(D14, Key5)
output D15
That will be 1/15th the speed of rijndael, makes use of what we know about
triple encryption, and it's safe to say that it'll take longer to
cryptanalyize than to simply brute force
Alternately you could simply crank the number of rounds of Rijndael up to
the performance you desire. There're evern some ciphers designed for this,
things like RC5.
Joe
"Joe H. Acker" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> 1st question:
>
> I've read numerous times on this group that there are enough secure
> ciphers that are relatively slow. Often, many-round Feistel ciphers are
> mentioned. But I haven't seen any references to specific descriptions of
> such ciphers. Is there any specific 64 or 128 round Feistel cipher that
> has been cryptanalised?
>
> 2nd question:
>
> Rijndael is much too fast for my purposes. So I could use triple or
> 5-times encryption or even more. I've read about the caveeats of
> multiple encryption modes in Schneier's AC. What I didn't understand or
> missed is why one would use a scheme like EDE at all...why not EEE?
>
> And in general: What would you do to create a stronger encryption when
> you have Rijndael and the final chained cipher can be around 10 times
> slower, and you may only use *one* key (but have a hash function)?
> Between cipher rounds, should I XOR the key with ciphertext, then hash,
> or just hash, or encrypt it or decrypt it, etc. Any ideas or references?
>
> Regards,
>
> Erich
>
>
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Most secure way to add passphrase verification to "CipherSaber"
Date: 22 Mar 2001 19:17:07 GMT
[EMAIL PROTECTED] (John L. Allen) wrote in
<[EMAIL PROTECTED]>:
>Sorry, but I don't really follow what you were saying there.
>I'll have read it again sometime. And in any event, it seems
>_way_ too complicated to add to CS, however great it may be.
>
>John.
>
I agree the idea was tp keep it simple. What I gave was a
more general approach. It would be very slow for what you want
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Most secure way to add passphrase verification to "CipherSaber"
Date: 22 Mar 2001 19:19:41 GMT
[EMAIL PROTECTED] (Joseph Ashwood) wrote in <#kfnr$vsAHA.199@cpmsnbbsa09>:
>It's really very simple to add an integrity check to something like
>ciphersaber.
>
>Given Key, IV, msg
>has = Hash(Key, IV, msg)
>Encrypt(msg, has)
>verification depends on knowing the key, IV and msg'
>has = last several bytes of msg'
>remove last several bytes from msg'
>h2 = Hash(key, IV, msg)
>is has == h2 decrypted correctly
>
>There it is very simple.
> Joe
>
>
>
Yes for ciphersaber this is what you might condsider.
Question is since ciphersaber is meant to be simple what
Hash would you use?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Mauro" <[EMAIL PROTECTED]>
Subject: cryptography using the method of elliptic curve.
Date: Thu, 22 Mar 2001 20:04:41 +0100
How can i find information about cryptography using the method of elliptic
curve.
thanks
Mauro Pace
http://web.tiscalinet.it/theflynet/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Multiple encryption, more secure ciphers
Date: Thu, 22 Mar 2001 19:39:54 GMT
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
news:u8jQERwsAHA.297@cpmsnbbsa09...
> A few caveats first:
> 1) We don't know if it might even weaken it against cryptanalysis
> 2) It's a lot slower, but that's what you wanted
>
> Key1 = hash(inputKey)
> Key2 = hash(hash(Key1, inputKey), inputKey)
> Key3 = hash(hash(hash(Key2, inputKey), inputKey), inputKey)
> Key4 = hash(hash(hash(hash(Key3, inputKey), inputKey), inputKey),
inputKey)
> Key5 = hash(hash(hash(hash(hash(Key4, inputKey), inputKey), inputKey),
> inputKey), inputKey)
> (you can add more or less if needed)
You're idea is ok only if Key1 and InputKey are not fixed points... I.e if
Key1 = Hash(input)
if hash(Key1) == input then all your keys are one or the other.
> D1 = Encrypt(Data, Key1)
> D2 = Encrypt(D1, Key2)
> D3 = Encrypt(D2, Key3)
> D4 = Encrypt(D3, Key4)
> D5 = Encrypt(D4, Key5)
> D6 = Decrypt(D5, Key1)
> D7 = Decrypt(D6, Key2)
> D8 = Decrypt(D7, Key3)
> D9 = Decrypt(D8, Key4)
> D10 = Decrypt(D9, Key5)
> D11 = Encrypt(D10, Key1)
> D12 = Encrypt(D11, Key2)
> D13 = Encrypt(D12, Key3)
> D14 = Encrypt(D13, Key4)
> D15 = Encrypt(D14, Key5)
> output D15
> That will be 1/15th the speed of rijndael, makes use of what we know about
> triple encryption, and it's safe to say that it'll take longer to
> cryptanalyize than to simply brute force
>
> Alternately you could simply crank the number of rounds of Rijndael up to
> the performance you desire. There're evern some ciphers designed for this,
> things like RC5.
IHMO RC5/RC6 are really clever ciphers. They are simple, fast and you can
crank up the rounds to avoid attacks. AFAIK RC5-32/16/b is secure against
all known forms of analysis and encrypts at 113 cycles/block (on my Athlon
tb 800mhz) that's 54 mbytes/sec.
Tom
--
http://tomstdenis.home.dhs.org
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Idea
Date: 22 Mar 2001 19:36:29 GMT
[EMAIL PROTECTED] (amateur) wrote in <[EMAIL PROTECTED]>:
>Ok Thank you for your explanations. I understood something else.
>I'm sorry and I apologize to all internauts.
>So if I understand, should I have to be an expert crypto to
>contribute?I'm just suggesting ideas.
>I will never post anything.
>Bye bye and thank you.
>
>
Don't go away Joe insults me far worse than he ever insulted
you. One of the bad things about the net is you always get more
critizme than real help. Don't let it worry you.
>Joseph Ashwood wrote:
>>
>> To translate (since you are obviously either new to newsgrouos, the
>> internet, or playing dumb), "those who . . . ." wants you to stop
>> switching the e-mail address you are coming from. This will allow him
>> to set his newsreader to simply ignore everything you say. It's a very
Come in any way you want ignore his advice. You don't have to change
to please him. Its a fact you will never please everyone it just can't
be done. Also I think its very rude to knock some one who most likely
does not have english as is mother tonuge. Its may mother tongue though
most are convienced it is not.
>> useful feature when someone demonstrates that their only purpose in a
>> newsgroup is to waste bandwidth. Since you are being uncooperative
>> about it, he is prepared to block all of netcom.ca simply because he
>> finds your posts that useless (at least useless enough to block all
>> the other posters from netcom.ca). I'm sure you're addresses have made
>> it into several killfiles.
>> Joe
>>
Don't sweat it my address in more killfiles. Or so I am told.
I think Joe has even threaten to put me in his but he likes to
write back so it does happen to often.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Multiple encryption, more secure ciphers
Date: 22 Mar 2001 19:27:50 GMT
[EMAIL PROTECTED] (Joe H. Acker) wrote in
<[EMAIL PROTECTED]>:
>SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
>
>> [EMAIL PROTECTED] (Joe H. Acker) wrote in
>
>> >My assumption is that the subkey derivation is the most important
>> >factor in such a single-cipher multiple encryption, so I'm looking
>> >for a better way to derive subkeys than just hashing them. Any ideas?
>> >
>> >How about k2 = hash(xor(k1, ct_i)) where ct_i is the last ciphertext
>> >block of the previous round...?
>> >
>
>I must have been mentally absent when I wrote the last passage.
>
>> Not exactly sure what your saying or doing here remember you also
>> have to decrypt it.
>
>Yes, indeed. ;)
Hay it even happens to me when I have few to many beers.
>
>So apart from my mindless suggestion, is there a good way to combine one
>and the same cipher using one key? I'm looking for a subkey schedule
>that makes the different round keys as independant as possible, although
>they are all derived from the same original key. (I cannot use different
>keys because I don't have enough entropy.)
>
What you are saying is not easy to anwser. I would say since you I think
your posts said time not a problem. I would still use BICOM as one of
the componests. After that if your still worried do scott16u or scott19u
as a follow on. They are totally different and I doubt one would weaken
the other.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Crypto Contest?
Date: 22 Mar 2001 19:39:34 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<iPru6.108183$[EMAIL PROTECTED]>:
>http://tomstdenis.home.dhs.org
checked out your site. Where is the peekaboo stuff
I didn't see it.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Crypto Contest?
Date: Thu, 22 Mar 2001 19:43:48 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Tom St Denis) wrote in
> <iPru6.108183$[EMAIL PROTECTED]>:
>
> >http://tomstdenis.home.dhs.org
>
> checked out your site. Where is the peekaboo stuff
> I didn't see it.
I have discontinued peekboo a while ago due to lack of interest. (that and
pb2 was god awful bad source code).
I mainly work on tidbits now (Allegro game library stuff, C addon
enhancements, misc utils, winamp stuff).
Tom
------------------------------
From: Jerry Avins <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.dsp
Subject: Re: Fill-in-the-blank codes (similar to Error-correcting codes)
Date: Thu, 22 Mar 2001 14:43:16 -0500
Reply-To: [EMAIL PROTECTED]
Eric Jacobsen wrote:
>
...
>
> > I've tried
> >to solve the 2-bit problem, but have been unsuccessful.
>
> I've always thought that one of the big problems with the world is
> that there is entirely too much two-bit engineering being done
> already.
>
...
I read today in another group that God weeps at the waste of a good pun.
Jerry
--
Birds have bright feathers; people make puns.
=======================================================================
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: cryptography using the method of elliptic curve.
Date: Thu, 22 Mar 2001 19:45:17 GMT
"Mauro" <[EMAIL PROTECTED]> wrote in message
news:99dk95$ps3$[EMAIL PROTECTED]...
> How can i find information about cryptography using the method of elliptic
> curve.
hmm...Mike rosings book "Implementing ECC" is cool (a bit touchy though).
Certicom host some tutorials...
ECC is neat, efficient but very boring stuff. RSA is much simpler easier to
see how it works but less efficient... (DH is more secure and even less
efficient)
Tom
------------------------------
From: [EMAIL PROTECTED] (John Hairell)
Subject: Re: NSA in the news on CNN
Date: Thu, 22 Mar 2001 19:43:57 GMT
On Thu, 22 Mar 2001 09:42:29 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>
>
>JPeschel wrote:
>>
>> [EMAIL PROTECTED] writes, in part:
>>
>> >but somehow I don't think it's
>> >possible to support operations by selling coffee mugs :-)
>> >
>>
>> Ah, but you forget about the proceeds from the bake sales,
>> car wash, and Friday night bingo, which are already in the
>> works. Don't tell anyone, though: it's a secret!
>
>A remark somewhat out of context: There are a number of
>certain non-government organizations that need people
>constantly operating at geographically dispersed locations.
>So they set up businesses ranging from pizza restaurants
>(very common) to banks (few), which solves simultaneously
>the financial, lodging, etc. etc. problems. Wouldn't it be
>wise for the government secret agencies to do the same, at
>least for the purpose of reducing the budgets? Or are they
>already practicing that?
>
Actually, various US government intelligence agencies do that very
thing but not with the idea of reducing their budgets.
They operate "proprietaries", i.e. businesses which look to be owned
by civilians but which are fronts for intelligence operations. A
typical proprietary would be a travel agency, for example. You can
have lots of people going in and out with nobody getting suspicious,
and it can actually operate as a normal business, providing cover for
agency travel. Any actual profits go back to the treasury.
Running proprietaries can be tricky Private businesses don't like to
find out they are competitors with the US government. In a somewhat
related vein, when the US Army first flew RC-7s/OE-5s out of Panama in
low-profile civilian-type markings, the local airlines were all
steamed because they thought they had a new competitor, and it was
using government facilites for support.
A scandal (and resulting court martials) in Army intelligence in the
early '80s (the ISA or "Yellow Fruit affair") involved the misuse of
funds in operating proprietaries for covert operations.
The best known of many proprietaries is of course the now-defunct Air
America.
John Hairell ([EMAIL PROTECTED])
------------------------------
From: John Rickard <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.dsp
Subject: Re: Fill-in-the-blank codes (similar to Error-correcting codes)
Date: 22 Mar 2001 13:20:08 +0000 (GMT)
Reply-To: [EMAIL PROTECTED]
In sci.math Bob Harris <[EMAIL PROTECTED]> wrote:
: So, for example, I might have a 5 bits message, add two bits to it
: (according to my yet-undefined code), and transmit the 7 bits through
: separate channels. Think of the channels as couriers. Five couriers make
: it to the receiver, two never show up. The receiver knows which courier is
: which, knows which haven't shown up (maybe they will, but why wait once we
: have five), and then (I hope) can fill in the bits that the two missing
: couriers would have.
I think other replies (about "errors" and "erasures") have pointed you
in the right direction, and the authors seem to know rather more about
the subject than I do. But I *can* explain why (as they said) the
case you mention is not possible.
You would need 32 possible 7-bit messages. No two of these could
differ in only two (or fewer) bits, since then if those two bits were
lost you would not be able to distinguish the two messages. So,
defining a "neighbour" of a message as a string of bits that differs
in just one bit from the message, no neighbour of any of the 32
messages can be the same as a neighbour of any other of the 32
messages. Each message has 7 neighbours, so you have 32*(1+7) = 256
messages and neighbours, all distinct 7-bit strings -- but 256 > 128,
so this is impossible!
--
John Rickard <[EMAIL PROTECTED]>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: cryptography using the method of elliptic curve.
Date: Thu, 22 Mar 2001 20:50:06 +0100
Mauro wrote:
>
> How can i find information about cryptography using the method of elliptic
> curve.
The standard method of searching is in my humble view
(1) look into the commonly recommended textbooks, e.g.
Schneier and Menezes et al., (2) web search with e.g.
www.google.com and (3) post to newsgroups, preferably
in that order.
M. K. Shen
------------------------------
From: Jerry Avins <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.dsp
Subject: Re: Fill-in-the-blank codes (similar to Error-correcting codes)
Date: Thu, 22 Mar 2001 14:53:09 -0500
Reply-To: [EMAIL PROTECTED]
Bob Harris wrote:
>
> I posted:
> > The idea is to have a code that includes two redundant bits, and be able to
> > 'correct' any two errors, with the additional knowledge of which two bits
> > might be errant. ...
>
> My description wasn't as clear as I'd hoped (and I can see why). The
> receiver will know via some other means which two bits are missing, and
> needs only to fill in the missing bits.
>
> So, for example, I might have a 5 bits message, add two bits to it
> (according to my yet-undefined code), and transmit the 7 bits through
> separate channels. Think of the channels as couriers. Five couriers make
> it to the receiver, two never show up. The receiver knows which courier is
> which, knows which haven't shown up (maybe they will, but why wait once we
> have five), and then (I hope) can fill in the bits that the two missing
> couriers would have.
>
> Of the replies (and thank you all for your replies), I think the ones
> related to erasures are the closest to what I'm after (probably right on).
> From the terminology in those replies, I think my problem ammounts to simply
> correcting two erasures, which are detected by means outside my code.
>
> I'm encouraged by Brian McKeever's statements:
> > ... if s is the number of erasures, then we have d >= 2t+s+1.
> >
> > ... what you are trying is possible in theory (that is, at least a brute force
> > search over all possible codewords will work), and maybe you've got enough to
> > go on now?
>
> Yes, I think I've got enough to go on now. Any further help still will be
> appreciately accepted, of course. ;) But I've got a path now!
>
> Thanks!
> Bob
Look at the techniques used with RAID disk arrays. These distribute data
over several disks and can reconstruct it if one (or more) disks fail.
Of course, _which_ fails is known. Most RAID systems can rebuild only
one disk at a time, but the technique is extensible.
Jerry
--
Engineering is the art of making what you want from things you can get.
=======================================================================
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: FYI: trivia regarding DES terminology
Date: Thu, 22 Mar 2001 19:53:29 GMT
On Thu, 22 Mar 2001 08:50:43 -0700, John Myre <[EMAIL PROTECTED]>
wrote, in part:
>It is true that DEA and DES are synonyms to practically
>everyone (at least, those who have heard of DEA).
At one time, there was a significant difference between the two, since
originally software implementations of the DEA were not compliant with
the DES.
In common parlance, of course, DES is the name of the algorithm.
Perhaps then it will be useful to keep the name Rijndael, instead of
incorrectly saying "AES" when we mean "AEA".
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
