Cryptography-Digest Digest #974, Volume #13 Thu, 22 Mar 01 18:13:01 EST
Contents:
Re: Is Evidence Eliminator at all useful ?? (David Schwartz)
Re: FYI: trivia regarding DES terminology (John Myre)
Pike stream cipher ("Public " <[EMAIL PROTECTED]>)
Re: Pike stream cipher ("Tom St Denis")
Re: A future supercomputer (Mok-Kong Shen)
Re: Most secure way to add passphrase verification to "CipherSaber" ("John L. Allen")
Re: PKI and Non-repudiation practicalities (Vernon Schryver)
Re: Question about coding (Jeffrey Williams)
Re: Self Enforcing Protocol (Slightly OT and Long!) (John Joseph Trammell)
Re: Idea (SCOTT19U.ZIP_GUY)
Re: Question about coding (amateur)
Re: Fast and Easy crypt send (amateur)
Re: Question about coding (amateur)
Re: Most secure way to add passphrase verification to "CipherSaber" ("John L. Allen")
Re: Most secure way to add passphrase verification to "CipherSaber" ("John L. Allen")
----------------------------------------------------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: Is Evidence Eliminator at all useful ??
Date: Thu, 22 Mar 2001 13:04:00 -0800
Eric Lee Green wrote:
> Heheh. And even if it did work, I make it a point not to deal with
> people with such dubious business policies (see my .sig).
You think I can't recognize an FBI/CIA/KGB stooge when I see one?
DS
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: FYI: trivia regarding DES terminology
Date: Thu, 22 Mar 2001 14:03:05 -0700
John Savard wrote:
<snip>
> In common parlance, of course, DES is the name of the algorithm.
> Perhaps then it will be useful to keep the name Rijndael, instead of
> incorrectly saying "AES" when we mean "AEA".
Interesting notion. I bet it's too late already, though.
JM
------------------------------
Date: Thu, 22 Mar 2001 15:21:17 -0600
From: "Public <Anonymous_Account>" <[EMAIL PROTECTED]>
Subject: Pike stream cipher
Does anyone have any references (or thoughts of their own they can
offer) concerning the security of Ross Anderson's "Pike" stream
cipher?
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Pike stream cipher
Date: Thu, 22 Mar 2001 21:27:59 GMT
"Public <Anonymous_Account>" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Does anyone have any references (or thoughts of their own they can
> offer) concerning the security of Ross Anderson's "Pike" stream
> cipher?
AFAIK that's the one he proposed after breaking FISH right?
There are simpler (more portable) stream ciphers. Consider Knuth's
Algorithm M.
Tom
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A future supercomputer
Date: Thu, 22 Mar 2001 22:32:03 +0100
Darren New wrote:
>
[snip]
> But they are very intelligent peripherals. The eye does an amazing amount of
> processing right in the retina, for example. Not that it can't be
> duplicated, ut plugging a computer into a camera isn't going to be anything
> like plugging a computer into an eyeball. The same goes for ears, muscles,
> the autonomous nervous system, the regulatory hormones and all that stuff.
There are on the other hand researches on using biosignals
to act on the environment. For manipulation of a computer
cursor with one's thought, see
http://www.usnews.com/usnews/issue/000103/kennedy.htm
There are more recent results in that field but I am sorry
not having URL pointers at hand.
M. K. Shen
------------------------------
From: "John L. Allen" <[EMAIL PROTECTED]>
Subject: Re: Most secure way to add passphrase verification to "CipherSaber"
Date: Thu, 22 Mar 2001 21:27:09 GMT
"Joe H. Acker" wrote:
> > > IV, E(salt+IV), E(msg)
> > >
> > > where salt is a few pseudo-random bytes from a PRNG. You can use Arcfour
> > > as the PRNG, and the actual entropy of the random seed will be
> > > implementation depend. Even if the entropy source is not optimal, this
> > > seems more secure to me than just encrypting IV (known plaintext).
> >
> > If the salt is generated by rc4, then that looks a lot like Mike De Turi's
> > "throw-away-bytes" idea, and is similarly interesting.
> >
> > I then slap myself in the head and ask what about this
> >
> > IV, E(msg{1..10}), E(msg)
>
> As Yamaneko has reminded me that Arcfour is a stream cipher (how stupid
> I am..), my salt idea doesn't serve anything useful. I'd favor IV,
> E(msg{1..10}), E(msg) or, if possible: IV, E(CRC32(msg)), E(msg)
>
> Still I think that a solution with hashing would be much more secure.
>
> >
> > IV, E(salt ^ msg{1..10}), E(msg)
>
> ...won't work, because the salt is unknown.
The "salt" in this case is just the first 10 bytes of the rc4 stream. The
same rc4 stream that is subsequently used to encrypt msg{1..10} and
then msg.
John.
------------------------------
From: [EMAIL PROTECTED] (Vernon Schryver)
Subject: Re: PKI and Non-repudiation practicalities
Date: 22 Mar 2001 14:41:37 -0700
In article <[EMAIL PROTECTED]>,
Peter Gutmann <[EMAIL PROTECTED]> wrote:
>Thus the Matt Blaze quote from RSA2K:
>
> "A commercial CA will protect you from anyone whose money it refuses to take"
See http://www.microsoft.com/technet/security/bulletin/MS01-017.asp
which says in part
] VeriSign, Inc., recently advised Microsoft that on January
] 30 and 31, 2001, it issued two VeriSign Class 3
] code-signing digital certificates to an individual who
] fraudulently claimed to be a Microsoft employee.
I'd say "I told you so," except that even I predict that Verisign
would issue a certificate for such very well known name.
This event also serves as an object lesson about the intellectually
dishonest basis of the supposed security of ActiveX.
Call me cynical, but the suggestion on that web page to
] Consider temporarily removing the VeriSign
] Commercial Software Publishers CA certificate
] from the Trusted Root Store.
makes me wonder if Microsoft is about to go into the CA certificate
scam--er--business in competition with Verisign.
A later statement, that seems to assume most users would do something
besides ignore such warnings is amusing...or something like that.
] The certificates are not trusted by default. As a
] result, neither code nor ActiveX controls could be
] made to run without displaying a warning dialogue.
] By viewing the certificate in such dialogues, users
] can easily recognize the certificates.
Vernon Schryver [EMAIL PROTECTED]
------------------------------
From: Jeffrey Williams <[EMAIL PROTECTED]>
Subject: Re: Question about coding
Date: Thu, 22 Mar 2001 16:05:40 -0600
Let me see if I understand what you're doing. You replace each
character of plain-text with a specific value (IE: A's are replaced
with 77, B's are replaced with 96, and so on). Then you encrypt. Is my
understanding correct? If so, replacing each character of plain-text
with a specific value really adds nothing to the security of your
system. Keep in mind that A's are really just stored as a specific
value. Replacing one specific value with another will not change the
frequency of the occurrance of A's. Basically you're adding a simple
substitution cipher to the system. If you're major encryption algorithm
is any good, adding a simple substitution cipher shouldn't gain you
much. If you're major encryption algorithm isn't any good, adding a
simple substitution cipher won't help much.
amateur wrote:
> If I code every character of plain-text with specific value before
> encryption, the grammatical structure of my plain-text will be
> impossible to guess. Yes or not?
>
> I think yes.
>
> What do you think?
> Thank you for your comments.
------------------------------
From: [EMAIL PROTECTED] (John Joseph Trammell)
Subject: Re: Self Enforcing Protocol (Slightly OT and Long!)
Date: Thu, 22 Mar 2001 22:09:44 GMT
On Thu, 22 Mar 2001 15:01:56 GMT, Jim Farrand <[EMAIL PROTECTED]> wrote:
>
> This post may be a bit off-topic - it's about self-enforcing
> protocols rather than actual encryption. I'm posting here because
> SEPs and crpytography seem to be closely connected (e.g. they are
> always discussed in the same books.)
>
> It's also quite long. I thought it best to tell people what I've done
> so far rather than just ask for help.
>
[protocol snipped for brevity]
I like it. Have you done any research on other SEPs in this genre?
Maybe you (and I) are reinventing the wheel.
> Problem
> ~~~~~~~
>
> Say Player A has a card in play which is returned to Player A's
> library. Player A now draws a card at random from his library. Now
> Player B can cheat - he knows the Hash and TypeID for that card to he
> can select or not select that card (whichever is more favorable to
> him).
>
> Question
> ~~~~~~~~
>
> Can any suggest either a way to fix this problem or a better protocol
> which doesn't have this problem?
>
> The only solution I can think of is:
>
> When a card is returned to a players library, new Rand and Hash values
> are calculated for all cards in the library. This solved the problem
> of Player B cheating when cards are drawn, it means that the clients
> will have to do a lot more work tracking cards to prevent cheating,
> and also means that a lot more Hashes have to be created/exchanged.
One problem with this is that it would allow A to possibly mess with
the contents of his library at this point. A way around this is to
work the "selection" like this:
A has a list of plaintext card names L(i), a random number R(i)
for each, and a list of hashes H(i) as in your original protocol.
A generates a new random number R', and generates list H' via
H'(i) = hash( H(i) ++ R' ).
A presents list H' to player B for selection. B chooses one
(or more).
Validation by B goes similarly to the original protocol. Since
there's only one value R', B can also verify that his list of
choices was equivalent to A's library.
Looks to me like this hides the values of H well enough to keep
B from "recognizing" anything that was once played, then put back
into the library.
Next question: what about the case of n players, n > 2? What about
when multiple players "gang up" on another? Is there a way to keep
this a SEP? I think so. :-)
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Idea
Date: 22 Mar 2001 22:02:35 GMT
[EMAIL PROTECTED] (Joseph Ashwood) wrote in <OO5i95wsAHA.299@cpmsnbbsa09>:
>There's no need to go away. That is simply one opinion of a single
>person. Like D/s says, I do insult him much more than I have insulted
>you (although I have never threatened him with a killfile, I don't like
>being in them so I don't put anybody in mine). It's fairly normal for a
>person to be inserted in several persons killfiles (those of you that
>have me in your killfile raise your hand, well if they could hear me
>you'd probably see about half the internet raising their hands). We
>don't ask that you be an expert in crypto, most of us came here asking
>stupid questions (I think my first was the ever popular "What's the most
>secure encryption algorithm" type post, it was also my first post here),
>we've all made mistakes, what we ask is that you learn from them. Some
>of us make recommendations frivolously without thinking about the
>consequences. It's a courtesy to inform people that you are killfiling
>them, I know it doesn't seem like one, but it is. For example when
>Schneier announced that he had killfiled D/s, it becaome public
>knowledge that Schneier would no longer be able to hear what D/s said,
>as I recall D/s then proceeded to say anything he wanted to about
However from messages I got from others He still reads the comments
I write. Its just he is a pompous ass that does not ever admit to mistakes
and few people take him to task on it. I have only resently put one
person in a killfile that was Tommy but took it out. Its easy to
skip over messages if you don't like it. I think many people use
the killfile as an empty threat.
>Schneier. It's a fairly normal tradition among newsgroups, some even
>take great joy in it. The reasons for killfiling you would hopefully be
>temporary, you were a newbie that didn't seem to be getting it, so
>people were trying to gracefully remove themselves from the
>conversation. I would ask that you continue posting, or at least
>reading, that is if you're still interested, but many people would
>appreciate the ability to not even see your posts, so it would be best
>if you stick with a single e-mail address, it's nothing against you, I'm
>in killfiles, D/s is in killfiles, Tom St, etc, I'm sure even Schneier
>has made it into a few people's killfiles. It's only a big deal if you
>let it be.
> Joe
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: amateur <[EMAIL PROTECTED]>
Subject: Re: Question about coding
Date: Thu, 22 Mar 2001 17:18:11 -0400
Sample
Suppose I want to encrypt
"Iwanttoencrypt"
I replace I by 25
w by 26
a by 27
n by 28
t by 29 etc...
Every Char (i) is replaced by specific number.
Not every kind of character
So if I have 3 "a" in my plain text, I have three values i.e
respectively 23, 76, 89
Is it clear?
Jeffrey Williams wrote:
>
> Let me see if I understand what you're doing. You replace each
> character of plain-text with a specific value (IE: A's are replaced
> with 77, B's are replaced with 96, and so on). Then you encrypt. Is my
> understanding correct? If so, replacing each character of plain-text
> with a specific value really adds nothing to the security of your
> system. Keep in mind that A's are really just stored as a specific
> value. Replacing one specific value with another will not change the
> frequency of the occurrance of A's. Basically you're adding a simple
> substitution cipher to the system. If you're major encryption algorithm
> is any good, adding a simple substitution cipher shouldn't gain you
> much. If you're major encryption algorithm isn't any good, adding a
> simple substitution cipher won't help much.
>
> amateur wrote:
>
> > If I code every character of plain-text with specific value before
> > encryption, the grammatical structure of my plain-text will be
> > impossible to guess. Yes or not?
> >
> > I think yes.
> >
> > What do you think?
> > Thank you for your comments.
------------------------------
From: amateur <[EMAIL PROTECTED]>
Subject: Re: Fast and Easy crypt send
Date: Thu, 22 Mar 2001 17:26:47 -0400
The same encrypted message has multiple representation.
If you encrypt the message M you will have multiple E(M).
To every character( EVERY CHARACTER) encoded you have (using odds and
evens 1 digit), you 5^8 encrypted codes.
Is it clear?
the same binary message 0000 will 2468 or 4680 or 6028 or etc....
the difference between 2 messages 0000 and 0000 will give you 0 or 2212
or 3560 or etc....
If you understand this, than I know that you read carefully my previous
post.
Joseph Ashwood wrote:
>
> Your sequence is not random, almost all of the randomness disappeared
> immediately when you eliminated the outer key (which I assume we both agree
> happened). From there the only randomness left is the randomness in the
> original sequences, which had very little discernable randomness, so they
> can be pulled apart with a minor amount of difficulty. The first thing you
> need to realize is that the text you're encrypting is far from random, it
> has strong order, bias, etc. English is a good example, English text has
> between 1 and 2 bits of entropy per character (depending on several
> factors), this is quite a distance from the 8 bits that are used per
> character in ASCI, and further from the 16 and 32 bits that are used in
> various Unicodes. I still say that the place you need to start is in reading
> a book on cryptography.
> Joe
>
> "amateur" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > I'm still not convinced. I do not have to know cryptography to
> > undertstand that a RANDOM sequence is non information at all.
> > My encrypted text is RANDOM serie.
> > How could you exploit random sequence???
> >
> >
> >
> > Joseph Ashwood wrote:
> > >
> > > Honestly, I have explained it, I'm not going to explain it any more,
> read
> > > the sci.crypt FAQ, read a book on cryptography, if you still don't get
> it,
> > > then just realize that you don't get cryptography, and don't try. If you
> do
> > > get it then you will immediately realize that the only valid decryption
> of
> > > your example was in fact 10011001, and that attempting to fix this
> problem
> > > is useless. To reiterate please read a book on cryptography, please read
> the
> > > sci.crypt FAQ, both will explain in great detail just exactly why your
> > > algorithm is completely useless.
> > > Joe
> > >
> > > "amateur" <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]...
------------------------------
From: amateur <[EMAIL PROTECTED]>
Subject: Re: Question about coding
Date: Thu, 22 Mar 2001 17:30:04 -0400
Card(M) = n => n different values.
That's what I mean.
If I have 1526314 characters in my plain-text I have 1526314
representations. Bijective function.
So in this case is yes or no?
I think yes.
Tom St Denis wrote:
>
> "amateur" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > If I code every character of plain-text with specific value before
> > encryption, the grammatical structure of my plain-text will be
> > impossible to guess. Yes or not?
> >
> > I think yes.
>
> Sorta... to no.
>
> You have described a monoalphabetic cipher. The order-0 frequency analysis
> of the ciphertext could reveal the probable message.
>
> Tom
> http://tomstdenis.home.dhs.org
------------------------------
From: "John L. Allen" <[EMAIL PROTECTED]>
Subject: Re: Most secure way to add passphrase verification to "CipherSaber"
Date: Thu, 22 Mar 2001 22:10:20 GMT
Joseph Ashwood wrote:
> "SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Question is since ciphersaber is meant to be simple what
> > Hash would you use?
>
> SHA-1 would seem to be a good choice. It is fairly simple, although not
> nearly as simple as RC4, and it is secure. It might not be the best option,
> I haven't taken a close look at the complexity of many hash functions (it's
> only important to me that it gets done right once).
> Joe
Doesn't anyone like MD2 anymore? Granted it's dog slow, but it's very
rc4-like to code, involving only additions mod 256 (see perl code for
an md2 sub that hashes a dingle data argument below - it's not even
that obfuscated :-) Is MD2 no longer secure? My AC says there were
no attacks against it, thought that was in 1996.
=========
use integer;
my @sbox = (
41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
31, 26, 219, 153, 141, 51, 159, 17, 131, 20
);
sub md2 {
my ($data) = @_;
my ($l, $r, $p) = (0, 0, 0);
my (@x) = (0) x 16;
my (@checksum) = (0) x 16;
do {
my $piece = substr $data, $l, 16;
$l += ($r = length $piece);
$piece .= chr(16-$r) x (16-$r)
if $r<16 && !$p++;
@x[16..31] = unpack 'C16', $piece . "\0"x16;
for (my $t = $checksum[15], my $i = 0; $i < 16; $i++) {
$t = ($checksum[$i] ^= $sbox[$x[$i+16] ^ $t]);
}
@x[32..47] = map $x[$_] ^ $x[$_+16], 0..15;
my $t = 0;
for my $i (0..17) {
$t = ($_ ^= $sbox[$t]) for @x;
($t += $i) &= 0xff;
}
$data .= pack 'C16', @checksum
if $p && $p++ == 1;
} while $p != 3;
pack 'C16', @x;
}
------------------------------
From: "John L. Allen" <[EMAIL PROTECTED]>
Subject: Re: Most secure way to add passphrase verification to "CipherSaber"
Date: Thu, 22 Mar 2001 22:14:56 GMT
I, "John L. Allen" wrote:
> Doesn't anyone like MD2 anymore? Granted it's dog slow, but it's very
> rc4-like to code, involving only additions mod 256 (see perl code for
> an md2 sub that hashes a dingle data argument below - it's not even
> that obfuscated :-) Is MD2 no longer secure? My AC says there were
> no attacks against it, thought that was in 1996.
Of course MD2 also uses xor - sorry 'bout that.
John.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
