Cryptography-Digest Digest #980, Volume #13 Fri, 23 Mar 01 14:13:01 EST
Contents:
Re: Question about coding (amateur)
Re: Question about coding (amateur)
Re: redodancy (amateur)
Re: NSA in the news on CNN (John Hairell)
Re: NSA in the news on CNN (John Hairell)
Re: the classified seminal 1940 work of Alan Turing? (SCOTT19U.ZIP_GUY)
Re: What the Hell...Here's what my system can do at it's best... (SCOTT19U.ZIP_GUY)
Czech attack on PGP ("Brice Canvel")
on-card key generation for smart card (Chenghuai Lu)
Re: Czech attack on PGP (Florian Weimer)
Re: Czech attack on PGP (Florian Weimer)
Re: Verisign and Microsoft - oops (Deano)
Input desired. ("Frog2000")
Re: Idea (amateur)
Re: Dr Rabin's "unbreakable" code (Tony L. Svanstrom)
Re: Open Source Implementations of PGP (Tony L. Svanstrom)
----------------------------------------------------------------------------
From: amateur <[EMAIL PROTECTED]>
Subject: Re: Question about coding
Date: Fri, 23 Mar 2001 12:11:42 -0400
That's not my question?
It hides a grammatical structure of the plain-text or not?
So how could you crack it if every single character has a single and
unique representation?
how could crack "hello" if it's represented by 23.35.43.86.12?
"Douglas A. Gwyn" wrote:
>
> amateur wrote:
> > I replace I by 25
> > w by 26
> > a by 27
> > n by 28
> > t by 29 etc...
> > So if I have 3 "a" in my plain text, I have three values i.e
> > respectively 23, 76, 89
>
> Not new, and certainly not uncrackable.
> For an example using numbered initial letters of words,
> look up the Beale treasure papers.
------------------------------
From: amateur <[EMAIL PROTECTED]>
Subject: Re: Question about coding
Date: Fri, 23 Mar 2001 12:13:42 -0400
I have a trick to retrieve it.
It's a long algo. But it's still not my question.
This type of substitution hide or not the grammatical structure.
That's my question.
"David Formosa (aka ? the Platypus)" wrote:
>
> On Thu, 22 Mar 2001 17:18:11 -0400, amateur <[EMAIL PROTECTED]> wrote:
> >Sample
> >
> >Suppose I want to encrypt
> >"Iwanttoencrypt"
> >I replace I by 25
> > w by 26
> > a by 27
> > n by 28
> > t by 29 etc...
> >
> >Every Char (i) is replaced by specific number.
> >Not every kind of character
>
> How does the system know what number corrasponds to what character?
>
> --
> Please excuse my spelling as I suffer from agraphia. See
> http://dformosa.zeta.org.au/~dformosa/Spelling.html to find out more.
> Free the Memes.
------------------------------
From: amateur <[EMAIL PROTECTED]>
Subject: Re: redodancy
Date: Fri, 23 Mar 2001 12:18:01 -0400
?
If I assign to each of n characters of my plain-text ( my plain-text has
n characters), n different values or symbols, I remove redundancy.
Suppose plain-text "aaaaaoooo" I code 12345678. Did I remove redundancy?
Yes or no?
dexMilano wrote:
>
> if you have "A" you can use "!" to transcode.
> in this way if you have "AAAA" you can use "!!!!". this is
> transcodification.
> if you have "AAAA" and you can manage "4A" this is compression (without
> transcodification).
>
> I hope this make sense.
>
> dex
>
> "amateur" <[EMAIL PROTECTED]> ha scritto nel messaggio
> news:[EMAIL PROTECTED]...
> > Transcodification eliminate redundancy.
> > So, what is a difference?
> >
> >
> > dexMilano wrote:
> > >
> > > This doesn't remove redodancy. It's a transcodification.
> > > dex
> > > "amateur" <[EMAIL PROTECTED]> ha scritto nel messaggio
> > > news:[EMAIL PROTECTED]...
> > > > Simple. You assign specific code to every character.
> > > > It's easy.
> > > >
> > > >
> > > > dexMilano wrote:
> > > > >
> > > > > Is there some simple algoritm to remove redodancy in text?
> > > > > I tried ZIP but it's too heavy.
> > > > >
> > > > > Thx
> > > > >
> > > > > dex
------------------------------
From: [EMAIL PROTECTED] (John Hairell)
Subject: Re: NSA in the news on CNN
Date: Fri, 23 Mar 2001 17:14:47 GMT
On 23 Mar 2001 02:54:19 GMT, [EMAIL PROTECTED] (Will Janoschka)
wrote:
>>
> What makes you think that Air America is 'defunct'??
> -will-:@)
>
Because there is no large international air carrier flying out of any
airport in the world with a bunch of aircraft with the name "Air
America" painted on them.
And because all of the AA material has been archived in Texas.
There IS an American company named Air America, but it isn't the old
company.
Covert air operations continue, but what companies are involved I
certainly wouldn't divulge on the internet, even if I knew who they
were, although I don't.
I know nothing, as the sergeant used to say on "Hogan's Heros".
John Hairell ([EMAIL PROTECTED])
------------------------------
From: [EMAIL PROTECTED] (John Hairell)
Subject: Re: NSA in the news on CNN
Date: Fri, 23 Mar 2001 17:31:54 GMT
AA has an association and their website is at
http://www.air-america.org/
John Hairell ([EMAIL PROTECTED])
On Fri, 23 Mar 2001 04:48:30 GMT, [EMAIL PROTECTED] (Tony L.
Svanstrom) wrote:
>Will Janoschka <[EMAIL PROTECTED]> wrote:
>
>> On Thu, 22 Mar 2001 19:43:57, [EMAIL PROTECTED] (John Hairell)
>> wrote:
>>
>> > The best known of many proprietaries is of course the now-defunct Air
>> > America.
>> >
>> >
>> What makes you think that Air America is 'defunct'??
>
>Where's the best information on the Net regarding Air America - anyone?
>
>
> /Tony
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: the classified seminal 1940 work of Alan Turing?
Date: 23 Mar 2001 17:38:05 GMT
[EMAIL PROTECTED] (Henrick Hellstr�m) wrote in
<99ft0t$1m4$[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> skrev i meddelandet
>news:[EMAIL PROTECTED]...
>> [EMAIL PROTECTED] (Henrick Hellstr�m) wrote in
>> <99fll7$nhc$[EMAIL PROTECTED]>:
>[snip]
>> >Correspondingly, a known plain text brute force attack might be made
>> >to fail by having each combination of m-bit plain text and l-bit
>> >cipher text correspond to more than one key. This will obviously not
>> >work for arbitrarily large numbers m, l, but might there not be such
>> >a cryptosystem such that n < m, n < l?
>>
>> Obviously one can make a twisted system where if certain S-table
>> values changed so if the know plain text just happens to be the
>> wrong values then it could be quite long.
>
>The first thing that came into my mind was not really something
>"twisted", but a simple monoalphabetic substitution cipher: 26! <
>26**19, so a message longer than 18 characters is longer than the key,
>and if it is shorter than 25 characters, then by the pigeon hole
>principle it can't be brute forced even if the plain text is known.
>
But this is not really the case you should not think of the
character as being 8 bits. If your input set is only 26 characters
then solve 2**x = 26 for the number of bits in a character.
And in this case you only need a string of 25 different charcters
to define the unique key.
If your going to use ascii there is really 256 symbols in the
character set or 256! combinations and a you more than
18 characters to solve this problem. But the again the key needed
to define all such mappings is quite long.
Scott19u uses a single cycle s-table of 19 bits and allows
for every possible single cycle s-table. To solve for a unique
mapping of a single cycle s-table only 19 bits long would require
over one million bytes of plain text with match cipher text.
But then again it allows you to use a key of over a million bytes.
>
>[snip]
>> For that matter is RIJNDEAl a single cycle S table. If not what
>> are the largest number of cycles possible. I think these questions
>> would be of interest to those studying the cipher. But maybe no
>> one knows. Or no one is telling.
>
>There ought not be any short cycles if Rijndael is to be used in OFB
>mode. So if noone knows then someone is bound to find out the hard way.
>But isn't this question answered by the official documentation?
If it is I am not aware of it. Many complaints about my
cipher is that it was a single cycle s-table. Many belive that
a general cipher is more secure if it has a few cycles but
all of them large. And the lengths would vary depending on the
key. But use of OFB mode would be weakened if not a single cycle.
However this is the kind of thing real analysis should be done on.
The NSA may have done such work but I doubt if any open public
analysis along these lines as been done since it would require
real work on Rijndael its designed for short key and speed. Having
real secruity as would be required for SECRECT government stuff
was not a concern. After all if Ben Laden uses it in a blessed
form the NSA would need to read it.
>
>
>--
>Henrick Hellstr�m [EMAIL PROTECTED]
>StreamSec HB http://www.streamsec.com
>
>
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: What the Hell...Here's what my system can do at it's best...
Date: 23 Mar 2001 17:52:12 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in
<[EMAIL PROTECTED]>:
>
>I have to say that the above has all the earmarks of a quack,
>whether or not it really is quackery. If you have a good new
>idea, instead of telling us what its consequences might be
>(remember cold fusion?), tell us how it works. You will have
I still remember COLD FUSION. I attended 2 seperate lectures
at China Lake. Where DR MILES described his results of his
double blind tests. If my memmory serveres my right even though
his work was more in his spare time and thus free to tax payers
pompous assholes over him in government ordered him not to do
more work.
I was hoping it turns out like the Closed air rebreathers
that divers use for dinving that don't release bubbles. The
navy spent a fortune trying to get it to work and failed. Then
some nobody in his own garage got it to work. The government
would not listen to him. But he was right.
Cold fusion could be like that. Yes there is a lot of
quacks trying to cash in on it but that still does not mean
Dr Miles had it wrong. I still think COLD FUSION works I trust
the work done at Chine Lake. To bad the lab is not like the
old days. I remember working on a missle project where some
asshole with conections told us we had to take companys X's
componet for a certain part. We tested it and it was shit so
we used componet Y from another company. At least in the early
days getting it right was enough. Now its all bull shit and CYA.
>established through publication your priority of invention,
>which would be important in any patent challenge. One thing
>is sure: only a fool would pay for the information knowing no
>more than you have said so far.
>
That said I think the guy you quoting is a quack since he
braggs about system but tells nothing so is very likely a
pack of lies.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Brice Canvel" <[EMAIL PROTECTED]>
Subject: Czech attack on PGP
Date: Fri, 23 Mar 2001 18:20:26 -0000
Hi,
Has anyone tried the attack discovered by the Czech company on PGP ? The
English version is now available on their web site. I had a go at it and
modified my secret key ring as mentioned but it is not seen as being a valid
key anymore. However, i am not sure how to calculate the second and third
byte in the secret key file.
Could anyone help please ?
Regards,
Brice.
P.S.: This is the link to the article in English
http://www.i.cz/en/pdf/openPGP_attack_ENGvktr.pdf
------------------------------
From: Chenghuai Lu <[EMAIL PROTECTED]>
Subject: on-card key generation for smart card
Date: Fri, 23 Mar 2001 13:28:06 -0500
Could anybody tell me the average time of on-card 1024-bit RSA key
generation for the best smartcard application.
Thanks.
=============
-Chenghuai Lu ([EMAIL PROTECTED])
------------------------------
From: Florian Weimer <[EMAIL PROTECTED]>
Subject: Re: Czech attack on PGP
Date: 23 Mar 2001 19:32:47 +0100
"Brice Canvel" <[EMAIL PROTECTED]> writes:
> However, i am not sure how to calculate the second and third
> byte in the secret key file.
It's the packet header for the embedded public key packet. The format
is documented in RFC 2440.
------------------------------
From: Florian Weimer <[EMAIL PROTECTED]>
Subject: Re: Czech attack on PGP
Date: 23 Mar 2001 19:33:38 +0100
"Brice Canvel" <[EMAIL PROTECTED]> writes:
> However, i am not sure how to calculate the second and third
> byte in the secret key file.
They are part of the packet header. The format is documented in RFC
2440.
------------------------------
From: Deano <[EMAIL PROTECTED]>
Subject: Re: Verisign and Microsoft - oops
Date: Fri, 23 Mar 2001 18:30:57 +0000
When you say CA doesn't work what exactly are you referring to ?
The problem with Microsoft/Verisign is that they are too far up each
others insides to smell the air. I do not know why that is the case, but
I understood the root CA embedding microsoft does in it OSs was based on
strict adherance to published rules by the CA in question, AND that
microsoft have verified (and continue to verify) said CAs operations.
The parties involved in this story:
Verisign - a CA of dubious standards (now proven) who do not abide by
X509 standard and include CRL DP's in their code (class-3, maybe more -
I haven't checked yet) signing certificates,
Microsoft - a non-technology based 'trusted root' (their OS has the
final control over which CAs are trusted or not) of dubious standard
(now proven) who cannot enforce CAs in the 'microsoft' hierarchy to
abide by set rules.
The answer:
- REMOVE microsoft/netscape/other OS vendors from the trust issue (then
worry about finding an independant trusted third party)
- Remove verisign from all trusted root stores as they have now proven
incompetence on two fronts (standards and procedures).
The fact verisign 'discovered' the mistake is a public statement. I
would be interested to know why a CA would spend more time/effort
checking a decision to issue class-3 certs AFTER the fact than before ?.
Perhaps we aren't getting the whole story ?
Comments ?
>
> "Mathew Hendry" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > From
> >
> > http://www.microsoft.com/technet/security/bulletin/MS01-017.asp
> >
> > | ...
> > | Technical description:
> > | VeriSign, Inc., recently advised Microsoft that on January 29 and 30,
> 2001,
> > | it issued two VeriSign Class 3 code-signing digital certificates to an
> > | individual who fraudulently claimed to be a Microsoft employee. The
> common
> > | name assigned to both certificates is "Microsoft Corporation". The
> ability to
> > | sign executable content using keys that purport to belong to Microsoft
> would
> > | clearly be advantageous to an attacker who wished to convince users to
> allow
> > | the content to run.
> > | ...
>
> Can we say "duh". Which is why CA doesn't work.
>
> Tom
------------------------------
From: "Frog2000" <[EMAIL PROTECTED]>
Subject: Input desired.
Date: Fri, 23 Mar 2001 13:45:43 -0500
We'd like input on our "new" encryption system.
--
http://welcome.to/speechsystemsfortheblind
------------------------------
From: amateur <[EMAIL PROTECTED]>
Subject: Re: Idea
Date: Fri, 23 Mar 2001 13:42:44 -0400
I exposed my idea. ok.
If those who are thinking it's useless, I will post two messages to
break using the same algo I exposed in posts "Idea" and "fast and easy".
If they think that it is easy to break, I ask them just to try.
I followed all advises in sci.crypt FAQ. I'm not sending any encrypted
message without presenting my algo. That is not fantacy. I hope they
will decrypt it.
I'll send it today.
"Douglas A. Gwyn" wrote:
>
> amateur wrote:
> > So if I understand, should I have to be an expert crypto to
> > contribute?I'm just suggesting ideas.
> > I will never post anything.
>
> I would say you should listen and learn a topic before trying
> to contribute to it. Amateur cryptosystems are a dime a dozen,
> and every time the inventor thinks his system is unbreakable.
> While it might be possible to create a practical, unbreakable
> encryption algorithm, nobody is going to believe that it has
> that property unless it is accompanied by a convincing proof.
> I was recently taken to task in this newsgroup for proposing a
> new mode of operation for block ciphers that was motivated by
> intuition based on experience in cracking systems, because I
> did not provide such a proof. (It would be impossible to do
> so given the current state of the art.) If you meet a lower
> standard than that, expect to get flamed.
------------------------------
Subject: Re: Dr Rabin's "unbreakable" code
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Date: Fri, 23 Mar 2001 19:08:10 GMT
Collis Ta'eed <[EMAIL PROTECTED]> wrote:
> Can anyone tell me where I can get more information about the code recently
> revealed by Professor Michael Rabin. I saw an article at
> (http://www.securitywatch.com/newsforward/default.asp?AID=5955)
>
> but this doesn't really say very much. I'm an honours student and it looks
> like an interesting project to study...
>
> thanks guys
Just use a search engine, but basically this is it:
Send out a lot of random noice, make it so much noice that no one's able
to save it all for later... then you and your friend has agreed on when
to get what information from that noice as it "passes by", and then you
use that as an OTPish solution.
/Tony
--
########################################################################
I'm sorry, I'm sorry; actually, what I said was:
HOW WOULD YOU LIKE TO SUCK MY BALLS?
- South Park -
------------------------------
Subject: Re: Open Source Implementations of PGP
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Date: Fri, 23 Mar 2001 19:08:11 GMT
Peter Harrison <[EMAIL PROTECTED]> wrote:
> I am looking for people interested in writing or adapting open source
> implementations of PGP in
>
> - Delphi
> - C
> - Java
>
> to be part of an Open Source business document exchange system.
>
> My Open Source project pages are at
> http://idtrans.sourceforge.net
Took a look at your pages and... well... it's basically the same as I've
been working on, and... well... messing with PGP will just slow you
down. Do like me and create a good from scratch-solution (BTW, I'll
release this as open source too, when I have the time).
/Tony
--
########################################################################
I'm sorry, I'm sorry; actually, what I said was:
HOW WOULD YOU LIKE TO SUCK MY BALLS?
- South Park -
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
