Cryptography-Digest Digest #984, Volume #13 Fri, 23 Mar 01 20:13:01 EST
Contents:
Re: Idea (SCOTT19U.ZIP_GUY)
I am interested in technologies to make NSA's listeners crazy when they listen
secretly other people's phone conversations ... ([EMAIL PROTECTED])
Just an example how unintelligent some people are who create ads for networking
companies ... this was for Radware ([EMAIL PROTECTED])
Re: What happens when RSA keys don't use primes? (William Hugh Murray)
Re: Is Evidence Eliminator at all useful ?? ("Ryan M. McConahy")
Re: Crack it! (Mok-Kong Shen)
Data dependent arcfour via sbox feedback (Ken Savage)
Re: Same sender : "amateur" and "br" (SCOTT19U.ZIP_GUY)
Re: the classified seminal 1940 work of Alan Turing? (Frank Gerlach)
Re: Verisign and Microsoft - oops (Vernon Schryver)
Re: Is Evidence Eliminator at all useful ?? (David Schwartz)
Re: Speed of factoring (Ian Goldberg)
Re: Crack it! (amateur)
Re: the classified seminal 1940 work of Alan Turing? (Frank Gerlach)
Re: Idea ("Joseph Ashwood")
Re: Open Source Implementations of PGP (Peter Harrison)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Idea
Date: 23 Mar 2001 22:35:00 GMT
[EMAIL PROTECTED] (amateur) wrote in <[EMAIL PROTECTED]>:
>I exposed my idea. ok.
>If those who are thinking it's useless, I will post two messages to
>break using the same algo I exposed in posts "Idea" and "fast and easy".
>If they think that it is easy to break, I ask them just to try.
>I followed all advises in sci.crypt FAQ. I'm not sending any encrypted
>message without presenting my algo. That is not fantacy. I hope they
>will decrypt it.
>I'll send it today.
>
Maybe I missed something WHERE IS YOUR POST OF THE ALGORITHM
I DON'T SEE IT???
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.2600,alt.politics.org.cia,alt.security
Subject: I am interested in technologies to make NSA's listeners crazy when they
listen secretly other people's phone conversations ...
Date: 23 Mar 2001 22:44:06 GMT
This would be great ... this would teach a lesson to them .... actually I
think that they may have implemented programs to minimize this risk ... well
I think that it is quite adventurous technology initiative .... good for
their mental states ....
----- Posted via NewsOne.Net: Free (anonymous) Usenet News via the Web -----
http://newsone.net/ -- Free reading and anonymous posting to 60,000+ groups
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.2600
Subject: Just an example how unintelligent some people are who create ads for
networking companies ... this was for Radware
Date: 23 Mar 2001 22:40:44 GMT
They sell some intelligence internet traffic management tools and applications
solving some enterprise issues and monitoring requirements. www.radware.com
Any way .. they had one ad in one networking / internet publication I picked
up recently in California and it has a rabbit and a turtle in the starting
line. I suppose the rabbit was meant to be Radware. However, when you study
this ad and a photo in detail you see that the footprints behind this rabbit
are not really the footprints of a real rabbit but just marks of a dead
rabbit that was then placed to this starting line to compete with this
turtle. (Anybody who has the background of mine knows what are real
footprints of a rabbit.) So which one shall win - a living turtle or a dead
rabbit (a product that is dead on arrival). This is just a question for you
and it is just one of many observation I have made when I have reviewed
hundreds of pages of technical publications and materials. Based on this
analysis I think that the people who created this ad were quite
unintelligent.
So that's that .....
Markku from Miami
Markku J. Saarelainen
Independent Consultant
Independent Representative of Finland
----- Posted via NewsOne.Net: Free (anonymous) Usenet News via the Web -----
http://newsone.net/ -- Free reading and anonymous posting to 60,000+ groups
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: What happens when RSA keys don't use primes?
Date: Fri, 23 Mar 2001 22:43:50 GMT
Gene Styer wrote:
> In article <[EMAIL PROTECTED]>, Hard <[EMAIL PROTECTED]> wrote:
> >On Wed, 21 Mar 2001 10:40:09 GMT, "Mxsmanic" <[EMAIL PROTECTED]>
> >wrote:
> >
> >>"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
> >>news:[EMAIL PROTECTED]...
> >>
> >>> In my humble understanding this is all a
> >>> probability issue. If the chance that the
> >>> 'believed' primes being composite is
> >>> sufficiently small, then it can be justified
> >>> that one takes the risk of the vulnerability.
> >>
> >>I understand that. I just don't understand exactly what the
> >>"vulnerability" actually is. Will the encryption/decryption
> >>systematically break? Or will it break only occasionally, for certain
> >>plaintexts or ciphertexts? Or will it work fine, but become very
> >>vulnerable to cryptanalysis? Or something else?
> >>
> >
> >That is a question I've had, too. You described it well. I wonder if
> >any will answer it as clearly as it was posed?
>
> Well, I decided to do a quick test:
> p = 15 (ok, I know this isn't prime, but this is only a test...)
> q = 7 (we'll let this one be prime)
> n = 105
> e = 5 (need d relatively prime to 14*6=84)
> d = 17 (need d*e==1 mod 84)
>
> using bc:
> (10^5) % 105 = 40 (40^17) % 105 = 10
> (18^5) % 105 = 93 (93^17) % 105 = 18
>
> So my guess would be that having a non-prime will still work,
That is my understanding.
> but that it
> would be easier (but not easy) to factor n and thus determine d.
In part, what we mean when we say that it is difficult to factor a composite
number is that it has a minimum number of factors. Said another way, the more
factors a number has, the easier it is to find them. If a number is large and
has only three factors, those may still be difficult to find.
>
>
> Eugene Styer
> [EMAIL PROTECTED]
------------------------------
From: "Ryan M. McConahy" <[EMAIL PROTECTED]>
Subject: Re: Is Evidence Eliminator at all useful ??
Date: Fri, 23 Mar 2001 17:07:47 -0500
Eric Lee Green wrote in message ...
<snip>
>Well, us Americans tend to think the Cannucks are too polite to play
>such games. Ever saw that hilarious movie "Canadian Bacon", where
>Alan Alda played the President of the United States upset because the
>end of the cold war left him with no enemies to fight?
I saw that! That was funny. LOL!
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Crack it!
Date: Fri, 23 Mar 2001 23:49:57 +0100
Jeffrey Williams wrote:
>
> You might want to consider reposting your challenge with a description of
[snip]
OP's scheme is a special case of homophone substitutions.
A bit has 0/1, so there are two symbols. Each symbol has
a corresponding set of homophones. Thus e.g. 0 corresponds
to {g1, g2, .. gm} and 1 corresponds to {h1, h2, ... hn}.
During the substitution, the homophnes can be selected
arbitrarily, e.g. with the aid of a PRNG. That's it. There
is nothing new of his idea. As I already said (twice)
previously, bit homophones was shown as a special case of
a more general concept discussed in an article posted
by me in the group last year. I sent a copy of that to
OP. But he apparently didn't read the relevant paragraph
or misunderstood the matter, so that he later posted a
follow-up, erroneously claiming that his method were
different, i.e. not covered by my article.
M. K. Shen
------------------------------
From: Ken Savage <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.research
Subject: Data dependent arcfour via sbox feedback
Date: 23 Mar 2001 14:53:51 -0800
I'm considering the following modification to the encryption phase of
arcfour, but have concerns over the security of the results:
for( i = 0; i < len; i++ ) {
x = (x + 1) & 255;
y = (y + sbox[x]) & 255;
swap( sbox[x], sbox[y] );
data[i] ^= sbox[(sbox[x] + sbox[y]) & 255];
// The following are new:
data[i] ^= c;
c ^= sbox[data[i]];
}
'c' is initialized to zero in the key phase. The decryption
algorithm is obviously different than the encryptor, but that's
not a problem...
What I'm unsure of is if the feedback step provides additional
knowledge of the state of the sbox in the output stream, and
hence diminishes the security of the arcfour.
Any thoughts? Replies via newsgroup or email -- I read both :)
Cheers!
Ken
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Same sender : "amateur" and "br"
Date: 23 Mar 2001 22:47:20 GMT
[EMAIL PROTECTED] (amateur) wrote in <[EMAIL PROTECTED]>:
>I'm very sorry if If I changed my name.
>"br" is the name of my brother.
>So "br" and "amateur" are one sender.
>My initials are B.M.
>
>Thank you.
If I were you I would stick with the nick "amateur" since
B.M. is a common expression for Bowel Movement and it might
renforce the thought that your stuff is crap.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: the classified seminal 1940 work of Alan Turing?
Date: Sat, 24 Mar 2001 01:34:51 +0100
Mok-Kong Shen wrote:
>
> My knowledge of mathematical logic is too meager to argue.
> But isn't it that Goedel's imcompleteness theorem puts up
> only a rather (in meaning) 'restricted' statement
> concerning predicate calculi of higher order and as such
> probably could not be applied (generalized) to deals with
> matters like 'efficiency'? (I mean it deals only with
> 'possibility'/'impossibility'.)
Goedel proves that it is impossible to unify all conceivable mathematic
theories. This means that an efficiency statement based on one
theory/approach, which might even be proven, might not be true for a different
theory.
Very simple example: use a broad-band receiver and look at the signal in the
time domain. You will see only very complex noise. Look at it in the frequency
domain, you will see quite some peaks, which represent radio signals. Now you
only need to filter the frequency you are interested in and transform it back
into the time domain. That is what you radio or TV does.
With CDMA mobile phones, it is quite the opposite: They use the same frequency
band, but do some time-domain correlation.
Other very interesting domains are used for Wavelet Transformation.
You can see, depending on the mathematical framework/theory (fourier-,
wavelet-transform or simple time domain), information can be extracted, which
seems not to exist in another domain.
The same is with differential or linear cryptanalysis(although you might not
consider them "theories"): If you don't know them, you cannot strengthen your
S-Boxes against them.
> Are you claiming that
> people e.g. in NSA are employing a different kind of
> mathematics than is employed (or understood/known) by the
> public? Thanks.
Spook agencies heavily depend on the diversity and good skills of university
graduates (such as Oxford grads). The difference is that their mathematicians
will not publish anything, regardless how interesting. For example, CESG (the
the codemaker arm of GCHQ) discovered RSA *first* (calling it "Non Secret
Encryption"), but published it only in 1997 (87?) (see www.cesg.gov.uk).
Until that time, they basically put it into the "poison chamber", in order not
to give competing agencies an advantage.
Public Key Crypto might not be a "theory", but it is a giant leap forward in
crypto. Imagine what else they still have in the "poison chamber"....
Just look at Turing's work - it was ground-breaking in many ways, and a large
part of it was done at GCCS (the predecessor of GCHQ).
On the other hand, working for your whole live for the spooks is most probably
very unsatisfactory to a good mathematician, because you cannot publicize and
discourse is limited to other spook mathematicians. Different in wartime, of
course..
The bottom line seems to be that they employ a large number of excellent
mathematicians, and all their work remains secret (maybe not to the KGB,
though). As mathematicians from time to time invent a new theory, it is
inevitable that they have some "secret mathematics", along with lot of
analysis tools for symbolic math and lots of other equipment/software
designed on their own (all secret, of course).
Just check the job descriptions on www.gchq.gov.uk or www.nsa.gov to see what
they are doing.
I found the signals/hardware engineering sections especially enlightening :-)
All that can be "re-invented" by non-spook mathematicians, but as long as it
isn't, it remains they little secret theory/method.
>
>
> M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Vernon Schryver)
Subject: Re: Verisign and Microsoft - oops
Date: 23 Mar 2001 16:38:25 -0700
In article <[EMAIL PROTECTED]>, Deano <[EMAIL PROTECTED]> wrote:
> ...
>The fact verisign 'discovered' the mistake is a public statement. I
>would be interested to know why a CA would spend more time/effort
>checking a decision to issue class-3 certs AFTER the fact than before ?.
>Perhaps we aren't getting the whole story ?
> ...
>> Can we say "duh". Which is why CA doesn't work.
The whole story includes the fact that few would buy a certificate
based on enough effort spent on verifying the identity of the
applicant to make the certificate worth paying attention to.
It takes more than $200 to ensure that I speak for rhyolite.com and that
I am me. Consider the cases where someone would pay that cost plus the
costs to operate the servers plus a profit to justify a $33/share price
for a stock that lost $19/share and has a mysterious book value (at least
to http://www.quicken.com/investments/stats/?symbol=VRSN ). Don't all of
those cases have cheaper and more secure alternatives, such as exchanging
keys in person?
Vernon Schryver [EMAIL PROTECTED]
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: Is Evidence Eliminator at all useful ??
Date: Fri, 23 Mar 2001 15:54:51 -0800
Tom St Denis wrote:
> > > You think I can't recognize an FBI/CIA/KGB stooge when I see one?
> > Well darn. I keep forgetting that the FBI, CIA, and KGB are actively
> > recruiting geeky subversive school teachers :-). Now where's my dark
> > sunglasses and secret decoder ring.... (shuffle shuffle shuffle....).
> How does one group two US firms with one russian? What about the cannucks?
Man are you naive! Don't you understand that they created the KGB in
order to justify their large budgets and need for snooping? It's the
same reason they planned Pearl Harbor. What better way to convince the
country to go to war?
DS
------------------------------
From: [EMAIL PROTECTED] (Ian Goldberg)
Subject: Re: Speed of factoring
Date: 24 Mar 2001 00:04:58 GMT
In article <99di7n$hte$[EMAIL PROTECTED]>,
Bill Unruh <[EMAIL PROTECTED]> wrote:
>In <[EMAIL PROTECTED]> Soeren Gammelmark <[EMAIL PROTECTED]> writes:
>
>>Hi
>
>>Yeasterday I read in Applied Cryptography, that the time-estimate of the
>>fastest variants of the quadratic sieve was
>>e^((1+0(1))ln(n)^(1/2)ln(ln(n))^(1/2))
>>What I don't understand is the 0(1)? Is it really zero multiplied with
>
>The is the capital letter Oh, not the number zero. It means Order 1--
>some function which is bounded as n->infinity.
Actually, if I remember correctly, the exponent *actually* starts with
"(1 + o(1))" <-- "little o", not "big O".
1+o(1) is a function that approaches exactly 1 as n->infinity.
(Since o(1) is a function which approaches 0 as n->infinity.)
"[Note that "1+O(1)" doesn't make sense; it's the same as "O(1)".]
- Ian
------------------------------
From: amateur <[EMAIL PROTECTED]>
Subject: Re: Crack it!
Date: Fri, 23 Mar 2001 19:01:54 -0400
Try to decrypt it if it is no new idea.
Give me explicit reference to substitution of bits not a group of bits.
Only one.
If it is not new.
Give me only one reference concerning send any message via network using
M=f(k)
You were talking about a group of bits not a single bit.
If you interpret the Bible or the Quran or the Vedas you will find the
idea of DES encryption.
I want a clear reference to be convinced.
There is no erroneous claiming.
I will send thousands of new ideas you don't even imagine.
Thank you sir.
Mok-Kong Shen wrote:
>
> Jeffrey Williams wrote:
> >
> > You might want to consider reposting your challenge with a description of
> [snip]
>
> OP's scheme is a special case of homophone substitutions.
> A bit has 0/1, so there are two symbols. Each symbol has
> a corresponding set of homophones. Thus e.g. 0 corresponds
> to {g1, g2, .. gm} and 1 corresponds to {h1, h2, ... hn}.
> During the substitution, the homophnes can be selected
> arbitrarily, e.g. with the aid of a PRNG. That's it. There
> is nothing new of his idea. As I already said (twice)
> previously, bit homophones was shown as a special case of
> a more general concept discussed in an article posted
> by me in the group last year. I sent a copy of that to
> OP. But he apparently didn't read the relevant paragraph
> or misunderstood the matter, so that he later posted a
> follow-up, erroneously claiming that his method were
> different, i.e. not covered by my article.
>
> M. K. Shen
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: the classified seminal 1940 work of Alan Turing?
Date: Sat, 24 Mar 2001 01:54:12 +0100
from www.nsa.gov:
"Will I still be able to publish my work?
Publishing is important to all serious mathematicians. NSA provides ample
opportunity to inform your contemporaries of your work.
The in-house publication, Cryptologic Quarterly, is one such forum. Because of
the nature of the work, however, publications outside the NSA community must
be cleared through our public information office. This is also true after you
leave our employ, but only for work directly related to your research at NSA.
And of course, any classified techniques you are involved with cannot be
reported. "
Translates to: everything significant remains in the black hole.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Idea
Date: Fri, 23 Mar 2001 15:46:33 -0800
"amateur" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I'm just trying to understand. I proposed algo to encipher. Some think
> that is easy to crack. I tell them crack it.
> Why treating with scorn a simple algo proposed by an amateur?
Do you really need me to post the method a third time? You've been told your
algorithm is broken, you were given the algorithm to do it. You continue to
deny that it is breakable.
> I'm very patient. If it takes a year to be cracked no problem. I'll wait
> until someone give a solution.
No one worth it will bother to crack your challenge for several good
reasons:
1) There's no glory in it
2) There's no money in it
3) You've already been told how to break it
4) It's not a widely used algorithm (which is related to 1)
5) It was designed by an amateur that can't even recognise that his
algorithm has already been broken
Your attempts to make it appear like a decent algorithm are simply false,
and anyone with any amount of intelligence that thinks about the problem
from an unbiased view will recognise it as such.
Joe
------------------------------
From: [EMAIL PROTECTED] (Peter Harrison)
Subject: Re: Open Source Implementations of PGP
Date: Sat, 24 Mar 2001 01:04:47 GMT
On Fri, 23 Mar 2001 23:12:10 +0100, "Henrick Hellstr�m"
<[EMAIL PROTECTED]> wrote:
>"Tony L. Svanstrom" <[EMAIL PROTECTED]> skrev i meddelandet
>news:[EMAIL PROTECTED]...
>> Peter Harrison <[EMAIL PROTECTED]> wrote:
>> Took a look at your pages and... well... it's basically the same as I've
>> been working on, and... well... messing with PGP will just slow you
>> down. Do like me and create a good from scratch-solution (BTW, I'll
>> release this as open source too, when I have the time).
>
>
>I agree. Messing with other peoples code might be educational and perhaps an
>evil bad if you want your software to be compatible with others. Otherwise
>it is best to start from scratch.
I have already written a working implementation of secure email -
which is at Sourceforge. Its written in Delphi.
The problem with PGP is that it isn't very well suited for 'dumb
developers'. By dumb I mean developers like me who want to implement
a solution incorporating secure email without having to become maths
professors.
PGP currently allows too many decisions - ie what algorithms to use,
key sizes for the various algorithms, and suchlike. Thats nice if you
know anything about security - but if you just want something to drop
into your application this isn't so good.
There are also things that PGP (GnuPGP for example) just doesn't do -
the big weakness is automatic key discovery. Imagine that whenever
you sent an email your email client looked up the recipient on a
server on a Trust Network and downloaded the approapriate key from the
Trust Network. If no key is found the user is warned that no key was
found, and confirms that the email is to be sent in the clear. The
DEFAULT will be to send encrypted email ALL THE TIME.
The same goes for receiving email - when it is received any signature
in the email is authenticated by pulling down the senders key from a
server on the Trust Network.
The Trust Network is a network of servers which share keys. When you
send your public key to a server on the Trust Network it distributes
that key to a number of other servers. Its a bit like a distributed
database - except that there is a continuous connection between server
peers verifying keys. If a key is found to be corrupted by a peer a
discussion takes place to determine the correct key, and the error is
corrected.
If the corrupt server refuses to correct the error - due to being
hacked or whatever - the server is removed from the network.
When I use the term "Trust NetworK" I simply mean that you can trust
that the owner of a certain Email Address is attached to a certain
Public Key. I am not trying to create "Trust" in the same sense a
Certificate Authority is.
The objective with the trust network is to make Key Distribution
invisible to the user - not nessasarily more secure. The idea is that
by making encryption easier for users it will make encryption more
common.
While I have my own implementation I want to move toward being at
least partially compatible with PGP (ie supporting a subset of the
algorithms, using the same packet formats). These libraries will also
incorporate XML parsers to process business documents, and facility to
send email directly using SMTP. I am also looking at using Jabber as
a transport.
Jabber could also be modified to handle the 'Trust Network' concept I
suspect - Jabber is an XML based Instant Messaging system by the way.
Anyway, if you are interested in joining the effort, visit my pages at
http://idtrans.sourceforge.net
http://www.devcentre.org
or contact me at [EMAIL PROTECTED]
Regards,
Peter Harrison
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
