Cryptography-Digest Digest #14, Volume #14 Mon, 26 Mar 01 13:13:01 EST
Contents:
Re: Potential of machine translation techniques? (SCOTT19U.ZIP_GUY)
Re: Kill-filter expression for script weenie (Imad R. Faiad)
Re: Data dependent arcfour via sbox feedback (Ken Savage)
Re: Data dependent arcfour via sbox feedback (Mok-Kong Shen)
Large numbers in C (512 bits or more) ("Dobs")
Re: RC4 test vectors after gigabyte output?. (Luis Yanes)
Re: Potential of machine translation techniques? (Mok-Kong Shen)
Large numbers in C ( 512 bits or more) ("Dobs")
Re: My note on 5/16/1999 -- PGP etc. ("Sam Simpson")
Re: Deny Anon Remailers access to this newsgroup (Paul Rubin)
Re: Best encryption program for laptop? (Tony L. Svanstrom)
Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Imad
R. Faiad)
Re: Deny Anon Remailers access to this newsgroup (Bill Unruh)
Re: TEA, Blowfish with non-random data? ("Mark G Wolf")
Re: Deny Anon Remailers access to this newsgroup (John Joseph Trammell)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Potential of machine translation techniques?
Date: 26 Mar 2001 16:03:58 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in
<[EMAIL PROTECTED]>:
>Volker Hetzer wrote:
>> German: Das ist eine schoene Blume.
>> English, naive: This is a nice flower.
>> Now, the context is a german looking at a glass of beer and appreciating
>> the white foam on top of the glass. This foam in a beer glass is called
>> Blume (flower). How do the english say to this? Doe they have a special
>> name for this at all?
>
>It's usually called a "head" in the US.
>However, "nice head" has other connotations, so probably
>a native US English speaker would phrase it differently.
As a native English Speaker who enjoys beer. I think
I would say "thats got a good head"
Yes most american beer drinkers apreicate good head anytime.
maybe in germany though they would reather get flowers. Or
does flower ( Blume I guess) have other connotations that
german beer drinks would appriecate.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Imad R. Faiad <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: Kill-filter expression for script weenie
Date: Mon, 26 Mar 2001 19:24:42 +0200
=====BEGIN PGP SIGNED MESSAGE=====
Greetings,
This sure nuked all script kiddie's messages :-)
Many Thanks,
Best Regards
Imad R. Faiad
On 26 Mar 2001 10:02:37 GMT, in alt.security.pgp [EMAIL PROTECTED]
(filterguy) wrote:
>A filter expression that kills the Script Kiddie posts:
>
>for (Forte) Agent:
>
>subject: (love*|need*|ask*|require*|uses*|want*|used) and from:
>(anonymous|melon|frog2|remailer|steeleye|nescio)
>
>
>For Xnews (and slrn?):
>
> Score: -9999
> Expires: 4/25/2001
> Subject: (love|need|ask|require|use(s|d)|want)
> From: (anonymous|melon|frog2|remailer|steeleye|nescio)
>
>
>fg
=====BEGIN PGP SIGNATURE=====
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: KeyID: 0xBCC31718833F1BAD
Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45
iQEVAwUBOr9fJbzDFxiDPxutAQGwfAf/d4VwZHw95nZXa0/hL+SUmYek1dxkeh8M
FC/k2ZjCGVlprEPBmqe6wqeBQ3LvVPNN1uf2wdD8dBjy6UARjAIP9Qc0Z0YqZrgD
pQBokanln2W2q5tZi1oSguVonzIXbVVElSNaKXHs3+g8M1msuCq4NnApiazOjef2
z2+gQZWBstLmYcShSQzAgN+pePMtS47GUfJSvNF7Wpfx2bnBaMiDgblC1PnAhPxJ
MxRkvZ/LQ13KSsjE50+pECHo8GDHd0ThJ1hpJQHjpenVSMuDwdCz2laIx+Wg737z
mtDrYHscabFjPMFXcHV2SF0qWxlqWp3u4/vmhd2ZOk6G++4hhbqp9w==
=qzYi
=====END PGP SIGNATURE=====
------------------------------
From: Ken Savage <[EMAIL PROTECTED]>
Subject: Re: Data dependent arcfour via sbox feedback
Date: Mon, 26 Mar 2001 16:30:52 GMT
John Savard wrote:
>
> On 23 Mar 2001 14:53:51 -0800, Ken Savage <[EMAIL PROTECTED]> wrote,
> in part:
>
> >Any thoughts? Replies via newsgroup or email -- I read both :)
>
> Making something like RC4 dependent on the plaintext will collide with
> Terry Ritter's Dynamic Substitution patent.
I had a look at: http://www.io.com/~ritter/DYNSUB.HTM
RC4 shuffles the sbox itself; the modification I've done does not
make the mixing any different. Thus, if rc4 doesn't violate the
patent, I don't see how this mod does.
Ken
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Data dependent arcfour via sbox feedback
Date: Mon, 26 Mar 2001 18:30:34 +0200
John Savard wrote:
>
> [EMAIL PROTECTED] (Terry Ritter) wrote, in part:
>
> >If "certain countries" is intended to slight the US, I just note that
> >entirely similar patent laws are in force in Europe. Dynamic
> >Substitution is not a "software patent."
>
> Furthermore, I don't think that it can be claimed that the principle
> of Dynamic Substitution was in any way embodied in the thermostat -
> or, for that matter, Watt's governor.
But underlying all these is the general idea of feedback,
i.e. using something already obtained to modify an on-going
process with the goal to improve its outcome. A block
cipher can be regarded as a substitution (of units of
size of a block) and e.g. with CBC one is modifying the
processing (substitution) of the next block. I would thus
think that that also qualify as feedback. And a LFSR
certainly has feedback, as the name already implies. This
illustrates my previous point that the general idea of
feedback is certainly well-known and prior art in crypto.
I like to mention though that I am not discussing any
specific patents and I don't have any good detailed (not
to say professional) knowledge of any US patents. But I
do think that the employee of the patent office isn't
doing a good job, if there are patents that are awarded
to processes that simply apply widely known ideas onto
some restricted given domains without additional (new)
ideas that characterize a genuine invention and that
consequently merit a reward through patent law protection.
An example in crypto is the rotation patents of Hitachi,
I suppose, which most of us got to know in relation to
the AES contest in its final stage.
M. K. Shen
===========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Dobs" <[EMAIL PROTECTED]>
Subject: Large numbers in C (512 bits or more)
Date: Mon, 26 Mar 2001 17:33:18 +0200
I was advised that if I want to use big numbers in C I should use OPENSSL
BIG NUMBERS library. How should I use this library in my program so I could
just make the declaration of my variable q( wchich I want to be large) like
this:
BIGNUM q;
Can somebody who has ever used big numbers from OPENSSL could tel me what
should I do. I found such a structre, but what more should I copy to my
program?????????????????
typedef struct bignum_st
{
BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
int top; /* Index of last used d +1. */
/* The next are internal book keeping for bn_expand. */
int dmax; /* Size of the d array. */
int neg; /* one if the number is negative */
int flags;
} BIGNUM;
------------------------------
From: Luis Yanes <[EMAIL PROTECTED]>
Subject: Re: RC4 test vectors after gigabyte output?.
Date: Mon, 26 Mar 2001 18:47:41 +0200
On 25 Mar 2001 13:53:04 -0800 [EMAIL PROTECTED] (Gregory G Rose) wrote:
>In my code, I throw away 256 outputs from RC4
>automatically as part of the keying process. This
>is to avoid the correlation of the first output
>byte(s) with key bytes, as observed first by
>Kocher I think.
I readed that good implementations discards 2**(8+1), although 2**8 seems
enought to avoid the key mix problem. Where these numbers came from?.
>So, the test vectors below apply to bytes
>256..299, and 1meg+256...
Now them match. Thanks. Took just over a couple of minutes to run the test
in the board with non optimized C code. The gigabyte test would last a
couple of days!.
73's de Luis
mail: melus0(@)teleline(.)es
Ampr: eb7gwl.ampr.org
http://www.terra.es/personal2/melus0/ <- PCBs for Homebrewed Hardware
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Potential of machine translation techniques?
Date: Mon, 26 Mar 2001 18:46:02 +0200
"Douglas A. Gwyn" wrote:
>
> Volker Hetzer wrote:
> > German: Das ist eine schoene Blume.
> > English, naive: This is a nice flower.
> > Now, the context is a german looking at a glass of beer and appreciating
> > the white foam on top of the glass. This foam in a beer glass is called
> > Blume (flower). How do the english say to this? Doe they have a special
> > name for this at all?
>
> It's usually called a "head" in the US.
> However, "nice head" has other connotations, so probably
> a native US English speaker would phrase it differently.
>
> The general issue is that correct language translation requires
> that the original be *understood*, i.e. related to the real world,
> and the constructed understanding used to re-express it in the
> target language. Good human translators, e.g. of literary works,
> routinely do this.
Very good translation is indeed difficult to obtain.
I once experienced that a professional simultaneous
(realtime) translator failed. Translation of literature
works between related languages is more likely to
succeed than between unrelated ones, I guess. Anyway,
I was disappointed in reading the translation in
German/English of a couple of books originally written
in my mother language. On the other hand, I remain to
consider that machine translation can be very valuable
in sufficiently restricted domains, particulary in
natural sciences and technology.
M. K. Shen
------------------------------
From: "Dobs" <[EMAIL PROTECTED]>
Subject: Large numbers in C ( 512 bits or more)
Date: Mon, 26 Mar 2001 18:04:46 +0200
I was advised that if I want to use big numbers in C I should use OPENSSL
BIG NUMBERS library. How should I use this library in my program so I could
just make the declaration of my variable q( wchich I want to be large) like
this:
BIGNUM q;
Can somebody who has ever used big numbers from OPENSSL could tel me what
should I do. I found such a structre, but what more should I copy to my
program?????????????????
typedef struct bignum_st
{
BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
int top; /* Index of last used d +1. */
/* The next are internal book keeping for bn_expand. */
int dmax; /* Size of the d array. */
int neg; /* one if the number is negative */
int flags;
} BIGNUM;
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: My note on 5/16/1999 -- PGP etc.
Date: Mon, 26 Mar 2001 18:03:26 +0100
Lutz Donnerhacke <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> * Tom St Denis wrote:
> >"The Alien" <[EMAIL PROTECTED]> wrote in message
> >> You're not the only one who doesn't trust Mr. Zimmermann! I don't
either.
> >
> >Name one good alternative.
>
> Werner Koch, Thomas Roessler, Adam Beck, ...
It's 'Back' rather than 'Beck': http://www.cypherspace.org/~adam/
Rgds,
Sam
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Deny Anon Remailers access to this newsgroup
Date: 26 Mar 2001 09:07:05 -0800
Frank Gerlach <[EMAIL PROTECTED]> writes:
> I cannot find a good reason why anon remailers should be allowed to
> post to sci.crypt. If someone needs pseudo-anonymity, just change your
> name in the news client.
> That should btw help against stalkers, although it does not help against
> an evil government...
Since a lot of the regular contributors to sci.crypt are opponents of
evil governments, they may need remailers.
------------------------------
Subject: Re: Best encryption program for laptop?
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Date: Mon, 26 Mar 2001 17:09:51 GMT
Henrick Hellstr�m <[EMAIL PROTECTED]> wrote:
> "David Formosa (aka ? the Platypus)" <[EMAIL PROTECTED]> skrev i
> meddelandet news:[EMAIL PROTECTED]...
> > On Sun, 25 Mar 2001 13:47:21 +0200, Henrick Hellstr�m
> > <[EMAIL PROTECTED]> wrote:
> >
> > >I don't think it is a good idea to keep sensitive files, encrypted or
> not,
> > >on a computer you fear might be stolen. I don't know of any practical
> > >encryption software that ultimately relies on something else than a
> password
> > >(or nothing). So how safe is your password?
> >
> >
> > Arn't there hardware based authentication methods?
>
>
> Would they protect your secrets if the laptop was stolen? Smart card
> solutions would not add much protection, because the smart card might also
> be stolen. Retinal or finger print scanners would possibly work, but AFAIK
> such hardware is not commonly used to protect laptops from theft.
Nope, they're not, but <URL:http://www.fingerprint.se/> (should be the
correct URL, but I'm writing this offline...) has done it and if you ask
nicely you might be able to get hold of something from them.
/Tony
--
########################################################################
I'm sorry, I'm sorry; actually, what I said was:
HOW WOULD YOU LIKE TO SUCK MY BALLS?
- South Park -
------------------------------
From: Imad R. Faiad <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy.anon-server,alt.security.pgp,comp.security.pgp.discuss,comp.security.pgp.resources,comp.security.pgp.tech
Subject: Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged
Date: Mon, 26 Mar 2001 20:12:20 +0200
=====BEGIN PGP SIGNED MESSAGE=====
Greetings,
The Klima & Rosa attack may sound good in theory,
but in practice it is not workable.
Here is what the attacker has to do:-
1) Get your private key.
2) Change certain public key parameters in such a way
so that your secret key may be derived from a signed
message.
3) Wait for you to sign a message.
4) Capture the message in 3).
5) Restore your private key to it's original state.
6) Use the signature in 4) to derive your secret key.
7) Build your secret key.
8) Sign messages on your behalf.
The authors have abstained from furnishing the PGP keys
which they hacked, for some obvious reasons.
The reason, is that, even a PGP novice will not fall
for their scheme. To start with, that hacked key
will look very odd, and will have all sort of attribute
to alarm even the most naive PGP user.
The problem is not a serious one, it may be remedied
by validating the key parameters prior to using
the secret key.
Better still, if the OpenPGP format standard is ever
revised, I propose that all the public key parameters
be stored and protected together with the secret ones.
This is a simple solution, and it works. Whenever
the secret key is used, the trusted public parameters
which were protected should be used in OpenPGP
implementations.
my 2c
Best Regards
Imad R. Faiad
On Sat, 24 Mar 2001 20:10:58 +0100, in alt.security.pgp [EMAIL PROTECTED]
(Joe H. Acker) wrote:
>Frank Gerlach <[EMAIL PROTECTED]> wrote:
>
>
>> > There shall be no reason to store your private key, which is properly
>> > encrypted, in the deposit. We have shown that in the case of the
>> > OpenPGP format the encrypted private key MUST NOT be stored in the
>> > place, where the attacker can access and modify it. From here we
>> > conclude that private keys are NOT PROPERLY ENCRYPTED in the OpenPGP
>> > format and derived applications.
>>
>> They are not secured against TAMPERING.
>
>Look, Tomas Rosa has claimed that he and his colleague can obtain the
>secret key although it is encrypted. If this claim is true, then clearly
>OpenPGP's private key encryption is "broken" or "compromised" or however
>you call the ability of the attacker to obtain the private key without
>knowing the correct key for the decrypting the private key.
>
>> > Moreover it is also realistic. In the networked systems users usually
>>> would
>> > like to store their containers with private keys in some shared place
>> >to be
>> > able to have their keys ready to use on any workstation in the
>> > network.
>>
>> Yeah, anytime. Too difficult to store some kilobytes on a floppy.
>> >Too heavy, to
>> bulky, those 3.5 inch floppies.
>
>Most PGP users do not store private keys on portable disks. The
>encryption of the private key was supposed to be secure. If it was a
>necessary security requirement to put the private key in a secure place,
>then there was no need to encrypt it. But it is encrypted.
>
>> > Note
>> > that this is the default option in the PGP. In such scenario it is
>> > clear that the user has very little or no control on the encrypted
>> > private key. Anybody who can modify this information when it is going
>> > through the network can carry out the attack. Of course your network
>> > administrator is the first person who can be the attacker.
>>
>> Your network adimistrator will most probably replace PGP itself with a
>> trojan-horsed version, if he wants your key.
>
>He can't because PGP is on your PC. The attack scenario described does
>not require direct access to your PC.
>
>> > We think that users shall not have to care
>> > about such thinks (when their private keys are properly encrypted, of
>> > course). Btw: wasn't it the main idea behind the whole PGP to give its
>> > users
>> > "Pretty Good Privacy" in such environments?
>>
>> >
>> > So, from the practical point of view, the attack is pretty realistic.
>>
>> Maybe *you* are storing your secret key on a shared drive.
>> Security-concious people store it on a floppy disk, which the physically
>> control.
>
>I doubt that you are able to reliably destroy the key disk or even keep
>it safe. That's as unrealistic as writing all your passphrases on a
>piece of paper you keep in your wallet. This does only work as long as
>someone isn't *seriously* interested in obtaining them.
>
>> >
>> >
>> > More information will be available in the crypto-paper, which will be
>> > released soon at www.i.cz.
>>
>> Next time, please clearly state the THREAT MODEL. Telling people that
>> write access to the secret key is necessary would have been easily
>> possible.
>
>I had no problems understanding this. Perhaps you should read more
>carfully next time.
>
>Regards,
>
>Erich
=====BEGIN PGP SIGNATURE=====
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: KeyID: 0xBCC31718833F1BAD
Comment: Fingerprint: 75CD 96A7 8ABB F87E 9390 5FD7 2A88 4F45
iQEVAwUBOr9p6rzDFxiDPxutAQGLsgf/VeEEHBBGHQO5uyPT7+qmssJWAUvWRVNf
pZPXxETdmhGGGu7wHf0bdwboutlbZyUXfxsfq7+jyOk1nu1AvsRAi9WlOIJKhM2l
9E+ujM1DQr0gq2JrjXxXlL5K5fSB476bqB29o7+pAA8GlqXPqeeY6omevYPdC2ss
Hzc/Azq/KKGrzb5l0we0d5fKItN/Tcjw3obRWnEOrRniIIhX7m5stBJDX8DuLjsD
5t/tcXOJgytpcpqF2d7+1XfONZp83rFlyEgVjmJf7WSysr031JYeey252GjhdiNw
wbJTARYjf/3He7R8nE8P/iD4lDSyspEZ5J3vvpZLapgfdds7QF0X0w==
=knuL
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Deny Anon Remailers access to this newsgroup
Date: 26 Mar 2001 17:29:05 GMT
In <[EMAIL PROTECTED]>
[EMAIL PROTECTED] (John Joseph Trammell) writes:
]On Mon, 26 Mar 2001 13:28:23 +0200, Frank Gerlach wrote:
]> I cannot find a good reason why anon remailers should be allowed to
]> post to sci.crypt. If someone needs pseudo-anonymity, just change your
]> name in the news client.
]No. If someone is bothered by a harrasser on a newsgroup (e.g.
]someone flooding the NG with junk), they should put that person
]in their killfile.
Since they could just as easily use your name next time they flood the
newsgroup, do you really think this is good advice?
------------------------------
From: "Mark G Wolf" <[EMAIL PROTECTED]>
Subject: Re: TEA, Blowfish with non-random data?
Date: Mon, 26 Mar 2001 11:39:12 -0600
"Dan Hargrove" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I have a layman's question about the security of certain implementations
of
> cryptography which are offered as freeware.
>
> The problem is that there is no information given for either one regarding
> how pseudo-random data is produced. This would lead one to believe that
> the implementation is less than secure. The quality of the pseudo-random
> data produced by the software is less than assured, in my view.
>
> How secure are TEA and Blowfish when "imperfect" pseudo-random data is
used
> to produce the encryption?
One often wonders. I'm a newbie myself, but to test how random something is
you can run various statistical analyses on the output file, if it's
"really" random it will have a certain distribution for a particular
analysis.
Anyone want to add or correct please do.
------------------------------
From: [EMAIL PROTECTED] (John Joseph Trammell)
Subject: Re: Deny Anon Remailers access to this newsgroup
Date: Mon, 26 Mar 2001 17:46:13 GMT
On 26 Mar 2001 17:29:05 GMT, Bill Unruh <[EMAIL PROTECTED]> wrote:
> In [EMAIL PROTECTED] (John Joseph Trammell) writes:
>
> ]On Mon, 26 Mar 2001 13:28:23 +0200, Frank Gerlach wrote:
> ]> I cannot find a good reason why anon remailers should be allowed to
> ]> post to sci.crypt. If someone needs pseudo-anonymity, just change your
> ]> name in the news client.
>
> ]No. If someone is bothered by a harrasser on a newsgroup (e.g.
> ]someone flooding the NG with junk), they should put that person
> ]in their killfile.
>
> Since they could just as easily use your name next time they flood the
> newsgroup, do you really think this is good advice?
A few thoughts:
[1] Anonymous posting and name forgery are different issues.
I don't know what I'd do in reponse to your scenario.
[2] If someone were to start posting under my name (for what
reason I cannot guess), I'd start PGP-signing posts to
establish identity.
[3] You pays your money, you takes your choice. If the only
alternative is banning all anon posting, I still think it's
the right response.
[4] Killfiles in modern newsreaders are more flexible than you
appear to think. I have many filters that score on other
than just name. If I wanted to kill posts from
[EMAIL PROTECTED], I could do it without killing
other unruh posts.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
