Cryptography-Digest Digest #22, Volume #14 Tue, 27 Mar 01 12:13:01 EST
Contents:
Re: Large numbers in C (512 bits or more) ("Dobs")
Newbie wants to shuffle... (Peter Engehausen)
Re: Newbie wants to shuffle... (Bob Harris)
Re: Newbie wants to shuffle... (Mok-Kong Shen)
Re: Malicious Javascript in Brent Kohler post (Mok-Kong Shen)
Re: The creation of the DES s-boxes - thanks (DJohn37050)
Re: Newbie wants to shuffle... (Thank you) (Peter Engehausen)
Re: Best encryption program for laptop? (Lassi =?iso-8859-1?Q?Hippel=E4inen?=)
Re: Pike stream cipher ("Tom St Denis")
Re: Valid condition for multiplicative generator? ("Tom St Denis")
Re: Idea - (LONG) (Erwann ABALEA)
Re: compression ratio as a predicter of cipher strength (Curtis Williams)
Re: compression ratio as a predicter of cipher strength (Curtis Williams)
Re: compression ratio as a predicter of cipher strength ("Tom St Denis")
Re: compression ratio as a predicter of cipher strength (Curtis Williams)
Re: compression ratio as a predicter of cipher strength ("Tom St Denis")
Re: The creation of the DES s-boxes - thanks (Quisquater)
Re: Valid condition for multiplicative generator? ("Yaniv Sapir")
Re: Idea - (LONG) (Bertrand)
----------------------------------------------------------------------------
From: "Dobs" <[EMAIL PROTECTED]>
Subject: Re: Large numbers in C (512 bits or more)
Date: Tue, 27 Mar 2001 13:21:28 +0200
Thank U all for help, however can U tell me how to attache BIGNUM library to
my program, how to make them work in my program. Is it enough to
#include"bn.h" or I need more? I have never been useing additional libraries
and here I have so many files so I do not know which to use ??
Thanks
> There are functions to work with the big numbers, with names like:
> BN_bin2bn(...)
> BN_mod_mul(...)
> etc
> Many of these can be found on http://www.openssl.org/docs/crypto/bn.html#
> where the BIGNUM library is documented.
> So to build a basic RSA encryption routine looks like this:
> BIGNUM *N;
> BIGNUM *e;
> BIGNUM *M;
> BIGNUM *X;
> BN_CTX *ctx;
> BN_CTX_init(ctx);
> N= BN_new();
> e= BN_new();
> M = BN_new();
> X = BN_new();
> BN_bin2bn(N, <insert the representation here>);
> BN_bin2bn(e, <insert the represantation here>);
> BN_bin2bn(M, <insert the representation if the message here>);
> BN_mod_exp(X, M, e, N);
> BN_bn2bin(X, <the output variable>);
>
> Of course I've skipped error checking and various other things, but that's
> the basics.
>
> Joe
>
> "Dobs" <[EMAIL PROTECTED]> wrote in message news:99nqu8$c5r$[EMAIL PROTECTED]...
> > I was advised that if I want to use big numbers in C I should use
OPENSSL
> > BIG NUMBERS library. How should I use this library in my program so I
> could
> > just make the declaration of my variable q( wchich I want to be large)
> like
> > this:
> > BIGNUM q;
> > Can somebody who has ever used big numbers from OPENSSL could tel me
what
> > should I do. I found such a structre, but what more should I copy to my
> > program?????????????????
> >
> > typedef struct bignum_st
> > {
> > BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
> > int top; /* Index of last used d +1. */
> > /* The next are internal book keeping for bn_expand. */
> > int dmax; /* Size of the d array. */
> > int neg; /* one if the number is negative */
> > int flags;
> > } BIGNUM;
> >
> >
> >
> >
>
>
------------------------------
From: Peter Engehausen <[EMAIL PROTECTED]>
Subject: Newbie wants to shuffle...
Date: Tue, 27 Mar 2001 11:34:25 -0100
Reply-To: [EMAIL PROTECTED]
This may be a bit off-topic but it's related to transposition
encryption, I think.
I'm looking for function or method which creates a permutation of a
given set S.
Let S be a pack 52 playing cards.
This was my first idea:
To get a permutation of S I would say S is isomorph to ( Z / 52 Z )^* .
Since p=53 is prim and r=2 is a generating element, that means S' = {
2^k | 0 <= k <= 52 } is a permutation of S. Every generating element r
(we have \phi(\phi(53)=24 of them) gives us a good permutation.
"Good" because I only swap each card once.
24 is quite lousy compared with 52! > 8*10^67 possible permutations! So
either there is a better way to create permutations or I shouldn't be so
restrictive.
Let's say my function f: S --> S is allowed to swap some cards more
often�. Any idea how a shuffling device can be constructed?
Thanks,
Peter
------------------------------
From: Bob Harris <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Newbie wants to shuffle...
Date: Tue, 27 Mar 2001 07:46:12 -0500
Peter Engehausen recently posted, in sci.crypt:
> This may be a bit off-topic but it's related to transposition
> encryption, I think.
I've cross-posted this reply to sci-crypt.random-numbers, where there might
be more interest.
> I'm looking for function or method which creates a permutation of a
> given set S.
>
> Let S be a pack 52 playing cards.
>
> This was my first idea:
> To get a permutation of S I would say S is isomorph to ( Z / 52 Z )^* .
> Since p=53 is prim and r=2 is a generating element, that means S' = {
> 2^k | 0 <= k <= 52 } is a permutation of S. Every generating element r
> (we have \phi(\phi(53)=24 of them) gives us a good permutation.
> "Good" because I only swap each card once.
>
> 24 is quite lousy compared with 52! > 8*10^67 possible permutations! So
> either there is a better way to create permutations or I shouldn't be so
> restrictive.
>
> Let's say my function f: S --> S is allowed to swap some cards more
> often�. Any idea how a shuffling device can be constructed?
One version of the classic shuffling algorithm is as follows:
. array deck of playing cards, indexed by 1..52
. int i, r
.
. for i=1 to 52
. {
. deck[i] = the ith playing card
. }
.
. for i=52 to 2
. {
. r = uniform random number from 1..i
. swap deck[r] with deck[i]
. }
If S is too large for that method to be practical (i.e. you don't have room
to store all the elements of S), there have been some other ideas discussed
here (sci-crypt.random-numbers). See the thread "Psuedo-random permutation
of integers < N ???" started Mar/7/01, and another titled "Random Invertible
function of 0..N-1" started Aug/16/00.
Hope that helps.
Bob
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Newbie wants to shuffle...
Date: Tue, 27 Mar 2001 15:08:18 +0200
Peter Engehausen wrote:
>
> I'm looking for function or method which creates a permutation of a
> given set S.
There is an algorithm for pseudo-random permutation due to
Dustenfeld (and others) in D. Knuth, The art of computer programming,
vol. 2.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Malicious Javascript in Brent Kohler post
Date: Tue, 27 Mar 2001 15:12:48 +0200
"Tony L. Svanstrom" wrote:
>
> Rick <[EMAIL PROTECTED]> wrote:
>
> > evidence wrote in message <[EMAIL PROTECTED]>...
> > [snip javascript]
> >
> > DO NOT OPEN THE POST FROM BRENT KOHLER. (yes, I know I am shouting)
> >
> > If you are using a newsreader that runs javascript,
>
> Don't complain about trouble when you're asking for it...
>
> > it may lock up your machine. This has been all over many newsgroups.
Javascript can be deactivated in newsreaders. However, I
have a dumb question: If I get a mail with an attached
html-file (shown as an icon), how can I check that it is safe
to open it? I copied it with the right mouse key to a file,
but it appears that there are not only stuffs form the mailer
that need be removed but also extra sequences like '=0A=' etc.
which need to be deleted/corrected. In other words, without
the proper correction the material copied doesn't even form a
valid Javascript. Could someone please help? Thanks in advance.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 27 Mar 2001 13:28:52 GMT
Subject: Re: The creation of the DES s-boxes - thanks
You should get the original design spec discussion on DES and on its precursor,
Lucipher. Also, see Don Coppersmith's fairly recent paper on all the security
design criteria of DES, which included anti-linear cryptanalysis. This is in
an IBM Journal of R&D.
My understanding is that they used a lot of compute power (for the time) to
generate different possibilities and filter them according to the criteria.
Don Johnson
------------------------------
From: Peter Engehausen <[EMAIL PROTECTED]>
Subject: Re: Newbie wants to shuffle... (Thank you)
Date: Tue, 27 Mar 2001 12:41:38 -0100
Reply-To: [EMAIL PROTECTED]
Thanks! I'll look it up and check out sci.crypt...-numbers too...
Peter
------------------------------
From: Lassi =?iso-8859-1?Q?Hippel=E4inen?= <[EMAIL PROTECTED]>
Subject: Re: Best encryption program for laptop?
Date: Tue, 27 Mar 2001 13:50:29 GMT
"Henrick Hellstr�m" wrote:
>
> "David Formosa (aka ? the Platypus)" <[EMAIL PROTECTED]> skrev i
> meddelandet news:[EMAIL PROTECTED]...
> > On Mon, 26 Mar 2001 09:56:14 +0200, Henrick Hellstr�m
> > <[EMAIL PROTECTED]> wrote:
> > >"David Formosa (aka ? the Platypus)" <[EMAIL PROTECTED]> skrev i
> > >meddelandet news:[EMAIL PROTECTED]...
> >
> > [...]
> >
> > >> Arn't there hardware based authentication methods?
> > >
> > >
> > >Would they protect your secrets if the laptop was stolen?
> >
> > I'm thinking of dongle that fits onto you keychain and plugs into a
> > Firewire or PCMA card based thing.
>
> I don't know how you suppose that would work. I searched for "+dongle
> +keychain +firewire" but all I could find was methods for network
> authentication. Such measures will not make your laptop burglar proof. On
> the contrary, I suspect that your network security might be seriously
> compromised if the laptop was stolen while the PCMA card was still mounted.
>
> --
> Henrick Hellstr�m [EMAIL PROTECTED]
> StreamSec HB http://www.streamsec.com
I think there is a plug that connects to the USB socket. Can't remember
where I've seen it...
-- Lassi
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Pike stream cipher
Date: Tue, 27 Mar 2001 14:08:33 GMT
"Paul Crowley" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Gregory G Rose) writes:
> > Sigh, Tom. You are a very effective troll.
>
> A troll is someone who posts disingenuously to get a rise. A kook is
> someone who sincerely believes and frequently posts utter nonsense and
> gets a rise anyway. Tom sometimes posts wrong stuff, but he's
> neither.
>
> Mind you, "Blow me goat boy" does have me reaching for the "killfile
> author" keysequence...
Wow this is happening all over again. I post some real posts nobody replies
(DH generator, decorrelated cipher TC6, etc...) but I post "blow me goat
boy" and I get a wealth of warm replies.
Is this group just wildly incompotent or am I just in every killfile for
trying to be intelligent?
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Valid condition for multiplicative generator?
Date: Tue, 27 Mar 2001 14:09:51 GMT
"Yaniv Sapir" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Just a newbie question: if, as claimed, "We can't distinguish a
> physically-random generator from a pseudorandom generator by statistical
> tests on the output stream", why bother making physical devices?
Because in the absense of any entropy the intel design can fill the gap.
Imagine you are sitting at an X-Term and it's just a screen with a keyboard.
What do you do when you have to login or something and you need some random
bits...?
Tom
------------------------------
From: Erwann ABALEA <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Tue, 27 Mar 2001 16:11:00 +0200
Do you also think that someone needs to prove you that the Earth is round
as an orange before you might consider that's true?
Read some maths, then read the work of other cryptanalysts, and maybe
you'll be able to talk about "perfect cipher" and other bullshit of your
own...
Be humble, your time might come. Right now, you're deserving yourself
because you're not acting as a professional. You're acting as a kid.
On Mon, 26 Mar 2001, Bertrand wrote:
> No more than speech again.
> Crack it! that's what I'm waiting for to be convinced.
>
--
Erwann ABALEA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
------------------------------
From: Curtis Williams <[EMAIL PROTECTED]>
Subject: Re: compression ratio as a predicter of cipher strength
Date: Tue, 27 Mar 2001 15:41:06 GMT
On Sun, 25 Mar 2001 12:13:48 -0800, "John A. Malley"
<[EMAIL PROTECTED]> wrote:
>Encrypt two equal length messages with the same one-time pad and send
>them to the same recipient. Both resulting ciphertexts are
>incompressible. Sounds like this system is very strong - but - the fact
>that we used the same OTP key twice seriously compromised both messages
>and made it much easier for third parties to crack our encryption.
I've always taken the "twice used" rule about OTP's as a fact, without
understaning exactly why. Can you explain in more detail?
Thanks. And yes, your explanation did help.
Regards,
Curt
------------------------------
From: Curtis Williams <[EMAIL PROTECTED]>
Subject: Re: compression ratio as a predicter of cipher strength
Date: Tue, 27 Mar 2001 15:46:39 GMT
Thanks to everyone who responded. I'll steer clear of this snakeoil
:-)
On Sun, 25 Mar 2001 18:44:33 GMT, "Curtis Williams"
<[EMAIL PROTECTED]> wrote:
>Hi,
>
> An encryption product claims that a ciphertext file should be compressed
>and the compression ration is a predictor of cipher strength (i.e. encrypt a
>file then zip it. if the compression ratio is 0, the encryption is strong).
>Is this valid or snakeoil?
>
>Thanks
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: compression ratio as a predicter of cipher strength
Date: Tue, 27 Mar 2001 15:47:28 GMT
"Curtis Williams" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Sun, 25 Mar 2001 12:13:48 -0800, "John A. Malley"
> <[EMAIL PROTECTED]> wrote:
> >Encrypt two equal length messages with the same one-time pad and send
> >them to the same recipient. Both resulting ciphertexts are
> >incompressible. Sounds like this system is very strong - but - the fact
> >that we used the same OTP key twice seriously compromised both messages
> >and made it much easier for third parties to crack our encryption.
>
> I've always taken the "twice used" rule about OTP's as a fact, without
> understaning exactly why. Can you explain in more detail?
Read a book on the subject (i.e Schneier's Applied Crypto will do fine).
You can't use a OTP pad twice because the entire security is dependent on
the fact that the pad is unique and random. If you use it twice it's easy
to expose with a chosen plaintext (or known) attack.
C = P XOR K
if I know P and C I know K now... if you use K again I can easily find the
message... English messages have alot of redundancy so given multiple texts
with the same key I can guess what the K must have been and compare it to
all my messages I have found. If the key makes "sense" I can isolate
it...etc..
Tom
http://tomstdenis.home.dhs.org
------------------------------
From: Curtis Williams <[EMAIL PROTECTED]>
Subject: Re: compression ratio as a predicter of cipher strength
Date: Tue, 27 Mar 2001 16:09:11 GMT
On Tue, 27 Mar 2001 15:47:28 GMT, "Tom St Denis"
<[EMAIL PROTECTED]> wrote:
Thanks. I will read the book. It has been on my "to read" list for
some time.
If I have two example of ciphertext (C1 and C2), but no plain text, is
it ever possible to use C1 and C2 to reverse engineer the key?
?? K = C1 XOR C2 ??
I guess I could write a program to test this.....
Thanks again.
>
>You can't use a OTP pad twice because the entire security is dependent on
>the fact that the pad is unique and random. If you use it twice it's easy
>to expose with a chosen plaintext (or known) attack.
>
>C = P XOR K
>
>if I know P and C I know K now... if you use K again I can easily find the
>message... English messages have alot of redundancy so given multiple texts
>with the same key I can guess what the K must have been and compare it to
>all my messages I have found. If the key makes "sense" I can isolate
>it...etc..
>
>Tom
>http://tomstdenis.home.dhs.org
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: compression ratio as a predicter of cipher strength
Date: Tue, 27 Mar 2001 16:18:26 GMT
"Curtis Williams" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Tue, 27 Mar 2001 15:47:28 GMT, "Tom St Denis"
> <[EMAIL PROTECTED]> wrote:
>
>
> Thanks. I will read the book. It has been on my "to read" list for
> some time.
>
> If I have two example of ciphertext (C1 and C2), but no plain text, is
> it ever possible to use C1 and C2 to reverse engineer the key?
>
> ?? K = C1 XOR C2 ??
>
> I guess I could write a program to test this.....
Not that simple two ciphertexts would be
C = P xor K
C' = P' xor K
C xor C' = P xor P'
That doesn't give you the key. You really just have to attack the pad one
letter or symbol at a time. You guess what the key would be for a short
sequence. If after decrypting all the ciphertexts (you need several
ciphertexts for this to be effective) the plaintext resembles a language
then you can put those keys on the "probable list". Once you attack several
short sequences you can recurse. Treat each short sequence as a symbol then
see if you can piece them together.
For example if you had
C = ABCDEF GHIJK LMNOP
C' = abcdef ghjik lmnop
You try to find a key that works for both <ABCDEF,abcdef>, <HGIJK,ghijk>,
etc... Once you build a list of probable keys you try to find keys that
would allow you to clump <ABCDEF + GHIJK> together and see if it works (i.e
grammar).
If the input is ASCII you can be assured the key is valid iff the plaintext
is in the <127 range (i.e no key has the 8th bit set). Also if it's english
chances are some exotic symbols are not words etc..
It's slow and really only works if you have a whole bunch of ciphertexts.
If you only have one the attack is impossible, if you have 100 it's easier
and faster...
Tom
------------------------------
From: Quisquater <[EMAIL PROTECTED]>
Subject: Re: The creation of the DES s-boxes - thanks
Date: Tue, 27 Mar 2001 18:56:33 +0200
DJohn37050 wrote:
>
> You should get the original design spec discussion on DES and on its precursor,
> Lucipher. Also, see Don Coppersmith's fairly recent paper on all the security
> design criteria of DES, which included anti-linear cryptanalysis. This is in
> an IBM Journal of R&D.
See
http://www.research.ibm.com/journal/rd/441/coppersmith.pdf
------------------------------
From: "Yaniv Sapir" <[EMAIL PROTECTED]>
Subject: Re: Valid condition for multiplicative generator?
Date: Tue, 27 Mar 2001 18:44:02 +0200
OK.
Thx.
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:Pa1w6.143834$[EMAIL PROTECTED]...
>
> "Yaniv Sapir" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Just a newbie question: if, as claimed, "We can't distinguish a
> > physically-random generator from a pseudorandom generator by statistical
> > tests on the output stream", why bother making physical devices?
>
> Because in the absense of any entropy the intel design can fill the gap.
>
> Imagine you are sitting at an X-Term and it's just a screen with a
keyboard.
> What do you do when you have to login or something and you need some
random
> bits...?
>
> Tom
>
>
------------------------------
From: Bertrand <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Tue, 27 Mar 2001 12:04:56 -0400
Who has spoken about "perfect cipher"????????????????
I talked about ideal substitution cipher.
You seems to ignore your ignorance.
Erwann ABALEA wrote:
>
> Do you also think that someone needs to prove you that the Earth is round
> as an orange before you might consider that's true?
>
> Read some maths, then read the work of other cryptanalysts, and maybe
> you'll be able to talk about "perfect cipher" and other bullshit of your
> own...
>
> Be humble, your time might come. Right now, you're deserving yourself
> because you're not acting as a professional. You're acting as a kid.
>
> On Mon, 26 Mar 2001, Bertrand wrote:
>
> > No more than speech again.
> > Crack it! that's what I'm waiting for to be convinced.
> >
>
> --
> Erwann ABALEA
> [EMAIL PROTECTED]
> - RSA PGP Key ID: 0x2D0EABD5 -
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
