Cryptography-Digest Digest #25, Volume #14 Tue, 27 Mar 01 20:13:00 EST
Contents:
Re: Crypto" by Steven Levy E-Book Posting ("Scheidsrechter")
Re: The creation of the DES s-boxes - thanks (Frank Gerlach)
OT:on what newsserver can i find alt.binaries - Re: Crypto" by Steven Levy E-Book
Posting ("Carpe Diem")
Re: OT:on what newsserver can i find alt.binaries - Re: Crypto" by Steven Levy
E-Book Posting ("Carpe Diem")
Re: Crypto" by Steven Levy E-Book Posting (Mok-Kong Shen)
Re: Idea - (LONG) (Bertrand)
Re: Pike stream cipher ("Kristopher Johnson")
Re: Perl public key encryption ("Chris Eason")
Re: Idea - (LONG) ("Douglas A. Gwyn")
Re: Data dependent arcfour via sbox feedback ("John L. Allen")
Re: Crypto" by Steven Levy E-Book Posting (Paul Rubin)
Re: Idea - (LONG) (Bertrand)
Re: Newbie wants to shuffle... (Thank you) (John Savard)
Re: Crypto" by Steven Levy E-Book Posting (John Savard)
Re: Data dependent arcfour via sbox feedback (John Savard)
Re: Idea - (LONG) (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "Scheidsrechter" <[EMAIL PROTECTED]>
Subject: Re: Crypto" by Steven Levy E-Book Posting
Date: Tue, 27 Mar 2001 21:09:25 GMT
It's in HTML format so Netscape or Internet Explorer will do.
--
Scheidsrechter
Despam for correct email
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Scheidsrechter wrote:
> >
> > If anyone is interested, today a posting was made of this book on
> > alt.binaries.e-book and alt.binaries.e-books.
>
> E-books have to be loaded into corresponding hardware,
> isn't it?
>
> M. K. Shen
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: The creation of the DES s-boxes - thanks
Date: Tue, 27 Mar 2001 22:56:46 +0200
DJohn37050 wrote:
> That paper is interesting but there is another later one by Don Coppersmith
> that I was referring to that (according to Don) gives ALL the security design
> criteria of DES.
> Don Johnson
Sure, the NSA is not a black chamber, not any more. Next month, all their
mathematicians will post their papers on the internet. And Santa will come to
you, too.
------------------------------
From: "Carpe Diem" <[EMAIL PROTECTED]>
Subject: OT:on what newsserver can i find alt.binaries - Re: Crypto" by Steven Levy
E-Book Posting
Date: Tue, 27 Mar 2001 15:46:31 -0600
Where a newsserver which supports the alt.binaries newsgroups? Mine has none
of them. (By the way I already used Google, but found nothing helpful)
"Scheidsrechter" <[EMAIL PROTECTED]> wrote in message
news:u16w6.44312$[EMAIL PROTECTED]...
> If anyone is interested, today a posting was made of this book on
> alt.binaries.e-book and alt.binaries.e-books.
>
> Newsgroups: alt.binaries.e-book,alt.binaries.e-books
> Subject: "Crypto" by Steven Levy - 1 attachments
> Date: Tue, 27 Mar 2001 04:46:52 -0000
> Xref: alt.binaries.e-book:92853 alt.binaries.e-books:52177
>
>
>
>
>
>
------------------------------
From: "Carpe Diem" <[EMAIL PROTECTED]>
Subject: Re: OT:on what newsserver can i find alt.binaries - Re: Crypto" by Steven
Levy E-Book Posting
Date: Tue, 27 Mar 2001 15:47:23 -0600
> Where
_can I find_
> a newsserver which supports the alt.binaries newsgroups? Mine has none
> of them. (By the way I already used Google, but found nothing helpful)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Crypto" by Steven Levy E-Book Posting
Date: Wed, 28 Mar 2001 00:00:24 +0200
Scheidsrechter wrote:
>
> If anyone is interested, today a posting was made of this book on
> alt.binaries.e-book and alt.binaries.e-books.
>
Unfortunately my server doesn't yet have these groups.
(It has 67 groups in alt.binaries and alt.books.electronic.)
Could you say something about the book, if you have read it?
M. K. Shen
------------------------------
From: Bertrand <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Tue, 27 Mar 2001 17:07:46 -0400
Sincerely, I do not like to bother others.
I suggested an idea, just an idea. I did not publish all the complete
algo.
I'm not a mathematician.
I'm not a cryptographer.
I'm just an amateur.
What I proposed : three ideas.
1. How to send easily via network any text ( encrypted or not) using a
simple function to mask the text.
If I send you A = M + or - k
M is still changing
K is ( I suppose it fixed even if I have an idea to change it every
session)
The eavedropper has only A. Mathematically speaking you CAN'T find k.
y=x+k => the attacker knows x, he can't guess nor k nor y. He may try to
use difference between 2 or more communications. But If M is random (its
structure is not random, I know that), the attacker is helpless.
2. I proposed a simple cipher ( you have to skip the step cesar) wich
allow me to assign to each character a billion of values. How could the
attacker have access to wich categories I used and find any information
to guess it.
3. I proposed the idea of crypto using GPS or any other device as
subkey.
That's all.
Now I have decided to not post. Just reading. And nothing more than
reading.
Thank you.
I apologize for disturbing other people.
Bye bye.
Mok-Kong Shen wrote:
>
> Bertrand wrote:
> >
> > Il faudrait d'abord lire ce que j'ai propose.
> > J'ai signe mes posts sous trois noms differents "br", "amateur" et
> > "bertrand".
> > Lis d'abord ce que j'y exprime comme idees avant de repondre
> > brutalement.
>
> Internet discussion groups and mailing lists do not
> always talk with the same atmosphere as e.g. in academic
> circles. If you have experience elsewhere on the internet,
> you would realize that this group is on the average rather
> gentle. But, as is everywhere in life, other people's
> behaviour may be dependent to some extent on your own. As
> someone has pointed out, you keep on challenging others to
> crack your scheme with the obvious intention to claim that,
> if you don't get results from others, then your cipher
> must be absolutely secure. In an earlier post I have
> tried to explain why your logic of deciding the security
> of your scheme cannot hold. Others have subsequently also
> tried the same, though with different words and perhaps
> in tongues a bit less soft for you. But I suppose this is
> due to your persistent keeping to your questionable
> attitude without providing convincing concrete arguments
> and the repeated posting of virtually the same stuff. I
> guess that the sheer number of posts could have displeased
> some. As I have explained in several other follow-ups,
> your scheme is a very special case of what I discussed in
> an article posted on 10th Oct 2000. So your idea is
> certainly not new. Even if your scheme should turn out to
> be very very excellent, then it would have been I,
> not you, that deserve the credit (of having invented
> a presumably 'uncrackable' cipher). Thus I don't understand
> at all why you continue to challenge others to analyse
> the cipher, thus with time so to say getting onto the
> nerves of others. Let me recall that a disadvantage of bit
> homophones is the substantial expansion of the volume of
> the ciphertext relative to plaintext. If this expansion
> ratio is made fairly large, then the encryption could be
> rendered sufficiently difficult to attack. However, the
> cost of the users also correspondingly increases with
> that ratio. In view of all the above, I suggest that you
> would, as already recommended by others, invest your time
> to read some good literatures in crypto instead of
> continuing what you have done up till now in this thread.
> If you are really interested in encryption with bit
> homophones, you could later, i.e. after you have enriched
> your knowledge in crypto, make an in-depth investigation
> of its strength and post your well-founded results to the
> group or publish them in a famous journal. I am sure that
> all of us would appreciate to read your work.
>
> Cheers,
>
> M. K. Shen
> -----------------------
> http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Kristopher Johnson" <[EMAIL PROTECTED]>
Subject: Re: Pike stream cipher
Date: Tue, 27 Mar 2001 22:02:07 GMT
No, we're not incompotent [sic]. People ignore you because you're often
abusive and insulting. Any intelligent comments you make are often ignored
because of the associated negativity. You may think that's our problem, not
yours, but I'd disagree. If you want to be taken seriously, you have to act
seriously.
This forum is intended for communication of ideas. When you post insults,
it detracts from that.
-- Kris
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:B91w6.143831$[EMAIL PROTECTED]...
>
> "Paul Crowley" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > [EMAIL PROTECTED] (Gregory G Rose) writes:
> > > Sigh, Tom. You are a very effective troll.
> >
> > A troll is someone who posts disingenuously to get a rise. A kook is
> > someone who sincerely believes and frequently posts utter nonsense and
> > gets a rise anyway. Tom sometimes posts wrong stuff, but he's
> > neither.
> >
> > Mind you, "Blow me goat boy" does have me reaching for the "killfile
> > author" keysequence...
>
> Wow this is happening all over again. I post some real posts nobody
replies
> (DH generator, decorrelated cipher TC6, etc...) but I post "blow me goat
> boy" and I get a wealth of warm replies.
>
> Is this group just wildly incompotent or am I just in every killfile for
> trying to be intelligent?
>
> Tom
>
>
------------------------------
From: "Chris Eason" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.perl.misc
Subject: Re: Perl public key encryption
Date: Tue, 27 Mar 2001 23:29:17 +0100
"those who know me have no need of my name" <[EMAIL PROTECTED]>
wrote in message news:[EMAIL PROTECTED]...
> [note: this is really a security rather than a cryptography issue]
>
Noted. Sorry if this went to the wrong group.
> <wyBv6.50241$[EMAIL PROTECTED]> divulged:
>
> >I suppose the encrypted data from the remote browser will be decrypted
> >by Apache HTTP server and passed on to the Perl program. The Perl
> >program will then encrypt it again before writing it to a file on the
> >webserver.
>
> ... provided the perl program hasn't been tampered with.
>
True. Any suggestions as to how this could be prevented?
> anyway, you might want to see if they have pgp or gpg installed, then you
> can use Crypt::PGP2, Crypt::PGP5, or Crypt::GPG. be careful not use
> write a temporary cleartext file.
>
Sadly, as I mentioned in my first post, my first choice ISP has stated that
they will not allow the use of PGP on their webservers 'as it requires root
access'. This sounds like a load of nonsense to me, so I'm looking at other
ISP's who do provide PGP.
> >But, incidentally, getting the data to my PC is another reason
> >why I want the data to be encrypted, since my ISP doesn't support secure
> >FTP.
>
> umm. use https: to transfer the files.
>
Yes, but isn't this rather tedious if there are lots of files to download?
I'm not saying that it's so tedious you wouldn't bother, but it could get to
be a real pain. Encrypting the files first and using FTP would be just as
good. I will look at secure Telnet programs too, since it might be more
secure to FTP out from the UNIX box than into it, presuming you log in
securely to do this via a secure Telnet session.
Thanks for the advice. Much appreciated.
Chris
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Tue, 27 Mar 2001 22:34:18 GMT
Bertrand wrote:
> Try to read what I had proposed before insulting.
> Read it!!!!
> And then we can talk.
You don't need to talk, you need to take to heart the good
advice offered to you by people like Erwann.
------------------------------
From: "John L. Allen" <[EMAIL PROTECTED]>
Subject: Re: Data dependent arcfour via sbox feedback
Date: Tue, 27 Mar 2001 21:43:51 GMT
Ken Savage wrote:
> John Savard wrote:
> >
> > On 23 Mar 2001 14:53:51 -0800, Ken Savage <[EMAIL PROTECTED]> wrote,
> > in part:
> >
> > >Any thoughts? Replies via newsgroup or email -- I read both :)
> >
> > Making something like RC4 dependent on the plaintext will collide with
> > Terry Ritter's Dynamic Substitution patent.
>
> I had a look at: http://www.io.com/~ritter/DYNSUB.HTM
>
> RC4 shuffles the sbox itself; the modification I've done does not
> make the mixing any different. Thus, if rc4 doesn't violate the
> patent, I don't see how this mod does.
I have been playing with this rc4 variation that *does* shuffle
the sbox differently, based on the encrypted data:
c = 0;
for( i = 0; i < len; i++ ) {
x = (x + 1) & 255;
y = (y + sbox[x] + c) & 255;
swap( sbox[x], sbox[y] );
data[i] ^= sbox[(sbox[x] + sbox[y]) & 255];
c = data[i];
}
Decryption simply reverses the last two lines in the loop. Any
glaring flaws?
John.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Crypto" by Steven Levy E-Book Posting
Date: 27 Mar 2001 14:50:35 -0800
Mok-Kong Shen <[EMAIL PROTECTED]> writes:
> Unfortunately my server doesn't yet have these groups.
> (It has 67 groups in alt.binaries and alt.books.electronic.)
>
> Could you say something about the book, if you have read it?
I have it (paper edition). I haven't read the whole thing yet but I've
flipped around. It looks pretty good.
------------------------------
From: Bertrand <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Tue, 27 Mar 2001 19:35:02 -0400
????
"Douglas A. Gwyn" wrote:
>
> Bertrand wrote:
> > Try to read what I had proposed before insulting.
> > Read it!!!!
> > And then we can talk.
>
> You don't need to talk, you need to take to heart the good
> advice offered to you by people like Erwann.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Newbie wants to shuffle... (Thank you)
Date: Wed, 28 Mar 2001 00:56:40 GMT
On Tue, 27 Mar 2001 12:41:38 -0100, Peter Engehausen
<[EMAIL PROTECTED]> wrote, in part:
>Thanks! I'll look it up and check out sci.crypt...-numbers too...
The algorithm given by Henrick Hellstrom is the correct one to use; it
can be modified to use a source of pseudorandom numbers each time
instead of using one large random integer, and in that form is the
common algorithm for random shuffles.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Crypto" by Steven Levy E-Book Posting
Date: Wed, 28 Mar 2001 00:51:31 GMT
On Tue, 27 Mar 2001 22:51:25 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>E-books have to be loaded into corresponding hardware,
>isn't it?
Not when they're pirated. It's only legitimate E-books that are in
that kind of restricted format.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Data dependent arcfour via sbox feedback
Date: Wed, 28 Mar 2001 00:54:34 GMT
On Mon, 26 Mar 2001 16:30:52 GMT, Ken Savage <[EMAIL PROTECTED]>
wrote, in part:
>I had a look at: http://www.io.com/~ritter/DYNSUB.HTM
>RC4 shuffles the sbox itself; the modification I've done does not
>make the mixing any different. Thus, if rc4 doesn't violate the
>patent, I don't see how this mod does.
Well, 'data dependent' implied to me that the shuffling depended on
the plaintext, which is exactly what distinguishes Dynamic
Substitution from RC4.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Wed, 28 Mar 2001 02:57:05 +0200
Bertrand wrote:
>
> Sincerely, I do not like to bother others.
> I suggested an idea, just an idea. I did not publish all the complete
> algo.
> I'm not a mathematician.
> I'm not a cryptographer.
> I'm just an amateur.
> What I proposed : three ideas.
> 1. How to send easily via network any text ( encrypted or not) using a
> simple function to mask the text.
> If I send you A = M + or - k
> M is still changing
> K is ( I suppose it fixed even if I have an idea to change it every
> session)
> The eavedropper has only A. Mathematically speaking you CAN'T find k.
> y=x+k => the attacker knows x, he can't guess nor k nor y. He may try to
> use difference between 2 or more communications. But If M is random (its
> structure is not random, I know that), the attacker is helpless.
>
> 2. I proposed a simple cipher ( you have to skip the step cesar) wich
> allow me to assign to each character a billion of values. How could the
> attacker have access to wich categories I used and find any information
> to guess it.
>
> 3. I proposed the idea of crypto using GPS or any other device as
> subkey.
>
> That's all.
>
> Now I have decided to not post. Just reading. And nothing more than
> reading.
>
> Thank you.
> I apologize for disturbing other people.
>
> Bye bye.
In the present context, I guess that your decision might
indeed not be a bad one, for it would be to your
advantage, saving you much time which you could invest
in learning crypto or for doing other matters.
M. K. Shen
> Mok-Kong Shen wrote:
> >
> > Bertrand wrote:
> > >
> > > Il faudrait d'abord lire ce que j'ai propose.
> > > J'ai signe mes posts sous trois noms differents "br", "amateur" et
> > > "bertrand".
> > > Lis d'abord ce que j'y exprime comme idees avant de repondre
> > > brutalement.
> >
> > Internet discussion groups and mailing lists do not
> > always talk with the same atmosphere as e.g. in academic
> > circles. If you have experience elsewhere on the internet,
> > you would realize that this group is on the average rather
> > gentle. But, as is everywhere in life, other people's
> > behaviour may be dependent to some extent on your own. As
> > someone has pointed out, you keep on challenging others to
> > crack your scheme with the obvious intention to claim that,
> > if you don't get results from others, then your cipher
> > must be absolutely secure. In an earlier post I have
> > tried to explain why your logic of deciding the security
> > of your scheme cannot hold. Others have subsequently also
> > tried the same, though with different words and perhaps
> > in tongues a bit less soft for you. But I suppose this is
> > due to your persistent keeping to your questionable
> > attitude without providing convincing concrete arguments
> > and the repeated posting of virtually the same stuff. I
> > guess that the sheer number of posts could have displeased
> > some. As I have explained in several other follow-ups,
> > your scheme is a very special case of what I discussed in
> > an article posted on 10th Oct 2000. So your idea is
> > certainly not new. Even if your scheme should turn out to
> > be very very excellent, then it would have been I,
> > not you, that deserve the credit (of having invented
> > a presumably 'uncrackable' cipher). Thus I don't understand
> > at all why you continue to challenge others to analyse
> > the cipher, thus with time so to say getting onto the
> > nerves of others. Let me recall that a disadvantage of bit
> > homophones is the substantial expansion of the volume of
> > the ciphertext relative to plaintext. If this expansion
> > ratio is made fairly large, then the encryption could be
> > rendered sufficiently difficult to attack. However, the
> > cost of the users also correspondingly increases with
> > that ratio. In view of all the above, I suggest that you
> > would, as already recommended by others, invest your time
> > to read some good literatures in crypto instead of
> > continuing what you have done up till now in this thread.
> > If you are really interested in encryption with bit
> > homophones, you could later, i.e. after you have enriched
> > your knowledge in crypto, make an in-depth investigation
> > of its strength and post your well-founded results to the
> > group or publish them in a famous journal. I am sure that
> > all of us would appreciate to read your work.
> >
> > Cheers,
> >
> > M. K. Shen
> > -----------------------
> > http://home.t-online.de/home/mok-kong.shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
