Cryptography-Digest Digest #29, Volume #14 Wed, 28 Mar 01 16:13:00 EST
Contents:
Re: Data dependent arcfour via sbox feedback ("Henrick Hellstr�m")
Encryption of Encrypted Material results in strength??? ("Ben.Russo")
Re: Encryption of Encrypted Material results in strength??? (SCOTT19U.ZIP_GUY)
Re: Encryption of Encrypted Material results in strength??? ("Paul Pires")
Re: Breaking a DES encrypted code. (Peter Engehausen)
Re: Malicious Javascript in Brent Kohler post (those who know me have no need of my
name)
Re: Newbie wants to shuffle... ("Frog2000")
Re: Please read. ("Paul Pires")
Re: DES key replacement. ("Ben.Russo")
Re: Newbie wants to shuffle... (Mok-Kong Shen)
Re: Newbie wants to shuffle... ("Henrick Hellstr�m")
Re: Encryption of Encrypted Material results in strength??? ("Tom St Denis")
A Random Number Key Generator with a Personalized Seed Key (Douglas Eagleson)
Re: Breaking a DES encrypted code. ("Joseph Ashwood")
Re: Malicious Javascript in Brent Kohler post (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Data dependent arcfour via sbox feedback
Date: Wed, 28 Mar 2001 21:09:11 +0200
"Terry Ritter" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
>
> On Wed, 28 Mar 2001 05:33:08 GMT, in
> <[EMAIL PROTECTED]>, in
> sci.crypt Paul Crowley <[EMAIL PROTECTED]> wrote:
>
> >[EMAIL PROTECTED] (Terry Ritter) writes:
> >> If "certain countries" is intended to slight the US, I just note that
> >> entirely similar patent laws are in force in Europe. Dynamic
> >> Substitution is not a "software patent."
> >
> >If anything is a software patent, this is. Happily, however, it looks
> >as if it will not be possible to enforce patents against software in
> >Europe, though it's certainly worth keeping up the pressure to make
> >sure this decision is made.
>
> If, by "software patent," you mean any patent which applies to
> software implementation, then *most* patents on digital logic systems
> would be "software patents."
More precisely: In Europe you cannot patent mathematical, intellectual and
organizational methods. There has to be some psysical manifestation
involved. For instance, I doubt that you may patent the circuit scheme of a
processor, but you may patent the physical chip (defined in the patent
claims by, among other things, its circuits) and the process by which you
manufacture the chip. This ought to mean e.g. that an Intel patent of
Pentium-cpus would not collide with an Athlon patent of AMD-cpus.
[snip]
> When software implementations cannot infringe, it should be possible
> to avoid patents on digital systems or chips by placing the analogous
> program in a fast controller or DSP processor. That would be a major
> change to the patent system in any country, because the effect would
> be to not give patent protection to digital systems. The obvious
> response of the research and development (R&D) business would be to
> invest less where expensive results cannot be protected. If the
> ultimate goal is to try to limit the amount of R&D done outside
> government labs and academia, this change in patent law would be a big
> step in that direction.
Yes. Either that or the opposite: Since digital systems cannot be
sufficiently protected, new systems have to be developed all of the time and
be kept secret until they reach the market, so that the companies doing
research sustain a start over pirate manufacturers.
> Once again note that the IDEA cipher is patented in both the US and
> Europe, and obviously does control software implementation of IDEA in
> Europe. Consequently, this is not a US issue, nor is it new in either
> patents or cryptography.
Could you please tell me in what European country IDEA is patented? Monaco?
Liechtenstein? Andorra? Malta? ;-)
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
Date: Wed, 28 Mar 2001 14:26:05 -0500
From: "Ben.Russo" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: alt.computer.security
Subject: Encryption of Encrypted Material results in strength???
This is a multi-part message in MIME format.
==============AD638F181E27DA242ED99BD7
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Friends,
I have been told that encrypting an encrypted message actually decreases the security.
I am not a cryptographer, but will accept that on faith.
Theory aside, and considering only practical results:
I have a situation where I am setting up a VPN Mesh network between several office
sites over the internet and am going to use CISCO IOS IPSec VPN's.
How much real world difference would it make to a potential cracker if I had SSH or
SSL sessions being routed through the VPN?
Or should I really block that type of traffic and insist that users use telnet and
http instead?
-Ben.
==============AD638F181E27DA242ED99BD7
Content-Type: text/x-vcard; charset=us-ascii;
name="Ben.Russo.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Ben.Russo
Content-Disposition: attachment;
filename="Ben.Russo.vcf"
begin:vcard
n:Russo;Ben
tel;cell:(703)395-8073
tel;fax:(703)488-3979
tel;work:(703)488-3944
x-mozilla-html:TRUE
url:http://www.umva.com/~ben/
org:United Messaging;R&D
adr:;;5175 Parkstone Drive Suite 100;Chantilly;VA;20151;USA
version:2.1
email;internet:[EMAIL PROTECTED]
x-mozilla-cpt:;-9536
fn:Ben Russo
end:vcard
==============AD638F181E27DA242ED99BD7==
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: alt.computer.security
Subject: Re: Encryption of Encrypted Material results in strength???
Date: 28 Mar 2001 19:37:19 GMT
[EMAIL PROTECTED] (Ben.Russo) wrote in
<[EMAIL PROTECTED]>:
>Friends,
>
>I have been told that encrypting an encrypted message actually decreases
>the security. I am not a cryptographer, but will accept that on faith.
>
Seldom does encrypting twice decrease the security over the security
provided ( if any ) by the first encryption. About the only time it
hurts is if the second encryption undoes the first not likely unless
you make an extremely bad choice for the second method and use the
same or similar key.
Much more common would be the result of the two in series might
be weaker than if only the second one was done by itself. Since the
first one could add info that weakens the effect of the second method.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Crossposted-To: alt.computer.security
Subject: Re: Encryption of Encrypted Material results in strength???
Date: Wed, 28 Mar 2001 11:47:18 -0800
Ben.Russo <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Friends,
>
> I have been told that encrypting an encrypted message actually decreases the
>security.
> I am not a cryptographer, but will accept that on faith.
I don't think this has ever been shown in a general case. There are
some examples of dumb things to do which could result in this but
I wouldn't worry about it with two mature algorithms pulled from
a hat.
It seems that the controversy is in saying that double encryption is
provably stronger than a single encryption with the same amount
of key. It's intuitive that double encryption would probably encrease
the work required to mount an attack but I'm not sure that you
could say that it makes the underlying weakness that an attack
exploits vanish. It could well do so but how can you know?
Were not talking common sense here, it's more a matter of
proof. I think that double encryption is stronger, I don't
know how to know that it is nor do I know what the extra
effort buys over and above the extra work an adversary might
have to do.
Paul
>
> Theory aside, and considering only practical results:
> I have a situation where I am setting up a VPN Mesh network between several office
>sites over the internet and am going to use
CISCO IOS IPSec VPN's.
> How much real world difference would it make to a potential cracker if I had SSH or
>SSL sessions being routed through the VPN?
> Or should I really block that type of traffic and insist that users use telnet and
>http instead?
>
> -Ben.
>
------------------------------
From: Peter Engehausen <[EMAIL PROTECTED]>
Subject: Re: Breaking a DES encrypted code.
Date: Wed, 28 Mar 2001 19:02:03 -0100
Reply-To: [EMAIL PROTECTED]
Take a random file ( actaully a text file ok) Try decrypting it
whith BICOM use any key. Then encrypt result with same key
you should get your original file back. If you don't the crypto
system your using is not fully bijective and is mostly leaking
information like I mentioned above so that its easier to attack
and for an attacker to check if he has correct key.
Dear David!
Did I get you right? There are cryptosystems which encrypt and decrypt good
but decrypt and
encrypt poorly?
Hm... Thanks,
Peter
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: Malicious Javascript in Brent Kohler post
Date: Wed, 28 Mar 2001 19:58:03 -0000
[f-u set]
<[EMAIL PROTECTED]> divulged:
>If I get a mail with an attached
>html-file (shown as an icon), how can I check that it is safe
>to open it?
if you can't figure out how to gain access to the content how do you
expect to gauge its cleanliness? i shouldn't be harsh, something like
the kohler thing is pretty easy to see.
>I copied it with the right mouse key to a file,
>but it appears that there are not only stuffs form the mailer
>that need be removed but also extra sequences like '=0A=' etc.
you need to decode the transfer encoding. also you'll need to decode
any url-encoded data as well.
--
okay, have a sig then
------------------------------
From: "Frog2000" <[EMAIL PROTECTED]>
Subject: Re: Newbie wants to shuffle...
Date: Wed, 28 Mar 2001 15:06:30 -0500
--
http://welcome.to/speechsystemsfortheblind
"Henrick Hellstr�m" <[EMAIL PROTECTED]> wrote in message
news:99t3ji$cra$[EMAIL PROTECTED]...
> "Frog2000" <[EMAIL PROTECTED]> skrev i meddelandet
> news:[EMAIL PROTECTED]...
> > --
> > http://welcome.to/speechsystemsfortheblind
> >
> >
> > "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > >
> > >
> > > "Henrick Hellstr�m" wrote:
> > > >
> > > > If you start with a random (large) integer N in the range [0..n!),
you
> > could
> > > > use the following algorithm that will bijectively assign a distinct
> > > > permutation to each possible value of N:
> > > >
> > > > for i := 1 to n do S[i] := i;
> > > > for i := n downto 2 do begin
> > > > j := (N mod i) + 1; (* Large integer arithmetics *)
> > > > N := N div i; (* Large integer arithmetics *)
> > > > x := S[i];
> > > > S[i] := S[j];
> > > > S[j] := x;
> > > > end;
> > >
> > > Is that to be found somewhere in the literature? Thanks.
> >
> > I don't think that will work.
>
> But it does work, and it is easy to prove that it does.
>
>
> > This program will. Pay attention to the
> > permute proc.
>
> Your program is deterministic. The contents of the output file are
> determined by the size parameter only. Furthermore your program executes
in
> polynomial (quadratic) time for no intelligble reason whatsoever. Knuth's
> algorithm executes in linear time.
Yes, but I think we are looking for different results.
>
>
> --
> Henrick Hellstr�m [EMAIL PROTECTED]
> StreamSec HB http://www.streamsec.com
>
>
>
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Please read.
Date: Wed, 28 Mar 2001 12:05:25 -0800
Tony L. Svanstrom <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Paul Pires <[EMAIL PROTECTED]> wrote:
>
> > Use a killfile. And do NOT reply or comment.
> > You are just pushing these headers past the killfiles
> > of those who are using them and giving this turd
> > a certain amount of satisfaction.
>
> Then they need to change their killfiles to catch the fups too.
>
>
> /Tony
> --
> ########################################################################
> I'm sorry, I'm sorry; actually, what I said was:
> HOW WOULD YOU LIKE TO SUCK MY BALLS?
> - South Park -
Extend them 18 inches from your body,
Impact them repeatedly until the consitency
of tapioca is achieved, roll out until no
more than 1/16 inch thick and if you're still
interested, I might have a go at it.
Taglines as a side channel? Bob Silverman's was bad enough.
------------------------------
Date: Wed, 28 Mar 2001 15:13:56 -0500
From: "Ben.Russo" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: DES key replacement.
This is a multi-part message in MIME format.
==============FB8A87CC16B8400083A798F5
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Yaniv Sapir wrote:
> Hi all.
>
> When using DES for encryption of long messages, is it a common practice to
> replace the 64-bit key once in a while? If so, how frequent?
>
> TIA,
> Yaniv.
Depends upon the application. OpenSSH using DES has a defualt key replacement every
hour. Other applications use the same DES key for the whole session
-Ben.
==============FB8A87CC16B8400083A798F5
Content-Type: text/x-vcard; charset=us-ascii;
name="Ben.Russo.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Ben.Russo
Content-Disposition: attachment;
filename="Ben.Russo.vcf"
begin:vcard
n:Russo;Ben
tel;cell:(703)395-8073
tel;fax:(703)488-3979
tel;work:(703)488-3944
x-mozilla-html:TRUE
url:http://www.umva.com/~ben/
org:United Messaging;R&D
adr:;;5175 Parkstone Drive Suite 100;Chantilly;VA;20151;USA
version:2.1
email;internet:[EMAIL PROTECTED]
x-mozilla-cpt:;-9536
fn:Ben Russo
end:vcard
==============FB8A87CC16B8400083A798F5==
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Newbie wants to shuffle...
Date: Wed, 28 Mar 2001 22:18:00 +0200
Scott Fluhrer wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> >
> > "Henrick Hellstr�m" wrote:
> > >
> > > If you start with a random (large) integer N in the range [0..n!), you
> could
> > > use the following algorithm that will bijectively assign a distinct
> > > permutation to each possible value of N:
> > >
> > > for i := 1 to n do S[i] := i;
> > > for i := n downto 2 do begin
> > > j := (N mod i) + 1; (* Large integer arithmetics *)
> > > N := N div i; (* Large integer arithmetics *)
> > > x := S[i];
> > > S[i] := S[j];
> > > S[j] := x;
> > > end;
> >
> > Is that to be found somewhere in the literature? Thanks.
> The Art of Computer Programming -- Donald Knuth.
>
> In particular, Volume 2 ("Seminumerical Algorithms"), Second Edition (which
> is what I happened to have on hand), Algorithm 3.4.2P.
But in Knuth one has in your notation j:=floor(i*U)+1;
where U is a uniformly distributed between 0 and 1. It
is not immediately clear that your using a single random
integer value N in [0, n!) achieves exactly the same. Could
you explain a bit? Thanks.
M. K. Shen
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Newbie wants to shuffle...
Date: Wed, 28 Mar 2001 22:40:10 +0200
"Mok-Kong Shen" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
>
>
> Scott Fluhrer wrote:
> >
> > Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > >
> > > "Henrick Hellstr�m" wrote:
> > > >
> > > > If you start with a random (large) integer N in the range [0..n!),
you
> > could
> > > > use the following algorithm that will bijectively assign a distinct
> > > > permutation to each possible value of N:
> > > >
> > > > for i := 1 to n do S[i] := i;
> > > > for i := n downto 2 do begin
> > > > j := (N mod i) + 1; (* Large integer arithmetics *)
> > > > N := N div i; (* Large integer arithmetics *)
> > > > x := S[i];
> > > > S[i] := S[j];
> > > > S[j] := x;
> > > > end;
> > >
> > > Is that to be found somewhere in the literature? Thanks.
> > The Art of Computer Programming -- Donald Knuth.
> >
> > In particular, Volume 2 ("Seminumerical Algorithms"), Second Edition
(which
> > is what I happened to have on hand), Algorithm 3.4.2P.
>
> But in Knuth one has in your notation j:=floor(i*U)+1;
> where U is a uniformly distributed between 0 and 1. It
> is not immediately clear that your using a single random
> integer value N in [0, n!) achieves exactly the same. Could
> you explain a bit? Thanks.
Firstly, my algorithm is a simplification of one part of the Steak Cipher
key set up scheme. I use a single large integer value, because it is part of
the key.
My algorithm is exhaustive because the series of j:s in Knuth's algorithm
could be put as the sum (...(j{0}*n + j{1})*(n-1) + ...), and that sum would
be equal to N in my algorithm. It is really only arithmetic with a large
integer expressed in a dynamic base. You could prove bijectivety in
virtually the same way you prove that any integer can be unequivocally
expressed in any nonzero base.
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: alt.computer.security
Subject: Re: Encryption of Encrypted Material results in strength???
Date: Wed, 28 Mar 2001 20:45:07 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Ben.Russo) wrote in
> <[EMAIL PROTECTED]>:
>
> >Friends,
> >
> >I have been told that encrypting an encrypted message actually decreases
> >the security. I am not a cryptographer, but will accept that on faith.
> >
>
> Seldom does encrypting twice decrease the security over the security
> provided ( if any ) by the first encryption. About the only time it
> hurts is if the second encryption undoes the first not likely unless
> you make an extremely bad choice for the second method and use the
> same or similar key.
>
> Much more common would be the result of the two in series might
> be weaker than if only the second one was done by itself. Since the
> first one could add info that weakens the effect of the second method.
What is with your "adds info" thing. If you have x-bits of input and x-bits
of output you can't "add info". You can leak info about the transform but
the amount of information in the data stream is the same ... in this case
'x' bits.
And it has never been proven that double encryption of any sort is better if
not worse then single encryption. The problem is you are making a "new
cipher" which requires analysis on it's own. Typically in a feistel scheme
it's like doubling the rounds and could be beneficial..
Tom
------------------------------
From: Douglas Eagleson <[EMAIL PROTECTED]>
Subject: A Random Number Key Generator with a Personalized Seed Key
Date: Wed, 28 Mar 2001 20:45:48 GMT
My Java application MODDES at:
http://llef.tripod.com/Dougpage/PageA/moddes.htm
contained an error in its key space definition. The new version
truly follows the entire 56 bit key space, really.
The random number generator was upgraded to a superior algorithm
by Marsaglia, Kahaner, et al. This algorithm in Fortran is listed
at the end of this posting. There is a small rounding error bias in
MODDES due to rounding errors, likely JAVA specific.
The concept of relying on a system key generator for personal and
professional use is a questionable practice. There is a distinct
lack of PRNG seed control. Using a proven generator seeded with a
personal "key", an encryption user can be assured of a unique working
key. Palm computers have the advantage of physical security and ample
computing power. There are many key generator Palm applications
available for download, but the concept of the PERSONAL SEED KEY does
not seem very common. The PERSONAL SEED KEY would be infrequently
changed and from a truly hidden source, personally selected.
System PRNG generated numbers could still be used, but only to select
a value from UNI's output array. MODDES does not use this concept
and has a programmer's selected seed key. I hope to add another Palm
Key manager to the large list, but using the concept of a PERSONAL
KEY and a very good PRNG like UNI. As an aside, UNI's algorithm
is a real nice encryption engine if the seed initialization code
is considered the engine.
Marsaglia's algorithm is particularly useful for this seed key
concept, because of this encryption like property. It is then very
hard to determine the PERSONAL KEY from known working keys. If you
loose your PERSONAL KEY it becomes a real random number generator.
*******************************************************************************
See the notes in the source code, the INTEGER FUNCTION mentioned
in previous postings, is a simplified form of this unique PRNG's
boolean matrix function. The scientific matrix definition is not
present in UNI. It is implied by the "mod" operations parameters.
Matrix operations without boundary value symbolic logic may be
performed using the SHUFFLING operation logic.
function uni()
/*******************************************************************************
!
!! UNI generates real uniform random numbers on [0,1).
!
!
! Reference:
!
! David Kahaner, Clever Moler, Steven Nash,
! Numerical Methods and Software,
! Prentice Hall, 1988.
!
!
! usage:
! to initialize the generator
! useed = ustart(iseed)
! where: iseed is any nonzero integer
! will return floating point value of iseed.
!
! subsequently
! u = uni()
! will return a real uniform on [0,1)
!
! one initialization is necessary, but any number of evaluations
! of uni in any order, are allowed.
!
! note: depending upon the value of k (see below), the output
! of uni may differ from one machine to another.
!
! typical usage:
!
! real u,uni,ustart,useed
! integer iseed
!c set seed
! iseed = 305
! useed = ustart(iseed)
! do i = 1,1000
! u = uni()
! end do
!c note: if k=24 (the default, see below) the output value of
!c u will be 0.1570390462475...
! write(*,*) u
! end
!
! note on portability: users can choose to run uni in its default
! mode (requiring no user action) which will generate the same
! sequence of numbers on any computer supporting floating point
! numbers with at least 24 bit mantissas, or in a mode that
! will generate numbers with a longer period on computers with
! larger mantissas.
! to exercise this option: b e f o r e invoking ustart insert
! the instruction ubits = unib(k) k >= 24
! where k is the number of bits in the mantissa of your floating
! point word (k=48 for cray, cyber 205). unib returns the
! floating point value of k that it actually used.
! k input as <= 24, then ubits=24.
! k input as > 24, then ubits=float(k)
! if k>24 the sequence of numbers generated by uni may differ
! from one computer to another.
!
!
!
! references marsaglia g., "comments on the perfect uniform random
! number generator", unpublished notes, wash s. u.
*/
real, save :: c = 362436.0E+00 / 16777216.0E+00
real, parameter :: cd = 7654321.0E+00 / 16777216.0E+00
real, parameter :: cm = 16777213.0E+00 / 16777216.0E+00
real, parameter :: csave = 362436.0E+00 / 16777216.0E+00
integer, save :: i = 17
integer i1
integer ii
integer iseed
integer, save :: j = 5
integer j1
integer jj
integer, save :: k = 24
integer k1
integer kk
integer l1
integer m1
real s
real t
real, save, dimension ( 17 ) :: u = (/ &
0.8668672834288, 0.3697986366357, 0.8008968294805, &
0.4173889774680, 0.8254561579836, 0.9640965269077, &
0.4508667414265, 0.6451309529668, 0.1645456024730, &
0.2787901807898, 0.06761531340295, 0.9663226330820, &
0.01963343943798, 0.02947398211399, 0.1636231515294, &
0.3976343250467, 0.2631008574685 /)
real uni
real unib
real ustart
/*
! load data array in case user forgets to initialize.
! this array is the result of calling uni 100000 times
! with iseed=305 and k=64.
!
! basic generator is fibonacci
*/
uni = u(i)-u(j)
if ( uni<0.0)uni = uni+1.0E+00
u(i) = uni
/******** This is a marsaglia array space definition- d.eagleson*/
i = i-1
if ( i==0)i = 17
j = j-1
if ( j==0)j = 17
/*****************************************************/
/*
! second generator is congruential
*/
c = c-cd
if ( c<0.0) c=c+cm
/*
! combination generator
*/
uni = uni-c
if ( uni<0.0)uni = uni+1.0E+00
return
/*
entry ustart ( iseed )
!
! set up ...
! convert iseed to four smallish positive integers.
*/
/****************************************************/
/* Real number functions using integers are not able to represent boolean logic
functions.
This is a algorithm(A BOOLEAN LOGIC PROCESS)(the MOD function) in this instance,
it is not a real number
function. a common falicy in general. -dme*/
i1 = mod(abs(iseed),177)+1
j1 = mod(abs(iseed),167)+1
k1 = mod(abs(iseed),157)+1
l1 = mod(abs(iseed),147)+1
/****************************************************/
/*
! generate random bit pattern in array based on given seed.
*/
do ii = 1,17
s = 0.0E+00
t = 0.5
/* do for each of the bits of mantissa of word
! loop over k bits, where k is defaulted to 24 but can
! be changed by user call to unib(k)
*/
/******************************************************************/
/*--This is boolean matrix logic here. This is who you are up against when
you say an encryption algortithm is secure, not number theorists.
The scientific matrix definition is not present, but is implied by the
"mod" operation's parameters -d.eagleson --*/
do jj = 1,k
m1 = mod(mod(i1*j1,179)*k1,179)
/****this is object-oriented programming operations- dme/
i1 = j1
j1 = k1
k1 = m1
l1 = mod(53*l1+1,169)
/*********************************************/
if ( mod(l1*m1,64)>=32)s=s+t //see the transformation here-dme
t = .5*t
end do
u(ii) = s
end do
/******************************************************************/
ustart = real(iseed)
return
entry unib ( kk )
if ( kk <= 24 ) then
k = 24
else
k = kk
end if
unib = real ( k )
return
end
/*******************************************************************************/
Douglas Eagleson
[EMAIL PROTECTED]
"What's it like'ye at the Test Site?"
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Breaking a DES encrypted code.
Date: Wed, 28 Mar 2001 12:33:25 -0800
Honestly this should be somewhere in the FAQ. Davis Scott is considered by
many on this group (and many that are not) to be a long standing troll. Much
of what he says is either incorrect or so garbled that you can't make any
sense of that. With that said:
(Deterministic) Encryption is by definition Bijective. The only variance
from the is in the termination mode. In the termination mode there are many
possibilities. Also because your input data is most likely not a dense
function of the inputs of the encryption function, regardless of what you do
the "flaws" that DScott claims can be eliminated, by whatever he's claiming
now, it varies from his homebrew cipher, to compression, to specific
implementations of various ciphers). The simple fact is that if you want to
learn something real about encryption David Scott is less likely to be of
use than reading papers regarding the state of the art in cryptography. If
nothing else by reading papers by people that are respected you will at
least get some idea of the correct terminology.
Joe
"Peter Engehausen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Take a random file ( actaully a text file ok) Try decrypting it
> whith BICOM use any key. Then encrypt result with same key
> you should get your original file back. If you don't the crypto
> system your using is not fully bijective and is mostly leaking
> information like I mentioned above so that its easier to attack
> and for an attacker to check if he has correct key.
>
> Dear David!
>
> Did I get you right? There are cryptosystems which encrypt and decrypt
good
> but decrypt and
> encrypt poorly?
>
> Hm... Thanks,
> Peter
>
>
>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Malicious Javascript in Brent Kohler post
Date: Wed, 28 Mar 2001 23:04:59 +0200
those who know me have no need of my name wrote:
>
> >If I get a mail with an attached
> >html-file (shown as an icon), how can I check that it is safe
> >to open it?
>
> if you can't figure out how to gain access to the content how do you
> expect to gauge its cleanliness? i shouldn't be harsh, something like
> the kohler thing is pretty easy to see.
The point is: Suppose one copies it to a file and finds
that it is html containing a Javascript. Does one need
Java knowledge or is there an automatic means analogous
to a virus scanner to determine whether the material
could be malicious.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
