Cryptography-Digest Digest #48, Volume #14 Sat, 31 Mar 01 00:13:01 EST
Contents:
Rascal would love terrible republicans (Anonymous)
Re: Data dependent arcfour via sbox feedback (Yamaneko)
[ANNOUNCE] Swiss fucking asks to decypher those CIA (Anonymous)
Re: CIA probably loves to code those Kenneth Pangborn (Anonymous)
new sboxgen :-) ("Tom St Denis")
[STATS] Shinn used to burn CIA (lcs Mixmaster Remailer)
Re: new sboxgen :-) ("Tom St Denis")
Re: new sboxgen :-) ("Scott Fluhrer")
Re: FIPR Release 29/3/01: Govt. stalls on licensing of computer consultants ("Scott")
Re: new sboxgen :-) ("Tom St Denis")
Re: Eric Lee Green & Co + Anti Evidence Eliminator Fake Spammers FBI Task Force
Authority (P.Dulles)
Noisebox used to print gentle PGP code (Nomen Nescio)
Re: FBI uses tasteful faggots (Nomen Nescio)
CIA probably used to infect spotty faggots (Anonymous)
Re: Idea - (LONG) ("John A. Malley")
conferences? ("Tom St Denis")
Re: conferences? ("Scott Fluhrer")
Re: new sboxgen :-) ("Scott Fluhrer")
Re: conferences? (Paul Rubin)
Re: conferences? (Paul Rubin)
Re: conferences? ("Scott Fluhrer")
----------------------------------------------------------------------------
Date: 30 Mar 2001 23:26:54 -0000
From: Anonymous <[EMAIL PROTECTED]>
Subject: Rascal would love terrible republicans
Crossposted-To: soc.men,alt.security.pgp
Swiss used to read remaining of those tasteful C++ code
[WARNING] Cracow2 probably needs priapic Pangborn
NSA definitely loves to encode remaining of these ass-holes
0,8760761 0,2983885 0,6424742 -2001/03/25 23:02:37-
Script-Kiddie MASTER of APAS/ADRU/SM/AUK
For a 21st Century completely REMAILER-FREE
That CRAP brought to you by request from Thomas J. BOSCHLOO
[EMAIL PROTECTED]
[STATS] The bishop loves all perl scripts
[WARNING] Xganon wants to decypher obnoxious niggers
------------------------------
From: Yamaneko <[EMAIL PROTECTED]>
Subject: Re: Data dependent arcfour via sbox feedback
Date: Fri, 30 Mar 2001 22:37:49 -0100
Reply-To: [EMAIL PROTECTED]
"John L. Allen" wrote:
>
> I have been playing with this rc4 variation that *does* shuffle
> the sbox differently, based on the encrypted data:
>
> c = 0;
> for( i = 0; i < len; i++ ) {
> x = (x + 1) & 255;
> y = (y + sbox[x] + c) & 255;
> swap( sbox[x], sbox[y] );
> data[i] ^= sbox[(sbox[x] + sbox[y]) & 255];
> c = data[i];
> }
>
> Decryption simply reverses the last two lines in the loop. Any
> glaring flaws?
I think such a feedback for Arcfour might be very vulnerable because
there is a group of weak cycles:
Imagine an initial values of x, y = x+1 and an S-box with S[x+1] = 1.
After one update of the generator the entry of the S-box with the value
of 1 would have moved up one step by swapping to neighboring entries
and the initial condition still holds true. This leads to a cycle of
random bytes with a period of 255*256.
The standard initialization procedure of Arcfour avoids these short
cycles by setting x=0 and y=0. Please correct me if I'm wrong.
However, if you do some feedback, you might run into such a short cycle
with a chance of ~ 1/65280. Especially if you feedback the plaintext
bytes and encrypt a file with a long (> 65280) sequence of chr(0) you
might never leave this cycle. The ciphertext would be the repeating
sequence of random numbers which would make it much easier to determine
the internal state.
Sincerely
------------------------------
Date: 31 Mar 2001 00:07:27 -0000
From: Anonymous <[EMAIL PROTECTED]>
Subject: [ANNOUNCE] Swiss fucking asks to decypher those CIA
Crossposted-To: soc.men,alt.security.pgp
The bishop needs to fuck nice MIX keys
Re: Dizum asks jews
[INFO] Austria requires spotty mexicans
Licious definitely would love to sodomize remaining of nice carrots
0,6960866 0,959756 0,606675 -2001/03/25 21:27:48-
Script-Kiddie MASTER of APAS/ADRU/SM/AUK
For a 21st Century completely REMAILER-FREE
That CRAP brought to you by request from Thomas J. BOSCHLOO
[EMAIL PROTECTED]
CIA wants to infect remaining of smelly FBI
Bruble2 sure uses to read most of ass-holes
[ANNOUNCE] FBI uses tasty onions
------------------------------
From: Anonymous <[EMAIL PROTECTED]>
Subject: Re: CIA probably loves to code those Kenneth Pangborn
Crossposted-To: soc.men,alt.security.pgp
Date: Sat, 31 Mar 2001 02:39:08 +0200 (CEST)
0,3436454 0,4786274 0,2904171 -2001/03/25 21:22:19-
Script-Kiddie MASTER of APAS/ADRU/SM/AUK
For a 21st Century completely REMAILER-FREE
That CRAP brought to you by request from Thomas J. BOSCHLOO
[EMAIL PROTECTED]
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: new sboxgen :-)
Date: Sat, 31 Mar 2001 00:39:51 GMT
I updated my sboxgen program... it can now make bijective sboxes (that are
their own inverse) using a 2-function 3-round feistel. It outputs the
feistel round functions too. Obviously the smallest sbox you can make with
this is 6x6 since 2x2 functions can't be non-linear (and the size of the
sbox must be even!)
http://tomstdenis.home.dhs.orc/src/sboxgen.c
(or a pretty html copy )
http://tomstdenis.home.dhs.orc/src/sboxgen.c.html
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
Date: 31 Mar 2001 01:00:04 -0000
From: lcs Mixmaster Remailer <[EMAIL PROTECTED]>
Subject: [STATS] Shinn used to burn CIA
Crossposted-To: soc.men,alt.security.pgp
0,5711672 0,8935963 0,6279081 -2001/03/25 21:34:22-
Script-Kiddie MASTER of APAS/ADRU/SM/AUK
For a 21st Century completely REMAILER-FREE
That CRAP brought to you by request from Thomas J. BOSCHLOO
[EMAIL PROTECTED]
Austria wants sympathetic NSA
Tr: Bush uses to eat more of ass-holes
Swiss probably uses most of some C++ code
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: new sboxgen :-)
Date: Sat, 31 Mar 2001 01:05:11 GMT
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:rH9x6.166677$[EMAIL PROTECTED]...
> I updated my sboxgen program... it can now make bijective sboxes (that are
> their own inverse) using a 2-function 3-round feistel. It outputs the
> feistel round functions too. Obviously the smallest sbox you can make
with
> this is 6x6 since 2x2 functions can't be non-linear (and the size of the
> sbox must be even!)
>
> http://tomstdenis.home.dhs.orc/src/sboxgen.c
>
> (or a pretty html copy )
> http://tomstdenis.home.dhs.orc/src/sboxgen.c.html
stupid typo... the correct url is with ".org" ... i.e
http://tomstdenis.home.dhs.org/src/sboxgen.c
BTW if you are wondering "why do this?" well expressing the sbox as a
feistel network (it will output a table and C code that is equivelant so you
can pick between size or speed) has some significant advantages:
1. The sbox is it's own inverse since any unkeyed odd round feistel is it's
own inverse.
2. The sbox can be expressed as small-table lookup and xor's which make
them suitable for hardware (4x4 sboxes [for example] are relatively small in
hardware only take 64 bits of storage). You can execute multiple
substitutions in parallel since they don't require alot of hardware. A 8x8
sbox can be written as five xor's (using five rounds you can get the dp max
as low as 10/256 and a lpmax (matsui original def'n) of 32/256 afaihs) and
128 bits of storage space (rom).
3. They are more suited for embedded platforms since only 2*sqrt(N) words
are required instead of N...
Of course you pay a certain price. With a 3-round feistel I have yet to see
an sbox with a dpmax less than 16/256, etc...
Tom
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: new sboxgen :-)
Date: Fri, 30 Mar 2001 17:20:58 -0800
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:rH9x6.166677$[EMAIL PROTECTED]...
> I updated my sboxgen program... it can now make bijective sboxes (that are
> their own inverse) using a 2-function 3-round feistel. It outputs the
> feistel round functions too. Obviously the smallest sbox you can make
with
> this is 6x6 since 2x2 functions can't be non-linear (and the size of the
> sbox must be even!)
Off the top of my head, I'd be rather cautious about self-inverting sboxes.
One obvious differential they may be prone to is when on input, the inputs
on the two sides of the differential are X and Y, and it just happens that
SBox[X]==Y. Then, on output, the two sides of the differential are Y and X,
and this happens considerably more often than on a random SBox.
I'm not sure how this would be of use attacking a real cipher, but it looks
like something to be wary about.
--
poncho
------------------------------
From: "Scott" <[EMAIL PROTECTED]>
Crossposted-To: uk.tech.electronic-security,uk.legal
Subject: Re: FIPR Release 29/3/01: Govt. stalls on licensing of computer consultants
Date: Sat, 31 Mar 2001 02:24:18 +0100
Savonarola wrote in message ...
>
>"Savonarola" <[EMAIL PROTECTED]> wrote in message
>news:luvw6.247828$[EMAIL PROTECTED]...
>> FIPR Press Release 29/3/01: FOR IMMEDIATE USE
>> ==========================
>> Foundation for Information Policy Research
>>
>> Government stalls on Bouncers Bill licensing of computer consultants
>
>Reassured ?
>
No definately not! This is extremely worrying. They say its not aimed at IT,
but wont put that in the bill. Its a classic technique by the government, in
fact it more or less guarantees that IT security consultants ARE a target.
Always judge a government by its actions never its words.
>=========================================================================
>
>Home Office 'unofficial' release Friday, March 30, 2001 1:56 PM
>
>FAO News Editors:
>
>The Government made it clear on Wednesday (during the Commons Second
Reading
>
>of the Private Security Industry Bill) that IT security consultants would
>
>not need to be licensed under the proposed legislation.
>
>The Bill proposes that those working in the private security industry would
>
>need a licence to operate. The IT industry had expressed concerns that IT
>
>security consultants would need to apply for licences.
>
>Home Office Minister, Charles Clarke, stated on Wednesday that the
>
>legislation would not cover IT security consultants.
>
>At present there is no regulation of the information security industry, but
>
>the Government is committed to regulating only where necessary. The DTI
>
>will be consulting the industry on the extent and effectiveness of existing
>
>precautions and whether or not further action is required.
>
>The definition of security consultants in the Bill is deliberately broad.
>
>The licensing requirement for particular groups will be 'switched on' by
>
>regulations, and the groups affected will be fully consulted when drafting
>
>the regulations. At that time the Government will again make it clear that
>
>(subject to DTI's work on existing precautions) IT security consultants
will
>
>not be included in the licensing regime.
>
>_____________________________________
>
>Linda Martin
>
>Police Desk, Home Office Press Office
>
>Room 143, 50 Queen Anne's Gate
>
>London
>
>SW1H 9AT
>
>Tel: 020 7273 2274
>
>
>
>
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: new sboxgen :-)
Date: Sat, 31 Mar 2001 01:45:33 GMT
"Scott Fluhrer" <[EMAIL PROTECTED]> wrote in message
news:9a3bu6$h35$[EMAIL PROTECTED]...
>
> Tom St Denis <[EMAIL PROTECTED]> wrote in message
> news:rH9x6.166677$[EMAIL PROTECTED]...
> > I updated my sboxgen program... it can now make bijective sboxes (that
are
> > their own inverse) using a 2-function 3-round feistel. It outputs the
> > feistel round functions too. Obviously the smallest sbox you can make
> with
> > this is 6x6 since 2x2 functions can't be non-linear (and the size of the
> > sbox must be even!)
> Off the top of my head, I'd be rather cautious about self-inverting
sboxes.
> One obvious differential they may be prone to is when on input, the inputs
> on the two sides of the differential are X and Y, and it just happens that
> SBox[X]==Y. Then, on output, the two sides of the differential are Y and
X,
> and this happens considerably more often than on a random SBox.
>
> I'm not sure how this would be of use attacking a real cipher, but it
looks
> like something to be wary about.
>
Even if that does occur it happens with a bounded probability.
Tom
------------------------------
From: P.Dulles <*@*.com>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.privacy.anon-server,alt.security.scramdisk
Subject: Re: Eric Lee Green & Co + Anti Evidence Eliminator Fake Spammers FBI Task
Force Authority
Date: Fri, 30 Mar 2001 21:15:57 -0500
Reply-To: *@*.com
In article <E56x6.4073$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
>: Eric Lee Green (pig stooge) wrote:
>:
>: "AVOID EVIDENCE ELIMINATOR -- for details, see
>: http://badtux.org/eric/editorial/scumbags.html "
>:
>: Eric & his spammers are the cops sending all the fake spam about evidence
>: eliminator (great util BTW)
>:
>: EE caught the pigs lying on 49 points.
>:
>: http://www.evidence-eliminator.com/dis-information.shtml
Yet more hysterical and shock-marketing claims on the part of EE. And
how did you count 49?
--
Loki
"Joan of Arc heard voices too!"
------------------------------
From: Nomen Nescio <[EMAIL PROTECTED]>
Subject: Noisebox used to print gentle PGP code
Crossposted-To: soc.men,alt.security.pgp
Date: Sat, 31 Mar 2001 04:30:04 +0200 (CEST)
Gretchen fucking loves plenty of faggots
0,6884685 0,1513726 0,3380386 -2001/03/25 23:42:51-
Script-Kiddie MASTER of APAS/ADRU/SM/AUK
For a 21st Century completely REMAILER-FREE
That CRAP brought to you by request from Thomas J. BOSCHLOO
[EMAIL PROTECTED]
[STATS] Randseed absolutely uses to fuck republicans
------------------------------
From: Nomen Nescio <[EMAIL PROTECTED]>
Subject: Re: FBI uses tasteful faggots
Crossposted-To: soc.men,alt.security.pgp
Date: Sat, 31 Mar 2001 04:50:12 +0200 (CEST)
[WARNING] NSA would love to decypher these NSA
0,2116714 0,6120982 0,9273583 -2001/03/25 23:35:16-
Script-Kiddie MASTER of APAS/ADRU/SM/AUK
For a 21st Century completely REMAILER-FREE
That CRAP brought to you by request from Thomas J. BOSCHLOO
[EMAIL PROTECTED]
Riot asks to code plenty of these terrible faggots
------------------------------
Date: Fri, 30 Mar 2001 19:01:33 -0800
From: Anonymous <[EMAIL PROTECTED]>
Subject: CIA probably used to infect spotty faggots
Crossposted-To: soc.men,alt.security.pgp
0,6477672 0,941079 0,5911119 -2001/03/25 22:43:23-
Script-Kiddie MASTER of APAS/ADRU/SM/AUK
For a 21st Century completely REMAILER-FREE
That CRAP brought to you by request from Thomas J. BOSCHLOO
[EMAIL PROTECTED]
[ANNOUNCE] My brother fucking used to print nice republicans
Gore loves potatoes
Arafat needs some terrible VB code
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Fri, 30 Mar 2001 19:37:14 -0800
"Douglas A. Gwyn" wrote:
>
[snip]
>
> Anyway, the perfect secrecy vanishes if more than one block is
> encrypted using the same key.
I utter the famous words of Homer Simpson - "Doh!" - as I smack myself
in the forehead. :-)
Thanks.
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: conferences?
Date: Sat, 31 Mar 2001 04:32:35 GMT
I just finished a design for a simple cipher based on MDS matrices and a FFT
like network (like CS-Cipher) the idea is to make the encryption really
simple and use it in CTR mode. The cipher takes a 192-bit key and a 64-bit
block (i.e you encrypt the 64-bit counter and xor it against the msg as
required).
I was wondering what conferences this type of cipher would be relevant too.
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: conferences?
Date: Fri, 30 Mar 2001 20:36:34 -0800
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:D5dx6.169576$[EMAIL PROTECTED]...
> I just finished a design for a simple cipher based on MDS matrices and a
FFT
> like network (like CS-Cipher) the idea is to make the encryption really
> simple and use it in CTR mode. The cipher takes a 192-bit key and a
64-bit
> block (i.e you encrypt the 64-bit counter and xor it against the msg as
> required).
>
> I was wondering what conferences this type of cipher would be relevant
too.
Selected Areas in Cryptography would be one idea. It's in Toronto this
year, so it might be not that far for you in any case.
--
poncho
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: new sboxgen :-)
Date: Fri, 30 Mar 2001 20:39:07 -0800
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:1Fax6.167489$[EMAIL PROTECTED]...
>
> "Scott Fluhrer" <[EMAIL PROTECTED]> wrote in message
> news:9a3bu6$h35$[EMAIL PROTECTED]...
> >
> > Tom St Denis <[EMAIL PROTECTED]> wrote in message
> > news:rH9x6.166677$[EMAIL PROTECTED]...
> > > I updated my sboxgen program... it can now make bijective sboxes (that
> are
> > > their own inverse) using a 2-function 3-round feistel. It outputs the
> > > feistel round functions too. Obviously the smallest sbox you can make
> > with
> > > this is 6x6 since 2x2 functions can't be non-linear (and the size of
the
> > > sbox must be even!)
> > Off the top of my head, I'd be rather cautious about self-inverting
> sboxes.
> > One obvious differential they may be prone to is when on input, the
inputs
> > on the two sides of the differential are X and Y, and it just happens
that
> > SBox[X]==Y. Then, on output, the two sides of the differential are Y
and
> X,
> > and this happens considerably more often than on a random SBox.
> >
> > I'm not sure how this would be of use attacking a real cipher, but it
> looks
> > like something to be wary about.
> >
>
> Even if that does occur it happens with a bounded probability.
Well, yes, but that bound is considerably higher than the corresponding
bound on an arbitrary sbox. And, the bound can be reduced only be making
the sbox bigger, not by choosing a better sbox.
--
poncho
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: conferences?
Date: 30 Mar 2001 20:52:45 -0800
"Tom St Denis" <[EMAIL PROTECTED]> writes:
> I just finished a design for a simple cipher based on MDS matrices and a FFT
> like network (like CS-Cipher) the idea is to make the encryption really
> simple and use it in CTR mode. The cipher takes a 192-bit key and a 64-bit
> block (i.e you encrypt the 64-bit counter and xor it against the msg as
> required).
>
> I was wondering what conferences this type of cipher would be relevant too.
Stop designing ciphers and start breaking ciphers other people have designed.
But you knew that already.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: conferences?
Date: 30 Mar 2001 20:57:55 -0800
"Tom St Denis" <[EMAIL PROTECTED]> writes:
> I just finished a design for a simple cipher based on MDS matrices and a FFT
> like network (like CS-Cipher) the idea is to make the encryption really
> simple and use it in CTR mode. The cipher takes a 192-bit key and a 64-bit
> block (i.e you encrypt the 64-bit counter and xor it against the msg as
> required).
>
> I was wondering what conferences this type of cipher would be relevant too.
More seriously than in previous post, the Fast Software Encryption
workshop comes to mind, and the IACR conference referees actually look
at submissions like that. But really, can you explain what an MDS
matrix is? Can you explain what an FFT is? Why would you those
things to be relevant to your cipher's security?
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: conferences?
Date: Fri, 30 Mar 2001 20:53:40 -0800
Paul Rubin <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> writes:
> > I just finished a design for a simple cipher based on MDS matrices and a
FFT
> > like network (like CS-Cipher) the idea is to make the encryption really
> > simple and use it in CTR mode. The cipher takes a 192-bit key and a
64-bit
> > block (i.e you encrypt the 64-bit counter and xor it against the msg as
> > required).
BTW: why counter mode, in particular? Counter mode isn't bad, but one of
the things nice about block ciphers is there are so many useful things you
can do with a keyed permutation, and turning it into a keystream generator
via counter mode is only one of them. Or, is there something about your
cipher that makes it especially appropriate for counter mode?
Oh, and unless your block cipher isn't invertable, you do realize there is a
distinguishing attack after 2**32 blocks == 2**35 bytes, simply because
after that much keystream, an attacker would expect to see duplicated blocks
in a random stream, and never see such a duplicated block from your output?
> >
> > I was wondering what conferences this type of cipher would be relevant
too.
>
> Stop designing ciphers and start breaking ciphers other people have
designed.
> But you knew that already.
But, if we all just sat around and broke ciphers, who'd be designing the
ciphers for us to break? :-)
But, seriously, it *is* much easier to get a cryptanalytic result published
than it is to get a new cipher published.
--
poncho
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
