Cryptography-Digest Digest #110, Volume #14 Mon, 9 Apr 01 04:13:01 EDT
Contents:
Re: Is this a block cipher? ("Mr. Smith")
Re: How good is steganography in the real world? (SCOTT19U.ZIP_GUY)
Re: Is this a block cipher? (Rick Wash)
Re: Delta patching of encrypted data (Benjamin Goldberg)
Re: GIF is bad (wtshaw)
Re: patent issue (wtshaw)
Re: NSA is funding stegano detection (wtshaw)
Re: How good is steganography in the real world? (Benjamin Goldberg)
Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Paul
Crowley)
Re: Delta patching of encrypted data (David Wagner)
Re: How good is steganography in the real world? (Benjamin Goldberg)
Re: Delta patching of encrypted data (Benjamin Goldberg)
Re: Steganography with natural texts (Lassi =?iso-8859-1?Q?Hippel=E4inen?=)
Spam Message Stegano (Frank Gerlach)
Re: Spam Message Stegano (Frank Gerlach)
Any positions in cryptography available? ("AlphaNerd")
Re: Any positions in cryptography available? (Paul Rubin)
----------------------------------------------------------------------------
From: "Mr. Smith" <[EMAIL PROTECTED]>
Subject: Re: Is this a block cipher?
Date: Mon, 09 Apr 2001 03:33:43 GMT
"Rick Wash" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> I myself have been trying to work out the difference between stream
> ciphers and block ciphers.
>
> Here is what I have so far. Please let me know if this is correct, or
> if I am missing something.
>
> In all cases, Alice and Bob share a key K of size K_n. Alice wants to
> send Bob a message M. The goal of the cryptosystem is to replace this
> message with C such that only someone who knows K can recover M from
> C. This is the definition of a cryptosystem.
>
> In old-days classical cryptography, the message M would be divided
> into letters (which was the smallest division that was easy to work
> with). Each letter would be replaced with another letter (C->F,
> etc. for caesar cipher). The problem with this method is that any
> statistical properties of the language of letters is preserved in the
> transformation (e.g. since the letter "e" is most likely the most
> common letter, whatever letter "e" encrypts to will also be the most
> common letter).
>
> To get around this statistical problem, two solutions were proposed.
>
> The first solution is to group letters together into block, and
> encrypt whole blocks together. The goal here is that even when the
> statistical properties of single letters are strong, groups of
> letters have less statisticall significant properties. As the blocks
> get larger, the statistical significance decreases. As such, normally
> each block is encrypted independent of all other blocks. This is
> normally known as a block cipher. Note only whole blocks can be
> encrypted at one time.
>
> The second solution to this is to make the encryption depend not only
> on the key, but also on some kind of state that is updated with a
> feedback loop. In this case, when a letter is encrypted based on the
> key and the current state. Then the state is updated, and the next
> letter is encrypted with the key and the new state. In this way, each
> time the letter "e" is encrypted, it is encrypted to a different value
> based on the current state. This obscures the statistical properties
> of the plaintext. This is normally known as a stream cipher.
>
> This is my understanding of the difference. Once tries to group
> letters into blocks to obscure statistics, and the other tries to add
> relationships between letters (state) to obscure statistics.
>
> In modern cryptography (which is normally performed using computers on
> bits), a letter is normally 8 bits, and a block is normally 64 or 128
> bits. However this is not always the case, and the distinction
> between the two is decreasing as "letter-size" increases. Also, the
> distinction decreases when using block ciphers in chaining modes
> (which essentially adds a "state" to the cryptosystem). This is
> probably why is has been difficult for me to properly distinguish
> between block ciphers and stream ciphers. The best answer I have for
> this is "a block cipher primitive specifies no state between blocks",
> and that normally it is used in some mode (like a chaining mode) which
> may or may not add state to make it a cryptosystem.
>
> Hope this helps,
> Rick Wash
I believe the first system is what I'm looking for. Could I get details on
it? I'm still a bit confused about how to encrypt a block. Do you use a
lookup table? How do keys play into this? Sorry if I sound very confused,
but that's what I am! ;-) Thank you for your time.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: 9 Apr 2001 04:00:15 GMT
[EMAIL PROTECTED] (Trevor L. Jackson, III) wrote in
<[EMAIL PROTECTED]>:
>Mok-Kong Shen wrote:
>
>> It's absurd, but porno sites could do that kind of job
>> well, I suppose.
>
>In an intensely Muslim nation? That traffic might be more dangerous
>than the plaintext.
>
But do Muslims (is that the same as Moslems) care if the
naked woman are of a different race and religion since maybe
like any group that gets absolute power you consider others
less than human. Religion is great at spreading hate.
Besides if your fighting a holy war aren't most rules suspended
so you can enjoy sin at the time. Especially if your a spy.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Rick Wash <[EMAIL PROTECTED]>
Subject: Re: Is this a block cipher?
Date: 09 Apr 2001 00:08:14 -0400
"Mr. Smith" <[EMAIL PROTECTED]> writes:
> "Rick Wash" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > The first solution is to group letters together into block, and
> > encrypt whole blocks together. The goal here is that even when the
> > statistical properties of single letters are strong, groups of
> > letters have less statisticall significant properties. As the blocks
> > get larger, the statistical significance decreases. As such, normally
> > each block is encrypted independent of all other blocks. This is
> > normally known as a block cipher. Note only whole blocks can be
> > encrypted at one time.
>
> I believe the first system is what I'm looking for. Could I get details on
> it? I'm still a bit confused about how to encrypt a block. Do you use a
> lookup table? How do keys play into this? Sorry if I sound very confused,
> but that's what I am! ;-) Thank you for your time.
You can do this in a lookup table if you really wanted, but with
modern block sizes (64 bits == 2^64 possible values), the lookup
tables would be unmanagable.
In most cases this is represented as a function. For an example,
lookup the definition of a modern block cipher such as DES,
AES(Rijndael), Blowfish, IDEA, TEA, FEAL, etc.
Hope this helps,
Rick
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Delta patching of encrypted data
Date: Mon, 09 Apr 2001 05:13:29 GMT
Anon wrote:
>
> Hi all,
>
> I hope someone can point me at something for this.
>
> We wish to take a file and encrypt it. At a later date we wish to
> take a new version of the file and encrypt that. We want to minimise
> the data sent to enable updates to the new version.
>
> If the file is not encrypted, we can use a delta patcher program,
> which picks up insertions, deletions, and alterations to the file and
> works out a script. The script and the original file can then be used
> to generate a copy of the new file.
>
> With normal encryption this doesn't work. If we use a stream cipher,
> all data from the first change onwards is altered. If we use a block
> cipher with no feedback any insertion or deletion which is not a
> multiple of the block changes all the file from there onwards.
>
> I'm thinking in terms of a self-synchronising cipher based on the
> previous plaintext, rather than the previous ciphertext. Obviously
> this will be weaker - if for example there is a large sequence of
> repeated characters the ciphertext will settle down to a consistent
> value - however:
>
> Is there a standard solution to this problem?
> If not, how weak is the solution I describe?
The solution you suggest (self-synchronizing) would best be done as a
block cipher in CFB mode. It's not exactly a question of "how weak is
it," but rather "what weaknesses does it have?" There are some --
insertion and deletion attacks in particular, but all of the weaknesses
that it has, AFAIK, happen to ones which are necessary for diff/patch to
work. Of course, you still need a good cipher -- I would suggest AES.
There is only one drawback of the system: Each difference in the ct
will be about 7 bytes longer than the difference in the pt.
For example, consider the plaintext:
012345670123456701234567
And the ciphertext:
abcdefghabcdefghabcdefgh
After a change:
01234567!0123456701234567
the result might be:
abcdefgh@#$%&*_+habcdefgh
So instead of a one-byte insertion, it's a replacement of 7 old bytes
with 8 new bytes.
--
Sometimes the journey *is* its own reward--but not when you're trying to
get to the bathroom in time.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: GIF is bad
Date: Sun, 08 Apr 2001 23:00:34 -0600
In article <[EMAIL PROTECTED]>, Frank Gerlach <[EMAIL PROTECTED]>
wrote:
>
> Don't know about BMP, but the very idea of GIF to have a (relatively)
> small number of colours seems to make it a very bad choice for
> steganography. The easiest approach for stegano is to hide the information
> in *physical noise*. For this approach to work, there must be significant
> redundancy in the signal. This means that optimized image formats (which
> do not contain a lot of noise) are a bad idea.
There is a disconnect in what you say. Since GIF can faithfully represent
randomness in a myrid of different ways, much ciphertext appears random,
and lots of random appearing pixels might be selected in a GIF, PIC, BMP,
etc., reasonable sized messages might be rather sucessfuly hidden in them.
> Still, there might be approaches to hide in the "randomness" of the
> images' payload (like non-local distortions of colour and geometry), but
> then the Mk1 Eyeball might be applied..
Stazzi, KGB, SS stuff...
>
> A final legal note: The UK requires everybody under HM jurisdiction to
> hand over keys (and they will definitely interpret stegano as crypto) on
> the request of the Police. If you fail to do so, you will go to jail for
> some time.
Perhaps they will even cut you beef ration there too.
This is an excuse for witchhunts, selective presecution, and jack booted
politics. Did you ever wonder why for lack of an external enemy that the
bloodthirsty turn on the people they are sworn to protect, assume
personalities of those they yearn to jail for traditional crimes, and
corrupt the freedom of the benign who want to merely be left alone?
--
Losing face can be a result of creating a tale.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: patent issue
Date: Sun, 08 Apr 2001 23:02:04 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> > "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote ...
> > > ? Did I mention money? And anyway, what do you have against
> > > someone *earning* his keep by inventing useful stuff?
> > So you need money to be fulfilled?
>
> How did you manage to get accepted into college with such poor
> reading comprehension skills?
Lots of stuff goes into pillows to dream on.
--
Losing face can be a result of creating a tale.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: NSA is funding stegano detection
Date: Sun, 08 Apr 2001 23:12:09 -0600
In article <[EMAIL PROTECTED]>, Lassi
=?iso-8859-1?Q?Hippel=E4inen?= <[EMAIL PROTECTED]> wrote:
>
> Lots of apparently useless white noise should ring a bell for anyone
> looking for stego files...
>
> -- Lassi
I say it again, and I am right: Stegnography presents more ways to hide
and/or use encryption than standard text methods. The difference is of
great magnitude.
The exotic nature of stegnography means that those who depend on canned
methods and/or aceept propaganda not to think of the true possibilities
there just don't get it.
--
Losing face can be a result of creating a tale.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Mon, 09 Apr 2001 05:30:15 GMT
Charles Lyttle wrote:
[snip]
> Also each frame would have to have a different message. Otherwise the
> message showes up in every frame and simple convolution will reveal
> it.
One would assume that the message is not added in a straitforward
manner, like just putting it directly in the LSB. It might be added by
doing an FFT, adjusting things a bit here and there, and then doing an
unFFT, or something like that. There's no general "add stego to image"
algorithm cause otherwise it would be easy to detect.
--
Sometimes the journey *is* its own reward--but not when you're trying to
get to the bathroom in time.
------------------------------
Crossposted-To: alt.privacy.anon-server,alt.security.pgp,comp.security.pgp.discuss
Subject: Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Mon, 09 Apr 2001 05:32:52 GMT
"Sam Simpson" <[EMAIL PROTECTED]> writes:
> Less not be overprotective of OpenPGP here: if Netscape of Microsoft had
> such a stupid hole, we'd jump all over them.
It isn't a "stupid flaw". The secret key has always been assumed to
be inside the integrity boundary, just the way your PGP executable
is. It's nice that it's possible to make our integrity boundary a
little smaller with measures such as that proposed for GPG, but it has
never been considered necessary before.
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Delta patching of encrypted data
Date: 9 Apr 2001 06:20:25 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Benjamin Goldberg wrote:
>The solution you suggest (self-synchronizing) would best be done as a
>block cipher in CFB mode.
Plain CFB mode doesn't work. If you insert something in the middle of
a file, you have to re-encrypt everything on to the end of the file.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Mon, 09 Apr 2001 06:22:05 GMT
Charles Lyttle wrote:
[snip]
> As an example
> the Russian GOST was cracked fairly quickly even though it was a minor
> variant of DES. GOST turns out to have weak keys and strong keys. The
> KGB was giving out weak keys to people it wanted to watch.
Saying there are weak and strong keys with GOST is only valid if you
consider the sboxes to be part of the key. I'll admit that this is
stated in the specification ("The keys that determine the contents of
the KMU and the tables of the substitution block K are secret elements
and are distributed only in the proper channels.") but it's perfectly
reasonable to fix the sboxes to known-good values, and for only the
other part, the 256 bit key, to be secret.
I'm sure the main (only?) reason the spec *doesn't* specifiy the sboxes
(as the DES spec does) is so that they *could* give out weak sboxes to
people they wanted to watch.
Here's a quote from another paper: "The cryptographic key can be
selected at random but the selection of S_i permutations is left to the
central authority who know how to choose "good" permutations. Therefor
from the users' point of view, the security is related to the secrecy of
their key K. Note that the central authority can select weak
permutations (for instance linear or affine), so that they can break the
algorithm."
Presumably, the KGB gave out the sboxes so that people they were
watching had weak sboxes, and the people they wanted to have secure data
had strong sboxes. AFAIKS, if the sboxes are fixed, if the sboxes are
fixed, all keys are equally strong.
--
Sometimes the journey *is* its own reward--but not when you're trying to
get to the bathroom in time.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Delta patching of encrypted data
Date: Mon, 09 Apr 2001 06:55:41 GMT
David Wagner wrote:
>
> Benjamin Goldberg wrote:
> >The solution you suggest (self-synchronizing) would best be done as a
> >block cipher in CFB mode.
>
> Plain CFB mode doesn't work. If you insert something in the middle of
> a file, you have to re-encrypt everything on to the end of the file.
Umm, whoops, I was thinking of something else. I guess I had a brain
fart. A synchronizing cipher might be [hmm] take the last X bytes of
plaintext, and hash or encrypt them with the key, and part of the result
is a piece of keystream. Now *this* has the properties I'd showed
earlier, that a diff/patch program would be able to work with the
encrypted version with few problems.
--
Sometimes the journey *is* its own reward--but not when you're trying to
get to the bathroom in time.
------------------------------
From: Lassi =?iso-8859-1?Q?Hippel=E4inen?= <[EMAIL PROTECTED]>
Subject: Re: Steganography with natural texts
Date: Mon, 09 Apr 2001 07:18:12 GMT
Mok-Kong Shen wrote:
<...>
> Let's partition the set of words that are relevant to the
> normal messages of the communication partners into
> disjoint subsets, i.e. groups of synonyms, including such
> possible groupings as personal names, names of merchandizes,
> family relations, etc. that could be reasonalbly interchanged
> in given contexts without causing the sentences modified to
> become unnatural and thus suspicious to the opponent.<...>
The idea works. Or at least the patent examiners think so. I filed an
application a few years ago, and it has already been granted here in
Finland. International patents pending.
Unfortunately the f***ing twerps who run esp@cenet have decided to
pollute their site with Javascript, which I refuse to enable, so I
couldn't dig deep in their archives to get any pointers. This is the
headline that was visible even without Javashit:
"EP0929857 MARKING OF ELECTRONIC DOCUMENTS IN ORDER TO EXPOSE
UNAUTHORIZED PUBLICATION"
As the name implies, I suggest encoding the recipient's identity into
any material that is delivered electronically. Alterations of words and
their order is one embodiment. The width of the channel will depend on
language; English with its fairly liberal grammar should offer about one
bit per word, but German, for example, is limited to synonyms only.
-- Lassi
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Spam Message Stegano
Date: Mon, 09 Apr 2001 09:20:22 +0200
Use http://www.spammimic.com/decode.shtml to make sense of the
following:
Dear Business person ; We know you are interested in
receiving amazing news . We will comply with all removal
requests . This mail is being sent in compliance with
Senate bill 1623 , Title 3 , Section 305 ! Do NOT confuse
us with Internet scam artists . Why work for somebody
else when you can become rich within 30 DAYS ! Have
you ever noticed the baby boomers are more demanding
than their parents and nobody is getting any younger
! Well, now is your chance to capitalize on this .
WE will help YOU process your orders within seconds
plus sell more . You can begin at absolutely no cost
to you . But don't believe us ! Mr Jones of Illinois
tried us and says "Now I'm rich many more things are
possible" ! We assure you that we operate within all
applicable laws ! You will blame yourself forever if
you don't order now . Sign up a friend and you get
half off ! God Bless ! Dear Cybercitizen , You made
the right decision when you signed up for our database
! We will comply with all removal requests . This mail
is being sent in compliance with Senate bill 2416 ,
Title 4 ; Section 303 ! This is different than anything
else you've seen ! Why work for somebody else when
you can become rich in 73 days ! Have you ever noticed
most everyone has a cellphone and people will do almost
anything to avoid mailing their bills ! Well, now is
your chance to capitalize on this . We will help you
increase customer response by 160% & turn your business
into an E-BUSINESS ! You can begin at absolutely no
cost to you ! But don't believe us ! Ms Anderson of
Hawaii tried us and says "I was skeptical but it worked
for me" ! We are licensed to operate in all states
! We BESEECH you - act now ! Sign up a friend and you
get half off ! God Bless .
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: Spam Message Stegano
Date: Mon, 09 Apr 2001 09:24:22 +0200
Should be obvious that you do not even need an Mk1 biological neural net
to find out this is not a message written by an average english-speaking
person. A very primitive statistical test will ring the bells...
------------------------------
From: "AlphaNerd" <[EMAIL PROTECTED]>
Subject: Any positions in cryptography available?
Date: Sun, 8 Apr 2001 16:53:38 -0500
I am a regular poster (and usually only flamed by David Scott, Szopa, etc),
I just changed the nym because my current employer doesn't know I'm looking
(although I'm sure he suspects). I am currently looking for a position doing
cryptography/security research and/or consulting. It's only because I
realize that with the skills involved in doing such research the positions
are rarely publicized, so I am publicizing my desire to have such a
position. Not to go into much detail (to avoid being too overt), but I've
been here off and on for about 5 years now, I've done substantial amounts of
analysis, etc, etc you've heard it all before. Considering the numbers of
people on here, most of whom are probably not in the market, I think private
e-mail would be the more acceptable method for the group.
Thanx
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Any positions in cryptography available?
Date: 09 Apr 2001 01:03:09 -0700
"AlphaNerd" <[EMAIL PROTECTED]> writes:
> I am a regular poster (and usually only flamed by David Scott, Szopa, etc),
> I just changed the nym because my current employer doesn't know I'm looking
> (although I'm sure he suspects). I am currently looking for a position doing
> cryptography/security research and/or consulting.
I don't know what you mean about research. If you mean academic-type
research (or the same thing in an industrial setting) you need a lot
of paper and then you go through the usual channels. If you have to
ask on a newsgroup about that, you're probably not qualified.
If you just want to work on crypto related nerd stuff (programming
etc.), there's always jobs around.
If you want to be a consultant, you have to market yourself
effectively, and it helps to have some publications or products out
there. But work does fall into your lap from time to time.
Also, if you're in the San Francisco bay area, the RSA security
conference is happening this week, so that would be a good place to
make the rounds.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
