Cryptography-Digest Digest #113, Volume #14 Mon, 9 Apr 01 15:13:00 EDT
Contents:
Re: anyone have digital certificates sample code (those who know me have no need of
my name)
Re: Steganography with natural texts (Mok-Kong Shen)
Re: How good is steganography in the real world? (Frank Gerlach)
Re: GIF is bad (Frank Gerlach)
Re: Meant Naval Coordinates (Mok-Kong Shen)
Statistics and Frequencies of the LSB (Frank Gerlach)
Re: Dynamic Substitution Question (newbie)
Re: How good is steganography in the real world? (Chris Jones)
Re: JPEG also problematic (Frank Gerlach)
Re: How good is steganography in the real world? (Mok-Kong Shen)
Re: JPEG also problematic (Mok-Kong Shen)
Re: Concerning US.A.4979832 (Terry Ritter)
No comments ?? (Frank Gerlach)
Re: Spam Message Stegano (Frank Gerlach)
question about DES (newbie)
Re: Virtual English Nation ("Trevor L. Jackson, III")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: anyone have digital certificates sample code
Date: Mon, 09 Apr 2001 18:20:37 -0000
<[EMAIL PROTECTED]> divulged:
>"normang" <[EMAIL PROTECTED]> writes:
>> Does anyone know of sample working code to create digital certs.
>
>www.openssl.org
and if you need to run your own ca you might want to look at
<url:http://sourceforge.net/projects/openca/>.
otoh, since the op is running a windows newsreader another option is
microsoft's certificate server.
--
okay, have a sig then
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Steganography with natural texts
Date: Mon, 09 Apr 2001 20:17:27 +0200
Jim Gillogly wrote:
>
> Mok-Kong Shen wrote:
> >
> > Most modern stego schemes are based on embedding bits in
> > pictures. A current thread in the group is discussing that.
> >
> > I suppose that a competitive way is to embed bits in natural
> > language texts. Previously I proposed a method exploiting
> > the format freedom of html files. In the following I like
> > to present some preliminary thoughts of an alternative,
> > though implementationally more expensive, scheme that
> > can easily utilize all natural language covertexts, e.g.
> > e-mails.
>
> How would this improve on Peter Wayner's proposals in his papers
> and book on "Disappearing Cryptography"?
It's a long time back that I read that book. If my memory
is correct, Wayner employs something 'artificial', i.e.
uses a piece of code and some formal grammars to generate
texts that are intended to look natural. In my proposal
the human (carefully) decides how the sentences of an
originally natural text are to be modified without causing
suspicion of the opponent. There is therefore at least a
quality difference. It is so to say hand-crafted. I guess
that that quality difference would be bigger than e.g.
human translation of natural languages compared to machine
translation. BTW, I don't know whether Wayner has made
his software freely available (outside of US). His
book doesn't seem to contain sufficient details for others
to independently attempt to build his software.
M. K. Shen
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Mon, 09 Apr 2001 19:59:20 +0200
Charles Lyttle wrote:
> I did read your article, but perhaps I misunderstood. I think it very
> unlikely that there is a backdoor into either RC4 or DES. Cracking DES
> would be of such economic value and so many eyes have looked at it, that
> I am sure that any backdoor would have been found by now. As an example
> the Russian GOST was cracked fairly quickly even though it was a minor
> variant of DES. GOST turns out to have weak keys and strong keys. The
> KGB was giving out weak keys to people it wanted to watch.
This is speculation to be proved (did Mr Putin say that ?). My assessment is that
they were deeply unsure about the capabilities of NSAGCHQ, and we nowadays now
that they were right in *not* using fixed sboxes.
Fixed sboxes are a juicy target to attack, which is what we see with DES. Check
what Schneier writes about differential and linear cryptanalysis.
There was no "backdoor" in Enigma, and the english tradition of codebreaking still
found enough resources to break it. My suggestion is that given enough human and
financial effort, RC4 and 3DES will be much easier than O(2^keylength) as well.
Only properly used OTPs are secure forever.
> As for OTPs from WW II being still secure, that isn't the case. Military
> OTPs that I have used have all been limited to information that would be
> invalidated after about 1 week.
Your strange operational procedures prove nothing at all. Maybe the key material
was bad or your superiors did not trust in folks like you to correctly use OTPs.
> This is because it is assumed that the
> pad itself is comprimised after that time. i.e. someone lost a copy or
> the enemy captured a copy.
Fools also blow themselves into bits if you give them a handgrenade.
> Much OTP from WW II is not secure because
> copies of the pads are still around. Some might be secure because all
> copies of the pads have been lost, but this won't be the majority.
Pads should be *burned* after use. There should be only *two* copies, clearly
marked for sending and receiving. And cannonfodder should be trained to use it
properly...
> Any one in this group got any WW II OTPs in a trunk in the attic? I
> think my uncle has some he captured from a German officer in North
> Africa.
I am embarassed to say that most german officers (Rommel seems to be an exception)
seem to be too silly to understand cryptography. Otherwise they would have used
OTPs at least for submarine communications. Of course, this would have A) required
some brain cells not affected by alcohol and B) a hub-and-spoke communications
system (ie. no broadcasting from Uboat to Uboat) and C) a little more work for the
radioman.
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: GIF is bad
Date: Mon, 09 Apr 2001 20:15:05 +0200
wtshaw wrote:
> Still, there might be approaches to hide in the "randomness" of the
> > images' payload (like non-local distortions of colour and geometry), but
> > then the Mk1 Eyeball might be applied..
>
> Stazzi, KGB, SS stuff...
???? The NSA did a lot of "hand" work on improperly (pad reused, bad key
material) encoded russian OTP messages ("VENONA"). They will not hesitate to
have a bees hive of "girls" (sorry for being politically incorrect) loolk at
the streams of images to/from a suspect.
>
> >
> > A final legal note: The UK requires everybody under HM jurisdiction to
> > hand over keys (and they will definitely interpret stegano as crypto) on
> > the request of the Police. If you fail to do so, you will go to jail for
> > some time.
>
> Perhaps they will even cut you beef ration there too.
I bet the FBI wouldn't be much different in times of war...
>
>
> This is an excuse for witchhunts, selective presecution, and jack booted
> politics. Did you ever wonder why for lack of an external enemy that the
> bloodthirsty turn on the people they are sworn to protect, assume
> personalities of those they yearn to jail for traditional crimes, and
> corrupt the freedom of the benign who want to merely be left alone?
Tony Cromwell and Jack the Ripper just need to protect the state from those
dammned libertarians. You need to appreciate that. Really.
In Germany the minister of the interior even publicly discusses Denial Of
Service attacks against Nazi websites in the US ! And this guy was at one point
a member of the green party.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: Meant Naval Coordinates
Date: Mon, 09 Apr 2001 20:25:38 +0200
Frank Gerlach wrote:
>
> I meant they should have OTP-encrypted all coordinates. They effectively used
> something like OTP ("on top" of Enigma), just with "reused" pads, which is obvioulsy
> ridiculous.
> The german tradition of following orders blindly and drinking like crazy just doesn't
> make for something one can call "intelligence" officer....
Sorry, I am not commenting on the above but I wondered
a bit about a technical phenomenon of your posts since
a couple of days. The post of yours, to which I am
sending now a follow-up, appeared on my news server
without 'Re'. That normally means that it is the first
post of a new thread. However, its header says:
'References: 1,2,3,4,5,6,7,8', which means that it is
a follow-up to follow-up to ...... I don't understand
how this discrepancy could have come into being. Could
someone knowledgeable explain that? Thanks.
M. K. Shen
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Statistics and Frequencies of the LSB
Date: Mon, 09 Apr 2001 20:25:04 +0200
>
>
> Multi-channel telephone lines (e.g. T-1) used to steal the lsb of
> some data words for signalling. This practice is now mostly gone
> since many users now actually want a "digital clear channel"...
Just using the LSB of a digital phone signal to transmit data can be detected by
undergraduate electronic engineering students. Because even before they
graduate, they learn quite a lot about the different kinds of noise and noise
generator models (including complex stuff like HMMs (Hidden Markov models).
Just encoding the information to be hidden so that it doesn't ring the bells
with an undergrad's tool is already quite a feat.
Now think of the NSAGCHQ cadre of seasoned Math and EE PhDs.
>
>
> --
> Samuel S. Paik | [EMAIL PROTECTED]
> 3D and digital media, architecture and implementation
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Mon, 09 Apr 2001 14:26:39 -0300
Is it the way dynamic substitution is functionning?
If yes, I can show you a very big hole in this process.
"r.e.s." wrote:
>
> "newbie" <[EMAIL PROTECTED]> wrote ...
> | Is your idea working in this way
> | (as explained by John Savard)?
> |
> | Plaintext: 4 3 1 9 0 2 4 7
> | Keystream: 1 7 0 9 8 1 6
> | Table: 0|5 5 5>7 7>6 6 6
> | 1|2>7 7>5 5 5>9 9
> | 2|9 9 9 9 9 9>5 5
> | 3|0 0>4 4 4 4 4 4
> | 4|7>2 2 2 2 2 2>3
> | 5|1 1 1 1 1 1 1 1
> | 6|3 3 3 3 3 3 3>2
> | 7|4 4>0 0 0 0 0 0
> | 8|6 6 6 6 6>7 7 7
> | 9|8 8 8 8>8 8 8 8
> | Ciphertext: 7 0 7 8 7 9 2 0
> |
> | If it is the case, then this process
> | contain big hole.
>
> What do you see as the "big hole"?
>
> --r.e.s.
------------------------------
Crossposted-To: comp.security.misc,talk.politics.crypto
From: Chris Jones <[EMAIL PROTECTED]>
Subject: Re: How good is steganography in the real world?
Date: Mon, 9 Apr 2001 18:34:17 GMT
It seems to me that the general question of the subject (as opposed to the
specific questions in the original post) is unanswerable. By definition,
successful steganography is not discovered, so how can we say that
steganography has a success rate of X%, when we can't know what the numerator
is?
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: JPEG also problematic
Date: Mon, 09 Apr 2001 20:31:19 +0200
Mok-Kong Shen wrote:
> Frank Gerlach wrote:
> >
> > Mok-Kong Shen wrote:
> >
> > > I have no knowledge but wonder voice in normal telephone
> > > communications couldn't carry stego bits rather easily,
> > > since all people speak differently (accents, male/female,
> > > age, etc.) and at different times (health, emotions etc.)
> > > so that differences due to stego modifications could be
> > > very hard to detect.
> >
> > So you would want to distort the phase and amplitude (let's use those crude
> > frequency domain terms) in order to encode the hidden information ?
> > I agree this is difficult to detect for an automated system, but then whatbout
> > the Mk1 acoustic bio-neural system (aka. "ear") ?
> > There are obviously two major approaches:
> > 1. distorting the bogus signal (voice, music, images, video)
> > 2. distorting the noise of the sampling process
> >
> > Approach 1 is very difficult to assess, as a difficult-to-understand opponent
> > (the trainable and genetically varying human brain) is involved.
> > Approach 2 "only" makes assumptions about mathematical methods.
>
> I do think that approach 1 is practically viable in voice,
> since in general situations the opponent has to face the
> fact that there are many candidate speakers and these are
> unknown to him. (The speakers may also be foreigners of the
> language employed.) Of course, the ratio of embedded bits
> to the total volume of communication has to be kept
> sufficiently low.
Ever used a GSM phone ? Even with a low bit error rate, every human will quickly
discover that there is something strange in it. Although GSM compression is
different to stegano, if you want to have a significant transmission rate, there
will most probably be audible distortions.
Regarding foreign languages, check NSA and GCHQ websites to find out that they hire
foreign-language speakers en masse.
> M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Mon, 09 Apr 2001 20:37:55 +0200
Charles Lyttle wrote:
>
[snip]
> Any one in this group got any WW II OTPs in a trunk in the attic? I
> think my uncle has some he captured from a German officer in North
> Africa. If still there, the date, time, and place of capture will be
> available. People doing historcal research can contact me, and if you
> check out, I can try to dig them up. Nothing guaranteed though.
I suggest you consider whether it could eventually be a
good donation to a science museum.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: JPEG also problematic
Date: Mon, 09 Apr 2001 20:43:47 +0200
Frank Gerlach wrote:
>
> Ever used a GSM phone ? Even with a low bit error rate, every human will quickly
> discover that there is something strange in it. Although GSM compression is
> different to stegano, if you want to have a significant transmission rate, there
> will most probably be audible distortions.
> Regarding foreign languages, check NSA and GCHQ websites to find out that they hire
> foreign-language speakers en masse.
That 'significant' is the essential word. It means also
that, if I have a sufficiently low rate of bits to be
transmitted, then I am o.k., isn't it?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Concerning US.A.4979832
Date: Mon, 09 Apr 2001 18:45:55 GMT
On Mon, 09 Apr 2001 15:44:26 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (Bo D�mstedt) wrote:
>[EMAIL PROTECTED] (John Savard) wrote:
>> I was startled to see Terry Ritter claiming a broader interpretation
>> of his Dynamic Substitution patent than I had imagined had applied.
>[...]
>> John Savard
>> http://home.ecn.ab.ca/~jsavard/crypto.htm
>
>Being a legal issue, a question in the domain of the lawyers,
>I normally not express any opinion on patents. Our company
>patent attorney indeed recommend obtaining a license even if
>the patent is wrong/weak. Sometimes a license is not that
>expensive...
>
>For the patent in question, it is not the only dynamic
>substitution patent,
Perhaps you could be more forthcoming.
As I recall, in the USPTO there is a later patent line which includes
the words "dynamic substitution," but those words describe a clearly
different mechanism.
And even if later US patents have further developed my form of Dynamic
Substitution, manufacturers and users will need a license from me to
practice such an invention.
Since I am not aware of any other "dynamic substitution" patent in the
original sense, or of any other patents which bear on this invention,
perhaps you could reference what you do mean.
>and there exists prior art.
Again, you could be more forthcoming.
There is always prior art. Inventions occur in the context of
advancing technology. There is always a technological basis, and the
basis at the time of invention is the "prior art." Patents include
specific discussions of known related prior art, and are granted for
distinguishing from that art.
The term "prior art" thus does not per se mean something which somehow
indicates a "wrong" patent which can thus be safely ignored. But, in
trying to invalidate a patent, one does seek prior art which was not
well-known or specifically mentioned in the patent, and thus not
considered in the patent grant. That also would not necessarily
indicate a "wrong" patent, but at least that would be a basis for a
discussion. Here we have rumor and innuendo.
I am unaware of any such prior art or discussion. If you know of
such, please feel free to reference it.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: No comments ??
Date: Mon, 09 Apr 2001 20:32:53 +0200
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: Spam Message Stegano
Date: Mon, 09 Apr 2001 20:38:48 +0200
Mok-Kong Shen wrote:
> Frank Gerlach wrote:
> >
> > Should be obvious that you do not even need an Mk1 biological neural net
> > to find out this is not a message written by an average english-speaking
> > person. A very primitive statistical test will ring the bells...
>
> Dumb question: What if the writer happens really not to be
> a native?
That *might* work against an opponent with small resources. Also, your native
language should better be neither english, french, german, chinese nor any
other major language. On the other hand, using Navajo might also raise
suspicions.
I guess NSAGCHQ is currently doing a lot of trainung in all kinds of chinese
languages :-)
>
> M. K. Shen
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: question about DES
Date: Mon, 09 Apr 2001 14:59:07 -0300
Newbie question :
Let m(i) = {m1,m2,m3,.....m64}
Let k(J) = {k1,k2, k3,.....k56}
Can someone give for every c(i) all elements involved m(i),k(j)
c(1) = f(m?,k?) = what?
C(2) = f(m?,k?) = what?
etc...
Is it possible?
I just want the exact formulation of each c(i).
Thank you for help
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: Virtual English Nation
Date: Mon, 09 Apr 2001 19:04:02 GMT
Jim D wrote:
> On Sun, 08 Apr 2001 21:06:54 +0200, Frank Gerlach <[EMAIL PROTECTED]> wrote:
>
> >Sure, the brits will always complain that their "colonies" (this is the word they
>use
> >if they want to make fun of those uncivilized yanks) do not support them enough.
> >One of the most insightful episodes in "The Puzzle Palace" is that Friedmann (a
> >US cryptologist) was ordered to hand over America's deepest secrets (the breach of
> >japanese ciphers), but the brits did not reciprocate by disclosing ULTRA to the
> >Americans at that time.
> >The virtual english nation could work even better if HM subjects (including
>Australia
> >and NZ) would show a little more respect for Americans....
>
> You lot
So, is this an English idiom or a British idiom?
> want to make up your mind whether you're talking about
> the English or the British. They're not the same animal.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
