Cryptography-Digest Digest #115, Volume #14 Mon, 9 Apr 01 20:13:01 EDT
Contents:
Re: Delta patching of encrypted data ("Anon")
Re: Meant Naval Coordinates (Miguel Cruz)
Re: How good is steganography in the real world? (Miguel Cruz)
Re: How good is steganography in the real world? (Paul Rubin)
Re: Steganography with natural texts (Jim Gillogly)
Re: Meant Naval Coordinates (Mok-Kong Shen)
Re: How good is steganography in the real world? (Mok-Kong Shen)
Re: p and q for BBS ([EMAIL PROTECTED])
Re: Steganography with natural texts (Joe H Acker)
Re: Steganography with natural texts (Mok-Kong Shen)
latex quick help ("Tom St Denis")
Re: patent issue ("Augusto Jun Devegili")
Re: latex quick help ("Tom St Denis")
Re: How good is steganography in the real world? ("Douglas A. Gwyn")
Re: Would dictionary-based data compression violate DynSub? (David Formosa (aka ?
the Platypus))
----------------------------------------------------------------------------
From: "Anon" <[EMAIL PROTECTED]>
Subject: Re: Delta patching of encrypted data
Date: Mon, 9 Apr 2001 23:09:32 -0000
Version managing software does do this trick. The problem for me is that I
don't ever have a copy of the plaintext file on the end user machine - it's
decrypted on the fly as needed. We have enough trouble with crackers
already. If I build a system that (1) takes the encrypted file and decrypts
it, (2) runs the delta patcher, (3) re-encrypts it the crackers will jump in
with glad cries between steps 2 & 3 and I'll be looking for a new job!
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Anon wrote:
> >
>
> > We wish to take a file and encrypt it. At a later date we wish to take
a
> > new version of the file and encrypt that. We want to minimise the data
sent
> > to enable updates to the new version.
> >
> > If the file is not encrypted, we can use a delta patcher program, which
> > picks up insertions, deletions, and alterations to the file and works
out a
> > script. The script and the original file can then be used to generate a
> > copy of the new file.
> >
> > With normal encryption this doesn't work. If we use a stream cipher,
all
> > data from the first change onwards is altered. If we use a block cipher
> > with no feedback any insertion or deletion which is not a multiple of
the
> > block changes all the file from there onwards.
> >
> > I'm thinking in terms of a self-synchronising cipher based on the
previous
> > plaintext, rather than the previous ciphertext. Obviously this will be
> > weaker - if for example there is a large sequence of repeated characters
the
> > ciphertext will settle down to a consistent value - however:
> >
> > Is there a standard solution to this problem?
> > If not, how weak is the solution I describe?
>
> I might be wrong. But isn't it that a version managing
> software takes care of the updates such that with the
> original and a series of deltas one gets the current
> version of a program source or other texts? Now, if you
> consider the original and the deltas each as a separate
> piece and encrypt them and send these to the recipient,
> he can decrpyt these and use the managing software
> to obtain the current version just as you can do, isn't
> it? So I certainly haven't yet understood your problem.
>
> M. K. Shen
------------------------------
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: Meant Naval Coordinates
From: [EMAIL PROTECTED] (Miguel Cruz)
Date: Mon, 09 Apr 2001 22:29:18 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Sorry, I am not commenting on the above but I wondered a bit about a
> technical phenomenon of your posts since a couple of days. The post of
> yours, to which I am sending now a follow-up, appeared on my news server
> without 'Re'. That normally means that it is the first post of a new
> thread. However, its header says: 'References: 1,2,3,4,5,6,7,8', which
> means that it is a follow-up to follow-up to ...... I don't understand
> how this discrepancy could have come into being.
Lousy newsreaders use the subject line to group articles together (they take
all the articles with the same subject or that subject prefaced by 'Re:',
and then call that one thread).
Good newsreaders look at the References: headers and match them up with the
Message-ID: headers of other messages, and use that to build a tree
representing the actual sequence and branching of the discussion. With a
newsreader like this, the Subject: header is ignored for threading purposes
and can be freely used by posters to reflect the current topic of discussion
in a larger thread.
It sounds like you're using one of the latter kind (good) but assuming it
would behave like the former kind (bad).
miguel
------------------------------
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
From: [EMAIL PROTECTED] (Miguel Cruz)
Date: Mon, 09 Apr 2001 22:33:28 GMT
Gil Adamson <[EMAIL PROTECTED]> wrote:
> Given that, I've focused my research on steganography. In particular,
> I've been considering a product called S-Tools, mainly because it
> supports GIFs and produces images that contain hidden data but are
> almost imperceptibly different from the original GIF.
Rather than sending GIFs around - which may appear contrived - you might
want to explore whether there's some legitimate or legitimate-appearing
reason for you to be sending lots of numerical data. Perhaps you are doing
mining explorations or some sort of engineering?
Hiding your messages here has the advantage that additional experts
(familiar with patterns likely in the nominal subject matter of the
transmissions) would be required to detect anomalies. Furthermore it's a
perfectly good reason to have lots and lots of traffic, reducing the
percentage of data that has to carry your messages, making life much easier
for you.
miguel
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: How good is steganography in the real world?
Date: 09 Apr 2001 15:34:11 -0700
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
> That's not a good argument. A much better argument is that nobody
> has been able to suggest a plausible way to hide a backdoor in a
> cipher with structure similar to DES.
This is false, as the discovery of differential cryptanalysis shows.
But you knew that already.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Steganography with natural texts
Date: Mon, 09 Apr 2001 22:40:49 +0000
Mok-Kong Shen wrote:
> In my proposal
> the human (carefully) decides how the sentences of an
> originally natural text are to be modified without causing
> suspicion of the opponent.
Hmm -- looks like a proposal with very low throughput. It's
very difficult to achieve natural-looking text. The opponent
may not be able to decrypt it, but may be able to detect that
<something> is wrong.
Someone -- perhaps Kahn or Pratt -- told a story about censors
during The War who were responsible for seeing that no
unauthorized messages got through the telegram office. If
they saw anything suspicious they would paraphrase it. One
censor changed "Father is deceased." to "Father is dead."
Soon across her desk came another telegram. "Please clarify:
is father dead or deceased?"
--
Jim Gillogly
Trewesday, 18 Astron S.R. 2001, 22:35
12.19.8.2.4, 5 Kan 2 Pop, Eighth Lord of Night
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: Meant Naval Coordinates
Date: Tue, 10 Apr 2001 00:38:15 +0200
Miguel Cruz wrote:
>
[snip]
> It sounds like you're using one of the latter kind (good) but assuming it
> would behave like the former kind (bad).
My problem is of a different nature. I am not looking
at the individual trees (threads). I am reading in
sorted sequence of time, so that I see each recently
posted message separately. If there is no 'Re', I can't
distinguish a follow-up from the first article of a
new thread.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Tue, 10 Apr 2001 00:43:34 +0200
Miguel Cruz wrote:
>
> Rather than sending GIFs around - which may appear contrived - you might
> want to explore whether there's some legitimate or legitimate-appearing
> reason for you to be sending lots of numerical data. Perhaps you are doing
> mining explorations or some sort of engineering?
>
> Hiding your messages here has the advantage that additional experts
> (familiar with patterns likely in the nominal subject matter of the
> transmissions) would be required to detect anomalies. Furthermore it's a
> perfectly good reason to have lots and lots of traffic, reducing the
> percentage of data that has to carry your messages, making life much easier
> for you.
I agree. An acquaintance of mine had the same suggestion.
I have a little elaboration of that idea on my web page.
M. K. Shen
===============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: p and q for BBS
Date: 09 Apr 2001 15:42:12 -0700
"Dobs" <[EMAIL PROTECTED]> writes:
> Blum Blum Shub Generator is said to be slow generator. I implemented BBS
> Generator using functions from openssl library but it is really slow. If I
> want to generate pseudorandom bit sequence which length is lets say 10, it
> takes really long time (could even take 10 minutes).
You don't have to generate new p and q every time you want more random
bits. Just generate your modulus n = p*q once, and save it. Also
save the x value used in the BBS random generation (x = x^2 mod n) and
every time you need more bits, use the saved x and n values. Then you
only need to do the slow prime generation once.
> It has big problem
> with finding right p and q which should be prime (of course it should be
> also congruented to 3 mod 4 and be special prime, however it has no problem
> with it, it satisfy this 2 condition but it is rarely prime - that is why it
> is so slowly)
> What I am doing is choosing random number ( 512 bits) than checking if it is
> prime by Rabin Miller test. If not I add 4 to it and check it one more
> time. How can I do it in the different way??? I do not want to use ready
> function to generate prime numbers( I have to use Rabin Miller test- its a
> school task)
Before running your slow test, you should do a fast test for
divisibility by small numbers up to a few hundred or a few thousand.
Create a table of the first 100 or so primes, and then check for
divisibility by these. Only if your value is not divisible by these
primes do you then do the slow test. This is a big speed-up.
You can also use a "wheel" for iterating. The simplest example skips
values divisible by 3. You are working with values that are 3 mod 4.
Every 3rd of these values is divisible by 3. Hence you can alternate
adding 4 and adding 8, rather than adding 4 each time, thereby
skipping values that are divisible by 3.
------------------------------
From: [EMAIL PROTECTED] (Joe H Acker)
Subject: Re: Steganography with natural texts
Date: Tue, 10 Apr 2001 01:01:24 +0200
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>First, synonym is a well-established notion.
No, sorry, it is not. It might be a well established notion in
denotational semantics but it is not well established from the point of
view of the cognitive linguist. What expression a speaker usually uses
is determined by factors like social environment, age, education,
geographic origin (the variety of the language spoken, formerly called a
"dialect"), communication situation, text sort and so on. Such factors
shine through at all linguistic levels. If a speaker is not consistent
in his lexcial choices, a linguist can draw various conclusions. He
might, for example, draw the conclusion that the text has been written
by several people. At least, the linguist will become suspicious and
recognize that something odd is going on.
Synonyms are called synonyms because they denote the same (or almost the
same) entity, but still they differ a lot in stye, sociolect and variety
etc.
Just imagine someone starting a sentence with Suebian dialect and ending
it in Bavarian. Sounds odd, doesn't it? Same for lexical choice,
although it seems less obvious there.
>Second, if the opponent hasn't
> yet seen what I have written before, how is he going
> to do any style analysis or the like?
I agree that he will have a hard time recognizing that there's a message
hidden by your method. As I've said, it depends on the amount of data
available, be it steganified or not. But the adversary can use various
kind of additional knowledge like age, sex, education, geographic origin
and so on. Still, the analysis is very difficult and your scheme is much
better than many other steganographic methods. I do not doubt that. That
is, if you want to prevent automated detection in a flood of
data---things look different if someone specifically analyses all
messages sent by you.
>When he starts
> to see my messages, I am already using my scheme to
> constantly tweak a little bit the words that I would
> otherwise have employed out of my head directly. Could
> he ever know that that couldn't be really my natural
> writing (my style)?
If there's enough data available to him, I would clearly say yes. I'm
not able to tell you, how much "enough" would be. You'd have to ask
someone who knows better than me about that. ;)
> Consider also an extreme example:
> Is there ANY detectable difference for him if, instead
> of the sentence 'I met X this morning', I write 'I met
> Y this afternoon' (unless he has some guys that follow
> me in person)?
No, I think in this case there's no difference from a linguistical
viewpoint. But of course, a big difference from the extralinguistical
viewpoint.
>We don't know each other in person. If
> I post a sentence to the group that is not the Queen's
> English, are you sure that it is not because of my
> not having been very diligent im my foreign language
> class in school but that it is rather an intentional
> modification of an otherwise impecable English
> expression?
Hard to say. As you probably know, it's possible to draw conclusions
about the origin of a foreign language speaker by examining the errors
he makes. This is well researched. But there's unlikely to be any public
research about finding out intentional changes made for steganographic
purposes.
>If the opponent has materials comparable
> in volume to Shakespeare's work, you may be right.
My estimate is far less optimistic. I do not dare to give an exact
estimate, but I'd guess a dozens of steganified emails might be enough
to raise suspicion.
Please don't get me wrong: I agree that your method is excellent for
sending an occasional secret message like you have proposed. Like
always, it depends on how much data the attacker can collect and how
many efforts he makes to find out that there's hidden data and find it.
I just wanted to point out the line of attack. It seems we differ on how
practical the steganalysis of your scheme is, and that's an open
empirical question I guess we both cannot answer.
Regards,
Erich
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Steganography with natural texts
Date: Tue, 10 Apr 2001 01:11:55 +0200
Jim Gillogly wrote:
>
> Mok-Kong Shen wrote:
> > In my proposal
> > the human (carefully) decides how the sentences of an
> > originally natural text are to be modified without causing
> > suspicion of the opponent.
>
> Hmm -- looks like a proposal with very low throughput. It's
> very difficult to achieve natural-looking text. The opponent
> may not be able to decrypt it, but may be able to detect that
> <something> is wrong.
My scheme is certainly not recommendable for high throughput
applications. For the rest please see my follow-up to Joe
Acker.
> Someone -- perhaps Kahn or Pratt -- told a story about censors
> during The War who were responsible for seeing that no
> unauthorized messages got through the telegram office. If
> they saw anything suspicious they would paraphrase it. One
> censor changed "Father is deceased." to "Father is dead."
> Soon across her desk came another telegram. "Please clarify:
> is father dead or deceased?"
A stego channel can never be protected against active
attacks, if I don't err. In my humble opinion, the 'art'
lies in never causing suspicion or else one has already
failed (hence the necessary condition that the texts have
to be of very good 'quality'). The 'famous' story you
cited is indeed amusing but is an example of human
stupidity, that unfortunately has some significant
probability of occuring. It is however also true that a
number of ciphers were cracked following some stupid
human handling errors. The same is with some spectacular
discoveries of espionages.
M. K. Shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: latex quick help
Date: Mon, 09 Apr 2001 23:25:06 GMT
I installed MikTex 2.0 (with the update) I was just wondering if their is
any quick tutorials on the web how to write tex or more specifically latex
source files and how to translate them to postscript?
Thanks,
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: "Augusto Jun Devegili" <[EMAIL PROTECTED]>
Subject: Re: patent issue
Date: Mon, 9 Apr 2001 19:52:02 -0300
"Patent Reform Pending"
Industry Standard (04/09/01) Vol. 4, No. 14, P. 62; Pressman, Aaron
The U.S. Patent and Trademark Office has come under severe criticism in
recent years for giving business-method patents to high-tech companies for
such "pedestrian" techniques as pop-up advertising and one-click shopping
systems. However, the office appears to finally be issuing fewer patents by
implementing a second layer of review of business-method patents, resulting
in the approval of 47 percent of all such patents so far this year, compared
to 57 percent last year. The office's overall patent-approval rate is 67
percent. Regardless, critics contend that the patent regulators still
approve 19 patents out of 20 after the second review, with recent examples
including such seemingly mundane business methods as harvesting data from
customers of interactive television services and establishing
"semi-anonymous" online chat rooms. There is a movement in Congress,
particularly among Democratic lawmakers, to raise the novelty standards in
granting business-method patents. The proposed legislation would prohibit
the granting of patents for "known processes" that are new only because they
are being used online for the first time. The House is scheduled to hold
hearings on patent reform on April 4, while the Senate expects to hold
hearings in early May.
http://www.thestandard.com/article/display/0,1151,23202,00.html
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: latex quick help
Date: Mon, 09 Apr 2001 23:53:27 GMT
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:mxrA6.66513$[EMAIL PROTECTED]...
> I installed MikTex 2.0 (with the update) I was just wondering if their is
> any quick tutorials on the web how to write tex or more specifically latex
> source files and how to translate them to postscript?
I managed to figure it out enough to build my abstract :-)
Is there a quick-ref guide for math symbols and section codings?
Tom
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: How good is steganography in the real world?
Date: Mon, 9 Apr 2001 23:06:04 GMT
Paul Rubin wrote:
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
> > That's not a good argument. A much better argument is that nobody
> > has been able to suggest a plausible way to hide a backdoor in a
> > cipher with structure similar to DES.
> This is false, as the discovery of differential cryptanalysis shows.
> But you knew that already.
Sounds like you're accusing me of lying.
I don't consider the so-called "differential cryptanalysis"
to even come close to qualifying as a "back door".
------------------------------
From: [EMAIL PROTECTED] (David Formosa (aka ? the Platypus))
Subject: Re: Would dictionary-based data compression violate DynSub?
Reply-To: [EMAIL PROTECTED]
Date: Tue, 10 Apr 2001 00:02:14 GMT
On Mon, 09 Apr 2001 00:47:34 GMT, Benjamin Goldberg
<[EMAIL PROTECTED]> wrote:
> David Formosa (aka ? the Platypus) wrote:
>>
>> On Sat, 07 Apr 2001 07:29:55 GMT, Terry Ritter <[EMAIL PROTECTED]> wrote:
>> >
>> > On Sat, 07 Apr 2001 06:24:53 GMT, in
>> ><[EMAIL PROTECTED]>, in sci.crypt
>> > [EMAIL PROTECTED] (David Formosa (aka ? the Platypus)) wrote:
>>
>> [...]
>>
>> >>How is the application diffrent from Algorithm M?
>> >
>> > Perhaps you should first try to replace the XOR in a stream cipher
>> > or OTP with Algorithm M, and see what the problems might be.
>>
>> So basically the Patant covers using a dynamic substition table when
>> combining a keystream with a datastream? And not when combining two
>> keystreems (in Algorithm M) or used to generate a keystreem (in the
>> case of RC4).
>
> The patent does try to cover combining two keystreams to produce a
> stronger keystream, but these I think that the keystreams must somehow
> be two distinct sources.
But Algorithm M + a whole lot of other work would prior that usage.
Of cause if it only covers the combining in the way that the patanets
author suggestests then it is more or less usless, as its a
restriction that is s relativly easy to work around yousing systems
that give a simmler effect but not using his methods. The only thing
that this patent brings is a speedbump in in Cyrpto resurch meaning
that one avanue is blocked off untill it expires. As with other
patant owners on Semtric encrytion methods its not going to earn him
any money.
--
Please excuse my spelling as I suffer from agraphia. See
http://dformosa.zeta.org.au/~dformosa/Spelling.html to find out more.
Free the Memes.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
