Cryptography-Digest Digest #136, Volume #14 Fri, 13 Apr 01 16:13:00 EDT
Contents:
Re: Endianness of MARS (D. J. Bernstein)
Re: Graphical representation of a public key (or fingerprint)? ("Michael Schmidt")
Re: Graphical representation of a public key (or fingerprint)? ("Matt Timmermans")
Re: NSA-Endorsed Schools have a Mediocre Internet Presence ("Douglas A. Gwyn")
Re: Endianness of MARS (Jerry Coffin)
Re: XOR TextBox Freeware: Very Lousy. ("Ryan M. McConahy")
Re: How good is steganography in the real world? ("Douglas A. Gwyn")
Re: MD5 flaws (Bill Unruh)
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Matthew Skala)
Re: _"Good" school in Cryptography ("was" I got accepted) ("Claus N�veke")
Re: Graphical representation of a public key (or fingerprint)? (John Myre)
Re: _"Good" school in Cryptography ("was" I got accepted) (Mok-Kong Shen)
Re: Graphical representation of a public key (or fingerprint)? (Mok-Kong Shen)
Re: Graphical representation of a public key (or fingerprint)? ("Paul Pires")
Can this be done? ("Julian Morrison")
Re: Endianness of MARS ("Trevor L. Jackson, III")
Re: Graphical representation of a public key (or fingerprint)? ("Trevor L. Jackson,
III")
Re: Can this be done? (Jim Gillogly)
Re: Can this be done? (Paul Rubin)
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (David Wagner)
Re: The 13th...:) ("Jeff Moser")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Subject: Re: Endianness of MARS
Date: 13 Apr 2001 16:03:49 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Does anyone have a list of modern processors (names of popular
> manufacturers) that employ big and small endians respectively?
All popular modern architectures support little-endian. Most of them,
with the notable exception of x86, also support big-endian.
---Dan
------------------------------
From: "Michael Schmidt" <[EMAIL PROTECTED]>
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: Fri, 13 Apr 2001 18:25:19 +0200
"Mok-Kong Shen" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
news:[EMAIL PROTECTED]...
>
>
> Michael Schmidt wrote:
> >
> > Maybe I haven't expressed myself clear enough in the first place.
> > I'm looking for the other way round: Finding a distinct graphical
> > representation of a binary value (the public key or its fingerprint).
> >
> > I'm thinking about the following scenario:
> > Just as I compare now the PGP fingerprint of a communication parter's
e-mail
> > with the PGP fingerprint that I had received before printed on his
business
> > card, I would like to compare graphical representations rather than the
> > fingerprint hex strings. A typical PGP fingerprint today has a length of
20
> > byte. It appears quite unattractive and error-prone to completely
compare it
> > for each e-mail. I think that comparing graphical representations is
simply
> > more intuitive for humans.
> >
> > But, of course, the graphical representation has to meet certain
> > requirements:
> >
> > - If the representation acts as a fingerprint (i.e. it compresses data
> > like a hash), it has to be as collision-resistant as possible.
> >
> > - If the representation just represents the original (uncompressed)
value,
> > it has to show an immense value space, yet it has to be easily
> > distinguishable for humans.
> > This approach sounds less feasible, but it could be applied to the
> > (numerical) fingerprint rather than the original value.
>
> I guess that your idea is in principle related to a scheme
> that lets users choose one of a number of figures/faces in
> lieu of a password. (IBM has a patent that is general enough
> to cover the said scheme, as I learned from a post
> long time back.)
To a certain degree, yes, and this would work for symmetric keys.
However, not any figure/face combination would map to a valid asymmetric
key. The flow of events is simply that an asymmtric key pair is generated
independent of any potential graphical representation. Then one has to find
a graphical representation for it, that undeniably expresses this key.
Michael
------------------------------
From: "Matt Timmermans" <[EMAIL PROTECTED]>
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: Fri, 13 Apr 2001 17:18:04 GMT
I vaguely remember an article about that, but not the source (If you find
it, let me know).
It occurs that the best way to do this might be to take advantage of all
those neurons we have specifically for facial recognition, by generating an
image of a face from the hash of the key. There has been a good bit of
research in compact facial representations -- do a google search for
"eigenfaces".
"Michael Schmidt" <[EMAIL PROTECTED]> wrote in message
news:9b6cu7$7scub$[EMAIL PROTECTED]...
> Hi,
>
> I know that there has been research on the topic "graphical passwords",
i.e.
> keys being created from graphical user input.
>
> I'm wondering whether there has been any research conducted on the topic
> "graphical representation of a public key" or the key's fingerprint. My
goal
> is to authenticate a public key (or better: its fingerprint, like with
PGP)
> securely by creating and comparing its graphical representation with an
> "original", which is unique enough for every key/fingerprint, yet easy to
be
> processed and compared by the human brain.
>
>
>
> Thanks,
>
> Michael
>
>
> --
> ===================================================
> Michael Schmidt
> ---------------------------------------------------
> Institute for Data Communications Systems
> University of Siegen, Germany
> www.nue.et-inf.uni-siegen.de
> ---------------------------------------------------
> http: www.nue.et-inf.uni-siegen.de/~schmidt/
> e-mail: [EMAIL PROTECTED]
> phone: +49 271 740-2332 fax: +49 271 740-2536
> mobile: +49 173 3789349
> ---------------------------------------------------
> ### Siegen - The Arctic Rain Forest ###
> ===================================================
>
>
>
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: Fri, 13 Apr 2001 16:59:20 GMT
Frank Gerlach wrote:
> obvious to me that any college/university funded by the spooks will
> quickly loose their good academics, because they want to publicize
> *outside* the spook's circles.
Not historically true..
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Endianness of MARS
Date: Fri, 13 Apr 2001 11:36:08 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> Dumb question: Does anyone have a list of modern processors
> (names of popular manufacturers) that employ big and small
> endians respectively? Thanks.
Nearly all Intel are little endian, so Intel compatibles are also.
Most Motorola (e.g. 68K) is big endian.
Most RISC chips allow both.
The PowerPC is really big-endian, but has a mode where it simulates
little endian for most practical purposes (it basically manipulates
the addressing during loads or stores so a number stored in little-
endian format in memory will end up getting loaded as the correct
value in the CPU, even though the CPU proper always works in a big-
endian fashion).
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: "Ryan M. McConahy" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker
Subject: Re: XOR TextBox Freeware: Very Lousy.
Date: Fri, 13 Apr 2001 13:15:51 -0400
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
> Either way, at no time is the original text ever written to disk.
> In both cases the original text is merely stored in RAM.
That doesn't matter. XOR is wimpy.
*Pulls out his electronic copy of Applied Cryptography*
- From Bruce Schneier's Applied Cryptography, Chapter 1, Section 1.4:
"The simple-XOR algorithm is really an embarrassment; it's nothing
more than a Vigen�re polyalphabetic cipher. It's here only because
of its prevalence in commercial software packages, at least those
in the MS-DOS and Macintosh worlds [1502,1387]. Unfortunately, if a
software security program proclaims that it has a "proprietary"
encryption algorithm-significantly faster than DES-the odds are
that it is some variant of this.
/* Usage: crypto key input_file output_file */
void main (int argc, char *argv[])
{
FILE *fi, *fo;
char *cp;
int c;
if ((cp = argv[1]) && *cp!='\0') {
if ((fi = fopen(argv[2], "rb")) != NULL) {
if ((fo = fopen(argv[3], "wb")) != NULL) {
while ((c = getc(fi)) != EOF) {
if (!*cp) cp = argv[1];
c ^= *(cp++);
putc(c,fo);
}
fclose(fo);
}
fclose(fi);
}
}
}"
And a little further down the ePage:
"There's no real security here. This kind of encryption is trivial
to break, even without computers [587,1475]. It will only take a
few seconds with a computer.
Assume the plaintext is English. Furthermore, assume the key length
is any small number of bytes. Here's how to break it:
1. Discover the length of the key by a procedure known as counting
coincidences [577]. XOR the ciphertext against itself shifted
various numbers of bytes, and count those bytes that are equal. If
the displacement is a multiple of the key length, then something
over 6 percent of the bytes will be equal. If it is not, then less
than 0.4 percent will be equal (assuming a random key encrypting
normal ASCII text; other plaintext will have different numbers).
This is called the index of coincidence. The smallest displacement
that indicates a multiple of the key length is the length of the
key.
2. Shift the ciphertext by that length and XOR it with itself.
This removes the key and leaves you with plaintext XORed with the
plaintext shifted the length of the key. Since English has 1.3 bits
of real information per byte (see Section 11.1), there is plenty of
redundancy for determining a unique decryption.
Despite this, the list of software vendors that tout this toy
algorithm as being "almost as secure as DES" is staggering [1387].
It is the algorithm (with a 160-bit repeated "key") that the NSA
finally allowed the U.S. digital cellular phone industry to use for
voice privacy. An XOR might keep your kid sister from reading your
files, but it won't stop a cryptanalyst for more than a few
minutes."
The only thing (in crypto) XOR is good for is for one time pads, in
which it is more secure
than anything ever invented.
Ryan M. McConahy
=====BEGIN PGP SIGNATURE=====
Version: 6.5.8ckt http://www.ipgpp.com/
iQA/AwUBOtc0QaFn8yalvjU2EQIOHQCgxlwNASr0LQsb1wqIKr94rlyvtkEAoJvO
DTg+vQ7p+EMKFCQPFQqCRK/u
=sUUG
=====END PGP SIGNATURE=====
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: How good is steganography in the real world?
Date: Fri, 13 Apr 2001 17:03:17 GMT
Mok-Kong Shen wrote:
> recall in this connection the famous sentence that
> gentlemen don't read other's correspondences
Attributed to Stinson when he became secretary of state
and discovered that we had a Black Chamber. (He might
not have actually said it.) However, it was universally
recognized within the crypto community that treating
enemies as gentlemen would be foolish.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: MD5 flaws
Date: 13 Apr 2001 17:52:08 GMT
In <[EMAIL PROTECTED]> miathan <[EMAIL PROTECTED]> writes:
>I keep encountering mentions of those supposed security flaws in MD5 in
>variuous documents, but seem unable to find what exactly those are.
>Does anyone know a document describing them and how serious the problems
>are?
>I'm sorry if this is a F.A.Q. but didn't see such a topic here
A number of years ago a researcher (Doberin? Doberton?) discovered that he could
generate a collision ( two texts with the same hash) for a reduced
version of MD5. This made people worried that perhaps in the future a
similar attack could be carried out on the full MD5. As far as I know
this worry has not yet born fruit, but it has made people in the know
regard MD5 less favourably than say SHA-1.
------------------------------
From: [EMAIL PROTECTED] (Matthew Skala)
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: 13 Apr 2001 11:06:26 -0700
In article <[EMAIL PROTECTED]>,
Frank Gerlach <[EMAIL PROTECTED]> wrote:
>obvious to me that any college/university funded by the spooks will
>quickly loose their good academics, because they want to publicize
>*outside* the spook's circles.
This isn't exactly an entire spook-funded university, but I did recently
attend a conference (the 32nd Southeastern Conference on Combinatorics,
Graph Theory, and Computing, held at Louisiana State University) which was
openly sponsored by NSA. It says "Sponsored by National Security Agency"
right on the front cover of the program; no other sponsors are listed
there. NSA had no other presence visible to me, plenty of respected
academics were there, and nobody seemed to think that it was a less than
fully legitimate open academic conference just because of the NSA
connection.
--
Matthew Skala
[EMAIL PROTECTED] :CVECAT DELENDA EST
http://www.islandnet.com/~mskala/
------------------------------
From: "Claus N�veke" <[EMAIL PROTECTED]>
Subject: Re: _"Good" school in Cryptography ("was" I got accepted)
Date: Fri, 13 Apr 2001 20:36:54 +0200
Are there "good" Cryptography-schools in Germany?
Greatings
Claus
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: Fri, 13 Apr 2001 12:32:09 -0600
Matt Timmermans wrote:
<snip>
> It occurs that the best way to do this might be to take advantage of all
> those neurons we have specifically for facial recognition, by generating an
> image of a face from the hash of the key. There has been a good bit of
> research in compact facial representations -- do a google search for
> "eigenfaces".
<snip>
I like this, but I'm not sure one face is enough. It only takes 33
bits or so to count every human face there is, and clearly some faces
look pretty much alike. (Granted, the humans that exist don't span the
potential faces. But the order-of-magnitude problem still exists.)
We can allow more variability: cartoon faces or aliens can work as well.
Other bits can be used to generate decorative features, like scars,
hats,
earrings, and the like. But we have to watch out for human inattention:
"oh, I didn't realize the lipstick was missing!", or "gee - all those
Klingon faces look alike to me, anyway". I would predict that a "family
portrait" would work better; it allows the information to be partitioned
so each individual face is more easily distinguished when changed.
JM
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: _"Good" school in Cryptography ("was" I got accepted)
Date: Fri, 13 Apr 2001 20:56:21 +0200
"Claus N�veke" wrote:
>
> Are there "good" Cryptography-schools in Germany?
A number of universities offer crypto courses in their
CS curriculum. I can't answer your question, not only
because I know too little but also because the term
'good' can be largely a subjective issue. I suggest
that you look at the names of the professors and obtain
some hints from the record of their publications.
(Of course, a good scientist may not necessarily be
a good teacher.) Note also that some crypto relevant
researches are conducted in the faculty of mathematics.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: Fri, 13 Apr 2001 21:01:33 +0200
John Myre wrote:
>
> I like this, but I'm not sure one face is enough. It only takes 33
> bits or so to count every human face there is, and clearly some faces
> look pretty much alike. (Granted, the humans that exist don't span the
> potential faces. But the order-of-magnitude problem still exists.)
I am interested in the fact that a human face could be
characterized by as few as some thirty bits. Could you
please give a reference? Thanks.
M. K. Shen
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: Fri, 13 Apr 2001 12:24:07 -0700
Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> John Myre wrote:
> >
>
> > I like this, but I'm not sure one face is enough. It only takes 33
> > bits or so to count every human face there is, and clearly some faces
> > look pretty much alike. (Granted, the humans that exist don't span the
> > potential faces. But the order-of-magnitude problem still exists.)
>
> I am interested in the fact that a human face could be
> characterized by as few as some thirty bits. Could you
> please give a reference? Thanks.
I believe he said "33 bits to count" This is far different
than "33 bits to represent" 2^33 ~ 8.6 billion. Do we have
8.6 billion souls on this rock?
Anyway, I think it was a stab at setting an upper bound on
the keyspace size that that humans could probably discriminate
within. I don't think it had to do with the complexity of faces.
Paul
>
> M. K. Shen
------------------------------
From: "Julian Morrison" <[EMAIL PROTECTED]>
Subject: Can this be done?
Date: Fri, 13 Apr 2001 20:28:49 +0100
Here's a scenario:
Alice sends messages to Bob. The messages are sent in clear, but Alice
includes a "check hash" with each message that allows Bob to ascertain
that (1) the message matches its hash, and (2) all the messages were
generated by someone who knew some unspecified secret, said secret being
provably the same for all the mesages.
HOWEVER, Bob does not know this secret, he and Alice do not exchange any
information (the flow of data is solely from Alice to Bob), nor can he nor
anyone else listening in determine this secret. And, no-one without the
secret can forge new hashes that falsely seem to have been created by
Alice.
The result being: all the messages are proven to come from the same place,
despite that place remaining anonymous.
Can this be done? If so, how?
--
I like e-gold. Pay for goods in real gold, with zero financial risk.
This link ( http://www.e-gold.com/e-gold.asp?cid=281798 ) takes you to
their site and shows me as the introducer if you open an account.
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Endianness of MARS
Date: Fri, 13 Apr 2001 19:34:47 GMT
"D. J. Bernstein" wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > Does anyone have a list of modern processors (names of popular
> > manufacturers) that employ big and small endians respectively?
>
> All popular modern architectures support little-endian. Most of them,
> with the notable exception of x86, also support big-endian.
x86 is not a modern architecture.
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: Fri, 13 Apr 2001 19:42:54 GMT
Paul Pires wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
> >
> >
> > John Myre wrote:
> > >
> >
> > > I like this, but I'm not sure one face is enough. It only takes 33
> > > bits or so to count every human face there is, and clearly some faces
> > > look pretty much alike. (Granted, the humans that exist don't span the
> > > potential faces. But the order-of-magnitude problem still exists.)
> >
> > I am interested in the fact that a human face could be
> > characterized by as few as some thirty bits. Could you
> > please give a reference? Thanks.
>
> I believe he said "33 bits to count" This is far different
> than "33 bits to represent" 2^33 ~ 8.6 billion. Do we have
> 8.6 billion souls on this rock?
>
> Anyway, I think it was a stab at setting an upper bound on
> the keyspace size that that humans could probably discriminate
> within. I don't think it had to do with the complexity of faces.
There's a hidden reliability problem here. It comes in two forms. The first form is
the
repeatability of recognizing a pattern that is or is not valid. A simpler example is
recognizing
colors. Humans can discriminate about 100,000 distinct colors in that they can tell
them apart.
But, this does not mean one can relibably encode ~17 bits of information within a
single color
sample. Think what you ate/drank/said/did/heard last night "colors" your perception
of the world?
Then the colors you see today won't match the colors you saw yesterday.
The second form is the transitivity of the pattern recognition. One persons ability
to discriminate
faces or colors may have the same size as anothers, but the sets of recognizable
patterns may not be
congruent.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Can this be done?
Date: Fri, 13 Apr 2001 12:52:06 -0700
Julian Morrison wrote:
> Alice sends messages to Bob. The messages are sent in clear, but Alice
> includes a "check hash" with each message that allows Bob to ascertain
> that (1) the message matches its hash, and (2) all the messages were
> generated by someone who knew some unspecified secret, said secret being
> provably the same for all the mesages.
>
> HOWEVER, Bob does not know this secret, he and Alice do not exchange any
> information (the flow of data is solely from Alice to Bob), nor can he nor
> anyone else listening in determine this secret. And, no-one without the
> secret can forge new hashes that falsely seem to have been created by
> Alice.
>
> The result being: all the messages are proven to come from the same place,
> despite that place remaining anonymous.
>
> Can this be done? If so, how?
Sure. Alice's first message is her RSA public key, and subsequent
clear messages are accompanied by their RSA signature. Bob can
verify each signature, proving that each message was sent by someone
who had access to the private key matching the public key he received.
If Alice (by convention) sends different messages every time, the
man in the middle can't even get away with replaying her messages
(e.g. sending a duplicate buy order).
He doesn't know who Alice is, of course -- the term "Alice" is used
to refer to whoever it was out there that sent him the public key.
--
Jim Gillogly
Sterday, 22 Astron S.R. 2001, 19:46
12.19.8.2.8, 9 Lamat 6 Pop, Third Lord of Night
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Can this be done?
Date: 13 Apr 2001 12:54:01 -0700
Yes, that's what digital signatures are.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: 13 Apr 2001 19:54:06 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Matthew Skala wrote:
>This isn't exactly an entire spook-funded university, but I did recently
>attend a conference (the 32nd Southeastern Conference on Combinatorics,
>Graph Theory, and Computing, held at Louisiana State University) which was
>openly sponsored by NSA. It says "Sponsored by National Security Agency"
>right on the front cover of the program; no other sponsors are listed
>there. NSA had no other presence visible to me, plenty of respected
>academics were there, and nobody seemed to think that it was a less than
>fully legitimate open academic conference just because of the NSA
>connection.
The NSA contributes to a number of information security conferences.
There is nothing sinister about this, and IMHO, it should be warmly
welcomed.
------------------------------
From: "Jeff Moser" <[EMAIL PROTECTED]>
Subject: Re: The 13th...:)
Date: Fri, 13 Apr 2001 14:59:59 -0500
Only if you write it as
04132001
as
20011304 and 20010413 are not prime :)
"Frog2000" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hello...A prime day indeed. :)
>
> --
> http://welcome.to/speechsystemsfortheblind
>
>
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
