Cryptography-Digest Digest #140, Volume #14 Sat, 14 Apr 01 12:13:01 EDT
Contents:
"Not bad" file encrypt/decrypt utility (kctang)
Re: Graphical representation of a public key (or fingerprint)? ("M.S. Bob")
Re: _"Good" school in Cryptography ("was" I got accepted) ("M.S. Bob")
Rabin-Miller prime testing ("Benjamin Johnston")
Re: Rabin-Miller prime testing ("Tom St Denis")
Re: Rabin-Miller prime testing ("Henrick Hellstr�m")
Re: How to use Dynamic Substitution
Re: please comment (Yechuri)
Re: XOR TextBox Freeware: Very Lousy. (HiEv)
Re: Rabin-Miller prime testing (David A Molnar)
Re: Rabin-Miller prime testing ("Tom St Denis")
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Frank Gerlach)
Re: Unnecessary operation in DES? (John Savard)
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Frank Gerlach)
Re: The 13th...:) (John Savard)
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Frank Gerlach)
----------------------------------------------------------------------------
From: kctang <[EMAIL PROTECTED]>
Crossposted-To: hk.comp.software
Subject: "Not bad" file encrypt/decrypt utility
Date: Sat, 14 Apr 2001 19:21:02 +0800
Hi,
Visit http://www.PrivateCrypto.com/int/
I was being told that this
1MB
free
file encrypt/decrypt ultility is "Not bad" if one knows
what is the mouse right click.
Any comments?
Kctang
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: Sat, 14 Apr 2001 12:33:38 +0100
Michael Schmidt wrote:
>
> I'm wondering whether there has been any research conducted on the topic
> "graphical representation of a public key" or the key's fingerprint. My goal
> is to authenticate a public key (or better: its fingerprint, like with PGP)
> securely by creating and comparing its graphical representation with an
> "original", which is unique enough for every key/fingerprint, yet easy to be
> processed and compared by the human brain.
Visual cryptography
http://www.cacr.math.uwaterloo.ca/~dstinson/visual.html
http://www.cacr.math.uwaterloo.ca/~dstinson/index.html
I thought Ian Goldberg has an example using IFS fractals and hashes, but
I can't find the details about it.
<http://www.cs.berkeley.edu/~iang/visprint.c>
Deja Vu
<http://paris.cs.berkeley.edu/%7Eperrig/projects.html#DEJAVU>
Hash Visualization and User Authentication through Image Recognition
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: _"Good" school in Cryptography ("was" I got accepted)
Date: Sat, 14 Apr 2001 12:45:51 +0100
newbie wrote:
>
> Your first postulate is : "the university is the only place when you can
> learn cryptography "
> Your second is " you have to be strong mathematician to learn
> cryptography "
> Your third postulate is " only USA and Europe are the best place to
> learn cryptography"
>
> This is simply wrong.
>
> Did you read a french translation of "Stop secret" Tchayatin Olga?
> Unpublished book. It is hard to find.
> I have a copy but not in Canada. In my sister,s house in Paris.
If you're willing to lend it to me, I'll pick it up from your sister's
house in Paris sometime.
Assuming your copy is the french translation.
------------------------------
From: "Benjamin Johnston" <[EMAIL PROTECTED]>
Subject: Rabin-Miller prime testing
Date: Sat, 14 Apr 2001 22:14:54 +1000
Hello again,
Firstly - thank you to all those who responded to my other message....
I've got another question... what the "standard" practice is for generating
values that
act as a "witness" for a prime?
The explanations of Rabin-Miller that I managed to find all implied that
these values should be generated randomly.
This seemed suspicious to me, because there doesn't seem to be much
advantage
in choosing random witnesses over having some predefined list.
I eventually managed to track down a paper (Primality Testing Revisited, by
J.H. Davenport, 1992) which gave me the impression that it is standard
practice to use the set of bases {3,5,7,11,13,17,19,23,29,31}.
Is this in fact the case; is there some set of "recommended" bases that
should be used? Is it good practice to test against only the first few
primes - and how many of these is it worth trying before it becomes
pointless proceeding?
-Benjamin Johnston
[EMAIL PROTECTED]
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Rabin-Miller prime testing
Date: Sat, 14 Apr 2001 12:33:40 GMT
"Benjamin Johnston" <[EMAIL PROTECTED]> wrote in message
news:9b9eru$t5m$[EMAIL PROTECTED]...
>
> Hello again,
>
> Firstly - thank you to all those who responded to my other message....
>
> I've got another question... what the "standard" practice is for
generating
> values that
> act as a "witness" for a prime?
>
> The explanations of Rabin-Miller that I managed to find all implied that
> these values should be generated randomly.
>
> This seemed suspicious to me, because there doesn't seem to be much
> advantage
> in choosing random witnesses over having some predefined list.
>
> I eventually managed to track down a paper (Primality Testing Revisited,
by
> J.H. Davenport, 1992) which gave me the impression that it is standard
> practice to use the set of bases {3,5,7,11,13,17,19,23,29,31}.
>
> Is this in fact the case; is there some set of "recommended" bases that
> should be used? Is it good practice to test against only the first few
> primes - and how many of these is it worth trying before it becomes
> pointless proceeding?
In general I use the first N primes as my primes in MR. If you use say 10
passes of MR you are going to be very sure you have a prime if it passes all
rounds. In practice I have never made a prime with MR that Maple couldn't
test as prime too so I think the method works well.
Tom
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Rabin-Miller prime testing
Date: Sat, 14 Apr 2001 14:53:25 +0200
If you mess with the specification, you will also disturb the probability
that a composite value will pass the test.
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
"Benjamin Johnston" <[EMAIL PROTECTED]> skrev i meddelandet
news:9b9eru$t5m$[EMAIL PROTECTED]...
>
> Hello again,
>
> Firstly - thank you to all those who responded to my other message....
>
> I've got another question... what the "standard" practice is for
generating
> values that
> act as a "witness" for a prime?
>
> The explanations of Rabin-Miller that I managed to find all implied that
> these values should be generated randomly.
>
> This seemed suspicious to me, because there doesn't seem to be much
> advantage
> in choosing random witnesses over having some predefined list.
>
> I eventually managed to track down a paper (Primality Testing Revisited,
by
> J.H. Davenport, 1992) which gave me the impression that it is standard
> practice to use the set of bases {3,5,7,11,13,17,19,23,29,31}.
>
> Is this in fact the case; is there some set of "recommended" bases that
> should be used? Is it good practice to test against only the first few
> primes - and how many of these is it worth trying before it becomes
> pointless proceeding?
>
> -Benjamin Johnston
> [EMAIL PROTECTED]
>
>
>
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: How to use Dynamic Substitution
Date: Sat, 14 Apr 2001 09:05:37 -0400
Why would you use Dynamic Substitution? Couldn't you just key RC4 using
your private key, and use the RC4 output to key a known block cipher,
differing the key each block (ECB mode)? I bet this is mentioned
somewhere. Any security issues? Using two known ciphers this way
couldn't bump into any patent I know of!
Mok-Kong Shen wrote in message <[EMAIL PROTECTED]>...
>
>
>"Henrick Hellstr�m" wrote:
>>
>> Disregarding the patent issues, how should DS be applied should one
choose
>> to use it? It seems as if it, in its basic form, is not a that much
stronger
>> combiner than XOR.
>[snip]
>
>I suppose you could look at the matter as follows: XOR
>is a substitution of 1-bit units. A general substitution
>(in the classical sense) is a substitution of n-bit
>units using a static table and hence is more general
>than XOR. That there is enhancement of strength as n
>gets bigger is obvious. To rigorously quantify that
>relationship would however be difficult in general, I
>guess. Changing the table as the processing goes on adds
>more generality, thus further contributing to strength.
>(This is an application of the principle of variability.)
>Thus DS belongs to the class of dynamically changing
>substitutions. It is to be noted that a FSM that takes
>an input, changes its state and gives an output is a
>dynamically changing substitution (the same input will
>the next time gives a different output in general). FSM
>is certainly prior art. Hence the patent could at most
>lay claim on the change of a (proper) substitution
>table, i.e. a one or two dimensional array in the terms
>of programming languages, and clearly cannot cover the
>'general' concept of a changing substitution as such.
>Note that if one uses a block cipher and changes the
>key, e.g. adds 1 to the key for each new block, one would
>also have a dynamically changing substitution (a block
>cipher of size n is a substitution of n bit units).
>The patent further contains texts that seem to claim that
>(the general idea of) combining two arbitrarily given
>streams to produce another (presumably more complex)
>stream is within its scope. That no patent can cover
>such a general idea should be entirely evident. For
>otherwise we wouldn't have, among others, stream ciphers
>at all. (Also combining more than two streams is
>commonplace, see e.g. the device of Wichmann and Hill.)
>
>M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Yechuri)
Date: 14 Apr 2001 13:14:11 GMT
Subject: Re: please comment
Actually what I was hoping for was is a reference to any published material
like a book or an article in a magazine where this has been described.
I saw a post recently on this newsgroup that said that even an idea was
actually being used by many people, unless it was published in a magazine or
book anybody can patent it and start charging a fee for it's use
------------------------------
From: HiEv <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker
Subject: Re: XOR TextBox Freeware: Very Lousy.
Date: Sat, 14 Apr 2001 13:46:35 GMT
Anthony Stephen Szopa wrote:
>
[snip]
> Who are you trying to convince, the dead? And what are you trying to
> convince them of, that they're still dead?
Um... I believe he was trying to convince you. Unless you consider
yourself dead, from the neck up or otherwise, I don't understand your
reference to the dead here.
> If the file you use to XOR your original file is random or appears
> random to any cracker then the cracker cannot reverse the XORed file.
Actually, "is random" is better than "appears random", but it usually
doesn't make much difference as long as the file doesn't have too many
nulls.
> You cannot get any better security than this. With XOR_TextBox I
> leave it to you to generate or obtain a "random" file for this
> purpose.
If you can't get better security than this, then why aren't tons of
people using it? (explanation below)
> "Here, everybody. I've got it in a book. It says it right here:
> "Turn off your minds." This claptrap sounds so convincing, doesn't
> it?"
"Gee, and it's endorsed by EXPERTS. Ooh! I'm scared! Who are you
going to believe, *me* or a bunch of guys who actually have years of
experience and are respected by their peers. Duh, me of course!"
> You offer this source code tripe that has no bearing on the
> randomness of the file one uses in the XOR process.
>
> I tell you what: if you are so confident, offer people in these
> news groups a $1000 each if you fail to crack their XORed files
> using XOR_TextBox.
>
> Hey, you got it in a book. Now put your money behind it.
Ok, tell you what I'll send you an encrypted message and you try and
read it.
Oops! You can't, and neither can anyone else, even the intended
recipient! Reason: you also need to send the one time pad (OTP) to the
other person who you want to have read it.
The real weakness of your system is in the transmission of the file
needed to decrypt the message (the OTP). If you start using your
system, then you need yet another system to tell the person you are
communicating with how to decrypt the message. This kind of defeats the
purpose of using your program, since you could usually just use that
other method to pass the information you are encrypting instead using
your application.
Also, you can't reuse an OTP without compromising the security of the
information; something you don't bother to mention in your application.
Oh, one more thing. Since you always have to send the OTP and the
cyphertext it basically means that you double the size of the data you
need to decrypt the text. Great system!
BTW- Congrats on the lousy crosspost. Crossposting across groups like
alt.hacker and sci.crypt is not considered proper netiquette.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Rabin-Miller prime testing
Date: 14 Apr 2001 14:22:56 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> rounds. In practice I have never made a prime with MR that Maple couldn't
> test as prime too so I think the method works well.
What method does Maple use to test primes?
-David
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Rabin-Miller prime testing
Date: Sat, 14 Apr 2001 14:57:52 GMT
"David A Molnar" <[EMAIL PROTECTED]> wrote in message
news:9b9mg0$a97$[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> > rounds. In practice I have never made a prime with MR that Maple
couldn't
> > test as prime too so I think the method works well.
>
> What method does Maple use to test primes?
To be honest I never checked... Maple was written by the people at Waterloo
I just "trusted" them to get the test right.
According to the help they use Algorithm P in TAOCP which as far as I can
tell is Miller-Rabin.
Tom
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: Sat, 14 Apr 2001 16:58:01 +0200
Doug Stell wrote:
>
> Keep in mind that they know everything that the academics know. They
> know more and don't tell the academics. The gap may be closing, but
> the playing field isn't level, due to the lack of bi-directional flow
> of information. However, the flow of information isn't as
> uni-directional as it was in the past.
I agree. For Instance, SE Linux is a very promising concept, still it
seems to me that they are caught in between the desire to harden public
infrastructure (Internet, phone system, essential utilities) and the
desire to use exactly those weaknesses for (foreign ?)reconnaissance.
> >"National INFOSEC Education & Training Program" schools is definitely
> >sub-standard.
>
> This program is not what you are expecting it to be. The emphasis is
> on prevention in equipment that you build. I have one of these guys on
> my program and he doesn't need to know and doesn't know the kind of
> stuff that you are expecting from this program.
Even if you leave the narrow issues of crypto and stegano out of the
discussion, the publications of those schools are definitely not
contributing to scientific and engineering advancement in real-world
systems conception/design/engineering.
The German BSI (Federal Information Security Agency) is also not providing
much engineering guidance, instead, they have long lists of *individual*
exploits, viruses etc. In other words, they wait until disaster strikes
and then list the fixes, instead of promoting solid engineering to avoid
that. I am attributing this to the dominance of the spooks, who have no
real interest in spreading good security.
> None of the people I have ever met from the agencies you mention are
> at all spooky. BTW, it may not be obvious who they are at conferences,
> but they usually warm up when they realize that someone recognizes the
> dance of evasion and can tell them where they work.
Sure, those folks are like normal mathematicians/engineers, just that
their ideas are locked away. I definitely would like to call this kind of
scientist a "spook", because sane persons do not suffer that in times of
peace.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Unnecessary operation in DES?
Date: Sat, 14 Apr 2001 15:06:30 GMT
On 14 Apr 2001 01:37:20 GMT, [EMAIL PROTECTED] (Mark Wooding) wrote, in
part:
>One of the problems with DES is that it uses the low-order bit of each
>key byte as the parity bit. This was clearly never intended to be used
>with ASCII (or EBCDIC, for that matter). In fact, I think I'd class it
>as a Mistake.
Well, if the algorithm were secret, and one only knew that the bytes
had to have odd parity, one might assume in one's analysis that the
high-order bit was the parity bit - which is why I think that _might_
have been deliberate, to assist in the case where the algorithm is
secret.
>No. In EBCDIC, digits are F0--F9. They have very few leading zero
>bits!
True, but the same principle applies. In the case of EBCDIC, letters
and digits begin with 11, and special characters begin with 01, so the
second bit is constant in a document consisting only of printable
characters. Of course, 10 begins lowercase letters when used, and in
that case, nearly all characters would have a leading 1 bit.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: Sat, 14 Apr 2001 17:06:01 +0200
Mok-Kong Shen wrote:
> >
> > Hm. Why are they still in business (with satisfied customers,
> > apparently).
>
> Business is a social phenomenon, which depends on many
> (non-natural-science) factors and is generally hardly
> 'guided' by reasons (logics).
Definitely true. According to the "Puzzle Palace", in the last 30 years
the NSA was unable to break into high-level soviet communications,
because they used One-Time Pads for really important stuff.
So the major target were third-world countries, who still believed in
the concept of an "unbreakable code" and often used cooked stuff from
companies like Crypto AG or even Engimas (!!), which they got from the
brits. Another target were european companies selling dual-use stuff to
libya, iraq and iran and did just not know Echelon.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The 13th...:)
Date: Sat, 14 Apr 2001 15:11:21 GMT
On Fri, 13 Apr 2001 14:59:59 -0500, "Jeff Moser" <[EMAIL PROTECTED]>
wrote, in part:
>Only if you write it as
>
>04132001
>
>as
>
>20011304 and 20010413 are not prime :)
How about 13042001? (As another poster noted, only 20010413 among the
two composites you cited is ever used to write dates.)
Never mind, I found
http://myrtle.csm.uc.edu/isprime/number.html
and it told me it is not prime.
But the fact that it was Friday the 13th - and Good Friday as well -
made it unusual.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: Sat, 14 Apr 2001 17:09:30 +0200
Sorry for using the term "stuff" for different things.
Frank Gerlach wrote:
> Mok-Kong Shen wrote:
>
> > >
> > > Hm. Why are they still in business (with satisfied customers,
> > > apparently).
> >
> > Business is a social phenomenon, which depends on many
> > (non-natural-science) factors and is generally hardly
> > 'guided' by reasons (logics).
>
> Definitely true. According to the "Puzzle Palace", in the last 30 years
> the NSA was unable to break into high-level soviet communications,
> because they used One-Time Pads for really important stuff
(Messages)
> .
> So the major target were third-world countries, who still believed in
> the concept of an "unbreakable code" and often used cooked stuff
(deliberately weakened crypto machines)
> from
> companies like Crypto AG or even Engimas (!!), which they got from the
> brits. Another target were european companies selling dual-use stuff to
(chemicals, machine parts, nuclear centrifuges, dual-use technologies)
>
> libya, iraq and iran and did just not know Echelon.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
