Cryptography-Digest Digest #214, Volume #14 Mon, 23 Apr 01 11:13:01 EDT
Contents:
Re: I got accepted (Runu Knips)
Re: Let's end this OTP argument ("Simon Hunt")
Re: 1024bit RSA keys. how safe are they? (Klaus Pommerening)
Re: 1024bit RSA keys. how safe are they? (Matthias Murra)
Re: OTP WAS BROKEN!!! ("Tom St Denis")
Re: OTP WAS BROKEN!!! (Jeffrey Williams)
Re: Lessons learned from current watermarking systems (Lutz Donnerhacke)
Re: Censorship Threat at Information Hiding Workshop (David A Molnar)
Triple-DES vs. RC4 ("Michael Schmidt")
Re: Reusing A One Time Pad (Richard Herring)
Re: Triple-DES vs. RC4 ("Panu Hämäläinen")
Re: 1024bit RSA keys. how safe are they? ("George T.")
Re: Triple-DES vs. RC4 ("Tom St Denis")
Re: 1024bit RSA keys. how safe are they? ("Tom St Denis")
Re: Triple-DES vs. RC4 ("Michael Schmidt")
Re: Triple-DES vs. RC4 ("Tom St Denis")
Re: Triple-DES vs. RC4 ("Michael Schmidt")
Re: random square factoring? ("Tony T. Warnock")
Re: sdgsdg ("AY")
Re: OTP breaking strategy ("Tony T. Warnock")
Re: Steganography with natural texts ("John A. Malley")
Re: sdgsdg (Ben Smith)
Re: 1024bit RSA keys. how safe are they? ("AY")
----------------------------------------------------------------------------
Date: Mon, 23 Apr 2001 11:15:39 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Tom St Denis wrote:
> Yahooooooo!
>
> I got accepted to 1 out of the 3 (so far) universities I applied too.
> Yahooooo!
>
> I would like to thank the posters in this group for if it weren't for my
> hours consumed posting and learning here I probably would not have made
> it!!!
CONGRATULATIONS ! :-)
------------------------------
From: "Simon Hunt" <[EMAIL PROTECTED]>
Subject: Re: Let's end this OTP argument
Date: Fri, 20 Apr 2001 13:03:32 +0100
Am I missing something, or could this mean ANY 64 character message as there
are 64^256 possible pads for this message?
Simon.
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:UtJD6.89$[EMAIL PROTECTED]...
> Below is a 8-bit per char (ASCII) encoded message using a winRNG as a OTP
> pad (I don't know the pad even, well I know the message).
>
> The message is null terminated so you are given one byte of the pad ...
>
> 69 d0 2c a8 d9 55 1a b8 79 41 0d af 4f 31 fe e1
> b8 6e a2 2b f4 d4 64 cf be 9d b4 54 00 05 9c 3a
> ba b4 e8 fd d2 f7 78 9f c6 c1 23 70 c0 7a c7 76
> eb 00 90 05 68 12 b6 82 5e 2e 9e 16 3a ed 18 46
>
> If you can tell me the message please disclose it here!
> --
> Tom St Denis
> ---
> http://tomstdenis.home.dhs.org
>
>
------------------------------
From: [EMAIL PROTECTED] (Klaus Pommerening)
Subject: Re: 1024bit RSA keys. how safe are they?
Date: 23 Apr 2001 10:07:11 GMT
In <9c0956$ph0$[EMAIL PROTECTED]> "George T." wrote:
> Does anyone has idea how safe RSA 1024 bit keys are? Are they safe
enough to
> be used for encrypting credit card information, travelling over the
internet
> and or residing on servers (email) for more than 24 hours.
>
http://www.cryptosavvy.com/
--
Klaus Pommerening [http://www.Uni-Mainz.DE/~pommeren/]
Institut fuer Medizinische Statistik und Dokumentation
der Johannes-Gutenberg-Universitaet, D-55101 Mainz, Germany
------------------------------
From: Matthias Murra <[EMAIL PROTECTED]>
Subject: Re: 1024bit RSA keys. how safe are they?
Date: Mon, 23 Apr 2001 14:06:55 +0200
Klaus Pommerening wrote:
>
> http://www.cryptosavvy.com/
See Bob Silverman's reply to [EMAIL PROTECTED]
(sorry, I don't have the reply's message ID).
In essence, the paper referenced above does not address the fact that
the Number Field Sieve (used for factoring the RSA modulus n) is
SPACE-constrained, not TIME-constrained, for large values of n.
--
"Cool, huh? Just like Usenet or Yahoo message boards -- the losers
self-identify themselves."
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Mon, 23 Apr 2001 12:47:03 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> > Since infinity is not a number and doesn't represent one you can't
> > exactly square it. ...
> > Of course I will most likely get flamed by this post. Oh well.
>
> The reason you get flamed is for trying to explain something that
> you don't know as well as the person to whom you're trying to explain.
>
> Look up "Cantor" and "transfinite numbers".
That's cool times two.. nahaha that's cool times infinity...
heheheh
You know what, I really don't care. It's one of those things that's "neat"
but at my stage in life a completely useless fact. Just like knowing the
universe is expanding. Not much I can do with that fact too.
Tom
------------------------------
From: Jeffrey Williams <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Mon, 23 Apr 2001 07:49:26 -0500
OTP is an acronym for One Time Pad. If you reuse the key, it ceases, by
definition, to be a One Time Pad. If you can break it only after reuse, you have
NOT broken a OTP. It is acknowledged in this news groups, in general, that a
reused OTP is NOT secure.
newbie wrote:
> I knew it.
> Do not be skeptical please.
> Just try to understand my idea.
> Please.
>
> It is based on the simulated re-use of OTP.
> If I reuse twice OTP you can break it for sure.
> That is the trick that I used.
> It is very simple.
------------------------------
From: [EMAIL PROTECTED] (Lutz Donnerhacke)
Subject: Re: Lessons learned from current watermarking systems
Date: Mon, 23 Apr 2001 12:56:35 +0000 (UTC)
* Tom St Denis wrote:
>"Lutz Donnerhacke" <[EMAIL PROTECTED]> wrote in message
>> ftp://ftp.iks-jena.de/pub/mitarb/lutz/crypt/general/\
>> Craver,McGregor,Wu,Liu,Stubblefield,Swartzlander,Wallach,Dean,Felten:\
>> Lessons_from_the_SDMI_Challenge.pdf
>
>How about a valid url?
It's valid. Only the server was down over the weekend (presumly do to a
heavy upload session of a bad running webcam). Sorry for this.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: 23 Apr 2001 12:54:28 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> My point was that it is *also* not in using a copy protection scheme.
> Rather, the real problem here is the theft of content that started
> the chain of developments.
That's fair. I tend to agree with you. The entire process of determining the
real problem, however, seems too likely to distract from the issue at hand:
the SDMI Foundation's threat against Felten et. al.
-David
------------------------------
From: "Michael Schmidt" <[EMAIL PROTECTED]>
Subject: Triple-DES vs. RC4
Date: Mon, 23 Apr 2001 15:16:28 +0200
Hi,
I'm looking for some performance survey about Triple-DES and RC4 (128 bit)
used for payload encryption, preferably on a Pentium II or higher processor
(i.e. PC). I am aware that I'm comparing a block cipher with a stream
cipher.
However, Triple-DES and RC4 seem to be the only 2 popular, secure and really
commonly used payload encryption schemes, as used in SSL/TLS (web browsers)
as well as in Java (Java Cryptographic Architecture - JCA).
Furthermore, how is the licensing situation for RC4, when used commercially
outside the US? Schneier writes in Applied Cryptography that RSA would give
you a hard time if you try to use it unlicensed, although there's no legal
ground to that.
Are there any serious attacks known against 128 bit RC4?
Thanks,
Michael
--
===================================================
Michael Schmidt
===================================================
Institute for Data Communications Systems
University of Siegen, Germany
www.nue.et-inf.uni-siegen.de
===================================================
http: www.nue.et-inf.uni-siegen.de/~schmidt/
e-mail: [EMAIL PROTECTED]
phone: +49 271 740-2332 fax: +49 271 740-2536
mobile: +49 173 3789349
===================================================
### Siegen - The Arctic Rain Forest ###
===================================================
------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Subject: Re: Reusing A One Time Pad
Date: 23 Apr 2001 13:18:03 GMT
Reply-To: [EMAIL PROTECTED]
In article <9bkksb$7kuu$[EMAIL PROTECTED]>, Mark G Wolf
([EMAIL PROTECTED]) wrote:
> > Then it's not an OTP if use reuse the pad. Are you missing the replies or
> just being plain ignorant?
> Ok I herby claim a Copyright on the following term for which I wish to be
> credited when it becomes popular because it sounds "fun".
ITYM "trademark".
HTH.
> Crypto-Doodle Pad (CDP) - A file consisting of random bits, copies of which
> are possessed by two or more people, used in conjunction with cryptological
> algorithms for the exchange of ciphered information.
Sure, anything you say. Just don't call it OTP.
> Crypto-Doodle Pad, cryptodoodle pad, cryptodoodle, CDP
> Copyright © 2001 Mark G Wolf
You mean ® or maybe [TM]
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: "Panu Hämäläinen" <panuh[@]cs.tut.fi>
Subject: Re: Triple-DES vs. RC4
Date: Mon, 23 Apr 2001 16:36:12 +0300
http://www.eskimo.com/~weidai/benchmarks.html
-- Panu
------------------------------
From: "George T." <[EMAIL PROTECTED]>
Subject: Re: 1024bit RSA keys. how safe are they?
Date: Mon, 23 Apr 2001 09:33:02 -0400
Tom St Denis wrote in message ...
>>
>> Does anyone has idea how safe RSA 1024 bit keys are? Are they safe enough
>to
>> be used for encrypting credit card information, travelling over the
>internet
>> and or residing on servers (email) for more than 24 hours.
>
>Do you want a yes or no answer or something with meaning?
>
>Simpler answer: If all is done well a 1024-bit RSA key is sufficient for a
>long time assuming the key is not compromised.
>
>Not so simpler answer: Depends on for how long it's needed, how it's
>actually used (padding methods, protocols) and the underlying system in
>which it's used.
yes, I keep in mind that the key should not be compromised. I believe each
key would be used for some 6 months and then replaced by a new one.
>.........
>
>Tom
>
>
Thank you Tom, thanks to everyone else who replied.
George.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Triple-DES vs. RC4
Date: Mon, 23 Apr 2001 13:45:24 GMT
"Michael Schmidt" <[EMAIL PROTECTED]> wrote in message
news:9c1a0q$bkkj0$[EMAIL PROTECTED]...
> Hi,
>
> I'm looking for some performance survey about Triple-DES and RC4 (128 bit)
> used for payload encryption, preferably on a Pentium II or higher
processor
> (i.e. PC). I am aware that I'm comparing a block cipher with a stream
> cipher.
> However, Triple-DES and RC4 seem to be the only 2 popular, secure and
really
> commonly used payload encryption schemes, as used in SSL/TLS (web
browsers)
> as well as in Java (Java Cryptographic Architecture - JCA).
>
> Furthermore, how is the licensing situation for RC4, when used
commercially
> outside the US? Schneier writes in Applied Cryptography that RSA would
give
> you a hard time if you try to use it unlicensed, although there's no legal
> ground to that.
>
> Are there any serious attacks known against 128 bit RC4?
With a gig of output you can tell RC4 from random, regardless of the key
size.
What does "payload encryption" mean?
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: 1024bit RSA keys. how safe are they?
Date: Mon, 23 Apr 2001 13:47:49 GMT
"George T." <[EMAIL PROTECTED]> wrote in message
news:9c1b4h$ser$[EMAIL PROTECTED]...
>
> Tom St Denis wrote in message ...
> >>
> >> Does anyone has idea how safe RSA 1024 bit keys are? Are they safe
enough
> >to
> >> be used for encrypting credit card information, travelling over the
> >internet
> >> and or residing on servers (email) for more than 24 hours.
> >
> >Do you want a yes or no answer or something with meaning?
> >
> >Simpler answer: If all is done well a 1024-bit RSA key is sufficient for
a
> >long time assuming the key is not compromised.
> >
> >Not so simpler answer: Depends on for how long it's needed, how it's
> >actually used (padding methods, protocols) and the underlying system in
> >which it's used.
>
> yes, I keep in mind that the key should not be compromised. I believe each
> key would be used for some 6 months and then replaced by a new one.
That doesn't make sense. As long as the key hasn't been compromised you
shouldn't have to replace it. Think about it for a second. You're assuming
within six months of me getting your public key I will solve for your
private key.
While I agree periodic key changes (incrementals) are a good idea, your
reasoning is flawed.
> Thank you Tom, thanks to everyone else who replied.
In theory RSA is a very secure method of obtaining "PK"ness (think of Zen
then you will laugh I hope...) but that's only in theory. Often in practice
it's not so good (I can think of two instances off the top of my head...).
Tom
------------------------------
From: "Michael Schmidt" <[EMAIL PROTECTED]>
Subject: Re: Triple-DES vs. RC4
Date: Mon, 23 Apr 2001 15:56:33 +0200
"Tom St Denis" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
news:UlWE6.35375$[EMAIL PROTECTED]...
>
> "Michael Schmidt" <[EMAIL PROTECTED]> wrote in
message
> news:9c1a0q$bkkj0$[EMAIL PROTECTED]...
> > Hi,
> >
> > I'm looking for some performance survey about Triple-DES and RC4 (128
bit)
> > used for payload encryption, preferably on a Pentium II or higher
> processor
> > (i.e. PC). I am aware that I'm comparing a block cipher with a stream
> > cipher.
> > However, Triple-DES and RC4 seem to be the only 2 popular, secure and
> really
> > commonly used payload encryption schemes, as used in SSL/TLS (web
> browsers)
> > as well as in Java (Java Cryptographic Architecture - JCA).
> >
> > Furthermore, how is the licensing situation for RC4, when used
> commercially
> > outside the US? Schneier writes in Applied Cryptography that RSA would
> give
> > you a hard time if you try to use it unlicensed, although there's no
legal
> > ground to that.
> >
> > Are there any serious attacks known against 128 bit RC4?
>
> With a gig of output you can tell RC4 from random, regardless of the key
> size.
Does this threaten RC4's security?
>
> What does "payload encryption" mean?
Encryption of "user data", i.e. data to be kept confidential, rather than
encryption used for authentication purposes only.
Michael
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Triple-DES vs. RC4
Date: Mon, 23 Apr 2001 14:06:32 GMT
"Michael Schmidt" <[EMAIL PROTECTED]> wrote in message
news:9c1cbu$bob5e$[EMAIL PROTECTED]...
>
> "Tom St Denis" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
> news:UlWE6.35375$[EMAIL PROTECTED]...
> >
> > "Michael Schmidt" <[EMAIL PROTECTED]> wrote in
> message
> > news:9c1a0q$bkkj0$[EMAIL PROTECTED]...
> > > Hi,
> > >
> > > I'm looking for some performance survey about Triple-DES and RC4 (128
> bit)
> > > used for payload encryption, preferably on a Pentium II or higher
> > processor
> > > (i.e. PC). I am aware that I'm comparing a block cipher with a stream
> > > cipher.
> > > However, Triple-DES and RC4 seem to be the only 2 popular, secure and
> > really
> > > commonly used payload encryption schemes, as used in SSL/TLS (web
> > browsers)
> > > as well as in Java (Java Cryptographic Architecture - JCA).
> > >
> > > Furthermore, how is the licensing situation for RC4, when used
> > commercially
> > > outside the US? Schneier writes in Applied Cryptography that RSA would
> > give
> > > you a hard time if you try to use it unlicensed, although there's no
> legal
> > > ground to that.
> > >
> > > Are there any serious attacks known against 128 bit RC4?
> >
> > With a gig of output you can tell RC4 from random, regardless of the key
> > size.
>
> Does this threaten RC4's security?
Not really. Since most messages are under a kb in size RC4 can't be
compromised with only a few 1000 bytes..
Tom
------------------------------
From: "Michael Schmidt" <[EMAIL PROTECTED]>
Subject: Re: Triple-DES vs. RC4
Date: Mon, 23 Apr 2001 16:21:22 +0200
Thanks,
Excellent survey!
"Panu Hämäläinen" <panuh[@]cs.tut.fi> schrieb im Newsbeitrag
news:9c1b4c$aqq$[EMAIL PROTECTED]...
> http://www.eskimo.com/~weidai/benchmarks.html
>
> -- Panu
>
>
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: random square factoring?
Date: Mon, 23 Apr 2001 08:25:22 -0600
Reply-To: [EMAIL PROTECTED]
A similar method due to Dixon does work.
John Dixon, "Asymptotically fast factorization of integers." Math. Comp.
36 (1981), no. 153, 255--260.
------------------------------
From: "AY" <[EMAIL PROTECTED]>
Subject: Re: sdgsdg
Date: Mon, 23 Apr 2001 15:31:22 +0100
dfhdfh wrote in message <9bvc7o$[EMAIL PROTECTED]>...
> sdgsdgsdg
could newbie decrypt this for us?
AY
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: OTP breaking strategy
Date: Mon, 23 Apr 2001 08:27:31 -0600
Reply-To: [EMAIL PROTECTED]
The problem is not that all plaintexts are not equally likely. It is
that all cyphertexts are equally likely conditional on a given
plaintext.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Steganography with natural texts
Date: Mon, 23 Apr 2001 07:31:45 -0700
Benjamin Goldberg wrote:
[snip]
> Done right, if a signal is sent with both an AM and an FM signal on one
> frequency, both should be seperatly decodable, each without interfering
> with the other. Phase modulation might be dectable, though.
>
This sounds very familiar - isn't there a public information
distribution system for city use based on multiple modulation of
different characteristics of a carrier wave sending music and digitally
encoded information? I vaguely remember some kind of car radio receiver
with an alphanumeric display showing the encoded text carried on the FM
signal.
It's not billed as a steganographic system but it does demonstrates
feasibility.
>
> > P.S. Couldn't resist, here's my earliest memory of steganographic
> > "language" :
> >
> > Frank Herbert in "Dune", first published in 1965, has the Fremen on
> > Arrakis using steganography to send secret messages to one another by
> > embedding temporary neural imprints on the nervous systems of bats and
> > birds with a device called a "distrans". The creature's normal cry
> > then carries the message imprint which can be sorted from the carrier
> > wave by another "distrans".
>
> IIRC, there was also another, similar, form of stego in that series
> (maybe in that book, I don't recall) -- a [human] courier would have his
> voice altered in some way to include a signal, but without it being
> noticably different to a human ear. The courier would then be sent, his
> new voiceprint compared to the old one, and the message extracted. The
> courier himself wouldn't even know the contents of the message, and
> might even be told some other message as a cover, in case he's
> intercepted. He might not even know that his voice was altered.
>
> If he's caught and tortured for info, all he can give is the cover
> message he's been told. If his voiceprint is examined, then they still
> have to try to compare it to the original (which they might not have).
Yes, that's right. It's in Frank Hubert's "Dune Messiah", the immediate
sequel to "Dune."
A human carries a steganographic message as you described, intended only
for Paul Muad'Dib.
Isn't it interesting how fiction writers explore the social, political
and moral consequences and side effects of such matters with no need to
"explain" the science or the technology to justify the existence of the
matter? ( I'm going OT here, so be warned :-) )
For example, William Gibson's short stories and novels explored the
social, political and moral side of corporate information security and
practical information warfare years before the subject turned
"main-stream." Just read his short story "Burning Chrome", an
examination of the ethics and nature of hacking, theft and justice. A
powerful little gem of a modern day "morality play." :-)
So as the debate on censorship of papers on cracking steganographic
algorithm rages (see other threads in this group) I am reminded of the
themes explored in the work of William Gibson in the 1980s...
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: Ben Smith <[EMAIL PROTECTED]>
Subject: Re: sdgsdg
Date: Tue, 24 Apr 2001 00:56:27 +1000
On Mon, 23 Apr 2001, AY wrote:
> dfhdfh wrote in message <9bvc7o$[EMAIL PROTECTED]>...
> > sdgsdgsdg
>
> could newbie decrypt this for us?
I think you'll find it decrypts to "asdfasdfg"
ben
--
Always - what does that mean?
Forever - what does that mean?
It means we'll manage
-- Tricky, Christiansands
------------------------------
From: "AY" <[EMAIL PROTECTED]>
Subject: Re: 1024bit RSA keys. how safe are they?
Date: Mon, 23 Apr 2001 16:04:27 +0100
>Simpler answer: If all is done well a 1024-bit RSA key is sufficient for a
>long time assuming the key is not compromised.
Also the assumptions of the lack of breakthrough in factoring, and success
in building a "real" quantum computer, or at least a quantum circuit that
implements quantum factoring.
Not to mention "they" might be breaking 1024-bit RSA key for god knows how
long. Whilst I believe this not to be the case, you'll never know... in any
case that's what they want you to belive...
AY
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
