Cryptography-Digest Digest #238, Volume #14 Thu, 26 Apr 01 09:13:01 EDT
Contents:
Re: What Is the Quality of Randomness? (Sergei Lewis)
Re: Key scheduling of block cipher (Mok-Kong Shen)
lotus http's keys encryption (=?X-UNKNOWN?Q?C=E9dric_Foll?=)
Re: What Is the Quality of Randomness? ("Brian Gladman")
Re: Censorship Threat at Information Hiding Workshop (Gerhard Wesp)
Re: First analysis of first cipher ("Tom St Denis")
Re: RC4 Source Code ("Tom St Denis")
Re: _Roswell_ episode crypto puzzle (yomgui)
Re: SHA PRNG (Volker Hetzer)
lotus http encryption keys (cedric foll)
Re: lotus http encryption keys ("Tom St Denis")
What's up with counterpane.com ("Tom St Denis")
Re: What Is the Quality of Randomness? ([EMAIL PROTECTED])
Re: lotus http encryption keys ([EMAIL PROTECTED])
Re: What's up with counterpane.com (Volker Hetzer)
Re: RC4 Source Code ("Dirk Mahoney")
Re: RC4 Source Code ("Tom St Denis")
Re: What's up with counterpane.com ("Tom St Denis")
----------------------------------------------------------------------------
From: Sergei Lewis <[EMAIL PROTECTED]>
Subject: Re: What Is the Quality of Randomness?
Date: Thu, 26 Apr 2001 10:03:30 +0100
Mark G Wolf wrote:
> It wouldn't yield anything really useful in terms of decrypting it, but of
> course it wouldn't be a very useful message either. However, a long real
> message could yield enough information to at least give the number of each
> letter in the message. Assuming you did nothing else in your encryption
> process.
/sigh/
I think this may be what newbie was thinking, too.
Yes, the plaintext would alter the pad's statistics (consider the
degenerate case where the plaintext happens to be the inverse of the pad
you're using).
No, you couldn't calculate the plaintext from this, because you don't
know /which/ of the possible uniformly-distributed pads was used to
encrypt /which/ of the possible plaintexts. You have reduced the search
space somewhat: in fact, you did that when you chose to use a
uniformly-distributed pad rather than a truly random one that allows
things like all zeroes. But you still have absolutely *no* way of
telling *which* decryption in the search space is the valid one, and it
is provably still dense enough for the set of possible valid plaintext
decryptions to be large, since the OTP bits are /independent/.
The most an attacker can deduce, in this extreme case, if they *know*
the bits of the pad were uniformly distributed, is that the bits of the
plaintext were also uniformly distributed. The fact that they happened
to coincide exactly with the positions of the bits in the pad is of no
help since the attacker can't know /where/ the bits were.
--
Sergei Lewis - http://members.tripod.co.uk/~Folken
"I'm not falling - this is how I fly.."
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Key scheduling of block cipher
Date: Thu, 26 Apr 2001 11:32:37 +0200
Bryan Olson wrote:
>
[snip]
> If we choose a cipher with a reasonable key size, then we
> need not worry about brute force.
>
> All of the 17,000,000+ ways of modifying round keys were
> available to the designers of the cipher. But they chose
> the one and only key schedule that is not among the
> modifications. Why would we have selected this cipher in
> the first place if we believe these guesswork-based changes
> to be superior to the designers' decisions?
In fact I surmised that changing the order of the
rounds could produce negative effects if the cipher's
design is sensitive to that. On the other hand, I
still consider that the other method, namely xoring a
secret bit sequence to the subkeys could under
circumstances be useful, for that effectively means an
extension of the key size of the algorithm. All the
subkeys are derived from the user key, whose size is
fixed by the original design; now more 'key' bits
('entropy') get added in via the xor. Certainly, if one
considers a cipher to be safe enough, it's nonsense
to do anything extra. But if one happens to feel insecure
(for whatever reason), then this modification could be
a viable way to keep using the given cipher without
incurring risks in my humble view.
M. K. Shen
------------------------------
From: =?X-UNKNOWN?Q?C=E9dric_Foll?= <[EMAIL PROTECTED]>
Subject: lotus http's keys encryption
Date: Thu, 26 Apr 2001 11:58:55 +0200
Hi,
(excuse my english, I'm french)
I would like writing a prog in C or Perl in order to crypt like lotus note
do with the e-mail http password.
For exemple :
355E98E7C7B59BD810ED845AD0FD2FC4 = password
or
CD2D90E8E00D8A2A63A81F531EA8A9A3 = lotus
I read that it's the RC4 encryption's algorithm which is used, but this
algo need a keys in order to crypt, so if it's this algo that is used what
is the key ???
If anybody have information about this, it will help me (an URL or a
script with an explication).
Thanks to send me a copy at [EMAIL PROTECTED]
--
cedric foll
student in mathematical ingeenering
[EMAIL PROTECTED]
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: What Is the Quality of Randomness?
Date: Thu, 26 Apr 2001 11:32:12 +0100
"Sergei Lewis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Mark G Wolf wrote:
> > It wouldn't yield anything really useful in terms of decrypting it, but
of
> > course it wouldn't be a very useful message either. However, a long
real
> > message could yield enough information to at least give the number of
each
> > letter in the message. Assuming you did nothing else in your encryption
> > process.
>
> /sigh/
>
> I think this may be what newbie was thinking, too.
>
> Yes, the plaintext would alter the pad's statistics (consider the
> degenerate case where the plaintext happens to be the inverse of the pad
> you're using).
Yes there are messages that would alter the statistics but such messages
would be of low probability for any long reasonably long OTP bit stream.
When considering the overall statistical properties of the bit streams
involved such random correlations between the two input streams would not
therefore make a significant contribution to the overall statistics.
And in the particular case quoted - that of a constant repeating 8 bit
sequence ('A') - the single bit statistics will not change significantly if
the OTP is reasonably long and truly uniform. Moreover, the statistics of
8-bit sub-sequences (bytes) would not change at all.
If the single bit statistics were different in this example it would mean
that the 8 sub-streams formed by taking every 8'th bit of the original OTP
stream would have measurably different statistics. Although this would
happen in any isolated example it would not be statistically significant
over many trials if the original OTP was truly random and uniformly
distributed.
Brian Gladman
------------------------------
From: [EMAIL PROTECTED] (Gerhard Wesp)
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: 26 Apr 2001 11:10:55 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Terry Ritter <[EMAIL PROTECTED]> wrote:
>From classic times, writers have sold their work to an audience of
>individuals.
Can you supply evidence/references supporting this claim?
I'm not sure either, but I think some time before Gutenberg it was
not uncommon for monks to spend most of their time copying books.
I should think that the idea of Intellectual Property is a relatively
new one.
Perhaps a historian could comment on this?
Greetings,
-Gerhard
--
Afgrnd der Ensparngsmassnhmen bei den Onlne-Kostn ist ab sfort in jedm Wrt
von mhr als dri Buchstabn mindestns ein Vkal wegzlassn.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: First analysis of first cipher
Date: Thu, 26 Apr 2001 11:14:08 GMT
<[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> >
> > <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> [snip]
> > > I've seen some papers discussing the use of bent functions to generate
> > > strong S-boxes. Other papers discuss Hadamard matrices. What are the
> > > other common methods of generating strong S-boxes.
> >
> > Bent functions are bad ideas. They are not bijective and generally I
think
> > any function that loses information is a bad idea.
> >
> > You can also use GF inversion, feistel networks, sp networks..
> >
>
> What is the underlying design principle? If my S-box is a matrix filled
> with
> m-bit elements and the S-box input chooses the row and column, wouldn't
> the
> idea be to fill the matrix with elements that are maximally distanced
> from
> each other
When your round function is not a bijection it is possible to get nice two
round chars (well not always).
> > DES like designs are stupid...
>
> Hindsight is 20/20. Ten years from now today's smart algorithms may look
> "stupid" too.
True, but DES like designs are more muddle than math.
> >..They lack formal proofs of security. Current
> > trends are more towards mathematical designs...
>
> Proof of security or proof of complexity? I'm only aware of one cipher
> system
> that is provably secure and it is practically insecure due to key
> management problems.
Things like bent vectors and decorrelation are means of provable security
against known attacks.
One thing people must realize. If it resists all known attacks it is 100%
secure. The second it doesn't (i.e new attack invented) it's not 100%
secure.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: RC4 Source Code
Date: Thu, 26 Apr 2001 11:15:26 GMT
"Dirk Mahoney" <[EMAIL PROTECTED] (remove the _)> wrote in message
news:SlPF6.17153$[EMAIL PROTECTED]...
> Hi all,
>
> Can anyone point the way to RC4 source code written in C or C++?
Do you have a description of RC4 handy? If you can't implement it yourself
you need some comp.sci classes.
Tom
------------------------------
From: yomgui <[EMAIL PROTECTED]>
Crossposted-To: rec.puzzles
Subject: Re: _Roswell_ episode crypto puzzle
Date: Thu, 26 Apr 2001 12:28:17 +0100
Steve Roberts wrote:
>
> This puzzle (with its million possible answers) prompts me to post THE
> RIGHT QUESTION which you should ask entities that claim to be visiting
> space aliens.
>
> Entity: G'day, we are from xxx xxx [distant civilisation]
> You: Please tell me the factors of F20 (2^1048576+1)
hello,
first, thinks for your interresting extrapolations.
can you tell me what is F20 ? is it an Hex number ?
the following is a message send by someone to some self claimed
extraterrestrial.
trying to verify with an eventual answer that the ET is effectivelly
what he claims to be.
1011010111 100101 101000100111 - 110101111110 0100111
(I would just consider the dash as some sort separator)
I put the numbers in decimal here
727 37 2599 - 3454 39
your reflexion tells me that this could be a mathematical problem that
we can't solve.
any idea ?
thanks
--
���g��
oim 3d - surface viewer - http://i.am/oim
kryptyomic - encryption scheme - http://bigfoot.com/~kryptyomic
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Date: Thu, 26 Apr 2001 13:48:06 +0200
Peter Gutmann wrote:
>
> "Dobs" <[EMAIL PROTECTED]> writes:
>
> >Perhaps You know where can I find on the web the description of SHA PRNG or
> >the source code for it ( I mean not for SHA but SHA prng :) where this
> >algotithm is used :.
> >1. Make up a random string R and a binary counter C
> >2. Get T = HASH(R || C)
> >3. Increment C
> >4. Output T and goto 2 as required.
>
> This PRNG isn't very good, see Bob Baldwin's analysis of the BSAFE 3.x PRNG in
> an RSA labs bulletin dating from late 1998 (available from the RSA labs web
> site) where he analyses this type of PRNG and explains why BSAFE doesn't use
> it.
The theory itself is good (after all it's a PRF used in counter mode and formally
proven) but Bob didn't trust the hash functions available today (for good reasons).
Greetings!
Volker
--
They laughed at Galileo. They laughed at Copernicus. They laughed at
Columbus. But remember, they also laughed at Bozo the Clown.
------------------------------
From: cedric foll <[EMAIL PROTECTED]>
Subject: lotus http encryption keys
Date: Thu, 26 Apr 2001 14:00:47 +0200
Hi,
(excuse my english, I'm french)
I would like writing a prog in C or Perl in order to crypt like lotus note
do with the e-mail http password.
For exemple :
355E98E7C7B59BD810ED845AD0FD2FC4 = password
or
CD2D90E8E00D8A2A63A81F531EA8A9A3 = lotus
I read that it's the RC4 encryption's algorithm which is used, but this
algo need a keys in order to crypt, so if it's this algo that is used what
is the key ???
If anybody have information about this, it will help me (an URL or a
script with an explication).
--
Cedric Foll
France [EMAIL PROTECTED]
student in mathematical ingeenering
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: lotus http encryption keys
Date: Thu, 26 Apr 2001 12:10:20 GMT
"cedric foll" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi,
> (excuse my english, I'm french)
> I would like writing a prog in C or Perl in order to crypt like lotus note
> do with the e-mail http password.
> For exemple :
> 355E98E7C7B59BD810ED845AD0FD2FC4 = password
> or
> CD2D90E8E00D8A2A63A81F531EA8A9A3 = lotus
> I read that it's the RC4 encryption's algorithm which is used, but this
> algo need a keys in order to crypt, so if it's this algo that is used what
> is the key ???
> If anybody have information about this, it will help me (an URL or a
> script with an explication).
RC4 is a somewhat hard algorithm to break with a short key stream. If they
use a small input key you may be able to brute force it, otherwise you will
have to attack lotus somehow else.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: What's up with counterpane.com
Date: Thu, 26 Apr 2001 12:13:36 GMT
I used to look at Counterpane for some cool crypto stuff but lately their
site has become (using Schneier's own words) more "Buzzword compliant" then
before.
What a shame. Is he in a coma or something?
Sure sell your product but do it with fact not dazzle. (Or be a hypocrite!)
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What Is the Quality of Randomness?
Date: Thu, 26 Apr 2001 12:14:14 GMT
You cant *know* that a sequence is random. It is possible to throw 50
successive heads with a fair coin. It is possible that some
hypthetical generator of perfectly random sequences of ones and zeros
produces a sting of 60 ones:
111111111111111111111111111111111111111111111111111111111111
And if you think that is an unlikely random output, it is no more nor
less likely an output from such a generator than 59 ones and a zero,
thus:
111111111111111111111111111111111111111111111111111111111110
or 30 ones and 30 zeros as follows:
111010010111000101011100001101010001111010100100100111010111
Theyare all equally probable if the generator is truly random.
Essentially randomness in a string means that the probability of any
digit in the sequence taking any specific value is completely
independent of the values taken by all other digits in the sequence.
On Wed, 25 Apr 2001 16:41:01 -0500, "Mark G Wolf"
<[EMAIL PROTECTED]> wrote:
>> For example, in a bit stream that is known to repeat the sequence
>> '110110110010' endlessly, there is no randomness even though 110 occurs
>more
>> frequently than 010.
>
>Exactly, now we're getting somewhere. Let's say we take some less than
>"perfect" random sequence, we'll agree that 0 and 1 repeat often, obviously.
>So does 00, 01, 10, 11, obviously. So does 000, 010, 110, etc. How about
>101010101 and 101001100010110110101 ? Now these should occur a lot less
>since they are longer sequences. My somewhat absurd question is, what's
>more random given a finite sequence, longer groupings that occur more often
>but have less predictable "sub" groups, or shorter groupings that have very
>regular patterns but occur less often? Both groups occurring at equally
>unpredictable intervals. I realize that question kind of "folds" in on
>itself. But one would think that in a truly random sequence, the longer the
>grouping the less likely it is to repeat again. What's the mathematical
>relationship that brings those two extremes into "balance".
>
>
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: lotus http encryption keys
Date: Thu, 26 Apr 2001 12:20:25 GMT
He doesn't want to crack lotus. He wants to write a program that
encrypts in similar fashion.
I've no idea how lotus encrypts, sorry :-(
On Thu, 26 Apr 2001 12:10:20 GMT, "Tom St Denis"
<[EMAIL PROTECTED]> wrote:
>
>"cedric foll" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> Hi,
>> (excuse my english, I'm french)
>> I would like writing a prog in C or Perl in order to crypt like lotus note
>> do with the e-mail http password.
>> For exemple :
>> 355E98E7C7B59BD810ED845AD0FD2FC4 = password
>> or
>> CD2D90E8E00D8A2A63A81F531EA8A9A3 = lotus
>> I read that it's the RC4 encryption's algorithm which is used, but this
>> algo need a keys in order to crypt, so if it's this algo that is used what
>> is the key ???
>> If anybody have information about this, it will help me (an URL or a
>> script with an explication).
>
>RC4 is a somewhat hard algorithm to break with a short key stream. If they
>use a small input key you may be able to brute force it, otherwise you will
>have to attack lotus somehow else.
>
>Tom
>
>
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: What's up with counterpane.com
Date: Thu, 26 Apr 2001 14:40:47 +0200
Tom St Denis wrote:
>
> I used to look at Counterpane for some cool crypto stuff but lately their
> site has become (using Schneier's own words) more "Buzzword compliant" then
> before.
The labs page is the same as always, isn't it?
I almost never look at the other stuff.
Greetings!
Volker
--
They laughed at Galileo. They laughed at Copernicus. They laughed at
Columbus. But remember, they also laughed at Bozo the Clown.
------------------------------
Reply-To: "Dirk Mahoney" <[EMAIL PROTECTED] (remove the _)>
From: "Dirk Mahoney" <[EMAIL PROTECTED] (remove the _)>
Subject: Re: RC4 Source Code
Date: Thu, 26 Apr 2001 12:28:33 GMT
> > Hi all,
> >
> > Can anyone point the way to RC4 source code written in C or C++?
>
> Do you have a description of RC4 handy? If you can't implement it
yourself
> you need some comp.sci classes.
>
> Tom
Tom,
Thank-you for that friendly and helpful reply. If I had a description
handy, I probably would have coded it. I hope all newcomers to sci.crypt
aren't 'spoken' to like that.
- Dirk
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: RC4 Source Code
Date: Thu, 26 Apr 2001 13:03:53 GMT
"Dirk Mahoney" <[EMAIL PROTECTED] (remove the _)> wrote in message
news:RvUF6.17883$[EMAIL PROTECTED]...
> > > Hi all,
> > >
> > > Can anyone point the way to RC4 source code written in C or C++?
> >
> > Do you have a description of RC4 handy? If you can't implement it
> yourself
> > you need some comp.sci classes.
> >
> > Tom
>
> Tom,
>
> Thank-you for that friendly and helpful reply. If I had a description
> handy, I probably would have coded it. I hope all newcomers to sci.crypt
> aren't 'spoken' to like that.
What you need than is a desk reference like HAC or AC2.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: What's up with counterpane.com
Date: Thu, 26 Apr 2001 13:04:30 GMT
"Volker Hetzer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> >
> > I used to look at Counterpane for some cool crypto stuff but lately
their
> > site has become (using Schneier's own words) more "Buzzword compliant"
then
> > before.
> The labs page is the same as always, isn't it?
> I almost never look at the other stuff.
Yeah the labs is up but even that is "media whore" ish. Bah. Their
research is cool, just they go about getting the word out wrong.
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
