Cryptography-Digest Digest #241, Volume #14 Thu, 26 Apr 01 15:13:01 EDT
Contents:
Re: RC4 Source Code (Darren New)
Re: Quantum Crypto (SCOTT19U.ZIP_GUY)
Re: Censorship Threat at Information Hiding Workshop (Mike Rosing)
Re: impossible differentials (Mike Rosing)
Related Cryptography's book, conference, and magazine ("OTTO")
Re: Quantum Crypto ("Jack Lindso")
Re: lotus http encryption keys (Richard D. Latham)
key ("f")
Re: OTP WAS BROKEN!!! ("Douglas A. Gwyn")
Re: OTP WAS BROKEN!!! ("Douglas A. Gwyn")
Re: OTP WAS BROKEN!!! ("Douglas A. Gwyn")
Re: OTP WAS BROKEN!!! (newbie)
Re: RC4 Source Code (Bill Unruh)
Re: Quantum Crypto ("Roger Schlafly")
Re: OTP WAS BROKEN!!! ("Douglas A. Gwyn")
Re: Censorship Threat at Information Hiding Workshop ("Douglas A. Gwyn")
Re: effects of mistaken *partial* reuse of a OTP? ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: RC4 Source Code
Date: Thu, 26 Apr 2001 17:12:12 GMT
> Can anyone point the way to RC4 source code written in C or C++?
What you may be missing is that it's also known as "ARCFOUR". Try that in a
search engine, and you'll get fewer bad hits.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
schedule.c:7: warning: assignment makes calendar_week
from programmer_week without a cast.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Quantum Crypto
Date: 26 Apr 2001 17:15:57 GMT
[EMAIL PROTECTED] (Jack Lindso) wrote in
<[EMAIL PROTECTED]>:
>An article about QC, entanglement of photons and its implications on
>cryptography.
>A secure channel (by wolf's theorem) ???
>A perfect medium to convey OTP ?
>http://www.feedmag.com/templates/default.php3?a_id=1697
>
I think this is not all that new. Hasn't Sandia been doing
this for years. Yes quantum crypto will be neat but how does
one use it to store encrypted files on ones harddrive for later
use. What is more interesting are articles on quantum computing
something that we should fear. Especaially those whose encryption
methods are so weak that only one key exists that will give the
correct anwser. Since they will be able to test many keys at once
such that only a correct key can be found. It would make sense
to design crypto that virtually any tested key would yeild a solution.
But that is not where the trend in modern crypto is going. The
real question is WHY??
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Thu, 26 Apr 2001 12:24:30 -0500
Gerhard Wesp wrote:
>
> In article <[EMAIL PROTECTED]>, Terry Ritter <[EMAIL PROTECTED]> wrote:
> >From classic times, writers have sold their work to an audience of
> >individuals.
>
> Can you supply evidence/references supporting this claim?
>
> I'm not sure either, but I think some time before Gutenberg it was
> not uncommon for monks to spend most of their time copying books.
>
> I should think that the idea of Intellectual Property is a relatively
> new one.
>
> Perhaps a historian could comment on this?
It's ancient for sure. Artists claim rights over their paintings, and they
expect no one will touch them long after they are dead. When a sculpture
or violin is sold, the IP is in the artists' knowledge. The whole point of
this argument started from DVD protection - artists create what goes on them.
Sculptures and paintings are harder to duplicate than electronic bits. But
it's done all the time and people have unwittingly bought bogus artifacts
for huge sums of money.
The ability to sell multiple copies of a thing is what makes it valuable to
the seller - they can make lots of money by giving people what they want
and the cost to the individual is small. the artists have been squeezed
out of the equation over the past 50 years, and some of them see the net
as a way back to the front of the line. But they still want to be sure
they reap the benifits of their efforts, not somebody else who can simply
copy the bits.
It was called art long before it was called IP. But it's the same thing.
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: impossible differentials
Date: Thu, 26 Apr 2001 12:30:08 -0500
Tom St Denis wrote:
> For example in
>
> outputdiff = F(x xor wrong_key) xor F(x xor wrong_key xor input_diff)
>
> Since F is not linear the "wrong_key" (which is the difference caused by
> guessing the wrong key) does not commute and cancel out like it should
> have...
>
> if F were linear than
>
> = F(x xor wrong_key) xor F(x xor wrong_key xor input_diff)
> = F(x) xor F(x xor input_diff) xor wrong_key xor wrong_key
> = F(x) xor F(x xor input_diff)
>
> Er is that right?
Yup, the expectation that F is linear is what you're checking on.
For a good cipher, F is not linear :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: "OTTO" <[EMAIL PROTECTED]>
Subject: Related Cryptography's book, conference, and magazine
Date: Fri, 27 Apr 2001 01:50:54 +0800
Dear ALL,
Can give me about the information of the title,
Thank,
OTTO
------------------------------
From: "Jack Lindso" <[EMAIL PROTECTED]>
Subject: Re: Quantum Crypto
Date: Thu, 26 Apr 2001 21:02:23 +0200
Well you take the OTP and encrypt the contents of ones harddrive then you
can send the OTP securely to anyone you wish ....isn't it that simple. Sure
there is the issue of key management but that's beside the point.
I think that designing crypto "that virtually any tested key would yield a
solution"
is what OPT is all about.
If you meant more conventional ciphers than I think it's quite difficult
since you'll have to be able to reverse engineer a given cipher
independently of the key. Hmm.., meaning you will have to be able to break
this cipher since in today's ciphers, lets take SERPENT m="quantum" ===>
K||m = C lets say "ac234e45bd23a4"
which is quite randomly mapped. Now you say we have to be able to get C=
"compute"
or any other valid word ? Thus leading someone to believe he found the
"right" key ?
--
Anticipating the future is all about envisioning the Infinity.
http://www.atstep.com
====================================================
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Jack Lindso) wrote in
> <[EMAIL PROTECTED]>:
>
> >An article about QC, entanglement of photons and its implications on
> >cryptography.
> >A secure channel (by wolf's theorem) ???
> >A perfect medium to convey OTP ?
> >http://www.feedmag.com/templates/default.php3?a_id=1697
> >
>
> I think this is not all that new. Hasn't Sandia been doing
> this for years. Yes quantum crypto will be neat but how does
> one use it to store encrypted files on ones harddrive for later
> use. What is more interesting are articles on quantum computing
> something that we should fear. Especaially those whose encryption
> methods are so weak that only one key exists that will give the
> correct anwser. Since they will be able to test many keys at once
> such that only a correct key can be found. It would make sense
> to design crypto that virtually any tested key would yeild a solution.
> But that is not where the trend in modern crypto is going. The
> real question is WHY??
>
>
>
> David A. Scott
> --
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
> http://www.jim.com/jamesd/Kong/scott19u.zip
> My website http://members.nbci.com/ecil/index.htm
> My crypto code http://radiusnet.net/crypto/archive/scott/
> MY Compression Page http://members.nbci.com/ecil/compress.htm
> **NOTE FOR EMAIL drop the roman "five" ***
> Disclaimer:I am in no way responsible for any of the statements
> made in the above text. For all I know I might be drugged or
> something..
> No I'm not paranoid. You all think I'm paranoid, don't you!
>
------------------------------
From: [EMAIL PROTECTED] (Richard D. Latham)
Subject: Re: lotus http encryption keys
Date: 26 Apr 2001 12:35:38 -0500
[EMAIL PROTECTED] writes:
> He doesn't want to crack lotus. He wants to write a program that
> encrypts in similar fashion.
>
> I've no idea how lotus encrypts, sorry :-(
>
>
> On Thu, 26 Apr 2001 12:10:20 GMT, "Tom St Denis"
> <[EMAIL PROTECTED]> wrote:
>
> >
> >"cedric foll" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >> Hi,
> >> (excuse my english, I'm french)
> >> I would like writing a prog in C or Perl in order to crypt like lotus note
> >> do with the e-mail http password.
> >> For exemple :
> >> 355E98E7C7B59BD810ED845AD0FD2FC4 = password
> >> or
> >> CD2D90E8E00D8A2A63A81F531EA8A9A3 = lotus
> >> I read that it's the RC4 encryption's algorithm which is used, but this
> >> algo need a keys in order to crypt, so if it's this algo that is used what
> >> is the key ???
> >> If anybody have information about this, it will help me (an URL or a
> >> script with an explication).
> >
> >RC4 is a somewhat hard algorithm to break with a short key stream. If they
> >use a small input key you may be able to brute force it, otherwise you will
> >have to attack lotus somehow else.
> >
> >Tom
The Lotus Notes http password mechanism is merely a base64
encoding of the Userid ( the logon name + password ) seperated by
character, which I can't recall. Obviously, a web-server has to be
able to invert the process, and I snatched the code to do this from
the Apache source distribution, ap_base64.c in particular .:-)
IIRC, I had to use a IP trace to capture the line flows from the
browser to the HTTP server to and then play around a bit to determine
what the seperator character was ...
Voila ! I found my old code that does this stuff.
You take the Lotus Notes Username , for instance "Test User", and the
user's http password , let's say "testhttp", and concatonate these two
strings together with a ':' in the middle, thusly.
"Test User:testhttp"
and pass that off to the base64_encode() routine that you swiped from
Apache, and that's what you send in response to the HTTP
401. (assuming of course, that what you're up to here is emulating a
browser, and not some other nefarious purpose ).
So, just swipe the code out of ap_base64.c in the Apache source
distribution .
Calling this encryption is certainly a misnomer :-)
Hopefully, everyone realizes that this _isn't_ the mechanism that
Lotus Notes uses to do any of the "real encryption".
IIRC, that's all RSA public key stuff, leavened with the comment that
I have never investigated the mechanisms involved in the "unlocking"
of a Lotus Notes ID file to get access to the certificate and private
key information therein. I've been lead to beleive that it is "at
least as strong as the 1024 bit private key" hiding inside the ID
file, modulo not picking a predicatable pass-phrase <smile>.
--
#include <disclaimer.std> /* I don't speak for IBM ... */
/* Heck, I don't even speak for myself */
/* Don't believe me ? Ask my wife :-) */
Richard D. Latham [EMAIL PROTECTED]
------------------------------
From: "f" <[EMAIL PROTECTED]>
Subject: key
Date: Thu, 26 Apr 2001 20:12:51 +0200
3081 8902 8181 00C6 6F55 3283 E3D8 EF1D 77E6 01A3 6316 506A DB81 4885 FA2C
A299 AF9C E1CA D65D 05A1 B861 8AD1 A778 901B 445E AA99 FC1D 2683 1E99 8906
D684 4DCE B859 E7F5 3281 AB9C 3169 8413 BD3A A1A8 D26D CDE3 AB9C BCF5 808A
5EF1 40CC 81D0 B491 59C9 ED22 519A D12F 1361 BF52 0D37 EC42 2FB4 59DF 06F5
43EC 0A1E E3AD 4F6E 1FA4 7E88 4437 B902 0301 0001
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Thu, 26 Apr 2001 17:56:06 GMT
Tom St Denis wrote:
> Um ok whatever. How could I possibly use this knowledge
> in my day to day life?
First, despite the adage that there is no such thing as a
stupid question, that is one. It presupposes that you should
be prefiltering all knowledge by the criterion of its future
usefulness.
At least one other poster showed an application for Cantor's
diagonal method. Some of the concepts are essential to
measure theory, which is essential to continuous probability
theory, which is essential to information theory, which is
essential to sound cryptology.
> I don't know the half life of an Americium isotope,
> this may makes me a bad nuclear engineer but I don't care!
So long as you know how to look it up (and will actually *do*
that) when the need arises, that is fine. I've occasionally
needed to know half-lives and modes of emission of isotopes,
and I simply looked them up.
> To me infinity is just a concept... i.e lim (x -> oo) 1/x is zero, etc...
> I don't care that (oo)^2 != oo, etc..
Those are different concepts. There is a long history of
debate about "potential" infinity (i.e. a limiting notion)
versus an "actualizable" infinity (i.e. infinity as a number).
It is a pity that you don't care about interesting mathematics.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Thu, 26 Apr 2001 17:57:15 GMT
Tom St Denis wrote:
> Well I am not a math grad so what I know about math couldn't fill a thimble.
> But afaik infinity is not a number it's just an idea or abstract number used
> to simplify proofs.
Afayk isn't far enough to have been correcting somebody else
on the point.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Thu, 26 Apr 2001 17:59:48 GMT
newbie wrote:
> I'm just trying to present ideas.
> Do not forget that I'm newbie.
Then you should conduct yourself accordingly,
and not make wild claims counter to well-established facts.
> I have a text and random sequence.
> How to distinguish between the two.
> That is the core of the problem.
No, it isn't.
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Thu, 26 Apr 2001 14:23:23 -0300
If someone answering to ignorant people, that means he is not only
ignorant but stupid.
Ignorant man.
Lou Grinzo wrote:
>
> In general, I hate ignoring people, but if newbie keeps
> arguing and won't even demonstrate to demonstrate his/her
> technique, then I agreee that it's the only sane thing
> to do.
>
> Lou
>
> In article <KDVF6.65217$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] says...
> >
> > "Lou Grinzo" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > I think this discussion could really use a completely worked
> > > out example. I suggest the following: Someone post a piece
> > > of English prose encrypted with a OTP, and you crack it, and
> > > then show us the exact technique you used, step by step. Once
> > > you post your results, the person who created the encrypted
> > > message will post the original plaintext and the key.
> > >
> > > I'll volunteer to generate and post an encrypted message of a
> > > few hundred bytes. Are you willing to go along with the
> > > experiment?
> > >
> > > (Everyone reading this--please note that I'm NOT framing this
> > > as a "challenge" or anything similar. I'm simply suggesting
> > > this as a way to cut through a lot of the discussion, which
> > > seems to be going in circles at this point.)
> >
> > There has already been a few "stop the retard newbie" fake challenges (I
> > posted one of them). He won't learn, I suggest just ignore Newbie from now
> > on, until he/she learns.
> >
> > Tom
> >
> >
> >
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: RC4 Source Code
Date: 26 Apr 2001 18:32:26 GMT
In <SlPF6.17153$[EMAIL PROTECTED]> "Dirk Mahoney"
<[EMAIL PROTECTED] (remove the _)> writes:
>Can anyone point the way to RC4 source code written in C or C++?
RC4 source code is a trade secret. Noone knows it who can tell you.
There is an implimentation whose output is identical to the RC4 output,
called ARC4. Look for it with a web search enging.
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: Quantum Crypto
Date: Thu, 26 Apr 2001 17:28:07 GMT
"Jack Lindso" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> An article about QC, entanglement of photons and its implications on
> cryptography.
> A secure channel (by wolf's theorem) ???
> A perfect medium to convey OTP ?
> http://www.feedmag.com/templates/default.php3?a_id=1697
This article is filled with the usual silly and false claims for QC. Eg:
Quantum cryptography is the only way to ensure the absolute safety of a key.
This is because the key will be protected by the laws of physics.
What makes quantum communication perfect for cryptography is Heisenberg's
Uncertainty Principle.
This means that the spied-upon photons will carry an indelible record of any
third-party observation.
So, even though quantum cryptography can't ensure that someone won't try to
spy on you, it does mean that the recipient of your key can always tell how
much a third party has been listening in.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Thu, 26 Apr 2001 18:02:09 GMT
ink wrote:
> Somebody please just give him an example,
We already did, and there have been explanations in previous threads
that presumably are archived and available for search by the newbie.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Thu, 26 Apr 2001 18:14:45 GMT
> >Rather, the real problem here is the theft of content that started
> >the chain of developments.
AY wrote:
> What theft? How can you "steal" information that can be replicated without
> losing the original? No one has "lost" anything as such.
It's really very simple. The original creative work belongs
to the person who creates it. He agrees to let use use it for
certain purposes under certain conditions, which may or may
not involve payment. If you agree to those terms, you are
given access to the work. If you then do not follow the terms,
you have broken a (possibly implied) contract. A standard
condition for artistic work, especially if it is being used
commercially to generate revenue for the creator and his agents,
is that no copies be made. That is the basis of copyright.
Your duplication does result in a loss, namely loss of whatever
value the creator attached to the conditions for your access of
the work. Often that is loss of income, but loss of control is
often another lost value.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: effects of mistaken *partial* reuse of a OTP?
Date: Thu, 26 Apr 2001 18:20:57 GMT
Joseph Ashwood wrote:
> Assuming that the attacker knows that those 2 portions of the pads were
> identical, it will only reveal the information in those areas (and whatever
> can be deduced from them). Well that's true when it's an XOR-based OTP,
> other forms may reveal more but require more work to do it. The rest of the
> information will be as provably secure as before (provided, as you noted,
> that it cannot be derived form what leaks).
However, for most actual plaintext sources, there is considerable
"bleed" of information around the edges of the overlap region.
Consider: BEING ATTACKED AT RJ ONE TH...
There are three additional characters that can be determined with
virtual certainty, and several more after that that are highly
constrained (...REE DASH FIVE SIX).
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
