Cryptography-Digest Digest #264, Volume #14 Sun, 29 Apr 01 17:13:01 EDT
Contents:
Re: Secure Digital Music Initiative cracked? (Harvey Taylor)
Re: ancient secret writing (Mok-Kong Shen)
Re: 1024bit RSA keys. how safe are they? ("Dopefish")
Re: Censorship Threat at Information Hiding Workshop (Mok-Kong Shen)
Re: 1024bit RSA keys. how safe are they? ("Tom St Denis")
Re: Censorship Threat at Information Hiding Workshop ("Tom St Denis")
Re: Secure Digital Music Initiative cracked? (Mok-Kong Shen)
Re: A keen symmetric cipher idea ("Matt Timmermans")
RSA BRUTE FORCE (Erictim)
Re: RSA BRUTE FORCE ("Tom St Denis")
Re: RSA BRUTE FORCE ("Sam Simpson")
Re: RSA BRUTE FORCE (John Savard)
Re: 1024bit RSA keys. how safe are they? ("Scott Fluhrer")
Re: Secure Digital Music Initiative cracked? ("M.S. Bob")
Re: MS OSs "swap" file: total breach of computer security. (Alan Mackenzie)
Re: P1363 draft (David Hopwood)
----------------------------------------------------------------------------
From: Harvey Taylor <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Secure Digital Music Initiative cracked?
Date: Sun, 29 Apr 2001 12:02:28 -0700
In article <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> Marc wrote:
>
>> The suppressed paper is online. Read it while you can.
>
> Right said. Xerox is trying to remove the paper from the web.
>
http://cryptome.org/sdmi-attack.htm
http://cryptome.org/sdmi-attack02.htm
<gronk>
-het
--
"Sacred cows make the best hamburger." -Abby Hoffman
Harvey Taylor mailto:[EMAIL PROTECTED] http://www.pangea.ca/~het
Note: Pangea has been bought by MTS & my address is changing as of
May 1st to http://www.autobahn.mb.ca/~het/
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: ancient secret writing
Date: Sun, 29 Apr 2001 19:16:41 +0200
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > I tend also to think that there is a substantial probability
> > of the more recent stuffs like the Voynich Manuscript
> > being a hoax intended to fool people.
>
> The Voynich manuscript is hardly "recent".
> Also, if it is a hoax, it is an incredibly subtle one;
> for example, there are four (if I recall correctly) distinct
> "hands" (textual styles), which is a totally unnecessary detail
> for a hoax.
>
> > More sensible seems to spend resources on the very ancient
> > findings of archeology. But these are apparently very very
> > hard to attack, since we have no knowledge at all of the
> > languages involved.
>
> Which languages did you have in mind? Several have in fact
> been deciphered.
I meant stuffs like the Diskos of Phaistos (see Bauer's
book). There are, if I don't err, also quite a number of
written remnants of comparatively recently died-out cultures
of small isolated tribes, the 'decryption' of which could
certianly be of some scientific value.
BTW, I like to take this opportunity to mention a matter
which has only a very remote association with the topic
of the current thread. In some living languages there are
dialects that are so different from one another that,
when these are transcribed purely phonetically with the
Latin alphabet, they could lead to entirely different
looking character sequences. (Example: a number of dialects
in southern China.) This could lead to some confusion of
the opponent, if he doesn't have enough resources/competency
to tackle that. Here is a personal story concerning a
European language: Once I got a piece of writing which
belongs to the so-called Wiener Dichtung, a kind of phonetic
transcription of a lyric poetry when being pronounced in the dialect of
German in Vienna. I showed it to an Austrian-born
colleage and asked her whether she happended to know the
language in which it was written. She plainly failed the
task, until I asked her to attempt to read that piece of
writing aloud.
M. K. Shen
------------------------------
From: "Dopefish" <[EMAIL PROTECTED]>
Subject: Re: 1024bit RSA keys. how safe are they?
Date: Mon, 30 Apr 2001 00:22:26 -0500
virtual memory?
fish
--
======BEGIN SIGNATURE======
A.K.A "Dopefish" or "fish" for short on Usenet.
Microsoft? Is that some kind of toilet paper?
"Rockin' the town like a moldy crouton!"
- Beck (Soul Suckin' Jerk - Reject)
"Help me, I broke apart my insides. Help me,
I've got no soul to sell. Help me, the only thing
that works for me, help me get away from
myself."
- Nine Inch Nails (Closer)
=====BEGIN GEEK CODE BLOCK=====
Version: 3.12
GO dpu s++:++ a---- C++++ U--->UL
P L+ E? W++ N+++ o+ K--- w+>w+++++
O--- M-- V? PS+++ PE Y-- PGP t 5--
X+ R tv b+ DI D+ G-- e- h! r z
======END GEEK CODE BLOCK======
(www.geekcode.com)
======END SIGNATURE======
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:sAJF6.60365$[EMAIL PROTECTED]...
>
> "Bill Unruh" <[EMAIL PROTECTED]> wrote in message
> news:9c7mf9$b53$[EMAIL PROTECTED]...
> > In <9c6a7q$prj$[EMAIL PROTECTED]> [EMAIL PROTECTED] (Paul Schlyter) writes:
> >
> > ]In article <h54F6.38511$[EMAIL PROTECTED]>,
> > ]Tom St Denis <[EMAIL PROTECTED]> wrote:
> > ]
> > ]> "Brian Hetrick" <[EMAIL PROTECTED]> wrote in message
> > ]> news:vR3F6.31938$[EMAIL PROTECTED]...
> > ]>>
> > ]>> My own estimate is that the actual cost of brute forcing a 1024 bit
> > ]>> RSA key is about $150,000. See
> > ]>> http://www.geocities.com/tnotary/spcx509.html and
> > ]>> http://www.geocities.com/tnotary/spckeysize.html.
> >
> > I think that they are a bit pessimistic. A 1024 bit RSA key is not
> equivalent
> > to a 64 bit secret key. The standard factoring makes it equal to about a
> > 86 bit secret key.
> > (N= 2^1024, exp(1.9*ln(N)^(1/3)*ln(ln(N))^(2/3))= .6*10^26= 2^86)
> >
> > I would agree that a 1024 bit key for a signing authority seems a bit
> > small.
>
> Again like others you ignore the space arugment. You need (2^86)^2 (or is
> sqrt?) in either case you need *at least* eight terabits (one terabyte) of
> memory. That would be hard to come by since most computers probably don't
> have that much. (x86's can't even address that much).
>
> Sure we may have time to factor a 1024-bit number but nowhere near the
> space.
> >
> > ]>
> > ]> I bet I could break a 1024-bit RSA key I make with under 15 seconds
of
> > ]> work on a normal desktop computer.
> >
> > How much do you want to bet if you let me make the key?
>
> That wasn't my point. My point was to show that just using a big key is
not
> enough for security.
>
> Tom
>
>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Sun, 29 Apr 2001 19:29:30 +0200
"Douglas A. Gwyn" wrote:
>
> David A Molnar wrote:
> > Can we agree that Felten et. al. are not pirates?
>
> Sure, they weren't the one I was replying to.
> The real crime is not cracking the copy protection scheme.
> My point was that it is *also* not in using a copy protection scheme.
> Rather, the real problem here is the theft of content that started
> the chain of developments.
So Felten et al. are innocent, since they presumably don't
do any actual theft using their knowledge but the develpment
of techniques that circumvent the protection seems nonetheless
to be considered by the industry to be a big crime. In fact
that enables others to break the protection and steal the
contents which constitutes the 'actual' crime. In a similar
vein, wouldn't researches in number theory on efficient
methods of factoring that could defeat certain patented
PK algorithms also be considered criminal acts?
M. K. Shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: 1024bit RSA keys. how safe are they?
Date: Sun, 29 Apr 2001 17:31:06 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Dopefish" <[EMAIL PROTECTED]> wrote
in message news:[EMAIL PROTECTED]...
> virtual memory?
Hmm? PC's (x86's that is) can't address the required memory.
You would have to build a custom 64-bit machine with alot of memory
and tons of processing time. The sieve time alone would be around a
year at the least not to mention the multi-terabit sparse matrix you
would have to gauss....
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOuxP2wULrT+pXe8cEQJhqwCgomcpj1x+M10vTKkDIebQlYqD4yMAoJ9L
Vo/VfgZcXb3t5sLHdAVwSDZE
=x9JR
=====END PGP SIGNATURE=====
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Sun, 29 Apr 2001 17:32:57 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> "Douglas A. Gwyn" wrote:
> >
> > David A Molnar wrote:
> > > Can we agree that Felten et. al. are not pirates?
> >
> > Sure, they weren't the one I was replying to.
> > The real crime is not cracking the copy protection scheme.
> > My point was that it is *also* not in using a copy protection
> > scheme. Rather, the real problem here is the theft of content
> > that started the chain of developments.
>
> So Felten et al. are innocent, since they presumably don't
> do any actual theft using their knowledge but the develpment
> of techniques that circumvent the protection seems nonetheless
> to be considered by the industry to be a big crime. In fact
> that enables others to break the protection and steal the
> contents which constitutes the 'actual' crime. In a similar
> vein, wouldn't researches in number theory on efficient
> methods of factoring that could defeat certain patented
> PK algorithms also be considered criminal acts?
Most likely. I would bet in the next 10 years all forms of
cryptanalysis will come into the hotlight. Of course I am praying
that human thought will prevail against corporate imaginary money
seekers.
Next to come up will be itterative attacks like differential and
linear, slide, boomerang, etc... Heck eurocrypt will be made illegal
in the states within 3 years most likely :-(
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOuxQPwULrT+pXe8cEQIibgCdGKroY0Ph8EhtiTZzulvzo5njXn8AoNlJ
76RsQmRRs+lGXGypLb8b3e6Q
=5UMY
=====END PGP SIGNATURE=====
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Secure Digital Music Initiative cracked?
Date: Sun, 29 Apr 2001 19:48:53 +0200
Harvey Taylor wrote:
>
> <[EMAIL PROTECTED]> Marc wrote:
> >
> >> The suppressed paper is online. Read it while you can.
> >
> > Right said. Xerox is trying to remove the paper from the web.
> >
> http://cryptome.org/sdmi-attack.htm
> http://cryptome.org/sdmi-attack02.htm
YET it is on John Young's site. As Marc said, read it
while you can (since his site is within US jurisdiction).
This clearly examplifies an essential contribution of the
internet in information dissemination. (BTW, a newspaper
today says that the staff of a Russian newspaper that has
been apparently suppressed via political ways is now
publishing on the internet.)
M. K. Shen
------------------------------
From: "Matt Timmermans" <[EMAIL PROTECTED]>
Subject: Re: A keen symmetric cipher idea
Date: Sun, 29 Apr 2001 18:01:30 GMT
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:G5UG6.91214$[EMAIL PROTECTED]...
> This isn't secure against a chosen plaintext attack since you can
> simply do a binary search for c1 and c2.....but is it secure
> otherwise?
If you use polynomials over GF(2), then it's all linear in GF(2), and you
can solve for p and q if you have a single known plaintext.
If you use integers:
c=M mod q => E i | c = M-qi
qi=M-c
Factoring M-c will give you a small number of possible q's to try. p can be
found the same way, of course.
------------------------------
From: [EMAIL PROTECTED] (Erictim)
Date: 29 Apr 2001 20:04:44 GMT
Subject: RSA BRUTE FORCE
THERE ARE SOME THINGS I DON'T UNDERSTAND ABOUT THE RSA ALGORITHM. MY
UNDERSTANDING IS THAT RSA GENERATES A LARGE NUMBER (N) WHICH HAS ONE AND ONLY
ONE PAIR OF FACTORS(P AND Q) SECURITY IS DEPENDANT ON DIFFICULTY OF FACTORING
LARGE NUMBERS.
WHY IS FACTORING SO DIFFICULT? IF THEIR IS ONLY ONE PAIR OF FACTORS THAN
COMPUTERS ARE LIKELY FAST ENOUGH TO RUN A GREATER THAN,LESS THAN BRUTE FORCE
ATTACK?
STEPS
1) GET LARGE NUMBER (N)
2) USE GREATER THAN,LESS THAN BRUTE FORCE ATTACK TO FIND THE LENGTH
POSSIBILITIES OF THE FACTORS FOR (N)--(P AND Q)
3) USE GREATER THAN,LESS THAN BRUTE FORCE ATTACK TO FIND EACH POSSIBLE PAIR OF
DIGITS IN THE FACTORS(P AND Q)
4) REPEAT STEPS 1 TO 3 UNTIL FACTORS ARE FOUND
BRUTE FORCE GREATER THAN,LESS THAN ATTACK
TEST EACH POSSIBLE PAIR OF DIGITS BY BEGINNING AT THE LEFT SIDE OF THE NUMBER.
FILL ALL DIGITS TO THE RIGHT OF THE TEST PAIR WITH 9's. RUN THE ALGORITHM(SUCH
AS MULTIPLY THE TWO DIGITS). TEST IF THE RESULT IS GREATER THAN OR LESS THAN
THE NUMBER BEING COMPARED TO.
EXAMPLE
Y^X = Z(Y AND Z ARE KNOWN)
2^X=3.1691265E29
to find how large X is:
2^999=too large
2^99=too large
2^9=too small
X MUST BE 2 DIGITS SINCE THE MAXIMUM FOR ONE DIGIT IS TOO SMALL AND THE MAXIMUM
FOR 2 DIGITS IS TOO LARGE
too find the digits:
2^99=too large
2^89=too small
2^79=too small
THE FIRST DIGIT MUST BE A 9, BECAUSE EVERYTHING UNDER 9 IS TOO SMALL
2^99=too large
2^98=is equal
2^97=too small
X IS 98
OF COURSE THIS COULD BE DONE WITH PAIRS OF NUMBERS.
P * Q = N
(0,0) (0,1) (0,2) (0,3) (0,4) (0,5) (0,6) (0,7) (0,8) (0,9)
(1,1) (1,2) (1,3) (1,4) (1,5) (1,6) (1,7) (1,8) (1,9)
(2,2) (2,3) (2,4) (2,5) (2,6) (2,7) (2,8) (2,9)
(3,3) (3,4) (3,5) (3,6) (3,7) (3,8) (3,9)
(4,4) (4,5) (4,6) (4,7) (4,8) (4,9)
(5,5) (5,6) (5,7) (5,8) (5,9)
(6,6) (6,7) (6,8) (6,9)
(7,7) (7,8) (7,9)
(8,8) (8,9)
(9,9)
SWITCHING THE ORDER OF EACH PAIR LEAVES A TOTAL OF 110 PAIRS OF NUMBERS. BY
PLUGGING THESE PAIRS INTO FACTORS(P AND Q) AND REPLACING THE DIGITS TO THE
RIGHT WITH 9's A GREATER THAN,LESS THAN BRUTE FORCE ATTACK COULD BE USED TO
FIND FACTORS(P AND Q) IF (P) AND (Q) WERE BOTH 300 DIGITS LONG THERE WOULD BE
33000 POSSIBLE COMBINATIONS. NOTE: IT IS POSSIBLE FOR SOME DIGITS TO HAVE
MORE THAN ONE PAIR WHICH LOOK ACCURATE. IT IS ALSO POSSIBLE TO SIGNIFICANTLY
REDUCE THE AMOUNT OF NUMBER PAIRS NEEDED TO CHECK BY "SKIPPING"(FOR EXAMPLE:
IF THE PAIR (5,9) IS TESTED AND FOUND TO BE TOO SMALL THEN ALL NUMBERS BELOW
(5,9)--SUCH AS (1,2)-(3,4)-(5,6)...-- DO NOT NEED TO BE TESTED. IT IS NOT
LIKELY THAT MORE THAN 40000 SCENARIOS WOULD NEED TO BE TESTED. I ASSUME
COMPUTERS ARE SOMEWHAT FAST AT MULTIPLICATION. I ASSUME A TYPICAL PROCESSOR
COULD TEST AT LEAST ONE SCENARIO EACH SECOND. IF THOSE TWO ASSUMPTIONS ARE
CORRECT THEN A SINGLE PROCESSOR COULD FIND THE FACTORS IN 11-12 HOURS. A
THOUSAND PROCESSORS WOULD HAVE THE FACTORS IN LESS THAN A MINUTE. THIS DOESN'T
SOUND VERY SECURE. AM I RIGHT? OR AM I WRONG AND STUPID?
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: RSA BRUTE FORCE
Date: Sun, 29 Apr 2001 20:09:18 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Erictim" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> THERE ARE SOME THINGS I DON'T UNDERSTAND ABOUT THE RSA ALGORITHM.
> MY UNDERSTANDING IS THAT RSA GENERATES A LARGE NUMBER (N) WHICH HAS
> ONE AND ONLY ONE PAIR OF FACTORS(P AND Q) SECURITY IS DEPENDANT ON
> DIFFICULTY OF FACTORING LARGE NUMBERS.
>
> WHY IS FACTORING SO DIFFICULT? IF THEIR IS ONLY ONE PAIR OF
> FACTORS THAN COMPUTERS ARE LIKELY FAST ENOUGH TO RUN A GREATER
> THAN,LESS THAN BRUTE FORCE ATTACK?
Write a program to search thru all possible 512-bit primes ... when
you finish the search I will give you my life.
> STEPS
>
> 1) GET LARGE NUMBER (N)
Large number would be >= 1024 bits.
> 2) USE GREATER THAN,LESS THAN BRUTE FORCE ATTACK TO FIND THE
> LENGTH POSSIBILITIES OF THE FACTORS FOR (N)--(P AND Q)
We know P and Q are around SQRT(N)... that's a huge range though!
> 3) USE GREATER THAN,LESS THAN BRUTE FORCE ATTACK TO FIND EACH
> POSSIBLE PAIR OF DIGITS IN THE FACTORS(P AND Q)
What is the GREATER THAN,LESS THAN brute force attack?
BTW don't post in caps and read some texts on number theory. HAC or
AC2 would be good.
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOux08AULrT+pXe8cEQKNiwCgjXa3MeDWTg1n1hYJ1qhTlTk9O0AAni4R
stjNvOl8e8ELnishy2+RmzM/
=ezYq
=====END PGP SIGNATURE=====
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: RSA BRUTE FORCE
Date: Sun, 29 Apr 2001 21:07:47 +0100
THERE ARE SOME THINGS I DON'T UNDERSTAND ABOUT KEYBOARDS. WHAT IS A CAPS
LOCK FOR? ;)
--
Regards,
Sam
http://www.scramdisk.clara.net/
Erictim <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> THERE ARE SOME THINGS I DON'T UNDERSTAND ABOUT THE RSA ALGORITHM. MY
> UNDERSTANDING IS THAT RSA GENERATES A LARGE NUMBER (N) WHICH HAS ONE AND
ONLY
> ONE PAIR OF FACTORS(P AND Q) SECURITY IS DEPENDANT ON DIFFICULTY OF
FACTORING
> LARGE NUMBERS.
>
> WHY IS FACTORING SO DIFFICULT? IF THEIR IS ONLY ONE PAIR OF FACTORS THAN
> COMPUTERS ARE LIKELY FAST ENOUGH TO RUN A GREATER THAN,LESS THAN BRUTE
FORCE
> ATTACK?
>
> STEPS
>
> 1) GET LARGE NUMBER (N)
>
> 2) USE GREATER THAN,LESS THAN BRUTE FORCE ATTACK TO FIND THE LENGTH
> POSSIBILITIES OF THE FACTORS FOR (N)--(P AND Q)
>
> 3) USE GREATER THAN,LESS THAN BRUTE FORCE ATTACK TO FIND EACH POSSIBLE
PAIR OF
> DIGITS IN THE FACTORS(P AND Q)
>
> 4) REPEAT STEPS 1 TO 3 UNTIL FACTORS ARE FOUND
>
> BRUTE FORCE GREATER THAN,LESS THAN ATTACK
>
> TEST EACH POSSIBLE PAIR OF DIGITS BY BEGINNING AT THE LEFT SIDE OF THE
NUMBER.
> FILL ALL DIGITS TO THE RIGHT OF THE TEST PAIR WITH 9's. RUN THE
ALGORITHM(SUCH
> AS MULTIPLY THE TWO DIGITS). TEST IF THE RESULT IS GREATER THAN OR LESS
THAN
> THE NUMBER BEING COMPARED TO.
>
> EXAMPLE
>
> Y^X = Z(Y AND Z ARE KNOWN)
> 2^X=3.1691265E29
>
> to find how large X is:
> 2^999=too large
> 2^99=too large
> 2^9=too small
> X MUST BE 2 DIGITS SINCE THE MAXIMUM FOR ONE DIGIT IS TOO SMALL AND THE
MAXIMUM
> FOR 2 DIGITS IS TOO LARGE
>
> too find the digits:
> 2^99=too large
> 2^89=too small
> 2^79=too small
> THE FIRST DIGIT MUST BE A 9, BECAUSE EVERYTHING UNDER 9 IS TOO SMALL
>
> 2^99=too large
> 2^98=is equal
> 2^97=too small
> X IS 98
>
> OF COURSE THIS COULD BE DONE WITH PAIRS OF NUMBERS.
>
> P * Q = N
>
> (0,0) (0,1) (0,2) (0,3) (0,4) (0,5) (0,6) (0,7) (0,8) (0,9)
> (1,1) (1,2) (1,3) (1,4) (1,5) (1,6) (1,7) (1,8) (1,9)
> (2,2) (2,3) (2,4) (2,5) (2,6) (2,7) (2,8) (2,9)
> (3,3) (3,4) (3,5) (3,6) (3,7) (3,8) (3,9)
> (4,4) (4,5) (4,6) (4,7) (4,8) (4,9)
> (5,5) (5,6) (5,7) (5,8) (5,9)
> (6,6) (6,7) (6,8) (6,9)
> (7,7) (7,8) (7,9)
> (8,8) (8,9)
> (9,9)
>
> SWITCHING THE ORDER OF EACH PAIR LEAVES A TOTAL OF 110 PAIRS OF NUMBERS.
BY
> PLUGGING THESE PAIRS INTO FACTORS(P AND Q) AND REPLACING THE DIGITS TO THE
> RIGHT WITH 9's A GREATER THAN,LESS THAN BRUTE FORCE ATTACK COULD BE USED
TO
> FIND FACTORS(P AND Q) IF (P) AND (Q) WERE BOTH 300 DIGITS LONG THERE
WOULD BE
> 33000 POSSIBLE COMBINATIONS. NOTE: IT IS POSSIBLE FOR SOME DIGITS TO
HAVE
> MORE THAN ONE PAIR WHICH LOOK ACCURATE. IT IS ALSO POSSIBLE TO
SIGNIFICANTLY
> REDUCE THE AMOUNT OF NUMBER PAIRS NEEDED TO CHECK BY "SKIPPING"(FOR
EXAMPLE:
> IF THE PAIR (5,9) IS TESTED AND FOUND TO BE TOO SMALL THEN ALL NUMBERS
BELOW
> (5,9)--SUCH AS (1,2)-(3,4)-(5,6)...-- DO NOT NEED TO BE TESTED. IT IS NOT
> LIKELY THAT MORE THAN 40000 SCENARIOS WOULD NEED TO BE TESTED. I ASSUME
> COMPUTERS ARE SOMEWHAT FAST AT MULTIPLICATION. I ASSUME A TYPICAL
PROCESSOR
> COULD TEST AT LEAST ONE SCENARIO EACH SECOND. IF THOSE TWO ASSUMPTIONS
ARE
> CORRECT THEN A SINGLE PROCESSOR COULD FIND THE FACTORS IN 11-12 HOURS. A
> THOUSAND PROCESSORS WOULD HAVE THE FACTORS IN LESS THAN A MINUTE. THIS
DOESN'T
> SOUND VERY SECURE. AM I RIGHT? OR AM I WRONG AND STUPID?
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: RSA BRUTE FORCE
Date: Sun, 29 Apr 2001 20:15:51 GMT
On 29 Apr 2001 20:04:44 GMT, [EMAIL PROTECTED] (Erictim) wrote, in part:
>WHY IS FACTORING SO DIFFICULT? IF THEIR IS ONLY ONE PAIR OF FACTORS THAN
>COMPUTERS ARE LIKELY FAST ENOUGH TO RUN A GREATER THAN,LESS THAN BRUTE FORCE
>ATTACK?
Not for numbers that are hundreds of digits long.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: 1024bit RSA keys. how safe are they?
Date: Sun, 29 Apr 2001 13:03:40 -0700
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:udYG6.92831$[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> "Dopefish" <[EMAIL PROTECTED]> wrote
> in message news:[EMAIL PROTECTED]...
> > virtual memory?
>
> Hmm? PC's (x86's that is) can't address the required memory.
To be pedantic, they can. Remember, an x86 (for x>=3) really has 48 bit
virtual addresses, and while that capability isn't typically used, it's
still there. And while 2 of the bits unusable for virtual addressing
purposes, and there appears to be some technical difficulties if you really
push the limits, an address space of 44 bits should be quite doable.
Now, virtual memory (which we are talking here) does appear to be less
useful when doing the second phase, which appears to have a huge working
set.
>
> You would have to build a custom 64-bit machine with alot of memory
> and tons of processing time. The sieve time alone would be around a
> year at the least not to mention the multi-terabit sparse matrix you
> would have to gauss....
>
> Tom
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
> Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
>
> iQA/AwUBOuxP2wULrT+pXe8cEQJhqwCgomcpj1x+M10vTKkDIebQlYqD4yMAoJ9L
> Vo/VfgZcXb3t5sLHdAVwSDZE
> =x9JR
> -----END PGP SIGNATURE-----
>
>
>
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Secure Digital Music Initiative cracked?
Date: Sun, 29 Apr 2001 21:13:44 +0100
Tom St Denis wrote:
>
> "M.S. Bob" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > David A Molnar wrote:
> > >
> > > Roger Schlafly <[EMAIL PROTECTED]> wrote:
> > > * If it is too dangerous to take information from the
> > > manufacturers and illegal to take information from
> > > reverse
> > > engineering devices, then *how* is research on these
> > > technologies
> > > to be conducted? (I am taking it as a given that such
> > > research
> > > should be undertaken).
> > > Do we know how broad the DMCA's exemption for security
> > > research is?
> >
> > Well if the DMCA was law earlier in US history, then the DMCA could
> > of been used against:
> >
> > RC4/ARC4
> > WEP
> > PTPP
> > NT LAN Manager (NTLM)
> > A5 (the US effort, at Berkeley)
> > Netscape random number genenator
>
> To add to this list
>
> The three RSA inc. DES challenges
> The RSA RC5 challenges
> The RSA RSA Challenges
> The Certicom ECC challenges
> The Samba hash crack (the one that uses a single round of DES etc..)
> The Unix hash cracks (basically any password cracker).
>
> Not to mention the wealth of public cryptanalysis that fills
> euro/asia crypt journals.
The algorithms I mentioned were reverse engineered without the
author/designer/owner/whatever's express permission. The RSA Security
Inc and Certicom's challenges were with their blessing and in regards
to previously published algorithms.
I admit, I'm not certain of the details behind the Netscape RNG effort,
I believe it was without Netscape's/ Mosaic Communication's blessing.
I'm not sure if early knowledge about DES and banking (PIN numbers, data
stored on magnetic swipe or smartcards) might of also been affected. I
don't know much how was reverse engineered verses analyzing published
documentation (from X9, NIST, SWIFT, ISO, IBM, etc.)
The US copyright/criminal law has no bearing on publishing or
conferences outside of USA.
------------------------------
From: Alan Mackenzie<[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker
Subject: Re: MS OSs "swap" file: total breach of computer security.
Date: Sun, 29 Apr 2001 11:09:50 +0000
[Followup-To: set. Feel free to change it!]
David Hopwood <[EMAIL PROTECTED]> wrote on Sun, 29 Apr 2001
05:46:55 +0100:
> It is possible, just about, but what is far from obvious from the
> Microsoft documentation is that it can *only* be done via a ring 0
> device driver, not directly from an application. In fact even with the
> co-operation of a device driver, it's decidedly non-trivial to access
> locked memory from a Windows application.
[ .... ]
Many thanks for a fascinating article on MS-Windows swapping behaviour
and "economical-with-the-truth" programmers' documentation.
> David Hopwood <[EMAIL PROTECTED]>
> ... If I revoke a public key but refuse to specify why, it is because
> the private key has been seized under the Regulation of Investigatory
> Powers Act; see www.fipr.org/rip
Er, wouldn't you be safer using the words "might be" rather than "is" in
the above?
--
Alan Mackenzie (Munich, Germany)
Email: [EMAIL PROTECTED]; to decode, wherever there is a repeated letter
(like "aa"), remove one of them (leaving, say, "a").
------------------------------
Date: Sun, 29 Apr 2001 21:28:45 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Subject: Re: P1363 draft
=====BEGIN PGP SIGNED MESSAGE=====
Full Name wrote:
> Anyone know how to get a copy of the P1363 draft? It's available at the
> IEEE web site, but in order to download it one hash to be a member of
> something and supply a username and a password. Can anybody join, or is
> this an insiders-only option?
Anybody can join either of the mailing lists
(see http://grouper.ieee.org/groups/1363/WorkingGroup/maillist.html);
the username and password are then mailed automatically. Everyone with
an interest in implementing or designing protocols using public key
cryptography should definitely have copies of P1363 and P1363a.
(The IEEE may get annoyed at me for saying this, but the last draft of
P1363, draft D13, which you can still download for free from the web
site, has no technical differences from the published 1363-2000 standard -
although of course you should buy the standard if you need to be formally
conformant to it.)
As far as P1363a is concerned, it looks to me as though there will need
to be another draft after D8, and that will probably be it before P1363a
is merged with 1363-2000.
BTW, if you want a free printed copy of the final standard (and your name
on the contributors list), go through the current P1363a draft and try to
find an error, or make a substantive technical comment. That's how I got
my copy of 1363-2000 :-) Seriously, more eyeballs looking for bugs
would definitely be beneficial.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOux5SjkCAxeYt5gVAQGSGQf+LntHqDRdkWhgFdLJ7qtMg+bChlu5hmMa
dXmI4Cumaol1EjY9XfTJaY40FkqASDfn+wgIMgjqHhlWaocyer74fUxPO0ozy6zl
AIqewEmAKxhZgnqCk7WXi0UO6zsTBt5mgYAPhihIFeNN3jCgRQf1OWCsVzuzbTL+
64n9+GQnm5uyFcgFLmufGyI4kyiKUhkjzSTXxhGwtbtvVjiG8rYnziUTlqSq3c1h
jyyd68aVSkvRXaX0hx5b68XIZz77ww2+SfrgpFKc5HfPBW46osocAzAC68wqcZ9+
jtBbhrSpZ6subw7peLChAEMueCQyB4jJc4BM0RUZc4gxwGr5rCFJ1g==
=/nit
=====END PGP SIGNATURE=====
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
