Cryptography-Digest Digest #289, Volume #14 Thu, 3 May 01 21:13:01 EDT
Contents:
Re: Avoiding bogus encryption products: Snake Oil FAQ (Mok-Kong Shen)
Re: Avoiding bogus encryption products: Snake Oil FAQ (Mok-Kong Shen)
Re: How much math is required to study this? (Paul Rubin)
Re: How much math is required to study this? ("Tom St Denis")
Re: A Question Regarding Backdoors (Rick Wash)
GNFS source code? (Ben Wellborn)
Re: Avoiding bogus encryption products: Snake Oil FAQ ("Henrick Hellström")
Free Triple DES Source code is needed. ([EMAIL PROTECTED])
Re: Rijndael Galois Field construction problem. (Walter Hofmann)
Re: Free Triple DES Source code is needed. ("Tom St Denis")
Re: Free Triple DES Source code is needed. ("Sam Simpson")
Re: Let's end this OTP argument (Benjamin Goldberg)
Re: Free Triple DES Source code is needed. ("Tom St Denis")
Re: Let's end this OTP argument ("Tom St Denis")
Re: 1024bit RSA keys. how safe are they? ("Scott Fluhrer")
Re: Free Triple DES Source code is needed. (Michael)
Re: RSA BRUTE FORCE (Erictim)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Avoiding bogus encryption products: Snake Oil FAQ
Date: Thu, 03 May 2001 23:06:16 +0200
Simon Hunt wrote:
>
> The current Wassanar ruling is that if products are generally available
> (i.e. over the counter, mail order etc), installable without considerable
> assistance from the manufacturer, and include crypto not easily modifiable
> by users, then they can be sold under the general software distribution
> licence.
>
> I think this holds for the whole of Europe now...
Is there no longer the 56 key bit restriction? When was
the change of the document done? BTW, which country
has implemented Wassenaar's crypto clause? (Germany
hasn't, if I don't err.)
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Avoiding bogus encryption products: Snake Oil FAQ
Date: Thu, 03 May 2001 23:27:02 +0200
"Henrick Hellström" wrote:
>
> The recommendation ought to be: Don't trust a cipher unless you are an
> experienced cryptographer or you know for sure that a majority of
> experienced cryptographers trust it. Period.
Nothing could be said against that. There is, however, a
difficulty of applying it in practice. For an average
user the first case definitely doesn't apply, so what
remains is the second case. Now how does one know for
'sure' that a majority of experienced cryptographers
trust a given cipher? I mean it's pretty difficult
to ascertain that, even if one were willing to confine
the set of 'experienced cryptographers' to the set
of academic cryptographers plus those in the open
profession. Thus, there seems to be no way to very
objectively determine whether a cipher is secure, i.e.
the evaluation is always more or less subjective, I am
afraid.
M. K. Shen
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: How much math is required to study this?
Date: 03 May 2001 14:33:55 -0700
I took the 3-year A-level course in high school (In
Denmark we've A, B and C level courses in high school) which among other
things includes integration calculus, vectorials (is that what it's called
in English?) and elementary number theory (not analytical). I've read a book
on analytical number theory on my own.
I think you know as much math as most people on this newsgroup, though
not as much as the real experts. By "vectorials" I think you mean linear
algebra (you'd have studied matrices, determinants, etc). At university
you should take a class in abstract algebra (groups, rings, fields, etc.)
and then you'll be able to understand systems like RSA pretty well.
Books to look at:
Applied Cryptography (2nd ed.) by Bruce Schneier -- this is the standard
reference that everyone here should read
A Course in Number Theory and Cryptography, by Neil Koblitz --
more theoretical but a good introduction to number theory algorithms
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: How much math is required to study this?
Date: Thu, 03 May 2001 21:47:41 GMT
"Paul Rubin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I took the 3-year A-level course in high school (In
> Denmark we've A, B and C level courses in high school) which among
other
> things includes integration calculus, vectorials (is that what it's
called
> in English?) and elementary number theory (not analytical). I've read
a book
> on analytical number theory on my own.
>
> I think you know as much math as most people on this newsgroup, though
> not as much as the real experts. By "vectorials" I think you mean linear
> algebra (you'd have studied matrices, determinants, etc). At university
> you should take a class in abstract algebra (groups, rings, fields, etc.)
> and then you'll be able to understand systems like RSA pretty well.
>
> Books to look at:
> Applied Cryptography (2nd ed.) by Bruce Schneier -- this is the standard
> reference that everyone here should read
> A Course in Number Theory and Cryptography, by Neil Koblitz --
> more theoretical but a good introduction to number theory algorithms
I just got my copy of Neils Book today... I skimed thru it (I like page 160
:-). It's a very good looking book (I haven't read it through) but what I
have read is very concise, easy to follow etc.
Applied Crypto is a good intro and reference text too.
Tom
------------------------------
From: Rick Wash <[EMAIL PROTECTED]>
Subject: Re: A Question Regarding Backdoors
Date: 03 May 2001 18:12:59 -0400
"Tom St Denis" <[EMAIL PROTECTED]> writes:
> "Rick Wash" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > "Tom St Denis" <[EMAIL PROTECTED]> writes:
> >
> > > "Tim Smith" <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]...
> > > > On Mon, 30 Apr 2001 11:11:33 GMT, Tom St Denis <[EMAIL PROTECTED]>
> > > > wrote:
> > > > > Then he should ask the right question which is "Is it legal to
> > > > > use > 256-bit symmetric keys in the US". This has nothing todo
> > > > > with AES or possible
> > > >
> > > > That's not the right question. The right question is whether he
> > > > has to put a backdoor into his system, which is what he asked. No
> > > > one else seems to be having trouble understanding the question, so
> > > > the problem is you, not him.
> > >
> > > To me that's the last thing a serious cryptographer should be
> > > asking. Most have problems enough with inadvertant bugs that
> > > cripple systems (PGP, Netscape, etc...) let alone intentional bugs
> > > or faults.
> >
> >
> > No, it is not. At the very least, the US government has made some
> > very serious proposals for backdoors into cryptosystems. For example,
> > look at the proposed Key Escrow systems. One of the drawbacks of
> > these systems is that they only work if everyone plays by the rules,
> > and to get everyone to play by the rules the government will have to
> > outlaw non-backdoored crypto. If a serious cryptographer plans to
> > continue being a serious cryptographer, then he/she should be careful
> > to obey the law and not end up in jail.
> >
> > I personally don't like the idea of having backdoors in my crypto
> > software, whether intentional or not, but when I write the software I
> > am careful to check and make sure that I will not end up in jail for
> > it. It is a very important question, and a good thing that he asked.
> > Better safe than sorry in a case like this.
>
> The problem with crypto laws
>
> a) Written by brain-dead idiots
> b) Usually don't matter
> c) Goto a.
>
> If you restrict the use of legitimate crypto what says criminals would
> follow the law? Also the purpose of limitting crypto is not to ensure the
> safety of law abiding people it's to catch criminals (just incase anyone
> wants to bring gun laws in here that's not the point.
I agree with you politically, but when I write legitimate crypto
software, I don't intend to go to jail for it, and as such I like to
check what the regulations are. I am very happy that there are no
restrictions as to what I can write, but I still think it is prudent
to check, which is what the original poster was asking.
And actually, one of the purposes of limiting crypto is for "national
security", which is along the lines of public safety. I don't think
limiting it is a good method of ensuring national security, but some
do.
> Personally within the US afaik there are no restrictions. If you want
> international crypto move to Canada or europe or something.
There are limitations. Basically, for commercial software you need an
export licence which is supposedly fairly easy to get, and for open
source software you need to send the gov't a copy.
Right now the crypto laws are lax enough that there is not a
significant distinction. However, due to patent issues, some
algorithms may be available for use in some places and not others.
Me, personally, I like studying cryptography more than I like using it
(since I have to compelling reason to worry about my data, for the
most part). And fortunately, the academic study of cryptography is
for the most part unrestricted.
Rick Wash
------------------------------
From: Ben Wellborn <[EMAIL PROTECTED]>
Subject: GNFS source code?
Date: Thu, 03 May 2001 22:15:45 GMT
Does anyone know where I can acquire source to the General Number Field
Sieve (or even the Special Number Field Sieve) ??
I've heard it's publicly available.
I'm finishing construction of a beowulf, and I want to put it through
it's paces.
-Ben
------------------------------
From: "Henrick Hellström" <[EMAIL PROTECTED]>
Subject: Re: Avoiding bogus encryption products: Snake Oil FAQ
Date: Fri, 4 May 2001 00:35:10 +0200
"Mok-Kong Shen" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
>
>
> "Henrick Hellström" wrote:
> >
>
> > The recommendation ought to be: Don't trust a cipher unless you are an
> > experienced cryptographer or you know for sure that a majority of
> > experienced cryptographers trust it. Period.
>
> Nothing could be said against that. There is, however, a
> difficulty of applying it in practice.
Yes, of course. But that particular objection was pointed towards the
statement that it was foolish to engage in both cipher development and
commersial software development. It is probably true that practically all
ciphers the layman might come in contact with and should beware of are
developed by people with such engagements. On the other hand I guess that a
great deal of the ciphers people usually trust are also developed by people
with commersial engagements, e.g. Counterpane, IBM, RSA labs, etc. And it is
likewise difficult to apply a principle that in practice boils down to the
recommendation that almost no cipher should be trusted.... Furthermore, I
suspect that a number of respectable security companies in their
advertisment claim that they develop their own ciphers, but hardly ever
deploy them except when explicitly requested by the customer and only in
exclusive license products.
--
Henrick Hellström [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
From: [EMAIL PROTECTED]
Subject: Free Triple DES Source code is needed.
Date: Thu, 03 May 2001 22:51:03 GMT
Hi;
I have looked every where on the web to find a Free C/C++ Source Code
implementation of Triple-DES.
I have found some, but it either has a damaged zip or tar file.
Can some one help me please? Where can I find the Triple DES source code?
Thanks
Mike
------------------------------
From: [EMAIL PROTECTED] (Walter Hofmann)
Subject: Re: Rijndael Galois Field construction problem.
Date: Fri, 4 May 2001 00:51:15 +0200
Reply-To: [EMAIL PROTECTED]
On 2 May 2001 05:03:38 GMT, David Wagner <[EMAIL PROTECTED]> wrote:
>
>Maybe I don't understand finite field arithmetic well enough, but this
>remark doesn't look right to me. In particular, the multiplicative group
>GF(256)^* has 255 elements, which is not prime, so not all elements are
>generators.
Every finite subgroup of the multiplicatice group of a field is cyclic.
Therefore the number of generators is phi(255)=128.
>If g is a generator, then g^3 and g^5 are not generators of
>the multiplicative group (to give two examples) since 3 and 5 divide 255.
Exactly.
>Also, 0 is not a generator. Did I misunderstand something?
0 is not an element of the multiplicative group.
Walter
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Free Triple DES Source code is needed.
Date: Thu, 03 May 2001 23:11:00 GMT
<[EMAIL PROTECTED]> wrote in message
news:rhlI6.389$[EMAIL PROTECTED]...
>
> Hi;
>
> I have looked every where on the web to find a Free C/C++ Source Code
> implementation of Triple-DES.
> I have found some, but it either has a damaged zip or tar file.
>
> Can some one help me please? Where can I find the Triple DES source code?
Not to be picky but look harder. It's not hard to find FTP's that have tons
of source code.
Second what is this C/C++ thing you talk about? It's C *OR* C++ not both.
That's like saying I eat apple-pears instead "i eat apples and/or pears".
The combo is non-existant.
Third why are you using the aging 3DES? Is it for some compliancy issue?
If so, well I feel for ya. If not, I suggest you modernize your crypto
knowledge (if the algorithm is older than you or any of your school-going
children it's outdated. As for me DES is about 5 years older then I am
...). This is not to say AES will be "worthless" in 2006 or so but just
that DES is fairly old, inefficient, not terribly secure and generally just
a bad cipher.
Nuff ranting. If you really really need some check out
http://the.wiretapped.net/security/cryptography/algorithms/
Tom
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: Free Triple DES Source code is needed.
Date: Fri, 4 May 2001 00:20:43 +0100
Neatly ignoring the fact (again...) that banks still mandate 3DES and most
serious cryptographers also recommend 3DES for high security applications.
Out of interest Tom, what would *you* recommend to users that perceive the
need for the best available security?
--
Regards,
Sam
http://www.scramdisk.clara.net/
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:8AlI6.9614$[EMAIL PROTECTED]...
>
> <[EMAIL PROTECTED]> wrote in message
> news:rhlI6.389$[EMAIL PROTECTED]...
> >
> > Hi;
> >
> > I have looked every where on the web to find a Free C/C++ Source Code
> > implementation of Triple-DES.
> > I have found some, but it either has a damaged zip or tar file.
> >
> > Can some one help me please? Where can I find the Triple DES source
code?
>
> Not to be picky but look harder. It's not hard to find FTP's that have
tons
> of source code.
>
> Second what is this C/C++ thing you talk about? It's C *OR* C++ not both.
> That's like saying I eat apple-pears instead "i eat apples and/or pears".
> The combo is non-existant.
>
> Third why are you using the aging 3DES? Is it for some compliancy issue?
> If so, well I feel for ya. If not, I suggest you modernize your crypto
> knowledge (if the algorithm is older than you or any of your school-going
> children it's outdated. As for me DES is about 5 years older then I am
> ...). This is not to say AES will be "worthless" in 2006 or so but just
> that DES is fairly old, inefficient, not terribly secure and generally
just
> a bad cipher.
>
> Nuff ranting. If you really really need some check out
>
> http://the.wiretapped.net/security/cryptography/algorithms/
>
> Tom
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Let's end this OTP argument
Date: Fri, 04 May 2001 00:00:10 GMT
Simon Hunt wrote:
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> <news:UtJD6.89$[EMAIL PROTECTED]>...
> > Below is a 8-bit per char (ASCII) encoded message using a winRNG as
> > a OTP pad (I don't know the pad even, well I know the message).
> >
> > The message is null terminated so you are given one byte of the
> > pad...
> >
> > 69 d0 2c a8 d9 55 1a b8 79 41 0d af 4f 31 fe e1
> > b8 6e a2 2b f4 d4 64 cf be 9d b4 54 00 05 9c 3a
> > ba b4 e8 fd d2 f7 78 9f c6 c1 23 70 c0 7a c7 76
> > eb 00 90 05 68 12 b6 82 5e 2e 9e 16 3a ed 18 46
> >
> > If you can tell me the message please disclose it here!
>
> Am I missing something, or could this mean ANY 64 character message as
> there are 64^256 possible pads for this message?
You've got it a bit backwards... First off, one byte of the pad is
known, since the message is null terminated. So the last byte of the
pad is known to be 0x46. So there are 63 unknown bytes. This is 256^63
possible padds, not 64^256. Converting into a more familiar form, this
is 2^504, or 10^151 different pads.
--
Shift to the left, shift to the right, mask in, mask out, BYTE, BYTE,
BYTE !!!
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Free Triple DES Source code is needed.
Date: Fri, 04 May 2001 00:21:10 GMT
"Sam Simpson" <[EMAIL PROTECTED]> wrote in message
news:GKlI6.20072$[EMAIL PROTECTED]...
> Neatly ignoring the fact (again...) that banks still mandate 3DES and most
> serious cryptographers also recommend 3DES for high security applications.
>
> Out of interest Tom, what would *you* recommend to users that perceive the
> need for the best available security?
IDEA, RC5 or Rijndael come to mind.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Let's end this OTP argument
Date: Fri, 04 May 2001 00:22:47 GMT
"Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Simon Hunt wrote:
> > "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> > <news:UtJD6.89$[EMAIL PROTECTED]>...
> > > Below is a 8-bit per char (ASCII) encoded message using a winRNG as
> > > a OTP pad (I don't know the pad even, well I know the message).
> > >
> > > The message is null terminated so you are given one byte of the
> > > pad...
> > >
> > > 69 d0 2c a8 d9 55 1a b8 79 41 0d af 4f 31 fe e1
> > > b8 6e a2 2b f4 d4 64 cf be 9d b4 54 00 05 9c 3a
> > > ba b4 e8 fd d2 f7 78 9f c6 c1 23 70 c0 7a c7 76
> > > eb 00 90 05 68 12 b6 82 5e 2e 9e 16 3a ed 18 46
> > >
> > > If you can tell me the message please disclose it here!
> >
> > Am I missing something, or could this mean ANY 64 character message as
> > there are 64^256 possible pads for this message?
>
> You've got it a bit backwards... First off, one byte of the pad is
> known, since the message is null terminated. So the last byte of the
> pad is known to be 0x46. So there are 63 unknown bytes. This is 256^63
> possible padds, not 64^256. Converting into a more familiar form, this
> is 2^504, or 10^151 different pads.
Actually this is wrong too. You know for example that all of the top bits
are zero too (it's ascii) so it's at best 128^63 or 2^441 possible pads.
Tom
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: 1024bit RSA keys. how safe are they?
Date: Thu, 3 May 2001 17:14:25 -0700
Lawrence Kirby <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <9chso8$fjh$[EMAIL PROTECTED]>
> [EMAIL PROTECTED] "Scott Fluhrer" writes:
>
> >
> >Tom St Denis <[EMAIL PROTECTED]> wrote in message
> >news:udYG6.92831$[EMAIL PROTECTED]...
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> "Dopefish" <[EMAIL PROTECTED]> wrote
> >> in message news:[EMAIL PROTECTED]...
> >> > virtual memory?
> >>
> >> Hmm? PC's (x86's that is) can't address the required memory.
> >
> >To be pedantic, they can. Remember, an x86 (for x>=3) really has 48 bit
> >virtual addresses, and while that capability isn't typically used, it's
> >still there.
>
> IA32 has a 32 bit data path into the page translation hardware so
> all segments must exist in the same 4GB address space.
True -- that's why I wrote that there are some technical problems with
really pushing the limits. However, you can easily [1] have lots of 1 Gig
to 2/3 Gig segments, and swap around page table entries whenever you change
segments. It's not pretty, but like a dog walking on its hind legs, the
question isn't whether it's pretty, but whether it can be done at all.
[1] For an admittedly odd definition of "easily"
--
poncho
------------------------------
From: [EMAIL PROTECTED] (Michael)
Subject: Re: Free Triple DES Source code is needed.
Date: Fri, 04 May 2001 00:35:01 GMT
In article <rhlI6.389$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> I have looked every where on the web to find a Free C/C++ Source Code
> implementation of Triple-DES.
> I have found some, but it either has a damaged zip or tar file.
> Can some one help me please? Where can I find the Triple DES source code?
http://www.openssl.org/
--
Note: There is no example in my hostname.
------------------------------
From: [EMAIL PROTECTED] (Erictim)
Date: 04 May 2001 00:57:04 GMT
Subject: Re: RSA BRUTE FORCE
i agree with you. thanks. but i assumed many of these possibilities could be
cut out. if you multiply 6257 * 6356 you get 3976942. if you multiply
62574933 * 63560461 you get 3977291588524113.
if N = 39772916239307209103. note that the 3977291 is the same. i still assume
that as you go farther down along(with correct digits) P and Q that more and
more digits along N would be exactly correct(is this wrong?). thus the pairs
which produce the most correct digits would be tested and the rest dropped. so
i guessed that it would be more like 40 blocks of 10 digit numbers than one
giant pair of 300 digit numbers.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
