Cryptography-Digest Digest #477, Volume #14 Wed, 30 May 01 15:13:00 EDT
Contents:
Re: Is this a weakness in RSA key generation? ("Jakob Jonsson")
Re: Cool Cryptography Website! (John Savard)
Re: Medical data confidentiality on network comms (Larry Kilgallen)
Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... ("BenZen")
I want a glossary. (edt)
Re: Good place to start? (Paul Rubin)
Re: I want a glossary. ("M.S. Bob")
Re: Good place to start? ("M.S. Bob")
Re: DES Crypto Myth?? (Arturo)
Re: Cool Cryptography Website! (JPeschel)
Re: Good place to start? (John Savard)
Re: Is this a weakness in RSA key generation? (Anton Stiglic)
Boschloo FLOOD on alt.privacy.anon-server (Stop Boschloo posting diarrhea)
Boschloo FLOOD on alt.privacy.anon-server (Stop Boschloo posting diarrhea)
----------------------------------------------------------------------------
From: "Jakob Jonsson" <[EMAIL PROTECTED]>
Subject: Re: Is this a weakness in RSA key generation?
Date: Wed, 30 May 2001 17:33:12 +0200
There is no reason to worry about this. The RSA decryption function will be
exactly the same for all d satisfying d*e == 1 (mod lcm(p-1,q-1)), so
nothing can go wrong with a d that satisfies (2) and (3) but not (1).
Jakob
"Mark Borgerding" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> I found that pgp 2.6.2 may sometimes generate a private exponent n
> that does not entirely match the RSA spec (as I know it)
>
> An RSA private exponent d
> 1) d*e = 1 , mod (p-1)*(q-1)
>
> which implies
> 2) d*e = 1 , mod (p-1)
> 3) d*e = 1 , mod (q-1)
>
>
> pgp seems to occasionally generate a key that satisfies 2&3, but not
> 1.
> I know that stmt #1 implies 2&3, but the reverse is not true.
>
> My question is: is this something to worry about? What effect would
> this have on security of the key. I have searched the net briefly for
> info on this, but found nothing.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Cool Cryptography Website!
Date: Wed, 30 May 2001 15:51:41 GMT
On Wed, 30 May 2001 16:31:40 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>If someone does a verbatim copy, there is good evidence
>that he copies from you.
Isn't it equally good evidence that I copied from him?
If he instead decides to be the original author of something for which
my writings were merely a source of information, then he would have
done nothing more than I myself have done. But to a multitude of
victims...that, and putting everything in my own words, is what makes
it "research".
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: [EMAIL PROTECTED] (Larry Kilgallen)
Crossposted-To: comp.security.misc
Subject: Re: Medical data confidentiality on network comms
Date: 30 May 2001 11:52:52 -0500
In article <P37R6.79$[EMAIL PROTECTED]>, "Roger Schlafly"
<[EMAIL PROTECTED]> writes:
> Once a medico has computer access to a digital record, it is very
> difficult to keep him from making unrestricted copies.
It depends on what you mean by "very difficult". If they want it
on computer media, they would have to attach a drive to the workstation
they use to access the data. The would also have to break into the
application that presents the results to them on that workstation.
Of course if an organization tries to take stock Microsoft machines
and uses file transfer to deliver results to them, all bets are off,
but organizations that take no precautions in this regard are not
worth discussing.
------------------------------
From: "BenZen" <[EMAIL PROTECTED]>
Subject: Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding...
Date: Wed, 30 May 2001 12:49:59 -0400
Sergei Lewis wrote in message <[EMAIL PROTECTED]>...
>BenZen wrote:
>> Sergei Lewis wrote in message ...
>> >..if you say all that, then why don't you just use the bits of Pi?
>> Because; I always had these impressions:
>>
>> 2- I always thought calculating PI to the N'th digit involves being able to
>> process N'th and more width; Requiring relatively powerful computers,
>> contrary to compute a simple Fractal equation: z[n+1]=z[n]*z[n]+c, z[0]=0.
>> That was possibly true before the recent algorithm.
>
>Hmp. The problem, though, you see, is that effectively what you are
>doing, whether you are using a fractal or the digits of Pi, is you are
>making a PRNG that produces a stream of data, using either a key (in
>which case you combine your output with the plaintext to encrypt), or a
>combination of the key and your plaintext input as its seed.
>
I had in mind to use the 'key', as some sort of parameter generator
for seed and possibly some wilder option to the fractal equation.
Let's consider my function as a plain pseudorandom for a moment.
Then the 'password' or key, would be first translated into some
sort of offset in the stream (or mapped into an starting position
in the fractal domain)... If the equation I find can only generate a
good 'pseudorandom' from a unique start; Then this would be
used as a an offset into it, and I would add some rudimentary
PRNG or known pattern on top (Xored also);
>The PRNG
>has to have certain properties - if it produces a repeating sequence of
>bits, this cannot be much shorter than messages you encrypt with it,
>because otherwise you could do some fairly trivial cryptanalysis on it
>(see FAQ);
>
I understand the risks of short repeating sequences.
That's why I will find some tools used to evaluate common PRNG
to check if my fractal 'thing' is working first.
>it has to produce different sequences for different keys,
>that do not overlap;
>
I had not been thinking of this non-overlapping issue.
Indeed, it I use the 'key' as a plain offset into my F-PSRG,
I might eventually have documents that could overlap.
This is not easy... Then I might consider always using a
known sufficient PSRG on top of this (XOR).
Both of which reproducible sequences.
I do have that 'PI-Hex' generator in the back of my mind though. ;)
>and the sequences have to be reproducible (so you
>can decrypt the data at the other end; in symmetric cryptography, the
>(unique) key that reproduces the sequence is the original encryption
>key, whereas with public key crypto there is a unique key that
>reproduces the sequence and is not the same as the encryption key, *and*
>is not feasibly deducible from it.
>
I shall read more about public key crypto.
The simplest idea is obviously using a key, to generate some
sort of PSRG seed; From which I can simply Xor my data, to
extract the original.
>Now, the using-keyed-sections-of-Pi-as-a-pad algorithm obeys this, and
>is secure (provided a different key is used for *every* message sent,
>you are effectively selecting from 2^keylength one-time pads). The same
>is true of the fractal algorithm, provided the various implementation
>problems (guaranteeing output is not periodic or infinite) are solved.
>
My main concern with PI-Hex, is the time it could take to get to a
specifric offset in the sequence.
My second concern with PI-Hex, is customizing the algorithm to
generate a PI-like number which is NOT PI, but has the same
non-periodic quality of PI.
Then for the Fractal equation (algo) I am trying to develop, is to
avoid taking too much time computing double float in a deep
iterative way; as it is often the case generating fractal images.
Images which are known to take time to produce.
I would not want to wait for half an hour to decipher a 1MB file (block).
>The same is also true to various extents of the more conventional
>ciphers - IDEA, Rijndael, TEA, the various ones Tom St. Denis suggests
>every so often.
>
>They all share the same disadvantage: namely, you have to find some
>secure way of sharing keys.
>
Yes..
Let's say I want to send a block to a friendly receiver, I must
transmit him the key; Trying to make sure noone else can steal
this key is delicate... I gather the PGP technique is more elegant.
All I can imagine, as alternative, is to add a 'time' parameter
to this. Leaving the receiving person with a small window in time;
for which he can use the key.
I can imagine all sort of crasy things, like making the program connect
to the Internet to get ATOMIC time for security.
Or if I was a file-server; I could require a communication handshake
back to authentify the requester with a known IP, and/or more of
his own personnal data.
On this line of thought;.. If it was a bidirectionnal exchange;
I could ask him his key. and I would use His key, and my key
to encrypt the data.. Still better than just one key...
Later I could just change my key.. and use his key that he gave
me once in the past.. Hopefully unknown to others.
I think these is no 100% safe way in this;
The safest being asking the person to contact me 'live' over the phone,
to be certain.. Then give the key.
LOL,... This sounds so much like espionnage.
While it's just a fun project, and an attempt to further my knowledge
of both Fractals and Crypto. :D
>However, they have a major advantage over Pi and fractals: the
>combinations of shifts, adds and XORs they tend to use are very easy to
>implement for quick and/or hardware calculation.
>
.... I like the way you think. 8D
It's exactly my fears. It might prove to be the main problem with fractals.
Too much time to compute.
>Now, if there was some way to get a public crypto algorithm out of
>fractals, that might be really interesting ^-^ RSA is slow. Perhaps one
>could bounce around the inside of the boundary of the fractal set, the
>way one bounces along the curve in elliptic curve crypto, with a
>would-be cryptanalyst having to solve the discrete log problem?
>
Let me know what are your preferences for proper 'key' usage;
Used for the transaction.. I shall try to complie to this.
What I had in mind, is to use a 'string' of text; of arbitrary length,
and generate a fixed lenght value from it.
I know some countries will not allow greater than 56 bit key.
I'm not restricted here... I shall not restrict my design either.
Unless you think there ar good reasons I should.
P.S.. I like your web page; Great.
Love that little green picture at the bottom of the page.
Entitled 'My rock'..
Thank you Sergei,
Regards,
Ben
------------------------------
Date: Wed, 30 May 2001 13:02:38 -0400
From: edt <[EMAIL PROTECTED]>
Subject: I want a glossary.
Does anyone know of a good crypto glossary, aimed at the newbie? I'm a
bit overwhelmed, between crypto terminology, cipher names, and the names
of the cryptologists involved.
(Seems like the FAQ should have something like this. It's excellent
otherwise, though...)
-eric
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Good place to start?
Date: 30 May 2001 10:23:10 -0700
jlcooke <[EMAIL PROTECTED]> writes:
> http://www.rsa.com/rsalabs/faq/
No I mean the sci.crypt FAQ. The rsa.com FAQ has some worthwhile info
but mainly exist to promote one corporation (rsa.com).
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Subject: Re: I want a glossary.
Date: Wed, 30 May 2001 18:42:18 +0100
edt wrote:
>
> Does anyone know of a good crypto glossary, aimed at the newbie? I'm a
> bit overwhelmed, between crypto terminology, cipher names, and the names
> of the cryptologists involved.
>
> (Seems like the FAQ should have something like this. It's excellent
> otherwise, though...)
Terry Ritter has a glossary,
http://www.io.com/~ritter/GLOSSARY.HTM
Also the RSA Lab's FAQ is worth checking out.
http://www.rsasecurity.com/rsalabs/faq/
For algorithms, the two starting points I use are
http://www.kremlinencrypt.com/crypto/algorithms.html
http://www.ii.uib.no/~larsr/bc.html (The Block Cipher Lounge)
Though there are a number of new ciphers proposed for NESSIE
https://www.cosic.esat.kuleuven.ac.be/nessie/
https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions.html
For cryptologies;
http://www.counterpane.com/researchers.html
http://www.cs.berkeley.edu/~daw/people/crypto.html
http://www.swcp.com/~mccurley/cryptographers/cryptographers.html
and there are a few others who maintain similar lists
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Subject: Re: Good place to start?
Date: Wed, 30 May 2001 18:44:55 +0100
Paul Rubin wrote:
>
> jlcooke <[EMAIL PROTECTED]> writes:
> > http://www.rsa.com/rsalabs/faq/
>
> No I mean the sci.crypt FAQ. The rsa.com FAQ has some worthwhile info
> but mainly exist to promote one corporation (rsa.com).
http://www.faqs.org/faqs/by-newsgroup/sci/sci.crypt.html
------------------------------
From: Arturo <aquiranNO$[EMAIL PROTECTED]>
Subject: Re: DES Crypto Myth??
Date: Wed, 30 May 2001 19:38:24 +0200
On Mon, 28 May 2001 08:16:26 -0800, [EMAIL PROTECTED] wrote:
>Roger Fleming wrote:
>>
>
>
>I think you're right. No doubt he knows what he's doing, and as I said,
>his
>book is a fun read. It just that "Bruce Schneier says..." seems at
>times
>in this newsgroup to mean "the unquestionable leader of the crypto
>community says..."
>and I wondered if the number of times he gets quoted was a fair measure
>of his
>skill as a cryptographer (don't look too closely; there's some very bad
>reasoning here! :) ).
>
>Again, he's an intelligent and successful cryptographer, but my quess is
>that there are plenty of intelligent cryptographers out there. Maybe
>they just aren't as quotable?
I guest itīs a sort of Carl Sagan. CS was not the best astronomer in
the world, but was both a good one plus a good communicator.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 30 May 2001 18:20:57 GMT
Subject: Re: Cool Cryptography Website!
[EMAIL PROTECTED] (John Savard) writes, in part:
>On Wed, 30 May 2001 16:31:40 +0200, Mok-Kong Shen
><[EMAIL PROTECTED]> wrote, in part:
>
>>If someone does a verbatim copy, there is good evidence
>>that he copies from you.
>
>Isn't it equally good evidence that I copied from him?
If it's any solace, John --most of the regulars here know
that you are the original author of the work, and that you have
copyrighted it.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Good place to start?
Date: Wed, 30 May 2001 18:22:32 GMT
On Wed, 30 May 2001 08:46:05 +0100, "The archgimP"
<althalus@excitedotcom> wrote, in part:
>Are there any good 'suggested reading' lists for catching up with some of
>the more recent developments...
There is some stuff on the Counterpane site, particularly at
http://www.counterpane.com/labs.html
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Is this a weakness in RSA key generation?
Date: Wed, 30 May 2001 14:34:53 -0400
I got caught thinking the same thing once.
Look at the handbook of applied crypto, Chapter 8.2,
Note 8.5 (universal exponent).
Let n = p*q
You don't need e*d = 1 mod phi(n) necessarily,
it's enough to have e*d = 1 mod lambda, where
lambda = l.c.m.(p-1, q-1).
You can a bit why this is true by observing the fact
that there isn't actually an element in Z*n that has
order phi(n), (if there were, Z*n would be a cyclic group,
but it's not).
So it's o.k. to work with a lower order.
So, for example, if you have p -1 = 2*p' and
q - 1 = 2*q', with p' and q' prime, then
phi(n) = 2*2*p'*q', and on the other hand
l.c.m.(p-1, q-1) = 2*p'*q'. You are assured
that for any element a \in Z*n, a^(2*p'*q') = 1 mod n.
If p' or q' was not prime, you can only get
l.c.m(p-1, q-1) to be smaller. The smaller
lambda is, the smaller d will be, and the more
efficient your scheme will be.
--Anton
Mark Borgerding wrote:
>
> I found that pgp 2.6.2 may sometimes generate a private exponent n
> that does not entirely match the RSA spec (as I know it)
>
> An RSA private exponent d
> 1) d*e = 1 , mod (p-1)*(q-1)
>
> which implies
> 2) d*e = 1 , mod (p-1)
> 3) d*e = 1 , mod (q-1)
>
> pgp seems to occasionally generate a key that satisfies 2&3, but not
> 1.
> I know that stmt #1 implies 2&3, but the reverse is not true.
>
> My question is: is this something to worry about? What effect would
> this have on security of the key. I have searched the net briefly for
> info on this, but found nothing.
------------------------------
Date: 30 May 2001 18:46:33 -0000
From: [EMAIL PROTECTED] (Stop Boschloo posting diarrhea)
Subject: Boschloo FLOOD on alt.privacy.anon-server
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss,alt.privacy.anon-server
On Sun, 06 May 2001, "Thomas J. Boschloo" <[EMAIL PROTECTED]> wrote:
Stop Boschloo posting diarrhea
Boschloo STINKS
Boschloo TOO MUCH
Boschloo NO
Boschloo TOO MUCH
Boschloo is a TROLL
Boschloo is a CLOWN
Against Boschloo
Neuter Boschloo
SCREW Boschloo
Stop Boschloo NUTS
Stop Boschloo NONSENSE
Stop Boschloo RAT
Stop Boschloo insanity
Boschloo is a PLAGUE
NONSENSE from Boschloo, as usual,
trying to occupy frontstage with his pretense of knowledge
HISTORY:
That Boschloo bozo is a clown and a troll who has been looming around for nearly a
year.
Don't mistake a "regular" (troll) with a knowledgeable person: that self-proclaimed
"security expert" is not even a remailer user. In the past, he proved himself unable
to check a PGP signature, and got ridicule from every single technical topic he wante
d to talk about.
Besides false or inaccurate or misleading technical misinformation, his posts are
about his avowed mental illness, or for bashing remops or real freedom fighters: he
likes to quarrel with every one, and stir shit. Sometimes, it is even pure delirium
(whe
n he misses his pills?)
One of his last actions was to stage a hoax about his own suicide, just to try to grab
some sympathy, after he had been exposed as a troll and technically incompetent.
The worst being his teasing of Script-Kiddie until it triggered a new flood on apas.
Of course, he refuses to apologize.
Actually, the level of contempt he shows for remailer users:
they don't give their names, while he does
that can't do anything against him, without giving their names
is in no way different from what is displayed by Pangborn, Burnore and the like
Ignore him completely, killfile him, respect others' killfiles
KILLFILE:
To put him in your killfile, put "Author: Boschloo"
That will make disappear both him and people who warn about him
If you want to tell him to buzz off, or warn about him,
use a nickname containing "Boschloo" (Boschloo Hater, Boschloo Sucks,...)
to accomodate such killfile for "regulars", and still warn newbies
COURAGE:
Boschloo is getting _no_ answer from apas any more.
He has to crosspost to various newsgroups to try to grab some attention.
In a few months, it will be gone.
Stop Boschloo diarrhea
Stop Boschloo posting diarrhea
Fight Boschloo
Stop Boschloo MADNESS
Stop Boschloo RAT
Stop Boschloo INSANITY
Stop Boschloo NONSENSE
Stop Boschloo NUTS
Boschloo TOO MUCH
Boschloo is a PLAGUE
SCREW Boschloo
Neuter Boschloo
Boschloo is a CLOWN
Boschloo TOO MUCH
Stop Boschloo posting diarrhea
Boschloo STINKS
Boschloo NO
Boschloo PLAGUE
------------------------------
Date: 30 May 2001 18:57:50 -0000
From: [EMAIL PROTECTED] (Stop Boschloo posting diarrhea)
Subject: Boschloo FLOOD on alt.privacy.anon-server
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss,alt.privacy.anon-server
On Sun, 06 May 2001, "Thomas J. Boschloo" <[EMAIL PROTECTED]> wrote:
Stop Boschloo posting diarrhea
Boschloo STINKS
Boschloo TOO MUCH
Boschloo NO
Boschloo TOO MUCH
Boschloo is a TROLL
Boschloo is a CLOWN
Against Boschloo
Neuter Boschloo
SCREW Boschloo
Stop Boschloo NUTS
Stop Boschloo NONSENSE
Stop Boschloo RAT
Stop Boschloo insanity
Boschloo is a PLAGUE
NONSENSE from Boschloo, as usual,
trying to occupy frontstage with his pretense of knowledge
HISTORY:
That Boschloo bozo is a clown and a troll who has been looming around for nearly a
year.
Don't mistake a "regular" (troll) with a knowledgeable person: that self-proclaimed
"security expert" is not even a remailer user. In the past, he proved himself unable
to check a PGP signature, and got ridicule from every single technical topic he wante
d to talk about.
Besides false or inaccurate or misleading technical misinformation, his posts are
about his avowed mental illness, or for bashing remops or real freedom fighters: he
likes to quarrel with every one, and stir shit. Sometimes, it is even pure delirium
(whe
n he misses his pills?)
One of his last actions was to stage a hoax about his own suicide, just to try to grab
some sympathy, after he had been exposed as a troll and technically incompetent.
The worst being his teasing of Script-Kiddie until it triggered a new flood on apas.
Of course, he refuses to apologize.
Actually, the level of contempt he shows for remailer users:
they don't give their names, while he does
that can't do anything against him, without giving their names
is in no way different from what is displayed by Pangborn, Burnore and the like
Ignore him completely, killfile him, respect others' killfiles
KILLFILE:
To put him in your killfile, put "Author: Boschloo"
That will make disappear both him and people who warn about him
If you want to tell him to buzz off, or warn about him,
use a nickname containing "Boschloo" (Boschloo Hater, Boschloo Sucks,...)
to accomodate such killfile for "regulars", and still warn newbies
COURAGE:
Boschloo is getting _no_ answer from apas any more.
He has to crosspost to various newsgroups to try to grab some attention.
In a few months, it will be gone.
Stop Boschloo diarrhea
Stop Boschloo posting diarrhea
Fight Boschloo
Stop Boschloo MADNESS
Stop Boschloo RAT
Stop Boschloo INSANITY
Stop Boschloo NONSENSE
Stop Boschloo NUTS
Boschloo TOO MUCH
Boschloo is a PLAGUE
SCREW Boschloo
Neuter Boschloo
Boschloo is a CLOWN
Boschloo TOO MUCH
Stop Boschloo posting diarrhea
Boschloo STINKS
Boschloo NO
Boschloo PLAGUE
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
