Cryptography-Digest Digest #487, Volume #14 Thu, 31 May 01 23:13:01 EDT
Contents:
Re: Cookie encryption (Chenghuai Lu)
Re: crypt education (SCOTT19U.ZIP_GUY)
Re: Large Number Math Package (Chenghuai Lu)
Re: National Security Nightmare? (SCOTT19U.ZIP_GUY)
Re: crypt education (SCOTT19U.ZIP_GUY)
Re: How does one defend against DFA attack ("Scott Fluhrer")
Re: question: how does brute force key search work? (John Wasser)
Yet another newbie question. ("Robert J. Kolker")
Re: Large Number Math Package (john Latala)
Re: crypt education (JPeschel)
Re: Yet another newbie question. ("Tom St Denis")
Re: Large Number Math Package ("Jeffrey Walton")
----------------------------------------------------------------------------
From: Chenghuai Lu <[EMAIL PROTECTED]>
Subject: Re: Cookie encryption
Date: Thu, 31 May 2001 20:06:59 -0400
Jeffrey Walton wrote:
>
> http://news.cnet.com/news/0-1007-202-2870712.html
>
But, according to RFC cookie specification, cookie cannot store
sensitive data like credit card number, password. So, people can say,
the Etrade example is because of its bad implementation, not the need of
encryption for cookies.
Any comments?
Thanks.
lu
--
-Chenghuai Lu ([EMAIL PROTECTED])
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: crypt education
Date: 31 May 2001 23:57:31 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in <[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" wrote:
>> It depends where you want to break into the field. If you have no
>> morals
>> and can live a lie easily the best educataion would be there at the
>> NSA.
>
>Apart from the absurd dig about morals, this is untrue anyway.
>While there are educational programs at the NSA, they're not
>for the most part trying to hire new pre-degree candidates and
>give them a college education. *Once hired* (on the basis of
>college education, among other things), *then* one would be
>sent through appropriate specific cryptologic training.
>
Since things are so compartmetnalized. What I wrote was strong.
I think you could go the farthest if you had no morals. But if
your needed they can stick you in a corner and the number of lies
you need to tell could be small enough that even a priest would
say your forgiven with out need of penitence. And what you need
to know would be limited so that you would not suffer to much
stress about what goes on behind certain doors they would not
let you go through.
>It would be useful to contact the NSA employment office to find
>out what they look for in hiring potential cryptologists.
>
They have a wep site but last time I looked at it you couln't email
them so if you have a hot top on where Ben Laden is to bad. I am not
really sure they want to get him. If we did they would need someone
else. After all to make people religous you need a devil to villify.
If you kill the devil then you have to find a new boogey man.
But I think they have a postal address. Just don't send to big
a letter they might be terrifed of mail bombs.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Chenghuai Lu <[EMAIL PROTECTED]>
Subject: Re: Large Number Math Package
Date: Thu, 31 May 2001 20:15:01 -0400
[EMAIL PROTECTED] wrote:
>
> Hi All,
>
> I was wondering if someone could direct me to a big number crypto math library.
> Does one exist that contains all of the typical math operators, but also
> contains min, gcd, lcm, jacobi symbol, modular exponentialtion, mod, etc. which
> handle infinite precision numbers?
>
> I have seen several large integer packages, but have not worked with them and
> was hoping to avoid hashing through them all.
>
> Also, is anyone aware of the X9.31 implementation (it is the ANSI standard which
> defines how to digital signatures which is inclusive of RSA and all of the good
> stuff to generate primes, primality tests, signing and verifying ... it is a
> wonderful specification!). I was wondering if anyone knows of C or C++ code
> which implements this standard.
>
> Does anyone have any suggestions? Thank you for any inputs ... Wilson
I used two librarys. Both of them are very good. One is rsaref by RSA
company. Another is called miracl. I cannot remember exactly the
websites. But, you can use google to find them easily.
Lu
--
-Chenghuai Lu ([EMAIL PROTECTED])
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: National Security Nightmare?
Date: 1 Jun 2001 00:14:31 GMT
[EMAIL PROTECTED] (David Wagner) wrote in
<9f6khv$1sd$[EMAIL PROTECTED]>:
>
>That would be reassuring. Do you have a reference to the text of those
>regulations? If the policy gives protection to US citizens no matter
>who does the intercepting, I can't imagine a good national security
>reason to keep such a policy secret. Am I missing something? Even if
>full disclosure of the relevant regulations would not entirely lay all
>fears to rest in one swoop, it seems it would be a nice way to bring
>something concrete to the public debate and to help convince outsiders
>that NSA is acting in good faith.
>
Yes Dave but why is it so important "to help convince outsiders
that NSA is acting in good faith". I see you got the workings of
a future politican. You cut to the quick of things. Its better to
convince than to find out the truth? I for one would rather want
the truth. But knowing there past is it even possible to get the
truth?
>In recent news interviews, the Director has expressed an interest in
>reassuring the public that the NSA is not up to anything nefarious,
>and this would appear to be a very simple step to further that goal at
>very little cost to the NSA. Is there some cost to publicizing these
>regulations that I have overlooked?
>
I use to have a history teacher that told us on each test ther would be
a mulitply choice question. Your goal is to pick the politican that
said it first. He gave us a hint. Hitler. Well belive it or not
many people would miss the question on the tests. They could not
make themselves belive Hitler said such powerful wonderful things.
I am not comparing the Director of the NSA to Hitler but I am smart
enough to know that it his job to say sweet comforting things. But
that does mean it has anything to do with truth.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: crypt education
Date: 1 Jun 2001 00:44:35 GMT
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote in
<[EMAIL PROTECTED]>:
>[EMAIL PROTECTED] (Thorsten Holz) wrote in <[EMAIL PROTECTED]>:
>
>>Hello,
>>
>>I've got a question for the same topic:
>>
>>Which University would you recommend for someone who is interested in
>>cryptography and maths? Currently I study in Germany, but I want to
>>take a year abroad :)
>
> I guess MIT in the US. The guy there I use to write to
>the guy there Riverst or somthing like that. I think he used
>an all or nothing transform. I thought he said he may look
>at scott19u but have not heard from him for years. I suspect
>he might have read a Wagner post saying scott19u was made
>"mince meat" by his slide attack. Of course Wagner has lied
>and attmitted never really looking at it.
> But still till he got scared off or something I assume he
>knows something about encryption if you could ever get in a
>one on one conversation with him.
>
>>
>>> Read what the macericks are doing like Me and Ritter and also what
>>> the public so called crypto gods do.
>>
>>Crypto god? Who is a crypto god in you eyes? And who is also a
>>professor? :)
>
> That was meant to be sarcastic. I don't really think of them
>as gods. But basically its who ever holds the public sway. I
>don't think I sould name names other than those that lied about
>my code. You have to realizes crypto is not something the NSA
>wants people to know about it. So with billions of dollars I am
>sure they have much influence around the world to help see that
>only those they wish raise to the top. Ron R may be an exception
>I think he was at least one time very interested in real crypto.
>Hey you asked for my view. Maybe with a few good german beers
>I would say somthing different but that's my view at this time.
>
> If I ever win the lotto I will start my own university for
>compression crypto only and you can take the classes for free.
>
>
>David A. Scott
I looked up some stuff here is the site.
http://theory.lcs.mit.edu/~rivest/chaffing.txt
"
Chaffing and Winnowing: Confidentiality without Encryption
Ronald L. Rivest
MIT Lab for Computer Science
March 18, 1998 (rev. April 24, 1998)
http://theory.lcs.mit.edu/~rivest/chaffing.txt
"
Its stuff like this that gives me some faith in the man
if anyone is not being guieded or at least was not I think
it may be him. And he teaches at MIT so thats where I
would go if I had a chance. But stay with a lower profile
than I have. I speak strong words. But most don't understand it.
I feel it mans duty to talk and explore ideas. Most people are
afraid to go out on a limb. So you fall get up and climb another
one. I think Ron wants a low profile. I have a high profile and
I think security idoits looking for spys use to look at me. I
say this since I had a hell of a lot of random pee tests for Sam
while some good quite church members never had a test. I am not
joking. I mean never! Look at Hansen a good church goer. Yet
security people tend to target for testing those that obviously are
not spys. And I don't mean just him I mean people I worked with
day in and day out. I think the security people targeted me for
frequent pee tests as punishment for thinking. But it did give me
a sense of power to hold up work tests that had to cost several 100
thousnad dollars so I could drive 25 miles to wait an hour or two to take
a pee test.
One thing that's fun and I did it more than once. You have a job
to do and your boss tells you to do something. (this after good
boss retired) You get a call from security to say you are being
selected at random to come pee for us. When I stop laughing I may
tell bosses boss I leaving to pee. But then tell direct boss.
Its best to warm him up. Ask him what he wants you to do. Stall
a little. Then say "I am not going to do that know". He will get
pissed and say are you disobeying a direct order. I honestly answer
if that your direct order YES. He will scream and yell and then take
you to big boss. You try to contain the internal laughter as he
explains situatition to the big boy. Then the big boy asks me what
happened. I reply can I discuss it later security has a rush as you
know for my very specail pee. It makes your boss feel like a
complete ass.
Maybe you can also see why I am retired most bosses
don't have a sense of humour.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: How does one defend against DFA attack
Date: Thu, 31 May 2001 17:43:08 -0700
Robert J. Kolker <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> <apology>
> This may be a bonehead question, but I am
> not experienced so I will ask it.
> </apology>
>
> How does one defend against the differential
> fault analysis attack?
By double-checking the result, and not sending it if it doesn't check out.
For example, for encryption, you can then proceed to decrypt the message,
and see if it's the same as the original. If not, then obviously
something's wrong...
--
poncho
------------------------------
Subject: Re: question: how does brute force key search work?
From: John Wasser <[EMAIL PROTECTED]>
Date: Fri, 01 Jun 2001 01:38:10 GMT
[[ This message was both posted and mailed. ]]
In article <3b156e4f$0$27410@reader4>, Peter Schurman
<[EMAIL PROTECTED]> wrote:
> I am interested in what it takes to calculate a 56 bits DES key using brute
> force search. How long does it takes and how many PC's should be used in
> that case.
http://www.rsasecurity.com/news/pr/990119-1.html
http://www.distributed.net/des/release-desiii.txt
22 hours and 15 minutes using "nearly 100,000 PC's" and one specialized
cracking machine: Deep Crack. Deep Crack could apparently do about 85
billion keys per second and the "nearly 100,000 PC's" hit a peak of
around 165 billion keys per second. They got lucky and found the key
after trying only about 30% of all possible keys.
Deep Crack alone (at somewhat under $250,000) could have gone through
all possible keys in under 8 days. All you need is two million dollars
to build a machine that can do it in a day (680 billion keys per
second). For $48-million you could do it in an hour. For $2.8 billion
you could do it in a minute.
The PC's together were somewhat faster and could have done it in a
little over 5 days. Back then the most common PC's were 90-200MHz
Pentiums, 233-400Mhz Pentium II's and the G3 or earlier PowerPC
Macintosh's. Todays fastest PC's might be able to do 26 million keys
per second each. That would mean it would only take 26 thousand systems
to go through every key in one day. If a high-speed system costs $2000
that would be $114 million. DeepCrack is definitely the better deal
(unless you have 100,000 friends that will let you use their spare
cycles for free).
> Thereoretical it takes a few years I guess, but there must be another way?
Doing it in "a few" (three) years would require only 621 million
decryptions per second. You could do that with 1000 Pentium 133's,
1/137th of a Deep Crack (About $2,000), or 24 really fast PC's.
------------------------------
From: "Robert J. Kolker" <[EMAIL PROTECTED]>
Subject: Yet another newbie question.
Date: Thu, 31 May 2001 22:16:32 -0400
What is meant by the phrase "key schedule". I could
not find this in Scneir's books.
Thanks for any help forthcoming.
Bob Kolker
------------------------------
From: john Latala <[EMAIL PROTECTED]>
Subject: Re: Large Number Math Package
Date: Thu, 31 May 2001 22:30:05 -0400
On Thu, 31 May 2001 [EMAIL PROTECTED] wrote:
> I was wondering if someone could direct me to a big number crypto math library.
> Does one exist that contains all of the typical math operators, but also
> contains min, gcd, lcm, jacobi symbol, modular exponentialtion, mod, etc. which
> handle infinite precision numbers?
There used to be a package called ubasic that was a BASIC interpreter
that supported extended precision math in all it's calculations. the
author of the package included two examples packages. One was various
odds and ends while the other was geared to number theory. I think that
did a couple of the things that you mentioned but it's been a while since
I looked at it so the memory is fading. I'm not sure if it's been updated
or not.
The other alternative would be the GNU MultiPrecision math package called
GMP. See any GNU archive site. I think it also ships with most/all Linux
distributions too.
--
john R. Latala
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 01 Jun 2001 02:39:57 GMT
Subject: Re: crypt education
"Douglas A. Gwyn" [EMAIL PROTECTED] writes, in part:
>they're not
>for the most part trying to hire new pre-degree candidates and
>give them a college education. *Once hired* (on the basis of
>college education, among other things), *then* one would be
>sent through appropriate specific cryptologic training.
They do, however, offer what appear to be work-study programs
for high school and college students. You can also apply
for work at the NSA by e-mailing an ACSII text version
of your resume.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Yet another newbie question.
Date: Fri, 01 Jun 2001 02:47:48 GMT
"Robert J. Kolker" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> What is meant by the phrase "key schedule". I could
> not find this in Scneir's books.
It's in applied crypto IIRC.
Anyways... it just means to take the user key and apply it to the transform.
For example, in DES it takes a portion of the 56-bit user key and permutes
the bits. Then in each of the 16 rounds the 48-bit round key is xored
against the round function input (after the expansion permutation).
Typically you need a key schedule that is round variant to avoid slide
attacks and increase the key entropy (i.e increase the effect of changing a
key bit).
Tom
------------------------------
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: Large Number Math Package
Date: Thu, 31 May 2001 23:10:06 -0400
UBASIC:
http://archives.math.utk.edu/software/msdos/number.theory/ubasic/.html
link from Chris Caldwell's Prime Pages:
http://primes.utm.edu/links/programs/large_arithmetic/
"john Latala" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
: On Thu, 31 May 2001 [EMAIL PROTECTED] wrote:
:
: > I was wondering if someone could direct me to a big number crypto
math library.
: > Does one exist that contains all of the typical math operators, but
also
: > contains min, gcd, lcm, jacobi symbol, modular exponentialtion, mod,
etc. which
: > handle infinite precision numbers?
:
: There used to be a package called ubasic that was a BASIC interpreter
: that supported extended precision math in all it's calculations. the
: author of the package included two examples packages. One was various
: odds and ends while the other was geared to number theory. I think
that
: did a couple of the things that you mentioned but it's been a while
since
: I looked at it so the memory is fading. I'm not sure if it's been
updated
: or not.
:
: The other alternative would be the GNU MultiPrecision math package
called
: GMP. See any GNU archive site. I think it also ships with most/all
Linux
: distributions too.
:
: --
: john R. Latala
: [EMAIL PROTECTED]
:
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
