Cryptography-Digest Digest #561, Volume #14 Fri, 8 Jun 01 03:13:01 EDT
Contents:
Re: Humor, "I Must be a Threat to National Security" (Miguel Cruz)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: DES not a group proof (JPeschel)
Re: And the FBI, too (Re: National Security Nightmare?) (Paul Crowley)
Re: Simple C crypto (Samuel Paik)
Re: Simple C crypto (Samuel Paik)
Re: DES not a group proof ("John A. Malley")
Re: And the FBI, too (Re: National Security Nightmare?) (Paul Rubin)
Re: DES not a group proof (Paul Rubin)
Re: Some questions on GSM and 3G (Gregory G Rose)
Re: DES not a group proof (Paul Rubin)
Re: What is a skeleton book? (John Savard)
Re: DES not a group proof (Gregory G Rose)
----------------------------------------------------------------------------
Crossposted-To: comp.security.misc
Subject: Re: Humor, "I Must be a Threat to National Security"
From: Miguel Cruz <[EMAIL PROTECTED]>
Date: Fri, 08 Jun 2001 05:13:02 GMT
David G. Boney <[EMAIL PROTECTED]> wrote:
> My frustrations with trying to find a job in government service are
> summarized in an essay I have posted that is titled, "I Must be a Threat
> to National Security". I have also placed my rejection letters from the
> CIA and NSA on-line.
>
> http://www.seas.gwu.edu/~dboney/security.html
Please forgive my bluntness:
If those three innocuous rejection letters are enough to make you go off on
a web/usenet rant about the government and the evil they do and conspiracies
against you, then I can only assume you have at least a slight
predisposition for this sort of behavior.
Assuming, then, that your qualifications were a match with their
requirements and they had someone go out and ask some questions, my guess is
that this issue would come out early and they would decide dealing with you
wasn't worth their trouble.
For future reference, though, I will point out that the screening process
for most government positions takes some time to master. Your application is
generally reviewed by someone who has very little familiarity with the
subject matter of the position. This person sits all day long reading
through applications for a number of different jobs, scanning them for
matches against lists of required and "eliminating" factors. If you don't
have the required factors, you're in the bin. You have an eliminating
factor, you're in the bin.
So, if my earlier presumptuous guess about your having left a trail of
paranoid rants through your prior academic and work careers is off the mark,
here are a couple of tips should you choose to continue your quest for
government work:
1) Go read all the books your library has about applying to government jobs.
2) Don't send out 7 or 8 applications and think you can sit back and watch
the offers roll in. These places post positions constantly, and they receive
bags full of applications. This is not the little furniture shop down the
road. When you've sent out 100, then you're on your way. When you get the
process down (completed OF-612 in Word/Acrobat, a full array of KSA snippets
in store), the applications shouldn't take more than a few minutes each.
Your biggest worry should be postage.
3) Call the contact person listed in the position announcement and ask for
advice on why you were rejected. Be polite and friendly; just explain that
you're trying to improve your chances in the future.
4) If anything in your application sounded even remotely like your web site,
then get a friend to proofread for tone and overall intelligibility. The web
site reads like you hired the Unabomber to ghostwrite, and paid him in
vodka.
miguel
--
Hit The Road! Photos and tales from around the world: http://travel.u.nu
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Fri, 8 Jun 2001 05:03:57 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> :> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> :> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> :> :> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> :> Well, strictly speaking it seems likely that nothing can encrypt an
:> :> infinite plaintext because the universe will burn out while it tries.
:> :>
:> :> That aside, memory does not stop stream cyphers from encrypting large
:> :> messages, since the stream doe snot need to be stored all at once.
:> :> Why would you think otherwise?
:>
:> : Because a finite state machine can only be in a finite number of states.
:>
:> Why do you need to have more than a million states to act as a stream
:> cypher on long messages?
: If you reuse the PRNG output (replace PRNG with stream cipher if you will)
: then you're looking for trouble.
Well, that only obviously applies to stream cyphers that produce
streams independently of the plaintext. If they take entropy from
the plaintext when it looks like it has come they may be able to avoid
cycles indefinitely most of the time.
Even for a PRNG/XOR cypher, yes: security may well suffer - but we may be
talking multi-gigibytes of cyphertext and an unknown period. A stream
cypher getting into a cycle can still be vastly more secure than
transmitting the plaintext in the clear.
:> Sure - *if* the stream cypher happens to be one that doesn't interact with
:> the message, the stream will repeat after a while - but that won't
:> actually prevent encyphering the plaintext, will it?
: But it won't be secure. It will be just like re-using the OTP pad.
Provided the period isn't exposed, there will still be a level of
security. You'd have to XOR trhe message with itself at every possible
offset - and it doesn't take much internal state to raise the number of
offsets that must be tried well beyond 2^100.
:> : I don't see alot of academia calling for "length hiding transforms"
:> It's usually referred to as "padding".
: Even as that.
: WHAT GOOD DOES IT PROVIDE!!!!!!!!11
It stops people from distinguishing messages from one another on length grounds.
: [sound of human screaming]
:-( Take it easy Tom. I don't mean to cause any distress.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 8 Jun 2001 05:20:33 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>JPeschel <[EMAIL PROTECTED]> wrote:
>: Tim Tyler [EMAIL PROTECTED] writes:
>:>JPeschel <[EMAIL PROTECTED]> wrote:
>
>:>: I could try to make the case that since I have some ciphertext, I
>:>: know some information about the plaintext: That it actually exists!
>:>: But I'd be kidding around. :-)
>:>
>:>The definition of perfect secrecy could be reformulated to
>:>cope with null cyphertexts if that was considered necessary.
>
>: Now don't start re-defining again! (Yeah, I know you don't think
>: you've re-defined anthing.)
>
>IIRC, according to Scott this reformulation was discussed by Shannon
>himself.
>
>:>Allowing null cyphertexts might be desirable under some circumstances
>:>-for example if you can guarantee message delivery - since the
>:>additional message state does indeed offer the opportunity of
>:>improving secrecy.
>
Actully its in a footnote. Shannon doesn't really think its
necessary either. But mentions for those that might think otherwise
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 08 Jun 2001 05:30:27 GMT
Subject: Re: DES not a group proof
[EMAIL PROTECTED] (David Wagner) writes, in part:
> Not all papers are available online.
>(Failing that, you can call Springer-Verlag and order the proceedings,
>or even order their CD-ROM with scanned versions of the proceedings.)
>
I see something on Amazon called "Advances in Cryptology, 1981-1997 :
Electronic Proceedings and Index of the Crypto and Eurocrypt Conferences
1981-1997
(Lecture Notes in Computer science)."
This sounds like it includes what Patrick wanted and more. The cost is 109
bucks and it appears to be a book and a CD. The on-line review, however, says
the CD isn't
easily readable. Has anyone here actually seen the product?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
Crossposted-To: talk.politics.crypto,us.misc
Subject: Re: And the FBI, too (Re: National Security Nightmare?)
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Fri, 08 Jun 2001 05:33:35 GMT
Matthew Montchalin <[EMAIL PROTECTED]> writes:
> |Others wore badges that read just "NSA" or "Department of Defence".
> |NSA employees have been openly attending crypto conferences wearing
> |similar delegate badges for decades.
>
> But just about anyone could make badges that say the same thing.
As I say, the NSA have been wearing "NSA" badges to crypto conferences
for decades (alongside representatives of several other security
services from around the world). They presented a paper about
performance of the final five candidates at AES3. I understand why
this seems strange to you, to the extent that people faking delegate
badges seems more plausible, but I assure you it is the case.
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark
------------------------------
From: Samuel Paik <[EMAIL PROTECTED]>
Subject: Re: Simple C crypto
Date: Fri, 08 Jun 2001 05:40:23 GMT
Dirk Bruere wrote:
> I'm looking for a simple algorithm to code text that is pretty difficult to
> break for an amateur without custom s/w.
> I had thought of something like (say) a 16 bit number, to be XORed with
> chars, and then this shifted each time it is re-used.
Well, that's awful. If you want a short and simple ciphers yet strong
ciphers, you might want to check RC4, RC5, RC6, or TEA.
TEA:
http://vader.brad.ac.uk/tea/tea.shtml
http://vader.brad.ac.uk/tea/source.shtml#ansi
--
Samuel S. Paik | [EMAIL PROTECTED]
3D and digital media, architecture and implementation
------------------------------
From: Samuel Paik <[EMAIL PROTECTED]>
Subject: Re: Simple C crypto
Date: Fri, 08 Jun 2001 05:43:20 GMT
Dirk Bruere wrote:
> Let's see now...
> I've got a time budget of about $50 to spend on this, including coding and
> code integration.
$50? That's barely enough time for me to start up Microsoft Developer's
Studio!
--
Samuel S. Paik | [EMAIL PROTECTED]
3D and digital media, architecture and implementation
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: DES not a group proof
Date: Thu, 07 Jun 2001 23:03:32 -0700
JPeschel wrote:
>
> I see something on Amazon called "Advances in Cryptology, 1981-1997 :
> Electronic Proceedings and Index of the Crypto and Eurocrypt Conferences
> 1981-1997
> (Lecture Notes in Computer science)."
>
> This sounds like it includes what Patrick wanted and more. The cost is 109
> bucks and it appears to be a book and a CD. The on-line review, however, says
> the CD isn't
> easily readable. Has anyone here actually seen the product?
Yes, I bought it recently. Some of the papers are atrocious when printed
out. Most are ok and most are readable (IMHO) on the PC.
There is indexing by keywords and that can help to track down certain
subjects. Overall it's a good way to get access to the proceedings. My
alternative is a trip to the local university library, and given what I
spent making copies of articles in the university library I'd rather
have the CD-ROM :-)
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: And the FBI, too (Re: National Security Nightmare?)
Date: 07 Jun 2001 23:27:35 -0700
Paul Crowley <[EMAIL PROTECTED]> writes:
> As I say, the NSA have been wearing "NSA" badges to crypto conferences
> for decades (alongside representatives of several other security
> services from around the world).
I wouldn't say decades. It seems to have started in the 90's. Before
that, they wore DoD badges and didn't mention the NSA.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: DES not a group proof
Date: 07 Jun 2001 23:28:23 -0700
[EMAIL PROTECTED] (JPeschel) writes:
> This sounds like it includes what Patrick wanted and more. The cost is 109
> bucks and it appears to be a book and a CD. The on-line review, however, says
> the CD isn't
> easily readable. Has anyone here actually seen the product?
Yes, I have it. The CD contains a bunch of PDF files that are scans
of the papers. The scan quality is not always the greatest, but they're
generally legible.
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Crossposted-To: alt.privacy
Subject: Re: Some questions on GSM and 3G
Date: 7 Jun 2001 23:28:33 -0700
>Arturo wrote:
>> - It seems like the GSM consortium is updating its algorithms: COMP128-2
>>(to replace COMP128) and A5/3 (a stronger version than A5/1). Anybody got
>>confirmation?
There's a helpful web page out there:
http://www.research.att.com/~janos/3gpp.html
In my day job, I go to meetings of the 3GPP SA
(System Architecture) WG3 (Working group 3 --
Security). This is the group that is working on
successors to GSM.
A5/3 will be based on Kasumi (as soon as some
political/standards/IPR dust settles). This is the
same algorithm that will be used for UMTS
(Wideband CDMA) and GEA2 (GERAN Algorithm number
2, where GERAN means GSM Evolution Radio Network
or something close to that).
Kasumi (means "fog" in Japanese) is based on MISTY, and
the specification is available at the above Web
page.
There is, indeed, a COMP-128-2, but that still
belongs to the GSM Association, and I know
nothing about it. This should be looked at as a
"fix" for existing GSM rather than an evolution,
although operators have always been able to use
their own algorithms rather than COMP-128 anyway.
There is a corresponding set of algorithms called
Milenage (the name appears to be a Francophone
in-joke, I don't know what it means) that are
based on Rijndael, to be used for UMTS and GERAN.
Again, that specification is available off the
above URL.
hope that helps,
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: DES not a group proof
Date: 07 Jun 2001 23:36:45 -0700
[EMAIL PROTECTED] (Patrick Aland) writes:
> Anyone got a link to the proof from Crypto '92 that showed that DES is
> not a group? The links I seem to be finding are either dead or simply
> reference it.
The proof is pretty simple. There's an experimentally observed
property of the DES weak keys: let E(x) = E0(E1(x)), where E0 is
encryption with an all-zeros key and E1=encryption with an all-ones
key. Then iterating E gives a short cycle: E(E(E(E(...E(x))))) is
equal to x for some fairly small number of iterations that depends on x.
The theoretical justification for that was figured out after the
experimental observation, but is irrelevant here.
The proof that DES is not a group involves picking some random x
and computing E(E(E(...E(x )))) until you see x again. Say the cycle
length is 637. Suppose DES is a group with N elements. E generates
a cyclic subgroup of DES, which means that 637 divides N.
Now pick a different x and start iterating again. This time you find
the cycle length is 73. That means 73 and 637 *both* divide N, which
means gcd(73,637) = 46501 divides N.
Now do this for more values of x. You'll keep finding different
lengths cycle lengths until you find that the gcd of all the cycle
lengths is larger than 2**56. That means that N is larger than 2**56.
But since there are only 2**56 keys in DES, it means that E is
generating permutations that are outside DES. Since E is in DES,
DES is not a group.
So the proof consists of simply experimentally generating a bunch of
x's, running a program to compute the cycle length of E for each one,
and writing down the results until there's enough.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: What is a skeleton book?
Date: Fri, 08 Jun 2001 06:29:52 GMT
On Fri, 08 Jun 2001 01:04:31 -0400, "Robert J. Kolker"
<[EMAIL PROTECTED]> wrote, in part:
>"John A. Malley" wrote:
>> What is this 'skeleton book'? (I suspect it's a British idiom I've never
>> encountered before.)
>A collection of partial decryptions?
I think from context, it's clearly an incomplete code book and
additive table - as derived from decryptions so far. The skeleton of
the complete books as used by the other side - not something analogous
to a 'skeleton key' that can solve a multitude of codes.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Subject: Re: DES not a group proof
Date: 7 Jun 2001 23:32:18 -0700
In article <[EMAIL PROTECTED]>,
JPeschel <[EMAIL PROTECTED]> wrote:
>I see something on Amazon called "Advances in Cryptology, 1981-1997 :
>Electronic Proceedings and Index of the Crypto and Eurocrypt Conferences
>1981-1997
> (Lecture Notes in Computer science)."
>
>This sounds like it includes what Patrick wanted and more. The cost is 109
>bucks and it appears to be a book and a CD. The on-line review, however, says
>the CD isn't
>easily readable. Has anyone here actually seen the product?
I have, not one, but two copies. It's the most
useful reference available for real
cryptographers. One of the CDs is permanently
mounted at our office, and the other is at my
home. It's organised as a tree of Web pages, and
is easily searchable by pointing any web browser
at it, although you do need a PDF reader. Anyone
who says it isn't easily readable is from a
different planet.
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
