Cryptography-Digest Digest #140
Cryptography-Digest Digest #140, Volume #14 Sat, 14 Apr 01 12:13:01 EDT
Contents:
"Not bad" file encrypt/decrypt utility (kctang)
Re: Graphical representation of a public key (or fingerprint)? ("M.S. Bob")
Re: _"Good" school in Cryptography ("was" I got accepted) ("M.S. Bob")
Rabin-Miller prime testing ("Benjamin Johnston")
Re: Rabin-Miller prime testing ("Tom St Denis")
Re: Rabin-Miller prime testing ("Henrick Hellström")
Re: How to use Dynamic Substitution
Re: please comment (Yechuri)
Re: XOR TextBox Freeware: Very Lousy. (HiEv)
Re: Rabin-Miller prime testing (David A Molnar)
Re: Rabin-Miller prime testing ("Tom St Denis")
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Frank Gerlach)
Re: Unnecessary operation in DES? (John Savard)
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Frank Gerlach)
Re: The 13th...:) (John Savard)
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Frank Gerlach)
From: kctang [EMAIL PROTECTED]
Crossposted-To: hk.comp.software
Subject: "Not bad" file encrypt/decrypt utility
Date: Sat, 14 Apr 2001 19:21:02 +0800
Hi,
Visit http://www.PrivateCrypto.com/int/
I was being told that this
1MB
free
file encrypt/decrypt ultility is "Not bad" if one knows
what is the mouse right click.
Any comments?
Kctang
--
From: "M.S. Bob" [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: Sat, 14 Apr 2001 12:33:38 +0100
Michael Schmidt wrote:
I'm wondering whether there has been any research conducted on the topic
"graphical representation of a public key" or the key's fingerprint. My goal
is to authenticate a public key (or better: its fingerprint, like with PGP)
securely by creating and comparing its graphical representation with an
"original", which is unique enough for every key/fingerprint, yet easy to be
processed and compared by the human brain.
Visual cryptography
http://www.cacr.math.uwaterloo.ca/~dstinson/visual.html
http://www.cacr.math.uwaterloo.ca/~dstinson/index.html
I thought Ian Goldberg has an example using IFS fractals and hashes, but
I can't find the details about it.
http://www.cs.berkeley.edu/~iang/visprint.c
Deja Vu
http://paris.cs.berkeley.edu/%7Eperrig/projects.html#DEJAVU
Hash Visualization and User Authentication through Image Recognition
--
From: "M.S. Bob" [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: _"Good" school in Cryptography ("was" I got accepted)
Date: Sat, 14 Apr 2001 12:45:51 +0100
newbie wrote:
Your first postulate is : "the university is the only place when you can
learn cryptography "
Your second is " you have to be strong mathematician to learn
cryptography "
Your third postulate is " only USA and Europe are the best place to
learn cryptography"
This is simply wrong.
Did you read a french translation of "Stop secret" Tchayatin Olga?
Unpublished book. It is hard to find.
I have a copy but not in Canada. In my sister,s house in Paris.
If you're willing to lend it to me, I'll pick it up from your sister's
house in Paris sometime.
Assuming your copy is the french translation.
--
From: "Benjamin Johnston" [EMAIL PROTECTED]
Subject: Rabin-Miller prime testing
Date: Sat, 14 Apr 2001 22:14:54 +1000
Hello again,
Firstly - thank you to all those who responded to my other message
I've got another question... what the "standard" practice is for generating
values that
act as a "witness" for a prime?
The explanations of Rabin-Miller that I managed to find all implied that
these values should be generated randomly.
This seemed suspicious to me, because there doesn't seem to be much
advantage
in choosing random witnesses over having some predefined list.
I eventually managed to track down a paper (Primality Testing Revisited, by
J.H. Davenport, 1992) which gave me the impression that it is standard
practice to use the set of bases {3,5,7,11,13,17,19,23,29,31}.
Is this in fact the case; is there some set of "recommended" bases that
should be used? Is it good practice to test against only the first few
primes - and how many of these is it worth trying before it becomes
pointless proceeding?
-Benjamin Johnston
[EMAIL PROTECTED]
--
From: "Tom St Denis" [EMAIL PROTECTED]
Subject: Re: Rabin-Miller prime testing
Date: Sat, 14 Apr 2001 12:33:40 GMT
"Benjamin Johnston" [EMAIL PROTECTED] wrote in message
news:9b9eru$t5m$[EMAIL PROTECTED]...
Hello aga
Cryptography-Digest Digest #140
Cryptography-Digest Digest #140, Volume #13 Sat, 11 Nov 00 06:13:00 EST
Contents:
Re: voting through pgp ("John A. Malley")
Why remote electronic voting is a bad idea (was voting through pgp) (David Hopwood)
RC6 Question ("Vinchenzo")
Re: Updated XOR Software Utility (freeware) Version 1.1 from Ciphile Software (Guy
Macon)
Re: voting through pgp (John Savard)
Re: voting through pgp (John Savard)
Re: Q: Rotor machines (Steve Portly)
Re: Q: Rotor machines (John Savard)
Re: Type 3 Feistel? (John Savard)
Re: voting through pgp ([EMAIL PROTECTED])
Re: monoalphabetic cipher ([EMAIL PROTECTED])
Re: voting through pgp (David Crick)
Re: Type 3 Feistel? (Mok-Kong Shen)
Re: Q: Rotor machines (Mok-Kong Shen)
From: "John A. Malley" [EMAIL PROTECTED]
Subject: Re: voting through pgp
Date: Fri, 10 Nov 2000 21:15:51 -0800
David Wagner wrote:
SCOTT19U.ZIP_GUY wrote:
Ahh but what about ghost voters. You give a buch of bums
cigarattes and have them vote your way.
Yes, I think we should take care to think very carefully about
these attacks before changing the system! The risks of electronic
voting are not confined to electronic attacks. To give another
example, absentee ballots are traditionally an important point of
potential vulnerability.
Interesting. No electronic voting from home, no absentee ballots - these
statements point to a more fundamental issue - physical presence at a
vote collection site, a rendevouz between the State's sanctioned
equipment and representatives and the Citizen in physical form in the
designated place of voting, along with other Citizens.
The Citizen can vote electronically or by punch card or by mechanical
lever, but the *act* of voting must be public, witnessed by the
representative of the State and other Citizens.
The decision made by the Citizen must remain anonymous. A particular
decision cannot be linked to any particular Citizen. No other Citizen
can determine the decision made by another Citizen while they are in
each other's presence. The State representative must have some census of
Citizen's and must collect a one-to-one match between the set of
Citizens who voted and the census. This detects but does not prevent
vote fraud (i.e. sign before you vote, but two identical signatures
appearing invalidate your vote.) The act of deciding must remain public.
So a Citizen Voter is not anonymous - only the decision of the vote is
anonymous. This physical contract between Citizen and State in the
presence of other Citizens is a detriment to physical intimidation - but
it does not prevent the Citizen from deciding in a way that benefits a
third party in exchange for some consideration (like smokes, some
Thunderbird, cash, or extortion) and this can be arranged outside of the
designated area outside the view of the State's representatives.
Are there electronic protocols that try to maintain the public view of
the act of making a decision - that require others actually
electronically simultaneously witness the transaction? Without such an
analogous behavior in the electronic, disembodied protocol I would doubt
we can get close to emulating the voting experience we desire.
John A. Malley
[EMAIL PROTECTED]
--
Date: Sat, 11 Nov 2000 05:57:22 +
From: David Hopwood [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Why remote electronic voting is a bad idea (was voting through pgp)
=BEGIN PGP SIGNED MESSAGE=
binary digit wrote:
Imagine if everyone had pgp in the world and voted through pgp, every
single vote could be verified and everyone would be happy,
Problems with remote electronic voting systems (in no particular order):
1. obtaining voter anonymity *and* adequate authentication,
2. vote buying and coercion,
3. authenticating computers and not individual voters is not sufficient,
4. targetted denial of service,
5. verifiability of software and hardware,
6. some voters may have problems with electronic interfaces that they
would not have with paper ballots,
7. attacks against insecure end-points (both voters' PCs, and servers),
8. there is arguably more scope for *undetectable* corruption than in
a paper-based system,
9. existing weaknesses in paper-based systems [*1] are magnified if
voting is remote and anonymous, because it is easier to get away
with attacks,
10. bias due to poorer social groups having less access to computers.
It might be possible to address 1, 2, and possibly 3 by a cryptographic
protocol, and 6 by careful interface design [*2], but I don't see the
other problems being solved any time soon, if they are solvable at all.
4 is particularly tricky - when people have the option not to vote [*3],
how do you distinguish a non-vote from a denial of service attack?
It can't be done with cryptography. 10 is also a very serious problem,
Cryptography-Digest Digest #140
Cryptography-Digest Digest #140, Volume #12 Fri, 30 Jun 00 05:13:01 EDT
Contents:
Re: When you know the PT is ascii ("Douglas A. Gwyn")
Re: Idea or 3DES (Boris Kazak)
Re: Another chaining mode (Boris Kazak)
Re: Remark on practical predictability of sequences ("John A. Malley")
Re: Remark on practical predictability of sequences (David A. Wagner)
Re: security problem with Win 2000 Encryption File System (Greg)
Re: Blowfish for signatures? (Runu Knips)
Re: Certificate authorities (CAs) - how do they become trusted authorities ?? (Greg)
Re: Distribution of keys in binaries? (Shawn Willden)
Re: Certificate authorities (CAs) - how do they become trusted authorities ?? (Greg)
Re: Is this a HOAX or RSA is REALLY broken?!? (Greg)
Re: TEA question ([EMAIL PROTECTED])
Re: Certificate authorities (CAs) - how do they become trusted authorities ?? (David
A Molnar)
Re: TEA question ([EMAIL PROTECTED])
Re: Remark on practical predictability of sequences (Mok-Kong Shen)
Re: Remark on practical predictability of sequences (Mok-Kong Shen)
Re: Remark on practical predictability of sequences (Mok-Kong Shen)
Re: Another chaining mode (Mok-Kong Shen)
Re: Key agreement in GSM phones (Michael Schmidt)
Re: How Uncertain? (Mark Wooding)
From: "Douglas A. Gwyn" [EMAIL PROTECTED]
Subject: Re: When you know the PT is ascii
Date: Fri, 30 Jun 2000 00:09:18 -0400
Andrew John Walker wrote:
How secure are encryption methods such as DES, IDEA etc when you
know the PT consists of printable text or some other subset of
the ascii character set?
In principle, the more one knows about the plaintext, the easier
cryptanalysis becomes. For example, knowing that every 8th bit
of the DES input block is 0 allows one to reduce the sizeable set
of DES encryption equations to a measurably smaller set of
equations. This *may* permit solution for the key (given multiple
blocks using the same key) in cases that would just take too long
otherwise.
In practice in the "open" cryptologic world today, DES would be
attacked by a brute-force key search machine like EFF's and the
known PT characteristics would be used solely to determine when
a likely decryption had occurred. Testing for a bunch of 0 bits
at known locations (for example) is faster and more accurate
than computing a statistical measure on the decrypted block.
--
From: Boris Kazak [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Idea or 3DES
Date: Fri, 30 Jun 2000 05:04:41 GMT
Arturo wrote:
**
And what if we accept the fact that not even the USG is all-powerful?
They can´t stop the flow of drugs into the US or prevent a starving-to-death
country like North Korea from becoming a nuclear power, so what makes you think
they could block the Internet out of the US?
===
Absolutely correct. From the point of view of a mouse, the most
terrible
predator is the cat. Thus the first and foremost duty of any cat is to
plant
and support this illusion among mice.
So what if cats cannot break ciphers? Mice are abundant around...
Best wishesBNK
--
From: Boris Kazak [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Another chaining mode
Date: Fri, 30 Jun 2000 05:24:38 GMT
Mok-Kong Shen wrote:
I have a question about this: If one decrpyts two consecutive pairs
to (x_i, y_i) and (x_(i+1), y_(i+1)), wouldn't one get (x_i, x_(i+1)),
i.e. one original block? So what do you mean by doing decryption
in the 'reverse direction' above? Another point: If one does with any
block cipher in double rounds and hence consumes double time,
wouldn't avalanche also improve substantailly as you noted? Thanks.
M. K. Shen
=
Many attacks are based on different and distinct behavior of individual
bytes and words during encryption. Advancing by half-blocks gives you
additional advantage of thoroughly mixing all your block into one single
entity. Borders between bytes and words exist no more, any analyst must
attack the block as a whole - 128 or 256 bits.
This allows to use reduced number of rounds - for example MMBOOZE has
only 6 rounds, and I cordially invite you to have a look at the cipher.
http://www.wizard.net/~echo/crypto-contest.html
Best wishes BNK
--
From: "John A. Malley" [EMAIL PROTECTED]
Subject: Re: Remark on practical predictability of sequences
Date: Thu, 29 Jun 2000 22:53:54 -0700
Mok-Kong Shen wrote:
Although the details of the paper by Bellare et al. are too
involved for me to comprehend, it is evident that their
result does not affect the issue in the present thread. Let
me quote them:
We assume the cryptanalyst knows the parameters a, b, M
defining the LCG. (They are chosen at
Cryptography-Digest Digest #140
Cryptography-Digest Digest #140, Volume #10 Mon, 30 Aug 99 14:13:04 EDT
Contents:
Re: One to One Compression updated (Tom St Denis)
Re: 512 bit number factored ([EMAIL PROTECTED])
Re: 512 bit number factored (Anton Stiglic)
Re: What if RSA / factoring really breaks? ("David J Whalen-Robinson")
Re: What if RSA / factoring really breaks? (SCOTT19U.ZIP_GUY)
Re: Chosen messages attack on ISO 9796-1 signatures (DJohn37050)
Re: Can I export software that uses encryption as copy protection? ("Trevor Jackson,
III")
Re: RC4 question ("Trevor Jackson, III")
Re: Can I export software that uses encryption as copy protection? ("Trevor Jackson,
III")
Re: One to One Compression updated (SCOTT19U.ZIP_GUY)
Re: What if RSA / factoring really breaks? (Boudewijn W. Ch. Visser)
Re: I HOPE AM WRONG ("Douglas A. Gwyn")
Re: WT Shaw temporarily sidelined ([EMAIL PROTECTED])
Re: I HOPE AM WRONG ("Douglas A. Gwyn")
Re: 512 bit number factored ("Douglas A. Gwyn")
Re: Q: Cross-covariance of independent RN sequences in practice ("Douglas A. Gwyn")
Re: compress then encrypt? ("Douglas A. Gwyn")
Re: I HOPE AM WRONG ("Douglas A. Gwyn")
Re: What if RSA / factoring really breaks? (Bob Silverman)
Re: public key encryption - unlicensed algorithm ([EMAIL PROTECTED])
Re: Vigenere Variant Problem ("Douglas A. Gwyn")
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: One to One Compression updated
Date: Mon, 30 Aug 1999 14:07:59 GMT
In article 7q7nst$1r0m$[EMAIL PROTECTED],
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
I updated my "one to one" adaptive huffman compression
routines. These are routines that treat any file as a compressed
file or as an uncompressed file there are no headers. Would
be of great use as a first pass before encryption see my
compression page at
http:/members.xoom.com/ecil/compress.htm
Why?
Tom
--
PGP 6.5.1 Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: [EMAIL PROTECTED]
Subject: Re: 512 bit number factored
Date: 29 Aug 1999 12:07:42 -0400
In article wgu20.935834050@riemann, [EMAIL PROTECTED] (W.G. Unruh
) writes:
Paul Koning [EMAIL PROTECTED] writes:
"Boudewijn W. Ch. Visser" wrote:
See http://www.cwi.nl/cwi/Latest_News.html :
which models 95% of the keys used to secure electronic commerce on the
Internet.
But I'm curious about the assertion that 95% of the keys used
are 512 bit keys. Admittedly the sample is small, but my PGP keyring
PGP is NOT the primary method to "secure electronic commerce". Those are
proprietary schemes used by banks, etc.
AFAIK, the 95% figure first appears in Shamir's TWINKLE paper,
which we've referred to as having been sent to one of us on April 19,
shortly before Eurocrypt'99.
B. Dodson
--
From: Anton Stiglic [EMAIL PROTECTED]
Subject: Re: 512 bit number factored
Date: Mon, 30 Aug 1999 11:18:23 -0400
Bob Silverman wrote:
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (DJohn37050) wrote:
4. Algorithmic breakthroughs are possible. RSA 512 was thought totally
unbreakable just a few years ago.
Don Johnson
More deceit and lies.
[here he goes again!]
If, by "a few years ago", you mean 15 years, I will agree.
of cours. The inventors of RSA gave out a challenge, they beleived that
factoring
would have taken _much_ longer time (be it impossible). (was that in a
Scientific
American journal of something...?).
Why use the words "deceit and lies" for this statement, when we all know it
is
true!
The parallel quadratic sieve changed that.
We have known sine the mid-80's the level of effort needed for 512
bit keys when attacked by QS. However, computers were not
fast enough nor abundant enough at that time to consider doing it.
We have known since about 1990 the level of effort needed for
512 bit keys when attacked by NFS. We could have done
RSA-155 back in 1991 with sufficient effort (albeit much greater
effort than was used recently; we needed to learn how to
fine tune NFS to get good performance and climbing that learning curve
took time)
What do you mean by *we*. Are you talking about RSA labs?
First of all, Pomerance (1982) came up with QS, Pollard came up with NFS
(1993).
Independent research groups came up with efficient implementations
and factored the RSA challenges.
If you mean "the cryptology community" by "we", then I will agree.
Anton
--
From: "David J Whalen-Robinson" [EMAIL PROTECTED]
Crossposted-To: sci.math
Subject: Re: What if RSA / factoring
