Cryptography-Digest Digest #140
Cryptography-Digest Digest #140, Volume #14 Sat, 14 Apr 01 12:13:01 EDT Contents: "Not bad" file encrypt/decrypt utility (kctang) Re: Graphical representation of a public key (or fingerprint)? ("M.S. Bob") Re: _"Good" school in Cryptography ("was" I got accepted) ("M.S. Bob") Rabin-Miller prime testing ("Benjamin Johnston") Re: Rabin-Miller prime testing ("Tom St Denis") Re: Rabin-Miller prime testing ("Henrick Hellström") Re: How to use Dynamic Substitution Re: please comment (Yechuri) Re: XOR TextBox Freeware: Very Lousy. (HiEv) Re: Rabin-Miller prime testing (David A Molnar) Re: Rabin-Miller prime testing ("Tom St Denis") Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Frank Gerlach) Re: Unnecessary operation in DES? (John Savard) Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Frank Gerlach) Re: The 13th...:) (John Savard) Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Frank Gerlach) From: kctang [EMAIL PROTECTED] Crossposted-To: hk.comp.software Subject: "Not bad" file encrypt/decrypt utility Date: Sat, 14 Apr 2001 19:21:02 +0800 Hi, Visit http://www.PrivateCrypto.com/int/ I was being told that this 1MB free file encrypt/decrypt ultility is "Not bad" if one knows what is the mouse right click. Any comments? Kctang -- From: "M.S. Bob" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: Graphical representation of a public key (or fingerprint)? Date: Sat, 14 Apr 2001 12:33:38 +0100 Michael Schmidt wrote: I'm wondering whether there has been any research conducted on the topic "graphical representation of a public key" or the key's fingerprint. My goal is to authenticate a public key (or better: its fingerprint, like with PGP) securely by creating and comparing its graphical representation with an "original", which is unique enough for every key/fingerprint, yet easy to be processed and compared by the human brain. Visual cryptography http://www.cacr.math.uwaterloo.ca/~dstinson/visual.html http://www.cacr.math.uwaterloo.ca/~dstinson/index.html I thought Ian Goldberg has an example using IFS fractals and hashes, but I can't find the details about it. http://www.cs.berkeley.edu/~iang/visprint.c Deja Vu http://paris.cs.berkeley.edu/%7Eperrig/projects.html#DEJAVU Hash Visualization and User Authentication through Image Recognition -- From: "M.S. Bob" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: _"Good" school in Cryptography ("was" I got accepted) Date: Sat, 14 Apr 2001 12:45:51 +0100 newbie wrote: Your first postulate is : "the university is the only place when you can learn cryptography " Your second is " you have to be strong mathematician to learn cryptography " Your third postulate is " only USA and Europe are the best place to learn cryptography" This is simply wrong. Did you read a french translation of "Stop secret" Tchayatin Olga? Unpublished book. It is hard to find. I have a copy but not in Canada. In my sister,s house in Paris. If you're willing to lend it to me, I'll pick it up from your sister's house in Paris sometime. Assuming your copy is the french translation. -- From: "Benjamin Johnston" [EMAIL PROTECTED] Subject: Rabin-Miller prime testing Date: Sat, 14 Apr 2001 22:14:54 +1000 Hello again, Firstly - thank you to all those who responded to my other message I've got another question... what the "standard" practice is for generating values that act as a "witness" for a prime? The explanations of Rabin-Miller that I managed to find all implied that these values should be generated randomly. This seemed suspicious to me, because there doesn't seem to be much advantage in choosing random witnesses over having some predefined list. I eventually managed to track down a paper (Primality Testing Revisited, by J.H. Davenport, 1992) which gave me the impression that it is standard practice to use the set of bases {3,5,7,11,13,17,19,23,29,31}. Is this in fact the case; is there some set of "recommended" bases that should be used? Is it good practice to test against only the first few primes - and how many of these is it worth trying before it becomes pointless proceeding? -Benjamin Johnston [EMAIL PROTECTED] -- From: "Tom St Denis" [EMAIL PROTECTED] Subject: Re: Rabin-Miller prime testing Date: Sat, 14 Apr 2001 12:33:40 GMT "Benjamin Johnston" [EMAIL PROTECTED] wrote in message news:9b9eru$t5m$[EMAIL PROTECTED]... Hello aga
Cryptography-Digest Digest #140
Cryptography-Digest Digest #140, Volume #13 Sat, 11 Nov 00 06:13:00 EST Contents: Re: voting through pgp ("John A. Malley") Why remote electronic voting is a bad idea (was voting through pgp) (David Hopwood) RC6 Question ("Vinchenzo") Re: Updated XOR Software Utility (freeware) Version 1.1 from Ciphile Software (Guy Macon) Re: voting through pgp (John Savard) Re: voting through pgp (John Savard) Re: Q: Rotor machines (Steve Portly) Re: Q: Rotor machines (John Savard) Re: Type 3 Feistel? (John Savard) Re: voting through pgp ([EMAIL PROTECTED]) Re: monoalphabetic cipher ([EMAIL PROTECTED]) Re: voting through pgp (David Crick) Re: Type 3 Feistel? (Mok-Kong Shen) Re: Q: Rotor machines (Mok-Kong Shen) From: "John A. Malley" [EMAIL PROTECTED] Subject: Re: voting through pgp Date: Fri, 10 Nov 2000 21:15:51 -0800 David Wagner wrote: SCOTT19U.ZIP_GUY wrote: Ahh but what about ghost voters. You give a buch of bums cigarattes and have them vote your way. Yes, I think we should take care to think very carefully about these attacks before changing the system! The risks of electronic voting are not confined to electronic attacks. To give another example, absentee ballots are traditionally an important point of potential vulnerability. Interesting. No electronic voting from home, no absentee ballots - these statements point to a more fundamental issue - physical presence at a vote collection site, a rendevouz between the State's sanctioned equipment and representatives and the Citizen in physical form in the designated place of voting, along with other Citizens. The Citizen can vote electronically or by punch card or by mechanical lever, but the *act* of voting must be public, witnessed by the representative of the State and other Citizens. The decision made by the Citizen must remain anonymous. A particular decision cannot be linked to any particular Citizen. No other Citizen can determine the decision made by another Citizen while they are in each other's presence. The State representative must have some census of Citizen's and must collect a one-to-one match between the set of Citizens who voted and the census. This detects but does not prevent vote fraud (i.e. sign before you vote, but two identical signatures appearing invalidate your vote.) The act of deciding must remain public. So a Citizen Voter is not anonymous - only the decision of the vote is anonymous. This physical contract between Citizen and State in the presence of other Citizens is a detriment to physical intimidation - but it does not prevent the Citizen from deciding in a way that benefits a third party in exchange for some consideration (like smokes, some Thunderbird, cash, or extortion) and this can be arranged outside of the designated area outside the view of the State's representatives. Are there electronic protocols that try to maintain the public view of the act of making a decision - that require others actually electronically simultaneously witness the transaction? Without such an analogous behavior in the electronic, disembodied protocol I would doubt we can get close to emulating the voting experience we desire. John A. Malley [EMAIL PROTECTED] -- Date: Sat, 11 Nov 2000 05:57:22 + From: David Hopwood [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Why remote electronic voting is a bad idea (was voting through pgp) =BEGIN PGP SIGNED MESSAGE= binary digit wrote: Imagine if everyone had pgp in the world and voted through pgp, every single vote could be verified and everyone would be happy, Problems with remote electronic voting systems (in no particular order): 1. obtaining voter anonymity *and* adequate authentication, 2. vote buying and coercion, 3. authenticating computers and not individual voters is not sufficient, 4. targetted denial of service, 5. verifiability of software and hardware, 6. some voters may have problems with electronic interfaces that they would not have with paper ballots, 7. attacks against insecure end-points (both voters' PCs, and servers), 8. there is arguably more scope for *undetectable* corruption than in a paper-based system, 9. existing weaknesses in paper-based systems [*1] are magnified if voting is remote and anonymous, because it is easier to get away with attacks, 10. bias due to poorer social groups having less access to computers. It might be possible to address 1, 2, and possibly 3 by a cryptographic protocol, and 6 by careful interface design [*2], but I don't see the other problems being solved any time soon, if they are solvable at all. 4 is particularly tricky - when people have the option not to vote [*3], how do you distinguish a non-vote from a denial of service attack? It can't be done with cryptography. 10 is also a very serious problem,
Cryptography-Digest Digest #140
Cryptography-Digest Digest #140, Volume #12 Fri, 30 Jun 00 05:13:01 EDT Contents: Re: When you know the PT is ascii ("Douglas A. Gwyn") Re: Idea or 3DES (Boris Kazak) Re: Another chaining mode (Boris Kazak) Re: Remark on practical predictability of sequences ("John A. Malley") Re: Remark on practical predictability of sequences (David A. Wagner) Re: security problem with Win 2000 Encryption File System (Greg) Re: Blowfish for signatures? (Runu Knips) Re: Certificate authorities (CAs) - how do they become trusted authorities ?? (Greg) Re: Distribution of keys in binaries? (Shawn Willden) Re: Certificate authorities (CAs) - how do they become trusted authorities ?? (Greg) Re: Is this a HOAX or RSA is REALLY broken?!? (Greg) Re: TEA question ([EMAIL PROTECTED]) Re: Certificate authorities (CAs) - how do they become trusted authorities ?? (David A Molnar) Re: TEA question ([EMAIL PROTECTED]) Re: Remark on practical predictability of sequences (Mok-Kong Shen) Re: Remark on practical predictability of sequences (Mok-Kong Shen) Re: Remark on practical predictability of sequences (Mok-Kong Shen) Re: Another chaining mode (Mok-Kong Shen) Re: Key agreement in GSM phones (Michael Schmidt) Re: How Uncertain? (Mark Wooding) From: "Douglas A. Gwyn" [EMAIL PROTECTED] Subject: Re: When you know the PT is ascii Date: Fri, 30 Jun 2000 00:09:18 -0400 Andrew John Walker wrote: How secure are encryption methods such as DES, IDEA etc when you know the PT consists of printable text or some other subset of the ascii character set? In principle, the more one knows about the plaintext, the easier cryptanalysis becomes. For example, knowing that every 8th bit of the DES input block is 0 allows one to reduce the sizeable set of DES encryption equations to a measurably smaller set of equations. This *may* permit solution for the key (given multiple blocks using the same key) in cases that would just take too long otherwise. In practice in the "open" cryptologic world today, DES would be attacked by a brute-force key search machine like EFF's and the known PT characteristics would be used solely to determine when a likely decryption had occurred. Testing for a bunch of 0 bits at known locations (for example) is faster and more accurate than computing a statistical measure on the decrypted block. -- From: Boris Kazak [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: Idea or 3DES Date: Fri, 30 Jun 2000 05:04:41 GMT Arturo wrote: ** And what if we accept the fact that not even the USG is all-powerful? They can´t stop the flow of drugs into the US or prevent a starving-to-death country like North Korea from becoming a nuclear power, so what makes you think they could block the Internet out of the US? === Absolutely correct. From the point of view of a mouse, the most terrible predator is the cat. Thus the first and foremost duty of any cat is to plant and support this illusion among mice. So what if cats cannot break ciphers? Mice are abundant around... Best wishesBNK -- From: Boris Kazak [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: Another chaining mode Date: Fri, 30 Jun 2000 05:24:38 GMT Mok-Kong Shen wrote: I have a question about this: If one decrpyts two consecutive pairs to (x_i, y_i) and (x_(i+1), y_(i+1)), wouldn't one get (x_i, x_(i+1)), i.e. one original block? So what do you mean by doing decryption in the 'reverse direction' above? Another point: If one does with any block cipher in double rounds and hence consumes double time, wouldn't avalanche also improve substantailly as you noted? Thanks. M. K. Shen = Many attacks are based on different and distinct behavior of individual bytes and words during encryption. Advancing by half-blocks gives you additional advantage of thoroughly mixing all your block into one single entity. Borders between bytes and words exist no more, any analyst must attack the block as a whole - 128 or 256 bits. This allows to use reduced number of rounds - for example MMBOOZE has only 6 rounds, and I cordially invite you to have a look at the cipher. http://www.wizard.net/~echo/crypto-contest.html Best wishes BNK -- From: "John A. Malley" [EMAIL PROTECTED] Subject: Re: Remark on practical predictability of sequences Date: Thu, 29 Jun 2000 22:53:54 -0700 Mok-Kong Shen wrote: Although the details of the paper by Bellare et al. are too involved for me to comprehend, it is evident that their result does not affect the issue in the present thread. Let me quote them: We assume the cryptanalyst knows the parameters a, b, M defining the LCG. (They are chosen at
Cryptography-Digest Digest #140
Cryptography-Digest Digest #140, Volume #10 Mon, 30 Aug 99 14:13:04 EDT Contents: Re: One to One Compression updated (Tom St Denis) Re: 512 bit number factored ([EMAIL PROTECTED]) Re: 512 bit number factored (Anton Stiglic) Re: What if RSA / factoring really breaks? ("David J Whalen-Robinson") Re: What if RSA / factoring really breaks? (SCOTT19U.ZIP_GUY) Re: Chosen messages attack on ISO 9796-1 signatures (DJohn37050) Re: Can I export software that uses encryption as copy protection? ("Trevor Jackson, III") Re: RC4 question ("Trevor Jackson, III") Re: Can I export software that uses encryption as copy protection? ("Trevor Jackson, III") Re: One to One Compression updated (SCOTT19U.ZIP_GUY) Re: What if RSA / factoring really breaks? (Boudewijn W. Ch. Visser) Re: I HOPE AM WRONG ("Douglas A. Gwyn") Re: WT Shaw temporarily sidelined ([EMAIL PROTECTED]) Re: I HOPE AM WRONG ("Douglas A. Gwyn") Re: 512 bit number factored ("Douglas A. Gwyn") Re: Q: Cross-covariance of independent RN sequences in practice ("Douglas A. Gwyn") Re: compress then encrypt? ("Douglas A. Gwyn") Re: I HOPE AM WRONG ("Douglas A. Gwyn") Re: What if RSA / factoring really breaks? (Bob Silverman) Re: public key encryption - unlicensed algorithm ([EMAIL PROTECTED]) Re: Vigenere Variant Problem ("Douglas A. Gwyn") From: Tom St Denis [EMAIL PROTECTED] Subject: Re: One to One Compression updated Date: Mon, 30 Aug 1999 14:07:59 GMT In article 7q7nst$1r0m$[EMAIL PROTECTED], [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote: I updated my "one to one" adaptive huffman compression routines. These are routines that treat any file as a compressed file or as an uncompressed file there are no headers. Would be of great use as a first pass before encryption see my compression page at http:/members.xoom.com/ecil/compress.htm Why? Tom -- PGP 6.5.1 Key http://mypage.goplay.com/tomstdenis/key.pgp PGP 2.6.2 Key http://mypage.goplay.com/tomstdenis/key_rsa.pgp Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't. -- From: [EMAIL PROTECTED] Subject: Re: 512 bit number factored Date: 29 Aug 1999 12:07:42 -0400 In article wgu20.935834050@riemann, [EMAIL PROTECTED] (W.G. Unruh ) writes: Paul Koning [EMAIL PROTECTED] writes: "Boudewijn W. Ch. Visser" wrote: See http://www.cwi.nl/cwi/Latest_News.html : which models 95% of the keys used to secure electronic commerce on the Internet. But I'm curious about the assertion that 95% of the keys used are 512 bit keys. Admittedly the sample is small, but my PGP keyring PGP is NOT the primary method to "secure electronic commerce". Those are proprietary schemes used by banks, etc. AFAIK, the 95% figure first appears in Shamir's TWINKLE paper, which we've referred to as having been sent to one of us on April 19, shortly before Eurocrypt'99. B. Dodson -- From: Anton Stiglic [EMAIL PROTECTED] Subject: Re: 512 bit number factored Date: Mon, 30 Aug 1999 11:18:23 -0400 Bob Silverman wrote: In article [EMAIL PROTECTED], [EMAIL PROTECTED] (DJohn37050) wrote: 4. Algorithmic breakthroughs are possible. RSA 512 was thought totally unbreakable just a few years ago. Don Johnson More deceit and lies. [here he goes again!] If, by "a few years ago", you mean 15 years, I will agree. of cours. The inventors of RSA gave out a challenge, they beleived that factoring would have taken _much_ longer time (be it impossible). (was that in a Scientific American journal of something...?). Why use the words "deceit and lies" for this statement, when we all know it is true! The parallel quadratic sieve changed that. We have known sine the mid-80's the level of effort needed for 512 bit keys when attacked by QS. However, computers were not fast enough nor abundant enough at that time to consider doing it. We have known since about 1990 the level of effort needed for 512 bit keys when attacked by NFS. We could have done RSA-155 back in 1991 with sufficient effort (albeit much greater effort than was used recently; we needed to learn how to fine tune NFS to get good performance and climbing that learning curve took time) What do you mean by *we*. Are you talking about RSA labs? First of all, Pomerance (1982) came up with QS, Pollard came up with NFS (1993). Independent research groups came up with efficient implementations and factored the RSA challenges. If you mean "the cryptology community" by "we", then I will agree. Anton -- From: "David J Whalen-Robinson" [EMAIL PROTECTED] Crossposted-To: sci.math Subject: Re: What if RSA / factoring