Cryptography-Digest Digest #141
Cryptography-Digest Digest #141, Volume #14 Sat, 14 Apr 01 17:13:01 EDT
Contents:
Utimaco a Supplier of the German Armed Forces ? (Frank Gerlach)
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Mok-Kong Shen)
Re: please comment (Mok-Kong Shen)
Re: Graphical representation of a public key (or fingerprint)? ("Michael Schmidt")
Re: Graphical representation of a public key (or fingerprint)? ("Matt Timmermans")
LFSR Security (Nathan E. Banks [EMAIL PROTECTED])
Re: please comment (Darren New)
Re: please comment ("Paul Pires")
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Jim D)
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Jim D)
Re: "Good" file encrypt/decrypt utility wanted! (Steve K)
Re: Patents for Enigma ?? (Lawrence Kirby)
Re: LFSR Security (David Wagner)
Re: NSA-Endorsed Schools have a Mediocre Internet Presence ("Douglas A. Gwyn")
Re: please comment ("Ryan M. McConahy")
Re: XOR TextBox Freeware: Very Lousy. (Anthony Stephen Szopa)
Re: LFSR Security (Nathan E. Banks [EMAIL PROTECTED])
Re: LFSR Security (David Wagner)
Re: LFSR Security (Nathan E. Banks [EMAIL PROTECTED])
Re: LFSR Security ("Scott Fluhrer")
Re: Would dictionary-based data compression violate DynSub? (Terry Ritter)
From: Frank Gerlach [EMAIL PROTECTED]
Crossposted-To: hk.comp.software
Subject: Utimaco a Supplier of the German Armed Forces ?
Date: Sat, 14 Apr 2001 18:14:21 +0200
I have *heard* that Utimaco is a supplier of the GAF.
Anything else I have to say ? Maybe "Crypto AG" ?
Get yourself a copy of GPG/PGP, but then check the source :-)
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: Sat, 14 Apr 2001 18:34:22 +0200
Frank Gerlach wrote:
[snip]
I am attributing this to the dominance of the spooks, who have no
real interest in spreading good security.
The human society is extremely complex and involved.
Look e.g. at the pharma industry. Their 'ideal' would
be selling a particular product 'forever', thus saving
the often very high investment to find better medicaments.
Were it not for the competition, I don't believe that
there would have been substantial incentives to conduct
RD simply for the benefit of the illed on purely moral
grounds, as long as the fiscal balance sheet of the
company is excellent. Thus don't be surprised by the
phenomenon you described and severely curse them. They
are just humans, in fact not unlike most of us in
'principle' (even if you would disagree and protest
against this viewpoint), always attempting to find some
'optimum' for themselves (alone). Other examples abound
in the arena of politics.
BTW, I think that the increased use of new technologies
in wireless communications (I recently saw the term SR,
software radio, in this connection. Could someone give
the exact definition of it?) and the rapid expansion of
the total message volume may one day render effective
surveillance and intelligence gathering technically
infeasible. At that time point, the existence of
the agencies would be economically questionable. It
could then be the case that these would be dissolved,
releasing their scientists to the civilian world, and
the knowledge 'gap' between them and the academics, as
was mentioned in a previous post in this thread, would
then be perfectly closed. Of course, this is yet all
utopic.
M. K. Shen
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: please comment
Date: Sat, 14 Apr 2001 18:41:09 +0200
Yechuri wrote:
I did a disclosure document months ago but I'm hoping
it's so common it can't be patented. What do you think ?
Paradoxically, the best and only entirely secure way to
ensure that something can't be patented (by others) is
to try to get a patent on it yourself.
M. K. Shen
--
From: "Michael Schmidt" [EMAIL PROTECTED]
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: Sat, 14 Apr 2001 19:08:03 +0200
"M.S. Bob" [EMAIL PROTECTED] schrieb im Newsbeitrag
news:[EMAIL PROTECTED]...
Michael Schmidt wrote:
I'm wondering whether there has been any research conducted on the topic
"graphical representation of a public key" or the key's fingerprint. My
goal
is to authenticate a public key (or better: its fingerprint, like with
PGP)
securely by creating and comparing its graphical representation with an
"original", which is unique enough for every key/fingerprint, yet easy
to be
processed and compared by the human brain.
Visual cryptography
http://www.cacr.math.uwaterloo.ca/~dstinson/visual.html
http://www.cacr.math.uwaterloo.ca/~dstinson/index.html
I thought Ian Goldberg
Cryptography-Digest Digest #141
Cryptography-Digest Digest #141, Volume #13 Sat, 11 Nov 00 12:13:01 EST
Contents:
Re: Q: Computations in a Galois Field (Mok-Kong Shen)
Re: RC6 Question (Mok-Kong Shen)
Rotor Machines and Alan Turing the father of modren cryptography
([EMAIL PROTECTED])
Re: voting through pgp (Paul Crowley)
Re: voting through pgp (Timothy M. Metzinger)
vote buying... (Timothy M. Metzinger)
Re: Type 3 Feistel? (John Savard)
Re: Why remote electronic voting is a bad idea (was voting through pgp) (Roger
Schlafly)
Re: Q: Rotor machines (Steve Portly)
Re: Rotor Machines and Alan Turing the father of modren cryptography (Mok-Kong Shen)
Re: RC6 Question (Tom St Denis)
Re: voting through pgp ("John A. Malley")
Re: Why remote electronic voting is a bad idea (was voting through pgp)
([EMAIL PROTECTED])
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Q: Computations in a Galois Field
Date: Sat, 11 Nov 2000 12:40:08 +0100
Paul Crowley wrote:
Mok-Kong Shen wrote:
My understanding of the section you mentioned is that both
the x to 1/x mapping and the affine transformation are
such that they are simple to describe and (apparently by
some chance) happen to be very good.
The x - 1/x thing is known to be very good; it's not coincidence, it's
well known as a bijective S-box strongly resistant to DC and LC. Any
affine transformation would preserve these properties; it's not hard to
choose a simple one that achieves the few extra properties that the
Rijndael designers wanted.
Now I understand why you're asking - you want a non-interoperable
variant! You could go for choosing a different affine function with the
same nice properties, there should be many. I don't think I'd recommend
messing with MixColumn, and I'd *definitely* leave ShiftRow alone.
Frankly, though, your best bet is probably a simple variant of the key
schedule; this will probably allow you to implement your variant on
Rijndael hardware. A radically different set of round constants would
probably do it.
Unless I'm not guessing the purpose of this variant properly?
Yes. The variant that almost certainly doesn't affect the
strength of the cipher is permuting the round keys which
I mentioned in the said thread among other methods of
modifying the keyscheduling. The next fairly safe variant
is in my view modification of the affine transformation
(though one probably has to test a little bit to be sure
to capture its effect on diffusion properties). I remain
personally optimistic though that the other variants
suggested could also prove to be viable in practice for
achieving (where realizable) non-interoperability which
renders the opponent's job more difficult in a very
general and essential manner.
M. K. Shen
http://home.t-online.de/home/mok-kong.shen
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: RC6 Question
Date: Sat, 11 Nov 2000 12:52:09 +0100
Vinchenzo wrote:
In the RC6 specification one of the basics operations is defined as:
"ab rotate the w-bit word a to the left by the amount given by the least
significant log2(w) bits of b." What does that mean...anybody has already
implemented this algorithm? Please help me!
You probably have to query the authors of RC6 why they
choose the least significant bits of b instead of other
bits. A possible reason is that these bits are or are
considered to be more random. log2(2) should be clear,
since there is no sense to rotate e.g. a 32-bit word
by more than 31 bits and 5 bits provide that amount
for rotation. RC6 implementation is in AES contest, if
I am not mistaken.
M. K. Shen
--
From: [EMAIL PROTECTED]
Subject: Rotor Machines and Alan Turing the father of modren cryptography
Date: Sat, 11 Nov 2000 12:09:54 GMT
In 1939, British intelligence, with the help of Polish spies, managed to
obtain a working replica of a new and secret coding
machine known as Enigma. Unfortunately, the Germans changed the machine
settings (the key) on a daily basis. The British
equivalent of the NSA, the Government Code and Cipher School, formed a
Top Secret group set up for the purpose of developing
a method for extracting the daily Enigma key from the morning messages,
or traffic. Alan Turing, a brilliant mathematician and
an expert in Boolean algebra, invented a computer, the Turing Bombe,
which accomplished this feat. The first encrypted messages
obtained in the morning with the new daily key (machine settings) were
fed into the Bombe and when the relays quit clicking a
clerk would read out the new key (machine settings), and then check it
on a replica of the Enigma machine. The key was then
passed on to other clerks using working replicas of the Enigma machine,
who would decrypt the German messages as they came
in for the rest of the day.
Turing derived hi
Cryptography-Digest Digest #141
Cryptography-Digest Digest #141, Volume #11 Thu, 17 Feb 00 10:13:01 EST
Contents:
Re: Does the NSA have ALL Possible PGP keys? ([EMAIL PROTECTED])
elliptic curve DSA approved as US government standard (Alfred John Menezes)
Re: EOF in cipher??? (JPeschel)
Re: UK publishes 'impossible' decryption law (Richard Herring)
NSA Linux and the GPL (John Savard)
Re: EOF in cipher??? (Runu Knips)
Re: Using virtually any cipher as public key system? (Mikko Lehtisalo)
Re: Question about OTPs ("Tony T. Warnock")
Re: Question about OTPs ("Dr.Gunter Abend")
Re: Does the NSA have ALL Possible PGP keys? ("tiwolf")
Re: Does the NSA have ALL Possible PGP keys? ("tiwolf")
Re: EOF in cipher??? ([EMAIL PROTECTED])
Re: PhD in Cryptography? (Anton Stiglic)
Re: Using virtually any cipher as public key system? (Anton Stiglic)
Re: multi-precision integer C library (Nathan Kennedy)
From: [EMAIL PROTECTED]
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Thu, 17 Feb 2000 12:36:07 GMT
In article [EMAIL PROTECTED],
drickel [EMAIL PROTECTED] wrote:
In article [EMAIL PROTECTED], "tiwolf"
[EMAIL PROTECTED] wrote:
Anything is possible given time, money, and talent. Government
has nothing
to do with it. In this case the government desire to control
along with
access to money (tax payers), and (through the obscene spending
of the
taxpayers money) talent. This makes the probability high that
people will
break any code given the right equipment and time.
Bullshit. The universe operates according to laws (we might not
know the laws, but we have some ideas). These laws cannot be
broken, no matter how much money and talent you throw at it.
Just for a start--most of Mozart's atoms are still around. How
much money and talent would it take to find them all and put them
back together? Say, exactly as he was, Jan 1, 1790, 0:00:00 GMT
(it's ok to use replacement atoms for any that have split or
fused in the interim).
But beside of these calculation, one always have to bear in mind that
mathematical breakthroughs have always been achieved and will be achieved
in future. And as there aren't that many mathematicians in the world that
work on number theoretic problems relevant to public key crypto, it
might be possible to surveille them all. Most countries in the world have
laws that allow to disclose information and research discoveries if the
national security is concerned. So theoretically, any organization could
be in knowledge of some mathematical breakthrough that makes decyphering
PGP messages trivial.
However, of course, this applies to *all* kind of cryptographic protocols
and algorithms, and there's no reason to assume that any of such
breakthroughs has been achieved. I don't know for sure, but maybe it's
more reasonable to assume attacks on IDEA and CAST than on the public key
crypto itself. What do you think?
Greetings,
Erich
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (Alfred John Menezes)
Subject: elliptic curve DSA approved as US government standard
Date: 17 Feb 2000 12:44:58 GMT
On February 15 2000, the National Institute of Standards and Technology
(NIST) announced the revision to their Digital Signature Standard (DSS).
The original DSS (FIPS 186) specified the Digital Signature Algorithm (DSA).
FIPS 186 was revised in 1998 to include both the DSA and RSA signatures
as described in ANSI X9.31. The revised standard is FIPS 186-1.
The latest revision, FIPS 186-2, includes the elliptic curve analogue
of DSA (ECDSA) as specified in ANSI X9.62. The latter was approved
as an ANSI standard for financial applications in January 1999.
What this means is that US government departments are free to choose
between DSA, RSA and ECDSA when selecting a signature algorithm. This is
a *major* endorsement for elliptic curve cryptography (ECC). Keep in mind
that NIST is the organization that gave us DES, DSA, and SHA-1, and
is now leading the AES effort.
The FIPS 186-2 standard is available from NIST's web site. ECDSA is
included in FIPS 186-2 simply by reference to ANSI X9.62. Unfortunately,
there is a fee for obtaining the latter from the ANSI organization. If
you would like to find out more about ANSI X9.62 ECDSA, download the
paper "The Elliptic Curve Digital Signature Algorithm" that I wrote with
Don Johnson from my web page www.cacr.math.uwaterloo.ca/~ajmeneze
- Alfred
--
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: EOF in cipher???
Date: 17 Feb 2000 13:17:35 GMT
Runu Knips [EMAIL PROTECTED] writes:
FEOF is not standard. Which compiler defines such a strange variable ?
EOF works well, because EOF is defined to be -1, while all characters
are returned as nonnegative va
Cryptography-Digest Digest #141
Cryptography-Digest Digest #141, Volume #10 Mon, 30 Aug 99 15:13:02 EDT
Contents:
Re: Key Establishment Protocols - free chapter from Handbook of Applied Cryptography
(John Savard)
Re: Q: Cross-covariance of independent RN sequences in practice ("Trevor Jackson,
III")
Factorization of 512-bits RSA key (Herman J.J. te Riele)
Re: What if RSA / factoring really breaks? (Bob Silverman)
Re: WT Shaw temporarily sidelined (John Savard)
Re: What if RSA / factoring really breaks? (Robert Harley)
Re: 512 bit number factored (Bob Silverman)
Re: 512 bit number factored (Anton Stiglic)
Re: public key encryption - unlicensed algorithm ("shivers")
Re: 512 bit number factored (DJohn37050)
Re: 512 bit number factored (Anton Stiglic)
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Key Establishment Protocols - free chapter from Handbook of Applied
Cryptography
Date: Mon, 30 Aug 1999 16:54:20 GMT
[EMAIL PROTECTED] (Alfred John Menezes) wrote, in part:
Chapter 9 (Key Establishment Protocols).
Actually, that's chapter 12. Chapter 9 was hash functions and data
integrity.
Given that your book was considered to be late enough in its life that
it was included on the Dr. Dobb's CD-ROM, I suppose the publishing
experiment is not entirely reckless, however much I may appreciate it.
But I do have one nitpicking criticism, after having glanced at the
chapter.
An unauthenticated key exhange protocol is, by definition, not
protected against forgery. But that doesn't mean that forgery is
actually possible; the fact that key exchange requires authentication
to protect it is a fact about the real world, which must be derived
(from observation or whatever). Thus, it isn't really accurate to say
that an unauthenticated KEP is vulnerable to forgery _by definition_.
John Savard ( teneerf- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
--
Date: Mon, 30 Aug 1999 12:59:12 -0400
From: "Trevor Jackson, III" [EMAIL PROTECTED]
Subject: Re: Q: Cross-covariance of independent RN sequences in practice
[EMAIL PROTECTED] wrote:
Mok-Kong Shen ([EMAIL PROTECTED]) wrote:
: Because of imperfection in this world, e.g. impossibility of
: making objects of exact sizes or attaining the temperature of absolute
: zero, I suppose that there is a certain not too small lower bound of
: the (average) value of the cross-covariance obtainable in practice.
Since independent random sequences can be made at widely separated places,
while many things have lower bounds due to imperfection, this is not one
of the stronger examples.
You would be surprised at how many decibels of separation are possible
between the left channel of my stereo system, and the right channel of
somebody else's stereo system in Nebraska.
Well, there's a Grandmother who competes in the world's-loudest-car-stereo
contest with a remote-control Jeep. It uses a 12 volt power system providing
11,000 amps to generate 45,000 watts of audio output. It was measured at
173.6 decibels. That's about a loud as a .50 BMG rifle, but continuously
instead of a pulse.
They might be able to hear that in Nebraska.
--
From: [EMAIL PROTECTED] (Herman J.J. te Riele)
Crossposted-To: sci.crypt.research
Subject: Factorization of 512-bits RSA key
Date: 30 Aug 1999 18:07:09 GMT
Reply-To: [EMAIL PROTECTED] (Herman J.J. te Riele)
Factorization of a 512-bits RSA key using the Number Field Sieve
On August 22, 1999, we found that the 512-bits number
RSA-155 =
1094173864157052742180970732204035761200373294544920599091384213147634\
9984288934784717997257891267332497625752899781833797076537244027146743\
531593354333897
can be written as the product of two 78-digit primes:
102639592829741105772054196573991675900716567808038066803341933521790711307779
*
106603488380168454820927220360012878679207958575989291522270608237193062808643
Primality of the factors was proved with the help of two different primality
proving codes. An Appendix gives the prime decompositions of p +- 1.
The number RSA-155 is taken from the RSA Challenge list
(see http://www.rsa.com/rsalabs/html/factoring.html).
This factorization was found using the Number Field Sieve (NFS) factoring
algorithm, and beats the 140-digit record RSA-140 that was set on
February 2, 1999, also with the help of NFS [RSA140].
The amount of computer time spent on this new factoring world record is
estimated to be equivalent to 8000 mips years.
For the old 140-digit NFS-record, this effort was estimated to be
2000 mips years. Extrapolation using the asymptotic complexity formula
for NFS would predict approximately 14000 mips years for RSA-155. The gain
is caused by an improved application of the polynomial search method used
for RSA-140.
For information about NFS, see [LL]. For additiona
Cryptography-Digest Digest #141
Cryptography-Digest Digest #141, Volume #9 Thu, 25 Feb 99 18:13:03 EST Contents: Re: Another extension to CipherSaber (wtshaw) My Book "The Unknowable" ([EMAIL PROTECTED]) Re: Define Randomness (R. Knauer) Re: Define Randomness (R. Knauer) Re: Define Randomness (John Savard) Re: Define Randomness (Herman Rubin) Re: Pentium III Hardware Random Numbers (Terry Ritter) Not Quite Unbreakable... (John Savard) Re: Snake Oil (from the Feb 99 Crypto-Gram) (Jim Dunnett) Re: Define Randomness (R. Knauer) Re: Quantum Computation and Cryptography (R. Knauer) Re: Testing Algorithms (Withheld) Re: True Randomness - DOES NOT EXIST!!! (BRAD KRANE) Re: Pentium III Hardware Random Numbers ([EMAIL PROTECTED]) From: [EMAIL PROTECTED] (wtshaw) Subject: Re: Another extension to CipherSaber Date: Thu, 25 Feb 1999 13:52:16 -0600 In article [EMAIL PROTECTED], Darren New [EMAIL PROTECTED] wrote: Trying to narrow design standards for crypto to meet ever more-restrictive criteria results in the ultimate end of having only one crypto algorithm that can meet them; this is exactly what some want to happen, and to be sure that it is a appropriately crippled product to boot. We're not talking about crypto algorithms here. We're talking about ASCII armoring algorithms. I see no possible reason why you'd want everyone inventing their own ASCII armoring algorithms just for arbitrary divergence. There's a good reason for lots of different crypto algorithms, but none of those reasons apply to making binary go thru email. To consider that all useful crypto algorithms are binary is really a mistake, and I always chuckle when I see the term *ASCII Armoring* since there is nothing sacred about any particular character set or any particular information unit. To think otherwise is to highly bias and restrict crypto in unneeded ways, whch can include a natural pathway to good emailability. Two of the most important considerations in an encryption package are the nature of the plaintext allowed and the nature of the ciphertext desired. There is no reason that a composite of all criteria cannot be merged. The point that I am trying to make with my current series of simple, perhaps dumb, block ciphers, is that the cosmetics of input and output sets can be fully integrated into an algorithm. The middle layer, the actual encryption one is apt to recognize, can be of more substantial qualitites that those which I present. If you favor bit manipulations, fine; if you want to do something else, fine; if you want to mix building blocks in a new method; fine again. The possibilities are almost endless. I wish to point out with these efforts that neo-classical methods can be most useful, and extended in many ways; the choice is not simply between *broken* classical ciphers, meant to be done entirely by hand, and with a limited few promising methods that many are working with toward narrow criteria, example, in the AES process. It may come as a shock that all good cryptography is not defined in a closed manner, but is really more expansive than almost anyone can consider. I have my favorite areas, and am apt to stub my toe quickly in those I have not spent much time, but others have, and the reverse is also true. It is in the best interests of crypto that as many people go in as many directions as possible. It may be that we never hear again of some of them, but it is better to report whatever one finds, as best one can. -- A much too common philosophy: It's no fun to have powerunless you can abuse it. -- From: [EMAIL PROTECTED] Crossposted-To: sci.math,sci.physics,sci.logic Subject: My Book "The Unknowable" Date: Thu, 25 Feb 1999 21:14:36 GMT Hi, just wanted to say that my book The Unknowable will be published this spring by Springer-Verlag. Meanwhile you can still preview it at http://www.umcs.maine.edu/~chaitin/unknowable and http://www.cs.auckland.ac.nz/CDMTCS/chaitin/unknowable Rgds, Greg Chaitin = Posted via Deja News, The Discussion Network http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own -- From: [EMAIL PROTECTED] (R. Knauer) Subject: Re: Define Randomness Date: Thu, 25 Feb 1999 21:17:22 GMT Reply-To: [EMAIL PROTECTED] On 25 Feb 1999 13:21:44 -0500, [EMAIL PROTECTED] (Patrick Juola) wrote: It can't cause correlations to emerge unless they were already there. But isn't there some small amount of correlation in any stream that is produced by a physical device? Furthermore, if one has a RNG that produces bias, would not that same RNG also produce correlations? IOW, don't the two come together? If you're asking whether it can possibly make an already correlated stream worse, the answer is yes Exactly. If you chose a physical process that is inherently b
