Cryptography-Digest Digest #162
Cryptography-Digest Digest #162, Volume #14 Mon, 16 Apr 01 20:13:01 EDT Contents: "differential steganography/encryption" ("Dopefish") Re: NSA is funding stegano detection (Niels Provos) Re: "differential steganography/encryption" (Mok-Kong Shen) Re: "differential steganography/encryption" ("Dopefish") Re: NSA is funding stegano detection (Mok-Kong Shen) Re: LFSR Security (David Wagner) Re: "differential steganography/encryption" (Mok-Kong Shen) Re: There Is No Unbreakable Crypto ("Henrick Hellström") REAL OTP Systems (Frank Gerlach) Re: NSA is funding stegano detection (Walter Roberson) Cryptography, OTP and Human Perception of it (Frank Gerlach) Re: AES poll (Eric Lee Green) Re: NSA is funding stegano detection ([EMAIL PROTECTED]) Re: NSA is funding stegano detection (Bernd Eckenfels) Long repeat (=?ISO-8859-1?Q?Jacques_Th=E9riault?=) Re: Long repeat ("Tom St Denis") Re: Note on combining PRNGs with the method of Wichmann and Hill ("Brian Gladman") Re: There Is No Unbreakable Crypto (David Wagner) Re: There Is No Unbreakable Crypto (David Wagner) From: "Dopefish" [EMAIL PROTECTED] Subject: "differential steganography/encryption" Date: Mon, 16 Apr 2001 16:33:41 -0500 would it be possible to make a program that could take, say, a 20 KB picture and a 20KB text file and generate a file that gives the difference between the two? so, if i wanted to send somebody a private message and he already has the same exact picture that i do, i can send him the difference file and he could generate the message from it and the picture. thank you for your comments (if any) james -- ==BEGIN SIGNATURE== A.K.A "Dopefish" or "fish" for short on Usenet. Microsoft? Is that some kind of toilet paper? "Rockin' the town like a moldy crouton!" - Beck (Soul Suckin' Jerk - Reject) "Help me, I broke apart my insides. Help me, I've got no soul to sell. Help me, the only thing that works for me, help me get away from myself." - Nine Inch Nails (Closer) =BEGIN GEEK CODE BLOCK= Version: 3.12 GO dpu s++:++ a C U---UL P L+ E? W++ N+++ o+ K--- w+w+ O--- M-- V? PS+++ PE Y-- PGP t 5-- X+ R tv b+ DI D+ G-- e- h! r z ==END GEEK CODE BLOCK== (www.geekcode.com) ==END SIGNATURE== -- From: [EMAIL PROTECTED] (Niels Provos) Crossposted-To: comp.security.misc,talk.politics.crypto Subject: Re: NSA is funding stegano detection Date: 16 Apr 2001 21:42:51 GMT On Mon, 16 Apr 2001 21:21:51 +0200, Mok-Kong Shen wrote: Yes. It is currently the discussion how easy/difficult is that detection. I like to ask experts in image processing to answer one rather global question: In the average case, if one arbitrarily modifies the LSB of one tenth of the coefficients of fourier transform in one colour, is there anything that can be noticed by the naked eye when comparing the pictures? Thanks. I thought that I had addressed this question in my previous posting. It is not possible for the naked eye to detect changes, it is possible for mathematical analysis. You can read my tech report about it, and also read the referenced papers. Techreport is at http://www.citi.umich.edu/techreports/ -- Niels Provos [EMAIL PROTECTED] finger [EMAIL PROTECTED] for pgp info "Gravity is the soul of weight." - Anonymous. -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: "differential steganography/encryption" Date: Mon, 16 Apr 2001 23:45:32 +0200 Dopefish wrote: would it be possible to make a program that could take, say, a 20 KB picture and a 20KB text file and generate a file that gives the difference between the two? so, if i wanted to send somebody a private message and he already has the same exact picture that i do, i can send him the difference file and he could generate the message from it and the picture. thank you for your comments (if any) A picture file has a different format than a text file. I suppose your are ignoring that and consider both as bit sequences. Do an xor and you have the difference. Maybe I misunderstood you. M. K. Shen -- From: "Dopefish" [EMAIL PROTECTED] Subject: Re: "differential steganography/encryption" Date: Mon, 16 Apr 2001 16:46:21 -0500 even if you did have a text file larger than your base file it would work but the part that overlaps wouldnt be different.for those that might have not understood my last past i will make a model of this system... -BASE FILE- + DIFFERENCE FILE-- = -MESSAGE FILE- or, if you had the message and the difference file then you could ge
Cryptography-Digest Digest #162
Cryptography-Digest Digest #162, Volume #12 Wed, 5 Jul 00 03:13:01 EDT Contents: Re: Use of EPR "paradox" in cryptography (Benjamin Goldberg) Re: Use of EPR "paradox" in cryptography (DSM) Re: RC4 question (Guy Macon) Re: Hash and Entropy (David A. Wagner) Re: Tying Up Lost Ends III ("Douglas A. Gwyn") Re: Use of EPR "paradox" in cryptography ("Douglas A. Gwyn") Re: Use of EPR "paradox" in cryptography (Benjamin Goldberg) Re: DES Analytic Crack ("Douglas A. Gwyn") Re: Java Win32 ("David Thompson") [CFP] Cryptographers' Track RSA Conference 2001 (Ludovic Rousseau) Re: Hash and Entropy (David A Molnar) Re: A simple all-or-nothing transform (Mok-Kong Shen) Re: A thought on OTPs (Runu Knips) Re: Public-domain Blowfish (Runu Knips) From: Benjamin Goldberg [EMAIL PROTECTED] Crossposted-To: sci.physics Subject: Re: Use of EPR "paradox" in cryptography Date: Wed, 05 Jul 2000 01:26:57 GMT Tim Tyler wrote: In sci.crypt DSM [EMAIL PROTECTED] wrote: : From what I know, EPR allows uninterceptable, untraceable, : instantaneous exchange of RANDOM data. [...] You'd need a verification stage (similar to that used in quantum crypto) to reduce the chance of interception to 1/S - assuming you can authenticate your partner remotely. Umm, EPR *is* a form of quantum cryptography. As a method of generating random streams, it seems to be more of a PITA than using a conventional hardware RNG, with no obvious compensating benefits. Compensating benefit: the stream is generated identically at two different locations. Why not generate your random stream (using some quantum process if you must), and then transmit it using QC? The reason you don't "tranmit it using QC" is because you don't need to... or maybe you could say that you already are. The random stream is being simultaneously, identically, being generated at the other end. It's already there... Somehow, I don't think you understand what EPR is. -- Hi, i'm the signature virus retrovirus, help me spread by copying me over your signiture virus. -- From: DSM [EMAIL PROTECTED] Crossposted-To: sci.physics Subject: Re: Use of EPR "paradox" in cryptography Date: Tue, 04 Jul 2000 21:39:32 -0400 Reply-To: [EMAIL PROTECTED] Benjamin Goldberg wrote: Compensating benefit: the stream is generated identically at two different locations. This is the key to what I was talking about: You get a simple-to-operate unbreakable One-Time-Pad (classic) cipher, with NO NEED TO TRANSPORT KEYPADS (transport of such being the primary vulnerability of the method, since OTPs can be intercepted and used by the enemy. Here, there is nothing to capture, or to intercept (since the data stream transmitted over the nonsecure channel, XORed with the EPR data at each end, is indistinguishable from noise.)) I see lots of talk about Quantum Encryption but no EPR machines sold at computer stores. So simple... EPR === Same RANDOM data at two locations, simultaneously === OTP with no disadvantages. -- From: [EMAIL PROTECTED] (Guy Macon) Subject: Re: RC4 question Date: 04 Jul 2000 21:45:27 EDT Joseph Ashwood wrote: Unfortunately, doing that would open some avenues for a chosen-plaintext attack, by giving an attacker the ability to influence the likelihood of each output value. I would recommend against it, but the CipherSabre idea presented by someone else remains quite good. Oh and don't forget to prime the pRNG by first removing several values from the beginning (512 is certainly sufficient). Doing that would malke the resulting program incompatable with ciphersaber [ http://www.ciphersaber.gurus.com ], and is not necessary, as ciphersaber is considered strong without such modification. I think that adding a random number of random printable ASCII characters at the start and end of your plaintext has merit as an improvement of ciphersaber, but the benefit, if any is very, very small. -- From: [EMAIL PROTECTED] (David A. Wagner) Subject: Re: Hash and Entropy Date: 4 Jul 2000 18:46:42 -0700 In article 8ju0de$b7q$[EMAIL PROTECTED], David A Molnar [EMAIL PROTECTED] wrote: Let {0,1}^k be a string of k bits. Let {0,1}^* be a string of 0 or more bits. A hash function is a function h : {0,1}^* --- {0,1}^k for some fixed k. In the case of MD5, k is 128. In the case of SHA1, k is 160. I'm not sure that having {0,1}^* as a domain is actually kosher, [...] Sure, it's kosher. The most basic is that we want the hash function to be "collision intractable." That is, given h(x), it should be difficult to find any x' such that h(x') = h(x). Nope. This is the definition of what it means for h to be one-way, or (I think) second pre-image resist
Cryptography-Digest Digest #162
Cryptography-Digest Digest #162, Volume #11 Sun, 20 Feb 00 06:13:01 EST Contents: Cryptography FAQ (03/10: Basic Cryptology) ([EMAIL PROTECTED]) Cryptography FAQ (04/10: Mathematical Cryptology) ([EMAIL PROTECTED]) Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers Subject: Cryptography FAQ (03/10: Basic Cryptology) From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: 20 Feb 2000 10:16:40 GMT Archive-name: cryptography-faq/part03 Last-modified: 93/10/10 This is the third of ten parts of the sci.crypt FAQ. The parts are mostly independent, but you should read the first part before the rest. We don't have the time to send out missing parts by mail, so don't ask. Notes such as ``[KAH67]'' refer to the reference list in the last part. The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto, sci.answers, and news.answers every 21 days. Contents: 3.1. What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key? 3.2. What references can I start with to learn cryptology? 3.3. How does one go about cryptanalysis? 3.4. What is a brute-force search and what is its cryptographic relevance? 3.5. What are some properties satisfied by every strong cryptosystem? 3.6. If a cryptosystem is theoretically unbreakable, then is it guaranteed analysis-proof in practice? 3.7. Why are many people still using cryptosystems that are relatively easy to break? 3.8. What are the basic types of cryptanalytic `attacks'? 3.1. What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key? The story begins: When Julius Caesar sent messages to his trusted acquaintances, he didn't trust the messengers. So he replaced every A by a D, every B by a E, and so on through the alphabet. Only someone who knew the ``shift by 3'' rule could decipher his messages. A cryptosystem or cipher system is a method of disguising messages so that only certain people can see through the disguise. Cryptography is the art of creating and using cryptosystems. Cryptanalysis is the art of breaking cryptosystems---seeing through the disguise even when you're not supposed to be able to. Cryptology is the study of both cryptography and cryptanalysis. The original message is called a plaintext. The disguised message is called a ciphertext. Encryption means any procedure to convert plaintext into ciphertext. Decryption means any procedure to convert ciphertext into plaintext. A cryptosystem is usually a whole collection of algorithms. The algorithms are labelled; the labels are called keys. For instance, Caesar probably used ``shift by n'' encryption for several different values of n. It's natural to say that n is the key here. The people who are supposed to be able to see through the disguise are called recipients. Other people are enemies, opponents, interlopers, eavesdroppers, or third parties. 3.2. What references can I start with to learn cryptology? For an introduction to technical matter, the survey articles given in part 10 are the best place to begin as they are, in general, concise, authored by competent people, and well written. However, these articles are mostly concerned with cryptology as it has developed in the last 50 years or so, and are more abstract and mathematical than historical. The Codebreakers by Kahn [KAH67] is encyclopedic in its history and technical detail of cryptology up to the mid-60's. Introductory cryptanalysis can be learned from Gaines [GAI44] or Sinkov [SIN66]. This is recommended especially for people who want to devise their own encryption algorithms since it is a common mistake to try to make a system before knowing how to break one. The selection of an algorithm for the DES drew the attention of many public researchers to problems in cryptology. Consequently several textbooks and books to serve as texts have appeared. The book of Denning [DEN82] gives a good introduction to a broad range of security including encryption algorithms, database security, access control, and formal models of security. Similar comments apply to the books of Price Davies [PRI84] and Pfleeger [PFL89]. The books of Konheim [KON81] and Meyer Matyas [MEY82] are quite technical books. Both Konheim and Meyer were directly involved in the development of DES, and both books give a thorough analysis of DES. Konheim's book is quite mathematical, with detailed analyses of many classical cryptosystems. Meyer and Matyas concentrate on modern cryptographic methods, especially pertaining to key management and the integration of security facilities into computer systems and networks. For more recent documentation on related areas, try G. Simmons in [SIM91
Cryptography-Digest Digest #162
Cryptography-Digest Digest #162, Volume #10 Thu, 2 Sep 99 15:13:03 EDT Contents: Re: I need an algorithm (James Muir) Re: Exponents in public key algorithms (Gaston Gloesener) Re: Using Diffie-Hellman to encode keys (Eric Lee Green) encryption for transmission ("Alex") Blowfish (oscar morales ruiz) How weak is a large non-prime diffie-hellman modulus? ("John Matzen") Re: Schneier/Publsied Algorithms ("Richard Parker") RC4 or IBAA or ISAAC to generate large random numbers (Gaston Gloesener) Re: Using Diffie-Hellman to encode keys (Eric Lee Green) Re: 512 bit number factored (Anonymous) IDEA- safe? ("Jim Butcher") Re: Schneier/Publsied Algorithms ("John E. Kuslich") Re: THINK PEOPLE (Paul Koning) Re: How Easy Can Terrorists Get Strong Encrypt? (Tim Tyler) Re: How weak is a large non-prime diffie-hellman modulus? (Eric Lee Green) Re: encryption for transmission (Medical Electronics Lab) Re: 512 bit number factored (DJohn37050) Re: Protecting license information ("John E. Kuslich") Re: I need an algorithm (Eric Lee Green) Re: Deniability (Anonymous) Re: I need an algorithm (Sven Gohlke) Re: CIA Vigenere END-TIMES (Vigenere2.jpg) [1/3] (JPeschel) From: James Muir [EMAIL PROTECTED] Subject: Re: I need an algorithm Date: Thu, 02 Sep 1999 15:22:52 GMT In article apkz3.1696$[EMAIL PROTECTED], "Michaël Chassé" [EMAIL PROTECTED] wrote: Hello, I'm a programmer student and I really need a strong Public/private key system algorithm that is unpatented and that do not use mod... Does someone has a suggestion for me? In case that doesn't exist, an algorith other than Diffie/Hellman or RSA should be appreciated Try Elgammal. It's unpatented and uses finite fields of prime order. These fields are easier to work with than the ones of composite order. -James Muir Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't. -- From: Gaston Gloesener [EMAIL PROTECTED] Subject: Re: Exponents in public key algorithms Date: Thu, 02 Sep 1999 15:01:01 GMT Thank you very much, to all who answered me to this question. All these mails gave me the missing link. I have implememted the square-and- multiply algorithm to my C++ THugeBinary class to make ir useable for cryptography. So thanks again, Gaston. Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't. -- From: Eric Lee Green [EMAIL PROTECTED] Subject: Re: Using Diffie-Hellman to encode keys Date: Thu, 02 Sep 1999 15:16:37 GMT David Wagner wrote: In article [EMAIL PROTECTED], Eric Lee Green [EMAIL PROTECTED] wrote: Thus if I have N be 2047bits, and 'x' and 'y' be 64 bits, then there's approximately 2^65 possible values for 'k', [...] I hope you're not planning on using exponents with only 64 bits. Such a scheme can be cracked with 2^32 work using well-known techniques. Note also that if you use small exponents you much choose the modulus very carefully. See, e.g., van Oorschot and Wiener's work in this area. By the way, if you're going to use small exponents, you can use a smaller modulus. This will substantially improve your performance. Thanks. Do you have any references to the van Oorschot and Weiner work? If the Weiner stuff is on the 'net I probably have already downloaded it, but I'm still plowing through these. It appears that the modulus has to be carefully picked in order to turn the exponential distribution into an even distribution over the field enforced by the modulus, thus the primality and mod properties. It makes my head hurt thinking about it. Since I'm no mathematical genius, I'd prefer to rely on someone else's judgement here. Thinking about it, I see what you mean about 2^32 work with 64 bits, it may actually be less (I'm not sure what current state-of-the-art is on this problem, if I can come up with an attack in 2^32 work surely somebody else with less rust and better math can do better). -Eric -- From: "Alex" [EMAIL PROTECTED] Subject: encryption for transmission Date: Thu, 2 Sep 1999 17:11:00 +0200 hi to everybody, I have to encrypt a flow of data to transmit it on a satellite transponder (DVB mode). I cannot use the DVB option for compatibility problems. I would to address both a single user and a group of users (and I would add a new user at the group when the transmission is start too) use different keys for each user. May I use PGP or SSL ? thanks Alex -- From: oscar morales ruiz [EMAIL PROTECTED] Subject: Blowfish Date: Thu, 02 Sep 1999 17:19:06 +0200 Hi all, I'm testing a new implementation for Blowfish Encryption Algorithm, and I need test vectors to check it. Can anybody send me test vectors wit
Cryptography-Digest Digest #162
Cryptography-Digest Digest #162, Volume #9 Sun, 28 Feb 99 15:13:04 EST Contents: Re: True Randomness - DOES NOT EXIST!!! (R. Knauer) Re: True Randomness - DOES NOT EXIST!!! (R. Knauer) Re: True Randomness - DOES NOT EXIST!!! (R. Knauer) Re: Quantum Computation and Cryptography (Anthony Stephen Szopa) Re: What do you all think about the new cipher devised by a 16 year old? (Darren New) Re: One-Time-Pad program for Win85/98 or DOS (R. Knauer) Re: Question on Pentium III unique ID (Anthony Naggs) Re: Miller-Rabin prime test. Random bit size ("Michael Scott") Re: One-Time-Pad program for Win85/98 or DOS (R. Knauer) From: [EMAIL PROTECTED] (R. Knauer) Subject: Re: True Randomness - DOES NOT EXIST!!! Date: Sun, 28 Feb 1999 19:06:48 GMT Reply-To: [EMAIL PROTECTED] On Sat, 27 Feb 1999 23:53:35 GMT, BRAD KRANE [EMAIL PROTECTED] wrote: If nothing existed there cannot be any Laws or the such because there is nothing to base them on. With that in mind any thing could happen in this time span where nothing exists including this all of a sudden violent explosion and creation of a universe. There is one most fundamental thing that cannot happen. Finite objects cannot come into existence at all, no matter how you propose that to happen. The idea that Nothing causes the Existence of Something, whatever it may be, leads one to conclude that Nothing exists, which contradicts experience, at least for those who adhere to the worldview of Realism. What I'm stating is that there doesn't need to be cause for some thing to happen if there is nothing there to begin with. There must be an efficient cause of existence per se. A finite object does not come into existence on its own, otherwise its essence would be to exist, in which case it would be immutable. But the objects of physical reality are mutable, therefore their essence cannot be to exist, so there must be a separate entity that is the source of their existence. This entity has an essence that is existence, and that fulfills your notion of an uncaused entity. The problem with trying to apply uncausality to the Universe itself is that if you do, it would of necessity have certain properties that it simply does not have. It would necessarily be infinite in duration, which the Big Bang tells us it is not. It would necessarily be infinite in extent, which the Big Bang tells us it is not. It would necessarily be immutable, which the empirical sciences tell us it is not. And so on. Why not imagine that the process of uncausality is applied to an entity which then causes finite mutable reality to exist. I do not see that in so doing you give up any generality. One thing you gain is that you avoid many fatal inconsistencies. And we are not talking about the "God" of Establishment Religion either. The Supreme Being of existential metaphysics is not a religious concept. There is no faith or belief involved in arriving at the tenents of existential metaphysics. It is a completely self contained rational system that builds off of physics. That is why it is called a Meta Physics. The fact that the catholic church uses Aquinas, the founder of existential metaphysics, to bolster their dogmas overlooks the fact that Aquinas himself was placed on Index of Forbidden Books right after he died. His ideas challenged many of the doctrines of catholicism of that era (late 13th century), so in typical fashion of any establishment they demonized him. The only reason he was ever grabbed off the trash heap of dogmatism was that the Jesuits needed a poster boy and he was available. Aquinas also published much in the area of political philosophy, and was a significant inspirational force behind the explosion in liberty that occured in England. If you read Locke you will think you were reading Aquinas. In fact, it is true to some extent that Aquinas anticipated the formation of America, not as an act of history but as an act of political philosophy, because he argued that tyrannicide was not only justified but required by natural law. It was that doctrice of tyrannicide that comes thru in the Declaration Of Independence, right along with the moral imperatives of natural law - such as the concept of inalienable rights endowed by the Creator. So when you study Aquinas's works you are not just fooling around with some two-bit establishment philosopher. Aquinas was a radical intellectual whose thought shook up the Western world, just as Christ shook up the Hebrew world and Mohammed the Saracen world before him. In fact, Aquinas freely borrowed not onlt from the Greek but also from the Jews and the Saracens, making him the real renaissance philosopher, but just a bit ahead of his time. Bob Knauer "If you want to build a robust universe, one that will never go wrong, then you don't want to build it like a clock, for the smallest bit of grit will cause it to go