Cryptography-Digest Digest #162
Cryptography-Digest Digest #162, Volume #14 Mon, 16 Apr 01 20:13:01 EDT
Contents:
"differential steganography/encryption" ("Dopefish")
Re: NSA is funding stegano detection (Niels Provos)
Re: "differential steganography/encryption" (Mok-Kong Shen)
Re: "differential steganography/encryption" ("Dopefish")
Re: NSA is funding stegano detection (Mok-Kong Shen)
Re: LFSR Security (David Wagner)
Re: "differential steganography/encryption" (Mok-Kong Shen)
Re: There Is No Unbreakable Crypto ("Henrick Hellström")
REAL OTP Systems (Frank Gerlach)
Re: NSA is funding stegano detection (Walter Roberson)
Cryptography, OTP and Human Perception of it (Frank Gerlach)
Re: AES poll (Eric Lee Green)
Re: NSA is funding stegano detection ([EMAIL PROTECTED])
Re: NSA is funding stegano detection (Bernd Eckenfels)
Long repeat (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Re: Long repeat ("Tom St Denis")
Re: Note on combining PRNGs with the method of Wichmann and Hill ("Brian Gladman")
Re: There Is No Unbreakable Crypto (David Wagner)
Re: There Is No Unbreakable Crypto (David Wagner)
From: "Dopefish" [EMAIL PROTECTED]
Subject: "differential steganography/encryption"
Date: Mon, 16 Apr 2001 16:33:41 -0500
would it be possible to make a program that could take, say, a 20 KB picture
and a 20KB text file and generate a file that gives the difference between
the two? so, if i wanted to send somebody a private message and he already
has the same exact picture that i do, i can send him the difference file and
he could generate the message from it and the picture. thank you for your
comments (if any)
james
--
==BEGIN SIGNATURE==
A.K.A "Dopefish" or "fish" for short on Usenet.
Microsoft? Is that some kind of toilet paper?
"Rockin' the town like a moldy crouton!"
- Beck (Soul Suckin' Jerk - Reject)
"Help me, I broke apart my insides. Help me,
I've got no soul to sell. Help me, the only thing
that works for me, help me get away from
myself."
- Nine Inch Nails (Closer)
=BEGIN GEEK CODE BLOCK=
Version: 3.12
GO dpu s++:++ a C U---UL
P L+ E? W++ N+++ o+ K--- w+w+
O--- M-- V? PS+++ PE Y-- PGP t 5--
X+ R tv b+ DI D+ G-- e- h! r z
==END GEEK CODE BLOCK==
(www.geekcode.com)
==END SIGNATURE==
--
From: [EMAIL PROTECTED] (Niels Provos)
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: NSA is funding stegano detection
Date: 16 Apr 2001 21:42:51 GMT
On Mon, 16 Apr 2001 21:21:51 +0200, Mok-Kong Shen wrote:
Yes. It is currently the discussion how easy/difficult
is that detection. I like to ask experts in image
processing to answer one rather global question: In the
average case, if one arbitrarily modifies the LSB
of one tenth of the coefficients of fourier transform in
one colour, is there anything that can be noticed by the
naked eye when comparing the pictures? Thanks.
I thought that I had addressed this question in my previous
posting. It is not possible for the naked eye to detect
changes, it is possible for mathematical analysis. You
can read my tech report about it, and also read the referenced
papers. Techreport is at
http://www.citi.umich.edu/techreports/
--
Niels Provos [EMAIL PROTECTED] finger [EMAIL PROTECTED] for pgp info
"Gravity is the soul of weight." - Anonymous.
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: "differential steganography/encryption"
Date: Mon, 16 Apr 2001 23:45:32 +0200
Dopefish wrote:
would it be possible to make a program that could take, say, a 20 KB picture
and a 20KB text file and generate a file that gives the difference between
the two? so, if i wanted to send somebody a private message and he already
has the same exact picture that i do, i can send him the difference file and
he could generate the message from it and the picture. thank you for your
comments (if any)
A picture file has a different format than a text file.
I suppose your are ignoring that and consider both
as bit sequences. Do an xor and you have the difference.
Maybe I misunderstood you.
M. K. Shen
--
From: "Dopefish" [EMAIL PROTECTED]
Subject: Re: "differential steganography/encryption"
Date: Mon, 16 Apr 2001 16:46:21 -0500
even if you did have a text file larger than your base file it would work
but the part that overlaps wouldnt be different.for those that might
have not understood my last past i will make a model of this system...
-BASE FILE- + DIFFERENCE FILE--
= -MESSAGE FILE-
or, if you had the message and the difference file then you could ge
Cryptography-Digest Digest #162
Cryptography-Digest Digest #162, Volume #12 Wed, 5 Jul 00 03:13:01 EDT
Contents:
Re: Use of EPR "paradox" in cryptography (Benjamin Goldberg)
Re: Use of EPR "paradox" in cryptography (DSM)
Re: RC4 question (Guy Macon)
Re: Hash and Entropy (David A. Wagner)
Re: Tying Up Lost Ends III ("Douglas A. Gwyn")
Re: Use of EPR "paradox" in cryptography ("Douglas A. Gwyn")
Re: Use of EPR "paradox" in cryptography (Benjamin Goldberg)
Re: DES Analytic Crack ("Douglas A. Gwyn")
Re: Java Win32 ("David Thompson")
[CFP] Cryptographers' Track RSA Conference 2001 (Ludovic Rousseau)
Re: Hash and Entropy (David A Molnar)
Re: A simple all-or-nothing transform (Mok-Kong Shen)
Re: A thought on OTPs (Runu Knips)
Re: Public-domain Blowfish (Runu Knips)
From: Benjamin Goldberg [EMAIL PROTECTED]
Crossposted-To: sci.physics
Subject: Re: Use of EPR "paradox" in cryptography
Date: Wed, 05 Jul 2000 01:26:57 GMT
Tim Tyler wrote:
In sci.crypt DSM [EMAIL PROTECTED] wrote:
: From what I know, EPR allows uninterceptable, untraceable,
: instantaneous exchange of RANDOM data. [...]
You'd need a verification stage (similar to that used in quantum
crypto) to reduce the chance of interception to 1/S - assuming you can
authenticate your partner remotely.
Umm, EPR *is* a form of quantum cryptography.
As a method of generating random streams, it seems to be more of a
PITA than using a conventional hardware RNG, with no obvious
compensating benefits.
Compensating benefit: the stream is generated identically at two
different locations.
Why not generate your random stream (using some quantum process if you
must), and then transmit it using QC?
The reason you don't "tranmit it using QC" is because you don't need
to... or maybe you could say that you already are. The random stream is
being simultaneously, identically, being generated at the other end.
It's already there...
Somehow, I don't think you understand what EPR is.
--
Hi, i'm the signature virus retrovirus,
help me spread by copying me over your signiture virus.
--
From: DSM [EMAIL PROTECTED]
Crossposted-To: sci.physics
Subject: Re: Use of EPR "paradox" in cryptography
Date: Tue, 04 Jul 2000 21:39:32 -0400
Reply-To: [EMAIL PROTECTED]
Benjamin Goldberg wrote:
Compensating benefit: the stream is generated identically at two
different locations.
This is the key to what I was talking about:
You get a simple-to-operate unbreakable One-Time-Pad (classic)
cipher, with NO NEED TO TRANSPORT KEYPADS (transport of such
being the primary vulnerability of the method, since OTPs can
be intercepted and used by the enemy. Here, there is nothing
to capture, or to intercept (since the data stream transmitted
over the nonsecure channel, XORed with the EPR data at each end,
is indistinguishable from noise.))
I see lots of talk about Quantum Encryption but no EPR machines
sold at computer stores.
So simple...
EPR ===
Same RANDOM data at two locations, simultaneously ===
OTP with no disadvantages.
--
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: RC4 question
Date: 04 Jul 2000 21:45:27 EDT
Joseph Ashwood wrote:
Unfortunately, doing that would open some avenues for a
chosen-plaintext attack, by giving an attacker the ability
to influence the likelihood of each output value. I would
recommend against it, but the CipherSabre idea presented by
someone else remains quite good. Oh and don't forget to
prime the pRNG by first removing several values from the
beginning (512 is certainly sufficient).
Doing that would malke the resulting program incompatable with
ciphersaber [ http://www.ciphersaber.gurus.com ], and is not
necessary, as ciphersaber is considered strong without such
modification.
I think that adding a random number of random printable ASCII
characters at the start and end of your plaintext has merit as
an improvement of ciphersaber, but the benefit, if any is very,
very small.
--
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: Hash and Entropy
Date: 4 Jul 2000 18:46:42 -0700
In article 8ju0de$b7q$[EMAIL PROTECTED],
David A Molnar [EMAIL PROTECTED] wrote:
Let {0,1}^k be a string of k bits. Let {0,1}^* be a string of 0 or more
bits. A hash function is a function h : {0,1}^* --- {0,1}^k for some
fixed k. In the case of MD5, k is 128. In the case of SHA1, k is 160.
I'm not sure that having {0,1}^* as a domain is actually kosher, [...]
Sure, it's kosher.
The most basic is that we want the hash function to be "collision
intractable." That is, given h(x), it should be difficult to find any x'
such that h(x') = h(x).
Nope. This is the definition of what it means for h to be one-way,
or (I think) second pre-image resist
Cryptography-Digest Digest #162
Cryptography-Digest Digest #162, Volume #11 Sun, 20 Feb 00 06:13:01 EST Contents: Cryptography FAQ (03/10: Basic Cryptology) ([EMAIL PROTECTED]) Cryptography FAQ (04/10: Mathematical Cryptology) ([EMAIL PROTECTED]) Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers Subject: Cryptography FAQ (03/10: Basic Cryptology) From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: 20 Feb 2000 10:16:40 GMT Archive-name: cryptography-faq/part03 Last-modified: 93/10/10 This is the third of ten parts of the sci.crypt FAQ. The parts are mostly independent, but you should read the first part before the rest. We don't have the time to send out missing parts by mail, so don't ask. Notes such as ``[KAH67]'' refer to the reference list in the last part. The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto, sci.answers, and news.answers every 21 days. Contents: 3.1. What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key? 3.2. What references can I start with to learn cryptology? 3.3. How does one go about cryptanalysis? 3.4. What is a brute-force search and what is its cryptographic relevance? 3.5. What are some properties satisfied by every strong cryptosystem? 3.6. If a cryptosystem is theoretically unbreakable, then is it guaranteed analysis-proof in practice? 3.7. Why are many people still using cryptosystems that are relatively easy to break? 3.8. What are the basic types of cryptanalytic `attacks'? 3.1. What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key? The story begins: When Julius Caesar sent messages to his trusted acquaintances, he didn't trust the messengers. So he replaced every A by a D, every B by a E, and so on through the alphabet. Only someone who knew the ``shift by 3'' rule could decipher his messages. A cryptosystem or cipher system is a method of disguising messages so that only certain people can see through the disguise. Cryptography is the art of creating and using cryptosystems. Cryptanalysis is the art of breaking cryptosystems---seeing through the disguise even when you're not supposed to be able to. Cryptology is the study of both cryptography and cryptanalysis. The original message is called a plaintext. The disguised message is called a ciphertext. Encryption means any procedure to convert plaintext into ciphertext. Decryption means any procedure to convert ciphertext into plaintext. A cryptosystem is usually a whole collection of algorithms. The algorithms are labelled; the labels are called keys. For instance, Caesar probably used ``shift by n'' encryption for several different values of n. It's natural to say that n is the key here. The people who are supposed to be able to see through the disguise are called recipients. Other people are enemies, opponents, interlopers, eavesdroppers, or third parties. 3.2. What references can I start with to learn cryptology? For an introduction to technical matter, the survey articles given in part 10 are the best place to begin as they are, in general, concise, authored by competent people, and well written. However, these articles are mostly concerned with cryptology as it has developed in the last 50 years or so, and are more abstract and mathematical than historical. The Codebreakers by Kahn [KAH67] is encyclopedic in its history and technical detail of cryptology up to the mid-60's. Introductory cryptanalysis can be learned from Gaines [GAI44] or Sinkov [SIN66]. This is recommended especially for people who want to devise their own encryption algorithms since it is a common mistake to try to make a system before knowing how to break one. The selection of an algorithm for the DES drew the attention of many public researchers to problems in cryptology. Consequently several textbooks and books to serve as texts have appeared. The book of Denning [DEN82] gives a good introduction to a broad range of security including encryption algorithms, database security, access control, and formal models of security. Similar comments apply to the books of Price Davies [PRI84] and Pfleeger [PFL89]. The books of Konheim [KON81] and Meyer Matyas [MEY82] are quite technical books. Both Konheim and Meyer were directly involved in the development of DES, and both books give a thorough analysis of DES. Konheim's book is quite mathematical, with detailed analyses of many classical cryptosystems. Meyer and Matyas concentrate on modern cryptographic methods, especially pertaining to key management and the integration of security facilities into computer systems and networks. For more recent documentation on related areas, try G. Simmons in [SIM91
Cryptography-Digest Digest #162
Cryptography-Digest Digest #162, Volume #10 Thu, 2 Sep 99 15:13:03 EDT
Contents:
Re: I need an algorithm (James Muir)
Re: Exponents in public key algorithms (Gaston Gloesener)
Re: Using Diffie-Hellman to encode keys (Eric Lee Green)
encryption for transmission ("Alex")
Blowfish (oscar morales ruiz)
How weak is a large non-prime diffie-hellman modulus? ("John Matzen")
Re: Schneier/Publsied Algorithms ("Richard Parker")
RC4 or IBAA or ISAAC to generate large random numbers (Gaston Gloesener)
Re: Using Diffie-Hellman to encode keys (Eric Lee Green)
Re: 512 bit number factored (Anonymous)
IDEA- safe? ("Jim Butcher")
Re: Schneier/Publsied Algorithms ("John E. Kuslich")
Re: THINK PEOPLE (Paul Koning)
Re: How Easy Can Terrorists Get Strong Encrypt? (Tim Tyler)
Re: How weak is a large non-prime diffie-hellman modulus? (Eric Lee Green)
Re: encryption for transmission (Medical Electronics Lab)
Re: 512 bit number factored (DJohn37050)
Re: Protecting license information ("John E. Kuslich")
Re: I need an algorithm (Eric Lee Green)
Re: Deniability (Anonymous)
Re: I need an algorithm (Sven Gohlke)
Re: CIA Vigenere END-TIMES (Vigenere2.jpg) [1/3] (JPeschel)
From: James Muir [EMAIL PROTECTED]
Subject: Re: I need an algorithm
Date: Thu, 02 Sep 1999 15:22:52 GMT
In article apkz3.1696$[EMAIL PROTECTED],
"Michaël Chassé" [EMAIL PROTECTED] wrote:
Hello,
I'm a programmer student and I really need a strong Public/private key
system algorithm that is unpatented and that do not use mod... Does
someone
has a suggestion for me? In case that doesn't exist, an algorith
other than
Diffie/Hellman or RSA should be appreciated
Try Elgammal. It's unpatented and uses finite fields of prime order.
These fields are easier to work with than the ones of composite order.
-James Muir
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: Gaston Gloesener [EMAIL PROTECTED]
Subject: Re: Exponents in public key algorithms
Date: Thu, 02 Sep 1999 15:01:01 GMT
Thank you very much, to all who answered me to this question. All these
mails gave me the missing link. I have implememted the square-and-
multiply algorithm to my C++ THugeBinary class to make ir useable for
cryptography.
So thanks again,
Gaston.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: Eric Lee Green [EMAIL PROTECTED]
Subject: Re: Using Diffie-Hellman to encode keys
Date: Thu, 02 Sep 1999 15:16:37 GMT
David Wagner wrote:
In article [EMAIL PROTECTED],
Eric Lee Green [EMAIL PROTECTED] wrote:
Thus if I have N be 2047bits, and 'x' and 'y' be 64 bits, then
there's approximately 2^65 possible values for 'k', [...]
I hope you're not planning on using exponents with only 64 bits.
Such a scheme can be cracked with 2^32 work using well-known techniques.
Note also that if you use small exponents you much choose the modulus very
carefully. See, e.g., van Oorschot and Wiener's work in this area.
By the way, if you're going to use small exponents, you can use a smaller
modulus. This will substantially improve your performance.
Thanks. Do you have any references to the van Oorschot and Weiner work? If the
Weiner stuff is on the 'net I probably have already downloaded it, but I'm
still plowing through these. It appears that the modulus has to be carefully
picked in order to turn the exponential distribution into an even distribution
over the field enforced by the modulus, thus the primality and mod properties.
It makes my head hurt thinking about it. Since I'm no mathematical genius, I'd
prefer to rely on someone else's judgement here.
Thinking about it, I see what you mean about 2^32 work with 64 bits, it may
actually be less (I'm not sure what current state-of-the-art is on this
problem, if I can come up with an attack in 2^32 work surely somebody else with
less rust and better math can do better).
-Eric
--
From: "Alex" [EMAIL PROTECTED]
Subject: encryption for transmission
Date: Thu, 2 Sep 1999 17:11:00 +0200
hi to everybody,
I have to encrypt a flow of data to transmit it on a satellite transponder
(DVB mode). I cannot use the DVB option for compatibility problems.
I would to address both a single user and a group of users (and I would add
a new user at the group when the transmission is start too) use different
keys for each user.
May I use PGP or SSL ?
thanks
Alex
--
From: oscar morales ruiz [EMAIL PROTECTED]
Subject: Blowfish
Date: Thu, 02 Sep 1999 17:19:06 +0200
Hi all,
I'm testing a new implementation for Blowfish Encryption Algorithm, and
I need test vectors to check it.
Can anybody send me test vectors wit
Cryptography-Digest Digest #162
Cryptography-Digest Digest #162, Volume #9 Sun, 28 Feb 99 15:13:04 EST
Contents:
Re: True Randomness - DOES NOT EXIST!!! (R. Knauer)
Re: True Randomness - DOES NOT EXIST!!! (R. Knauer)
Re: True Randomness - DOES NOT EXIST!!! (R. Knauer)
Re: Quantum Computation and Cryptography (Anthony Stephen Szopa)
Re: What do you all think about the new cipher devised by a 16 year old? (Darren New)
Re: One-Time-Pad program for Win85/98 or DOS (R. Knauer)
Re: Question on Pentium III unique ID (Anthony Naggs)
Re: Miller-Rabin prime test. Random bit size ("Michael Scott")
Re: One-Time-Pad program for Win85/98 or DOS (R. Knauer)
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: Sun, 28 Feb 1999 19:06:48 GMT
Reply-To: [EMAIL PROTECTED]
On Sat, 27 Feb 1999 23:53:35 GMT, BRAD KRANE [EMAIL PROTECTED]
wrote:
If nothing existed there cannot be any Laws or the such because there
is nothing to base them on.
With that in mind any thing could happen in this time span where nothing
exists including this all of a sudden violent explosion and creation of a
universe.
There is one most fundamental thing that cannot happen. Finite objects
cannot come into existence at all, no matter how you propose that to
happen.
The idea that Nothing causes the Existence of Something, whatever it
may be, leads one to conclude that Nothing exists, which contradicts
experience, at least for those who adhere to the worldview of Realism.
What I'm stating is that there doesn't need to be cause for some thing
to happen if there is nothing there to begin with.
There must be an efficient cause of existence per se. A finite object
does not come into existence on its own, otherwise its essence would
be to exist, in which case it would be immutable. But the objects of
physical reality are mutable, therefore their essence cannot be to
exist, so there must be a separate entity that is the source of their
existence. This entity has an essence that is existence, and that
fulfills your notion of an uncaused entity.
The problem with trying to apply uncausality to the Universe itself is
that if you do, it would of necessity have certain properties that it
simply does not have. It would necessarily be infinite in duration,
which the Big Bang tells us it is not. It would necessarily be
infinite in extent, which the Big Bang tells us it is not. It would
necessarily be immutable, which the empirical sciences tell us it is
not. And so on.
Why not imagine that the process of uncausality is applied to an
entity which then causes finite mutable reality to exist. I do not see
that in so doing you give up any generality. One thing you gain is
that you avoid many fatal inconsistencies.
And we are not talking about the "God" of Establishment Religion
either. The Supreme Being of existential metaphysics is not a
religious concept. There is no faith or belief involved in arriving at
the tenents of existential metaphysics. It is a completely self
contained rational system that builds off of physics. That is why it
is called a Meta Physics.
The fact that the catholic church uses Aquinas, the founder of
existential metaphysics, to bolster their dogmas overlooks the fact
that Aquinas himself was placed on Index of Forbidden Books right
after he died.
His ideas challenged many of the doctrines of catholicism of that era
(late 13th century), so in typical fashion of any establishment they
demonized him. The only reason he was ever grabbed off the trash heap
of dogmatism was that the Jesuits needed a poster boy and he was
available.
Aquinas also published much in the area of political philosophy, and
was a significant inspirational force behind the explosion in liberty
that occured in England. If you read Locke you will think you were
reading Aquinas. In fact, it is true to some extent that Aquinas
anticipated the formation of America, not as an act of history but as
an act of political philosophy, because he argued that tyrannicide was
not only justified but required by natural law.
It was that doctrice of tyrannicide that comes thru in the Declaration
Of Independence, right along with the moral imperatives of natural law
- such as the concept of inalienable rights endowed by the Creator.
So when you study Aquinas's works you are not just fooling around with
some two-bit establishment philosopher. Aquinas was a radical
intellectual whose thought shook up the Western world, just as Christ
shook up the Hebrew world and Mohammed the Saracen world before him.
In fact, Aquinas freely borrowed not onlt from the Greek but also from
the Jews and the Saracens, making him the real renaissance
philosopher, but just a bit ahead of his time.
Bob Knauer
"If you want to build a robust universe, one that will never go wrong, then
you don't want to build it like a clock, for the smallest bit of grit will
cause it to go
