Cryptography-Digest Digest #214
Cryptography-Digest Digest #214, Volume #14 Mon, 23 Apr 01 11:13:01 EDT Contents: Re: I got accepted (Runu Knips) Re: Let's end this OTP argument (Simon Hunt) Re: 1024bit RSA keys. how safe are they? (Klaus Pommerening) Re: 1024bit RSA keys. how safe are they? (Matthias Murra) Re: OTP WAS BROKEN!!! (Tom St Denis) Re: OTP WAS BROKEN!!! (Jeffrey Williams) Re: Lessons learned from current watermarking systems (Lutz Donnerhacke) Re: Censorship Threat at Information Hiding Workshop (David A Molnar) Triple-DES vs. RC4 (Michael Schmidt) Re: Reusing A One Time Pad (Richard Herring) Re: Triple-DES vs. RC4 (Panu Hämäläinen) Re: 1024bit RSA keys. how safe are they? (George T.) Re: Triple-DES vs. RC4 (Tom St Denis) Re: 1024bit RSA keys. how safe are they? (Tom St Denis) Re: Triple-DES vs. RC4 (Michael Schmidt) Re: Triple-DES vs. RC4 (Tom St Denis) Re: Triple-DES vs. RC4 (Michael Schmidt) Re: random square factoring? (Tony T. Warnock) Re: sdgsdg (AY) Re: OTP breaking strategy (Tony T. Warnock) Re: Steganography with natural texts (John A. Malley) Re: sdgsdg (Ben Smith) Re: 1024bit RSA keys. how safe are they? (AY) Date: Mon, 23 Apr 2001 11:15:39 +0200 From: Runu Knips [EMAIL PROTECTED] Subject: Re: I got accepted Tom St Denis wrote: Yahooo! I got accepted to 1 out of the 3 (so far) universities I applied too. Yaho! I would like to thank the posters in this group for if it weren't for my hours consumed posting and learning here I probably would not have made it!!! CONGRATULATIONS ! :-) -- From: Simon Hunt [EMAIL PROTECTED] Subject: Re: Let's end this OTP argument Date: Fri, 20 Apr 2001 13:03:32 +0100 Am I missing something, or could this mean ANY 64 character message as there are 64^256 possible pads for this message? Simon. Tom St Denis [EMAIL PROTECTED] wrote in message news:UtJD6.89$[EMAIL PROTECTED]... Below is a 8-bit per char (ASCII) encoded message using a winRNG as a OTP pad (I don't know the pad even, well I know the message). The message is null terminated so you are given one byte of the pad ... 69 d0 2c a8 d9 55 1a b8 79 41 0d af 4f 31 fe e1 b8 6e a2 2b f4 d4 64 cf be 9d b4 54 00 05 9c 3a ba b4 e8 fd d2 f7 78 9f c6 c1 23 70 c0 7a c7 76 eb 00 90 05 68 12 b6 82 5e 2e 9e 16 3a ed 18 46 If you can tell me the message please disclose it here! -- Tom St Denis --- http://tomstdenis.home.dhs.org -- From: [EMAIL PROTECTED] (Klaus Pommerening) Subject: Re: 1024bit RSA keys. how safe are they? Date: 23 Apr 2001 10:07:11 GMT In 9c0956$ph0$[EMAIL PROTECTED] George T. wrote: Does anyone has idea how safe RSA 1024 bit keys are? Are they safe enough to be used for encrypting credit card information, travelling over the internet and or residing on servers (email) for more than 24 hours. http://www.cryptosavvy.com/ -- Klaus Pommerening [http://www.Uni-Mainz.DE/~pommeren/] Institut fuer Medizinische Statistik und Dokumentation der Johannes-Gutenberg-Universitaet, D-55101 Mainz, Germany -- From: Matthias Murra [EMAIL PROTECTED] Subject: Re: 1024bit RSA keys. how safe are they? Date: Mon, 23 Apr 2001 14:06:55 +0200 Klaus Pommerening wrote: http://www.cryptosavvy.com/ See Bob Silverman's reply to [EMAIL PROTECTED] (sorry, I don't have the reply's message ID). In essence, the paper referenced above does not address the fact that the Number Field Sieve (used for factoring the RSA modulus n) is SPACE-constrained, not TIME-constrained, for large values of n. -- Cool, huh? Just like Usenet or Yahoo message boards -- the losers self-identify themselves. -- From: Tom St Denis [EMAIL PROTECTED] Subject: Re: OTP WAS BROKEN!!! Date: Mon, 23 Apr 2001 12:47:03 GMT Douglas A. Gwyn [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Tom St Denis wrote: Since infinity is not a number and doesn't represent one you can't exactly square it. ... Of course I will most likely get flamed by this post. Oh well. The reason you get flamed is for trying to explain something that you don't know as well as the person to whom you're trying to explain. Look up Cantor and transfinite numbers. That's cool times two.. nahaha that's cool times infinity... heheheh You know what, I really don't care. It's one of those things that's neat but at my stage in life a completely useless fact. Just like knowing the universe is expanding. Not much I can do with that fact too. Tom -- From: Jeffrey Williams [EMAIL PROTECTED] Subject: Re: OTP WAS BROKEN!!! Date: Mon, 23 Apr 2001 07:49:26 -0500 OTP is an acronym for One Time Pad. If you reuse the key, it ceases, by definition, to be a One Time Pad. If you can break it only after reuse, you have NOT broken a OTP. It is acknowledged in this news groups
Cryptography-Digest Digest #214
Cryptography-Digest Digest #214, Volume #11 Mon, 28 Feb 00 12:13:02 EST Contents: Re: RSA deppading ("Ian Michael Ash") Re: Passwords secure against dictionary attacks? (Jens Haug) Re: Status of alleged *THIRD* key in MS Crypto API ? (Francois Grieu) Re: Passwords secure against dictionary attacks? (Lincoln Yeoh) Re: QUESTION: Enigma Machine Plans, specification etc (Jim Backus) Re: Passwords secure against dictionary attacks? (Gordon Walker) Re: increasing key length through Hasing (Anton Stiglic) Re: How do I get the key from the passphrase in DES? (John Savard) Re: CRC-16 Reverse Algorithm ? (Doug Stell) Want to poke holes in this protocol? (Johan Hoogenboezem) Re: Passwords secure against dictionary attacks? (e n t r o p i c) Re: are self-shredding files possible? (Erik) Re: Want to poke holes in this protocol? (Tim Tyler) Re: Want to poke holes in this protocol? (Erik) Encryption (only) in a extremely small program? (~1.4KB) (dywalsh) Re: Want to poke holes in this protocol? (Glenn Larsson) From: "Ian Michael Ash" [EMAIL PROTECTED] Subject: Re: RSA deppading Date: Mon, 28 Feb 2000 14:44:27 +0200 One often pads the real data that you're going to encrypt with a series of random numbers to make the message longer and increase entropy(?). Perhaps this reference is to stripping of the random numbers that were added to the end of the message. i.e. you decrypt the RSA message, then strip off random padding, and you're left with original message. Ian Yo wrote in message 89dl6a$7fa$[EMAIL PROTECTED]... Does anybody know what is "RSA deppading" ? when does it apply? -- From: [EMAIL PROTECTED] (Jens Haug) Crossposted-To: comp.security.misc,alt.security.pgp Subject: Re: Passwords secure against dictionary attacks? Date: 28 Feb 2000 13:44:54 GMT Reply-To: [EMAIL PROTECTED] In article [EMAIL PROTECTED], [EMAIL PROTECTED] (JimD) writes: On Fri, 25 Feb 2000 07:17:11 GMT, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 JimD wrote: Don't use *any* word in *any* language! How about ten English words with different punctuation symbols as word separators? do you mean that 'English' is not '*any* language' ? :-) ( Don't use *any* word in *any* language!) isn't my quote. Of course not. There's one more quotation character before that quote. No need to mention that, everybody can see that. (It was my quote.) Jens -- From: [EMAIL PROTECTED] (Francois Grieu) Subject: Re: Status of alleged *THIRD* key in MS Crypto API ? Date: Mon, 28 Feb 2000 15:01:40 +0100 I found an article by Duncan Campbell, dated Sept 4, 1999 with a fragment on the third key, at http://www.heise.de/tp/english/inhalt/te/5263/1.html according to two witnesses attending the conference [presumably: Crypto'99], even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. The latest discovery by Dr [Nicko] van Someren is based on advanced search methods which test and report on the "entropy" of programming code. Is there any substance in this ? Francois Grieu -- From: [EMAIL PROTECTED] (Lincoln Yeoh) Crossposted-To: comp.security.misc,alt.security.pgp Subject: Re: Passwords secure against dictionary attacks? Date: Mon, 28 Feb 2000 14:42:17 GMT Reply-To: [EMAIL PROTECTED] On Sat, 26 Feb 2000 11:17:48 +, Johnny Bravo [EMAIL PROTECTED] wrote: On Sat, 26 Feb 2000 07:56:52 GMT, [EMAIL PROTECTED] (Lincoln Yeoh) wrote: Erm, it's trivial to run through a dictionary, just think of it as a two character password where you have say 2 alphabets. e.g. word1word2 word1 word2 word1,word2 And just these two words have 1.2 billion permutations for 30 bits of password with the separators you've given. Add in a third word and you Yep, as I was telling Ilya two words is not enough. 40 bits for that, and trying to remember 5 or 6 of them would be over kill and very hard to remember. Diceware is very suited to mnemonic aids Hmm, I recalculated. Just remember four 6 character passwords. Or five 5 char passwords. Remembering four passwords isn't that difficult is it? Just make sure you do NOT use those four anywhere else. Diceware is a good idea if it suits your brain. Two diceware words = one 5 character alphanumeric password, so mix and match if you wish. e.g. two diceware words with 3 passwords. If you do that I think attackers better have access to you or the machine ;). To each their own.. Pick what works for you. I just hope I don't bump my head or something :). Cheerio, Link. Repl
Cryptography-Digest Digest #214
Cryptography-Digest Digest #214, Volume #10 Fri, 10 Sep 99 01:13:03 EDT Contents: Re: sourcecode of DES in VB (James Pate Williams, Jr.) Re: simple key dependent encryption ("Kwong Chan") Re: Source code ([EMAIL PROTECTED]) Re: Looking for Completely-Free Strong Algorithms ([EMAIL PROTECTED]) Re: Looking for Completely-Free Strong Algorithms (David A Molnar) Re: 512 bit number factored (Dylan Thurston) Re: simple key dependent encryption fun about FIPS74 (jerome) Re: [q] gnupg strength (Tom St Denis) Re: some coder/hacker help please? (Tom St Denis) Re: some coder/hacker help please? (Tom St Denis) Re: Looking for Completely-Free Strong Algorithms (Tom St Denis) Re: What was the debugging symbol of the third Windows key? Re: some coder/hacker help please? (Tom St Denis) Re: some information theory (Anti-Spam) Re: GnuPG 1.0 released (Jerry Coffin) From: [EMAIL PROTECTED] (James Pate Williams, Jr.) Subject: Re: sourcecode of DES in VB Date: Tue, 07 Sep 1999 21:06:37 GMT On Mon, 6 Sep 1999 20:05:37 +0200, "Buchinger Reinhold" [EMAIL PROTECTED] wrote: I need a version of DES in VB (possible in Pascal). It could also be a simplified DES. It's only to see how it works. I am very grateful for any help ! The algorithm is given in the _Handbook of Applied Cryptography_ by Alfred J. Menezes et. al. Chapter 7 7.4.2 pages 252-256. You can find this chapter on-line if you search for it. Try searching recent posts to sci.crypt by Menezes or do a wb search using his name or the title of the handbook. I implemented the algorithm easily from the handbook in C. ==Pate Williams== [EMAIL PROTECTED] http://www.mindspring.com/~pate -- From: "Kwong Chan" [EMAIL PROTECTED] Subject: Re: simple key dependent encryption Date: Fri, 10 Sep 1999 10:14:34 +0800 a) what is this type of encryption called? b) am i wrong in thinking this type of key dependent encryption would be tough to crack? a) A polyalphabetic cipher with a mixed alphabet and a repeating key. b) Yes, you are wrong. If the key is of large period, say longer than the plaintext to be encrypted, is the polyalphabetic cipher still easy to be crack? -- From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: Source code Date: Thu, 09 Sep 1999 19:42:11 -0700 Try ftp://ftp.replay.com/pub/replay And browse to your heart content. -Ryan Phillips- Erick Stevenson wrote: Greetings. I need source code for the highest exportable algor's. Can anyone help me with this? VB, C++, Java whatever is fine. Best regards, Erick Stevenson -- From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: Looking for Completely-Free Strong Algorithms Date: Thu, 09 Sep 1999 19:44:34 -0700 check out ftp://ftp.replay.com/pub/crypto and browse Usually licenses are found with the algorithm itself. -Ryan Phillips- Joseph Ashwood wrote: I'm looking for royalty-free strong algorithms. I know that AES (when it's decided) will meet the criteria, but I need something fairly soon, and I need it to have free source code available also (not enough time to do it right myself). Now before Scott plugs himself again, let me say that this encryption will be used for bidirectional communication so treating everything as a single block simply will not work. I thank you for putting up with my questions (although I've only asked a couple over the years), I really do appreciate it. Joseph -- From: David A Molnar [EMAIL PROTECTED] Subject: Re: Looking for Completely-Free Strong Algorithms Date: 10 Sep 1999 01:58:52 GMT Joseph Ashwood [EMAIL PROTECTED] wrote: I'm looking for royalty-free strong algorithms. I know that AES (when it's decided) will meet the criteria, but I need something fairly soon, and I need it to have free source code available also (not enough time to do it right myself). Now before Scott plugs himself again, let me say that this I'm assuming that you want a symmetric system. 3DES is tried, true, and royalty-free. It's part of Wei Dai's crypto library : http://www.eskimo.com/~weidai/cryptlib.html Twofish has reference source code available from Counterpane. It has made it to the final round of AES, for what you think that's worth. http://www.counterpane.com/twofish.html Blowfish is royalty-free, as well. http://www.counterpane.com/blowfish.html Those are the only algorithms which I'm 100% sure are unpatented at this moment. There are likely other unpatented algorithms which may be useful to you. Maybe checking the Block Cipher Lounge would help determine whether another algorithm is attractive enough to investigate : http://www.ii.uib.no/~larsr/bc.html -David -- From: Dylan Thurston [EMAIL PROTECTED] Subject: Re: 51