Cryptography-Digest Digest #214
Cryptography-Digest Digest #214, Volume #14 Mon, 23 Apr 01 11:13:01 EDT Contents: Re: I got accepted (Runu Knips) Re: Let's end this OTP argument (Simon Hunt) Re: 1024bit RSA keys. how safe are they? (Klaus Pommerening) Re: 1024bit RSA keys. how safe are they? (Matthias Murra) Re: OTP WAS BROKEN!!! (Tom St Denis) Re: OTP WAS BROKEN!!! (Jeffrey Williams) Re: Lessons learned from current watermarking systems (Lutz Donnerhacke) Re: Censorship Threat at Information Hiding Workshop (David A Molnar) Triple-DES vs. RC4 (Michael Schmidt) Re: Reusing A One Time Pad (Richard Herring) Re: Triple-DES vs. RC4 (Panu Hämäläinen) Re: 1024bit RSA keys. how safe are they? (George T.) Re: Triple-DES vs. RC4 (Tom St Denis) Re: 1024bit RSA keys. how safe are they? (Tom St Denis) Re: Triple-DES vs. RC4 (Michael Schmidt) Re: Triple-DES vs. RC4 (Tom St Denis) Re: Triple-DES vs. RC4 (Michael Schmidt) Re: random square factoring? (Tony T. Warnock) Re: sdgsdg (AY) Re: OTP breaking strategy (Tony T. Warnock) Re: Steganography with natural texts (John A. Malley) Re: sdgsdg (Ben Smith) Re: 1024bit RSA keys. how safe are they? (AY) Date: Mon, 23 Apr 2001 11:15:39 +0200 From: Runu Knips [EMAIL PROTECTED] Subject: Re: I got accepted Tom St Denis wrote: Yahooo! I got accepted to 1 out of the 3 (so far) universities I applied too. Yaho! I would like to thank the posters in this group for if it weren't for my hours consumed posting and learning here I probably would not have made it!!! CONGRATULATIONS ! :-) -- From: Simon Hunt [EMAIL PROTECTED] Subject: Re: Let's end this OTP argument Date: Fri, 20 Apr 2001 13:03:32 +0100 Am I missing something, or could this mean ANY 64 character message as there are 64^256 possible pads for this message? Simon. Tom St Denis [EMAIL PROTECTED] wrote in message news:UtJD6.89$[EMAIL PROTECTED]... Below is a 8-bit per char (ASCII) encoded message using a winRNG as a OTP pad (I don't know the pad even, well I know the message). The message is null terminated so you are given one byte of the pad ... 69 d0 2c a8 d9 55 1a b8 79 41 0d af 4f 31 fe e1 b8 6e a2 2b f4 d4 64 cf be 9d b4 54 00 05 9c 3a ba b4 e8 fd d2 f7 78 9f c6 c1 23 70 c0 7a c7 76 eb 00 90 05 68 12 b6 82 5e 2e 9e 16 3a ed 18 46 If you can tell me the message please disclose it here! -- Tom St Denis --- http://tomstdenis.home.dhs.org -- From: [EMAIL PROTECTED] (Klaus Pommerening) Subject: Re: 1024bit RSA keys. how safe are they? Date: 23 Apr 2001 10:07:11 GMT In 9c0956$ph0$[EMAIL PROTECTED] George T. wrote: Does anyone has idea how safe RSA 1024 bit keys are? Are they safe enough to be used for encrypting credit card information, travelling over the internet and or residing on servers (email) for more than 24 hours. http://www.cryptosavvy.com/ -- Klaus Pommerening [http://www.Uni-Mainz.DE/~pommeren/] Institut fuer Medizinische Statistik und Dokumentation der Johannes-Gutenberg-Universitaet, D-55101 Mainz, Germany -- From: Matthias Murra [EMAIL PROTECTED] Subject: Re: 1024bit RSA keys. how safe are they? Date: Mon, 23 Apr 2001 14:06:55 +0200 Klaus Pommerening wrote: http://www.cryptosavvy.com/ See Bob Silverman's reply to [EMAIL PROTECTED] (sorry, I don't have the reply's message ID). In essence, the paper referenced above does not address the fact that the Number Field Sieve (used for factoring the RSA modulus n) is SPACE-constrained, not TIME-constrained, for large values of n. -- Cool, huh? Just like Usenet or Yahoo message boards -- the losers self-identify themselves. -- From: Tom St Denis [EMAIL PROTECTED] Subject: Re: OTP WAS BROKEN!!! Date: Mon, 23 Apr 2001 12:47:03 GMT Douglas A. Gwyn [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Tom St Denis wrote: Since infinity is not a number and doesn't represent one you can't exactly square it. ... Of course I will most likely get flamed by this post. Oh well. The reason you get flamed is for trying to explain something that you don't know as well as the person to whom you're trying to explain. Look up Cantor and transfinite numbers. That's cool times two.. nahaha that's cool times infinity... heheheh You know what, I really don't care. It's one of those things that's neat but at my stage in life a completely useless fact. Just like knowing the universe is expanding. Not much I can do with that fact too. Tom -- From: Jeffrey Williams [EMAIL PROTECTED] Subject: Re: OTP WAS BROKEN!!! Date: Mon, 23 Apr 2001 07:49:26 -0500 OTP is an acronym for One Time Pad. If you reuse the key, it ceases, by definition, to be a One Time Pad. If you can break it only after reuse, you have NOT broken a OTP. It is acknowledged in this news groups
Cryptography-Digest Digest #214
Cryptography-Digest Digest #214, Volume #11 Mon, 28 Feb 00 12:13:02 EST
Contents:
Re: RSA deppading ("Ian Michael Ash")
Re: Passwords secure against dictionary attacks? (Jens Haug)
Re: Status of alleged *THIRD* key in MS Crypto API ? (Francois Grieu)
Re: Passwords secure against dictionary attacks? (Lincoln Yeoh)
Re: QUESTION: Enigma Machine Plans, specification etc (Jim Backus)
Re: Passwords secure against dictionary attacks? (Gordon Walker)
Re: increasing key length through Hasing (Anton Stiglic)
Re: How do I get the key from the passphrase in DES? (John Savard)
Re: CRC-16 Reverse Algorithm ? (Doug Stell)
Want to poke holes in this protocol? (Johan Hoogenboezem)
Re: Passwords secure against dictionary attacks? (e n t r o p i c)
Re: are self-shredding files possible? (Erik)
Re: Want to poke holes in this protocol? (Tim Tyler)
Re: Want to poke holes in this protocol? (Erik)
Encryption (only) in a extremely small program? (~1.4KB) (dywalsh)
Re: Want to poke holes in this protocol? (Glenn Larsson)
From: "Ian Michael Ash" [EMAIL PROTECTED]
Subject: Re: RSA deppading
Date: Mon, 28 Feb 2000 14:44:27 +0200
One often pads the real data that you're going to encrypt with a series of
random numbers to make the message longer and increase entropy(?). Perhaps
this reference is to stripping of the random numbers that were added to the
end of the message. i.e. you decrypt the RSA message, then strip off random
padding, and you're left with original message.
Ian
Yo wrote in message 89dl6a$7fa$[EMAIL PROTECTED]...
Does anybody know what is "RSA deppading" ? when does it apply?
--
From: [EMAIL PROTECTED] (Jens Haug)
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: 28 Feb 2000 13:44:54 GMT
Reply-To: [EMAIL PROTECTED]
In article [EMAIL PROTECTED], [EMAIL PROTECTED] (JimD)
writes:
On Fri, 25 Feb 2000 07:17:11 GMT, [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
JimD wrote:
Don't use *any* word in *any* language!
How about ten English words with different punctuation symbols
as word separators?
do you mean that 'English' is not '*any* language' ? :-)
( Don't use *any* word in *any* language!) isn't my
quote.
Of course not. There's one more quotation character before
that quote. No need to mention that, everybody can see that.
(It was my quote.)
Jens
--
From: [EMAIL PROTECTED] (Francois Grieu)
Subject: Re: Status of alleged *THIRD* key in MS Crypto API ?
Date: Mon, 28 Feb 2000 15:01:40 +0100
I found an article by Duncan Campbell, dated Sept 4, 1999 with a fragment
on the third key, at
http://www.heise.de/tp/english/inhalt/te/5263/1.html
according to two witnesses attending the conference [presumably:
Crypto'99], even Microsoft's top crypto programmers were astonished to
learn that the version of ADVAPI.DLL shipping with Windows 2000 contains
not two, but three keys. Brian LaMachia, head of CAPI development at
Microsoft was "stunned" to learn of these discoveries, by outsiders. The
latest discovery by Dr [Nicko] van Someren is based on advanced search
methods which test and report on the "entropy" of programming code.
Is there any substance in this ?
Francois Grieu
--
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: Mon, 28 Feb 2000 14:42:17 GMT
Reply-To: [EMAIL PROTECTED]
On Sat, 26 Feb 2000 11:17:48 +, Johnny Bravo [EMAIL PROTECTED]
wrote:
On Sat, 26 Feb 2000 07:56:52 GMT, [EMAIL PROTECTED] (Lincoln
Yeoh) wrote:
Erm, it's trivial to run through a dictionary, just think of it as a two
character password where you have say 2 alphabets.
e.g.
word1word2
word1 word2
word1,word2
And just these two words have 1.2 billion permutations for 30 bits of
password with the separators you've given. Add in a third word and you
Yep, as I was telling Ilya two words is not enough.
40 bits for that, and trying to remember 5 or 6 of them would be over
kill and very hard to remember. Diceware is very suited to mnemonic aids
Hmm, I recalculated. Just remember four 6 character passwords. Or five 5
char passwords.
Remembering four passwords isn't that difficult is it? Just make sure you
do NOT use those four anywhere else.
Diceware is a good idea if it suits your brain. Two diceware words = one 5
character alphanumeric password, so mix and match if you wish. e.g. two
diceware words with 3 passwords.
If you do that I think attackers better have access to you or the machine
;).
To each their own.. Pick what works for you.
I just hope I don't bump my head or something :).
Cheerio,
Link.
Repl
Cryptography-Digest Digest #214
Cryptography-Digest Digest #214, Volume #10 Fri, 10 Sep 99 01:13:03 EDT
Contents:
Re: sourcecode of DES in VB (James Pate Williams, Jr.)
Re: simple key dependent encryption ("Kwong Chan")
Re: Source code ([EMAIL PROTECTED])
Re: Looking for Completely-Free Strong Algorithms ([EMAIL PROTECTED])
Re: Looking for Completely-Free Strong Algorithms (David A Molnar)
Re: 512 bit number factored (Dylan Thurston)
Re: simple key dependent encryption
fun about FIPS74 (jerome)
Re: [q] gnupg strength (Tom St Denis)
Re: some coder/hacker help please? (Tom St Denis)
Re: some coder/hacker help please? (Tom St Denis)
Re: Looking for Completely-Free Strong Algorithms (Tom St Denis)
Re: What was the debugging symbol of the third Windows key?
Re: some coder/hacker help please? (Tom St Denis)
Re: some information theory (Anti-Spam)
Re: GnuPG 1.0 released (Jerry Coffin)
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: sourcecode of DES in VB
Date: Tue, 07 Sep 1999 21:06:37 GMT
On Mon, 6 Sep 1999 20:05:37 +0200, "Buchinger Reinhold"
[EMAIL PROTECTED] wrote:
I need a version of DES in VB (possible in Pascal). It could also be a
simplified DES. It's only to see how it works.
I am very grateful for any help !
The algorithm is given in the _Handbook of Applied Cryptography_ by
Alfred J. Menezes et. al. Chapter 7 7.4.2 pages 252-256. You can find
this chapter on-line if you search for it. Try searching recent posts
to sci.crypt by Menezes or do a wb search using his name or the title
of the handbook. I implemented the algorithm easily from the handbook
in C.
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
--
From: "Kwong Chan" [EMAIL PROTECTED]
Subject: Re: simple key dependent encryption
Date: Fri, 10 Sep 1999 10:14:34 +0800
a) what is this type of encryption called?
b) am i wrong in thinking this type of key dependent encryption would be
tough to crack?
a) A polyalphabetic cipher with a mixed alphabet and a repeating key.
b) Yes, you are wrong.
If the key is of large period, say longer than the plaintext to be
encrypted,
is the polyalphabetic cipher still easy to be crack?
--
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Source code
Date: Thu, 09 Sep 1999 19:42:11 -0700
Try ftp://ftp.replay.com/pub/replay
And browse to your heart content.
-Ryan Phillips-
Erick Stevenson wrote:
Greetings. I need source code for the highest exportable algor's. Can
anyone help me with this? VB, C++, Java whatever is fine.
Best regards,
Erick Stevenson
--
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Looking for Completely-Free Strong Algorithms
Date: Thu, 09 Sep 1999 19:44:34 -0700
check out ftp://ftp.replay.com/pub/crypto and browse
Usually licenses are found with the algorithm itself.
-Ryan Phillips-
Joseph Ashwood wrote:
I'm looking for royalty-free strong algorithms. I know that AES (when it's
decided) will meet the criteria, but I need something fairly soon, and I
need it to have free source code available also (not enough time to do it
right myself). Now before Scott plugs himself again, let me say that this
encryption will be used for bidirectional communication so treating
everything as a single block simply will not work. I thank you for putting
up with my questions (although I've only asked a couple over the years), I
really do appreciate it.
Joseph
--
From: David A Molnar [EMAIL PROTECTED]
Subject: Re: Looking for Completely-Free Strong Algorithms
Date: 10 Sep 1999 01:58:52 GMT
Joseph Ashwood [EMAIL PROTECTED] wrote:
I'm looking for royalty-free strong algorithms. I know that AES (when it's
decided) will meet the criteria, but I need something fairly soon, and I
need it to have free source code available also (not enough time to do it
right myself). Now before Scott plugs himself again, let me say that this
I'm assuming that you want a symmetric system.
3DES is tried, true, and royalty-free. It's part of Wei Dai's crypto
library : http://www.eskimo.com/~weidai/cryptlib.html
Twofish has reference source code available from Counterpane. It has made
it to the final round of AES, for what you think that's worth.
http://www.counterpane.com/twofish.html
Blowfish is royalty-free, as well.
http://www.counterpane.com/blowfish.html
Those are the only algorithms which I'm 100% sure are unpatented
at this moment. There are likely other unpatented algorithms which
may be useful to you. Maybe checking the Block Cipher Lounge would
help determine whether another algorithm is attractive enough to
investigate : http://www.ii.uib.no/~larsr/bc.html
-David
--
From: Dylan Thurston [EMAIL PROTECTED]
Subject: Re: 51
