Cryptography-Digest Digest #232
Cryptography-Digest Digest #232, Volume #14 Wed, 25 Apr 01 16:13:01 EDT Contents: Re: OTP WAS BROKEN!!! (Mark G Wolf) Re: OTP WAS BROKEN!!! (Tony T. Warnock) Re: Censorship Threat at Information Hiding Workshop (John Myre) What Is the Quality of Randomness? (Mark G Wolf) Improvement to GOST? (John L. Allen) Re: Improvement to GOST? (Tom St Denis) Re: What Is the Quality of Randomness? (Tom St Denis) Key scheduling of block cipher (Mok-Kong Shen) Re: What Is the Quality of Randomness? (Mark G Wolf) Re: What Is the Quality of Randomness? (Tom St Denis) Re: Key scheduling of block cipher (Tom St Denis) Re: 1024bit RSA keys. how safe are they? (Brian Hetrick) Re: What Is the Quality of Randomness? (Mark G Wolf) Re: What Is the Quality of Randomness? (Tom St Denis) Re: Key scheduling of block cipher (Mok-Kong Shen) Re: SHA PRNG (Sam Simpson) Re: Censorship Threat at Information Hiding Workshop (Terry Ritter) Re: What Is the Quality of Randomness? (Terry Ritter) Re: OTP WAS BROKEN!!! (Tony T. Warnock) Re: Key scheduling of block cipher (Tom St Denis) Re: OTP breaking strategy (newbie) Re: OTP breaking strategy (newbie) Re: OTP breaking strategy (Tom St Denis) Re: OTP breaking strategy (Tom St Denis) From: Mark G Wolf [EMAIL PROTECTED] Subject: Re: OTP WAS BROKEN!!! Date: Wed, 25 Apr 2001 13:15:26 -0500 statistics of k are uniform, C1 and C2 are also have uniform statistics. P1-P2 will not have uniform statistics and thus be detected. It's easy to unscramble the combination of two plaintexts. (Playing the devil's advocate) Exactly what statistics are you referring to? -- From: Tony T. Warnock [EMAIL PROTECTED] Subject: Re: OTP WAS BROKEN!!! Date: Wed, 25 Apr 2001 12:17:42 -0600 Reply-To: [EMAIL PROTECTED] newbie wrote: And how many solutions could solve P Xor P' = C Xor C'? Tony T. Warnock wrote: The basic idea is that even without knowing the key, you can remove it. Thus you are left with a combination of two plaintexts which is easy to decrypt. Generally about one. Notice that P.XOR.P' combines two plaintexts which have plaintext-like structure. -- From: John Myre [EMAIL PROTECTED] Subject: Re: Censorship Threat at Information Hiding Workshop Date: Wed, 25 Apr 2001 12:27:47 -0600 I think you and I are in fairly close agreement. I'm hoping that David will respond to my query about terminology, in spite of the fact that it is, as you say, OT as far as the original issue goes. It's still interesting. JM Paul Pires wrote: snip To get back to the original thread, Felten et. al. This is an outrageous affront but it has nothing to do copyright or patent. This evil act has somehow been turned into another example of why intellectual property is bad bad bad. Look what these guy's are doing to poor old Fenton. snip Seconded. Doug Gwyn noted that the early pirates (whether considered heroes or criminals) could take some responsibility for the escalation we've seen. While true, the comment did redirect the discussion, and begs for objections. JM -- From: Mark G Wolf [EMAIL PROTECTED] Subject: What Is the Quality of Randomness? Date: Wed, 25 Apr 2001 13:33:56 -0500 You guys are a great source of inspiration, so I ask you, what is the quality of randomness? If I go to my local random super-center in town can I buy a better quality of randomness, and will it cost more? Since I don't know much about the quality of randomness I hate to get cheated by a less than honest or knowledgeable sales person. Can you folks help by giving me some basic pointers in what to look for? -- From: John L. Allen [EMAIL PROTECTED] Subject: Improvement to GOST? Date: Wed, 25 Apr 2001 18:01:29 GMT I've been playing with the GOST block algorithm. As we all know, one of its main features is the transformation of a 32-bit word by applying a different permutation to each of the 8 4-bit pieces. It does this via 8 secret (or key-dependent) 16-element sboxes. I was thinking that it would be easy to treat each of these sboxes as an rc4-style sbox and swap a pair of elements in a different sbox after encrypting each block. So, each of the 8 sboxes would have its own (i,j) and after the first block is encrypted, sbox0 would be permuted thusly: i0++; j0+=sbox0[i0]; swap sbox0[i0], sbox[j0]. After block two is encrypted, sbox1 would be permuted, etc. This seems like it would be much stronger that plain old GOST, making it have aspects of a stream cipher. Comments? John. -- From: Tom St Denis [EMAIL PROTECTED] Subject: Re: Improvement to GOST? Date: Wed, 25 Apr 2001 18:53:08 GMT John L. Allen [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... I've been playing with the GOST block algorithm. As we all know, one
Cryptography-Digest Digest #232
Cryptography-Digest Digest #232, Volume #13 Tue, 28 Nov 00 00:13:01 EST
Contents:
Re: collision probability with file checksums (Ed L Cashin)
Re: collision probability with file checksums (Ed L Cashin)
Re: collision probability with file checksums ("bubba")
Re: collision probability with file checksums (Ed L Cashin)
Re: collision probability with file checksums (David Schwartz)
PDF/PS to MS WORD converter (Raphael Phan)
Re: PDF/PS to MS WORD converter ("Trevor L. Jackson, III")
Re: Entropy paradox (Scott Craver)
Re: collision probability with file checksums (Ed L Cashin)
New symmetric-key distribution ([EMAIL PROTECTED])
Re: collision probability with file checksums (David Schwartz)
Re: does faster FPU and large cache improve en/decryption speed? (Tom St Denis)
Re: RSA funny stuff (Tom St Denis)
Re: On mutation of crypto algorithms (Tom St Denis)
From: Ed L Cashin [EMAIL PROTECTED]
Subject: Re: collision probability with file checksums
Date: 27 Nov 2000 19:04:41 -0500
David Schwartz [EMAIL PROTECTED] writes:
Ed L Cashin wrote:
If the system uses just one 160-bit algorithm, say SHA-1, for doing
the checksums, then what are the chances that an intruder could make a
malicious file that has the same checksum as the file's known-state
checksum?
Consider that no collisions are known for either SHA-1 or MD5
(which only uses a 128-bit checksum) and the odds of an intruder
being able to find a collision for a given checksum are as remote as
can be. If an attacker did find such a collision, the value of being
the first to find such a collision would probably exceed the value
of breaking into your machine. ;)
That fact is very interesting to me. Do you know what sources can I
use as references that state no collisions have been found for MD5 or
SHA-1?
More interesting to me is SHA-1, since I hear that some weaknesses
have been discovered in MD5.
--
--Ed Cashin PGP public key:
[EMAIL PROTECTED] http://www.coe.uga.edu/~ecashin/pgp/
--
From: Ed L Cashin [EMAIL PROTECTED]
Subject: Re: collision probability with file checksums
Date: 27 Nov 2000 19:09:11 -0500
David Schwartz [EMAIL PROTECTED] writes:
Ed L Cashin wrote:
If the system uses just one 160-bit algorithm, say SHA-1, for doing
the checksums, then what are the chances that an intruder could make a
malicious file that has the same checksum as the file's known-state
checksum?
Consider that no collisions are known for either SHA-1 or MD5 (which
only uses a 128-bit checksum) and the odds of an intruder being able to
find a collision for a given checksum are as remote as can be. If an
attacker did find such a collision, the value of being the first to find
such a collision would probably exceed the value of breaking into your
machine. ;)
A related question is this: an intruder comes upon a computer system
and wants to replace /bin/ls with a file that has the same checksum
(modification detection code) as the original /bin/ls. Assume that
this MDC algorithm is weak: assume it's an 8-bit checksum.
It is easy for the attacker to find a file that has the same checksum
as the original /bin/ls. Is it any harder to find a file that does
what he wants and also has the same checksum?
I imagine not, since the attacker could make his/her own /bin/ls and
then manipulate some unused padding to change the checksum.
--
--Ed Cashin PGP public key:
[EMAIL PROTECTED] http://www.coe.uga.edu/~ecashin/pgp/
--
From: "bubba" [EMAIL PROTECTED]
Subject: Re: collision probability with file checksums
Date: Tue, 28 Nov 2000 00:14:52 GMT
"Ed L Cashin" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
"bubba" [EMAIL PROTECTED] writes:
If I understand the claim of SHA-1 correctly, finding a colliding
file would take as many attempts as guessing a 160-bit number. In
other words, it could take 2^160 tests worst case, or 2^159
average. So even the ability to make 2^150 tests would require an
enormous amount of luck in addition. The ability to make 2^80 tests
would be useful only if you had 2^80 machines working in parallel.
I don't follow: I said that I read AHOC as saying that doing 2^80
tests at all was conceivable in 1997 and that 2^80 tests is an
insufficient number in attacking a 160-bit secure manipulation
detection code.
I don't understand why it matters whether the 2^80 tests are done in
parrellel or rapidly in sequence, since either way, 2^80 is less than
2^159 or 2^160.
Ed, Oops! My mistake. By dividing up the tests and running multiple machines
in parallel, the time needed can be reduced. But to reduce the tests per
machine
from 2^160 to 2^80, I believe a total of 2^80 machines would be needed, much
more
Cryptography-Digest Digest #232
Cryptography-Digest Digest #232, Volume #11 Thu, 2 Mar 00 01:13:01 EST
Contents:
Re: Processor speeds. ("Clockwork")
Re: Processor speeds. ("Clockwork")
Re: Processor speeds. ("Clockwork")
Re: Visual C++ Decompiling Service/Software Needed (JPeschel)
Re: First contact, establishing password without public keys (Paul Rubin)
Re: very tiny algorithm - any better than XOR? (David A. Wagner)
Re: very tiny algorithm - any better than XOR? (David A. Wagner)
Re: brute force attack on a 128 bit SSL key? (Michael Sierchio)
Re: very tiny algorithm - any better than XOR? (David A. Wagner)
Re: ...but what about my cipher? ("Harvey Rook")
Re: brute force attack on a 128 bit SSL key? (Jerry Coffin)
Re: Plain-text attack on ZIP file (Nemo psj)
Re: very tiny algorithm - any better than XOR? (Paul Rubin)
Re: https (Paul Rubin)
Re: very tiny algorithm - any better than XOR? ("Harvey Rook")
Re: Best language for encryption?? ("Douglas A. Gwyn")
Re: Best language for encryption?? ("Douglas A. Gwyn")
Re: Best language for encryption?? ("Douglas A. Gwyn")
Re: Passwords secure against dictionary attacks? (jungle)
Re: Best language for encryption?? ("Douglas A. Gwyn")
Re: Crypto.Com, Inc. ("Douglas A. Gwyn")
Re: Can someone break this cipher? ("Douglas A. Gwyn")
Re: On jamming interception networks ("Douglas A. Gwyn")
Re: On jamming interception networks ("Douglas A. Gwyn")
Re: On jamming interception networks ("Douglas A. Gwyn")
Re: And when you read my postings since April, 1999 .. you find out one ("Douglas
A. Gwyn")
Re: Q: 'Linear encipherment' ("Douglas A. Gwyn")
Reply-To: "Clockwork" [EMAIL PROTECTED]
From: "Clockwork" [EMAIL PROTECTED]
Subject: Re: Processor speeds.
Date: Thu, 02 Mar 2000 02:09:45 GMT
"_Andy_" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
On Thu, 24 Feb 2000 17:53:21 -0700, "John E. Kuslich"
[EMAIL PROTECTED] wrote:
No problems.
Do these things come with ethernet and TCP/IP stacks??
I really know nothing about them, but the idea seems very exciting.
I would like to hear more.
JK
Me too.
I've not seen one of these consoles yet. I think I'll take a trip to
the Trocedero and chat to the 2600 junkies this week - they play a lot
of games.
How would one go about connecting a hard-drive (or am I being stupid)?
As a general rule of thumb, I don't really like the idea of forking
out money for brand new hardware only to open it up immediately and
start playing around with the guts... I have the Medusa touch when it
comes to such things. ;)
If we filled the volume of the Moon with Atari 2600s, we would have just
about enough horsepower to crack XOR encryption :)
Clock
--
Reply-To: "Clockwork" [EMAIL PROTECTED]
From: "Clockwork" [EMAIL PROTECTED]
Subject: Re: Processor speeds.
Date: Thu, 02 Mar 2000 02:13:05 GMT
"John E. Kuslich" [EMAIL PROTECTED] wrote in message
news:2scv4.535$[EMAIL PROTECTED]...
Just as a benchmark, how many polygons per second can a pentium III 500Mhz
do using a standard video card?
You should post that question in a different news group... You will pay
++more++ to do it is the bottom line.
Clock
--
Reply-To: "Clockwork" [EMAIL PROTECTED]
From: "Clockwork" [EMAIL PROTECTED]
Subject: Re: Processor speeds.
Date: Thu, 02 Mar 2000 02:13:51 GMT
"_Andy_" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
On Wed, 23 Feb 2000 01:18:03 -, "Joseph Ashwood"
[EMAIL PROTECTED] wrote:
Another question: When was the last time your console
crashed?
You don't really want me to answer that, my console is 9 1/2
years old and has slowly developed a hardware problem.
Joe
Really? This sounds like an interesting idea. Someone could have a go
using my old Atari console if they wish. There's only one knob on it
that you turn. Perhaps a distributed key generation system over 30
consoles, and with mine playing Tennis... :)
Sigh
--
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Visual C++ Decompiling Service/Software Needed
Date: 02 Mar 2000 02:40:23 GMT
[EMAIL PROTECTED] writes:
Decompiling copyrighted software is a crime (as long as you don't do it only
to correct errors or need to make changes for compatibility reasons).
Interesting. Where is "decompiling" software a crime? Europe?
In the US, "decompiling," disassembling, or reverse-engineering
is only illegal in a few specific instances.
[EMAIL PROTECTED]'s project does sound unethical, but
I think he would face only a civil suit.
Cryptography-Digest Digest #232
Cryptography-Digest Digest #232, Volume #10 Tue, 14 Sep 99 13:13:03 EDT
Contents:
Re: Looking for Completely-Free Strong Algorithms (Paul Crowley)
Re: Sources of randomness (Paul Crowley)
Re: primes in dh (Tom St Denis)
Re: H.235 Keys from Passwords algorithm (David A Molnar)
Re: Make a point on KRYPTOS ("collomb")
Re: Can you believe this?? (John Savard)
Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out (John Savard)
Can you believe this?? (Anonymous)
Re: Creation of Tokens ! (Vin McLellan)
Re: RSA Algorithm (Michael J. Fromberger)
bug in peekboo (Tom St Denis)
Re: Mystery inc. (Beale cyphers) ([EMAIL PROTECTED])
How strong is RC4 ? (yoni)
Re: RSA Algorithm (Walter Hofmann)
Mathematical models and encryption ("Tom Pedersen")
Re: Mystery inc. (Beale cyphers) ("Douglas A. Gwyn")
Re: Make a point on KRYPTOS (Jim Gillogly)
Re: RC4-40 Cracking (Ian Goldberg)
From: Paul Crowley [EMAIL PROTECTED]
Subject: Re: Looking for Completely-Free Strong Algorithms
Date: 14 Sep 1999 09:40:23 +0100
"Joseph Ashwood" [EMAIL PROTECTED] writes:
OK, are all the different streams in the session protected by the same
shared secret?
There will be different key for each one, or if it's the same key there will
be obfuscation put in place so that they are no longer the same key (e.g.
different initialization vectors).
Using a new initialisation vector is much cheaper than using a new
key: you don't have to schedule an IV. Also, you can simply send the
IV in plaintext along with the new stream: you don't have to negotiate
a new secret.
It's also extremely doubtful that any of the information will ever
be repeated, probably a 1:2^36 for a 64-bit block, but I'm trying to
lower it further.
You shouldn't have to craft your data to suit the crypto: select the
crypto so it'll protect the data no matter what it is. Otherwise you
have a whole raft of extra code that has to be correct and secure for
your protocol to be secure.
And anyway, it's not two repeated plaintext blocks that cause the
trouble with a chaining mode, it's repeated ciphertext blocks.
Counter modes don't have this problem.
Conservative choice: Triple-DES in counter mode
Fast and sexy choice: Twofish or Rijndael in CBC or CFB mode.
hope this helps,
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
--
From: Paul Crowley [EMAIL PROTECTED]
Subject: Re: Sources of randomness
Date: 14 Sep 1999 09:52:52 +0100
[EMAIL PROTECTED] writes:
We wouldn't want to filter out the non-randomness, so
much as condense down the randomness. A good method
is to XOR the low entropy source bit stream into the
feedback of a large linear feedback shift register
(with taps corresponding to a primitive polynomial,
as usual). The nice fact about the technique is that
as long as the source stream is independent of the
register state, the register never loses entropy.
Even better would be to PUSH all of the random data into Panama, which
keeps a 1kbyte-wide shift register as part of its state, as well as a
big non-linear mixer. Then you can PULL all the words you like out
of it. See http://www.esat.kuleuven.ac.be/~rijmen/daemen.html
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
--
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: primes in dh
Date: Tue, 14 Sep 1999 11:31:13 GMT
In article RubD3.1011$[EMAIL PROTECTED],
"Michael Scott" [EMAIL PROTECTED] wrote:
b478a3fa33b1eac4ac8838ff8118999aacd9ea174143f0a9e06b68004836c63598897ae0e873
8764659b3902926258df809a5453b50d57438a3c765b1ea9e64089606376fd6da94a43686d8e
3fe574eb5b77d55d1b84a9de2dd96042938036837082f753f42296696a808e5df937a48c3b5f
fe5c509752227b14c17f612d9950370337d62dcad7031071a3710b5ed7c59e061eb6540a8b10
8318f0334a6bd6780da6ebdc4988b658a42d8a57548019811f41af62aa463562c3cdd3db018a
91fb956d6663ddea34c427935177611d3eaa883f1665eb036e3423dbfea9bafe81513dde34f3
056d6014b081404ca205ba2858434d55b91764a2703e46578f9e254f
..
Can I iterate this to find one or is there a more efficient method? I
just
need a single generator. So I iterate this from G = 2 to n can I expect
to
find a generator soon?
(all new to me :) )
Simpler than that. Use G=3 or G=4. Either will generate the prime order
subgroup, of order (p-1)/2.
Ok well for now I will use G=3 and the prime as previously posted. The code
actually works in peekboo (hehehe) but I want to make sure I got the math
right...
A 'beta' (i.e hack me to death) version with source will be out on friday.
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.d
