Cryptography-Digest Digest #544
Cryptography-Digest Digest #544, Volume #14 Thu, 7 Jun 01 01:13:00 EDT Contents: Re: Best, Strongest Algorithm (gone from any reasonable topic) (JPeschel) Re: OTP WAS BROKEN!!! (Gordon Burditt) Re: Best, Strongest Algorithm (gone from any reasonable topic) ([EMAIL PROTECTED]) Re: Notion of perfect secrecy (SCOTT19U.ZIP_GUY) Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY) Re: Def'n of bijection ([EMAIL PROTECTED]) Re: OTP WAS BROKEN!!! ([EMAIL PROTECTED]) Re: Bow before your new master (John Fields) Re: Best, Strongest Algorithm (gone from any reasonable topic) (JPeschel) Re: RSA's new Factoring Challenges: $200,000 prize. (my be repeat) (Michael Brown) Re: RSA's new Factoring Challenges: $200,000 prize. (Michael Brown) Re: Notion of perfect secrecy (Neil Couture) From: [EMAIL PROTECTED] (JPeschel) Date: 07 Jun 2001 02:25:48 GMT Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes, in part: You should read Shannon's article Communication Theory of Secrecy Systems it was in the Bell systems technical Journal. Yes, I know the paper, have read it, and am re-reading it. He talks about making the key as small as possible. I think we can assume that means as long as the plaintext. That doesn't mean that the size of the key and the size of the pad need to be the same. Keys are taken from the pad. When the pad is used up it's time to generate another pad with more keys. Each key, so far as i can tell from Shannon, must be the length of the plaintext. Point me to where Shannon says that the length of the plaintext must be kept secret. Joe __ Joe Peschel D.O.E. SysWorks http://members.aol.com/jpeschel/index.htm __ -- From: [EMAIL PROTECTED] (Gordon Burditt) Subject: Re: OTP WAS BROKEN!!! Date: 7 Jun 2001 02:28:54 GMT Why if you re-use the key twice, OTP becomes less secure? If you re-use the key, it's NOT a OTP. I'm newbie and I want an answer with few samples. Let us suppose that you can trick the opposition into sending something that you know, encrypted with the OTP. Perhaps you even get to select it. For example, your ambassador gives their ambassador (at their embassy in your country) a long-winded proposed treaty for extraditing spammers and emergency shutdown of open spam relays by nuclear air attacks. They will relay it to their government using the OTP via radio (so you can intercept it). You know the text of the treaty will appear somewhere in one of the messages sent in the next day or so. You can use this to create a relatively limited list of pieces of possible keys. Now, if the key is used ONCE, you have some of the keying material which will never be used again. Whoop de doo! You already know what was encrypted with that portion of the key; that was how you computed it in the first place. This gives you no useful information about other encrypted messages. If the key is used MORE THAN ONCE, you can take the possible keys, slide them along other messages, and compute possible plaintexts from this. IF you get a sensible-looking plaintext, you now have a much-better-than-random-guess probability that this is the correct key, being re-used. I tried to solve the probleme, using the same key, I found (2*n) possible solutions for a ciphertext of bit-length equal to n. How is it possible to recover the plaintext? Assume that the text of the treaty is 100Kbits, and that 10Mbits of messages were sent in the time window when the treaty was likely sent. Sliding the key along the text of messages sent yields 10M - 100K possible keys. This is a heck of a lot less than the possible values of keys used to send the treaty, 2**100K. Now, assuming the key will be re-used the next day, and that 10Mbits of traffic are sent then, you have (10M-100K)**2 combinations of possible keys and places to start using them. This is less than 2**48, which is a heck of a lot less than 2**10. Gordon L. Burditt -- Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) From: [EMAIL PROTECTED] Date: 06 Jun 2001 22:40:09 -0400 Tom St Denis [EMAIL PROTECTED] writes: [EMAIL PROTECTED] wrote in message Tim Tyler [EMAIL PROTECTED] writes: ...but why only consider the possible messages of size 2^n? This is a tiny subset of the messages that could have been transmitted. Right! That's why ``perfect secrecy'' is only attainable if the ciphertext is longer than *any* possible plaintext. All messages must have infinite length. You're a loon. That's not nice! Anyway, your sarcasm detector must be busted. Len. -- From: [EMAIL
Cryptography-Digest Digest #544
Cryptography-Digest Digest #544, Volume #13 Wed, 24 Jan 01 23:13:00 EST Contents: Re: Fitting Dynamic Transposition into a Binary World (John Savard) Re: DES check values (58) Another Microsoft lawsuit on the horizon (Re: Why Microsoft's Product Activation Stinks) (Matthew Montchalin) Re: finding inverses and factoring (David A Molnar) Differential Analysis of "A + (B xor X)" ("Alexis Machado") Re: finding inverses and factoring (David A Molnar) Re: Secure game highscore server (graywane) Re: Snake Oil (phil hunt) IPsec export and PFS ([EMAIL PROTECTED]) Re: IPsec export and PFS (graywane) Re: finding inverses and factoring (Splaat23) Knots, knots, and more knots (Matthew Montchalin) Re: Random stream testing. (long) ("Douglas A. Gwyn") Re: Secure game highscore server (Splaat23) From: [EMAIL PROTECTED] (John Savard) Subject: Re: Fitting Dynamic Transposition into a Binary World Date: Thu, 25 Jan 2001 00:10:44 GMT On Wed, 24 Jan 2001 20:56:25 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote, in part: Is there some reason why you could not use the algorithm in my "revisited" article? I'm sure that I'm the only one who really finds that method inadequate for his purposes. As I understand it, your algorithm is: Given a block size of N bytes: take N-1 bytes of data. If that data has 7 or fewer excess 1s or 0s, add an appropriate last byte. If the excess is more than that, use only the first N-2 bytes, and rectify the excess in the last two bytes. I suppose you could use alternating all ones and all zeroes bytes in the case where the excess is all in the last byte. John Savard http://home.ecn.ab.ca/~jsavard/crypto.htm -- From: 58 [EMAIL PROTECTED] Subject: Re: DES check values Date: Thu, 25 Jan 2001 00:31:52 GMT In article 94n9t1$ktv$[EMAIL PROTECTED], Splaat23 [EMAIL PROTECTED] wrote: Could you please clarify exactly what you need? Sure. Let me start by defining some conventions so I don't get too confused. 1) The clear key is the unencrypted form. It is 16 hexadecimal characters. 2) The Cryptographic Key (crypto key) is similar in function to PGPs private or public keys: it is upon which the encryption or decryption is based. We call it a master key. It is 16 hexadecimal characters. I can't tell you who we are or what we do, but... My company uses DES exclusively. So do all of our clients, as well as all of our business associates. The value being checked is a clear key, which is used to encrypt digital transmissions over a semi-secure network. The clear key is used as a crypto key for these transmissions. When we ship this clear key to our clients (or receive it from them), often times it's been transcribed and is not a photocopy, or the photocopy is of poor quality, so a check value is included with it. The clear key is then entered into the the system (an SIU or other security processor), which spits out a check value. Matching the check means the clear key was correctly entered. The check value is created by encrypting the clear key, but the crypto key is all zeros. This way, the encryption is unique only to the clear key. We and our clients also maintain a private crypto key which is not released to anyone, and anything encrypted with it is also kept secure in house (in the security processor, really). I guess, what I'm looking for is a DES encryption program, but in it's most simple form. The crypto key would be all zeros, and there would be no variants applied. I would prefer that the program NOT decrypt, or I would have to declare it to my risk manager. Thanks, Larry Sent via Deja.com http://www.deja.com/ -- From: Matthew Montchalin [EMAIL PROTECTED] Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism,us.misc Subject: Another Microsoft lawsuit on the horizon (Re: Why Microsoft's Product Activation Stinks) Date: Wed, 24 Jan 2001 16:50:20 -0800 On Wed, 24 Jan 2001, Splaat23 wrote: |He doesn't consider XORing two files together to be significant. |That's easy! He considers XORing two files together, one of which |happens to be generated by a PRNG to be significant. Innovation, |what a sight! I wish I had his foresight to create a slow, unwieldy |stream cipher that has no market to acquire and no use. But it is a smoking gun if the technique employed by Microsoft just happens to require using a couple pages of text out of the guy's diary, (diaries are very admissible as evidence) and his name and picture, together as a single cryptographic key, suitably XOR'd into something less recognizable? Geeeze, Microsoft probably didn't even have the presence of mind to use some other cryptographic key... But I say, if he *can* prove that Microsoft "took the easy road" rather than the one less traveled, then let him go ahead and prove it
Cryptography-Digest Digest #544
Cryptography-Digest Digest #544, Volume #12 Sat, 26 Aug 00 18:13:00 EDT Contents: Re: Best way! (Guy Macon) could someone post public key that is tempered pgp will not detect it (jungle) Re: Steganography question (Jani Store) ZixMail? ("Big Boy Barry") Re: PRNG Test Theory ([EMAIL PROTECTED]) Re: PGP bug ([EMAIL PROTECTED]) Re: ZixMail? ("Big Boy Barry") Re: Steganography question (Guy Macon) Re: PRNG Test Theory ("Paul Pires") Re: ZixMail? ([EMAIL PROTECTED]) Re: ZixMail? (Jim Gillogly) Re: New algorithm for the cipher contest ("Alexis Machado") Re: 7 mil, how this usage of PGP has been calculated ? (those who know me have no need of my name) Re: Best way! (those who know me have no need of my name) R: Test on pseudorandom number generator. ("Cristiano") R: Test on pseudorandom number generator. ("Cristiano") Re: New algorithm for the cipher contest ("Scott Fluhrer") R: Test on pseudorandom number generator. ("Cristiano") Re: 320-bit Block Cipher (Gregory G Rose) From: [EMAIL PROTECTED] (Guy Macon) Subject: Re: Best way! Date: 26 Aug 2000 19:07:25 GMT Big Boy Barry wrote: I am a newbie to encryption. Am I right about PGP being insecure? First, let me give you the 100% accurate answer, then the useful answer. The 100% accurate answer: NOTHING is secure. Everything is either in the "known to be insecure" or "not known whether it is or isn't secure" class. Now the useful answer: Who are you wanting to send secure email to? If you can manage to give them a secret passphrase without anyone else seeing it, then there is no known flaw in PGP. If you want to use any system where you don't physically hand the secret passphrase over, you are only as safe as the method you used to send it is. If you choose to use a public key system with no secret passphrase handed directly to your recipient, yuo will have to either study more and really understand the issues involved, or wait a while while the experts in sci.crypt hash it out, then ask for advice on what to do and follow that advice. -- From: jungle [EMAIL PROTECTED] Crossposted-To: alt.security.pgp,comp.security.pgp.discuss Subject: could someone post public key that is tempered pgp will not detect it Date: Sat, 26 Aug 2000 15:16:37 -0400 could someone post public key that is tempered pgp will not detect it ? -- From: Jani Store [EMAIL PROTECTED] Subject: Re: Steganography question Date: Sat, 26 Aug 2000 22:10:10 +0300 Guy Macon wrote: zapzing wrote: And, if your message is encrypted it will be indistinguishable from random numbers. So hiding random numbers in random numbers should not be all that difficult. There is no requirement that encrypted messages look like random numbers. It's a common practice, but often not done (especially in the header part). Ok I'd like to post a follow-up on this. Is there a way to prove that encryption is used (in england for instance) if I rip the PGP headers and footers off? Let's assume that the receivers public key is available. -- SS -- From: "Big Boy Barry" [EMAIL PROTECTED] Subject: ZixMail? Date: Sat, 26 Aug 2000 19:29:34 GMT Is Zixmail safe? Thanks... -- From: [EMAIL PROTECTED] Subject: Re: PRNG Test Theory Date: Sat, 26 Aug 2000 19:23:01 GMT In article 6rUp5.6797$[EMAIL PROTECTED], "Paul Pires" [EMAIL PROTECTED] wrote: Tim Tyler [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... [EMAIL PROTECTED] wrote: : Since any PRNG test can tell when a stream of bits is empiracly random : [...] Hmm. Personally, I'd have phrased it as: "no PRNG test alone is likely to tell you when a stream of bits is empirically random". If you use every test known to man - and they are all passed - that might qualify the resulting stream as "empirically random". : that should suggest that any PRNG test can be turned into a PRNG itself. As you mention you might expect - since PRNG tests aren't designed for this job - unless you included a whole battery of such tests, the results would pass that particular test used well, and fail other ones miserably. I expect using a whole battery of tests would probably result in an extremely slow and cumbersome PRNG. Yes but there is an interesting question here. Can rejecting Non- random (determined by any means) ever result in random? My Knee jerk reaction is no but I never thought of it that way before. Which is why I posed it. Let's build a prng with the runs test, poker test, ones/zero test, DNA/OPSO test, birthday test, that given 'n' prior bits will output the better of the two bits. Technically the output must pass
Cryptography-Digest Digest #544
Cryptography-Digest Digest #544, Volume #11 Fri, 14 Apr 00 00:13:01 EDT Contents: Re: Regulation of Investigatory Powers Bill (Paul Rubin) Re: The use of Three DES (Tom St Denis) from table to function (Tom St Denis) Re: Encode Book? (Jim Gillogly) Re: SSL/HTTP questions (newbie warning) (Rot 13) Re: Q: Entropy (Bryan Olson) Advice in my situation (Newbie) ("Fletch") Re: Cryptanalysis Challenge - Will anyone accept? ("Jeff Hamilton") Re: TDMA CAVE encryption (David Hopwood) Re: Cipher Contest Update ([EMAIL PROTECTED]) Re: AND on encrypted data ("1198") Re: AND on encrypted data ("gcouger") BlowWire ("Spleen Splitter") From: [EMAIL PROTECTED] (Paul Rubin) Crossposted-To: alt.security.scramdisk,alt.computer.security Subject: Re: Regulation of Investigatory Powers Bill Date: 13 Apr 2000 22:35:00 GMT In article [EMAIL PROTECTED], Jill [EMAIL PROTECTED] wrote: There is no law against keeping files of random data and the protest, of itself, provides the reason for having this data on your computer. It would require the assistance of someone well versed in cryptography to write a program to generate the random data so that it is indistinguishable from an encrypted file. Key generator programs may work, but this is by no means certain and I am not qualified to say one way or the other. Perhaps someone who is qualified could suggest an easy means of doing this. The best way of providing these files would be to set up a web site which will email a ready-made block of data to those requesting it. There must be someone out there with the knowledge and the inclination to set up such a site. This is an an amusing idea for us cryptographers. Somehow I think the UK law enforcement troglodytes will be less than amuse :-(. Anyway, a fun way to do it would be with the random number generation hardware built into the Pentium III chip set. That way there would be no cryptography programming involved. -- From: Tom St Denis [EMAIL PROTECTED] Subject: Re: The use of Three DES Date: Thu, 13 Apr 2000 22:56:01 GMT lordcow77 wrote: In article [EMAIL PROTECTED], Tom St Denis [EMAIL PROTECTED] wrote: The thing is attacks like Differential and Linear didn't exist until 10 years ago or so. So most attacks were 'hey I just noticed that...' Differential or linear analysis is not a black box that one feeds an algorithm to, upon which an answer will pop out giving the precise number of known/chosen texts are needed to break a given algorithm. Applying these cryptanalytical tools to a cipher requires a good deal of time and expertise; one cannot just make a cursory examinination of an algorithm and pronounce it secure. Moreover, one must consider variations on a basic idea used to attack a cipher: what notion of difference is being used? how can one exploit the broader structure of the cipher? what about interactions with the key schedule? Just like speed'ups on the Fermat factoring method are noteworthy but What exactly is this "Fermat factoring method?" Factoring via Difference of squares. It's in Knuth and I believe HAC. Tom -- From: Tom St Denis [EMAIL PROTECTED] Subject: from table to function Date: Fri, 14 Apr 2000 00:18:01 GMT How exactly did they expand the Serpent Sboxes into a series of algebraic instructions? Can you do this to any random permutation? Tom -- From: Jim Gillogly [EMAIL PROTECTED] Subject: Re: Encode Book? Date: Fri, 14 Apr 2000 00:33:51 + Eric Verheul wrote: Hey, I invented Pascal when I was 10, only to find out that somebody beat me to it. Damn! Ah, the tragedies of youth. I discovered the Gilloglean Theorem when I was in junior high -- but a friend's father looked at my work and told me it was simply the Fundamental Theorem of Arithmetic. Bummer. My older son at age 8 ripped out the cave in the old Adventure game ("You're in a maze of twisty little passages, all different.") and replaced it with his own. By age 12 he was earning royalties on game software for the Heathkit H-89. Face it -- there's somebody somewhere who's smarter than you -- except for one of you, of course... and I'll bet he or she doesn't post to sci.crypt. -- Jim Gillogly 24 Astron S.R. 2000, 00:29 12.19.7.2.4, 9 Kan 7 Pop, Eighth Lord of Night -- Subject: Re: SSL/HTTP questions (newbie warning) From: [EMAIL PROTECTED] (Rot 13) Date: 13 Apr 2000 17:00:52 -0700 In article 8d2vfk$qtd$[EMAIL PROTECTED], Paul Rubin [EMAIL PROTECTED] wrote: In article [EMAIL PROTECTED], Ken Tomei [EMAIL PROTECTED] wrote: First, my understanding is that initial session establishment requires a full handshake, including certificate exchange. Each TCP connection under that sess
Cryptography-Digest Digest #544
Cryptography-Digest Digest #544, Volume #10 Thu, 11 Nov 99 04:13:03 EST Contents: Re: PI digits (was Proposal: Inexpensive Method of "True Random Data" (Hans Moravec) Re: Research suggestion? (SCOTT19U.ZIP_GUY) Has anyone used CryptoPunk? (MEGstir) Re: "Risks of Relying on Cryptography," Oct 99 CACM "Inside Risks" column (Terry Ritter) Re: Can the SETI@home client be protected? (David Wagner) Re: secrecy/generation of IV ([EMAIL PROTECTED]) Re: Is there a secure-messaging service? ([EMAIL PROTECTED]) From: Hans Moravec [EMAIL PROTECTED] Crossposted-To: sci.math,sci.misc,sci.physics Subject: Re: PI digits (was Proposal: Inexpensive Method of "True Random Data" Date: Wed, 10 Nov 1999 21:32:11 -0500 [EMAIL PROTECTED](Steven B. Harris): However, several million digits [of PI] have been calculated, and these are equiprobable, to the limit of what most people consider probable ... That's a little out of date, unless 51,540 counts as several: http://www.cecm.sfu.ca/personal/jborwein/Kanada_50b.html Excerpt: Declared record: 51,539,600,000 decimal digits Yasumasa KANADA and Daisuke TAKAHASHI Two independent calculations based on two different algorithms generated 51,539,607,552 (=3*2^34) decimal digits of pi and comparison of two generated sequences matched 51,539,607,510 decimal digits, e.g., a 42 decimal digits difference. Then we are declaring 51,539,600,000 decimal digits as the new world record. (See related lecture on Pi and Mathland article.) Frequency distribution for pi-3 up to 50,000,000,000 decimal places: '0' : 512647; '1' : 486263; '2' : 520237; '3' : 414405 '4' : 523598; '5' : 491499; '6' : 428368; '7' : 514860 '8' : 5000117637; '9' : 490486; Chi square = 5.60 Frequency distribution for 1/pi up to 50,000,000,000 decimal places: '0' : 469955; '1' : 5000113699; '2' : 487893; '3' : 540906 '4' : 485863; '5' : 477583; '6' : 490916; '7' : 485552 '8' : 4999881183; '9' : 566450; Chi square = 7.04 Main program run: Job start : 6th June 1997 22:29:06 Job end : 8th June 1997 03:32:17 Elapsed time : 29:03:11 Main memory : 212 GB Algorithm : Borweins' 4-th order convergent algorithm (Run the algorithm.) The 18th iterate actually agrees with Pi to more than 187 billion digits. Verification program run: Job start : 4th July 1997 22:11:42 Job end : 6th July 1997 11:19:58 Elapsed time : 37:08:16 Main memory : 188 GB Algorithm : Gauss-Legendre algorithm (Brent-Salamin) Optimized main program run: Job start : 1st August 1997 23:04:15 Job end : 3rd August 1997 00:18:47 Elapsed time : 25:14:32 Main memory : 212 GB Algorithm : Borweins' 4-th order convergent algorithm Machine used: HITACHI SR2201 at the Computer Centre, University of Tokyo, with 1024 Processors. -- From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) Subject: Re: Research suggestion? Date: Thu, 11 Nov 1999 06:33:02 GMT In article [EMAIL PROTECTED], Peter Pearson [EMAIL PROTECTED] wrote: Rick Decker wrote: I have a student (senior double major in math, cs) who's interested in doing a thesis in crypto. Problem is that I'm trained as a topological graph theorist cum computer scientist and don't know much more about the subject than what I need to teach it in my algorithms course. Anyone have a suggestion for a research project that would be suitable for a semester-length project? My student is pretty quick, but the project need not lead to original results-- a new interpretation or tweak of an existing result would be satisfactory. The thesis is nominally in cs, but need not include a programming component. He could try to look at "all or nothing" type of crypto systems such as scott16u compared to any of the short keyed AES systems David A. Scott -- SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE http://www.jim.com/jamesd/Kong/scott19u.zip Scott famous encryption website NOT FOR WIMPS http://members.xoom.com/ecil/index.htm Scott rejected paper for the ACM http://members.xoom.com/ecil/dspaper.htm Scott famous Compression Page WIMPS allowed http://members.xoom.com/ecil/compress.htm **NOTE EMAIL address is for SPAMERS*** -- From: [EMAIL PROTECTED] (MEGstir) Subject: Has anyone used CryptoPunk? Date: 11 Nov 1999 05:58:23 GMT Have you used CryptoPunk, if so, what do you think about it? Any comments is greatly appreciated. Thanks much. -- From: [EMAIL PROTECTED] (Terry Ritter) Subject: Re: "Risks of Relying on Cryptography," Oct 99 CACM "Inside Risks" column Date: Thu, 11 Nov 1999 06:05:54 GMT On Thu, 11 Nov 1999 01:27:24 GMT, in 80d61p$r1u$[EMAIL PROTECTED], in sci.crypt [EMAIL PROTECTED] wrote: Terry Ritter wrote: [EMAIL PROTECTED] wrote: [...] One mo