Cryptography-Digest Digest #591
Cryptography-Digest Digest #591, Volume #13 Tue, 30 Jan 01 10:13:01 EST Contents: Re: A Password Protocol (John Savard) Re: Why Microsoft's Product Activation Stinks (wtshaw) Re: Windows encryption: API and file system (wtshaw) Re: Security of Centrinity's FirstClass Product ([EMAIL PROTECTED]) Re: random number generators. Can someone help? (Mok-Kong Shen) Re: On combining permutations and substitutions in encryption (Mok-Kong Shen) Re: fast signing (Paul Rubin) test ([EMAIL PROTECTED]) Re: Dynamic Transposition Revisited (long) (Rob Warnock) Re: Dynamic Transposition Revisited (long) (Rob Warnock) News: Szopa Goes E-Postal. Plus, I.T. Industry faces FUD Clean Up? (Lord Running Clam) Re: fast signing (Mehdi-Laurent Akkar) Re: test (Mehdi-Laurent Akkar) Re: fast signing (Bob Silverman) Re: Primality Test (Bob Silverman) Re: Primality Test (Bob Silverman) Re: cryptographic tourism in Russia ("Rodney Perkins") From: [EMAIL PROTECTED] (John Savard) Subject: Re: A Password Protocol Date: Tue, 30 Jan 2001 07:01:07 GMT On Tue, 30 Jan 2001 03:38:51 GMT, Benjamin Goldberg [EMAIL PROTECTED] wrote, in part: Given the scenario requirements, it seems quite obvious that the best thing to be using is Kerberos. Do a google search, and you'll get lots of decent descriptions. Actually, you'll find one on my web site. John Savard http://home.ecn.ab.ca/~jsavard/crypto.htm -- From: [EMAIL PROTECTED] (wtshaw) Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism Subject: Re: Why Microsoft's Product Activation Stinks Date: Tue, 30 Jan 2001 00:45:27 -0600 In article [EMAIL PROTECTED], Anthony Stephen Szopa [EMAIL PROTECTED] wrote: Bill Gates is worth nearly a hundred billion dollars and you can say things are not settled yet. Ha ha ha. Court cases... -- Some people say what they think will impress you, but ultimately do as they please. If their past shows this, don't expect a change. -- From: [EMAIL PROTECTED] (wtshaw) Subject: Re: Windows encryption: API and file system Date: Tue, 30 Jan 2001 00:43:26 -0600 In article [EMAIL PROTECTED], [EMAIL PROTECTED] wrote: NT is not a problem if the alternative is Windows9x! ... and the original poster did ask about *Windows* encryption. Neither is acceptable. -- Some people say what they think will impress you, but ultimately do as they please. If their past shows this, don't expect a change. -- From: [EMAIL PROTECTED] Subject: Re: Security of Centrinity's FirstClass Product Date: Tue, 30 Jan 2001 07:36:37 GMT Thanks guys... I think I get a better idea now GW Sent via Deja.com http://www.deja.com/ -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: random number generators. Can someone help? Date: Tue, 30 Jan 2001 10:31:47 +0100 [EMAIL PROTECTED] wrote: Sorry to bother. I don't know if there is a more appropriate NG for my question or not. I was wondering if there is a web-site that will allow you to program simple random # routines without actually programming/without having to do any downloading, out there? I figure someone must have thought of this idea, before me, and since most people are less lazy, and have more resources available, I would guess that someone has done it. If there isn't now was there ever one? Is there a better NG (or elist, etc.)for me to be asking this qwuestion @? With the least effort: Your programming language or the operating system normally has a PRNG ready. If you are in a scientific computing environment: There are PRNGs in numerical libraries, e.g. NAG, IMSL, that you can include and use in your programs. Otherwise, for code: Press et al., Numerical Recipes; for theory: Knuth, The Art of Computer Programming, Vol.2. For testing of random numbers: http://csrc.nist.gov/rng/ The NG is: sci.crypt.random-numbers. M. K. Shen http://home.t-online.de/home/mok-kong.shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: On combining permutations and substitutions in encryption Date: Tue, 30 Jan 2001 11:24:12 +0100 Terry Ritter wrote: [snip] Since some RNG information is hidden by the advanced combiner, the issue of whether *all* relevant information can be hidden is more than some vain hope; it is a reasonable question. A positive example would indeed be "absolutely" unbreakable for attacks from the ciphertext channel, but not necessarily unbreakable for unlimited computation. This is not weird science. An RNG is only predictable when we know enough about it. While we cannot expect to create unpredictability by computation, we might well hope to achieve the inability to exploit the predictability we know is there. I am unaware of any proofs in cryptography whi
Cryptography-Digest Digest #591
Cryptography-Digest Digest #591, Volume #12 Fri, 1 Sep 00 13:13:00 EDT Contents: cryptology software ("Michal Kvasnicka") Free crypto aplication (Piotr Kulinski) Re: Patent, Patent is a nightmare, all software patent shuld not be (Steve Rush) Re: QKD and The Space Shuttle (John Savard) Re: QKD and The Space Shuttle (John Savard) Re: test (John Savard) Re: PGP 6.5.8 test: That's NOT enough !!! (@@) Re: Remark on practical predictability of sequences ("John A. Malley") Re: Free crypto aplication (JCA) Re: RSA public exponent (Bob Silverman) Re: "Warn when encrypting to keys with an ADK" (Robert Gifford) Re: more on that neat prime generator (Bob Silverman) Re: Idea for creating primes ("Scott Fluhrer") Re: QKD and The Space Shuttle (Mary Shafer) Re: Security in RSA 'e' (DJohn37050) Re: Two quick practical questions (Maybe not scientific enough ;-) (Mike Rosing) Re: crypto organisations societies (Mike Rosing) Barrett's reduction algorithm (Steve Bryan) Re: Barrett's reduction algorithm (Roger Schlafly) Re: 4x4 s-boxes (Terry Ritter) Re: 96-bit LFSR needed (Mack) From: "Michal Kvasnicka" [EMAIL PROTECTED] Subject: cryptology software Date: Fri, 1 Sep 2000 10:23:30 +0200 I am looking for Maple or Matlab cryptography and cryptoanalysis software. Thanks in advance for any help, Michal -- Michal Kvasnicka [EMAIL PROTECTED] -- From: [EMAIL PROTECTED] (Piotr Kulinski) Subject: Free crypto aplication Date: Fri, 01 Sep 2000 12:13:19 GMT Reply-To: [EMAIL PROTECTED] Hello Few months ago I created crypto app called SCA. SCA is Crypto Application I wrote to encrypt,compress and / or base 64 process any files.It uses a really strong algorithms with cool key lenght to protect data from "prying eyes" : DES (56 bits) , IDEA (128 bits) , Blowfish (256 bits version). SCA uses an excellent crypto library (v. 2.3) by Wei Dai This app is *absolutely free* for non-commercial use. If someone is interested plase try this link http://ns1.widzew.net/~cotton/ Any comment would be appreciate Best regards Peter -- From: [EMAIL PROTECTED] (Steve Rush) Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be Date: 01 Sep 2000 12:42:37 GMT It seems that some terrorist has slipped an LSD bomb into the US Patent and Trademark Office. That is as good an explanation as any for some of the patents we've seen lately, and it has the advantage of not accusing the patent examiners of accepting a huge bribe from the American Trial Lawyers Association. Can anyone come up with a better reason for granting patents on ideas -like overlapping screen windows- that were in wide use for years before the patent application? == == If it's spam, it's a scam. Don't do business with Net abusers. -- From: [EMAIL PROTECTED] (John Savard) Crossposted-To: sci.space.shuttle,talk.politics.crypto Subject: Re: QKD and The Space Shuttle Date: Fri, 01 Sep 2000 12:59:12 GMT On Thu, 31 Aug 2000 19:30:29 -0700, Mike Dicenso [EMAIL PROTECTED] wrote, in part: On Fri, 1 Sep 2000, John Savard wrote: http://www.boeing.com/defense-space/space/ius/ which will be used to boost Chandra into its proper orbit. That should be in the past tense, the mission was flown 23 July of last year. :) As was noted on those web sites. John Savard http://home.ecn.ab.ca/~jsavard/crypto.htm -- From: [EMAIL PROTECTED] (John Savard) Crossposted-To: sci.space.shuttle,talk.politics.crypto Subject: Re: QKD and The Space Shuttle Date: Fri, 01 Sep 2000 13:00:50 GMT On Fri, 01 Sep 2000 01:59:46 GMT, [EMAIL PROTECTED] (John Savard) wrote, in part: On Thu, 31 Aug 2000 19:58:58 +, Alan Mackenzie[EMAIL PROTECTED] wrote, in part: STS-93: The designation of a Shuttle mission. Oh, yes: upturned nose STS stands for Space Transportation System, the *official* name of that which is _colloquially_ known as the "Space Shuttle". /upturned nose John Savard http://home.ecn.ab.ca/~jsavard/crypto.htm -- From: [EMAIL PROTECTED] (John Savard) Subject: Re: test Date: Fri, 01 Sep 2000 13:05:40 GMT On Fri, 01 Sep 2000 02:59:26 GMT, [EMAIL PROTECTED] wrote, in part: In article [EMAIL PROTECTED], [EMAIL PROTECTED] wrote: test Love, Jim You passed. Please post tests to alt.test I'm astonished: checking the header fields, the test post to which you replied does not appear to be a forgery. Jim Walsh is best known as a poster to talk.politics.china, in which his posts in defense of liberty, and critical of the Beijing dictatorship, have made him the target of vicious personal attacks from a number of apologists for the butchers of Tiena
Cryptography-Digest Digest #591
Cryptography-Digest Digest #591, Volume #11 Fri, 21 Apr 00 03:13:00 EDT Contents: Re: OAP-L3: Semester 1 / Class #1 All are invited. ("Joseph Ashwood") Re: OAP-L3: Semester 1 / Class #1 All are invited. ("Joseph Ashwood") Re: Requested: update on aes contest (wtshaw) Re: The Illusion of Security (UBCHI2) Re: OAP-L3: Semester 1 / Class #1 All are invited. (Anthony Stephen Szopa) Re: OAP-L3: Semester 1 / Class #1 All are invited. (Anthony Stephen Szopa) From: "Joseph Ashwood" [EMAIL PROTECTED] Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited. Date: Thu, 20 Apr 2000 23:04:41 -0700 Crossposted-To: talk.politics.crypto You obviously don't have a clue what a table is for or what you are looking for in this table or what you need to reply to let me know that you "get it." Here's another table: 59 6f 75 27 72 65 20 61 20 66 75 63 6b 69 6e 67 20 61 73 73 68 6f 6c 2c 20 61 6e 64 20 79 6f 75 20 63 61 6e 20 74 61 6b 65 20 79 6f 75 72 20 61 62 73 6f 6c 75 74 65 20 6c 6f 73 65 72 20 61 6e 20 64 6e 63 72 79 70 74 69 6f 6e 20 61 6c 67 6f 72 69 74 68 6d 20 61 6e 64 20 73 68 6f 76 65 20 69 74 20 77 68 65 72 65 20 74 68 65 20 73 75 6e 20 64 6f 6e 27 74 20 73 68 69 6e 65 And I think it's pretty clear about what you are to do with it. Also note that you have misrepresented the random number generator when you say the random digit generator in OAP-L3 is not cryptologically secure. You have never established that your algorithm is cryptologically secure, it's probably a safe assumption that it's not cryptologically secure. You have chosen one part of the random number generator and made this claim. The entire random number generator process results in the random numbers contained in the OTPs, and not the random digits from the MixFile process you address. If one part of the pRNG is insecure the entire thing is insecure (see complaints about original MARS key schedule). There is only one legitimate test for determining the security of encryption software: this test is that the cracker needs to know all about the encryption software's inner workings, the cracker needs to have a substantial amount of plain text, and the corresponding encrypted text. From this knowledge and this information the cracker must crack all encrypted messages. No that is not the only legitimate test, if the security of your pRNG has been successfully compromised without access to much of the information that you have not released, then it has been compromised. You are only asking essentially for the key to the MixFile / random digit process and then trying to predict subsequent random digits. Which of course may be enough to compromise the fake security of your system You want this key (once removed) and expect someone to believe you have cracked this process then you leap to the conclusion that the entire random number generator / generation is flawed. If you don't think he can do it, give him what he asks for. Joe -- From: "Joseph Ashwood" [EMAIL PROTECTED] Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited. Date: Thu, 20 Apr 2000 23:05:18 -0700 Crossposted-To: talk.politics.crypto Real cryptologists understand my Help Files. "Real cryptologists" ignore your useless drivel. Joe -- From: [EMAIL PROTECTED] (wtshaw) Subject: Re: Requested: update on aes contest Date: Thu, 20 Apr 2000 23:13:35 -0600 In article [EMAIL PROTECTED], lcs Mixmaster Remailer [EMAIL PROTECTED] wrote: This whole AES process has been a sad, embarrassing revelation of the personal weaknesses and flaws of the leaders of the field. The spirit of intellectual dishonesty which has pervaded the contest has been the exact opposite of the goals and principles the participants claim to endorse. To be kind, each advocate is going to have a difficult time not supporting his entry. Fixes were part of the deal, a chance to correct a correctible flaw. In the case of a clear overriding problem, advocacy is not sufficient to guarantee longterm success, as the winner will becomes a universal target so others can say I told you so. It's not impossible that teams are actually committing the ultimate intellectual crime by concealing weaknesses in the ciphers which they themselves know about. They may be having strategy sessions in which they speculate about whether specific attacks and potential problems in their own ciphers might be discovered by their rivals. They organize attack teams against other ciphers, hoping to tarnish each of them at least slightly so that their own cipher comes out looking best. It is the best interest of the winner to remain untarnished. Winning, then losing, does not seem to be a best option. But, winning may not be as important as some migh
Cryptography-Digest Digest #591
Cryptography-Digest Digest #591, Volume #10 Fri, 19 Nov 99 14:13:02 EST Contents: Re: A Random Key Cipher Machine (Tom St Denis) Re: Fingerprints for encryption alg. (crippa) Re: AES cyphers leak information like sieves (SCOTT19U.ZIP_GUY) Re: What part of 'You need the key to know' don't you people get? (SCOTT19U.ZIP_GUY) Re: ATTN Scott Nelson (CoyoteRed) Re: Question about enigma rotors (Erik H.) Re: What part of 'You need the key to know' don't you people get? (SCOTT19U.ZIP_GUY) Re: AES cyphers leak information like sieves (David Wagner) Re: Ultimate Crypto Protection? ("Douglas A. Gwyn") Re: What part of 'You need the key to know' don't you people get? ("Douglas A. Gwyn") Re: Simpson's Paradox and Quantum Entanglement ([EMAIL PROTECTED]) Re: Backdoor Tactic (Albert P. Belle Isle) Re: AES cyphers leak information like sieves (Tim Tyler) From: Tom St Denis [EMAIL PROTECTED] Subject: Re: A Random Key Cipher Machine Date: Fri, 19 Nov 1999 13:14:13 GMT Typing for the most part is too regular to use as 'random' sampling points along a smooth sine wave. You would be sampling at common points during 'typing bursts'. Neat idea otherwise. Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: crippa [EMAIL PROTECTED] Subject: Re: Fingerprints for encryption alg. Date: Fri, 19 Nov 1999 15:06:27 +0100 Roger Carbol wrote: JPeschel [EMAIL PROTECTED] wrote is it possible to construct an encryption algorithm X which will give the encrypted message a fingerprint? The fingerprint will assure any reader of the encrypted message -even a reader without the appropriate key- that the underlaying plaintext has been encrypted with the X algorithm. Sure it is. Depends on what [EMAIL PROTECTED] means by "assure" I suspect. I don't see any way of eliminating false positives, that is, detecting the fingerprint mistakenly in any old ciphertext, although certainly it could be made unlikely. .. Roger Carbol .. [EMAIL PROTECTED] Correct interpreted. Alice sends the enciphered message, having this fingerprint, to Bob. If Eva intercept the enciphered message and performs the fingerprint verification she will conclude that enciphering algorithm X was used. If you know how the algorithm works performing the fingerprint verification one could possibly add certain data D to an, by the unbreakable algorithm Y, enciphered message so that it would pass the fingerprint verification. But then the question arise, how should this data D be added without destroying the encipherment done by algorithm Y? This is the situation: M = plaintext message. Eub = UnBreakable encipher algorithm (forbidden by ...the world, government etc.) Dub = Deciphering algorithm of Eub. Ex = legal encipher algorithm accomplishing the fingerprint. V = the algorithm for the fingerprint verification. Returns true or false. Fd = the Faking Data algorithm giving V(Fd(M))=true for any message M. 1: V(Eub(M)) = false 2: V(Ex(M)) = true 3: How should Fd be constructed such that V(Fd(Eub(M))) = true and also that we can find/know the reversing algorithm RFd of Fd (RFd(Fd(M)) = M ) such that Dub(RFd(Fd(Eub(M = M holds ?? If it is impossible to find this Fd and RFd then we are done. And we could conclude that an enciphering algorithm leaving a fingerprint is possible. But alas, we have one situation still to deal with, shown below: 4: V(Ex(Eub(M))) = true To over come this situation Ex must be able to understand what kind a message it is about to encipher. The Ex must make sure that M is a message written in a pre-known language, e.g. English, Swedish, C++ code etc. But this is most likely infeasable in practice. (The Ex must at least hold a dictionary and frequency statistics of the language in question.) So much for this idea. -- Best Regards /Christofer ~~~ ! Christofer Törnkvist ! ERICSSON UTVECKLINGS AB! ! ÄL2/UAB/F/V! SOFTWARE ARCHITECTURE LABORATORY ! ! Phone/fax: +46 8 727 57 52 /75 ! Box 1505, SE-125 25 ÄLVSJÖ, SWEDEN ! ! [EMAIL PROTECTED] ! Visiting address: Armborstvägen 1 ! ! Take juunk away when mailing ! Ext: www.ericsson.se/cslab ! !! Int: www-sarc.ericsson.se/public ! ! T H E o p e n s o u r c e a t--- http://www.erlang.org -- From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) Subject: Re: AES cyphers leak information like sieves Date: Fri, 19 Nov 1999 15:08:29 GMT In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Jerry Coffin) wrote: In article [EMAIL PROTECTED], [EMAIL PROTECTED] says... [ ... ] I'm not certain, but I have difficulty in imagining a "chaining mode" of a block cypher that pro