Cryptography-Digest Digest #599
Cryptography-Digest Digest #599, Volume #14 Tue, 12 Jun 01 19:13:00 EDT Contents: Re: Humor, I Must be a Threat to National Security (SCOTT19U.ZIP_GUY) Sophie-Germain Primes for sale (Tom St Denis) Re: IV (Tim Tyler) Re: IV (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Tim Tyler) Re: Mantin-Shamir's RC4 distinguisher paper and RC4 *student* paper (Itsik Mantin) Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Mok-Kong Shen) Re: The 94 cycle 64-bit block cipher :-) (Fat Phil) Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Mok-Kong Shen) Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Mok-Kong Shen) Special promotion: White-Hat Security Arsenal at 40% off on Amazon.com (Avi Rubin) Re: The 94 cycle 64-bit block cipher :-) (Tom St Denis) Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Mok-Kong Shen) The 94 cycle cipher (Tom St Denis) Re: Simple Crypto II, the public key... (Fat Phil) Re: Simple Crypto II, the public key... (Fat Phil) Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and (Douglas A. Gwyn) Re: Humor, I Must be a Threat to National Security (Douglas A. Gwyn) Re: EXCELLENT NEW WEB BOARD!! CHECK IT OUT :) (Paul Pires) Re: Simple Crypto II, the public key... (Tom St Denis) Re: Publication violation notice (The Nameless Horror) From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) Crossposted-To: comp.security.misc Subject: Re: Humor, I Must be a Threat to National Security Date: 12 Jun 2001 20:57:30 GMT [EMAIL PROTECTED] (Douglas A. Gwyn) wrote in [EMAIL PROTECTED]: SCOTT19U.ZIP_GUY wrote: ... I don't see why you where not hired but it may mean your to honest or you may not have matched the religion of the ones who you interviewed with. Its possible they had a quota for women at the time you applied. Most likely, the available positions had more qualified applicants. From the tone of some of Boney's narrative, I suspect they are glad they didn't hire him.. Having worked for the government. I noticed in the old days qualifications meant a lot. But then we had a cold war we needed to win. In the later years qualifications didn't mean squat. It was better if you meet the right politically correct quota. David A. Scott -- SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE OLD VERSIOM http://www.jim.com/jamesd/Kong/scott19u.zip My website http://members.nbci.com/ecil/index.htm My crypto code http://radiusnet.net/crypto/archive/scott/ MY Compression Page http://members.nbci.com/ecil/compress.htm **NOTE FOR EMAIL drop the roman five *** Disclaimer:I am in no way responsible for any of the statements made in the above text. For all I know I might be drugged or something.. No I'm not paranoid. You all think I'm paranoid, don't you! -- From: Tom St Denis [EMAIL PROTECTED] Subject: Sophie-Germain Primes for sale Date: Tue, 12 Jun 2001 21:19:54 GMT Made you look. No seriously *free* SG primes are at my website http://tomstdenis.home.dhs.org/primes.txt A SG prime is of the form p = 2q + 1, where q itself is prime and of course p mod 4 = 3. They are useful for DH and other DLP quests. Since they are SG all bases (other than trivial ones) generate a group of order q which for some of the primes is huge. How to read the list? (size in bits) p==digits so (1024) p==1460030136858689905633918046800667131280181317311313833593791824930185113 6348768360708424001573886964262443996309806738655987368721064584308025706111 6036949438982968995332694598033744487708557681139725773222031612812763129935 3164025680222964658192849043699670677857470257248695463297505596077769310893 41764287 Is a 1024 bit SG prime. I am building up the list with larger and large primes. And yes FYI I live a very sheltered life. -- Tom St Denis --- http://tomstdenis.home.dhs.org -- From: Tim Tyler [EMAIL PROTECTED] Subject: Re: IV Reply-To: [EMAIL PROTECTED] Date: Tue, 12 Jun 2001 21:18:16 GMT Cristiano [EMAIL PROTECTED] wrote: : Tim Tyler [EMAIL PROTECTED] wrote: : Cristiano [EMAIL PROTECTED] wrote: : : I want to encrypt a file of L bytes with a block cipher in CBC mode : : (like RC6 or Rijndael). : : For speed reasons I read N bytes at time (N1024) and then I encrypt : : this block. : : Every N bytes I use the IV to XORing the firsts 16 bytes of plain text. : : Is there some weakness in this way? : Very possibly. If I understand correctly, you are using the same IV and : the same key - effectively starting again every N bytes, in order to : get speed (through parallelism?). [...] : That means identical plaintexts (at those offsets) will result in : identical cyphertexts. : Yes. [...] could you tell me if is there any weakness in my method? The fact that identical plaintext blocks (every N bytes
Cryptography-Digest Digest #599
Cryptography-Digest Digest #599, Volume #13 Wed, 31 Jan 01 21:13:00 EST Contents: Re: On combining permutations and substitutions in encryption (Mok-Kong Shen) Re: Most secure code for US Citizen. (Bill Unruh) strange code ("klaus hoepner") Re: fast signing ("Joseph Ashwood") Re: fast signing ("Joseph Ashwood") Re: fast signing (Paul Rubin) AIM roasting as encryption? (F83kskl3p) Re: AIM roasting as encryption? (Bill Unruh) Re: On combining permutations and substitutions in encryption (John Savard) Re: fast signing ("Joseph Ashwood") Re: AIM roasting as encryption? ("Joseph Ashwood") Re: Most secure code for US Citizen. (Splaat23) Re: fast signing (Paul Rubin) Re: AIM roasting as encryption? (John Myre) Re: More About Passwords (David Hopwood) Re: fast signing (David Hopwood) Re: AES and randomness (David Hopwood) Re: MIKE - alternative to SPEKE and PAK ("Michael Scott") From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: On combining permutations and substitutions in encryption Date: Thu, 01 Feb 2001 00:11:57 +0100 "Douglas A. Gwyn" wrote: Mok-Kong Shen wrote: ... BTW, in this point, associations with 'fuzzy logic' and 'naive physics' come to mind. But I don't believe analogous stuffs would ever be accepted by the crypto community. ? "Fuzzy logic", despite the name, is an exact mathematical discipline. (I haven't heard of "naive physics".) There was no implication of any valuation. My guess is that applying stuffs in direction of fuzzy logic wouldn't be much appreciated in the field of crypto, where one wants in general to have fairly exact numerical quantities, not wide ranges, not to say something 'estimated'. Naive physics deals with 'qualitatitive' matters for deduction and is a tiny (in my view not very successful/accepted) subfield of AI. M. K. Shen -- From: [EMAIL PROTECTED] (Bill Unruh) Subject: Re: Most secure code for US Citizen. Date: 31 Jan 2001 23:11:08 GMT In 95a4kn$87m$[EMAIL PROTECTED] Splaat23 [EMAIL PROTECTED] writes: ]What are you talking about? He didn't ask for perfect security, just ]the current best! I'll admit the context of this encryption is not ]known, but you don't need to jump on the man... And I told him the "best"-- a one time pad. It is provably secure. Nothing else is. Now he may have other constraints-- eg he cannot exchange the pad in a secure way. Then some other system must balance the loss of security against the other requirements. Ie, what is best depends on your requirements. There is not absolute standard. He never told us his requirements. Security is a balance. And if he does not know that, then he should, or he will make a complete messup of his use of the encryption. ]- Andrew ]In article 959tlp$hi9$[EMAIL PROTECTED], ] [EMAIL PROTECTED] (Bill Unruh) wrote: ] In 959lkv$pd2$[EMAIL PROTECTED] Michael Robbins ][EMAIL PROTECTED] writes: ] ] Pardon my naivate, I guess you guys will give me the straight dope. ] ] Where can I get the most secure encryption code (C/C++). ] ] No such thing, Unless you want to use a one time pad. But that ]requires ] and external source of random stuff, and requires you to securely ] exchange it with your counterpart. ] ] If you told us what you were doing we might be of more help. As it is ] your request makes little sense. ] -- From: "klaus hoepner" [EMAIL PROTECTED] Subject: strange code Date: Thu, 1 Feb 2001 00:10:13 +0100 A friend found a letter of ?codes? in his place. Can somebody help me ? 1-1=start 1-2=R4Y.43 1-3=HXY.41 1-4=7XY.4. 1-5=K6M.4Z 2-1=T63.4V 2-2=KZM.4X 2-3=7ZM.4V 2-4=?6CS36 2-5=94WS37 3-1=KXWS36 3-2=7XWS34 3-3=HN3S3Y 4-1=965Q3Y 4-2=HGPQ3Y 4-3=7G5Q3S 4-4=WQFZ3S 4-5=5NFZ3S 5-1=FDYZ3S 5-2=PDFZ24 5-3=F4PG2. 5-4=M45Z23 5-5=YZMG2Y 6-1=PZMZ24 6-2=CQCQ2W 6-3=54WQ2? 7-1=MXWQ2Y 7-2=W4M614 7-3=M43Q2Y 7-4=WXMQ2V 7-5=4Z5S13 7-6=.2Y.17 8-1=SLF.1. 8-2=.VYJ1Y 8-3=8BF.1Y 8-4=J2PJ1V 8-5= 6LP.1Z 8-6=ZV5.1X 9-1=SSP.1Z 9-2=ZJFS.6 9-3=Q.Y8.3 9-4=JVCS.4 9-5=SVWS1S 9-6=.23S.3 10-1=Q2M8.Y 10-2=.SM8.W 10-3=883S.W 10-4=BJC..T 10-5=L.WJ?7 10-6=B8W..W 10-7=4BYZ.T 10-8=XL5Z?5 11-1=LL5Z?3 11-2=XSPG?? 11-3=NS5Z?2 11-4=X.FQ?1 11-5=2.FQ?Z 11-6=B8FQ?W 11-7=28FQ?V 11-8=DLMQ?X 12-1=L2MQ?Y 12-2=BBMQ?T 12-3=483QZ3 12-4=J47ZZ4 12-5=Q4RZZ7 12-6=GX7ZZ1 12-7=9Y9.Z? 12-8=H5K.Z1 -- From: "Joseph Ashwood" [EMAIL PROTECTED] Subject: Re: fast signing Date: Wed, 31 Jan 2001 15:18:00 -0800 "Paul Rubin" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... I'm afraid your requirements still don't make any sense to me. The requirements are quite simple. 20 times faster than DSA (or as close as possible), verification does not imply ability to forge. All the other requirements wil
Cryptography-Digest Digest #599
Cryptography-Digest Digest #599, Volume #11 Fri, 21 Apr 00 17:13:01 EDT Contents: Re: New version of MIRACL ("Joseph Ashwood") Re: The Illusion of Security (Tom St Denis) Re: New version of MIRACL ("Dann Corbit") Re: New version of MIRACL ("Joseph Ashwood") Re: The Illusion of Security ("Joseph Ashwood") Re: Sophie-Germain and ElGamal ("Joseph Ashwood") Re: password generator ("Joseph Ashwood") Re: papers on stream ciphers ("Joseph Ashwood") Re: The Illusion of Security (Tom St Denis) Re: Sophie-Germain and ElGamal (Tom St Denis) From: "Joseph Ashwood" [EMAIL PROTECTED] Subject: Re: New version of MIRACL Date: Fri, 21 Apr 2000 13:08:14 -0700 And it still gives far too many warnings to be usable on my system. Let me compile it and give you the current count, 57, that's right 5 followed by 7. And they're stupid things that should be fixed, but without proper documentation can't be fixed by me. Now let me compile Miracl, and the current count is: 0. I think I'd rather use Miracl. Add to this that I've never had a problem with Miracl, either with correctness, speed, stability, etc, and I think you'll understand why I use it (someday I'll even buy a license). Joe "Tom St Denis" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Dann Corbit wrote: "Tom St Denis" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Dann Corbit wrote: "Tom St Denis" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Dann Corbit wrote: One of my favorite toys just got updated: http://indigo.ie/~mscott/ Definitely worth a look. ;-) Not to steal the fame, but I like MPI better, and by all means for the others "try both :)". I have not tried MPI. I would like to hear more about it. Is it integer only, or does it have rational or floating point approximations? Is it portable to many platforms? (I play around on many different systems and compilers so I need something very portable). What sort of restrictions are there to the distribution? What is the homepage URL? It's a large int only, but it's quite well put together, it's by Michael Frombeger and it is at: http://linguist.dartmouth.edu/~sting/mpi/ It's very portable, simple to use and relatively small. Tried it. Wants GCC and UNIX environments. Even withing GCC, several non-portable assumptions are made: bash-2.02$ make The following targets can be built with this Makefile: libmpi - arithmetic and prime testing library tests- test drivers (requires MP_IOFUNC) tools- command line tools doc - manual pages for tools clean- clean up objects and such distclean- get ready for distribution dist - distribution tarball bash-2.02$ make libmpi /usr/bin/perl make-logtab logtab.h /usr/bin/perl: not found make: *** [logtab.h] Error 127 bash-2.02$ make tests gcc -ansi -pedantic -Wall -O3 -c mpi.c mpi.c: In function `s_mp_tovalue': mpi.c:3488: warning: ANSI C forbids braced-groups within expressions mpi.c: In function `s_mp_todigit': mpi.c:3533: warning: ANSI C forbids braced-groups within expressions mpi.c: In function `s_mp_outlen': mpi.c:3550: `s_logv_2' undeclared (first use in this function) mpi.c:3550: (Each undeclared identifier is reported only once mpi.c:3550: for each function it appears in.) mpi.c:3552: warning: control reaches end of non-void function make: *** [mpi.o] Error 1 bash-2.02$ make tools gcc -ansi -pedantic -Wall -O3 -c mpi.c mpi.c: In function `s_mp_tovalue': mpi.c:3488: warning: ANSI C forbids braced-groups within expressions mpi.c: In function `s_mp_todigit': mpi.c:3533: warning: ANSI C forbids braced-groups within expressions mpi.c: In function `s_mp_outlen': mpi.c:3550: `s_logv_2' undeclared (first use in this function) mpi.c:3550: (Each undeclared identifier is reported only once mpi.c:3550: for each function it appears in.) mpi.c:3552: warning: control reaches end of non-void function make: *** [mpi.o] Error 1 bash-2.02$ make doc make: `doc' is up to date. bash-2.02$ I fixed the path, and GNU's perl was unable to create the include file. I changed the define to use log calls instead of a table, and it still fails to compile. Quite frankly, I don't think it holds a candle to MIRACL or FreeLip, for that matter. However, for whatever UNIX platform it was built on, I'm sure it does an adequate job. That's because you don't know how to use your tools. In three seconds I can compile mpi.c to mpi.o with GCC. True you have to configure it (i.e not use the logtab) but after that one minor change
Cryptography-Digest Digest #599
Cryptography-Digest Digest #599, Volume #10 Sat, 20 Nov 99 17:13:04 EST Contents: Re: technical writing skills required! (William Rowden) Re: Distribution of intelligence in the crypto field (Jerry Coffin) Re: ATTN Scott Nelson (CoyoteRed) Re: Apparently, Hushmail does work (Ian Wehrman) Re: AES cyphers leak information like sieves (wtshaw) Re: AES cyphers leak information like sieves (wtshaw) Re: AES cyphers leak information like sieves (wtshaw) Re: What part of 'You need the key to know' don't you people get? (SCOTT19U.ZIP_GUY) Re: AES cyphers leak information like sieves (Lincoln Yeoh) Re: AES cyphers leak information like sieves (Lincoln Yeoh) Re: Distribution of intelligence in the crypto field (wtshaw) Re: AES cyphers leak information like sieves (wtshaw) Re: ATTN Scott Nelson (Scott Nelson) Re: Bracking RSA Encryption. Is it possible. (wtshaw) From: William Rowden [EMAIL PROTECTED] Subject: Re: technical writing skills required! Date: Sat, 20 Nov 1999 18:08:07 GMT In article 814ded$8gb$[EMAIL PROTECTED], Tom St Denis [EMAIL PROTECTED] wrote: In article [EMAIL PROTECTED], Medical Electronics Lab [EMAIL PROTECTED] wrote: [snip] Your best bet is to write up sections and post them here for comments. I think that's a good idea. Posting short sections in a single thread would make comments easy to find, and edits easy to suggest using the Usenet quote-response convention. "Practice makes perfect", so start practicing. The skills you learn will include writing, learning (because you learn more when you try to explain things) and politics (because you have to deal with criticism). Dealing with criticism can be difficult. The noise (name-calling, arrogance, swearing, etc.) and flames of some when challenged attest to this. A few posters in sci.crypt only recently received a reprieve from my killfile. (Though I doubt they know or care.) Well the general idea was that I would be writing it, but I wanted to have a list of contactees I could get to incase I got stuck. Those who post a response can be your "contactees." You already know my *real* email address. -- -William SPAM filtered; damages claimed for UCE according to RCW19.86 PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2000-08-01 Fingerprint: FB4B E2CD 25AF 95E5 ADBB DA28 379D 47DB 599E 0B1A Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] (Jerry Coffin) Subject: Re: Distribution of intelligence in the crypto field Date: Sat, 20 Nov 1999 11:20:07 -0700 In article [EMAIL PROTECTED], [EMAIL PROTECTED] says... [ ... ] See? Echelon is our friend ;) I'm in Sweden - I hardly believe the NSA has a black van outside my apartment. At least in theory, you're a lot MORE likely to have an NSA van outside your apartment in Sweden than I am here in the US. I, OTOH, live about halfway between NORAD's headquarters and Falcon Air Force Base, which is dedicated to working with Air Force (spy) satellites. I'm _sure_ nobody has any sort of listening equipment around here... G -- Later, Jerry. The universe is a figment of its own imagination. -- From: [EMAIL PROTECTED] (CoyoteRed) Subject: Re: ATTN Scott Nelson Date: Sat, 20 Nov 1999 18:35:47 GMT Reply-To: this news group unless otherwise instructed! So I take it we have a workable scheme to generate/capture really really random numbers on a common desktop machine without any exotic hardware? BTW: Another signal test that we would have to test for is clipping. Any clipping would destroy our randomness in a blink. This kind of sounds like a form of encryption, also. SHA1 a passphrase to get a x bit hash (60, 128, 256 bits, or whatever is strong), distill this down to 7 bits and with this number to do a ROT[7 bit variable] (or something) on the first character of your message and grab that digit as your ciphertext for your first character. Add the first plaintext character of your message to your passphrase and then SHA1 /that/ and distill to get the variable for your ROT[7 bit variable] for the next character in your plaintext and continue... ANY mistake, that an attacker makes, results in jibberish. For each character, your cipher stream in dependant on everything that came before it. You'll have a unique cipher stream for every message/passphrase combination. It just seems too simple to be secure, though. -- CoyoteRed CoyoteRed at bigfoot dot com http://go.to/CoyoteRed PGP key ID: 0xA60C12D1 at ldap://certserver.pgp.com -- From: Ian Wehrman [EMAIL PROTECTED] Subject: Re: Apparently, Hushmail does work Date: Sat, 20 Nov 1999 13:42:44 -0600 http://www.hushmail.com/faq.htm#publickey 45. How can it be proved that the HushMail system is actually secure? Team Hush is currently
Cryptography-Digest Digest #599
Cryptography-Digest Digest #599, Volume #9 Wed, 26 May 99 17:13:02 EDT Contents: Re: Oriental Language Based Encryption (Patrick Juola) Re: Review of Scottu19 (Thomas Pornin) Re: non-computerized cryptography (David Eppstein) Hot on the heels of hushmail (fungus) Re: Why would a hacker reveal that he has broken a code? (Johnny Bravo) Re: block ciphers vs stream ciphers (John Savard) Re: A question on congruential algebra ([EMAIL PROTECTED]) Re: Oriental Language Based Encryption (John Savard) Re: NSA proves banks use poor crypto (John Savard) Unix Crypt (Michael Ghens) Re: Why would a hacker reveal that he has broken a code? (SCOTT19U.ZIP_GUY) Re: RFC1321 (MD-5) - any problems? ([EMAIL PROTECTED]) Re: Review of Scottu19 (SCOTT19U.ZIP_GUY) Re: Why would a hacker reveal that he has broken a code? (John Savard) Re: Give up; Scott is the unflappable undead. (wtshaw) Re: NSA proves banks use poor crypto (SCOTT19U.ZIP_GUY) From: [EMAIL PROTECTED] (Patrick Juola) Subject: Re: Oriental Language Based Encryption Date: 26 May 1999 13:38:06 -0400 In article [EMAIL PROTECTED], Mok-Kong Shen [EMAIL PROTECTED] wrote: Patrick Juola wrote: Encoding based on linguistic units has a rather serious problem of leaving a lot of (redundant) structure in the text. Just take several pages of an English dictionary, if you assign some 4 digits of numbers (consecutively in each page), and take some coded words, if you scramble a little bit, do you think you can get something of the sort of frequency (of the digits) useful to you? I'm sorry, I didn't really understand the question you asked. My understanding : I replace all words in an English text (it doesn't really have to be a dictionary) with sort of opaque symbol, then diffuse the symbols around via some sort of transposition cypher, and then you ask what I can get out of this? Answer : probably plenty. First, we know enough about English word frequency that I can probably sort your message into function and content words fairly simply. In plainer speech, I can detect all the so-called 'little words' like the, of, and, if, by, and so forth. A few minutes to days work with a computer and I can probably come up with a probable part of speech for every symbol in the text. With a little bit of clever guessing about what the subject of the text is -- oh, that's right, you've already *told* me it was a dictionary 8-) -- I probably can match the content words (the nouns and verbs) and their parts of speech to their expected frequencies and come up with a surprisingly good reconstruction of the message. -kitten -- From: [EMAIL PROTECTED] (Thomas Pornin) Subject: Re: Review of Scottu19 Date: 26 May 1999 18:07:31 GMT According to SCOTT19U.ZIP_GUY [EMAIL PROTECTED]: If one can't read and understand C Actually, many people consider that C code that does not produce the same result, depending on the endianness of the target machine or the size of the integer types, does not deserve to be called 'C code'. At least it has an 'undefined' behaviour in ANSI-C. You may do what you want but code that relies on the special implementation of C on a particular machine is very difficult to read (especially for people who produce portable code, and who have learned not to rely on endianness or 32-bit long integer). Moreover, it is often considered that if an algorithm cannot be expressed in English with complete and unambiguous schematics, then it is not worth considering. Therefore you will not get public attention unless you make the effort to document clearly your algorithm. Writing documentation is not as fun as coding but it must be done. Anyway, it is up to you. --Thomas Pornin -- From: [EMAIL PROTECTED] (David Eppstein) Subject: Re: non-computerized cryptography Date: 26 May 1999 11:26:28 -0700 [EMAIL PROTECTED] (John Savard) writes: If you mean, "are papers being published in the recognized academic literature, proposing pencil-and-paper ciphers which are secure by today's standards of cryptosecurity", the answer is no, even though such ciphers are not actually impossible to devise. Schneier's Solitaire (http://www.counterpane.com/solitaire.html) doesn't count? Ok, bestselling novels are not usually considered recognized academic literature...and it's not just pencil and paper, you also need a deck of playing cards. -- David Eppstein UC Irvine Dept. of Information Computer Science [EMAIL PROTECTED] http://www.ics.uci.edu/~eppstein/ -- From: fungus [EMAIL PROTECTED] Subject: Hot on the heels of hushmail Date: Wed, 26 May 1999 19:55:02 +0200 A new service called ziplip has just appeared. http://www.ziplip.com/ It's a variation on Hushmail but uses private keys - you have to agree on a key with the recipient. It h