Cryptography-Digest Digest #648
Cryptography-Digest Digest #648, Volume #13 Wed, 7 Feb 01 07:13:01 EST Contents: Re: Universal Maurer-Test ([EMAIL PROTECTED]) Re: CipherText patent still pending (Mok-Kong Shen) Re: Phillo's alg is faster than index calculus (Mok-Kong Shen) Re: Pseudo Random Number Generator (Mok-Kong Shen) Re: On combining permutations and substitutions in encryption (Mok-Kong Shen) Re: File encryption with Rijndael Re: On combining permutations and substitutions in encryption (Benjamin Goldberg) Re: Questions about Diffie-Hellman ([EMAIL PROTECTED]) Re: Encrypting Predictable Files (Benjamin Goldberg) Re: Encrypting Predictable Files (Benjamin Goldberg) From: [EMAIL PROTECTED] Subject: Re: Universal Maurer-Test Date: Wed, 07 Feb 2001 10:58:50 GMT The NIST implementation automatically calculates an adequate value for L. Download the file sts-1.4.zip from http://csrc.nist.gov/rng/rng2.html Should anyone be interested, I also have a Delphi implementation at http://www.streamsec.com/prngtst.asp In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote: > Hello, > > has anyone a C oder C++ implementation of the > "Universal Statistical Test for Random Bit Generators" > (Ref.: J. Cryptology Vol. 5, No. 2, 1992, pp. 89-105) > of Ueli Maurer for different values L > of the blocksize. > > I have found an implementation for L=8, but > no for an arbitrary L. > > Thanks, > Bernhard Loehlein > > Sent via Deja.com http://www.deja.com/ -- From: Mok-Kong Shen <[EMAIL PROTECTED]> Subject: Re: CipherText patent still pending Date: Wed, 07 Feb 2001 12:31:59 +0100 Bryan Olson wrote: > [snip] > Hard to believe you are looking at the same world as am I. > There's a huge need, and call, for crypto research. But a new > symmetric cipher not known to be secure or insecure just makes > a large pile bigger. Remember that I was answering affimatively to your third question. We were considering ciphers proposed to this group which are mostly (I would say all, though some would protest against my view for very understandable reasons) done in the sense of excercise for purposes of learning as you observed. That also explains why one extremely rarely sees in the group names of authors who publish in high-grade crypto journals. Yes, the pile gets bigger. But don't you see that at schools the pupils are continuing to write compositions (after you have left school)? Should they stop writing?? It may be noted that there is a parallel (monitored) group sci.crypt.research which is supposed to be a forum for research stuffs. Since you apparently pose a rather high standard on materials you read, I warmly recommend you to switch to that group, thus saving you your precious time to read much beginner level stuffs that inevitably contain lots of shaffs or even nonsenses. Those others who think that beginners could occassionally present some interesting or even fairly useful/novel ideas and have sufficient patience to earnestly discuss with people at levels of knowledge not as eminent and exquisite as themselves should however remain here in our group, I urge. M. K. Shen === http://home.t-online.de/home/mok-kong.shen -- From: Mok-Kong Shen <[EMAIL PROTECTED]> Subject: Re: Phillo's alg is faster than index calculus Date: Wed, 07 Feb 2001 12:32:04 +0100 [EMAIL PROTECTED] wrote: > [snip] > So what do you think? After you have apparently spend quite a bit of 'thinking', I recommend you to do an excercise on a real-life example to see how easy or difficult it is to do that computation and eventually compare with other methods, instead of 'extrapolating' from a toy example through merely a 'thought' process. (Don't argue too long about the quality of an apple pie, taste it.) Please let us know, after you have good success. M. K. Shen -- From: Mok-Kong Shen <[EMAIL PROTECTED]> Subject: Re: Pseudo Random Number Generator Date: Wed, 07 Feb 2001 12:32:08 +0100 Bryan Olson wrote: > > Mok-Kong Shen wrote: > > Bryan Olson wrote: > > > Mok-Kong Shen wrote: > > > > > > What can be proved is the following: > > > > > > > > For m non-degenerate independent integer random variables > > > > over [0,n-1] their sum mod n approaches a uniform random > > > > variable as m increases. If one of the random varaible is > > > > uniform, then any value of m results in a uniform random > > > > variable. > > > > > > Counterexample: Lent n = 49, and the distribution of each > > > variable be uniform over the 42 integers in [1..48] that are > >
Cryptography-Digest Digest #648
Cryptography-Digest Digest #648, Volume #12 Sun, 10 Sep 00 17:13:00 EDT
Contents:
Re: could you please tell me how this calculation has been obtained ? ("Paul Pires")
Re: RSA Patent -- Were they entitled to it? (Terry Ritter)
Re: Ciphertext as language ("Abyssmal_Unit_#3")
Dangerous holiday reading? ("Matthew Bloch")
Re: RSA Patent -- Were they entitled to it? ("Paul Pires")
Re: Ciphertext as language (Mok-Kong Shen)
Re: Dangerous holiday reading? (Quisquater)
Re: Dangerous holiday reading? (Paul Rubin)
Re: Camellia, a competitor of AES ? (Hideo Shimizu)
Re: Ciphertext as language (wtshaw)
Re: Ciphertext as language (wtshaw)
Re: RSA Patent -- Were they entitled to it? (Mok-Kong Shen)
Re: Known Plain Text Attack ([EMAIL PROTECTED])
Re: Scottu19 Broken (John Savard)
Re: Dangerous holiday reading? (Mok-Kong Shen)
Re: Losing AES Candidates Could Be a Good Bet? ("Brian Gladman")
Re: RSA Patent -- Were they entitled to it? (Roger Schlafly)
OutLook Express & SMIME ("Michael Scott")
From: "Paul Pires" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: could you please tell me how this calculation has been obtained ?
Date: Sun, 10 Sep 2000 12:11:48 -0700
nym_test wrote in message
news:[EMAIL PROTECTED]...
> -BEGIN PGP SIGNED MESSAGE-
>
> IMO jungle will not get answers for questions he did ask.
I thought it was obvious. He assumed a number pulled from a press release
was the product of a calculation rather than a gastro-intestinal operation.
Paul
>
> My estimates from what I know are : we have not more than 100k users.
> The active number of users could be half of the above provided number,
> 50,000 worldwide.
>
> On Thu, 7 Sep 2000, Lronscam <[EMAIL PROTECTED]> wrote:
> >The addy of [EMAIL PROTECTED]=NOSPAM, In article ID
> ><[EMAIL PROTECTED]>, On or about Thu, 07 Sep 2000 07:13:40
> >GMT,
> >
> > Arturo says...
> >
> >>On Thu, 07 Sep 2000 16:37:05 +1200, Michael Brown
> >><[EMAIL PROTECTED]>
> >>wrote:
> >>
> >>>I'd guess it'd be based somehow on the number of public keys on
> >>>keyservers. That's how I would do it.
> >>>jungle wrote:
> >>>>
> >>>> hi mike,
> >>>>
> >>>> in the recent [ 25 aug ] ap article by peter svensson, he is writing,
> >>>> wallach said, that pgp is used by 7 million people ...
> >>>>
> >>>> could you please tell me how this calculation has been obtained ?
> >>>> how accurate this number is ?
> >>>>
> >> I have heard some numbers (from servers in Spain, Holland and the US),
> >>and the number of PGP keys in keyservers is about 1 million. Where did the
> >>other 6 million go?
> >
> >And if there are only 1 million keys on the public key servers then you
> >know that there are less people using PGP. How many people have only one
> >key?
> >
> >I doubt you will get an answer Jungle.
> >
> >This sounds like big business to me lying as usual about how many people
> >they have using their product. AOL does it, and I know of several other
> >business doing just that to promote themselves as #1, so why shouldn't
> >PGP do it?
> >
> >Being a commercial enterprise does have its weak points at times.
>
>
> ~~~
> This PGP signature only certifies the sender and date of the message.
> It implies no approval from the administrators of nym.alias.net.
> Date: Sun Sep 10 11:16:04 2000 GMT
> From: [EMAIL PROTECTED]
>
> -BEGIN PGP SIGNATURE-
> Version: 2.6.2
>
> iQEVAwUBObttdk5NDhYLYPHNAQGcewf/T+01o/afpFdWp8Sl67V2TBZB1Ls0iwdT
> 3OIZ/V/cOzcDtJ9VPmpfbhR7HSJTO+n/ZecFomQidV2cKTRuM60FSgWbhq/mY0hG
> 5aDCTzRZJPNHpiqomZH5mDvO9sJA3oYMwSlzeg6gWBtKCyRTKR/deXNUR4eRYhpF
> 7Z1sDy4n3g00Z4paznLSkJuiZfqnzVCTImXO7OZ90kxcNbacTvLURSV+IyJeJb2C
> tLakgDUFxdb7TML5fBWz/3oofiT5d58JSU/NyhJ8kZiC6kjAlFel3aRxKnjH2y1i
> z8YcSvQPC/a/FnV1Eysn+0HL/nEKe9/+BAR1k0nxcoTYiq2YMwTEKQ==
> =snl2
> -END PGP SIGNATURE-
>
>
>
>
>
>
>
>
>
>
--
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: RSA Patent -- Were they entitled to it?
Date: Sun, 10 Sep 2000 19:18:37 GMT
On 10 Sep 2000 13:40:15 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (DJohn37050) wrote:
>My understanding (I am no lawyer) is that the Univac patent on digital
>computation was broken by IBM by discovering prior work by Atanasoff (sp?) in
>this area. There was a SCIAM article on thi
Cryptography-Digest Digest #648
Cryptography-Digest Digest #648, Volume #11 Thu, 27 Apr 00 18:13:01 EDT
Contents:
Re: The Illusion of Security (Diet NSA)
Re: Looking for a *simple* C Twofish source ([EMAIL PROTECTED])
Re: The Illusion of Security (Diet NSA)
Re: Career Opportunities @ Cloakware ("Trevor L. Jackson, III")
Some details about Cloakware (was Re: Career Opportunities @ Cloakware) (Stanley
Chow)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Tim Tyler)
Re: The Illusion of Security (Diet NSA)
Re: Secret splitting for kids' treasure hunt (Stefan Schlott)
Re: What came of it? (Arthur Dardia)
Re: The Illusion of Security (Diet NSA)
Re: new Echelon article ("Douglas A. Gwyn")
Re: papers on stream ciphers ("Douglas A. Gwyn")
Re: papers on stream ciphers (David A. Wagner)
Subject: Re: The Illusion of Security
From: Diet NSA <[EMAIL PROTECTED]>
Date: Thu, 27 Apr 2000 13:15:14 -0700
In article <[EMAIL PROTECTED]>, Tom St Denis
<[EMAIL PROTECTED]> wrote:
>Take factoring for example. Been worked on for 1000s of years,
and we
>still can't factor as fast as one would want to. Like nobody
will
>really find the factors for [snip]
>before I am long since dead. So there are problems that are
just plain
>hard.
>
Actually, there is no public proof that factoring is hard.
Anyways, the problem of factoring in polynomial time has already
been solved theoretically by Peter Shor. His solution, a famous
quantum factorization algorithm, might be implemented during your
lifetime in a large & robust enough way to be relevant for
crypto.
" V hfdt afogx nfvw ufo axb (o)(o) " - Gtnjv
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
--
From: [EMAIL PROTECTED]
Subject: Re: Looking for a *simple* C Twofish source
Date: Thu, 27 Apr 2000 20:07:41 GMT
My case is not at all exotic.
I wish I could use GNU or any other fancy tool but I can't. There are
a lot of microcontrollers out there with very basic C compilers, which
often do not even claim to be ANSI compliant.
- Pointers cause trouble.
- If I cannot define two dimensional arrays, I can split those into two
one-dimensional arrays.
- I cannot afford hundreds of precious RAM bytes for lookup tables. I
can solve that by calling a table entry calculation whenever I need it.
- Complex arithmetic expressions will have some compilers complain or
even produce incorrect code. I can cut those into shorter expressions.
Following Frog's suggestion I've started doing all that on brian
gladman's code, in an effort to make it compile. After about five
hours of simplification I am probably over most of the trouble, but so
much RAM is lost for the compiler (which used it for its own needs) I
have run out of space. It takes a lot of temporary variables to
perform long integer arithmetic. And since brian's implementation was
intended for performance evaluation of AES candidates, I suspect I am
riding the wrong horse here. I don't mind if a block encryption takes
me 50ms - I couldn't care less.
I see your point about Twofish being an engineer's encryption
algorithm, but thousands of programmers will need to integrate it into
their systems at some point, wouldn't they ? whether it's an
engineer's encryption or a marine biologist's encryption, I think it
should come with a pseudo-code listing.
-Al.
In article <8e577t$6v9$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Hello,
>
> I'll be happy to hear from anyone who knows of a
> freely available, simple, minimal C
> implementation of Twofish.
>
> By simple I mean: not using pointers, or long and
> complex one-line arithmetic expressions. I am
> trying to make it work on a limited and sometimes
> buggy embedded C compiler.
>
> It does not have to be optimized for anything.
>
> Thank you,
> -Al.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
--
Subject: Re: The Illusion of Security
From: Diet NSA <[EMAIL PROTECTED]>
Date: Thu, 27 Apr 2000 13:28:05 -0700
In article <[EMAIL PROTECTED]>, Mike Kent <[EMAIL PROTECTED]>
wrote:
>Hmm, I think we can, we just don't yet. When some bright person
>proves P != NP and we see NP-hard crypto, I think it will be
>fair
>to say this is strong, really.
>
>
No one knows if P != NP can even be proven, so "when some bright
person proves P != NP" may be never. Even if it were proven I
don't see how such a proof would automatically lead to NP-hard
crypto. (N
Cryptography-Digest Digest #648
Cryptography-Digest Digest #648, Volume #10 Mon, 29 Nov 99 15:13:02 EST
Contents:
Re: Peekboo Ideas? (Medical Electronics Lab)
Re: Random Noise Encryption Buffs (Look Here) (Tom St Denis)
Re: Elliptic Curve Public-Key Cryptography (jerome)
Re: Random Noise Encryption Buffs (Look Here) (Guy Macon)
Re: Random Noise Encryption Buffs (Look Here) (Tim Tyler)
Re: "The Code Book" challenge update (Tim Tyler)
Re: smartcard idea? (Guy Macon)
Re: Use of two separate 40 bit encryption schemes ("tony.pattison")
Re: Use of two separate 40 bit encryption schemes ("tony.pattison")
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: Peekboo Ideas?
Date: Mon, 29 Nov 1999 12:31:23 -0600
Tom St Denis wrote:
>> I do have one question: How do I implement human-readble message
> signatures when things like email and usenet will reformat/addspaces?
> Do I just discount spaces or something? How does PGP do it?
Stripping "white space" is perfectly ok to compute the hash of
a message. Remove tabs, spaces and new-lines. That gives you
pure text pretty much. You may want to remove all control characters,
in case there are form feeds added or whatever.
Warn people tho, in case spacing is important, they should fill
lines with to make sure things are in the right columns.
Patience, persistence, truth,
Dr. mike
--
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: Mon, 29 Nov 1999 18:46:17 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> > If I took two exact copies [leave the copying theory behind here] of
> > an atom, and placed them in two exact same environments. Would they
> > not decay the same way? If so, that's hardly random at all.
>
> The simple answer is, no, two identically prepared quantum systems,
> constrained as tightly as nature allows, need not evolve along the
> same path.
>
That's like saying each time you went back in time [the exact same
time] you would observe a different state. Which means a atom can
never be in one state at any time. Kinda like an omni-state..
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (jerome)
Subject: Re: Elliptic Curve Public-Key Cryptography
Reply-To: [EMAIL PROTECTED]
Date: Mon, 29 Nov 1999 18:57:58 GMT
so to sum up, there is no proof of difficulty on both side (ecc or modp(aka
multiplicative group over a finite field)).
ecc has been studied since 15 years and modp since 20years.
On Mon, 29 Nov 1999 16:30:07 GMT, Bruce Schneier wrote:
>(This is reprinted from the November Crypto-Gram newsletter.)
>
>
>In September of this year, nearly 200 people using 740 computers
>managed to crack a message encrypted with 97-bit elliptic curve
>cryptography. The process took 16,000 MIPS-years of computing, about
>twice as much as used by the team that recently cracked a 512-bit RSA
>encryption key. Certicom, the company who sponsored this challenge,
>has offered this result as evidence that elliptic curve cryptography
>is stronger than RSA.
>
>Let's take a look at this claim a little more closely.
>
>All public-key algorithms, whether for key exchange, encryption, or
>digital signatures, are based on one of two problems: the factoring
>problem or the discrete logarithm problem. (There are other
>algorithms in academic circles, but they're too unwieldy to use in the
>real world.) The security of RSA comes from the difficulty of
>factoring large numbers. Strong RSA-based systems use 1024-bit
>numbers, or even larger.
>
>The security of most other public-key algorithms -- ElGamal, DSA, etc.
>-- is based on the discrete logarithm problem. The two problems are
>very similar, and all of the modern factoring algorithms can be used
>to calculate discrete logarithms in the multiplicative group of a
>finite field. To a rough approximation, factoring a number of a
>certain size and calculating the discrete logarithm of numbers the
>same size takes the same amount of work. This means that for a given
>key size, RSA, ElGamal, DSA, etc. are approximately equally secure.
>(This isn't strictly true, but it's a good enough approximation for
>this essay.)
>
>All of these algorithms require the use of something called an
>"algebraic group." When public-key cryptography was invented, the
>algorithms were all implemented in the simplest algebraic group: the
>numbers modulo n. For example, RSA encryption is m^e mod n, and a
>Diffie-Hellman public key is g^y mod n. As it turns out, any
>a
Cryptography-Digest Digest #648
Cryptography-Digest Digest #648, Volume #9Thu, 3 Jun 99 10:13:04 EDT Contents: Cryptography FAQ (08/10: Technical Miscellany) ([EMAIL PROTECTED]) Cryptography FAQ (09/10: Other Miscellany) ([EMAIL PROTECTED]) From: [EMAIL PROTECTED] Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers Subject: Cryptography FAQ (08/10: Technical Miscellany) Date: 3 Jun 1999 14:08:55 GMT Reply-To: [EMAIL PROTECTED] Archive-name: cryptography-faq/part08 Last-modified: 94/01/25 This is the eighth of ten parts of the sci.crypt FAQ. The parts are mostly independent, but you should read the first part before the rest. We don't have the time to send out missing parts by mail, so don't ask. Notes such as ``[KAH67]'' refer to the reference list in the last part. The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto, sci.answers, and news.answers every 21 days. Contents 8.1. How do I recover from lost passwords in WordPerfect? 8.2. How do I break a Vigenere (repeated-key) cipher? 8.3. How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...] 8.4. Is the UNIX crypt command secure? 8.5. How do I use compression with encryption? 8.6. Is there an unbreakable cipher? 8.7. What does ``random'' mean in cryptography? 8.8. What is the unicity point (a.k.a. unicity distance)? 8.9. What is key management and why is it important? 8.10. Can I use pseudo-random or chaotic numbers as a key stream? 8.11. What is the correct frequency list for English letters? 8.12. What is the Enigma? 8.13. How do I shuffle cards? 8.14. Can I foil S/W pirates by encrypting my CD-ROM? 8.15. Can you do automatic cryptanalysis of simple ciphers? 8.16. What is the coding system used by VCR+? 8.1. How do I recover from lost passwords in WordPerfect? WordPerfect encryption has been shown to be very easy to break. The method uses XOR with two repeating key streams: a typed password and a byte-wide counter initialized to 1+. Full descriptions are given in Bennett [BEN87] and Bergen and Caelli [BER91]. Chris Galas writes: ``Someone awhile back was looking for a way to decrypt WordPerfect document files and I think I have a solution. There is a software company named: Accessdata (87 East 600 South, Orem, UT 84058), 1-800-658-5199 that has a software package that will decrypt any WordPerfect, Lotus 1-2-3, Quatro-Pro, MS Excel and Paradox files. The cost of the package is $185. Steep prices, but if you think your pw key is less than 10 characters, (or 10 char) give them a call and ask for the free demo disk. The demo disk will decrypt files that have a 10 char or less pw key.'' Bruce Schneier says the phone number for AccessData is 801-224-6970. 8.2. How do I break a Vigenere (repeated-key) cipher? A repeated-key cipher, where the ciphertext is something like the plaintext xor KEYKEYKEYKEY (and so on), is called a Vigenere cipher. If the key is not too long and the plaintext is in English, do the following: 1. Discover the length of the key by counting coincidences. (See Gaines [GAI44], Sinkov [SIN66].) Trying each displacement of the ciphertext against itself, count those bytes which are equal. If the two ciphertext portions have used the same key, something over 6% of the bytes will be equal. If they have used different keys, then less than 0.4% will be equal (assuming random 8-bit bytes of key covering normal ASCII text). The smallest displacement which indicates an equal key is the length of the repeated key. 2. Shift the text by that length and XOR it with itself. This removes the key and leaves you with text XORed with itself. Since English has about 1 bit of real information per byte, 2 streams of text XORed together has 2 bits of info per 8-bit byte, providing plenty of redundancy for choosing a unique decryption. (And in fact one stream of text XORed with itself has just 1 bit per byte.) If the key is short, it might be even easier to treat this as a standard polyalphabetic substitution. All the old cryptanalysis texts show how to break those. It's possible with those methods, in the hands of an expert, if there's only ten times as much text as key. See, for example, Gaines [GAI44], Sinkov [SIN66]. 8.3. How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...] Here's one popular method, using the des command: cat file | compress | des private_key | uuencode | mail Meanwhile, there is a de jure Internet standard in the works called PEM (Privacy Enhanced Mail). It is described in RFCs 1421 through 1424. To join the PEM mailing list, contact [EMAIL PROTECTED] There is a beta version of PEM being tested at the time of this w
