Cryptography-Digest Digest #658
Cryptography-Digest Digest #658, Volume #13 Thu, 8 Feb 01 13:13:00 EST Contents: Re: crack my enkryption ("Paul Pires") Re: Enigma replicas ? (Jerry Coffin) Re: PGP 2.6.3ia-cb (now supports CAST5 and BLOWFISH) (jungle) Re: Low-tech homemade crypto keycards ("Paul Pires") DSA PRG Flaw ("Pedro Félix") Re: Distributed entropy distribution ([EMAIL PROTECTED]) Re: Distributed entropy distribution (Tom St Denis) Re: relative key strength private vs public key (Tom St Denis) Re: DSA PRG Flaw (Roger Schlafly) From: "Paul Pires" [EMAIL PROTECTED] Subject: Re: crack my enkryption Date: Thu, 8 Feb 2001 09:10:14 -0800 That was a first class response. A demonstration that consideration and comunication can be powerful tools. Nice to see. Paul John A. Malley [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... neXussT wrote: hi, i'm writting an enkryption program, and would like someone to crack the enkryption. Or, if i could get my hands on a program that does it for me, that would be great too. Here is the Plaintext:"This is an encrypted file." Here is the Cyphertext:"1.262497®ÐB½9C³SÅG¶I²3´6ÁFD½Á|" (without quotes) please email me at [EMAIL PROTECTED] with questions or comments...or if you crack it :) Such enthusiasm for cryptography! That's good. Finding a ready-made program free and on-line to crack the encryption is a tall order. There are tools to aid cryptanalysis. There are ways, techniques and methods to work the problem. In fact there are different kinds of cryptanalytic problems to work (different attacks like the known-plaintext attack, the ciphertext-only attack, the chosen-plaintext attack, etc.) But you won't find a ready-made universal cracker for all ciphers :-( Here you will find people who can teach you more in the science/art of making and breaking ciphers. :-) They can point you to web sites on crypto, like (just scratching the surface here) Mr. Ritter's site at http://www.io.com/~ritter/ Mr. Savard's site at http://home.ecn.ab.ca/~jsavard/crypto.htm Mr. Peschel's site at http://members.aol.com/jpeschel/index.htm and to on-line crypto courses like (this for Classical Cryptography) http://www.fortunecity.com/skyscraper/coding/379/lesson1.htm They can point you to beginner, intermediate and advanced books and journal articles on the subjects of cryptography and cryptanalysis (which together make cryptology). They can answer questions on some of the most arcane corners of mathematics relating to cryptography and cryptanalysis. They will expect you to put in the time reading and studying the subject on your own. They are always willing to help answer questions as you make your way through the subject - but it's a journey you make with their assisting guidance - no one carries any bags for you, so to speak. And don't forget the group FAQ - Well worth the reading! The most common questions on crypto are answered therein. Including the question you posed on cracking an unknown cipher system's output. :-) Hope this helps, John A. Malley [EMAIL PROTECTED] == Posted via Newsfeeds.Com, Uncensored Usenet News == http://www.newsfeeds.com - The #1 Newsgroup Service in the World! === Over 80,000 Newsgroups = 16 Different Servers! == -- From: Jerry Coffin [EMAIL PROTECTED] Subject: Re: Enigma replicas ? Date: Thu, 8 Feb 2001 10:13:59 -0700 In article 95u366$gmg$[EMAIL PROTECTED], [EMAIL PROTECTED] says... Hi all, I was wondering if any company ever produced Enigma replicas (for us, crypto enthousiasts, and not intended to be used for secure communication, for sure ;=) ) . I am quite sure the company would sell many of them ;=) [By the way, is the Enigma in public domain, or does family of A. Schoerbius (spelling ?) still owns the patent ???] There doesn't seem to be much chance of a patent problem. First of all, it seems unlikely that a patent would have been applied for anywhere outside of Germany, so outside of Germany it never would have been protected. Second, I believe Germany's patent system has always expired patents some period of time after application, which means that the patent would long since have expired in any case. OTOH, I'm not aware of anybody who's built replicas -- the closest I've seen have been computer-based simulations. -- Later, Jerry. The Universe is a figment of its own imagination. -- Date: 8 Feb 2001 17:18:13 - From: jungle Use-Author-Address-Header@[127.1] Subject: Re: PGP 2.6.3ia-cb (now supports CAST5 and BLOWFISH) Crossposted-To: alt.security.pgp,comp.security.pgp.discuss =BEGIN PGP SIGNED MESSAGE= 08 Feb 2001 in [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: jungle wrote: I just added another
Cryptography-Digest Digest #658
Cryptography-Digest Digest #658, Volume #12 Mon, 11 Sep 00 21:13:00 EDT Contents: Re: Problem with Tiger hash algorithm and binary files (Jim Gillogly) Re: Steganography and secret sorting (Matthew Skala) Re: CAST-Cipher / CAST-Algorithm ("Brian Gladman") Re: Getting Started, advice needed (FAQs , yes I read them) ("Paul Pires") Re: RSA patent expiration party still on for the 20th (No User) Re: Request for Blind Signature API (lcs Mixmaster Remailer) Re: RSA public exponent (lcs Mixmaster Remailer) Re: Bytes, octets, chars, and characters (Paul Schlyter) Re: RSA patent expiration party still on for the 20th (No User) Re: CRC's as MAC's (Bryan Olson) For the Gurus ("root@localhost " [EMAIL PROTECTED]) Re: Getting Started, advice needed (FAQs , yes I read them) ("Scott Fluhrer") Re: Getting Started, advice needed (FAQs , yes I read them) ("Scott Fluhrer") Re: Intel's 1.13 MHZ chip (John Savard) Re: For the Gurus (Jim Gillogly) Re: MAC (David A. Wagner) Re: ExCSS Source Code (John Savard) From: Jim Gillogly [EMAIL PROTECTED] Subject: Re: Problem with Tiger hash algorithm and binary files Date: Mon, 11 Sep 2000 22:23:14 + [EMAIL PROTECTED] wrote: binary files. For example, when reading a binary file into an array, the first null character (0) encountered will terminate the string (array). Your problem is in the hash() macro: #define hash(str) tiger((byte*)str, strlen(str), res); \ You don't want strlen(str) here: you want count or i. strlen() is a string function, and terminates when it sees a '\0'. You should also look more closely at your loops: you're stepping on your string when you read it in. You shouldn't need to decrement "count" or step on your input string at all. I'd also re-write it to work in one pass -- you'll probably have to look at the tiger code to see how to do it a chunk at a time. -- Jim Gillogly Trewesday, 20 Halimath S.R. 2000, 22:16 12.19.7.9.14, 3 Ix 17 Mol, Fifth Lord of Night -- From: [EMAIL PROTECTED] (Matthew Skala) Subject: Re: Steganography and secret sorting Date: 11 Sep 2000 15:14:41 -0700 In article [EMAIL PROTECTED], Mok-Kong Shen [EMAIL PROTECTED] wrote: Transposition is one major technique of cryptography. So, if you rearrange your items in some way unknown to the opponent, you gain some security. A simple method is to use a secret seed and a PRNG to do the permutation. The recipient can inverse the permutation and get back the original stuff. Usually in transposition schemes, the permutation is determined by the key and is used to permute the message. My proposal is for steganography rather than encryption: the permutation is determined by the message instead of the key, and applied to harmless "cover" traffic. -- Matthew Skala [EMAIL PROTECTED] I'm recording the boycott industry! http://www.islandnet.com/~mskala/ -- From: "Brian Gladman" [EMAIL PROTECTED] Subject: Re: CAST-Cipher / CAST-Algorithm Date: Mon, 11 Sep 2000 23:33:03 +0100 can anyone of you send or tell me where to get a good description of the (function of the) CAST-Cypher / CAST-Algorithm (256-bit version pereferred). It would also be great if you coud send me or tell me where to get an implementation (C++-source-code preferred) of said cipher / algorithm. I have a C version of the CAST cipher submitted in AES round one on my web site at: http://www.gladman.uk.net/ It would be easy to put into C++ Brian Gladman -- From: "Paul Pires" [EMAIL PROTECTED] Subject: Re: Getting Started, advice needed (FAQs , yes I read them) Date: Mon, 11 Sep 2000 15:39:59 -0700 Sorry, I missed this. I was thinking that was possible, but maybe a known or chosen plaintext would be needed. Known or chosen plaintext or ciphertext attacks can actually be easier than "Guessing" or searching anything. You have to look at who has access and who might be evil. Let's say group A is everybody who can get a message encoded or decoded but don't necissarily have access to the key and Group B are your potential adversaries. If anyone is in both groups they got you. The best way to get a known plaintext is to write it yourself and get it encrypted. If the adversarys can't do it themselves, can they con one of your group A folks into doing it? Paul -- Date: Mon, 11 Sep 2000 18:07:10 -0500 From: No User [EMAIL PROTECTED] Subject: Re: RSA patent expiration party still on for the 20th [EMAIL PROTECTED] (Rich Wales) wrote: "No User" wrote: Keeping the invention internal and unproductive for the term of the patent is not enough to claim the experimental use defens
Cryptography-Digest Digest #658
Cryptography-Digest Digest #658, Volume #11 Sat, 29 Apr 00 00:13:00 EDT Contents: Shortcut authenticated Diffie Hellman (lcs Mixmaster Remailer) Re: Science Daily overstates significance? ("Douglas A. Gwyn") Re: sci.crypt think will be AES? (Terry Ritter) Re: sci.crypt think will be AES? (Terry Ritter) Re: sci.crypt think will be AES? (Terry Ritter) Re: U-571 movie (OT) ("Stou Sandalski") Re: Speaking of HD Overwriting... (Guy Macon) Re: Speaking of HD Overwriting... (Guy Macon) Re: sboxes for the bored... (Terry Ritter) Re: sboxes for the bored... (Terry Ritter) Re: Vs: Requested: update on aes contest (Terry Ritter) Date: 29 Apr 2000 01:40:08 - From: lcs Mixmaster Remailer [EMAIL PROTECTED] Subject: Shortcut authenticated Diffie Hellman Here is an idea for a shortcut way to do authenticated Diffie Hellman key exchange. It might be useful for an application where exponentiations are expensive. In this situation, only the server will authenticate. The client is anonymous and so it does not authenticate itself. But the client has a public key for the server. In Diffie Hellman key exchange, the client and server each choose secret values k1 and k2 respectively, and then send g^k1 and g^k2. The shared secret value is then g^(k1*k2), which each one can calculate but an eavesdropper cannot. (All this is mod p.) To authenticate, the server needs to sign its part of the exchange. It has a secret value x and has published y = g^x as its public key. In most discrete log based systems the server needs to start off the signature calculation by choosing a random k and doing g^k. The proposal for this shortcut is to use that same k as the k1 in the Diffie Hellman exchange. By doing this the "signature" can be over empty data and reduces to an identity protocol. Using the Schnorr identification protocol, the server sends g^k1. The client sends g^k2 for the DH exchange, and also a challenge value c. The server responds with r = c*x + k1, mod p-1, which the client verifies by g^r =?= y^c * g^k1. This is the standard Schnorr ID protocol. It proves that the server knows the long-term secret key value x, but also incidentally proves that it knows k1. This is therefore in effect a signature on k1. The two sides complete the DH exchange by calculating g^(k1*k2) as usual. The MITM attack is thwarted because he could not respond with a valid r value since he does not know x. Has anyone analyzed a protocol like this? Does it seem reasonable? -- From: "Douglas A. Gwyn" [EMAIL PROTECTED] Subject: Re: Science Daily overstates significance? Date: Sat, 29 Apr 2000 00:46:58 GMT Joseph Ashwood wrote: The security of Quantum Cryptography relies on the proof of One Time Pad The One Time Pad proof relies on a true random number generator The existance of a true random number generator has never been proven, it has actually been proven that you cannot prove it's existance. The *properties* of uniform randomness are quite definite and suffice for the OTP perfect-secrecy proof. What I think you're referring to is that there is no way to prove that a bit generator is generating with perfect randomness by inspection of its output (which is obvious when you consider that at time T after the test, it could suddenly enter a different mode). There is also a notion of "randomness" a la Chaitin that labels some *finite* bit strings as "random" or "nonrandom", and a proof that some string (containing a few thousand bits) is "random" by that definition but cannot be shown to be so. ...r does not take into account the fact that it may be possible to force the state some other way. If for example I, as an attacker, could force your protons to follow my protons, I would have your pad. If I could force your protons to follow a random number generator of any kind that I have in my possession, I will have broken you encryption. It's not protons, but (typically) photons. It is a fundamental and well-established fact of quantum theory that you cannot do such things without destroying the state coherence, which means your meddling will be detected by the communicants and they will discard the compromised section of the key stream. -- From: [EMAIL PROTECTED] (Terry Ritter) Subject: Re: sci.crypt think will be AES? Date: Sat, 29 Apr 2000 01:53:20 GMT On 28 Apr 2000 14:28:01 -0600, in 8ecs8h$kr7$[EMAIL PROTECTED], in sci.crypt [EMAIL PROTECTED] (Vernon Schryver) wrote: In article [EMAIL PROTECTED], Terry Ritter [EMAIL PROTECTED] wrote: ... Since I already have patents, I don't have to *argue* that I *thought* I have something new and unique; that has been confirmed. yeah, confirmed by the same experts who determined that http://patent.womplex.ibm.com/details?pn=US054
Cryptography-Digest Digest #658
Cryptography-Digest Digest #658, Volume #10 Wed, 1 Dec 99 13:13:01 EST Contents: Re: The Code Book - Part 4 (jerome) Re: Elliptic Curve Public-Key Cryptography (DJohn37050) Re: High Speed (1GBit/s) 3DES Processor (Sander Vesik) Re: How safe is Mobile Phone ? (Markus Peuhkuri) Re: VIC cipher strength? (UBCHI2) Encrypting short blocks (Markus Peuhkuri) Re: Elliptic Curve Public-Key Cryptography ("Roger Schlafly") Re: Encrypting short blocks (Anton Stiglic) Re: Verication - Anyone? (Anton Stiglic) Re: compact encryption in javascript (Bill Lynch) Re: Elliptic Curve Public-Key Cryptography ("Roger Schlafly") Generate a key pair from a user-entered key file? ([EMAIL PROTECTED]) Re: Paradise shills?? (James Felling) Re: Decyption proof cellphones in Europe? [x3] (Bruce Schneier) Re: Elliptic Curve Public-Key Cryptography (Bruce Schneier) Re: Elliptic Curve Public-Key Cryptography (Bruce Schneier) Re: AES cyphers leak information like sieves (Volker Hetzer) Re: Decyption proof cellphones in Europe? [x3] (Ian Goldberg) Re: NSA should do a cryptoanalysis of AES (Keith A Monahan) Re: digraph frequencies ([EMAIL PROTECTED]) Re: What part of 'You need the key to know' don't you people get? (Volker Hetzer) From: [EMAIL PROTECTED] (jerome) Subject: Re: The Code Book - Part 4 Reply-To: [EMAIL PROTECTED] Date: Wed, 01 Dec 1999 14:14:21 GMT yes On Wed, 01 Dec 1999 11:26:29 GMT, Andreas wrote: Hello, Because I can't speak that language (french) after I had decoded it I can't get the keyword from the text. Anyone who can help with translation? Regards /Andreas o o O o o_/|\_, Student of Computer Science |Luleå University of Technology Juggler Sweden -- From: [EMAIL PROTECTED] (DJohn37050) Subject: Re: Elliptic Curve Public-Key Cryptography Date: 01 Dec 1999 14:32:10 GMT Yes, portions of it were encrypted in a substitution cipher, actually a Caesar cipher, in that my touch typing fingers were off position by one when I was correcting an earlier typo. Don Johnson -- From: Sander Vesik [EMAIL PROTECTED] Crossposted-To: comp.dcom.vpn,comp.security.firewalls Subject: Re: High Speed (1GBit/s) 3DES Processor Date: 1 Dec 1999 14:38:33 GMT In sci.crypt Jerry P [EMAIL PROTECTED] wrote: No market research needed. 3DES at a 1 Gigabit/sec, like anti-gravity, free desalination, non-polluting engines, and ADSL, is obviously a billion-dollar winner. NSA can do 3DES at 1 Gigabit/WEEK with Cray computers. See Chris Eilbecks mail in the same thread. --- Sander There is no love, no good, no happiness and no future - these are all just illusions. -- From: Markus Peuhkuri [EMAIL PROTECTED] Subject: Re: How safe is Mobile Phone ? Date: 01 Dec 1999 16:40:15 +0200 "David" == David Wagner [EMAIL PROTECTED] writes: David confidence in their product, so why should we believe the David Sectra folks? Because "Sectra is the leading developer and manufacturer of information security products for the Swedish Armed Forces." (as noted on every page on that web site; I'll leave jokes about Swedish "Armed" "Forces" as this is not rec.humor.funny.true_stories). I _would_ imagine that the phone uses some efficient voice coding and some suitable block encryption and transmits voice over GSM data connections (originaly 9.6 kbps, some operators provide now 14,4 kbps, the speed is lower if newtwork coverage is poor). This requires that the other end has also indentical device to communicate, but that might not be much a problem for organizations requiring secure communications. Another problem is that connection setup is slower as many operators do not have ISDN gateways for communications but use modems (30 second delay for setup). The GSM is not sufficient for military grade communications, I'm not sure about big business. For private communications it is strong enough (my opinion). -- Markus Peuhkuri ! [EMAIL PROTECTED] ! http://www.iki.fi/puhuri/ Never underestimate the power of human stupidity ... and don't forget you are a human too. -- From: [EMAIL PROTECTED] (UBCHI2) Subject: Re: VIC cipher strength? Date: 01 Dec 1999 14:58:51 GMT Looking at the VIC Cipher, it appears that many of the steps leading up to the straddling checkerboard are quite unecessary. Why not just start with a predeterminded straddling checkerboard and then perform the rest of the encipherment. -- From: Markus Peuhkuri [EMAIL PROTECTED]