Cryptography-Digest Digest #720
Cryptography-Digest Digest #720, Volume #13 Tue, 20 Feb 01 08:13:01 EST Contents: Re: FAQ ("John A. Malley") New unbreakable code from Rabin? (Roger Schlafly) Re: New unbreakable code from Rabin? ("Douglas A. Gwyn") Re: Super strong crypto (wtshaw) Re: My encryption system. (Paul Crowley) Re: Given any arbitrary numbers a and b.Can I ALWAYS find a (Jan Kristian Haugland) Re: Euler's totient function and factoring (Stefan Katzenbeisser) Re: New unbreakable code from Rabin? (Mok-Kong Shen) Re: Super strong crypto (Mok-Kong Shen) Re: New unbreakable code from Rabin? (Hard) Re: The Kingdom of God ("Jashter") Re: Is there an algorithm to sequentially enumerate all transcendental numbers? ("Henrick Hellström") Re: Ciphile Software: Why .EXE files so large (Anthony Stephen Szopa) Re: OverWrite freeware completely removes unwanted files from hard drive (Anthony Stephen Szopa) Re: Is there an algorithm to sequentially enumerate all transcendental numbers? Re: New unbreakable code from Rabin? (John Savard) Re: New unbreakable code from Rabin? (John Savard) Re: What's a KLB-7? (John Savard) Re: Given any arbitrary numbers a and b. Can I ALWAYS find a transcendental number between a and b? (John Savard) From: "John A. Malley" [EMAIL PROTECTED] Subject: Re: FAQ Date: Mon, 19 Feb 2001 21:22:40 -0800 kwd_kwp0ee9j9 wrote: where can I find this newsgroup FAQ? Posted here every 28 days or so, and there's a copy at http://www.landfield.com/faqs/cryptography-faq/ Hope this helps, John A. Malley [EMAIL PROTECTED] -- From: Roger Schlafly [EMAIL PROTECTED] Subject: New unbreakable code from Rabin? Date: Mon, 19 Feb 2001 21:45:09 -0800 From the NY Times: In essence, the researcher, Dr. Michael Rabin and his Ph.D. student Yan Zong Bing, have discovered a way to make a code based on a key that vanishes even as it is used. While they are not the first to have thought of such an idea, Dr. Rabin says that never before has anyone been able to make it both workable and to prove mathematically that the code cannot be broken. "This is the first provably unbreakable code that is really efficient," Dr. Rabin said. "We have proved that the adversary is helpless." http://www.nytimes.com/2001/02/20/science/20CODE.html?pagewanted=all (free reg reqd) -- From: "Douglas A. Gwyn" [EMAIL PROTECTED] Subject: Re: New unbreakable code from Rabin? Date: Tue, 20 Feb 2001 06:07:29 GMT Roger Schlafly wrote: From the NY Times: Thanks for the pointer. Upon closer examination, this is a method that I have seen before, perhaps in this newsgroup -- basically, establish a publicly visible stream of random bits, and the communicating parties select a running sample from the bit stream pool according to some agreed-upon rule, and use that as an XOR stream one-time key. The idea is apparently that since the enemy cannot store all the "infinite" bit pool, he cannot keep up with the communicants, since he doesn't know in advance of analysis which of the pool bits need to be recorded. -- From: [EMAIL PROTECTED] (wtshaw) Subject: Re: Super strong crypto Date: Mon, 19 Feb 2001 23:53:58 -0600 In article [EMAIL PROTECTED], Bryan Olson [EMAIL PROTECTED] wrote: Actually, the straw-man system loops out. Sending a new key encrypted under the old key does not move away from the unicity distance, so the system has to send another immediately, then another, then another I suppose some systems would actually loop out, but this is no excuse for systems that loop as a norm. Is "natural lifetime" some property of a key? So given systems for which computational security cannot be determined, you can produce systems with the same property. One aspect of strength is surely having the rough equivalent of a long unicity distance, but that concept may be fading. Nevertheless, being able to use a key for a longer time because it can resist analysis oflanger passages seems important. -- Better to pardon hundreds of guilty people than execute one that is innocent. -- Subject: Re: My encryption system. From: Paul Crowley [EMAIL PROTECTED] Date: Tue, 20 Feb 2001 06:32:52 GMT Boris Kazak [EMAIL PROTECTED] writes: (P.S. If no-one else has what I have, does that make me King Cryppie???). Time to set an appointment with a psychiatrist... In this country, we don't take our kids to the shrink for being adolescent... ("All I wanted was a Pepsi! But she wouldn't give it to me!") -- __ \/ o\ [EMAIL PROTECTED] /\__/ http://www.cluefactory.org.uk/paul/ -- From: Jan Kristian Haugland [EMAIL PROTECTED] Crossposted-To: sci.math Subject: Re: Given any arbitrary num
Cryptography-Digest Digest #720
Cryptography-Digest Digest #720, Volume #12 Tue, 19 Sep 00 20:13:00 EDT Contents: Re: Proper way to intro a new algorithm to sci.crypt? (Albert Yang) Re: transformation completeness and avalanche effect (Andru Luvisi) Re: Proper way to intro a new algorithm to sci.crypt? ("David C. Barber") Sample RC4 plaintext/ciphertext ([EMAIL PROTECTED]) Re: Proper way to intro a new algorithm to sci.crypt? ("Paul Pires") Re: RC4: Tradeoff key/initialization vector size? (Gregory G Rose) Re: Sample RC4 plaintext/ciphertext ("Neal Bridges") Re: A conjecture - thoughts? (Matthew Skala) Re: "Secrets and Lies" at 50% off (Terry Ritter) Re: Sample RC4 plaintext/ciphertext (Doug Stell) Re: Proper way to intro a new algorithm to sci.crypt? (Albert Yang) Re: ExCSS Source Code (Eric Smith) Re: "Secrets and Lies" at 50% off (Alan J Rosenthal) Re: CDMA tracking (was Re: GSM tracking) (Eric Smith) Re: Proper way to intro a new algorithm to sci.crypt? ("David C. Barber") Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an (Mok-Kong Shen) From: Albert Yang [EMAIL PROTECTED] Subject: Re: Proper way to intro a new algorithm to sci.crypt? Date: Tue, 19 Sep 2000 21:17:19 GMT Paul Pires wrote: snip Miss-spell single syllable words, make unfounded and preposterous claims and insult anyone who has a clue with reckless abandon. When folks respond, insult them personally. Seems to work. Paul I can handle the miss-spelling of single syllable words (do it all the time), I can make unfounded and preposterous claims (took a marketing class) I can insult anyone who has a clue with reckless abandonment (I'm Chinese, it's innate!) When folks respond, insult them personally. That's where I draw the line, I'm chinese, not a democrat... Thanks to those of you who sent me the FAQ. Albert. -- From: Andru Luvisi [EMAIL PROTECTED] Subject: Re: transformation completeness and avalanche effect Date: 19 Sep 2000 14:23:52 -0700 "Stanley" [EMAIL PROTECTED] writes: Andru, Could you explain why DES encryption = T(p XOR k) and decryption=U(c) XOR k? T(x) = DES_ENCRYPT_WITH_ZERO_KEY(x) U(x) = DES_DECRYPT_WITH_ZERO_KEY(x) I was not proposing an attack on DES, I was using it to achieve defusion in a weak algorithm which has avalanch but still stinks. Andru -- Andru Luvisi, Programmer/Analyst -- From: "David C. Barber" [EMAIL PROTECTED] Subject: Re: Proper way to intro a new algorithm to sci.crypt? Date: Tue, 19 Sep 2000 14:37:54 -0700 Claim it's your very first cipher, and that it's Absolutely Unbreakable. :^) *David Barber* "Albert Yang" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Can anybody give me a quick run-through of the proper way to introduce a new algorithm to Sci.crypt? I'd like to intro a new algorithm here that I just finished up. Thanks. Albert -- From: [EMAIL PROTECTED] Subject: Sample RC4 plaintext/ciphertext Date: Tue, 19 Sep 2000 21:53:28 GMT I recently coded an implementation of RC4 (based on info from the Internet) - but want to ensure that it has been done right. Could someone be kind enough to post/send a some sample data by which I can verify the code. I don't use any salting - so all I would need is some plaintext, and corresponding ciphertext and the key. Thanks. - Grank Sent via Deja.com http://www.deja.com/ Before you buy. -- From: "Paul Pires" [EMAIL PROTECTED] Subject: Re: Proper way to intro a new algorithm to sci.crypt? Date: Tue, 19 Sep 2000 15:01:35 -0700 Albert Yang [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Paul Pires wrote: snip Miss-spell single syllable words, make unfounded and preposterous claims and insult anyone who has a clue with reckless abandon. When folks respond, insult them personally. Seems to work. Paul I can handle the miss-spelling of single syllable words (do it all the time), I can make unfounded and preposterous claims (took a marketing class) I can insult anyone who has a clue with reckless abandonment (I'm Chinese, it's innate!) When folks respond, insult them personally. That's where I draw the line, I'm chinese, not a democrat... Ya got me :-) Paul Thanks to those of you who sent me the FAQ. Albert. -- From: [EMAIL PROTECTED] (Gregory G Rose) Subject: Re: RC4: Tradeoff key/initialization vector size? Date: 19 Sep 2000 15:15:05 -0700 In article [EMAIL PROTECTED], Paul Rubin [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] writes: It is far from clear that h
Cryptography-Digest Digest #720
Cryptography-Digest Digest #720, Volume #11 Sat, 6 May 00 21:13:01 EDT Contents: Re: quantum crypto breakthru? (Diet NSA) Re: Crypto Export ("John E. Kuslich") Re: quantum crypto breakthru? (Diet NSA) Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net" (George Edwards) Re: KRYPTOS Something new ? ("John E. Kuslich") Re: Crypto Export ("Adam Durana") Re: Tempest Attacks with EMF Radiation ("Marty") Re: GPS encryption turned off (Paul Schlyter) Re: Fresco transmits my name (was: Spammed after just visiting a site) (jepler epler) Re: Two basic questions (Mario Kenly) Re: Crypto Export (Jerry Park) Re: Deciphering Playfair (long) (Michael Jarrells) Re: SBOX program using ideas from CA and ST (CAST design) (Terry Ritter) Re: I saw this in /. and I thought of you (all) (Neil Padgett) Re: Is this random? (Guy Macon) Subject: Re: quantum crypto breakthru? From: Diet NSA [EMAIL PROTECTED] Date: Sat, 06 May 2000 15:15:44 -0700 In article [EMAIL PROTECTED], Roger [EMAIL PROTECTED] wrote: And these new schemes combine QC with conventional crypto, I assume? It is possible to do it this way but it is not required. See : http://arxiv.org/abs/quant-ph/0001046 http://arxiv.org/abs/quant-ph/0003104 The proofs I've seen seem to all assume perfect equipment, and are invalid if the equipment has the slightest flaws. Under Shannon's definition, the OTP (which is a basis for quantum crypto) has been proven to be informationally secure. In practice, though, OTPs have actually been broken, and the security of quantum crypto will, likewise, depend on the quality of its implementation and use. However, even if there are vulnerabilities in a particular q.c. set-up, it may still be impossible (at least using existing technology) for a potential eavesdropper to gain enough info. Yet, traditionally, quantum key distribution protocols *are* susceptible to MITM attacks. The first paper I cited above, for example, discusses a way to avoid the MITM problem. It is rumored (e.g., in Singh's book) that the NSA is developing quantum encrypted fiber optic networks for the Pentagon. Could be misinformation. Or maybe they have excess funds in their budget. From funding patterns, the news, etc., it does appear that the NSA is interested in fiber optic networks and quantum crypto, but I don't know if they are creating a set-up for the Pentagon. Can you give a cite for that amazing quote? This is just a joke which I stole from the TV show "Latenight with Conan O'Brien". "If we do not prevent highly classified secrets from being stolen, then how are we going to sell them to the Chinese?" - Madeleine Albright (addressing recent thefts) * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- From: "John E. Kuslich" [EMAIL PROTECTED] Subject: Re: Crypto Export Date: Sat, 6 May 2000 15:19:03 -0700 Ok, here is MY take on the subject for what it's worth: THE REASON, and the ONLY reason the US government opposes export of strong cryptography is because they (gov't agencies) are able to easily break almost any cryptography at any time and those responsible for breaking those codes want to foster the illusion that the government is afraid of popular cryptographic programs like PGP in order to encourage their use. The reasoning behind this conclusion is simple: None of the other explanations I have heard make any sense whatsoever! This would not be the first time the US government has used creative misinformation in order to foster its goals. US history is rife with other examples. Remember Star Wars?? Total baloney designed to cause the Ruskies to spend money beyond their means. In a related matter, Leo Marks describes in his masterpiece "Between Silk and Cyanide" how the British spies were told their main goal, even more important than blowing up factories or airfields, was to cut telephone lines. The reason, to cause the enemy to send enigma traffic over the airwaves where it could be intercepted and read. In this case, force the ignorant e-mail user to encrypt in his favorite 512bit elliptic curve frammis doobis public key reverse Sbox Fiestal gizmo algorithm so the traffic can be easily read. I know, I know. The idea is far out but no more ridiculous than the "official" reasoning (you know, to prevent terrorists from having strong crypto for crissake!!). JK http://www.crak.com Password Recovery Stou Sandalski tangui [EMAIL PROTECTED] wrote in message news:RVvQ4.1276$[EMAIL PROTECTED]... Well its almost the end of my school year (25days left) and in gove
Cryptography-Digest Digest #720
Cryptography-Digest Digest #720, Volume #10 Fri, 10 Dec 99 22:13:00 EST Contents: Re: Attacks on a PKI ("Lyal Collins") Linear Congruential Generators ("Steven Alexander") CDSA 1.2 specs (JCA) Re: Linear Congruential Generators ("Tony T. Warnock") Re: Random Numbers??? (Keith A Monahan) Re: Linear Congruential Generators ("Steven Alexander") Re: NSA future role? (Terry Ritter) Re: Attacks on a PKI ([EMAIL PROTECTED]) Re: Attacks on a PKI ([EMAIL PROTECTED]) Re: If you're in Australia, the government has the ability to modify ("Douglas A. Gwyn") Re: Linear Congruential Generators ("Douglas A. Gwyn") Re: If you're in Australia, the government has the ability to modify your files. 4.Dec.1999 ("Rick Braddam") Anyone using Freedom 1.0 ? What are your thought? [nt] ([EMAIL PROTECTED]) Re: Linear Congruential Generators (David A Molnar) Re: Attacks on a PKI (David A Molnar) Re: Anyone using Freedom 1.0 ? What are your thought? [nt] (Steve K) Questions about message digest functions (Pelle Evensen) Re: Digitally signing an article in a paper journal ("rosi") Re: Questions about message digest functions (Jim Gillogly) Re: NSA should do a cryptoanalysis of AES ("Rick Braddam") Re: If you're in Australia, the government has the ability to modify your files. 4.Dec.1999 ("Rick Braddam") From: "Lyal Collins" [EMAIL PROTECTED] Subject: Re: Attacks on a PKI Date: Sat, 11 Dec 1999 09:30:23 +1100 - Replacing the Rooth CA key in everyone's clients - Modifying clients to verifying against multiple Root CA's - Storing private keys on an insecure workstation - Using a password processed and verification on an insecure workstation to permit private key use - having to archive messages and signatures and certs in "average security" databases (if the database record is later modified, the signature cannot be re-verified, and the recipient loses a case, unless they can _prove_ their database and systems admin is top notch for the entire period. The UK Munden case is an example where a bank couldn't do this - for it's internal reasons. - the need for a highly secure CA and secure Client is approximately the same effort required in a secret key scheme to keep both end points secure. Not strictly on-topic, but an important cost consideration. Most of this is paraphrasing stuff in the recent Schnier and Ellison paper - but have always been obvious. Lyal [EMAIL PROTECTED] wrote in message 82qq8g$odp$[EMAIL PROTECTED]... Having read much of the literature on PKI, it is fairly conclusive that this whole PKI thing is an exploitation of people's ignorance. I am currently compiling a list of attacks on a PKI, and if you know of any then please post some. David Sent via Deja.com http://www.deja.com/ Before you buy. -- From: "Steven Alexander" [EMAIL PROTECTED] Subject: Linear Congruential Generators Date: Fri, 10 Dec 1999 14:34:22 -0800 I was reading about LCG's in The Art of Computer Programming and have also read briefly about them in Applied Cryptography. I was wondering if they can be used to generate keys for a cryptographic algorithm with a new approach. If you were using strong values for the multiplier and increment value(so that it would iterate through all possible values of x) could you seed the generator with user input? My idea was to generate 128-bit key by the following: Either a) ask the user to enter 4 32-bit numbers b) ask the user to type randomly and create 4 32-bit numbers by shift and XOR Then: Use the generator numbers to seed four instances of the generator Ask the user to specify a number of iterations Use the values of x at the end of the last iteration as your key I would love to hear any problems with this scheme and any suggestions for an improvement of this method. -- Steven Alexander [EMAIL PROTECTED] When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. -- From: JCA [EMAIL PROTECTED] Subject: CDSA 1.2 specs Date: Fri, 10 Dec 1999 14:21:29 -0800 Does anybody know where to get the CDSA 1.2 API specs in electronic format? At Intel they only carry those for CDSA 2.0 these days. -- From: "Tony T. Warnock" [EMAIL PROTECTED] Subject: Re: Linear Congruential Generators Date: Fri, 10 Dec 1999 15:46:56 -0700 Reply-To: [EMAIL PROTECTED] Steven Alexander wrote: I was reading about LCG's in The Art of Computer Programming and have also read briefly about them in Applied Cryptography. I was wondering if they can be used to generate keys for a cryptographic algorithm with a new approach. If you were using st
Cryptography-Digest Digest #720
Cryptography-Digest Digest #720, Volume #9 Mon, 14 Jun 99 19:13:08 EDT Contents: Followup: OTP is it really ugly to use or not? (Cyba Nonymous) Re: Cracking DES ([EMAIL PROTECTED]) Re: IDEA in "aplied cryptography" BRUCE SCHNEIER (John Savard) Re: Generating Large Primes for ElGamal (Wei Dai) Re: IDEA in "aplied cryptography" BRUCE SCHNEIER (James Pate Williams, Jr.) Re: TEA vs Blowfish (Peter Gunn) Re: huffman code length (Andras Erdei) Book Usefulness Question (consalus) Re: sbox design (Medical Electronics Lab) Re: TEA vs Blowfish (David Wagner) Re: OTP is it really ugly to use or not? ([EMAIL PROTECTED]) Re: IDEA in "aplied cryptography" BRUCE SCHNEIER (John Savard) Re: OTP is it really ugly to use or not? ([EMAIL PROTECTED]) Re: Book Usefulness Question ("Steven Alexander") Re: Followup: OTP is it really ugly to use or not? (Jim Gillogly) Re: Is there a short digest for short messages? (Jerry Coffin) Re: DES and BPANN (James Pate Williams, Jr.) Re: Cracking DES ([EMAIL PROTECTED]) Re: Generating Large Primes for ElGamal ([EMAIL PROTECTED]) Date: 14 Jun 1999 16:38:48 - From: Cyba Nonymous [EMAIL PROTECTED] Subject: Followup: OTP is it really ugly to use or not? Jim, Thanks for taking the time to give me the benefit of your knowledge. I understand most of what you said but still can't see how re-using bits in a random pad provided they have been re-scrambled into another random pad compromises the security of an OTP. In other words, does the method I proposed really reuse "the pad" or not? That is the question. I don't think so. At least not in the sense or in a way in which it can be used to compromise the OTP. I maintain that all the derived pads are different even though they are derived from the same CD of random numbers. No? Let's say I have a CD with the following random numbers: E7 05 87 12 A1 63 BC 29 9A 32 ... I want to encode the following message #1: HELLO (48 45 4C 4C 4F) I use codeword "A" to select bytes from the pad using a formula based program and it gives me offsets: 05 02 07 06 09 which yields a pad of: (that for purposes of discussion is also random) A1 05 BC 63 9A I use this pad to encrypt "HELLO" using xor to: E9 40 F0 2F D5 Now I want to encode a second message #2 which is: GOODBYE (47 4F 4F 44 42 59 45) I use codeword "B" to select bytes from the CD with the program and it gives offsets: 06 01 08 0A 03 05 01 which yields a pad of: 63 E7 29 32 87 A1 E7 I use this pad to encrypt "GOODBYE" using xor to: 24 A8 66 76 E5 F8 A2 Ok now let's assume that the "source" instead of being 10 numbers like in this example is a CD full or better yet a DVD full, 8/16 GIG's worth, and the selection program grabs a calculated mixed subset of these bytes for the new pad that is guaranteed to be randomly different for every unique codeword. I fail to see then how the security of either message is compromised simply because I reused bytes from the CD/DVD? It is not as if I reused the pad or even a sequence from the pad but in essence what I did was to generate another unique pad from an existing pool of random numbers on the CD/DVD right? Are these messages not secure as long as the codeword is secure? I will even give you tha pad and the formula and I bet you can't break it without the codeword. Or, I'll give you the codeword but you still can't break it without the pad and the formula. Is it not true that the encrypted message 24 A8 66 76 E5 F8 A2 can be xor'd back to every possible 7 letter phrase with some pad? It is obvious to me that this is so. I can derive a pad to turn those 7 bytes into any message I want so how can anyone ever know they have got the right answer? Just because they get a plausible message does not mean it is the correct message and I don't see how they can learn anything unless a significant sequence from the original pad is reused and that can be prevented by the selection program. Even granting the "theoretical" it must be's to be an "absolute" unbreakable OTP in the math sense which this method may not satisfy isn't this method still extremely strong? I can't see how it can be broken. It can't be brute forced, it can't be factored and even if somehow a part of a message or even an entire message became known it does not compromise any other message. I think that is pretty good. Or, am I all wet? Come to think of it can't the selection program be seen as a rng in its own right? But one that produces numbers that can never be reproduced by anyone not having the original CD? Is that another way of looking at this perhaps? If so then this can be quite useful in that from say a 16 GIG DVD used as a source you can get perhaps a lifetime of unique pads and only ever have to deliver the "source&q