Cryptography-Digest Digest #739
Cryptography-Digest Digest #739, Volume #13 Fri, 23 Feb 01 17:13:00 EST Contents: Re: super-stong crypto, straw man phase 2 (David Wagner) Re: super-stong crypto, straw man phase 2 (David Wagner) Re: Random numbers from your sound card ("Trevor L. Jackson, III") Re: Super strong crypto (David Wagner) Re: super-stong crypto, straw man phase 2 ("Trevor L. Jackson, III") Re: super-stong crypto, straw man phase 2 (John Myre) Re: Random numbers from your sound card (Jerry Coffin) Re: "RSA vs. One-time-pad" or "the perfect enryption" (S.) Re: Powers of Complex Associative Functions (Mok-Kong Shen) Re: "RSA vs. One-time-pad" or "the perfect enryption" (Sundial Services) Re: Powers of Complex Associative Functions (Jim Steuert) Re: Any alternatives to PGP? ("Ryan M. McConahy") Re: Powers of Complex Associative Functions (Mok-Kong Shen) Re: Random numbers from your sound card ("Paul Pires") Really big numbers in C (Taylor Francis) Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and Weep Boys (wtshaw) Re: super-stong crypto, straw man phase 2 ("Henrick Hellström") From: [EMAIL PROTECTED] (David Wagner) Subject: Re: super-stong crypto, straw man phase 2 Date: 23 Feb 2001 19:10:21 GMT Reply-To: [EMAIL PROTECTED] (David Wagner) John Myre wrote: What you are overlooking is the real question: why should we believe that doubling the number of rounds would provide protection to a similar extent? Or tripling, or more? That's a fair question, but I have a good answer: For almost all of the publicly known attacks, doubling the number of rounds adds substantial protection. At the same time, for a fair number of the publicly known attacks, Gwyn's proposal does not add any security. If we now assume that unknown attacks will behave roughly like known attacks, then this suggests that doubling the number of rounds may be more likely to add substantial protection than Gwyn's proposal is. (If we don't assume anything whatsoever about unknown attacks, I see no scientific reason to believe that *any* method will or won't add protection, and if we have no basis to choose between alternatives, we might as well choose astrology as anything else.) If I went wrong somewhere, please tell me. -- From: [EMAIL PROTECTED] (David Wagner) Subject: Re: super-stong crypto, straw man phase 2 Date: 23 Feb 2001 19:15:54 GMT Reply-To: [EMAIL PROTECTED] (David Wagner) John Myre wrote: I think his idea is to try to arrive at information-theoretic arguments for the security of a cipher mechanism. What do we need from a basic block cipher to get "provable" security, if we promise to encrypt no more than X bits under any one key, and every block as at least Y bits of random data? Well, Gwyn's proposal is most definitely not secure under the information-theoretic threat model (where attackers are allowed unbounded computation), as others have pointed out by noting that exhaustive keysearch still works no matter how often you change keys. I fear this will come off sounding negative, and I feel bad, because this is not my intention. If you think there might be some path to proving something about Gwyn's proposal, I honestly would like to like to hear about it, even if it is speculative. However, in the absence of anything like that, my point is just that there are reasons to be skeptical. -- From: "Trevor L. Jackson, III" [EMAIL PROTECTED] Subject: Re: Random numbers from your sound card Date: Fri, 23 Feb 2001 19:21:19 GMT [EMAIL PROTECTED] wrote: Also, it could be intresting to try to do the same stuff with TV cards, it should give much more data and thus speed the whole thing up, not having a TV card and any knowledge about the APIs used with them, it's problematic for me to test this out, but you're welcome. You can create massive quantities of unreasonably volatile data for less than $100. At the pet store buy an aquarium with an over-large pump and extra air stones for under $50. With this equipment you can create a high speed version of the lava lamp. At the computer store buy a parallel port webcam for under $40. With the extra $10 buy a bright light and shine it on the tank (you want reflection of the light not transmission, so put it on the same side of the tank as the camera. If you have extra cash buy a mirror the size of the tank and put it opposite the camera and the light. If you are rich buy two mirrors the size of the long side of the tank, with which you make a hall-of-mirrors, and move the camera light to the end of the tank. Yes, you need to fill the tank with water and plug in the air pump. Operating the webcam at video speeds gives an unreasonably large volume of volatile bits. Of course
Cryptography-Digest Digest #739
Cryptography-Digest Digest #739, Volume #12 Fri, 22 Sep 00 08:13:00 EDT Contents: Re: Again a topic of disappearing e-mail? (Tom St Denis) Re: State-of-the-art in integer factorization (Tom St Denis) Cryptography FAQ (01/10: Overview) ([EMAIL PROTECTED]) Cryptography FAQ (02/10: Net Etiquette) ([EMAIL PROTECTED]) Cryptography FAQ (03/10: Basic Cryptology) ([EMAIL PROTECTED]) From: Tom St Denis [EMAIL PROTECTED] Subject: Re: Again a topic of disappearing e-mail? Date: Fri, 22 Sep 2000 11:08:14 GMT In article [EMAIL PROTECTED], Runu Knips [EMAIL PROTECTED] wrote: Mok-Kong Shen wrote: Email users will soon be able to erase the messages they send from the recipient's hard drive using software called SafeMessage that a company called AbsoluteFuture is releasing today. SafeMessage destroys messages within a certain amount of time after the recipient opens them, erasing all footprints on PC hard drives and computer servers, says AbsoluteFuture CEO Graham Andrews. Law enforcement officials worry that criminals and terrorists will use SafeMessage to conceal their communications, arguing that fighting crime effectively in the digital age requires email tracing. Meanwhile, privacy advocates applaud the new software. One oil executive says he uses a beta version of SafeMessage to prevent rivals from accessing his messages. http://www.usatoday.com/usatonline/2920/2662888s.htm Pfft as if this is something noticeable. Using PGP and removing the email by hand has the same effect, doesn't it ? Not to mention if the user is stupid enough to print it offall is lost! Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: Tom St Denis [EMAIL PROTECTED] Crossposted-To: sci.math Subject: Re: State-of-the-art in integer factorization Date: Fri, 22 Sep 2000 11:06:49 GMT In article 8qedb0$c49$[EMAIL PROTECTED], [EMAIL PROTECTED] (Ed Pugh) wrote: Bob Silverman ([EMAIL PROTECTED]) writes: Nothing has been written. Improvements have been only incremental. (i.e. slightly faster machines, a few more percent squeezed from code, etc.). There hasn't been a new algorithm in 11 years. Well, at least none that the NSA have let on about, anyway. ;-) That's right because the public open academia are just stupid people. Not to mention that virtually all milestones in factoring were public endeavours [sp]. Try reading euro/asia crypt from about 81 to now and you will see a plethora of factoring papers, specially the QS, the NFS, and various other methods I didn't know of till I read it. Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers Subject: Cryptography FAQ (01/10: Overview) From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: 22 Sep 2000 11:20:28 GMT Archive-name: cryptography-faq/part01 Last-modified: 1999/06/27 This is the first of ten parts of the sci.crypt FAQ. The parts are mostly independent, but you should read this part before the rest. We don't have the time to send out missing parts by mail, so don't ask. Notes such as ``[KAH67]'' refer to the reference list in the last part. Disclaimer: This document is the product of the Crypt Cabal, a secret society which serves the National Secu---uh, no. Seriously, we're the good guys, and we've done what we can to ensure the completeness and accuracy of this document, but in a field of military and commercial importance like cryptography you have to expect that some people and organizations consider their interests more important than open scientific discussion. Trust only what you can verify firsthand. And don't sue us. Many people have contributed to this FAQ. In alphabetical order: Eric Bach, Steve Bellovin, Dan Bernstein, Nelson Bolyard, Carl Ellison, Jim Gillogly, Mike Gleason, Doug Gwyn, Luke O'Connor, Tony Patti, William Setzer. We apologize for any omissions. Archives: sci.crypt has been archived since October 1991 on ripem.msu.edu, though these archives are available only to U.S. and Canadian users. Another site is rpub.cl.msu.edu in /pub/crypt/sci.crypt/ from Jan 1992. The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto, sci.answers, and news.answers every 21 days. The fields `Last-modified' and `Version' at the top of each part track revisions. 1999: There is a project underway to reorganize, expand, and update the sci.crypt FAQ, pending the resolution of some minor legal issues. The new FAQ will have two pieces. The first piece will be a series of web pages. The second piece will be a short posting, focusing on the questions that really are frequently asked. In the meantime, if you need
Cryptography-Digest Digest #739
Cryptography-Digest Digest #739, Volume #10 Tue, 14 Dec 99 16:13:01 EST Contents: Re: How to implement different modes using the twofish algorithm? (Medical Electronics Lab) security of 3des ?= des ([EMAIL PROTECTED]) Re: security of 3des ?= des (James Felling) Conditional (keyed) bidirectional hash function ? (Niall Parker) Re: Why no 3des for AES candidacy ("karl malbrain") Re: security of 3des ?= des (DJohn37050) Re: security of 3des ?= des ("karl malbrain") Re: Conditional (keyed) bidirectional hash function ? (Anton Stiglic) Re: Are thermal diodes as RNG's secure (Scott Nelson) Re: Why no 3des for AES candidacy (Anton Stiglic) Re: Why no 3des for AES candidacy (Anton Stiglic) Re: Better encryption? PGP or Blowfish? ("Trevor Jackson, III") Re: Why no 3des for AES candidacy ("Trevor Jackson, III") Re: Why no 3des for AES candidacy (Anton Stiglic) How easy would this encryption be to crack? - revised (Christoffer =?iso-8859-1?Q?Lern=F6?=) Re: Why no 3des for AES candidacy (Anton Stiglic) From: Medical Electronics Lab [EMAIL PROTECTED] Subject: Re: How to implement different modes using the twofish algorithm? Date: Tue, 14 Dec 1999 12:09:42 -0600 Martin Bädeker wrote: I'm a newbie to this and have problems to implement following modes of Twofish: CFB1,CBC,ECB. I already verified - using given testvectors - that my implementations of makeKey, BlockEncrypt and BlockDecrypt are delivering the valid outputs, but I can't get proper results in CBC mode. For CBC I XORed the plaintext (PT) and the IV and at then encrypted it using my function. But the resulting ciphertext (CT) differs from the CBC testvectors. CT = Encrypt(PT xor IV) Any suggestions? First set the IV = 0 and see if you get the same result as you'd get for ECB. If so, your xor works. Second, set PT xor IV = ECB PT. Try again and make sure that works. If you get past those 2 steps, then it should be right, check that you're feeding the ciphertext back to the right place for CBC. Patience, persistence, truth, Dr. mike -- From: [EMAIL PROTECTED] Subject: security of 3des ?= des Date: Tue, 14 Dec 1999 19:02:53 GMT i was wondering if it has been shown that 3des is more secure than des. my understanding is that if des transformations form a group than any composition of des transformations is equivalent to a single des encryption, which is bad from a security standpoint, but that currently nobody knows if des transformations form a group. so ... if it is still up in the air, couldn't the EFF use it's super-fast des cracking machine to try to find single-des equivalent keys to some 3des-encrypted known plaintexts? if it finds equivalent single-des keys for even just a few 3des keys (with no obvious degenerate structure) that would really convince me not to use 3des for anything. or maybe the EFF has already tried this? -- p Sent via Deja.com http://www.deja.com/ Before you buy. -- From: James Felling [EMAIL PROTECTED] Subject: Re: security of 3des ?= des Date: Tue, 14 Dec 1999 13:28:45 -0600 [EMAIL PROTECTED] wrote: i was wondering if it has been shown that 3des is more secure than des. my understanding is that if des transformations form a group than any composition of des transformations is equivalent to a single des encryption, which is bad from a security standpoint, but that currently nobody knows if des transformations form a group. DES has been proven not to be a group. so ... if it is still up in the air, couldn't the EFF use it's super-fast des cracking machine to try to find single-des equivalent keys to some 3des-encrypted known plaintexts? if it finds equivalent single-des keys for even just a few 3des keys (with no obvious degenerate structure) that would really convince me not to use 3des for anything. or maybe the EFF has already tried this? -- p Sent via Deja.com http://www.deja.com/ Before you buy. -- Date: Tue, 14 Dec 1999 11:37:05 -0800 From: Niall Parker [EMAIL PROTECTED] Subject: Conditional (keyed) bidirectional hash function ? Hello, I'm looking to find some information about defining a function which can be computed initially in one direction using a key, then checked in the reverse direction without the key, ie: B = fcn_1(A,key) A = fcn_2(B) but fcn_2 is not invertible (can't compute B from A without key) I've perusing the FAQs and web pages but haven't seen anything yet, perhaps someone is aware of relevant places to look ? (hopefully this is a trivial problem I'm too thick to notice the solution for ;) Thanks. ... Niall -- Reply-To: "karl malbrain" [EMAIL PROTECTED] From: "karl malbrain" [EMAI
Cryptography-Digest Digest #739
Cryptography-Digest Digest #739, Volume #9 Sun, 20 Jun 99 00:13:03 EDT Contents: Re: IDEA Questions ([EMAIL PROTECTED]) Re: SLIDE ATTACK FAILS ([EMAIL PROTECTED]) Re: test (Gergo Barany) Re: test (Chris Eilbeck) Re: F-secure (kurt wismer) Re: *** FAKE KEYS AGAIN *** ("Soylent Grin") Re: *** FAKE KEYS AGAIN *** ("Michel Bouissou") Re: IDEA Questions (Casey Sybrandy) Re: SLIDE ATTACK large state SYSTEMS (Boris Kazak) Re: SLIDE ATTACK large state SYSTEMS (Tim Redburn) Re: SLIDE ATTACK large state SYSTEMS (Tim Redburn) Re: IDEA Questions (John Savard) Re: F-secure (Tom McCune) Re: Graph of DES Encryption Function (James Pate Williams, Jr.) Re: DES versus Blowfish ([EMAIL PROTECTED]) Re: Graph of DES Encryption Function ([EMAIL PROTECTED]) From: [EMAIL PROTECTED] Subject: Re: IDEA Questions Date: Sat, 19 Jun 1999 11:28:50 GMT In article [EMAIL PROTECTED], Casey Sybrandy [EMAIL PROTECTED] wrote: I have a couple questions about IDEA that I was wondering if anyone knew the answer to. I'll be referencing AC2 pages 320321 instead of trying to redescribe everything on my own. 1. Steps 5, 6, 11-14 all use XOR. Why can't you change these to additions or subtractions? 2. In steps 7-10, there is a mixing of additions and multiplications. Why can't you add in some data dependency into this mixing, like data dependant rotates? The purpose was that if a register was added in one round, it would xor'd in the next. These operations are non-isomorphic, i.e they do not commute. They are also non linear. The idea was to not be dependant on one form of operation. They could have written the entire cipher with mul/add but they commute. Rotations were not added because only three primitives were focused on. And by have data dependant round structures you are not sure to get the same form of mixing. Tom -- PGP key is at: 'http://mypage.goplay.com/tomstdenis/key.pgp'. Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't. -- From: [EMAIL PROTECTED] Subject: Re: SLIDE ATTACK FAILS Date: Sat, 19 Jun 1999 11:31:33 GMT In article 7kev33$1ak4$[EMAIL PROTECTED], [EMAIL PROTECTED] wrote: Ever notice how much Mr. DSCOTT uses projection as a defense mechanism? He goes off about how the NSA is shrouded in secrecy and yet fails to produce an easy-to-understand flow chart of his code. He attacks other people as "hating" him, when really he's the one that hates the rest of the world. I can only wonder why...He is not very mature, but is fun to read (well funny to read). He just wants to be king of the castle, problem is there is no castle :) Tom -- PGP key is at: 'http://mypage.goplay.com/tomstdenis/key.pgp'. Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't. -- From: [EMAIL PROTECTED] (Gergo Barany) Subject: Re: test Date: 19 Jun 1999 12:35:39 GMT In article 7kehoa$63v$[EMAIL PROTECTED], Erik Avat'R wrote: Firstly sorry about the computer thing. was being a jerk... and if you dont mind me asking what do you mean by "...HTML practically posts your article twice..."? First, there is a header saying "this is a multipart message, blabla," followed by the plaintext. Then, there's another header indicating the beginning of the HTML part followed by the complete text including formatting. Try finding an HTML post, saving it to a file and looking at it in an editor. Gergo -- Never settle with words what you can accomplish with a flame thrower. GU d- s:+ a--- C++$ UL+++ P++ L+++ E++ W+ N++ o? K- w--- !O !M !V PS+ PE+ Y+ PGP+ t* 5+ X- R+ tv++ b DI+ D+ G++ e* h! !r !y+ -- From: Chris Eilbeck [EMAIL PROTECTED] Subject: Re: test Date: 19 Jun 1999 15:41:47 +0100 "Erik Avat'R" [EMAIL PROTECTED] writes: and if you dont mind me asking what do you mean by "...HTML practically posts your article twice..."? Please read this web site http://www.ping.be/houghi/nohtml/ Chris -- Chris Eilbeck mailto:[EMAIL PROTECTED] -- From: kurt wismer [EMAIL PROTECTED] Subject: Re: F-secure Date: Sat, 19 Jun 1999 00:07:27 GMT Dupavoy wrote: Has anyone used F-secure 2.0 by F-prot? just a nitpick, f-secure is not made by f-prot, f-prot is not a company, it is an anti-virus product produced by frisk software international... the f-prot engine is used in the f-secure anti-virus product produced by datafellows, not to be confused with the f-secure encryption product produced by datafellows which i suspect you have done... haven't used the f-secure line of products (encryption or av) though... -- "sometimes i cannot take this place sometimes it's my life i can't taste sometimes i cannot feel my face you'll never see me fal