Cryptography-Digest Digest #829
Cryptography-Digest Digest #829, Volume #11 Sun, 21 May 00 13:13:00 EDT
Contents:
Re: AES final comment deadline is May 15 (Mark Wooding)
Re: QUESTIONS About ALGOS !! (tomstd)
Re: Q: Recording on magnetic cards (Mok-Kong Shen)
Re: Re: Who has got RSA simple program (sources on C/C++)? (tomstd)
Re: Interpretation of Hitachi patent claims ("Lyalc")
Re: Q: Recording on magnetic cards (Troed)
Re: Encrypting random data (Tim Tyler)
Re: Encrypting random data (tomstd)
Again about Fast RC5 (tomstd)
Re: Probabilistic Encryption (David A Molnar)
Re: quantum crypto breakthru? (Tim Tyler)
Re: Q: Recording on magnetic cards (Francois Grieu)
Re: Is OTP unbreakable? (Paul Schlyter)
Access Encryption ("John E. Kuslich")
Re: Compare 3DES's. (long) (Was: Mixmasters encrypt how?) ("Trevor L. Jackson, III")
Plain simple (?) question (Alain CULOS)
Re: Interpretation of Hitachi patent claims ("Trevor L. Jackson, III")
Re: More on Pi and randomness ("Trevor L. Jackson, III")
Re: Compare 3DES's. (long) (Was: Mixmasters encrypt how?) (David A. Wagner)
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: AES final comment deadline is May 15
Date: 21 May 2000 10:34:11 GMT
Scott Contini [EMAIL PROTECTED] wrote:
You are assuming single block encryption. RC6 seems to do quite
well on many modern 32/64-bit processors if you simulataneous encrypt
multiple blocks. You just get a lot more freedom on how to schedule
the multiplies, which makes the timings much better than single block
encryption. Rijndael, Serpent, and Twofish do not get nearly as much of
a benefit from this as RC6 does.
In other words, to get reasonable performance out of RC6 you need to
start using nonstandard encryption modes.
There is a lot to say for having a simple cipher that is easy to analyze,
like RC6. For example, consider this: when RC6 was submitted to the
AES, it was suggested that 16 rounds could be attacked using linear
cryptanalysis, and such an attack was described. Nobody has improved
on this result.
Yet.
Moreover, RC6 bases its security on the data dependent rotation (which
is "strengthened" through the f(x) = 2*x^2 + x function) which has
been well studied from 6 years of public research on RC5.
Don't forget that the first sensible attack against DES's S-boxes --
Biham and Shamir's differential cryptanalysis -- came about fifteen
years after the cipher was introduced. I don't think that six years is
really long enough for us to say that a particular new component is
`strong'. Any clever new attacks directed specifically against data
dependent rotations leave RC6 hanging out to dry.
When NIST suggested that simplicity of a cipher was important, it was
so that the cipher could be readily analyzed and people can get a good
feeling for the security the cipher offers. Many of the comments I am
reading on this newsgroup just seem to ignore the value of this.
I'll grant you that Twofish and MARS are complicated, and this is a
legitimate point against them. I think MARS is ugly and kitchen-sink-
ish in a way that Twofish isn't, though. But I don't see how you can
claim that Rijndael and Serpent are less simple than RC6. Serpent, in
particular, is based on very simple concepts: substitution tables (an
idea which has been analyzed longer than data-dependent rotations) and a
linear transformation for diffusion.
-- [mdw]
--
Subject: Re: QUESTIONS About ALGOS !!
From: tomstd [EMAIL PROTECTED]
Date: Sun, 21 May 2000 03:39:02 -0700
In article 8g7lbp$2sa$[EMAIL PROTECTED], "Scott
Fluhrer" [EMAIL PROTECTED] wrote:
tomstd [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
In article 8g78oq$fm2$[EMAIL PROTECTED], "Scott
Fluhrer" [EMAIL PROTECTED] wrote:
Jerry Coffin [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
In article 8fu3it$osb$[EMAIL PROTECTED],
[EMAIL PROTECTED]
says...
I'm new in Encryption, and I've to implement an
Encryption
Algo
for an application.
But I have to make a choice between efficiency and
speed !
Well I'd like to know if the DES / 3DES is a very fast
algo ?
No. Rather the opposite: DES is fairly slow and 3DES is
about one
third that speed.
Actually, before we make the pronouncements "DES is fairly
slow
and 3DES is
slower", we need to ask the question: how fast does the OP
need
them to be?
His definition of "very fast" may be drasticly different then
our definition
of "very fast". If 3DES is fast enough for the OP (and none
of
the rest of
us know enough to say), then 3DES may be a fine choice.
3des is not a bad choice, just not a good one for many tasks.
It's cumbersome and slow.
3DES is sufficiently fast and sufficiently secure for many
tasks. The OP
has not posted his def
Cryptography-Digest Digest #829
Cryptography-Digest Digest #829, Volume #10 Mon, 3 Jan 00 12:13:01 EST
Contents:
Re: meet-in-the-middle attack for triple DES (DJohn37050)
Re: Prime series instead (Re: Pi) (John Myre)
Re: crypto and it's usage (Keith Monahan)
Re: Attacks on a PKI (Shawn Willden)
Re: Attacks on a PKI (Shawn Willden)
Re: Attacks on a PKI (Shawn Willden)
Re: Wagner et Al. (Steve K)
Re: stupid question (No Spam)
Re: stupid question (No Spam)
Re: Bits 1 to 3 (Re: question about primes) ("Tony T. Warnock")
Re: Attacks on a PKI (Larry Kilgallen)
Re: Wagner et Al. (Tom St Denis)
Re: Prime series instead (Re: Pi) ([EMAIL PROTECTED])
Re: crypto and it's usage (Steve K)
Re: "Variable size" hash algorithm? ("Peter K. Boucher")
Re: Prime series instead (Re: Pi) ("Tony T. Warnock")
List of english words ("John Lupton")
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: meet-in-the-middle attack for triple DES
Date: 03 Jan 2000 14:24:54 GMT
There are unique keys per transaction for PIN protection keys. This idea has
been known. A problem with it is the set up time, changing the key all the
time means normal performance speed ups are not possible.
Don Johnson
--
From: John Myre [EMAIL PROTECTED]
Subject: Re: Prime series instead (Re: Pi)
Date: Mon, 03 Jan 2000 07:33:46 -0700
"John E. Gwyn" wrote:
"NFN NMI L." wrote:
The summation of the reciprocals of all the primes is infinite. Who
knows what happens when you have alternating subtraction and addition?
I think it still diverges, but I don't have a proof.
Any alternating sum (alternating addition and subtraction) where the
terms decrease (to zero) converges. Note that any two consecutive
values define boundaries on the sum; since the limit of the separation
of these values is zero then the sum is indeed defined.
(Picture the sums on the line; note that it goes back and forth,
each time moving a shorter distance; the sum converges because in
the limit the distance is zero).
John M.
--
From: Keith Monahan [EMAIL PROTECTED]
Subject: Re: crypto and it's usage
Date: Mon, 03 Jan 2000 14:58:21 GMT
Tom,
I use encryption on a daily basis to protect my privacy. With
the government invading our privacy frequently, I feel it
is important to protect ourselves. Who knows, what is legal
today might not be legal tommorow. It used to be legal to
listen to cellphones via a scanner -- now it's a big crime.
Incidentally, if the cellphone industry had taken steps to
protect people's privacy via encryption, they wouldn't have
had to lobby Congress so hard to ban the manufacturing of
cellphone receiving scanners.
This is why I like encryption. Laws don't stop criminals because
criminals don't obey laws. I don't want it *possible* to violate
my privacy by violating a simple law. Because even putting that
person in jail DOES NOT GIVE ME MY PRIVACY BACK.
So, instead of protecting privacy via LAWS, our privacy has to
be guaranteed by technology. And yes, I know we don't have
any provably secure USABLE algorithms for encryption. I feel
an argument can be made that says that it is easier to break
an unenforcable law than it is to break Blowfish. It all depends
on your threat model...
I run realtime on-the-fly harddrive encryption under Windows95.
Not the most secure platform, but I do things like disabling
virtual memory, clearing registry entries(like recent file entries),
wiping file slack space, wiping unused drive space, etc. I'm
really trying to avoid the side-channel attacks as that is probably
more likely than someone breaking 256-bit Blowfish. And plus,
I use good passphrases.
So, life threatening? No. Important? Yes.
I also use PGP occasionally to exchange email between friends
when discussing things of a delicate nature. And of course,
like the other gentleman mentioned, I use SSL to secure
private things like account balances at pitt.edu -- but never
my credit cards.
Sorry if this got a little OT,
Keith
Tom St Denis wrote:
I was just wondering how many people here actually use crypto. I mean
almost anyone here can pull apart ideas and have fun, but does anyone
use what's left?
I personally use it just for fun, and sometimes to keep things
private. Nothing life threatening... Anyone else?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
Date: Sun, 02 Jan 2000 17:54:56 -0700
From: Shawn Willden [EMAIL PROTECTED]
Subject: Re: Attacks on a PKI
Mickey McInnis wrote:
Do Netscape and IE require that the certificates be specific to the
domain name, or does it just require that a certificate be used?
They check the domain name. Of course, DNS is not a secure service and can be spoofed
easily by someone with appropriate access...
Shawn.
---
Cryptography-Digest Digest #829
Cryptography-Digest Digest #829, Volume #9Sun, 4 Jul 99 17:13:03 EDT
Contents:
Re: Ciphers based on HASH functions ([EMAIL PROTECTED])
Re: RSA Padding ([EMAIL PROTECTED])
Re: Quantum Computers ("rosi")
Re: Quantum Computers ("rosi")
Re: Standard Hash usage (David P Jablon)
Free chapters from Handbook of Applied Cryptography (Alfred John Menezes)
more on additive generators ([EMAIL PROTECTED])
Re: Secure link over Inet if ISP is compromized. ("Else")
RNG/PRNG paper for reading+editing (Eli)
Re: Quantum Computers (David A Molnar)
Decrypting files encrypted with Cold Fusion's cfcrypt.exe (Bob)
MP3 Security Requirements? (Thierry Moreau)
Crypto Books on CD-ROM ([EMAIL PROTECTED])
Re: Can Anyone Help Me Crack A Simple Code? (wtshaw)
From: [EMAIL PROTECTED]
Subject: Re: Ciphers based on HASH functions
Date: Sun, 04 Jul 1999 15:39:38 GMT
In article 7lmbh2$h5m$[EMAIL PROTECTED],
[EMAIL PROTECTED] wrote:
There has been some research into creating block ciphers using hash
functions, however I think there was some concern as to how secure
they
are due to the fact that hash functions were designed with different
properties in mind. My question is, would a block cipher based on
HMAC's be better? A HMAC is designed to withstand around using a key,
so wouldn't that make a better S-Box than a regular hash function?
BEAR and LION are two modern examples of ciphers using HASH functions.
They require that the HASH function be secure, but can become victim to
mitm attacks and possibly slide attacks aswell.
Mainly HASH functions are designed along the same lines as block
ciphers but require collision resitant compression functions. TIGER
for example has sboxes like many block ciphers do. Most hashes are UFN
type 'ciphers'...
These cipher constructions are not popular for several reasons. a)
they are slow. It requires performing an entire HASH function for one
round (they normally have 3 rounds or so..). b) they are larger
(require code for hash). c) the strength is co-dependant on the hash
function and cipher construction (meaning too many eggs in one basket).
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: [EMAIL PROTECTED]
Subject: Re: RSA Padding
Date: Sun, 04 Jul 1999 15:33:37 GMT
snip
You must pad RSA messages otherwise they will fall victim to frequency
analysis. for this same reason the smallest block ciphers are 64
bits. I would read PKCS #1 which is suppose to cover padding RSA
messages.
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: "rosi" [EMAIL PROTECTED]
Subject: Re: Quantum Computers
Date: Sun, 4 Jul 1999 11:23:53 -0400
???
--- (My Signature)
Anton Stiglic wrote in message ...
In a Quantum World, Quantum Crypto is unconditionaly secure.
In fact, Quantum Crypto is already publicaly implemented
(Los Alamos and other places). It is much easier to implement
than a Quantum Computer (it's not the same thing at all either).
See my labs page: http://crypto.cs.mcgill.ca
+ my directors page: http://www.cs.mcgill.ca/~crepeau
Anton
--
From: "rosi" [EMAIL PROTECTED]
Subject: Re: Quantum Computers
Date: Sun, 4 Jul 1999 12:16:27 -0400
Greg Ofiesh wrote in message 7lgg7m$mt1$[EMAIL PROTECTED]...
In article [EMAIL PROTECTED],
"Douglas A. Gwyn" [EMAIL PROTECTED] wrote:
Greg Ofiesh wrote:
Let us begin with the following assertion that I think you will all
agree with. If a quantum computer exists, then the only form of
encryption that cannot be broken by it, or at least has half a
chance to survive an attack, is OTP. All other forms of encryption
[snip]
Don't know on what basis I can agree with your above assertion. I
have more verbiage on both (immunity to QC and issues concerning
IT).
And please don't say I am nuts, or kook, or anything else.
"Why on Earth not?"
- from "A Fish Called Wanda"
[snip]
And, finally, I stated not to call me a kook because only losers have
no life that they spend it responding in the extreme negative. That is
"why not".
I think you highly desert it
You know, when one particular day, one in which everything that could
go wrong did and everything else didn't do otherwise, you suddenly
decided to do good, say some service to benefit others, you found
yourself Running For Governor. And if you run here, dear Greg, you may
forget all your math training, forgetting what a group is, whether it is
associative, commutative, etc. etc. You probably still could hallucitate
that
a group could be quite abusive. You perfectly, in such situations, lose
your imperfect aim and
