Cryptography-Digest Digest #933
Cryptography-Digest Digest #933, Volume #13 Sun, 18 Mar 01 14:13:01 EST Contents: Re: How to eliminate redondancy? ("Tom St Denis") PGP key expiration (was Re: Encryption software) (Benjamin Goldberg) Re: Cryptoanalysis of stream cipher ("Tom St Denis") Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION ("Henrick Hellström") Re: Cryptoanalysis of stream cipher (Frank Gerlach) Re: Profile analysis and known plaintext (Frank Gerlach) Re: Profile analysis and known plaintext (Frank Gerlach) Re: Profile analysis and known plaintext ("Tom St Denis") Re: Cryptoanalysis of stream cipher ("John A. Malley") old RNG request ("Tom St Denis") Re: Idea (amateur) Re: Idea (amateur) FISHING (bandjur) Re: Profile analysis and known plaintext (Steve Portly) Re: Idea (John Joseph Trammell) Re: Idea (John Joseph Trammell) Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (SCOTT19U.ZIP_GUY) Re: How to eliminate redondancy? (SCOTT19U.ZIP_GUY) Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (John Savard) Re: Idea (amateur) From: "Tom St Denis" [EMAIL PROTECTED] Subject: Re: How to eliminate redondancy? Date: Sun, 18 Mar 2001 16:11:08 GMT "SCOTT19U.ZIP_GUY" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... [EMAIL PROTECTED] (Douglas A. Gwyn) wrote in [EMAIL PROTECTED]: Compression goes along why towards solving the problem if it allows for any possible input block. All commonly used compression schemes work for any input. Here is where you maybe missing it. Compression is a two sided coin. compression/decompression. Most people are so focused on the frontside they fail to check the backdoor. True most compressors at the front door the compresion side do handle all 8-bit byte binary files. But they leave the back door wide open. They don't handle the decompression of all possible files. If they did it then 1) for any file X then compress( uncompress(X))= X would be true for all files. This in something anyone can check. Take a file use Notepad enter a message "hello world" save it as a file. Now uncompress it with any of your favorite compressors. Most will fail on the spot possibly giving an error message. You may have to go to DOS or use some method to change file name extension to the type your compressor uses. A few will actually do somthing. Next if you get this far compress the resultant file using the compressor part of your compressor. Know check it with "fc /b file1 file2" see if the match. If not your compressor failed. I still don't see 1-1 as a valid condition for security. I can brute force your 1-1 system just like I can brute force a non "1-1" compressor. Tom -- From: Benjamin Goldberg [EMAIL PROTECTED] Subject: PGP key expiration (was Re: Encryption software) Date: Sun, 18 Mar 2001 16:11:32 GMT Joe H. Acker wrote: [snip] I have another problem with PGP: I once forgot my passphrase for a non-expiring key and didn't make a key revocation certificate, which means that there will now be two keys (the new one and the old one) forever on the keyserver, but I can only decrypt for one. That's really bad... and I think this can happen to many unexperienced PGP users. Wouldn't it be possible to require regular confirmation of key expiry or not, instead of no expiry at all or fixed expiry? That way, if somebody lost his passphrase to a private key, he could not confirm "no don't expire this public key" and so the public key would expire automatically. It's an interesting idea, but it requires rather alot of work on the part of the keyserver (ie, regularly asking each user with a conditionally expiring cert whether or not he wants it to expire). Plus, if the user goes on vacation, he's got a problem. A better method would be to design a special "advance expiration date" message, which one would send to the keyserver, so that we only need a one-way communication, not a two-way communication. A more practical solution would be to have PGP automatically create a key revocation certificate when a new key is made, and nag the user into putting it on a floppy disk, and further nag him into sticking that floppy in a safe place. -- The difference between theory and practice is that in theory, theory and practice are identical, but in practice, they are not. -- From: "Tom St Denis" [EMAIL PROTECTED] Subject: Re: Cryptoanalysis of stream cipher Date: Sun, 18 Mar 2001 16:11:34 GMT "Yevgen" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Hi All! I need any information about cryptoanalysis of stream cipher. Thanks in advance. Which stream cipher? -- From: "Henrick Hellström" [EMAIL PRO
Cryptography-Digest Digest #933
Cryptography-Digest Digest #933, Volume #12 Sun, 15 Oct 00 20:13:01 EDT Contents: Re: Is it trivial for NSA to crack these ciphers? ([EMAIL PROTECTED]) Re: Problem in Message Digest ([EMAIL PROTECTED]) Re: SDMI - Answers to Major Questions ("Paul Pires") Re: Is it trivial for NSA to crack these ciphers? (CiPHER) Re: CRC vs. HASH functions (Mack) Re: A newbie in block ciphers (Dido Sevilla) Re: ECDSA ("Jesper Stocholm") Re: Is it trivial for NSA to crack these ciphers? (David Wagner) Re: ECDSA (Roger Schlafly) Re: Is it trivial for NSA to crack these ciphers? ("John A. Malley") Re: A new paper claiming P=NP (default) Re: On block encryption processing with intermediate permutations (Bryan Olson) Re: SDMI - Answers to Major Questions (Mack) pseudo random test (=?ISO-8859-1?Q?Jacques_Th=E9riault?=) Try This One (Jim) Re: Bored with AES? SHA-256/384/512 spec now out! (John Savard) From: [EMAIL PROTECTED] Subject: Re: Is it trivial for NSA to crack these ciphers? Date: Sun, 15 Oct 2000 18:55:41 GMT Stephen M. Gardner [EMAIL PROTECTED] wrote: What do you suppose keeps bright young mathematicians working in an environent in which they cannot share their insights freely with others? What do you suppose the impact on their creativity is? How long do you suppose it takes for such an environment to turn a bright young scholar into a government drone or drive them away? Oh, did I mention how the bright young person has to suffer a periodic foray into his sex life, what substances he consumes recreationally, an who he associates with by some cynical and jaded "security wonk" with a cold-war stick up his butt? Do the best and brightest put up with that for long? If we assume that the NSA is significantly ahead of the private sector, the inability to publish is more than offset by the access to information noone else has. I suspect that if you told anyone they could read every file the NSA has, provided they never discussed them later, most people would leap at the chance. On the other hand, if they're on par with the open community, the inability to publish is offset for many people by the ability to accomplish meaningful work without having to deal with publishing! ;) Saving lives, and the ability to work against the best advesaries the rest of the world has to offer are strong motivations. As to the intrusion into your private life, the private sector is not doing much better in that particular case. The current trend in many companies is mandatory drug testing, immediate dismissile for smoking on or off the premisis at some places, etc. -- Matt Gauthier [EMAIL PROTECTED] -- From: [EMAIL PROTECTED] Subject: Re: Problem in Message Digest Date: Sun, 15 Oct 2000 19:02:35 GMT Joyce [EMAIL PROTECTED] wrote: I would like to digest a message. However, a compile error is prompted: Error #: 362 : cyclic inheritance involving class java.security.MessageDigest at line 30, column 43. It indicates that there is an error in MessageDigest.getInstance("MD5", "CryptixCrypto"). Please kindly tell me what's going wrong. Where should we start? ;) 1. This is sci.crypt, not comp.lang.java so the entire message is way off base. 2. Use of the sun.* packages in production code is a Bad Idea(tm). 3. You can do the same thing with approximately 10% of the code by using MessageDigest.getInstance("MD5"). That saves you the _entire_ cryptix library, and probably runs faster to boot. And if I had to guess, the first place I'd look is that you're adding the provider correctly. -- Matt Gauthier [EMAIL PROTECTED] -- From: "Paul Pires" [EMAIL PROTECTED] Subject: Re: SDMI - Answers to Major Questions Date: Sun, 15 Oct 2000 12:06:57 -0700 David A Molnar [EMAIL PROTECTED] wrote in message news:8sapp2$qtc$[EMAIL PROTECTED]... Scott Craver [EMAIL PROTECTED] wrote: Alas, I do research in the field of watermarking and watermarking attacks, and my ears are pretty crummy. Plus I have to do most of my work in a room with big loud fans. Can't you just find some music majors on campus and use them as guinea pigs (I'm assuming their ears are relatively good)? Maybe you could even get a psych major to set up and run experiments as a thesis topic, thus saving you the trouble... It's already been done. Although not as fun, there are better uses for students than scientific experiment :-) Audio professionals are A, pre-selected to be talentened. B, trained and experienced to recognise and inderstand what they hear. The one I know is astounding. Paul -David -- From: CiPHER [EMAIL PROTECTED] Subject: Re: Is it trivial for NSA to crack these ciphers? Date: Sun, 15 Oct 2000 19:23:40 GMT In article [EMAIL PROTECTED], "
Cryptography-Digest Digest #933
Cryptography-Digest Digest #933, Volume #11 Sat, 3 Jun 00 19:13:01 EDT Contents: Re: http://www.infraworks.com product ("Paul Pires") Re: Good ways to test. (Mok-Kong Shen) Re: Need "attack time" measurements on a toy cipher... (long) ("TheGPFguy") Re: Good ways to test. (tomstd) Re: Need "attack time" measurements on a toy cipher... (long) ("TheGPFguy") Re: No-Key Encryption (Mok-Kong Shen) Re: Good ways to test. (Mok-Kong Shen) Re: No-Key Encryption (Mok-Kong Shen) Re: XTR independent benchmarks (Wei Dai) Re: Good ways to test. (tomstd) Re: Need "attack time" measurements on a toy cipher... (long) (Baruch Even) From: "Paul Pires" [EMAIL PROTECTED] Subject: Re: http://www.infraworks.com product Date: Sat, 3 Jun 2000 14:52:18 -0700 I had to look at the web page, Sorry. "After the 45 minutes or the 1 time view, the document is shredded from your hard drive" Their software runs on my machine (all the time presumably) and decides to shred documents? On my machine? So I load the document, say an AutoCad file, for my 1 hour and then kill their process. (CNTRL, ALT, DELETE and end task) "* Provides total protection by destroying the content if any security elements are violated. " This is a good thing? I once called Microsoft with a problem with Exchange behaving badly with User Profiles. After many hours and constant movement up the food chain it was explained to me that I did not have a bug but that I had actually found an "Undocumented Feature". I am not calling these guys. Paul -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Good ways to test. Date: Sun, 04 Jun 2000 00:08:57 +0200 tomstd wrote: You are missing the picture. Crypto: I can say a block cipher has 'X' resistance to 'Y' attacks. Medicine: I can say 'X' people get better and 'Y' people get dead. Same thing. In crypto I can say 'DES has a resistance to linear attacks effectively of O(2^43) work' making it 'strong'. In medicine I can say 99.99% people got better but 0.01% died making it 'a cure'. We didn't know (or now either) if DES could have been broken easily, same for medicine. Those 0.01% may have had kids before they died that have some wierd genetic disease making 0.01% become much larger. That's why I called it comparative. You wouldn't use FEAL-8 over Blowfish would you? Why because given all that we know Blowfish is more secure. Is that definative? Not a shot in hell. But it's better then "What cipher will I use today?". I wish that there are plenty of people who accept that sort of numerical figures of yours. But please don't count on me. I don't buy that. 2. I know too little about chemistry or phamacology to know what substance you mentioned is. But apparently you were referring to the issue of the yet unknown side effects of drugs. Yes, this does seem to have analogy in crypto, namely the yet unknown (not yet existing or already existing but secret) techniques of attack. To that point all what I can say is to repeat my conviction that anyone applying crypto is responsible to himself for the consequence of what algorithm he chooses and how the whole security system is organized and run. No other person can carry that responsibility for him. He can gather all relevant informations that he can manage to obtain. But he has to make his own decision (including such as to blindly and totally rely on what a certain guru says) and has no one but himself to blame, if that decision happens to turn out to be wrong. You're right. Companies like Entrust and RSA are *liable* for any damages that occur when people use their tools. So I would assume they are doing the best they can. In principle the same comment as above. M. K. Shen -- From: "TheGPFguy" [EMAIL PROTECTED] Subject: Re: Need "attack time" measurements on a toy cipher... (long) Date: Sat, 03 Jun 2000 22:01:10 GMT Paul Pires [EMAIL PROTECTED] wrote in article = 99d_4.57122$[EMAIL PROTECTED]... I know you set up a pretty good work plan for the folks in here to = follow but you have to understand that no one here is very good at coloring = inside the lines. Before I continue further, let me publicly thank you for your clear and = concise explanation of what to expect here. I mean that literally, not = sarcastically. =20 Your basic statement is self contradictory. You state that there is a = short secrecy horizon, that the same key is always used and yet you claim = the plaintext is unknown. All plaintext or just the stuff inside your = security horizon ? =20 The statement is contradictory because I set up a trial
Cryptography-Digest Digest #933
Cryptography-Digest Digest #933, Volume #10 Thu, 20 Jan 00 00:13:01 EST Contents: Re: Predicting Graphs. (Guy Macon) newbie help (elliptic) Re: What about the Satanic Seven??? ("r.e.s.") Re: ECC vs RSA - A.J.Menezes responds to Schneier (DJohn37050) ANN: ECBackup 1.1 - archiver with strong-security, based on open key technology (ECC) ("Andre N Belokon") Encryption Speeds of Stream Ciphers Implemented on Hardware ("Duncan") Re: New Crypto Regulations ("Trevor Jackson, III") Re: McDonald's claims Nobel peace fries ("Trevor Jackson, III") Re: Java's RSA implimentation (Paul Schlyter) Re: Java's RSA implimentation (Paul Schlyter) Re: RSA survey ("Trevor Jackson, III") Re: MIRDEK: more fun with playing cards. ("r.e.s.") Re: ECC vs RSA - A.J.Menezes responds to Schneier (Greg) Re: RSA survey (NFN NMI L.) Re: Forward secrecy for public key encryption (new proposal, long) (David Wagner) From: [EMAIL PROTECTED] (Guy Macon) Subject: Re: Predicting Graphs. Date: 19 Jan 2000 21:02:13 EST In article 865fve$t2k$[EMAIL PROTECTED], [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: Come on, somebody, answer my question! O.K. Happy now? -- From: elliptic [EMAIL PROTECTED] Subject: newbie help Date: Thu, 20 Jan 2000 01:57:55 GMT I need some help for implementing strong encryption in Perl(MacPerl). Onyone wann give me a hand??? Sent via Deja.com http://www.deja.com/ Before you buy. -- From: "r.e.s." [EMAIL PROTECTED] Subject: Re: What about the Satanic Seven??? Date: Wed, 19 Jan 2000 18:22:16 -0800 Thanks for the link. What does it mean for simply discussing, say, ARC4's algorithm? It's still not clear to me whether, for US citizens, public-domain "hard crypto" source code or algorithms may be posted without restriction in NGs. Does Paragraph 15 imply that it's OK to do so as long as one somehow informs BXA concurrently with every posting?! -- r.e.s. [EMAIL PROTECTED] "David Crick" [EMAIL PROTECTED] wrote ... : "John E. Kuslich" wrote: : : How do you stop those people in the seven bad nations from downloading : your stuff??? Do you have to have your server attempt to filter this : stuff? : : See http://207.96.11.93/Encryption/qanda.htm for answers to these : and many other questions :) : : David. -- From: [EMAIL PROTECTED] (DJohn37050) Subject: Re: ECC vs RSA - A.J.Menezes responds to Schneier Date: 20 Jan 2000 02:24:15 GMT In the Montgomery talk, he only had each machine talking to its N,S, E, and W neighbors. And each machine had only a part of the matrix. A lot was over my head. Don Johnson -- From: "Andre N Belokon" [EMAIL PROTECTED] Subject: ANN: ECBackup 1.1 - archiver with strong-security, based on open key technology (ECC) Date: Thu, 20 Jan 2000 04:34:27 +0200 Reply-To: "Andre N Belokon" [EMAIL PROTECTED] Hi All ! In new version add BWT-based compression method (like bzip2). Improved compression speed. For more detail visit to http://softlab.od.ua ECBackup 1.1 is a archiver with strong-security, based on open key technology. We used elliptic curves for open key and Blowfish for cipher. This has allow to get the greater security in contrast with RSA-based systems under the smaller length of key and more high speed. Key length up to 1900 bits (equivalent to more than 50,000 bits RSA-key) - it's a "paranoic" level of security ! Package contains three programs - keymaker, archiver and viewer. Keymaker create public key for your private password. Archiver uses this public key (not private password) for cryptooperation. With viewer you can view and extract files from archive, but for this you are to know private password. Open key technology guarantees impossibility of recovering a secret key on an known open key. Also you are to use this program for the safe exchange (like PGP) any types of files over internet or other facility to communications. WBR Andre N Belokon http://softlab.od.ua mailto:[EMAIL PROTECTED] -- From: "Duncan" [EMAIL PROTECTED] Subject: Encryption Speeds of Stream Ciphers Implemented on Hardware Date: Wed, 19 Jan 2000 21:40:48 -0500 I'm looking for the encryption speeds of stream ciphers implemented on chips. Bruce Schneier's Applied Cryptography 2/e (Table 17.3) gives the speeds of A5, PIKE, RC4 and SEAL on a 33MHz 486SX. Is there any information about the speeds of stream ciphers on hardware? -- Date: Wed, 19 Jan 2000 21:55:32 -0500 From: "Trevor Jackson, III" [EMAIL PROTECTED] Subject: Re: New Crypto Regulations JPeschel wrote: "Douglas A. Gwyn" [EMAIL PROTECTED] writes: JPeschel wrote: "Do
Cryptography-Digest Digest #933
Cryptography-Digest Digest #933, Volume #8 Tue, 19 Jan 99 22:13:03 EST Contents: Re: Visual Basic Cipher ("Oliver Keeling") Re: Metaphysics Of Randomness (Darren New) Re: interview (Mr. Tines) Re: Trying to find simple, yet effective implementation of crypto... (Mr. Tines) Re: Metaphysics Of Randomness (Darren New) Re: Metaphysics Of Randomness (R. Knauer) Re: Metaphysics Of Randomness (R. Knauer) Re: Metaphysics Of Randomness (Darren New) Re: Metaphysics Of Randomness (R. Knauer) From: "Oliver Keeling" [EMAIL PROTECTED] Subject: Re: Visual Basic Cipher Date: Tue, 19 Jan 1999 22:10:55 GMT Following on this thread - I came across the following in a VB news group. I haven't had the time yet to look at it in any detail but it seems to be XOR based - dunno how secure it is either, but it seems to work quite fast. There are some problems though - it seems to struggle with de-coding large string (it encodes OK) but drops short on the de-code. I put a 196Kb file through it and it encrypted it in a second or two (not lightening fast I know) but better than anything else I have tried in VB. But when I tried to decrypt it - it only de-crypted the first 20 lines or so. This I think is in part coz VB seems to take ASCII 26 to be the end of file marker so using - do while not eof(1) leads to problems!! Anyway - hope this helps and maybe some of the cryptanalists out there may be able to pass comment on how secure it is. Olly Option Explicit Function StrEncode(ByVal s As String, key As Long, salt As Boolean) As String Dim n As Long, i As Long, ss As String Dim k1 As Long, k2 As Long, k3 As Long, k4 As Long, t As Long Static saltvalue As String * 4 If salt Then For i = 1 To 4 t = 100 * (1 + Asc(Mid(saltvalue, i, 1))) * Rnd() * (Timer + 1) Mid(saltvalue, i, 1) = Chr(t Mod 256) Next s = Mid(saltvalue, 1, 2) s Mid(saltvalue, 3, 2) End If n = Len(s) ss = Space(n) ReDim sn(n) As Long k1 = 11 + (key Mod 233): k2 = 7 + (key Mod 239) k3 = 5 + (key Mod 241): k4 = 3 + (key Mod 251) For i = 1 To n: sn(i) = Asc(Mid(s, i, 1)): Next i For i = 2 To n: sn(i) = sn(i) Xor sn(i - 1) Xor ((k1 * sn(i - 1)) Mod 256): Next For i = n - 1 To 1 Step -1: sn(i) = sn(i) Xor sn(i + 1) Xor (k2 * sn(i + 1)) Mod 256: Next For i = 3 To n: sn(i) = sn(i) Xor sn(i - 2) Xor (k3 * sn(i - 1)) Mod 256: Next For i = n - 2 To 1 Step -1: sn(i) = sn(i) Xor sn(i + 2) Xor (k4 * sn(i + 1)) Mod 256: Next For i = 1 To n: Mid(ss, i, 1) = Chr(sn(i)): Next i StrEncode = ss saltvalue = Mid(ss, Len(ss) / 2, 4) End Function Function StrDecode(ByVal s As String, key As Long, salt As Boolean) As String Dim n As Long, i As Long, ss As String Dim k1 As Long, k2 As Long, k3 As Long, k4 As Long n = Len(s) ss = Space(n) ReDim sn(n) As Long k1 = 11 + (key Mod 233): k2 = 7 + (key Mod 239) k3 = 5 + (key Mod 241): k4 = 3 + (key Mod 251) For i = 1 To n: sn(i) = Asc(Mid(s, i, 1)): Next For i = 1 To n - 2: sn(i) = sn(i) Xor sn(i + 2) Xor (k4 * sn(i + 1)) Mod 256: Next For i = n To 3 Step -1: sn(i) = sn(i) Xor sn(i - 2) Xor (k3 * sn(i - 1)) Mod 256: Next For i = 1 To n - 1: sn(i) = sn(i) Xor sn(i + 1) Xor (k2 * sn(i + 1)) Mod 256: Next For i = n To 2 Step -1: sn(i) = sn(i) Xor sn(i - 1) Xor (k1 * sn(i - 1)) Mod 256: Next For i = 1 To n: Mid(ss, i, 1) = Chr(sn(i)): Next i If salt Then StrDecode = Mid(ss, 3, Len(ss) - 4) Else StrDecode = ss End Function 'Private Sub cmdDecrypt_Click() 'Dim key As Long 'Dim salt As Boolean 'Dim s As String, ss As String 'key = 1234567890 'Or any other postive integer 'salt = False 's = txt.Text 'ss = StrDecode(s, key, salt) 'txt.Text = ss 'End Sub 'Private Sub cmdEncrypt_Click() 'Dim key As Long 'Dim salt As Boolean 'Dim s As String, ss As String 'key = 1234567890 'Or any other postive integer 'salt = False 's = txt.Text 'ss = StrEncode(s, key, salt) 'txt.Text = ss 'End Sub -- From: Darren New [EMAIL PROTECTED] Subject: Re: Metaphysics Of Randomness Date: Tue, 19 Jan 1999 21:52:53 GMT Yes but calculating could take a very long time if the complexity of your algorithm is too great. See [1] for details. These are turing machines. You have all the time in the world. ;-) If you start worrying about the *efficiency* of your turing machines, or their speed, you have to start worrying about how long that infinite tape is going to get, too. :-) -- Darren New / Senior Software Architect / MessageMedia, Inc. San Diego, CA, USA (PST). Cryptokeys on demand. "You could even do it in C++, though that should only be done by folks who think that self-flagellation is for the effete." -- From: Mr. Tines [EMAIL PROTECTED] Subject: Re: interview Date: 19 Jan 1999 20:27 + ### On 19 Jan 1999 00:56:37 GMT, in 01be4345$57776740$0acdc8d0@computer-liebe "Phred Dobbs (take out t