Cryptography-Digest Digest #936
Cryptography-Digest Digest #936, Volume #13 Sun, 18 Mar 01 18:13:00 EST Contents: Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (Mok-Kong Shen) Re: SSL secured servers and TEMPEST ("Lyalc") Re: RSA (Gregory G Rose) Re: Algebraic 1024-bit block cipher (Gregory G Rose) Re: Latin Squares ("Kostadin Bajalcaliev") Bacon's cryptography? ("bookburn") Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (Nicol So) Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (Tim Tyler) Re: Random and RSA (Joe H. Acker) Re: Latin Squares (Mok-Kong Shen) Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (amateur) Re: How to eliminate redondancy? ("Trevor L. Jackson, III") Re: qrpff-New DVD decryption code ("Trevor L. Jackson, III") Re: Bacon's cryptography? (Mok-Kong Shen) Re: How to eliminate redondancy? ("Trevor L. Jackson, III") From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION Date: Sun, 18 Mar 2001 21:37:43 +0100 "SCOTT19U.ZIP_GUY" wrote: Get a list of allowed english words. The words are of the form of the spellings plus a space. Only one case allowed upper or lower. list has the word followed by weighted occurace in english. A computer program takes the list and makes a huffman tree or we usee a weigthed PPM tree ala Matt timmermans compressor code. When a message is to be encoded only the dictionary words are allowed. When the compression takes place it is fully bijective to a 8-bit byte binary file. Then you encrypt useing your favorite block cipher. Whan an attacker tries a wrong key it will always decrypt to a valid message full of english words. Your Huffman tree for words is just one kind of coding. Thus you are applying a codebook before encryption. A simpler alternative is to assign binary numbers to the words (assuming the size of the dictionary is 2^m, the numbers all have m bits). One first translates the words to the numbers and then encrpyts. If the wrong key is used to decrypt, then one gets wrong numbers leading to wrong words (yet valid words). One problem of using a dictionary, though, is that one doesn't have e.g. plurals of nouns, etc. M. K. Shen -- From: "Lyalc" [EMAIL PROTECTED] Subject: Re: SSL secured servers and TEMPEST Date: Mon, 19 Mar 2001 07:40:50 +1100 indeed. The target signals are are by previous definition, very low amplitude. In the same spectrum there are many much higher powered transmitters, for TV, radio, police, taxi, mobile phone et al. So the VCR receivers need to cope with recording amplitudes variations of more than 120db. Most VCR tapes only has about 30-60 db dynamic range, i think. And the VCR hardware is not designed for this large a dynamic signal range. So special, non-distorting amplitude clipping units need to be built for the VCR inputs (filters attenuate all signals more or less equally - we don't want to attenuate the low amplitude signals at all). And so far we haven't even tried to split the different frequency bands, align the noise floor amplitudes across all the VCRs, create a time/phase alignment process for the VCR, or split out the antenna amplifier output into 400 feed points. Yet we end up with a truck full of VCR units, requiring 20kW of power to drive (400 x 50w per VCR), neglecting cooling, that will capture 3 hours of doubtful data. And we need to repeat this process 24 hrs/day for maybe 3-10 weeks to get enough data to theoretically workable data. This is a not practical attack, IMHO. Lyal those who know me have no need of my name wrote in message ... [EMAIL PROTECTED] divulged: May calculation was as follows: a Video Signal has about 5 MHz of Bandwith. Just split that 2 GHz signal into 2000/5=400 5 MHz bands, transform them into the 0..5 MHz base band and then you "just" need 400 VCRs to store the signal. it may be that consumer vcr's aren't the optimum recording devices. -- okay, have a sig then -- From: [EMAIL PROTECTED] (Gregory G Rose) Subject: Re: RSA Date: 18 Mar 2001 12:51:26 -0800 In article [EMAIL PROTECTED], Mike Rosing [EMAIL PROTECTED] wrote: Joost van der Meer wrote: I've got to make an assignment for school about the RSA encryption system. I want to write a example, but I can't calculate the private key D. Is there anybody who can give me a whole example (prime numbers ( PQ) and exponents (ed) ??? Since all you need is an example, pick numbers you can work with on a calculator. For P and Q, choose 2 primes less than 300 (or whatever you feel like). Pick e = 3 (a sort of standard value, for your example it's fine). Then the hard part is finding d. You need e*d = 1 mod (P-1)*(Q-1). You can either brute force it (*very* time consuming) or you can go thru Euclid's algorithm to find the value of d. Since P and
Cryptography-Digest Digest #936
Cryptography-Digest Digest #936, Volume #12 Mon, 16 Oct 00 14:13:00 EDT Contents: Re: Basic skills and equipment... (Bob Silverman) Re: What is meant by non-Linear... ("Stephen M. Gardner") Re: Why trust root CAs ? (Bob Silverman) Re: Is it trivial for NSA to crack these ciphers? ("Stephen M. Gardner") Re: More on the SDMI challenge (Daniel Leonard) Re: SHA-256 implementation in pure C (free) (Anton Stiglic) very OT: gender vs. sex (Runu Knips) Re: Rijndael implementations (Runu Knips) Re: Rijndael implementations (Runu Knips) Is there a telnet client/server that will allow secure logins over telnet? (Alex) Oracle Security Server (table encryption) ([EMAIL PROTECTED]) Re: Is it trivial for NSA to crack these ciphers? ("Paul Pires") Re: Is there a telnet client/server that will allow secure logins over telnet? (Markus Salax) Re: More on the SDMI challenge (Scott Craver) Re: CHES 2001 Workshop (Mike Rosing) Re: 2 of 5 code, 3 of 7 code... (Mike Rosing) Re: Basic skills and equipment... (Mike Rosing) Re: Why trust root CAs ? (Pawel Krawczyk) MS's fast modular exponentiation claims II (JCA) From: Bob Silverman [EMAIL PROTECTED] Subject: Re: Basic skills and equipment... Date: Mon, 16 Oct 2000 13:24:05 GMT In article 01c035e5$4a72e300$LocalHost@betelgeuse, "Alexandros Andreou" [EMAIL PROTECTED] wrote: Hello all! I am beginning to enjoy cryptography, but I don't know where to start from. What are the essential mathematics skills one should have? The following are essential. Elementary Number Theory Elementary Group Theory Elementary Statistics and Probability The following are desirable Elementary Combinatorics Algorithmic COmplexity Theory -- Bob Silverman "You can lead a horse's ass to knowledge, but you can't make him think" Sent via Deja.com http://www.deja.com/ Before you buy. -- From: "Stephen M. Gardner" [EMAIL PROTECTED] Subject: Re: What is meant by non-Linear... Date: Mon, 16 Oct 2000 08:31:11 -0500 Tim Tyler wrote: I don't want to haggle; Then don't haggle, just draw. Draw some linear equations defined on a finite field (use a cylinder as the drawing surface if you want). Compare them to similar equations defined on an interval of the field of reals (again, mapped to the cylinder if you want). You will find that the finite field equations jump around instead of staying on the line. Don't argue, just draw. ;-) For example: What do you make of the following? y = 2x + 1 defined on GF(3) gives the following set of ordered pairs {(0,1), (1,0), (2,2)}. Draw that on a cylinder if you want but how does it lie on a line or line segment? "a straight line mapped onto the surface of a cylinder" is defined as having an equation in the form of either x = k, or theta = a.x + b. Where did you get this definition? How general is it? Hint: What assumptions are you making here about the field that the equations are defined on? -- Take a walk on the wild side: http://www.metronet.com/~gardner/ There is a road, no simple highway, between the dawn and the dark of night. And if you go no one may follow. That path is for your steps alone. The Grateful Dead ("Ripple") -- From: Bob Silverman [EMAIL PROTECTED] Subject: Re: Why trust root CAs ? Date: Mon, 16 Oct 2000 13:27:25 GMT In article eMoD5.416654$[EMAIL PROTECTED], [EMAIL PROTECTED] wrote: OK, so you're off to do some e-shopping. You click on the padlock and it says "this certificate belongs to bogus.com" and "this certificate was issued by snakeoil CA" (no I don't mean the CA generated by OpenSSL, I mean one of the "normal" ones like verisign or thawte...). All cryptography can do for you is to *shift* trust from one party to another. It can not create trust in the first place. One needs a starting point. Your question might also be answered by asking "how can you trust any piece of software?". One trusts CA's in the same way. I like David Gerrold's definition of trust: Trust is the condition necessary for betrayal. -- Bob Silverman "You can lead a horse's ass to knowledge, but you can't make him think" Sent via Deja.com http://www.deja.com/ Before you buy. -- From: "Stephen M. Gardner" [EMAIL PROTECTED] Subject: Re: Is it trivial for NSA to crack these ciphers? Date: Mon, 16 Oct 2000 08:20:57 -0500 "John A. Malley" wrote: It only takes a few zealots, people with a mission, to push the limits of the envelope; organizational adepts will recognize and capitalize on that generous, selfless behavior. Perhaps that is the major difference we have in viewpoint. I don't think there is anything generous or selfless about working for the
Cryptography-Digest Digest #936
Cryptography-Digest Digest #936, Volume #11 Sun, 4 Jun 00 09:13:00 EDT Contents: Re: Cipher design a fading field? (Mok-Kong Shen) Re: No-Key Encryption (Mok-Kong Shen) Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Alan Pascoe) Re: XTR independent benchmarks ("Eric Verheul") Re: XTR independent benchmarks ("Eric Verheul") Re: No-Key Encryption (David Formosa (aka ? the Platypus)) Re: Rivest's Multi-Grade Crypto (Mark Wooding) Re: Solovay-Strassen primality test (Mark Wooding) Re: Rivest's Multi-Grade Crypto (tomstd) Re: slfsr.c (tomstd) Re: Good ways to test. (tomstd) From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Cipher design a fading field? Date: Sun, 04 Jun 2000 11:44:52 +0200 John Savard wrote: "Douglas A. Gwyn" [EMAIL PROTECTED] wrote, in part: (a) It has not been demonstrated that a group of amateurs can in fact design a truly "strong" cipher. I wouldn't want to try decrypting something enciphered using Blowfish. But you are right, although what 'has not been demonstrated' is very nearly inherently impossible to demonstrate. I think that the question is ill-defined and can't be properly argued. In fact, if an amateur succeeds to design a strong cipher (we put aside the issue of 'strong'), then he is thereafter counted as a professional. Thus the proposition that no amateur has designed a strong cipher is sort of tautology. (b) I wish that the amateurs would quit inventing a plethora of new encryption schemes until they have figured out how to defeat the existing ones. This may be relevant to your thesis. But just because _they_ don't know how to crack the existing ones doesn't mean... I don't think that there is any professional who has done the excercise of cracking all ciphers that exist, before he attains the status of being professional. On the other hand, cryptanalysis knowledge is evidently required for a good design. However, I doubt that cryptanalysis of lots of very old ciphers are unconditionally advantageous (from a economical point of view) for would-be designers. For, if too much time is spent on these, one will never finish to be able to learn the more modern stuffs. (I believe that what wtshaw once expressed as 'climbing the fool's hill' is related to this issue. BTW, there might be certain people wishing to sponsor that sport, because that can be fun.) Will AES be the -final- cipher? Of course not. It won't even be the final encipherment scheme that somebody eventually figures out how to crack. that someone else might not. So, people who want security *now* might well need something that has a chance of being better than what exists. For those who are conservative and believe (whether justified or not) to be in need of higher security, the way of multiple encryptions is always open. M. K. Shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: No-Key Encryption Date: Sun, 04 Jun 2000 13:07:13 +0200 David Hopwood wrote: What identity? '*' was not stated to form a group [1], so A/A is not necessarily the same for all A. Even if it were, (A/A)*A is not necessarily equal to A (note that this is *not* implied by (A*A)/A = A), and certainly (A/A)*B is not necessarily equal to B, which your argument implicitly relies on. Sorry for a dumb question: '/' is the inverse of '*', isn't it? What does 'inverse' mean? Could you give a tiny easily comprehensible example? Thanks. M. K. Shen -- From: Alan Pascoe [EMAIL PROTECTED] Crossposted-To: uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May Date: Sun, 04 Jun 2000 13:00:39 +0100 David Boothroyd wrote: snip The proposals in the Bill are exactly the same as the ones Labour suggested before the election so there really isn't anything for anyone to get worked up about. The Conservatives were planning mandatory key escrow. Is what this government is doing basically different? It seems that in practice, users of PGP will have to retain their private keys and make them available to government agencies on demand. I can see little difference between this and Trusted Third Party arrangements. -- Alan PascoePGP Key: 0xD5B1715B Keep your files and e-mail private!http://www.pgpi.com -- From: "Eric Verheul" [EMAIL PROTECTED] Subject: Re: XTR independent benchmarks Date: Sun, 4 Jun 2000 13:43:43 +0200 First of all, the hard part of parameter generation in LUCDIF consists of generation a primenumber p of 512 bits and (and if you're smart a prime number q of about 170 bits, such that q divides p+1, if you want to be both safe and be able
Cryptography-Digest Digest #936
Cryptography-Digest Digest #936, Volume #10 Thu, 20 Jan 00 11:13:01 EST Contents: Re: ECC vs RSA - A.J.Menezes responds to Schneier (Tom St Denis) Re: Combination of stream and block encryption techniques (Mok-Kong Shen) Re: Beginners questions re-OTPs (Bill) Re: NIST, AES at RSA conference (Timothy M. Metzinger) ("Autoposting!") Re: Java's RSA implimentation (Tim Tyler) Re: NIST, AES at RSA conference (Serge Vaudenay) Re: Predicting Graphs. (Paul Koning) Re: Intel 810 chipset Random Number Generator (Paul Koning) Re: What about the Satanic Seven??? (Paul Koning) Re: Intel 810 chipset Random Number Generator ("Marty") From: Tom St Denis [EMAIL PROTECTED] Subject: Re: ECC vs RSA - A.J.Menezes responds to Schneier Date: Thu, 20 Jan 2000 13:03:14 GMT In article 865vmm$8es$[EMAIL PROTECTED], Greg [EMAIL PROTECTED] wrote: Perhaps I leave myself open to a known attack of a well studied curve, but it seems to me that this is prefered to leaving one's self open to a weakness in a random curve. Does this make sense? Sorry no comment. I could not see using a random prime. Again, why? Please tell us what you think is wrong with randomly chosen primes. Well, I mentioned in another thread that I am not sold on primes that are so large that they are tested and then at some point simply assumed to be prime. Some have told me that this does not weaken the cryptosystem, but I have always wondered why that would be if the strength depended on primes to begin with. Well there are ways to make primse and tests them. See Knuth Vol2 for info on that. The problem is spending an hour making a key is a bad idea. If it takes 2 mins to verify a key is ok that's not so shotty. Again, I believe a well studied cryptosystem and all of its components are superior to anything randomly selected on the fly- the latter seems like a crap shoot. If anything is randomly selected, it should be just as equally capable of being a strong candidate as any other. With primes, you do not have this. With integers used for ECC private keys, you get exactly that- except in a few cases, like 0, 1, and n-1, which are too easy not to avoid. Funny you say that but even in symmetric ciphers round keys are made on the fly. In RC5 for example it has never been proven to be a strong key schedule, yet people trust it IMHO, every cryptosystem today has its own small element of unknown. I simply have more confidence in one set of unknowns than I do in others. I really can't sleep at night knowing that my data is hanging from a crap shoot. It just does not work for me. Umm... maybe smoothness will be defined for ecc? hehehe RSA relies on this approach since primes are not "studied" ahead of use. I can't understand what you are saying here. What does it mean to "study" a prime? Also, what is the antecedent of the word "this" in the phrase "this approach"? As I understand it, RSA randomly generates prime candidates to use for private keys. You cannot take a lot of time and a lot of people to study a pair of primes to ensure they are really primes like you can an elliptic curve, because to do so exposes the keys. But again, others would say that this is not important- that a number does not have to be a pure prime. If you could explain that to me, I would be all ears. If you choose p and q, and say p actually is p = a * b, then your rsa key will not work since n = pq phi(n) = phi(pq) = (p - 1) * (q - 1) But the order of the group is not that.. it's actually phi(n) = (a - 1) * (b - 1) * (q - 1) But since p and q are random you can't be sure of either. Finally you will find that the original definition of phi will not let you find a decryption exponent. So the chances that a) the candidates survies testing and b) works flawlessly in RSA and c) are not prime, is very very very very slim... Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Combination of stream and block encryption techniques Date: Thu, 20 Jan 2000 14:39:49 +0100 John Savard wrote: I don't see what else there might be to say. I'm glad to see "establishment" support for this idea, which is one that will allow more secure ciphers to be constructed which still execute in a reasonable amount of time. Block ciphers do have certain convenience advantages, even if they are somewhat illusory: it's still inconvenient to do something different from what you understand, even if it wouldn't _really_ be any harder if you took the time to investigate more closely. The point worthy to be repeated is that one need not keep a strict distinction between stream and block ciphers, i.e. there is no sharp boundary between these, and one can theref
Cryptography-Digest Digest #936
Cryptography-Digest Digest #936, Volume #9 Sun, 25 Jul 99 18:13:03 EDT Contents: Novice question .. (Neil) Re: My Algorithm (Guenther Brunthaler) Re: What is skipjack ??? (wtshaw) Re: Algorithm/Code for Public Key Encryption? (Keith Reeves) Re: My Algorithm (SCOTT19U.ZIP_GUY) Another "Real Cute" Modulus Construction. (Ted Kaliszewski) Re: Between Silk and Cyanide Re: Between Silk and Cyanide Re: Between Silk and Cyanide (Paul Rubin) Re: Kryptos Beginning of publicatio of solution (Jerry Coffin) Re: How Big is a Byte? ("Douglas A. Gwyn") Re: Between Silk and Cyanide Re: What the hell is XOR? Kryptos morse code ("Stephen J. Perris") Re: X5X6 - "Keyless Encryption" is trademarked... (David C. Oshel) Re: Algorithm/Code for Public Key Encryption? (David C. Oshel) Re: hush mail (David A Molnar) Re: hush mail ("Thomas J. Boschloo") Re: Algorithm/Code for Public Key Encryption? (David C. Oshel) Re: Info needed on cryptography... (David A Molnar) From: [EMAIL PROTECTED] (Neil) Subject: Novice question .. Date: Sun, 25 Jul 1999 15:11:30 GMT I am just curious... If one took a fairly long message, say 200-300 words, and enciphered it wwith playfair and THEN used a second encipherment with a good transposition cipher ... wouldn't that be very tough to break?? Even with multiple messages, using different keys would still make it pretty tough, wouln't it? No flames, please! I am just trying to understand this stuff a little better. -- From: [EMAIL PROTECTED] (Guenther Brunthaler) Subject: Re: My Algorithm Date: Sun, 25 Jul 1999 15:08:53 GMT On Sun, 25 Jul 1999 14:15:43 GMT, [EMAIL PROTECTED] (Keith Reeves) wrote: key 00110110 in10010010 out 01011011 Um, that's just a standard XOR operation. Correct me if I'm wrong. NOT(XOR(x)) to be more precise! Greetings, Guenther -- Note: the 'From'-address shown in the header is an Anti-Spam fake-address. Please remove 'nospam.' from the address in order to get my real email address. In order to get my public RSA PGP-key, send mail with blank body to: [EMAIL PROTECTED] Subject: get 0x2D2F0683 Key ID: 2D2F0683, 1024 bit, created 1993/02/05 Fingerprint: 11 71 47 2F AF 2F CD F4 E6 78 D5 E5 3E DD 07 B5 -- From: [EMAIL PROTECTED] (wtshaw) Subject: Re: What is skipjack ??? Date: Sun, 25 Jul 1999 08:53:30 -0600 In article [EMAIL PROTECTED], fungus [EMAIL PROTECTED] wrote: spike wrote: Damn I did it again !!! :-) I mean... how does it compare to those algorithms with regard to security ? 80 bit key, 64 bit blocksize, designed by experts... Security has many components. Keysize might indicate something useful, but keysize in one algorithm is not necessarily relavent to keysize in another. As for experts, the guy with only one eye can be king in the land of the blind. Those with four start looking for that which having four helps them best to see, and tend avoid the concerns of those with fewer eyes as being unimportant. It all depends on what your end use and expectations are as to what security can and should be. Skipjack was written for certain uses with certain desired limitations. -- Real Newsreaders do not read/write in html. -- From: [EMAIL PROTECTED] (Keith Reeves) Subject: Re: Algorithm/Code for Public Key Encryption? Date: Sun, 25 Jul 1999 14:14:20 GMT On Sat, 24 Jul 1999 23:37:47 GMT, Nick Roosevelt [EMAIL PROTECTED] wrote: I am hoping to be able to implement encryption for a feature on a web site. It involves encrypting some data. I would like to use a double key/public key encryption algorithm. I am unable to use a component. I'm not sure what you mean by component - if you're talking about an exponent, you can pretty much forget about using RSA, which is the primary technique for public-key encryption. However, I don't see a reason why you can't get your hands on a modular exponentiation algorithm which will do the job on any decent PC. Anyhow, if you're thinking of using encryption on the web, the standard is SSL, if I'm not mistaken. Try to find some documentation on the subject, if you want to be compatible with the rest of the world. -- From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) Subject: Re: My Algorithm Date: Sun, 25 Jul 1999 16:03:54 GMT In article [EMAIL PROTECTED], "Steven Hudson" [EMAIL PROTECTED] wrote: I don't know if anyone has thought of this before but here is how it works: It takes the key and input char's(8 bits) and compares each bit in the input byte to the corasponding one in the key. Using a PRNG, if the bits are the same the output is a 1 or 0, depending on the PRNG. I then do the same thing with the output byte of the first operation with the last output byte of the previous input and key.