Cryptography-Digest Digest #936
Cryptography-Digest Digest #936, Volume #13 Sun, 18 Mar 01 18:13:00 EST
Contents:
Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (Mok-Kong Shen)
Re: SSL secured servers and TEMPEST ("Lyalc")
Re: RSA (Gregory G Rose)
Re: Algebraic 1024-bit block cipher (Gregory G Rose)
Re: Latin Squares ("Kostadin Bajalcaliev")
Bacon's cryptography? ("bookburn")
Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (Nicol So)
Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (Tim Tyler)
Re: Random and RSA (Joe H. Acker)
Re: Latin Squares (Mok-Kong Shen)
Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION (amateur)
Re: How to eliminate redondancy? ("Trevor L. Jackson, III")
Re: qrpff-New DVD decryption code ("Trevor L. Jackson, III")
Re: Bacon's cryptography? (Mok-Kong Shen)
Re: How to eliminate redondancy? ("Trevor L. Jackson, III")
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: IDEAL ENGLISH TEXT RIJNDAEL ENCRYPTION
Date: Sun, 18 Mar 2001 21:37:43 +0100
"SCOTT19U.ZIP_GUY" wrote:
Get a list of allowed english words. The words are of the
form of the spellings plus a space. Only one case allowed
upper or lower.
list has the word followed by weighted occurace in english.
A computer program takes the list and makes a huffman tree
or we usee a weigthed PPM tree ala Matt timmermans compressor
code.
When a message is to be encoded only the dictionary words are
allowed. When the compression takes place it is fully bijective
to a 8-bit byte binary file. Then you encrypt useing your
favorite block cipher.
Whan an attacker tries a wrong key it will always decrypt to
a valid message full of english words.
Your Huffman tree for words is just one kind of coding.
Thus you are applying a codebook before encryption.
A simpler alternative is to assign binary numbers to the
words (assuming the size of the dictionary is 2^m, the
numbers all have m bits). One first translates the words
to the numbers and then encrpyts. If the wrong key is
used to decrypt, then one gets wrong numbers leading
to wrong words (yet valid words). One problem of using
a dictionary, though, is that one doesn't have e.g.
plurals of nouns, etc.
M. K. Shen
--
From: "Lyalc" [EMAIL PROTECTED]
Subject: Re: SSL secured servers and TEMPEST
Date: Mon, 19 Mar 2001 07:40:50 +1100
indeed.
The target signals are are by previous definition, very low amplitude. In
the same spectrum there are many much higher powered transmitters, for TV,
radio, police, taxi, mobile phone et al.
So the VCR receivers need to cope with recording amplitudes variations of
more than 120db. Most VCR tapes only has about 30-60 db dynamic range, i
think.
And the VCR hardware is not designed for this large a dynamic signal range.
So special, non-distorting amplitude clipping units need to be built for the
VCR inputs (filters attenuate all signals more or less equally - we don't
want to attenuate the low amplitude signals at all).
And so far we haven't even tried to split the different frequency bands,
align the noise floor amplitudes across all the VCRs, create a time/phase
alignment process for the VCR, or split out the antenna amplifier output
into 400 feed points.
Yet we end up with a truck full of VCR units, requiring 20kW of power to
drive (400 x 50w per VCR), neglecting cooling, that will capture 3 hours of
doubtful data. And we need to repeat this process 24 hrs/day for maybe 3-10
weeks to get enough data to theoretically workable data.
This is a not practical attack, IMHO.
Lyal
those who know me have no need of my name wrote in message ...
[EMAIL PROTECTED] divulged:
May calculation was as follows: a Video Signal has about 5 MHz of
Bandwith. Just split that 2 GHz signal into 2000/5=400 5 MHz bands,
transform them into the 0..5 MHz base band and then you "just" need
400 VCRs to store the signal.
it may be that consumer vcr's aren't the optimum recording devices.
--
okay, have a sig then
--
From: [EMAIL PROTECTED] (Gregory G Rose)
Subject: Re: RSA
Date: 18 Mar 2001 12:51:26 -0800
In article [EMAIL PROTECTED],
Mike Rosing [EMAIL PROTECTED] wrote:
Joost van der Meer wrote:
I've got to make an assignment for school about the RSA encryption system. I
want to write a example, but I can't calculate the private key D. Is there
anybody who can give me a whole example (prime numbers ( PQ) and exponents
(ed) ???
Since all you need is an example, pick numbers you can work with on a calculator.
For P and Q, choose 2 primes less than 300 (or whatever you feel like). Pick
e = 3 (a sort of standard value, for your example it's fine). Then the hard
part is finding d. You need e*d = 1 mod (P-1)*(Q-1). You can either brute force
it (*very* time consuming) or you can go thru Euclid's algorithm to find the
value of d. Since P and
Cryptography-Digest Digest #936
Cryptography-Digest Digest #936, Volume #12 Mon, 16 Oct 00 14:13:00 EDT
Contents:
Re: Basic skills and equipment... (Bob Silverman)
Re: What is meant by non-Linear... ("Stephen M. Gardner")
Re: Why trust root CAs ? (Bob Silverman)
Re: Is it trivial for NSA to crack these ciphers? ("Stephen M. Gardner")
Re: More on the SDMI challenge (Daniel Leonard)
Re: SHA-256 implementation in pure C (free) (Anton Stiglic)
very OT: gender vs. sex (Runu Knips)
Re: Rijndael implementations (Runu Knips)
Re: Rijndael implementations (Runu Knips)
Is there a telnet client/server that will allow secure logins over telnet? (Alex)
Oracle Security Server (table encryption) ([EMAIL PROTECTED])
Re: Is it trivial for NSA to crack these ciphers? ("Paul Pires")
Re: Is there a telnet client/server that will allow secure logins over telnet?
(Markus Salax)
Re: More on the SDMI challenge (Scott Craver)
Re: CHES 2001 Workshop (Mike Rosing)
Re: 2 of 5 code, 3 of 7 code... (Mike Rosing)
Re: Basic skills and equipment... (Mike Rosing)
Re: Why trust root CAs ? (Pawel Krawczyk)
MS's fast modular exponentiation claims II (JCA)
From: Bob Silverman [EMAIL PROTECTED]
Subject: Re: Basic skills and equipment...
Date: Mon, 16 Oct 2000 13:24:05 GMT
In article 01c035e5$4a72e300$LocalHost@betelgeuse,
"Alexandros Andreou" [EMAIL PROTECTED] wrote:
Hello all!
I am beginning to enjoy cryptography, but I don't know where to start
from.
What are the essential mathematics skills one should have?
The following are essential.
Elementary Number Theory
Elementary Group Theory
Elementary Statistics and Probability
The following are desirable
Elementary Combinatorics
Algorithmic COmplexity Theory
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: "Stephen M. Gardner" [EMAIL PROTECTED]
Subject: Re: What is meant by non-Linear...
Date: Mon, 16 Oct 2000 08:31:11 -0500
Tim Tyler wrote:
I don't want to haggle;
Then don't haggle, just draw. Draw some linear equations defined on a finite field
(use a cylinder as the drawing surface if you want). Compare them to similar
equations defined on an interval of the field of reals (again, mapped to the
cylinder if you want). You will find that the finite field equations jump around
instead of staying on the line. Don't argue, just draw. ;-)
For example: What do you make of the following?
y = 2x + 1 defined on GF(3) gives the following set of ordered pairs {(0,1), (1,0),
(2,2)}. Draw that on a cylinder if you want but how does it lie on a line or line
segment?
"a straight line mapped onto the surface of a
cylinder" is defined as having an equation in the form of either x = k,
or theta = a.x + b.
Where did you get this definition? How general is it? Hint: What assumptions
are you making here about the field that the equations are defined on?
--
Take a walk on the wild side: http://www.metronet.com/~gardner/
There is a road, no simple highway, between the dawn and the
dark of night. And if you go no one may follow. That path is
for your steps alone.
The Grateful Dead ("Ripple")
--
From: Bob Silverman [EMAIL PROTECTED]
Subject: Re: Why trust root CAs ?
Date: Mon, 16 Oct 2000 13:27:25 GMT
In article eMoD5.416654$[EMAIL PROTECTED],
[EMAIL PROTECTED] wrote:
OK, so you're off to do some e-shopping. You click on the padlock and
it says "this certificate belongs to bogus.com" and
"this certificate was issued by snakeoil CA" (no I don't mean
the CA generated by OpenSSL, I mean one of the "normal" ones
like verisign or thawte...).
All cryptography can do for you is to *shift* trust from one party
to another. It can not create trust in the first place. One needs
a starting point.
Your question might also be answered by asking "how can you trust
any piece of software?". One trusts CA's in the same way.
I like David Gerrold's definition of trust:
Trust is the condition necessary for betrayal.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: "Stephen M. Gardner" [EMAIL PROTECTED]
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: Mon, 16 Oct 2000 08:20:57 -0500
"John A. Malley" wrote:
It only takes a few zealots, people with a mission, to push the limits
of the envelope; organizational adepts will recognize and capitalize on
that generous, selfless behavior.
Perhaps that is the major difference we have in viewpoint. I don't think there
is anything generous or selfless about working for the
Cryptography-Digest Digest #936
Cryptography-Digest Digest #936, Volume #11 Sun, 4 Jun 00 09:13:00 EDT
Contents:
Re: Cipher design a fading field? (Mok-Kong Shen)
Re: No-Key Encryption (Mok-Kong Shen)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Alan Pascoe)
Re: XTR independent benchmarks ("Eric Verheul")
Re: XTR independent benchmarks ("Eric Verheul")
Re: No-Key Encryption (David Formosa (aka ? the Platypus))
Re: Rivest's Multi-Grade Crypto (Mark Wooding)
Re: Solovay-Strassen primality test (Mark Wooding)
Re: Rivest's Multi-Grade Crypto (tomstd)
Re: slfsr.c (tomstd)
Re: Good ways to test. (tomstd)
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Cipher design a fading field?
Date: Sun, 04 Jun 2000 11:44:52 +0200
John Savard wrote:
"Douglas A. Gwyn" [EMAIL PROTECTED] wrote, in part:
(a) It has not been demonstrated that a group of amateurs can
in fact design a truly "strong" cipher.
I wouldn't want to try decrypting something enciphered using Blowfish.
But you are right, although what 'has not been demonstrated' is very
nearly inherently impossible to demonstrate.
I think that the question is ill-defined and can't be properly argued. In
fact, if an amateur succeeds to design a strong cipher (we put aside the
issue of 'strong'), then he is thereafter counted as a professional. Thus
the proposition that no amateur has designed a strong cipher is sort of
tautology.
(b) I wish that the amateurs would quit inventing a plethora
of new encryption schemes until they have figured out how to
defeat the existing ones. This may be relevant to your thesis.
But just because _they_ don't know how to crack the existing ones
doesn't mean...
I don't think that there is any professional who has done the excercise
of cracking all ciphers that exist, before he attains the status of being
professional. On the other hand, cryptanalysis knowledge is evidently
required for a good design. However, I doubt that cryptanalysis of
lots of very old ciphers are unconditionally advantageous (from a
economical point of view) for would-be designers. For, if too much
time is spent on these, one will never finish to be able to learn the
more modern stuffs. (I believe that what wtshaw once expressed as
'climbing the fool's hill' is related to this issue. BTW, there might be
certain people wishing to sponsor that sport, because that can be fun.)
Will AES be the -final- cipher?
Of course not. It won't even be the final encipherment
scheme that somebody eventually figures out how to crack.
that someone else might not. So, people who want security *now* might
well need something that has a chance of being better than what
exists.
For those who are conservative and believe (whether justified or
not) to be in need of higher security, the way of multiple encryptions
is always open.
M. K. Shen
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: No-Key Encryption
Date: Sun, 04 Jun 2000 13:07:13 +0200
David Hopwood wrote:
What identity? '*' was not stated to form a group [1], so A/A is not
necessarily the same for all A. Even if it were, (A/A)*A is not
necessarily equal to A (note that this is *not* implied by (A*A)/A = A),
and certainly (A/A)*B is not necessarily equal to B, which your argument
implicitly relies on.
Sorry for a dumb question: '/' is the inverse of '*', isn't it? What does
'inverse' mean? Could you give a tiny easily comprehensible example?
Thanks.
M. K. Shen
--
From: Alan Pascoe [EMAIL PROTECTED]
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Sun, 04 Jun 2000 13:00:39 +0100
David Boothroyd wrote:
snip
The proposals in the Bill are exactly the same as the ones Labour suggested
before the election so there really isn't anything for anyone to get
worked up about. The Conservatives were planning mandatory key escrow.
Is what this government is doing basically different? It seems that in
practice, users of PGP will have to retain their private keys and make
them available to government agencies on demand. I can see little
difference between this and Trusted Third Party arrangements.
--
Alan PascoePGP Key: 0xD5B1715B
Keep your files and e-mail private!http://www.pgpi.com
--
From: "Eric Verheul" [EMAIL PROTECTED]
Subject: Re: XTR independent benchmarks
Date: Sun, 4 Jun 2000 13:43:43 +0200
First of all, the hard part of parameter generation in
LUCDIF consists of
generation a
primenumber p of 512 bits and (and if you're smart a prime
number q of about
170 bits, such that
q divides p+1, if you want to be both safe and be able
Cryptography-Digest Digest #936
Cryptography-Digest Digest #936, Volume #10 Thu, 20 Jan 00 11:13:01 EST
Contents:
Re: ECC vs RSA - A.J.Menezes responds to Schneier (Tom St Denis)
Re: Combination of stream and block encryption techniques (Mok-Kong Shen)
Re: Beginners questions re-OTPs (Bill)
Re: NIST, AES at RSA conference (Timothy M. Metzinger)
("Autoposting!")
Re: Java's RSA implimentation (Tim Tyler)
Re: NIST, AES at RSA conference (Serge Vaudenay)
Re: Predicting Graphs. (Paul Koning)
Re: Intel 810 chipset Random Number Generator (Paul Koning)
Re: What about the Satanic Seven??? (Paul Koning)
Re: Intel 810 chipset Random Number Generator ("Marty")
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: ECC vs RSA - A.J.Menezes responds to Schneier
Date: Thu, 20 Jan 2000 13:03:14 GMT
In article 865vmm$8es$[EMAIL PROTECTED],
Greg [EMAIL PROTECTED] wrote:
Perhaps I leave myself open to a known attack of a well studied
curve, but it seems to me that this is prefered to leaving one's
self open to a weakness in a random curve. Does this make sense?
Sorry no comment.
I could not see using a random prime.
Again, why? Please tell us what you think is wrong with
randomly chosen primes.
Well, I mentioned in another thread that I am not sold on primes
that are so large that they are tested and then at some point
simply assumed to be prime. Some have told me that this does not
weaken the cryptosystem, but I have always wondered why that would
be if the strength depended on primes to begin with.
Well there are ways to make primse and tests them. See Knuth Vol2 for
info on that. The problem is spending an hour making a key is a bad
idea. If it takes 2 mins to verify a key is ok that's not so shotty.
Again, I believe a well studied cryptosystem and all of its
components are superior to anything randomly selected on the
fly- the latter seems like a crap shoot. If anything is
randomly selected, it should be just as equally capable
of being a strong candidate as any other. With primes,
you do not have this. With integers used for ECC private keys,
you get exactly that- except in a few cases, like 0, 1, and n-1,
which are too easy not to avoid.
Funny you say that but even in symmetric ciphers round keys are made on
the fly. In RC5 for example it has never been proven to be a strong
key schedule, yet people trust it
IMHO, every cryptosystem today has its own small element
of unknown. I simply have more confidence in one set of unknowns
than I do in others. I really can't sleep at night knowing that
my data is hanging from a crap shoot. It just does not work
for me.
Umm... maybe smoothness will be defined for ecc? hehehe
RSA relies on
this approach since primes are not "studied" ahead of use.
I can't understand what you are saying here. What does it mean to
"study" a prime? Also, what is the antecedent of the word "this"
in the phrase "this approach"?
As I understand it, RSA randomly generates prime candidates
to use for private keys. You cannot take a lot of time and
a lot of people to study a pair of primes to ensure they are
really primes like you can an elliptic curve, because to do
so exposes the keys. But again, others would say that this
is not important- that a number does not have to be a pure
prime. If you could explain that to me, I would be all ears.
If you choose p and q, and say p actually is p = a * b, then your rsa
key will not work since
n = pq
phi(n) = phi(pq) = (p - 1) * (q - 1)
But the order of the group is not that.. it's actually
phi(n) = (a - 1) * (b - 1) * (q - 1)
But since p and q are random you can't be sure of either. Finally you
will find that the original definition of phi will not let you find a
decryption exponent.
So the chances that a) the candidates survies testing and b) works
flawlessly in RSA and c) are not prime, is very very very very slim...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Combination of stream and block encryption techniques
Date: Thu, 20 Jan 2000 14:39:49 +0100
John Savard wrote:
I don't see what else there might be to say. I'm glad to see
"establishment" support for this idea, which is one that will allow
more secure ciphers to be constructed which still execute in a
reasonable amount of time.
Block ciphers do have certain convenience advantages, even if they are
somewhat illusory: it's still inconvenient to do something different
from what you understand, even if it wouldn't _really_ be any harder
if you took the time to investigate more closely.
The point worthy to be repeated is that one need not keep a strict
distinction between stream and block ciphers, i.e. there is no sharp
boundary between these, and one can theref
Cryptography-Digest Digest #936
Cryptography-Digest Digest #936, Volume #9 Sun, 25 Jul 99 18:13:03 EDT
Contents:
Novice question .. (Neil)
Re: My Algorithm (Guenther Brunthaler)
Re: What is skipjack ??? (wtshaw)
Re: Algorithm/Code for Public Key Encryption? (Keith Reeves)
Re: My Algorithm (SCOTT19U.ZIP_GUY)
Another "Real Cute" Modulus Construction. (Ted Kaliszewski)
Re: Between Silk and Cyanide
Re: Between Silk and Cyanide
Re: Between Silk and Cyanide (Paul Rubin)
Re: Kryptos Beginning of publicatio of solution (Jerry Coffin)
Re: How Big is a Byte? ("Douglas A. Gwyn")
Re: Between Silk and Cyanide
Re: What the hell is XOR?
Kryptos morse code ("Stephen J. Perris")
Re: X5X6 - "Keyless Encryption" is trademarked... (David C. Oshel)
Re: Algorithm/Code for Public Key Encryption? (David C. Oshel)
Re: hush mail (David A Molnar)
Re: hush mail ("Thomas J. Boschloo")
Re: Algorithm/Code for Public Key Encryption? (David C. Oshel)
Re: Info needed on cryptography... (David A Molnar)
From: [EMAIL PROTECTED] (Neil)
Subject: Novice question ..
Date: Sun, 25 Jul 1999 15:11:30 GMT
I am just curious...
If one took a fairly long message, say 200-300 words, and enciphered
it wwith playfair and THEN used a second encipherment with a good
transposition cipher ... wouldn't that be very tough to break??
Even with multiple messages, using different keys would still make it
pretty tough, wouln't it?
No flames, please! I am just trying to understand this stuff a little
better.
--
From: [EMAIL PROTECTED] (Guenther Brunthaler)
Subject: Re: My Algorithm
Date: Sun, 25 Jul 1999 15:08:53 GMT
On Sun, 25 Jul 1999 14:15:43 GMT, [EMAIL PROTECTED] (Keith
Reeves) wrote:
key 00110110
in10010010
out 01011011
Um, that's just a standard XOR operation. Correct me if I'm wrong.
NOT(XOR(x)) to be more precise!
Greetings,
Guenther
--
Note: the 'From'-address shown in the header is an Anti-Spam
fake-address. Please remove 'nospam.' from the address in order
to get my real email address.
In order to get my public RSA PGP-key, send mail with blank body
to: [EMAIL PROTECTED]
Subject: get 0x2D2F0683
Key ID: 2D2F0683, 1024 bit, created 1993/02/05
Fingerprint: 11 71 47 2F AF 2F CD F4 E6 78 D5 E5 3E DD 07 B5
--
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: What is skipjack ???
Date: Sun, 25 Jul 1999 08:53:30 -0600
In article [EMAIL PROTECTED], fungus
[EMAIL PROTECTED] wrote:
spike wrote:
Damn I did it again !!! :-)
I mean... how does it compare to those algorithms with regard to security ?
80 bit key, 64 bit blocksize, designed by experts...
Security has many components. Keysize might indicate something useful,
but keysize in one algorithm is not necessarily relavent to keysize in
another.
As for experts, the guy with only one eye can be king in the land of the
blind. Those with four start looking for that which having four helps them
best to see, and tend avoid the concerns of those with fewer eyes as being
unimportant.
It all depends on what your end use and expectations are as to what
security can and should be. Skipjack was written for certain uses with
certain desired limitations.
--
Real Newsreaders do not read/write in html.
--
From: [EMAIL PROTECTED] (Keith Reeves)
Subject: Re: Algorithm/Code for Public Key Encryption?
Date: Sun, 25 Jul 1999 14:14:20 GMT
On Sat, 24 Jul 1999 23:37:47 GMT, Nick Roosevelt [EMAIL PROTECTED]
wrote:
I am hoping to be able to implement encryption for a feature on a web
site. It involves encrypting some data. I would like to use a double
key/public key encryption algorithm. I am unable to use a component.
I'm not sure what you mean by component - if you're talking about an
exponent, you can pretty much forget about using RSA, which is the
primary technique for public-key encryption. However, I don't see a
reason why you can't get your hands on a modular exponentiation
algorithm which will do the job on any decent PC.
Anyhow, if you're thinking of using encryption on the web, the
standard is SSL, if I'm not mistaken. Try to find some documentation
on the subject, if you want to be compatible with the rest of the
world.
--
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: My Algorithm
Date: Sun, 25 Jul 1999 16:03:54 GMT
In article [EMAIL PROTECTED], "Steven Hudson" [EMAIL PROTECTED]
wrote:
I don't know if anyone has thought of this before but here is how it works:
It takes the key and input char's(8 bits) and compares each bit in the input
byte to the corasponding one in the key. Using a PRNG, if the bits are the
same the output is a 1 or 0, depending on the PRNG. I then do the same
thing with the output byte of the first operation with the last output byte
of the previous input and key.
