Cryptography-Digest Digest #948
Cryptography-Digest Digest #948, Volume #13 Tue, 20 Mar 01 08:13:01 EST
Contents:
Re: Codes that use *numbers* for keys (David Schwartz)
Re: Idea (David Schwartz)
Re: NSA in the news on CNN ("Mxsmanic")
Re: Fast and Easy crypt send (Joe H. Acker)
Re: AES encryption speed vs decryption speed (Panu =?iso-8859-1?Q?H=E4m=E4l=E4inen?=)
Re: [OT] Why Nazis are evil (Benjamin Goldberg)
Re: Codes that use *numbers* for keys (Juuichiketajin)
Re: AES encryption speed vs decryption speed ("Brian Gladman")
Re: Is SHA-1 Broken? (Volker Hetzer)
Re: Codes that use *numbers* for keys ("Tom St Denis")
Re: Codes that use *numbers* for keys (Paul Schlyter)
Re: OT: TV Licensing - final answer - sorry for xpost (Richard Herring)
Re: How to eliminate redondancy? (Benjamin Goldberg)
Re: Cipher Idea #1 Block Cipher 512-bit block, arbitrary keysize (long) (Benjamin
Goldberg)
Re: AES encryption speed vs decryption speed (Panu =?iso-8859-1?Q?H=E4m=E4l=E4inen?=)
From: David Schwartz [EMAIL PROTECTED]
Subject: Re: Codes that use *numbers* for keys
Date: Tue, 20 Mar 2001 02:07:21 -0800
"Henrick Hellström" wrote:
Most modern processors work internally on bits. Most modern processors also
work internally on decimals. Intels x86- x87-processors support Binary
Coded Decimals, instructions like e.g. DAA, decimal adjust after addition,
etc.
Actually, these operations are required because the processors do not
support binary coded decimals. If they did, there would be no need to
adjust anything. The 'DAA' function, for example, transforms an input
string of bits into an output string of bits.
You can use these bits to represent decimals if you want, and the
processor may or may not help you make sense of this. But that is a far
cry from using decimal representation internally.
DS
--
From: David Schwartz [EMAIL PROTECTED]
Subject: Re: Idea
Date: Tue, 20 Mar 2001 02:09:38 -0800
"SCOTT19U.ZIP_GUY" wrote:
I hate it when people think it is necessiary to prove one
is qualified to do something.
Why? Because you can't prove you're qualified?
Just what the hell does that mean.
It means that you have to show that you're qualified to do something.
How hard is that to understand?
[snip of rant]
That's nice, but it has nothing to do with proving that you are
qualified to do something. In fact, your problem seems to be that you
were never given the oppurtunity to prove that you were qualified. So
your rant actually argues against the point you claim it supports.
DS
--
From: "Mxsmanic" [EMAIL PROTECTED]
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: NSA in the news on CNN
Date: Tue, 20 Mar 2001 10:22:19 GMT
I saw it on CNN's Web site. I don't watch CNN on TV, so I don't know
what the broadcast schedule might be (indeed, I'm not even sure that it
appears on the air, as opposed to the Web site, but I don't really
know).
"jtnews" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
Can you email me the program time?
thanks!
Mxsmanic wrote:
CNN has a special series on the NSA (how times change!) this week,
which
may generate some interest in PGP, as I presume they'll eventually
get
around to mentioning the program. They are supposed to talk about
encryption in days to come, but I don't know to what extent. The
series
even shows pictures from inside the NSA! Those people at Fort Meade
must be getting desperate for funding, or something!
--
From: [EMAIL PROTECTED] (Joe H. Acker)
Subject: Re: Fast and Easy crypt send
Date: Tue, 20 Mar 2001 11:26:24 +0100
amateur [EMAIL PROTECTED] wrote:
The text is encrypted with my algo. Read before attaching.
The ouput you are looking for is random.
Every bit is crypted with symbol which is choosen randomly.
If I choose odd and even to encrypt. Then the number 0 or 2 or 4 or 6 or
8 represent the bit 0.
So the ouput E you are trying to test is random.
That's what you don't understand.
I'm an amateur as well. Here is what doesn't get into my head: Why the
heck to you continuously think that the attacker cannot recognize that
you are using two categories (like odd and even numbers, open and closed
letters, and so on)?
You seriously underestimate the intellectual abilities of your
adversary. Just imagine that it's not your sister that is analysing your
cipher, but dozens of mathematicians that have been working in the field
of cryptography for dozens of years. They are likely to understand your
two-category scheme at the glance of an eye, especially since they
regularly read sci.crypt and know your cipher anyway.
You need to read a good book on the history of cryptography.
Regards,
Erich
-
Cryptography-Digest Digest #948
Cryptography-Digest Digest #948, Volume #12 Wed, 18 Oct 00 04:13:00 EDT
Contents:
Re: Storing an Integer on a stream ("David Thompson")
Re: SALT + stream cipher ("Joseph Ashwood")
Re: useful literature? ("John A. Malley")
CHAP security hole question ([EMAIL PROTECTED])
Re: DNA encoding ("John A. Malley")
Re: Pegwit group started to make a alternative to PGP based on ECC (Frank M. Siegert)
Re: Pegwit group started to make a alternative to PGP based on ECC ("Benny Nissen")
Re: DNA encoding ([EMAIL PROTECTED])
Re: Stolen Enigma Machine Recovered (David Hopwood)
How insecure is this... ([EMAIL PROTECTED])
From: "David Thompson" [EMAIL PROTECTED]
Subject: Re: Storing an Integer on a stream
Date: Wed, 18 Oct 2000 04:05:51 GMT
Benjamin Goldberg [EMAIL PROTECTED] wrote :
If I'm writing a file, whose format is a 64 bit file length, followed by
some amount of data, followed by some [random] padding, which of the
following is the best way to store that length value:
1) 8 base-256 digits. With this format, we always use 8 bytes.
2) Some number of base-255 digits, with leading 0 digits stripped,
terminated by the value 255. With this format, we always use at least 1
byte (for a value of 0, which is written as just the terminator (255)),
but generally use 2..9 bytes.
3) Some number of base-128 digits, with leading 0 digits stripped, all
but the last prefixed by a 0 bit, and the last prefixed by a 1 bit.
With this format, values 0..127 use 1 byte, 128..(128**2-1) uses 2
bytes, etc, with 9 bytes being used for a 63 bit value, and 10 bytes
used for a 64 bit value.
...
By the way, I think I should mention that in the perl programming
language, the builtin functions pack() and unpack() have a template type
for method 2, which (If I recall correctly) uses the letter 'w' and is
refered to as Berweiss-encoding of an integer.
perl pack/unpack 'w' is base-128+more, like your method *3*,
but you have the high bit wrong; it is 1 for all bytes but the last.
This is the nominal encoding for extended tags and OIDs
used in BER, the Basic Encoding Rules for ASN.1, the
Abstract Syntax Notation first defined by CCITT/ITU-T
and spread via remote operation to Internet management
(SNMP/MIBs/DMOs) and by X.509 (certs and CRLs)
and PKCS to SSL/TLS, S/MIME, and PKIX (but not PGP).
(Actually certificates, and other signed data, use a subset
called DER, the Distinguished Encoding Rules, because
a signature must reliably be analyzed by the verifier
against exactly the same data as by the signer.)
I have no idea where "weiss" came into this.
Personally I kind of like method 2 just because I've never seen
any good use for base-255 and it would be fun to have one.
It is the most space-efficient of your (byte-oriented) choices
for values likely to be of interest (up to maybe 2**50), though
"wasting" 2 bytes per file is hardly worth worrying about.
The consensus view is that if you are using an encryption algorithm
for which known plaintext is a problem, you need a better algorithm
anyway. Even if you eliminate the (fixed) zeros of method 1,
unless you use *large* amounts of padding (or cover traffic),
an eavesdropper will be able to make a pretty fair guess of
the size of your file and thus the encoding of its length.
--
- David.Thompson 1 now at worldnet.att.net
--
From: "Joseph Ashwood" [EMAIL PROTECTED]
Subject: Re: SALT + stream cipher
Date: Tue, 17 Oct 2000 15:11:48 -0700
A decrease in entropy can occur in an hashing algorithm? Is this true,
can you present a logical argument for this?
I certainly can, here goes:
A hash algorithm maps from {0,1}**n to {0,1}**k for some fixed k and
arbitrary n
set n - k+1
There must exist 2 input values of length n that produce the same output
value
The difference between these 2 values is lost, therefore entropy was lost.
The point at which this happens depends on the input and the hash function
itself.
Joe
--
From: "John A. Malley" [EMAIL PROTECTED]
Subject: Re: useful literature?
Date: Tue, 17 Oct 2000 22:24:21 -0700
Florian Peterl wrote:
Hello Guys,
has anybody any recommendation concerning literature in cryptography?
I'm not a rookie but I'm not a professional in that subject.
Thanks for your help
Might I suggest
"Cryptography, Theory and Practice" by Douglas R. Stinson,
"Decrypted Secrets, Methods and Maxims of Cryptology" by F.L. Bauer,
"Cryptanalysis, A Study of Ciphers and Their Solution" by Helen Fouche
Gaines,
"Applied Cryptography, Protocols Algorithms and Source Code in C" by
Bruce Schneier,
and either "Military Cryptanalysis Parts I, II, III and IV" by
William F. Friedman
or
"Military Cr
Cryptography-Digest Digest #948
Cryptography-Digest Digest #948, Volume #11 Mon, 5 Jun 00 16:13:00 EDT
Contents:
Re: Concerning UK publishes "impossible" decryption law (Your Name)
Re: Cipher design a fading field? ("Paul Pires")
Re: Concerning UK publishes "impossible" decryption law (Your Name)
Re: Can we say addicted? (Mike Rosing)
Re: Good ways to test. (James Felling)
Re: Quantum computers (Mike Rosing)
Re: Observer 4/6/2000: "Your privacy ends here" (Jim)
Re: Observer 4/6/2000: "Your privacy ends here" (Jim)
Re: Could RC4 used to generate S-Boxes? (Simon Johnson)
Re: Observer 4/6/2000: "Your privacy ends here" (Ian Wiles)
Re: Newcomer seeks clarification re download encryption (Mike Rosing)
Re: Concerning UK publishes "impossible" decryption law (Jerry Coffin)
Re: otp breaktrough ! (Simon Johnson)
Re: Question about recommended keysizes (768 bit RSA) (Roger Schlafly)
Re: RSA Algorithm (wtshaw)
From: [EMAIL PROTECTED] (Your Name)
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,alt.privacy
Subject: Re: Concerning UK publishes "impossible" decryption law
Date: Mon, 05 Jun 2000 17:14:28 GMT
On Sun, 04 Jun 2000 16:30:11 GMT, [EMAIL PROTECTED]
(Jim) wrote:
128 bit PGP has been cracked according to announcements
posted here some time ago.
I don't think anyone saw any proof of this, did they?
Some time ago, a 129 bit RSA key (asymmetric) was cracked by
brute force. Maybe it is this fact that is being referenced.
Rich Eramian aka freeman at shore dot net
--
From: "Paul Pires" [EMAIL PROTECTED]
Subject: Re: Cipher design a fading field?
Date: Mon, 5 Jun 2000 10:12:06 -0700
Anton Stiglic [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
[EMAIL PROTECTED] wrote:
(b) I wish professional cryptographers would quit inventing a plethora
of new encryption schemes a.k.a. AES, until the have figured out how to
defeat the existing ones e.g. DESX, Triple-DES, IDEA, Blowfish, GOST, ad
infinitum. This is exactly my point, why use a new cipher when it may
or may not be more secure than the old one?
We all know of good reasons why we want DES to be replaced, 56 bit keys
is not enough security. We know why we want to replace 3-DES, DES was
designed for hardware, allot of encryption is being done in software, we
want something that is fast in software (and still keep it fast in
hardware).
Why don't we use Blowfish for example? Well, one reason is that it has
not
gotten the cryptanalysis spotlight yet. Meaning, crytanalysts have not
been
motivated enough to try to break it. TwoFish replaces Blowish, and is
now
getting the "cryptanalysis spotlight". Of course, we won't get anything
provably secure out of AES, but at least we'll get an encryption cipher
that
performs well under various conditions, and the ciphers have gotten the
attention of the whole crytanalysis community.
By the way, where is the web page of the little sci.crypt cipher
contest?
Anton
http://www.wizard.net/~echo/crypto-contest.html
Paul
--
From: [EMAIL PROTECTED] (Your Name)
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,alt.privacy
Subject: Re: Concerning UK publishes "impossible" decryption law
Date: Mon, 05 Jun 2000 17:20:23 GMT
On Mon, 05 Jun 2000 02:14:11 +0100, Dave Howe DHowe@hawkswing wrote:
In our last episode (alt.security.pgp[Sun, 04 Jun 2000 17:35:52
-0400]), jungle [EMAIL PROTECTED] said :
no ...
Jim wrote:
128 bit PGP has been cracked according to announcements
posted here some time ago.
I don't think anyone saw any proof of this, did they?
no ...
But a 128 bit key is pretty lousy by today's standards. I would be
horrified to think that anyone would consider 128 bit RSA trustworthy.
I think that the problem is that some people are talking about
symmetric keys while others are talking about asymmetric keys.
Rich Eramian aka freeman at shore dot net
--
From: Mike Rosing [EMAIL PROTECTED]
Subject: Re: Can we say addicted?
Date: Mon, 05 Jun 2000 12:39:21 -0500
Anton Stiglic wrote:
Ahhh, so that explains some of your past postings!
:)
Yup! Check out this picture:
http://www.terracom.net/~eresrch/float/rho3.png
It's a plot of rho(z, tau) for a selected angle of z and range of tau.
I've got 17 angles for each "zoom" which makes for a pretty cool movie.
I'll put it up once I figure out how. You don't need drugs to be
addicted to math, but some of them don't hurt the view :-)
Patience, persistence, truth,
Dr. mike
--
From: James Felling [EMAIL PROTECTED]
Subject: Re: Good ways to test.
Date: Mon, 05 Jun 2000 13:05:18 -0500
tomstd wrote:
snip
You are missin
Cryptography-Digest Digest #948
Cryptography-Digest Digest #948, Volume #10 Fri, 21 Jan 00 14:13:01 EST
Contents:
Re: Forward secrecy for public key encryption: MYH (David Wagner)
Re: Combination of stream and block encryption techniques (wtshaw)
Re: Mispronounce words. (OT ) (wtshaw)
Re: LSFR (Mike Rosing)
Re: MIRDEK: more fun with playing cards. ("r.e.s.")
Is Cramer-Shoup 98 with 5020 bits secure? (Oliver Moeller)
Re: UK Government challenge? (Angus Walker)
Re: ECC vs RSA - A.J.Menezes responds to Schneier (Mike Rosing)
Re: MIRDEK: more fun with playing cards. ("r.e.s.")
Re: Intel 810 chipset Random Number Generator (Paul Koning)
Re: NIST, AES at RSA conference (Paul Koning)
Re: simplistic oneway hash (Paul Koning)
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Forward secrecy for public key encryption: MYH
Date: 21 Jan 2000 10:19:43 -0800
In article [EMAIL PROTECTED],
David Hopwood [EMAIL PROTECTED] wrote:
I think that answers your question :-)
Yup, thanks. :-)
Ok, I see you are way ahead of me.
By the way, thanks for the explanations
of why these attacks don't work.
-- David
--
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Combination of stream and block encryption techniques
Date: Fri, 21 Jan 2000 12:32:29 -0600
In article [EMAIL PROTECTED], "Douglas A. Gwyn"
[EMAIL PROTECTED] wrote:
In most cases there *is* a clear difference between a "stream" cipher
and a "block" cipher; it's essentially the same as the difference
between a continuous-flow chemical process and a batch process.
OK, welcome to truths of production analagous to crypto processes, fine
with me. It clearly makes my favorite invented algorithm one of the batch
variety, but with a short-term need for continuous-flow type
mechanization.
The problem with continuous flow is that sooner or later something breaks,
gets used up, or starts to malfunction. This could be a few minutes to a
few months, with the workaround for failure called preventive maintenance,
which means you periodically stop, clean up, and restart everything.
On an electronic processing level, we do the same things, expecially if
something like windows, more a batch system, as compared to Mac, which is
more a stream system which generally takes care of certain headache
problems seen in windows automatically.
As for cryptosystems, if the generator runs out, recycles, your stream
turns out to be a long batch. If you select a stream method that restarts
and resets itself, even inductively, it is a batch in some ways. It seems
that much of this is your choice, with little absolute differences between
potential stream and block ciphers.
--
To prevent the comprimise of with the most common configuration
of computers is something like preventing a sculptor from being too original. If a
computer design is corruptable, it will be.
--
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Mispronounce words. (OT )
Date: Fri, 21 Jan 2000 12:41:02 -0600
My question was the echo of my question as a child for whom spelling
was not logical, but thanks to all who explained the etymology.
I was told by a foreign friend that the normal rule for English is
that the emphasis is on the third syllable of the word. Hence the..
The best universal rule in such things in English is that there is no
universal rule. Of course, you can pick French, which THEY say is always
right, German, which is better ronounced with a beer under your belt,
Russian, which is best pronounced while mad, or Italian, which sounds best
in an argument.
--
To prevent the comprimise of with the most common configuration
of computers is something like preventing a sculptor from being too original. If a
computer design is corruptable, it will be.
--
From: Mike Rosing [EMAIL PROTECTED]
Subject: Re: LSFR
Date: Fri, 21 Jan 2000 12:23:24 -0600
r.e.s. wrote:
"David Wagner" [EMAIL PROTECTED] wrote ...
[re 10-register base-10 LFSR]
: I think you need to look at the feedback polynomial
: mod 2 and mod 5. If both of those are primitive, I'd expect the
: period to be either (2^10 - 1) * (5^10 - 1), 2^10 - 1, 5^10 - 1, or 1.
:
: For example, if I initialize the register with all zeros, it stays all
: zeros. If I initialize the register with values that are all even,
: it stays this way. If I initialize the register with values that are
: all divisible by 5, this too stays the same. So (at best) there will
: be four cycles, one of each of the lengths mentioned above.
I think you are correct that the coefficients should be modulo a prime
to create a field. But I'm not sure about getting maximal length for
an LFSR. There should be some primitive polynomial even mod 10 that
would give (10^n-1) elements. You'd have to start with an odd number
tho.
OK. In t
Cryptography-Digest Digest #948
Cryptography-Digest Digest #948, Volume #9 Thu, 29 Jul 99 02:13:05 EDT
Contents:
ADVANCES IN CRYPTOLOGY 1981--1997: Price decrease (CryptoBook)
Re: WinZip secure? ([EMAIL PROTECTED])
Re: (Game) 80-digits Factoring Challenge (Graham Matthews)
Re: What the hell is XOR? ([EMAIL PROTECTED])
Re: What the hell is XOR? ([EMAIL PROTECTED])
Here's an example of my idea. (Shktr00p1)
Factoring-Protected Exponentiation
Smart Card Job Available (Alan Folmsbee)
Re: (Game) 80-digits Factoring Challenge ("Quim Testar")
Re: OTP export controlled? ("Douglas A. Gwyn")
CIA's KRYPTOS Continuation N4 ("collomb")
Re: Prime numbers wanted (Krunoslav Leljak)
Re: What the hell is XOR? ("Douglas A. Gwyn")
Re: What the hell is XOR? (SCOTT19U.ZIP_GUY)
Re: (Game) 80-digits Factoring Challenge (Kurt Foster)
From: [EMAIL PROTECTED] (CryptoBook)
Subject: ADVANCES IN CRYPTOLOGY 1981--1997: Price decrease
Date: 29 Jul 1999 02:05:16 GMT
Since announcing availability of ADVANCES IN CRYPTOLOGY 1981--1997 several days
ago (see the announcement at the end of this message), CCB has received more
orders than anticipated. Clearly, this book is proving to be very popular, at
least among the readers of this group. In the process of restocking, we were
able to obtain a larger discount from the publisher and have decided to pass
this saving along to you.
CCB is very pleased to announce an across-the-board $5.00 price decrease.
Original and current (revised) prices are listed at the end of this message.
If you placed an order in response to our recent announcement, your price has
already been reduced.
If you placed a prior order, a $5.00 credit has been posted to your CCB
account. You may take the credit against a future order or, upon request, CCB
will issue a $5.00 refund check.
Thanks to all who have ordered recently for making this increased saving
possible.
Best Wishes,
RagyR
Gary Rasmussen
Classical Crypto Books
E-Mail: [EMAIL PROTECTED]
Fax: (603) 432-4898
===
Classical Crypto Books is pleased to announce availability of the following
major new book/CD-ROM package:
ADVANCES IN CRYPTOLOGY 1981-- 1997: Electronic Proceedings and Index of the
CRYPTO and EUROCRYPT Conferences 1981 -- 1997
Kevin S. McCurley and Claus Dieter Ziegler (Editors)
"This book and CD-ROM presents the complete collection of all proceedings of
the 32 CRYPTO and EUROCRYPT conferences held between 1981 and 1997. Besides
[14,692] digitized pages of text in [Adobe Acrobat] PDF format, the CD-ROM
provides a user-friendly interface for navigation, search tools, and indexes.
The book gives a complete documentation of the conferences covered from the
meta-cryptology point of view; it also provides a printed index listing all
contributing authors and their papers . The CD-ROM is ready for use on most
common platforms." -- from the rear cover. The preface describes the
interesting and, at times, formidable problems encountered in creating a
searchable index from OCR data (obtained from high-resolution TIF images) and
how those problems were overcome.
Springer, 1999, xx + 460 pp, CD-ROM
Softbound: Pub. $99.00, Member $79.95, Nonmember $84.95 (original prices)
Softbound: Pub. $99.00, Member $74.95, Nonmember $79.95 (current prices)
Member prices are available to members of the American Cryptogram Association,
the US Naval Cryptologic Veterans Association, and full time students. Shipping
and handling are extra. For complete ordering information, a free catalog of
crypto books, or for information about membership in the American Cryptogram
Association, please send email to [EMAIL PROTECTED]
--
From: [EMAIL PROTECTED]
Subject: Re: WinZip secure?
Date: 25 Jul 1999 11:46:58 -0400
[EMAIL PROTECTED] wrote:
If the compressed file has any headers (such as a ms word
document etc). It's easy to get the plaintext and decrypt the file.
(Applied Cryptography 395)
The file is compressed, then encrypted. The plaintext for the encryption
is the compressed version of the file. It is important that for a known
plaintext attack the COMPRESSED file have known text. An MS word document
may have a known header, but the compression generally will change that
(based on following text) so one may not have known text in the compressed
file (it depends on the compression used ... STORE, or whatever ...).
--
From: [EMAIL PROTECTED] (Graham Matthews)
Crossposted-To: sci.math.symbolic
Subject: Re: (Game) 80-digits Factoring Challenge
Date: 29 Jul 1999 02:41:02 GMT
kctang posted:
Please factorize the 80-digits number:
256261430091697968103677033465028955910continue at next line
15360341017076023809547878443033203276429
Someone then asked what the point of this was, to which kctang replied
that most computer algebra systems:
: possesses the command "factor&
