Cryptography-Digest Digest #948
Cryptography-Digest Digest #948, Volume #13 Tue, 20 Mar 01 08:13:01 EST Contents: Re: Codes that use *numbers* for keys (David Schwartz) Re: Idea (David Schwartz) Re: NSA in the news on CNN ("Mxsmanic") Re: Fast and Easy crypt send (Joe H. Acker) Re: AES encryption speed vs decryption speed (Panu =?iso-8859-1?Q?H=E4m=E4l=E4inen?=) Re: [OT] Why Nazis are evil (Benjamin Goldberg) Re: Codes that use *numbers* for keys (Juuichiketajin) Re: AES encryption speed vs decryption speed ("Brian Gladman") Re: Is SHA-1 Broken? (Volker Hetzer) Re: Codes that use *numbers* for keys ("Tom St Denis") Re: Codes that use *numbers* for keys (Paul Schlyter) Re: OT: TV Licensing - final answer - sorry for xpost (Richard Herring) Re: How to eliminate redondancy? (Benjamin Goldberg) Re: Cipher Idea #1 Block Cipher 512-bit block, arbitrary keysize (long) (Benjamin Goldberg) Re: AES encryption speed vs decryption speed (Panu =?iso-8859-1?Q?H=E4m=E4l=E4inen?=) From: David Schwartz [EMAIL PROTECTED] Subject: Re: Codes that use *numbers* for keys Date: Tue, 20 Mar 2001 02:07:21 -0800 "Henrick Hellström" wrote: Most modern processors work internally on bits. Most modern processors also work internally on decimals. Intels x86- x87-processors support Binary Coded Decimals, instructions like e.g. DAA, decimal adjust after addition, etc. Actually, these operations are required because the processors do not support binary coded decimals. If they did, there would be no need to adjust anything. The 'DAA' function, for example, transforms an input string of bits into an output string of bits. You can use these bits to represent decimals if you want, and the processor may or may not help you make sense of this. But that is a far cry from using decimal representation internally. DS -- From: David Schwartz [EMAIL PROTECTED] Subject: Re: Idea Date: Tue, 20 Mar 2001 02:09:38 -0800 "SCOTT19U.ZIP_GUY" wrote: I hate it when people think it is necessiary to prove one is qualified to do something. Why? Because you can't prove you're qualified? Just what the hell does that mean. It means that you have to show that you're qualified to do something. How hard is that to understand? [snip of rant] That's nice, but it has nothing to do with proving that you are qualified to do something. In fact, your problem seems to be that you were never given the oppurtunity to prove that you were qualified. So your rant actually argues against the point you claim it supports. DS -- From: "Mxsmanic" [EMAIL PROTECTED] Crossposted-To: comp.security.pgp.discuss,alt.security.pgp Subject: Re: NSA in the news on CNN Date: Tue, 20 Mar 2001 10:22:19 GMT I saw it on CNN's Web site. I don't watch CNN on TV, so I don't know what the broadcast schedule might be (indeed, I'm not even sure that it appears on the air, as opposed to the Web site, but I don't really know). "jtnews" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Can you email me the program time? thanks! Mxsmanic wrote: CNN has a special series on the NSA (how times change!) this week, which may generate some interest in PGP, as I presume they'll eventually get around to mentioning the program. They are supposed to talk about encryption in days to come, but I don't know to what extent. The series even shows pictures from inside the NSA! Those people at Fort Meade must be getting desperate for funding, or something! -- From: [EMAIL PROTECTED] (Joe H. Acker) Subject: Re: Fast and Easy crypt send Date: Tue, 20 Mar 2001 11:26:24 +0100 amateur [EMAIL PROTECTED] wrote: The text is encrypted with my algo. Read before attaching. The ouput you are looking for is random. Every bit is crypted with symbol which is choosen randomly. If I choose odd and even to encrypt. Then the number 0 or 2 or 4 or 6 or 8 represent the bit 0. So the ouput E you are trying to test is random. That's what you don't understand. I'm an amateur as well. Here is what doesn't get into my head: Why the heck to you continuously think that the attacker cannot recognize that you are using two categories (like odd and even numbers, open and closed letters, and so on)? You seriously underestimate the intellectual abilities of your adversary. Just imagine that it's not your sister that is analysing your cipher, but dozens of mathematicians that have been working in the field of cryptography for dozens of years. They are likely to understand your two-category scheme at the glance of an eye, especially since they regularly read sci.crypt and know your cipher anyway. You need to read a good book on the history of cryptography. Regards, Erich -
Cryptography-Digest Digest #948
Cryptography-Digest Digest #948, Volume #12 Wed, 18 Oct 00 04:13:00 EDT Contents: Re: Storing an Integer on a stream ("David Thompson") Re: SALT + stream cipher ("Joseph Ashwood") Re: useful literature? ("John A. Malley") CHAP security hole question ([EMAIL PROTECTED]) Re: DNA encoding ("John A. Malley") Re: Pegwit group started to make a alternative to PGP based on ECC (Frank M. Siegert) Re: Pegwit group started to make a alternative to PGP based on ECC ("Benny Nissen") Re: DNA encoding ([EMAIL PROTECTED]) Re: Stolen Enigma Machine Recovered (David Hopwood) How insecure is this... ([EMAIL PROTECTED]) From: "David Thompson" [EMAIL PROTECTED] Subject: Re: Storing an Integer on a stream Date: Wed, 18 Oct 2000 04:05:51 GMT Benjamin Goldberg [EMAIL PROTECTED] wrote : If I'm writing a file, whose format is a 64 bit file length, followed by some amount of data, followed by some [random] padding, which of the following is the best way to store that length value: 1) 8 base-256 digits. With this format, we always use 8 bytes. 2) Some number of base-255 digits, with leading 0 digits stripped, terminated by the value 255. With this format, we always use at least 1 byte (for a value of 0, which is written as just the terminator (255)), but generally use 2..9 bytes. 3) Some number of base-128 digits, with leading 0 digits stripped, all but the last prefixed by a 0 bit, and the last prefixed by a 1 bit. With this format, values 0..127 use 1 byte, 128..(128**2-1) uses 2 bytes, etc, with 9 bytes being used for a 63 bit value, and 10 bytes used for a 64 bit value. ... By the way, I think I should mention that in the perl programming language, the builtin functions pack() and unpack() have a template type for method 2, which (If I recall correctly) uses the letter 'w' and is refered to as Berweiss-encoding of an integer. perl pack/unpack 'w' is base-128+more, like your method *3*, but you have the high bit wrong; it is 1 for all bytes but the last. This is the nominal encoding for extended tags and OIDs used in BER, the Basic Encoding Rules for ASN.1, the Abstract Syntax Notation first defined by CCITT/ITU-T and spread via remote operation to Internet management (SNMP/MIBs/DMOs) and by X.509 (certs and CRLs) and PKCS to SSL/TLS, S/MIME, and PKIX (but not PGP). (Actually certificates, and other signed data, use a subset called DER, the Distinguished Encoding Rules, because a signature must reliably be analyzed by the verifier against exactly the same data as by the signer.) I have no idea where "weiss" came into this. Personally I kind of like method 2 just because I've never seen any good use for base-255 and it would be fun to have one. It is the most space-efficient of your (byte-oriented) choices for values likely to be of interest (up to maybe 2**50), though "wasting" 2 bytes per file is hardly worth worrying about. The consensus view is that if you are using an encryption algorithm for which known plaintext is a problem, you need a better algorithm anyway. Even if you eliminate the (fixed) zeros of method 1, unless you use *large* amounts of padding (or cover traffic), an eavesdropper will be able to make a pretty fair guess of the size of your file and thus the encoding of its length. -- - David.Thompson 1 now at worldnet.att.net -- From: "Joseph Ashwood" [EMAIL PROTECTED] Subject: Re: SALT + stream cipher Date: Tue, 17 Oct 2000 15:11:48 -0700 A decrease in entropy can occur in an hashing algorithm? Is this true, can you present a logical argument for this? I certainly can, here goes: A hash algorithm maps from {0,1}**n to {0,1}**k for some fixed k and arbitrary n set n - k+1 There must exist 2 input values of length n that produce the same output value The difference between these 2 values is lost, therefore entropy was lost. The point at which this happens depends on the input and the hash function itself. Joe -- From: "John A. Malley" [EMAIL PROTECTED] Subject: Re: useful literature? Date: Tue, 17 Oct 2000 22:24:21 -0700 Florian Peterl wrote: Hello Guys, has anybody any recommendation concerning literature in cryptography? I'm not a rookie but I'm not a professional in that subject. Thanks for your help Might I suggest "Cryptography, Theory and Practice" by Douglas R. Stinson, "Decrypted Secrets, Methods and Maxims of Cryptology" by F.L. Bauer, "Cryptanalysis, A Study of Ciphers and Their Solution" by Helen Fouche Gaines, "Applied Cryptography, Protocols Algorithms and Source Code in C" by Bruce Schneier, and either "Military Cryptanalysis Parts I, II, III and IV" by William F. Friedman or "Military Cr
Cryptography-Digest Digest #948
Cryptography-Digest Digest #948, Volume #11 Mon, 5 Jun 00 16:13:00 EDT Contents: Re: Concerning UK publishes "impossible" decryption law (Your Name) Re: Cipher design a fading field? ("Paul Pires") Re: Concerning UK publishes "impossible" decryption law (Your Name) Re: Can we say addicted? (Mike Rosing) Re: Good ways to test. (James Felling) Re: Quantum computers (Mike Rosing) Re: Observer 4/6/2000: "Your privacy ends here" (Jim) Re: Observer 4/6/2000: "Your privacy ends here" (Jim) Re: Could RC4 used to generate S-Boxes? (Simon Johnson) Re: Observer 4/6/2000: "Your privacy ends here" (Ian Wiles) Re: Newcomer seeks clarification re download encryption (Mike Rosing) Re: Concerning UK publishes "impossible" decryption law (Jerry Coffin) Re: otp breaktrough ! (Simon Johnson) Re: Question about recommended keysizes (768 bit RSA) (Roger Schlafly) Re: RSA Algorithm (wtshaw) From: [EMAIL PROTECTED] (Your Name) Crossposted-To: alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,alt.privacy Subject: Re: Concerning UK publishes "impossible" decryption law Date: Mon, 05 Jun 2000 17:14:28 GMT On Sun, 04 Jun 2000 16:30:11 GMT, [EMAIL PROTECTED] (Jim) wrote: 128 bit PGP has been cracked according to announcements posted here some time ago. I don't think anyone saw any proof of this, did they? Some time ago, a 129 bit RSA key (asymmetric) was cracked by brute force. Maybe it is this fact that is being referenced. Rich Eramian aka freeman at shore dot net -- From: "Paul Pires" [EMAIL PROTECTED] Subject: Re: Cipher design a fading field? Date: Mon, 5 Jun 2000 10:12:06 -0700 Anton Stiglic [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... [EMAIL PROTECTED] wrote: (b) I wish professional cryptographers would quit inventing a plethora of new encryption schemes a.k.a. AES, until the have figured out how to defeat the existing ones e.g. DESX, Triple-DES, IDEA, Blowfish, GOST, ad infinitum. This is exactly my point, why use a new cipher when it may or may not be more secure than the old one? We all know of good reasons why we want DES to be replaced, 56 bit keys is not enough security. We know why we want to replace 3-DES, DES was designed for hardware, allot of encryption is being done in software, we want something that is fast in software (and still keep it fast in hardware). Why don't we use Blowfish for example? Well, one reason is that it has not gotten the cryptanalysis spotlight yet. Meaning, crytanalysts have not been motivated enough to try to break it. TwoFish replaces Blowish, and is now getting the "cryptanalysis spotlight". Of course, we won't get anything provably secure out of AES, but at least we'll get an encryption cipher that performs well under various conditions, and the ciphers have gotten the attention of the whole crytanalysis community. By the way, where is the web page of the little sci.crypt cipher contest? Anton http://www.wizard.net/~echo/crypto-contest.html Paul -- From: [EMAIL PROTECTED] (Your Name) Crossposted-To: alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,alt.privacy Subject: Re: Concerning UK publishes "impossible" decryption law Date: Mon, 05 Jun 2000 17:20:23 GMT On Mon, 05 Jun 2000 02:14:11 +0100, Dave Howe DHowe@hawkswing wrote: In our last episode (alt.security.pgp[Sun, 04 Jun 2000 17:35:52 -0400]), jungle [EMAIL PROTECTED] said : no ... Jim wrote: 128 bit PGP has been cracked according to announcements posted here some time ago. I don't think anyone saw any proof of this, did they? no ... But a 128 bit key is pretty lousy by today's standards. I would be horrified to think that anyone would consider 128 bit RSA trustworthy. I think that the problem is that some people are talking about symmetric keys while others are talking about asymmetric keys. Rich Eramian aka freeman at shore dot net -- From: Mike Rosing [EMAIL PROTECTED] Subject: Re: Can we say addicted? Date: Mon, 05 Jun 2000 12:39:21 -0500 Anton Stiglic wrote: Ahhh, so that explains some of your past postings! :) Yup! Check out this picture: http://www.terracom.net/~eresrch/float/rho3.png It's a plot of rho(z, tau) for a selected angle of z and range of tau. I've got 17 angles for each "zoom" which makes for a pretty cool movie. I'll put it up once I figure out how. You don't need drugs to be addicted to math, but some of them don't hurt the view :-) Patience, persistence, truth, Dr. mike -- From: James Felling [EMAIL PROTECTED] Subject: Re: Good ways to test. Date: Mon, 05 Jun 2000 13:05:18 -0500 tomstd wrote: snip You are missin
Cryptography-Digest Digest #948
Cryptography-Digest Digest #948, Volume #10 Fri, 21 Jan 00 14:13:01 EST Contents: Re: Forward secrecy for public key encryption: MYH (David Wagner) Re: Combination of stream and block encryption techniques (wtshaw) Re: Mispronounce words. (OT ) (wtshaw) Re: LSFR (Mike Rosing) Re: MIRDEK: more fun with playing cards. ("r.e.s.") Is Cramer-Shoup 98 with 5020 bits secure? (Oliver Moeller) Re: UK Government challenge? (Angus Walker) Re: ECC vs RSA - A.J.Menezes responds to Schneier (Mike Rosing) Re: MIRDEK: more fun with playing cards. ("r.e.s.") Re: Intel 810 chipset Random Number Generator (Paul Koning) Re: NIST, AES at RSA conference (Paul Koning) Re: simplistic oneway hash (Paul Koning) From: [EMAIL PROTECTED] (David Wagner) Subject: Re: Forward secrecy for public key encryption: MYH Date: 21 Jan 2000 10:19:43 -0800 In article [EMAIL PROTECTED], David Hopwood [EMAIL PROTECTED] wrote: I think that answers your question :-) Yup, thanks. :-) Ok, I see you are way ahead of me. By the way, thanks for the explanations of why these attacks don't work. -- David -- From: [EMAIL PROTECTED] (wtshaw) Subject: Re: Combination of stream and block encryption techniques Date: Fri, 21 Jan 2000 12:32:29 -0600 In article [EMAIL PROTECTED], "Douglas A. Gwyn" [EMAIL PROTECTED] wrote: In most cases there *is* a clear difference between a "stream" cipher and a "block" cipher; it's essentially the same as the difference between a continuous-flow chemical process and a batch process. OK, welcome to truths of production analagous to crypto processes, fine with me. It clearly makes my favorite invented algorithm one of the batch variety, but with a short-term need for continuous-flow type mechanization. The problem with continuous flow is that sooner or later something breaks, gets used up, or starts to malfunction. This could be a few minutes to a few months, with the workaround for failure called preventive maintenance, which means you periodically stop, clean up, and restart everything. On an electronic processing level, we do the same things, expecially if something like windows, more a batch system, as compared to Mac, which is more a stream system which generally takes care of certain headache problems seen in windows automatically. As for cryptosystems, if the generator runs out, recycles, your stream turns out to be a long batch. If you select a stream method that restarts and resets itself, even inductively, it is a batch in some ways. It seems that much of this is your choice, with little absolute differences between potential stream and block ciphers. -- To prevent the comprimise of with the most common configuration of computers is something like preventing a sculptor from being too original. If a computer design is corruptable, it will be. -- From: [EMAIL PROTECTED] (wtshaw) Subject: Re: Mispronounce words. (OT ) Date: Fri, 21 Jan 2000 12:41:02 -0600 My question was the echo of my question as a child for whom spelling was not logical, but thanks to all who explained the etymology. I was told by a foreign friend that the normal rule for English is that the emphasis is on the third syllable of the word. Hence the.. The best universal rule in such things in English is that there is no universal rule. Of course, you can pick French, which THEY say is always right, German, which is better ronounced with a beer under your belt, Russian, which is best pronounced while mad, or Italian, which sounds best in an argument. -- To prevent the comprimise of with the most common configuration of computers is something like preventing a sculptor from being too original. If a computer design is corruptable, it will be. -- From: Mike Rosing [EMAIL PROTECTED] Subject: Re: LSFR Date: Fri, 21 Jan 2000 12:23:24 -0600 r.e.s. wrote: "David Wagner" [EMAIL PROTECTED] wrote ... [re 10-register base-10 LFSR] : I think you need to look at the feedback polynomial : mod 2 and mod 5. If both of those are primitive, I'd expect the : period to be either (2^10 - 1) * (5^10 - 1), 2^10 - 1, 5^10 - 1, or 1. : : For example, if I initialize the register with all zeros, it stays all : zeros. If I initialize the register with values that are all even, : it stays this way. If I initialize the register with values that are : all divisible by 5, this too stays the same. So (at best) there will : be four cycles, one of each of the lengths mentioned above. I think you are correct that the coefficients should be modulo a prime to create a field. But I'm not sure about getting maximal length for an LFSR. There should be some primitive polynomial even mod 10 that would give (10^n-1) elements. You'd have to start with an odd number tho. OK. In t
Cryptography-Digest Digest #948
Cryptography-Digest Digest #948, Volume #9 Thu, 29 Jul 99 02:13:05 EDT Contents: ADVANCES IN CRYPTOLOGY 1981--1997: Price decrease (CryptoBook) Re: WinZip secure? ([EMAIL PROTECTED]) Re: (Game) 80-digits Factoring Challenge (Graham Matthews) Re: What the hell is XOR? ([EMAIL PROTECTED]) Re: What the hell is XOR? ([EMAIL PROTECTED]) Here's an example of my idea. (Shktr00p1) Factoring-Protected Exponentiation Smart Card Job Available (Alan Folmsbee) Re: (Game) 80-digits Factoring Challenge ("Quim Testar") Re: OTP export controlled? ("Douglas A. Gwyn") CIA's KRYPTOS Continuation N4 ("collomb") Re: Prime numbers wanted (Krunoslav Leljak) Re: What the hell is XOR? ("Douglas A. Gwyn") Re: What the hell is XOR? (SCOTT19U.ZIP_GUY) Re: (Game) 80-digits Factoring Challenge (Kurt Foster) From: [EMAIL PROTECTED] (CryptoBook) Subject: ADVANCES IN CRYPTOLOGY 1981--1997: Price decrease Date: 29 Jul 1999 02:05:16 GMT Since announcing availability of ADVANCES IN CRYPTOLOGY 1981--1997 several days ago (see the announcement at the end of this message), CCB has received more orders than anticipated. Clearly, this book is proving to be very popular, at least among the readers of this group. In the process of restocking, we were able to obtain a larger discount from the publisher and have decided to pass this saving along to you. CCB is very pleased to announce an across-the-board $5.00 price decrease. Original and current (revised) prices are listed at the end of this message. If you placed an order in response to our recent announcement, your price has already been reduced. If you placed a prior order, a $5.00 credit has been posted to your CCB account. You may take the credit against a future order or, upon request, CCB will issue a $5.00 refund check. Thanks to all who have ordered recently for making this increased saving possible. Best Wishes, RagyR Gary Rasmussen Classical Crypto Books E-Mail: [EMAIL PROTECTED] Fax: (603) 432-4898 === Classical Crypto Books is pleased to announce availability of the following major new book/CD-ROM package: ADVANCES IN CRYPTOLOGY 1981-- 1997: Electronic Proceedings and Index of the CRYPTO and EUROCRYPT Conferences 1981 -- 1997 Kevin S. McCurley and Claus Dieter Ziegler (Editors) "This book and CD-ROM presents the complete collection of all proceedings of the 32 CRYPTO and EUROCRYPT conferences held between 1981 and 1997. Besides [14,692] digitized pages of text in [Adobe Acrobat] PDF format, the CD-ROM provides a user-friendly interface for navigation, search tools, and indexes. The book gives a complete documentation of the conferences covered from the meta-cryptology point of view; it also provides a printed index listing all contributing authors and their papers . The CD-ROM is ready for use on most common platforms." -- from the rear cover. The preface describes the interesting and, at times, formidable problems encountered in creating a searchable index from OCR data (obtained from high-resolution TIF images) and how those problems were overcome. Springer, 1999, xx + 460 pp, CD-ROM Softbound: Pub. $99.00, Member $79.95, Nonmember $84.95 (original prices) Softbound: Pub. $99.00, Member $74.95, Nonmember $79.95 (current prices) Member prices are available to members of the American Cryptogram Association, the US Naval Cryptologic Veterans Association, and full time students. Shipping and handling are extra. For complete ordering information, a free catalog of crypto books, or for information about membership in the American Cryptogram Association, please send email to [EMAIL PROTECTED] -- From: [EMAIL PROTECTED] Subject: Re: WinZip secure? Date: 25 Jul 1999 11:46:58 -0400 [EMAIL PROTECTED] wrote: If the compressed file has any headers (such as a ms word document etc). It's easy to get the plaintext and decrypt the file. (Applied Cryptography 395) The file is compressed, then encrypted. The plaintext for the encryption is the compressed version of the file. It is important that for a known plaintext attack the COMPRESSED file have known text. An MS word document may have a known header, but the compression generally will change that (based on following text) so one may not have known text in the compressed file (it depends on the compression used ... STORE, or whatever ...). -- From: [EMAIL PROTECTED] (Graham Matthews) Crossposted-To: sci.math.symbolic Subject: Re: (Game) 80-digits Factoring Challenge Date: 29 Jul 1999 02:41:02 GMT kctang posted: Please factorize the 80-digits number: 256261430091697968103677033465028955910continue at next line 15360341017076023809547878443033203276429 Someone then asked what the point of this was, to which kctang replied that most computer algebra systems: : possesses the command "factor&