Cryptography-Digest Digest #988
Cryptography-Digest Digest #988, Volume #13 Sat, 24 Mar 01 13:13:00 EST Contents: Re: Idiot Question -- Please Help a Crypto Moron (John Joseph Trammell) Re: Passphrase Recovery (not a stupid Q) ("Thomas J. Boschloo") Re: Idiot Question -- Please Help a Crypto Moron (Merrick) decryprtion help please? ("rh") Re: on-card key generation for smart card (Anne Lynn Wheeler) Re: What the Hell...Here's what my system can do at it's best... (Keill Randor) Re: Idiot Question -- Please Help a Crypto Moron (John Savard) Re: Crack it! (amateur) Hello ("Tom St Denis") Re: Crack it! (amateur) Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Bill Unruh) Re: A new DES? ("Simon Johnson") Re: Open Source Implementations of PGP (Bill Unruh) Re: decryprtion help please? (Jim Gillogly) Re: cryptography using the method of elliptic curve. ("Mauro") From: [EMAIL PROTECTED] (John Joseph Trammell) Subject: Re: Idiot Question -- Please Help a Crypto Moron Date: Sat, 24 Mar 2001 14:12:59 GMT On Sat, 24 Mar 2001 09:03:08 -0500, Og Johnson [EMAIL PROTECTED] wrote: I'm at work, and was just handed a word puzzle. If I don't answer it by noon today (it is 8:52 EST right now) I have to buy everyone in my office lunch. I'm too lazy to think, and I'm not feeling at all generous with my money, so could the Jim Gilloughys and the Bill Shaws of sci.crypt help a poor forty-niner out? You're not lazy enough. :-) http://www.google.com/search?q=send+more+money+puzzle -- From: "Thomas J. Boschloo" [EMAIL PROTECTED] Crossposted-To: alt.security.pgp Subject: Re: Passphrase Recovery (not a stupid Q) Date: Sat, 24 Mar 2001 15:32:21 +0100 "Ryan M. McConahy" wrote: No, this is not one of those "I lost my passphrase. How do I revoke my key?" questions. I had two keys, both RSA, both protected by the same passphrase. I lost that passphrase. I recovered one key from backup that had a pwd I remembered. Can I use this info to recover the key? This is a hard question. Your secret key is protected by the hash of your passphrase, maybe with some seeds included but let's be optimistic. So you know the exact plain-text for a secret key encrypted with the same passphrase. And you know of another key that is encrypted with (maybe) the same passphrase and same resulting hash. I just don't see how this would help you much, except for being able to check if you hit the correct 'symetric' key pretty efficiently. If I can't, does anyone know of a program that would try all the uppercase/lowercase combinations, then try altering each char., and try the uppercase/lowercase thing on that. I have heard of two, but they are mainly for RSA keys :-( You could write one yourself though, as the source is 'open' source, but you would need some programming experience. ftp.zedz.net Thomas -- Kittenbirds - You, me and Jesus: "I love your hair it's just so long" -- From: [EMAIL PROTECTED] (Merrick) Subject: Re: Idiot Question -- Please Help a Crypto Moron Date: Sat, 24 Mar 2001 14:58:09 GMT On Sat, 24 Mar 2001 09:03:08 -0500, "Og Johnson" [EMAIL PROTECTED] wrote: I'm at work, and was just handed a word puzzle. If I don't answer it by noon today (it is 8:52 EST right now) I have to buy everyone in my office lunch. I'm too lazy to think, and I'm not feeling at all generous with my money, so could the Jim Gilloughys and the Bill Shaws of sci.crypt help a poor forty-niner out? SNIP As long as you cannot have 0 for a first character, the answer is $10652 -- From: "rh" [EMAIL PROTECTED] Subject: decryprtion help please? Date: Sat, 24 Mar 2001 16:13:24 GMT A buddy had asked me yesterday, if it would be possible to migrate all of our pins from the current main system to the new test pin vault. We have no decryption utility that could do this. Below I have included some clear text pins and then the encrypted version that is located in the SQL database.I do know that the clear text pins "are encrypted with themselves." Pin Encrypted Pin in SQL DB 1234 9EE7964577447ADA 1F1D2C2ED301B2A6 test 8A49D1CCB9AA5DBB hello 7F85C0A9F3F86EC0 4567 60956233056154AC 1234565155482C2078BF2C voyager 73C63521A96FF1C9 ATLAS BFC44BCCC9ED5EE5 -- Robert Hawks http://www.elitedaytraders.com -- Subject: Re: on-card key generation for smart card Reply-To: Anne Lynn Wheeler [EMAIL PROTECTED] From: Anne Lynn Wheeler [EMAIL PROTECTED] Date: Sat, 24 Mar 2001 16:23:32 GMT Daniel James [EMAIL PROTECTED] writes: I have done APDU-level work with some of GemPlus's RSA smartcards. Their GPK4000 card generates a 1024-bit keyset in 160 seconds 90% of the time
Cryptography-Digest Digest #988
Cryptography-Digest Digest #988, Volume #12 Mon, 23 Oct 00 16:13:01 EDT Contents: Re: Finding Sample implementation for DES and IDEA (Jan Willem Knopper) Re: Hypercube/FFT encryption (Terry Ritter) Re: My comments on AES (Mok-Kong Shen) Re: As I study Rinjdael... (SCOTT19U.ZIP_GUY) Re: Huffman stream cipher. (SCOTT19U.ZIP_GUY) Re: How to post absolutely anything on the Internet anonymously (Anthony Stephen Szopa) Re: Finding Sample implementation for DES and IDEA (Michael Dales) Re: Finding Sample implementation for DES and IDEA (jungle) Re: Visual Basic (Simon Johnson) Re: new to data encryption please help (Simon Johnson) Re: On block encryption processing with intermediate permutations (Mok-Kong Shen) Re: Visual Basic (Ichinin) Re: toy cipher question ("Kenneth Lantrip") Re: On block encryption processing with intermediate permutations (Bryan Olson) Re: On block encryption processing with intermediate permutations (James Felling) Re: My comments on AES (James Felling) Re: Visual Basic ("David C. Barber") Re: As I study Rinjdael... (Mok-Kong Shen) Re: My comments on AES (Mok-Kong Shen) Re: who first will break claim that DVD pattern of imprints can't be tampered with, erased or falsified ? (Matthew Skala) From: [EMAIL PROTECTED] (Jan Willem Knopper) Subject: Re: Finding Sample implementation for DES and IDEA Date: 23 Oct 2000 18:14:44 GMT Ooit in een nieuwsgroep zei Steven Wu hetvolgende: Hi everyone, I am a student and currently interesting in block ciphers. Could anyone tell me where to find source code for these two standards ? If you are interested in block ciphers be sure to check out the AES web-page (http://www.nist.gov/aes). There are links to papers of the candidates (the winner was Rijndael). For all these algorithms source is included. Links and info about the DES algorithm can be found on http://raphael.math.uic.edu/~jeremy/crypt/des.html IDEA source can be found on http://www.r3.ch/o_files/products/idea/ (be sure to read the patent section) Jan Willem -- From: [EMAIL PROTECTED] (Terry Ritter) Subject: Re: Hypercube/FFT encryption Date: Mon, 23 Oct 2000 18:17:19 GMT On Mon, 23 Oct 2000 04:26:15 GMT, in [EMAIL PROTECTED], in sci.crypt Benjamin Goldberg [EMAIL PROTECTED] wrote: [...] PS to Ritter, in one of your docs, you say that with 1 plaintext / ciphertext pair, you can probably uniquely identify a DES key... I believe the actual number required is 3 pt/ct pairs. If we model DES as a key-selected permutation, then for any particular plaintext value we get a particular 64-bit ciphertext value only one time in 2**64. And with 2**56 keys the probability of getting a particular transformation from any key is 2**56 / 2**64. So having any particular transformation exist is unlikely, and if a key is found that satisfies one block of known plaintext, about 255 times out of 256 that will be the key we want. In general, we need only one known-plaintext block. --- Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/ Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: My comments on AES Date: Mon, 23 Oct 2000 20:51:55 +0200 James Felling wrote: I believe that given any of the Candidates being declared the AES. There will exist an accademic attack versus that cypher before 2006. It is simply a matter of enough effort being applied against it. I do not believe that any cypher can hold against that kind of attention without some minor flaw being found. I have a feeling that this is what Bruce is thinking as well. I have a problem with the definition of 'academic' attack. Suppose that a new cipher has yet no known attack excepting brute force. By how much improvement must an attack at least have in order to be qualified as an academic attack, or does any epsilon improvement counts, no matter how neglibly small that is? M. K. Shen -- From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) Subject: Re: As I study Rinjdael... Date: 23 Oct 2000 18:37:59 GMT [EMAIL PROTECTED] (Falissard) wrote in 8t1q0s$14pj$[EMAIL PROTECTED]: http://www.gnupg.org/rfc2440-12.html Thanks for the info on OPENPGP i see it uses CFB still not a favorite but I still forgot is this the same as old PGP. I forget. All I remmber was that it was not CBC. below is quote from your pointer 12.8. OpenPGP CFB mode OpenPGP does symmetric encryption using a variant of Cipher Feedback Mode (CFB mode). This section describes the procedure it uses in detail. This mode is what is used for Symmetrically Encrypted Data Packets; the mechanism used for encrypting secret key material is similar, but described in those sections above. David A. Scott -- SCOTT19U.ZIP NOW AVAILABLE WOR
Cryptography-Digest Digest #988
Cryptography-Digest Digest #988, Volume #11 Fri, 9 Jun 00 12:13:01 EDT Contents: Re: Statistics of occurences of prime number sequences in PRBG output as (John) Re: Thanks Sci.Crypt Readers (tomstd) Re: Statistics of occurences of prime number sequences in PRBG output as (John) Re: Solution for file encryption / expiration? (Mark Wooding) Re: Solution for file encryption / expiration? (Andru Luvisi) Re: Encoding 56 bit data ---HELP--- ([EMAIL PROTECTED]) Re: Cryptographic voting (Mok-Kong Shen) Re: DES question (Mok-Kong Shen) Re: help for rc5 cryptanalysis (David A. Wagner) Re: My lastest paper on Block Ciphers (Andru Luvisi) Re: Cryptographic voting (Randy Poe) Re: Random IV Generation (David A. Wagner) Re: My lastest paper on Block Ciphers ([EMAIL PROTECTED]) Re: DECT encryption algorithms? (Paul Koning) Re: My lastest paper on Block Ciphers (Paul Koning) Re: OT: Starmath font (Runu Knips) Subject: Re: Statistics of occurences of prime number sequences in PRBG output as From: John [EMAIL PROTECTED] Date: Fri, 09 Jun 2000 08:08:04 -0700 Odd. You would not be able to encrypt much data with just prime #s, as there aren't that many between 0 and 255. If you go higher, you even get less primes. * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- Subject: Re: Thanks Sci.Crypt Readers From: tomstd [EMAIL PROTECTED] Date: Fri, 09 Jun 2000 08:08:45 -0700 Following the advice of Matthew Fisher I installed a postscript printer on my win98 machine... There is a .PS copy of the paper (draft) for ya to read now... http://tomstdenis.com/ffunctions.ps.gz Thanks a bunch, Tom * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- Subject: Re: Statistics of occurences of prime number sequences in PRBG output as From: John [EMAIL PROTECTED] Date: Fri, 09 Jun 2000 08:18:19 -0700 Mathematicians and computer scientists view formulas a bit differently. A mathematical formula can be translated into a computer program. Some computer programs can't always be translated into one simple mathematical formula. * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- From: [EMAIL PROTECTED] (Mark Wooding) Subject: Re: Solution for file encryption / expiration? Date: 9 Jun 2000 15:21:15 GMT RecilS [EMAIL PROTECTED] wrote: HELLO!? Is anyone listening to the question!? You're rude, and you've clearly not been reading the answers properly. We've gotten into a discussion on the viability of PDF's encryption algorithm and whether you should take notes in books or not. Does anyone realize that he's simply copyright protecting a BOOK? He's doing more than that. Encrypting the data and using `trusted' reader software also prevents consumers from properly exercising their fair use rights, to the same extent as it prevents copying the plaintext document. (It doesn't, and indeed can't, stop copying of the ciphertext at all, which is even more of a stupid mess.) If someone really really wants the damn book they are going to [...] But most importantly... E) They are not going to start up the old decryption engine. They don't need to. One of the points being made is that the key is already known to the client computer. It's not a matter of cryptanalysis: it's a matter of picking the key out of some code which already knows it. As long as the encryption format is decently strong, there may be one or at most two idiots out there with enough time and interest to decrypt it. (And they're probably the people who replied to you on this newsgroup) but all in all if someone wants the book, this is NOT how they are going to obtain it. You've also forgotten that, once an unprotected version has been produced, by whatever means, it can be made widely available with negligible cost. P.S. Everything is 'flawed'. Show me one thing on earth that you can prove is completely secure and I will call you god. There's a difference between `flawed' and being a hopelessly misguided failure with questionable ethics. -- [mdw] -- From: Andru Luvisi [EMAIL PROTECTED] Subject: Re: Solution for file encryption / expiration? Date: 09 Jun 2000 08:24:41 -0700 "RecilS" [EMAIL PROTECTED] writes: [snip] But most importantly... E) They are not going to start up the old decryption engine. [snip] Even if your arguments were correct, and the opposing side has been represented well enough that I'm not going to get into that in this post, you are still ignoring the massive inconvenience to users. That is
Cryptography-Digest Digest #988
Cryptography-Digest Digest #988, Volume #10 Thu, 27 Jan 00 18:13:02 EST Contents: Re: Any Reference on Cryptanalysis on RSA ? ("Douglas A. Gwyn") Solitaire Encryption Algorithm question... ("anonymous intentions") Attack on elliptic curves over GF(2^m), m composite (David Hopwood) Re: ECM Factoring and RSA Speed Ups (David Hopwood) Re: Solitaire Encryption Algorithm question... ("r.e.s.") Re: Solitaire Encryption Algorithm question... ("anonymous intentions") Re: Court cases on DVD hacking is a problem for all of us (Jere Hakanen) Re: Best Encryption Software? (Steve K) Re: Any Reference on Cryptanalysis on RSA ? (John Myre) Re: NIST, AES at RSA conference (CLSV) Re: How much does it cost to share knowledge? ("Trevor Jackson, III") Re: How much does it cost to share knowledge? ("Trevor Jackson, III") Re: DES Hardare - chips/cores (David Kessner) Re: Unsafe Advice in Cryptonomicon (Wim Lewis) Re: Strong stream ciphers besides RC4? (Uri Blumenthal) From: "Douglas A. Gwyn" [EMAIL PROTECTED] Subject: Re: Any Reference on Cryptanalysis on RSA ? Date: Thu, 27 Jan 2000 21:02:40 GMT "Ip Ting Pong, Vincent" wrote: Currently, 1024 bit RSA and 64 bit DES are the de facto strong key length. DES uses a 56-bit key. It is known to be crackable with today's technology, with an expenditure of resources that are affordable in many practical contexts. I want to know if the "legitimate" key space of 1024 bit RSA key is more or less equal to 64 bit key? There is no relationship between the two systems nor their key lengths. -- From: "anonymous intentions" [EMAIL PROTECTED] Subject: Solitaire Encryption Algorithm question... Date: Thu, 27 Jan 2000 13:35:03 -0800 Hello I read the nomicon, as well as counterpane's page on how to generate the key and the keystream. I am stuck on producing a single output character. The wording is this: "1. Find the A joker. Move it one card down. (That is, swap it with the card beneath it.) If the joker is the bottom card of the deck, move it just below the top card." "2. Find the B joker. Move it two cards down. If the joker is the bottom card of the deck, move it just below the second card. If the joker is one up from the bottom card, move it just below the top card. (Basically, assume the deck is a loop...you get the idea.) " -source: http://www.counterpane.com/solitaire.html Now my problem is that my key looks like this: . . 5 diamonds JOKER B 3 diamonds 8 diamonds . . should I "move" them down such as it would be: . . 5 diamonds 3 diamonds 8 diamonds JOKER B . . or would it instead be "swapped": . . 5 diamonds 8 diamonds 3 diamonds JOKER B . . or something entirely different?! As one could see I am confused with moving and swapping. I am sitting in front of my computer trying to do this with a deck of cards and don't want to move until I get an answer! Thanks! please post or email! [EMAIL PROTECTED] -- Date: Thu, 27 Jan 2000 21:34:46 + From: David Hopwood [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Attack on elliptic curves over GF(2^m), m composite =BEGIN PGP SIGNED MESSAGE= I haven't seen this mentioned on sci.crypt yet, and it is relevant to people here who are implementing elliptic curve cryptography. http://www.security.ece.orst.edu/emails/ieee00/0008 From [EMAIL PROTECTED] Sat Jan 15 08:34:24 2000 Date: Fri, 14 Jan 2000 15:38:18 + From: Nigel Smart [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: P1363: ECC Stuff - This is a stds-p1363-discuss broadcast. See the IEEE P1363 web page (http://grouper.ieee.org/groups/1363/) for more information. For list info, see http://grouper.ieee.org/groups/1363/maillist.html - Hi All, I think it would be a good idea for the P1363 document to recommend that in ECC systems in char 2 that the finite field used should be chosen to be of the PRIME degree over F_2. It is has been suspected by the experts for some time that curves over fields of composite degree over F_2 could be weaker. Indeed G. Frey gave a talk in Waterloo in 1998 which mentioned this idea, as have a number of other people in other meetings over the last couple of years. Just before Xmass at a meeting in Cirencester (UK) on "Coding and Cryptography", Steven Galbraith presented a joint paper with me describing further details of the possible problems with such curves. (The proceedings are available as an LNCS volume). At this conference we also announced that Florian Hess (Uni. Sydney), Pierrick Gaudry (\'
Cryptography-Digest Digest #988
Cryptography-Digest Digest #988, Volume #9Thu, 5 Aug 99 01:13:03 EDT Contents: Re: What is "the best" file cryptography program out there? (KidMo84) Question about Enigma (Neil) About Online Banking Security (KidMo84) frequency of prime numbers? (Sniggerfardimungus) Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED]) Re: Question about Enigma (Jim Gillogly) Re: Question about Enigma (David Hamer) Re: frequency of prime numbers? Re: Anonymous Web Browsing (KidMo84) Re: security of algorithm? (Jim Gillogly) Re: Is this a new authent/encrypt protocol? ("Dj Browne") Re: Question about Enigma Re: frequency of prime numbers? (Jim Gillogly) Re: Is breaking RSA NP-Complete ? ("rosi") Looking for GSM Authentication Algorithm A3 (Nikle Lin) Re: Is this procedure sound ? (John M. Gamble) Re: where to start? (David A Molnar) Re: What is "the best" file cryptography program out there? (SCOTT19U.ZIP_GUY) Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED]) Re: How to keep crypto DLLs Secure? ([EMAIL PROTECTED]) From: [EMAIL PROTECTED] (KidMo84) Subject: Re: What is "the best" file cryptography program out there? Date: 05 Aug 1999 02:16:32 GMT I was thinking along the lines of ScramDisk, i have pgp6.0 off of replay's site(www.replay.com) and it works pretty good. I guess i should have put commercial products, even though i was lookin for freeware too. I haven't had a chance to try out scott16. But i haven't used dos lately. At least i think it uses dos, somebody might yell at me for that one. I have sort of grown away from ms-dos, using windows98 at present time that is. Though when you are recovering information dos is the best way to go. Signed, KidMo -- From: [EMAIL PROTECTED] (Neil) Subject: Question about Enigma Date: Thu, 05 Aug 1999 01:25:09 GMT I'm puzzled a bit.. If the sending and receiving stations each knew the rotor selection and order, the ring settings and the initial "external" rotor settings, what was the purpose of sending a "key" ?? I _assume_ that perhaps it was to allow a station receiving the coded message to start with the prescribed external settings and then determine a new external rotor setting to actually decode the message. This would provide many more initial rotor settings than the prescribed one .. is this correct?? -- From: [EMAIL PROTECTED] (KidMo84) Subject: About Online Banking Security Date: 05 Aug 1999 02:31:53 GMT I was wondering how secure online banking really is. Has there been any information written up about the topic. Specifically nations bank banking online, the url is: http://www.nationsbank.com/online/tour/?statecheck=MO At least for missouri's online banking. To get to bare bone's they use Secure Socket Layer(SSL) With a password and id. Signed, KidMo -- From: sl3nf.cc@usu@edu (Sniggerfardimungus) Subject: frequency of prime numbers? Date: 4 Aug 99 15:15:17 MDT I ask this question here not because it necessarily relates to cryptography, but to an interest of cryptographers, prime numbers; is there any reason to believe that there are either a finite or an infinite number of primes? Even better, is there any proof either way? thanks... rOn -- From: [EMAIL PROTECTED] Subject: Re: What is "the best" file cryptography program out there? Date: Wed, 04 Aug 1999 22:35:25 -0400 That form of implicit trust scares me. What makes a 1024 bit key less secure then a 4096 bit key? (And if you say ease of solving you have no clue about the crypto world). Did I ever say I had a clue about the crypto world? It probably doesn't, but the big number sure looks cool doesn't it? =) para-phrase from HOPE conference PGP is good, they will not attack the math, the math is fine. An attacker will find another way. ... Basically even 512 bit keys are secure, but with the new technologies they will fall (in about 5-10 years), note that TWINKLE has never actually been built. 1024 bit keys requires to much for the 'MATRIX' step (guassian elimination) to make it feasible. So a 1024-bit key (heck even 768 bit keys) are fine from a math-attackers standpoint. If I could just upload a fake key in your name do I need to break the math? Sure, you could upload a fake key to my name, it wouldn't have any of the signatures attached to it, but be my guest. My key is on all the default servers. -- From: Jim Gillogly [EMAIL PROTECTED] Subject: Re: Question about Enigma Date: Wed, 04 Aug 1999 19:26:19 -0700 Neil wrote: I'm puzzled a bit.. If the sending and receiving stations each knew the rotor selection and order,