Cryptography-Digest Digest #988
Cryptography-Digest Digest #988, Volume #13 Sat, 24 Mar 01 13:13:00 EST
Contents:
Re: Idiot Question -- Please Help a Crypto Moron (John Joseph Trammell)
Re: Passphrase Recovery (not a stupid Q) ("Thomas J. Boschloo")
Re: Idiot Question -- Please Help a Crypto Moron (Merrick)
decryprtion help please? ("rh")
Re: on-card key generation for smart card (Anne Lynn Wheeler)
Re: What the Hell...Here's what my system can do at it's best... (Keill Randor)
Re: Idiot Question -- Please Help a Crypto Moron (John Savard)
Re: Crack it! (amateur)
Hello ("Tom St Denis")
Re: Crack it! (amateur)
Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Bill
Unruh)
Re: A new DES? ("Simon Johnson")
Re: Open Source Implementations of PGP (Bill Unruh)
Re: decryprtion help please? (Jim Gillogly)
Re: cryptography using the method of elliptic curve. ("Mauro")
From: [EMAIL PROTECTED] (John Joseph Trammell)
Subject: Re: Idiot Question -- Please Help a Crypto Moron
Date: Sat, 24 Mar 2001 14:12:59 GMT
On Sat, 24 Mar 2001 09:03:08 -0500, Og Johnson [EMAIL PROTECTED] wrote:
I'm at work, and was just handed a word puzzle. If I don't answer it by
noon today (it is 8:52 EST right now) I have to buy everyone in my office
lunch. I'm too lazy to think, and I'm not feeling at all generous with my
money, so could the Jim Gilloughys and the Bill Shaws of sci.crypt help a
poor forty-niner out?
You're not lazy enough. :-)
http://www.google.com/search?q=send+more+money+puzzle
--
From: "Thomas J. Boschloo" [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp
Subject: Re: Passphrase Recovery (not a stupid Q)
Date: Sat, 24 Mar 2001 15:32:21 +0100
"Ryan M. McConahy" wrote:
No, this is not one of those "I lost my passphrase. How do I revoke
my key?" questions.
I had two keys, both RSA, both protected by the same passphrase. I
lost that passphrase. I recovered one key from backup that had a pwd
I remembered. Can I use this info to recover the key?
This is a hard question. Your secret key is protected by the hash of
your passphrase, maybe with some seeds included but let's be optimistic.
So you know the exact plain-text for a secret key encrypted with the
same passphrase. And you know of another key that is encrypted with
(maybe) the same passphrase and same resulting hash.
I just don't see how this would help you much, except for being able to
check if you hit the correct 'symetric' key pretty efficiently.
If I can't, does anyone know of a program that would try all the
uppercase/lowercase combinations, then try altering each char., and
try the uppercase/lowercase thing on that.
I have heard of two, but they are mainly for RSA keys :-( You could
write one yourself though, as the source is 'open' source, but you would
need some programming experience. ftp.zedz.net
Thomas
--
Kittenbirds - You, me and Jesus: "I love your hair it's just so long"
--
From: [EMAIL PROTECTED] (Merrick)
Subject: Re: Idiot Question -- Please Help a Crypto Moron
Date: Sat, 24 Mar 2001 14:58:09 GMT
On Sat, 24 Mar 2001 09:03:08 -0500, "Og Johnson" [EMAIL PROTECTED] wrote:
I'm at work, and was just handed a word puzzle. If I don't answer it by
noon today (it is 8:52 EST right now) I have to buy everyone in my office
lunch. I'm too lazy to think, and I'm not feeling at all generous with my
money, so could the Jim Gilloughys and the Bill Shaws of sci.crypt help a
poor forty-niner out? SNIP
As long as you cannot have 0 for a first character, the answer is
$10652
--
From: "rh" [EMAIL PROTECTED]
Subject: decryprtion help please?
Date: Sat, 24 Mar 2001 16:13:24 GMT
A buddy had asked me yesterday, if it would be possible to
migrate all of our pins from the current main system to the new test pin
vault. We have no decryption utility that could do this. Below I have
included some clear text
pins and then the encrypted version that is located in the SQL database.I do
know that the clear
text pins "are encrypted with themselves."
Pin Encrypted Pin in SQL DB
1234 9EE7964577447ADA
1F1D2C2ED301B2A6
test 8A49D1CCB9AA5DBB
hello 7F85C0A9F3F86EC0
4567 60956233056154AC
1234565155482C2078BF2C
voyager 73C63521A96FF1C9
ATLAS BFC44BCCC9ED5EE5
--
Robert Hawks
http://www.elitedaytraders.com
--
Subject: Re: on-card key generation for smart card
Reply-To: Anne Lynn Wheeler [EMAIL PROTECTED]
From: Anne Lynn Wheeler [EMAIL PROTECTED]
Date: Sat, 24 Mar 2001 16:23:32 GMT
Daniel James [EMAIL PROTECTED] writes:
I have done APDU-level work with some of GemPlus's RSA smartcards. Their
GPK4000 card generates a 1024-bit keyset in 160 seconds 90% of the time
Cryptography-Digest Digest #988
Cryptography-Digest Digest #988, Volume #12 Mon, 23 Oct 00 16:13:01 EDT
Contents:
Re: Finding Sample implementation for DES and IDEA (Jan Willem Knopper)
Re: Hypercube/FFT encryption (Terry Ritter)
Re: My comments on AES (Mok-Kong Shen)
Re: As I study Rinjdael... (SCOTT19U.ZIP_GUY)
Re: Huffman stream cipher. (SCOTT19U.ZIP_GUY)
Re: How to post absolutely anything on the Internet anonymously (Anthony Stephen
Szopa)
Re: Finding Sample implementation for DES and IDEA (Michael Dales)
Re: Finding Sample implementation for DES and IDEA (jungle)
Re: Visual Basic (Simon Johnson)
Re: new to data encryption please help (Simon Johnson)
Re: On block encryption processing with intermediate permutations (Mok-Kong Shen)
Re: Visual Basic (Ichinin)
Re: toy cipher question ("Kenneth Lantrip")
Re: On block encryption processing with intermediate permutations (Bryan Olson)
Re: On block encryption processing with intermediate permutations (James Felling)
Re: My comments on AES (James Felling)
Re: Visual Basic ("David C. Barber")
Re: As I study Rinjdael... (Mok-Kong Shen)
Re: My comments on AES (Mok-Kong Shen)
Re: who first will break claim that DVD pattern of imprints can't be tampered with,
erased or falsified ? (Matthew Skala)
From: [EMAIL PROTECTED] (Jan Willem Knopper)
Subject: Re: Finding Sample implementation for DES and IDEA
Date: 23 Oct 2000 18:14:44 GMT
Ooit in een nieuwsgroep zei Steven Wu hetvolgende:
Hi everyone,
I am a student and currently interesting in block ciphers. Could
anyone tell me where to find source code for these two standards ?
If you are interested in block ciphers be sure to check out the AES
web-page (http://www.nist.gov/aes). There are links to papers of the
candidates (the winner was Rijndael).
For all these algorithms source is included.
Links and info about the DES algorithm can be found on
http://raphael.math.uic.edu/~jeremy/crypt/des.html
IDEA source can be found on http://www.r3.ch/o_files/products/idea/
(be sure to read the patent section)
Jan Willem
--
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Hypercube/FFT encryption
Date: Mon, 23 Oct 2000 18:17:19 GMT
On Mon, 23 Oct 2000 04:26:15 GMT, in
[EMAIL PROTECTED], in sci.crypt Benjamin Goldberg
[EMAIL PROTECTED] wrote:
[...]
PS to Ritter, in one of your docs, you say that with 1 plaintext /
ciphertext pair, you can probably uniquely identify a DES key... I
believe the actual number required is 3 pt/ct pairs.
If we model DES as a key-selected permutation, then for any particular
plaintext value we get a particular 64-bit ciphertext value only one
time in 2**64. And with 2**56 keys the probability of getting a
particular transformation from any key is 2**56 / 2**64. So having
any particular transformation exist is unlikely, and if a key is found
that satisfies one block of known plaintext, about 255 times out of
256 that will be the key we want. In general, we need only one
known-plaintext block.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: My comments on AES
Date: Mon, 23 Oct 2000 20:51:55 +0200
James Felling wrote:
I believe that given any of the Candidates being declared the AES. There
will exist an accademic attack versus that cypher before 2006. It is
simply a matter of enough effort being applied against it. I do not
believe that any cypher can hold against that kind of attention without
some minor flaw being found. I have a feeling that this is what Bruce is
thinking as well.
I have a problem with the definition of 'academic' attack.
Suppose that a new cipher has yet no known attack excepting
brute force. By how much improvement must an attack at
least have in order to be qualified as an academic attack,
or does any epsilon improvement counts, no matter how
neglibly small that is?
M. K. Shen
--
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: As I study Rinjdael...
Date: 23 Oct 2000 18:37:59 GMT
[EMAIL PROTECTED] (Falissard) wrote in 8t1q0s$14pj$[EMAIL PROTECTED]:
http://www.gnupg.org/rfc2440-12.html
Thanks for the info on OPENPGP i see it uses CFB still not
a favorite but I still forgot is this the same as old PGP. I
forget. All I remmber was that it was not CBC.
below is quote from your pointer
12.8. OpenPGP CFB mode
OpenPGP does symmetric encryption using a variant of Cipher Feedback
Mode (CFB mode). This section describes the procedure it uses in
detail. This mode is what is used for Symmetrically Encrypted Data
Packets; the mechanism used for encrypting secret key material is
similar, but described in those sections above.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WOR
Cryptography-Digest Digest #988
Cryptography-Digest Digest #988, Volume #11 Fri, 9 Jun 00 12:13:01 EDT Contents: Re: Statistics of occurences of prime number sequences in PRBG output as (John) Re: Thanks Sci.Crypt Readers (tomstd) Re: Statistics of occurences of prime number sequences in PRBG output as (John) Re: Solution for file encryption / expiration? (Mark Wooding) Re: Solution for file encryption / expiration? (Andru Luvisi) Re: Encoding 56 bit data ---HELP--- ([EMAIL PROTECTED]) Re: Cryptographic voting (Mok-Kong Shen) Re: DES question (Mok-Kong Shen) Re: help for rc5 cryptanalysis (David A. Wagner) Re: My lastest paper on Block Ciphers (Andru Luvisi) Re: Cryptographic voting (Randy Poe) Re: Random IV Generation (David A. Wagner) Re: My lastest paper on Block Ciphers ([EMAIL PROTECTED]) Re: DECT encryption algorithms? (Paul Koning) Re: My lastest paper on Block Ciphers (Paul Koning) Re: OT: Starmath font (Runu Knips) Subject: Re: Statistics of occurences of prime number sequences in PRBG output as From: John [EMAIL PROTECTED] Date: Fri, 09 Jun 2000 08:08:04 -0700 Odd. You would not be able to encrypt much data with just prime #s, as there aren't that many between 0 and 255. If you go higher, you even get less primes. * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- Subject: Re: Thanks Sci.Crypt Readers From: tomstd [EMAIL PROTECTED] Date: Fri, 09 Jun 2000 08:08:45 -0700 Following the advice of Matthew Fisher I installed a postscript printer on my win98 machine... There is a .PS copy of the paper (draft) for ya to read now... http://tomstdenis.com/ffunctions.ps.gz Thanks a bunch, Tom * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- Subject: Re: Statistics of occurences of prime number sequences in PRBG output as From: John [EMAIL PROTECTED] Date: Fri, 09 Jun 2000 08:18:19 -0700 Mathematicians and computer scientists view formulas a bit differently. A mathematical formula can be translated into a computer program. Some computer programs can't always be translated into one simple mathematical formula. * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- From: [EMAIL PROTECTED] (Mark Wooding) Subject: Re: Solution for file encryption / expiration? Date: 9 Jun 2000 15:21:15 GMT RecilS [EMAIL PROTECTED] wrote: HELLO!? Is anyone listening to the question!? You're rude, and you've clearly not been reading the answers properly. We've gotten into a discussion on the viability of PDF's encryption algorithm and whether you should take notes in books or not. Does anyone realize that he's simply copyright protecting a BOOK? He's doing more than that. Encrypting the data and using `trusted' reader software also prevents consumers from properly exercising their fair use rights, to the same extent as it prevents copying the plaintext document. (It doesn't, and indeed can't, stop copying of the ciphertext at all, which is even more of a stupid mess.) If someone really really wants the damn book they are going to [...] But most importantly... E) They are not going to start up the old decryption engine. They don't need to. One of the points being made is that the key is already known to the client computer. It's not a matter of cryptanalysis: it's a matter of picking the key out of some code which already knows it. As long as the encryption format is decently strong, there may be one or at most two idiots out there with enough time and interest to decrypt it. (And they're probably the people who replied to you on this newsgroup) but all in all if someone wants the book, this is NOT how they are going to obtain it. You've also forgotten that, once an unprotected version has been produced, by whatever means, it can be made widely available with negligible cost. P.S. Everything is 'flawed'. Show me one thing on earth that you can prove is completely secure and I will call you god. There's a difference between `flawed' and being a hopelessly misguided failure with questionable ethics. -- [mdw] -- From: Andru Luvisi [EMAIL PROTECTED] Subject: Re: Solution for file encryption / expiration? Date: 09 Jun 2000 08:24:41 -0700 "RecilS" [EMAIL PROTECTED] writes: [snip] But most importantly... E) They are not going to start up the old decryption engine. [snip] Even if your arguments were correct, and the opposing side has been represented well enough that I'm not going to get into that in this post, you are still ignoring the massive inconvenience to users. That is
Cryptography-Digest Digest #988
Cryptography-Digest Digest #988, Volume #10 Thu, 27 Jan 00 18:13:02 EST
Contents:
Re: Any Reference on Cryptanalysis on RSA ? ("Douglas A. Gwyn")
Solitaire Encryption Algorithm question... ("anonymous intentions")
Attack on elliptic curves over GF(2^m), m composite (David Hopwood)
Re: ECM Factoring and RSA Speed Ups (David Hopwood)
Re: Solitaire Encryption Algorithm question... ("r.e.s.")
Re: Solitaire Encryption Algorithm question... ("anonymous intentions")
Re: Court cases on DVD hacking is a problem for all of us (Jere Hakanen)
Re: Best Encryption Software? (Steve K)
Re: Any Reference on Cryptanalysis on RSA ? (John Myre)
Re: NIST, AES at RSA conference (CLSV)
Re: How much does it cost to share knowledge? ("Trevor Jackson, III")
Re: How much does it cost to share knowledge? ("Trevor Jackson, III")
Re: DES Hardare - chips/cores (David Kessner)
Re: Unsafe Advice in Cryptonomicon (Wim Lewis)
Re: Strong stream ciphers besides RC4? (Uri Blumenthal)
From: "Douglas A. Gwyn" [EMAIL PROTECTED]
Subject: Re: Any Reference on Cryptanalysis on RSA ?
Date: Thu, 27 Jan 2000 21:02:40 GMT
"Ip Ting Pong, Vincent" wrote:
Currently, 1024 bit RSA and 64 bit DES are the de facto strong key
length.
DES uses a 56-bit key. It is known to be crackable with today's
technology, with an expenditure of resources that are affordable
in many practical contexts.
I want to know if the "legitimate" key space of 1024 bit RSA key
is more or less equal to 64 bit key?
There is no relationship between the two systems nor their key
lengths.
--
From: "anonymous intentions" [EMAIL PROTECTED]
Subject: Solitaire Encryption Algorithm question...
Date: Thu, 27 Jan 2000 13:35:03 -0800
Hello I read the nomicon, as well as counterpane's page on how to generate
the key and the keystream.
I am stuck on producing a single output character.
The wording is this:
"1. Find the A joker. Move it one card down. (That is, swap it with the card
beneath it.) If the joker is the bottom card of the deck, move it just below
the top card."
"2. Find the B joker. Move it two cards down. If the joker is the bottom
card of the deck, move it just below the second card. If the joker is one up
from the bottom card, move it just below the top card. (Basically, assume
the deck is a loop...you get the idea.) " -source:
http://www.counterpane.com/solitaire.html
Now my problem is that my key looks like this:
.
.
5 diamonds
JOKER B
3 diamonds
8 diamonds
.
.
should I "move" them down such as it would be:
.
.
5 diamonds
3 diamonds
8 diamonds
JOKER B
.
.
or would it instead be "swapped":
.
.
5 diamonds
8 diamonds
3 diamonds
JOKER B
.
.
or something entirely different?!
As one could see I am confused with moving and swapping. I am sitting in
front of my computer trying to do this with a deck of cards and don't want
to move until I get an answer! Thanks!
please post or email!
[EMAIL PROTECTED]
--
Date: Thu, 27 Jan 2000 21:34:46 +
From: David Hopwood [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Attack on elliptic curves over GF(2^m), m composite
=BEGIN PGP SIGNED MESSAGE=
I haven't seen this mentioned on sci.crypt yet, and it is relevant
to people here who are implementing elliptic curve cryptography.
http://www.security.ece.orst.edu/emails/ieee00/0008
From [EMAIL PROTECTED] Sat Jan 15 08:34:24 2000
Date: Fri, 14 Jan 2000 15:38:18 +
From: Nigel Smart [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: P1363: ECC Stuff
-
This is a stds-p1363-discuss broadcast. See the IEEE P1363 web page
(http://grouper.ieee.org/groups/1363/) for more information. For
list info, see http://grouper.ieee.org/groups/1363/maillist.html
-
Hi All,
I think it would be a good idea for the P1363 document to recommend
that in ECC systems in char 2 that the finite field used should be
chosen to be of the PRIME degree over F_2.
It is has been suspected by the experts for some time that curves
over fields of composite degree over F_2 could be weaker. Indeed
G. Frey gave a talk in Waterloo in 1998 which mentioned this idea,
as have a number of other people in other meetings over the last couple
of years.
Just before Xmass at a meeting in Cirencester (UK) on "Coding and
Cryptography", Steven Galbraith presented a joint paper with me
describing further details of the possible problems with such
curves. (The proceedings are available as an LNCS volume).
At this conference we also announced that Florian Hess (Uni. Sydney),
Pierrick Gaudry (\'
Cryptography-Digest Digest #988
Cryptography-Digest Digest #988, Volume #9Thu, 5 Aug 99 01:13:03 EDT
Contents:
Re: What is "the best" file cryptography program out there? (KidMo84)
Question about Enigma (Neil)
About Online Banking Security (KidMo84)
frequency of prime numbers? (Sniggerfardimungus)
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: Question about Enigma (Jim Gillogly)
Re: Question about Enigma (David Hamer)
Re: frequency of prime numbers?
Re: Anonymous Web Browsing (KidMo84)
Re: security of algorithm? (Jim Gillogly)
Re: Is this a new authent/encrypt protocol? ("Dj Browne")
Re: Question about Enigma
Re: frequency of prime numbers? (Jim Gillogly)
Re: Is breaking RSA NP-Complete ? ("rosi")
Looking for GSM Authentication Algorithm A3 (Nikle Lin)
Re: Is this procedure sound ? (John M. Gamble)
Re: where to start? (David A Molnar)
Re: What is "the best" file cryptography program out there? (SCOTT19U.ZIP_GUY)
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: How to keep crypto DLLs Secure? ([EMAIL PROTECTED])
From: [EMAIL PROTECTED] (KidMo84)
Subject: Re: What is "the best" file cryptography program out there?
Date: 05 Aug 1999 02:16:32 GMT
I was thinking along the lines of ScramDisk, i have pgp6.0 off of replay's
site(www.replay.com) and it works pretty good. I guess i should have put
commercial products, even though i was lookin for freeware too. I haven't had
a chance to try out scott16. But i haven't used dos lately. At least i think it
uses dos, somebody might yell at me for that one. I have sort of grown away
from ms-dos, using windows98 at present time that is. Though when you are
recovering information dos is the best way to go.
Signed,
KidMo
--
From: [EMAIL PROTECTED] (Neil)
Subject: Question about Enigma
Date: Thu, 05 Aug 1999 01:25:09 GMT
I'm puzzled a bit..
If the sending and receiving stations each knew the rotor selection
and order, the ring settings and the initial "external" rotor
settings, what was the purpose of sending a "key" ??
I _assume_ that perhaps it was to allow a station receiving the coded
message to start with the prescribed external settings and then
determine a new external rotor setting to actually decode the message.
This would provide many more initial rotor settings than the
prescribed one .. is this correct??
--
From: [EMAIL PROTECTED] (KidMo84)
Subject: About Online Banking Security
Date: 05 Aug 1999 02:31:53 GMT
I was wondering how secure online banking really is. Has there been any
information written up about the topic. Specifically nations bank banking
online, the url is: http://www.nationsbank.com/online/tour/?statecheck=MO
At least for missouri's online banking.
To get to bare bone's they use Secure Socket Layer(SSL) With a password and id.
Signed,
KidMo
--
From: sl3nf.cc@usu@edu (Sniggerfardimungus)
Subject: frequency of prime numbers?
Date: 4 Aug 99 15:15:17 MDT
I ask this question here not because it necessarily relates to cryptography,
but to an interest of cryptographers, prime numbers; is there any reason to
believe that there are either a finite or an infinite number of primes? Even
better, is there any proof either way?
thanks...
rOn
--
From: [EMAIL PROTECTED]
Subject: Re: What is "the best" file cryptography program out there?
Date: Wed, 04 Aug 1999 22:35:25 -0400
That form of implicit trust scares me. What makes a 1024 bit key less
secure then a 4096 bit key? (And if you say ease of solving you have
no clue about the crypto world).
Did I ever say I had a clue about the crypto world? It probably doesn't,
but the big number sure looks cool doesn't it? =)
para-phrase from HOPE conference PGP is good, they will not attack
the math, the math is fine. An attacker will find another way. ...
Basically even 512 bit keys are secure, but with the new technologies
they will fall (in about 5-10 years), note that TWINKLE has never
actually been built. 1024 bit keys requires to much for the 'MATRIX'
step (guassian elimination) to make it feasible. So a 1024-bit key
(heck even 768 bit keys) are fine from a math-attackers standpoint. If
I could just upload a fake key in your name do I need to break the math?
Sure, you could upload a fake key to my name, it wouldn't have any of the
signatures attached to it, but be my guest. My key is on all the default
servers.
--
From: Jim Gillogly [EMAIL PROTECTED]
Subject: Re: Question about Enigma
Date: Wed, 04 Aug 1999 19:26:19 -0700
Neil wrote:
I'm puzzled a bit..
If the sending and receiving stations each knew the rotor selection
and order,
