Cryptography-Digest Digest #996
Cryptography-Digest Digest #996, Volume #13 Sun, 25 Mar 01 17:13:01 EST
Contents:
Re: Best encryption program for laptop? (Albert P. Belle Isle)
Re: compression ratio as a predicter of cipher strength ("John A. Malley")
Re: compression ratio as a predicter of cipher strength (Frank Gerlach)
Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Bill
Unruh)
Re: compression ratio as a predicter of cipher strength ("Scott Fluhrer")
Re: 64 versus 128 (or bigger) bits cipher data block (Terry Ritter)
Re: Valid condition for multiplicative generator? (Terry Ritter)
Re: compression ratio as a predicter of cipher strength ("Douglas A. Gwyn")
Re: compression ratio as a predicter of cipher strength ("Douglas A. Gwyn")
Re: Compression-encryption with a key (Mok-Kong Shen)
Re: Data dependent arcfour via sbox feedback (Terry Ritter)
His in-law needs TLA (STEELEYE)
Re: Data dependent arcfour via sbox feedback (Mok-Kong Shen)
Arick wants to eat gentle carrots (Anonymous)
[INFO] Uppnorth asks to code PGP code (Nomen Nescio)
[INFO] FBI requires CIA ("A. Melon")
[WARNING] Xganon wants to fist-fuck PGP code ("Public " [EMAIL PROTECTED])
[ANNOUNCE] CIA absolutely needs those Aids-infected NSA ("Public "
[EMAIL PROTECTED])
Arick needs TLA (Anonymous)
Tr: Tuttle would love all NSA (Frog2)
My brother fucking wants gentle jews (Frog2)
My brother sure loves to print terrible republicans (Frog2)
Randseed certainly used some politically correct niggers (Frog2)
Cracow2 used some MIX keys (Nomen Nescio)
From: Albert P. Belle Isle [EMAIL PROTECTED]
Subject: Re: Best encryption program for laptop?
Date: Sun, 25 Mar 2001 14:49:54 -0500
Reply-To: [EMAIL PROTECTED]
On Sun, 25 Mar 2001 04:38:30 GMT, [EMAIL PROTECTED] wrote:
My job is changing, and is going to require me to do some travelling.
I would like to purchase a laptop, and continue to keep my home
finances, and other private data, on it.
what would be the best way to keep data safe, in case the laptop was
stolen? Which encryption program? And, should it be encryption alone,
or encryption coupled with a secure os like NT?
Thanks.
Mr. Wilson:
As you may know, no product can provide "access control" to data on a
hard disk by merely restricting the booting or use of the particular
PC to which that disk is presently connected.
"Access" to your hard disk is by means of a standard connector into
which ANY other PC's drive controller cable may be plugged. Whether
the particular one of the millions of Windows machines currently
attached to that plug is yours or someone else's is pretty much
irrelevant.
You can, of course, cryptographically protect the data stored on your
hard drive, IF you eliminate all of Windows' extra "temporary" copies
of the plaintext, not just the one you replaced with an encrypted
version. This is the fundamental difference between encrypting e-mail
and using encryption as part of storage INFOSEC.
Any supposed data storage security product that doesn't eliminate ALL
copies of plaintext and keying material per DOD 5220.22-M, including
those made by Windows itself in TEMP space and the swapfile (and the
fragments captured into the tail clusters of new files, or into the
interiors of compound files like Word or Excel documents) is an
INFOSEC placebo.
On the other hand, NO product (including ours) can provide "security"
- merely eliminate specific INSECURITIES.
I'd suggest that you try to more precisely define the kinds of threats
which you wish to counter. You might find
http://www.CerberusSystems.com/INFOSEC/threats.htm
useful in starting the definition of your particular threat profile.
I hope you find the tutorials and federal cryptographic standards on
our web-site helpful in filtering various possibilities that are open
to you. If you'd like to try our product offerings, that'd be even
better g.
Albert P. BELLE ISLE
Cerberus Systems, Inc.
ENCRYPTION SOFTWARE with
Forensic Software Countermeasures
http://www.CerberusSystems.com
--
From: "John A. Malley" [EMAIL PROTECTED]
Subject: Re: compression ratio as a predicter of cipher strength
Date: Sun, 25 Mar 2001 12:13:48 -0800
Curtis Williams wrote:
Hi,
An encryption product claims that a ciphertext file should be compressed
and the compression ration is a predictor of cipher strength (i.e. encrypt a
file then zip it. if the compression ratio is 0, the encryption is strong).
Is this valid or snakeoil?
Inability to compress the ciphertext output indicates the absence of
patterns or order in the ciphertext. This is a desirable property. The
detection of patter
Cryptography-Digest Digest #996
Cryptography-Digest Digest #996, Volume #12 Tue, 24 Oct 00 21:13:01 EDT
Contents:
Re: On block encryption processing with intermediate permutations (James Felling)
Re: Rijndael implementations (Tim Tyler)
Re: On block encryption processing with intermediate permutations (Mok-Kong Shen)
Re: GCHQ Challenge (CiPHER)
Re: My comments on AES (Bryan Olson)
Re: Discrete Log Question (Bob Silverman)
Re: SHA-384 and SHA-512 (John Savard)
Re: On block encryption processing with intermediate permutations (Mok-Kong Shen)
Re: I am after a simple one-way encryption algorithm (H.Bruijn)
Re: I am after a simple one-way encryption algorithm (H.Bruijn)
Re: idea for spam free email ("G. Orme")
Re: Finding Sample implementation for DES and IDEA (Steven Wu)
IEEE P1363 Meeting Announcement ("Jerome A. Solinas")
Re: How to post absolutely anything on the Internet anonymously (Eric Smith)
From: James Felling [EMAIL PROTECTED]
Subject: Re: On block encryption processing with intermediate permutations
Date: Tue, 24 Oct 2000 14:57:05 -0500
Mok-Kong Shen wrote:
Bryan Olson wrote:
Mok-Kong Shen wrote:
Suppose one encrypts many double blocks (u, v, u, v) in
a very long message
[...]
I am afraid
that, by going through 8 cycles it would be extremely
hard to identify a path like (u,v,u,v)--(x,y,x,y)--
(e,f,e,f) -- (j,k,j,k) (say) by examining the
frequency distribution alone.
I think we've established that the above is a
misunderstanding of the attack. In the first part of the
attack, a single block (two words) constitutes the entire
message. In the second part, the entire message is two
blocks (four words) in size. The attacker encrypts the same
short messages many times. He does not concatenate them
into one long message and encrypt at once.
The probabilities given in the attack description refer to
encryption of the one-block (two-word) message and the
two-block (four-word) message.
Thanks. It seems now that I am one step further in
understanding you. Please keep on being patient with me.
In the one block (u,v) case, through encrypting a few
hundred times, one achieves that all possible combinations
of permutations (assumed taking place with equal frequency)
occur in the inter-cycle permutation processes. With 6
such processes one gets 2^6 different kinds of ciphertext
blocks of the type (a,b), each with equal frequency. Is
that right?
BTW, I don't understand why do you want to limit to 6
and don't allow 7 permutation processes which is the
actual situation. Does that cause difficulties to your
attack?
Assume that there are N permutation processes. Then
this step generates 2^N blocks all distributed evenly.
By the same argument, in the two block (u,v,u,v) case
(with the same u and v as above) one gets 8^6 different
kinds of ciphertext blocks of the type (c,d,e,f),
again each with equal frequency. Is that right also?
No. That is where things go a little bit weird. Watch this simplified
example and see.
I shall use - to indicate encryption, and = {(x,y) 1/K ...} to
indicate possible permutation results(where (x,y) is the perm, and 1/K
is the probability.
(u,v,u,v) - (a,b,a,b) = { (a,a,b,b) 1/6, (a,b,a,b) 1/6, (b,a,a,b) 1/6,
(b,a,b,a) 1/6, (b,b,a,a) 1/6, (a,b,b,a) 1/6}
so it would be 6^N th possibles distributed again uniformly.
Useful to note. 1/3of the time after a round your output is of the same
form as you input.i.e. (a,b,a,b) in (*,#,*,#) out.
then in 1/3^(N-1) of such cases you end N-1 rounds with an imput to the
next round of (x,y,x,y)-(x1,y1,x1,y1)=
{ (x1,x1,y1,y1) 1/6, (x1,y1,x1,y1) 1/6, (y1,x1,x1,y1) 1/6, (y1,x1,y1,x1)
1/6, (y1,y1,x1,x1) 1/6, (x1,y1,y1,x1) 1/6}
Meaning that in 1^3^N cases you have an input to the last round of the
form. (x1,y1, y1,x1) which will output a message of the form
(x1,y1,y1,x1)-(x2,y2,m,n)= which will be permuted prior to output.
since x2 and y2 and m and n should be familiar ( they are in the list of
2^N pairs that the 1 block encryption generated) you now know that{
(x2,y2) or (y2,x2)} and {(m,n) or (n,m)} are a special pair. This
allows the attacker to know that those two pairs are related up to round
N-1, and differ only on the last round. From there it is comparitively
simple to break a 2 round version of whatever is being used. since
birthday attacks can be done. this should work relatively fast. Thus the
effort needed in total is 4* the amount of effort needed to break a 2
round version of the cypher + the effort to achieve such a birthday
coincidence in the output.
If both answers are yes, I don't yet see how you can
utilize any frequency information in the ciphertext to
guide establishing any set of equations. Could you please
kindly explain?
Thanks in advance.
M. K. Shen
--
From: Tim Tyler [EMAIL PROTECTED]
S
Cryptography-Digest Digest #996
Cryptography-Digest Digest #996, Volume #10 Fri, 28 Jan 00 19:13:01 EST
Contents:
Help needed on peculiar use of cryptography (Sgwbutcher)
Read my messages in alt.politics.org.cia - you will be satisfied ! (Markku J.
Saarelainen)
Re: Mac encryption algorithm? ("Joseph Ashwood")
Re: Help needed on peculiar use of cryptography (John Savard)
Re: Help needed on peculiar use of cryptography (David A Molnar)
Re: Mac encryption algorithm? (Paul Koning)
Re: DES Hardare - chips/cores (Paul Koning)
Re: Pencil paper cipher question (r.e.s.)
Re: designing secure backdoors into the system ("Peter K. Boucher")
Re: designing secure backdoors into the system (Paul Koning)
Re: designing secure backdoors into the system (Samuel Paik)
Re: Intel 810 chipset Random Number Generator (Terry Ritter)
Crypto/Security/Cryptanalysis Papers ("Joseph Ashwood")
From: [EMAIL PROTECTED] (Sgwbutcher)
Subject: Help needed on peculiar use of cryptography
Date: 28 Jan 2000 21:27:34 GMT
Dear forum,
I am an economist and in the course of my work, I often have access to
sensitive information. For example, in a discrimination case, I may have access
to personnel records covering several years for all the employees of a company.
Because I often have to match records across different payperiods, months and
years, a unique identifier is required for each record, often the social
security number. Because of various laws and company policies about the use of
social security numbers or any other identifier, I always sign a
confidentiality agreement with regard to the disclosure of this information.
However, sometimes companies are unwilling to part with information even in the
case of confidentiality agreements.
My question is "is there a way that encryption or a specific use or kind of
encryption can be used so that, say, a social security number can be encrypted
so that the informational value of the cyphertext can be retained but the
plaintext cannot be recovered? and is the code for this method accessible as
the actual implementation may be, depending on the case, in Excel, SAS, C/C++,
Perl or Java?"
I think the most important points are (1) this is permanent encryption--is no
"legitimate" reason why the cyphertext would ever be decrypted and (2) the
domain of the plaintext is very small, 0-9 and short length cyphertext and (3)
the information value of the cyphertext should be the same as the plaintext,
that is, if plaintext A identifies a particular record over 5 years, then
cyphertext A should reference the same records and no others.
One obvious solution is to come up with a new identifier scheme, the problem is
that many IT/DP departments are unwilling to invest the effort and the
databases can be quite large and there may be multiple identifiers.
Additionally, in the case of employee numbers, a simple start at 1001 and go on
approach is how they got their employee numbers to begin with so although you
don't have necessarily the employee number you're looking for, you do have
someone's employee number. This is why I'm looking for something a little more
algorithmic.
Any possible help/suggestions you might be able to provide would be
appreciated.
Thanks,
Steve
==
==
Stephyn G. W. Butcher
Consultant in Labor Economics and Statistics
1760 Euclid St. NW Suite 306
Washington, DC 20009
(202) 745-0114 fax: (202) 745-0446
[EMAIL PROTECTED]
--
From: Markku J. Saarelainen [EMAIL PROTECTED]
Subject: Read my messages in alt.politics.org.cia - you will be satisfied !
Date: Fri, 28 Jan 2000 21:19:28 GMT
Read my messages in alt.politics.org.cia - you will be satisfied.
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: "Joseph Ashwood" [EMAIL PROTECTED]
Subject: Re: Mac encryption algorithm?
Date: Fri, 28 Jan 2000 13:35:49 -
And why is this byte order "wrong" ? Little Endian and
Big
Endian are merely two different byte orders, both of which
have
their advantages and disadvantages.
There are actually algorythms that require a specific
Endianness to be secure. I can't think of which one offhand,
but IIRC an AES candidate was one of these.
Joe
--
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Help needed on peculiar use of cryptography
Date: Fri, 28 Jan 2000 14:58:43 GMT
[EMAIL PROTECTED] (Sgwbutcher) wrote, in part:
a social security number can be encrypted
so that the informational value of the cyphertext can be retained but the
plaintext cannot be recovered?
It is not clear what this wording means. However, a one-way hash
function can allow a social security number to be encrypted so that,
althought the social security number itself cannot be rec
Cryptography-Digest Digest #996
Cryptography-Digest Digest #996, Volume #8 Fri, 29 Jan 99 09:13:02 EST
Contents:
Re: what do u think about this algorithm of mine? ("Uta Loeckx")
Smaller RC6 (handWave)
Fialka Punch Card Speculation
Re: Smaller RC6 (Fabrice Noilhan)
Re: Sanity check on authentication protocol (Paul Onions)
Re: Random numbers generator and Pentium III (R. Knauer)
Re: Random numbers generator and Pentium III (R. Knauer)
Re: Fialka Punch Card Speculation (Frode Weierud)
Re: Coin Toss Theory (R. Knauer)
Re: Random numbers from a sound card? (Patrick Juola)
Re: hardRandNumbGen (Patrick Juola)
Re: hardRandNumbGen (Patrick Juola)
Re: Question on key lengths (Patrick Juola)
From: "Uta Loeckx" [EMAIL PROTECTED]
Subject: Re: what do u think about this algorithm of mine?
Date: Fri, 29 Jan 1999 13:07:50 +0100
Klaus Rohde wrote:
i don't know anything about encryption, but one day i was thinking about
it and had an idea for an algorithm which, as far as i can see, is
unbreakable.
you take byte n of a text stream and XOR it with byte n of the key to
produce byte n of the cipher text.
to me this seem's unbreakable, because by applying the right key any
cipher text can be decoded into literally anything of the same length,
meaning that unless someone has the key, they can't gain anything out of
the cipher text.
Read Bruce Schneier's "Applied Cryptography" and you'll see that you haven't been
the first one to come up with this algorithm. It's about the first thing you
encounter when you start with cryptography as I did myself some months ago. Any
other introduction will do, by the way (Beutelspacher: "Moderne Verfahren der
Kryptographie" for German Speaking is quite funny to read).
If I am not mistaken the thing you re-invented is called "One Time Pad". It is, as
you pointed out, unbreakable. But...
...once you use the key twice or more often, it is most easily breakable. Imagine
two ciphertexts of a certain length L in bits, and ONE key with the very same
length. There are 2^L possible keys, 2^L possible plain texts for each cipher text.
Only a small amount of the possible plain texts make sense, that's why only the
same small amount of the possible keys are candidates for decrypting each
ciphertext. You will hardly find more than one key which fits both ciphertexts if
these ciphertext exceed a (un)certain length. This length depends on the structure
of the encrypted data.
Conclusion: One time pads are used. Spies use them. They may have a one time pad of
some million or so byte key length. Somebody at home can read the ciphertext, but
afterwards they have to throw the key pad away. God help them if some of the
ciphertext gets lost and they do not know which byte of the key they have to use.
The problem is, that you have to transmit the key through a secure channel. But,
since the key is as long as the data, you could as well transmit that (provided you
know it at this point of time).
So, the method does not really apply to a lot of situations where encryption is
needed.
For instance, if you simply want to store a file securely on your computer, it does
not help to encrypt it with a one time pad, because you would have to hide the pad.
Andreas
any thoughts or ideas (or proof that what im saying is nonsense) would be cool.
:-) peter
--
==
Andreas Jaeger
Institut für Geoinformatik, Universität Münster
Robert-Koch-Straße 26/28
D-48149 Münster
Tel.: (0251) 83 - 3 00 11
Fax: (0251) 83 - 3 97 63
mailto:[EMAIL PROTECTED]
==
Andreas Jaeger
Hammer Straße 14
D-48153 Münster
Tel.: (0251) 53 37 78
==
--
From: handWave [EMAIL PROTECTED]
Subject: Smaller RC6
Date: Fri, 29 Jan 1999 04:39:49 -1000
The RC6 candidate for the Advanced Encryption Standard can use small
parameters for smart cards. RC6-w/r/b can use w=32 bit words, r=4 rounds,
and b=10 byte keys. It may use cipher block chaining so the small block
size does not leave it vulnerable to adversaries accumulating a
dictionary of 4 billion words. After 4 rounds, the mixing is nearly
ideal. The 80 bit key is good enough for rock and roll.
--
From: [EMAIL PROTECTED] ()
Subject: Fialka Punch Card Speculation
Date: 29 Jan 99 12:45:27 GMT
The post with "Information Pool" (well, really "inforamtionpool") in the
header concerns Joerg Drobick's web site, with information about some
cipher machines from behind the Iron Curtain.
The Fialka is claimed to be a 10-rotor Enigma, with a punched card
performing the function of the plugboard.
It occurs to me that, if the punched card is used to open connections in a
crossbar patch
