Cryptography-Digest Digest #466
Cryptography-Digest Digest #466, Volume #12 Thu, 17 Aug 00 10:13:01 EDT Contents: Re: Cracking RC4-40 in FPGA hardware (Paul Rubin) Re: New quantum computer - any details? (Gordon Walker) Re: New Stream Cipher like SEAL ([EMAIL PROTECTED]) Re: OTP using BBS generator? (Mok-Kong Shen) Re: OTP using BBS generator? (Mok-Kong Shen) Re: blowfish problem (John Hascall) Re: 215 Hz five-qubit quantum processor (Dale Pontius) Re: PGP Algorithm (Sander Vesik) Re: PGP Algorithm (Sander Vesik) Re: Is this Diffie-Hellman modification safe? ("Scott Fluhrer") Re: OTP using BBS generator? (Mok-Kong Shen) From: [EMAIL PROTECTED] (Paul Rubin) Subject: Re: Cracking RC4-40 in FPGA hardware Date: 17 Aug 2000 12:09:59 GMT In article 8ngap1$86k$[EMAIL PROTECTED], [EMAIL PROTECTED] wrote: In article 8mco74$erk$[EMAIL PROTECTED], [EMAIL PROTECTED] wrote: Each cycle requires a memory read and a pair of 8 bit adds, so 10ns looks like a good estimate. Then we have 10 usec/key, or 10^5 keys per second. 2^40 is about 10^12, so even with one such piece of hardware we have 10^7 seconds, or about 2800 hours to search all keys. We expect success on the average in 1/2 this time, or 1400 hours. Sorry guys, I've seen your discussion too late. I'd like to say that it is possible to achieve the speed of 280.000 key/sec on Pentium II/333 (or 45 days to finish 2^40 keys) when cracking simple RC4 (like PDF implementation) and 180.000 keys/sec (or 70 days) when cracking RC4+MD5 (like MS Word does). It means that on _ONE_ modern P III/1000 the average time to crack RC4-40 is one week, not 1400 hours ;-). Remember that the Xilinx chip had 4 of those blocks with 1400 hour average crack time. So the 4 blocks working together crack in 350 hours on average--half the speed of that PIII/1000. That means a machine with 50 Xilinx chips can *always* (worst case) crack in under 24 hours and you'd need 25 PIII's to do the same. But the Xilinx chips cost about 10 USD each and use a lot less power than the Pentiums. The 50-chip Xilinx machine can probably be built in a single PC-sized box (card cage with a few wire-wrapped boards) with materials cost equal to not much more than one or two PIII machines. To the person who was doing this project: any news? -- From: Gordon Walker [EMAIL PROTECTED] Subject: Re: New quantum computer - any details? Date: Thu, 17 Aug 2000 13:20:26 +0100 On 16 Aug 2000 16:23:54 GMT, Sander Vesik [EMAIL PROTECTED] wrote: How long is 'realistical length' and what constitutes a practical quantum computer? A qc that can crack say 512 bit RSA in say 4 weeks is practical, but not overly threatening for 16/32 kbit keys that are still realistically long. Even if you speed it up 4 times, longer keys are still realistic. Beyond that, we need something else than RSA. But by my limited understanding, a quantum computer can bring down the order of complexity of the factoring problem. Previously adding one or two bits to the key required a vast increase in processing power to break it. With an improved O() value for the solving machines you have the situation where the cracking machines are chasing keylength much more quickly and that just a few years research might allow the hardware to catch up with the keylength you have chosen. -- Gordon Walker -- From: [EMAIL PROTECTED] Subject: Re: New Stream Cipher like SEAL Date: Thu, 17 Aug 2000 12:48:35 GMT In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Mark Wooding) wrote: [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: hello tom one question why in your c code return (x(r31)) | (x((32-r)31)); you do 31 the processor realize the mask automatically no ??? No. In C, if you shift a value by its bit length or more, the behaviour is undefined. Some processors will give a zero result for a shift by a value greater than the word length. Others will truncate the the shift amount. Tom's got this one right. OPSO for sc1.dat using bits 23 to 32157695 54.433 1. Ouch! That's really bad. Sometimes it outputs poorly, but for the most part it appears ok. I will have to look into it more. Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: OTP using BBS generator? Date: Thu, 17 Aug 2000 15:39:49 +0200 Tim Tyler wrote: : Bryan Olson wrote: : : Many times on sci.crypt people have objected to the proof of : : perfect secrecy for the OTP based on the fact that the zero : : vector is one of the possible keys. The false logic goes : : something like: since the OTP is provably secure, and zero : : is a legal key, then encrypting with the zero key must be : : secure, and since it obviously isn't the proof must be : : wrong. : : : The OTP theorem doesn't say that
Cryptography-Digest Digest #470
Cryptography-Digest Digest #470, Volume #12 Thu, 17 Aug 00 19:13:01 EDT Contents: Re: blowfish problem (Gergo Barany) Re: books (Ernest Dumenigo) Re: 1-time pad is not secure... (Darren New) Re: blowfish problem ("Michael Will") Re: OT (Proposal of drafting rules of conduct of posting) (Mok-Kong Shen) Re: Broadcast key Management (Jayant Shukla) Re: blowfish problem ("Douglas A. Gwyn") Re: DES: Say it or spell it? (Newbie question) ("Douglas A. Gwyn") Re: blowfish problem (Gergo Barany) Re: blowfish problem (Gergo Barany) Re: 1-time pad is not secure... (Tim Tyler) Re: DES: Say it or spell it? (Newbie question) (S. T. L.) Re: Funny Observation (Tim Tyler) From: [EMAIL PROTECTED] (Gergo Barany) Crossposted-To: comp.lang.c Subject: Re: blowfish problem Date: 17 Aug 2000 20:12:38 GMT Daniel Leonard [EMAIL PROTECTED] wrote: I do not want to be rude, but there are some "errors" in your code. I do not want to be rude, but your news software posts in some funky "Quoted-Printable" encoding. It makes your posts hard to read because it replaces many characters such as '=' with a code like "=hex", where hex is a character's ASCII code in hexadecimal. This stinks, please turn it off. On 17 Aug 2000, John Hascall wrote: =09out =3D malloc(inLen * 2 + 1); shouldn't it be: out =3D malloc((inLen * 2 + 1) * sizeof(char)); /* a char could be more than 1 byte */ No, a char is always one byte in C. int hexDigit ( =09int=09fourBits and here, shouldn't it be: char hexdigit ( char fourBits /* we use chars, we stay with chars */ If the poster of the code wants to use this broken algorithm, he should probably use unsigned chars for fiddling with single bytes. Otherwise, he should use printf() or a lookup table; see below. ) { =09fourBits =3D 0x0f;=09=09=09=09/* safety first */ =20 =09return (fourBits 10) ? (fourBits + '0') : (fourBits - 10 + 'a'); } Since you value portability highly, you should have jumped on this. It relies on the assumption that the characters of the alphabet are contiguous and in an ascending order in the execution character set. This is not guaranteed by the standard, and by far not all C programs run on ASCII machines. Maybe something like this would be better: char *hexits = "0123456789abcdef"; unsigned char hexdigit(unsigned char fourBits) { fourBits = 0xf; return hexits[fourBits]; } Gergo -- Organic chemistry is the chemistry of carbon compounds. Biochemistry is the study of carbon compounds that crawl. -- Mike Adams -- From: [EMAIL PROTECTED] (Ernest Dumenigo) Subject: Re: books Date: 17 Aug 2000 20:12:25 GMT John A. Malley ([EMAIL PROTECTED]) wrote: : Might I suggest : "Cryptography, Theory and Practice" by Douglas R. Stinson, : "Decrypted Secrets, Methods and Maxims of Cryptology" by F.L. Bauer, : "Cryptanalysis, A Study of Ciphers and Their Solution" by Helen Fouche : Gaines, : "Applied Cryptography, Protocols Algorithms and Source Code in C" by : Bruce Schneier, : and either "Military Cryptanalysis Parts I, II, III and IV" by William : F. Friedman : or : "Military Cryptanalytics, Part I, Vol. 1 and 2, and Part II, Vol. 1 and : 2 " by : William F. Friedman and L.D. Callimahos : as a good start. : (IMHO everything on cryptology from Aegean Park Press is worth reading, : not just those last two entries in the list.) : Any of these books are available from Barnes and Noble (bn.com) or : Amazon.com. : Aegean Park Press has its own web site at http://www.aegeanparkpress.com : John A. Malley : [EMAIL PROTECTED] Thanks for the suggestions :-) -- = Ernest -- From: Darren New [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: 1-time pad is not secure... Date: Thu, 17 Aug 2000 21:09:37 GMT Tim Tyler wrote: If following a MWI, there are many "me"s and many "post"s. All have equal rights and status. By saying "this" post, you haven't uniquely identified anything, since there are many posts which are all claiming to be "this" post. To be less silly (and to add something that should have been in the previous post), if there's nothing random about MWI, what determines which conciousness sees which pattern of random bits? Since the parallel worlds cannot interact with each other once "collapsed", making a 2-bit random pad gives you four worlds which do not communicate. Which one are "you" on, when you look at the pad? Saying "all of them" doesn't help, because then you've not only eliminated "random", you've eliminated "unpredictable", and since everything now is predictable, you have eliminated "secret". Since there is *always* a world in which you will try the correct key on the first try, how do you do cryptography if you look at the world that way? -- Darren New / Senior MTS Free Radical / Invisible Worlds Inc. San
Cryptography-Digest Digest #471
Cryptography-Digest Digest #471, Volume #12 Fri, 18 Aug 00 00:13:01 EDT Contents: Re: blowfish problem ("Douglas A. Gwyn") Re: DES: Say it or spell it? (Newbie question) (DJohn37050) Re: Funny Observation ([EMAIL PROTECTED]) Re: DES: Say it or spell it? (Newbie question) ("Adam Smith") Re: What is up with Intel? (Benjamin Goldberg) Re: DES: Say it or spell it? (Newbie question) (Nicol So) Re: New quantum computer - any details? (Bill Unruh) Re: New quantum computer - any details? (Bill Unruh) Re: 215 Hz five-qubit quantum processor (Bill Unruh) Re: 215 Hz five-qubit quantum processor (Bill Unruh) Re: New Stream Cipher like SEAL ("Scott Fluhrer") Re: www.curious.4ears ("rosi") Re: Best AES candidates ?? ("Vic Drastik") Re: New Stream Cipher like SEAL ("Scott Fluhrer") Re: New Stream Cipher like SEAL ([EMAIL PROTECTED]) Crossposted-To: comp.lang.c From: "Douglas A. Gwyn" [EMAIL PROTECTED] Subject: Re: blowfish problem Date: Thu, 17 Aug 2000 22:26:32 GMT Michael Will wrote: Gergo Barany wrote: No, a char is always one byte in C. No, sizeof(char) is always 1 in C. These are not two ways of saying the same thing. Actually they are. The C standard uses "byte" and "char" synonymously; which one is preferred depends on context. But the long-established meaning of "byte" denotes merely a contiguous collection of bits, at a specific location within a generally wider "word", that can be accessed as a unit. It does not connote "8 bits" (except when referring to recent storage products, which are all organized as arrays of 8-bit units). In Internetworking standards, we generally use "octet" to mean precisely 8 bits, to avoid confusion on non-octet oriented systems. A C "char" can be represented by any fixed number of bits from 8 on up. Since the unit of object addressability is coupled to "char", usually C implementors on an octet- addressable architure will make "char" 8 bits so as not to cause undue problems for systems programming. Other platforms have at times used 9, 16, or other widths for char. -- From: [EMAIL PROTECTED] (DJohn37050) Date: 17 Aug 2000 23:32:41 GMT Subject: Re: DES: Say it or spell it? (Newbie question) NIST came up with the term and everyone at NIST calls it "dez" Don Johnson -- From: [EMAIL PROTECTED] Subject: Re: Funny Observation Date: Thu, 17 Aug 2000 23:55:19 GMT In article [EMAIL PROTECTED], [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: : On Wed, 16 Aug 2000 20:02:06 GMT, [EMAIL PROTECTED] wrote, in part: : Anyone ever notice that Dave Scott calls himself the 'Zip Guy' but : known of his software involves the deflate algorithm. I believe he has, in fact, used zip compression, for some things. I would like you to meet "Tom" the ZipGuy. : I can't fathom why he believes huffman or arith alone is better then : deflate. I really would like to see him find typical files that : compress better with his methods then deflate. Files that compresses better with Huffman or arithmetic compression alone exist. It's known that any compressor that doesn't add information which isn't present in the original file is optimal for /some/ set of target files. I beleive for Huffman/arithmetic schemes, the criterion is something vaguely along the lines of a fixed frequency of symbols throughout individual target files. In addition, hHffman schemes prefer it if these frequencies are exact multiples of two of one another. Deflate incorporates a huffman coder btw. : Also time and time again I repeat that smaller files means less WASTED : SPACE. Which means the entropy per bit is higher (closer to one) then : with the other methods. Doesn't that make sense? This is true. What is your point? While size is important, the size of the resulting files is not the only criterion when choosing a compression algorithm for use with encryption. Think about it. If the compressed file is smaller it can't possible inject nonrandom data, otherwise it wouldn't compress better. This is very simple to prove. Consider a huffman codec the best it can get for ASCII is 8 to 1, but a 12/4 LZSS codec can get 128 to 17 (bits) or about 16 to 1. This is just LZSS, DEFLATE can get upwards of 1022 to 1... Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: "Adam Smith" [EMAIL PROTECTED] Subject: Re: DES: Say it or spell it? (Newbie question) Date: Fri, 18 Aug 2000 00:26:47 GMT Same here... "S. T. L." [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... I have always said "DES" as three letters, but "IDEA" as a single word. -*---*--- S.T.L. My Quotes Page * http://quote.cjb.net * leads to my NEW site. My upgraded Book Reviews Page: * http://sciencebook.cjb.net * Optimized pngcrush executable now on my Download page! Long live pngcrush! :-