Cryptography-Digest Digest #466
Cryptography-Digest Digest #466, Volume #12 Thu, 17 Aug 00 10:13:01 EDT
Contents:
Re: Cracking RC4-40 in FPGA hardware (Paul Rubin)
Re: New quantum computer - any details? (Gordon Walker)
Re: New Stream Cipher like SEAL ([EMAIL PROTECTED])
Re: OTP using BBS generator? (Mok-Kong Shen)
Re: OTP using BBS generator? (Mok-Kong Shen)
Re: blowfish problem (John Hascall)
Re: 215 Hz five-qubit quantum processor (Dale Pontius)
Re: PGP Algorithm (Sander Vesik)
Re: PGP Algorithm (Sander Vesik)
Re: Is this Diffie-Hellman modification safe? ("Scott Fluhrer")
Re: OTP using BBS generator? (Mok-Kong Shen)
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Cracking RC4-40 in FPGA hardware
Date: 17 Aug 2000 12:09:59 GMT
In article 8ngap1$86k$[EMAIL PROTECTED], [EMAIL PROTECTED] wrote:
In article 8mco74$erk$[EMAIL PROTECTED],
[EMAIL PROTECTED] wrote:
Each cycle requires a memory read and a pair of 8 bit adds, so 10ns
looks like a good estimate. Then we have 10 usec/key, or 10^5 keys
per second. 2^40 is about 10^12, so even with one such piece of
hardware we have 10^7 seconds, or about 2800 hours to search all
keys. We expect success on the average in 1/2 this time, or 1400
hours.
Sorry guys, I've seen your discussion too late. I'd like to say that it
is possible to achieve the speed of 280.000 key/sec on Pentium II/333
(or 45 days to finish 2^40 keys) when cracking simple RC4 (like PDF
implementation) and 180.000 keys/sec (or 70 days) when cracking RC4+MD5
(like MS Word does). It means that on _ONE_ modern P III/1000 the
average time to crack RC4-40 is one week, not 1400 hours ;-).
Remember that the Xilinx chip had 4 of those blocks with 1400 hour
average crack time. So the 4 blocks working together crack in 350
hours on average--half the speed of that PIII/1000. That means a
machine with 50 Xilinx chips can *always* (worst case) crack in under
24 hours and you'd need 25 PIII's to do the same. But the Xilinx
chips cost about 10 USD each and use a lot less power than the
Pentiums. The 50-chip Xilinx machine can probably be built in a
single PC-sized box (card cage with a few wire-wrapped boards) with
materials cost equal to not much more than one or two PIII machines.
To the person who was doing this project: any news?
--
From: Gordon Walker [EMAIL PROTECTED]
Subject: Re: New quantum computer - any details?
Date: Thu, 17 Aug 2000 13:20:26 +0100
On 16 Aug 2000 16:23:54 GMT, Sander Vesik [EMAIL PROTECTED]
wrote:
How long is 'realistical length' and what constitutes a practical
quantum computer? A qc that can crack say 512 bit RSA in say 4 weeks
is practical, but not overly threatening for 16/32 kbit keys that are
still realistically long.
Even if you speed it up 4 times, longer keys are still realistic. Beyond
that, we need something else than RSA.
But by my limited understanding, a quantum computer can bring down the
order of complexity of the factoring problem. Previously adding one or
two bits to the key required a vast increase in processing power to
break it. With an improved O() value for the solving machines you have
the situation where the cracking machines are chasing keylength much
more quickly and that just a few years research might allow the
hardware to catch up with the keylength you have chosen.
--
Gordon Walker
--
From: [EMAIL PROTECTED]
Subject: Re: New Stream Cipher like SEAL
Date: Thu, 17 Aug 2000 12:48:35 GMT
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (Mark Wooding) wrote:
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
hello tom
one question
why in your c code
return (x(r31)) | (x((32-r)31));
you do 31
the processor realize the mask automatically no ???
No. In C, if you shift a value by its bit length or more, the
behaviour
is undefined.
Some processors will give a zero result for a shift by a value greater
than the word length. Others will truncate the the shift amount.
Tom's got this one right.
OPSO for sc1.dat using bits 23 to 32157695
54.433
1.
Ouch! That's really bad.
Sometimes it outputs poorly, but for the most part it appears ok. I
will have to look into it more.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: OTP using BBS generator?
Date: Thu, 17 Aug 2000 15:39:49 +0200
Tim Tyler wrote:
: Bryan Olson wrote:
: : Many times on sci.crypt people have objected to the proof of
: : perfect secrecy for the OTP based on the fact that the zero
: : vector is one of the possible keys. The false logic goes
: : something like: since the OTP is provably secure, and zero
: : is a legal key, then encrypting with the zero key must be
: : secure, and since it obviously isn't the proof must be
: : wrong.
:
: : The OTP theorem doesn't say that
Cryptography-Digest Digest #470
Cryptography-Digest Digest #470, Volume #12 Thu, 17 Aug 00 19:13:01 EDT
Contents:
Re: blowfish problem (Gergo Barany)
Re: books (Ernest Dumenigo)
Re: 1-time pad is not secure... (Darren New)
Re: blowfish problem ("Michael Will")
Re: OT (Proposal of drafting rules of conduct of posting) (Mok-Kong Shen)
Re: Broadcast key Management (Jayant Shukla)
Re: blowfish problem ("Douglas A. Gwyn")
Re: DES: Say it or spell it? (Newbie question) ("Douglas A. Gwyn")
Re: blowfish problem (Gergo Barany)
Re: blowfish problem (Gergo Barany)
Re: 1-time pad is not secure... (Tim Tyler)
Re: DES: Say it or spell it? (Newbie question) (S. T. L.)
Re: Funny Observation (Tim Tyler)
From: [EMAIL PROTECTED] (Gergo Barany)
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Date: 17 Aug 2000 20:12:38 GMT
Daniel Leonard [EMAIL PROTECTED] wrote:
I do not want to be rude, but there are some "errors" in your code.
I do not want to be rude, but your news software posts in some
funky "Quoted-Printable" encoding. It makes your posts hard to read
because it replaces many characters such as '=' with a code like
"=hex", where hex is a character's ASCII code in hexadecimal.
This stinks, please turn it off.
On 17 Aug 2000, John Hascall wrote:
=09out =3D malloc(inLen * 2 + 1);
shouldn't it be:
out =3D malloc((inLen * 2 + 1) * sizeof(char));
/* a char could be more than 1 byte */
No, a char is always one byte in C.
int hexDigit (
=09int=09fourBits
and here, shouldn't it be:
char hexdigit (
char fourBits
/* we use chars, we stay with chars */
If the poster of the code wants to use this broken algorithm, he
should probably use unsigned chars for fiddling with single bytes.
Otherwise, he should use printf() or a lookup table; see below.
) {
=09fourBits =3D 0x0f;=09=09=09=09/* safety first */
=20
=09return (fourBits 10) ? (fourBits + '0') : (fourBits - 10 + 'a');
}
Since you value portability highly, you should have jumped on this.
It relies on the assumption that the characters of the alphabet are
contiguous and in an ascending order in the execution character set.
This is not guaranteed by the standard, and by far not all C
programs run on ASCII machines.
Maybe something like this would be better:
char *hexits = "0123456789abcdef";
unsigned char hexdigit(unsigned char fourBits)
{
fourBits = 0xf;
return hexits[fourBits];
}
Gergo
--
Organic chemistry is the chemistry of carbon compounds. Biochemistry
is the study of carbon compounds that crawl.
-- Mike Adams
--
From: [EMAIL PROTECTED] (Ernest Dumenigo)
Subject: Re: books
Date: 17 Aug 2000 20:12:25 GMT
John A. Malley ([EMAIL PROTECTED]) wrote:
: Might I suggest
: "Cryptography, Theory and Practice" by Douglas R. Stinson,
: "Decrypted Secrets, Methods and Maxims of Cryptology" by F.L. Bauer,
: "Cryptanalysis, A Study of Ciphers and Their Solution" by Helen Fouche
: Gaines,
: "Applied Cryptography, Protocols Algorithms and Source Code in C" by
: Bruce Schneier,
: and either "Military Cryptanalysis Parts I, II, III and IV" by William
: F. Friedman
: or
: "Military Cryptanalytics, Part I, Vol. 1 and 2, and Part II, Vol. 1 and
: 2 " by
: William F. Friedman and L.D. Callimahos
: as a good start.
: (IMHO everything on cryptology from Aegean Park Press is worth reading,
: not just those last two entries in the list.)
: Any of these books are available from Barnes and Noble (bn.com) or
: Amazon.com.
: Aegean Park Press has its own web site at http://www.aegeanparkpress.com
: John A. Malley
: [EMAIL PROTECTED]
Thanks for the suggestions :-)
--
=
Ernest
--
From: Darren New [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: 1-time pad is not secure...
Date: Thu, 17 Aug 2000 21:09:37 GMT
Tim Tyler wrote:
If following a MWI, there are many "me"s and many "post"s. All have
equal rights and status. By saying "this" post, you haven't uniquely
identified anything, since there are many posts which are all claiming
to be "this" post.
To be less silly (and to add something that should have been in the previous
post), if there's nothing random about MWI, what determines which
conciousness sees which pattern of random bits? Since the parallel worlds
cannot interact with each other once "collapsed", making a 2-bit random pad
gives you four worlds which do not communicate. Which one are "you" on, when
you look at the pad? Saying "all of them" doesn't help, because then you've
not only eliminated "random", you've eliminated "unpredictable", and since
everything now is predictable, you have eliminated "secret". Since there is
*always* a world in which you will try the correct key on the first try, how
do you do cryptography if you look at the world that way?
--
Darren New / Senior MTS Free Radical / Invisible Worlds Inc.
San
Cryptography-Digest Digest #471
Cryptography-Digest Digest #471, Volume #12 Fri, 18 Aug 00 00:13:01 EDT
Contents:
Re: blowfish problem ("Douglas A. Gwyn")
Re: DES: Say it or spell it? (Newbie question) (DJohn37050)
Re: Funny Observation ([EMAIL PROTECTED])
Re: DES: Say it or spell it? (Newbie question) ("Adam Smith")
Re: What is up with Intel? (Benjamin Goldberg)
Re: DES: Say it or spell it? (Newbie question) (Nicol So)
Re: New quantum computer - any details? (Bill Unruh)
Re: New quantum computer - any details? (Bill Unruh)
Re: 215 Hz five-qubit quantum processor (Bill Unruh)
Re: 215 Hz five-qubit quantum processor (Bill Unruh)
Re: New Stream Cipher like SEAL ("Scott Fluhrer")
Re: www.curious.4ears ("rosi")
Re: Best AES candidates ?? ("Vic Drastik")
Re: New Stream Cipher like SEAL ("Scott Fluhrer")
Re: New Stream Cipher like SEAL ([EMAIL PROTECTED])
Crossposted-To: comp.lang.c
From: "Douglas A. Gwyn" [EMAIL PROTECTED]
Subject: Re: blowfish problem
Date: Thu, 17 Aug 2000 22:26:32 GMT
Michael Will wrote:
Gergo Barany wrote:
No, a char is always one byte in C.
No, sizeof(char) is always 1 in C.
These are not two ways of saying the same thing.
Actually they are. The C standard uses "byte" and "char"
synonymously; which one is preferred depends on context.
But the long-established meaning of "byte" denotes merely
a contiguous collection of bits, at a specific location
within a generally wider "word", that can be accessed as
a unit. It does not connote "8 bits" (except when
referring to recent storage products, which are all
organized as arrays of 8-bit units). In Internetworking
standards, we generally use "octet" to mean precisely
8 bits, to avoid confusion on non-octet oriented systems.
A C "char" can be represented by any fixed number of bits
from 8 on up. Since the unit of object addressability is
coupled to "char", usually C implementors on an octet-
addressable architure will make "char" 8 bits so as not
to cause undue problems for systems programming. Other
platforms have at times used 9, 16, or other widths for
char.
--
From: [EMAIL PROTECTED] (DJohn37050)
Date: 17 Aug 2000 23:32:41 GMT
Subject: Re: DES: Say it or spell it? (Newbie question)
NIST came up with the term and everyone at NIST calls it "dez"
Don Johnson
--
From: [EMAIL PROTECTED]
Subject: Re: Funny Observation
Date: Thu, 17 Aug 2000 23:55:19 GMT
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
: On Wed, 16 Aug 2000 20:02:06 GMT, [EMAIL PROTECTED] wrote, in
part:
: Anyone ever notice that Dave Scott calls himself the 'Zip Guy' but
: known of his software involves the deflate algorithm.
I believe he has, in fact, used zip compression, for some things.
I would like you to meet "Tom" the ZipGuy.
: I can't fathom why he believes huffman or arith alone is better then
: deflate. I really would like to see him find typical files that
: compress better with his methods then deflate.
Files that compresses better with Huffman or arithmetic compression
alone
exist. It's known that any compressor that doesn't add information
which
isn't present in the original file is optimal for /some/ set of target
files.
I beleive for Huffman/arithmetic schemes, the criterion is something
vaguely along the lines of a fixed frequency of symbols throughout
individual target files. In addition, hHffman schemes prefer it if
these frequencies are exact multiples of two of one another.
Deflate incorporates a huffman coder btw.
: Also time and time again I repeat that smaller files means less
WASTED
: SPACE. Which means the entropy per bit is higher (closer to one)
then
: with the other methods. Doesn't that make sense?
This is true. What is your point?
While size is important, the size of the resulting files is not the
only
criterion when choosing a compression algorithm for use with
encryption.
Think about it. If the compressed file is smaller it can't possible
inject nonrandom data, otherwise it wouldn't compress better. This is
very simple to prove. Consider a huffman codec the best it can get for
ASCII is 8 to 1, but a 12/4 LZSS codec can get 128 to 17 (bits) or
about 16 to 1. This is just LZSS, DEFLATE can get upwards of 1022 to
1...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: "Adam Smith" [EMAIL PROTECTED]
Subject: Re: DES: Say it or spell it? (Newbie question)
Date: Fri, 18 Aug 2000 00:26:47 GMT
Same here...
"S. T. L." [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
I have always said "DES" as three letters, but "IDEA" as a single word.
-*---*---
S.T.L. My Quotes Page * http://quote.cjb.net * leads to my NEW site.
My upgraded Book Reviews Page: * http://sciencebook.cjb.net *
Optimized pngcrush executable now on my Download page!
Long live pngcrush! :-
