Cryptography-Digest Digest #54
Cryptography-Digest Digest #54, Volume #14Sun, 1 Apr 01 11:13:00 EDT
Contents:
Re: Data dependent arcfour via sbox feedback ("Bryan Olson")
Re: Advice on storing private keys (those who know me have no need of my name)
Re: AES VS. DES ("Brian Gladman")
Re: Perl public key encryption (those who know me have no need of my name)
Re: Malicious Javascript in Brent Kohler post (was: Re: Who is Brent K Kohler?)
(those who know me have no need of my name)
Re: Symmetric cipher security of GnuPG 1.0.4 (Florian Weimer)
RSA (Yechuri)
Re: RSA ("Sam Simpson")
Re: AES VS. DES ("Tom St Denis")
Re: AES VS. DES (SCOTT19U.ZIP_GUY)
Re: Symmetric cipher security of GnuPG 1.0.4 (SCOTT19U.ZIP_GUY)
Re: AES VS. DES (DJohn37050)
From: "nospam"@"nonsuch.org" ("Bryan Olson")
Subject: Re: Data dependent arcfour via sbox feedback
Date: Sun, 01 Apr 2001 10:16:12 GMT
In article [EMAIL PROTECTED], Terry Ritter wrote:
Bryan Olson wrote:
RC4 and the proposed
modification do not encrypt by substitution of the data
characters; that's what makes Ritter's patent inapplicable.
I can only discuss the issue theoretically: I can't speak to either
RC4 or the current proposal.
Well, you could if you looked at them.
However, the Dynamic Substitution claims do not require encryption by
substitution.
All the claims on encryption methods require two data
sources, the first of which is transformed by substitution
to form the output or substitute values.
[...]
I'm not sure it's been stated, so I'll note an obvious
defect in the proposed scheme: If we grant the attacker
multiple known plaintexts from the same starting state, he
can easily discover the state.
In general, any stream cipher must avoid re-using a previous state.
How about CBC-mode Rijndael? Rijndael is of course a block
cipher, but CBC-mode Rijndael is a stream cipher. I'll let
you choose any texts you like, including the IV so you can
re-start from the same state as often as you like. What can
you recover?
With RC4, state-reset will repeat the PRNG sequence, but
will not reveal the state (under any known attack). With
the modified system, state-rest exposes the state, and thus
the attacker can determine the sequence even beyond the
length of the chosen texts.
--Bryan
--
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: Advice on storing private keys
Date: Sun, 01 Apr 2001 10:24:30 -
[dang, quite a bit of backlog. sorry for the delay.]
[EMAIL PROTECTED] divulged:
don't think I will send digital signatures and certs over packet
radio until I get a ruling from the FCC.
sounds sensible. i would suggest actively pursuing it with them, so
that you get an actual decision. unfortunately it won't help anyone
outside the usa. postcards don't have this problem, i.e., nothing
tremendous had to be negotiated beforehand to prevent it's failure for
some (perhaps large) fraction of the (world-wide) amateur population.
don't forget to remind them that signatures are not the same as
encryption, and they are based on public standards. and that encoding
is no different (in kind) than the signalling used by packet modems, it
does not exclude anyone, because it is also specified by standards and
can be "read" by anyone.
When I have dealt with standard certs before, I found them to be
very error prone.
really? i would be very surprised. x.509 certificates are used
millions of times every day for ssl connections, e.g., e-commerce
mostly.
1. Open source. For it work logbook authors have to put it
into their programs and most are too cheap to pay for it.
openssl can provide all the x.509 related functions you are likely to
need, and it is very open (bsd-based license). see
url:http://www.openssl.org for more information.
if you need to run a ca you might want to look at the openca project,
which is also very open (bsd license). see
url:http://www.sourceforge.com/projects/openca for more information.
gnupg can provide everthing you need for a "web of trust" based model,
and is fairly open (gpl). see url:http://www.gnupg.org for more
information.
your items 2, 3, 4, and 6 are present and very easy to use in either
openssl or gnupg. openca is not as mature, but still very usable.
the requirement that it process a batch of signatures is doable, but
they have to be compared against something, so you'll have to integrate
whatever mechanism you choose and that might mean a little code.
5. The signature with cert should be able to be stored as ascii
in a field of a single line record. The record doesn't have a length
restriction.
typically they are multi-line, but there's no requirement that it be
that format, that i'm aware of. i quickly tested gnupg, e.g.,
Cryptography-Digest Digest #54
Cryptography-Digest Digest #54, Volume #12 Sun, 18 Jun 00 04:13:01 EDT
Contents:
Re: Weight of Digital Signatures (John Savard)
AWFUL PUN (was: Why the golden ratio?) (John Savard)
Re: Cipher design a fading field? ("John A. Malley")
Re: Cipher design a fading field? (Benjamin Goldberg)
Re: Cipher design a fading field? (Benjamin Goldberg)
Re: AWFUL PUN (was: Why the golden ratio?) (Dave Seaman)
Re: AWFUL PUN (was: Why the golden ratio?) (Michael L. Siemon)
Re: MD5 Expansion ([EMAIL PROTECTED])
Re: Multiple encryptions (Mack)
Re: Announce: Catacomb 2.0.0 prerelease (Andru Luvisi)
Re: small subgroups in Blum Blum Shub (Terry Ritter)
Re: small subgroups in Blum Blum Shub (Terry Ritter)
Re: Mixing Xor and Addition (Terry Ritter)
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Weight of Digital Signatures
Date: Sun, 18 Jun 2000 03:45:48 GMT
On Sat, 17 Jun 2000 19:52:13 GMT, Greg [EMAIL PROTECTED] wrote,
in part:
WASHINGTON, June 16 -- The Senate voted unanimously
today to approve a bill that catapults electronic
commerce to a new level by allowing consumers and
businesses to sign contracts online and know that
their e-signature is just as binding as one in ink.
The bill, which passed 87 to 0, has already been
approved by the House and now goes to President
Clinton, who said today that he would sign it
into law.
Off topic a bit, but worth a mention. Kudos to all who have had any
hand in helping the government see the light (finally)...
I really don't know if this is good news.
A law that makes a digital signature "just as binding as one in ink",
when it is so much easier to break into someone's house and read their
hard drive than forge their signature perfectly makes ordinary people
much more vulnerable to forgery than before.
If my private keys, which I use to sign things, exist only in
encrypted form on my computer - so that every time I sign something
digitally, I have to enter my pass phrase - then I have the level of
control needed.
Right now, though, a secure credit card transaction is merely one
encrypted by means of the vendor's public key: the person at the other
end is only transmitting a credit card number. What if the law is so
worded that this is considered a "digital signature", although no
private key on the part of the "signing" party is involved? That is,
what if a stolen credit card number now binds its legitimate owner as
strongly as a signature in pen and ink? It's entirely possible the
law, if it fails to discuss technical issues, could be so worded as to
create such a situation.
Even if that doesn't happen, it is almost certain that people will be
making signatures legally "just as binding as one in ink" using
whatever insecure software is provided by their bank or stockbroker or
utility company...with little real choice in the matter. Hence, this
law could lead to so many people being victimized by insecure systems
- _as to create a clamor for a secure system, designed by the NSA,
with built in key escrow_ as a *preferable* alternative!
John Savard (teneerf -)
http://www.ecn.ab.ca/~jsavard/
--
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: sci.math
Subject: AWFUL PUN (was: Why the golden ratio?)
Date: Sun, 18 Jun 2000 03:53:29 GMT
On Sat, 17 Jun 2000 03:05:51 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
On Thu, 15 Jun 2000 01:15:02 GMT, "Douglas A. Gwyn" [EMAIL PROTECTED]
wrote, in part:
[EMAIL PROTECTED] wrote:
However, there is a formula like what you have mentioned: it isn't all
that simple, and it is due to Srinavasa Ramanujan...
Oh, dear: that should be Srinivasa Ramanujan.
http://mathworld.wolfram.com/GoldenRatio.html
Hm, okay, that's not exactly trivial, but I bet one could find a
similar identity for almost any similar irrational number.
phi(phi-1) = 1
tau(tau-2) = 1
etc. I.e. I don't think it points up anything special about phi.
Well, if that's the case, then there's a mathematician who went around
telling us that Ramanujan and his equations were really something
quite remarkable. I suppose he owes all of us an ... _apology_.
Nobody commented on this awful pun? (As the mathematician in question
is deceased, I suppose he can't do anything but rest on his laurels.)
John Savard (teneerf -)
http://www.ecn.ab.ca/~jsavard/
--
From: "John A. Malley" [EMAIL PROTECTED]
Subject: Re: Cipher design a fading field?
Date: Sat, 17 Jun 2000 21:23:57 -0700
wtshaw wrote:
In article [EMAIL PROTECTED], "John A. Malley"
And this brings out the eerie truth that when the plaintext comes from a
non-Turing-recognizable language, even when one gets the plaintext and
its ciphertext there is NO algorithm able to decide which instance of
the decryption
