Cryptography-Digest Digest #54
Cryptography-Digest Digest #54, Volume #14Sun, 1 Apr 01 11:13:00 EDT Contents: Re: Data dependent arcfour via sbox feedback ("Bryan Olson") Re: Advice on storing private keys (those who know me have no need of my name) Re: AES VS. DES ("Brian Gladman") Re: Perl public key encryption (those who know me have no need of my name) Re: Malicious Javascript in Brent Kohler post (was: Re: Who is Brent K Kohler?) (those who know me have no need of my name) Re: Symmetric cipher security of GnuPG 1.0.4 (Florian Weimer) RSA (Yechuri) Re: RSA ("Sam Simpson") Re: AES VS. DES ("Tom St Denis") Re: AES VS. DES (SCOTT19U.ZIP_GUY) Re: Symmetric cipher security of GnuPG 1.0.4 (SCOTT19U.ZIP_GUY) Re: AES VS. DES (DJohn37050) From: "nospam"@"nonsuch.org" ("Bryan Olson") Subject: Re: Data dependent arcfour via sbox feedback Date: Sun, 01 Apr 2001 10:16:12 GMT In article [EMAIL PROTECTED], Terry Ritter wrote: Bryan Olson wrote: RC4 and the proposed modification do not encrypt by substitution of the data characters; that's what makes Ritter's patent inapplicable. I can only discuss the issue theoretically: I can't speak to either RC4 or the current proposal. Well, you could if you looked at them. However, the Dynamic Substitution claims do not require encryption by substitution. All the claims on encryption methods require two data sources, the first of which is transformed by substitution to form the output or substitute values. [...] I'm not sure it's been stated, so I'll note an obvious defect in the proposed scheme: If we grant the attacker multiple known plaintexts from the same starting state, he can easily discover the state. In general, any stream cipher must avoid re-using a previous state. How about CBC-mode Rijndael? Rijndael is of course a block cipher, but CBC-mode Rijndael is a stream cipher. I'll let you choose any texts you like, including the IV so you can re-start from the same state as often as you like. What can you recover? With RC4, state-reset will repeat the PRNG sequence, but will not reveal the state (under any known attack). With the modified system, state-rest exposes the state, and thus the attacker can determine the sequence even beyond the length of the chosen texts. --Bryan -- From: [EMAIL PROTECTED] (those who know me have no need of my name) Subject: Re: Advice on storing private keys Date: Sun, 01 Apr 2001 10:24:30 - [dang, quite a bit of backlog. sorry for the delay.] [EMAIL PROTECTED] divulged: don't think I will send digital signatures and certs over packet radio until I get a ruling from the FCC. sounds sensible. i would suggest actively pursuing it with them, so that you get an actual decision. unfortunately it won't help anyone outside the usa. postcards don't have this problem, i.e., nothing tremendous had to be negotiated beforehand to prevent it's failure for some (perhaps large) fraction of the (world-wide) amateur population. don't forget to remind them that signatures are not the same as encryption, and they are based on public standards. and that encoding is no different (in kind) than the signalling used by packet modems, it does not exclude anyone, because it is also specified by standards and can be "read" by anyone. When I have dealt with standard certs before, I found them to be very error prone. really? i would be very surprised. x.509 certificates are used millions of times every day for ssl connections, e.g., e-commerce mostly. 1. Open source. For it work logbook authors have to put it into their programs and most are too cheap to pay for it. openssl can provide all the x.509 related functions you are likely to need, and it is very open (bsd-based license). see url:http://www.openssl.org for more information. if you need to run a ca you might want to look at the openca project, which is also very open (bsd license). see url:http://www.sourceforge.com/projects/openca for more information. gnupg can provide everthing you need for a "web of trust" based model, and is fairly open (gpl). see url:http://www.gnupg.org for more information. your items 2, 3, 4, and 6 are present and very easy to use in either openssl or gnupg. openca is not as mature, but still very usable. the requirement that it process a batch of signatures is doable, but they have to be compared against something, so you'll have to integrate whatever mechanism you choose and that might mean a little code. 5. The signature with cert should be able to be stored as ascii in a field of a single line record. The record doesn't have a length restriction. typically they are multi-line, but there's no requirement that it be that format, that i'm aware of. i quickly tested gnupg, e.g.,
Cryptography-Digest Digest #54
Cryptography-Digest Digest #54, Volume #12 Sun, 18 Jun 00 04:13:01 EDT Contents: Re: Weight of Digital Signatures (John Savard) AWFUL PUN (was: Why the golden ratio?) (John Savard) Re: Cipher design a fading field? ("John A. Malley") Re: Cipher design a fading field? (Benjamin Goldberg) Re: Cipher design a fading field? (Benjamin Goldberg) Re: AWFUL PUN (was: Why the golden ratio?) (Dave Seaman) Re: AWFUL PUN (was: Why the golden ratio?) (Michael L. Siemon) Re: MD5 Expansion ([EMAIL PROTECTED]) Re: Multiple encryptions (Mack) Re: Announce: Catacomb 2.0.0 prerelease (Andru Luvisi) Re: small subgroups in Blum Blum Shub (Terry Ritter) Re: small subgroups in Blum Blum Shub (Terry Ritter) Re: Mixing Xor and Addition (Terry Ritter) From: [EMAIL PROTECTED] (John Savard) Subject: Re: Weight of Digital Signatures Date: Sun, 18 Jun 2000 03:45:48 GMT On Sat, 17 Jun 2000 19:52:13 GMT, Greg [EMAIL PROTECTED] wrote, in part: WASHINGTON, June 16 -- The Senate voted unanimously today to approve a bill that catapults electronic commerce to a new level by allowing consumers and businesses to sign contracts online and know that their e-signature is just as binding as one in ink. The bill, which passed 87 to 0, has already been approved by the House and now goes to President Clinton, who said today that he would sign it into law. Off topic a bit, but worth a mention. Kudos to all who have had any hand in helping the government see the light (finally)... I really don't know if this is good news. A law that makes a digital signature "just as binding as one in ink", when it is so much easier to break into someone's house and read their hard drive than forge their signature perfectly makes ordinary people much more vulnerable to forgery than before. If my private keys, which I use to sign things, exist only in encrypted form on my computer - so that every time I sign something digitally, I have to enter my pass phrase - then I have the level of control needed. Right now, though, a secure credit card transaction is merely one encrypted by means of the vendor's public key: the person at the other end is only transmitting a credit card number. What if the law is so worded that this is considered a "digital signature", although no private key on the part of the "signing" party is involved? That is, what if a stolen credit card number now binds its legitimate owner as strongly as a signature in pen and ink? It's entirely possible the law, if it fails to discuss technical issues, could be so worded as to create such a situation. Even if that doesn't happen, it is almost certain that people will be making signatures legally "just as binding as one in ink" using whatever insecure software is provided by their bank or stockbroker or utility company...with little real choice in the matter. Hence, this law could lead to so many people being victimized by insecure systems - _as to create a clamor for a secure system, designed by the NSA, with built in key escrow_ as a *preferable* alternative! John Savard (teneerf -) http://www.ecn.ab.ca/~jsavard/ -- From: [EMAIL PROTECTED] (John Savard) Crossposted-To: sci.math Subject: AWFUL PUN (was: Why the golden ratio?) Date: Sun, 18 Jun 2000 03:53:29 GMT On Sat, 17 Jun 2000 03:05:51 GMT, [EMAIL PROTECTED] (John Savard) wrote, in part: On Thu, 15 Jun 2000 01:15:02 GMT, "Douglas A. Gwyn" [EMAIL PROTECTED] wrote, in part: [EMAIL PROTECTED] wrote: However, there is a formula like what you have mentioned: it isn't all that simple, and it is due to Srinavasa Ramanujan... Oh, dear: that should be Srinivasa Ramanujan. http://mathworld.wolfram.com/GoldenRatio.html Hm, okay, that's not exactly trivial, but I bet one could find a similar identity for almost any similar irrational number. phi(phi-1) = 1 tau(tau-2) = 1 etc. I.e. I don't think it points up anything special about phi. Well, if that's the case, then there's a mathematician who went around telling us that Ramanujan and his equations were really something quite remarkable. I suppose he owes all of us an ... _apology_. Nobody commented on this awful pun? (As the mathematician in question is deceased, I suppose he can't do anything but rest on his laurels.) John Savard (teneerf -) http://www.ecn.ab.ca/~jsavard/ -- From: "John A. Malley" [EMAIL PROTECTED] Subject: Re: Cipher design a fading field? Date: Sat, 17 Jun 2000 21:23:57 -0700 wtshaw wrote: In article [EMAIL PROTECTED], "John A. Malley" And this brings out the eerie truth that when the plaintext comes from a non-Turing-recognizable language, even when one gets the plaintext and its ciphertext there is NO algorithm able to decide which instance of the decryption