Cryptography-Digest Digest #806
Cryptography-Digest Digest #806, Volume #13 Mon, 5 Mar 01 13:13:01 EST Contents: Re: Why do people continue to reply to Szopa? (John Savard) passphrase question (Anonymous) Re: Monty Hall problem (was Re: philosophical question?) (Joe H. Acker) passphrase question (Anonymous) Re: The Foolish Dozen or so in This News Group (Richard Herring) Re: Text of Applied Cryptography (Arturo) Re: "RSA vs. One-time-pad" or "the perfect enryption" (Steve Meyer) Avalanche in round keys. ("Simon Johnson") Re: won't you tell me something about my encryption scheme ? ("Simon Johnson") Re: OverWrite freeware completely removes unwanted files fromharddrive (Darren New) Re: "RSA vs. One-time-pad" or "the perfect enryption" ("Simon Johnson") Re: Monty Hall problem (was Re: philosophical question?) (Darren New) Re: Monty Hall problem (was Re: philosophical question?) (Ken Cox) Re: Monty Hall problem (was Re: philosophical question?) (Ken Cox) Re: Monty Hall problem (was Re: philosophical question?) (Ken Cox) Re: Avalanche in round keys. ("Tom St Denis") Re: The Foolish Dozen or so in This News Group (Darren New) Re: The Foolish Dozen or so in This News Group (Darren New) Re: = FBI easily cracks encryption ...? (Free-man) From: [EMAIL PROTECTED] (John Savard) Crossposted-To: alt.hacker Subject: Re: Why do people continue to reply to Szopa? Date: Mon, 05 Mar 2001 13:19:19 GMT On Mon, 05 Mar 2001 01:54:54 GMT, Paul Crowley [EMAIL PROTECTED] wrote, in part: The only reason to post a followup to something he's written is to warn off newcomers who might otherwise believe some outlandish claim or other. Precisely. Unfortunately, that's sufficient reason to post quite a few replies to him. John Savard http://home.ecn.ab.ca/~jsavard/crypto.htm -- Date: Mon, 5 Mar 2001 15:00:02 +0100 From: Anonymous [EMAIL PROTECTED] Subject: passphrase question Crossposted-To: alt.security.pgp I was thinking about using a decryption passphrase for software like PGP and the like that would consist of a very long string of characters like: ..aa$$$fffDDD I would remember the passphrase by just remembering there are 7 periods, 10 a's, 11 $'s, 11f's, and 7 D's, and 4 5's. So, the only thing in my mind would be 7 10 11 7 4 and the characters/numbers used. I know the security in public key encryption lies in the protection of the private key, and that long private key passphrases would make for a more secure system. Not taking into account things like keyloggers, remote electronic monitoring i.e TEMPEST, etc, just how secure is this method choosing a long passphrase? Just using the above letters once, the pass would be: .a$fD5 which is 6 characters in length. But I'm multiplying each character a number of times to get the pass. 7(.)11($)11(f)7(D)4(5) My final passphrase length is 7 + 11 + 11 + 7 + 4 + 5 = 45, which satisfies the long passphrase requirement, and brute forcing something of that length would be difficult from what I've read on the subject. But is the way I'm choosing that long passphrase weak? Is it any different that the original 7 character .a$fD5 passphrase when put up to a brute force? Comments/answers much appreciated, and please reply to the newsgroup only. Thanks, gerry --Part_Boundary-26781F-- -- From: [EMAIL PROTECTED] (Joe H. Acker) Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math Subject: Re: Monty Hall problem (was Re: philosophical question?) Date: Mon, 5 Mar 2001 14:53:45 +0100 "Joe H. Acker" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Here's a problem I have with this explanation: Why can't I say that when Monty opens door 3, there's new evidence: the car is not behind door 3. Thus, the probability that the car is behind door 1 is 1/2, and the probability that it's behind door 2 is also 1/2. That would be true if you picked a door _after_ Monty revealed one of the doors. It is not true if you have already picked a door. Thanks for taking so much time for drawing the truth table. (I've printed it out for later reference.) However, I do not believe that the truth table is correct. I do believe that the probability to win in this special case does *not* depend on my knowledge regarding Monty's choice---wether or not I *know* which goat door Monty will open. The probability to win is determined by the fact that Monty will *always* open a door that does not contain the car. I think that the truth-table may not contain the goat door Monty will always open. It does only contain the door I have picked out and the door that will *always* remain after Monty has opened the goat door. Why do I think so? Because the algorithm Monty implements does
Cryptography-Digest Digest #806
Cryptography-Digest Digest #806, Volume #12 Sun, 1 Oct 00 13:13:00 EDT Contents: Re: NIST Statistical Test Suite ("Paul Pires") Re: GSM tracking (Roger Fleming) Re: Which is better? CRC or Hash? (David Blackman) Re: NIST Statistical Test Suite (Mok-Kong Shen) Re: AES annoucement due Monday 2nd October (Mok-Kong Shen) Question about encryption. ("Melinda Harris") Re: AES annoucement due Monday 2nd October (John Savard) Re: Deadline for AES... (John Savard) Re: The algorithm that can be broken by the U.S. mil and NSA/CIA/FBI wins check out the developers they just want to violate people's freedom of speech rights ... (John Savard) Re: Choice of public exponent in RSA signatures (Francois Grieu) Re: GSM tracking (Marc) Re: Question about encryption. (Serge Paccalin) Re: The algorithm that can be broken by the U.S. mil and NSA/CIA/FBI wins check out the developers they just want to violate people's freedom of speech rights ... (John Savard) Re: Is RC4 a serious cipher? ("CMan") From: "Paul Pires" [EMAIL PROTECTED] Crossposted-To: sci.crypt.random-numbers Subject: Re: NIST Statistical Test Suite Date: Sun, 1 Oct 2000 00:43:42 -0700 Benjamin Goldberg [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Paul Pires wrote: [snip] I hope I am not mis-understanding you. The test suite lists efrc (in the glossary up front) as: "Complementary error function. See efrc" "...is related to the normal edf." Hmm... "You are such a wonderful, stupendous person, I hate telling you there's an error, but..." That kind of complimentary? Ok, what's the normal edf? Error distribution factor? "Ya wanna spread those stupendous goofs around or ya gonna hog em all like normal?" -- ... perfection has been reached not when there is nothing left to add, but when there is nothing left to take away. (from RFC 1925) -- From: [EMAIL PROTECTED] (Roger Fleming) Subject: Re: GSM tracking Date: Sun, 01 Oct 2000 07:53:36 GMT Very interesting discussion about CDMA phones, guys, if not strictly speaking crypto. Just to add .02 about the original thread: I have a GSM phone, and its behaviour is as follows: If I move into a signal shadow, the phone displays: No network. Search networks? Whilst in the shadow area, any amount of pressing "Yes" causes it to spend about 6s going "bip bip", then displaying the same screen again. When you get out of the shadow area, getting it to search networks causes it to take about 6s, then display a list of networks it found, with a # next to the one you were last connected to; you select this one by just pressing "Yes". It then takes about 20s to receive any SMS messages sent while you were in the shadow. On the other hand, if you power the phone off (with or without removing the battery), upon being powered on (after asking for the SIM password) it does _exactly the same thing_ except that it automatically selects the previous network, if it found that one to still be available; it takes the same length of time too, ie 6s. (By experiment with swapping cards, I find that info on last network used lives in the SIM card flash, along with the password, phone number, and user prefs). Furthermore, on standby mode the battery lasts about 5 days; with the phone off (but battery connected) I have found the battery still fully charged after two months. All this leads me to believe that when I turn off my GSM phone, it really is one hundred percent off and capable of neither transmission nor reception. ObCrypto (well, closer than the rest of the thread. Let's call it ObSIGINT): It was suggested that CDMA phones do not easily reveal their distance from the base station, due to automatic power level adjustment. I suspect this is untrue. I have no idea if individual companies can actually access the information through an unmodified base station, but in order to synchronise the spreading signals one or both ends must track the time difference between transmitted and received chips caused by time-of-flight. Now I am no expert on CDMA, but IIRC in the IS-95A specs this is done by both ends, with forward and reverse ends having different chip rates. The reverse (mobile to base) channel has a chip rate of 1.2288 MHz, giving a spacial resolution of about 250m, (with a repeat distance considerably larger than a cell). Good enough for government work. Furthermore a system called "Rake fingers" enables the station to receive and recorrelate time staggered, multipath signals. This provides enough information to, in principle, localise the transmitter from _one_ receiver. All I need to know is the location of the two strongest reflectors in my cell, and do a little trig with
Cryptography-Digest Digest #806
Cryptography-Digest Digest #806, Volume #11 Thu, 18 May 00 04:13:01 EDT Contents: Re: Interesting differentials in BREAKME ("Adam Durana") sci.crypt cipher contest ([EMAIL PROTECTED]) Blowfish and Weak Keys ("Karim A") Re: NSA hardware evaluation of AES finalists (Paul Rubin) From: "Adam Durana" [EMAIL PROTECTED] Subject: Re: Interesting differentials in BREAKME Date: Thu, 18 May 2000 03:10:56 -0400 Ok, Mark, so how did you manage to get a differential of 32/256? Could you enclose your difference distribution table for us? When I created the s-boxes 32 was the maximum differential. Below is the table. The rows are the input XOR and the columns are the output XOR. 25600000000000000 0 4 28 186 16 12 10 10 30 186 22 24 14 16 22 18 12 14 14 12 22 20 20 14 14 22 16 18 16 22 2 10 28 18 160 18 18 16 14 28 16 22 12 16 12 12 12 18 18 10 168 22 20 22 228 26 208 14 12 12 24 26 268 22 10 16 12 10 264 14 12 12 22 12 18 18 18 14 10 24 186 16 10 18 18 16 22 18 16 146 18 22 18 16 18 16 12 16 14 12 20 16 22 8 14 14 24 12 22 14 24 2888 12 12 22 20 14 22 28 12 22 188 16 10 10 10 18 10 16 10 20 26 246 22 12 20 16 12 12 14 26 14 14 20 12 14 18 12 226 12 26 14 14 18 268 18 20 12 22 14 12 248 22 22 16 12 16868 18 20 16 16 26 18 22 14 30 128 10 20 20 164 12 22 10 26 14 16 186 22 14 16 20 12 12 12 30 18 248 20 10 14 14 30 14 18 14 22 16 20 12 10 10 16 24 168 12 4 12 22 12 18 20 16 20 288 22 12 14 14 12 22 22 18 16 28 146 18 10 22 12 14 12 10 18 24 12 10 10 14 20 16 10 24 12 16 20 228 18 26 12 18 16 22 18 14 28 14 16 16 106 14 28 12 106 26 18 14 30 12 104 10 22 24 164 26 168 20 22 8 124 14 24 18 24 20 22 22 108 14 18 18 20 10 20 108 18 18 10 14 18 10 14 18 18 30 22 18 24 14 22 14 12 16 18 12 24 20 12 10 18 10 10 20 22 16 16 14 186 16 20 14 22 16 16 168 18 18 168 14 206 12 168 14 26 10 24 16 24 16 26 10 18 22 14 20 20 14 10 12 10 22 24 14 14 18 14 208 14 30 12 228 226 14 18 10 22 18 16 16 18 16 14 18 12 14 20 16 18 14 206 20 10 18 22 24 18 14 22 12 14 12 12 24 16 20 148 10 22 14 10 14 26 14 14 12 12 26 14 28 14 12 14 16 16 14 6 228 18 18 18 22 12 16 16 14 20 14 12 10 30 20 18 14 20 18 148 24 18 20 12 14 10 248 14 12 22 18 22 20 18 10 10 16 146 18 16 16 10 28 188 26 16 12 22 10 20 18 18 20 12 14 12 22 8 14 12 16 22 16 14 18 20 28 16 18 10 12 14 14 12 148 14 14 14 20 10 14 18 14 18 12 26 28 26 6 12 22 12 24 22 16 22 14 18 10 20 10 24 106 14 18 12 16 14 14 20 20 10 18 14 18 30 24 10 12 6 24 14 22 22 14 18 16 14 188 16 12 16 14 18 10 24 20 18 20 12 184 208 16 18 12 10 14 22 20 12 24 14 128 14 20 16 22 10 20 18 18 10 22 16 16 14 128 14 16 14 26 20 26 18 22 10 18 12 10 20 24 14 24 12 12 20 10 18 10 16 22 144 18 18 10 20 16 18 12 20 12 208 30 14 24 14 16 10 12 20 22 20 10 12 18 20 14 20 14 184 16 16 18 14 14 20 16 16 12 16 14 20 14 22 10 16 28 12 12 14 18 12 14 12 26 18 168 326 22 24 14 166 12 10 20 12 16 16 18 12 20 18 10 20 18 20 14 12 20 106 18 26 126 14 12 12 20 30 22 18 18 18 14 14 14 16 16 24 14 16 18 14 16 16 268 188 18 86 128 26 14 24 22 204 18 16 24 28 16 10 12 20 20 16 10 18 14 10 26 16 24 14 12 12 14 18 14 14
Cryptography-Digest Digest #806
Cryptography-Digest Digest #806, Volume #10 Wed, 29 Dec 99 12:13:02 EST Contents: Re: Synchronised random number generation for one-time pads ("Joseph Ashwood") news about KRYPTOS ("Ferdinando Stehle") Re: Factorization of DDD. Better than Montgomery ? (Angel Garcia) Re: More idiot "security problems" (Terry Ritter) Re: Attacks on a PKI ("Lyal Collins") Re: news about KRYPTOS (Frank Gifford) Re: Grounds for Optimism (John Savard) Re: Attacks on a PKI (Greg) Re: Attacks on a PKI (Greg) Re: Attacks on a PKI (Greg) Re: Attacks on a PKI (Greg) Re: HD encryption passphrase cracked! (fungus) Re: Attacks on a PKI (Greg) Re: Britannica data format? (John Savard) From: "Joseph Ashwood" [EMAIL PROTECTED] Subject: Re: Synchronised random number generation for one-time pads Date: Wed, 29 Dec 1999 00:27:18 -0800 "John E. Gwyn" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Guys, please quit referring to an "XOR" encryption method. XOR is simply a Boolean operation. What you mean is "XOR with a random key as long as the plaintext". I was viewing the determination of key as a seperate process from encryption and given the methods that I am aware of it is typical that the determination of key is seperate from the process of encryption. XOR as I was using it simply refers to a 1-bit cipher which uses only exclusive-OR for the encryption. I don't see where it was ambiguous, we were discussing a specific portion of OTP, and through it stream ciphers. Joseph -- From: "Ferdinando Stehle" [EMAIL PROTECTED] Subject: news about KRYPTOS Date: Wed, 29 Dec 1999 10:39:50 GMT Hi all, after 3 monthes of work on my PENTIUM 90MHz, i may claim that J.Sanborn E.Scheidt didn't use any of the two follwing method to encode KRYPTOS 97 unsolved chars: - a Vigenere substitution (with keyword up to 12 chars long) followed by a transposition - a transposition followed by a Vigenere substitution (with keyword up to 12 chars long) With "Vigenere substitution" i mean the same used for the first part of KRYPTOS: "Between subtle shading"; with alphabet KRYPTOSABCDEF and with a keyword NO longer than 12 chars. With "transposition" i mean the same used in the second part of KRYPTOS: "Slowly desparatly slowly the remains" I've tried every possible transposition (about 1) for every possible substitution with key length up to 12 chars (12 included). Now i'm turning my efforts to try with a rotor machine (Enigma like)... ...but some questions make me uneasy: - why wasting the entire right side of the sculpture devoted to the Vigenere table used only in one third of KRYPTOS ? - why making orthographic errors (despAratly anythingQ) in the transpositional part ? (maybe the errors are meaningful...) - how are the transposition parameters related to the right side of the sculpture ? where can be found hints about the transpositional part ? (for the first part, substitution, you may foun an enormous hint on the right side of the sculpture; but it seems that there are no hints about the transopsitional and the last 97 unsolved chars..) regards Ferdinando -- From: [EMAIL PROTECTED] (Angel Garcia) Crossposted-To: sci.math,sci.math.num-analysis,sci.math.symbolic Subject: Re: Factorization of DDD. Better than Montgomery ? Date: 29 Dec 1999 11:43:29 GMT Reply-To: [EMAIL PROTECTED] (Angel Garcia) Angel Garcia ([EMAIL PROTECTED]) writes: Is it there something not quite tight in Montgomery's analysis ? (see end). I don't see anything wrong nor incomplete in such outstanding 10 lines: On 20oct1996 P.L. Montgomery wrote: Let p be a prime divisor of 10^2997 - 1. By Fermat's little theorem, p divides 10^(p-1) - 1. Therefore p divides 10^g - 1, where g = GCD(2997, p-1). This g is a divisor of 2997, and must be 1, 3, 9, 27, 37, 81, 111, 333, 999, or 2997. If g is less or = 111, then complete factorization of 10^g - 1 is known, so p is one of the known factors. If instead g 111, then g = 333, 999, or 2997. In all three cases, 333 divides g, which in turn divides p-1. Therefore p ==1 (mod 333). Since p must be odd, p==1 (mod 666). --- Update (to december-1999) of all divisors of DDD = (10^2997 - 1)/999^2 which are currently known: The 21 known prime divisors: d1=163 d8=96455449 d2=757 d9=247629013 d3=1999d10=94879787239 d4=9397d11=427437692443 d5=333667 d12=4547142218089 d6=2028119 d13=440334654777631 d7=2462401 d14=676421558270641 d15=30557051518