Cryptography-Digest Digest #806
Cryptography-Digest Digest #806, Volume #13 Mon, 5 Mar 01 13:13:01 EST
Contents:
Re: Why do people continue to reply to Szopa? (John Savard)
passphrase question (Anonymous)
Re: Monty Hall problem (was Re: philosophical question?) (Joe H. Acker)
passphrase question (Anonymous)
Re: The Foolish Dozen or so in This News Group (Richard Herring)
Re: Text of Applied Cryptography (Arturo)
Re: "RSA vs. One-time-pad" or "the perfect enryption" (Steve Meyer)
Avalanche in round keys. ("Simon Johnson")
Re: won't you tell me something about my encryption scheme ? ("Simon Johnson")
Re: OverWrite freeware completely removes unwanted files fromharddrive (Darren New)
Re: "RSA vs. One-time-pad" or "the perfect enryption" ("Simon Johnson")
Re: Monty Hall problem (was Re: philosophical question?) (Darren New)
Re: Monty Hall problem (was Re: philosophical question?) (Ken Cox)
Re: Monty Hall problem (was Re: philosophical question?) (Ken Cox)
Re: Monty Hall problem (was Re: philosophical question?) (Ken Cox)
Re: Avalanche in round keys. ("Tom St Denis")
Re: The Foolish Dozen or so in This News Group (Darren New)
Re: The Foolish Dozen or so in This News Group (Darren New)
Re: = FBI easily cracks encryption ...? (Free-man)
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: alt.hacker
Subject: Re: Why do people continue to reply to Szopa?
Date: Mon, 05 Mar 2001 13:19:19 GMT
On Mon, 05 Mar 2001 01:54:54 GMT, Paul Crowley
[EMAIL PROTECTED] wrote, in part:
The only reason to post a followup to
something he's written is to warn off newcomers who might otherwise
believe some outlandish claim or other.
Precisely. Unfortunately, that's sufficient reason to post quite a few
replies to him.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
--
Date: Mon, 5 Mar 2001 15:00:02 +0100
From: Anonymous [EMAIL PROTECTED]
Subject: passphrase question
Crossposted-To: alt.security.pgp
I was thinking about using a decryption passphrase for software like PGP
and the like that would consist of a very long string of characters like:
..aa$$$fffDDD
I would remember the passphrase by just remembering there are 7 periods, 10
a's, 11 $'s, 11f's, and 7 D's, and 4 5's.
So, the only thing in my mind would be 7 10 11 7 4 and the
characters/numbers used. I know the security in public key encryption lies
in the protection of the private key, and that long private key passphrases
would make for a more secure system. Not taking into account things like
keyloggers, remote electronic monitoring i.e TEMPEST, etc, just how secure
is this method choosing a long passphrase?
Just using the above letters once, the pass would be:
.a$fD5 which is 6 characters in length.
But I'm multiplying each character a number of times to get the pass.
7(.)11($)11(f)7(D)4(5)
My final passphrase length is 7 + 11 + 11 + 7 + 4 + 5 = 45, which satisfies
the long passphrase requirement, and brute forcing something of that length
would be difficult from what I've read on the subject. But is the way I'm
choosing that long passphrase weak? Is it any different that the original
7 character .a$fD5 passphrase when put up to a brute force?
Comments/answers much appreciated, and please reply to the newsgroup only.
Thanks,
gerry
--Part_Boundary-26781F--
--
From: [EMAIL PROTECTED] (Joe H. Acker)
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: Mon, 5 Mar 2001 14:53:45 +0100
"Joe H. Acker" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
Here's a problem I have with this explanation: Why can't I say that
when
Monty opens door 3, there's new evidence: the car is not behind door
3.
Thus, the probability that the car is behind door 1 is 1/2, and the
probability that it's behind door 2 is also 1/2.
That would be true if you picked a door _after_ Monty revealed one of
the doors. It is not true if you have already picked a door.
Thanks for taking so much time for drawing the truth table. (I've
printed it out for later reference.)
However, I do not believe that the truth table is correct. I do believe
that the probability to win in this special case does *not* depend on my
knowledge regarding Monty's choice---wether or not I *know* which goat
door Monty will open. The probability to win is determined by the fact
that Monty will *always* open a door that does not contain the car. I
think that the truth-table may not contain the goat door Monty will
always open. It does only contain the door I have picked out and the
door that will *always* remain after Monty has opened the goat door.
Why do I think so? Because the algorithm Monty implements does
Cryptography-Digest Digest #806
Cryptography-Digest Digest #806, Volume #12 Sun, 1 Oct 00 13:13:00 EDT
Contents:
Re: NIST Statistical Test Suite ("Paul Pires")
Re: GSM tracking (Roger Fleming)
Re: Which is better? CRC or Hash? (David Blackman)
Re: NIST Statistical Test Suite (Mok-Kong Shen)
Re: AES annoucement due Monday 2nd October (Mok-Kong Shen)
Question about encryption. ("Melinda Harris")
Re: AES annoucement due Monday 2nd October (John Savard)
Re: Deadline for AES... (John Savard)
Re: The algorithm that can be broken by the U.S. mil and NSA/CIA/FBI wins check
out the developers they just want to violate people's freedom of speech rights
... (John Savard)
Re: Choice of public exponent in RSA signatures (Francois Grieu)
Re: GSM tracking (Marc)
Re: Question about encryption. (Serge Paccalin)
Re: The algorithm that can be broken by the U.S. mil and NSA/CIA/FBI wins check
out the developers they just want to violate people's freedom of speech rights
... (John Savard)
Re: Is RC4 a serious cipher? ("CMan")
From: "Paul Pires" [EMAIL PROTECTED]
Crossposted-To: sci.crypt.random-numbers
Subject: Re: NIST Statistical Test Suite
Date: Sun, 1 Oct 2000 00:43:42 -0700
Benjamin Goldberg [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
Paul Pires wrote:
[snip]
I hope I am not mis-understanding you. The test suite lists efrc
(in the glossary up front) as:
"Complementary error function. See efrc"
"...is related to the normal edf."
Hmm... "You are such a wonderful, stupendous person, I hate telling you
there's an error, but..." That kind of complimentary?
Ok, what's the normal edf? Error distribution factor?
"Ya wanna spread those stupendous goofs around
or ya gonna hog em all like normal?"
--
... perfection has been reached not when there is nothing left to
add, but when there is nothing left to take away. (from RFC 1925)
--
From: [EMAIL PROTECTED] (Roger Fleming)
Subject: Re: GSM tracking
Date: Sun, 01 Oct 2000 07:53:36 GMT
Very interesting discussion about CDMA phones, guys, if not strictly speaking
crypto. Just to add .02 about the original thread: I have a GSM phone, and its
behaviour is as follows:
If I move into a signal shadow, the phone displays:
No network. Search networks?
Whilst in the shadow area, any amount of pressing "Yes" causes it to spend
about 6s going "bip bip", then displaying the same screen again.
When you get out of the shadow area, getting it to search networks causes it
to take about 6s, then display a list of networks it found, with a # next to
the one you were last connected to; you select this one by just pressing
"Yes". It then takes about 20s to receive any SMS messages sent while you were
in the shadow.
On the other hand, if you power the phone off (with or without removing the
battery), upon being powered on (after asking for the SIM password) it does
_exactly the same thing_ except that it automatically selects the previous
network, if it found that one to still be available; it takes the same length
of time too, ie 6s. (By experiment with swapping cards, I find that info on
last network used lives in the SIM card flash, along with the password, phone
number, and user prefs).
Furthermore, on standby mode the battery lasts about 5 days; with the phone
off (but battery connected) I have found the battery still fully charged after
two months.
All this leads me to believe that when I turn off my GSM phone, it really is
one hundred percent off and capable of neither transmission nor reception.
ObCrypto (well, closer than the rest of the thread. Let's call it ObSIGINT):
It was suggested that CDMA phones do not easily reveal their distance from the
base station, due to automatic power level adjustment. I suspect this is
untrue. I have no idea if individual companies can actually access the
information through an unmodified base station, but in order to synchronise
the spreading signals one or both ends must track the time difference between
transmitted and received chips caused by time-of-flight. Now I am no expert on
CDMA, but IIRC in the IS-95A specs this is done by both ends, with forward and
reverse ends having different chip rates. The reverse (mobile to base) channel
has a chip rate of 1.2288 MHz, giving a spacial resolution of about 250m,
(with a repeat distance considerably larger than a cell). Good enough for
government work.
Furthermore a system called "Rake fingers" enables the station to receive and
recorrelate time staggered, multipath signals. This provides enough
information to, in principle, localise the transmitter from _one_ receiver.
All I need to know is the location of the two strongest reflectors in my
cell, and do a little trig with
Cryptography-Digest Digest #806
Cryptography-Digest Digest #806, Volume #11 Thu, 18 May 00 04:13:01 EDT
Contents:
Re: Interesting differentials in BREAKME ("Adam Durana")
sci.crypt cipher contest ([EMAIL PROTECTED])
Blowfish and Weak Keys ("Karim A")
Re: NSA hardware evaluation of AES finalists (Paul Rubin)
From: "Adam Durana" [EMAIL PROTECTED]
Subject: Re: Interesting differentials in BREAKME
Date: Thu, 18 May 2000 03:10:56 -0400
Ok, Mark, so how did you manage to get a differential of 32/256? Could
you
enclose your difference distribution table for us?
When I created the s-boxes 32 was the maximum differential. Below is the
table. The rows are the input XOR and the columns are the output XOR.
25600000000000000
0
4 28 186 16 12 10 10 30 186 22 24 14 16
22
18 12 14 14 12 22 20 20 14 14 22 16 18 16 22
2
10 28 18 160 18 18 16 14 28 16 22 12 16 12
12
12 18 18 10 168 22 20 22 228 26 208 14
12
12 24 26 268 22 10 16 12 10 264 14 12 12
22
12 18 18 18 14 10 24 186 16 10 18 18 16 22
18
16 146 18 22 18 16 18 16 12 16 14 12 20 16
22
8 14 14 24 12 22 14 24 2888 12 12 22 20
14
22 28 12 22 188 16 10 10 10 18 10 16 10 20
26
246 22 12 20 16 12 12 14 26 14 14 20 12 14
18
12 226 12 26 14 14 18 268 18 20 12 22 14
12
248 22 22 16 12 16868 18 20 16 16 26
18
22 14 30 128 10 20 20 164 12 22 10 26 14
16
186 22 14 16 20 12 12 12 30 18 248 20 10
14
14 30 14 18 14 22 16 20 12 10 10 16 24 168
12
4 12 22 12 18 20 16 20 288 22 12 14 14 12
22
22 18 16 28 146 18 10 22 12 14 12 10 18 24
12
10 10 14 20 16 10 24 12 16 20 228 18 26 12
18
16 22 18 14 28 14 16 16 106 14 28 12 106
26
18 14 30 12 104 10 22 24 164 26 168 20
22
8 124 14 24 18 24 20 22 22 108 14 18 18
20
10 20 108 18 18 10 14 18 10 14 18 18 30 22
18
24 14 22 14 12 16 18 12 24 20 12 10 18 10 10
20
22 16 16 14 186 16 20 14 22 16 16 168 18
18
168 14 206 12 168 14 26 10 24 16 24 16
26
10 18 22 14 20 20 14 10 12 10 22 24 14 14 18
14
208 14 30 12 228 226 14 18 10 22 18 16
16
18 16 14 18 12 14 20 16 18 14 206 20 10 18
22
24 18 14 22 12 14 12 12 24 16 20 148 10 22
14
10 14 26 14 14 12 12 26 14 28 14 12 14 16 16
14
6 228 18 18 18 22 12 16 16 14 20 14 12 10
30
20 18 14 20 18 148 24 18 20 12 14 10 248
14
12 22 18 22 20 18 10 10 16 146 18 16 16 10
28
188 26 16 12 22 10 20 18 18 20 12 14 12 22
8
14 12 16 22 16 14 18 20 28 16 18 10 12 14 14
12
148 14 14 14 20 10 14 18 14 18 12 26 28 26
6
12 22 12 24 22 16 22 14 18 10 20 10 24 106
14
18 12 16 14 14 20 20 10 18 14 18 30 24 10 12
6
24 14 22 22 14 18 16 14 188 16 12 16 14 18
10
24 20 18 20 12 184 208 16 18 12 10 14 22
20
12 24 14 128 14 20 16 22 10 20 18 18 10 22
16
16 14 128 14 16 14 26 20 26 18 22 10 18 12
10
20 24 14 24 12 12 20 10 18 10 16 22 144 18
18
10 20 16 18 12 20 12 208 30 14 24 14 16 10
12
20 22 20 10 12 18 20 14 20 14 184 16 16 18
14
14 20 16 16 12 16 14 20 14 22 10 16 28 12 12
14
18 12 14 12 26 18 168 326 22 24 14 166
12
10 20 12 16 16 18 12 20 18 10 20 18 20 14 12
20
106 18 26 126 14 12 12 20 30 22 18 18 18
14
14 14 16 16 24 14 16 18 14 16 16 268 188
18
86 128 26 14 24 22 204 18 16 24 28 16
10
12 20 20 16 10 18 14 10 26 16 24 14 12 12 14
18
14 14
Cryptography-Digest Digest #806
Cryptography-Digest Digest #806, Volume #10 Wed, 29 Dec 99 12:13:02 EST
Contents:
Re: Synchronised random number generation for one-time pads ("Joseph Ashwood")
news about KRYPTOS ("Ferdinando Stehle")
Re: Factorization of DDD. Better than Montgomery ? (Angel Garcia)
Re: More idiot "security problems" (Terry Ritter)
Re: Attacks on a PKI ("Lyal Collins")
Re: news about KRYPTOS (Frank Gifford)
Re: Grounds for Optimism (John Savard)
Re: Attacks on a PKI (Greg)
Re: Attacks on a PKI (Greg)
Re: Attacks on a PKI (Greg)
Re: Attacks on a PKI (Greg)
Re: HD encryption passphrase cracked! (fungus)
Re: Attacks on a PKI (Greg)
Re: Britannica data format? (John Savard)
From: "Joseph Ashwood" [EMAIL PROTECTED]
Subject: Re: Synchronised random number generation for one-time pads
Date: Wed, 29 Dec 1999 00:27:18 -0800
"John E. Gwyn" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
Guys, please quit referring to an "XOR" encryption method.
XOR is simply a Boolean operation. What you mean is "XOR
with a random key as long as the plaintext".
I was viewing the determination of key as a seperate process from encryption
and given the methods that I am aware of it is typical that the
determination of key is seperate from the process of encryption. XOR as I
was using it simply refers to a 1-bit cipher which uses only exclusive-OR
for the encryption. I don't see where it was ambiguous, we were discussing a
specific portion of OTP, and through it stream ciphers.
Joseph
--
From: "Ferdinando Stehle" [EMAIL PROTECTED]
Subject: news about KRYPTOS
Date: Wed, 29 Dec 1999 10:39:50 GMT
Hi all,
after 3 monthes of work on my PENTIUM 90MHz,
i may claim that J.Sanborn E.Scheidt didn't use any of
the two follwing method to encode KRYPTOS 97 unsolved chars:
- a Vigenere substitution (with keyword up to 12 chars long) followed by a
transposition
- a transposition followed by a Vigenere substitution (with keyword up to 12
chars long)
With "Vigenere substitution" i mean the same used for the first
part of KRYPTOS: "Between subtle shading"; with alphabet
KRYPTOSABCDEF
and with a keyword NO longer than 12 chars.
With "transposition" i mean the same used in the second part of KRYPTOS:
"Slowly desparatly slowly the remains"
I've tried every possible transposition (about 1) for every possible
substitution with key length up to 12 chars (12 included).
Now i'm turning my efforts to try with a rotor machine (Enigma like)...
...but some questions make me uneasy:
- why wasting the entire right side of the sculpture devoted to the Vigenere
table
used only in one third of KRYPTOS ?
- why making orthographic errors (despAratly anythingQ) in the
transpositional part ?
(maybe the errors are meaningful...)
- how are the transposition parameters related to the right side of the
sculpture ?
where can be found hints about the transpositional part ?
(for the first part, substitution, you may foun an enormous hint on the
right side
of the sculpture; but it seems that there are no hints about the
transopsitional and the
last 97 unsolved chars..)
regards
Ferdinando
--
From: [EMAIL PROTECTED] (Angel Garcia)
Crossposted-To: sci.math,sci.math.num-analysis,sci.math.symbolic
Subject: Re: Factorization of DDD. Better than Montgomery ?
Date: 29 Dec 1999 11:43:29 GMT
Reply-To: [EMAIL PROTECTED] (Angel Garcia)
Angel Garcia ([EMAIL PROTECTED]) writes:
Is it there something not quite tight in Montgomery's analysis ? (see end).
I don't see anything wrong nor incomplete in such outstanding 10 lines:
On 20oct1996 P.L. Montgomery wrote:
Let p be a prime divisor of 10^2997 - 1.
By Fermat's little theorem, p divides 10^(p-1) - 1.
Therefore p divides 10^g - 1, where g = GCD(2997, p-1).
This g is a divisor of 2997, and must be
1, 3, 9, 27, 37, 81, 111, 333, 999, or 2997.
If g is less or = 111, then complete factorization of 10^g - 1 is known,
so p is one of the known factors.
If instead g 111, then g = 333, 999, or 2997.
In all three cases, 333 divides g, which in turn divides p-1.
Therefore p ==1 (mod 333). Since p must be odd, p==1 (mod 666).
---
Update (to december-1999) of all divisors of
DDD = (10^2997 - 1)/999^2 which are currently known:
The 21 known prime divisors:
d1=163 d8=96455449
d2=757 d9=247629013
d3=1999d10=94879787239
d4=9397d11=427437692443
d5=333667 d12=4547142218089
d6=2028119 d13=440334654777631
d7=2462401 d14=676421558270641
d15=30557051518
