Searching \ for 'Encryption - OT' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=encryption
Search entire site for: 'Encryption - OT'.

Truncated match.
PICList Thread
'Encryption - OT'
1998\03\25@042832 by Peter Neubert

flavicon
face
Hi All

We are curently doing a software project for a customer and we are working
On-Site, we have however reason to suspect that some people are trying to
enter our computers when we are not there (once 1 pc had been opened and not
closed well etc)(Paranoid ? who me :-)

What we are looking for is some kind of nice simple utility to encrypt our
project directories with source code when we are off-site

If anyone knows about such a product - preferably shareware, freeware :-)
with a nice tight 128/64  bit encryption it would be great

TIA

Peter Neubert
Mauritius

1998\03\25@062530 by Mike Watson

flavicon
picon face
In message  <01bd57cc$4e27d4a0$66010128@baby> spam_OUTPICLISTTakeThisOuTspamMITVMA.MIT.EDU writes:
> Hi All
>
> We are curently doing a software project for a customer and we are working
> On-Site, we have however reason to suspect that some people are trying to
> enter our computers when we are not there (once 1 pc had been opened and not
> closed well etc)(Paranoid ? who me :-)
>
> What we are looking for is some kind of nice simple utility to encrypt our
> project directories with source code when we are off-site
>
> If anyone knows about such a product - preferably shareware, freeware :-)
> with a nice tight 128/64  bit encryption it would be great
>
> TIA
>

Peter

PKZIP can store complete directory trees in a single file and
will compress and encrypt if you want it to.

Regards,

Mike Watson

--
Denison Mayes Group

1998\03\25@070203 by Deza Asensio, Roberto

flavicon
face
Hi Mike, Peter and all,

At 12:20 25/03/98 GMT, Mike Watson wrote:
>At 11:59 25/03/98 +0300, Peter Neubert wrote:
<snip>
{Quote hidden}

Well, have care as it's possible to break PKZIP encryption and not only
"guessing" the password (with a "dictionary" program :-). For details have
a look at:

       <http://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html>

and related links.

P.D. I'm not "paranoid" about security, but like to know the facts.


Best regards:

--
Roberto Deza Asensio        |  .....rdezaKILLspamspam@spam@popmail.cti.unav.es
Universidad de Navarra      |  rdezaspamKILLspamcun.unav.es
Data Procesing Center       |  .....rdaKILLspamspam.....cpd.unav.es

1998\03\25@073146 by mjb

flavicon
face
Peter Neubert writes:
>
> Hi All
>
> We are curently doing a software project for a customer and we are working
> On-Site, we have however reason to suspect that some people are trying to
> enter our computers when we are not there (once 1 pc had been opened and not
> closed well etc)(Paranoid ? who me :-)
>
> What we are looking for is some kind of nice simple utility to encrypt our
> project directories with source code when we are off-site
>
> If anyone knows about such a product - preferably shareware, freeware :-)
> with a nice tight 128/64  bit encryption it would be great
>
> TIA
>
> Peter Neubert
> Mauritius
>

You can zip the directory into a file, and use PGP to encrypt it.  Take your
private keys with you on a floppy.  Both pgp and pkzip are available
as shareware.  But becareful to wipe the deleted files off the drive with
some sort of security utility that "fully" erases the file.  Pkzip is
available everywhere, and go to http://www.pgp.com for pgp.

Matt


-----------------------------
Matt Bennett                |
EraseMEmjbspam_OUTspamTakeThisOuThazmat.com              |
http://www.hazmat.com/~mjb/ |

1998\03\25@082238 by Leon Heller

flavicon
picon face
In message <01bd57cc$4e27d4a0$66010128@baby>, Peter Neubert
<neubertspamspam_OUTBOW.INTNET.MU> writes
>Hi All
>
>We are curently doing a software project for a customer and we are working
>On-Site, we have however reason to suspect that some people are trying to
>enter our computers when we are not there (once 1 pc had been opened and not
>closed well etc)(Paranoid ? who me :-)
>
>What we are looking for is some kind of nice simple utility to encrypt our
>project directories with source code when we are off-site
>
>If anyone knows about such a product - preferably shareware, freeware :-)
>with a nice tight 128/64  bit encryption it would be great


PGP (Pretty Good Privacy) is *very* secure (up to military security
levels), is quite easy to use, and is PD. It's so secure that Phil
Zimmerman, who wrote it, got into trouble with the FBI, for exporting
munitions. They dropped the charges, eventually. It's available all over
the place.

Leon
--
Leon Heller: @spam@leonKILLspamspamlfheller.demon.co.uk http://www.lfheller.demon.co.uk
Amateur Radio Callsign G1HSM    Tel: +44 (0) 118 947 1424
See http://www.lfheller.demon.co.uk/dds.htm for details of my AD9850
DDS system. See " "/diy_dsp.htm for a simple DIY DSP ADSP-2104 system.

1998\03\25@095737 by Bob Fehrenbach

picon face
Peter Neubert <KILLspamneubertKILLspamspamBOW.INTNET.MU> wrote:
>If anyone knows about such a product - preferably shareware, freeware :-)
>with a nice tight 128/64  bit encryption it would be great

  PGP (Pretty Good Privacy) is readily available.  Check the
  Simtel archives.  In addition to its public key encryption
  it will do conventional encryption.  And it's free!


--
Bob Fehrenbach    Wauwatosa, WI     RemoveMEbfehrenbTakeThisOuTspamexecpc.com

1998\03\25@095741 by Bob Fehrenbach

picon face
Mike Watson <spamBeGonemikespamBeGonespamD-M-G.DEMON.CO.UK> wrote:
>PKZIP can store complete directory trees in a single file and
>will compress and encrypt if you want it to.

  I believe that this feature is only available in the
  registered version.  But then we all register our
  shareware, don't we?


--
Bob Fehrenbach    Wauwatosa, WI     TakeThisOuTbfehrenbEraseMEspamspam_OUTexecpc.com

1998\03\25@120033 by DREITEK

picon face
In a message dated 98-03-25 04:29:07 EST, you write:

<<
Hi All

We are curently doing a software project for a customer and we are working
On-Site, we have however reason to suspect that some people are trying to
enter our computers when we are not there (once 1 pc had been opened and not
closed well etc)(Paranoid ? who me :-)

What we are looking for is some kind of nice simple utility to encrypt our
project directories with source code when we are off-site

If anyone knows about such a product - preferably shareware, freeware :-)
with a nice tight 128/64  bit encryption it would be great

TIA

Peter Neubert
Mauritius
 >>
Hi Peter!
I had the same problem at a company in South Korea.  They would take me out to
lunch and then try to extract source code from my lap top computer.  I was
tipped off by a Korean engineer that I had made friends with.  He hated his
boss and gave me quite a bit of information while I was there.  I did several
things to thwart their efforts.  I first of all set the bios password.  This
is easy to defeat but it slows them down.  (Actuall in Korea they never got
past this!!  They never thought of removing the batter and letting the CMOS
ram run down.  The simplest is often the best.)  The secon thing I did was to
use PKZIP to pack everything into a zip file.  I password protected the ZIP
file with a long string of characters and numbers.  Very hard to crack
quickly.  When ever I was going to work on the source code I would unzip the
files into a directory and re-ZIP everything when I was going to quit working.
Then I would use a utility like Norton's Wipedisk to completely destroy the
unzipped version.
If you have a little more time, get a developers kit from RAINBOW TECHNOLOGY.
They sell VERY nice hardware protection keys.  The developer kit comes with 5
keys.  It was about $150 US  I think.  We use them for all our industrial
software.  The Rainbow software programs the key for you and then encripts you
EXE files and ANY other files that you want to keep secret.  If you execute
the EXE without the key in place the computer simply says "NO SECURITY KEY
FOUND". and refuses to run.  If the key is removed while the EXE is running,
the EXE file freezes and just beeps.  It resumes when the key is replaced.
This is the simplest form of protection from Rainbow.  You can also add calls
to their library to protect your stuff even better.  When you leave for lunch
or the day just slip the key into your pocket.  All they will be able to get
is scrambled junk.

Hope this helps

Dave Duley
V.P. Dreitek
RemoveMEdduleyspamTakeThisOuTdreitek.com

1998\03\25@122759 by Good Andrew (Sitzman)

flavicon
face
actually - they could have just removed the harddrive and popped it into
either another laptop, or with a $8 adapter, plugged it into a normal pc.
They could have then copied the encrypted zip and cracked it at their own
leisure after you left.  After all, there are programs which can crack zip
passwords -- if you only used letters and numbers (and not ascii codes),
then it would be about a week or so on a pentium 200 to crack a normal 8-9
length paSsword.  Data is never secure -- just take the laptop with you!


On Wed, 25 Mar 1998, DREITEK wrote:

{Quote hidden}

1998\03\25@124841 by William Cornutt

flavicon
face
A solution may be to use a iomega type zip drive
for source code.  And take disk home each night
where you can back it up and archive a copy off
site.


**************************************************

Bill C.     EraseMEwcornuttspamslip.net

The speculative check instruction must be separate
>from the speculative load because the CPU can't
always determine the validity of the data when
speculatively loading it from memory.
         BYTE  March 1998

**************************************************

1998\03\25@135100 by Mike Watson

flavicon
picon face
In message  <RemoveMEBoRG1Yi8a8bd089ynEraseMEspamEraseMEexecpc.com> RemoveMEPICLISTspam_OUTspamKILLspamMITVMA.MIT.EDU writes:
> Mike Watson <RemoveMEmikeTakeThisOuTspamspamD-M-G.DEMON.CO.UK> wrote:
> >PKZIP can store complete directory trees in a single file and
> >will compress and encrypt if you want it to.
>
>    I believe that this feature is only available in the
>    registered version.  But then we all register our
>    shareware, don't we?
>

The one I use is registered, so maybe I'm getting confused. I'll
see if I can find an unregistered version in the office and try it
out.

Regards,

Mike Watson
--
Denison Mayes Group

1998\03\25@154541 by Eric Smith

flavicon
face
Leon Heller <EraseMEleonspamspamspamBeGoneLFHELLER.DEMON.CO.UK> wrote about PGP:
> It's so secure that Phil Zimmerman, who wrote it, got into trouble with
> the FBI, for exporting munitions.

It is true that PGP is very secure (*), but your statement doesn't support the
claim.  In the US it is possible to get in trouble for exporting any
cryptographic software using a key longer than 40 bits.  It doesn't matter how
secure the cryptography is; it could be a really bad algorithm with a 5000 bit
key, or a really good one with a 41 bit key.  But even in the latter case, a
brute force attack is reasonably fast and inexpensive.

Cheers,
Eric

(*) There's no proof that the cyrptographic algorithms used in PGP are
secure.  However, there is no publicly known method for attacking it that
is significantly better than a brute force attack.  It is possible (but
unlikely) that better methods exist but are being kept secret.

1998\03\26@060613 by Andy Kunz

flavicon
face
>(*) There's no proof that the cyrptographic algorithms used in PGP are
>secure.  However, there is no publicly known method for attacking it that
>is significantly better than a brute force attack.  It is possible (but
>unlikely) that better methods exist but are being kept secret.

As in all security areas, the ILLUSION of security is what sells it.
Lehigh University cracked RSA several years ago during summer break.  I
believe it was a brute-force attack, because they used all the X boxes on
campus to do it.

The fact that the gov't is pushing so hard for a known back door for police
leads me to believe that there is a generic solution that exists but they
wish for hostiles to feel it's 100% and therefore have all our enemies
using our key.  Pretty slick.

Andy


==================================================================
                    Andy Kunz - Montana Design
         Go fast, turn right, and keep the wet side down!
==================================================================

1998\03\26@070454 by n/a

flavicon
face
Peter Neubert wrote:
>
> Hi All
>
> We are curently doing a software project for a customer and we are working
> On-Site, we have however reason to suspect that some people are trying to
> enter our computers when we are not there (once 1 pc had been opened and not
> closed well etc)(Paranoid ? who me :-)
>
> What we are looking for is some kind of nice simple utility to encrypt our
> project directories with source code when we are off-site
>
> If anyone knows about such a product - preferably shareware, freeware :-)
> with a nice tight 128/64  bit encryption it would be great

You can use PGP, use the 2048 bit setting (you could use a higher
setting)
but remember not to leave you key files on the local machine. The key
files
are easier to decode. Also be wary of someone installing a keyboard
capture
routine into the PC. This would make any encryption useless!

--
Neil Cherry     http://home.att.net/~ncherry    RemoveMEncherryKILLspamspamworldnet.att.net

1998\03\26@092054 by Peter Neubert

flavicon
face
Thanks for all the replys regarding encryption

I have not yet evaluated PGP but i will get around to do it soon as everyone
seems to favor this program - for now we have settled for a free utility I
got off the Ziff Davis site (http://www.zdnet.com) it uses a 160 bit encryption key
and its very easy to use, its called Cryptext and work with the explorer so
to encrypt or decrypt a file or director simply right-click and select
encrypt, enter password and Voila

I think its great and so far I am happy with it, it can also be downloaded
from
http://www.pcug.org.au/~njpayne at the authors webpage


Regards

Peter Neubert

1998\03\26@112055 by Richard Nowak

picon face
I would like to get more data on this one.  Every so often someone claims to
have cracked RSA but in every case I've heard of the claim was false.

The problem is to show mathematically how to factor a *very* large pseudo
prime number into its two prime factors.  This is the part I want to see.

A billion computers working in parallel to do it once is not a crack.  If in
fact it was accomplished it was either because the primes were
insufficiently large or the guy was very lucky.

Rich

At 06:00 AM 3/26/98 -0500, you wrote:
{Quote hidden}

=========================================
= Abolish the Income Tax! Fire the IRS! =
= http://www.nrst.org/                  =
=========================================
=========================================
= Here's a site that wants your views   =
= http://www.not4irs.org/               =
=========================================

1998\03\26@124121 by Brian Schousek

picon face
-----Original Message-----
From: Richard Nowak <nowakSTOPspamspamspam_OUTEARTHLINK.NET>
To: spamBeGonePICLISTSTOPspamspamEraseMEMITVMA.MIT.EDU <KILLspamPICLISTspamBeGonespamMITVMA.MIT.EDU>
Date: Thursday, March 26, 1998 11:20 AM
Subject: Re: Encryption - OT
<snip>>The problem is to show mathematically how to factor a *very* large
pseudo
>prime number into its two prime factors.  This is the part I want to see.
<snip>

what exactly is a pseudo prime number???? :-)

1998\03\26@125204 by Sean Breheny

face picon face
At 08:18 AM 3/26/98 -0800, you wrote:
>I would like to get more data on this one.  Every so often someone claims to
>have cracked RSA but in every case I've heard of the claim was false.
>
>The problem is to show mathematically how to factor a *very* large pseudo
>prime number into its two prime factors.  This is the part I want to see.
>
>A billion computers working in parallel to do it once is not a crack.  If in
>fact it was accomplished it was either because the primes were
>insufficiently large or the guy was very lucky.
>
>Rich

RSA is a private key system, right? Therefore, it does not rely on large
prime numbers, does it? I think maybe you are getting confused with public
key systems (such as PGP). Well, a BILLION computers working at once is not
quite a legit. crack, but if it can be done by say 1000 pentiums in a
month, then a few AS400s or a couple of Crays could probably do it in a few
days, then I'd be scared.

Sean



+--------------------------------+
| Sean Breheny                   |
| Amateur Radio Callsign: KA3YXM |
| Electrical Engineering Student |
+--------------------------------+
Fight injustice, please look at
http://homepages.enterprise.net/toolan/joanandrews/

Personal page: http://www.people.cornell.edu/pages/shb7
EraseMEshb7spamEraseMEcornell.edu
Phone(USA): (607) 253-0315

1998\03\26@131258 by Marco DI LEO

flavicon
face
> RSA is a private key system, right? Therefore, it does not rely on large
> prime numbers, does it? I think maybe you are getting confused with public
> key systems (such as PGP).

Er...
Actually RSA is a PUBLIC key system.

Quoted from the "Free On-Line Dictionary Of Computing" at
http://wombat.doc.ic.ac.uk/foldoc/index.html (very nice and complete):

<QUOTE>
RSA encryption

<cryptography> Is a public-key cryptosystem for both encryption and
authentication; it was invented in 1977 by Ron Rivest, Adi Shamir, and
Leonard Adleman.

It works as follows: take two large prime numbers, p and q, and find
their product n = pq; n is called the modulus. Choose a number, e, less
than n and relatively prime to (p-1)(q-1), and find its inverse, d, mod
(p-1)(q-1), which means that ed = 1 mod (p-1)(q-1); e and d are called
the public and private exponents, respectively. The public key is the
pair (n,e); the private key is d. The factors p and q must be kept
secret, or destroyed. It is difficult (presumably) to obtain the private
key d from the public key (n,e). If one could factor n into p and q,
however, then one could obtain the private key d. Thus the entire
security of RSA is predicated on the assumption that factoring is
difficult; an easy method for factoring large prime numbers would break
RSA.
</QUOTE>

In fact, generally PGP uses IDEA to encrypt the data and RSA to protect
the random key used for the IDEA session.

Ciao
  Marco

----
Marco DI LEO                  email: @spam@m.dileo@spam@spamspam_OUTsistinf.it
Sistemi Informativi S.p.A.    tel:   +39 6 50292 300
V. Elio Vittorini, 129        fax:   +39 6 5015991
I-00144 Roma
Italy

1998\03\26@131907 by Sean Breheny

face picon face
At 07:11 PM 3/26/98 +0100, you wrote:
>> RSA is a private key system, right? Therefore, it does not rely on large
>> prime numbers, does it? I think maybe you are getting confused with public
>> key systems (such as PGP).
>
>Er...
>Actually RSA is a PUBLIC key system.
>
>Quoted from the "Free On-Line Dictionary Of Computing" at
>http://wombat.doc.ic.ac.uk/foldoc/index.html (very nice and complete):
>
><QUOTE>
>RSA encryption


<Smacks himself on the face> Sorry, of course, you are right. In fact, I
just finished writing some code for a very basic RSA implementation a
couple of weeks ago. For some unknown reason, I thought you said DES,
instead of RSA. I should think about enagaing my brain before my mouth (or
hands on keyboard, in this case).

Sean

+--------------------------------+
| Sean Breheny                   |
| Amateur Radio Callsign: KA3YXM |
| Electrical Engineering Student |
+--------------------------------+
Fight injustice, please look at
http://homepages.enterprise.net/toolan/joanandrews/

Personal page: http://www.people.cornell.edu/pages/shb7
spamBeGoneshb7spamKILLspamcornell.edu
Phone(USA): (607) 253-0315

1998\03\26@133357 by Mike Keitz

picon face
On Thu, 26 Mar 1998 12:49:47 -0500 Sean Breheny <.....shb7spam_OUTspamCORNELL.EDU>
writes:

>RSA is a private key system, right? Therefore, it does not rely on
>large
>prime numbers, does it? I think maybe you are getting confused with
>public
>key systems (such as PGP).

PGP uses two types of encryption.  RSA (the big prime number system) is
used to manage the public keys.  It takes a lot of computation to
implement RSA, thus it would be slow to encrypt/decrypt a whole file with
RSA.  Therefore, PGP uses another fast but presumed-secure encryption,
IDEA (I think a system developed in Europe and similar to DES, etc.) is
used to actually encrypt the message.  When you encrypt a message to send
with a public key, PGP generates a random number for the IDEA key and
uses it to encrypt the message.  The random IDEA key, encrypted using RSA
with the public key, is sent along with the message.  The intended
receiver of the message, having the corresponding private key, can use
RSA to decrypt the IDEA key and then use this key to decrypt the message.

There are thus two ways to crack a PGP message: crack the RSA to
determine the random IDEA key used for this particular message, or crack
the IDEA encryption of the message itself directly.  Both are assumed to
become progressively more "impossible" as more key bits are used.

Using PGP in "conventional encryption" mode, such as to encrypt files on
a local disk, only IDEA encryption is done.  This isn't any less secure
since if it's possible to crack an IDEA message, a RSA/IDEA message could
also be cracked the same way.

Lots more information of this sort can be found in the document files
that come with the PGP package.


_____________________________________________________________________
You don't need to buy Internet access to use free Internet e-mail.
Get completely free e-mail from Juno at http://www.juno.com
Or call Juno at (800) 654-JUNO [654-5866]

1998\03\26@144814 by John Halleck

flavicon
face
On Thu, 26 Mar 1998, Andy Kunz wrote:

> >(*) There's no proof that the cyrptographic algorithms used in PGP are
> >secure.  However, there is no publicly known method for attacking it that
> >is significantly better than a brute force attack.  It is possible (but
> >unlikely) that better methods exist but are being kept secret.
>
> As in all security areas, the ILLUSION of security is what sells it.
> Lehigh University cracked RSA several years ago during summer break.  I

 I can't find anybody at Lehigh that knows about this,
 who is your contact for this information?

{Quote hidden}

1998\03\26@150529 by John Halleck

flavicon
face
On Thu, 26 Mar 1998, Marco DI LEO wrote:

> In fact, generally PGP uses IDEA to encrypt the data and RSA to protect
> the random key used for the IDEA session.

 Older versions of PGP do.
 Newer versions prefer IDEA and Duffie-Hillman keys.
 (Since the patent has expired on them and not on RSA)

1998\03\26@153148 by Roger Books

flavicon
face
John Halleck wrote:
> On Thu, 26 Mar 1998, Andy Kunz wrote:
>
> > >(*) There's no proof that the cyrptographic algorithms used in PGP are
> > >secure.  However, there is no publicly known method for attacking it
> > >that is significantly better than a brute force attack.  It is possible
> > >(but unlikely) that better methods exist but are being kept secret.
> >
> > As in all security areas, the ILLUSION of security is what sells it.
> > Lehigh University cracked RSA several years ago during summer break.  I
>
>   I can't find anybody at Lehigh that knows about this,
>   who is your contact for this information?
>

Could he be confusing this with the recent brute force crack of 48 bit
DES?

Oh, and as to the question about a psuedo primes, there are several quick
tests that can verify wether a large number is prime (since attempting to
factor a large number can be extrememly time consuming.)  Unfortunately
they aren't perfect, so it is possible for a non-prime to slip through
the verification procedure.  My understanding is this is extremely rare.

Roger

1998\03\26@155132 by n M. Ranguelov

flavicon
face
Peter Neubert wrote:
>
> Hi All
>
> We are curently doing a software project for a customer and we are working
> On-Site, we have however reason to suspect that some people are trying to
> enter our computers when we are not there (once 1 pc had been opened and not
> closed well etc)(Paranoid ? who me :-)
>

The Question is not if we art paranoid, but are we paranoid enough !


> What we are looking for is some kind of nice simple utility to encrypt our
> project directories with source code when we are off-site
>


You can encrypt the directory every time you leave your
rooms and decrypt it when working again.
You can use use tar, zip or arj to pack all files into one and then
encrypt it with PGP. The PGP programm has an option for symetric
encryption (IIRC triple DES or IDEA )  of files, not the usual
public key algo for sending e-mails. There are 2 versions of
PGP, one for USA & Canada, and one 'international' Version for the
rest of the World. The Software is free for personal use, there are
comercial Versions also avaible. Lock at :

http://www.pgpi.com
or
http://www.ifi.uio.no/pgp/ for details.

Lock for the older Versions 2.6.x
There is a newer Version 5.0, but i am not sure if it suports
symerical encryption only.

DON'T (!) use the Password Options of ZIP, ARJ ... packers !
There are tools avaible on the Internet for cracking this
passwords and once don't need to be a h*acker to use them.

Be sure you have deleted and overwritten the original data.

The PGP manual can give you many good advices on security,
cryptography and privacy, not only about PGP. Read it !

A second option is to use the Security file System from :

http://www.cs.auckland.ac.nz/~pgut001/sfs.html

Or simply search for sfs or Secure File System.

There the whole paritition is encrypted and stored on
your hard drive. After entering the password files are
decrypted and encrypted on the fly. It should be transparent
to the user and apears as a normal file system.

The last version of the device drivers is some months old and
i dont know, if it wolud work with modern OS like Windows 95.


> If anyone knows about such a product - preferably shareware, freeware :-)
> with a nice tight 128/64  bit encryption it would be great
>


There are also other Options to increase security:

Sombody mentioned storing sensible data on a ZIP drive.
Sound very eazy !

If you only want to restrict acess to the PCs, using a BIOS
password is also suitable. I have seen PC cases where you
can use a padlock for preventing opening. It woudn't help
against burglar.


On my hompage i have colected some general Links
about privacy and cryptography at :

http://www.informatik.hu-berlin.de/~ranguelo/list.html#Hack

Maybe they are also usefull to you.



Hope, this helps a bit.
St.

1998\03\26@155539 by Richard Nowak

picon face
From webster:
pseudo - closely or deceptively similar to a specified thing.

prime number - an integer that can be evenly divided by no other whole
number than itself.

So prime numbers would go thusly: 1, 2, 3, 5, 7, 11 ...

A pseudo prime number would be one that is deceptively similar to a prime
number if it could be divided evenly by say two other integers besides
itself such as 15, 21, 33, 35 ...

Admittedly, this isn't very interesting, but if you had a very large number,
say 3000 digits and beyond, you would *expect* that it could be divided by
many different integers, especially if we knew it were not prime.

The interesting part of all this is that it is an easy task to generate a
prime number, even very large ones.  Now if we multiply these two numbers
together we get another big number although it is not prime, it is very
deceptively close to one (since we just created it by multiplying two
numbers together albeit 2 very large primes).

Now comes the hard part.  Factoring this very large pseudo prime number is
very difficult and most attempts are reduced to the use of brute force
techniques.  Even with modern day computers working together full time it
could take as long as the earth itself has been in existence to accomplish
the task.

Our government doesn't like us having secrets.  That's why it has classified
encryption schemes as munitions.  It tried to stop pgp and if it weren't for
it getting out in a very broad way early on it may have been stopped and its
author thrown in jail.  It was touch-and-go for awhile.  As it is, the
number of digits allowed in a key will be dictated by our government's
ability to crack any message in a reasonable time frame using brute force
techniques.

So in a sense, Andy's point is well taken, and we can safely say that our
government hasn't given us anything for which we haven't paid.

Even so I would not advise wearing a T-shirt having the RSA Perl script
imprinted on it if you plan on traveling abroad.

Rich

At 12:36 PM 3/26/98 -0500, you wrote:
>{Original Message removed}

1998\03\26@161604 by Leon Heller

flavicon
picon face
In message <019401bd58dd$b4fe18d0$0a0a0a0a@gateway>, Brian Schousek
<TakeThisOuTschousek.....spamTakeThisOuTGEOCITIES.COM> writes
>{Original Message removed}

1998\03\26@172744 by John Halleck

flavicon
face
On Thu, 26 Mar 1998, Leon Heller wrote:

> >what exactly is a pseudo prime number???? :-)
>
> A pseudo-prime number is one generated by an algorithm.

 Well, no.
 The prime number sive we all learned in grade school
 is an algorithm... and it produces only primes and not
 just psudo-primes.

 A psudo-prime is one generated by a probabilistic algorithm that
 *might* generate a non-prime (albeit with low probability).

 For most of them one can determine the probablity,
 and can make it small by many iterations.  For example
 one commercial package considers a possible failure
 rate of 1 / (2**128)  to be an acceptable rate of
 non-primes.

1998\03\26@173344 by paulb

flavicon
face
Bob Fehrenbach wrote:

>  PGP (Pretty Good Privacy) is readily available.  In addition to its
> public key encryption it will do conventional encryption.

 I understand it is more correct to say that it will do Public Key
Encryption in addition to "conventional".  Apparently it performs PKE
not on the target file, but on a symmetric encryption key used to
encrypt the target file, then sends the "conventionally" encrypted file
plus the PKE-encrypted "conventional" key.  Why?  The PKE is very slow.

>  And it's free!

 Now that's the best point!

 Cheers,
       Paul B.

1998\03\26@182725 by David Lions

picon face
Andy Kunz wrote:

> As in all security areas, the ILLUSION of security is what sells it.
> Lehigh University cracked RSA several years ago during summer break.  I
> believe it was a brute-force attack, because they used all the X boxes on
> campus to do it.
>
> The fact that the gov't is pushing so hard for a known back door for police
> leads me to believe that there is a generic solution that exists but they
> wish for hostiles to feel it's 100% and therefore have all our enemies
> using our key.  Pretty slick.
>
> Andy
>
> ==================================================================
>                      Andy Kunz - Montana Design
>           Go fast, turn right, and keep the wet side down!
> ==================================================================


What about these computers the USA government is building for "nuclear
testing".
Like the one Intel built with about 9000 Pentium Pro's (I forget exact
details).  I read about IBM winning a contract recently to build another
big computer, successor to Deep Blue or something, for the USA govt.
(They must have some mean games of chess in the pentagon!)

Might they be using these to crack encrypted data (in their lunch break,
when not cracking atoms, or playing chess)?

<insert twilight zone theme music here>

Also, if they know a back door, then the illusion will be lost after
their first prosecution, because it will be public and everyone will
figure out how the government got the evidence, unless they make an
excuse for that too.

1998\03\26@194228 by William Chops Westfield

face picon face
I thought there was a widely publicized case a couple of years ago where
someone "broke" a RSA challenge encryption puzzle.  Since this used RSA
with many fewer bits that are used in a typical commercial implementation,
it was viewed as "interesting but of little consequence", since the
difficulty of the problem goes up exponentially (well, more than linearly)
with the number of bits in the key...

BillW

1998\03\27@005518 by Martin Darwin

flavicon
face
At 04:41 PM 3/26/98 -0800, you wrote:
>I thought there was a widely publicized case a couple of years ago where
>someone "broke" a RSA challenge encryption puzzle.  Since this used RSA
>with many fewer bits that are used in a typical commercial implementation,
>it was viewed as "interesting but of little consequence", since the
>difficulty of the problem goes up exponentially (well, more than linearly)
>with the number of bits in the key...

Well currently they are trying to break RSA-64 for one case. I.e. given an
encrypted sequence get the message back.


http://www.distributed.net/rc5/

What Are We Up To? RC5-64 here we come!

In order to try to beat the current RSA Secret-Key Challenge, many
people on the net have been using their computer's idle processing time
to help crack the code. This will require testing at most 2^64 keys to
determine the correct one. We are working on the contest on the RSA
Contest Page with the identifier RC5-32/12/8 (the fifth from the top).

From http://rc5stats.distributed.net/

Total blocks to search:    68719476736
Total blocks checked:   421022125
Keyspace Exhausted:    0.6127%
Total keys checked:      113017 Trillion
Time Working:              155 days
Overall Rate:                 8493962 kkeys/sec

RC5-56 fell at about 50% of the keyspace (about 250 days)
DES-1 fell at about 25% of the keyspace.

MD
--
Martin Darwin    a.k.a Rambo [CtF]  -- Play QUAKE!!
TakeThisOuTmartinKILLspamspamspamdavin.ottawa.on.ca       -  4th year Computer Engineering
http://www.davin.ottawa.on.ca/~martin  University of Ottawa
Clan CtF - http://ctf.clanworld.com

1998\03\27@095247 by Robert McAtee

flavicon
face
Amen Rich! Let's see the beef! I sincerely doubt the gestopo has ever
cracked a large key PGP message let alone some college kids...==Mac==

At 08:18 AM 3/26/98 -0800, you wrote:
{Quote hidden}

1998\03\27@102928 by Giorgio Alboni

flavicon
face
At 11.59 25/03/98 +0300, you wrote:
>Hi All
>
>We are curently doing a software project for a customer and we are working
>On-Site, we have however reason to suspect that some people are trying to
>enter our computers when we are not there (once 1 pc had been opened and not
>closed well etc)(Paranoid ? who me :-)
>
>What we are looking for is some kind of nice simple utility to encrypt our
>project directories with source code when we are off-site
>
>If anyone knows about such a product - preferably shareware, freeware :-)
>with a nice tight 128/64  bit encryption it would be great
>
>TIA
>
>Peter Neubert
>Mauritius
>
>

A small table that can clean up some dubious on crack time:

                | Budget  | Instrument |  40 Bit Key  | 56 Bit Key     |
-----------------|---------|------------|--------------|----------------|
simple Hacker    |  none   |    PC      |  1 week      | intractable    |
                |  400 $  |   FPGA     |  5 hours     | 38 years       |
-----------------|---------|------------|--------------|----------------|
Small company    | 10000 $ |   FPGA     |  12 min.     | 556 day (5 K$) |
-----------------|---------|------------|--------------|----------------|
Middle company   | 300 K$  |   FPGA     |  24 sec.     | 19 day (5 K$)  |
                |         |   ASIC     |  0,18 sec.   | 3 hours (38 $) |
-----------------|---------|------------|--------------|----------------|
Big Company      | 10 M$   |   FPGA     |  0,7 sec.    | 13 hours (5 K$)|
                |         |   ASIC     |  5 msec.     | 6 min. (38 $)  |
-----------------|---------|------------|--------------|----------------|
Government       | 300 M$  |    ASIC    |  0,2 ms      | 12 s           |
-----------------|---------|------------|--------------|----------------|

USE ALWAYS >=128 bit keys with a good algorithm (triple-DES, IDEA, SHA,
...) for symmetric key algorithm.
USE ALWAYS >=2048 bit keys with pubblic key algorithm (ex. RSA).



===================================================
Alboni Giorgio
Faenza (Ra) ITALY
E-Mail: .....rac1337spamRemoveMEracine.ravenna.it

www.geocities.com/SiliconValley/Heights/5444
(Last Update: 15/03/1998)
===================================================

1998\03\27@114608 by ck \The Notes Guy\ Dickinson

flavicon
face
On Thu, 26 Mar 1998 13:04:29 -0700, you wrote:

>On Thu, 26 Mar 1998, Marco DI LEO wrote:
>
>> In fact, generally PGP uses IDEA to encrypt the data and RSA to protect
>> the random key used for the IDEA session.
>
>  Older versions of PGP do.
>  Newer versions prefer IDEA and Duffie-Hillman keys.
>  (Since the patent has expired on them and not on RSA)

Diffie-Hellman is not an encryption standard.  It is a protocol for
secure authentication over insecure channels, and it is designed to
eliminate the possibility of man-in-the-middle (aka "bucket brigade")
attacks.

- Rick "I do messaging security for a living" Dickinson

   Enterprise ArchiTechs     | Views expressed on topics unrelated
 http://www.eArchiTechs.com  | to messaging are not those of my
NoSpam eMail:RemoveMErtdspamspamBeGonenotesguy.com | company, and may not even be mine.

1998\03\27@115019 by John Halleck

flavicon
face
On Thu, 26 Mar 1998, William Chops Westfield wrote:

> I thought there was a widely publicized case a couple of years ago where
> someone "broke" a RSA challenge encryption puzzle.  Since this used RSA

 Yep.  As I pointed out before   http://www.rsa.com/
 covers that in detail.

> with many fewer bits that are used in a typical commercial implementation,
> it was viewed as "interesting but of little consequence", since the
> difficulty of the problem goes up exponentially (well, more than linearly)
> with the number of bits in the key...
>
> BillW
>

1998\03\30@203842 by Eric Smith

flavicon
face
Andy Kunz <spamBeGonemontana@spam@spamspam_OUTFAST.NET> wrote:
> Lehigh University cracked RSA several years ago during summer break.  I

Of course, this is "cracked" only in the sense that they recovered a single
secret key though the use of an extraordinary amount of computing power.
It is not "cracked" in the sense that someone discovered a particularly
easy way to recover keys or decrypt messages without having the keys.

> The fact that the gov't is pushing so hard for a known back door for police
> leads me to believe that there is a generic solution that exists but they
> wish for hostiles to feel it's 100% and therefore have all our enemies
> using our key.  Pretty slick.

It seems to be generally believed that the NSA and other such agencies may
have discovered tricks to reduce the computation needed to brute-force
RSA by a small degree.  I don't think anyone but conspiracy theorists
really believe that the NSA has made any tremendous breakthroughs in
factoring large numbers or computing discrete logs, although no one has
actually proven that there aren't efficient ways to do so.

ObPIC:  the Scenix SX running at 50 MHz can actually run DES fast enough
to be useful.  When I implemented it on the Microchip PIC16F84 it was faster
than the implementation in Microchip's application note, but still too
slow for use in my intended application.  Too bad the Scenix SX doesn't
have enough RAM for practical use with the RSA or Diffie-Hellman
cryptosystems.

Eric

1998\03\30@205334 by Eric Smith

flavicon
face
> I have not yet evaluated PGP but i will get around to do it soon as everyone
> seems to favor this program - for now we have settled for a free utility I
> got off the Ziff Davis site (http://www.zdnet.com) it uses a 160 bit encryption key
> and its very easy to use, its called Cryptext and work with the explorer so
> to encrypt or decrypt a file or director simply right-click and select
> encrypt, enter password and Voila

I don't know anything about Cryptext.  Howver, I would not depend on any
piece of cryptographic software unless source code is available and it has
been subjected to a substantial amount of public review.  PGP passes both
criteria; most cryptographic software fails both.

Just because software uses a 160 bit key doesn't make it secure.  I've seen
software use a 1024 bit key with a bad algorithm, which is completely
insecure.  Also, even with a large key length and a good algorithm, it is
still possible to build a weak cryptographic protocol, and this has in fact
happened countless times.

See "Applied Cryptography Second Edition" by Bruce Schneier:
       http://www.counterpane.com/applied.html

His web site also contains two good essays, "Why Cryptography is Harder than
it Looks":
       http://www.counterpane.com/whycrypto.html

and "Security Pitfalls in Cryptography":
       http://www.counterpane.com/pitfalls.html

Cheers,
Eric

More... (looser matching)
- Last day of these posts
- In 1998 , 1999 only
- Today
- New search...