Path: news.mitre.org!blanket.mitre.org!agate!awabi.library.ucla.edu!128.230.129.106!news.maxwell.syr.edu!news-peer.sprintlink.net!news-sea-19.sprintlink.net!news-in-west.sprintlink.net!news.sprintlink.net!Sprint!166.82.1.9!ralph.vnet.net!not-for-mail From: nospam@synernet.com ( Ed Stone) Newsgroups: alt.security,alt.security.pgp,comp.security.pgp.discuss,talk.politics.crypto Subject: Re: IP: Gilmore publishes Strong Authentication Code Date: Tue, 23 Dec 1997 21:58:29 -0500 Organization: Vnet Internet Access, Inc. Lines: 70 Message-ID: References: NNTP-Posting-Host: 166.82.194.182 X-Newsreader: Anawave Gravity v2.00.779 Xref: news.mitre.org alt.security:48845 alt.security.pgp:86226 comp.security.pgp.discuss:11471 talk.politics.crypto:28281 In article of Wed, 24 Dec 1997 01:28:57 GMT, wb8foz@netcom.com says... > > From: David Farber > Subject: IP: Gilmore Publishes Strong Crypto Code Online for > Authentication > > > Strong Crypto Code Published Online for Authentication > > San Francisco, December 23, 1997 - Civil libertarian John Gilmore > today published strong authentication source code on the Internet, > making it available for worldwide access, despite U.S. National > Security Agency attempts to restrict such software. The position of the US Government (as written law) HAS been that authentication source code and binaries are freely exportable. They have alleged that only software that can make content secure and unreadable except to the intended recipient is to be restricted, while software for authentication is not to be restricted. For the government to restrict communications that it cannot read, it will have to attack authentication software as well. Let me describe an obvious and trivial means of accomplishing strong symmetric crypto with a simple message digest (one-way hash) software (such as SHA-1, MD5, etc.) which are the current cores of fundamental authentication schemes. You and your communicant (Alice) agree in secure channels as to a key. The key should be used one and only one time. The key is optimally a couple thousand bytes of random data, but could be a high-quality passphrase. You want to send a message to Alice. 1. you take the key file, and create a message digest (using, for example, MD5 message digest), resulting in 128 bits. This will be the first segment of a "one time pad" 2. now you take the first 128 bits (16 bytes) of the plaintext, and XOR it against the 128 bits of message digest. This is your first 16 bytes of cipher text. 3. Next you take those first 16 bytes of plain text, append it to the key and create the next message digest (128 bits) on that. This is your second 16 bytes of "one time pad" 4. XOR the second 16 bytes of your plaintext against the second message digest, creating the next 16 bytes of cipher text. 5. Continue until all plaintext has been enciphered. The recipient needs only the key (or passphrase), knowledge of the method, which need not be kept secret, and MD5 and the ability to XOR, in order to reverse the process and get the plaintext. The key may be much shorter than the plaintext. It helps if the first 16 bytes of plaintext are gibberish/upper/lower/punctuation/numbers. (This provides better than 2.4 x 10^114 possibilities for your first 16 bytes on most keyboards. [7.8 x 10^94 years at one trillion tries per second]) Knowledge of the method is not helpful. Knowledge of the MD5 algorithm is not helpful. Knowledge of the first 16 bytes of the plaintext is only that, and does not help substantially gaining the rest. Thus, a message digest that provides certain collision resistance can serve as the core of a strong symmetrical cipher. For this reason, if the government wishes to impair strong crypto, it may have to impair strong authentication. To impair both, in behalf of "security", should be a hoot. We will be lockless (or others will have copies of our "keys") and blindfolded, in order to be safe. -- ------------------------------- Ed Stone estone@synernet-robin.com remove "-birdname" spam avoider -------------------------------