Path: news.mitre.org!blanket.mitre.org!agate!awabi.library.ucla.edu!128.230.129.106!news.maxwell.syr.edu!news-peer.sprintlink.net!news-sea-19.sprintlink.net!news-in-west.sprintlink.net!news.sprintlink.net!Sprint!166.82.1.9!ralph.vnet.net!not-for-mail
From: nospam@synernet.com ( Ed Stone)
Newsgroups: alt.security,alt.security.pgp,comp.security.pgp.discuss,talk.politics.crypto
Subject: Re: IP: Gilmore publishes Strong Authentication Code
Date: Tue, 23 Dec 1997 21:58:29 -0500
Organization: Vnet Internet Access, Inc.
Lines: 70
Message-ID: <MPG.f0a44646258fa4d989740@news.vnet.net>
References: <wb8fozELo6sA.Iut@netcom.com>
NNTP-Posting-Host: 166.82.194.182
X-Newsreader: Anawave Gravity v2.00.779
Xref: news.mitre.org alt.security:48845 alt.security.pgp:86226 comp.security.pgp.discuss:11471 talk.politics.crypto:28281

In article <wb8fozELo6sA.Iut@netcom.com> of Wed, 24 Dec 1997 01:28:57 GMT, 
wb8foz@netcom.com says...
> 
> From: David Farber <farber@cis.upenn.edu>
> Subject: IP: Gilmore Publishes Strong Crypto Code Online for
>   Authentication
> 
> 
>       Strong Crypto Code Published Online for Authentication
> 
> San Francisco, December 23, 1997 - Civil libertarian John Gilmore
> today published strong authentication source code on the Internet,
> making it available for worldwide access, despite U.S. National
> Security Agency attempts to restrict such software.
<snip>

The position of the US Government (as written law) HAS been that 
authentication source code and binaries are freely exportable. They have 
alleged that only software that can make content secure and unreadable except 
to the intended recipient is to be restricted, while software for 
authentication is not to be restricted.

For the government to restrict communications that it cannot read, it will 
have to attack authentication software as well. Let me describe an obvious 
and trivial means of accomplishing strong symmetric crypto with a simple 
message digest (one-way hash) software (such as SHA-1, MD5, etc.) which are 
the current cores of fundamental authentication schemes.

You and your communicant (Alice) agree in secure channels as to a key. The 
key should be used one and only one time. The key is optimally a couple 
thousand bytes of random data, but could be a high-quality passphrase.

You want to send a message to Alice.
1. you take the key file, and create a message digest (using, for example, 
MD5 message digest), resulting in 128 bits. This will be the first segment of 
a "one time pad"
2. now you take the first 128 bits (16 bytes) of the plaintext, and XOR it 
against the 128 bits of message digest. This is your first 16 bytes of cipher 
text.
3. Next you take those first 16 bytes of plain text, append it to the key and  
create the next message digest (128 bits) on that. This is your second 16 
bytes of "one time pad"
4. XOR the second 16 bytes of your plaintext against the second message 
digest, creating the next 16 bytes of cipher text.
5. Continue until all plaintext has been enciphered.

The recipient needs only the key (or passphrase), knowledge of the method, 
which need not be kept secret, and MD5 and the ability to XOR, in order to 
reverse the process and get the plaintext. The key may be much shorter than 
the plaintext. It helps if the first 16 bytes of plaintext are 
gibberish/upper/lower/punctuation/numbers. (This provides better than 2.4 x 
10^114 possibilities for your first 16 bytes on most keyboards. [7.8 x 10^94 
years at one trillion tries per second])

Knowledge of the method is not helpful. Knowledge of the MD5 algorithm is not 
helpful. Knowledge of the first 16 bytes of the plaintext is only that, and 
does not help substantially gaining the rest. Thus, a message digest that 
provides certain collision resistance can serve as the core of a strong 
symmetrical cipher.

For this reason, if the government wishes to impair strong crypto, it may 
have to impair strong authentication. To impair both, in behalf of 
"security", should be a hoot. We will be lockless (or others will have 
copies of our "keys") and blindfolded, in order to be safe.
-- 
-------------------------------
Ed Stone
estone@synernet-robin.com
remove "-birdname" spam avoider
-------------------------------