Mailing List Archive

Hi,

Ron Echeverri:
> How soon till we see this in GPG? :-)
>
Is there an URL for her idea, or (better :-) her code?

NB: speaking of GPG additions, has somebody written IDEA and/or RSA modules
for it? (Yes I do know it's heretical and all, but I really do want to use
GPG to verify Netnews cancel messages, and they're sent with oldstyle PGP
signatures...)

--
Matthias Urlichs | noris network GmbH | smurf@noris.de | ICQ: 20193661
The quote was selected randomly. Really. | http://www.noris.de/~smurf/
--
In seeking the unattainable, simplicity only gets in the way.
-- Epigrams in Programming, ACM SIGPLAN Sept. 1982

Matthias Urlichs writes:
NB: speaking of GPG additions, has somebody written IDEA and/or RSA modules
for it? (Yes I do know it's heretical and all, but I really do want to use
GPG to verify Netnews cancel messages, and they're sent with oldstyle PGP
signatures...)

There is an RSA module, but unfortunately it seems to be illegal to
use in the USA (and even more so in a US Gov't facility, i'd wager
:-p ).

rone
--
Ron Echeverri Numerical Aerospace Simulation Facility
DSS/Usenet Administrator NASA Ames Research Center
Sterling Software Mountain View, CA
<rone@nas.nasa.gov> x42771

On Thu, Jan 14, 1999 at 11:51:19PM +0100, Matthias Urlichs wrote:
> Hi,
>
> Ron Echeverri:
> > How soon till we see this in GPG? :-)
> >
> Is there an URL for her idea, or (better :-) her code?
>
> NB: speaking of GPG additions, has somebody written IDEA and/or RSA modules
> for it? (Yes I do know it's heretical and all, but I really do want to use
> GPG to verify Netnews cancel messages, and they're sent with oldstyle PGP
> signatures...)

Yep. rsa.c and idea.c are buried on the ftp site. Since you're not in
the US, you should be fine with RSA. The IDEA patent would still apply,
but they haven't seemed as weird about it as RSADSI is (and you don't
really need it to just verify).

--
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster

Matthias Urlichs wrote:
>
> Hi,
>
> Ron Echeverri:
> > How soon till we see this in GPG? :-)

Probably a LONG time, or never.
A. We don't know if anyone competent has even seen it yet.
B. It may end up getting patented, if she listens to the "judges"'
urgings, although it seems that she wants it to be PD.
C. It'll have to go through LOTS of peer review and the test of time
before it's decided that it's a suitable replacement.
D. There is no pressing reason to replace Elgamal and DSA.

> Is there an URL for her idea, or (better :-) her code?

Look at Slashdot and the links therein. No, you won't find the code, OR
the algorithm. Just that it's based on "matrices" (how quaint, it must be
secure). Maybe I'm cynical... It *would* be cool if it ended up being "all
that" and it was released to the public domain. It's just that the press
really likes to make headlines... (The 12-year-old kid who "solved the
year 2000 problem" what have you). And we all know how savvy the press is
about technical issues...

> NB: speaking of GPG additions, has somebody written IDEA and/or RSA modules
> for it? (Yes I do know it's heretical and all, but I really do want to use
> GPG to verify Netnews cancel messages, and they're sent with oldstyle PGP
> signatures...)

I think, yes. But I can't tell you about them because I don't use them. I
believe you can download modules from the main repository...

Nate

On Thu, 14 Jan 1999, Matthias Urlichs wrote:

> NB: speaking of GPG additions, has somebody written IDEA and/or RSA modules
> for it? (Yes I do know it's heretical and all, but I really do want to use
> GPG to verify Netnews cancel messages, and they're sent with oldstyle PGP
> signatures...)

See <URL:http://www.d.shuttle.de/isil/gnupg/crypto.html>. I'm not aware
if usage in the USA is allowed, but everything I hear seems to point to it
not being a problem outside of .us. The sample code seems usable.

IANAL, of course.

BTW, if this isn't offtopic, has anyone been able to create signatures
using GPG and those modules that pgp2 can read? I can successfully
encrypt to an RSA public key and then decrypt with pgp2, but no luck
on a verifiable signature when signing with my old RSA key.

--
<http://www.psnw.com/~posterkid/keys/> for DSA/ElG-E/RSA keys
DSA 0x0A641AA5:0B1E 37B7 ECCB FC96 B6C6 7242 0A59 F8D5 EFA9 4F81
RSA 0x4E65C321: 42 57 B3 D2 39 8E 74 C3 5E 4D AC 43 25 D2 26 D4

On Thu, Jan 14, 1999 at 03:28:06PM -0800, brian j. pardy wrote:
> BTW, if this isn't offtopic, has anyone been able to create signatures
> using GPG and those modules that pgp2 can read? I can successfully
> encrypt to an RSA public key and then decrypt with pgp2, but no luck
> on a verifiable signature when signing with my old RSA key.

Andrew Gierth has. He's been using GPG to sign Annihilator's NoCeM's
for a month or two.

<andrew@erlenstar.demon.co.uk> is his email.

--
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster

At 07:27 AM 15-01-99 +0800, Nathan Kennedy wrote:
>
>> Is there an URL for her idea, or (better :-) her code?

From the UKCrypto list that I administer. It is all that I have heard. I
hope that it is useful and that the cross posting is forgiven for those
that subscribe to both lists.

ian

>From: William Whyte <wwhyte@baltimore.ie>
>To: "'ukcrypto@maillist.ox.ac.uk'" <ukcrypto@maillist.ox.ac.uk>
>Cc: "'Michael Purser'" <michael@baltimore.ie>
>Subject: RE: IrishCrypto
>Date: Wed, 13 Jan 1999 10:00:37 -0000
>Organization: Baltimore Technologies
>X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
>Sender: owner-ukcrypto@maillist.ox.ac.uk
>Reply-To: ukcrypto@maillist.ox.ac.uk
>
>On Wednesday, January 13, 1999 8:08 AM, David Parkinson
[SMTP:dparkins@alien.bt.co.uk] wrote:
>> >From the front page of today's Times <www.the-times.co.uk>
>> As usual (technically) content free. Anyone know any
>> technical details?
>
>Yes, I do. It's based on work that Sarah did in Baltimore when
>she was here on a student work placement last March. We've been
>looking at algorithms based on 2x2 matrices for a while and
>gave her the idea to see what she could do with it.
>
>The idea we were working on was to use 2x2 matrices with entries
>modulo n, n the product of 2 primes (ie an RSA number). The
>security is therefore exactly the same as the security of an RSA key with
>the same modulus. However, the encryption and decryption processes
>require only a small number of matrix multiplications rather than
>modular exponentiation, so both public-key operations (16 multiplications
>over the finite field) and private-key operations are as fast as a
>normal RSA private-key operation (17 multiplications). The downside
>is that both the key and the ciphertext are about eight times the
>length of the modulus, rather than more-or-less the length of the
>modulus as with RSA.
>
>That was our idea, anyway. I haven't had time to look at Sarah's
>project in great detail so I don't know how far (or even whether)
>she's taken it beyond where we had it.
>
>Sarah, by the way, is level-headed enough to know that new public-key
>algorithms only made you millions if you invented them in the Seventies.
>Her real problem is trying to stop the journalists talking up the
>stupid parts of the story while still emphasising that there's a real
>story in there.
>
>Cheers,
>
>William
>
>=============================================================================
>
>William Whyte, Senior Cryptographer, Baltimore-Zergo
>
>Zergo & Baltimore Technologies merge in $55m deal !
>The new company name will be "Baltimore"
>
>See Baltimore at Stands 235 & 425
>RSA Data Security Conference, 17-21 Jan '99
>
>
>Baltimore Ltd, IFSC House, International Financial Services Centre,
>Custom House Quay, Dublin 1, Ireland.
>Tel. +353 1 605 4399 Fax. +353 1 605 4388
>Email: info@baltimore.ie
>Website http://www.baltimoreinc.com/
>Baltimore - Global e-Security
>
>
>From: William Whyte <wwhyte@baltimore.ie>
>To: "'ukcrypto@maillist.ox.ac.uk'" <ukcrypto@maillist.ox.ac.uk>
>Subject: RE: IrishCrypto
>Date: Wed, 13 Jan 1999 11:26:27 -0000
>Organization: Baltimore Technologies
>X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
>Sender: owner-ukcrypto@maillist.ox.ac.uk
>Reply-To: ukcrypto@maillist.ox.ac.uk
>
>On Wednesday, January 13, 1999 10:01 AM, William Whyte
[SMTP:wwhyte@baltimore.ie] wrote:
>
>> That was our idea, anyway. I haven't had time to look at Sarah's
>> project in great detail so I don't know how far (or even whether)
>> she's taken it beyond where we had it.
>
>(replying to own mail... this way lies madness)
>
>In fact, Sarah made substantial contributions to the development of the
>algorithm, finding a way of trading off key generation time against
>encryption time and doing a lot of work on the proof of security. It's
>very impressive.
>
>William
>

Matthias Urlichs wrote:

> Is there an URL for her idea, or (better :-) her code?


From CRYPTO-GRAM, January 15, 1999

> The press is buzzing about an Irish teenager creating a brilliant new
> public-key scheme called Cayley-Purser, supposedly much better than RSA.
> "Even when high security levels are required, her code can encrypt a letter
> in just one minute -- a widely used encryption standard called RSA would
> take 30 minutes. 'But she has also proven that her code is as secure as
> RSA,' says Dr Flannery. 'It wouldn't be worth a hat of straw if it was
> not.'" Leaving aside the incredibly quaint Irish metaphor, this is what I
> do know: The system is based on RSA, but I have not seen it. It is
> believed to be as strong as RSA, but there is no proof. The key and the
> ciphertext are about eight times the length of the modulus, rather than
> more-or-less the length of the modulus as with RSA. It is faster, but I
> don't know by how much and under what assumptions. Is this going to change
> the world, no. Might it be interesting, yes. We'll have to wait and see.
> In any case, it is cool to see serious cryptography out of a new researcher.
> http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
> http://www.msnbc.com/news/231690.asp
> http://jya.com/flannery.htm


> A free monthly newsletter providing summaries, analyses, insights, and
> commentaries on cryptography and computer security.

> Copyright (c) 1999 by Bruce Schneier

*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*-=-*
Wim Vandeputte --Comfort is Treachery--
--So pound the nails in tight--

"brian j. pardy" <posterkid@psnw.com> writes:

> BTW, if this isn't offtopic, has anyone been able to create signatures
> using GPG and those modules that pgp2 can read? I can successfully

I (nearly always check that the RSA signature on README is can be
verified with pgp (2.6.3in) and the detached sig RSA sig for the
tarball.


Werner

Matthias Urlichs <smurf@noris.de> writes:

> for it? (Yes I do know it's heretical and all, but I really do want to use
> GPG to verify Netnews cancel messages, and they're sent with oldstyle PGP
> signatures...)

It simply works. What does not work is generated of plain pgp 2.6
signature because pgp does not know about onepass signature packets.
However, you can create detached and cleartext signatures.

Verification does always work.


Werner

On Fri, 15 Jan 1999, Werner Koch wrote:

> Matthias Urlichs <smurf@noris.de> writes:
>
> > for it? (Yes I do know it's heretical and all, but I really do want to use
> > GPG to verify Netnews cancel messages, and they're sent with oldstyle PGP
> > signatures...)
>
> It simply works. What does not work is generated of plain pgp 2.6
> signature because pgp does not know about onepass signature packets.
> However, you can create detached and cleartext signatures.

Okay, this is what I was wondering about. I'll simply use detached
signatures when necessary. Everything else is indeed working
beautifully.


--
<http://www.psnw.com/~posterkid/keys/> for DSA/ElG-E/RSA keys
DSA 0x0A641AA5:0B1E 37B7 ECCB FC96 B6C6 7242 0A59 F8D5 EFA9 4F81
RSA 0x4E65C321: 42 57 B3 D2 39 8E 74 C3 5E 4D AC 43 25 D2 26 D4