[comp.sys.mac] ENCRYPTION ...

carlile@trwrb.UUCP (Donald E. Carlile) (08/13/88)

Whatever happened to Public Key encryption? (If memory serves it was also 
refered to as RSK after the initials of its developers).

Did it turn out to take too much time or memory?  Did its developers have
a big patent problem?  Is it still viable?

Has anyone ever developed a Mac implementation?

Thanks,
Don Carlile
{ihnp4,hplabs,decvax}!trwrb!carlile

cyosta@taux01.UUCP (Yossie Silverman) (08/14/88)

In article <7596@trwrb.UUCP> carlile@trwrb.UUCP (Donald E. Carlile) writes:
.Whatever happened to Public Key encryption? (If memory serves it was also 
.refered to as RSK after the initials of its developers).
.
.Did it turn out to take too much time or memory?  Did its developers have
.a big patent problem?  Is it still viable?
.
.Has anyone ever developed a Mac implementation?
.
.Thanks,
.Don Carlile
.{ihnp4,hplabs,decvax}!trwrb!carlile

Well, there is PC implementation.  It includes encrypted disk-io, mail
and digital signatures.  It has the fastest known implementation of RSE
(note, not RSK) in the world (according to its developers).  I don't think
you  will find it in the stores as no government that I know of is willing
to allow a non-decryptable (by them) code into the public hand, especially
the progressive American government, but mine (the Israeli) as well.  I don't
think they ever bothered to do a port to the Mac, no comercial value.  The
algorithms of RSE are quite simple to master, but they require some very 
heavy number crunching and thus, on any current CPU, heavy optimizing.  The
developers claimed to have a set of very very fast large number math package.
If you want more information, please mail me directely, I will forward
further information.  An anacdote:  When IBM first came out with the DES
(Data Encryption Standard) idea, they had a key with 128 bits (well, 112).
The US Govt did some heavy thinking and decided that their computers (circa
1970) couldn't crack a cypher in a resonable amount of time and decreed that
the key should be 64 (well, 56) bits long.  As a result, today, anyone at
home can crack a DES cypher on his mac with a days worth of CPU.  (Your
bank card has your "secret" number encoded in it with DES, concider someone
stealing it and decoding the number...).  And you expect the Govt to okey the
use of PKE by the general public, heh!
-- 
Yossie Silverman                                   What did the Caspian sea?
National Semiconductor Ltd. (Israel)				- Saki
UUCP: taux01!yossie@nsc.UUCP
NSA LSD FBI KGB PCP CIA MOSAD NUCLEAR MI5 SPY ASSASSINATE SDI -- OOCLAY ITAY

tedj@hpcilzb.HP.COM (Ted Johnson) (08/16/88)

>.Whatever happened to Public Key encryption? (If memory serves it was also 
>.refered to as RSK after the initials of its developers).
>
>you  will find it in the stores as no government that I know of is willing
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>to allow a non-decryptable (by them) code into the public hand, especially
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>the progressive American government, but mine (the Israeli) as well.  I don't

The new version of Ted Nelson's Computer Lib/Dream Machines book (pages 164-
167) say this also.  Supposedly the government is trying to suppress the
details of the RSA (Rivest, Shamir, Adleman) code, because they can't
break it.

From the above book (reprinted w/out permission):

"As Rivest, Shamir and Adleman were preparing to send out the paper,
they received a notification that they had better not.  The order came
from an official of the National Security Agency, J.A. Meyer.

Now everything hit the fan.

It seemed clear to a lot of people that the government (and the Spooks
to boot) were attempting to THWART FOREVER any hope of privacy and 
freedom in the future.

People sprang into action.  Already a few copies of the paper by Rivest,
Shamir and Adleman had been handed out; brave souls throughout the
country got busy duplicating these, and sending them out to whomever
they thought might care.  Hundreds of researchers and concerned computerfolk
got plain brown envelopes in which the details of the RSA code (for
Rivest, Shamir and Adleman) were explained.

Rivest, Shamir and Adleman did not get into trouble; and because that cat
was already out of the bag, the government backed off, and allowed the
paper to be published.  But THEREAFTER, under a "gentlemen's agreement",
all articles on codes have been checked with government agents, and
published only with permission.

So basically nobody in the academic world can publish articles on codes
any more, and a spook from the NSA attends every session on Number Theory
at mathematical meetings."


Does anyone have a copy of this paper?  Please send me e-mail...!

Thanks!

-Ted

engber@speedy.cs.wisc.edu (Mike Engber) (08/17/88)

The original RSA article is in the 1978 CACM pp 120-126. It is a very good
article an surprisingly easy to read. Reading the article should be enough
for most programmers to understand how it works and how to implement it (it
was for me) However, really understanding why it works requires some number
theory (which I don't pretend to have)

I implemented it for a course last semester and I'd be glad to email the
source to anyone who wants it. There is one catch: I wrote it in Common Lisp
(specifically Allegro Common Lisp, but it should run under any Common Lisp,
I've also tested it under KCL) I used Lisp because it allows integers to
be of arbitrary size (like 200 digits).

The code is by no means a commercial encryption package (and I make no
warranties about it) If you want to use this you're going to have to
know Lisp, the more you know, the better you'll understand what's going
on, but a novice should be able to run it. Reading the paper will also
help in understanding it (I used the papers naming conventions for my
variables), but again, a novice can still figure out enough to run it
without the paper.

I'll also throw in some very large prime numbers (50 & 100 digits).
You'll need to use these numbers in forming your keys.  The larger
the prime, the more secure your key.

But wait, there's more. If you order now I'll throw in, at no extra charge,
an implementation of the Solovay & Strassen prime test algorithm which will
allow you to find very large primes right in your own home. In fact, this
versetile algorithm will let you take all those spare numbers you have
lying around the home and test them for primality to whatever accuracy you
desire (it's a probabalistic test).

So you get:
 -functions to encrypt/decrypt a string using RSA
 -functions to encrypt/decrypt a text file RSA
 -some 50 and 100 digit primes
 -the Solovay & Strassen prime test
 -sorry, you don't get the steak knives
All for the low low price of $0.00

Send your check or money order to: engber@speedy.cs.wisc.edu

-ME

dlt@csuna.UUCP (Dave Thompson) (08/18/88)

In article <870215@hpcilzb.HP.COM> tedj@hpcilzb.HP.COM (Ted Johnson) writes:
>Does anyone have a copy of this paper?  Please send me e-mail...!

I also would be interested in a copy of this paper.

-- 
Dave Thompson		     uucp:   {ihnp4|hplabs|psivax}!csun!csuna!dlt
CSUN Computer Center         phone:  (818) 885-2790
18111 Nordhoff Street, Northridge, CA 91330

gae@osupyr.mast.ohio-state.edu (Gerald Edgar) (08/18/88)

In article <6149@spool.cs.wisc.edu> engber@speedy.cs.wisc.edu (Mike Engber) writes:
>The original RSA article is in the 1978 CACM pp 120-126. It is a very good
>article an surprisingly easy to read. Reading the article should be enough
>for most programmers to understand how it works and how to implement it (it
>was for me)

Isn't it true that the RSA paper does not specify the exact sizes to use:
(the examples in the paper are much too small to keep anyone from
factoring them).  So as a consequence, every implementor has done it
differently?

How about it if all Mac people agree to use Mr. Engber's choices for this?
(I haven't seen them yet.  Are they big enough to resist factorization for
the next few years, at the rate the factoring technology is growing?)
How about all of you publicizing your keys, so we can really try it out?
-- 
  Gerald A. Edgar                               TS1871@OHSTVMA.bitnet
  Department of Mathematics                     gae@osupyr.mast.ohio-state.edu
  The Ohio State University                     gae@osupyr.UUCP
  Columbus, OH 43210                            70715,1324  CompuServe

engber@speedy.cs.wisc.edu (Mike Engber) (08/19/88)

The response to my offer of free source has been pretty overwhelming. I
found the secret to making it big in software - the right price.

In article <786@osupyr.mast.ohio-state.edu> gae@osupyr.mast.ohio-state.edu.UUCP (Gerald Edgar) writes:
>Isn't it true that the RSA paper does not specify the exact sizes to use:
>(the examples in the paper are much too small to keep anyone from
>factoring them).  So as a consequence, every implementor has done it
>differently?
>
>How about it if all Mac people agree to use Mr. Engber's choices for this?
>(I haven't seen them yet.  Are they big enough to resist factorization for
>the next few years, at the rate the factoring technology is growing?)
>How about all of you publicizing your keys, so we can really try it out?

This question seems to arise from a misunderstanding of the algorithm. The
user can pick any key size he wants - the example in the article uses small
primes to keep it managable. The only reason I can see for an implementor
to fix the key size is if his integer arithmetic only works for integers
up to a certain size - any decent implementation will find that longint is
way too small (maybe good enough for a demo)

Now my implementation is totally versatile with respect to key size (through
the magic of Lisp) However large keys slow it down. I've never tested it with
p & q bigger that 100 digits. My prime tester (key finder) will also let you
search for primes of any size you want (again, large ones slow you down) This
should keep everyone happy and in principle if machines get faster so they
can factor faster then Lisp will run faster and you can use larger numbers.
Now if someones solves factoring problem itself, we're all sunk.

I think the article suggested p & q of 100 digits each, but someone
told me that today 200 digits it a safer bet if you think the NSA is
going to take a crack at you. In any case, it'll take a pretty awesome
computer to factor a 100 digit number. I don't know what you can do on
PC (does anyone?)

There are a couple of other point I'd like to make:
1) RSA is an unforgiving algorthm. If you mess up (like p or q isn't
   prime) it'll encrypt your message fine, but it won't decrypt it.
   This is nice for testing purposes.
2) If anyone dove into my code you'll realize there is one place where
   it is especially inefficient. I use the function ldb (and it's inverse)
   to change individual bytes in an integer. This is a non-destructive
   function meaning I end up making a lot of copies of a large integer
   in the process of constructing it. This probably adds a tremendous
   garbage collection overhead. If anyone knows a way around this,
   please let me know.
3) If anyone finds it useful, maybe we can find someone who owns the
   Allegro stand alone code generator and turn this into an application.

4) I'm mailing the people the file as text (200-300 lines) because I
   expect a lot of them will use it on another machine and not want to
   hassle with downloading it unstuffing it and uploading it.

Please, no flames about moving this the cryptology newsgroup. That group
is way over my head.

-ME

fmodwyer@cs.tcd.ie (Frank O'Dwyer , ext. 1695) (08/19/88)

In article <886@taux01.UUCP>, cyosta@taux01.UUCP (Yossie Silverman) writes:

> It includes encrypted disk-io, mail
> and digital signatures.  It has the fastest known implementation of RSE
> (note, not RSK) in the world (according to its developers).  

How fast?  With what keylength?  

(b.t.w. I presume it's RSA you mean.  Stands for Rivest, Shamir, and
Adleman!)

> As a result, today, anyone at
> home can crack a DES cypher on his mac with a days worth of CPU.  	

What?  I may have missed something but unless there is a method
for breaking DES *without* an trying each and every key, then anyone at
home would have to be capable of generating and testing 8.3e+11 keys a second
to break DES in a day.
My humble DES implementation can do about 15 keys a second.  I would die
of old age before I cracked DES.

Diffie and Hellman have suggested that DES can be cracked in about 20 hrs
by using 1,000,000 DES devices in parallel.... Cost $20 m to $200m.
Not within reach of 'anyone at home'.

Unless you know a method which does not rely on exhaustive key search....

lim@cit-vax.Caltech.Edu (Kian-Tat Lim) (08/19/88)

One of the things from sci.crypt that people with/requesting this source code
may be interested in is that the RSA cryptosystem is patented.  Although an
algorithm cannot be patented, MIT has patented just about every application of
the algorithm to cryptography.  This patent has been assigned to RSA Data
Security, Inc., whose address and telephone number are given in a recent
message in sci.crypt.  Any implementation of the RSA method is likely to be an
infringement of the patent, and rumor has it that the patent holders are
vigorously protecting it.

I am not a lawyer or patent attorney; the information in this article is my
personal understanding of a number of recent postings on sci.crypt.

--
Kian-Tat Lim, ktl@wagvax.caltech.edu, KTL @ CITCHEM.BITNET, GEnie: K.LIM1

lemke@Apple.COM (Steve Lemke) (08/22/88)

In article <8736@cs.tcd.ie> fmodwyer@cs.tcd.ie (Frank O'Dwyer , ext. 1695) writes:
>Diffie and Hellman have suggested that DES can be cracked in about 20 hrs
>by using 1,000,000 DES devices in parallel.... Cost $20 m to $200m.
>Not within reach of 'anyone at home'.
>
>Unless you know a method which does not rely on exhaustive key search....

Have you guys ever heard of "sci.crypt"??  It's an interesting group, and it
sounds as if this conversation would be a good candidate to move over there...

			===== Steve Lemke =====
Internet (?): lemke@apple.com    UUCP: {sun,voder,nsc,decwrl}!apple!lemke
   AppleLink: LEMKE             GEnie:  S.Lemke
All opinions are, of course, mine, and could never belong to anyone else!

borton@uva.UUCP (Chris Borton) (08/22/88)

I just thought I'd add a note about the gov't suppressing nifty encryption
algorithms that I found amusing/sad.

The data encryptor included with DataFrame hard drives distributed in the U.S.
uses one such fancy encryption technique; therefore, the U.S. Gov't has for-
bidden them to distribute it overseas.  This was the answer my Dutch friend
finally traced down, after much ado, about why that program was not included
in the package he got.

Somewhat laughable, I think, given the ease of e-mail or a disk in the mail...

-cbb
-- 
Chris Borton	borton%uva@mcvax.{nl,bitnet,uucp} 
(oops, that's rather flakey right now: use borton%uva@hasara5.bitnet)
Rotary Scholar, University of Amsterdam CS

dillon@CORY.BERKELEY.EDU (Matt Dillon) (08/23/88)

:I just thought I'd add a note about the gov't suppressing nifty encryption
:algorithms that I found amusing/sad.
:
:The data encryptor included with DataFrame hard drives distributed in the U.S.
:uses one such fancy encryption technique; therefore, the U.S. Gov't has for-
:bidden them to distribute it overseas.  This was the answer my Dutch friend
:finally traced down, after much ado, about why that program was not included
:in the package he got.

	There has got to be something more to it than that.  For instance,
DataFrame might not have invented the cryptography algorithm they were
marketting and the copyright/patent got in the way.  Other for instances 
include 'sensitive' hardware.  However, any reasonably smart 10th grader
could write up the DES or an enhanced DES in a day or two.

:Somewhat laughable, I think, given the ease of e-mail or a disk in the mail...

	Very easy... I do it all the time.  9 out of 10 times the post office
doesn't even want a customs stamp on it, and even when they do, it just means
the package will not (usually) be openned.

					-Matt

david@jc3b21.UUCP (David Quarles) (02/18/89)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

I would like to find PD or SHAREWARE that can encrypt or password
protect my folders and documents.

I purchased Copy ][ Mac (noone should be without it) and it is loaded !!
BUT, there is no password or encryption in this one.  A file can be made
invisible but this is not enough.

I almost purchased PC TOOLS Deluxe, but unless I'm wrong, the only
significant difference between these two is the encryption capability of
'PC TOOLS'.  I frankly didn't want to spend up to an additional $80 for 
file encryption or password protection.

I am hoping there is shareware available to do this. (I'd rather pay them
anyway.)

Please post or EMAIL (preferred as our UNIX system purges the news right
before I logon ...

Thanks for any help.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Dave =-=-=-=-=-=-=-=-=-=-= EOT