Cypherpunk Gold Mine --- Hello, Mark Riordan runs ripem.msu.edu and this has some *hot* files of interest to cypherpunks. He has a very complete DES library with many versions, BigNum packages, and a *lot* of collected files from the net on a wide variety of interesting topics. Many excellent and fascinating bibliographies too. Of particular current interest -- he also has the complete current ITAR online (as I noted earlier). I'm enclosing various file lists at the end of this document. RSA-PKP patent treatise --- Also, for everyone who has ever wondered about the RSA-PKP patent claims (and there's been a recent flurry on the list): An excellent and very authoritative posting on the subject was written by G. Irlam and posted to sci.crypt, etc. on May 20 1991. His email address in the file does not appear to work anymore, but this file is so well researched I am considering turning it into a FAQ on Usenet. pub/crypt/docs/public-key-partners-patents.txt Thanks to S. Bellovin for holding on to this, sending it to me in response to a query, and to M. Riordan for very quickly sticking it on the site after I uploaded it yesterday. Registration Saturation --- But I'm writing chiefly on the following subject. H. Finney, in his first brilliant post analyzing the ITAR relative to PGP distribution, noted that D. Bernstein posted an interesting note about his trials and tribulations in attempting to `export' a cryptographic algorithm SNUFFLE on sci.crypt. All he wanted to do was *post* to the newsgroup. He has a big batch of letters in a file he posted to sci.crypt that show the interesting relationships between the Commerce and the State Departments related to the `Arms registration' involved in legal cryptographic documentation distribution. This is an *extremely* important file for anyone that wants to see what the actual process of getting approval for cryptographic distribution entails, even for simply *publishing* simple algorithms. If anyone wants to `saturate the process' as has been discussed repeatedly on this list, this is a MUST READ. D. Bernstein went through this amazingly hilarious-at-times procedure as an academic exercise in showing the world how obtuse and bizarre the actual U.S. bureacratic structures are that regulate this stuff. Here's a guy that went through the whole surreal process just to POST to SCI.CRYPT. Its MIND BOGGLING. I've also uploaded the file to soda.berkeley.edu, but I don't know if E.H. will put it online (space is apparently very tight on soda). In the meantime, the file is ripem.msu.edu:/pub/crypt/docs/shuffle-export-hassles. for the hard-core cypherpunks who drool over code and algorithms, the code itself is in ripem.msu.edu:/pub/crypt/other/snuffle.zip Note: this and other files on the site (e.g. DES code) require that you submit an application attesting to U.S. citizenship and promising not to further distribute the code. (I don't know what has happened to D. Bernstein on the net. He used to be a great dogged flamer of people like Sternlight and Silverberg, but haven't seen him lately. I suspect he's working on a new important project and hasn't time for all the noise!) Cypherpunk Awards --- Finally, I should note that M. Riordan and D. Bernstein are sci.crypt FAQ editors, but other than that I don't know much about them except that they have both been instrumental in providing some *fabulous* public services over the internet, particularly to the cryptographic community. I vote them Cypherpunks of the Month (even though they're not on the list). D. Koontz gets my vote as Cypherpunk of the Week for the *sharp* analysis that twists Clipper into something useful -- sort of Security by Exploiting Exploitation. I sure hope Mycotronx isn't listening! We might find that LEEF/IV hole patched up in the next version! (nobody sneezed at the dumpster post, so I tend to think some of this stuff goes on in a vacuum.) I've asked him to put the Clipper specs he has pored over into a more public place (scanned for FTP site?) for other scheming cypherpunks to poke at. Ripem.msu.edu File Lists --- Here are some ripem.msu.edu indexes. Don't forget, you have to register to get some of these (particularly the code). Check out file /pub/crypt/GETTING_ACCESS. Flames for including this will be ignored. ===cut=here== FTP Directory /pub/crypt/docs Parent Directory luc-algorithm.txt dss-proposal.txt tmp nist-secure-hash.txt nsa-letter.txt merkle-khufu-khafre-snefru.txt crypt-bookstores.txt crypto-history-books.txt crypt-journals.txt secure-netnews.txt getting-nist-pubs.txt factoring-bibliography.txt polygonal-pubkey-algorithm.txt rsa-conf-93 ritter-cloak.txt sci.crypt-faq.txt crc-discussion.txt blair-crypt-lesson.tex.Z public-key-overview-by-nist.txt.Z scientific-american-pgp-letter.txt rabin-algorithm.txt des-break.ps.Z golding-weak-consistency-dissertation.ps.Z password-certification-authority.ps.Z fast-random-nums.txt enigma-wiring.txt shuffle-array.txt crypt-sites.txt md5-cryptanalysis.txt crypto.bib rsa-faq.ps.Z rsa-public-key-cryptography-standards secret-sharing.txt des-validation.txt arj-encryption.txt playfair-challenge.txt luc-public-key-paper.ps.Z zero-knowledge-proofs.txt goldbug-book-dedication.txt nonlinear-combiners.txt clipper-chip.txt dss-subliminal-channels.txt nist-capstone.txt nist-dss-clipper-testimony.txt dod-pmsp-messages.txt msdos6.0-compression-calls.txt software-cryptophones.txt letters-against-clipper.txt elgamal-using-dss.txt english-trigram-frequencies.txt privacy-anonymity-faq.txt three-cryptographers-problem.txt crypto-random-num.bib kryptoknight-authentications-and-distribution.tar.Z arms-controls-phone-number.txt feal-algorithm.txt warlock-matrix-pubkey-algorithm.txt s-box-exam-question.txt rsa-nist-dsa-agreement.txt des-chip-paper-src-090.ps.Z tis-pem-faq.txt des-break-errata.txt itar-export-bibliography.txt dept-of-commerce-crypto-docs.txt sbox-overview.txt cpsr-statement.txt letter-against-nist-dsa-giveaway.txt shuffle-export-hassles.txt sbox-bibliography.txt ky-28-military-voice-encryptor.txt itar-july-93.txt williams-crc-guide.txt british-intelligence-books.txt des-key-search.ps idea-eurocrypt90.ps english-dictionary-ftp-site.txt intelligence-bibliographies.txt intelligence-journals.txt public-key-partners-patents.txt file /pub/crypt/other/CRYPT-COLLECTION.TXT =Index of Cryptology Programs =Compiled by Mark Riordan mrr@scss3.cl.msu.edu =Last updated 9 October 1992 Note: I can't seem to keep this document up-to-date, especially for the "docs" subdirectory on ripem.msu.edu. So, I have tried to create new files in the "crypt" tree with long, descriptive filenames. To find the latest on ripem.msu.edu, be sure to do an FTP rather than relying on this document. /mrr 22 Feb 93 Warning: the .zip files here were created with zip 5.0, not with pkzip.exe, and cannot be extracted with pkunzip. Get unzip.exe (also available at this site). cbw.tar.Z Robert W. Baldwin baldwin@xx.lcs.mit.edu Crypt Breaker's Workbench, circa Oct 1986. Program to help you cryptanalyze messages enciphered with the simple, obsolete program crypt(1). Reportedly used to help decipher R. T. Morris's worm (after the fact) from source code found on backup tapes at Cornell. enigma-peake.c Philip Peake (philip@axis.uucp in Paris) C program inspired by the World War II Enigma cipher machine, but the algorithm is not completely identical. enigma_2.zip Devours, et al. MS-DOS .EXE of a BASIC program that emulates the real WWII Enigma cipher machine. Unfortunately, source is not included. hill.zip John Cowan <magpie.MASA.COM!cowan> C program to implement Lester Hill's encryption scheme involving matrix arithmetic. I believe the algorithm dates to the 1920's. This code is from comp.sources.unix, Volume 17 (Feb 1989). i-hat-correlation-analysis.zip Douglas A. Gwyn <Gwyn@BRL.MIL> (Theory by many others) C code for various cryptographically useful statistical analysis functions: Kullback's information measure for a 2-way contingency table, Gamma and related functions (Poisson, Chi-squared, etc.), Pearson's Chi-squareed, etc. jones-splay-compression.zip Jeffrey Chilton, Douglas W. Jones <jones@cs.uiowa.edu> Compression/encryption program based on splay trees. C functions. linear-rng.zip William S.England (Theory by Stephen K. Park and Keith W. Miller) High-quality linear congruential random number generator. I doubt it's truly of cryptographic quality, though. In C, with instructions for adding directly into Perl. lucifer-outerbridge.c Richard Outerbridge <71755.204@CompuServe.COM> C implementation of IBM's Lucifer cipher, a predecessor of DES. Speed-optimized version of April 1984, but the algorithm is inherently slow. Includes program which implements CBC. lucifer-smith.c Jonathan M. Smith (original by Arthur Sorkin) C implementation of IBM's Lucifer cipher, a predecessor of DES. Version of March 1991. Includes main program. Pretty slow. md4dos.zip Jouko Holopainen <jhol@stekt.oulu.fi> (Theory by Ron Rivest) Fast DOS implementation of the MD4 message digest function. With DOS executable and C and 8086 assembly code. md5.zip Ronald L. Rivest, RSA Data Security rivest@theory.lcs.mit.edu Fast and popular one-way hash function in C taken from RFC 1321. Contains a test program. Version of April 1992. md5-karn.zip Phil Karn Very fast DOS 386 assembler implementation of Ron Rivest's MD5 hash function. Contains the Transform routine only (the time-consuming part). Uses Borland C. Version of February 1992. mrrcip.zip Mark Riordan <mrr@scss3.cl.msu.edu> Implementations of many classical cipher schemes (simple substitution, columnar transpostion, Playfair, "straddling checkerboard", Vigenere, and so on). Of historical interest only. Main programs all, most in C but some in FORTRAN (hey, I wrote 'em a long time ago). nsea.zip Peter C. Gutmann <pgut1@cs.aukuni.ac.nz> "Nonpatented Simple Encryption Algorithm"--actually fairly complex block cipher similar to DES. C functions and main program, with optional 8086 assembler module. In-depth description of algorithm, invented by author. okeefe_encrypt.tar.Z R. A. O'Keefe, Edinburgh. C code for a fairly simple block transposition cipher based on linear congruential random number generators. rot13.c Unknown This is the well-known "Rot-13" cipher used to obscure offensive Usenet postings. Complete C program (very short). scott-newdes.zip Robert Scott, Mark Riordan (mrr@scss3.cl.msu.edu) C implementation of NEWDES, an unfortunately-named block cipher (doesn't have much to do with DES, but probably has similar security) designed by Robert Scott and described in a 1985 issue of Cryptologia. The algorithm is fast and doesn't take much code. C functions & driver program included. setzer-trans.zip William Setzer <setzer@math.ncsu.edu> "Quick hack" C program that does transposition of 8192-byte chunks of its input, based on a random number generator. snefru2.5a.tar.Z Ralph C. Merkle (merkle@xerox.com) One-way fast hash function in C by a well-known cryptologist. C functions and test main program. Most people seem to use MD5 instead. Version of November 1990. snuffle.zip Dan Bernstein <brnstnd@nyu.edu> Encryption program which turns a secure hash function into a very good cipher. Oriented towards the Snefru hash function, which is not included here. Simple (but profound) C code. May be an old version. wpcrack.tar.Z Ron Dippold <rdippold@qualcomm.com> Programs to crack the encryption on WordPerfect 5.1 encrypted files. Source code in Borland C. --- DES implementations --- barrett-des.zip David A. Barrett <barrett@asgard.cs.colorado.edu> Fast DES implementation, with main program that works in Cipher Feedback mode. Sometimes known as "fast-des". Vintage Feb 1991. cdes-bishop.zip Matt Bishop, NASA Ames <bishop@bear.dartmouth.edu> Nice C main program/front-end to DES to implement just about every known mode of DES: ECB, CBC, CFB, OFB. Does NOT include an actual DES implementation. Includes man page. chalmers-des-1.0.tar.Z Stig Ostholm ostholm@ce.chalmers.se DES implementation with several utility programs and many useful extra functions. Runs on a variety of Unix systems. Pretty good documentation. Vintage October 1990. crypt-bsd-4.3-reno.c University of California at Berkeley This is the "crypt" password hashing function from BSD Unix. It necessarily includes an implementation of DES. Code is marked as being from 1990. I haven't tested it, but I believe it is probably quite slow. Nevertheless, it's probably in wide use. csu10des.zip Phil Karn <karn@Qualcomm.COM> (original by James Gillogly) Famous public domain DES implementation by Phil Karn of KA9Q fame. Includes C functions & main programs. This is one of the first public domain DES implementations, and many minor variations of it are floating around. This one, last modified March 1987, was posted to comp.sys.unix, Volume 10. Karn's DES is not as fast as most of the more recent DES implementations but it's a "classic". d3des.zip Richard Outerbridge <71755.204@CompuServe.COM> Fast, compact DES implementation from a longtime DES programmer. Includes optional double and triple DES encryption. C functions only; skimpy but adequate documentation. August 1992 version. desCore-2-How.tar.Z Dana How <how@isl.stanford.edu> Portable, very fast implementation of basic DES routines only. Supposedly the fastest C version around. Not so fast at key-setting (i.e., password hacking). This code was submitted to comp.sources.misc as Volume 29, Issue 80 and later updated in Volume 29, Issue 128. May 92 version. des-dist.tar.Z Antti Louko (alo@kampi.hut.fi) Fast DES implementation, with main program and C function library for arbitrary precision integer arithmetic. Also known as "alodes". Last modified September 1992, but most code seems to date from 1989. fdes5-baldwin.zip Robert W. Baldwin <BALDWIN@xx.lcs.mit.edu> Fast DES/crypt implementation in C (functions only) This seems to be 1989-vintage code. Evidently it was/is a favorite of password crackers. koontz-des.tar.Z David G. Koontz <2004ktz%ucsbuxa@hub.ucsb.edu> Fast but large DES C functions and main program. Dates to March 1991, at which time it was one of the fastest around. Good verification suite included. libdes-young-p2.tar.Z Eric Young (eay@psych.psy.uq.oz.au) This is one of the fastest DES implementations around. These C library routines are designed to replace the MIT Athena DES routines that MIT does not make available for export. Includes a main program and a test program. This is Patch level 2, from July 1992. I believe an earlier version was known as eBones. mitchell-des.zip D. P. Mitchell DES implementation in C, with minimal driver program. Version of June 1983. I don't know how fast this is. There's no documentation and the code is uncommented. pfdes.zip Stuart Levy, Minnesota Supercomputer Center Portable, fast DES implementation in C, from April 1988. Includes demo & benchmark programs. Warning: files need cleaning up (control-Z's and extra spaces in makefile). ufc-crypt-pl1.tar.Z Michael Glad, email: glad@daimi.aau.dk Ultra Fast Crypt, fast replacement for crypt(3), patchlevel 1. This comes from comp.sources.misc volume 28, issues 115-116, March 1992. allen-des486.zip Steve Allen, email: 73277.620@compuserve.com DES source (Turbo C & Assembler) & executable for MS-DOS. Requires 486 due to use of BSWAP instruction. Runs at 108KB/sec on 486-33. Includes triple-DES. Main programs as well as functions provided. June 1993.