Re: DSA for encryption

[Bennett Haselton <bennett@peacefire.org>]

At 06:25 AM 12/8/98 +0100, Anonymous wrote:
>>Of course, any manufacturer of Internet censorship proxy server software
>>could easily add ians.ml.org to their list of blocked sites (as they have
>>all already done with Anonymizer), so the idea would be for people to get
>>their friends to set up port-forwarding programs on computers that were not
>>blocked by the censoring proxy, and those could be set up to relay requests
>>between the IANS server and the computer behind the proxy server.
>
>It may not be so easy to get people to set up port-forwarding programs.
>These could be a target for hackers seeking to cover their tracks as they
>try break-ins.

The ports would only forward Web-based traffic, so an attack would have to
be carried out over HTTP.  The phf exploit is a notorious example; the IANS
was modified early to specifically prevent it from being used for phf
exploits.  But most other attacks cannot be done just with a Web browser as
far as I know.

One additional option would be to distribute port-forwarding programs that
keep logs of traffic.  The standard port-forwarding program for Windows
which we plan on recommending, Portpipe, does not do this, but we might
write our own version that does.

>Also, how many people in this day of commercial ISPs are
>able to set up port-forwarding programs?

Portpipe can be set up in thirty seconds on a Windows machine.  What you
need though is a machine that is connected more or less permanently to the
Internet.

>It would seem more promising to make your web page script be simple
>and portable enough that even users of AOL and free webpage hosts like
>GeoCities would be able to install it.

The problem with having lots of people run a copy of IANS is not that it
couldn't be made easy to install, but in many cases it might not be even
possible to install.  Low-end Web page accounts do not allow the running of
CGI scripts on the Web server.

>>I am working on a JavaScript form that could be used on the client side to
>>solve this problem.  We would like to use DSA to encrypt the requests sent
>>using IANS, since I've heard DSA can be used for encryption without
>>royalties, unlike, for example, RSA.
[...]
>What you want to do is to use the mathematical principle behind DSA, which
>is the difficulty of solving the discrete log problem, and use an encryption
>algorithm which relies on that same math problem, namely Diffie-Hellman or
>ElGamal encryption.
[...]
>If you need more information about what the various values mean, or how
>to create a DSA and/or ElGamal key, just ask.

Thanks!  Some people had already pointed out to me that ElGamal would be an
ideal choice, and was probably what I had in mind when I was looking for "a
version of DSA that can be used for encryption".

I'll follow the outline of the ElGamal algorithm given at
	http://www1.shore.net/~ws/Extras/Security-Notes/lectures/publickey.html

and the outline given in _Applied Cryptography_ unless you have another
recommendation.

>Really, ElGamal is simple enough that if you have access to a large-number
>math package, writing your own is probably easier than trying to get DSA
>to do it.  It is unlikely that you will find a DSA implementation which
>allows you to specify all the needed parameters above, particularly h
>and k.  Usually h is forgotten after key generation and not used during
>signature, and implementions will probably want to choose k themselves
>since it is a very sensitive parameter.

I will probably have to write my own large-number package for JavaScript in
order to implement ElGamal.  You've given me enough to get started though,
thanks!  (If I have any more questions, I'll have to post them to the list
since you're using the re-mailer :-)  but maybe the list population will
find this interesting anyway.)

	-Bennett

bennett@peacefire.org    (615) 421 5432    http://www.peacefire.org