[Cryptography] Population Count (POPC) instruction

William Allen Simpson william.allen.simpson at gmail.com
Thu May 20 02:30:32 EDT 2021


On 5/19/21 9:59 AM, Jerry Leichter wrote:
>> The SCOPE/Hustler operating system used the population count instruction to
>> generate a smooth diffusion curve for 1-way hashing functions.  (We didn't yet
>> have the term 1-way hashing function.)....
> The early days of one-way hash functions were based on ... not much of anything.  Mainly (a) *I* don't see how to invert it; (b) it's too complicated for anyone to invert it.
> 

Also, it was kept secret.  A lot of security by obscurity.  In the case
of SCOPE/Hustler, the source files were kept behind the only cipherlock
doors on campus.  Real money was involved.

A decade or so later, there was a security breach.  Somebody had tossed
paper printouts that were recovered by dumpster diving.


> The Princeton 360/91 back in the early 1970's added a password mechanism (similar to what you describe for the 6000 series) to the remote job (i.e., deck of cards) submission facility.  They didn't want to go through changing the record format for accounts, so they re-purposed a 3-byte field that had historically been used to contain the user's initials.  So the hashed password was 24 bits long.
> 

An advantage the CDC had was 60-bit words.  Everything (user names,
passwords, account numbers, and resultant hashing) was done on either
60-bits or 120-bits.  Odd size, but even then folks were concerned
about the length of security fields.

Today, 60 or even 120 would be considered too short.  But for that era,
that was probably good enough (certainly much better than 24-bits).

Never let us forget that 2+ decades later in the '90s we were still
using 56-bit DES, and the powers-that-be were trying to limit us to
only 40-bits.


> Some friends and I managed to get hold of the (assembler) source for the hash function and spent some time on it. [...]  You punched a card with $PASSWORD=<password> - preferably with printing turned off so that reading the password at a glance would be hard - and slipped it anywhere in the deck.  

It was rumored that Larry Kingsbury had been hired as a undergraduate
because he'd broken the original CDC password security.

An "innovation" was that the PNC used an illegal punch code in the first
columns of the card.  The card reader would kick the bad card image up
to error processing, where the actual security would happen.  No more
slipping something into somebody else's deck, or leaving off an end of
job card to suck up the next job's data.  A PNC would halt the
processing of the prior job.

Another innovation was that the hash was salted, and incorporated a
configured system-wide secret.  Enough money was involved that folks
were concerned system programmers with access to the source could be
compromised....

Much of my thinking on security originated in those 1970s efforts, as
feeble as they seem today, and made their way into Photuris.

Moreover, we were fortunate that around that time, a slim possibly
hand-stapled journal arrived at our university library: Cryptologia.

I'm not sure how widely it was available, possibly only mid-western.
In those days, it was manna from heaven.  Eventually, I got a copy of
Kahn's Codebreakers.  Still have it around somewhere.


More information about the cryptography mailing list