Cryptography-Digest Digest #197, Volume #9 Sun, 7 Mar 99 05:13:06 EST
Contents:
Re: British Crypto Fascists (wtshaw)
Re: Doing It Right: The Next Chip Controversy (wtshaw)
Re: Scramdisk - paranoia ("Dr G.C.Braddock")
Re: Entropy and Crypto-Grade Randomness (Michael Sierchio)
Re: British Crypto Fascists ("hapticz")
Re: Random Generator ("Douglas A. Gwyn")
Yarrow ("David Barton")
Scramdisk lockups, more test data (Jeff Millar)
Re: What's so-called random oracle model? (D. J. Bernstein)
Re: Quantum Computation and Cryptography (Henry Lewsal)
ElGamal vs RSA ("F. Arndt")
Re: ElGamal vs RSA (DJohn37050)
Re: AES and Intellectual Property issues ([EMAIL PROTECTED])
--- sci.crypt charter: read before you post (weekly notice) (D. J. Bernstein)
Client-server encryption key negotiation...? (Paul Pedriana)
Re: Think you're good at cracking code? Crack This! (Paul Pedriana)
Re: Think you're good at cracking code? Crack This! ("Douglas A. Gwyn")
checksum algorithm ? (Alex)
Re: XOR (Medical Electronics Lab)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: British Crypto Fascists
Date: Sat, 06 Mar 1999 14:28:01 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> THE Government was accused yesterday of rushing
> through legislation that could allow it unprecedented
> powers to access and decrypt any person's private e-mail,
> inspect digital communications, and investigate data
> stored on their computers.
>
To do something obscurely is a means of extending privacy to the action;
to do something semiprivately that should done in full view and honor,
like pass laws, in circumventomg honest debate show themselves for who
they really are through their own dishonesty and demeaning methods.
Those who want to railroad sneaky legislation should be reminded of the
ultimate fates of many who have undone whole societies to their tragic
end, which is always predictable.
--
Truth is whole in the least of its parts.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Doing It Right: The Next Chip Controversy
Date: Sat, 06 Mar 1999 14:45:32 -0600
In article <[EMAIL PROTECTED]>, "John Enright"
<[EMAIL PROTECTED]> wrote:
> You've overlooked one very important detail. Let me give you this scenario:
> I'm an upright computer user who pays for all of my software (like most
> people). Now I decide that I need to upgrade my machine. Under your
> scheme, I can't simply reinstall all of my software on the new computer.
> And don't tell me about a long, painful reinstall process in order to move
> the software. I don't think the public is going to stand for this. Tying
> software to a particular machine is a *VERY BAD* idea, IMO.
A computer system, the technical equipment that allows you to do various
things, is made of many machines, parts, cpu's, displays, wire, etc. In
that all of them are linked, at least occasionally, they are all part of
your one system, usually found at one place, but not always, and usually
commanded by one person, or family, or group of friends.
Third party restictions on what you do with your equipment, the parts of
your system, simply are not apt to be welcomed, or functionally valid.
But, if you are a formal manufacturer, better not remanufacture and
transfer goods to points outside of your own system; everything else is
private.
It is in the best interests of everyone to get software from as original a
source as possible, like the original manufacturer. When you commercially
buy something, you have bought that vital link. You probably did not have
to specify a specific target platform and combination of parts attached
therewith before you purchased the software, so who's business is it how
you use it for yourself if you need to repair or replace one of the parts
to your system?
>
> Still, the flipside is how to make sure that the software companies aren't
> pirated out of business? I think that if it's difficult enough for most
> people, then business will remain good, and prices won't be too bloated to
> compensate for piracy.
>
> Just as I'm sure you're not a big fan of the government controlling what you
> can & can't encrypt, the public will only swallow so much in the control of
> the software they purchase. Too much control is always rejected by the
> public.
--
Truth is whole in the least of its parts.
------------------------------
From: "Dr G.C.Braddock" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Scramdisk - paranoia
Date: Sat, 6 Mar 1999 23:41:57 -0000
Oohh that should be good!
Regards Dave,
Dr Braddock - sp00ky!
,
/\
(oo)
/__\
00
Dave Howe wrote in message <[EMAIL PROTECTED]>...
:In our last episode (<alt.security.pgp>[Fri, 5 Mar 1999 09:27:48
:-0000]), "sp00ky" <[EMAIL PROTECTED]> said :
:>What does Sternlicht know about Scramdisk anyway?
:Oh, haven't you heard? He's going to do a major and critical review of
:it, at some unspecified future time :+)
:--== Dave (is at) hawkswing.demon.coDOTuk ==--
------------------------------
From: Michael Sierchio <[EMAIL PROTECTED]>
Subject: Re: Entropy and Crypto-Grade Randomness
Date: Sat, 06 Mar 1999 16:29:25 -0800
Reply-To: [EMAIL PROTECTED]
"Douglas A. Gwyn" wrote:
> I never heard of Champernonwe, and a web search turned up no
> references. =
Knauer made a scrivener's error. Try 'Champernowne' and see
http://www.astro.virginia.edu/~eww6n/math/ChampernowneConstant.html
The Champernowne Constant is the number, expressed
in base 10 by concatenating consecutive integers, thusly
0.1234567891011...
> Numbers don't have "entropy", so I suppose you're
> referring to the sequence of digits in its decimal expansion.
> If it is an interesting number, that would probably be infinite.
It's transcendental, man...
> I think this whole line of discussion has marginal relevance.
"Wenn ich 'gelegentliche' h=F6re, erreiche ich f=FCr meinen Revolver."
------------------------------
From: "hapticz" <[EMAIL PROTECTED]>
Subject: Re: British Crypto Fascists
Date: Sat, 6 Mar 1999 19:45:32 -0500
all right!, sounds like a "turf war" !!!!! right back to ground zero in
evolutionary scheme!
i still say virii will be the last surviving organism(s) on this wretched
little planet!
--
best regards
[EMAIL PROTECTED]
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Random Generator
Date: Sat, 06 Mar 1999 22:46:17 GMT
Gerben Dirksen wrote:
> Does anyone here know a good way of generating (pseudo) random numbers?
Donald Knuth, "The Art of Computer Programming, Vol. 2 --
Seminumerical Algorithms" (chapter 3).
------------------------------
From: "David Barton" <[EMAIL PROTECTED]>
Subject: Yarrow
Date: Sun, 7 Mar 1999 02:01:27 -0000
Is there a paper on Yarrow describing it in detail other than the
implementation available from Counterpane. I'm not a C programmer so I'm not
too keen on trying to disect C code to figure out how it works (the
details).
Thanks
Dave
------------------------------
From: [EMAIL PROTECTED] (Jeff Millar)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Scramdisk lockups, more test data
Date: Sun, 07 Mar 1999 02:44:02 GMT
Reply-To: [EMAIL PROTECTED]
I booted W98 into safe mode to try scramdisk in a simpler environment.
The mount command worked to the extent that one of the folders changed
it's icon...I've not gotten that far before. But, at the first click
on the folder, the machine locked up hard.
looking for ideas....
jeff
------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Subject: Re: What's so-called random oracle model?
Date: 6 Mar 1999 19:24:44 GMT
The Rabin-Williams signature system, for example, is parametrized by a
hash function H.
If the signer's public key is too small then an attacker can factor it
and forge signatures. This works for any function H; the attacker merely
needs to be able to evaluate H upon his forged messages.
Conversely, one can prove that any _generic_ attack against this system
is as difficult as factoring. More precisely:
If the attacker, given an oracle for H, can forge signatures with
probability e _averaged over all possible functions H_, then the
attacker can factor the public key in about the same time with
probability about e/2.
But this says nothing about the security of any particular function H.
It's trivial to write down examples of H for which forgeries are easy,
even if factoring is difficult. Perhaps every easily computed hash
function is insecure.
On the other hand, for various functions H constructed in simple ways
from (e.g.) Snefru-8, nobody has been able to break this system.
---Dan
------------------------------
From: Henry Lewsal <[EMAIL PROTECTED]>
Subject: Re: Quantum Computation and Cryptography
Date: Sat, 06 Mar 1999 07:49:36 -1000
R. Knauer wrote:
>
> On Fri, 05 Mar 1999 20:46:02 -1000, Henry Lewsal <[EMAIL PROTECTED]>
> wrote:
>
> >Until reversible NAND gates are invented and demonstrated, I doubt
> >the general purpose capabilities of quantum computers. I hope someone
> >will show us who has built them, and not just a rumor, I want facts.
>
> Try "Explorations In Quantum Computing" by Colin Williams and Scott
> Clearwater.
>
> Bob Knauer
Thank you for the rumor about something that might be related to
the issue. If you have a copy of that book, would you please paraphrase
what material was used to make the reversible quantum NAND gate?
Please give a short description of its speed, size, cost, temperature,
apparatus, and if it is just a theory. I have heard plenty of
statements that such NAND gates are possible, that equations have
been written, but these are just rumors. If this NAND gate was
fabricated into a material object, give some facts about it, do not
just post a book title, which may not give the desired details
and facts. Time machines, zero point energy, perpetual motion schemes,
and anti-gravity engines have book titles, too. But I do not take on
faith that they are practical, either.
------------------------------
From: "F. Arndt" <[EMAIL PROTECTED]>
Subject: ElGamal vs RSA
Date: Sat, 06 Mar 1999 23:15:08 -0200
A novice question: Is it generally accepted that the ElGamal is much
less secure than the RSA for comparable key lengths?
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: ElGamal vs RSA
Date: 7 Mar 1999 04:42:47 GMT
ElGamal is based on the (normal) discrete logarithm problem, RSA is based on
the integer factorization problem. Most people think that the discrete log
problem is slightly harder, but they are considered equivalent for most
purposed. For example, ANSI X9 mandates that RSA and DSA (revision) keys be at
least 1024 bits long. For ECDSA, keys must be at least 161 bits long.
Don Johnson
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AES and Intellectual Property issues
Date: Sat, 06 Mar 1999 16:50:52 GMT
In article <7bnojl$rf0$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> I just got this message from NIST's Edward Roback. There seems to
> be a possibility that the AES contest could be endangered by
> claims of intellectual property rights on competing algorithms.
> Unfortunately some of the stronger candidates seem to be the less
> enlightened ones in this matter. (...)
Hours after NIST's original message, RSA's Matthew Robshaw sent the
clarification copied bellow. It seems that RSA's position on the Intellectual
Property issue will be quite positive and I think this is good news indeed.
From: Matthew Robshaw
To: Edward Roback
Cc: <long list>
Subject: clarification on AES IP statement
Date: Thu, 4 Mar 1999 14:17:53 -0800
Hi Ed,
Thank you for providing the summary of responses to your informal question
about IP. I think there might have been some confusion over the position of
RSA DSI.
Our response to your query was:
============================
=====Original Message=====
From: Yiqun Yin
Sent: Monday, December 14, 1998 5:01 PM
To: 'Edward Roback'
Cc: Yiqun Yin
Subject: RE: AES Intellectual Property Question
Dear Ed --
Regarding your question:
Are you willing to waive any intellectual property rights you may
have on any party who makes, uses, or sells implementations of the selected
AES algorithm(s) (no matter which algorithm is selected)
To provide sufficient time to consider any patent issues, and since NIST's
request concerns patent issues that may involve other submitters, RSA Data
Security's corporate counsel has requested an extension until early 1999 at
which time a formal response will be provided. Counsel has also requested
that this issue be formally raised in correspondence sent to the appropriate
officers of the company, as well as the other companies and organizations
involved in the AES selection process.
Please let me know if you have any further questions.
Sincerely,
Yiqun Lisa Yin, Ph.D.
Senior Research Scientist
============================
I think this is more accurately classified as "can't say" rather than "no".
Over the last weeks we have been having internal discussions on this very
topic and our position at the forthcoming AES conference will be that of
"Yes, clarified" .
I hope this helps.
Best wishes,
Matt Robshaw
================ Original text ends here ================
http://www.tecapro.com
email: [EMAIL PROTECTED]
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Crossposted-To: talk.politics.crypto
Subject: --- sci.crypt charter: read before you post (weekly notice)
Date: 7 Mar 1999 06:00:38 GMT
sci.crypt Different methods of data en/decryption.
sci.crypt.research Cryptography, cryptanalysis, and related issues.
talk.politics.crypto The relation between cryptography and government.
The Cryptography FAQ is posted to sci.crypt and talk.politics.crypto
every three weeks. You should read it before posting to either group.
A common myth is that sci.crypt is USENET's catch-all crypto newsgroup.
It is not. It is reserved for discussion of the _science_ of cryptology,
including cryptography, cryptanalysis, and related topics such as
one-way hash functions.
Use talk.politics.crypto for the _politics_ of cryptography, including
Clipper, Digital Telephony, NSA, RSADSI, the distribution of RC4, and
export controls.
What if you want to post an article which is neither pure science nor
pure politics? Go for talk.politics.crypto. Political discussions are
naturally free-ranging, and can easily include scientific articles. But
sci.crypt is much more limited: it has no room for politics.
It's appropriate to post (or at least cross-post) Clipper discussions to
alt.privacy.clipper, which should become talk.politics.crypto.clipper at
some point.
There are now several PGP newsgroups. Try comp.security.pgp.resources if
you want to find PGP, c.s.pgp.tech if you want to set it up and use it,
and c.s.pgp.discuss for other PGP-related questions.
Questions about microfilm and smuggling and other non-cryptographic
``spy stuff'' don't belong in sci.crypt. Try alt.security.
Other relevant newsgroups: misc.legal.computing, comp.org.eff.talk,
comp.org.cpsr.talk, alt.politics.org.nsa, comp.patents, sci.math,
comp.compression, comp.security.misc.
Here's the sci.crypt.research charter: ``The discussion of cryptography,
cryptanalysis, and related issues, in a more civilised environment than
is currently provided by sci.crypt.'' If you want to submit something to
the moderators, try [EMAIL PROTECTED]
---Dan
------------------------------
From: [EMAIL PROTECTED] (Paul Pedriana)
Subject: Client-server encryption key negotiation...?
Date: Sun, 07 Mar 1999 07:27:25 GMT
Reply-To: [EMAIL PROTECTED]
Say you have a client and server on a network and they
want to start a secure communication between each other.
It makes sense to me that the client and server can
communicate with encrypted data to prevent others from
reading the communications.
The problem is that the client and server need to set
up a key to use for encryption/decryption. How can they
agree on a key in a secure way. It seems that if the
server merely sends the key, a packet sniffer can
easily obtain it.
How do you do this kind of client server secure communications?
Paul
------------------------------
From: [EMAIL PROTECTED] (Paul Pedriana)
Subject: Re: Think you're good at cracking code? Crack This!
Date: Sun, 07 Mar 1999 07:01:32 GMT
Reply-To: [EMAIL PROTECTED]
The message below assumes I understand the description you give, which
may not be the case.
A basic problem with this kind of encryption is that even though the
user may enter an encryption string of many characters, the algorithm
allows a hacker to really only need to guess the first few characters
of the key, because by trying combinations of just a few characters,
obvious decrypted text will start to appear right away.
Paul
>Here's the general rundown of how it works. 1. The user enters an
>encryption phrase. 2. This phrase, no matter what length, is converted into
>numbers (1-96) for each letter. 3. The value of each letter of the document
>to be scrambled (each having been given the value of 1-96 depending on the
>letter) is added to the value of the first value of the encryption phrase.
>Then to the second, then to the third, and so on until the end of the
>encryption code is reached. 4. Any values over 96 are scrolled around back
>to 1. ie. n = 126 n = n - 96 therefore n = 30 5. The new values of the
>encryption code are then used for the next letter in the document.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Think you're good at cracking code? Crack This!
Date: Sun, 07 Mar 1999 07:57:57 GMT
Paul Pedriana wrote:
> A basic problem with this kind of encryption is that even though the
> user may enter an encryption string of many characters, the algorithm
> allows a hacker to really only need to guess the first few characters
> of the key, because by trying combinations of just a few characters,
> obvious decrypted text will start to appear right away.
The description wasn't perfectly clear to me either, but it seems
to amount to a very simple version of autokey. Your attack works,
and there are other more sophisticated methods that would defeat any
small modifications to the method, such as using a more general
enciphering "alphabet".
------------------------------
From: Alex <[EMAIL PROTECTED]>
Subject: checksum algorithm ?
Date: Sun, 07 Mar 1999 19:36:32 +1000
hi,
i am just mucking around making a sercret key encryption program and i
was wondering where i could find some checksum algorithms to choose from
?
basically i need an algorithm which generates a single positive integer
(32 bit) from an array of positive integers (32 bit). this array can be
of any length.
if any of you have spare time to check out my program (currently without
a checksum function) its at http://www.thepentagon.com/gee.k
i have no idea how good the program is, cuz i admit i know nothing about
cryptography except for the fact that the aim is to make it very very
very hard to crack cuz i know that no algorithm is uncrackable. the
program description i have at the site is very poor right now i will
updated it when i finish all my assignments !
alex
[EMAIL PROTECTED]
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: XOR
Date: Mon, 01 Mar 1999 12:23:19 -0600
alex wrote:
> Why we need to use XOR to do the encryption process? Any other
> operations that are better than XOR?
You don't "need" it, it's just very useful. Think of xor as
addition over polynomials in GF(2^n). Other operations which
are very useful are AND, OR, and SHIFT. The basic things that
computers do very well :-)
Patience, persistence, truth,
Dr. mike
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
