Cryptography-Digest Digest #201, Volume #9 Mon, 8 Mar 99 10:13:06 EST
Contents:
Re: Quantum PRNG ("Douglas A. Gwyn")
Re: Entropy and Crypto-Grade Randomness (Christopher)
Re: Quantum PRNG (Christopher)
Re: ElGamal vs RSA ([EMAIL PROTECTED])
Re: Random Generator (Matthias Meixner)
Re: Doing It Right: The Next Chip Controversy ("R H Braddam")
RC6 ([EMAIL PROTECTED])
Are there free RSA Software lib's ? (Rosenegger Josef)
Re: AES2 papers now available at NIST (Michael Deindl)
Re: Quantum PRNG (R. Knauer)
PGP keyring ("Choon")
Re: Scramdisk - paranoia ("Michel Bouissou")
Re: RC6 (Henry Lewsal)
Re: ElGamal vs RSA (DJohn37050)
Re: checksum algorithm ? (Sundial Services)
Re: PGP keyring ([EMAIL PROTECTED])
Re: Are there free RSA Software lib's ? ([EMAIL PROTECTED])
Re: Are there free RSA Software lib's ? (Rosenegger Josef)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Quantum PRNG
Date: Mon, 08 Mar 1999 08:17:16 GMT
"R. Knauer" wrote:
> ... the simulation is based on a PRNG ...
> My question is whether such simulations of quantum random number
> generation are as close as one can get to true random number
> generation from a deterministic machine.
Evidently not.
The standard cryptologic assumption is that the eavesdropper knows
all about the system you use, but not the specific key. In this
simulation, the key would be the initial state of the underlying
PRNG. The system security is thus approximately that of the PRNG.
------------------------------
From: [EMAIL PROTECTED] (Christopher)
Subject: Re: Entropy and Crypto-Grade Randomness
Date: Mon, 08 Mar 1999 03:09:23 -0500
[snipped good pad/bad pad]
|:| Finally, about a hardware TRNG, I have an idea of a circuit based
|:| on a pair of noise diodes which will produce a random *unbiased*
|:| sequence of bits at a rate about 1 Mhz. I have not modeled it yet,
|:| but the circuit appears to be very straightforward and simple. If
|:| there will be further development, I'll let you know.
|:|
|:| Respectfully BNK
IMHO that's enough, but for those who want to use radioactive decay follow
the Hotbits link from here:
http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/news-items/old-news-items/970325.RNs.html
which has instructions for making your own.
------------------------------
From: [EMAIL PROTECTED] (Christopher)
Subject: Re: Quantum PRNG
Date: Mon, 08 Mar 1999 03:22:29 -0500
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
|:| In the book "Explorations In Quantum Computing" by Colin Williams and
|:| Scott Clearwater, there is a CD-ROM which offers simulations of actual
|:| quantum computation. You get to simulate various qauntum computers,
|:| like the Feynmann computer, and do other neat quantum calculations
|:| including the factorization of (small) integers.
|:|
|:| There is also a quantum random number algorithm, but because the
|:| simulation is based on a PRNG - necessarily since your computer is a
|:| classical computer - those "random numbers" it produces are not truly
|:| random.
|:|
|:| My question is whether such simulations of quantum random number
|:| generation are as close as one can get to true random number
|:| generation from a deterministic machine. If so, what are their
|:| significance to crypto.
|:|
|:| Bob Knauer
|:|
|:|
============================================================================
|:| "The smallest minority on earth is the individual. Those who deny
individual
|:| rights cannot claim to be defenders of minorities."
|:| -- Ayn Rand
It seems to me the only thing that would make it a better choice is if
it's proven that attacking the seed is easier then studying its output.
BTW, how do the other PRNGs fit here. I've seen mention of generators
with extremely large cycles (256 bit), if only the least significant byte
of one of these is used (making 31 bytes hidden internal state) is it
probable that figuring the state from a stream is as much work as guessing
the seed?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: ElGamal vs RSA
Date: Mon, 08 Mar 1999 03:56:44 GMT
In article <7buglm$a6g$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> "F. Arndt" <[EMAIL PROTECTED]> wrote:
> > A novice question: Is it generally accepted that the ElGamal is much
> > less secure than the RSA for comparable key lengths?
>
> No. DH /Elgamal offers slightly more security per key bit than RSA.
Please. For my edification and enlightenment, define what you mean by
"slightly more". Please explain why you think the claim is true.
I have heard this remark before. While it is true, "slightly" should be
"very slightly". And the reason why is subtle. And it depends if the
field is GF(p) or GF(2^k).
I'd like to find out if anyone in this newsgroup knows the REAL reason
why solving a DL problem over Z_p is slightly harder than factoring N = st
when log(N) ~ log(p). Note that solving a DL problem over GF(2^k) where
k ~ log_2(N) is EASIER than factoring N.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Matthias Meixner)
Subject: Re: Random Generator
Date: 8 Mar 1999 08:34:04 GMT
Gerben Dirksen ([EMAIL PROTECTED]) wrote:
> Does anyone here know a good way of generating (pseudo) random numbers?
> C++ has a random generator but I'd like something better than that one.
>
Watch out for DIEHARD (it can be found somewhere in the net), which
includes several PRNGs.
--
Matthias Meixner [EMAIL PROTECTED]
------------------------------
From: "R H Braddam" <[EMAIL PROTECTED]>
Subject: Re: Doing It Right: The Next Chip Controversy
Date: Mon, 8 Mar 1999 05:03:51 -0600
Howard Goldstein wrote in message
<[EMAIL PROTECTED]>...
>On Thu, 4 Mar 1999 06:44:07 -0500, Jay
<[EMAIL PROTECTED]> wrote:
>
>Dallas Semiconductor makes (made?) a product and
matching socket sort
>of fitting with this description. A button-like
device with a 2 wire
>protocol that sent a serial number laser burned into
the "button" down
>the link. Don't recall it as having been secured in
any way...
>
Try http://www.ibutton.com/crypto.html for information
about the Crypto IButton from Dallas Semiconductior.
The button contains a 1 million transistor chip... They
have several different types of buttons, starting with
one with just a 64 bit number laser burned into a rom
(???) up to the Crypto iButton, an ID iButton on a ring
and a java button on a ring. Go to
http://www.ibutton.com for info on all the button
types. I was never much impressed with the descriptions
I had read, but after visiting their site I ordered a
tool kit containing two different buttons, software,
and connectivity adapters, a crypto button, an
additional parallel connectivity kit (parallel port
adapter and button socket), and a key fob to snap a
button into. All that at retail was only $93 so they
aren't very expensive. An iButton with just a 64 bit ID
number is less than $3.00 quantity one. The buttons
communicate over a 16.3 Kb one-wire serial link.
Programs accessing data in the button must supply a 64
bit authorization number. The Crypto iButton is
certified (for government use) under FIPS 140-1, which
is available from the iButton site.
HTH.
Rick [EMAIL PROTECTED]
Murphy's Law is the only sure thing in the universe.
------------------------------
From: [EMAIL PROTECTED]
Subject: RC6
Date: Mon, 08 Mar 1999 12:01:21 GMT
After playing with my E encoder, I decided to look at other encryption
methods. Ifound RC6. Now there are some questions I have:
1) What is the effect of lowering the rounds? Less security?
2) What is the normal size for an input key (R. Rivest suggests 32 bytes)
3) Is the only way to crack RC6 with bruteforce (like RC5)
4) And what are the possible weak keys/processes in which you could use RC6?
Now I am not all take and no give. I wrote a version of RC6 for small embeded
systems. It will work on PC's but you may have to change all 'unsigned's to
'unsigned short's. (Unless you use a 16-bit c compiler)
It's at: http://members.tripod.com/~tomstdenis/rc6.c
Thanks in advance,
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Rosenegger Josef <[EMAIL PROTECTED]>
Subject: Are there free RSA Software lib's ?
Date: 8 Mar 1999 13:21:18 GMT
Hi all,
i've to implement data encryption (Public-Key cryptography) in our companies software.
I'm going to use RSA cryptography. Question is, are the RSA sources free for companies
usage?
I heard, it's not allowed to use RSA lib's for data encryption outside US. Is this
true?
If I might use the sources, is it a hugh project to implement the sources in existing
software (ANSI-C)
Thanx for help!!
regards Josef
======================================
SZ Testsysteme AG
Josef Rosenegger, Software Development
mailto:[EMAIL PROTECTED]
http://www.sz-testsysteme.de
Phone: +49 8075 17-239
Fax: +49 8075 1588
======================================
------------------------------
From: Michael Deindl <[EMAIL PROTECTED]>
Subject: Re: AES2 papers now available at NIST
Date: 08 Mar 1999 14:46:21 +0100
>>>>> "JS" == John Savard <[EMAIL PROTECTED]> writes:
JS> 2) The key schedule, as opposed to encipherment cycles, is not always
JS> available as a target for such attacks:
[...]
To save memory (which is usually more precious than processing time on
smart cards) usually the key is scheduled `on the fly'.
I.e. in general the key-schedule can be watched on smart cards.
Bye,
Michael
--
Neither do I speak for anyone else, nor does anyone else speak for me!
IBM Germany -- Dev. Lab. -- SmartCard Software -- Cryptography & Security
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Quantum PRNG
Date: Mon, 08 Mar 1999 13:54:54 GMT
Reply-To: [EMAIL PROTECTED]
On Mon, 08 Mar 1999 08:17:16 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>> ... the simulation is based on a PRNG ...
>> My question is whether such simulations of quantum random number
>> generation are as close as one can get to true random number
>> generation from a deterministic machine.
>Evidently not.
>The standard cryptologic assumption is that the eavesdropper knows
>all about the system you use, but not the specific key. In this
>simulation, the key would be the initial state of the underlying
>PRNG. The system security is thus approximately that of the PRNG.
I fully agree.
Now let's take it one step further and trigger the "collapse of the
wave vector" - i.e., the measurement - with a random process like
radioactive decay.
One of the criticisms of a TRNG is that you cannot do it in a
perfectly random manner, even with a truly random input. That is,
there will always be some small amount of bias and correlation that
gets into the output from errors in the hardware design. One method to
fix that is to hash the output, but thus far no one has made a
convincing case (to me anyway) that such post processing will not ruin
the nearly random character of the raw output stream.
So, instead of building a hardware TRNG, why not build a simulation of
a quantum TRNG and drive it with the simplest possible true random
input - no additional circuits to cause bias or correlation. The
output is then presumably guaranteed to be a true random number
because the quantum algorithm is a true random number generator.
The desire is that because the simulation is purely quantum mechanical
in nature up to the random input, it will faithfully produce true
random numbers when supplied with true random events.
Bob Knauer
"Luckily for all, the State is only people. And, generally, the least
competent of people. They are the ones who cannot innovate, only steal.
They cannot reason, only kill. They are brutes who see the greatest
efforts of mankind as loot to seize and control."
--The Kings of the High Frontier
------------------------------
From: "Choon" <[EMAIL PROTECTED]>
Subject: PGP keyring
Date: Mon, 8 Mar 1999 20:34:57 +0800
Hi, I hope someone can tell me how PGP protects the private keyring. From
the passphrase, I suppose it is hashed to obtain a secret key to decrypt the
private keyring. If this is so, what type of algorithm is used? Also, what
type of hash function?
Thanks in advance.
yen-choon
------------------------------
From: "Michel Bouissou" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Scramdisk - paranoia
Date: Mon, 8 Mar 1999 15:04:38 +0100
Aman a écrit dans le message <[EMAIL PROTECTED]>...
>
>There has been much call for the source code for version g, but I am
>thinking of releasing a version H soon, which will have the option to
>disable the shutdown checks for those who never had trouble before..
>I have had a lot of people complaing about it!
>
This is really, really good news Aman, thanks for taking this
request into consideration! I'm the first one that will love it!
Best regards.
--
Michel Bouissou <[EMAIL PROTECTED]> DH/DSS ID: 0x80DBBD8F
Voudriez-vous avoir BIG BROTHER dans votre ordinateur?
N'achetez PAS de Pentium III - Boycottez Intel !!!
Renseignez-vous sur http://www.bigbrotherinside.com
------------------------------
From: Henry Lewsal <[EMAIL PROTECTED]>
Subject: Re: RC6
Date: Mon, 08 Mar 1999 06:09:45 -1000
[EMAIL PROTECTED] wrote:
>
> After playing with my E encoder, I decided to look at other encryption
> methods. Ifound RC6. Now there are some questions I have:
>
> 1) What is the effect of lowering the rounds? Less security?
Less security. Vulnerability to linear cryptanalysis, see below.
> 2) What is the normal size for an input key (R. Rivest suggests 32 bytes)
16, 24 and 32 bytes are normal. Other sizes are possible (8, 48, etc.)
> 3) Is the only way to crack RC6 with bruteforce (like RC5)
No. Given enough plaintexts and the matching ciphertexts, and with
reduced rounds, reduced key size, it is feasible to find the key
without trying even a quarter of the keys.
> 4) And what are the possible weak keys/processes in which you could use RC6?
See link below.
>
> Now I am not all take and no give. I wrote a version of RC6 for small embeded
> systems. It will work on PC's but you may have to change all 'unsigned's to
> 'unsigned short's. (Unless you use a 16-bit c compiler)
>
> It's at: http://members.tripod.com/~tomstdenis/rc6.c
>
> Thanks in advance,
> Tom
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
You can read the answers at the following website:
http://www.rsa.com/rsalabs/aes/
You will need Adobe Acrobat Reader to read the .pdf files
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: ElGamal vs RSA
Date: 8 Mar 1999 14:19:48 GMT
ANSI X9 requires a prime field, not a prime power field. IEEE P1363 allows
either a prime field or a characteristic 2 field (ie.e., of form 2**m) as
elements can be represented by a bit string of a certain length. Obviously,
for a certain length bit string, there is exactly one 2**m number, but many
primes. Some have hypothesized about the potential to build a field cracker HW
device, so use of a prime allows use of many fields for a specific element
size, say 1024 bits.
Don Johnson
------------------------------
Date: Mon, 08 Mar 1999 07:33:21 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: checksum algorithm ?
Alex wrote:
> i have no idea how good the program is, cuz i admit i know nothing about
> cryptography except for the fact that the aim is to make it very very
> very hard to crack cuz i know that no algorithm is uncrackable. the
> program description i have at the site is very poor right now i will
> updated it when i finish all my assignments !
You'll find it interesting to develop an algorithm but you'd probably do
as well or better looking at existing algorithms developed by pros.
There are a lot of these, e.g. at http://www.counterpane.com.
An algorithm that might work well for your 32-bit checksum is CRC
(Cyclic-Redundancy Check). There are also many algorithms available on
the net for producing these.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: PGP keyring
Date: Mon, 08 Mar 1999 08:33:23 -0600
In <7c0gko$4iu$[EMAIL PROTECTED]>, on 03/08/99
at 08:34 PM, "Choon" <[EMAIL PROTECTED]> said:
>Hi, I hope someone can tell me how PGP protects the private keyring. From
>the passphrase, I suppose it is hashed to obtain a secret key to decrypt
>the private keyring. If this is so, what type of algorithm is used? Also,
>what type of hash function?
Get a copy of RFC2440 "OpenPGP Formats", the information you need should
be in there.
--
===============================================================
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
===============================================================
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Are there free RSA Software lib's ?
Date: Mon, 08 Mar 1999 14:41:27 GMT
<snip> The patent on RSA is valid only in the states and until the year 2000.
You cannot export RSA code outside of the states, or RSA encrypted data
outside of the states. You can write the code independantly in another
country however, or you could print the source code and export that way.
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Rosenegger Josef <[EMAIL PROTECTED]>
Subject: Re: Are there free RSA Software lib's ?
Date: 8 Mar 1999 15:05:05 GMT
Thanx Tom !
If I' ll fetch the codes, e.g FTP server outside the US, I'havent any problems
with the restrictions?
Can I check , whether the codes are rewritten?
[EMAIL PROTECTED] wrote:
> <snip> The patent on RSA is valid only in the states and until the year 2000.
> You cannot export RSA code outside of the states, or RSA encrypted data
> outside of the states. You can write the code independantly in another
> country however, or you could print the source code and export that way.
>
> Tom
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
--
======================================
SZ Testsysteme AG
Josef Rosenegger, Software Development
mailto:[EMAIL PROTECTED]
http://www.sz-testsysteme.de
Phone: +49 8075 17-239
Fax: +49 8075 1588
======================================
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
