Cryptography-Digest Digest #516, Volume #9 Fri, 7 May 99 23:13:03 EDT
Contents:
Re: Pentium3 serial number is based on who you [server/exterior] claimed to be
(Armand)
Re: Kiwi source code released internationally (Sam E. Trenholme)
Re: Crypto export limits ruled unconstitutional (Lyn A Headley)
Re: role of PRNG/RNG (kurt wismer)
Re: Crypto export limits ruled unconstitutional (Jim Gillogly)
Re: Algorithms where encryption=decryption? (Emmanuel BRESSON)
Re: Shamir's Discover: to those in the know ([EMAIL PROTECTED])
Searching information! ("sacfloyd")
Re: Fast random number generator ([EMAIL PROTECTED])
Re: Crypto export limits ruled unconstitutional ([EMAIL PROTECTED])
Re: Triple DES cracked? NYT says so... (Nathan Kennedy)
Re: The simplest to understand and as secure as it gets. ("Douglas A. Gwyn")
Re: True Randomness & The Law Of Large Numbers ("Douglas A. Gwyn")
Re: Searching information! (David A Molnar)
Re: Crypto export limits ruled unconstitutional ("hapticz")
Re: Crypto export limits ruled unconstitutional (Mike McCarty)
Re: Shamir's Announcement ("Douglas A. Gwyn")
Re: Shamir's Discover: to those in the know (David A Molnar)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Armand)
Crossposted-To: alt.security
Subject: Re: Pentium3 serial number is based on who you [server/exterior] claimed to
be
Date: 7 May 1999 20:49:10 GMT
Reply-To: address()below
Probably the idea that, what is too much effort today, will be a piece of
cake tomorrow.
Armand
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] writes:
> Paul Koning wrote:
>> I think a more accurate statement would be "tamper-resistant software
>> is non-existent".
>>
>> The whole concept is utterly nonsensical.
>
> What is the basis for your conclusion?
------------------------------
From: [EMAIL PROTECTED] (Sam E. Trenholme)
Crossposted-To: talk.politics.crypto
Subject: Re: Kiwi source code released internationally
Date: 7 May 1999 14:09:18 -0700
[Followups Set appropiately]
Well, I just talked to a lawyer about this, and the decision is not in
effect until the case is returned to the district court and the mandate is
spread.
In Engligh, that means that the Appeal court now orders the district court
to implement this decision, and nothing happens until they do.
Why do I get the feling that the DOJ is going to stay this decision before
the appeal court has a chance to "make it so"?
Sigh, oh sigh.
- Sam
------------------------------
From: Lyn A Headley <[EMAIL PROTECTED]>
Subject: Re: Crypto export limits ruled unconstitutional
Date: Fri, 7 May 1999 20:37:46 GMT
When I first heard about this, I figured it was the biggest crypto
news of this decade. Doesn't it mean that we can do WHATEVER WE WANT
with our cryptographic code now? Why haven't there been massive
hurrahs and wild parties all over this forum?
-Lyn
------------------------------
From: kurt wismer <[EMAIL PROTECTED]>
Subject: Re: role of PRNG/RNG
Date: Fri, 7 May 1999 06:25:30 GMT
Eli wrote:
>
> What is the typical role of a PRNG/RNG in the encryption process? Why
> is it important? What does it effect? How can a faulty one be used to
> break a cryptosystem?
not an expert but... encryption tries to hide information by combining
it with secret information (a key) such that only people who know the
secret (key) can reverse the combination and arrive at the original
information... if the secret is something predictable it makes it easier
to guess or even know what it is so instead unpredictable (random)
numbers are used instead... if a prng/rng is broken then it's output
becomes more predictable and the keys made from it's output are also
more predictable...
that would be a laymans way of looking at it anyways...
> I know it is inconvenient but can responders please email me (I do not
> have regular access to usenet, to retrieve the response).
>
> Thanks
posted and mailed...
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Crypto export limits ruled unconstitutional
Date: Fri, 07 May 1999 14:45:55 -0700
Lyn A Headley wrote:
>
> When I first heard about this, I figured it was the biggest crypto
> news of this decade. Doesn't it mean that we can do WHATEVER WE WANT
> with our cryptographic code now? Why haven't there been massive
> hurrahs and wild parties all over this forum?
There are muted hurrahs over in talk.politics.crypto and sedate parties
on a number of mailing lists, where it's more on-topic than here. The
"WHATEVER WE WANT" part is premature, according to Bernstein's attorney
Cindy Cohn, who says:
First, the decision is not final for at least 52 days (45 for the
govt to seek rehearing/7 more for mandate to issue), even if the
government doesn't seek cert or rehearing. It could probably be
cited as a slip opinion in the meantime, but is not binding
precedent yet.
Second, once it is final, it will only be binding precedent
within the 9th Circuit.
Third, the status pending further review will probably be
determined by a motion for stay within the rehearing period. If
such a stay is granted, as it was below [in the lower court],
folks will probably have to wait until it's all over before they
can publish without fear of prosecution. We will oppose any
request for a stay, of course.
Still, it's a lovely victory, and a tribute to Dan Bernstein's
persistence. I just picked up another copy of Snuffle from the
most convenient site (which happened to be in China) to verify
the code snippet Judge Fletcher quoted in her opinion, and the
package was dated 1990. I just hope he doesn't die of old age
before the case finally makes it through the Supreme Court and
the crypto part of the EAR is trashed once and for all.
--
Jim Gillogly
Trewesday, 16 Thrimidge S.R. 1999, 21:37
12.19.6.3.1, 4 Imix 9 Uo, Seventh Lord of Night
------------------------------
Date: Mon, 03 May 1999 11:30:04 -0400
From: Emmanuel BRESSON <[EMAIL PROTECTED]>
Subject: Re: Algorithms where encryption=decryption?
John Savard wrote:
> Emmanuel BRESSON <[EMAIL PROTECTED]> wrote, in part:
> >Anne Veling wrote:
> >> Or f(x)=1/x (not so useful for encryption)
> >Why not ??? It works perfectly (computing modulo n, of course)
> Even if n is secret, it wouldn't be terribly secure by itself...
Of course, it's not secure ! don't worry, I was not saying that.. :-)
I was just telling Anne Velling that it is meaningfull to compute 1/x
with integers (assuming you compute with a modulus, naturally) and that
it is a self-inverted function.
Bye
E.B.
------------------------------
Date: Fri, 07 May 1999 16:33:36 -0400
From: [EMAIL PROTECTED]
Subject: Re: Shamir's Discover: to those in the know
> I just purchased a P3/500.
May I offer my sincerest condolences?
------------------------------
From: "sacfloyd" <[EMAIL PROTECTED]>
Subject: Searching information!
Date: Fri, 07 May 1999 23:23:44 GMT
I'm trying to do a tessis based in encrypting and cryptographic theory
and algorithms.
I would thank if anybody can help me giving me some sites where I can
find information specially in the theory and with recomendations of
books and authors.
bye.
--
Posted via Talkway - http://www.talkway.com
Exchange ideas on practically anything (tm).
------------------------------
Date: Fri, 07 May 1999 19:38:06 -0400
From: [EMAIL PROTECTED]
Subject: Re: Fast random number generator
Herman Rubin wrote:
>
> In article <[EMAIL PROTECTED]>, Terry Ritter <[EMAIL PROTECTED]> wrote:
>
> >On Wed, 05 May 1999 17:56:55 GMT, in
> ><[EMAIL PROTECTED]>, in sci.crypt
> >[EMAIL PROTECTED] (John Savard) wrote:
>
> ..............
>
> >>>>The classical shuffling algorithm depends on a good random number
> >>>generator to produce small random numbers in the range [0, size-1].
>
> >>No, it needs more than that.
>
> >>It needs one random number in the range {0, 1, 2, ... size-1 }, and
> >>then it needs one random number in the range {0, 1, 2, ... size-2 },
> >>and then one in the range {0, 1, 2, ... size-3 }.
>
> ................
>
> >In particular, an appropriate way to develop a random value of
> >arbitrary range is to first mask the random value by the next higher
> >power of 2 less one, and then reject any value beyond the desired
> >range.
>
> This method is quite inefficient, as far as bit usage, especially
> as the value of the number m for which a number in the range
> 0 - m-1 is needed. Here is an algorithm which will use the
> minimum expected number of bits. The algorithm given is optimal
> if m = 2^k or m = 2^k - 1, but not otherwise. For m = 5, it
> uses an average of 4.8 bits, rather than the 3.39 possible.
> For m = 65, it is 13.75, rather than 7.72.
>
> A version of the optimal bit algorithm is as follows, assuming
> that m > 1. B is a new random bit at each stage. It uses
> multiplication by 2, addition, and comparison.
>
> i = 1; j = 0;
> loop: i = i*2; j = j*2+B;
> if(i < m)goto loop;
> if(j < m){return j:
> exit}
> i = i-m; j = j-m;
> goto loop;
>
> The basis of the proof of correctness is that, on the loop: line,
> j is always uniform 0 - i-1, and that this remains true after the
> subtraction if that is done. No procedure returning one result
> uniform random numbers in the range 0 - m-1, considering no other
> results from random processes, can be more efficient.
I believe that as m grows the bit utilization efficiency of the methods
converges, but the parallelism of the word-oriented power-of-two masking
technique will dominate the bit-shifting technique (the *2 in the loop:
line is a bit shift).
> --
> This address is for information only. I do not claim that these views
> are those of the Statistics Department or of Purdue University.
> Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
> [EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
Date: Fri, 07 May 1999 19:41:13 -0400
From: [EMAIL PROTECTED]
Subject: Re: Crypto export limits ruled unconstitutional
1. The decision only applies to Bernstein.
2. For later cases it only shields actions in the 9th Circuit.
3. I expect DOJ to ignore the ruling and continue enforcing the
non-statutory restrictions on export.
Lyn A Headley wrote:
>
> When I first heard about this, I figured it was the biggest crypto
> news of this decade. Doesn't it mean that we can do WHATEVER WE WANT
> with our cryptographic code now? Why haven't there been massive
> hurrahs and wild parties all over this forum?
>
> -Lyn
------------------------------
From: Nathan Kennedy <[EMAIL PROTECTED]>
Subject: Re: Triple DES cracked? NYT says so...
Date: Sat, 08 May 1999 08:08:21 +0800
Matthew Skala wrote:
>
> In article <[EMAIL PROTECTED]>,
> John Savard <[EMAIL PROTECTED]> wrote:
> >claims that Drs. Eli Biham and Adi Shamir have discovered a way to
> >reduce _Triple_ DES to the strength of single-DES in some cases.
>
> I can reduce standard EDE 3DES to the strength of DES in 2^56 cases: those
> are the cases where the two halves of the key are identical. Then a 3DES
> encrypt is the same as a DES encrypt. I imagine that's not what's being
> discussed here, though.
This is not a weakness. It is self-evident. DES's keyspace is 2^56,
therefore "finding" 2^56 keys out of 2^112 means nothing. That's like
saying you can reduce 128-bit RC4 to 40-bit RC4 in 2^40 cases. Big deal.
Nate
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The simplest to understand and as secure as it gets.
Date: Sat, 08 May 1999 00:38:35 GMT
[EMAIL PROTECTED] wrote:
> I still don't see the strength on files that don't compress...
You don't need very strong encryption to keep such files secure.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Sat, 08 May 1999 00:47:51 GMT
Herman Rubin wrote:
> When it comes to the problem of getting good quality random bits, ...
What does that have to do with what I was discussing?
> These differences are important. Also, the typical use of testing,
> setting p-values, is not what should be done. It takes a lot of
> data to test between a physical RNG doing a quite good job, and one
> which has lots of weakness.
(a) By microanalyzing, you missed the whole point of the exercise,
which was to show the general logical scheme, which justifies the
use of an independence assumption at that stage of the argument
*even though that assumption might not match reality*.
(b) "A lot of data" is not feasible in the application we were
discussing. A bad encryptor needs to be detected and stopped before
too much damage is done.
So what is *your* solution to the general cryptomathematical problem
that I formulated (in a ******-lined box) earlier in this thread?
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Searching information!
Date: 8 May 1999 01:09:05 GMT
sacfloyd <[EMAIL PROTECTED]> wrote:
> I'm trying to do a tessis based in encrypting and cryptographic theory
> and algorithms.
> I would thank if anybody can help me giving me some sites where I can
> find information specially in the theory and with recomendations of
> books and authors.
> bye.
How much do you know? and what kinds of things are you interested in?
Applied Cryptography is a good introduction; it clearly explains the
intuition behind and use of many of the protocols which form (IMHO)
the most interesting part of cryptography. It does not have especially
precise implementation details, nor does it bother with proofs.
The Handbook of Applied Cryptography contains specific details on
how to implement algorithms, including little details like what
kinds of primes are good, how often primality tests work, and so on.
Very helpful details.
For an overview of theory, I like Oded Goldreich's Modern Cryptography,
Probabilistic Proofs, and Pseudo-randomness (even if it doesn't cover too
many actual protocols) for its breadth and style. Not a number theory book,
but a "crypto theory" book.
For a number theory with apps to crypto book, Neal Koblitz A Course in Number
Theory and Cryptography is solid. I especially like the fact it begins with
estimating how much time fundamental operations like repeated squaring and
multiplication take. Also has an intro to elliptic curves
and a section on factoring algorithms, though you will need to keep in mind
that new developments are common in those fields.
You may want a "bible" on top of that, since it's an intro to the subject (though
not exactly an intro level book otherwise). Henri Cohen's Course in Computational
Algebraic Number Theory is big and impressive enough. Relatively few direct
applications to cryptography, but it does have a lot of background that is useful,
like what the LLL algorithm is and how it works.
but those are books, and they cost money...
Honestly, check out some of the theoretical crypto courses available on the Web.
Someone (Raph Levien??) had compiled a list of them about a year ago; don't know
the URL, but it may be worth searching for.
Micali and Goldwasser have theirs at MIT, Bellare and Rogaway each have courses...I'll
probably
end up overlooking people, so here's a page with a list of many of 'em :
http://www.swcp.com/~mccurley/cryptographers/cryptographers.html
Check out a couple of survey papers, too. Bellare has his talk on what "Provable
Security" is,
Goldreich has fragments of his book available on his web page, Boneh has "Twenty Years
of
Attacks on the RSA Cryptosystem", etc. etc. etc.
good luck, and please post if you do something interesting...
-David
------------------------------
From: "hapticz" <[EMAIL PROTECTED]>
Subject: Re: Crypto export limits ruled unconstitutional
Date: Fri, 7 May 1999 21:48:47 -0400
agreed, it is only a single case. precedent setting it isn't!
--
best regards
[EMAIL PROTECTED]
remove first "email" from address, sorry i had to do this!
[EMAIL PROTECTED] wrote in message <[EMAIL PROTECTED]>...
|1. The decision only applies to Bernstein.
|
|2. For later cases it only shields actions in the 9th Circuit.
|
|3. I expect DOJ to ignore the ruling and continue enforcing the
|non-statutory restrictions on export.
|
|
|Lyn A Headley wrote:
|>
|> When I first heard about this, I figured it was the biggest crypto
|> news of this decade. Doesn't it mean that we can do WHATEVER WE WANT
|> with our cryptographic code now? Why haven't there been massive
|> hurrahs and wild parties all over this forum?
|>
|> -Lyn
------------------------------
From: [EMAIL PROTECTED] (Mike McCarty)
Subject: Re: Crypto export limits ruled unconstitutional
Date: 8 May 1999 00:03:09 GMT
In article <[EMAIL PROTECTED]>,
Lyn A Headley <[EMAIL PROTECTED]> wrote:
)
)When I first heard about this, I figured it was the biggest crypto
)news of this decade. Doesn't it mean that we can do WHATEVER WE WANT
)with our cryptographic code now? Why haven't there been massive
)hurrahs and wild parties all over this forum?
)
)-Lyn
No, it did not say that. If I understand it correctly, the court
maintained that
Speach protected by the Constitution may be embodied in a
computer language.
This is not usually the case, because things written in a
computer language are usually intended to communicate with
computers, not people.
Only those things written in computer languages which are Speach
protected by the Constitution are the subject of the decision.
All other uses of computer language are *not* protected, and may
be subject to the Munitions Act and the Implementing
Regulations.
So the Act was not overturned. Nor were the Regulations overturned. Only
the application of them to protected speach.
Now, in a sense the regs were overturned, because they were all mixed up
and didn't attempt to distinguish "speach" from "computer programs". So
the regs AS WRITTEN were overturned. But if they go back and re-write
them carefully, then they CAN apply them. Just not to speach which
happens to be embodied in a computer langugage. But if I understand
correctly, PROGRAMS are not speach. Just that this particular case was
one where a guy was disseminating his ideas in the form of a program,
but was not actuallly writing a program to be run on a computer. Any
program written actually to be run, I believe, is still subject (when
the regs are rewritten).
Mike
--
----
char *p="char *p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I don't speak for Alcatel <- They make me say that.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Shamir's Announcement
Date: Sat, 08 May 1999 00:36:49 GMT
The use of optical correlation methods dates back to before
Colossus. When I was a grad student, one of my Physics profs
pointed out that one could perform Fourier transforms by
simple optical methods.
Not knocking Shamir's work; I hadn't heard anybody suggest
using optics to factor before.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Shamir's Discover: to those in the know
Date: 8 May 1999 00:49:32 GMT
[EMAIL PROTECTED] wrote:
>> I just purchased a P3/500.
> May I offer my sincerest condolences?
Surely. I can't even offer the defense "it's running linux."
At least not yet.
-David
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
