Cryptography-Digest Digest #613, Volume #9 Fri, 28 May 99 17:13:04 EDT
Contents:
Re: Review of Scottu19 (Patrick Juola)
Re: The BRUCE SCHNEIER Tirade (DJohn37050)
OTP Problems (DJohn37050)
Re: non-computerized cryptography (and the tirade...) (Seth Hardy)
alt.timestamp (Brian Queen)
Re: evaluation cryptographic algorithms (SCOTT19U.ZIP_GUY)
Re: non-computerized cryptography (and the tirade...) (SCOTT19U.ZIP_GUY)
Re: The BRUCE SCHNEIER Tirade (Jerry Coffin)
Re: Review of Scottu19 (Jerry Coffin)
Re: The BRUCE SCHNEIER Tirade (John Savard)
Re: The BRUCE SCHNEIER Tirade (John Savard)
Re: The BRUCE SCHNEIER Tirade (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Review of Scottu19
Date: 28 May 1999 16:11:49 -0400
In article <[EMAIL PROTECTED]>,
Jerry Coffin <[EMAIL PROTECTED]> wrote:
>In article <7ilkki$932$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>> According to SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]>:
>> > Then you don't look very hard becasue scott19u can not be
>> > implemented in a eleagant(what does elagnat mean any way) readable
>> > ANSI C way and even start to run as fast as it does on my PC. But if
>> > your good at assembly you can speed it up by a factor if ten.
>>
>> -- Such a statement is false. If you can speed up an algorithm by a
>> factor of ten in assembly, then you do not know how to produce C code,
>> or your compiler is the dumbest ever (which djgpp is not).
>
>I think you're over-stating things a bit. Just to give one example,
>the initial and final permutations in DES are generally quite slow if
>written in C. As it happens, the Altivec extensions to the PowerPC
>instruction set include a bit-permutation instruction. I haven't
>looked at the details of it yet, but it wouldn't surprise me if this
>allowed even a 100:1 improvement in speed over a version that didn't
>use the bit-permutation instruction.
>
>The question then, is whether a compiler for this architecture would
>or will be able to optimize the C code to use the bit-permutation
>instruction. I don't believe any current compiler will do so, and I'd
>guess we won't see one that does for quite a while (if ever).
Actually, I believe the GCC superoptimizer does. It's really rather
clever -- someone noticed that the best way to figure out how to make
a machine run fast is to observe what it does and memoize the fastest
things in case you need them later. So the ``superoptimizer'' more
or less just executes random opcodes in a sandbox and observes the
end results and time taken. It then remembers the things it finds useful
(generally things like zeroing out registers, incrementing an address,
and so forth) and uses them in the code generation phase later.
The superoptimizer will, almost by definition, *find* the bit-permutation
instructions. Whether or not it uses them would depend on what
your expectations for the compiler were. Write a large enough check
to me and I'll be glad to give you a compiler that uses them. 8-)
-kitten
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: The BRUCE SCHNEIER Tirade
Date: 28 May 1999 20:32:11 GMT
There is also the sync problem with OTP. Off by one bit and you get goo-gah.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: OTP Problems
Date: 28 May 1999 20:37:26 GMT
OTP is provably secure. Why is it not used everywhere?
It has some problems in practice:
1. Key length = message length, this is impractical in most applications.
2. What do you do if you run out of key? Choke!
3. Key must be totally random, this is non-trivial to accomplish.
4. Two-time pad should be considered insecure, any reuse can be fatal to
security.
5. Synchronization between sender and receiver is critical, if a little as one
bit is dropped, you lose everything.
Don Johnson
------------------------------
From: Seth Hardy <[EMAIL PROTECTED]>
Subject: Re: non-computerized cryptography (and the tirade...)
Date: Fri, 28 May 1999 15:56:06 -0400
> I know exactly what you are talking about.
>
> Ciphile Software's Original Absolute Privacy - Level3 encryption
> Software Package
> is exactly what you are describing.
So it is a one time pad, non-computerized, and completely secure?
It is *exactly* what you are talking about! What else does it do? Tell me
more! Built in key distribution, via Ciphile's own secure courier program?
No problem! How about digital signatures, via pDSA (pseudo-DSA)? Of
course!
All of this, because our advertisement campaign costs absolutely NO money
to us! OTHER companies spend HUDREDS of THOUSANDS of dollars every year
promoting their software! We spent that money on our product, and
ultimately, on YOU!
> It is available as shareware at http://www.ciphile.com
Your attacks on Bruce seem to have started with a difference in opinion
concerning the security of your product. Bruce's opinion came from his
knowledge in the field of cryptography -- a field that you seem to know
little to nothing about. Your opinion comes from the need to market a
product, based on no fact at all, and "witty" retorts that remind me of
the old "I know you are but what am I?" that fell out of fashion in second
grade. You've been asked to prove the security of your cryptosystem, and
you have refused to do so (in many more words than are necessary). Silence
speaks louder than words.
A suggestion: if you wish to find a forum to advertise your product, the
selection of one that doesn't know what they're talking about will be much
more in your interests. Trying to plug a cryptosystem to people who know
how to distinguish the real from the snake oil... just doesn't work.
Just hear from some of our satisfied customers:
"It works great! I can encrypt and decrypt without any problems!"
"It integrates seamlessly with all of my favorite e-mail and word
processing products! If I didn't know any better, I'd think it wasn't even
there!"
"This has to be the most secure form of encryption I've EVER seen! Thank
you!"
If anyone is interested in this wonderful new cryptosystem, go to my
web-page. It's called double-ROT13, and it's catching on very quickly! You
WON'T be disappointed! And it's available as SHAREWARE, too!
Sigh. When will people learn?
============================================================================
Seth M. Hardy PGP Key available at public keyservers.
[EMAIL PROTECTED] Fingerprint: E4F7 A726 7EF9 2474 1034
Worcester Poly. Inst. CS/MA 5692 F825 7B67 853B 985E
============================================================================
------------------------------
From: [EMAIL PROTECTED] (Brian Queen)
Crossposted-To: alt.config
Subject: alt.timestamp
Date: 28 May 1999 13:50:55 -0700
alt.timestamp free, online Trusted Third Party for electronic media.
Charter:
Posting of nothing more than minimally sized digital signatures of
electronically
published information for the purposes of time stamping.
Justification:
In an effort to produce a free, fully automated and online
Trusted Third Party (TTP) I propose the creation of
a new newsgroup alt.timestamp under the assumption that
the distribution system of Usenet provides in itself a TTP.
The newsgroup would provide a timestamp in the following manner:
a user would send a digital signature of the electronic document to the
newsgroup.
The digital signature gets propagated throughout Usenet and archived and
indexed
according to the extent of the current and future search engine
capabilities.
Future claims regarding the date of a document may be resolved by
finding the digital signature in one of the archives.
Existing newsgroups such as alt.anonymous could be used for such
purposes
but the creation of a new group for this specific purpose would be
beneficial.
Proponent:
Brian Queen
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: evaluation cryptographic algorithms
Date: Fri, 28 May 1999 21:44:34 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Terry Ritter) wrote:
>
>On Fri, 28 May 1999 12:05:25 -0500, in
><[EMAIL PROTECTED]>, in sci.crypt Medical Electronics
>Lab <[EMAIL PROTECTED]> wrote:
>
>>[...]
>>A cipher is assumed "strong" if it can withstand all known attacks.
>
>*Assuming* a cipher is "strong" simply because *we* cannot break it
>means that if the cipher ever *is* broken in secret, we will *still*
>assume that cipher is "strong" even while our information is being
>harvested. That seems like a strange meaning for "strength."
>
>---
>Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
>Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
>
It not strange if you are the NSA part of there success is to keep
idots thinking they are using strong encryption when they are not.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: non-computerized cryptography (and the tirade...)
Date: Fri, 28 May 1999 21:51:40 GMT
In article <[EMAIL PROTECTED]>, Seth Hardy
<[EMAIL PROTECTED]> wrote:
>> I know exactly what you are talking about.
>>
>> Ciphile Software's Original Absolute Privacy - Level3 encryption
>> Software Package
>> is exactly what you are describing.
>
>So it is a one time pad, non-computerized, and completely secure?
>It is *exactly* what you are talking about! What else does it do? Tell me
>more! Built in key distribution, via Ciphile's own secure courier program?
>No problem! How about digital signatures, via pDSA (pseudo-DSA)? Of
>course!
>
>All of this, because our advertisement campaign costs absolutely NO money
>to us! OTHER companies spend HUDREDS of THOUSANDS of dollars every year
>promoting their software! We spent that money on our product, and
>ultimately, on YOU!
>
>> It is available as shareware at http://www.ciphile.com
>
>Your attacks on Bruce seem to have started with a difference in opinion
>concerning the security of your product. Bruce's opinion came from his
>knowledge in the field of cryptography -- a field that you seem to know
>little to nothing about. Your opinion comes from the need to market a
>product, based on no fact at all, and "witty" retorts that remind me of
>the old "I know you are but what am I?" that fell out of fashion in second
>grade. You've been asked to prove the security of your cryptosystem, and
>you have refused to do so (in many more words than are necessary). Silence
>speaks louder than words.
>
>A suggestion: if you wish to find a forum to advertise your product, the
>selection of one that doesn't know what they're talking about will be much
>more in your interests. Trying to plug a cryptosystem to people who know
>how to distinguish the real from the snake oil... just doesn't work.
>
>Just hear from some of our satisfied customers:
>
>"It works great! I can encrypt and decrypt without any problems!"
>
>"It integrates seamlessly with all of my favorite e-mail and word
>processing products! If I didn't know any better, I'd think it wasn't even
>there!"
>
>"This has to be the most secure form of encryption I've EVER seen! Thank
>you!"
>
>If anyone is interested in this wonderful new cryptosystem, go to my
>web-page. It's called double-ROT13, and it's catching on very quickly! You
>WON'T be disappointed! And it's available as SHAREWARE, too!
>
>Sigh. When will people learn?
>
>
>----------------------------------------------------------------------------
> Seth M. Hardy
Most people will never learn. They fall for the smooth line and most people
on this use group are not far from the suckers who fall for slick advertising.
Even the psuedo intellectuals in this group are to dam lazy to look at
something that is not packaged to their tastes or blessed by a phony
crypto god. Maybe after the chinese bombs start falling it want make
much difference.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 13:59:57 -0600
In article <7im07j$dbj$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> > Nope. You may pass the pad through a window that may not even exist at
> > the time you need a message transmitted.
>
> No you are wrong. The OTP gets it's security because the key is truly
> random. If the key is shorter then the message it cannot be truly
> random. Say you have a repeating 64 byte key then you can easily break
> the message.
I believe you're misinterpreting what he said. For example, you might
meet with a person and hand them a CD-ROM full of data to use as a
key. They can travel around and send you messages securely until
either 1) the CD-ROM is lost, copied, etc., or 2) they've sent you
roughly 650 MB of text.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: Review of Scottu19
Date: Fri, 28 May 1999 13:59:55 -0600
In article <7ilkki$932$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> According to SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]>:
> > Then you don't look very hard becasue scott19u can not be
> > implemented in a eleagant(what does elagnat mean any way) readable
> > ANSI C way and even start to run as fast as it does on my PC. But if
> > your good at assembly you can speed it up by a factor if ten.
>
> -- Such a statement is false. If you can speed up an algorithm by a
> factor of ten in assembly, then you do not know how to produce C code,
> or your compiler is the dumbest ever (which djgpp is not).
I think you're over-stating things a bit. Just to give one example,
the initial and final permutations in DES are generally quite slow if
written in C. As it happens, the Altivec extensions to the PowerPC
instruction set include a bit-permutation instruction. I haven't
looked at the details of it yet, but it wouldn't surprise me if this
allowed even a 100:1 improvement in speed over a version that didn't
use the bit-permutation instruction.
The question then, is whether a compiler for this architecture would
or will be able to optimize the C code to use the bit-permutation
instruction. I don't believe any current compiler will do so, and I'd
guess we won't see one that does for quite a while (if ever).
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 21:01:38 GMT
fungus <[EMAIL PROTECTED]> wrote, in part:
>A one time pad has a key which is a big as the message. If you
>can securely transmit the key to the other party then you obviously
>don't need cryptography - you could just send the message by the
>same route.
A true one-time pad is inconvenient, all right. But the objection you
have noted doesn't make it truly unusable. It might be that one can,
at a certain time in advance, conveniently transport a large quantity
of key, but at a later time, when messages are to be sent concerning
important matters, they will have to be sent by a means liable to
interception.
For example, it might be possible to securely convey to a ship docked
at its home port a large quantity of key, but when it is on the ocean,
engaging in manoeuvers or combat, it may only be able to communicate
by radio with other ships or with its headquarters.
Since a CD-R is quite compact, people might argue that even a
conventional cipher that relies on a short secret key is "unusable"
most of the time when a one-time pad is unusable for communications.
And therefore, public-key cryptography is a must.
(Obviously, though, for something like ScramDisk, neither a one-time
pad nor public key methods make any sense.)
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 20:52:06 GMT
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote, in part:
>Is it the mark of a professional to make assertions about something he
>does not know anything about?
A popular radio personality in the United States uses many unique
phrases in the course of his radio and television shows to express the
ideas he hopes to fix in the minds of his audience.
One of them is: "words mean things".
The phrase "one-time pad" means something. You are offering for sale a
stream cipher product. However good and secure it may be, it is not a
one-time pad, since no method of deterministically producing a
sequence of stream encipherment bits from a smaller key is as
completely unpredictable then actually generating each bit by a
genuinely random means, i.e., flipping a coin.
If your key is 4096 bits long, and you generate 65536 bits for use in
stream encipherment from it, then you are only generating 2^4096 of
the possible 2^65536 sequences of 65536 bits. So, it is quite likely -
in principle - that once one has seen the first 4096 bits of the
sequence, that there are only a limited number of possibilities for
the rest of the sequence.
Obviously, a stream cipher with a 4096 bit key that can't be broken by
any method but brute-force search _is_ highly secure. But it is not a
one-time pad.
If you use a term for your product that names something _it cannot
be_, Bruce does *not* need to know a great deal about what your
product _is_ to criticize that.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 22:05:46 GMT
In article <01bea940$6245df60$763984a9@jay>, "jay" <[EMAIL PROTECTED]> wrote:
>
>
>SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote in article
><7im84k$1m5s$[EMAIL PROTECTED]>...
>>
>> Actually Bruce stuck his foot in his mouth. He should now better than
>to
>> spout the BS about a OTP since it is PROVABLE SECURE and Bruce
>> knows it.
>
>What is it about the words 'provably secure' that gets these guys so
>excited. OTP is provably secure under a very few circumstances, which have
>little to do with the practical world. In ALL OTHER CASES it is far weaker
>than vetted algorithms.
>
>* Key is the size of message (difficult to transmit)
>
>* Key cannot be kept in memory (with effort a good symmetric key can be
>memorized)
>
>* Large key is difficult to store safely. (a good symmetric key can be well
>hidden, on paper or other format if necessary)
>
>Of course many people have *repeatedly* pointed this out, but these guys
>keep repeating 'provably secure' with knee-jerk regularity. I am somehow
>reminded of the amateur inventors of perpetual motion machines who
What you don't seem able to understand is that no one can make a perpetual
motion machine that does work. But OTP do exist if you can't understanf
that then you know nothing about encryption. Yes the key distrubution
is a problem but then does not mean it does not work.
>(sometimes sincerely) cannot understand what is wrong with their favorite
>idea, but refuse to accept that some people really know more about this
>than they do.
>
>You want to prove how clever you are? Crack Blowfish and publish it.
>
>jay
Actually it would be more fun to wait for the NSA approved dark horse
to win the AES contest and then that would be more fun to look at.
But I don't think at this point it is worth my time looking at it.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
