Cryptography-Digest Digest #906, Volume #9 Sun, 18 Jul 99 12:13:04 EDT
Contents:
Re: Properly Seeding RNGs (Pierre Abbat)
Re: Math, Math, Math (David A Molnar)
Re: How Big is a Byte? (was: New Encryption Product!) ("Michael D.")
Re: How Big is a Byte? (was: New Encryption Product!) ("Michael D.")
Re: How Big is a Byte? (was: New Encryption Product!) ("Douglas A. Gwyn")
Re: How to crack monoalphabetic ciphers (Christopher)
Re: Xor Redundancies ([EMAIL PROTECTED])
Re: A few qustions on encryption ([EMAIL PROTECTED])
Re: NBE: Not crackable by brute force key search ([EMAIL PROTECTED])
Open questions about Dave Scotts Method ([EMAIL PROTECTED])
Re: Math, Math, Math ([EMAIL PROTECTED])
Re: Xor Redundancies (SCOTT19U.ZIP_GUY)
Re: Math, Math, Math (SCOTT19U.ZIP_GUY)
Re: Properly Seeding RNGs ([EMAIL PROTECTED])
Re: Math, Math, Math ([EMAIL PROTECTED])
Algorithm or Protocol? ([EMAIL PROTECTED])
Re: Xor Redundancies (SCOTT19U.ZIP_GUY)
Re: Music on CD - Great for around the house or dinner ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Pierre Abbat <[EMAIL PROTECTED]>
Subject: Re: Properly Seeding RNGs
Date: Sun, 18 Jul 1999 06:25:30 -0400
On Fri, 16 Jul 1999, [EMAIL PROTECTED] wrote:
>Let's just say I am using a strong cryptographic RNG. This particular
>one requires a string of variable length to seed it. How in the world
>do I get a random string to seed it with?
>
>At the current time, I'm using the current time to srand(); and then
>rand() % 256 to fill a string of [1024] long. This does NOT seem very
>secure to me. What is a practical way to seed this RNG?
Read /dev/random or /dev/urandom. If you use /dev/random, your program will
block until there is enough randomness; with /dev/urandom, it won't.
To see how hitting keys, moving the mouse, etc. affect the random device, type
"/usr/games/ppt </dev/random". The paper tape will scroll whenever there is new
randomness available.
phma
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Math, Math, Math
Date: 18 Jul 1999 10:33:02 GMT
Peter L. Montgomery <[EMAIL PROTECTED]> wrote:
> Parallel algorithms is desirable.
Random not quite related question : does anyone look at P-completeness
with respect to cryptography? for instance, showing that algorithm X is/is
not inherently sequential?
Thanks,
-David Molnar
------------------------------
From: "Michael D." <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Sun, 18 Jul 1999 06:01:50 -0500
English, as well as the other Germanic languages, cannot be made to be
gender neutral because of their structure. Latin languages, on the other
hand (that is: Portuguese, Spanish, French, Italian and Romanian) are all
gender specific, in general using the "a" and the "o" declensions to
denominate genders in all nouns, including inanimate subjects. What is the
solution? Should there even be a solution? Historically, languages evolve
naturally, however, attempts at artificially altering languages have
ususally failed. This accounts for the extra letters in the Cyrillic
alphabet, added by the Czar, as well as the failure of Esperanto to have
become anything more than a novel hobby.
Michael D.
[EMAIL PROTECTED]
Natarajan Krishnaswami <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Thu, 15 Jul 1999 22:59:44 GMT, Peter Seebach <[EMAIL PROTECTED]>
wrote:
> > This is partially because "he" is a gender-neutral pronoun in English,
while
> > "she" isn't, and "it" is a pronoun for the inanimate. "he" is correctly
used
> > both for typeless entities and for male entities.
>
> Quite a few English-language native speakers (and publishers) have
> rejected that position. (Unlike programming languages, natural ones
> are in a constant state of flux. ;-) The social context arising from
> the women's equality movement has precipitated, at least in the US, a
> dramatic reduction in use of masculine pronouns, compounds of 'man,
> etc., in generic contexts, and a fairly widespread (if mild) antipathy
> towards their use as such. It's not inconceivable that in another 20
> years, it may be considered poor style ("agrammatical") to use them
> that way (here).
>
> > Another argument against overloading words.
>
> Quite.
>
> <N/>
------------------------------
From: "Michael D." <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Sun, 18 Jul 1999 06:33:55 -0500
Is Zero a number, or is it a concept? As you may know, Latin numbers and
the abacus were used until about 1550 A.D. Why? For one thing, the zero was
the invention of the Arabs, and they were the enemy (the memory of the
crusades having been close at hand). Another was the difficulty of the
concept of "nothing". It was only when the zero was proven to be valuable as
a placeholder, that it began to be in vogue. However, as I stated on another
NG, the fact that our mothers taught us that the first number is one(1)
rather than zero(0), has crippled us all, intellectually. Base zero? Explain
that -- is it a concept, or a workable system?
Michael D.
[EMAIL PROTECTED]
wtshaw <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
> > wtshaw wrote:
> > >
> > > In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> >
> > I'm having a real hard time working out base zero arithmetic.
> >
> That's one option too many. Come, to think of it, base one is
> noncomputational as well.
> --
> Encryption means speaking in turns.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Sun, 18 Jul 1999 12:27:19 GMT
"Michael D." wrote:
> Is Zero a number, or is it a concept?
Numbers *are* concepts.
I have on occasion remarked that I think zero is the
greatest invention of all time.
> Base zero? Explain that -- is it a concept, or a workable system?
The normal meaning of "base 0" would be a numeration system in
which nonnegative integers are expressed as sums of powers of 0.
Obviously that won't work for any integer other than 0.
------------------------------
From: [EMAIL PROTECTED] (Christopher)
Subject: Re: How to crack monoalphabetic ciphers
Date: Sun, 18 Jul 1999 08:20:39 -0400
In article <7mnuim$ngu$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
_ While I'm here, can somebody provide links to information about
_ compression. I keep hearing all this stuff about LZ77 and stuff, but I
_ don't know exactly how they work. Thanks in advance.
You could try the FAQ:
http://www.faqs.org/faqs/compression-faq/part1/index.html
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Xor Redundancies
Date: Sun, 18 Jul 1999 13:37:05 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (JPeschel) wrote:
> I think he was talking about a polyalphabetic substitution cipher --
> a Vigenere of sorts. Substitutions are made by XORing the plaintext
> with a repeated key: the password. Schneier mentioned in AC2,
> a few years ago, that quite a few commercial programs tout the
> toy cipher as unbreakable. Quite a few still do.
Then he should have said that. Xor-Ciphers means nothing. You could
also say Add-Cipher Sub-Cipher Mul-Cipher etc ...
BTW those repeated key ciphers are normally done by twits who haven't a
clue about computer security. But it keeps normal drones out of
private files... maybe it does its job?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: A few qustions on encryption
Date: Sun, 18 Jul 1999 13:49:51 GMT
In article <7mqp2g$1k5s$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> You could try scott16u or scott19u A one bit change in the input
file
> anywhere changes the whole encrypted output file with out changing
> the length of the file. But it is more advanced than most of the token
> methods discussed here so you will not get any positive disscussions
> about it here. I say downlaod it and try it your self using your own
tests.
> Before the brain washed people who do most of the posting here try to
> talk you out of it.
Well you are wrong again. If your encryption method is a function then
it's possible to have outputs with low hamming weights. Just because
in your five tests you did you didn't get a huge difference doesn't
mean anything.
BTW why haven't you answered by earlier questions? I can repost them
if you want...
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NBE: Not crackable by brute force key search
Date: Sun, 18 Jul 1999 13:56:07 GMT
In article <7mqpqm$1lh2$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> If the Tom your refering to is the young kid then be aware he knows
very
> little about actual encryption. A long time a go I put him in my kill
file
> after I found it was impossible to carry on any resonable disscussion
with
> him. But if you have a method of high entropy the fact is that when
one
> does a brute force search you can end up with more than one solution
> (assuming you can even do the brute force seach) so that the brute
> force seach in itself may not be good enough. The fact is that when
one
> encrypts only a small amout of messages with a hiigh entropy method
> there is not enough information for the attacker to know what the
encrypted
> message was. Even if one had the time to look at all the resonable
> candidates. However if one is using something like a low entropy AES
> candidate then you might as well not encrypt if your hope is to
prevent
> the NSA from reading your messages.
Your a loon. I posted some questions about your methods which upon
answering could actually exonerate yourself. You obviously have been
ignoring them. I would encourage you to answer the questions in a
professional manner such that we can have a more crypto related
converstation.
BTW you keep knocking AES ciphers what proof do you have? You haven't
even proved your cipher is strong (or how it's strong).
I can repost my questions to you if you want. I hope that this can
remain polite. I really want to see your answers.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Open questions about Dave Scotts Method
Date: Sun, 18 Jul 1999 14:05:29 GMT
Here are some questions about Dave Scotts method that he has been
avoiding:
1. What is the smallest key you can use? Is it possible to dump a
hash output into the keyschedule for example?
2. What is block size/rounds ratio required for 2^x resitance to
differnential attacks? 2^x for linear? This would be a table for
expected block sizes.
3. What are the chances of having S[x] = y and S[y] = x. I remind you
that if this is not possible then the keyschedule cannot accept a full
2^19! possible keys. They keyspace would be smaller. This would be
ideal to avoid conjoint cycles shorter then 2^19.
4. What is the security offered when the word size changes?
Particullary with 8-bit words which might be idea (low mem usage)?
5. What are the clear advantages of your method over any other block
cipher considering speed/memory/key size/resistance to iterative
attacks?
If *anyone* can answer these questions it should be Dave. If anyone
else wants to stab at them go for it.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Math, Math, Math
Date: Sun, 18 Jul 1999 13:33:24 GMT
<snip>
It's nice to take courses on the mathmatics but if Bruce S. tells rhe
truth you should learn about protocals and devices as well.
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Xor Redundancies
Date: Sun, 18 Jul 1999 15:39:14 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(JPeschel) wrote:
>>Douglas A. Gwyn" <DAGwyn>
>
>>What in the world is "Xor Encryption"? Every so often, somebody uses
>>that term. XOR itself is a binary Boolean operation, equivalent to
>>addition in GF(2); that's not encryption. The XOR operation is used
>>in several cryptosystems, so it is unclear which one might be meant.
>
>I think he was talking about a polyalphabetic substitution cipher --
>a Vigenere of sorts. Substitutions are made by XORing the plaintext
>with a repeated key: the password. Schneier mentioned in AC2,
>a few years ago, that quite a few commercial programs tout the
>toy cipher as unbreakable. Quite a few still do.
>
>Joe
>
>
Joe I agree with you for some reason this also always seems
to be the first step in what people thank of as a slick cipher. It
gets reinvented at least a dozen times each year. The thing that
it shows is how good advertizing is since people year after year
seem to pay cash for methods like this. While few people are
smart enough to know what good encryption is all about.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Math, Math, Math
Date: Sun, 18 Jul 1999 15:29:47 GMT
In article <7mrpb8$27r$[EMAIL PROTECTED]>, David A Molnar
<[EMAIL PROTECTED]> wrote:
>SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
>
>> You might try taking geometrey eucldean and non euclidean
>> even cousres useing karno maps and cubical complexes might
>> help also take C and look at what I and others have done.
>> Oh sorry about the spelling I suck at that.
>
>Why does geometry help? I'm just asking (not a snide question),
>since it's not obvious to me right now how it's as useful as, say, knowing
>everything about algebra. Do you consider elliptic curves part of
>geometry?
>
>Thanks,
>-David Molnar
>
I find people who understand geometry seem to have a more open mind
into the understanding of logic. However I find this view a minority opinuion
on this group which consediers pretty writting a better indicator.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Properly Seeding RNGs
Date: Sun, 18 Jul 1999 13:46:01 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> One of possible workarounds involves asking user for a "composite"
> password like this:
>
> (prompt)>Enter the first part of your passphrase: xxxxxxx(Enter)
> (prompt)>Enter the second part of your passphrase: xxxxxxx(Enter)
> (prompt)>Enter the third part of your passphrase: xxxxxxx(Enter)
>
> or even more if necessary. The important thing is not to give any
> "bad passphrase" message in the middle of procedure, otherwise the
> system becomes prone to _divide and conquer_ attack.
Their are better options. This method you are talking bout will
require some math lib to perform arbitrary sized math equations. If
you are only use (say) 32-bit integers you could simply search the
keyspace for the 32-bit seed.
I am in the midst of designing a KSG which uses RC5's key schedule. I
find it works faster and better (and smaller) then plugging in a hash
function.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Math, Math, Math
Date: 18 Jul 1999 15:00:36 GMT
person <[EMAIL PROTECTED]> wrote:
> Well... obviously I can`t take all those courses in the two years that I
> will spend at the upper division level. So... what I was thinking of
> doing was taking a course in linear algebra (in addition to the course
> that I`ll take as a lower division course before I transfer), two
> semesters of advanced calculus, real analysis, and complex analysis. Are
> these classes at all applicable to cryptography ?
Just to reenforce what others have said: if you're interested in
cryptography, the advanced calculus, real analysis, and courses like
that don't do you nearly as much good as studying abstract algebra and
number theory. If you have a limited amount of time, that's where you
should spend it...
--
Steve Tate --- srt[At]cs.unt.edu | Gratuitously stolen quote:
Dept. of Computer Sciences | "The box said 'Requires Windows 95, NT,
University of North Texas | or better,' so I installed Linux."
Denton, TX 76201 |
------------------------------
From: [EMAIL PROTECTED]
Subject: Algorithm or Protocol?
Date: Sun, 18 Jul 1999 15:06:54 GMT
A lot of people are throwing algorithms and algorithm ideas into this
group but I am wondering?
Asides from being fun to design them (and break them,well I have broken
my ideas only so far...) wouldn't it be more usefull to design
cryptographic protocols for various tasks instead of algorithms?
I think pioneers in the group should move to designing secure systems
(with respect to where the trust is placed). I will bet that anyone
could sell a system more then an algorithm and that we could use
protocols more then algorithms...
My two cents...
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Xor Redundancies
Date: Sun, 18 Jul 1999 15:51:39 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>Well, I think the previous answers to your question explain it much
>better than I am able to. It's an extreamly simple way of, I guess
>encoding would be a good word. I used the term xor encryption because I
>have no idea what the name of it is. Anyway if you are still wondering,
>this is it:
>
>#include <fstream.h>
>#include <string.h>
>
>int main(int argc, char **argv)
>{
> char passwd[8];
> char tmp;
> int i = 0;
>
> strcpy((char *)passwd, "password");
>
> ifstream fin("C:\\test.txt");
> ofstream fout("C:\\tenc.txt", ios::binary);
>
> while (fin.get(tmp))
> {
> tmp ^= passwd[i];
> fout << tmp;
> i++;
> if (i > 7) i = 0;
> }
>
> fin.close();
> fout.close();
> return 0;
>}
>
>Not much eh? You would be surprised how many people use this simple
>algorithm in their programs claiming it is 100% unbreakable....
>
Yes many people feel that this is unbreakable due to the fact the
masses are kept ignorant about encryption. However for the few that
read up on encryption they think they know it all when it is magically
revealed by the crypto gods that this is weak encryption. Unfrotunately
most bright people stop at this new level and end up using things that
the NSA can easily break.
By the way what you posted may be illegal in most parts of the US
it depends where you live in the US till the courts decide. I hope
some over zealous DA does not bring you to trail for Treason.
But if you live in New Mexico and are of Chinese extraction don't
worry you can down load top secret plans for out best A bombs and
put them on unclassifed systems so they can be copied and the US
is afraid to bring you to court. Yes the laws are fucked up but money
to the right pockets in Washington can go a long ways as the chinese
have figured out.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Music on CD - Great for around the house or dinner
Date: Sun, 18 Jul 1999 15:08:47 GMT
In article <7mqbim$57c$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Keith A Monahan) wrote:
> We'll already disappointed (or dissapointed, your way) in your lack
of
> respect for on-topic posting, so what makes you think we won't be
> dissapointed in your music?
Maybe his post is a secret message?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
