Cryptography-Digest Digest #934, Volume #9 Sun, 25 Jul 99 03:13:03 EDT
Contents:
Re: How Big is a Byte? (was: New Encryption Product!) (wtshaw)
Re: How Big is a Byte? (wtshaw)
Re: What is skipjack ??? (wtshaw)
Sexy Stuff 78301 ([EMAIL PROTECTED])
Blakely-Shamir info? ("Dale Clapperton")
Does base64 encoding lessen security? (Michael Slass)
decorrelating audio input ([EMAIL PROTECTED])
decorrelating audio input ([EMAIL PROTECTED])
Re: NIST's ECC params (Greg)
My Algorithm ("Steven Hudson")
--- sci.crypt charter: read before you post (weekly notice) (D. J. Bernstein)
ECCrypto cipher block protocol (Greg)
"investigation of non-repudiation" (David A Molnar)
Re: another news article on Kryptos ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Sat, 24 Jul 1999 18:20:56 -0600
In article <Zanm3.137$[EMAIL PROTECTED]>, "karl malbrain"
<[EMAIL PROTECTED]> wrote:
>
> No, computers haven't introduced any new counting methods -- one uses the
> <<successor>> function to count on computers like everywhere else. What
> computers have introduced are new ADDRESSING methods.
I don't see that they introduced everything so new, as relative addressing
is common, even in block numbers, say a courthouse or square is really
zero, and the first block in any of four crude directions would be 100.
Address jumps are common too, to either allow for subdivision, or make the
addresses look more important than they are.
So, let's see where we are, numbers of computing, numbers for counting,
and numbers for addressing. Anything else?
>
> When you start to count events on your fingers, you first <<hold>> the
> number zero with your fingers. You have to decide to count BEFORE the first
> event, and you have a zero count until it does -- that's called the
> BEGINNING.
I don't know about you, but most only count on their fingers when someone
just married says they are expecting, then figure where the beginning WAS,
or rather when.
>
> For the declaration: integer array X[10], X addresses the first element of
> the array, and the subsequent index
> (de)reference ADDS to that ADDRESS to arrive at the specified element.
In an absolute sense, yes, but to the enabled programmer, that may not be
the case at all.
--
Real Newsreaders do not read/write in html.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte?
Date: Sat, 24 Jul 1999 18:38:46 -0600
In article <fRpm3.6820$Yl.4718@wards>, [EMAIL PROTECTED] wrote:
> On 1999-07-23 [EMAIL PROTECTED] said:
> :> Hence, in base 1, the number
> :> "11111" is equal to 5, "111 11" is also equal to 5, as is "111011"
>
> :Just as there are no ''8s'' in Base_8, nor ''4s'' in Base_4, there
> :can NOT be a ''1'' in a Base_1, if such a thing were even possible.
> :The ONLY 'number' available to you in Base_1 would therefore appear
> :to be ZERO. Naught. You couldn't count up to ANYTHING.
> :Your '11111' is meaningless, not ''equal to 5''.
>
> You'll have confused syntax and semantics, then...
syntax n.
1.a. The study of the rules whereby words or other elements of sentence
structure are combined to form grammatical sentences. b. A publication,
such as a book, that presents such rules. c. The pattern of formation of
sentences or phrases in a language. d. Such a pattern in a particular
sentence or discourse.
2. Computer Science. The rules governing construction of a machine language.
3. A systematic, orderly arrangement.
semantics n. (used with a sing. or pl. verb).
1. Linguistics. The study or science of meaning in language forms.
2. Logic. The study of relationships between signs and symbols and what
they represent. In this sense, also called semasiology.
What do you say, where there is a will there is a way, break or bend the
rules to get to the bottom line, but then you can't say you followed the
standard rules truthfully. But, we are in a time for having to make up
rules for things we did not have to worry about before. You might even
base a new religion or esoteric sect on base zero and base one, after
all, this tactic has worked for several groups who want to find an
alternate reality.
--
Real Newsreaders do not read/write in html.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: What is skipjack ???
Date: Sat, 24 Jul 1999 18:26:33 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
> spike wrote:
> > I mean... how does it compare to those algorithms with regard to
> > security ?
>
> How do you measure security?
>
> It is not publicly known just how breakable most cryptosystems are.
A better term might be *popularly known* as it is publically known that
lots of systems put up rather weak defenses to attack. Then, you must
consisder who is attacking the cryptosystem with what resources.
>
--
Real Newsreaders do not read/write in html.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.comp-aided,sci.cryonics
Subject: Sexy Stuff 78301
Reply-To: [EMAIL PROTECTED]
Date: Saturday, 24 Jul 1999 19:05:23 -0600
ADULTS ONLY!
http://207.240.225.250/
^,i",&:W
------------------------------
From: "Dale Clapperton" <[EMAIL PROTECTED]>
Subject: Blakely-Shamir info?
Date: Sun, 25 Jul 1999 12:12:00 +1000
Hi..
Can anyone point me to some info on Blakely-Shamir key splitting?
I've already searched the net but I cant find a hell of a lot on it..
Thanks!
Dale
==================================================
Dale Clapperton J.P. (Qual.)
Manager, Blackbird Systems
http://www.uq.net.au/blackbird/
Add "DaleClapperton.asc" to website address for PGP Public Key
"The greatest threats to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding."
Mr Justice Brandeis, Olmstead v. United States, 277 U.S. 438 (1928)
------------------------------
From: Michael Slass <[EMAIL PROTECTED]>
Subject: Does base64 encoding lessen security?
Date: Mon, 19 Jul 1999 14:34:41 -0700
Quick question about base64 encoding...
When one uses OpenSSL to generate an RSA key pair, the output is PEM
encoded, and then (optionally) encrypted with DES, or DES3, or what have
you, using some password for the encryption key. My question is about
whether the base64 encoding renders a brute-force attack easier as
follows:
The plaintext, P, is a PEM encoded RSA key.
Is has been encrypted with a password key K, to produce ciphertext C
C = E(K,P)
The attacker knows the public key that corresponds to P, and may use it
to encrypt chosen plaintexts at will. He does this to
chosen plaintext P' to produce ciphertext C'. Let us assume that he
gains access to the encrypted private key, C. Using a brute-force
attack, he must try all possible K's to decrypt C, and then see if the
resultant P can decrypt the ciphertext C' to produce the chosen
plaintext P'. If it does, then he know he has chosen the correct K to
decrypt P. This is not an easy task, especially since it involves the
computationally expensive trial decryption of C' with each potential
private key.
Here is where base64 encoding makes the attacker's job easier. Since P
is base64 encoded, the attacker may immediately discard any decryptions
of C that produce characters outside the base64 character set, without
ever attempting the RSA decryption. This reduces his work by a factor
of 2^3. Is this significant?
Mike Slass
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: decorrelating audio input
Date: Sun, 25 Jul 1999 03:37:38 GMT
I was wondering if the output of a LFSR can simulate the lsb of audio
input (thermal noise). I noticed in the audio output there are rungs
of the same lsb which is similar to the output of a LFSR. I am playing
with algorithms to extract some level of usefull randomness from the
bits. I am thinking of some form of a shrinking generator (self-
shrinker).
Any comments?
(BTW deja is acting up so if you respond could you forward an email to
me as well. I hope this post actually gets out.)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: decorrelating audio input
Date: Sun, 25 Jul 1999 03:38:36 GMT
I was wondering if the output of a LFSR can simulate the lsb of audio
input (thermal noise). I noticed in the audio output there are rungs
of the same lsb which is similar to the output of a LFSR. I am playing
with algorithms to extract some level of usefull randomness from the
bits. I am thinking of some form of a shrinking generator (self-
shrinker).
Any comments?
(BTW deja is acting up so if you respond could you forward an email to
me as well. I hope this post actually gets out.)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: NIST's ECC params
Date: Sun, 25 Jul 1999 04:48:18 GMT
In article <7nb6ll$lmu$[EMAIL PROTECTED]>,
"Roger Schlafly" <[EMAIL PROTECTED]> wrote:
> Greg wrote in message <7navr1$1vp$[EMAIL PROTECTED]>...
> >Here is a sample of NIST's Elliptical Curve Crypto parameters:
> >Is the "a" param the coefficient for the x^1 and the "b" param the
> >coefficent for the X^0 term?
>
> Yes, but in characteristic 2 there are x^2 and x^0 terms.
Ooops, sorry...
> >What is the difference between a K-xxx curve and a B-xxx curve?
>
> The K-xxx curves are Koblitz curves.
> >Why are there different "r"'s for the two different curves?
>
> Order of the curve. Each curve has a different order. 2 bases for the
> same curve have the same order.
>
> >And if G_ is the base point, then why is there a base point defined
for
> >the K-xxx curve and then again for each polynomial basis curve?
>
> The K curves have nothing to do with the B curves. When there is a
> choice of basis, the generator looks different with respect to each
> basis.
I still don't follow. So a K curve is a Koblitz curve. But what does
that make a B curve? And when you say, "generator", is that the same
as a base point, or is it something else entirely?
I have put together an elliptical curve crypto package that can use any
bit size I want. The parts I still have to work out bugs in are the
parts dealing with embedding data onto a curve. But given a base point
and a private key, I can form a public key, and I have created shared
secrets. I want to work with the largest curves that are listed by
NIST to see if my software has any problems with the larger curves
(that is, for those parts I know should be working).
So if "r" is the order of a curve, how do I find a prime polynomial for
the curve, or does it not matter much? Should I (and I assume I
should) be using "r" to find the prime poly?
BTW, I implemented only polynomial basis for F2n fields. I don't
understand any of the math for ONB and I did not want to try Fp ECs yet.
>
> >Democracy is the male majority legalizing rape.
> >UN Security Council = Democracy in Action - there is no appeal.
> >Welcome to the New World Order.
> >The US is not a democracy - US Constitution Article IV Section 4.
>
> (Goofy signature.
Thanks... :) Another way of saying it is Democracy is two wolves and a
lamb deciding lunch.
while I know that the UN seems to have no staying power, you have to
admit that when they want to bully a small state, there really is no
appeal for that state on the grounds of law.
While it seems virtuous and benevolent thus far (e.g.- Iraq), history
shows that this type of power always leads to tyranny. What my
signature is trying to point out is that a republic (that's America) is
law over man. Democracy is man over law.
In the latter case, the minority has no rights that are protected by
law because man is superior to law and can strip those rights away with
a majority vote.
This is simply my little public service to help remind people that they
live in a republic and should not desire a democracy...
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Steven Hudson" <[EMAIL PROTECTED]>
Subject: My Algorithm
Date: Sat, 24 Jul 1999 21:01:57 -0700
I don't know if anyone has thought of this before but here is how it works:
It takes the key and input char's(8 bits) and compares each bit in the input
byte to the corasponding one in the key. Using a PRNG, if the bits are the
same the output is a 1 or 0, depending on the PRNG. I then do the same
thing with the output byte of the first operation with the last output byte
of the previous input and key.
This example just has the similar become a 1 and non-similar become 0.
key 00110110
in 10010010
out 01011011
If you need more info or some c/c++ source email me. The program I wrote is
really slow though.
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Crossposted-To: talk.politics.crypto
Subject: --- sci.crypt charter: read before you post (weekly notice)
Date: 25 Jul 1999 05:00:35 GMT
sci.crypt Different methods of data en/decryption.
sci.crypt.research Cryptography, cryptanalysis, and related issues.
talk.politics.crypto The relation between cryptography and government.
The Cryptography FAQ is posted to sci.crypt and talk.politics.crypto
every three weeks. You should read it before posting to either group.
A common myth is that sci.crypt is USENET's catch-all crypto newsgroup.
It is not. It is reserved for discussion of the _science_ of cryptology,
including cryptography, cryptanalysis, and related topics such as
one-way hash functions.
Use talk.politics.crypto for the _politics_ of cryptography, including
Clipper, Digital Telephony, NSA, RSADSI, the distribution of RC4, and
export controls.
What if you want to post an article which is neither pure science nor
pure politics? Go for talk.politics.crypto. Political discussions are
naturally free-ranging, and can easily include scientific articles. But
sci.crypt is much more limited: it has no room for politics.
It's appropriate to post (or at least cross-post) Clipper discussions to
alt.privacy.clipper, which should become talk.politics.crypto.clipper at
some point.
There are now several PGP newsgroups. Try comp.security.pgp.resources if
you want to find PGP, c.s.pgp.tech if you want to set it up and use it,
and c.s.pgp.discuss for other PGP-related questions.
Questions about microfilm and smuggling and other non-cryptographic
``spy stuff'' don't belong in sci.crypt. Try alt.security.
Other relevant newsgroups: misc.legal.computing, comp.org.eff.talk,
comp.org.cpsr.talk, alt.politics.org.nsa, comp.patents, sci.math,
comp.compression, comp.security.misc.
Here's the sci.crypt.research charter: ``The discussion of cryptography,
cryptanalysis, and related issues, in a more civilised environment than
is currently provided by sci.crypt.'' If you want to submit something to
the moderators, try [EMAIL PROTECTED]
---Dan
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: ECCrypto cipher block protocol
Date: Sun, 25 Jul 1999 04:57:44 GMT
I just posted a web page explaining a protocol that I think might prove
useful for ECCrypto at www.ciphermax.com/qss/quad.htm
Please let me know what you think of this protocol.
--
Democracy is the male majority legalizing rape.
UN Security Council = Democracy in Action - there is no appeal.
Welcome to the New World Order.
The US is not a democracy - US Constitution Article IV Section 4.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: "investigation of non-repudiation"
Date: 25 Jul 1999 05:58:46 GMT
I've come across an interesting abstract for a paper on "Investigation of
non-repudiation protocols" by H. Yan in the 1996 Australian Conference on
Information Security and Privacy. I don't have access to a technical
library at the moment, so I was wondering if anyone here has read or seen
this paper. Pointers to an online version would be great.
In particular, I'd like to know how it compares to Riordan and Schneier's
"A Certified E-Mail Protocol with No Trusted Third Party" (found at
http://www.counterpane.com/certified-email.html). Their protocol uses a
public, timestamped, authentic message pool to provide proof of exchange
after the fact. The last part of the abstract makes me think that this
paper may propose a scheme along similar lines, but it's not enough
detail.
I'm interested in what kinds of protocols can be devised when given a
message pool.
Thanks much,
-David Molnar
Here's the paper abstract :
The paper surveys the state of non-repudiation protocols. A fair
non-repudiation protocol should provide an equal protection to the
sender and the recipient. A number of current non-repudiation
protocols expect the protection from or partly from a trusted third
party (TTP). In practice, the sender and the recipient that do not
trust each other, do not expect or are not able to find a TTP or a
strong TTP in some circumstances. A simultaneous secret exchange
protocol seems to be one of efficient solutions without a TTP to
prevent entities from denying the transferring (sending or receiving)
of certain messages. Secret exchange bit by bit, however, is neither
very efficient nor convenient to the sender and the recipient in some
cases. We introduce a model and a fair non-repudiation protocol
without a TTP. In the protocol, the transferring of the message is
split into three parts, a commitment C, a key K and an address for the
key. Therefore, without bit by bit exchange, the protocol is more
efficient than the existing non-repudiation protocols.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: another news article on Kryptos
Date: Sun, 25 Jul 1999 06:16:35 GMT
David Wagner wrote:
> It seems to me, then, that it would be more natural to characterize
> the observed number of coincidences as about DI(50) = (4 - 1.81)/1.32
> = 1.66 standard deviations above the mean, instead of IC(50) = 2.2.
> Let's call this new measure DI, short for Dave's Index.
In the crypto trade, that has traditionally been called the "sigmage"
of the IC.
> Note that, in comparison to DI, the IC exaggerates the deviation from
> random for small samples and underrepresents the deviation when you
> have a lot of data. (An IC of 2 should be very interesting if you have
> a lot of data, but with less data there's a greater chance that it just
> happened by chance. This is relevant because less data is available with
> the larger periods, i.e. the larger column-widths, so raw IC values for
> different periods aren't directly comparable.)
Actually, IC values *are* comparable, since they are indexed to 1
(in economics-speak).
If someone tells me that the delta IC of a literal ciphertext is
1.7, I immediately suspect it is a simple substitution or
transposition. If somebody told me only that the IC had a
sigmage of 3.0, but not the IC itself, I'd say it was significant
but significant of what, I wouldn't know.
> So it seems to me that the DI gives a more uniform and representative
> way of summarizing the number of coincidences than the classical IC.
> Why do people use the IC, and not the DI? Is this a stupid question?
No, it's a good question.
The sigmage shows how significant the deviation from random is, and
comes into evaluating how reliable an indication a "large" IC value
is, when one knows the variance of the reference model.
The various ICs are closely related to chi-square and to other
correlation measures. There are also information-theoretic
measures of the "distance" between distributions. For chi-square,
the number of d.f. enters into interpretation of the significance,
which fully corrects for sample size.
Usually, one uses ICs to compare hypotheses with similar sample
sizes, in which case the slight gain in power from comparing
sigmages does not offset the additional computation required.
In practice, both are usually computed when using a digital
computer, but only the IC is computed when using pencil-and-paper,
unless the question of significance seems important. Experienced
cryppies can usually sense how significant bulges are without
making any explicit computations.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
