Cryptography-Digest Digest #487, Volume #10 Mon, 1 Nov 99 15:13:04 EST
Contents:
Re: Build your own one-on-one compressor (SCOTT19U.ZIP_GUY)
Re: Proposal: Inexpensive Method of "True Random Data" Generation ("james d. hunter")
Re: Scientific Progress and the NSA (was: Bruce Schneier's Crypto Comments...)
(SCOTT19U.ZIP_GUY)
Re: Proposal: Inexpensive Method of "True Random Data" Generation (Bill McGonigle)
Re: Boring Web Site and Kerberos News (John Savard)
Re: Proposal: Inexpensive Method of "True Random Data" Generation (Paul Koning)
Re: Kerberos Question (David P Jablon)
Re: Symetric cipher ("Joseph Ashwood")
Re: Build your own one-on-one compressor (Mok-Kong Shen)
Re: the ACM full of Dolts? (Mok-Kong Shen)
Re: Build your own one-on-one compressor (Mok-Kong Shen)
Re: Build your own one-on-one compressor (Mok-Kong Shen)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.compression
Subject: Re: Build your own one-on-one compressor
Date: Mon, 01 Nov 1999 17:25:41 GMT
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <[EMAIL PROTECTED]>
wrote:
>SCOTT19U.ZIP_GUY worte:
>>
>
>> >Addendum: Corrected example:
>> >
>> > Side1 Side 2
>> > ABCD HGF
>> > HS Z
>> > FTGF MM
>> > XYZ PQ
>> How many times are you going to so this this list does not much
>> his result in at least to seperate places?
>> >
>> >Now XYZABCDABCD --> PQHGFHGF. A modification of the string on
>> >side2 to PQHSFTGF gives PQHSFTGF --> XYZHSFTGF -->PQZMM.
>> Besides using invalid dictionary you still are substituing wrong
>> PQHSFTGF -> XYZZMM but your dictionary still worng. I am surprised
>> you don't see how to follow his rules. This in itself is very interresting.
>
>Mmh. Did you write correctly above with your 'worng'?? Now, what
>is wrong with my dictionary?
It is hard to say I meant "wrong" for "wrong" and I read it as "wrong"
but I could have made a mistake and wrote "wrong" as "worng". I sometimes
make those kind of mistakes. The mistakes are far worse when I write instead
of type. I think my brain is faster than my hand. And then I read what I
wanted to write insteand of what is there.
But you seemed sharp enough to know what I meant anyway. Or maybe
someone intercepts my posts and changes the spellings on purpose.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: "james d. hunter" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Mon, 01 Nov 1999 11:26:38 -0500
Reply-To: [EMAIL PROTECTED]
Tony T. Warnock wrote:
>
> Uncle Al wrote:
>
> > The digits of pi are purely random (except for being pi). We've got
> > pi to about 50 billion decimal places. Nobody would suspect using the
> > digits of pi becaise it is not a random number. No problem. Use pi.
>
> I would like some reference to this. As far as I know, no one has proved
> that the digits of pi are purely random, quasi random, non random,
> uniformly distributed, etc.
That's because nobody has proved than anything is random.
"Random" is usually defined in terms of things like pi,
so there's no reason to assume that pi isn't just simply
a well-known purely random number.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Scientific Progress and the NSA (was: Bruce Schneier's Crypto
Comments...)
Date: Mon, 01 Nov 1999 17:38:10 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Doug Stell)
wrote:
>We can't reliably tell, as it is not in their interest to let their
>capability or lack thereof be known. However, those of us who work
>with the NSA have plenty of hints that Bruce is quite right in his
>estimation.
More Bull Shit. If you think they are telling you the truth
you are full of it. I think I can honestly say the higher the secrets
the more the lies. Lieing is very common and excepted in the governments
way of doing business. IF you think they would tell you the truth then
you are not very bright. I worked for the govenment 26 years. THe one
trend I noticed as time went on is that more and more lieing is the
standard way of the US government doing business.
<rest snipped it just gragging about how the NSA shares above Top Secret
information to this guy and how the NSA needs help in creating crypto>
>
>By the way, don't expect anybody to tell you what areas they are ahead
>in.
Gee I thought that is what you just claimed to do with all the inside NSA
information your wonderful NSA friends have told you.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (Bill McGonigle)
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Mon, 01 Nov 1999 11:06:09 -0500
In article <7vjcsb$euq$[EMAIL PROTECTED]>, David Bernier
<[EMAIL PROTECTED]> wrote:
> Suppose we tune a TV set to a channel with no local broadcasting on
> it. Let's say also that we have removed the antenna. Next, we put
> the TV (on) inside a Faraday cage (to block as much electro-magnetic
> radiation from the outside as possible). This could be some fine
> mesh wire (maybe of the type used in construction to let air in/out and
> keep mosquitoes and other pests out?). We would expect to see "snow"
> on the TV screen unless the TV set is "too smart"
I thought TV snow was cosmic background radiation. In a perfect faraday
cage, I think all you'd get is black.
Cosmologists/NTSC gurus, please correct me.
-Bill
=====
[EMAIL PROTECTED] / FAX: (419) 710-9745
Dartmouth-Hitchcock Medical Center Clinical Computing
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Boring Web Site and Kerberos News
Date: Mon, 01 Nov 1999 16:57:40 GMT
[EMAIL PROTECTED] () wrote, in part:
>Yes, I *finally* broke down and dashed off a page that actually *says*
>something about Kerberos for my web site.
And some early errors have been corrected.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Mon, 01 Nov 1999 13:01:52 -0500
Simon DeDeo wrote:
>
> Again, I'm worried that this might be a little off topic -- I'm not a
> cryptographer, but soon I'm going to need some random numbers for a Monte
> Carlo simultation in astrophysics. From my understanding of cryptography,
> an "ideal" cipher will produce a "random" stream of output bits. Can I
> harness that cipher to produce a string of "random" bits? From skimming
> sci.crypt for awhile, I know these questions tend to raise enormous levels
> of useless debate (I guess similar to "why can't we travel faster than
> light" in sci.physics), so let me phrase the question carefully:
>
> 1. Can I harness a cryptographic algorithm to produce a stream of
> *pseudo-random* numbers?
Yes, absolutely. It won't be as fast as a conventional
PRNG, but it should have excellent properties
> 2. How random is pseudo-random? What "patterns" should I be careful of
> appearing in my data?
If the cipher is any good at all (DES is ample) then there will be
NO patterns that you can observe. (The sort of patterns cryptographers
have to look for are generally much more subtle than what you would
worry
about for Monte Carlo simulation.)
> What's very useful for me is the portability of coding one's own random
> number generator, and thus not having to worry about differences between
> machines (I code on a Mac, but the target system is SunOS.)
Portability shouldn't be a big issue. If you want to be really safe
and don't have a big performance issue, DES or some other decent
cipher would be fine. But by the same token, a competently constructed
PRNG along the lines discussed in Knuth volume 2 should do the job, and
with only a few instructions per call.
paul
------------------------------
From: [EMAIL PROTECTED] (David P Jablon)
Subject: Re: Kerberos Question
Date: Mon, 1 Nov 1999 18:14:12 GMT
Preventing eavesdropper dictionary attack is just one of the benefits of
EKE and SPEKE. To fairly compare these methods to a scheme which
relies only on a persistent server public key, one should also consider
their other benefits. SPEKE/EKE work for roaming users, where no specific
server is preconfigured, and they use the password for mutual authentication,
to create a stronger binding between the password and the encrypted session.
In article <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>Well, after describing Kerberos on my web site, I see that the "obvious"
>way to use public-key cryptography to attack Kerberos' one notable flaw -
>that vulnerability to password dictionary attacks remains - is not the use
>of an elaborate protocol like EKE or SPEKE, but something rather simpler:
>
>let the first message from the user to the Kerberos server include,
>encrypted with the Kerberos' server's public key, a random (64-bit in the
>case of DES) block of bits and a timestamp, and then in subsequent
>messages, use the random block XOR the user's permanent secret key
>wherever the user's permanent secret key, derived from the user's
>password, would have been used.
It is not clear that this protocol is any "simpler" than SPEKE.
The model for establishing trust becomes more
complicated with the introduction of a persistent
server public key and a timestamp. What is clear to me is that
this protocol is not a zero-knowledge password protocol,
in that it relies on other factors to keep the password safe
from network attack.
>That is sufficient to prevent dictionary attacks, it requires only one set
>of primes to be generated at the beginning, and it requires only one
>commmunication using public-key methods.
To correct any misuderstandings, SPEKE uses only a single prime, which
is not secret and not bound to any particular server, and it
provides other benefits as described above and at www.IntegritySciences.com.
>My question is:
>
>who first suggested this scheme, or one equivalent to it (using the random
>block to DES-encrypt the user key or the user key to DES-encrypt the
>random block, instead of the XOR, I would consider to be essentially the
>same suggestion) as a modification to Kerberos?
It may have been Bellovin & Merritt. The idea to use the password
to encrypt random data is central to their claims for EKE.
======================================================
David P. Jablon
Integrity Sciences, Inc.
[EMAIL PROTECTED]
<http://www.IntegritySciences.com>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Symetric cipher
Date: Mon, 1 Nov 1999 10:01:16 -0800
Yes, but at the same time, there're written restrictions on my newsgroup
reading/viewing while at work, and restrictions regarding which computers
I'm supposed to access (including the one storing all the passwords in
"encrypted" form). Guess what, I'm at work right now, reading newsgroups
that they have decided not to carry, and every few days I hand my boss his
password again simply to establish that the security is weak. I'm still here
because I'm effective, and ethical about it. They accept that the newsgroups
I read (eg sci.crypt) have a positive influence on my work, by updating me
on information that is extremely useful to my work. They also recognise that
my password hunting is ethical in that the goal is to establish where
exactly the holes are in the security, and that I do not use the knowledge
for any other purpose.
I'm sure there exist situations in every government in the world where the
minor violations of the word of the standard, but not the heart of the
standard are accepted (eg I don't "read" alt.sex or alt.binaries.*, and I
don't misuse my knowledge of passwords).
Joe
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
[snip]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: Build your own one-on-one compressor
Date: Mon, 01 Nov 1999 19:17:04 +0100
Tim Tyler schrieb:
>
> In sci.crypt Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> : Tim Tyler wrote:
> :> In sci.crypt Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> :> :>TT> ``* No string in the tables should contain another such string as a
> :> :> >> substring;
> :> :> >>
> :> :> >> * No leading symbols in any string should exactly match the trailing
> :> :> >> symbols in a different string.''
> :>
> :> : But the impossibility of constructing a dictionary of the art of
> :> : Tim Tyler in practice remains. Consider the following simple sentence:
> :>
> :> : In this afternoon there is going to be a discussion on his
> :> : issue.
> :>
> :> : Could you show a minimal dictionary that satisfies his two criteria?
> :>
> :> In what follows, note that spaces have been replaced by "_" characters
> :> for clarity.
> :>
> :> The dictionary:
> :>
> :> "there_" <--> "%"
> :> "going_" <--> "|" "to_" <--> "*"
> :> "be_" <--> "#" "his_" <--> "\"
> :> "noon_" <--> "A]" "ion_" <--> "A["
> :>
> :> ...compresses:
> :>
> :> ``In this afternoon there is going to be a discussion on his issue.''
> :>
> :> ...to:
> :>
> :> ``In t\afterA]%is |*#a discussA[on \issue.''
>
> : Would you be satisfied with a dictionary which has only one single
> : line specifying 'a' to be translated to '%'?
>
> Such a dictionary would not be very useful for compression.
>
> Who is proposing such a thing?
Look above of what you have done. How many percent of the input
is not translated? I was simply using a more conspicuous example
to illustrate my point.
>
> : In a previous follow-up I mentioned that the dictionary is to be complete
> : in the sense that it can translate everything on the source side
> : (my side1). If a dictionary can't do that, it's useless.
>
> All my dictionaries translate information from your "side1" by definition.
>
> It is not clear what you're talking about here.
What is your idea of a dictionary and translation? Look at what
you'll do if you are going to translate English to, say, Russian.
You must be able to translate ALL that is on the source side
to the target side. Otherwise you don't have a real translation.
The use of verbatim transmission on translating from side2 to side1
for stuffs not found on side2 of the dictionary in OUR context is
only acceptable because we have allowed arbitrary modifications on
side2 (a tradeoff for that 'liberty').
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: the ACM full of Dolts?
Date: Mon, 01 Nov 1999 19:17:09 +0100
SCOTT19U.ZIP_GUY wrote:
>
> In article <[EMAIL PROTECTED]>, Mok-Kong Shen
><[EMAIL PROTECTED]> wrote:
>
> >Simply put: The one-to-one property isn't that essential, there
> >are ways to accomplish good encryption purposes without needing
> >that.
>
> Simply put. If ine is GOING TO USE COMPRESSION BEFORE
> ENCRYPTION. Then it is best to use compression that does not
> add data to the file that would aid an attacker into breaking the
> system. ONE-ONE COMPRESSION does not add information
> when compressing the file.
Using an adaptive Huffman with an initial frequency distribution
does NOT add data to the file. The distribution is completely
hidden from the analyst.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: Build your own one-on-one compressor
Date: Mon, 01 Nov 1999 19:16:52 +0100
Tim Tyler wrote:
>
> In sci.crypt Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> : SCOTT19U.ZIP_GUY worte:
>
> :> >Addendum: Corrected example:
> :> >
> :> > Side1 Side 2
> :> > ABCD HGF
> :> > HS Z
> :> > FTGF MM
> :> > XYZ PQ
>
> :> How many times are you going to so this this list does not much
> :> his result in at least to seperate places?
>
> ...
>
> :> >Now XYZABCDABCD --> PQHGFHGF. A modification of the string on
> :> >side2 to PQHSFTGF gives PQHSFTGF --> XYZHSFTGF -->PQZMM.
>
> :> Besides using invalid dictionary you still are substituing wrong
> :> PQHSFTGF -> XYZZMM but your dictionary still worng. I am surprised
> :> you don't see how to follow his rules. This in itself is very interresting.
>
> : Mmh. Did you write correctly above with your 'worng'?? Now, what
> : is wrong with my dictionary?
>
> You proposed:
> ABCD HGF
> HS Z
> FTGF MM
> XYZ PQ
>
> Note that "XYZ" ends with "Z", which is a dictionary entry "Z".
>
> This violates the "no-substring" condition.
>
> Also note that "FTGF" starts with "F" while "HGF" ends with "F".
>
> This violates the condition that no leading characters in one string
> should exactly match the trailing characters in another string.
Oh! I thought your conditions are to be applied seperately to each
side and not to the two sides put together. Then use simply totally
disjoint characters on each side and with appropriate modification
of the string on side2 and you are guaranteed to have the same type
of problem:
Side1 Side2
ABCD PQR
EF S
GHIJ T
XYZ UV
Now XYZABCDABCD --> UVPQRPQR. A modification gives:
UVEFGHIJ --> XYZEFGHIJ --> UVST
(In another post you used symbols such as \ [ on side2. I thought
the purpose was only for rendering the distinction between the
two sides more conspicuous. Now I know what the underlying intention
of yours was.)
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: Build your own one-on-one compressor
Date: Mon, 01 Nov 1999 19:16:59 +0100
SCOTT19U.ZIP_GUY wrote:
>
> In article <[EMAIL PROTECTED]>, Mok-Kong Shen
><[EMAIL PROTECTED]> wrote:
> >SCOTT19U.ZIP_GUY worte:
> >>
> >
> >> >Addendum: Corrected example:
> >> >
> >> > Side1 Side 2
> >> > ABCD HGF
> >> > HS Z
> >> > FTGF MM
> >> > XYZ PQ
> >> How many times are you going to so this this list does not much
> >> his result in at least to seperate places?
> >> >
> >> >Now XYZABCDABCD --> PQHGFHGF. A modification of the string on
> >> >side2 to PQHSFTGF gives PQHSFTGF --> XYZHSFTGF -->PQZMM.
> >> Besides using invalid dictionary you still are substituing wrong
> >> PQHSFTGF -> XYZZMM but your dictionary still worng. I am surprised
> >> you don't see how to follow his rules. This in itself is very interresting.
> >
> >Mmh. Did you write correctly above with your 'worng'?? Now, what
> >is wrong with my dictionary?
> It is hard to say I meant "wrong" for "wrong" and I read it as "wrong"
> but I could have made a mistake and wrote "wrong" as "worng". I sometimes
> make those kind of mistakes. The mistakes are far worse when I write instead
> of type. I think my brain is faster than my hand. And then I read what I
> wanted to write insteand of what is there.
> But you seemed sharp enough to know what I meant anyway. Or maybe
> someone intercepts my posts and changes the spellings on purpose.
My reply to you is in the same sense as your reply to me above and
hence is not explicitly written out.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
