Cryptography-Digest Digest #538, Volume #10 Wed, 10 Nov 99 13:13:02 EST
Contents:
Re: Is there a secure-messaging service? (fungus)
Re: Can the SETI@home client be protected? (fungus)
Re: multiple valid passphrases? (Tom St Denis)
Re: NOVA Program
Re: Proposal: Inexpensive Method of "True Random Data" Generation
Re: Proposal: Inexpensive Method of "True Random Data" Generation ("james d. hunter")
Re: Proposal: Inexpensive Method of "True Random Data" Generation (Richard Herring)
Re: Signals From Intelligent Space Aliens? Forget About It. ("Douglas A. Gwyn")
Re: What's gpg? <PHILOSOPHY 101> ("Douglas A. Gwyn")
Re: What sort of noise should encrypted stuff look like? ("Douglas A. Gwyn")
Re: Lenstra on key sizes (Bill McGonigle)
Re: The DVD Hack: What Next? (Bill McGonigle)
Re: What sort of noise should encrypted stuff look like? ("Tony T. Warnock")
Re: Compression: A ? for David Scott (Tom)
Re: Proposal: Inexpensive Method of "True Random Data" Generation ("Douglas A. Gwyn")
Re: Build your own one-on-one compressor (Tim Tyler)
----------------------------------------------------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: Is there a secure-messaging service?
Date: Wed, 10 Nov 1999 07:17:04 -0100
MDR wrote:
>
> I would like to know if there is a web-site out there like the
> following. (If there isn't, remember who gave you the idea when you go
> public.)
>
> This would be a secure messaging service that would allow me to register
> as a person that you could send mail to. You could securely send
> messages to me whether you were registered or not, although you would
> need to be registered for me to send a reply back to you.
>
> The messaging service would present a SSL-protected web-page to you,
> allow you to enter your message. It would then encrypt the message
> using the PGP public-key that I had previously provided when I
> registered. The encrypted message would be stored on their server until
> I came to pick it up. Or, it could be e-mailed to me in its encrypted
> form. Or both.
>
Try this: http://www.hushmail.com/
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: Can the SETI@home client be protected?
Date: Wed, 10 Nov 1999 07:22:24 -0100
Guy Macon wrote:
>
> In article <809rli$ogv$[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] (David Wagner) wrote:
> >
> >Also, you can stop publishing stats for clients with a less-than-stellar
> >reputation! This should nearly eliminate the incentive to cheat: if you
> >won't get your name high up in the stats list, why bother cheating?
>
> That is a GREAT idea!
Nope.
If you do this then the hackers will just send bad packets in other
people's names to bump the other people *down* the list (therefore
moving themselves up).
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: multiple valid passphrases?
Date: Wed, 10 Nov 1999 12:57:32 GMT
In article <[EMAIL PROTECTED]>,
"Craig Inglis" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> if I wanted to encrypt some plaintext using a
> symmetric encryption algorithm (blowfish or whatever),
> but I would like to be able to decrypt using one
> pass phrase from a list of valid pass phrases, it
> would seem like I could encrypt the plaintext as follows...
Why not just make up a master key, then use each password to encrypt
copies of the master key. So the file may have 5 keys in the header so
five different passwords will work. Seems simple enough to me.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: NOVA Program
Date: 10 Nov 99 13:07:18 GMT
Sundial Services ([EMAIL PROTECTED]) wrote:
: Certainly a nicely produced program, lavishly produced in fact. It was
: quite a nice touch how they had actors precisely re-creating the motions
: leading up to the historical photographs. (The fact that so many of the
: scenes were intentionally blurred and sepia-toned got a bit tedious
: after a while.)
: It is interesting to see how the later stories of the Bletchley Park
: saga are bringing out more and more of the human side, both British and
: German, of what it was like to be there. The story of the blood-stained
: intercept was absolutely stunning in its bluntness.
: It was exceptionally interesting to see the interview with the radioman
: of the U-150. They seemed to want to be sure you understood, and HE
: certainly wanted you to understand, that he did not abandon his duty
: when ordered by his captain to "abandon the papers and get out." As
: usual, the story of German codebreaking (B-Dienst) still remains untold.
: All in all, it's a very nice addition to the library of videography on
: the subject. The people involved in producing it (and the web-site as
: well) should be justifiably proud of their work.
I'll admit, though, it wasn't what I expected in one way: although it was
a Nova program, it seemed to be all history and no science. But I did
learn something new from it; I had seen "Herivel tips" mentioned, but not
defined, in works on the Enigma.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: 10 Nov 99 13:16:04 GMT
james d. hunter ([EMAIL PROTECTED]) wrote:
: john baez wrote:
: > In article <[EMAIL PROTECTED]>,
: > james d. hunter <[EMAIL PROTECTED]> wrote:
: > > so there's no reason to assume that pi isn't just simply
: > > a well-known purely random number.
: > Not even wrong.
: I assume that since you are a "scientist", particularly
: one of the QM variety, you are clueless concerning
: what is random, what is not random, what's up and what's down.
: So you are excused for being a idiot.
He is obviously a _mathematician_, not a physicist. Now, pi may be a
well-known number whose digits are like those of a random number in a
_statistical_ sense, but there is much more to randomness than that.
John Savard
------------------------------
From: "james d. hunter" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Wed, 10 Nov 1999 09:17:41 -0500
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
>
> james d. hunter ([EMAIL PROTECTED]) wrote:
> : john baez wrote:
> : > In article <[EMAIL PROTECTED]>,
> : > james d. hunter <[EMAIL PROTECTED]> wrote:
>
> : > > so there's no reason to assume that pi isn't just simply
> : > > a well-known purely random number.
>
> : > Not even wrong.
>
> : I assume that since you are a "scientist", particularly
> : one of the QM variety, you are clueless concerning
> : what is random, what is not random, what's up and what's down.
> : So you are excused for being a idiot.
>
> He is obviously a _mathematician_, not a physicist. Now, pi may be a
> well-known number whose digits are like those of a random number in a
> _statistical_ sense, but there is much more to randomness than that.
What is the difference between a random number and a number
that is random in the _statistical_ sense? I assume that
you are thinking of a random theory of numbers, such
as set theory or category theory.
------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Crossposted-To: sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: 10 Nov 1999 15:06:27 GMT
Reply-To: [EMAIL PROTECTED]
In article <80bj32$pnb$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> [reduce to one newsgroup..I keep losing my place]
[... thereby losing the cryptographers who actually understand
this stuff :-(. sci.crypt restored.]
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Scott Nelson) wrote:
> >On Tue, 09 Nov 99 11:43:56 GMT, [EMAIL PROTECTED] wrote:
> >
> >>In article <MeDV3.9037$[EMAIL PROTECTED]>,
> >> gtf[@]cirp.org (Geoffrey T. Falk) wrote:
> >>>
> >>>FTR: Borwein and Borwein discovered a remarkable algorithm for
> >>>generating the nth digit of pi without generating all of the
> >>>preceding digits.
> >>
> >>Right, but you still can't get a random number since the
> >>n has to be picked randomly. I've never heard of a
> >>random number generator that's really random. JMF told
> >>me I could be a billionaire if I figured out how. I was
> >>really surprised that noone's figured one out yet.
> >>So, is it still true?
> >If you define random as "that which can not be figured out"
> >then it's a given.
> Nope. That obviously wasn't what we were interested in.
Oh, but it is, in a sense. The cryptographers say a sequence of
characters from an N-letter alphabet is (in their sense) "random"
if, given any amount of it, you have a no better than 1 in N chance
of guessing the *next* letter.
> >
> >If you define random as "that which no one else can know"
> >Then there's some chance.
> Nope. That's not particularly useful either :-). At least
> two need to know for practical purposes.
And a third party must not be able to deduce or predict it.
> >
> >If you use a more conventional definition, like
> >"unable to be compressed" then you might be
> >able to find one, but you could never prove it.
> I wasn't interested in this one. Why would "unable
> to be compressed" be useful?
Compression relies on finding repetitions or redundancies in the
underlying sequence. If a "random" sequence contains such patterns,
it is by definition not truly random and it may be possible to
analyse the patterns and predict what comes next, with a better
than 1 in N probability of success.
> >Most people define random in "un" terms.
> >UNstructured, UNbiased, UNpredictable, UNrepeatable,
> >UNguessable. (But usually not UNderstandable.)
> >So usually, you're in the "can find one,
> >but can't prove it" category.
> We were primarily interested in unrepeatable, I believe.
I'd have said unpredictable or unguessable.
> I'm not familiar with the biased w.r.t. random number
> generators. What is it?
If some characters turn up with a better than 1-in-N probability,
you have a slightly better than 1 in N chance of predicting the
next. That may not sound a lot, but it's surprising what
cryptanalysts can do with it.
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Signals From Intelligent Space Aliens? Forget About It.
Date: Wed, 10 Nov 1999 14:43:41 GMT
Okay, here is the answer to the "how far" question:
At 0.9 g (reversing thrust at the midpoint), in 43 years
one travels 2*10^9 ly.
The nearest star is 4 ly away; the "local group" of galaxies
extends to about 5*10^6 ly away. Clearly, these are within
reach if we can figure out how to maintain a decent level of
acceleration for a long period of time.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: What's gpg? <PHILOSOPHY 101>
Date: Wed, 10 Nov 1999 14:53:02 GMT
John Savard wrote:
> >Jerry Coffin <[EMAIL PROTECTED]> wrote ...
> >> .... It
> >> just happens that DES (for example) has been studied by a lot of
> >> really smart people for an awful long time, and nobody's found an easy
> >> attack on it, so it's generally assumed that none is likely to exist.
> This is sound, to an extent; it's simply Bayesian statistics.
No, it's not sound at all! This is not a "statistical" issue;
cracking attempts aren't randomly drawn from some population.
There are many historical counterexamples; practically every new
crytposystem has been believed uncrackable after many "experts"
tried and failed to crack it, but in the end they (nearly) all
turned out to be crackable.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: What sort of noise should encrypted stuff look like?
Date: Wed, 10 Nov 1999 14:59:55 GMT
Tom St Denis wrote:
> ... why do they call it white noise?].
White light consists of all colors of the visible spectrum with
approximately equal intensity. So when any spectrum consists of
all frequencies with approximately equal intensity, it is called
"white". The "noise" aspect should be obvious; if not, try
feeding it to an audio player and hear what it sounds like.
------------------------------
From: [EMAIL PROTECTED] (Bill McGonigle)
Subject: Re: Lenstra on key sizes
Date: Wed, 10 Nov 1999 10:31:11 -0500
In article
<[EMAIL PROTECTED]>,
Justin <[EMAIL PROTECTED]> wrote:
> What's the point of the AES process? Say one gets picked. Five years
> from now a discovery is made that makes attacks on any key size practical
> for any moderately funded organization. Now you have a large number of
> companies and governments with lots of encrypted data, all of which can be
> simply decrypted because everyone is using the vulnerable algorithm.
>
> Why not have a pool of algorithms and revise it every year?
That sort of defeats the purpose of a standard. i.e. if it's changing
every year. There are lots of crypto algorithms to choose from, but AES
is an easy choice for people that don't know how to make their own choices
(and not everyone needs to be a cryptographer).
Also, the AES process has been more than a year already. You don't want
to rush these things.
Still, it might make sense to have a "backup-AES" contest running every
few years, comparing the current standard, and evolving a new one. So
when/if AES gets broken there the world isn't screwed for two years or
so.
Also, eventually AES may be obsolete, so why wait until it is to have
another contest? If I were running a continual contest, I'd probably have
two categories: one based on the current technology (e.g. difficulty of
factoring) and another based on a different technology (e.g. elliptical
curves) in case the theory is succesfully attacked instead of the
algorithm.
Like someone else said, the odds are very low, but if there are any it's
worth thinking about. Cryptographers get paid to be paranoid.
-Bill
=====
[EMAIL PROTECTED] / FAX: (419) 710-9745
Dartmouth-Hitchcock Medical Center Clinical Computing
------------------------------
From: [EMAIL PROTECTED] (Bill McGonigle)
Subject: Re: The DVD Hack: What Next?
Date: Wed, 10 Nov 1999 10:43:30 -0500
In article <80b8tv$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Guy
Macon) wrote:
> Every so often someone goes around
> asking people to pick a "random" digit which are then combined in order
> to make a key.
ory serves, you're probably using lots of 3's & 7's.
That's pretty funny. Someone's done the studies, but, if mem
-Bill
=====
[EMAIL PROTECTED] / FAX: (419) 710-9745
Dartmouth-Hitchcock Medical Center Clinical Computing
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: What sort of noise should encrypted stuff look like?
Date: Wed, 10 Nov 1999 08:59:10 -0700
Reply-To: [EMAIL PROTECTED]
Doesn't white noise suffer from the ultraviolet catastrophe?
------------------------------
From: [EMAIL PROTECTED] (Tom)
Subject: Re: Compression: A ? for David Scott
Date: Tue, 09 Nov 1999 20:19:19 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 9 Nov 1999 23:19:02 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
>Tom <[EMAIL PROTECTED]> wrote:
>
>From: Tim Tyler <[EMAIL PROTECTED]>
>Subject: Re: Compression: A ? for David Scott
>Newsgroups: sci.crypt
>References: <[EMAIL PROTECTED]>
><[EMAIL PROTECTED]> <7vc81f$128$[EMAIL PROTECTED]>
><7vcg8v$n94$[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
><7veo86$24g8$[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
><[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
><[EMAIL PROTECTED]> <7vqnq6$sjk$[EMAIL PROTECTED]>
><[EMAIL PROTECTED]>
>Organization:
>Reply-To: [EMAIL PROTECTED]
>
>Tom <[EMAIL PROTECTED]> wrote:
>: (SCOTT19U.ZIP_GUY) wrote:
>:>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
>:>>What I'm begnning to wonder is if the information that's said to be
>:>>added information in non o-o-o can really be considered to be a
>:>>byproduct of the standard compression algorithm not fully compressing,
>:>>similar to that of low ratio o-o-o leaving patterning behind. DS has
>:>>claimed that the two types of information present different types of
>:>>weaknesses, but this leads me to question if it's true if the type of
>:>>plaintext file (and thus it's patterning) is known.
>:>
>:> I think your actaully Tommy St Dennis since you don't seem to understand
>:>what is goin on. And seem not to actaully read the posts.
>:
>: It's not a question of understanding, it's a question of believing any
>: of it.
>
>Hopefully, reason - rather than faith - will prove sufficient.
I'd hope so, but that doesn't seem to be the case.
>
>:> Again if you don't use o-o-o compression you open your self up
>:>to cipher only attacks. Do you understand this point before we go
>:>into other areas to explore.
>:
>: The only cipher only attack that has been presented is a reduction in
>: the set of possible output files from standard compression, which is a
>: factor of the compression being non-perfect, not of it being non
>: o-o-o, and of irreversibility, and this also isn't a function of it's
>: being non o-o-o.
>
>"irreversible" and "non-o-o-o" are pretty much synonyms...?
>
The o-o-o example is given as E(D(x)) = x, and D(E(y)) = y for any y
or x, which is symmetrical. By reversible, I mean y=D(x) for any x,
meaning that any x decompresses to something. (That a=E(x) for any x
is taken as a given for any compression function.) A function pair
doesn't have to be symmetrical to be reversible. You could design a
form of run length encoding that was completely reversible, as an
example, but it certainly wouldn't be symmetrical.
>: Both give less information than a full known
>: plaintext attack, which would be possible with the headers of many
>: file formats.
>
>The o-o-o property is indeed irrelevant if you tack on a known-plaintext header.
>I'd hope the case under discussion is where such a obvious problem has been avoided.
>
The example scott presented was of a brute force attack - in fact
that's the only example I've seen. In this case, known header or not,
the compression drops out of the picture as insignificant. Because
the compression is deterministic, you only need to be able to
recognize the plaintext as such. Compression doesn't change that!
>: They may also give less information than the patterning
>: still present from less than optimal compression, o-o-o or not.
>
>Maybe less, maybe more - but quite possibly adding the same type of information
>to differing plaintexts, and even to differing *types* of plaintext ;-(
>
In the case of either standard compression, or symmetric compression,
you're encoding or permuting the data. Patterning in the compressed
file could lead to an attack, but so would patterning in
non-compressed files, or in files less well compressed from a size
perspective.
>: Again, this o-o-o concept is not generally accepted, nor has it been
>: proven to be true.
>
>What exactly is your problem with it? It demonstrably prevents scertain types
>of security leak.
>
Only argument has been against brute force, and that doesn't hold up.
I have no "problem" with it, except that it's being presented as fact
when it doesn't appear to be at all.
>: If you were to claim that a compressor where y=Decompress(x), where x
>: can be any file, I'd agree it could be of some advantage. That's true
>: for o-o-o, but o-o-o isn't required.
>
>The property you mention is inadequate (or at least sub-optimal) from a
>security POV.
>
Why not? Compression, at best, offers a reduction in the amount of
useful information available to someone attempting to break a cipher -
patterning throughout the file. At worst, it allows for a known
plaintext attack, which just means the compression isn't helping any.
Typical non compressed files allow for a known plaintext attack
anyway, as they use standard formats.
>o-o-o compression offers better protection than this.
Why?
------------------------------
Crossposted-To: sci.math,sci.misc,sci.physics
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Wed, 10 Nov 1999 15:25:25 GMT
No wonder you guys are confused about whether pi meets some
criterion of "randomness"; you have parsed "random number generator"
as "(random number) generator" instead of "random (number generator)".
A *process* can be random, but any specified number is not random.
------------------------------
Crossposted-To: comp.compression
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Build your own one-on-one compressor
Reply-To: [EMAIL PROTECTED]
Date: Wed, 10 Nov 1999 16:06:39 GMT
In sci.crypt Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
: As I said previously, for such numerical coding the compression is
: already so good that one need not (at least in the first
: experimental phase) consider the aspect of word freqeucies.
I doubt this. I expect non-dictionary words will typically bulk up the messages
by a larger factor than they are compressed by, for (say) email messages.
It may be possible to develop a scheme that (roughly) breaks even on the
compression stakes - but I doubt good compression ratios will ever be obtained -
except on obscure or contrived types of text.
Also, any 16-bit granularity in the output file will immediately render "8-bit"
one-on-one property invalid: if you have a file which is an odd number of bytes
long, you can rule it out immediately as a candidate compressed file ;-/
In fact, this will /probably/ have few implications for security, given various
assumptions - e.g. that the length of the compressed file is already clear.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Put the Pill on the Bill.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
