Cryptography-Digest Digest #597, Volume #10 Sat, 20 Nov 99 12:13:03 EST
Contents:
Re: A Random Key Cipher Machine (Mark Adkins)
Re: AES cyphers leak information like sieves (SCOTT19U.ZIP_GUY)
Re: What part of 'You need the key to know' don't you people get? (Tim Tyler)
Re: What part of 'You need the key to know' don't you people get? (Tim Tyler)
Re: What part of 'You need the key to know' don't you people get? (Tim Tyler)
Re: Do flight data recorders use encryption? (SCOTT19U.ZIP_GUY)
Re: AES cyphers leak information like sieves (Tim Tyler)
Re: AES cyphers leak information like sieves (Tim Tyler)
Re: A Random Key Cipher Machine (Mark Adkins)
Race Winning Statistics on Battle Net?? ("P.C. Teo")
Re: AES cyphers leak information like sieves (Tim Tyler)
Re: Simpson's Paradox and Quantum Entanglement (John Forkosh)
Re: AES cyphers leak information like sieves (Tim Tyler)
----------------------------------------------------------------------------
Date: Sat, 20 Nov 1999 06:59:54 -0500 (EST)
From: Mark Adkins <[EMAIL PROTECTED]>
Subject: Re: A Random Key Cipher Machine
In a previous post I wrote in part:
>Addendum: In my original post it was implied that the
>division of one sinusoidal cycle into 26 sectors should be
>performed in such a way that the amplitude remains within
>each sector for an *equal time*. Perhaps I should have
>been explicit, since some simple geographic divisions do
>not accomplish this. ^^^^^^^^^^
Er, I meant geometric. :)
--
Posted for my own amusement, since you are all figments.
Mark Adkins ([EMAIL PROTECTED])
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: AES cyphers leak information like sieves
Date: Sat, 20 Nov 1999 13:52:03 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(John Savard) wrote:
>On Sat, 20 Nov 1999 00:20:07 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
>
>>I certainly never said the section you placed quotation marks around.
>
>The quotation marks weren't intended to indicate a direct quote.
>However, if I've inaccurately characterized your views, I'm glad; I
>much prefer it that you are not advocating such things. But David A.
>Scott certainly _does_ seem to hold that kind of viewpoint, which is
>why he has few admirers on this NG.
What view point. And by the way did you read the repleys about
PGP and CBC it does not use it. JUst though I would bring that up
again I know we have argued on and off again for years but you seem
to be the only one John that thinks PGP used CBC mod.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: What part of 'You need the key to know' don't you people get?
Reply-To: [EMAIL PROTECTED]
Date: Sat, 20 Nov 1999 13:00:45 GMT
Johnny Bravo <[EMAIL PROTECTED]> wrote:
: On Sat, 20 Nov 1999 00:29:12 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
:>There are /many/ possible figures you can get for the keyspace of the
:>Enigma machine, depending on which combination of components you consider
:>to be part of the key.
:>
:>There were a number of different types of wheel employed over a period of
:>time, with differing arrangements of letters. Do you count this? Or not?
: I went over this in another recent message to the group. This had
: nothing to do with any of the above. The original assertion was that
: 28 wheels in fixed positions with 26 states each had over 2^128 bits
: of possible positions. This assertion is absolutely correct.
I believe if you look at the original, it actually reads:
"Assuming 26 pins per wheel you need 28 wheels to match a 128-bit key."
This apparently assumes that there are no other ways that the Enigma
machine could modify its keyspace, besides employing a number of
predefined wheels. It was pointed out that this was not the case.
For example the Enigma machine got a large volume of its keyspace from
its plugboard.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
When I gave her the ring, she gave me the finger.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: What part of 'You need the key to know' don't you people get?
Reply-To: [EMAIL PROTECTED]
Date: Sat, 20 Nov 1999 13:05:30 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: [...] admit that your remark that the keys in the rotors being bigger
: then modern ciphers, is totally false. Because well it is.
He referred to the keys in the *Enigma*, not the keys in any particular
set of rotors.
Since I beleive a large number of possible rotors were actually available
at some locations, AFAICS, he's technically correct.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
You can't out-think a person who isn't thinking.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: What part of 'You need the key to know' don't you people get?
Reply-To: [EMAIL PROTECTED]
Date: Sat, 20 Nov 1999 13:13:57 GMT
Johnny Bravo <[EMAIL PROTECTED]> wrote:
: On Thu, 18 Nov 1999 18:33:02 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
:>David demonstrates this by chopping the head and tail from the cyphertext
:>message, and decrypting it anyway (using the key). This would be
:>impossible if the plaintext information were diffused through the whole
:>message.
: You might as well assume your attacker just has the middle third of
: the plaintext sitting right in front of him as well. Of what
: practical use is basing an attack on your attacker having the key?
You don't seem to grasp David's point. Perhaps you've been listening to
Tom? David is *not* proposing this as an attack. It's a demonstration
that all the information needed to decrypt a file section is present in
that section (give or take a block at the end).
: What are the odds that your attacker will have your key, your IV
: (which is usually in the front of the message) and ONLY the middle 1/3
: of the ciphertext?
The IV is only useful for decrypting the first block. Other blocks may be
decrypted without it. I stress again, we are not talking about an
attacker encountering these circumstances.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
I bet you can't stop reading here ... ... see, I knew it!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Do flight data recorders use encryption?
Date: Sat, 20 Nov 1999 13:49:24 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Johnny Bravo)
wrote:
>On Fri, 19 Nov 1999 13:04:37 -0800, albert <[EMAIL PROTECTED]> wrote:
>
>>I was just thinking, I'm not a big fan of the government, and I don't
>>trust them. So I have no idea if what they are telling us (and the
>>press) is true. I'm wondering if they have some method themselves of
>>confirming the authenticity of the data recorders.
>
> Who is they? The government? What would they care, if they are
>going to lie we'll never know. The press? The press never get's
>access to the recorder, just tape copies of the voices if the FAA
>cares to release it.
>
> As for faking the data and switching them at the scene. I doubt
>anyone would be on the scene fast enough to find the recorders and
>switch them considering how much data is on the recorder and all of it
>would have to be faked., the chances of the government not noticing a
>switch would be about nil.
>
> Best Wishes,
> Johnny Bravo
The problem with the fight recoders and such is that you can no longer
trust the government to be honest. The FBI as been caught tampering with
evidence and as WACO shows they will do anything to lie and cover up
the truth. Do you think for one minute that if they want to make the crash
look like some Egptian pilots suicde that they would fairly exaimin the
evidence. The motive is to find Boeing innocent and at all costs. No wonder
the Egptians are worried about the investagation. This country has lost
much of the respect of the world. There was a time when one could trust
that the FBI would do a good honest job. But no more. Thank you Mr
Bill for fucking thins country over big time.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Reply-To: [EMAIL PROTECTED]
Date: Sat, 20 Nov 1999 13:49:31 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Quantifying security in absolute terms is diffucult. However, seeing
:> (for example) that adding known plaintext before direct encryption with
:> a block cypher weakens the resulting system does not require this.
:> This case is directly analogous.
: If a cryptosystem cannot withstand a known-plaintext attack,
: why are you using it in the first place?
What cryptosystem (with keys shorter than messages) is known to withstand
the plaintext attacks of all comers, today and tomorrow?
Show me one, convince me of the fact, and I will start using it
immediately.
Until then, please allow me to continue to try to defend as best I know
how against known plaintext attacks, using other techniques.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
If love is blind, marriage makes a great eye-opener.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Reply-To: [EMAIL PROTECTED]
Date: Sat, 20 Nov 1999 14:00:45 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: In article <[EMAIL PROTECTED]>,
: [EMAIL PROTECTED] wrote:
:> Jerry Coffin <[EMAIL PROTECTED]> wrote:
:> : In article <80tg4o$tg6$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
:> :> You will see that all you pet modes are an illusion. They do
:> :> not spread the information though the file. But either you
:> :> don't understand or are to lazy to test.
:>
:> : Quite the contrary: that's a well-known feature of (for example)
: CBC.
:> : Its self-synchronizing property is well-known and useful. [...]
:>
:> You *don't* think having a known relationship between bits of text and
:> bits of cyphertext assists analysis?
:>
:> I don't understand. What is your problem with this notion?
: Um, by using a deterministic cipher you already have a clearly defined
: relationship of the ciphertext and plaintext [assuming you have the
: key]. This undeniable fact leads to cryptanalysis. This applies to
: any cipher and mode of operation.
I intended to refer to a fixed ralationship between them, such that
knowing a section of plaintext, produces complete information about
a number of cyphertext blocks, and allows any known plaintext attacks
on that section of the file to function.
This is the subject of this section of the discussion - do I need to spell
it out every time?
:> You disagree?! You think (for example) that people do generally have
:> the software to recover from such a mess? Or perhaps you think that
:> hardly anybody uses the software in question, so it doesn't matter? Or
:> perhaps you think that there's no possible way knowledge that certain
:> small regions of cyphertext correspond with certain regions of
:> plaintext can help attackers? Perhaps you would like to clarify which,
:> if any, of these false views do you hold?
: Yak yak yak. I would read this but what's the point. [...]
For you, perhaps nothing. You /appear/ to have read other posts of mine,
but still show little sign of understanding what I am saying.
Consider, for example your "What don't you understand about 'you need to
have the key' thread". Rarely have I seen such a complete failure to
understand what someone else is trying to say.
:> Quantifying security in absolute terms is diffucult. However, seeing
:> (for example) that adding known plaintext before direct encryption
:> with a block cypher weakens the resulting system does not require this.
:> This case is directly analogous.
: Yak yak yak, clap clap, sit down now please... put the mike down....
: sit the heck down!
You have no content relating to cryptography to add?
You're content with telling me to shut up?
If you don't like reading my posts because they fail to reflect your own
world-view - and your way of dealing with this is to tell me to shut
up - then *please* killfile me.
This will save your having to read my posts - and will save me having to
deal with your attempts to supress discussion in the future.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
If speed scares you, try Microsoft Windows.
------------------------------
Date: Sat, 20 Nov 1999 09:22:06 -0500 (EST)
From: Mark Adkins <[EMAIL PROTECTED]>
Subject: Re: A Random Key Cipher Machine
In a previous post I wrote in part:
>The length of a given arc [on a sine curve] is
>the integral of y*dx which for the sine function y=sin(x) is
>-cos(x) + C. The x axis is the time axis, so setting C=0 and
>substituting delta-x for x, we see that the length of any arc
>travelled during a given time delta-x is the same regardless
>of where the arc is on the sine curve.
Horrors! Ascribe this to the same brain seizure which produced
"geography" when geometry was intended. (Note to self: beware
the Jabberwock, my son.) The integral of y*dx is of course
the area under the curve. The formula for arc length is
the integral (from x=a to x=b) of SQR(1+(y')^2)*dx, where
in the present case y'=cos(x). I'm afraid that I seldom
use calculus, use it even less frequently where trigonometric
functions are concerned -- and in fact have never taken
calculus in school. So perhaps I should be forgiven for
this, particularly since it has no bearing on the general
validity of my scheme.
(Red faced with shame, I slink off for breakfast at a
Vietnamese restaurant.)
--
Posted for my own amusement, since you are all figments.
Mark Adkins ([EMAIL PROTECTED])
------------------------------
From: "P.C. Teo" <[EMAIL PROTECTED]>
Subject: Race Winning Statistics on Battle Net??
Date: 20 Nov 1999 23:23:24 +0800
Any information of statistics of winning of races on battle net? Summary,
Percentage, Usage...
Thanks
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Reply-To: [EMAIL PROTECTED]
Date: Sat, 20 Nov 1999 14:15:13 GMT
John Savard <[EMAIL PROTECTED]> wrote:
: On Sat, 20 Nov 1999 00:20:07 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
:>I certainly never said the section you placed quotation marks around.
: The quotation marks weren't intended to indicate a direct quote.
Yes, I understood that. It pays to be cautious when playing with those
quotation marks, though ;-)
: However, if I've inaccurately characterized your views, I'm glad; I
: much prefer it that you are not advocating such things.
I'm not - that would be pretty crazy!
: But David A. Scott certainly _does_ seem to hold that kind of viewpoint,
: which is why he has few admirers on this NG.
This is not the impression I have. Why don't you ask David directly if he
believes that the NSA can brute-force 256-bit keys on some future
occasion?
This is a bit of a crazy question to ask - but perhaps if you say that
I said I thought this might help you to improve your (apparently poor)
opinion of him, he might stoop to an answer ;-)
David's supposed lack of admireres on this newsgroup appears to me to
have a number of causes:
* He holds extreme views, which don't seem to me to be at all wrong, but
seem to clash somewhat with much modern orthodoxy.
* He's not terribly articulate - and is more interested in pursuing
technical goals, than he is on brushing up on his presentation.
As a result, strangers tend to treat him as though his spelling reflects
his IQ - definitely a mistake, partly because...
* He has a short fuse, doesn't tolerate fools gladly, and quickly stoops
to telling them where to go. /Sometimes/ it seem to me that this trait
extends to telling innocent bystanders where to go, while there's still
a chance that the disagreement stems from some sort of ambiguity or
misunderstanding ;-/
I wish David could curb this trait a little - but to a certain extent I
understand and even sympathise. Life is short.
If you can't withstand a few insults on usenet, you really shouldn't be
posting there ;-)
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
If people listened to themselves, they would talk a whole lot less.
------------------------------
From: [EMAIL PROTECTED] (John Forkosh)
Crossposted-To: comp.ai.fuzzy,sci.physics,sci.math
Subject: Re: Simpson's Paradox and Quantum Entanglement
Date: 20 Nov 1999 14:36:03 GMT
[EMAIL PROTECTED] wrote:
: Simpson's Paradox:
: http://curriculum.qed.qld.gov.au/kla/eda/sim_par.htm
: Simpson's Paradox is a statistical artifact ...<snip>
There's a textbook treatment in "Quantum Probability",
Stanley P. Gudder, Academic Press 1988, ISBN 0-12-305340-4,
pages 102-106, which concludes it's not a problem.
John ([EMAIL PROTECTED])
P.S. To see the "classical problem" consider, e.g., a college
with Law and Business schools, interested in its admissions
of Men vs. Women. It tabulates
#accepted/#applied=%accepted
for Men and Women at each school, finding %accepted is greater
for Women at both schools individually, but greater for Men
when the schools are combined. How's this possible? Consider...
Law School Business Combined
----------------------------------------------
Men 18/120=15% 180/240=75% 198/360=55%
----------------------------------------------
Women 24/120=20% 64/80 =80% 88/200=44%
The problem is that the "combining rule" is a/b,c/d --> (a+c)/(b+d)
which isn't a typical arithmetic operation, though it does model
the "word question" posed by the college.
Arithmetically, we have 18/120 < 24/120 and 180/240 < 64/80,
and we're intuitively concluding (18+180)/(120+240) < (24+64)/(120+80).
Substitute symbols, and a little algebra shows this isn't generally true.
(Note: It is true if the denominators at each school are equal,
e.g., multiply the Business Women by 3/3.)
Thus, ultimately, the "word question" isn't really well-posed
in terms of percentages, because division isn't linear in the sense
assumed by the problem.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Reply-To: [EMAIL PROTECTED]
Date: Sat, 20 Nov 1999 15:00:54 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Decrypting involves reversing the block-encypherment and EORing with the
:> preceeding cyphertext (or the IV for the first block). No other
:> information from the rest of the file is required. The information
:> in the plaintext is diffused over (at most) two blocks.
: Each CT block depends on at least the corresponding PT block.
: As further CT blocks each depend on the preceding CT block,
: so do they depend on the PT information contained within that
: block; and transitivity implies that the last CT block
: depends on *every* PT block.
I don't think I disagree with this.
: This is really easy to demonstrate with a simple experiment:
: Encrypt a file twice, with only a single bit of PT different
: between the two cases. You'll find that the CT past that
: point is entirely different, all the way to end-of-file.
: That would not have occurred had the PT information been
: truly localized within the CT.
Neverltheless, the information required to decrypt a block of
cyphertext to a corresponding block of plaintext is present in
that block of cyphertext, give or take a leading block.
Information required to recover the plaintext of a block is present in
that block and its precursor, *only*.
Since the information is /all/ present there - and the file has not grown
by the process of encryption, there /can't/ be any information about that
section of plaintext present elsewhere in the file, since then there
wouldn't be enough "space" for the rest of the plaintext. You can't
represent information in one place, and have the same information
present *again* somewhere else, without losing information from
elsewhere, or increasing the length of the file.
I'm not disputing that changing a pit results in changes to all the
subsequent cyphertext - I'm just saying that you can decrypt a section of
the plaintext from the information in the corresponding section of the
cyphertext. If diffusion had been applied to the file before encrypting
it, this would be impossible.
That's what I mean when I say all the information needed to recover a
section of plaintext is present in the corresponding region of cyphertext.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
If you're too afraid to learn, you were born like that.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
