Cryptography-Digest Digest #611, Volume #10 Tue, 23 Nov 99 07:13:03 EST
Contents:
US stupidity (SCOTT19U.ZIP_GUY)
Re: Sarah Flannery (Terje Mathisen)
Re: AES cyphers leak information like sieves (John Savard)
Blum Blum Shub PRNG ([EMAIL PROTECTED])
Cryptography FAQ (01/10: Overview) ([EMAIL PROTECTED])
Cryptography FAQ (02/10: Net Etiquette) ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: us.politics,talk.politics.crypto
Subject: US stupidity
Date: Tue, 23 Nov 1999 06:40:23 GMT
Here is what my country does to its raw talent that could be good with
computers. To bad my governent is so fuckin stupid. Hell it was not that
long ago a hacker in isreal did more damage. It least in that country they
are smart enough to use the talent and the guy was a hero.
But not in mine. With any luck the kid could make money working
for the mob. Maybe they can use good computer talent since the
US government is afraid to fix computers and those who have the
talent get punished.
That was from a pointer from DRUDGE!!
He was sentenced Friday in U.S. District Court in Alexandria, Va., to 15
months in prison and three years of supervised probation and
ordered to
pay restitution of $36,240. And under a judge's order, he
won't be
allowed to touch a computer for three years after his
release.
Burns pleaded guilty Sept. 7 to a single felony count of
intentionally
hacking into one computer, but he admitted involvement in
the spate of
electronic assaults.
To bad he wasn't chinese. I hear the guy in New Mexico is missing
a couple of disks that had the nuclear weapons secrets on it. But I guess
giving China better nukes is of no real concern. I hope the next hacker
takes a clue from the president. Don't admit to anything and then lie
through your teeth. And claim you don't know the meaning of words
like intentional. Hell after all Clinton was able to make a fool of the
justice system by not knowing what the word alone meant.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: Terje Mathisen <[EMAIL PROTECTED]>
Subject: Re: Sarah Flannery
Date: Tue, 23 Nov 1999 07:04:26 +0100
Quisquater wrote:
>
> Jim Haynes wrote:
> >
> > The Irish girl who invented a new crypto algorithm - in the current issue of
> > comp.risks digest are some pointers to URLs with information about this
> > topic.
> Date:
>
> My posting in sci.crypt dated
>
> Thu, 11 Nov 1999 19:05:45 +0100
>
> is essentially the same as in comp.risks.
>
> By the way, I sent several emails about that to organizations
> having reacted very positively about the announcement of the
> new cipher last January (including CNN and nist.gov):
> the answers are (not:-) a surprise. More in few days.
I read the new papers, including the .pdf, and it seems like she has
(independently or not?) already found an effective attack on her new C-P
algorithm.
It did have the interesting property of allowing multiple independent
encryption keys (for a given decryption key), making it possible to
decrypt your own messages, but not those of any others.
Terje
--
- <[EMAIL PROTECTED]>
Using self-discipline, see http://www.eiffel.com/discipline
"almost all programming can be viewed as an exercise in caching"
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: AES cyphers leak information like sieves
Date: Tue, 23 Nov 1999 06:28:22 GMT
On Tue, 23 Nov 1999 03:36:34 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>What on earth are you talking about? "One-on-one" as a technical term
>was adopted recently by participants in this forum *specifically* to
>talk about a particular property that D.Scott thinks is an important
>feature of his compression scheme. It surely isn't applicable to all
>compression schemes.
No, because "the participants in this forum" don't pay much attention
to Mr. Scott.
>"One-to-one" (notice the difference in the spelling!) is a standard
>mathematical term,
which Mr. Scott intended to use, but spelled wrong.
>meaning that distinct points in the domain are
>mapped to distinct points in the range; this is of course necessary
>for any lossless compression,
Not all lossless compression schemes are bijections between the input
domain and the output domain, if the output domain is not interpreted
as "all possible output strings", but is instead interpreted as all
binary strings of any given length.
>including D.Scott's, but his scheme
>has a more special property (which we've been calling "one-on-one").
Well, since compression schemes do vary the length of what is
compressed, I have to admit, though, that the property of the
compression isn't *fully* described by the mathematical term
one-to-one.
D. Scott is proposing that it is desirable that:
given that a compression scheme can produce outputs of length N,
every binary string of length N shall correspond to the unique
compressed representation of some input.
If those inputs happen to be equally likely - that is, if we have an
otherwise ideal compression scheme - the implications of this for
brute-force search are obvious. In the more normal case of limited
compression, the benefit of David Scott's compression method is merely
that the compression scheme _itself_ does not facilitate brute-force
search.
Straight Huffman compression, for example, makes some random strings
of a given length impossible as output values, since they terminate in
the middle of a symbol.
And while I thought his scheme was badly flawed, I noted that if
random padding were allowed - thus, the scheme is now one-to-many, not
one-to-one (and yet still lossless) - this desirable property is
retained, without introducing bias in the last symbol, as I believe
his scheme does as it stands. (Presumably, the very limited amount of
random padding doesn't create the danger of a subliminal channel...but
this is Mr. Scott's main objection to my "improvement".)
------------------------------
From: [EMAIL PROTECTED]
Subject: Blum Blum Shub PRNG
Date: Tue, 23 Nov 1999 08:09:06 GMT
Here is some source code I ported for a Blum Blum Shub Pseudo-random
number generator. This was originally a demonstration using bc, and I
tried to reproduce it line-for-line in C using Free GMP. It should be
trivial to port to full GMP. The first part is a fragment to generate
passwords, and the last two are the BBS libraries themselves. Any
comments would be greatly appreciated.
========================================================================
mpz_init( &i );
mpz_init( &guess );
mpz_init( &guess2 );
UpdateSeed( &sha_info );
if( bGenerate )
{
mpz_random( &guess, data->strength );
GenerateBlumPrime( &p, &guess, strlen( mpz_get_str(
NULL, 10, &guess ) ) );
mpz_random( &guess2, data->strength );
GenerateBlumPrime( &q, &guess2, strlen( mpz_get_str(
NULL, 10, &guess2 ) ) );
UpdateSeed( &sha_info );
sprintf( hash, "%x%x%x%x%x", sha_info.digest[0], sha_info.digest
[1], sha_info.digest[2],
sha_info.digest[3], sha_info.digest[4]);
mpz_set_str( &i, hash, 16 );
GenerateSeed( &seed, &p, &q, &i );
for( j=0; j<15; j++ )
{
memset( Password, '\0', sizeof( Password ) );
for( n=0; n<data->length; n++ )
{
do{
num = GenerateInt( &p, &q, &seed,
bpi );
num2 = ( num / (4294967295/KeyLength) );
}while( num2 > (unsigned)KeyLength );
Password[n] = Keyspace[num2];
}
}
/* Memory Cleanup */
mpz_clear( &guess2 );
mpz_clear( &guess );
mpz_clear( &i );
========================================================================
BBS.H
========================================================================
#include <stdio.h>
#include <stdlib.h>
#include "freegmp\gmp.h"
void GenerateBlumPrime( MP_INT *prime, MP_INT *guess, int
length );
void GenerateSeed( MP_INT *seed, MP_INT *p, MP_INT *q, MP_INT
*i );
unsigned long GenerateInt( MP_INT *p, MP_INT *q, MP_INT *s, unsigned
long bpi );
unsigned long BitsPerIteration( MP_INT *p, MP_INT *q );
========================================================================
BBS.C
========================================================================
#include "bbs.h"
unsigned long GenerateBits( MP_INT *p, MP_INT *q, MP_INT *seed,
unsigned long bpi );
void PRandom( MP_INT *randnum, MP_INT *n, __int64 y[] );
void InitRandomTable( __int64 y[] );
/* Generate key : a large Blum prime number which is congruent to 3,
mod 4 */
void GenerateBlumPrime( MP_INT *prime, MP_INT *guess, int length )
{
MP_INT v, z, m, ten, three, zero, temp, randnum;
__int64 y[64];
int i;
mpz_init( &m );
mpz_init( &z );
mpz_init_set_ui( &v, 1 );
mpz_init( &randnum );
mpz_init( &temp );
mpz_init_set_ui( &zero, 0 );
mpz_init_set_ui( &three, 3 );
mpz_init_set_ui( &ten, 10 );
InitRandomTable( y );
mpz_set( prime, guess );
for(i=1; i<length; i++)
mpz_div_ui( prime, prime, 10 );
if( mpz_cmp_ui( prime, 0 ) <= 0 )
mpz_set_ui( &v, 0 );
if( mpz_cmp_ui( prime, 10 ) >= 0 )
mpz_set_ui( &v, 0 );
mpz_mod_ui( &z, guess, 4 );
if( mpz_cmp_ui( &z, 3 ) != 0 )
mpz_set_ui( &v, 0 );
if( mpz_cmp_ui( &v, 1 ) == 0 )
if( mpz_probab_prime_p( guess, 50 ) == 1 ) // variable??
{
mpz_set( prime, guess );
mpz_clear( &ten );
mpz_clear( &three );
mpz_clear( &zero );
mpz_clear( &temp );
mpz_clear( &randnum );
mpz_clear( &v );
mpz_clear( &z );
mpz_clear( &m );
return;
}
mpz_pow_ui( &m, &ten, length);
mpz_set( prime, guess );
while( mpz_cmp_ui( &v, 0 ) == 0 )
{
PRandom( &randnum, &m, y );
mpz_add( prime, prime, &randnum );
mpz_mod( prime, prime, &m );
if( mpz_cmp_ui( prime, 0 ) < 0 )
mpz_sub( prime, &zero, prime );
mpz_mod_ui( &z, prime, 4 );
mpz_sub( &temp, &three, &z );
mpz_add( prime, prime, &temp );
if( mpz_cmp( prime, &m ) < 0 )
mpz_set_ui( &v, mpz_probab_prime_p( prime,
50 ) ); //variable??
}
mpz_clear( &ten );
mpz_clear( &three );
mpz_clear( &zero );
mpz_clear( &temp );
mpz_clear( &randnum );
mpz_clear( &v );
mpz_clear( &z );
mpz_clear( &m );
}
/* Create quadratic residue modulo seed */
void GenerateSeed( MP_INT *seed, MP_INT *p, MP_INT *q, MP_INT *i )
{
MP_INT n, z, temp;
int v;
mpz_init( &n );
mpz_init( &z );
mpz_init( &temp );
mpz_mul( &n, p, q );
mpz_mod( &z, i, &n );
if( mpz_cmp_ui( &z, 1 ) <= 0 )
mpz_set_ui( &z, 2 );
mpz_mul( seed, &z, &z );
mpz_mod( seed, seed, &n );
mpz_mul( seed, seed, seed );
mpz_mod( seed, seed, &n );
v = 1;
mpz_mod( &temp, seed, p );
if( mpz_cmp_ui( &temp, 0 ) == 0 )
{
v = 0;
mpz_add_ui( seed, seed, 1 );
mpz_mod( seed, seed, &n );
}
mpz_mod( &temp, seed, q );
if( mpz_cmp_ui( &temp, 0 ) == 0 )
{
v = 0;
mpz_add_ui( seed, seed, 1 );
mpz_mod( seed, seed, &n );
}
if( mpz_cmp_ui( seed, 1 ) <= 0 )
v = 0;
while( v == 0 )
{
mpz_mul( seed, seed, seed );
mpz_mod( seed, seed, &n );
mpz_mul( seed, seed, seed );
mpz_mod( seed, seed, &n );
v = 1;
mpz_mod( &temp, seed, p );
if( mpz_cmp_ui( &temp, 0 ) == 0 )
{
v = 0;
mpz_add_ui( seed, seed, 1 );
mpz_mod( seed, seed, &n );
}
mpz_mod( &temp, seed, q );
if( mpz_cmp_ui( &temp, 0 ) == 0 )
{
v = 0;
mpz_add_ui( seed, seed, 1 );
mpz_mod( seed, seed, &n );
}
if( mpz_cmp_ui( seed, 1 ) <= 0 )
{
v = 0;
mpz_set_ui( seed, 2 );
}
}
mpz_clear( &n );
mpz_clear( &z );
mpz_clear( &temp );
}
/* Calculate safe number of bits per iteration : log2(log2(N)) */
unsigned long BitsPerIteration( MP_INT *p, MP_INT *q )
{
MP_INT x;
unsigned long l;
mpz_init( &x );
mpz_mul( &x, p, q );
l=0;
while( mpz_cmp_ui( &x, 1 ) > 0 )
{
mpz_div_ui( &x, &x, 2 );
l++;
}
mpz_set_ui( &x, l );
l=0;
while( mpz_cmp_ui( &x, 1 ) > 0 )
{
mpz_div_ui( &x, &x, 2 );
l++;
}
mpz_clear( &x );
return l;
}
/* Generate random unsigned integer */
unsigned long GenerateInt( MP_INT *p, MP_INT *q, MP_INT *s, unsigned
long bpi )
{
int left;
unsigned long randnum, randtemp;
randnum=0;
left = 32;
while( (signed)(bpi-left) < 0 )
{
left -= bpi;
randtemp = GenerateBits( p, q, s, bpi );
randtemp <<= left;
randnum |= randtemp;
}
if( left > 0 )
{
randtemp = GenerateBits( p, q, s, bpi );
randtemp >>= bpi-left;
randnum |= randtemp;
}
return randnum;
}
/* Run the pseudorandom number generator */
unsigned long GenerateBits( MP_INT *p, MP_INT *q, MP_INT *seed,
unsigned long bpi )
{
MP_INT m, n, output, two;
unsigned long num;
/* Memory Allocate */
mpz_init( &n );
mpz_init( &m );
mpz_init( &output );
mpz_init_set_ui( &two, 2 );
mpz_mul( &n, p, q );
mpz_pow_ui( &m, &two, bpi );
mpz_mul( seed, seed, seed );
mpz_mod( seed, seed, &n );
mpz_mod( &output, seed, &m );
num = mpz_get_ui( &output );
/* Memory Cleanup */
mpz_clear( &two );
mpz_clear( &output );
mpz_clear( &m );
mpz_clear( &n );
return num;
}
/* Random number generator for primes */
void PRandom( MP_INT *randnum, MP_INT *n, __int64 y[] )
{
MP_INT x, temp, m;
__int64 j, k;
j=y[61];
k=y[62];
mpz_init_set_str( &m, "4294967296", 10 );
mpz_init_set_ui( &x, 0 );
while( mpz_cmp( &x, n ) < 0 )
{
y[k] = (y[k] + y[j]) % 4294967296;
j--;
k--;
if( j <= 0 )
j = 55;
if( k <= 0 )
k = 55;
mpz_mul( &x, &x, &m );
mpz_add_ui( &x, &x, y[k] );
}
y[61] = j;
y[62] = k;
mpz_init( &temp );
mpz_sub_ui( &temp, n, 1 );
mpz_mod( randnum, &x, &temp );
mpz_add_ui( randnum, randnum, 1 );
mpz_clear( &temp );
mpz_clear( &x );
mpz_clear( &m );
}
/* Initialize random number generator */
void InitRandomTable( __int64 y[] )
{
y[0] = 2348715845;
y[1] = 1665052570;
y[2] = 796063141;
y[3] = 2350298980;
y[4] = 2079021256;
y[5] = 2596604540;
y[6] = 1508146164;
y[7] = 2625542359;
y[8] = 2223371122;
y[9] = 3676765191;
y[10] = 1906462346;
y[11] = 3413673518;
y[12] = 2758255651;
y[13] = 1940057027;
y[14] = 794662019;
y[15] = 1625129301;
y[16] = 1264837106;
y[17] = 65203769;
y[18] = 4059481360;
y[19] = 2503345998;
y[20] = 3784670567;
y[21] = 522126999;
y[22] = 95643657;
y[23] = 368857307;
y[24] = 1152080261;
y[25] = 862814598;
y[26] = 558599104;
y[27] = 3544928103;
y[28] = 1434957517;
y[29] = 1916900940;
y[30] = 319033340;
y[31] = 1699592126;
y[32] = 2662027628;
y[33] = 2324637842;
y[34] = 2105951963;
y[35] = 2201325727;
y[36] = 2252826763;
y[37] = 1284343040;
y[38] = 1360358289;
y[39] = 2548429334;
y[40] = 704311033;
y[41] = 769414534;
y[42] = 3596700434;
y[43] = 2706354780;
y[44] = 1428208683;
y[45] = 1578471924;
y[46] = 1080158821;
y[47] = 2894994679;
y[48] = 850918056;
y[49] = 4025981341;
y[50] = 3661851959;
y[51] = 3007918068;
y[52] = 3502108515;
y[53] = 3928308459;
y[54] = 3438283319;
y[55] = 4048307971;
y[56] = 32112902;
y[57] = 3120700983;
y[58] = 161283647;
y[59] = 4280346983;
y[60] = 2427798542;
y[61] = 24;
y[62] = 55;
y[63] = 4294967296;
}
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers
Subject: Cryptography FAQ (01/10: Overview)
Date: 23 Nov 1999 11:33:26 GMT
Reply-To: [EMAIL PROTECTED]
Archive-name: cryptography-faq/part01
Last-modified: 1999/06/27
This is the first of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read this part before the rest. We
don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in the last part.
Disclaimer: This document is the product of the Crypt Cabal, a secret
society which serves the National Secu---uh, no. Seriously, we're the
good guys, and we've done what we can to ensure the completeness and
accuracy of this document, but in a field of military and commercial
importance like cryptography you have to expect that some people and
organizations consider their interests more important than open
scientific discussion. Trust only what you can verify firsthand.
And don't sue us.
Many people have contributed to this FAQ. In alphabetical order:
Eric Bach, Steve Bellovin, Dan Bernstein, Nelson Bolyard, Carl Ellison,
Jim Gillogly, Mike Gleason, Doug Gwyn, Luke O'Connor, Tony Patti,
William Setzer. We apologize for any omissions.
Archives: sci.crypt has been archived since October 1991 on
ripem.msu.edu, though these archives are available only to U.S. and
Canadian users. Another site is rpub.cl.msu.edu in /pub/crypt/sci.crypt/
from Jan 1992.
The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto,
sci.answers, and news.answers every 21 days.
The fields `Last-modified' and `Version' at the top of each part track
revisions.
1999: There is a project underway to reorganize, expand, and update the
sci.crypt FAQ, pending the resolution of some minor legal issues. The
new FAQ will have two pieces. The first piece will be a series of web
pages. The second piece will be a short posting, focusing on the
questions that really are frequently asked.
In the meantime, if you need to know something that isn't covered in the
current FAQ, you can probably find it starting from Ron Rivest's links
at <http://theory.lcs.mit.edu/~rivest/crypto-security.html>.
If you have comments on the current FAQ, please post them to sci.crypt
under the subject line Crypt FAQ Comments. (The crypt-comments email
address is out of date.)
Table of Contents
=================
1. Overview
2. Net Etiquette
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
2.2. Do political discussions belong in sci.crypt?
2.3. How do I present a new encryption scheme in sci.crypt?
3. Basic Cryptology
3.1. What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key?
3.2. What references can I start with to learn cryptology?
3.3. How does one go about cryptanalysis?
3.4. What is a brute-force search and what is its cryptographic relevance?
3.5. What are some properties satisfied by every strong cryptosystem?
3.6. If a cryptosystem is theoretically unbreakable, then is it
guaranteed analysis-proof in practice?
3.7. Why are many people still using cryptosystems that are
relatively easy to break?
3.8. What are the basic types of cryptanalytic `attacks'?
4. Mathematical Cryptology
4.1. In mathematical terms, what is a private-key cryptosystem?
4.2. What is an attack?
4.3. What's the advantage of formulating all this mathematically?
4.4. Why is the one-time pad secure?
4.5. What's a ciphertext-only attack?
4.6. What's a known-plaintext attack?
4.7. What's a chosen-plaintext attack?
4.8. In mathematical terms, what can you say about brute-force attacks?
4.9. What's a key-guessing attack? What's entropy?
5. Product Ciphers
5.1. What is a product cipher?
5.2. What makes a product cipher secure?
5.3. What are some group-theoretic properties of product ciphers?
5.4. What can be proven about the security of a product cipher?
5.5. How are block ciphers used to encrypt data longer than the block size?
5.6. Can symmetric block ciphers be used for message authentication?
5.7. What exactly is DES?
5.8. What is triple DES?
5.9. What is differential cryptanalysis?
5.10. How was NSA involved in the design of DES?
5.11. Is DES available in software?
5.12. Is DES available in hardware?
5.13. Can DES be used to protect classified information?
5.14. What are ECB, CBC, CFB, and OFB encryption?
6. Public-Key Cryptography
6.1. What is public-key cryptography?
6.2. How does public-key cryptography solve cryptography's Catch-22?
6.3. What is the role of the `trapdoor function' in public key schemes?
6.4. What is the role of the `session key' in public key schemes?
6.5. What's RSA?
6.6. Is RSA secure?
6.7. What's the difference between the RSA and Diffie-Hellman schemes?
6.8. What is `authentication' and the `key distribution problem'?
6.9. How fast can people factor numbers?
6.10. What about other public-key cryptosystems?
6.11. What is the `RSA Factoring Challenge?'
7. Digital Signatures
7.1. What is a one-way hash function?
7.2. What is the difference between public, private, secret, shared, etc.?
7.3. What are MD4 and MD5?
7.4. What is Snefru?
8. Technical Miscellany
8.1. How do I recover from lost passwords in WordPerfect?
8.2. How do I break a Vigenere (repeated-key) cipher?
8.3. How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...]
8.4. Is the UNIX crypt command secure?
8.5. How do I use compression with encryption?
8.6. Is there an unbreakable cipher?
8.7. What does ``random'' mean in cryptography?
8.8. What is the unicity point (a.k.a. unicity distance)?
8.9. What is key management and why is it important?
8.10. Can I use pseudo-random or chaotic numbers as a key stream?
8.11. What is the correct frequency list for English letters?
8.12. What is the Enigma?
8.13. How do I shuffle cards?
8.14. Can I foil S/W pirates by encrypting my CD-ROM?
8.15. Can you do automatic cryptanalysis of simple ciphers?
8.16. What is the coding system used by VCR+?
9. Other Miscellany
9.1. What is the National Security Agency (NSA)?
9.2. What are the US export regulations?
9.3. What is TEMPEST?
9.4. What are the Beale Ciphers, and are they a hoax?
9.5. What is the American Cryptogram Association, and how do I get in touch?
9.6. Is RSA patented?
9.7. What about the Voynich manuscript?
10. References
10.1. Books on history and classical methods
10.2. Books on modern methods
10.3. Survey articles
10.4. Reference articles
10.5. Journals, conference proceedings
10.6. Other
10.7. How may one obtain copies of FIPS and ANSI standards cited herein?
10.8. Electronic sources
10.9. RFCs (available from [FTPRF])
10.10. Related newsgroups
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers
Subject: Cryptography FAQ (02/10: Net Etiquette)
Date: 23 Nov 1999 11:33:30 GMT
Reply-To: [EMAIL PROTECTED]
Archive-name: cryptography-faq/part02
Last-modified: 94/06/13
This is the second of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read the first part before the rest.
We don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in the last part.
The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto,
sci.answers, and news.answers every 21 days.
Contents:
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
2.2. Do political discussions belong in sci.crypt?
2.3. How do I present a new encryption scheme in sci.crypt?
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
Read news.announce.newusers and news.answers for a few weeks. Always
make sure to read a newsgroup for some time before you post to it.
You'll be amazed how often the same question can be asked in the same
newsgroup. After a month you'll have a much better sense of what the
readers want to see.
2.2. Do political discussions belong in sci.crypt?
No. In fact some newsgroups (notably misc.legal.computing) were
created exactly so that political questions like ``Should RSA be
patented?'' don't get in the way of technical discussions. Many
sci.crypt readers also read misc.legal.computing, comp.org.eff.talk,
comp.patents, sci.math, comp.compression, talk.politics.crypto,
et al.; for the benefit of people who don't care about those other
topics, try to put your postings in the right group.
Questions about microfilm and smuggling and other non-cryptographic
``spy stuff'' don't belong in sci.crypt either.
2.3. How do I present a new encryption scheme in sci.crypt?
``I just came up with this neat method of encryption. Here's some
ciphertext: FHDSIJOYW^&%$*#@OGBUJHKFSYUIRE. Is it strong?'' Without a
doubt questions like this are the most annoying traffic on sci.crypt.
If you have come up with an encryption scheme, providing some
ciphertext from it is not adequate. Nobody has ever been impressed by
random gibberish. Any new algorithm should be secure even if the
opponent knows the full algorithm (including how any message key is
distributed) and only the private key is kept secret. There are some
systematic and unsystematic ways to take reasonably long ciphertexts
and decrypt them even without prior knowledge of the algorithm, but
this is a time-consuming and possibly fruitless exercise which most
sci.crypt readers won't bother with.
So what do you do if you have a new encryption scheme? First of all,
find out if it's really new. Look through this FAQ for references and
related methods. Familiarize yourself with the literature and the
introductory textbooks.
When you can appreciate how your cryptosystem fits into the world at
large, try to break it yourself! You shouldn't waste the time of tens
of thousands of readers asking a question which you could have easily
answered on your own.
If you really think your system is secure, and you want to get some
reassurance from experts, you might try posting full details of your
system, including working code and a solid theoretical explanation, to
sci.crypt. (Keep in mind that the export of cryptography is regulated
in some areas.)
If you're lucky an expert might take some interest in what you posted.
You can encourage this by offering cash rewards---for instance, noted
cryptographer Ralph Merkle is offering $1000 to anyone who can break
Snefru-4---but there are no guarantees. If you don't have enough
experience, then most likely any experts who look at your system will
be able to find a flaw. If this happens, it's your responsibility to
consider the flaw and learn from it, rather than just add one more
layer of complication and come back for another round.
A different way to get your cryptosystem reviewed is to have the NSA
look at it. A full discussion of this procedure is outside the scope
of this FAQ.
Among professionals, a common rule of thumb is that if you want to
design a cryptosystem, you have to have experience as a cryptanalyst.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
