Cryptography-Digest Digest #625, Volume #10 Wed, 24 Nov 99 20:13:01 EST
Contents:
Re: Prime Numbers Question ("Trevor Jackson, III")
Re: Prime Numbers Question ("Trevor Jackson, III")
Re: US stupidity ("Trevor Jackson, III")
Re: US stupidity ("Trevor Jackson, III")
Re: Question about enigma rotors (David Hamer)
Re: Prime Numbers Question (Paul Koning)
Re: Random Noise Encryption Buffs (Look Here) (Paul Koning)
Re: Cryptological discovery, rediscovery, or fantasy? (Dan Day)
Re: Cryptological discovery, rediscovery, or fantasy? (Dan Day)
Re: Cryptological discovery, rediscovery, or fantasy? (Dan Day)
Re: US stupidity (SCOTT19U.ZIP_GUY)
Re: Do flight data recorders use encryption? (Dan Day)
Re: Q: If the NSA can routinely crack crypto... (SCOTT19U.ZIP_GUY)
Is this a Legit test of the AES candidate strength? (albert)
Re: Prime Numbers Question (William Rowden)
Re: Q: If the NSA can routinely crack crypto... (David Crick)
Re: Q: If the NSA can routinely crack crypto... (David Crick)
----------------------------------------------------------------------------
Date: Wed, 24 Nov 1999 17:14:07 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Prime Numbers Question
Quisquater wrote:
> "Trevor Jackson, III" wrote:
> >
> >[snip]
> > I am familiar with this method of generating values of the expected length,
> > but I've not seen a reason why one would care about N bits of key vs N-1
> > bits of key. Is it merely numerology and convenience, or is there some
> > fundamental issue that shows "full size" keys as superior?
> >
> > Clearly allowing non-"full size" keys would increase the key space, but
> > that's irrelevant to the question I'm trying to pose.
>
> Well, there are reasons (good or not) to generate keys of stricly given
> length:
>
> at least
>
> - some implementations try to use the fact that the MSB (most
> significant bit is 1);
Interesting. For what purpose do they make this assumption? I.e., what does the
assumption buy them?
>
>
> - legal reason: a key of 1023 bits is not a key of 1024 bits :-)
Quibble: Of course it is. It fits exactly in 128 bytes. The MSB is zero,
that's all. :-)
------------------------------
Date: Wed, 24 Nov 1999 17:19:28 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Prime Numbers Question
Johnny Bravo wrote:
> On Wed, 24 Nov 1999 11:15:01 +0100, "Julian LEWIS"
> <[EMAIL PROTECTED]> wrote:
>
> > A second dumb question, how are the prime numbers generated ? Is it
> >2^(n-1) or what ?
>
> Simple method: Generate a random number of N bits, check to see if
> it is prime. If not increment by one, repeat until you find a prime
> number.
I'm sure you meant increment by two.
>
>
> >surely if I was attacking a public key, then the way to do
> >it is not to try to factorise N into Q1,Q2 but rather generate Qs multiply
> >them together and see if they equal N ?
>
> There are rather a lot of prime numbers, there are more 512 bit
> primes then there are atoms in the universe. You might have trouble
> storing your table, and you might quickly realize that there isn't
> enough energy in the universe to do all the calculations needed.
We have aprrof that there is no minimum energy required to make a calculation.
Thus there is enough energy in the universe to make an arbitrarily large number
of calculations. The only limits on _building_such a calculator involve the
selection of a particular implementation technology, each of which will impose
an energy floor on the individual processing steps. But there is no technology
that has the least possible energy.
>
>
> See http://www.utm.edu/research/primes/howmany.shtml
>
> Best Wishes,
> Johnny Bravo
------------------------------
Date: Wed, 24 Nov 1999 17:26:27 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: us.politics,talk.politics.crypto
Subject: Re: US stupidity
John DeLaGarza wrote:
> I'm no hacker, I but I know a bit about computers. Would like to one day
> know enought to be called a hacker, but I would never intentionally damage
> and US or allied computer system. Actually I would like to work for the
> Gov't/military doing this one day. I dont see hackers as much of a threat,
> there are a few out there that do actually damage systems and they should be
> the ones targeted. I see hackers as a form of competition that , that would
> not exist otherwise, force corporations to develop more secure systems. Some
> "hackers" even let it be known whats wrong with the system. If not for them
> there would be a possibility for foreign governments and buisiness to break
> in to our systems to steal info. Its some of the amature hackers that
> actually let it be know that something is wrong, because they just happen to
> trip all over the place. Although I think it is more of a shady issue when
> it comes to Gov't/military sites. Of course there is nothing of real value
> on the systems wired on the net. I think the US government should crack down
> on people who are just around to piss them of and just put all kinds of crap
> up instead on thier(US) systems. They just need to let it be know you dont
> fuck with the US govt. Although once they have been arrested the Governments
> should bargain with the "hacker" let him off with probation and give him
> back his computer if he tell or teaches them how he did what he did. Might
> be a bit unethical, but I think the military could use a few more of these
> people.
Counter theory: The government is unable to actually prosecute people for
merely cracking systems because such systems are an "attractive nuisance". Only
when some real damage is caused are they able to show malicious intent, and thus
a crime.
The "attractive nuisance" principle protects physical respassers, so there is
reason to believe it would protect virtual trespassers.
------------------------------
Date: Wed, 24 Nov 1999 17:31:34 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: US stupidity
CoyoteRed wrote:
> [radiant matrix] said...
>
> > I do not break into computer systems (except when I am being paid to test
> > security for someone), and I do not use my skills for illegal activity. The
> > "hackers" that most people think of are people who break into systems
> > illegally -- we like to call them "crackers" to separate them, but the
> > popular media will probably never adopt the term.
>
> Personally, with almost 20 years experience with computers, I always
> thought a 'hacker' was someone who was very proficient with computers
> to the point they could make them do practically anything, i.e.
> circumvent security protocols (Hack their way into the computer), etc.
> while a 'cracker' broke programs, usually to circumvent (crack or
> break) copy protection.
>
> Hackers, like pit bulls, have a bad reputation because of the media.
At MIT hacking is (used to be) an activity aimed at textbooks and problem sets.
Contexts dominate the definition of slang. That's often how you can tell it _is_
slang.
------------------------------
Date: Wed, 24 Nov 1999 17:40:26 -0500
From: David Hamer <[EMAIL PROTECTED]>
Subject: Re: Question about enigma rotors
"Douglas A. Gwyn" wrote:
> "Erik H." wrote:
> > Some of the pages I found describe the rotors
> > by using 26 numbers/letters.
> > But how can this be?
German Army/GAF machines [3-wheel Enigmas] used wheels that used a 1-26
notation for the alphabet [1=A; 2=B...] while the Navy machines - both
the 3 and
4-wheel versions - used the A-Z notation. This gets a bit confusing when
studying
Enigma on the basis of today's museum exhibits, illustrations in books,
etc. as many
of the Army/GAF examples have Navy wheels installed and vice-versa. A
quick
look at: <http://www.eclipse.net/~dhamer/location.htm> will give a
little insight into
this...
DHH
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
David Hamer The Crypto Simulations Group
[EMAIL PROTECTED] http://www.eclipse.net/~dhamer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Prime Numbers Question
Date: Wed, 24 Nov 1999 17:22:00 -0500
Julian LEWIS wrote:
>
> Thanks Eric,
> I checked it out on ...
> http://xfactor.wpi.edu/Works/MQP/securenet/root/node39.htm
> now I understand how the pseudo primes are generated.
nonono... not "pseudo primes". They are primes. Typically they
are tested with probabilistic primality testers (though they don't
have to be) but that doesn't make them pseudo primes!
paul
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: Wed, 24 Nov 1999 17:25:03 -0500
"Charles R. Lyttle" wrote:
> A brute force search isn't required. Random noise sources aren't quiet
> "white" but are "colored", some values tending to be more common than
> others.
That's an interesting point, but my observation (vulnerable to
brute force search) still applies even if the CDs contain
cryptographically
acceptable white noise. There simply isn't enough of it, if the
bits are known and only the starting points kept secret.
paul
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Subject: Re: Cryptological discovery, rediscovery, or fantasy?
Date: Wed, 24 Nov 1999 23:21:54 GMT
On Mon, 22 Nov 1999 13:41:29 GMT, [EMAIL PROTECTED] (CoyoteRed) wrote:
>Another thing, AFAIK, an interrogator will ask specific questions and
>work you until /he/ thinks you've given up the proper information.
>
>Evidence control may be the direction that you may what to look if
>confronted with such a situation. Plausible deniability will be your
>strength at this point, not encryption.
I think that's part of the original poster's point -- having your
encrypted messages decrypt into something plausible but non-incriminating
helps you to build your "plausible deniability" case.
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Crossposted-To: sci.math,sci.misc,alt.privacy
Subject: Re: Cryptological discovery, rediscovery, or fantasy?
Date: Wed, 24 Nov 1999 23:28:17 GMT
On Sat, 20 Nov 1999 19:18:39 GMT, [EMAIL PROTECTED] (Johnny Bravo) wrote:
> So what, they find out such a method exists and just tortures you
>until they get both messages. If you only have one message, they just
>torture you to death and when you are dead, they can be sure they got
>everything there is to get from you.
It could be even worse than that.
On a program last year on either The Discovery Channel or The
Learning Channel, they covered the future of crime-fighting.
One of the things they covered was research, which appeared to
be in the "concept has been proven but not yet fully practical"
stage, into a brainwave-like machine that can detect whether you
recognize something or not.
This sounds reasonably useless, until you realize that it can
be used as a very powerful lie detector. Show a murder suspect
a picture of the murder weapon (or the dead body) and see if his
brain lights up in recognition. Mention parts of a conspiracy
to a suspect and see which parts of the conspiracy he was involved
in. And so on, for all sorts of things that would be useful both
to a police investigation, and a police state.
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Crossposted-To: sci.math,sci.misc,alt.privacy
Subject: Re: Cryptological discovery, rediscovery, or fantasy?
Date: Wed, 24 Nov 1999 23:35:25 GMT
On Sat, 20 Nov 1999 15:18:37 -0500, DSM <[EMAIL PROTECTED]>
wrote:
>Key requirements of algorithm:
>1) There must be no way to reveal whether a second
>(or third, fourth, etc.) data block is present or
>absent.
>2) The above entails that message block size must
>remain constant given varying input block sizes.
>This would make any such technique woefully inefficient.
>
>Could such an algorithm exist? Is it already in use?
Well, the trusty One Time Pad can be used that way.
Have floppies or CD-ROMs of the "real" key, and another
set of disks with a "fake" key that instead decodes the
encrypted data into, say, "The Joy of Cooking".
The nice thing about the One Time Pad method (and the
very reason for its unbreakable strength), is that with
appropriate keys, it can be "decoded" into ANY possible
plaintext. There's simply no way for an adversary to
determine what is the "real" keyset/plaintext.
When you get caught, hand over the fake keyset.
For that matter, the real keyset may not even exist anymore,
since you can destroy it after sending your encrypted message,
or receiving and reading one. A complete search of your
possessions would turn up nothing but the "Joy of Cooking"
keyset (handily labeled, "One Time Pad -- Secret!")
As for plausible deniability, you can say, "I didn't want to
get caught breaking copyright laws by emailing a copyrighted
book to my friend a chapter at a time -- I'm so ashamed."
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: us.politics,talk.politics.crypto
Subject: Re: US stupidity
Date: Thu, 25 Nov 1999 00:38:39 GMT
In article <[EMAIL PROTECTED]>, Alan Mackenzie<[EMAIL PROTECTED]> wrote:
>[ sci.crypt removed from newsgroups/followup-to ]
sci.crypt added back in to newsgroup/followup-from
>
>Johnny Bravo <[EMAIL PROTECTED]> wrote:
>> On Wed, 24 Nov 1999 06:54:30 GMT, [EMAIL PROTECTED]
>> (SCOTT19U.ZIP_GUY) wrote:
>
>>>In article <[EMAIL PROTECTED]>, "John E. Kuslich"
>>><[EMAIL PROTECTED]> wrote:
>>>>I have really mixed feelings about this. The boy was no threat to
>>>>national security or anything of REAL value.
>>>>
>>>>The lad's act was vandalism, no doubt about that. If you have ever
>>>>been the victim of vandalism, you can appreciate the feelings of the
>>>>victims in this case.
>>> My understanding was no real damage was done. Its not like
>>>he put a virus in the system.
>
>> So you don't mind if total strangers break into your house and look
>> around, as long as they don't damage anything or steal something?
>
>I don't know about this specific case, but it looks to me more like the
>comparison is often "if you don't want total strangers walking into your
>house, put a lock on its door."
>
>My feeling is that cracking a system, of itself, should not be a crime.
>Negligently allowing a system (which contains sensitive data) to be
>cracked should be a crime; I'd love to see some sloppy software engineers
>and sys-admins up in the dock!
That would never happen in this country since the government would
rather punish people than do the right thing.
>
>Cracking a system and then vandalising it should, of course, be criminal,
>but the punishment inflicted on the vandal should reflect only the damage
>done to the computer system, not the cracking itself.
>
I agree mostly but why change the distribution of the message just
because you thought it didn't belong in sci.crypt
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Subject: Re: Do flight data recorders use encryption?
Date: Wed, 24 Nov 1999 23:44:01 GMT
On Sat, 20 Nov 1999 21:12:03 -0800, "@li" <[EMAIL PROTECTED]> wrote:
>For example, when the 'data' was first
>released, the alleged quote of the co-pilot was "I made my decision now, I
>put my faith in God...", but just a couple of days ago, ABC said that the
>copilot never said the first part of that sentence... Clearly there is some
>foul play, but on what level????
As the old saying goes, "never attribute to malice that which can be
adequately explained by incompetence".
No one had to lie to get the "I made my decision now" quote into the
newspapers, just sloppy reporting of rumors as fact. I can picture
some reporter getting a call from a janitor at the NTSB, who excitedly
says, "I think I overheard some guys talking about this crash, and
to the best of my memory, they said..." The reporter decides he has
a "scoop" and runs with it, and then all the other news agencies pick it
up and repeat it as gospel, not wanting to be left out.
I've seen too many enormously bone-headed mistakes in print (and on the
TV news) in mundane stories that no one had any incentive whatsoever
to "spin" about, to have any doubt that they're perfectly capable of
producing such falsehoods through simple incompetence and/or sloppiness.
No actual lies or "foul play" need be involved.
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: talk.politics.crypto
Subject: Re: Q: If the NSA can routinely crack crypto...
Date: Thu, 25 Nov 1999 00:51:18 GMT
In article <[EMAIL PROTECTED]>, CoyoteRed (at) Bigfoot (dot) com
wrote:
>Quoting "Mark Windmill" on Tue, 23 Nov 1999 21:45:06 +0000 ...
>
>> I know I'm just repeating the same old stuff but I've just finished
>> reading The Puzzle Palace by James Bamford. It leaves me with the
>> impression that the NSA (and their equivs) would do *anything* to not
>> have to reveal the extent of their successes. There are examples in
>> the book which although a few years old must still hold true.
>
>Sounds like carrying a concealed weapon, but refusing to ever pull it
>so as not to "tip his hand."
>
>
It is one of the few books that highly recommend people interested in
crypto should read.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: albert <[EMAIL PROTECTED]>
Subject: Is this a Legit test of the AES candidate strength?
Date: Wed, 24 Nov 1999 16:22:54 -0800
I wrote a cheezy little program that counts the frequency of a file, and
outputs it. Dan Frezza had said that he was curious of the distribution
of PGP and so ran a frequency test against it. Very impressive, almost
evenly spread across the board.
I was wondering if this is a legit test for the diffusion rate of an
algorithm. Have an algorithm encrypt an entire page, and then check the
frequency distribution. I figure if there is a heavy skew, then the
algorithm is not doing a good job diffusing the data.
Albert
------------------------------
From: William Rowden <[EMAIL PROTECTED]>
Subject: Re: Prime Numbers Question
Date: Thu, 25 Nov 1999 00:16:12 GMT
Unless I'm mistaken, Johnny Bravo left off some (hopefully obvious)
details.
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Johnny Bravo) wrote:
> On Wed, 24 Nov 1999 11:15:01 +0100, "Julian LEWIS"
> <[EMAIL PROTECTED]> wrote:
> > A second dumb question, how are the prime numbers generated ? Is
> > it 2^(n-1) or what ?
>
> Simple method: Generate a[n]
odd (i.e., with low bit set to one)
> random number of N bits,
(which therefore has a high bit of one)
> check to see if it is prime. If not increment by one,
Perhaps you meant "increment by two."
> repeat until you find a prime number.
--
-William
SPAM filtered; damages claimed for UCE according to RCW19.86
PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2000-08-01
Fingerprint: FB4B E2CD 25AF 95E5 ADBB DA28 379D 47DB 599E 0B1A
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Q: If the NSA can routinely crack crypto...
Date: Thu, 25 Nov 1999 00:41:27 +0000
"SCOTT19U.ZIP_GUY" wrote:
>
> >> I know I'm just repeating the same old stuff but I've just
> >> finished reading The Puzzle Palace by James Bamford.
>
> It is one of the few books that highly recommend people
> interested in crypto should read.
Has anyone seen a copy of the supposedly updated 2nd Edition,
mentioned in AC2?
80. J. Bamford and W. Madsen, The Puzzle Palace,
Second Edition, Penguin Books, 1995.
I can only find the 1983 version on Amazon.
David.
--
+-------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] http://members.tripod.com/vidcad/ |
| Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
| ICQ#: 46605825 PGP Public Keys: RSA 0x22D5C7A9 DH/DSS 0xBE63D7C7 |
+-------------------------------------------------------------------+
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Q: If the NSA can routinely crack crypto...
Date: Thu, 25 Nov 1999 00:41:49 +0000
"SCOTT19U.ZIP_GUY" wrote:
>
> >> I know I'm just repeating the same old stuff but I've just
> >> finished reading The Puzzle Palace by James Bamford.
>
> It is one of the few books that highly recommend people
> interested in crypto should read.
Has anyone seen a copy of the supposedly updated 2nd Edition,
mentioned in AC2?
80. J. Bamford and W. Madsen, The Puzzle Palace,
Second Edition, Penguin Books, 1995.
I can only find the 1983 version on Amazon.
David.
--
+-------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] http://members.tripod.com/vidcad/ |
| Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
| ICQ#: 46605825 PGP Public Keys: RSA 0x22D5C7A9 DH/DSS 0xBE63D7C7 |
+-------------------------------------------------------------------+
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
