Cryptography-Digest Digest #674, Volume #10 Fri, 3 Dec 99 14:13:02 EST
Contents:
Re: Why Aren't Virtual Dice Adequate? (Johnny Bravo)
Re: What part of 'You need the key to know' don't you people get? (wtshaw)
Re: The $10,000.00 contesta (wtshaw)
Re: Encrypting short blocks (wtshaw)
Re: Quantum Computers and PGP et al. (Medical Electronics Lab)
cookies (E-mail)
Re: Is there an analog of Shor's algorithm for elliptic functions? (Medical
Electronics Lab)
Re: What part of 'You need the key to know' don't you people get? (Johnny Bravo)
Re: cookies ("karl malbrain")
Re: What part of 'You need the key to know' don't you people get? ("karl malbrain")
Re: cookies (Steve K)
Re: Peekboo Ideas? >> Oops, problem ... ([EMAIL PROTECTED])
Re: cookies (E-mail)
Re: Peekboo Ideas? >> Oops, problem ... 2nd ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Crossposted-To: sci.math
Subject: Re: Why Aren't Virtual Dice Adequate?
Date: Fri, 03 Dec 1999 12:52:04 GMT
On Fri, 3 Dec 1999 15:17:47 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
>What if the coins are all heads-biased (quite likely with real coins),
>and the dice are all 1-biased (quite possible if the spots are
>drilled indentations)?
One should assume this type of bias from such a mechanical process,
but it is simple to remove the bias from them. For example, you are
using a coin that comes up heads 90% of the time and tails the other
10%. Pair your tosses, throw out any pair that matches. This will
remove the bias from your results.
With the above biased coin:
TT will show up 1 in 100: Discarded
HH will show up 81 times in 100: Discarded
HT will show up 9 times in 100: Kept
TH will show up 9 times in 100: Kept
Giving you a 50/50 distribution of heads and tails. The less
extreme the bias, the closer you get to keeping 50% of your generated
bits. But even an extremely biased source can be used with this
method, if you are willing to accept the slowdowns involved in
distilling unbiased results from the data. This is where computers
come in, if you can use a computer to generate 1000 biased bits a
second and you only kept 1/10 of them it would not be that bad, you
could generate more than 8 million bits in a day.
>Your "complications" may dilute the biases - but don't remove them.
>
>I would treat any proposed one-time-pad which used dice or coins
>as the basis of its random number generator with some caution - if
>I wanted to leak as little information as possible.
It isn't that hard to generate unbiased coin tosses for example, the
trouble comes from generating them at a rate fast enough to be
practical. With coins you would have to make at least 16 tosses per
byte of data. Flipping enough coins to transfer a megabyte is going
to take a while.
Best Wishes,
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Fri, 03 Dec 1999 12:03:25 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Johnny
Bravo) wrote:
..
>
> If they have a claim and offer evidence to support this claim, then
> we can define the claim as worth more study.
Surely so.
> Making a claim and offering no proof other than the assertion "I'm
> right, and you are wrong." is not worth further study. This is
> because even if you prove that one claim wrong, they will just throw
> out more claims.
Proof in a scientific sense, I suppose. I consider certain things David
Scott says are true by definition. Others, I'm not sure, but keep an open
mind for now.
> It is easier to make claims that to support or
> disprove them, why should the community be tasked with debunking every
> crackpot theory that anyone could ever come up with.
What if is an important strategy to test your position. Science requires
routine reevaluation of positions, not being prejudiced that any taken are
always to be correct; this works on old ideas as well as new.
> If you want
> people to consider your claims, you need evidence that your claim is
> valid.
Yes, but many in science hold a few hypotheses most dearly, but have no
positive or final proof that they are true; cryptography is full of such
things.
>
> >The last thing I am going to do is reject
> >claims if there is reason to believe that they might be true.
>
> Really? I claim you are a murderer. Given that the other people on
> this group don't personally know either of us (and have no idea if I
> know you personally or not), there is a reason to believe that it
> might be true. So now you should prove to the group that you are NOT
> a murderer.
I will treat you as an unimformed and ignorant youth who has not respect
for the words you speak, else, you can be prosecuted, and/or sued All
that I can do is yeild that blanket statements concerning your status by
David may be in fact correct. Your position has eroded at your own hand,
while David has stated things that might be true, you stated something
that is patently false, and place an egregiously burden on yourself.
>
> >Being open
> >to such things may seem a burden, but it is a requirement nonetheless.
>
> There is no requirement that we should accept spurious claims
> without evidence. Logic suggests otherwise.
Claims can be made that are true without evidence, happens every day.
Claims can be made that are false, happens every day. When claims
contradict each other, then they can be compared. Whe people voice
conflicting claims and refuse to back up respective positions, that puts
both positions in doubt.
> >Personaly, I have a few rather unpopular ideas myself, backed up by my
> >experience; if they prove accurate according to additional data, mine or
> >others, I surely will mention them again.
>
> This is where you diverge from the topic of discussion. You are
> willing to test your ideas according to existing data. Only when you
> are sure that your ideas have merit would you mention them here.
> Would you expect due consideration of your idea if you had no data
> to back it up other than hurling insults at anyone who asked you to
> supply proof?
Personally, no. I will go out of my way looking for whatever evidence
will apply, to support or to undermine my stated position. I am not
beyond having crow for lunch occasionally.
Beyond the immediate situation, maybe not, there are people that demand
proof that cannot be given, or reject valid well supported ideas that are
against that which they falsely believe; this can cut both ways in a
discussion.
>
> >When working on the idea of
> >strength, a don't-touch subject in the minds of many, surely there are
> >lots of Pandora's boxes to be appraised; fear of what I will find is not
> >my guide, just see what is there.
>
> Lack of proof of strength is not the same as proof of weakness. The
> reason we avoid this subject is that it is nearly impossible to give a
> mathematical proof that any given cipher is strong. We cannot use
> this fact as a claim that any given cipher is weak because we can't
> prove it is strong. If someone claims that a weakness exists, that
> someone has to demonstrate evidence of that weakness.
>
You make my point, especially when something called strong might be
defined otherwise as weak. Say, you have somehow eight possible modes, a
round useful number, and an IV of 64 bits.
By choosing a 67 bit addition to the relevant keyspace, a big question is
whether the addition to proportionally as worthy as the basic algorithm,
after all, the new algorithm including the mode, IV, and base key. To
advocate all of this new algorithm without studying the strength
contributions of the elements is foolish.
For starters, one mode might be better than another. It might be shown
that only a trivial advantage is gained. That should tell you that the
patch is worse, comparatively speaking, than a better algorithm that does
not need it.
You argue for throwing your hands up, pissing into the wind, and hoping
for the best. I argue that a more intelligent strategy is necessary, or
reap the consequences of losing important control of the process. If this
is encryption, you should direct that all actions in an algorithm should
combine efficiently to give you good security.
To adopt a cryptopacifier from a nanny who does not want you to timely
have have the real thing, might not speak of mature judgement on your
part, at least no growth, given additional data that seems to torpedo a
widespread accepted protocol as marginally effective.
--
Love is blind, or at least figure that it has astigmatism.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: The $10,000.00 contesta
Date: Fri, 03 Dec 1999 12:06:12 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Bruce Schneier) wrote:
> I think that almost all algorithm designers would be happy to see a
> new attack on their algorithms. New attacks means that we're learning
> something.
>
I agree with that.
--
Love is blind, or at least figure that it has astigmatism.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Encrypting short blocks
Date: Fri, 03 Dec 1999 12:18:13 -0600
In article <[EMAIL PROTECTED]>, Anton Stiglic <[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
>
>
> > Pick a block length, pick a usable keylength, design a good algorithm,
> > case closed.
> > --
>
> Sure, just re-design everything. Analyse it, give it to others to check
> it out, wait about two years to make sure it seems secure, no problem!
I *thought* the humor would be self-evident. Two years might have little
to do with such an appraisal, time being non-contributary to insight
except in postgame evaluations of sports where you learn how dumb those
that CAN play might be.
Sometimes a redesign is like changing to the correct train that has a
better chance of reaching a desired destination.
--
Love is blind, or at least figure that it has astigmatism.
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,talk.politics.misc
Subject: Re: Quantum Computers and PGP et al.
Date: Fri, 03 Dec 1999 11:56:36 -0600
Greg wrote:
> I have never heard this before. Would you say that DLP would be
> as volunerable as IFP given a first real useful Q computer?
> Or are there magnitudes difference of threat to each?
I don't think anyone has published a general version of Pollard-rho
for a QC, but in principle it is a polynomial time algorithm. The
basic theory suggests any group log problem can be solved in poly
time on a QC. So yes, they are all equally vulnerable, in theory.
I don't think anyone has any idea what the difference in magitude
between each might be, but the fact that it goes from exp-time to
poly-time is more than enough to eliminate all of them as useful
(once a QC comes into existance).
Patience, persistence, truth,
Dr. mike
------------------------------
From: E-mail <[EMAIL PROTECTED]>
Subject: cookies
Date: Fri, 3 Dec 1999 13:08:37 -0500
Many web sites are pretty insistent about taking cookies. Why?
I am suspicious about it because I see it as violation of privacy
and possibly a means of breaking into data not mentioned in the
reasons they give.
Jim
[EMAIL PROTECTED]
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: Is there an analog of Shor's algorithm for elliptic functions?
Date: Fri, 03 Dec 1999 12:07:50 -0600
John Bailey wrote:
>
> Given recent discussions of elliptic functions as an alternative basis
> for public key cryptography,
>
> Is there an equivalent of Shor's algorithm for elliptic functions?
Do you mean on a quantum computer? None that's been published yet,
but it is in principle possible. I don't think there's any PK system
which would be more than poly-time on a QC. That's what makes
QC's so exciting, all of a sudden really hard problems become easy.
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Fri, 03 Dec 1999 13:17:37 GMT
On Fri, 03 Dec 1999 16:25:21 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
> Again asshole check it out I have.
Vulgarity, the refuge of the incompetent. I see that you are no
longer interested in even attempting to maintain a logical and
reasoned discussion. Then again, logic was never one of your strong
suits Mr DS.
>>>> Again I see the assholes misquote me. I never said that
>>>>CBC makes a cipher weaker.
>>
>> You are a pathetic liar. You should write your delusions down so
>>you can keep them straight when you post.
> Your the pathetic liar and your to dam lazy to use your brain.
Then you deny saying that all existing three letter chaining modes
were purposely designed to weaken any cipher they are used on?
>>><Begin Exact Quote>
>>>Subject: Re: Challenge to SCOTT19U.ZIP_GUY
>>>Date: 1999/08/04
>>>Author: SCOTT19U.ZIP_GUY
>>>
>>>"Yes these are my feelings that the chaining methods in use are purposely
>> weak. "
>>><End Exact Quote>
>>
>> You claimed that ALL 3 letter chaining modes are weak. Not only do
>>you claim they are weak, you claim were made weak on purpose, and you
>>are the only one on the planet who knows the "truth." Yet you offer
>>not even a hint of an attack against them, not even in theory. Why do
>>you persist in denying you say this almost constantly.
>>
> I have showed how the NSA 3 letter approved chaining modes
>are weak.
However you went beyond this, you claimed they are purposely weak.
We're still awaiting proof of this unsupported accusation.
>it is my FEELINGS that this was
>done on purpose. Can't you get anything straight or are you just
>plain stupid.
Your feelings on the matter are of no importance. Feelings are not
fact, but you seem to be unable to comprehend that. You claimed it
was true, other than your paranoid fear of the NSA, what proof do you
have?
> Again ASSWIPE I never said they make the cipher weaker. Why
>you keep saying this shit is foolish.
Your anal and scatological fetishes are noted, please keep your
personal life to yourself, we really don't care.
> I said the 3 Letter chaining modes
>are weak. That is a far cry different thaan saying that the chaining makes
>the block cipher weaker. Get a FUCKIN brain you TURD.
You spelled "fucking" incorrectly. Since insults are all you have,
please spell them correctly in the future.
>> Since the solution is leaking, surely you are ready to publish your
>>paper detailing your break of PGP 2.6.3. After all you have had 6
>>months since you noticed the that the solution was just leaking out.
>>When can we expect to see it, either online or published? Or is the
>>lack of experience you mentioned your own?
> Showing that it leaks information and exploiting it for a break are
>two different things.
Stating that it is leaking information and showing it to be true are
two different things. You seem to be confusing your feelings and
facts again. If "information" to use the term loosely is leaking, and
you cannot exploit it, then what is your point?
> You are a retard aren't you. The fact is the input output pairs
>are there. Many attack are based on that fact. Just becase you pee
>brain can't see advantages of hiding this kind of information does not
>mean others are as stupid as you show your self to be.
If you are so smart lets see you use this information in a actual
attack on any of the remaining AES finalists. It should not be more
than a few minutes work for a brilliant ex-mensa member such as
yourself.
> Mr Bravo why don't you use your real fucking name or are you ashamed of
>it.
Yawn, my reasons for not using my own name are not your concern.
Though if anyone really cares they can certainly find out what it is,
I've used it often enough here and there on the net. Should be no
problem for such a genius as yourself to track it down, being an
ex-mensa member and everything.
Johnny Bravo
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: cookies
Date: Fri, 3 Dec 1999 10:38:21 -0800
E-mail <[EMAIL PROTECTED]> wrote in message
news:Pine.LNX.4.04.9912031304560.17276-100000@shell...
>
>
> Many web sites are pretty insistent about taking cookies. Why?
>
> I am suspicious about it because I see it as violation of privacy
> and possibly a means of breaking into data not mentioned in the
> reasons they give.
COOKIES go to the very core of the design of the WEB. The web server was
designed as a STATELESS entity which requires that each CLIENT submit its
own STATE with every request/transaction. The COOKIES are a form of
DISTRIBUTED DATABASE. Karl M
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Fri, 3 Dec 1999 10:53:58 -0800
Johnny Bravo <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Fri, 03 Dec 1999 16:25:21 GMT, [EMAIL PROTECTED]
> (SCOTT19U.ZIP_GUY) wrote:
(...)
> > I have showed how the NSA 3 letter approved chaining modes
> >are weak.
>
> However you went beyond this, you claimed they are purposely weak.
> We're still awaiting proof of this unsupported accusation.
>
> >it is my FEELINGS that this was
> >done on purpose. Can't you get anything straight or are you just
> >plain stupid.
>
> Your feelings on the matter are of no importance. Feelings are not
> fact, but you seem to be unable to comprehend that. You claimed it
> was true, other than your paranoid fear of the NSA, what proof do you
> have?
(...)
Again, INTENT is an INTERIOR matter of SUBJECTIVE concern, not an EXTERIOR
matter. Karl M
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Subject: Re: cookies
Date: Fri, 03 Dec 1999 18:52:22 GMT
On Fri, 3 Dec 1999 13:08:37 -0500, E-mail <[EMAIL PROTECTED]> wrote:
>
>
>Many web sites are pretty insistent about taking cookies. Why?
>
>I am suspicious about it because I see it as violation of privacy
>and possibly a means of breaking into data not mentioned in the
>reasons they give.
The one decent use for cookies (that I know of):
When registered users log in to a company's site, a cookie is set that
identifies that user as being currently logged on. Then, when moving
from page to page inside the site-- or even from server to server in
some cases-- a cgi program can read the cookie and grant access.
The alternatives to this all seem pretty messy and failure prone.
On the other hand, here's from a ZDNET atricle quoted in HNN:
> Novell chief Eric Schmidt has admitted that he has been
> the victim of credit card theft. Speaking at San Francisco's
> Digital Economy conference he blamed the theft of his
> personal information on browser cookies. He labeled cookies
> as "the biggest disaster for computers in the past [few] years."
Since you seem to be concerned about privacy issues, you might want to
take a look at Internet Junkbuster:
Junkbuster is a local proxy that selectively blocks domains specified
by the user. You can also specify domains whose cookies you want the
proxy to admit, in one of the Junkbuster config files. It even has a
function for spoofing cookies, though I have not had much luck with
that feature so far.
If you specify the domains of the major tracking sites-- the ones hit
counters and banners come from-- you instantly get faster browsing and
a reduced profile. It also kills the referrer field that is sent out
with URL requests, and lies to websites about your browser and OS.
http://www.junkbusters.com/ht/en/ijbfaq.html
Steve K
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Peekboo Ideas? >> Oops, problem ...
Date: Fri, 03 Dec 1999 13:56:49 -0500
Oops, problem ...
Program will allow to copy public key to private key box as the beginning.
Next user is able to create share pair that will contain public + public keys.
Next use can use the faulty share [ public + public keys ] to encrypt but
decrypting can not be done.
Prevent mismatch of copy operation.
--
Thanks, Richard
===================================
Tom St Denis wrote:
>
> [EMAIL PROTECTED] wrote:
------------------------------
From: E-mail <[EMAIL PROTECTED]>
Subject: Re: cookies
Date: Fri, 3 Dec 1999 13:59:02 -0500
On Fri, 3 Dec 1999, karl malbrain wrote:
>
> E-mail <[EMAIL PROTECTED]> wrote in message
> news:Pine.LNX.4.04.9912031304560.17276-100000@shell...
> >
> >
> > Many web sites are pretty insistent about taking cookies. Why?
> >
> > I am suspicious about it because I see it as violation of privacy
> > and possibly a means of breaking into data not mentioned in the
> > reasons they give.
>
> COOKIES go to the very core of the design of the WEB. The web server was
> designed as a STATELESS entity which requires that each CLIENT submit its
> own STATE with every request/transaction. The COOKIES are a form of
> DISTRIBUTED DATABASE. Karl M
Karl,
Thank you for your reply. Could you tell me how this affects my
concern? I'm sure it's not your fault, but I don't understand how
this analysis relates to my privacy concerns. Do they know who I am
whether or not I accept the cookie? Can they get additional
information from my hard disk drive if I accept a cookie? You know.
Informed consent, and all of that.
Thanks for your help.
Jim
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Peekboo Ideas? >> Oops, problem ... 2nd
Date: Fri, 03 Dec 1999 14:07:48 -0500
Oops, problem ... 2nd
In public + private cryptography only public key is needed to encrypt.
Why in Peekboo we need to create share between public + private to encrypt to
public only.
Why public + public keys share can not be created ? >> like your key + my key ?
--
Thanks, Richard
===================================
Tom St Denis wrote:
>
> [EMAIL PROTECTED] wrote:
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
