Cryptography-Digest Digest #990, Volume #10 Thu, 27 Jan 00 21:13:00 EST
Contents:
Re: Strong stream ciphers besides RC4? ("Matt")
Re: How much does it cost to share knowledge? (Tom St Denis)
Re: Intel 810 chipset Random Number Generator (Michael Kagalenko)
Re: Intel 810 chipset Random Number Generator (Michael Kagalenko)
Re: Intel 810 chipset Random Number Generator (Michael Kagalenko)
Re: Any Reference on Cryptanalysis on RSA ? (William Hugh Murray)
Re: How much does it cost to share knowledge? ("Trevor Jackson, III")
Re: NEC claims New Strongest Crypto Algor (NFN NMI L.)
Re: Intel 810 chipset Random Number Generator ("Trevor Jackson, III")
Re: Intel 810 chipset Random Number Generator ("Trevor Jackson, III")
Re: Intel 810 chipset Random Number Generator (Michael Kagalenko)
Re: Any Reference on Cryptanalysis on RSA ? (William Hugh Murray)
Attn: Bob Baldwin (Paul Rubin)
Re: Any Reference on Cryptanalysis on RSA ? (William Hugh Murray)
Re: Intel 810 chipset Random Number Generator (Michael Kagalenko)
Re: Intel 810 chipset Random Number Generator (Michael Kagalenko)
Re: Intel 810 chipset Random Number Generator (Michael Kagalenko)
----------------------------------------------------------------------------
From: "Matt" <[EMAIL PROTECTED]>
Subject: Re: Strong stream ciphers besides RC4?
Date: Thu, 27 Jan 2000 19:27:25 -0600
x-no-archive: yes
> I'm looking for a strong stream cipher that isn't copyrighted. I seem
> to see a large choice of block ciphers, but very few stream ciphers...
Check out Sapphire II:
ftp://ftp.jyu.fi/.3/ftp.zedz.net/pub/replay/mirror/ftp.cryptography.org/libr
aries/
Its been around a number of years. Very strong, I've heard?
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: How much does it cost to share knowledge?
Date: Fri, 28 Jan 2000 01:20:55 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> > Math always existed we are just *finding* it.
>
> Very many mathematicians would disagree with you!
That's like saying we discovered a quark, so it must not have existed
before then.
> > That's why patents must be abolished.
>
> If expensive development costs cannot be recouped by a legal
> claim on the process, you can be *sure* that the process is
> *not* going to be openly published. The purpose of the patent
> system is to ensure publication of new ideas by guaranteeing
> that the inventor can be rewarded for his work.
Why can't the compensation be knowing you found something using your
talents. and that your hard work has provided something new for
society?
>
> > It's analogous to patenting a new found island because you
> > found it first. That's silly.
>
> "Straw men" are always silly. Islands are *claimed* for
> possession, not patented. And claiming newly discovered
> territory is *not* silly, it is standard historical practice.
>
> I know that schools don't teach much these days, but surely
> they must have covered *that*.
>
> > Common we are suppose to be evolving as a society yet we
> > cling to some paper with printing on it. that's very primitive.
>
> Taking somebody's property without permission or compensation
> is *not* primitive? Where do you get your ideas??
People get killed [and still are] over land disputes. Is that civil?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 28 Jan 2000 01:21:52 GMT
Reply-To: [EMAIL PROTECTED]
Terry Ritter ([EMAIL PROTECTED]) wrote
]
]On 26 Jan 2000 03:38:26 GMT, in <86lq7i$lr2$[EMAIL PROTECTED]>, in
]sci.crypt [EMAIL PROTECTED] (Michael Kagalenko) wrote:
]
]>[...]
]> It produces clock drift, which can be measured to produce numbers as random
]> as the thermal noise from a resistor.
]
]No. Quartz crystal oscillator noise produces phase *jitter*, which is
]*not* "drift." Jitter is a cycle-by-cycle period variation. Now, the
]jitter itself *could* be detected and used as randomness, because it
]is the direct result of noise. But that would require the ability to
]detect picosecond differences on a cycle-by-cycle basis at the
]oscillator frequency, e.g., 20 MHz, which would not be trivial.
Again nope. This cycle-by-cycle period variation produces clock drift, which
grows with time. Precisely how it does so can be evaluated using
fluctuation-dissipation theorem. If I feel like it, I might
even do the computation one day.
]
]Because noise is normally-distributed, tiny, and bipolar, it tends to
]a mean of zero in just a few cycles.
Well, that's your error right here. Mean zero does not mean zero drift-
it means that the drift in either direction is equally likely.
Brownian particle's average position stays the same, while
average distance from the original position does not.
] The result is "the" frequency.
]Quartz crystal oscillator jitter does not cause frequency drift.
]Ambient temperature variations do cause frequency drifts, but this
]effect is well-known and repeatable.
See above.
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 28 Jan 2000 01:24:07 GMT
Reply-To: [EMAIL PROTECTED]
Terry Ritter ([EMAIL PROTECTED]) wrote
]
]On 26 Jan 2000 03:38:26 GMT, in <86lq7i$lr2$[EMAIL PROTECTED]>, in
]sci.crypt [EMAIL PROTECTED] (Michael Kagalenko) wrote:
]
]>[...]
]> It produces clock drift, which can be measured to produce numbers as random
]> as the thermal noise from a resistor.
]
]No. Quartz crystal oscillator noise produces phase *jitter*, which is
]*not* "drift." Jitter is a cycle-by-cycle period variation. Now, the
]jitter itself *could* be detected and used as randomness, because it
]is the direct result of noise. But that would require the ability to
]detect picosecond differences on a cycle-by-cycle basis at the
]oscillator frequency, e.g., 20 MHz, which would not be trivial.
Again nope. This cycle-by-cycle period variation produces clock drift, which
grows with time. Precisely how it does so can be evaluated using
fluctuation-dissipation theorem. If I feel like it, I might
even do the computation one day.
]
]Because noise is normally-distributed, tiny, and bipolar, it tends to
]a mean of zero in just a few cycles.
Well, that's your error right here. Mean zero does not mean zero drift-
it means that the drift in either direction is equally likely.
Brownian particle's average position stays the same, while
average distance from the original position does not.
] The result is "the" frequency.
]Quartz crystal oscillator jitter does not cause frequency drift.
]Ambient temperature variations do cause frequency drifts, but this
]effect is well-known and repeatable.
See above.
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 28 Jan 2000 01:30:00 GMT
Reply-To: [EMAIL PROTECTED]
Trevor Jackson, III ([EMAIL PROTECTED]) wrote
]Michael Kagalenko wrote:
]
]> Terry Ritter ([EMAIL PROTECTED]) wrote
]> ]
]> ]I missed the previous message, but...
]> ]On 25 Jan 2000 09:23:15 -0500, in <86kbkj$[EMAIL PROTECTED]>,
]> ]in sci.crypt [EMAIL PROTECTED] (Herman Rubin) wrote:
]> ]
]> ]>In article <eYOO80rZ$GA.220@cpmsnbbsa04>,
]> ]>Joseph Ashwood <[EMAIL PROTECTED]> wrote:
]> ]>>> All I need to do is measure the clock drift. Aging of the crystal can
]> ]>>> be corrected with re-calibartion.
]> ]>
]> ]>>But that itself introduces biases in the numbers generated.
]> ]>>Let's take a probably not all that great example. Lets take a crystal of
]> ]>>frequency F(with a random component measurably small),
]> ]
]> ]Not only is noise-based quartz crystal jitter "measurably small," it
]> ]is also bipolar, normally-distributed, and independent on a
]> ]cycle-by-cycle basis. It does not produce long-term frequency
]> ]variations, it produces a wider "bandwidth."
]>
]> It produces clock drift, which can be measured to produce numbers as random
]> as the thermal noise from a resistor.
]
]Crap.
Indeed, what you say below is crap.
]
]Measured how? You are erroneously postulating a reference more accurate than
]the most accurate device in the whole PC.
Nope, I don't postulate this. I am pointing out the well-known fact that
atomic reference clocks can be accessed if the computer is connected
to the internet. Net latency will result in some uncertainty in time,
which will merely mean that it will be necessary to wait sufficient
time to make sure accumulated clock drift is bigger than this network error.
]Further, you are assuming that clock drift is unpredictable. This is simply
]invalid.
No. You are wrong. Since quartz crystals have mechanical losses, they
will have thermal noise, for the same mathematical reason that
resistor has thermal noise.
] Given a small sample of measurements it is straightforward to
]extrapolate the drift. That means it is predictable. That means it isn't
]random. That means your argument fails.
No, - it means that you a) did not read my post, where I said that
systematic drift can and should be eliminated
b) do not understand why random noise will produce truly random clock
drift.
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Subject: Re: Any Reference on Cryptanalysis on RSA ?
Date: Fri, 28 Jan 2000 01:36:14 GMT
Keith A Monahan wrote:
>
> Quoting from Bruce Schneier's Applied Cryptography,
>
> Table 7.9
> Symmetric and Public-key Key Lengths
> with Similar Resistances to Brute-Force Attacks
>
> Symmetric Public-key
> Key Length Key Length
>
> 56 bits 384 bits
> 64 bits 512 bits
> 80 bits 768 bits
> 112 bits 1792 bits
> 128 bits 2304 bits
>
> I'm not sure what you mean about legitimate key space vs. illegitimate,
> but perhaps this helps.
>
> Keith
>
> Ip Ting Pong, Vincent ([EMAIL PROTECTED]) wrote:
> : Hi all,
>
> : I want to study the relationship of the strength between the key length of
> : RSA and the key length of DES.
> : For example,
> : Currently, 1024 bit RSA and 64 bit DES are the de facto strong key length.
>
> : I want to know if the "legitimate" key space of 1024 bit RSA key is more or
> : less equal to 64 bit key?
>
> : Thanks in advance.
>
> : With regards,
> : Ah Pong
Almost all numbers from 0 to 2^56 are valid DES keys, and therefore the
number of valid keys is 2^56. The ratio of valid keys in the space to
numbers in the space is almost 1. He understands that not all of the
numbers in the space 0 to 2^1024 are valid RSA keys. He is asking how
many valid RSA keys are there in 1024 bit number space. Or, what is the
ratio of the number of valid RSA keys in the space to the number of
numbers in the space. I am not sure that that will tell him what he
thinks it will but it I would like to know the answer to the question
too.
William Hugh Murray
New Canaan, CT
------------------------------
Date: Thu, 27 Jan 2000 20:45:45 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: How much does it cost to share knowledge?
Tom St Denis wrote:
> In article <[EMAIL PROTECTED]>,
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> > Tom St Denis wrote:
> > > Math always existed we are just *finding* it.
> >
> > Very many mathematicians would disagree with you!
>
> That's like saying we discovered a quark, so it must not have existed
> before then.
>
> > > That's why patents must be abolished.
> >
> > If expensive development costs cannot be recouped by a legal
> > claim on the process, you can be *sure* that the process is
> > *not* going to be openly published. The purpose of the patent
> > system is to ensure publication of new ideas by guaranteeing
> > that the inventor can be rewarded for his work.
>
> Why can't the compensation be knowing you found something using your
> talents. and that your hard work has provided something new for
> society?
It can be. But you cannot force everyone to work for the compensation of
_your_ choice. N.B., it's tough to feed your status to your hungry
children.
------------------------------
From: [EMAIL PROTECTED] (NFN NMI L.)
Subject: Re: NEC claims New Strongest Crypto Algor
Date: 28 Jan 2000 01:46:27 GMT
<<creates a number of fake keys in addition to the true encryption key. >>
What?
<<NEC says when compared to its previous technology, 1039 calculations would be
necessary to crack the new code.>>
Reporters never understand anything. Surely NEC isn't this stupid.
<<A encryption software interface is compatible with the Data Encryption
Standard (DES) encryption standard, as well as with the next-generation
Advanced Encryption Standard (AES).... Researchers said tests showed the
technology went beyond even the requirements of the AES standard. >>
Moron! It fits the requirements, but it not COMPATIBLE with. Geez, some
reporters. 'Specially since AES hasn't been chosen yet.
S. "Confused article" L.
------------------------------
Date: Thu, 27 Jan 2000 20:52:17 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Michael Kagalenko wrote:
> Terry Ritter ([EMAIL PROTECTED]) wrote
> ]
> ]On 26 Jan 2000 03:38:26 GMT, in <86lq7i$lr2$[EMAIL PROTECTED]>, in
> ]sci.crypt [EMAIL PROTECTED] (Michael Kagalenko) wrote:
> ]
> ]>[...]
> ]> It produces clock drift, which can be measured to produce numbers as random
> ]> as the thermal noise from a resistor.
> ]
> ]No. Quartz crystal oscillator noise produces phase *jitter*, which is
> ]*not* "drift." Jitter is a cycle-by-cycle period variation. Now, the
> ]jitter itself *could* be detected and used as randomness, because it
> ]is the direct result of noise. But that would require the ability to
> ]detect picosecond differences on a cycle-by-cycle basis at the
> ]oscillator frequency, e.g., 20 MHz, which would not be trivial.
>
> Again nope. This cycle-by-cycle period variation produces clock drift, which
> grows with time. Precisely how it does so can be evaluated using
> fluctuation-dissipation theorem. If I feel like it, I might
> even do the computation one day.
Please do -- it will certainly make you feel better.. But do it in private and
wash your hands afterward.
------------------------------
Date: Thu, 27 Jan 2000 20:54:14 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Michael Kagalenko wrote:
> Trevor Jackson, III ([EMAIL PROTECTED]) wrote
> ]Michael Kagalenko wrote:
> ]
> ]> Terry Ritter ([EMAIL PROTECTED]) wrote
> ]> ]
> ]> ]I missed the previous message, but...
> ]> ]On 25 Jan 2000 09:23:15 -0500, in <86kbkj$[EMAIL PROTECTED]>,
> ]> ]in sci.crypt [EMAIL PROTECTED] (Herman Rubin) wrote:
> ]> ]
> ]> ]>In article <eYOO80rZ$GA.220@cpmsnbbsa04>,
> ]> ]>Joseph Ashwood <[EMAIL PROTECTED]> wrote:
> ]> ]>>> All I need to do is measure the clock drift. Aging of the crystal can
> ]> ]>>> be corrected with re-calibartion.
> ]> ]>
> ]> ]>>But that itself introduces biases in the numbers generated.
> ]> ]>>Let's take a probably not all that great example. Lets take a crystal of
> ]> ]>>frequency F(with a random component measurably small),
> ]> ]
> ]> ]Not only is noise-based quartz crystal jitter "measurably small," it
> ]> ]is also bipolar, normally-distributed, and independent on a
> ]> ]cycle-by-cycle basis. It does not produce long-term frequency
> ]> ]variations, it produces a wider "bandwidth."
> ]>
> ]> It produces clock drift, which can be measured to produce numbers as random
> ]> as the thermal noise from a resistor.
> ]
> ]Crap.
>
> Indeed, what you say below is crap.
>
> ]
> ]Measured how? You are erroneously postulating a reference more accurate than
> ]the most accurate device in the whole PC.
>
> Nope, I don't postulate this. I am pointing out the well-known fact that
> atomic reference clocks can be accessed if the computer is connected
> to the internet. Net latency will result in some uncertainty in time,
> which will merely mean that it will be necessary to wait sufficient
> time to make sure accumulated clock drift is bigger than this network error.
>
> ]Further, you are assuming that clock drift is unpredictable. This is simply
> ]invalid.
>
> No. You are wrong. Since quartz crystals have mechanical losses, they
> will have thermal noise, for the same mathematical reason that
> resistor has thermal noise.
>
> ] Given a small sample of measurements it is straightforward to
> ]extrapolate the drift. That means it is predictable. That means it isn't
> ]random. That means your argument fails.
>
> No, - it means that you a) did not read my post, where I said that
> systematic drift can and should be eliminated
> b) do not understand why random noise will produce truly random clock
> drift.
I see. I should be talking to your handler rather than his patient.
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 28 Jan 2000 01:35:18 GMT
Reply-To: [EMAIL PROTECTED]
Vernon Schryver ([EMAIL PROTECTED]) wrote
]In article <86lqa2$m6p$[EMAIL PROTECTED]>,
]Michael Kagalenko <[EMAIL PROTECTED]> wrote:
]
]> ...
]> That's totally unrelated to the method that I proposed.
]
]As far as I know, the only method Mr. Kagalenko has come even slightly
]close to proposing seemed to involve measuring the drift of a personal
]computer's clock compared to high precision clocks via the Internet.
Incorrect, - I made it uite clear that this is the method that
I proposed.
] In
]response to Mr. Kagalenko's almost reference to that method, I wrote at
]length why that idea has for more than ten years been known to be a very
]poor way of obtaining random numbers suitable for any purpose, other than
]measuring the temperature of computer rooms and sometimes the degree of
](in)activity of computers.
You did not show that you undestand my argument, which has
to do with clock drift originating from thermally random (meaning,
resulting from quartz's coupling to thermodynamical reservoir, as per
fluctuation-disspation theorem) noise.
] I also pointed out that an enemy can manipulate
]measurements of clock drift over the Internet without hope of detection,
]which makes the notion useless for obtaining random numbers for encryption.
NTP protocol provides for cryptographic authentication,
I believe. IPSec can also be used against this objection. It does
require that the clock is trusted.
]I expect to never see another of Mr. Kagalenko articles, so I may
]never know if he had in mind some other, less implausible method.
]That might be unfortunate for me, because like many people, I would
]be very interested in another good, cheap, and fast method to get
]secret, truely random numbers.
Thanks for letting me have the last word.
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Subject: Re: Any Reference on Cryptanalysis on RSA ?
Date: Fri, 28 Jan 2000 01:53:22 GMT
Bob Silverman wrote:
>
> In article <86p785$5ut$[EMAIL PROTECTED]>,
> "Ip Ting Pong, Vincent" <[EMAIL PROTECTED]> wrote:
> > Hi all,
> >
> > I want to study the relationship of the strength between the key
> length of
> > RSA and the key length of DES.
>
> Good for you. There is a problem, however. It is generally
> impossible. Breaking DES requires time only. Breaking RSA requires
> lots of time and MASSIVE space.
>
> If breaking both took 10 hours, but DES required 2KB RAM while RSA took
> 10 Gbytes, one might say RSA is harder [at the very least one has to
> spend more on hardware]. But suppose DES took 10 hours while
> RSA took "only" 8 hours but required 1 Tbyte of memory. Which would
> you say is harder?
>
> You can't easily compare the two. The dimensions which measure the
> difficulty of the two problems are not compatible.
>
> > For example,
> > Currently, 1024 bit RSA and 64 bit DES are the de facto strong key
> length.
>
> There is no such thing as 64 bit DES.
>
> >
> > I want to know if the "legitimate" key space of 1024 bit RSA key is
> more or
> > less equal to 64 bit key?
>
> The security of RSA has NOTHING to do with the size of the key space
> since the best attacks are not brute force. I don't know what you
> mean by "legitimate".
He means what percentage of the numbers in the number space satisfy the
requirements of those that are valid RSA keys.
Said another way, if an RSA key is a set of numbers, e, d, n, that
satisfy the following condition:
(M^e mod n)^d mod n = M
How many such numbers/keys are there in a 1024 bit number space? I have
often wondered about the answer to this question myself.
Please ignore whether or not you think that the answer to the question
is useful or meaningful.
[While it may be true that there are cheaper attacks than a brute force
attack, the
cost of a brute force attack is still an interesting number. It is the
maximum amount of work anyone would have to expend even if he knew
nothing else.]
William Hugh Murray, CISSP
>
> --
> Bob Silverman
> "You can lead a horse's ass to knowledge, but you can't make him think"
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Attn: Bob Baldwin
Date: 28 Jan 2000 01:56:17 GMT
Are you around? Please email me privately. Thanks.
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Subject: Re: Any Reference on Cryptanalysis on RSA ?
Date: Fri, 28 Jan 2000 01:57:15 GMT
"Douglas A. Gwyn" wrote:
>
> "Ip Ting Pong, Vincent" wrote:
> > Currently, 1024 bit RSA and 64 bit DES are the de facto strong key
> > length.
>
> DES uses a 56-bit key. It is known to be crackable with today's
> technology, with an expenditure of resources that are affordable
> in many practical contexts.
>
> > I want to know if the "legitimate" key space of 1024 bit RSA key
> > is more or less equal to 64 bit key?
>
> There is no relationship between the two systems nor their key
> lengths.
Perhaps. However, I was once given a rule of thumb that said an RSA key
had to be 8 to 10 times the number of bits to have equivalent work
factor to a DES key. Was there no validity to that rule of thumb?
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 28 Jan 2000 01:51:13 GMT
Reply-To: [EMAIL PROTECTED]
Scott Nelson ([EMAIL PROTECTED]) wrote
]On 26 Jan 2000 [EMAIL PROTECTED] (Michael Kagalenko) wrote:
]
]>Terry Ritter ([EMAIL PROTECTED]) wrote
]>]
]>]Again, I missed the previous message...
]>]On 25 Jan 2000 09:19:50 -0500, in <86kbe6$[EMAIL PROTECTED]>,
]>]in sci.crypt [EMAIL PROTECTED] (Herman Rubin) wrote:
]>]
]>]>In article <86gd0n$qmf$[EMAIL PROTECTED]>,
]>]>Michael Kagalenko <[EMAIL PROTECTED]> wrote:
]>]
]>]>>[...]
]>]>> What I am pointing out that to the extent
]>]>> that quartz crystal, any quartz crystal, dissipates mechanical energy,
]>]>> it will produce thermally random noise, according to the flustuation-
]>]>> dissipation theorem.
]>]
]>]And this random noise produces "jitter" which is normally-distributed,
]>]tiny, bipolar, and independent on a cycle-by-cycle basis. This
]>]affects the "bandwidth" of the signal, not frequency measurements
]>]which cover many cycles of operation.
]>
]> As I pointed out before, you need some remedial reading on the
]> statistical physics. Try Feinman's lectures about mathematics
]> of brownian walk. May be, you'll understand that what you
]> write is incorrect.
]>
]
]Thanks for the pointer. I read the whole thing from
]cover to cover, and I still think you're wrong and
]Terry is right.
That means that you have not understood the physics of Brownian random walk.
Please, re-read the lectures once again, this time paying attention.
] I suggest you read the Encyclopedia
]Britannica. Please don't post again until you have a
]full and complete understanding of everything in it.
]
]I think everyone agrees there is noise in the system,
]the question is how much noise, and how measurable
]is the noise.
More important is the disagreement about what kind of noise I am
talking about. So far, no one evinced any signs of having
understood what I am saying in plain English over and over and over.
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 28 Jan 2000 01:47:39 GMT
Reply-To: [EMAIL PROTECTED]
Terry Ritter ([EMAIL PROTECTED]) wrote
]
]On 26 Jan 2000 03:47:48 GMT, in <86lqp4$mt9$[EMAIL PROTECTED]>, in
]sci.crypt [EMAIL PROTECTED] (Michael Kagalenko) wrote:
]
]>Terry Ritter ([EMAIL PROTECTED]) wrote
]>]
]>]Again, I missed the previous message...
]>]On 25 Jan 2000 09:19:50 -0500, in <86kbe6$[EMAIL PROTECTED]>,
]>]in sci.crypt [EMAIL PROTECTED] (Herman Rubin) wrote:
]>]
]>]>In article <86gd0n$qmf$[EMAIL PROTECTED]>,
]>]>Michael Kagalenko <[EMAIL PROTECTED]> wrote:
]
]>][...]
]>]>The reason a resistor produces the
]>]>> thermal noise is that same theorem.
]>]
]>]And do resistors also "drift"? It is the same theorem, after all....
]>
]> You must be trying to crack me up, Mr.Ritter. Good thing I wasn't
]> drinking coffee.
]
]You have a direct question: answer it.
Your question is not even wrong, Mr.Ritter. The analogy to the number
of cycles of the quart crystal won't be voltage, or current; it
will be charge flown through the resistor, or integral of current over
time.
]The thermal noise in resistors ("Johnson noise") is white noise at a
]very low level. It does not produce resistance drift; nor does a
]voltage impressed across that resistor tend to drift because of noise.
]The noise is tiny, normally-distributed, and bipolar; averaged out, it
]is zero. Instantaneously, Johnson noise may add to or subtract from
]impressed voltage, but it does not accumulate, and averages out to
]zero.
See above, - you use analogy with reistor erroneously.
]If we want to use noise for randomness, we must detect transient
]nature. We can do that, but it does not accumulate.
]
]
]>]>I am also pointing out that this
]>]>> thermal noise will lead to brownian-walk drift of the clock which
]>]>> can be measured to produce truly unpredictable random data.
]>]
]>]I am aware of no publication which suggests a "brownian-walk" from
]>]crystal noise. That simply does not happen. Jitter is bipolar and
]>]cycle-by-cycle independent.
]>
]> So is motion of brownian particle. Yet the average square of the
]> position grows linearly with time (provided it starts from
]> the origin).
]
]And just what particle do you imagine noise to be, and how do we sense
]that distance?
Your questin is not even wrong, again. I do not imagine the noise to
be any "particle." The analogy I am drawingi s between dynamic
variables of brownian particle, and dynamic variables of quartz
oscillator.
]Noise does not change crystal oscillation frequency, even
]instantaneously.
Well, that is flat out wrong. If it were so, there wouldn't be any
need for atomic clocks, as they would have the same long-term
accuracy as thermally stablized quartz crystal.
] The crystal continues to physically flex and vibrate
]at exactly the same frequency.
No. That's incorrect. Quartz crystal has losses since it
is not perfectly elastic. Losses mean that the mechanical oscillation
is coupled to thermal noise.
] Noise in the circuit which senses the
]oscillation does produce the tiny phase variations known as "jitter."
]But jitter is not cumulative: it does not have position, it does not
]accumulate an offset; it is merely a perceived variation from the
]continued sine-wave flexing of the crystal. The bipolar noise
]averages out.
Again you are wrong; I am not talking about the error of measuring
the oscillations of the crystal.
]
]>][...]
]>]I claim the proposed effect simply does not exist at sensible levels.
]>
]> That's because you lack very basic understanding of the statistics
]> of Brownian random walk.
]
]Sorry. The effect simply does not exist.
Sorry, but you are plain wrong.
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 28 Jan 2000 01:53:52 GMT
Reply-To: [EMAIL PROTECTED]
Trevor Jackson, III ([EMAIL PROTECTED]) wrote
]Michael Kagalenko wrote:
]
]> Terry Ritter ([EMAIL PROTECTED]) wrote
]> ]
]> ]On 26 Jan 2000 03:38:26 GMT, in <86lq7i$lr2$[EMAIL PROTECTED]>, in
]> ]sci.crypt [EMAIL PROTECTED] (Michael Kagalenko) wrote:
]> ]
]> ]>[...]
]> ]> It produces clock drift, which can be measured to produce numbers as random
]> ]> as the thermal noise from a resistor.
]> ]
]> ]No. Quartz crystal oscillator noise produces phase *jitter*, which is
]> ]*not* "drift." Jitter is a cycle-by-cycle period variation. Now, the
]> ]jitter itself *could* be detected and used as randomness, because it
]> ]is the direct result of noise. But that would require the ability to
]> ]detect picosecond differences on a cycle-by-cycle basis at the
]> ]oscillator frequency, e.g., 20 MHz, which would not be trivial.
]>
]> Again nope. This cycle-by-cycle period variation produces clock drift, which
]> grows with time. Precisely how it does so can be evaluated using
]> fluctuation-dissipation theorem. If I feel like it, I might
]> even do the computation one day.
]
]Please do -- it will certainly make you feel better.. But do it in private and
]wash your hands afterward.
]
]
You are are boorish and unintelligent, Mr.Jackson. Welcome to my kill-file.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
