Cryptography-Digest Digest #296, Volume #11 Fri, 10 Mar 00 13:13:01 EST
Contents:
Re: Universal Language ("ink")
Re: ZIP format is gone in the past. ("finecrypt")
Re: avoid man-in-the-middle known plaintext attack using a stream cipher (John Myre)
Re: Crypto Patents: Us, European and International. (John Savard)
Re: ZIP format is gone in the past. (=?iso-8859-1?Q?J=FCrgen_Nieveler?=)
Re: Crypto Patents: Us, European and International. (John Savard)
Re: encrypting to unknown public key? (John Myre)
Re: encrypting to unknown public key? (John Myre)
Re: Birthday paradox (John Myre)
Re: ZIP format is gone in the past. (Tim Tyler)
How does % operator deal with negative numbers? (Frank)
Re: ZIP format is gone in the past. (Gerhard Wesp)
Re: Crypto Patents: Us, European and International. (Mok-Kong Shen)
Re: Crypto Patents: Us, European and International. (Mok-Kong Shen)
Re: Universal Language ([EMAIL PROTECTED])
Re: why xor?(look out,newbie question! :) ([EMAIL PROTECTED])
Re: Universal Language (Mok-Kong Shen)
Re: Cheating in co-operative open-source games, how can we protect from it?
([EMAIL PROTECTED])
Re: Crypto Patents: Us, European and International. (Terry Ritter)
Re: Crypto Patents: Us, European and International. (Terry Ritter)
Re: How does % operator deal with negative numbers? ([EMAIL PROTECTED])
Re: Universal Language ([EMAIL PROTECTED])
Re: NIST, AES at RSA conference (Terry Ritter)
----------------------------------------------------------------------------
From: "ink" <[EMAIL PROTECTED]>
Subject: Re: Universal Language
Date: Fri, 10 Mar 2000 16:15:59 +0100
SCOTT19U.ZIP_GUY schrieb in Nachricht <8ab0h0$2ibo$[EMAIL PROTECTED]>...
> Since American English is the language of the Technical age why not just
>have everyone learn English.
I wonder what 1.2 Billion Chinese and 1 Billion people from India say to
that...
Kurt
------------------------------
From: "finecrypt" <[EMAIL PROTECTED]>
Subject: Re: ZIP format is gone in the past.
Date: Fri, 10 Mar 2000 18:23:53 +0300
>I can't second that - I for my part see ZIP files ad documents
>which are opened with an application. And just as with VBA
>I don't like to see documents developing their own life.
Kurt,
I understand, you tell about data centered software design. Yes, FineCrypt
is even more data centered than WinZip. For decompress zip archive (or
"data" in our terminology) you need at least decompessing software. And if
you did encrypt your zip archive (not with WinZip of course :)) you also
need decrypting software.
And for decompessing and decrypting FineCrypt's self-extractor you need not
decompressing software nor decrypting software. You need only this
self-extracting executable. Data centered software design in its ultimate
maximum.
http://www.finecrypt.com/index.html
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: avoid man-in-the-middle known plaintext attack using a stream cipher
Date: Fri, 10 Mar 2000 08:32:19 -0700
[EMAIL PROTECTED] wrote:
>
<snip>
> Also, there is no way to be 100% protected against such attacks, not even if
> you append a 1024-bit signature at the end of each message.
<snip>
> Are you suggesting that we should
> have disregarded these restrictions and argued that they were a lucky
> coincidence?
No, he's arguing that "lucky" against 2^16 is insufficiently
improbable to ignore. Something bad will eventually happen,
even though the attacker is not certain of success, because
the attacker (more likely, a number of them) will try anyway.
Why not?
Whereas 1024 bit (public key), while not 100%, *is* sufficient.
At least, according to current, publicly known theory, the
chances of success for the attacker are so low that that even
impossibly large numbers of attempts are still unlikely to work.
The goal of cryptanalysis is to quantify this.
John M.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Crypto Patents: Us, European and International.
Date: Fri, 10 Mar 2000 09:06:52 GMT
[EMAIL PROTECTED] wrote, in part:
>2. In many cases and for many purposes copyright protection might be more
>effective. Patents may protect a method. Copyrights protect results of
>intellectual processes, viewed as contextually dependent conceptual
>integers.
Copyright can offer virtually no protection for an algorithm or an
idea. It only protects particular expressions of an idea. Thus, if you
have invented a new algorithm, relying on copyright to protect it is
extremely hazardous.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: =?iso-8859-1?Q?J=FCrgen_Nieveler?= <[EMAIL PROTECTED]>
Subject: Re: ZIP format is gone in the past.
Date: Fri, 10 Mar 2000 17:04:05 +0100
"finecrypt" <[EMAIL PROTECTED]> schrieb im Newsbeitrag =
news:8ab43o$5o8$[EMAIL PROTECTED]...
> I understand, you tell about data centered software design. Yes, =
FineCrypt
> is even more data centered than WinZip. For decompress zip archive (or
> "data" in our terminology) you need at least decompessing software. =
And if
> you did encrypt your zip archive (not with WinZip of course :)) you =
also
> need decrypting software.
>=20
> And for decompessing and decrypting FineCrypt's self-extractor you =
need not
> decompressing software nor decrypting software. You need only this
> self-extracting executable. Data centered software design in its =
ultimate
> maximum.
>=20
But we can have all that and more with PGP 6.5.x freeware....
So why should we use your software?
--=20
Juergen Nieveler
Support the ban of Dihydrogen Monoxide: http://www.dhmo.org/
"The people united can never be ignited!"- Sgt. Colon, Ankh-Morpork =
Watch
PGP-Key available under www.netcologne.de/~nc-nievelju/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Crypto Patents: Us, European and International.
Date: Fri, 10 Mar 2000 09:08:42 GMT
[EMAIL PROTECTED] (Bill Unruh) wrote, in part:
>No. Prior art invalidates all subsequent patent rights. Thus you, by
>making something public and thus prior art extinguish everyone else's
>right to patent that thing. Thus you can "give up the rights of others".
By making something public, that no one else has patented, you are not
taking away something that someone else owns. It's something
previously patented that one can't unpatent.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: encrypting to unknown public key?
Date: Fri, 10 Mar 2000 09:07:30 -0700
Is there any reason why you require the decryption function to
work with both a blinded key and the original public key? It
would seem easier (i.e., to admit more solutions) without that
restriction.
John M.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: encrypting to unknown public key?
Date: Fri, 10 Mar 2000 09:10:50 -0700
"David A. Wagner" wrote:
>
<snip>
> Then a public key (u,v) may be blinded by choosing b
> at random and letting the blinded public key be (u^b,v^b).
Doesn't that fail to meet his requirement that you have to have
the original public key to compute a blinded one? I think the
above means blinding a blinded key produces another valid blinded
key.
John M.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Birthday paradox
Date: Fri, 10 Mar 2000 09:18:24 -0700
"Douglas A. Gwyn" wrote:
>
> This applies, for example, to "meet-in-the-middle" attacks, so
> for the concatenation of two separately keyed DES encryptions
> (56 bits per key), a MITM attack needs to encrypt approximately
> 2^57 times (2 * 2^56, with 2^56 being the square root of the
> total key space 2^56 * 2^56). This is the basis for the
> (simplistic) claim sometimes heard that 2DES is no more secure
> than 1DES.
I don't understand this. I thought that MITM was a time-space
tradeoff; if you do 2^57 encryptions (well, 2^56 decryptions and
2^56 encryptions) and have space for 2^56 results, you are
*guaranteed* to find the answer. Whereas the birthday "paradox"
is a probabalistic thing; it is *possible* to get 364 people in
a room with no duplicates - just unlikely.
What is the relationship between MITM and birthday paradox?
John M.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: ZIP format is gone in the past.
Reply-To: [EMAIL PROTECTED]
Date: Fri, 10 Mar 2000 16:01:08 GMT
finecrypt <[EMAIL PROTECTED]> wrote:
: It's more and more people prefer to use self-extracting executables instead
: of zip archives. [...]
On the other hand, those who don't like exposing their machine to viral
infection by simply opening an archive, and those who want their archive
to be openable on more than one operating system, or more than ove
processor type, may want to avoid self-extracting executables, literally,
like the plague.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
The more you complain, the longer God makes you live.
------------------------------
From: Frank <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.javascript
Subject: How does % operator deal with negative numbers?
Date: Fri, 10 Mar 2000 12:02:11 -0500
I'm trying to write some non-kludgy JavaScript for a simple
cryptography demonstration. One of the encrypt steps adds
key%97, so the obvious decrypt step should be (-1*key)%97.
In standard mathematics, -4 modulo 97 should equal 93.
Instead, Netscape returns -4, Explorer returns 4.
What's the deal? Is this going to be a royal pain?
-F
.
------------------------------
From: [EMAIL PROTECTED] (Gerhard Wesp)
Subject: Re: ZIP format is gone in the past.
Date: 10 Mar 2000 17:11:17 GMT
Reply-To: [EMAIL PROTECTED]
In article <8aar8b$it7$[EMAIL PROTECTED]>,
finecrypt <[EMAIL PROTECTED]> wrote:
>It's more and more people prefer to use self-extracting executables instead
now where did you get _that_ idea?!
>of zip archives. FineCrypt is the most popular tool in the world for
>creating strong encrypted self-extractors. Try it now.
no thanks... i'd never touch a self-extracting nor self-decrypting
file, let alone one made by proprietary software, for obvious security
reasons. apart from thoughts about waste of bandwith, etc. do you
really think people in this newsgroup are _that_ stupid?!
greetings,
-gerhard
--
| Gerhard Wesp http://www.cosy.sbg.ac.at/~gwesp
|
| Q: What do agnostic, insomniac dyslexics do at night?
| A: Stay awake and wonder if there's a dog.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Crypto Patents: Us, European and International.
Date: Fri, 10 Mar 2000 18:16:27 +0100
John Savard schrieb:
>
> [EMAIL PROTECTED] (Bill Unruh) wrote, in part:
>
> >No. Prior art invalidates all subsequent patent rights. Thus you, by
> >making something public and thus prior art extinguish everyone else's
> >right to patent that thing. Thus you can "give up the rights of others".
>
> By making something public, that no one else has patented, you are not
> taking away something that someone else owns. It's something
> previously patented that one can't unpatent.
How about publishing something which coincides with matters in the
patent application of someone but has not yet been published by the
office?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Crypto Patents: Us, European and International.
Date: Fri, 10 Mar 2000 18:16:21 +0100
Glenn Larsson wrote:
>
> - Anyone have a link to a search engine for European patents?
> (like the one at www.patents.ibm.com)
See
http://www.european-patent-office.org/espacenet/info/access_f.htm
If you don't engage patent lawyers and do the application yourself,
the total cost is 29800 EUR.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Universal Language
Date: Fri, 10 Mar 2000 17:10:26 GMT
In article <8ab3iv$22m$[EMAIL PROTECTED]>,
"ink" <[EMAIL PROTECTED]> wrote:
>
> SCOTT19U.ZIP_GUY schrieb in Nachricht <8ab0h0$2ibo$[EMAIL PROTECTED]>...
> > Since American English is the language of the Technical age why not
just
> >have everyone learn English.
>
> I wonder what 1.2 Billion Chinese and 1 Billion people from India say
to
> that...
Well, actually, large numbers of them already know, or are learning,
some English (although the numbers aren't quite as impressive as some
promoters of world English would have you think; about 10% of the
world's population speaks English ("speaks" here means at Level 3 of the
proficiency scale the U.S. State Dept. uses), and about half of those
are "native" speakers... but not necessarily of American English, it
includes Strine-speakers, Scots from the Outer Hebrides, Nepali
school-techers, japnese salary-men, and Rastafarian "scufflers' on teh
streets of MoBay, each of whose modes of pronunciation would produce
_very_ different phonetic transcriptions... and higher estimates, as
high as 15%, involves patent frauds like claiming that the _entire_
population of India speaks English, apparently because it's one of the 2
main official languages), but the English they speak wouldn't give
thesame phonetic transcription as using a radio announcer from St. Louis
Missouri, not to mention (1) a rap artist from LA (2) a college
professor from Chapel Hill, North Carolina (3) a home construction
contractor from rural Massachusetts, etc. Even "American English" is not
exactly a phonetic monolith.
But maybe we shouldn't disturb all these armchair theoreticians with
_facts_... ;-)
George, who has always thought that the best argument against
english spelling reform is that he wouldn't be able to read
newspapers from Melbourne, Kathmandu, Singapore, Manchester, and
Edinburgh (not to mention Atlanta) wihtou some sort of dictionary
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: why xor?(look out,newbie question! :)
Date: Fri, 10 Mar 2000 17:10:13 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Incidentally, I tried sometime ago to find some concrete
> algorithm or code with which to test the independence of two
> bit sources, but sofar without success. I should be very
> grateful, if someone could provide a reference or a hint.
>
> M. K. Shen
>
There's one statistical test of independence called hi-square test of
indenpendence,and it shouldn't be hard to implement in code...It
compares 2 rows of numbers and checks with given probability if they are
independent...Ofcourse it can't say if they are really indenpendent,just
what chances are that they are...
Ivan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Universal Language
Date: Fri, 10 Mar 2000 18:27:43 +0100
Douglas A. Gwyn wrote:
>
> drickel wrote:
> > People who thought in it would think faster the same way people
> > who spoke it would speak faster (more words (ideas)/second).
>
> Many people do much of their thinking in nonlinguistic modes.
> (Verbalizing often occurs only near the end of a thought process.)
I previously had the same opinion. But I am not quite sure now.
I suppose in most languages adjectives generally precede the nouns
but in French it is the opposite. Could we call that nonlinguistic?
Further, in subordinate clauses in German the verbs stand at the end.
Such matters can cause difficulties to foreigners but I doubt
whether the natives have problmes due to their 'natural' mode
of thought not in confomity with the linguistic features of their
languages.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Cheating in co-operative open-source games, how can we protect from it?
Date: 10 Mar 2000 09:10:17 -0800
In article <fPsx4.1508$[EMAIL PROTECTED]>,
Peter Henningsen <[EMAIL PROTECTED]> wrote:
> We would like to ask for your help in developing a cryptological protocol
>that can be used to protect files from tampering by the user in co-operative
>open source games/virtual worlds. Specific ways of cheating that we want to
>guard against are falsifying of game scores, creating God-characters by
>hacking code instead of earning similar status in the game world, or
>tainting an evolutionary process in a virtual world by falsely propagating
>and promoting artificial life entities. In all these cases, files on the
We're facing many of these same issues in the Kosmos Online project,
http://plank.yi.org/ . As the group's resident crypto hobbyist, it keeps
falling on me to explain the situation to the other participants. I don't
think it's really hard to understand... the only hard part is getting
people to understand that the relevant mathematical principles *cannot* be
defeated by more complicated algorithms. You might want to go to that
site and dig around in the mailing list archives to see some of the
discussions we've had.
The important consideration is that the user has *all* the powers that are
given to the client software. You *cannot* prevent people from using
modified clients; all you can do it prevent modified clients from
providing an unfair game advantage.
If the client software gets access to information that would provide an
unfair game advantage to the user, then the user can obtain that
advantage. If the client software can send commands that would give the
user an unfair game advantage (for instance by sending movement commands
faster than a human can type), then the user can obtain that advantage.
All enforcement of game rules must be done by the server. You might want
to put enforcement of rules like "you can't walk through a wall" into the
client too, for speed, but you cannot depend on the client to actually
enforce those.
The server can sign data files with any standard signature scheme, but if
you have a client program signing files, then the user will have the power
to make those signatures whether your original client would permit it or
not. You also have to consider things like clients making backups of "my
current character" files; any data stored on the client machine that the
client doesn't "own", must be recorded at least as a checksum on the
server too.
Remember the anti-SDMI creed:
If I can see it, I can record it.
If I can hear it, I can record it.
If my computer can execute it, I can comprehend it.
I can teach these abilities to others.
As a result, it's a losing proposition to write obfuscated general-purpose
code and hope that the users won't be able to understand it (especially if
it's gonna be open source!). There are a few special protocols which
allow blind computation in narrowly limited situations, e.g. the blinded
substring search I discussed at http://www.islandnet.com/~mskala/limdiff.html
but those do not generalize to something as complicated as a game.
--
Matthew Skala "Ha!" said God, "I've got Jon Postel!"
[EMAIL PROTECTED] "Yes," said the Devil, "but *I've* got
http://www.islandnet.com/~mskala/ all the sysadmins!"
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Crypto Patents: Us, European and International.
Date: Fri, 10 Mar 2000 17:24:17 GMT
On 10 Mar 2000 03:07:05 GMT, in <8a9osp$9jo$[EMAIL PROTECTED]>,
in sci.crypt [EMAIL PROTECTED] (Bill Unruh) wrote:
>In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Terry Ritter) writes:
>
>
>>On 10 Mar 2000 00:09:31 GMT, in <8a9efr$9ud$[EMAIL PROTECTED]>, in
>>sci.crypt [EMAIL PROTECTED] wrote:
>
>>>1. A patent is not always necessary. If you make your findings public noone
>>>else will be able to patent any closely related algorithm.
>
>>This is, of course, only true if "you" are the first one to publish
>>the idea, or apply for the patent. "You" can give up your rights, but
>>you cannot give up the rights of others.
>
>No. Prior art invalidates all subsequent patent rights. Thus you, by
>making something public and thus prior art extinguish everyone else's
>right to patent that thing. Thus you can "give up the rights of others".
The crucial word here is "subsequent." Patent rights may well exist
even if no publication has yet occurred. Nobody else can give up
those rights, and if a patent issues, it will apply.
If someone has published first, they have started their patent process
-- they *are* the prior art -- and can finish (in the US) by formally
applying within a year. Subsequent publication by someone else is of
course not prior art.
If someone has invented first, with witnesses, they have started their
patent process, they are *not* the prior art and are not in the
literature, but can still apply within a year of the publication by
someone else. Clearly, publication by someone else has not affected
the right of someone to make such an application and collect property
rights in the published idea.
And if someone else has already applied for a patent, but has not yet
published, the fact of someone else publishing is not prior art for
that application. So someone else may have given up *their* rights in
that idea, but cannot affect any patent property rights which may be
established by the existing application.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Crypto Patents: Us, European and International.
Date: Fri, 10 Mar 2000 17:26:40 GMT
On Fri, 10 Mar 2000 09:08:42 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt [EMAIL PROTECTED]
(John Savard) wrote:
>[EMAIL PROTECTED] (Bill Unruh) wrote, in part:
>
>>No. Prior art invalidates all subsequent patent rights. Thus you, by
>>making something public and thus prior art extinguish everyone else's
>>right to patent that thing. Thus you can "give up the rights of others".
>
>By making something public, that no one else has patented, you are not
>taking away something that someone else owns. It's something
>previously patented that one can't unpatent.
Making something public does not affect exiting rights. All of the
requirements for patent, including reduction to practice in the
presence of witnesses, can be accomplished in secret. There is no
reason whatsoever to imagine that -- simply by publishing -- one has
prevented others from obtaining a patent on that very same idea. In
fact, patents can be applied for even after someone else's publication
of that idea, given witnesses and/or patent notebook records.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
Crossposted-To: comp.lang.javascript
From: [EMAIL PROTECTED]
Subject: Re: How does % operator deal with negative numbers?
Date: Fri, 10 Mar 2000 17:21:37 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Frank wrote:
> I'm trying to write some non-kludgy JavaScript for a simple
> cryptography demonstration. One of the encrypt steps adds
> key%97, so the obvious decrypt step should be (-1*key)%97.
>
> In standard mathematics, -4 modulo 97 should equal 93.
> Instead, Netscape returns -4,
so use: 97 + (-1*key)%97
or simply: 97 - (key%97)
> Explorer returns 4.
> What's the deal? Is this going to be a royal pain?
strange, it also returns -4 here (version 4.0)
- --
Disastry http://i.am/disastry/
remove .NOSPAM.NET for email reply
=====BEGIN PGP SIGNATURE=====
Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
Comment: get this Plugin at http://disastry.dhs.org/pgp.htm
iQA/AwUBOMkS8DBaTVEuJQxkEQLWWQCeJKqS1bX58ARGb4oY6LI6K0Vo/RcAn0oh
mdRfhRfanSu4u1A34Y+Cpgn2
=Joc3
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Universal Language
Date: Fri, 10 Mar 2000 17:16:45 GMT
In article <[EMAIL PROTECTED]>,
Jim Gillogly <[EMAIL PROTECTED]> wrote:
> Still, I had it from Jerry Pournelle's lips that he <knew> Heinlein
> had started from Loglan with the idea... and he wasn't all <that>
> many sheets to the wind at the time. I agree that there wasn't a
> perfect mapping between real Loglan and Kettle-Belly Baldwin's
> language (yes, <that> Baldwin).
Sorry, Jim! (and Jerry!) Does not compute. Gulf was published in the
Nov-Dec1949 issue of Astounding, but James Cooke Brown didn't publish
Loglan until 1955.
George
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: NIST, AES at RSA conference
Date: Fri, 10 Mar 2000 17:31:18 GMT
On 10 Mar 2000 08:38:19 GMT, in <[EMAIL PROTECTED]>, in
sci.crypt [EMAIL PROTECTED] (D. J. Bernstein) wrote:
>Terry Ritter <[EMAIL PROTECTED]> wrote:
>> There is ample reason to believe that using multiple different ciphers
>> in sequence might hide weakness in a particular cipher:
>
>Ever heard of Shannon? How about Feistel? How about ``rounds''?
I think that in the decade that has passed since we first had flame
wars here on sci.crypt, I may have heard these terms mentioned once or
twice.
>You seem to think that there's some magical intermediate stage between
>simple operations and complete encryption functions. You artificially
>divide the design of encryption functions into the design of ``ciphers''
>from simple operations and then the design of encryption functions from
>ciphers. You artificially limit your notion of cryptanalysis to the
>process of studying and breaking individual ``ciphers.''
Your very use of the terms "Feistel" and "rounds" shows there *is* a
difference between ciphers and operations: Feistel ciphers generally
repeat *the* *same* functional rounds over and over and call the
result secure. Well, call me dubious. I prefer to have multiple,
distinct ciphering approaches, each of which would be considered
secure standing alone.
If we survey the attacks on actual ciphers, we generally find attacks
which are designed for a particular target cipher. We do not expect
to find a "universal break." Such attacks as may exist must change
every time the ciphering stack changes.
>In reality, there is no such stage. All encryption functions are built
>from simple operations. Functions have to meet some cost requirements---
>in particular, for most applications, they have to be fast---but they
>don't have to follow any predetermined internal structure. Cryptanalysts
>try to break the functions.
>
>There is no reason to believe that your favorite encryption function is
>stronger than simpler, faster functions with the same key length.
The issue is not *my* favorite encryption function, the issue is
*your* favorite encryption function: Whatever "simpler, faster"
function you like can be one of the three ciphers in a cipher stack.
In practice, that stack will be at least as strong as your cipher.
Your remaining complaint is that the other two ciphers may have an
execution cost that you don't want to pay.
But the other two ciphers in the stack protect against that -- to you
-- unbelievable circumstance (which is nevertheless a real
possibility) that your favorite cipher is weak. You thus get a return
for your cost investment. And given a reasonably modern computer,
that cost is rather small.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
