Cryptography-Digest Digest #422, Volume #11 Sun, 26 Mar 00 05:13:02 EST
Contents:
Re: Card shuffling (Scott Nelson)
Re: Card shuffling (Scott Nelson)
Re: http://www.cryptomat.com (Tony L. Svanstrom)
Re: Download Random Number Generator from Ciphile Software ("Douglas A. Gwyn")
Re: Is netcity.com SmartCard Secure? (Tony L. Svanstrom)
Re: OAP-L3: Answer me these? ("Douglas A. Gwyn")
Re: new Echelon article ("Douglas A. Gwyn")
Re: Card shuffling (DMc)
final rc5-32/12/8 guess ("Richard Lee King Jr.")
Re: Concerning UK publishes "impossible" decryption law ("ÐRëÐÐ")
Re: Concerning UK publishes "impossible" decryption law ("Falcon")
Re: Concerning UK publishes "impossible" decryption law ("ÐRëÐÐ")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Subject: Re: Card shuffling
Reply-To: [EMAIL PROTECTED]
Date: Sun, 26 Mar 2000 04:15:10 GMT
On Fri, 24 Mar 2000 06:43:46 GMT, DMc <[EMAIL PROTECTED]> wrote:
>On Thu, 23 Mar 2000 17:20:19 GMT, [EMAIL PROTECTED] (Scott Nelson)
>wrote:
>[snip]
>>>[EMAIL PROTECTED] previously wrote:
>>>
>>>On your probability scale all possible sequences, or
>>>lack of sequences, will total 1. Of course, you may have a mental
>>>picture of what you mean by a sequence value of 0, and the
>>>reversible card ordering which will cause that 0. I am interested in
>>>seeing such an example from you.
>>
>>I defined "sequence value" as the number of cards which are in
>>sequence.
>>
>>Assume the deck is ordered;
>>Ac 2c 3c 4c 5c 6c 7c 8c 9c Tc Jc Qc Kc -
>>Ad 2d 3d 4d 5d 6d 7d 8d 9d Td Jd Qd Kd -
>>Ah 2h 3h 4h 5h 6h 7h 8h 9h Th Jh Qh Kh -
>>As 2s 3s 4s 5s 6s 7s 8s 9s Ts Js Qs Ks
>>
>>By definition this has a sequence value of 51.
>>That is, 51 of the cards are followed by the
>>next card in sequence.
>>
>>Now reverse the order of the deck;
>>Ks Qs Js Ts 9s 8s 7s 6s 5s 4s 3s 2s As -
>>Kh Qh Jh Th 9h 8h 7h 6h 5h 4h 3h 2h Ah -
>>Kd Qd Jd Td 9d 8d 7d 6d 5d 4d 3d 2d Ad -
>>Kc Qc Jc Tc 9c 8c 7c 6c 5c 4c 3c 2c Ac
>>
>>That has a sequence value of 0. That is, 0 of
>>the cards are followed by the next card in
>>sequence.
>>
>For me, the reverse order in example two is just as sequenced
>as the original order in example one.
Admittedly sequence value was not rigorously defined,
but I did mean that reverse order was not "in sequence"
I think it's more useful that way - the idea being
it's an attempt to measure how many cards stick
together after the shuffle.
>>
>>Here's a an example of a sequence value of 1.
>>Tc 7d Th Qd 9h 3s Js 2h 9c Jc 4c 8d 5c -
>>Kc Qs Qh 2c 8c 4h Ks As 6c Jd 8h 2d Td -
>>5d 7s 7c 9s Ah Qc Kd 3d 4d 5h 7h Ac Kh -
>>Ts Ad 6h 5s 6s 9d 3h Jh 2s 3c 8s 4s 6d
>>
>>The 5s is followed by the 6s, but no other
>>cards are followed by the next card in
>>sequence.
>>
>Just a small point: In row 3, the 8th and 9th cards are
>also a sequence; 3d - 4d.
Oops, you're right, I should have said that was a
sequence value of 2, not 1.
>>
>>As you pointed out, if one chooses a random permutation,
>>the probability that it will have a sequence value
>>between 0 and 51 inclusive, is 1.
>>
>>As I pointed out, if one chooses a random permutation,
>>the probability that it will have a sequence value
>>greater than 8 is very small - less than .1%.
>>
>>If one chooses a permutation by an unknown process
>>and the sequence value is greater than 8,
>>then there's good reason to doubt the randomness
>>of the choosing process. If you repeat the process
>>ten times, and get a sequence value greater than 8
>>all ten times, then it's even more likely that
>>the choosing process is not random.
>>
>There seems to be an internal inconsistency with your 0 -> 51 indirect
>probability scale. Your reverse order number two example rates 0,
>which is less than 8. You imply it is most possible. Example one rates
>51, which must be the rarest possibility. Yet examples one and two are
>absolute equivalents by inspection. Furthermore, example three seems
>to be more than one (or two) increment(s) away in probability from
>example two.
>
That was the point of the example all right -
"sequence value" clearly isn't the definitive
measure of order.
However, it's a mistake to assume that because the
probability of a random deck having a sequence value of 0
is high, that implies that a _particular_ order
which has a sequence of 0 is likely.
Face cards are less likely than non face cards,
but the King of Spades is just as likely as the 3 of Clubs.
Likewise, it's relatively likely that a random
arrangement of the cards will have a sequence value of 0,
but vanishingly small that it will be exactly like example 2.
>Two other small, or large, points:
>
>1. I do not see what your 0 -> 51 scale adds in utility to your
>decimal probability scale.
>
The sequence value is just a property of deck that can be
objectively measured. There are many others, but I like that
one because it's relatively easy to calculate by hand.
(my mistake not withstanding.)
After choosing the property, I then estimated the probability
of the particular values. So really, the decimal probability
scale is added to the 0->51 scale, not the other way around.
But that doesn't really address the question
"What use is any of this?"
This kind of testing will sometimes point out
flaws in the randomizing method. I.e. if a
shuffler constantly has a high sequence value,
then his shuffling method is suspect.
The technique on which it's based can be
used to help evaluate randomness;
Pick a property that can be measured.
Measure that property in a sample.
Determine the probability that the value
would have occurred if the sample was random.
This technique doesn't prove randomness.
In fact, it doesn't really prove much at all.
However, it's better than nothing, and
it's also the best technique I know of.
Scott Nelson <[EMAIL PROTECTED]>
- Don't forget to vote on sci.crypt.random-numbers
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Subject: Re: Card shuffling
Reply-To: [EMAIL PROTECTED]
Date: Sun, 26 Mar 2000 04:16:41 GMT
On Thu, 23 Mar 2000 22:54:03 GMT, DMc <[EMAIL PROTECTED]> wrote:
>On Thu, 23 Mar 2000 17:20:19 GMT, [EMAIL PROTECTED] (Scott Nelson)
>wrote:
>
>> [snip]
>>
>>What I meant by negative property is that randomness isn't a thing,
>>it's a lack of a thing. I.e. Randomness means without pattern,
>>without order, lacking predictability, not repeatable, unbiased.
>>
>I am very glad I asked the question. I thank you very much for the
>clarity of your answer.
>
>I have numerous math dictionaries in my private collection. There
>are some others I rejected, along with some regular dictionaries,
>because they define randomness so poorly. None that I have, or do
>not have, define randomness the same way.
I assume by that you mean that the definitions do not agree
with each other, nor with mine. (As opposed to, they
agree with each other, but not me.)
I think you can also add a few books on gambling, probability,
and several statistical text books to the list of things that
don't define randomness very well, or consistently, or both.
One of the biggest problems in the field is that there aren't
any generally accepted definitions to work from.
>Better definition: Shuffle is ambiguous. There are many different ways
>to shuffle. In a previous post I stated I am only discussing the
>riffle and the cut. These are but two of those many ways to shuffle. I
>know nothing about the efficiency of those many other ways to shuffle,
>nor am I interested.
>
Yes, I agree it's a good idea to limit it to the riffle shuffle.
It is IMO, the most common.
>Analysis completeness: My experiments up to now are focused on what is
>the minimum riffling required between contract bridge deals necessary
>to maintain an unbiased [fair] card deck. I started knowing about the
>seven-shuffle propaganda in various literature, and having read about
>what P. Dioconis thought. (I apologize for misspelling his name
>before.)
>
>I controlled for each of the five process steps I named above. I was
>surprised to discover the cut was as important in the process as the
>riffle.
>
>My present conclusion based on the evidence I acquired in these
>experiments is the minimum riffle is one and the minimum cut is one
>in order to maintain a fair contract bridge card deck. This assumes
>starting with a fair deck; that is, no person knows its order.
>
>The next level testing would seem to be "knowing" testing. Various
>contract bridge experts [they are legion, just ask them] could be
>asked to specify specific cards in a deck after one riffle and one
>cut of a fair deck. If their answers rise significantly above chance
>over time, my present conclusion would be invalid, at least about this
>group of people.
>
>If so, the next person in line could move on to the next possible or
>probable "knowing" barrier.
>
I think your standards as stated are too high.
After playing a hand of bridge, pick up the cards
and deal without shuffling. I'll bet that
most "expert" bridge players can guess cards
in their opponents hands with a very high degree
of success. And their ability to do so will go
up quickly once they realize how the test works,
and start remembering not just the tricks from
last hand, but the order of the cards in the
trick as well.
After they've been trained on 0 shuffles,
then try one shuffle and see how well they do.
I'd bet that they do noticeably better than chance
until 5 shuffles. (They probably still do better
than chance at 5, but I don't think it will be
noticed.)
Scott Nelson <[EMAIL PROTECTED]>
- Don't forget to vote on sci.crypt.random-numbers
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Subject: Re: http://www.cryptomat.com
Date: Sun, 26 Mar 2000 07:56:21 +0200
Nemo psj <[EMAIL PROTECTED]> wrote:
> Too good to be true.... So I suspect it isnt also.
Sorry, I was thinking about another thread.
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---ôôô---ôôô-----------------------------------------------ôôô---ôôô---
\O/ \O/ ©1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Download Random Number Generator from Ciphile Software
Date: Sun, 26 Mar 2000 06:21:41 GMT
Anthony Stephen Szopa wrote:
> I address this issue when I discuss inherent or introduced bias
> either in the theory or the processes in the Theory Help file.
> If there are no biases in either then there are no
> cryptoanalytically exploitable characteristics.
That's simply not true, if you're using "bias" with its usual
statistical meaning. For example: take *any* (possibly biased)
binary cipher stream, and map its "0" to "AB", maps its "1" to
"BA". If you wish, then map "A" to "0" and "B" to "1". The
result is a totally unbiased binary cipher stream, which can
readily be converted back into the original (biased) cipher
stream and then broken however the original cipher could be
broken. So, the absence of bias doesn't imply anything one
way or the other about the system's security.
Or perhaps by "bias" you mean something about the elementary
operators that are composed to construct the encryption system.
It is a fact that any Boolean function can be built solely
using NAND operators, and the output of a NAND operator is a
symmetric function of the inputs. Yet the overall system is
an arbitrary, typically highly unsymmetric, function. One has
to be careful in asserting that properties of the components
of a system are inherited by the system as a whole; usually
that is not true. (When it is true, we have an "algebra", and
that is mathematically worthy of study.)
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Subject: Re: Is netcity.com SmartCard Secure?
Date: Sun, 26 Mar 2000 08:37:08 +0200
KidMo <[EMAIL PROTECTED]> wrote:
> I was wondering if this www.netcity.com smartsecure is secure and what is
> up with it. Could one of you crypto analysis people take a look at this
> site and give us the 411?
Hmmm... I've seen this before, if I were to guess I'd say that they are
just out to get some free advertising and users by asking this in NGs.
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---ôôô---ôôô-----------------------------------------------ôôô---ôôô---
\O/ \O/ ©1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Sun, 26 Mar 2000 06:43:28 GMT
Tom St Denis wrote:
> Your theory on your website is not very specific. Do you have a hidden page
> or something with the required info?
http://www.ciphile.com/theory.html
Having finally gotten curious enough to look at it, I'll say
two things:
(1) The rotor-like stepping of the first mixfile allows standard
techniques to be used in the cryptanalysis.
(2) Whatever security the system has lies in the parameters of
the process that generates the initial set of mixfiles. It
wasn't clear to me what those parameters were, but I *think*
it was the same as for "mix a mixfile", i.e. a 14-digit
user-supplied integer. So that is the effective key length.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: new Echelon article
Date: Sun, 26 Mar 2000 06:53:44 GMT
[EMAIL PROTECTED] wrote:
> Is there anyway to insert crypto hardware into cellphones?
Not unless they were designed for it, or you are a competent
electrical/communications engineer (in which case you wouldn't
be asking the question).
I do know that *some* cellular telephones exist that support
Fortezza cards. Unfortunately I don't know much about them.
Perhaps you can find them via a Web search, if they're
availbale on the open market. (Fortezza format-compatible
cards are available that use non-classified algorithms.)
------------------------------
From: DMc <[EMAIL PROTECTED]>
Subject: Re: Card shuffling
Date: Sun, 26 Mar 2000 07:01:30 GMT
On Sun, 26 Mar 2000 04:16:41 GMT, [EMAIL PROTECTED] (Scott Nelson)
wrote:
[EMAIL PROTECTED] previously wrote:
>>
>>My present conclusion based on the evidence I acquired in these
>>experiments is the minimum riffle is one and the minimum cut is one
>>in order to maintain a fair contract bridge card deck. This assumes
>>starting with a fair deck; that is, no person knows its order.
>>
>>The next level testing would seem to be "knowing" testing. Various
>>contract bridge experts [they are legion, just ask them] could be
>>asked to specify specific cards in a deck after one riffle and one
>>cut of a fair deck. If their answers rise significantly above chance
>>over time, my present conclusion would be invalid, at least about this
>>group of people.
>>
>>If so, the next person in line could move on to the next possible or
>>probable "knowing" barrier.
>
>I think your standards as stated are too high.
>
I do not get your meaning.
>
>After playing a hand of bridge, pick up the cards and deal without
>shuffling. I'll bet that most "expert" bridge players can guess cards
>in their opponents hands with a very high degree of success. And
>their ability to do so will go up quickly once they realize how the
>test works, and start remembering not just the tricks from last hand,
>but the order of the cards in the trick as well.
>
>After they've been trained on 0 shuffles, then try one shuffle and
>see how well they do. I'd bet that they do noticeably better than
>chance until 5 shuffles. (They probably still do better than chance
>at 5, but I don't think it will be noticed.)
>
It happens I agree completely with you here. It is my conjecture that
without a cut after riffling, 5 to 7 riffles would probably be needed
to return the deck to a fair [unknowable] state. I have not done the
experimentation to support that conjecture. From my viewpoint it is
mindless dogwork.
I repeat my previous statement: One riffle, and one cut, returns a
bridge deck back to fair; no matter what the previous play and card
collection process. (By the way, this is where bridge experts begin
to lay claim to knowing something of the next deal if certain cards
are observed clumped together. Their claim is not objectively
supportable. In my experiments, I completely controlled for such a
possibility.)
[EMAIL PROTECTED]
------------------------------
From: "Richard Lee King Jr." <[EMAIL PROTECTED]>
Subject: final rc5-32/12/8 guess
Date: Sun, 26 Mar 2000 08:04:10 GMT
another guess is:
1 "The "
2 "unkn"
3 "own "
4 "mess"
5 "age "
6 "is: "
7 "64 b"
8 "it k"
9 "eys "
10 "just"
11 " are"
12 " not"
13 " goo"
14 "d en"
15 "ough"
16 " now"
i am more certain about this one.
by putting it in cyberspace i time stamp it.
------------------------------
Reply-To: "ÐRëÐÐ" <[EMAIL PROTECTED]>
From: "ÐRëÐÐ" <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,alt.privacy
Subject: Re: Concerning UK publishes "impossible" decryption law
Date: Sun, 26 Mar 2000 18:29:10 +1000
ok, but in a few cases where Microsoft offers higher encryption, they
actually check you out before they allow you to d/l stuff. if you have an IP
or whatever from any other country other than America or Canada, they say
you cant have it and don't offer the link to D/L. I got put off by that, and
I don't even try to get stuff that says its USA only.
--
"Oh GOD, Please save me from your followers"
more of my ramblings can be found at http://oakgrove.mainpage.net
"Man is a part of nature, not apart from nature"
anti spam, remove 'nospam' to mail me
ICQ:16544782
"pgp651" <Use-Author-Address-Header@[127.1]> wrote in message
news:[EMAIL PROTECTED]...
You know many thinks, therefore where is the problem ?
In Aust you can use strong encryption. From US you can get strong
encryption.
The export restriction in US is "export restriction" NOT import restriction
in Aust.
When you need strong encryption, just download it, end of the story.
In US, software designers do not have any desire to restrict YOU from
getting
software, fed's has.
What they are doing, is to comply with fed's prohibition.
The decision is in your hands.
On the other hand, only stupid person will conform to such non binding
restrictions created in US by fed.
On Fri, 24 Mar 2000, "ÐRëÐÐ" <[EMAIL PROTECTED]> wrote:
>oh, i know there is no law in australia saying we cant use any kind of
>encryption, we can have whatever we like, but most countries that have the
>unbreakable encryption, (read 128 bit from america) cant export it to us.
if
>we can get it, we can use it.
------------------------------
From: "Falcon" <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,alt.privacy
Subject: Re: Concerning UK publishes "impossible" decryption law
Date: Sun, 26 Mar 2000 10:13:04 +0100
Export restrictions have been lifted. See windows update site to download
the 128 bit patch direct from Microsoft.
ÐRëÐÐ wrote in message <[EMAIL PROTECTED]>...
:ok, but in a few cases where Microsoft offers higher encryption, they
:actually check you out before they allow you to d/l stuff. if you have an
IP
:or whatever from any other country other than America or Canada, they say
:you cant have it and don't offer the link to D/L. I got put off by that,
and
:I don't even try to get stuff that says its USA only.
------------------------------
Reply-To: "ÐRëÐÐ" <[EMAIL PROTECTED]>
From: "ÐRëÐÐ" <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,alt.privacy
Subject: Re: Concerning UK publishes "impossible" decryption law
Date: Sun, 26 Mar 2000 19:20:51 +1000
doing so now, thanks!
"Falcon" <[EMAIL PROTECTED]> wrote in message
news:dxkD4.3247$[EMAIL PROTECTED]...
> Export restrictions have been lifted. See windows update site to download
> the 128 bit patch direct from Microsoft.
>
>
> ÐRëÐÐ wrote in message <[EMAIL PROTECTED]>...
> :ok, but in a few cases where Microsoft offers higher encryption, they
> :actually check you out before they allow you to d/l stuff. if you have an
> IP
> :or whatever from any other country other than America or Canada, they say
> :you cant have it and don't offer the link to D/L. I got put off by that,
> and
> :I don't even try to get stuff that says its USA only.
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
