Cryptography-Digest Digest #445, Volume #11 Wed, 29 Mar 00 21:13:01 EST
Contents:
Legal question ? ([EMAIL PROTECTED])
Re: A newby question: "3DES" is 57.5 bits, and not 168 bits? (Jerry Coffin)
Re: Using Am-241 to generate random numbers (Jerry Coffin)
Re: The lighter side of cryptology ("Leo Sgouros")
Re: The lighter side of cryptology (Xcott Craver)
Re: Newbie, Where should I start, (David A Molnar)
Re: The lighter side of cryptology (David A Molnar)
Crypto API for C ("Tom St Denis")
Re: Legal question ? ([EMAIL PROTECTED])
Re: Examining random() functions (Terry Ritter)
Re: The lighter side of cryptology (DJohn37050)
Re: Using Am-241 to generate random numbers ("Trevor L. Jackson, III")
Re: Q: Differencing time series (Radford Neal)
Re: experiences with cryptlib toolkit? (Paul Rubin)
Mr. Koyama (Hideo Shimizu)
Re: Legal question ? ("Adam Durana")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Legal question ?
Date: Wed, 29 Mar 2000 21:56:29 GMT
Someone (probably with the government) is actively trying to block me
from posting a certain reply to D. Menscher regarding NCSC bots. I know
this because I keep getting the same error message (437 Spam domain) no
matter how or where I try to post and I can easily post other messages.
I don't want to try and get around the error because it might reveal my
hacking techniques or entrap me. Is it legal for them to be doing this?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: A newby question: "3DES" is 57.5 bits, and not 168 bits?
Date: Wed, 29 Mar 2000 15:10:52 -0700
In article <[EMAIL PROTECTED]>, sdenbes1
@san.rr.com says...
> If I understand 3DES properly (which is by no means certain) it means that
> you take your plainttext and encipher it with DES using a 56 bit key, then
> encipher the result with DES a second time using a second 56 bit key, and
> then encipher the result with DES a third and final time with a third 56 bit
> key.
That's not the usual way of doing things -- normally the second round
through DES you DECRYPT rather than encrypt.
> In principle that means you're using 168 bits for a key, but if I
> understand things properly, you don't really have 168 bits of strength.
That, however, is true.
> I thought that one of the strengths -- and weaknesses -- of DES was that if
> you did the decipher properly, then the engine told you that you had
> succeeded even if you didn't know what the plaintext was.
That's not so at all. To know whether you've decrypted properly, you
have to either know some of the plaintext that was encrypted in the
first place, or else analyze the output to see if it (approximately)
matches what you expect.
> You first analyze the bitstream by brute force looking for the 56-bit key
> used in the outermost enciphering pass. That can be done in a few days with
> hardware such as "Deep Crack". You know that you've found the first key
> because the hardware tells you.
Deep Crack _does_ include algorithms for _guessing_ whether a
particular decryption is correct, but if you're looking at 3DES, the
ouiput from the first decryption pass won't bear any particular
resemblance to anything.
> The only way it could have 168 bits of strength would be if you could only
> tell that you'd found the outer and center keys by successfully removing the
> inner key.
That's exactly the situation. It's still not truly 168 bits of
complexity though: due to the symmetry involved, you can use what's
known as a meet in the middle attack (not to be confused with a man
in the middle attack) where you can basically attack two passes at a
time, though this requires a huge amount of storage.
If you discount that based on the amount of memory involved, then you
get a key-space of 168 bits. If you consider the MITM attack
reasonable, you get a key-space of 112 bits.
> Where did I go wrong here? Or am I correct that 3DES is really only illusory
> complexity?
You went wrong in your belief that something about the cipher
algorithm would tell you when you got a correct decryption.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Using Am-241 to generate random numbers
Date: Wed, 29 Mar 2000 15:23:29 -0700
In article <[EMAIL PROTECTED]>, stl137
@aol.com says...
> <<I'm not sure what phenomenon does this,
> but there must be many.>>
>
> Not really. Space is better known for great clocks than great RNGs. Maybe you
> could use Eta Carinae: if it's going supernova, set the bit to 1, otherwise 0.
> There are problems with that setup, of course.
I'm not sure I agree -- there are lots of irregular and semi-
irregular variables. Just for example, Betelguese is one that's
easily visible from most of the earth. It's technically classed as
only semi-irregular instead of completely irregular, but the period
and range are both _very_ rough.
OTOH, you'd need quite a good location to observe enough variable
stars to produce random output at a useful rate.
> The NSA will quickly figure out something's amiss when privacy nuts start
> building big radiotelescopes in their backyards.
Radiotelescopes? What would be wrong with a fairly ordinary optical
telescope and a CCD camera?
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: "Leo Sgouros" <[EMAIL PROTECTED]>
Subject: Re: The lighter side of cryptology
Date: Wed, 29 Mar 2000 22:37:07 GMT
<[EMAIL PROTECTED]> wrote in message news:8btn4g$ka6$[EMAIL PROTECTED]...
>
>
> > There's a young cryptographer who begets
> > with primal algo*rhythmic* nymphettes,
> > bed distributively,
> > inputing constantly,
> > they produce series of prime n-tuplets.
> >
>
> [For those who don't know- "prime n-tuplets"
> are a generalization of the concept of twin
> primes (i.e. triplet primes, etc.)]
>
>
> CRYPTO- PERVERTS (a new series to
> which I invite you to contribute)
>
>
> Public key users do it in the open.
>
> RNG testers do it as many ways as they can.
>
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
those that care know everything they need to :-)
------------------------------
From: [EMAIL PROTECTED] (Xcott Craver)
Subject: Re: The lighter side of cryptology
Date: 29 Mar 2000 23:53:25 GMT
In article <8btn4g$ka6$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>
> CRYPTO- PERVERTS (a new series to which I invite you to contribute)
>
> Public key users do it in the open.
> RNG testers do it as many ways as they can.
Anyone who makes a reference to a "discrete log" gets slapped.
But here, here's some crypto-perversion I once posted and
later found archived on the Web (It is, sadly, the ONE
web page that comes up when you do a HotBot search on the
word "steganographers." Corrected slightly:)
========
>> But not every bra has a cryptographic function. Most are used for ASCII
>> armor or for compression. Some are even designed to make the plaintext
>> stand out and more enjoyable to read.
>
> Touche, but I believe what we have here is a clear case of steganography.
Yikes. I think that we should hammer down some definitions before
this whole thing gets out of hand.
Cryptography:
Building a difficult-to-unhook bra.
Steganography:
Building a flesh-colored bra, or one whose unhook mechanism is
hidden somewhere unexpected (Man: "How the Hell...?" Woman:
"It unhooks in front." Man: "Damn those steganographers.")
Public-Key Cryptography:
Building a bra that anyone can put on, but that only Alice can
remove.
Watermarking:
Building a bra that stays on even after smoothing, compression,
and rotation. Also, Bob should not be able to put his own bra
on over Alice's and claim ownership of her body.
Fingerprinting:
Um, I'm probably already in trouble for the last one, so I'll
just skip this.
Signatures:
Building a bra with a nametag ("Property of Alice, machine wash
warm...") such that bras with Alice's name only fit Alice's body.
Bob could in theory remove Alice's bra and replace it with his
own, but there's no real reason for him to do so.
Zero-Knowledge Proofs:
Alice transforms her bra into a duffle bag, and either (a) shows
Bob how to open it, or (b) shows Bob how she made it into a duffle
bag. Alice repeats the procedure until Bob is satisfied (perverted
freak).
One-time Pad:
Kleenex.
NSA: An organization that wants women to go back to wearing corsets and
chastity belts. Oh, and Bill Clinton gets to keep all the keys.
[looks up at what's written so far and sighs] I'm so damned juvenile.
I'm going to go do something more constructive and serious. Well, happy
Monday.
[**!!Oh, and these are not the views of my employer!!**]
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Newbie, Where should I start,
Date: 30 Mar 2000 00:22:10 GMT
Jerry (Honey) Gehling <[EMAIL PROTECTED]> wrote:
> Hello everyone,
> I'm just starting to become very interested in crypto and was curious if
> anyone could recommend some materials with which I could start. I have a
> fairly deep math background which is where my facination with crypto comes
> from, number theorey. All suggestions are welcome.
> thanks
Maybe the best pure math-oriented intro to crypto would be Koblitz's book
_A Course in Number Theory and Cryptography_.
Then supplement with readings from the _Handbook of Applied Cryptography_
in order to see how the neat primitives developed in Koblitz are actually
used... that is available online at http://cacr.math.uwaterloo.ca/hac/
Koblitz also has a new book on _Algebraic Aspects of Cryptography_. I
haven't read it yet. There are also several books on the mathematics of
elliptic curve cryptography; I haven't read these either, but they may
be to your liking.
Have you seen the definition of NP? Turing Machines? Do you know what a
reduction is? If yes, then check out Bellare & Goldwasser's lecture notes
on cryptography
http://www-cse.ucsd.edu/users/mihir/papers/gb.html
If you know a good bit about computational complexity theory, and you
don't mind reading about some "structual" issues which aren't explicitly
cryptographic in nature, then there's always Oded Goldreich's
_Modern Cryptography, Probabilistic Proofs, and Pseudorandomness_.
Probably not a good choice for a first book, though.
Cheaper than buying the book is to check out Goldreich's web page
http://www.wisdom.weizmann.ac.il/home/oded/public_html/index.html
and nosing around the surveys there.
Not to be overlooked, of course, is Schneier's _Applied Cryptography_.
It lacks the proofs you probably want, but I don't know of any other
survey with the same breadth and friendliness. The list of references is
invaluable.
You might also browse around the Theory of Crypto preprint server at
http://philby.ucsd.edu/cryptolib/ -- probably very little there will
make sense now, but as you learn more, you'll be able to read more.
Plus it gives a sense of some of what's going on in one subfield of
crypto.
Thanks,
-David Molnar
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: The lighter side of cryptology
Date: 30 Mar 2000 00:25:52 GMT
[EMAIL PROTECTED] wrote:
> CRYPTO- PERVERTS (a new series to
> which I invite you to contribute)
A friend of mine would occasionally ask me last term
"So, are you and she going to do Diffie-Hellman in the dark?"
Thanks,
-David
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Crypto API for C
Date: Thu, 30 Mar 2000 00:36:17 GMT
I have yet another release of my CB for C. This one includes many more
functions. Such as BBS random bit geneation, or the ability to use 'truly'
random bit soureces to seed the faster secure rng. I added a few hash
functions [namely tiger and haval] and added a few ciphers as well.
If you want to check it out, you can at http://24.42.86.123/cb.html
If you notice any bugs, or problems please email me.
Thanks for your time.
Tom
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Legal question ?
Date: 30 Mar 2000 00:38:17 GMT
I wonder... How come "I am not paranoid but the government is covertly
persecuting me" always sounds like an old lady claiming that "I do not
believe in ghosts but they exists"?
In a previous article, < [EMAIL PROTECTED]> writes:
> Someone (probably with the government) is actively trying to block me
>from posting a certain reply to D. Menscher regarding NCSC bots. I know
>this because I keep getting the same error message (437 Spam domain) no
>matter how or where I try to post and I can easily post other messages.
Are you able to post other messages to D. Menscher? Do you know of anyone who
is able to post messages to D. Menscher? Have you tried to call him and ask
him if he is blocking your messages himself?
>I don't want to try and get around the error because it might reveal my
>hacking techniques or entrap me. Is it legal for them to be doing this?
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
----- Posted via NewsOne.Net: Free Usenet News via the Web -----
----- http://newsone.net/ -- Discussions on every subject. -----
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Examining random() functions
Date: Thu, 30 Mar 2000 00:46:19 GMT
On Wed, 29 Mar 2000 10:47:29 -0700, in
<[EMAIL PROTECTED]>, in sci.crypt "Tony T. Warnock"
<[EMAIL PROTECTED]> wrote:
>[...]
>A "truly random" (whatever that means) random number generator should pass
>95% of your tests at the 5% level. The probability of failure also obeys
>laws.
It might be more precise to say that a good random number generator
should pass *every* type of test, but should do so only 95% of the
time (at the 5% level). In fact, we do require a good RNG to actually
*fail* 5% of the time (at the 5% level).
A better approach (than to take the result of one or two tests) is to
perform sufficient tests so that the experimental distribution (of
results from the statistical test) reveals itself. Then we compare
the experimental distribution to the expected ideal. If necessary, we
can use chi square for that comparison, but, typically, a difference
will become quite evident without numerical processing.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: The lighter side of cryptology
Date: 30 Mar 2000 00:48:18 GMT
Whem I had my girlfriend in college proofread my resume' and retype it, I found
she thought I liked "discreet" math.
Don Johnson
------------------------------
Date: Wed, 29 Mar 2000 20:04:32 -0500
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Using Am-241 to generate random numbers
Jerry Coffin wrote:
> In article <[EMAIL PROTECTED]>, stl137
> @aol.com says...
> > <<I'm not sure what phenomenon does this,
> > but there must be many.>>
> >
> > Not really. Space is better known for great clocks than great RNGs. Maybe you
> > could use Eta Carinae: if it's going supernova, set the bit to 1, otherwise 0.
> > There are problems with that setup, of course.
>
> I'm not sure I agree -- there are lots of irregular and semi-
> irregular variables. Just for example, Betelguese is one that's
> easily visible from most of the earth. It's technically classed as
> only semi-irregular instead of completely irregular, but the period
> and range are both _very_ rough.
>
> OTOH, you'd need quite a good location to observe enough variable
> stars to produce random output at a useful rate.
>
> > The NSA will quickly figure out something's amiss when privacy nuts start
> > building big radiotelescopes in their backyards.
>
> Radiotelescopes? What would be wrong with a fairly ordinary optical
> telescope and a CCD camera?
Since he wants to record identical information at multiple sites he probably has to
avoid the twinkle effect that would distort optical recordings. AFAIK, the
atmospheric cell size is much smaller than the wavelength of radio signals, so radio
twinkle shouldn't be an issue.
------------------------------
Crossposted-To: sci.stat.math
From: [EMAIL PROTECTED] (Radford Neal)
Subject: Re: Q: Differencing time series
Date: 30 Mar 2000 00:07:24 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>> About the only thing the above method looks to be good for is as a
>> homework problem.
>
>If you think that my questions are so simple, then would you care
>to say at least something? At least the first two questions need
>not have anything associated with practical applications.
I didn't say the questions were simple, just not useful.
Which is exactly why they seem very much like homework problems, which
we don't answer.
Radford Neal
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: experiences with cryptlib toolkit?
Date: 30 Mar 2000 01:16:49 GMT
In article <8bclg1$llj$[EMAIL PROTECTED]>,
Wouter <[EMAIL PROTECTED]> wrote:
>I was wondering if anyone has experience with the cryptlib
>toolkit (http://www.cs.auckland.ac.nz/~pgut001/cryptlib/)
Yes I used it for some projects some time ago.
>Is it any good/reliable/easy to use?
I used the 2.0 version which had some bugs. Newer versions
may have fewer. It is basically pretty solid. It is somewhat
cumbersome to use through the documented interfaces if you're
just trying to do simple stuff.
>It it better or worse then the PGP SDK?
Different.
>What are the strengths and weakenesses?
Strengths: It has very fast implementations of just about every
important cryptographic algorithm except for elliptic curves. It is
highly flexible and gives an elaborately designed abstraction layer
that lets the application call encryption functions without caring
about the underlying algorithms and implementations.
Weaknesses: the abstraction layer adds unnecessary complexity to most
applications. Normally it's enough to pick some ciphers and use them
directly. Cryptlib inserts an intermediate layer that adds
considerable weight in order to create flexibility that most
applications don't really need. The cipher implementations are
generally chosen to be the fastest ones available for the algorithms
in question. In some cases this leads to code bloat, since the
fastest implementations tend to be more complicated than slower ones.
Simpler implementations are still fast enough for many purposes.
The bignum arithmetic library (used for public key algorithms)
includes assembly language support for many cpu's, but is missing some
important ones.
For some reason I never got the right answers from the included
SHA-1 implementation. I didn't have time to debug it and ended up
just substituting a different implementation.
------------------------------
From: Hideo Shimizu <[EMAIL PROTECTED]>
Subject: Mr. Koyama
Date: Thu, 30 Mar 2000 10:14:09 +0900
Japanese cryptographer Kenji Koyama (NTT) died Mar. 27, 2000.
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: Legal question ?
Date: Wed, 29 Mar 2000 20:45:10 -0500
<[EMAIL PROTECTED]> wrote in message news:8btu64$soq$[EMAIL PROTECTED]...
> Someone (probably with the government) is actively trying to block me
> from posting a certain reply to D. Menscher regarding NCSC bots. I know
> this because I keep getting the same error message (437 Spam domain) no
> matter how or where I try to post and I can easily post other messages.
> I don't want to try and get around the error because it might reveal my
> hacking techniques or entrap me. Is it legal for them to be doing this?
Then obviously your "techniques" are not that good then. Perhaps you have
confused yourself and you think you are trying to post to a newsgroup when
you really trying to send email, in which case D. Menscher maybe blocking
my-deja.com because people use those addresses to spam all the time. Now if
you really are trying to post to a newsgroup and you are using deja.com and
since they have their own news servers, you should contact them. Too bad
big brother didn't stop you from posting this message.
- Adam
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
