Cryptography-Digest Digest #525, Volume #11 Mon, 10 Apr 00 21:13:01 EDT
Contents:
Re: Die Hard Test? (Tim Tyler)
Crypto Short Course near Boston (Christof Paar)
Re: Checksum for digits (lordcow77)
Re: are self-shredding files possible? ("david hopkins")
Encode Book? (Craig Storey)
strength of altered vigenere cipher? ([EMAIL PROTECTED])
Re: Modular functions in Stream Ciphers? ("Douglas A. Gwyn")
Re: Modular functions in Stream Ciphers? (Terry Ritter)
Re: Encode Book? (Paul Rubin)
Re: Modular functions in Stream Ciphers? ("Simon Johnson")
Re: Q: Entropy ([EMAIL PROTECTED])
Re: Skipjack algorithm. (CLSV)
Re: Q: Inverse of large, sparse boolean matrix, anyone? ("Douglas A. Gwyn")
Re: Encode Book? ("Douglas A. Gwyn")
Help a beginner to find... (Nean)
The fish that BP never caught. ("almis")
Re: permutation polynomials (more) (Tom St Denis)
DDJ Crypto books upgrade (Paul Koning)
Re: DES (Jim Gillogly)
Re: Q: Entropy (Bryan Olson)
Re: Help a beginner to find... (Tom St Denis)
Re: Die Hard Test? (Tom St Denis)
Re: strength of altered vigenere cipher? (Tom St Denis)
Re: The fish that BP never caught. (John Savard)
Re: Mersenne RNG, RNG questions (Jerry Coffin)
Re: strength of altered vigenere cipher? (John Savard)
Re: Skipjack algorithm. (John Savard)
Re: Encode Book? (John Savard)
Re: Mersenne RNG, RNG questions (John Savard)
----------------------------------------------------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Die Hard Test?
Reply-To: [EMAIL PROTECTED]
Date: Mon, 10 Apr 2000 19:37:34 GMT
Simon Johnson <[EMAIL PROTECTED]> wrote:
: What is this test. And where can i get it from.
: I presume its for testing the quality of pesudo random streams?
: How does it work?
Diehard: http://stat.fsu.edu/~geo/diehard.html
DiehardC: ftp://ftp.helsbreth.org/pub/helsbret/random/
Yes, it tests the "quality" of possibly-random streams.
It's probably best to visit the web site and read the documentation -
and then see if you still have any specific questions about how it works.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: Christof Paar <[EMAIL PROTECTED]>
Subject: Crypto Short Course near Boston
Date: Mon, 10 Apr 2000 15:36:24 -0400
Note that the course is offered Thursday/Friday & Monday/Tuesday.
====================================================================
Worcester Polytechnic Institute
4-Day Short Course
May 18,19 & 22,23
WPI Waltham Campus
APPLIED CRYPTOGRAPHY AND DATA SECURITY
Seminar Leader: Dr. Christof Paar
Most of today's information technology applications require strong
security features in order to protect against abuse by outsiders and
insiders. Understanding cryptography and data security is an
essential prerequisite for securing your IT application. As has been
shown by the well-publicized recent attacks against web sites,
unsecure IT systems can result in substantial losses and negative
advertising for a company. Applications such as computer networks,
E-commerce, wireless devices, database systems, and most World Wide
Web applications rely on a high degree of system security. Lack of
security is one of the most often quoted reasons by customers for not
using modern IT applications.
This four-day course will provide you with an in-depth introduction
to the field of applied cryptography and data security. Virtually all
important aspects of symmetric-key and private-key algorithms as well
as protocols will be introduced. The course will provide you with a
balance between cryptography, practical security issues and
theoretical background. After the course you will have the skills to
choose, design and evaluate security schemes for a given application.
Note: The Applied Cryptography course has been taught to more than
300 technical professionals and graduate students. On-site programs
were delivered at the NASA Lewis Research Center, OH, GTE Government
Systems, MA, and at Philips Research, NY.
COURSE OUTLINE
Day 1 AM --- Introduction to Cryptography and Data Security
Overview. Private-Key Cryptosystems. Cryptanalysis.
Day 1 PM --- Symmetric-key Algorithms
Stream Ciphers Random Number Generators. Synchronous Stream Ciphers
and LFSRs. Attacks. One Time Pad. Unconditional and Computational
Security.
Day 2 AM --- Symmetric-key Algorithms
Block Ciphers DES Functionality and History. Soft and Hardware
Implementation. Attacks and Security.
Advanced Encryption Standard (AES). Key lengths and security.
Day 2 PM --- Modes and Variants of Block Ciphers
Operation modes of block ciphers. Multiple encryption. Key whitening.
Day 3 AM --- Public-Key Cryptography
Principle. Some Number Theory. Overview of Practical Schemes.
Public-Key standards (ANSI, IEEE). RSA Cryptosystem: Functionality,
implementational aspects, recent attacks and security estimations.
Day 3 PM --- Public-Key Cryptography
The generalized discrete logarithm problem. Diffie-Hellman key
exchange. ElGamal encryption. Elliptic curve cryptosystems.
Day 4 AM --- Digital Signatures and Protocols
Digital Signatures. Authentication Codes (MACs). Hash Functions.
Protocols: Principle and attacks. Security Services: Privacy,
Authentication, Integrity, Non-Repudiation.
Day 4 PM --- Key Distribution and Case Study
Key Distribution: Symmetric-key approaches, public-key
approaches. Certificates. Key Derivation. Challenge-Response
Protocols. Case Study: Secure Socket Layer (SSL) Protocol.
WHO SHOULD ATTEND
Engineers, computer scientists, system administrators, and other
technical professionals who design, implement, or choose information
security applications in software or hardware. Technical managers who
need a solid understanding of data security issues will also benefit
from this course.
ABOUT THE INSTRUCTOR
Dr. Christof Paar leads the Cryptography and Information Security
group at WPI's Electrical and Computer Engineering Department. His
research interests include most aspect of industrial data security,
with a focus on efficient software and hardware implementation of
cryptographic schemes. Christof co-organized the first Workshop on
Cryptographic Hardware and Embedded Systems (CHES) at WPI in August
1999. He taught cryptography and data security courses extensively in
industry and academia over the last five years. For more information
on his work in cryptography visit his web site:
http://www.ece.WPI.EDU/Research/crypt/
DATES AND LOCATIONS
May 18-19 and 22-23, 2000, WPI Waltham Campus, Waltham, MA
(10 miles from Boston)
NOTE: The course dates are a Thursday/Friday - Monday/Tuesday sequence.
FEE
$1995 first registration
$1795 subsequent registrations for the same session
=============== cut here, fill form, and print =======================
WPI CONTINUING EDUCATION REGISTRATION FORM
Please complete, print out, and return this form to
Office of Continuing Education, WPI, Worcester, MA 01609-2280,
call (508) 831-5517 or FAX this form to (508) 831-5694.
For further information, send email: [EMAIL PROTECTED]
Make copies of this form for multiple registrations.
Seminar Title: APPLIED CRYPTOGRAPHY AND DATA SECURITY
Seminar Date: May 18-19 & 22-23, 2000, WPI Waltham Campus, Waltham, MA
Name (Mr.)(Ms.) ___________________________________________________
Title _____________________________________________________________
Organization ______________________________________________________
Business Address __________________________________________________
City _______________________________________
State ________ Zip _________________________
Business Phone ____________________________
FAX _____________________
Home Phone ______________
Fee Enclosed (Make checks payable to WPI) ______
Bill my Company, P.O.# __________
Please charge my: VISA Mastercard Discover
Name on card ________________________________________________
Exp. date _____________________
Card # ______________________________________________________
Signature ___________________________________________________
------------------------------
Subject: Re: Checksum for digits
From: lordcow77 <[EMAIL PROTECTED]>
Date: Mon, 10 Apr 2000 12:47:23 -0700
Verhoeff's check digit scheme based on the symmetry of the
dihedral group D_5 catches all single errors, all adjacent
transpositions, and most twin errors and other transpositions.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "david hopkins" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: are self-shredding files possible?
Date: Mon, 10 Apr 2000 20:02:05 GMT
I figure out that, what DI does can be replaced with a Email client with
build in PGP capability and
a mechanism to indicate the expire date in the message. When the date
reached, the email client will
physically wipe the message. What is diffent from normail usage of PGP is
that, a one time symmatric
key should be transimitted in other way than the email message body. This
will ensure that when wiping
the message, the one time key is also destroyed. Thus, even any PGPed copy
can be found, it is not
recoverable.
It is simple and not depends on the invole of third party(DI). Also it is
more secure, at least DI knows
the key to descrpt the message.
Paul Koning <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Michael Sierchio wrote:
> >
> > Paul Koning wrote:
> >
> > > Since there are potentially millions of messages with thousands
> > > of overlapping lifetimes, it is not possible to physically
> > > destroy all backed up keying data for any given email message
> > > shortly after it expires.
> >
> > There are no backups in the sense of archived storage to tape --
> > there is reliance on redundant, high-availability, fault-resilient
> > storage.
>
> Interesting. That could dispose of the first issue I raised.
> For it to do so, you'd have to erase the keying information
> on expiry. (Refusing to produce it wouldn't be good enough).
>
> It doesn't solve the second issue I mentioned.
>
> > I should thank you for helping me write a FAQ list...
>
> You're welcome. I still don't believe in your product... :-)
>
> paul
------------------------------
From: Craig Storey <[EMAIL PROTECTED]>
Subject: Encode Book?
Date: Mon, 10 Apr 2000 16:11:44 -0400
I caught the last two minutes of a radio news broadcast about a UK girl
who developped an simple encryption method that won awards. Her father
is a math professor working on encryption. Together they co-wrote a
book. I didn't catch much but was interested in reading her book. It
may have been called Encode or In code. Does anyone know anything about
it?
Pleas reply to: [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: strength of altered vigenere cipher?
Date: Mon, 10 Apr 2000 20:13:58 GMT
I am working on a program that uses an altered version of the Vigenere
cipher to encrypt some information. The main difference in my version
of the cipher is that the key is generated to be as long as the message
itself, so that the key does not have to be repeated (and thus may be
broken).
Also, rather just the alphabet being used, I use every ASCII character
from 0 to 255, and since the text to be encrypted is partially
numerical and uses some special characters anyway (being computer
data), that should eliminate the use of frequency analysis as well.
My question is: Is a Vigenere cipher, regardless of length,
uncrackable, if the key is as long as the message itself?
--
Sean Brasher
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Modular functions in Stream Ciphers?
Date: Mon, 10 Apr 2000 19:47:38 GMT
Simon Johnson wrote:
> Is the the period of a stream cipher dependent on the
> range of the finite field?
There is not necessarily any particular finite field
associated with a stream cipher.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Modular functions in Stream Ciphers?
Date: Mon, 10 Apr 2000 20:42:01 GMT
On Mon, 10 Apr 2000 19:03:05 -0700, in
<8ct4r1$ip0$[EMAIL PROTECTED]>, in sci.crypt "Simon Johnson"
<[EMAIL PROTECTED]> wrote:
>Is the the period of a stream cipher dependent on the range of the finite
>field?
Only when we use a simple confusion or random number generator. Don't
do that. Another possibility is to use mod 2 polynomials, and then
use a primitive poly of reasonable size, hundreds or even thousands of
bits.
>e.g. y= x mod (2^32) will produce a repeating sequence after a maximum
>of(2^32)-1 outputs?
This is typical of a simple statistical RNG. But it is *easy* to
design RNG's with *vast* cycle lengths. It is more difficult to
design RNG's with good statistical properties which are or appear to
be nonlinear and are thus difficult to analyze from the produced
sequence and knowledge of the design.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Encode Book?
Date: 10 Apr 2000 20:53:52 GMT
In article <[EMAIL PROTECTED]>,
Craig Storey <[EMAIL PROTECTED]> wrote:
>I caught the last two minutes of a radio news broadcast about a UK girl
>who developped an simple encryption method that won awards. Her father
>is a math professor working on encryption. Together they co-wrote a
>book. I didn't catch much but was interested in reading her book. It
>may have been called Encode or In code. Does anyone know anything about
>it?
>
>Pleas reply to: [EMAIL PROTECTED]
Title is "In Code, a Mathematical Odyssey" by Sarah Flannery and David
Flannery. Available from:
http://www.amazon.co.uk/exec/obidos/ASIN/1861972229
It is now #38 in Amazon UK sales ranking, but the US Amazon site didn't
list it last time I checked.
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: Modular functions in Stream Ciphers?
Date: Mon, 10 Apr 2000 21:51:04 -0700
Simon Johnson <[EMAIL PROTECTED]> wrote in message
news:8ct4r1$ip0$[EMAIL PROTECTED]...
> Is the the period of a stream cipher dependent on the range of the finite
> field?
>
> e.g. y= x mod (2^32) will produce a repeating sequence after a maximum
> of(2^32)-1 outputs?
>
>
> Thanxs,
> S. Johnson
>
>
>
Sorry!. once again, a poorly constructed question......
If a mod function is used in a stream cipher does the period of the cipher =
the divisor -1?
e.g. y= x mod (2^32) will have a maximum of period ((2^32) - 1 )?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Q: Entropy
Date: Mon, 10 Apr 2000 20:56:13 GMT
In article <8cndm6$1dg0i$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Rob Warnock) wrote:
>
> Most of Chaitin's popular writings can be found online at
> <URL:http://www.cs.auckland.ac.nz/CDMTCS/chaitin/>.
>
There is a mirror site, with a faster server, at
http://www.cs.umaine.edu/~chaitin
Also, let me recommend my latest talk, at
http://www.cs.umaine.edu/~chaitin/cmu.html
Rgds,
Greg Chaitin
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: CLSV <[EMAIL PROTECTED]>
Subject: Re: Skipjack algorithm.
Date: Mon, 10 Apr 2000 23:19:25 +0200
"Douglas A. Gwyn" wrote:
>
> CLSV wrote:
> > One of the official remarks on the algorithm is
> > that the length of its keys can not be extended.
> > I don't know where I read it but if you look for
> > it you probably can find it. This is possibly the
> > optimal length for this cipher. It might as well
> > be one of the (secret) design criteria.
>
> Actually, Skipjack is one member of a parametric family of similar
> encryption algorithms. Another realization of this family could
> be produced, but more is involved than just the number of bits in
> the key.
>
> The really important thing about Skipjack is the counter.
Yes, that is a really crafty invention.
It adds lots of irregularity to the whole
and is very efficient. That is an idea
that can be used for future open algorithms.
Regards,
CLSV
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Q: Inverse of large, sparse boolean matrix, anyone?
Date: Mon, 10 Apr 2000 20:45:18 GMT
In the paper having URL
ftp://ftp.informatik.tu-darmstadt.de/pub/TI/lecture_notes/factoring.ps.gz
section 3.2 (pp. 33-41) gives some methods.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Encode Book?
Date: Mon, 10 Apr 2000 20:46:36 GMT
Sounds like Sarah Flannery again.
------------------------------
Subject: Help a beginner to find...
From: [EMAIL PROTECTED] (Nean)
Date: Mon, 10 Apr 2000 21:45:29 GMT
I am a beginner in search for help in cryptonalysis(I only read one FAQ).
Could you help me find tutorials(free) on cryptography and breaking the
code? I am new and it suddenly interested me. Someone gave me a code he
needed help in breaking(Linux or Unix or something) and It sparked my
interest.
--
××××××××××××××××××××
Nean
[EMAIL PROTECTED]
××××××××××××××××××××
------------------------------
From: "almis" <[EMAIL PROTECTED]>
Subject: The fish that BP never caught.
Date: Mon, 10 Apr 2000 16:55:55 -0500
So which is it :
Lorenz machine or
Lorentz machine ?
...al
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: permutation polynomials (more)
Date: Mon, 10 Apr 2000 22:02:35 GMT
Mike Rosing wrote:
>
> Tom St Denis wrote:
> >
> > Is it possible to have a permutation polynomial P(x) actually form a
> > complete cycle? For example
> >
> > a = P(0)
> > for i = 1 to 255 do
> > a = P(a)
> >
> > And end up at (a = 0) at the end? [this is of course in Z(256)].
>
> In principle yes, all you need is a primitive polynomial.
>
> The higher the degree of the polynomial, the more non-linear it is.
> I suppose you also want to pick it so you don't have any roots that
> are integers in the range of your input, but that's not clearly
> necessary. Looks like you're having fun in any case :-)
Since the polynomial is not modulo a prime, I don't think there is a
primitive polynomial... is there?
And yeah I have made a hash (http://24.42.86.123/hash.c) based on it
already :-)
Tom
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: DDJ Crypto books upgrade
Date: Mon, 10 Apr 2000 17:35:03 -0400
After fighting the V1 edition "browser" once again, I took a look
at the Doctor Dobbs website to see if I could find an upgrade
deal to get the new (PDF format) Crypto books CDROM.
Didn't find that but found a customer service contact.
A few email messages later I was told this:
"yes, i have been giving out free pdf versions
of the cd to whomever has contacted that has
purchased the previous cd. feel free to mention
it if you like."
So there you have it. If you have V1 of the DDJ Crypto Books
CDROM, and would like V2, contact Michael Calderon <[EMAIL PROTECTED]>
I'd say this is excellent news. My compliments to
DDJ for handling things this way!
paul
--
!-----------------------------------------------------------------------
! Paul Koning, NI1D, D-20853
! Lucent Corporation, 50 Nagog Park, Acton, MA 01720, USA
! phone: +1 978 263 0060 ext 115, fax: +1 978 263 8386
! email: [EMAIL PROTECTED]
! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "A system of licensing and registration is the perfect device to deny
! gun ownership to the bourgeoisie."
! -- Vladimir Ilyich Lenin
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: DES
Date: Mon, 10 Apr 2000 22:07:43 +0000
Nean Drake wrote:
> Recently, an online friend gave me an encrypted password of root access to
> his school. He asked if I could help crack it.
You might want to re-think this or clear it with a faculty member before
starting -- people have gotten kicked out of school for cracking root
passwords without authorization. Given permission, it's a useful exercise
in general because you can help establish whether somebody picked a weak
password and encourage them to correct it, as well as teaching yourself
about attacks that will work on this stuff.
> This friend of mine told me it's encrypted in DES-10. I've heard nothing
> about that encryption (only DES).
Sounds like he's talking about UNIX crypt (3). This isn't DES-10 (an
undefined concept so far as I know), but rather a DES that's modified
in a key-dependent way, then iterated 25 times.
> So this message comes down to this:
> Can anyone be kind enough to tell or give me any more files on cryptography
> that mayt help me more?
Look for Alec Muffett's "Crack" program, and start throwing word lists
at it. Other Unix password crackers are available, but that's the most
flexible one I know of.
Since Unix passwords are (in effect) only 8 characters long, it's sometimes
sufficient to do a brute force search over all lower-case passwords: at
most about a 38-bit search, which is at the high end of palatable for
a single workstation. Passwords that use the full range of more or less
printable characters correspond to more like a 52-bit search, which
(multiplied by the 25 iterations of DES) is outside the palatable range;
thus you need to rely on a dictionary attack and hope for the best.
Also possible is "practical cryptanalysis", which of course exposes you
to greater risks if it's an unauthorized activity.
--
Jim Gillogly
Mersday, 20 Astron S.R. 2000, 21:53
12.19.7.2.0, 5 Ahau 3 Pop, Fourth Lord of Night
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: Mon, 10 Apr 2000 22:01:50 GMT
Mok-Kong Shen wrote:
> I mentioned in a previous post that one could probably use the
> Kolmogorov complexity.
Not really. Your starting question assumed a _finite_
sequence of bits. The interesting results of Kolmogorov
theory describe the complexity of infinite sequences or
infinite sets of finite strings.
The Kolmogorov complexity of a finite sequence depends upon
the language in which we write the programs. It could be
any positive integer for any string.
[...]
> Thus, with such a measure, a sequence of all 0 has indeed less
> entropy than another with rather random distribution of 0 and 1.
Given a string of, say, a million zeros and a "random"
million-bit string, Kolmogorov complexity does not say which
is more complex.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Help a beginner to find...
Date: Mon, 10 Apr 2000 22:24:09 GMT
Nean wrote:
>
> I am a beginner in search for help in cryptonalysis(I only read one FAQ).
> Could you help me find tutorials(free) on cryptography and breaking the
> code? I am new and it suddenly interested me. Someone gave me a code he
> needed help in breaking(Linux or Unix or something) and It sparked my
> interest.
Although I am byfar no expert the simplest way for me to be able to spot
no-nos is to a) make mistakes, b) repeat step a. Basically design a
simple silly method, like
Ek(M) = M xor k
and try to figure out why it's weak, then make something harder like
E(k, r, k')(M) = ((M xor k) <<< r) xor k', and break that.... etc...(<<<
denotes a cyclic shift)
Of course these ciphers are really silly and simple for the newbie they
are quite a challenge.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Die Hard Test?
Date: Mon, 10 Apr 2000 22:26:00 GMT
Simon Johnson wrote:
>
> What is this test. And where can i get it from.
> I presume its for testing the quality of pesudo random streams?
> How does it work?
It applies a series of games/etc and looks to see if you're stream were
'truly' random it would pass the game/test a certain amount of times.
By no means is Diehard the last word, but you can normally tell when
there is a bias in your rng you will get a series of outputs [called
p-values] that lean towards 0 or 1.
You know if somethins really is wrong if you get more then 1 or 0 in a
row [same test].
As for where you get it? I dunno...
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: strength of altered vigenere cipher?
Date: Mon, 10 Apr 2000 22:28:19 GMT
[EMAIL PROTECTED] wrote:
>
> I am working on a program that uses an altered version of the Vigenere
> cipher to encrypt some information. The main difference in my version
> of the cipher is that the key is generated to be as long as the message
> itself, so that the key does not have to be repeated (and thus may be
> broken).
> Also, rather just the alphabet being used, I use every ASCII character
> from 0 to 255, and since the text to be encrypted is partially
> numerical and uses some special characters anyway (being computer
> data), that should eliminate the use of frequency analysis as well.
>
> My question is: Is a Vigenere cipher, regardless of length,
> uncrackable, if the key is as long as the message itself?
The key has to be random in this case and then it's called an OTP. You
can use a secure prng in a non-OTP system which is called a stream
cipher.
So your 'modification' is secure iff solving your prng is difficult.
Tom
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The fish that BP never caught.
Date: Mon, 10 Apr 2000 22:39:50 GMT
"almis" <[EMAIL PROTECTED]> wrote, in part:
>So which is it :
>Lorenz machine or
>Lorentz machine ?
Neither.
One of the fishes, the tunny, was the _Lorenz_ machine. But the one
they never caught was the _sturgeon_, from Siemens.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Mersenne RNG, RNG questions
Date: Mon, 10 Apr 2000 16:31:51 -0600
In article <JybI4.45769$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... sci.crypt.random-numbers ]
> Did the vote on that pass? I didn't even know there was such a beast.
Yes (by a wide margin).
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: strength of altered vigenere cipher?
Date: Mon, 10 Apr 2000 22:42:12 GMT
[EMAIL PROTECTED] wrote, in part:
>My question is: Is a Vigenere cipher, regardless of length,
>uncrackable, if the key is as long as the message itself?
No, unless the key is also completely random. (It also must be
completely secret, for example, by not being used somewhere else for
another purpose.)
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Skipjack algorithm.
Date: Mon, 10 Apr 2000 22:45:56 GMT
CLSV <[EMAIL PROTECTED]> wrote, in part:
>One of the official remarks on the algorithm is
>that the length of its keys can not be extended.
I remember Bruce Schneier saying that attempting to extend the length
of its keys would be unsafe.
And there is no official statement that the length of the keys _could_
be extended; the definition of the algorithm was simply presented as
is.
But I don't believe there was an official statement one way or another
about what would happen to its security if it were modified. We have
to figure that out ourselves, by studying the algorithm. Myself, I
think a 112-bit key appears to be possible, but I don't claim to be
qualified to do the full analysis required to determine if this really
is so.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Encode Book?
Date: Mon, 10 Apr 2000 22:41:13 GMT
[EMAIL PROTECTED] (Paul Rubin) wrote, in part:
>Title is "In Code, a Mathematical Odyssey" by Sarah Flannery and David
>Flannery.
I guess I should not be surprised.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Mersenne RNG, RNG questions
Date: Mon, 10 Apr 2000 22:52:13 GMT
James Thye <[EMAIL PROTECTED]> wrote, in part:
>Put quickly: Does anyone have any opinions of Mersenne Twister PRNG?
I remember coming across that name when searching for PRNG
information; I think it was considered questionable for conventional
PRNG use, which would probably eliminate it from cryptographic
consideration.
>Second question: Can a questionable PRNG be improved by XORing its
>output with a cryptographic based PRNG, or would the new period be the
>Greatest Common Multiple of their respective periods?
Yes to both halves of that. The XOR of a questionable PRNG with a good
PRNG would be as good as the good PRNG, which would be an improvement.
The period of the XOR of two PRNGs is the _least_ common multiple of
their respective periods, and that is an invariable rule.
Now, the question that's worth asking is: can a cryptographic-quality
PRNG be improved by XORing its output with a questionable PRNG with a
longer period? (That might even have been the question you _meant_ to
ask.)
Some people might well say no; I'd tend to say that, yes, you would
get a little improvement - particularly if the questionable PRNG also
had a bigger key than the 'good' PRNG, in which case it would at least
serve as whitening.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
