Cryptography-Digest Digest #564, Volume #11 Mon, 17 Apr 00 14:13:01 EDT
Contents:
Re: Paper on easy entropy ([EMAIL PROTECTED])
Re: Letter frequencies ("Rob Kings")
Re: ? Backdoor in Microsoft web server ? [correction] (Jerry Coffin)
Re: Why encrypt email... ("Rob Kings")
Re: Q: NTRU's encryption algorithm (Mike Rosing)
Re: AND on encrypted data (Mok-Kong Shen)
Re: GOST idea (Mok-Kong Shen)
Re: Paper on easy entropy (Mok-Kong Shen)
Re: GOST idea (Mok-Kong Shen)
Re: Paper on easy entropy (Mok-Kong Shen)
Re: Biggest Public-key Cryptography Crack Ever (Mike Rosing)
Re: ? Backdoor in Microsoft web server ? [correction] (Mike Rosing)
Re: For Mike Rosing (by JOKER) (Mike Rosing)
Re: Prngxor with substitution? (Mok-Kong Shen)
Re: Help with Exponentiation Cipher (Mark Wooding)
Re: AND on encrypted data (Jim Reeds)
Re: My STRONG data encryption algorithm ("John E. Kuslich")
Re: Regulation of Investigatory Powers Bill ("Stou Sandalski")
Re: ? Backdoor in Microsoft web server ? [correction] (Mok-Kong Shen)
Sony's Playstation2 export-controlled (Mok-Kong Shen)
Re: ? Backdoor in Microsoft web server ? [correction] (Mok-Kong Shen)
Re: Paper on easy entropy (Francois Grieu)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Paper on easy entropy
Date: Mon, 17 Apr 2000 16:25:38 GMT
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> ... but the rest of us may consider it a hostile act. TMK there is no
> mechanism whereby a macro virus can infect a ps or pdf file.
Actually, postscript can be used to do ugly things to your printer or
typesetter, although I suppose it's not so much of an issue for
software. Really though, if this is an attempt to spread a macro
virus, he's aiming at a really small target. :)
The warning is prudent though, I tend to forget I have macros diabled.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: "Rob Kings" <[EMAIL PROTECTED]>
Subject: Re: Letter frequencies
Date: Mon, 17 Apr 2000 17:23:45 +0100
A book with this information (including digraphs and trigraphs) is
Cryptanalysis by Helen Fouche Gaines. you can get it from www.amazon.co.uk
(.com) if you want it new or www.bibliofind.com if you don't mind an old
one.
Cheers
Rob
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: ? Backdoor in Microsoft web server ? [correction]
Date: Mon, 17 Apr 2000 10:31:04 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> How about having software certification by some official bodies?
> To my knowledge, compilers of some programming languages could be
> certified at some centres.
I doubt this would work nearly as well with security products as with
compilers. The difference is fairly fundamental: with a compiler you
have a well defined set of inputs that should be accepted, another
(usually somewhat less defined) set that should be rejected, a
reasonable definition of what a particular program should do, and so
on.
With security, things are a lot more wide-open. If you start with a
VERY small part of it that's well-defined, you can at least get
somewhere. For example, certifying that a particular product has a
correct implementation of SSL 3.0 or L2TP is probably possible.
Likewise, it would be quite easy to certify that a particular
implementation of an algorithm correctly encrypted/decrypted some set
of test vectors.
By itself those doesn't mean much though: if you can bypass the
encryption, it doesn't make much difference whether it was
implemented correctly. A spec like SSL defines a framework within
which it might be possible to produce a secure product, but a correct
implementation doesn't gurantee anything of the sort -- e.g. see the
Counterpane writeup on their cryptanalysis of MS's VPN code. The
code met the spec. The spec is good enough that a product CAN
implement it and (at least AFAIK) be reasonably secure. For better
or worse, it's quite apparently also possible to implement the spec,
and still have a terribly insecure product.
I doubt this is going to change anytime soon either: it's simply
impossible for anybody writing a spec to foresee all the says in
which a weenie might screw things up.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: "Rob Kings" <[EMAIL PROTECTED]>
Subject: Re: Why encrypt email...
Date: Mon, 17 Apr 2000 17:35:19 +0100
I agree with what a lot of the others have been saying. Most people do not
know enough about computers to understand the question of whether or not
they should use encryption. Many of my users (the National Health Service in
the UK) are still struggling with their word processor or spreadsheet, let
alone worrying about encryption.
In addition, it's difficult, at the moment, to make strong encryption easy.
PGP and the like may be very strong, but used badly they can be bypassed.
You read lots of statistics about key space and how many lifetimes of the
universe they might take to 'brute-force' However, if this were ever the
case we'd still be struggling to read Enigma.
I could probably ring 1/2 of my clients and ask for a password and be given
it. (I could probably walk out of most of their offices holding the PC! )
Until it becomes seamless then it isn't going to happen. It would have been
like trying to get my clients to UUEncode binary files in order to e-mail
them to me 5 or 6 years ago - Just not going to happen.
It is a problem, because in the meantime we get still-born ideas like the
NHSNet, which is a slow, expensive, and difficult to use way of doing
something that cold have been done easier with encryption and the existing
internet.
Jsut my 2P worth.
Rob
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Q: NTRU's encryption algorithm
Date: Mon, 17 Apr 2000 10:47:59 -0500
Mok-Kong Shen wrote:
>
> Diet NSA wrote:
> >
>
> > The NTRU website already explains the math involved. Considering
>
> That's unfortunately too meagre for my poor knowledge status. I
> like to learn more about the 'truncated polynomial rings' in general.
The papers listed are pretty well self contained. Check these out:
http://www.ntru.com/tech.technical.htm
NTRU: A Ring Based Public Key Cryptosystem
Jeffrey Hoffstein, Jill Pipher,
Joseph H. Silverman
in Algorithmic Number Theory (ANTS
III), Portland, OR, June 1998, J.P. Buhler (ed.), Lecture Notes in
Computer Science 1423,
Springer-Verlag, Berlin, 1998,
267-288. (copyright 1998, Springer-Verlag)
Abstract, Table of Contents, and
Introduction
Polynomial Rings and Efficient Public
Key Authentication
Jeffrey Hoffstein, Daniel Lieman,
Joseph H. Silverman
in Proceeding of the International
Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99), M.
Blum and C.H. Lee, eds.,
City University of Hong Kong Press,
to appear.
Abstract and Table of Contents
Polynomial Rings and Efficient Public
Key Authentication II
Jeffrey Hoffstein and Joseph H.
Silverman
MiniPASS: Authentication and Digital
Signatures in a Constrained Environment
Jeffrey Hoffstein and Joseph H.
Silverman
The operations are over a ring rather than a field. Not every element
has an
inverse. However, some elements do have inverses, and they pick those
for
encoding. I should probably read it again, so beware of my comments and
read it yourself!
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: AND on encrypted data
Date: Mon, 17 Apr 2000 19:03:49 +0200
Tony T. Warnock wrote:
>
> Actually the operation table for ADD (modulo 2**k) and XOR (on k-bit words) are
> permutations of each other. The same is true for subtraction or several other
> not-so-obvious operations. The statistics of the output are the same no matter
> which operation is used. Any of these methods is useful for combining
> pseudo-random number generators as the resulting distribution gets closer to
> uniform.
If XOR is used, the analyst could study a subset of the bit
positions independent of the rest. This is not possible with
ADD mod 2^n due to carry-overs. Or am I pondering on a wrong
track? Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: GOST idea
Date: Mon, 17 Apr 2000 19:04:35 +0200
Tom St Denis wrote:
>
> Mok-Kong Shen wrote:
> > > Maybe I misunderstood. My point is the following: If v is the
> > > input and w the output and one knows that between v and w there
> > > is a certain avalanche property, i.e. the effect of flipping
> > > one bit of v. Now suppose I have a mapping of u to v that is a
> > > permutation. Two values u1 and u2 differing only in one bit
> > > may have the corresponding values v1 and v2 differing in many
> > > bits and their resulting effect on a comparison between w1 and
> > > w2 may not be simple to tell.
> >
> > Addendum:
> >
> > Could you please give a literature reference to the fact that
> > the function you gave previously is a permutation?
>
> 2x^2 + x mod 2^w is a permutation polynomial of x. Hmm I got the idea
> from a paper on Rivest's site, and I can email a copy if you want.
But in your post of 16th April you said you are working in GF(2^w).
Now GF(2^w) has characteristic 2, so 2x^2 = 0, if I don't err.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Paper on easy entropy
Date: Mon, 17 Apr 2000 19:05:04 +0200
Tom St Denis wrote:
>
> You type at the keyboard, I then make an order-0 model of the input and
> calc the estimated entropy from that. For example the string
> 'ogt93trwebfwejkfbhwujhtuih3tlkgkw' contains an estimated 2.01 bits per
> char of entropy (66.54 bits total).
>
> To calc the entropy I just do the sum of -log2(Pi) for all Pi != 0.
> Where P is a list of probabilities for each symbols and 'i' is an index
> into that list. It's not hard at all to calculate and I even include a
> snippet of source todo it in my paper.
Allow me posing another question. Could you supply a literature
reference to the said 'order 0 model', including perhaps other
relevant theories to compute the entropy in the way you do?
Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: GOST idea
Date: Mon, 17 Apr 2000 19:04:49 +0200
Tom St Denis wrote:
>
> Mok-Kong Shen wrote:
> > Maybe I misunderstood. My point is the following: If v is the
> > input and w the output and one knows that between v and w there
> > is a certain avalanche property, i.e. the effect of flipping
> > one bit of v. Now suppose I have a mapping of u to v that is a
> > permutation. Two values u1 and u2 differing only in one bit
> > may have the corresponding values v1 and v2 differing in many
> > bits and their resulting effect on a comparison between w1 and
> > w2 may not be simple to tell.
>
> With the original F function flipping one bit of the input changes only
> two bits on avg of the output. In the next round there are hopefully
> two active sboxes now... etc..
>
> With the quadratic changing a lsb can change several sboxes. It's not
> guranteed to increase the active sbox count but it does help. For
> example if you change any of the top four bits, then there is still only
> one active sbox. But in the next F function those active bits are
> somewhere in the middle of the register (cause of the cyclic rotation of
> 11 bits). Now when they go thru the F function they are going to cause
> with a high probablity more then one other sbox to become active.
As far as I understand, it is very important to examine the
avalanche property of one single round very carefully. For many
rounds, one can heuristically expect a better effect. But if
you compare two different S-boxes, you have to look whether
the one is superior to the other in one round, for otherwise
your are likely to get confused by your data for many rounds,
I am afraid.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Paper on easy entropy
Date: Mon, 17 Apr 2000 19:04:58 +0200
Tom St Denis wrote:
>
> Ok you can get a pdf from http://24.42.86.123/files/entropy.pdf
It is better to publish as HTML file, so that there will not be
any problem of tools for reading the different file formats
(you would save the troubles of quite a number of people, as the
many follow-ups have shown) and still better to post in addition
an abstract to this group.
M. K. Shen
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Biggest Public-key Cryptography Crack Ever
Date: Mon, 17 Apr 2000 10:58:46 -0500
John Myre wrote:
>
> Wouldn't that be 7 bits, because of the square root?
>
> And this also assumes, of course, that 1/10 is a consistent ratio,
> within a the relevant range of field sizes. Those that advocate
> random curves are, I think, making the conservative assumption that
> even smarter (faster) shortcuts are going to turn up.
>
> Who knows, eh? It's crystal ball time...
For GF(2^m) the reduction is sqrt(log2(m)). So the time to crack goes
as
sqrt(p/log2(m)) instead of sqrt(p). From an engineering perspective,
that
factor is pretty easy to deal with. The cracking effort still grows
exponentially, there's nothing sub-exponenetial about it.
It still took 10,000 machines several months to crack a 109 bit code on
a
Koblitz curve. For every 2 bits we add to that, the amount of effort
still
doubles. An 8 bit microcontroller running a 160+ bit Koblitz curve will
be a target for cutting open, ain't gonna be cracked too soon!
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: ? Backdoor in Microsoft web server ? [correction]
Date: Mon, 17 Apr 2000 11:13:17 -0500
Francois Grieu wrote:
>
> BTW: how would you define "weenies" ? It is not in my dictionary.
weak, small, wimpy and just a general "disrepectful" term, but mild.
Mostly used by children aged 9-12. But obviously, not alwasy :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: For Mike Rosing (by JOKER)
Date: Mon, 17 Apr 2000 11:17:58 -0500
José Antonio Fuentes Fernández wrote:
>
> Fist, thanks for your answer. But my idea is that I give an exe file
> (which you can put a word, number or date and it give the encryption) to
> someone (or some institution) and he prove to discover the cryptosystem. I
> want to say if someone can prove to destroy my cryptosystem and if a give him
> some encryption word he can give the original word.
> Another time thanks (and sorry for my English)
That's kind of the opposite of good ettiquite. You usually want
an algorithm analyzed, so you have to describe it in detail. The
code is secondary and not that useful. It can be reverse engineered,
but that's not going to happen unless people can steal a lot of
money that way. So, if you want to protect real things, you should
go thru the process of open evaluation. If you want to lose your
shirt, proceed with obfuscation. Like Microsoft :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Prngxor with substitution?
Date: Mon, 17 Apr 2000 19:26:37 +0200
David C. Oshel wrote:
>
> Is there a name for this algorithm? Suppose I use Mersenne Twister, by all
> accounts a very nicely distributed long period PRNG, to index a large
> substitution table of genuinely random bytes, such as maybe Marsaglia's CD or
> that large file at SGI's lava lamp web site, replacing the PRNG's uint32 with
> the table's uint32, and collapsing those four bytes into the "next" byte of
> the Prngxor cipher?
Do I understand correctly that each column of your table is a
permutation of 0-255? (It couldn't be 'arbitrarily' random which
would have duplicated entries!) The problem is you have to create
(or store) that very large number of columns. I used in one of my
humble designs therefore a user-chosen limited number of columns
and let a PRNG to select the columns. (This substitution is only
part of the operations done in one round of my algorithm.)
M. K. Shen
==========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Help with Exponentiation Cipher
Date: 17 Apr 2000 17:26:43 GMT
Monkey Boy <[EMAIL PROTECTED]> wrote:
> I have a problem for my math class with has the code
>
> 2336 1523 3139 0139 1289 0816 0932 2820 0240 2332 0431
>
> it uses the key (e,p) (1925,3209) and assumes a=01, b=02 etc
>
> I figured d to be 5
Well, you're halfway there, then.
The important things to note here are:
* p is prime. Hence phi(p) = p - 1.
* e and phi(p) are coprime.
You've correctly found d so that d e = 1 (mod phi(p)). Now all you need
to know is that
m^{e d} = m^{k phi(p) + 1} = (m^{p - 1})^k m
Then apply Fermat's little theorem, and *presto* you have rediscovered
the Pohlig-Hellman symmetric cipher (US patent no. 4,424,414).
As an extra clue, the final two letters of the ciphertext are `LX'.
-- [mdw]
------------------------------
From: Jim Reeds <[EMAIL PROTECTED]>
Subject: Re: AND on encrypted data
Date: Mon, 17 Apr 2000 17:26:19 GMT
Tony T. Warnock wrote:
>
...
> Actually the operation table for ADD (modulo 2**k) and XOR (on k-bit words) are
> permutations of each other...
This is so totally false, even for k=2, that I cannot refrain from
splutter. The two operation tables are both Latin squares, but
the two squares are not isotopic: neither can be obtained from
the other by permuting the rows, permuting the columns, and
permuting the values of the symbols in the tables. One way to see
this is to take two adjacent rows in the ADD table and chain them
together: starting with the first 2 rows in the k=2 table, for
instance, we have 0123 and 1230, which chain to (0123), a 4-cycle.
No two rows of the XOR table gives rise to a 4-cycle this way;
you always get things like 0123 and 1032 yielding (01)(23).
--
Jim Reeds, AT&T Labs - Research
Shannon Laboratory, Room C229, Building 103
180 Park Avenue, Florham Park, NJ 07932-0971, USA
[EMAIL PROTECTED], phone: +1 973 360 8414, fax: +1 973 360 8178
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: My STRONG data encryption algorithm
Date: Mon, 17 Apr 2000 10:43:21 -0700
Spilling and grammer should not so easily bypassed be. Pople may fail to
appreciatte your math skills if there exist in your papers and works of
kinds of thinkgs like this and even especially if the page and file format
prisn tattion is clean and sort of looking very good otherwise and stuff.
At a minimum, get a spiel checkker and use it!!
Otherwise peoople may think when you write an arrogant critical respnse to
someone's werk you may not even know what the hek youar talking about!!
I personnelly use a spieel chekker all the time but I am constantly
surprised to find out how many words it doesn't know how to spiell korectly.
Har to get good software these days.
(When you are able to snatch the spell checker from the Internet, you may
leave the monastery and enter the world where you may be critical of others.
Until that time, grasshopper, go gently into that dark night and do not rage
against the dying of the light...)
JK
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Nobody Home wrote:
> >
> > Tom St Denis <[EMAIL PROTECTED]> wrote:
> >
> > >Hehehehe, I was like this once, basically it looks like a salted
> > >Vinegere cipher (spelling?). Which given the length of the passphrase
> > >is trivial to break. Your usage of random() to increase the entropy of
> > >the key is not going to work, so your essentially limited to the
> > >passphrase.
> > >
> > >Essentially this is not at all secure, but keep up the research, I
> > >started this way too...hehe
> >
> > I know how you feel, Tom. I remember back in grade school when my
spelling,
> > grammar, and punctuation were as bad as yours, hee hee hee.
>
> Hey grammar is not my strong point. I am trying to develop my math
> skills (which is not easy on my own).
>
> Tom
------------------------------
From: "Stou Sandalski" <tangui [EMAIL PROTECTED]>
Crossposted-To: alt.security.scramdisk,alt.computer.security
Subject: Re: Regulation of Investigatory Powers Bill
Date: Mon, 17 Apr 2000 10:46:08 -0700
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Stou Sandalski wrote:
>
> > "Mikey B" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
<Snip>
> > research facilities (am not very sure about that... but by striking
> > somethign with the "Threat to national security" stamp everything
becomes
> > ok)
>
> Actually this is false. There is no action or declaration by any
government
> agency that can suspend a citizen's constitutional rights. However, the
citizen
> can voluntarily disclaim those rights, as for example happens when you
accept a
> job requiring a security clearance, enroll in a school, visit an airport,
etc.
>
Actualy its partialy true, you do have to sign something when working at a
top security place that makes your rights go bye bye. but in the case of
school I am right. In the US by law you are required to go to school if you
are under 18, also by law your rights are mostly suspended while you are at
school. just because you are under 18 does not make you any less of a
citizien. actualy you don't have to be a citizen for this to apply to you
(the school part, also aliens have the same rights in the US as if they were
citizens).
Stou
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: ? Backdoor in Microsoft web server ? [correction]
Date: Mon, 17 Apr 2000 19:59:10 +0200
Jerry Coffin wrote:
>
> I doubt this is going to change anytime soon either: it's simply
> impossible for anybody writing a spec to foresee all the says in
> which a weenie might screw things up.
I have less concrete information than about compilers, but to
my knowledge there are operating systems that have acquired
certificates of attaining certain security levels. I mean, if
some software has been similarly certified to be o.k. and later
found to contain backdoors, then the official body examining that
would be responsible.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Sony's Playstation2 export-controlled
Date: Mon, 17 Apr 2000 19:59:25 +0200
I read in today's newspaper that Sony's PlayStation2 (there
were mentions to it in some recent threads of this group) is
under export control of Japan. This seems to indicate that
its 128 bit processor is indeed very powerful. If AES turns
out to be extremely efficient to run on a dedicated processor,
wouldn't the bureaucrats immediately ban its export in a
similar action? Just a tiny thought.
M. K. Shen
======================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: ? Backdoor in Microsoft web server ? [correction]
Date: Mon, 17 Apr 2000 19:59:20 +0200
Francois Grieu wrote:
>
> Understandably, the focus is on another vulnerability:
> a subsequently discovered potential for a buffer overrun,
> which can lead to a denial of service attack, or conceivably
> [IMHO assuming the attacker is immensely clever and lucky]
> to arbitrary code being run.
I have never studied the details of any hacks that exploit
buffer overflows, but I remember that more than a decade
ago the problem was already known to be one of the security
holes of some components of the UNIX system of that time.
Can buffer overflow remain today an excusable software flaw
in security relavant software? Where are the scientific
advances in software quality control during all these years?
M. K. Shen
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: Paper on easy entropy
Date: Mon, 17 Apr 2000 20:00:38 +0200
Tom St Denis <[EMAIL PROTECTED]> wrote
> a mini paper discussing a method of extracting entropy from the
> keyboard. It's at <http://24.42.86.123/files/entropy.ps>
The formula and code for the entropy estimator is wrong.
Messages "az" and "zaazaazazazaazzaazzzazzazzazazaaazaz"
are assigned the same entropy, 2.
How could the entropy be independant of the length of the
message ?
If I am not mistaken, the entropy formula for a message,
assuming symbols are independant, is indeed
H = -sum log2(Pi) for i = 1 to n
but n is the number of symbols in the message [not the
possible number of symbols], and Pi is the probability
the ith symbol had to have whatever particular value it
happens to have.
Let us assume we assimilate Pi with the frequency of that
particular symbol in the message (which is wrong, but better
than nothing). If we note Cj the number of symbols with
value j, we get
H = -sum Cj*log2(Cj/n) for j varying over symbols
This formula may be wrong, but at least bigger messages
give more entropy, and it handle the case of low frequency
symbols more nicely.
On the other hand, any 1 symbol message has 0 entropy, which is
ridiculous. But at least one could demonstrate this formula is
on the safe side, right ?
Wrong, because symbols are not independant in real life !
This formula fails to take into account that a user is more
likely to enter
"aaaaaaaaaaaaaaaaaazzzzzzzzzzzzzzzzzz"
than "zaazaazazazaazzaazzzazzazzazazaaazaz"
and will assign too much entropy (36 bits) to the first input.
Also, the paper misses that a lot of the entropy in keyboard
input is not the input itself, but the timing of keypress.
entropy != easy
Francois Grieu
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
