Cryptography-Digest Digest #624, Volume #11 Tue, 25 Apr 00 11:13:01 EDT
Contents:
Re: new Echelon article ("Trevor L. Jackson, III")
Re: Magnetic Remenance on hard drives. (Thor Arne Johansen)
Re: Requested: update on aes contest ("Trevor L. Jackson, III")
Re: factor large composite ("Trevor L. Jackson, III")
Re: papers on stream ciphers (Thierry Moreau)
Re: AES Style CAST Cipher (Tom St Denis)
Re: Requested: update on aes contest ([EMAIL PROTECTED])
Re: Requested: update on aes contest (Tom St Denis)
Re: sci.crypt think will be AES? (Jim Gillogly)
Re: new Echelon article ([EMAIL PROTECTED])
Re: sci.crypt think will be AES? (Tom St Denis)
Re: papers on stream ciphers ("Joseph Ashwood")
Re: sci.crypt think will be AES? (Jim Gillogly)
Re: OAP-L3: Secure, but WAY more dificult to use than other equally secure
programs (David Formosa (aka ? the Platypus))
Re: sci.crypt think will be AES? ("Joseph Ashwood")
Re: sci.crypt think will be AES? (Tom St Denis)
Re: papers on stream ciphers (Tom St Denis)
Need Large Integer Program ("David Fabian")
----------------------------------------------------------------------------
Date: Mon, 24 Apr 2000 13:46:15 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,alt.journalism.print,alt.journalism.newspapers
Subject: Re: new Echelon article
Diet NSA wrote:
> In article <
> [EMAIL PROTECTED]>, "Trevor
> L. Jackson, III" <[EMAIL PROTECTED]>
> wrote:
>
> >I think you missed the closing clause of my statement above.
> You are using the
> >"any benefit from gov't would not exist without gov't" fallacy.
> As was D. Gwyn
> >
> There are gov't benefits which have and
> could be privatized to varying degree.
> Neither D. Gwyn nor I implied any or all
> benefits. Your middle initial must stand
> for "loony".
>
> >More of the same fallacy.
> >
> When is the Wizard of Oz going to get
> back to you about that *brain* ?
>
> >However, if you refer to the original issue, I think you'll
> find that
> >feasibility of an unjust solution is not an adequate excuse for
> its imposition.
>
> Legally, the solution may not be unjust
> under Russia's constituion & laws. This
> issue would have to be decided by the
> relevant courts.
Legality has little or nothing to do with Justice, that's why she wears a
blindfold.
>
> >>
> >Those who "benefit". Society as a whole (or so the excuse
> goes), thus the
> >taxpayers.
> >
> Try telling this to the Russian taxpayers.
You mean you couldn't sell the benefits of the tax to the beneficiaries? Then
why in hell should _anyone_ pay for something nobody wants?
>
>
> >Anything it wants. Can you conceive of nothing it might want
> that you would not
> >surrender?
> >
> This is a vague and paranoid answer. You
> still have not described "realistically"
> nor specifically what the gov't is
> conspiring to do against me.
OK, see Twain and Mencken. As tidbits to ignite your imagination I offer "You
can craft a law to do anything" -- a sitting legislator, and "No man's purse is
safe while the legislature is in session" -- Twain.
>
>
> >Are you invulnerable to the actions of the government,
>
> No, but I'm not as paranoid as you are, so I
> don't waste my time imagining what the
> gov't might do to me.
>
> feel your insignificance
> >on their radar screen reduces the risk to tolerable levels,
>
> What radar screens and what risks?
>
> trust in the
> >intentions of bureaucrats,
>
> I don't automatically trust nor distrust
> bureaucrats. I am more likely to trust the
> intentions of politicians than your
> reasoning (and that's saying a lot).
>
> or feel your innocence is an adequate
> protection
> >against government misdeeds?
>
> No, I don't feel this.
>
> >No, I think they started the 20th century that way. The
> history (many
> >centuries) of that region is steeped in exploitation by
> invaders.
>
> I was referring specifically to
> Communism in Russia during the 20th
> century. Soviet-style Communism has
> caused more suffering and death than any
> other instituion, including the Third
> Reich.
Yeah, but why bother splitting hairs? Tyranny is tyranny whether German,
Russian, Chinese, or American.
>
>
> >Funny you should mention the revolutionary war, which was
> fought in opposition
> >to taxation, in support of a tax upon internet users.
>
> Wrong for 2 reasons. 1) The resistance
> was not against taxation, but against
> taxation without representation.
> 2) The
> internet did not exist before the 20th
> century.
What's this? All ethical and moral principles started with the Internet? You
work for Gore?
>
>
> >powers of a limited government -- given that you appear to
> consider the powers
> >of the gov't to be unlimited.
>
> I know that the government does not have
> unlimited powers, but you might believe
> this since what you write is so ridiculous
> that I might as well assume your beliefs
> are the opposite of what you imply.
> >
> >Which of us lacks a historical perspective?
> >
> You do, in addition to lacking a reality
> perspective. I have carefully written
> down your views, and hope to make a
> small fortune selling them as toilet
> paper.
Caveat emptor. ;-)
------------------------------
From: Thor Arne Johansen <[EMAIL PROTECTED]>
Subject: Re: Magnetic Remenance on hard drives.
Date: Mon, 24 Apr 2000 20:07:50 +0200
Guy Macon wrote:
>
[snip]
> If anyone
> in this conversation is passing on disinformation, it is those who
> say that your erased data is unrecoverable.
Passing on disinformation would be a malicious act.
I certainly have no malicious objectives when I argue that overwritten
data is unrecoverable. My arguments are based on the lack of public
documentation of successful recoveries of overwritten data.
Several people have stated in this thread that this is easy, and that is
done routinely by professional data recovery services. If this was true,
you would find advertisements using this as a competetive advantage. You
would also be able to have them recover your overwritten HD.
My point is that recovering overwritten data is NOT easy, it is NOT a
commercially available service, and it is NOT documented in the public
domain.
And I am NOT passing on disinformation saying all this.
[snip]
BR,
Thor A. Johansen
------------------------------
Date: Mon, 24 Apr 2000 13:51:52 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Requested: update on aes contest
Paul Koning wrote:
> stanislav shalunov wrote:
> > ...
> > You can like whatever you want. You can also use whatever you want.
> > But duliting standards for flexibility makes no sense. You get
> > FTP protocol on this road: a tremendously bloated and complicated
> > protocol for trivial purpose. Or IPSec.
>
> Say what you want about IPSec -- and arguably it is more
> complex than it needs to be. But it has one inarguable
> advantage: it's there, and it's being used.
>
> Available good security beats unavailable perfect security
> any day.
I'm not disputing your conclusion (I agree with it), but I'm curious as to how
you reached it. Is "IPsec == good security" an assumption or a conclusion
and, if a conclusion, how did you reach it?
>
>
> Since AES isn't just going to replace all existing ciphers,
> the argument that multiple AES algorithms requires negotiation
> mechanisms is a red herring. Of course it does, but you have
> to have those anyway. And negotiation mechanisms are not
> inherently complex. In fact, arguably every useable
> network protocol has negotiation of some sort in it,
> otherwise it is non-extensible (i.e., obsolete soon
> after publication). This is not rocket science, hasn't
> been for decades.
>
> paul
> --
> !-----------------------------------------------------------------------
> ! Paul Koning, NI1D, D-20853
> ! Lucent Corporation, 50 Nagog Park, Acton, MA 01720, USA
> ! phone: +1 978 263 0060 ext 115, fax: +1 978 263 8386
> ! email: [EMAIL PROTECTED]
> ! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
> !-----------------------------------------------------------------------
> ! "A system of licensing and registration is the perfect device to deny
> ! gun ownership to the bourgeoisie."
> ! -- Vladimir Ilyich Lenin
------------------------------
Date: Mon, 24 Apr 2000 13:55:49 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Paul Schlyter wrote:
> In article <[EMAIL PROTECTED]>,
> Richard Heathfield <[EMAIL PROTECTED]> wrote:
>
> > EP847 wrote:
> >
> >> Can anyone tell me what the fastest method of factoring a 2048 bit RSA key is
> >> ( i know the time will be *very* long )
> >> thank you
> >
> > The fastest method is to ask the guy who originally designed the key
> > what its factors are. Seriously.
> >
> > If he won't tell you, you can resort to bribery, I suppose. Naturally, I
> > stop short of recommending rubberhosing.
> >
> > Doing it the other way - the computery way - will take trillions of
> > years. But that's okay, because if you're prepared to wait a year or
> > two, computer technology will advance to the point where it will only
> > take billions of years, which is a big saving.
>
> And if you wait 4 years, it'll take only millions of years? After
> 6 years only thousands of years? After 8 years only a few years?
>
> Which means it'll actually take a decade or two.... that is if
> Moore's law remains valid over this time interval.... :-)
Aww, you went and did the math and spoiled it. The original post was so perfectly
Saganesque...
------------------------------
From: Thierry Moreau <[EMAIL PROTECTED]>
Subject: Re: papers on stream ciphers
Date: Mon, 24 Apr 2000 06:59:57 -0500
Joseph Ashwood wrote:
> > The session key management issue, that arises because
> stream ciphers
> > need a different key for each message (to resist the known
> weaknesses of
> > stream ciphers).
>
> I will ask only one thing, that you support your claim that
> there are given weaknesses of stream ciphers, if so what are
> they?
I was simply referring to basic understanding of a stream cipher
construction, e.g. Applied Cryptography, section 9.4 (if you send two
messages with the same key, XORing the two ciphertexts provides the two
cleartexts XORed together, and the passive eavesdroper might get a lot
of information out of this).
- Thierry
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: AES Style CAST Cipher
Date: Mon, 24 Apr 2000 18:17:56 GMT
Mike wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> > On a x86 you have seven 32-bit registers (four general purpose (which
> > includes 8 and 16 bit words)), those are EAX, EBX, ECX, EDX (general
> > purpose) and you can even use ESI, EDI and EBP as 32-bit registers.
> > *However* GCC does a full job of making use of the registers so
> > specifying "register int a" normally has *zero* effect on the code.
>
> Note: if you want GCC to use EBP in your code you have to use the
> option "-fomit-frame-pointer" when compiling, and this will make your
> code hard to debug with GDB :(
True, but you don't typically debug code like this, so you can choose
which files to compile this way....
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://24.42.86.123/search.html, it's entirely free
and there are no advertisements.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Requested: update on aes contest
Date: Mon, 24 Apr 2000 18:05:10 GMT
In article <[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> stanislav shalunov wrote:
> > Tom St Denis <[EMAIL PROTECTED]> writes:
> >
> > > Since the smartcards are only 0.25$ each they can be replaced
> > > easily, but replacing millions of copies of software could cause
> > > some uproar since many different applications will use it.
> >
> > Smartcards, hardware chips in millions of motherboards, all ATMs,
> > etc., are easier to replace than software programs?
>
> It shouldn't be in motherboards. I think all crypto should be in
> software simply because I would tend to trust what I can see more then
> what's inside a little IC.
Your little Pentium PC doesn't have the horsepower to keep up with
my bit rate. It's an order of magnitude too slow.
> > Three ciphers rather than one means there's no standard.
>
> Tough, I like twofish, you like serpent... we both suck or what?
Now there's a mature response. "Tough"???
> > It means additional complexity in software (need to implement more
> > ciphers, and need to implement logic to decide which one to use) and
> > in protocols (need to have cipher type negotiations).
>
> Not really more complex. I can handle upto 256 diff ciphers in pb3
> without any added overhead or problems. I don't see what the big deal
> is.
No added overhead? This is such a common misconception, often made by
(but not exclusively) programmers who are used to working on PC's.
The whole world doesn't completely revolve around PC's with hard
drives or large amounts of RAM (it only partially does :-).
> > I assume this additional complexity will somehow improve security of
> > the system in your mind.
>
> Added complexity? Where?
The added complexity of supporting multiple algorithms, in software OR
hardware, not to mention having additional logic to negotiate
which algorithm to use (which we probably need to have a standard for).
> > > Along with AES I propose that a prng be proposed. Say a counter
mode
> > > based on the AES cipher. Just so the document is complete.
> >
> > Well, whole array of cryptographic primitives should be
standartized:
> >
> > * One-way function;
> > * Collision-free one-way function;
> > * PRNG (more secure than an encrypted counter);
> > * A few protocols;
> > * PKE, PKS.
> >
> > This appears to be outside of the scope of AES.
>
> Broaden the scope then?
I believe AES is focused on exactly what it should be focused on.
A different group/competition/something that is seperate should
tackle the above items.
Marc
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Requested: update on aes contest
Date: Mon, 24 Apr 2000 18:27:46 GMT
[EMAIL PROTECTED] wrote:
>
> In article <[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> > stanislav shalunov wrote:
> > > Tom St Denis <[EMAIL PROTECTED]> writes:
> > >
> > > > Since the smartcards are only 0.25$ each they can be replaced
> > > > easily, but replacing millions of copies of software could cause
> > > > some uproar since many different applications will use it.
> > >
> > > Smartcards, hardware chips in millions of motherboards, all ATMs,
> > > etc., are easier to replace than software programs?
> >
> > It shouldn't be in motherboards. I think all crypto should be in
> > software simply because I would tend to trust what I can see more then
> > what's inside a little IC.
>
> Your little Pentium PC doesn't have the horsepower to keep up with
> my bit rate. It's an order of magnitude too slow.
It's not a pentium for what it's worth. I never said hardware is bad,
just for *my* purposes I like software better.
> > > It means additional complexity in software (need to implement more
> > > ciphers, and need to implement logic to decide which one to use) and
> > > in protocols (need to have cipher type negotiations).
> >
> > Not really more complex. I can handle upto 256 diff ciphers in pb3
> > without any added overhead or problems. I don't see what the big deal
> > is.
>
> No added overhead? This is such a common misconception, often made by
> (but not exclusively) programmers who are used to working on PC's.
> The whole world doesn't completely revolve around PC's with hard
> drives or large amounts of RAM (it only partially does :-).
For what it's worth I did say "Twofish in Hardware". At anyrate I
changed my mind (with the help from some sci.crypt posters). I think we
should narrow it down to one cipher, and it should be Twofish.
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://24.42.86.123/search.html, it's entirely free
and there are no advertisements.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Date: Mon, 24 Apr 2000 18:57:02 +0000
Tom St Denis wrote:
> I think Twofish will win the AES contest simply because it's the best we
> can see so far.
You've said this a few times in different ways, but I probably missed your
reasoning -- I haven't had time to read all the posts lately.
Why do you think Twofish is significantly better than (say) Rijndael, to
pick one of the other candidates?
--
Jim Gillogly
Mersday, 4 Thrimidge S.R. 2000, 18:55
12.19.7.2.14, 6 Ix 17 Pop, Ninth Lord of Night
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,alt.journalism.print,alt.journalism.newspapers
Subject: Re: new Echelon article
Reply-To: [EMAIL PROTECTED]
Date: Mon, 24 Apr 2000 18:43:37 GMT
On Sun, 23 Apr 2000 21:45:10 -0700, Diet NSA <[EMAIL PROTECTED]>
wrote:
>Nowadays, the CIA wouldn't be stupid
>enough to use its regular agents for
>assassination, if they were going to
>conduct such a mission. However, there
>are confirmed cases of the CIA using its
>agents to set up assassinations in the
>past. Remember that Pavitt is addressing
>*kids*, and he would probably have gotten
>in trouble if he said things that were
>inappropriate for children.
If the truth is inappropriate, is lying appropriate? That's apparently
the mindset going on at the CIA. Using that same defense, Tenet and
Hayden probably would get in trouble if they say things that were
inappropriate to the citizens, but that still is no excuse for lying
to them or hurting them financially. You admit the truth, apologize,
take your lumps and offer recompense (Won't happen unless it's
public, ask the Scorpion Ops Commandoes, the H'mong and Meo.: "They'd
rather eat their children than part with money." Prizzi's Honor) .
Every little kid learns that. It's not easy but it's the right thing
to do.
It's obvious that the U.S. has been using the capabilities of Echelon
and humint assets for years to scoop up economic information and pass
it along to specific U.S. corporations. Slick Willie just took it to a
new level, and became very open about requesting political
contributions in exchange for the goodies. Tenet and Hayden happen to
be in the indelicate position of defending the running of the op when
someone noticed the U.S. hands in the neighbors' cookies jar.
>>"You tried very hard to kill Castro," piped up a boy.
>>
>>"Those were times that are long gone," Pavitt said. "It was
>wrong
>>then, in my mind, and it is wrong today."
>
>
>If Pavitt has this same belief towards
>tyrants like Hitler (e.g., Saddam Hussein)
>then Pavitt is a fuckin' wuss- a pansy,
>and a disgrace to the history of America.
Quoting the bard:
>Remember that Pavitt is addressing
the public via a newspaper article
>and he would probably have gotten
>in trouble if he said things that were
politically incorrect.
>What if the CIA is not stealing, but is
>instead reading info which is supposed to
>be private? It might be wrong for a kid to
>read his sister's diary, but this is not the
>same as actually stealing the diary and
>running off with it.
You ought to be in government if you can justify an ethic and morality
breach that well. The fact is, the breach in this case is not just of
a philosophical definition of ethics and morality; it's financial and
the livelihood of American citizens they're screwing with. And not
just for the moment of the actual damage, but long term. Those
buttwipes at Langley and Fort George Meade are more than happy to
sacrifice others in their quest for patriotic glory because it doesn't
cost them if there's human collateral damage they never know about.
If they haven't guessed it, I'll tell them now: I never signed on to
be an unsung hero in an op I didn't know about but was involutarily
made a party to.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Date: Mon, 24 Apr 2000 19:20:32 GMT
Jim Gillogly wrote:
>
> Tom St Denis wrote:
> > I think Twofish will win the AES contest simply because it's the best we
> > can see so far.
>
> You've said this a few times in different ways, but I probably missed your
> reasoning -- I haven't had time to read all the posts lately.
>
> Why do you think Twofish is significantly better than (say) Rijndael, to
> pick one of the other candidates?
Why I like Twofish. It's fast, it's compact, it's versatile (speed/size
tradeoffs), it's designed sanely. It's also very good choice for
hardware. It's also secure the best attack breaks (without whitening)
only 6 rounds and doesn't work against the full algorithm.
While I think Rijndael and Serpent are perfectly secure algorithms, they
are not as versatile I don't think.
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://24.42.86.123/search.html, it's entirely free
and there are no advertisements.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: papers on stream ciphers
Date: Mon, 24 Apr 2000 12:42:35 -0700
> I was simply referring to basic understanding of a stream
cipher
> construction, e.g. Applied Cryptography, section 9.4 (if
you send two
> messages with the same key, XORing the two ciphertexts
provides the two
> cleartexts XORed together, and the passive eavesdroper
might get a lot
> of information out of this).
That only applies under two circumstances:
1) The stream cipher uses XOR, which is of course not
required
2) An IV is not used. Using an IV in some way has long been
considered the best way to use any encryption algorithm, not
just a stream cipher.
While it is true that most stream ciphers use XOR of the
output, it is not a rule that it must. I in fact think they
would be siginificantly more secure if another method was
used, even replacing XOR with another weak algorithm could
provide increased security. I ask you, if we don't consider
XOR strong enough to use alone, why would we consider it to
be the strongest option when used in a stream cipher?
Joe
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Date: Mon, 24 Apr 2000 20:19:06 +0000
Tom St Denis wrote:
> Why I like Twofish. It's fast, it's compact, it's versatile (speed/size
> tradeoffs), it's designed sanely. It's also very good choice for
> hardware. It's also secure the best attack breaks (without whitening)
> only 6 rounds and doesn't work against the full algorithm.
>
> While I think Rijndael and Serpent are perfectly secure algorithms, they
> are not as versatile I don't think.
By this do you mean you've identified types of applications where they don't
make as much sense as Twofish? Hardware, smart cards or something? I
assume you aren't referring to chaining modes or things like that, since
those are independent of algorithm.
Sorry to be so pushy, but I'd hate to see a ground-swell form that's based
only on "feelings" or on personal popularity of designers, and I wanted to
make sure there were real objective reasons behind the drum-beat.
--
Jim Gillogly
Mersday, 4 Thrimidge S.R. 2000, 20:14
12.19.7.2.14, 6 Ix 17 Pop, Ninth Lord of Night
------------------------------
From: [EMAIL PROTECTED] (David Formosa (aka ? the Platypus))
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Secure, but WAY more dificult to use than other equally secure
programs
Date: 23 Apr 2000 20:10:52 GMT
Reply-To: dformosa@[202.7.69.25]
On Sun, 23 Apr 2000 06:24:05 -0700, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote:
[...]
>All a cracker needs to do is determine what processes are run and how
>many times they are run and in what sequence they are run then the
>cracker must guess the true random numbers the user inputs for each
>process to duplicate the OTP files.
Then it is possable to creeate a better then brute force crack for
your system. All I do is list the nubers in order of how likely
people are going to use them. People already have created such lists,
and simply go threw it in order, I'll hit the correct decrytion faster
then I would if I did a random search threw the text.
--
Please excuse my spelling as I suffer from agraphia. See
http://dformosa.zeta.org.au/~dformosa/Spelling.html to find out more.
Interested in drawing platypie for money? Email me.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Date: Mon, 24 Apr 2000 13:15:27 -0700
While I too support Twofish, due in part to many things. I
believe that Rijndeal stands the best chance of becoming
AES, simply judging solely from the preferences expressed in
the paper
http://csrc.nist.gov/encryption/aes/round2/conf3/AES3Feedbac
kForm-summary.pdf
Rijndeal is the most favored, followed by serpent, twofish,
rc6, and distantly MARS respectively.
MARS received 83 votes for complete elimination, followed by
RC6 (37), Twofish(21), Rijndael(10), Serpent(7), with 6
abstentions.
Given these results alone one can see fairly easily that the
concensus is that MARS should not be the standard. These
results are also quite symmetric around keeping Rijndael,
Serpent, and Twofish for a kind of final 3, and eliminating
RC6 and MARS. A move that many of us have supported from the
beginning (although I will admit that I was not one of them
at the time).
Once I had the opportunity to review the candidates more, I
agree with the concensus that MARS and RC6 should be
discarded, they don't have the same strength of argument
behind believing them secure, and the attacks against RC6
have resulted in a rather narrow security margin, something
I am against.
Some people have supported using Rijndael with more rounds,
which may be an option, but will slow the entire system, and
has not been analyzed. Since it can be easily established
that having too many rounds actually weakens security and
the maximal round number has not been determined, I do not
support that option.
The paper I gave a URL to, it is also quite clear that the
involved believe there should be 1 and only 1 AES with 80%
of the people responding supporting 1 and only 1.
Basically I think that Rijndael had the best odds of
becoming AES. But I will still support having diversity,
just not in the standard.
Joe
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Date: Mon, 24 Apr 2000 20:23:43 GMT
Jim Gillogly wrote:
>
> Tom St Denis wrote:
> > Why I like Twofish. It's fast, it's compact, it's versatile (speed/size
> > tradeoffs), it's designed sanely. It's also very good choice for
> > hardware. It's also secure the best attack breaks (without whitening)
> > only 6 rounds and doesn't work against the full algorithm.
> >
> > While I think Rijndael and Serpent are perfectly secure algorithms, they
> > are not as versatile I don't think.
>
> By this do you mean you've identified types of applications where they don't
> make as much sense as Twofish? Hardware, smart cards or something? I
> assume you aren't referring to chaining modes or things like that, since
> those are independent of algorithm.
>
> Sorry to be so pushy, but I'd hate to see a ground-swell form that's based
> only on "feelings" or on personal popularity of designers, and I wanted to
> make sure there were real objective reasons behind the drum-beat.
> --
> Jim Gillogly
> Mersday, 4 Thrimidge S.R. 2000, 20:14
> 12.19.7.2.14, 6 Ix 17 Pop, Ninth Lord of Night
To be honest I can't see rijndael or serpent be that awful on most
platforms. I just think Twofish is more versatile. If it were upto me
I would pick them all :) But then we would be lost...
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://24.42.86.123/search.html, it's entirely free
and there are no advertisements.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: papers on stream ciphers
Date: Mon, 24 Apr 2000 20:24:58 GMT
Joseph Ashwood wrote:
>
> > I was simply referring to basic understanding of a stream
> cipher
> > construction, e.g. Applied Cryptography, section 9.4 (if
> you send two
> > messages with the same key, XORing the two ciphertexts
> provides the two
> > cleartexts XORed together, and the passive eavesdroper
> might get a lot
> > of information out of this).
>
> That only applies under two circumstances:
> 1) The stream cipher uses XOR, which is of course not
> required
> 2) An IV is not used. Using an IV in some way has long been
> considered the best way to use any encryption algorithm, not
> just a stream cipher.
>
> While it is true that most stream ciphers use XOR of the
> output, it is not a rule that it must. I in fact think they
> would be siginificantly more secure if another method was
> used, even replacing XOR with another weak algorithm could
> provide increased security. I ask you, if we don't consider
> XOR strong enough to use alone, why would we consider it to
> be the strongest option when used in a stream cipher?
> Joe
Because if the stuff you xor against the plaintext is cryptographically
secure, then the ciphertext is essentially random. So why use anything
else? XOR stream ciphers have the nice property of being their own
inverse too.
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://24.42.86.123/search.html, it's entirely free
and there are no advertisements.
------------------------------
From: "David Fabian" <[EMAIL PROTECTED]>
Subject: Need Large Integer Program
Date: Mon, 24 Apr 2000 15:57:53 -0500
Does anyone know a good Windows DLL that can process large integers?
I tried ftp://ripem.msu.edu/pub/bignum/lenstra-LIP-package.tar.gz, but my GZIP.Exe
says it is not in GZIP format.
Dave Fabian
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
