Cryptography-Digest Digest #626, Volume #11 Tue, 25 Apr 00 12:13:02 EDT
Contents:
Re: Requested: update on aes contest (stanislav shalunov)
Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don't let him in
..." (Russell Horn)
Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don't let him in
..." (Russell Horn)
Re: The Illusion of Security (Boris Kazak)
Re: web - prng (Tim Tyler)
Re: web - prng (Tom St Denis)
Re: What does XOR Mean???!!! (R124c4u2)
Re: Need Large Integer Program ("David Fabian")
Re: Need Large Integer Program (Tom St Denis)
Re: Need Large Integer Program ("David Fabian")
Re: quantum computation FAQ? ([EMAIL PROTECTED])
Re: Need Large Integer Program (Tom St Denis)
Re: quantum computation FAQ? ("Leo Sgouros")
Re: distributed factorisation using pollard rho method (Scott Contini)
Re: Need Large Integer Program (lordcow77)
Re: quantum computation FAQ? (David A Molnar)
Re: Requested: update on aes contest (Jerry Coffin)
Re: new Echelon article (Diet NSA)
Re: The Illusion of Security (Mike Kent)
Re: OAP-L3: Secure, but WAY more dificult to use than other equally secure
programs (Anthony Stephen Szopa)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Anthony Stephen Szopa)
Re: The Illusion of Security (Anthony Stephen Szopa)
----------------------------------------------------------------------------
Subject: Re: Requested: update on aes contest
From: stanislav shalunov <[EMAIL PROTECTED]>
Date: Mon, 24 Apr 2000 23:06:24 GMT
Jerry Coffin <[EMAIL PROTECTED]> writes:
> Including two or more algorithms in AES does NOT mean there is any
> "need to implement more ciphers". AES could include 10 different
> ciphers, and one particular product could still use exactly one
> cipher from that pool and comply with the standard.
Interoperability will require implementing more than one cipher, or
always implementing a particular cipher.
> Multiple ciphers in the standard does NOT imply any additional
> complexity in a system that implements the standard. AES (like DES
> before it) is a standard that specifies a pool of ciphers that have
> been studied and we all more or less agree to trust.
Cryptoanalytical resources aren't infinite. If three ciphers are
chosen, each might receive only one third of the attention a single
cipher would. (Or, more likely, there will be inequality of efforts.)
If an attacker learns something about any of the ciphers, your company
isn't safe--because it likely uses two hundred different encryption
products. You'd need to trust all ciphers, while attacker would gain
useful information by being able to attack any of them.
> probably the majority of ciphers deployed while DES was current have
> used other forms of encryption.
Reason being, in your opinion, unsuitability of DES for certain
applications? In my opinion the main reasons are political
(export/import controls and desires of government agencies).
A5 is weaker than DES. And the designers most likely knew it. There
wasn't any technical reason for them to use such a sparse polynomial,
for one thing.
--
stanislav shalunov | Speaking only for myself.
My address in From: is correct; if yours isn't, I don't want to hear from you.
Try to reply in newsgroup. I don't need courtesy copies.
------------------------------
From: Russell Horn <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.business.accountancy,talk.politics.crypto
Subject: Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don't let
him in ..."
Date: Mon, 24 Apr 2000 23:57:49 +0100
In article <[EMAIL PROTECTED]>, Philip Baker
<[EMAIL PROTECTED]> writes
>
>Obtained by whom, and in what circumstances?
The Home Secretary. I haven't seen the Scottish legislation, but imagine
it will point to the First or Deputy First minister.
See <URL: www.stand.org.uk> for lots of information.
--
Russell Horn
This edition of my .sig has been shortened due to industrial inaction.
Normal service will be resumed as soon as possible.
------------------------------
From: Russell Horn <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.business.accountancy,talk.politics.crypto
Subject: Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don't let
him in ..."
Date: Tue, 25 Apr 2000 00:01:19 +0100
In article <[EMAIL PROTECTED]>, Philip Baker
<[EMAIL PROTECTED]> writes
>
>Obtained by whom, and in what circumstances?
Sorry to post two follow-ups, but here is an extract from the URL I
posted in my other message http://www.stand.org.uk
<EXTRACT>
"Communications data", in this Bill, is traffic data. What oversight is
placed on its collection by the government?
When can traffic data be obtained?
21. (2) (2) It is necessary on grounds falling within this subsection
to obtain communications data if it is necessary-
(a) in the interests of national security;
(b) for the purpose of preventing or detecting crime or of preventing
disorder;
(c) in the interests of the economic well-being of the United Kingdom;
(d) in the interests of public safety;
(e) for the purpose of protecting public health;
(f) for the purpose of assessing or collecting any tax, duty, levy or
other imposition, contribution or charge payable to a government
department;
(g) for the purpose, in an emergency, of preventing death or injury or
any damage to a person's physical or mental health, or of mitigating any
injury or damage to a person's physical or mental health; or
(h) for any purpose (not falling within paragraphs (a) to (g)) which is
specified for the purposes of this subsection by an order made by the
Secretary of State.
In other words, almost any reason, or any suspected crime, is
sufficient.
Who can obtain authorisation for obtaining traffic data? Any member of
the following:
24. (1) In this Chapter- ... "relevant public authority" means (subject
to subsection (4)) any of the following-
(a) a police force;
(b) the National Criminal Intelligence Service;
(c) the National Crime Squad;
(d) the Commissioners of Customs and Excise and their department;
(e) any of the intelligence services;
(f) any such public authority not falling within paragraphs (a) to (e)
as may be specified for the purposes of this subsection by an order made
by the Secretary of State.
--
Russell Horn
This edition of my .sig has been shortened due to industrial inaction.
Normal service will be resumed as soon as possible.
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: The Illusion of Security
Date: Mon, 24 Apr 2000 23:22:24 GMT
Jerry Coffin wrote:
****************
> Why should I trust
> I trust a cipher for 6 days but not 8? Maybe the correct number is
> really 3 days...or maybe it's really closer to a millisecond of using
> a network card (or whatever) that does bulk encryption on all traffic
> it passes.
>
> --
> Later,
> Jerry.
>
> The universe is a figment of its own imagination.
*****************
And you are absolutely correct, the sooner you switch to another
cipher and key, the lesser amount of encrypted text will your
opponent have to analyze... In transmitting a new copyrighted
movie over a satellite link I would change ciphers and keys about
10-100 times per session. Otherwise you are inviting pirates and
risking millions :)!
Best wishes BNK
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: web - prng
Reply-To: [EMAIL PROTECTED]
Date: Mon, 24 Apr 2000 23:14:40 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: The source is available from http://24.42.86.123/cgi-bin/rand.c
HTTP 500 - Internal server error...?
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: web - prng
Date: Mon, 24 Apr 2000 23:45:04 GMT
Tim Tyler wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> : The source is available from http://24.42.86.123/cgi-bin/rand.c
>
> HTTP 500 - Internal server error...?
> --
> __________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
> |im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
Yea my web daemon wants to open it, itself...I can email the source if
you want...
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://24.42.86.123/search.html, it's entirely free
and there are no advertisements.
------------------------------
From: [EMAIL PROTECTED] (R124c4u2)
Subject: Re: What does XOR Mean???!!!
Date: 24 Apr 2000 23:51:01 GMT
Wim Lewis writes:
>In article <[EMAIL PROTECTED]>,
>R124c4u2 <[EMAIL PROTECTED]> wrote:
>>Of all the possible boolean operators, xor is unique in that:
>>
>>c = p xor k
>> followed by
>>p = c xor k
>>
>>restores the plain text!
>
>Not true; the operation f(a,b) = (a and b) or (a nor b) has the same
>property.
>(It's the inverse of xor.) Just a little nitpick. For that matter,
>the operations f(a,b) = a, and f(a,b) = not a also have this property :-)
I guess your point is that one can usually figure out a complicated way to do
something simple. Since what I posted used a single operator. I agree with
that.
I wish people would quit doing that.
------------------------------
From: "David Fabian" <[EMAIL PROTECTED]>
Subject: Re: Need Large Integer Program
Date: Mon, 24 Apr 2000 19:20:04 -0500
Joseph Ashwood <[EMAIL PROTECTED]> wrote in message
news:OeAdNSjr$GA.321@cpmsnbbsa04...
> Check Miracl.
> http://indigo.ie/~mscott/
> I've found it far superior to MPI.
> Joe
Thanks for the lead, but I do not have a C compiler. I am just looking for a DLL that
can do integer arithmetic on 200-digit
numbers.
Dave Fabian
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Need Large Integer Program
Date: Tue, 25 Apr 2000 00:25:24 GMT
David Fabian wrote:
>
> Joseph Ashwood <[EMAIL PROTECTED]> wrote in message
>news:OeAdNSjr$GA.321@cpmsnbbsa04...
> > Check Miracl.
> > http://indigo.ie/~mscott/
> > I've found it far superior to MPI.
> > Joe
>
> Thanks for the lead, but I do not have a C compiler. I am just looking for a DLL
>that can do integer arithmetic on 200-digit
> numbers.
>
> Dave Fabian
How do you plan on using this dll?
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://24.42.86.123/search.html, it's entirely free
and there are no advertisements.
------------------------------
From: "David Fabian" <[EMAIL PROTECTED]>
Subject: Re: Need Large Integer Program
Date: Mon, 24 Apr 2000 19:34:13 -0500
Tom St Denis <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> David Fabian wrote:
> > Joseph Ashwood <[EMAIL PROTECTED]> wrote in message
>news:OeAdNSjr$GA.321@cpmsnbbsa04...
> > > Check Miracl.
> > > http://indigo.ie/~mscott/
> > > I've found it far superior to MPI.
> > > Joe
> >
> > Thanks for the lead, but I do not have a C compiler. I am just looking for a DLL
>that can do integer arithmetic on 200-digit
> > numbers.
> >
> > Dave Fabian
>
> How do you plan on using this dll?
I am running Microsoft Visual Basic v5.0 under Windows 95. It can call DLLs, but not
LIBs.
Dave Fabian
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: quantum computation FAQ?
Date: Tue, 25 Apr 2000 00:29:07 GMT
In article <[EMAIL PROTECTED]>,
Martin Veasey <[EMAIL PROTECTED]> wrote:
> "What is quantum computing" ... ?
>
Quantum computing is a concept which is currently being actively
explored by a number of theorists. Logic elements which accomplish
quantum computing would behave according to rules of quantum mechanics.
The critical difference is that such logic would operate with a
superposition of states, such that certain kinds of computations occur
in parallel. Algorithms which can take advantage of this parallelism
would make it possible to solve problems such as searching and factoring
in times which scale to polynomial rates, rather than requiring
exponentially longer times, as the size of the numbers grow.
Reported success in implementing physical quantum computers is modest,
at most, a few gates have been demonstrated. Some believe that quantum
computing is so important to code breaking that major government
institutions may have huge efforts underway with unreported results.
Note that IF one believes that quantum computing can be physically
realized in the near future, that fact needs to be reckoned in assessing
the strength of RSA encryption. What exactly does one mean when saying:
a number of a given size would require three years to factor?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Need Large Integer Program
Date: Tue, 25 Apr 2000 00:56:05 GMT
David Fabian wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> > David Fabian wrote:
> > > Joseph Ashwood <[EMAIL PROTECTED]> wrote in message
>news:OeAdNSjr$GA.321@cpmsnbbsa04...
> > > > Check Miracl.
> > > > http://indigo.ie/~mscott/
> > > > I've found it far superior to MPI.
> > > > Joe
> > >
> > > Thanks for the lead, but I do not have a C compiler. I am just looking for a
>DLL that can do integer arithmetic on 200-digit
> > > numbers.
> > >
> > > Dave Fabian
> >
> > How do you plan on using this dll?
>
> I am running Microsoft Visual Basic v5.0 under Windows 95. It can call DLLs, but
>not LIBs.
>
> Dave Fabian
Hmm... well good luck.
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://24.42.86.123/search.html, it's entirely free
and there are no advertisements.
------------------------------
From: "Leo Sgouros" <[EMAIL PROTECTED]>
Subject: Re: quantum computation FAQ?
Date: Tue, 25 Apr 2000 00:59:25 GMT
<[EMAIL PROTECTED]> wrote in message
news:8e2osb$nem$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>,
> Martin Veasey <[EMAIL PROTECTED]> wrote:
> > "What is quantum computing" ... ?
> >
> Quantum computing is a concept which is currently being actively
> explored by a number of theorists. Logic elements which accomplish
> quantum computing would behave according to rules of quantum mechanics.
> The critical difference is that such logic would operate with a
> superposition of states, such that certain kinds of computations occur
> in parallel. Algorithms which can take advantage of this parallelism
> would make it possible to solve problems such as searching and factoring
> in times which scale to polynomial rates, rather than requiring
> exponentially longer times, as the size of the numbers grow.
>
> Reported success in implementing physical quantum computers is modest,
> at most, a few gates have been demonstrated. Some believe that quantum
> computing is so important to code breaking that major government
> institutions may have huge efforts underway with unreported results.
>
> Note that IF one believes that quantum computing can be physically
> realized in the near future, that fact needs to be reckoned in assessing
> the strength of RSA encryption. What exactly does one mean when saying:
> a number of a given size would require three years to factor?
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
You are talking about operating at "relatavistic" speeds, where it wont take
trillions of years to run all combinations at all.
/mu/A/A photon should "naturally" be able to decrypt anything, as it will
have analyzed every possible state within seconds-at least the state of
everything in its 186,xxx miles per second pathway, per second.
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: distributed factorisation using pollard rho method
Date: 25 Apr 2000 01:00:07 GMT
In article <8e1kgd$h6f$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
>In article <8e19vi$6b3$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
>> I have made a little java program that uses Pollard's Rho method for
>> factoring integers. This is not hard, but I would now like to make it
>> into a distributed application, to speed up the factorisation (ok, and
>> mostly just for fun! :)).
>>
>> Any thoghts on how this can be done easily ?
>
>It can't. At least if one is using either Floyd's or Brent's cycle
>finding algorithm.
>
>Use Pollard Lambda instead.
>
>Note: If the factor is sufficiently large that a distributed version
>would speed things up, then you are using the wrong algorithm. Switch
>to ECM.
>
>
>--
>Bob Silverman
>"You can lead a horse's ass to knowledge, but you can't make him think"
>
I agree with Bob... But if you still want to distribute your Pollard
rho, you should read the paper:
"Parallel Collision Search with Cryptanalytic Applications"
by van Oorschot and Wiener. This is a very easy to read paper.
Scott
------------------------------
Subject: Re: Need Large Integer Program
From: lordcow77 <[EMAIL PROTECTED]>
Date: Mon, 24 Apr 2000 18:44:57 -0700
In article <Hn6N4.213$G7.50070@news-
east.usenetserver.com>, "David Fabian" <[EMAIL PROTECTED]> wrote:
>
>Thanks for the lead, but I do not have a C compiler. I am just
looking for a DLL that can do integer arithmetic on 200-digit
>numbers.
>
>Dave Fabian
>
It would be possible for someone to compile a large integer
library for you, but you would need import libraries to tell you
the function offsets (or you could call by referenced ordinals).
I'm not sure that the DLL that someone else compiles would be
neccesarily usable without some tweaking. Generally, I would
suggest that you download cygwin32 (sourceware.cynus.com) or
mingw32, two very good Windows ports of the GCC compiler suite,
and compiler a large integer library yourself. At least you
would have the header files/calling conventions easily
accessible and you could make any neccesary custom modifications.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: quantum computation FAQ?
Date: 25 Apr 2000 02:59:59 GMT
[EMAIL PROTECTED] wrote:
> superposition of states, such that certain kinds of computations occur
> in parallel. Algorithms which can take advantage of this parallelism
> would make it possible to solve problems such as searching and factoring
> in times which scale to polynomial rates, rather than requiring
> exponentially longer times, as the size of the numbers grow.
There is a difference between searching and factoring.
Factoring can be done in polytime using Shor's algorithm.
Searching in the "generic" case, for which all we have is some oracle
which tells us "yes, that's it" or "no, that's not it" for a given
input, only has a quadratic speedup. It is not polynomial in the same
sense that Shor's algorithm is polynomial.
Also, for some reason I really hate the handwaving explanations that
reference "quantum parallelism." I think it's partially because I used
to spout something along those lines before I knew anything, and was
rightly made fun of for it. Not that I know enough to offer a substitute
now...
> the strength of RSA encryption. What exactly does one mean when saying:
> a number of a given size would require three years to factor?
When I say or write that, I generally assume the kind of computation
currently widespread -- bunches of PCs and a few supercomputers thrown
at the problem. I also assume the use of the General Number Field Sieve
with block Lanczos for the final elimination step. Plus I suppose I am
assuming that quantum computers won't be a factor before then.
Thanks, -David
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Requested: update on aes contest
Date: Mon, 24 Apr 2000 21:10:46 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> Interoperability will require implementing more than one cipher, or
> always implementing a particular cipher.
As I've pointed out a number of times in the past, AES isn't about
ensuring interoperability. In any case, you need a LOT more than a
common algorithm before you even get CLOSE to ensuring
interoperability: you need to ensure a common algorithm for hashing
your pass phrases into keys, a common chaining mode, and so on. NONE
of these other issues is even mentioned in AES itself (nor should
they be, IMO) so AES by itself will NEVER be adequate to ensure any
degree of interoperability in any case.
> Cryptoanalytical resources aren't infinite. If three ciphers are
> chosen, each might receive only one third of the attention a single
> cipher would. (Or, more likely, there will be inequality of efforts.)
This, of course, is a good thing: it means there's less likelihood of
the cipher you use being broken before the information is useless
anyway.
> If an attacker learns something about any of the ciphers, your company
> isn't safe--because it likely uses two hundred different encryption
> products. You'd need to trust all ciphers, while attacker would gain
> useful information by being able to attack any of them.
Whereas if you choose only one cipher and it's broken, instead of
simply learning SOME useful information, he learns absoulutely
everything you're trying to protect.
If you have multiple ciphers, you can reduce your risk by
partitioning the information so breaking one cipher causes relatively
little damage. Better yet, the chances of any of the ciphers being
broken is divided by the number of ciphers involved.
In short, you're citing exactly the reasons there should be multiple
ciphers.
> > probably the majority of ciphers deployed while DES was current have
> > used other forms of encryption.
>
> Reason being, in your opinion, unsuitability of DES for certain
> applications?
Yes, to a large degree.
> A5 is weaker than DES. And the designers most likely knew it. There
> wasn't any technical reason for them to use such a sparse polynomial,
> for one thing.
The question isn't about A5's strength, but its fundamental design:
it wasn't anything like DES, because DES simply wouldn't have worked
in that situation, regardless of its strength.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
Subject: Re: new Echelon article
From: Diet NSA <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,alt.journalism.print,alt.journalism.newspapers
Date: Mon, 24 Apr 2000 20:23:45 -0700
In article <[EMAIL PROTECTED]>
, "Trevor L. Jackson, III" <
[EMAIL PROTECTED]> wrote:
>Legality has little or nothing to do with Justice, that's why
she wears a
>blindfold.
>
In reality, "justice" and "legality" are
relative concepts which have to be
considered within the appropriate
context. What may be illegal or unjust in
one country may not be such in another
country.
>> Try telling this to the Russian taxpayers.
>
>You mean you couldn't sell the benefits of the tax to the
beneficiaries?
Many benefits could potentially be
provided by a government if taxes are
raised further. However, people may not
want their taxes increased for very good
reasons, and would rather go without
these *potential* benefits.
Then
>why in hell should _anyone_ pay for something nobody wants?
>
Actually, there are honest Russian
citizens who want the FSB to help catch
the few bad apples who attempt to spread
rampant crime throughout the country. I
myself also want the FSB to help prevent
the bad guys from exporting crime, nukes,
etc. to other countries (including
America).
>OK, see Twain and Mencken. As tidbits to ignite your
imagination I offer "You
>can craft a law to do anything" -- a sitting legislator, and
"No man's purse is
>safe while the legislature is in session" -- Twain.
>
I counter with Twain: "Better to remain
silent and though a fool, then to speak up
and remove all doubt."
>Yeah, but why bother splitting hairs? Tyranny is tyranny
whether German,
>Russian, Chinese, or American.
>
We were discussing Russia, not these
other countries.
>> internet did not exist before the 20th
>> century.
>
>What's this? All ethical and moral principles started with the
Internet?
I never said this. You wrote that the
Revolutionary War was fought to support
the taxation of the internet. How could
the Revolutionaries have known about the
internet?
" V hfdt afogx nfvw ufo axb (o)(o) " - Gtnjv
====================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Mike Kent <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: The Illusion of Security
Date: Tue, 25 Apr 2000 03:30:33 GMT
Joseph Ashwood wrote:
>
> "Mike Kent" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Joseph Ashwood wrote:
> >
> > > ... There has been no proof of the randomness of
> anything,
> >
> > Just to get things clear ... what counts as random, and
> what
> > counts as proof?
>
> A mathematical/logic of randomness.
OK, I have to start from some place; what am I
allowed to assume? For instance, the standard
interpretation of why particle decay modes display
a half-life (that the probability of decay in a
given interval of time does not depend on history)
would seem to satisfy your requirement.
// Mike Kent
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Secure, but WAY more dificult to use than other equally
secure programs
Date: Mon, 24 Apr 2000 20:49:07 -0700
"David Formosa (aka ? the Platypus)" wrote:
>
> On Sun, 23 Apr 2000 06:24:05 -0700, Anthony Stephen Szopa
> <[EMAIL PROTECTED]> wrote:
>
> [...]
>
> >All a cracker needs to do is determine what processes are run and how
> >many times they are run and in what sequence they are run then the
> >cracker must guess the true random numbers the user inputs for each
> >process to duplicate the OTP files.
>
> Then it is possable to creeate a better then brute force crack for
> your system. All I do is list the nubers in order of how likely
> people are going to use them. People already have created such lists,
> and simply go threw it in order, I'll hit the correct decrytion faster
> then I would if I did a random search threw the text.
>
> --
> Please excuse my spelling as I suffer from agraphia. See
> http://dformosa.zeta.org.au/~dformosa/Spelling.html to find out more.
> Interested in drawing platypie for money? Email me.
If you say so.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Mon, 24 Apr 2000 20:51:39 -0700
"David Formosa (aka ? the Platypus)" wrote:
>
> On Mon, 24 Apr 2000 01:29:39 -0700, Anthony Stephen Szopa
> <[EMAIL PROTECTED]> wrote:
>
> [...]
>
> >If the OAP-L3 encryption software is used according to
> >recommendations there will be far too many true random number
> >inputs for you to even contemplate this approach.
>
> Isn't this a rather big assumtion? When cyphers are used in the field
> stupid things happen to them, for example the engma cypher was
> weekened substatualy by poor procedures regarding its use.
>
> --
> Please excuse my spelling as I suffer from agraphia. See
> http://dformosa.zeta.org.au/~dformosa/Spelling.html to find out more.
> Interested in drawing platypie for money? Email me.
If you say so.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Mon, 24 Apr 2000 20:55:33 -0700
[EMAIL PROTECTED] wrote:
>
> All Product ciphers based on DES and the Feistel Network can be broken
> without an Exhaustive Key Search.....
>
> The secret lies in the Non Linear F Function...This can be decomposed
> into Algebraic Linear Primitives...and the Key can be recovered
> relatively easily...The Backdoor Function...
>
> The illusion that the Strength of an Algorithm is in the Key length is
> just that...an illusion....with detailed knowlage of the algorithm,
> Algebraic decomposition is possible with no significant computing
> power requirements...
>
> This is the biggest disinformation in history...all Public
> Product Ciphers are week and vulnerable...
>
> Public Key systems based on Large Primes are also breakable without an
> exhaustive key search....
>
> It has been calculated that a 500 bit RSA key will take 20 seconds to
> break on a supercomputer......
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Go get 'em!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
