Cryptography-Digest Digest #631, Volume #11 Tue, 25 Apr 00 17:13:01 EDT
Contents:
Re: H. Riesel's book (Don Taylor)
Re: What does XOR Mean???!!! (R124c4u2)
Re: Multiple keys in any order? (David Hopwood)
Re: Yes, the U.S. government agent was correct ... I am indeed using the Internet in
public libraries ... actually I have also been in some of the poorest black
neighborhoods in Miami ... try it ... if have any strength .. Little Havana is OK ..
(Mike Andrews)
Re: factor large composite (Paul Schlyter)
Re: Regulation of Investigatory Powers Bill (Richard Heathfield)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (David Formosa (aka ? the
Platypus))
Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don ("Simon
Johnson")
Re: new Echelon article (Diet NSA)
Re: quantum computation FAQ? ([EMAIL PROTECTED])
Walsh Transform (Tom St Denis)
Re: factor large composite (Tom St Denis)
Re: new Echelon article (Diet NSA)
Re: papers on stream ciphers (Tom St Denis)
Re: $100 Code Challenge - I BROKE the code!!!!! Here's the plaintext as proof
("Simon Johnson")
Re: factor large composite ("Joseph Ashwood")
Re: new Echelon article (Diet NSA)
Re: Can a password be to long? (Anton Stiglic)
Re: factor large composite (Quisquater)
----------------------------------------------------------------------------
From: Don Taylor <[EMAIL PROTECTED]>
Subject: Re: H. Riesel's book
Crossposted-To: sci.math
Date: 25 Apr 2000 13:55:07 -0500
Jim Gillogly wrote:
>JCA wrote:
>> Does anybody know why B&N are selling Riesel's "Prime Numbers and
>> Computer Methods for Factorization" so cheap? It seems to be exactly the
>> same edition and binding as the one that goes for almos $70 in B&N
>> itself and elsewhere.
>>
>> Are there perhaps some subtle differences I am not aware of?
>
> I just got my copy from Barnes & Noble. It's the 2nd edition, Birkhauser
> Boston 1994, hardbound with green and white cover. It appears to be the
> Real Thing. It has a "Special Value - $14.99" sticker on the front. I'd
>> guess they were overstocked, but who knows.
Actually, they have the second edition of Prime Number Records,
ALSO for $14.99. And if you enter the discount code C3S6GHG
in the box when you have collected up more than $25 worth of
books then they will give you an EXTRA $10 discount on your order.
But the surface postage within the country will cost you $3+$1/book.
And they were selling, I haven't checked if they have any left now,
copies of Forman Acton's "Real Computing Made Real, Preventing Errors
in Scientific and Engineering Calculations" for $9.99. A marvelous
little book to break your heart over roundoff errors, and then at least
try to help you piece it back together. A steal at the price!
There are a startling number of rather serious books in their bargain
section if you look through the whole list. However some of them are
"mis-shelved" and end up in rather odd places in the bargain pages.
They did have a few copies of Week's wonderful little "The Shape of Space"
but those appear to have disappeared, at $3.99 each! before I found this.
If anyone stumbles across any other little gems I would love to hear
about it. And I will attempt to reciprocate.
thanks
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: [EMAIL PROTECTED] (R124c4u2)
Subject: Re: What does XOR Mean???!!!
Date: 25 Apr 2000 19:02:28 GMT
Douglas A. Gwyn writes:
>Actually, you made a categorical claim that was incorrect.
>Whether or not "a single operator" is involved depends on
>what operators you have at your disposal, Boolean logic
>can be conducted entirely in terms of a single binary
>operator (two choices, these days usually called NAND and
>NOR) or a selection of binary operators (and usually the
>unary NOT operator). The usual name for the operator
>spelled out by Wim Lewis is EQV ("equivalence"):
> A B A.EQV.B
> 0 0 1
> 0 1 0
> 1 0 0
> 1 1 1
>It is no more complicated than XOR.
You're right. This, which is in some sense the complement of xor, will also
work.
Here is what I should have said in my initial post:
Of all the possible boolean operators available to a computer programmer, xor
is unique in that: blah, blah, blah.
------------------------------
Date: Tue, 25 Apr 2000 20:05:03 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Multiple keys in any order?
=====BEGIN PGP SIGNED MESSAGE=====
Evin Robertson wrote:
>
> I need an encryption algorithm which allows a message to be encrypted
> with multiple keys and then decrypted by those keys in any order.
encode_K(plaintext, ...) = (plaintext XOR R, ..., E_K(R))
where R is a random one-time pad as long as the plaintext.
E.g. for two keys:
encode_K1(plaintext) = (plaintext XOR R1, E_K1(R1))
encode_K2(encode_K1(plaintext)) =
(plaintext XOR R1 XOR R2, E_K2(R1), E_K2(R2))
This scheme is provably as secure as the cipher E, assuming that the
random pads are independent and uniformly distributed. Note that it
requires that the person decrypting the message knows at what point the
key that they have was originally applied. To remove that restriction,
you could include some redundancy with Ri when encrypting it with E_Ki
(e.g. use E_Ki(Ri | H(Ri)) where H is a hash function). Then the
decryptor will know when (s)he has decrypted the right Ri value.
However, the above scheme has the disadvantage that the length of the
ciphertext is equal to the length of the plaintext times the number of
keys used plus one (for your card game application that's not important,
but I'll answer the question more generally).
It is possible to get around this by using an additive stream cipher
instead of a one-time-pad:
encode_K(plaintext, ...) = (plaintext XOR S_H(K, salt), ..., salt)
where S_H(K, salt) is the keystream generated using a key K that is
hashed with a random salt.
E.g. for two keys:
encode_K2(encode_K1(plaintext)) =
(plaintext XOR S_H(K1, salt1) XOR S_H(K2, salt2), salt1, salt2)
Note that using a single salt chosen by the first encryptor would not
be secure for some applications, because it would be possible for an
active attacker to manipulate the intermediate ciphertext, in order to
force the second encryptor to encrypt two messages with the same salt.
[...]
> Are there any good encryption algorithms which do this? Is there an
> established name for this type of system which I could look up for
> discussion on it?
This is sometimes called commutative encryption (e.g. see Applied
Cryptography section 22.3).
> One application of this encryption algorithm would be as follows:
>
> Alice shuffles a deck of cards, and encrypts the name of each card
> with her key. Thus she has encodeA("5 spades"), encodeA("4 hearts"),
> encodeA("Q diamonds")...
You need to be careful that the encodings of the cards are all the
same length.
> She sends these encrypted cards in her shuffled order to Bob.
>
> Bob shuffles the order of the messages he got from Alice and encrypts
> them with his key. So he has encodeB(encodeA("5 spades")),
> encodeB(encodeA("Q diamonds"))... But he doesn't know that the first
> card is the 5 of spades since he doesn't know Alice's key.
>
> Now the deck is shuffled by both players and they need to deal out
> cards, so Alice needs a card first. Bob decrypts the first card in
> his deck, and sends it to Alice. Alice decrypts the card she got from
> Bob and now knows that she has the 5 of spades =
> decodeA(decodeB(encodeB(encodeA("5 spades")))). Now Bob needs a card,
> so he gives encodeB(encodeA("Q diamonds")) to Alice, who runs decodeA
> on the result, and gives it back to Bob, who can then do decodeB on
> it, getting Q diamonds = decodeB(decodeA(encodeB(encodeA("Q diamonds")))).
Unfortunately, there is a problem here when using the schemes described
above (demonstrating that it doesn't work for just any commutative cipher).
encodeB(encodeA("Q diamonds")) will include the encrypted OTP that Alice
used for "Q diamonds", which she can recognise. So, Alice will be able to
work out Bob's hand.
There may be other commutative ciphers that will work, but I think you
need to specify the requirement on the cipher more precisely. In
particular, it's not sufficient for it to hide information about the
original plaintext; it must also be impossible to "mark" a ciphertext
so that when it is encrypted for the second time, the mark can be
recognised.
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOQUOxjkCAxeYt5gVAQHqdAgAkndhjU5HFeIOeH1Dwa9KMwDaQGuYnWQT
z1fHPUd60FRHFjoptNxxd4ThgbLRBFowyW8tpWDQ/htwxDb6+FyQ8daW0TVElF5D
g0AHnPkyGluuzLGaGOR/jesZTz2AYOnunGRciQMTbOlb5jgor9GmOZaQ64/3QRfM
OofMp2HzlE0Smv/sPo2CUDERsbWBoBobM7sWlb9dw1j4LUrYVqCUEGdzgbbO7IzT
zqKiHizmxYazUNKDUb2i7zJjQfZM4lGDKfDfZviI0pYSaLn9j3logTzK1OnH/mAt
vki+JMcvx6Nfl0IRcercU7wBJ1xFaeZQbzHDS6Sn75x0QS0RjWinJA==
=7CBM
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Mike Andrews)
Subject: Re: Yes, the U.S. government agent was correct ... I am indeed using the
Internet in public libraries ... actually I have also been in some of the poorest
black neighborhoods in Miami ... try it ... if have any strength .. Little Havana is
OK ..
Date: Tue, 25 Apr 2000 19:13:47 GMT
In sci.crypt [EMAIL PROTECTED] wrote:
[snip ramblings worthy of St. Elizabeth's Hospital]
: Ambassador Markku J. Saarelainen
How the Hell did _you_ get out of my killfile?
Ah, yes:
#####
group=*
type=0
case=0
score=kill
from=*[EMAIL PROTECTED]*
#####
All better now. Followups set to soc.support.depression.misc,
where you might get some pointers to help. Please take them.
*plonk*
--
"This system operates under martial law. The constitution is suspended. You
have no rights except as declared by the area commander. Violators will be
shot. Repeat violators will be repeatedly shot...." -from "A_W_O_L"
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: factor large composite
Date: 25 Apr 2000 19:35:14 +0200
In article <yLjN4.58281$[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]> wrote:
>David Blackman <[EMAIL PROTECTED]> wrote:
>> None of these methods have any hope of factorising a 2048 bit number at
>> all on current hardware, except maybe elliptic curve might fluke a
>> solution if you get incredibly lucky.
>
>ECM isn't going to fluke a solution either with the size curve you'd
>need, I shiver just thinking about it. ;) I do wonder about the fluke
>method alot though.
>
>Talking just about 2048 bit RSA keys now, we know that it has two
>factors. That means they're both smaller than the square root
>(obviously),
No -- only one of them is smaller than the square root of the modulus.
>about the same size (because it's an RSA key), and
>sufficiently big enough that the two of them mulitplied together
>produce a number 2048 bits long (duh).
>
>My questions are:
>
>1. Assuming we skip the primality test (icky, expensive) and just do
>trial divisions of numbers in the search space at random, how many
>potshots are we looking at here?
>
>2. On current hardware, what's a reasonable guesstimate to the amount
>of divisions you could do in a given time?
>
>3. Based on the above, how many of these machines would I need to have
>guessing to see a reasonable probability of hitting the factor in my
>lifetime?
>
>My gut tells me the state lottery is a much better bet, I'm just
>curious how much better.
>
>--
>Matt Gauthier <[EMAIL PROTECTED]>
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
Date: Tue, 25 Apr 2000 20:23:00 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Crossposted-To: alt.security.scramdisk,alt.computer.security
Subject: Re: Regulation of Investigatory Powers Bill
Scotty wrote:
>
> >>> How would the Bill cope with occasions where you do not have the key,
> >>> and have never had the key?
> >>>
> >>> For example...
> >>>
> >>> Bob lives in UK and wishes to store an encrypted file on his computer.
> >>> Papinski lives in the Ukraine and provides public and private keys.
> >>>
> >>> Papinski sends Bob only the public key, which Bob uses to encrypt the
> >>> file. For Bob to decrypt the file, he must request the private key
> >>> from Papinski. Papinski will not supply the key to anyone apart from
> >>> Bob, and will not supply it to Bob if the police are involved.
> >>
> >>But Bob is forbidden to tell Papinski that the police are involved.
> >
> >Who by? You're free to tell anyone that you are under investigation by
> >the police etc.
> >
>
> No not in this case, you are forbidden under penalty of 5 years imprisonment
> if you tell anyone except you lawyer.
What if Papinski is Bob's lawyer? In other words, if your data is
encrypted using a public key, and your lawyer holds the private key,
then only your lawyer can decrypt the data, and you are free to tell him
whether you are under investigation, under which circumstance he is
presumably entitled to withhold the key as part of the lawyer/client
confidentiality deal.
And what if /nobody/ has the key? For example, what if a key is
established entirely by two computers, using Hellman's N=Y^X MOD P
thing, without the detailed knowledge of the key being made available to
human beings? It shouldn't be too difficult for the bright lads of this
newsgroup (and by God I bet they're here if they're anywhere) to work up
some protocol which allowed computers to keep the key secret during a
police investigation by simply not telling /anyone/ what it is. It
would, presumably, be acceptable to tell your *computer* that you're
under investigation by the police, since a computer is not a person.
Furthermore, I don't suppose there's any way of arresting a computer. It
could be confiscated, of course, but what good will that do?
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
34 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (63
to go)
------------------------------
From: [EMAIL PROTECTED] (David Formosa (aka ? the Platypus))
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: 25 Apr 2000 19:41:21 GMT
Reply-To: dformosa@[202.7.69.25]
On Mon, 24 Apr 2000 20:51:39 -0700, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote:
>"David Formosa (aka ? the Platypus)" wrote:
[...]
>> Isn't this a rather big assumtion? When cyphers are used in the field
>> stupid things happen to them, for example the engma cypher was
>> weekened substatualy by poor procedures regarding its use.
>If you say so.
If I say so? Its a mattor of historical record.
--
Please excuse my spelling as I suffer from agraphia. See
http://dformosa.zeta.org.au/~dformosa/Spelling.html to find out more.
Interested in drawing platypie for money? Email me.
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don
Date: Tue, 25 Apr 2000 18:40:13 -0700
============================
The Story Continues
============================
Alice: So you want my Keys?
Inspector: Yes, or you got to jail.
Alice gives the inspector the _wrong_ keys, the Inspector decrypts the
file:
Inspector: You're file consists of nothing but rubish? Are you sure you have
supplied the correct key?
The inspector get the hand-cuffs from his belt and prepares to put them on
Alice.
Alice: Yes, I was sending a OTP to my friend, though we havn't used it yet.
The inspector now has no-way of telling the wether Alice is telling the
truth, or than brute-force, section 46 is now rendered useless :)
===========END OF MESSAGE==========
Hi! I'm a signature virus! Copy me into your signature file to help me
spread!
------------------------------
Subject: Re: new Echelon article
From: Diet NSA <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,alt.journalism.print,alt.journalism.newspapers
Date: Tue, 25 Apr 2000 13:03:54 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (wtshaw) wrote:
>>
>The blindfold represents impartiality, and has everything to do
with
>justice, where "show me the money" should have no place.
Justice is the
>property that is mandated to be available to all of us,
regardless of
>station. Something that is "legal" but unjust should not pass
the hurdle
>of the courts, whose main duty is fairness. Truth and Justice
exist as the
>Law only when it is fair; that is the American Way.
>
I agree with this *in principle*, but, meanwhile, we have to make
do here in the real world where "show me the money" has a very
big place.
" V hfdt afogx nfvw ufo axb (o)(o) " - Gtnjv
====================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: quantum computation FAQ?
Date: Tue, 25 Apr 2000 20:04:11 GMT
On Tue, 25 Apr 2000 11:38:27 -0700, Diet NSA <[EMAIL PROTECTED]>
wrote:
>In article <8e42d8$82$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>wrote:
>
>>The critical difference is that such logic would operate with a
>>superposition of states, through a quantum phenomenon called
>>entanglement,
>
>
>Quantum superpositions & parallelism are needed for effective
>quantum computation (QC), but entanglement may not always be
>needed. For instance, entanglement is required for Shor's
>algorithm but not for Grover's. See "Science" magazine vol. 287
>(Jan. 2000), pages 441 & 463. Or, see
>
>http://arxiv.org/abs/quant-ph/9903057
(a reference to the LANL article: Quantum search without entanglement
by Seth Lloyd)
Quoting from the abstract for that article:
Search without entanglement comes at a cost: although they outperform
analogous classical devices, the quantum devices that perform the search
are not universal quantum computers and require exponentially greater
overhead than a quantum computer that operates using entanglement.
>
>
>which allows logic elements to see their inputs in
>an
>>Everettian many-worlds kaleidescope,
>
>
>Neither does a many-worlds (or parallel universes)- type of
>interpretation have to be required for QC. See this paper
>entitled "A QC needs only one universe":
>
>http://arxiv.org/abs/quant-ph/0003084
>
Sorry, interpretations neither help nor hinder how a physical process
works, it only helps to understand it.
>>It would have been more accurate technically, but hardly more
>>comprehensible.
>
>
>Actually, your previous post was more technically accurate and it
>did not say anything that was incorrect.
Thanks, I was hoping that both might be useful--one for the
computerspeak version and the other for the physicspeak version.
You can decide which goes with which.
Web
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Walsh Transform
Date: Tue, 25 Apr 2000 20:10:01 GMT
In (http://24.42.86.123/sboxgen.c) I have code to randomly make n by n
sboxes (power of two) and test for linearnity using the Walsh Transform
however I think my code is a bit flawed...This is what I do...
w = 2^n - 1 (size of sbox)
for alpha = 0 to w
for beta = 0 to w
output WT(F, alpha, beta)
newline
So that I get a nice pretty square table...
Then my WT is coded like so
WT(F, alpha, beta)
{
sum = 0
for x = 0 to w
sum = sum + (-1)^((alpha . x) * (beta . F[x]))
return sum
}
(where '.' denotes the binary vector dot product... i.e AND them
together and get the parity).
Generally for a random 4x4 sboxes I get a screen full of values of -4 to
4, but I can't make heads or tails of it. am I doing it right?
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://24.42.86.123/search.html, it's entirely free
and there are no advertisements.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Date: Tue, 25 Apr 2000 20:15:27 GMT
[EMAIL PROTECTED] wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> > They are not both smaller then the square root. Take 7 * 11 = 77,
> > |sqrt(77)| = 8.77...
>
> Ugh. You're, of course, correct.
>
> --
> Matt Gauthier <[EMAIL PROTECTED]>
Once in a while I am right, it happens...
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://24.42.86.123/search.html, it's entirely free
and there are no advertisements.
------------------------------
Subject: Re: new Echelon article
From: Diet NSA <[EMAIL PROTECTED]>
Date: Tue, 25 Apr 2000 13:13:30 -0700
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
>Diet NSA wrote:
>> ... In addition, there is highway
>> maintenance, funding for basic scientific
>> research, etc.
>
>The argument has been made that such areas would actually
>have reached a better state by now if there had not been
>governmental involvement.
>
>
Who, other than the gov't, would be willing to assume the burden
of paying for a wide variety of scientific research which might
not have any obvious or immediate profit potential yet could,
nonetheless, provide future benefits to society? Only some of
this research is currently paid for by the private or non-profit
sectors.
" V hfdt afogx nfvw ufo axb (o)(o) " - Gtnjv
====================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: papers on stream ciphers
Date: Tue, 25 Apr 2000 20:16:17 GMT
"Douglas A. Gwyn" wrote:
>
> Tom St Denis wrote:
> > Because if the stuff you xor against the plaintext is cryptographically
> > secure, then the ciphertext is essentially random. So why use anything
> > else?
>
> Because if you happen to have a lengthy known plaintext, you can
> recover such a long stretch of "clean" intermediate key that it
> would take an incredibly resistant generation algorithm to
> withstand determined cryptanalytic attack. With a considerably
> less complex algorithm that incorporates the plaintext into its
> operation, a generalization of autokey (q.v.), such an attack
> is not possible.
Not really I could make a scheme that can give you a gb of key stream
and you still couldn't guess the next bit easily.
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://24.42.86.123/search.html, it's entirely free
and there are no advertisements.
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: $100 Code Challenge - I BROKE the code!!!!! Here's the plaintext as proof
Date: Tue, 25 Apr 2000 19:19:54 -0700
Christ, he made an honest mistake!
Simon
--
Hi! I'm a signature virus! Copy me into your signature file to help me
spread!
mindlag <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Funny, I got that exact same message when I decrypted it. I
> want my one hundred dollars.
>
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network
*
> The fastest and easiest way to search and participate in Usenet - Free!
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Date: Tue, 25 Apr 2000 13:12:57 -0700
Just my own stab in the dark at the answers (since we really
aren't completely sure).
> factors. That means they're both smaller than the square
root
Just as everyone else has said, I am required to state that
one must be larger, if one is smaller.
> 1. Assuming we skip the primality test (icky, expensive)
and just do
> trial divisions of numbers in the search space at random,
how many
> potshots are we looking at here?
It depends on how you generate your trial numbers. If you
find some cheap way to generate a stream of mostly primes,
you're looking at all 1024 bit primes, or approximately
10^310 values, given the birthday paradox, it should take
approximately 10^155 tests.
>
> 2. On current hardware, what's a reasonable guesstimate to
the amount
> of divisions you could do in a given time?
Let's assume an absurdly high number for this, and say 10^10
(you don't even get that many clock cycles)
>
> 3. Based on the above, how many of these machines would I
need to have
> guessing to see a reasonable probability of hitting the
factor in my
> lifetime?
10^145.
See the other people's comments on the best speeds.
>
> My gut tells me the state lottery is a much better bet,
I'm just
> curious how much better.
For the money you'd have to invest you could gaurentee
winning the lottery, in fact there has been at least one
paper on winning the lottery based on much fewer than 10^145
dollars.
Joe
------------------------------
Subject: Re: new Echelon article
From: Diet NSA <[EMAIL PROTECTED]>
Date: Tue, 25 Apr 2000 13:21:06 -0700
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
>Diet NSA wrote:
>> Don't tell me- let me guess. This aroma is
>> a stinky one and you have some ingenious
>> proposal for how modern society can
>> function without taxation.
>
>It probably could, if government were trimmed back to the level
>it was before we *had* a federal income tax (and assuming a few
>other remedies for social problems caused by decades of Big
>Brotherism).
>
In the near or intermediate future, society cannot function
without taxation. Maybe, in a more distant future, there
will be some alternative.
" V hfdt afogx nfvw ufo axb (o)(o) " - Gtnjv
====================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Can a password be to long?
Date: Tue, 25 Apr 2000 16:39:19 -0400
Runu Knips wrote:
> John wrote:
> > I know passwords can be to shrot, but I recall reading
> > somewhere, a long time ago, about being to long. Is this true.
>From a client usability prospective, that is certainly true. You can't
really rely on a user remembering more than a 10 character password
(especially if the characters are chosen from a large set, and the
password is secure (not just a word in the dictionary for example).
I really do believe that the best thing is to use password stretching,
as described in Schneier and al.'s article. You pass your initial,
short
(say 7-10 characters) password through an expansion function that
outputs
an N bit string. The function has to
take a long time to execute (thus preventing an attacker from brute
forcing the password set of 7-10 characters) and it's image has
to be indistinguishable from the set of all N bit strings (so as to
prevent an attacker from taking any short cuts).
You take N to be, say, 160 bits, like in the paper.
Anton
------------------------------
From: Quisquater <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Date: Tue, 25 Apr 2000 23:04:37 +0200
See
http://www.cryptosavvy.com/table.htm
for an answer (I didn't completely agree with these conclusions but
the results are mostly correct).
========
Université de Louvain
UCL Crypto Group
see http://www.dice.ucl.ac.be/crypto
tél. 32.10.47.25.41 (connected to my voicebox and cellular phone)
fax: 32.2.358.55.83 (only for me)
SMS: send an email (only the subject will be transmitted) to
[EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
