Cryptography-Digest Digest #670, Volume #11      Sun, 30 Apr 00 11:13:01 EDT

Contents:
  Re: Janet and John learn about bits (was Re: Problems with OAP-L3) (Tom St Denis)
  Re: Janet and John learn about bits (was Re: Problems with OAP-L3) (Tom St Denis)
  Re: OAP-L3: Semester 1 / Class #1 All are invited. (Tom St Denis)
  Re: - Bestcrypt and ATA-66 enabled m/b - Anyone get these working without 
conflicts/BSOD? ("ronnie bonnie")
  Re: How would a 15 year old start? (Andy Dingley)
  Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on    the net" 
(Dave J)
  Re: Mathmatical concepts (John Bailey)
  Re: base #- digit # ([EMAIL PROTECTED])
  Re: Janet and John learn about bits (was Re: Problems with OAP-L3) (David Blackman)
  40 Cryptography books reviewed (David Youd)
  Re: new Echelon article ("Trevor L. Jackson, III")
  Re: How would a 15 year old start? (David A Molnar)
  Re: Janet and John learn about bits (was Re: Problems with OAP-L3) ("Trevor L. 
Jackson, III")

----------------------------------------------------------------------------

From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Janet and John learn about bits (was Re: Problems with OAP-L3)
Date: Sun, 30 Apr 2000 13:13:26 GMT



Anthony Stephen Szopa wrote:
> You say writing encryption software is easy.  You've done it?  Just
> do this and just do that?
> 
> Who wants just "adequate" or "okay" encryption software?  We've got
> plenty of that already.
> 
> The gold medal goes to creating unbreakable encryption...  And
> creating it first.
> 
> I claim to have created unbreakable encryption software.  And I
> can provide anyone with the software to see for themselves.  The
> Help Files describe OAP-L3, and the Theory and Processes Help Files
> prove my claim.

You have yet to prove it's totally secure, just saying "it's
unbreakable" isn't enough.

Tom

------------------------------

From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Janet and John learn about bits (was Re: Problems with OAP-L3)
Date: Sun, 30 Apr 2000 13:14:58 GMT



Mark Wooding wrote:
> 
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> 
> > I am talking about using MD2 to hash the password+salt so you don't
> > actually see the output ever.
> 
> Ahh.  I'd still use a good hash function, though.  And I'd also consider
> adding a MAC, just to protect against modifications.
> 
> -- [mdw]

Well if I am sending a zip file I encrypted then I need not add a MAC. 
The goal was to make a super small file encryption program (in C).  In
my program (I can show the source if you want, but it's not exactly ANSI
C) I used a variation of MD2 (cuz I didn't have a ref for it at the
time) and RC2-CBC.

Tom

------------------------------

From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Sun, 30 Apr 2000 13:15:55 GMT



Anthony Stephen Szopa wrote:
> 
> Tim Tyler wrote:
> >
> > In sci.crypt James Felling <[EMAIL PROTECTED]> wrote:
> >
> > : [...] No algorithim is bias free that is a fact of life.
> > : (Please review your information theory) -- all algorithims produce
> > : output with SOME bias -- the goal is to minimise this bias.  The fact
> > : that you claim "no bias" seems to me to indicate that you have a
> > : flawed understanding og the way that things work.
> >
> > "Bias" is a technical term with a definition that implies that it can
> > be rather easy to generate streams with *absolutely* no bias.
> >
> > Perhaps you should say what you mean by this term if your definition
> > differs - if, say, you're using it as something like a synonym for
> > "deviations from randomness".
> > --
> > __________  Lotus Artificial Life  http://alife.co.uk/  [EMAIL PROTECTED]
> >  |im |yler  The Mandala Centre   http://mandala.co.uk/  Be good, do good.
> 
> Even true random processes have significant bias over relatively
> short runs.  The longer the run the less the bias.  The bias may
> never disappear but it will most certainly shift.  The problem is
> identifying this bias.
> 
> OAP-L3 produces the same sort of output as a true random process
> once the key reaches sufficient length, this length being, in part,
> the point where brute force attack becomes infeasible.

That's awesome... no wait, any cryptographic prng shares this same
property... Oh well.

Tom

------------------------------

From: "ronnie bonnie" <[EMAIL PROTECTED]>
Subject: Re: - Bestcrypt and ATA-66 enabled m/b - Anyone get these working without 
conflicts/BSOD?
Date: Sun, 30 Apr 2000 11:55:56 +0200

Take a look at pgpdisk. It is in the pgp602 freeware package.

BTW. I am currently using bestcrypt on a ata66 board without any problems.

"Drewjen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I was wondering if anyone has been able to get BestCrypt encryption
software
> (http://www.jetico.sci.fi/) running on an ATA-66 enabled board.  On every
> Win98/ATA-66 enabled board I've tried, I get "Blue Screens Of
Death"(BSOD).  BC
> say's a "hook" has mistakenly been placed within the system which prevents
it
> from creating V-drives, or something to that effect.  It say's it thinks
"Magic
> Folders" is responsible, but I have no idea what that is and I'm sure it's
not
> installed on any of the cleanly installed Win98 setups, I've done.
Perhaps
> someone can recommend some strong encryption software that runs on
Win98/ATA-66
> enabled boards?  BC uses Blowfish in cipher block chaining mode and
GOST28147-89
> in cipher feedback mode and DES in cipher block chaining mode.  I'd like
> something at least as strong with a fast and easy interface.  TIA
>
> Regards,
>
> drewjen
>
> Please forgive me if this post is not quite on topic.  It's likely you'll
never
> see another OT post from me, so perhaps you can tolerate it this once.



------------------------------

From: Andy Dingley <[EMAIL PROTECTED]>
Subject: Re: How would a 15 year old start?
Date: Sun, 30 Apr 2000 14:31:09 +0100

>> >Buy Applied Cryptography By Bruce Schneier.
>> 
>> The guy's only 15 !    Read Cryptonomicon by Neal Stephenson first.

AppC is 700 pages of extremely dense content; much of it either code
or maths. It's not an easy read, by any standards, and you need a lot
of commitment to get through it.

If it has a drawback, it's that it's short on a _context_ for
cryptography (this is unavoidable, if it's not to be 7000 pages long).

The simple statement, "The German Enigma had 5 rotors", springs to
mind - if you're familiar with Enigma, you'll know how many rotors it
had, and what the difficulties were with this number changing from the
Polish machine to the naval machine. Entire books have been written on
this, and it's not unreasonable to say that the course of WW2 was
affected by it. AppC just doesn't have the space to go into such
fascinating history, but that is the sort of reason _why_ we care
about crypto. If you don't know some of the background from outside
sources, then AppC is going to be an awfully dry read.

Can a 15 or 17 year old understand AppC ?  Obviously it depends on the
person. Certainly I know a couple of vat-grown ubergeeks who have
already memorised similar texts at that age, but these are people who
are obsessive about maths, crypto or code. If you are obsessive enough
to understand it, then I doubt very much if you'll have yet had enough
time in your life to catch up on the background history to it as well.

It's also a $50 book.  When I was 15, that was a whole pile of money.


Cryptonomicon is an excellent book. It's visionary, it's historical,
it's technical and it's certainly a level above Gibson's "They had
hugely powerful cryptography, but my mirrorshades were more
fashionable so I win, yah boo sucks." writing.

--
<xsl:template match="fnord" />

------------------------------

From: Dave J <[EMAIL PROTECTED]>
Crossposted-To: 
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on    the 
net"
Date: Sun, 30 Apr 2000 15:04:07 +0100

On Sun, 30 Apr 2000 03:26:17 -0700, Hawke <[EMAIL PROTECTED]>
wrote:

>very interesting reading.
>I can see where this is starting to become a trend.
>What is with the governments of this planet these days?
>they cannot even trust their own citizens?????
>
>sorry for the massive cross-post reply.
>
>Hawke
>
>
>NoSpam wrote:
>
>
>http://www.sunday-times.co.uk/news/pages/sti/2000/04/30/stinwenws01034
>.html

Would someone who knows the score (legal and otherwise) tell me about
unseen problems with headerless encryption?
I believe the data part of a pgp file is indistinguishable from white
noise so if the software was altered a little to encrypt the header as
well the authorities couldn't tell the difference between your code and an
analogue recording of white noise..?
In my simple minded view I think that makes the legislation unworkable.
Ok, so they can do you for not providing a key even if you don't have it
but can they do you for a bunch of random numbers that isn't even
demonstrably encrypted?

I am currently learning C, partly with an eye to borrowing the PGP source
code and altering the header generation. I am *sure* there must be snags I
haven't thought of but as I'm usually taken as the local nutter I can't
get a sensible reply..

Anyone?

Dave J.

------------------------------

From: [EMAIL PROTECTED] (John Bailey)
Subject: Re: Mathmatical concepts
Date: Sun, 30 Apr 2000 14:11:21 GMT

On Sat, 29 Apr 2000 23:35:54 -0500, Ryan Senior
<[EMAIL PROTECTED]> wrote:

>If one were to comprise a short list of mathmatical concepts that if one
>were to grasp, would greatly enhance his ability to do cryptography?
>Right now I am in my second semester of calculus and have access to a
>few math teachers that i know would be willing to help me with a few
>things, if i know what they were, because i am pretty interested in
>creating cryptographic algorhythms.
>thanks
A good place to start is to look at the headings of the articles in
Schneier's book Applied Cryptography,  Chapter 9 titled Mathematical
Background.  The headings are:
1) Information Theory including entropy, information rate, unicity
distance
2) Compexity Theory addressing complexity classes of algorithms, eg NP
complete.
3) Number Theory mainly  modular arithmetic including primes,
factoring, discrete logs, Eulers theorem, Chinese Remainder Theorem,
Jacobi symbols, Blum Intergers, irreducible polynomials.

------------------------------

From: [EMAIL PROTECTED]
Subject: Re: base #- digit #
Date: Sun, 30 Apr 2000 14:33:52 GMT

In article <8e7stn$ddf$[EMAIL PROTECTED]>,
  "Holger Weiß" <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote in <8e7eo7$mjo$[EMAIL PROTECTED]>...
> |
> |What is the relation between digit # & # of bases ?
> |
>
> I'm not sure if I understood your question, but I think wha you
> want to know is:
>
> N2 = ln (B1) / ln (B2) * N1
>
> where
> B1, B2 : bases of N1, N2
>      B1^N1 = B2^N2
>
> This means:
> A (binary) key of 2048 bits is equivalent to a decimal key with
> ln (2) / ln (10) * 2048
> digits.
>
> Holger
>
>

well, with bases i mean
the number of tests - number of base numbers used in miller-rabin or
lehmann test ....

in the previous letters, it is claimed that number of base 50 is enough
(?!?)

I ask "Doesn't it depend on number of digits (of the number tested)?

I hope it is clear now.

thanks  ... :)


Sent via Deja.com http://www.deja.com/
Before you buy.

------------------------------

From: David Blackman <[EMAIL PROTECTED]>
Subject: Re: Janet and John learn about bits (was Re: Problems with OAP-L3)
Date: Mon, 01 May 2000 00:46:30 +1000

Anthony Stephen Szopa wrote:

> You say writing encryption software is easy.  You've done it?  Just
> do this and just do that?

I've done it. It was easy. Tom (who you were replying to) has also done
it. (Writing encryption software to the best professional standards is
difficult, but writing stuff that is better than yours is easy.)

> 
> Who wants just "adequate" or "okay" encryption software?  We've got
> plenty of that already.

And even some "very good" encryption software.

> The gold medal goes to creating unbreakable encryption...  And
> creating it first.

I guess so.

> I claim to have created unbreakable encryption software.

Do you claim that all the others haven't? Please show us how you can
break 3DES, Blowfish, IDEA, RC5 and if that was too easy, try Twofish
and Serpent. If you can't break them, they are unbreakable, by you at
least.

All of these are fast, practical, and have been heavily tested. You
can't really make those kinds of claims for OAP-L3.

As far as we know, no-one has broken OAP-L3. But that's because no-one
has seen it properly, and also because there is not huge amounts of
confidential information out there using it, to give people a bit of
incentive. If you give OAP-L3 the kind of exposure the cyphers mentioned
above have had, i predict it will last about a week. Maybe less.

At the moment all we really have is your claim that your stuff is
unbreakable. What credibility do you have? What was the toughest cypher
you have broken? If you haven't broken anything good, why should we
believe that you are even capable of making a reasonable effort to break
OAP-L3? And if you haven't made a serious attempt to break it, how do
you know it isn't breakable?

> And I can provide anyone with the software to see for themselves.  The
> Help Files describe OAP-L3, and the Theory and Processes Help Files
> prove my claim.

Those files don't prove anything. I think they were written by someone
who has no idea what proof is. People with a lot more credibility than
me think so too. For instance you seem to have made it onto Bruce's
snake-oil list.

I'd trust the stuff i wrote a lot more than i'd trust yours. But not far
enough to use it for anything that matters. If i really wanted
industrial strength stuff i'd probably use the open-ssl libraries which
are free, heavily tested and scrutinised, and actually in use by a lot
of companies for real work.

------------------------------

From: David Youd <[EMAIL PROTECTED]>
Crossposted-To: alt.books.technical,comp.security.misc
Subject: 40 Cryptography books reviewed
Date: Sun, 30 Apr 2000 14:54:07 GMT

Check out reviews of 40 cryptography books (plus an additional 10 not
yet reviewed) at:
http://www.youdzone.com/cryptobooks.html



------------------------------

Date: Sun, 30 Apr 2000 11:05:27 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: new Echelon article

The count of exclamation points has reached the level that indicates frothing at
the mouth, so let's refer to the National Socialists and call this thread dead.

Diet NSA wrote:

> In article <[EMAIL PROTECTED]>
> , "Trevor L. Jackson, III" <
> [EMAIL PROTECTED]> wrote:
> >
> >Politicians realize that a federal deficit is a useful
> political tool for
> >managing political control.  This has nothing to do with
> economics.
> >
> Yes, I am certain that politics & money
> (or its deficit) have nothing to do with
> economics. NOT !!!  I am still using your
> views as toilet paper and it looks like I
> will never run out !!!
>
> >Yup, and this process is so wasteful that it decreases the
> efficiency of the
> >various activities below that which would have obtained without
> gov't "help".
>
> This sentence does not make sense. What
> do you mean by "below"?
>
> >Look up the origin of the term "Laissez Faire" -- it has
> nothing to do with lack
> >of regulation.  It has to do with lack of gov't "help".
>
> This term originated in the 18th century.
> Newsflash !!!-  We are no longer living in
> the 18th century and, anyways, I never
> disputed any definition of "laissez faire".
> >
>
> >Actually, it's important that we keep the "ball" out of gov't
> hands".
> >
> This is a meaningless statement which
> has nothing to do with what I wrote. I
> was implying that one way to decrease
> gov't waste is to make the gov't more
> efficient via the use of IT.
> >
> >How can you have it both ways?  You have claimed that gov't
> spending has helped
> >various portions of society to the benefit of society as a
> whole.  This
> >_requires_ an assumption that you know what would have
> happenned without
> >government interference.
>
> No it doesn't. Consider, for instance, the
> role of the CDC & related gov't efforts. If
> they had never done anything then society
> would most likely have suffered more
> disease. Instead gov't funding helped in
> the effective eradication of polio, small
> pox, etc. (Unfortunately, Gov't funding
> doesn't seem to do anything for
> eradicating *your* ignorance).
>
> The fact that you have no clue as to the
> destructive
> >effects of government "help"
>
> Of course I have a clue. For example, just
> consider the government's lousy handling
> of the Waco incident.
>
> >about the true results of government actions, and stop
> believing the claims made
> >before the facts.
>
> What claims?
>
> >by the legislators.  Either Congress had no clue regarding the
> effects of their
> >programs, in which case they had no business legislating those
> programs, or they
> >_did_ know about the effects, but passed the programs anyway.
>
> Which programs?
>
>   In either case
> >government action is to be condemned.
>
> If Senator Moynihan believes this then
> why is he in government?
> >
> >That is laughable.  There is no credible source of government
> science.
>
> What an extreme & absolute statement!
> Now I have *bullshit* in addition to toilet
> paper.
>
>  man behind the curtain", the EPA was
> >revealed to be completely corrupt.
>
> Yes, I am sure that they are all corrupt.
> NOT !!!  It is beginning to seem that it is
> only your intellect that is thoroughly
> corrupted.
>
>  Since all government activity is
> dominated
> >by politics,
>
> How can you be sure that "all government
> activity" is dominated by politics?
>
>  there is no, zero, nada, room for
> scientific objectivity.
>
> Again, how do you know these "truths" so
> absolutely?
> >
> >OTOH, the desire for profits is not an ulterior motive.
>
> Is this desire always "not an ulterior
> motive"? I have determined why you are
> able to be so all-knowing:  You are the
> King of False Absolutes (not to mention
> horse  shite).
>
>  It is a perfectly valid
> >reason for engaging in scientific research.
>
> Now you have said something reasonable.
> Hallelujah !!!
>
> Note that privately funded research
> >is distinct from publicly funded research.
>
> False & (very) messy bullshit again !!
> Consider where my father works: Harvard
> University. Here a researcher can receive
> public & private funding simultaneously.
>
>  Privately funded research has to be
> >objective because it is a search for the scientific truth.
>
> No. The research is part of a search for
> (corporate) profits more than it is part of
> a search for some abstract or objective
> truth. Also, the research could be
> misrepresented for marketing reasons or
> it could even be fudged.
>
> One cannot sell
> >products that don't work.
>
> You are a bold faced liar. You should
> contact consumer groups to learn about
> the many products that have not worked
> properly.
>
> Now, in gov't research the results are
> irrelevant to
> >the process of getting funded,
>
> Another absolute statement & lie.
>
> so scientific truth is not a relevant
> criteria.
> >
> Liar, liar, pants on fire.
> >>
>
> >This betrays an ignorance of the ways government works.  It
> does _not_ work for
> >the benefit of society.
>
> You're right. Government works only for
> the benefit of robots from the future. See,
> it is easy to imitate you by writing
> complete crap.
>
> >Why are the margins low?  Because the products and services are
> things people do
> >not want.
>
> This is not always true. [Returning to
> toilet paper], more people want toilet
> paper than IT bandwidth but the profit
> margins are lower in the toilet paper
> industry because it is much easier to
> produce on demand. You are unaware of
> what is probably the most basic concept
> in economics-  the relationship
> *between* supply & demand.
>
> So what source of wisdom does the
> government use to decide what
> >people should have they don't want?
>
> This is gibberish with nonsensical
> grammar.
> >>
> >> It is a myth that government *always*
> >> does things more inefficiently.
> >
> >No, it's not a myth.  It's a fact.
>
> How would the private sector command &
> run the military more efficiently than the
> gov't? First of all, the military shouldn't
> even be under the command of private
> entities such as corporations. Thus, what
> I said is not a myth & you are wrong yet
> again.
>
>   Government is not reason, government is
> >force.
>
> Why does this always have to be true? Oh,
> I forgot-  you are the King of False
> Absolutes. Flamewars are more fun than
> any computer game, because I get to shoot
> down real-life idiots !!!
>
> " V hfdt afogx nfvw ufo axb (o)(o) "   - Gtnjv
> ----------------------------------------------------
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
> The fastest and easiest way to search and participate in Usenet - Free!


------------------------------

From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: How would a 15 year old start?
Date: 30 Apr 2000 14:33:58 GMT

Andy Dingley <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (David Formosa (aka ? the Platypus))  a écrit :

>>Buy Applied Cryptography By Bruce Schneier.

> The guy's only 15 !    Read Cryptonomicon by Neal Stephenson first.

OK, let's add one more recommendation : _The Codebreakers_, by David Kahn.
Excellent and engaging history of crypto, PLUS some technical info on how
classical ciphers work. I'm sorry I didn't remember it earlier! 


> No-one should read Applied Crypto unless they desperately _want_ to. 
> It's pretty heavy going in places, so let's try and whip up the
> enthusiasm first.   8-)

No one says you have to understand all of it on first reading. It's just
that it's the friendliest introduction I know of to more modern
methods. Plus it goes to great lengths to give the intuition about how the
various primitives work before hitting with the more technical stuff. :-)

This begs the question - why look at more modern methods? why not spend
lots of time on classic ciphers? My answer is that public-key
crypto seems to be qualitatively different from the symmetric
stuff, and it's important to have some idea of the "flavor" of both of
them...and I don't know of a "classic" public-key cryptosystem.

Thanks, 
-David



------------------------------

Date: Sun, 30 Apr 2000 11:11:48 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Janet and John learn about bits (was Re: Problems with OAP-L3)

Anthony Stephen Szopa wrote:

> Who wants just "adequate" or "okay" encryption software?  We've got
> plenty of that already.
>
> The gold medal goes to creating unbreakable encryption...  And
> creating it first.
>
> I claim to have created unbreakable encryption software.  And I
> can provide anyone with the software to see for themselves.  The
> Help Files describe OAP-L3, and the Theory and Processes Help Files
> prove my claim.

If your claim of unbreakable strength is so firmly supported why have you refused to
accept the two wagers offered to prove your claims invalid?

If your claims are accurate, the wagers would both fill your wallet and provide more
marketing "ammunition".

Do you lack the courage of your convictions?


------------------------------


** FOR YOUR REFERENCE **

The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:

    Internet: [EMAIL PROTECTED]

You can send mail to the entire list (and sci.crypt) via:

    Internet: [EMAIL PROTECTED]

End of Cryptography-Digest Digest
******************************

Reply via email to