Cryptography-Digest Digest #823, Volume #11 Sat, 20 May 00 00:13:01 EDT
Contents:
Re: Unbreakable encryption. (Dan Day)
Re: Patent state of Elliptic Curve PK systems? (Roger Schlafly)
Re: sci.crypt cipher contest ("Paul Pires")
Re: OT: selfmodifying code (Paul Koning)
Compare 3DES's. (long) (Was: Mixmasters encrypt how?) (William Rowden)
Re: random.org? (David Kuestler)
Fastest RC5 code? (tomstd)
Re: More on Pi and randomness ("Steve and Darla Wells")
Re: Cipher Contest: Whirl128 (paper) (tomstd)
Re: Encrypting random data (tomstd)
Re: More on Pi and randomness (Mike Oliver)
Re: Interpretation of Hitachi patent claims (Jerry Coffin)
Re: More on Pi and randomness ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Subject: Re: Unbreakable encryption.
Date: Fri, 19 May 2000 21:27:19 GMT
On Sun, 14 May 2000 16:55:48 -0700, lordcow77
<[EMAIL PROTECTED]> wrote:
>I find the spam posted by OP to be hilarious, particularly the
>FAQ on his web page. I guess we all learn something new
>everyday. Some highlights include:
>--
>"Q: How many digits is infinite?
>
>A: 2147483645 digits."
Okey dokey... This "pohanl" sounds very suspiciously
like "Po-Han Lin", who posted similarly crackpot stuff
on talk.politics.guns several years ago -- including a
hilariously skewed "Pro-Gun Control FAQ, Version 1.3".
Here are a couple of choice excerpts:
#### Excerpt #1:
=======================================================================
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
Everything below this warning label are things that require intelligence
to obtain insight into the gun issues. Do not read if you are unable
to be impartial in your judgement of this FAQ after reading these
controversial material... If you can't handle them, take them as humor only.
You have been warned...
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
=======================================================================
#### Excerpt #2:
A: Why are you cursing dad?
B: Well son, I'm just foul-mouthed like many gun-owners. I am sorry.
A: Are all gun-owners foul-mouthed?
B: Yes, they curse at those that they don't like. Similar to shooting
people they don't like. In addition, they are stupid, fat, and ugly.
A: Really?
B: Yes. They have very big bellies from drinking too much beer and eating
too much junk food.
A: But Dirty Harry is skinny.
B: Trust me, do you want to be stupid, fat, and ugly?
A: No.
B: Then don't treat guns as toys. Grow up and be a contributor to society,
an educator, rather than a brute-force animal. Use reason, not force.
Understanding, not hate.
All of a sudden a stray bullet from a drive-by shooter breaks through
the window, and hits the son right through the heart, killing him instantly.
The dad cries out in sorrow and pain.
#### End of excerpts
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Patent state of Elliptic Curve PK systems?
Date: Fri, 19 May 2000 14:53:32 -0700
"Frank M. Siegert" wrote:
> I am just thinking about integrating a form of public key encryption
> in one of my software products, however I would like to be free of any
> patent problems. So if I should build in a form of elliptic curve PK
> system will I stumble into the deep waters of the sea of patents?
The safest way to go is to use Diffie-Hellman, since the
patents have expired. Anything in an expired patent is
surely in the public domain.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: sci.crypt cipher contest
Date: Fri, 19 May 2000 15:00:49 -0700
Boris Kazak <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] wrote:
> >
> > Is publishing a cipher on the web (including source code) an equivalent
> > of exporting it? Is the website accessible from outside the U.S.?
> >
> > Joseph Poe
> ---------------------
> AFAIK, restrictions apply specifically in case of "exporting",
> which means that crypto software in question must be considered a
> commercial entity.
> The ciphers at the crypto-contest Web site are by definition placed
> into public domain, thus they are non-commercial.
>
> Or at least I hope so. BNK
I believe you are confusing public knowledge with public domain. Merely
publishing something to a "Public" forum does not make it public domain. It
could still be your property.
Artists don't loose rights if a song is played on the radio. With
patents, publishing more than one year before filing for patent protection
could loose all rights. As usual, it's one of those things that you'd better
get legal advice on if it is really important to you.
Paul Pires
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: OT: selfmodifying code
Date: Fri, 19 May 2000 17:46:46 -0400
Runu Knips wrote:
>
> "Casper H.S. Dik - Network Security Engineer" wrote:
> > Runu Knips <[EMAIL PROTECTED]> writes:
> > >However, JIT has nothing to do with self-modifying code. There is NO
> > >self-modifying code, that technique is absolutely forbidden now !
> > >For modern processors can't handle that well anymore. You would have
> > >to disable the first and second level cache to make that work.
> >
> > from a processor's viewpoint, self-modifying code and code-generation
> > on-the-fly are pretty much the same thing.
>
> Wrong. A processor which is executing JIT code can't see any difference
> to normal code. Its just the same. On the contrary, a processor
> executing
> self-modifying code has always to check if there isn't already an
> updated
> version of the code it is currently executing. This means, it has to
> disable its code cache, or its code cache has to be far more complex
> that
> it normally (or often) is. Because normally code caches assume that code
> doesn't change. Too, it might also have to disable its pipeline. Because
> the pipeline might contain instructions which might have already been
> updated in memory.
This is all somewhat accurate...
Self modifying code as a coding technique is universally
frowned on.
But there are many entirely normal operations that have the
exact same impact on the CPU as self-modifying code.
For example: loading an application; swapping code pages
(on some machines anyway); on the fly compilation; etc.
No, you don't disable the cache when you do that. You
invalidate the I-cache. (Presumably that's a non-privileged
operation, or life gets interesting.) You don't normally
have to watch out for the pipeline because you don't normally
modify "nearby" code. (Self-modifying code in the classic
sense would be an exception; debuggers placing breakpoints
may be another.)
Getting that stuff right is generally tricky. Also, on
many processors the cost of the necessary cache flushing
is very high -- acceptable when loading a new app but not
something to be done casually.
paul
------------------------------
From: [EMAIL PROTECTED] (William Rowden)
Subject: Compare 3DES's. (long) (Was: Mixmasters encrypt how?)
Date: 20 May 2000 00:21:43 GMT
I want to understand the mechanics of Triple-DES, especially as used
by Mixmaster remailers (see quotes below). I have read the pertinent
sections of _Applied Cryptography_ (1st ed.) and _Handbook of Applied
Cryptography_, and I still have these questions, so I'm asking my
favorite newsgroup and some others for clarification. Please feel
free to point me to additional sources.
What variants of Triple-DES are in use, and how does their security
compare? Specifically, I have these questions:
. What advantage is there in using EDE? That is, why use
E(K1,D(K2,E(K1,x))) rather than, say, E(K1,E(K2,E(K1,x)))? Is it only
for backwards compatibility, since the DES encrypt and decrypt
processes are equally secure? ("Backwards compatibility" here means
that if K1=K2, E(K1,D(K2,E(K1,x))=E(K1,x), equivalent to single DES.)
. Is using EDE weaker than the alternative? Since if K1=K2, EDE is
equivalent to single DES, doesn't that reduce the usable keyspace?
The same is *not* true of E(K1,E(K2,E(K1,x))): since DES does not form
a group, there is no equivalent single DES even if K1=K2. A similar
observation applies to E(K1,D(K2,E(K3,x))) if K1=K3.
. If EDE is preferred due to backwards compatibility only, why would
one use it (as in Mixmaster) with 24 bytes of key? Obviously, here 24
bytes * 8 bits/byte = 192 bits = 3 keys * (56 bits + 8 parity
bits)/key. That is, why use E(K1,D(K2,E(K3,x))) rather than
E(K1,E(K2,E(K3,x)))?
. How much stronger is use of 24 bytes of key as compared with 16
bytes? That is, how does E(K1,D(K2,E(K3,x))) compare to
E(K1,D(K2,E(K1,x)))? A naive view would say that 24 bytes would take
at least 2**64 longer to crack than 16 bytes, but this assumes that no
attack more efficient than brute force is available.
. Conversely, if 24 bytes is *much* more secure than 16 bytes of
key, why would one use the latter? The computation time for three DES
encryptions/decryptions is necessary in either case, and the
"backwards compatible" keys (K1=K3) still exist when using EDE.
. How is CBC mode defined for 3DES? According to the sci.crypt FAQ,
only ECB is defined for 3DES.
TIA
On 08 Mar 2000, [EMAIL PROTECTED] wrote:
> William Rowden <[EMAIL PROTECTED]> wrote:
> > Mixmaster messages are 3DES encrypted
[snip]
> The symmetric encryption uses EDE 3DES with cipher block chaining
> (24 byte key, 8 byte initialization vector) [Schneier 1996].
[snip]
> RSA-encrypted session key [ 128 bytes]
> Initialization vector [ 8 bytes]
[snip]
> To generate the RSA-encrypted session key, a random 24 byte
> Triple-DES key is encrypted with RSAES-PKCS1-v1_5
[snip]
> Triple-DES key [ 24 bytes]
--
-William
PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2000-08-01
Fingerprint: FB4B E2CD 25AF 95E5 ADBB DA28 379D 47DB 599E 0B1A
------------------------------
From: David Kuestler <[EMAIL PROTECTED]>
Subject: Re: random.org?
Date: Sat, 20 May 2000 11:33:38 +1000
RecilS wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Does anyone know the quality level of random.org? It explains what
> random numbers are and that it retrieves them from radio wave noise,
> but fails to mention whether you're getting fresh numbers, rehashes,
> etc.
> Also, does anyone know of a real-time stock market level server (Dow
> Jones preferably but any will do)?
> Obviously I'm trying to find a good source of online random numbers
> so any other sources would also be appreciated.
>
> Thanks
> - - RecilS
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBOSNwFBJETAFqh0RgEQIg+wCcC2Az75F6Sbdb/aUTKtXvo6Q5J70AoKek
> ejnla5OiBOyFVOlCqiNWoYY+
> =Tpd2
> -----END PGP SIGNATURE-----
You may want to check out http://lavarand.sgi.com
However it can't be stressed enough that any public source of random
numbers is useless for security purposes.
------------------------------
Subject: Fastest RC5 code?
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 19 May 2000 19:35:03 -0700
What is the fastest RC5 16/12 round variant for the x86 out
there? I got 168 cycles per block (16 rounds) with my
routine....
Just wondering,
Tom
-- posting via remarq since @home news sucks, and deja is down.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "Steve and Darla Wells" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: More on Pi and randomness
Date: Fri, 19 May 2000 19:37:17 -0700
Thought I'd share this factoid, although not of great relevance to this
discussion
3 . 1 4 1 5 9 2 6 5 3 5 8 9 7 9 3 2 3 8 4 6 2 6 4 3 3 8 3 2 7 9 5 0 2 8 8 4
1 9 7 1 6 9 3 9 9 3 7 5 1 0
The number decimal places of pi required be sufficient to inscribe a circle
around the visible universe that doesn't deviate from perfect circularity by
more than the distance across a single proton. (I committed this simple
string to memory, hehe)
Long ago when computer time was measured in $1/s, I did some distribution
analysis on pi, it wouldn't make that great of an entropy source, much
complexity but many recognizable patterns. (Reference Kunth's comment about
complexity vs randomness)
"Clive Tooth" <[EMAIL PROTECTED]> wrote in message
news:8g31sv$5rf$[EMAIL PROTECTED]...
> Mike Mccarty Sr wrote in message <8g1kd5$7qf$[EMAIL PROTECTED]>...
>
> >In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> wrote:
> >)In sci.crypt JCA <[EMAIL PROTECTED]> wrote:
> >)
> >): If I tell you the decimal in position N in the expansion of Pi
> >): you won't be able to tell me anything about the following decimal
> >): sequence short of doing the computation yourself.
> >)
> >)Even if you *don't* tell me N, it's still possible to make positive
> >)statements about the sequence. This was discussed on the other thread:
> >)according to mathmaticians, PI doesn't behave randomly.
> >
> >This is not something which can be said with our current level of
> >knowledge of PI. We can make statements about the first x billion
> >digits, but we cannot (as yet) make statements about PI.
>
> Some things are known about the decimal digits of pi in general. For
> example, for no positive integer n are the digits n thru 100*n all equal
to
> zero.
>
> --
> Clive Tooth
> http://www.pisquaredoversix.force9.co.uk/
> End of document
>
>
>
>
------------------------------
Subject: Re: Cipher Contest: Whirl128 (paper)
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 19 May 2000 19:37:07 -0700
<snip>
---
The avalanche addition has been seen in SHA-1. The main
inspiration for using this was however an dispute between me and
Tom St Denis on news:sci.crypt, where Tom called another loop in
a hash function designed by him an 'avalanche addition', which
it wasn't.
---
When exactly did I make any mention to avalanche addition?
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: Encrypting random data
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 19 May 2000 19:39:38 -0700
In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]>
wrote:
>Tom St Denis <[EMAIL PROTECTED]> wrote:
>: [EMAIL PROTECTED] wrote:
>
>:> Say one has a hardware RNG generating truely random numbers
(as
>:> opposed to PRNs). If this hardware is on one machine, and
you want
>:> to use the random numbers on a different machine, would it
suffice to
>:> encrypt the random pad with a stream cypher like (say) RC4,
then
>:> send the numbers? Is there any way to break such, assuming
the
>:> RC4 key was distributed securely?
>:>
>:> If that pad is then decrypted and used as a OTP, is it
noticably
>:> harder to break the resulting encrypted message than to
break the RC4
>:> encryption? [...]
>
>: You seem like a very confused individual. [...]
>
>It does make some sense. This protocol even gets diuscussed in
BS's AC.
>
>: If I send a OTP pad using RC4 to a friend, then technically
we don't
>: have a otp anymore, we have RC4 (a variant there-of). So no
matter how
>: random your OTP is (or how close to unpredictable, etc...) it
won't be
>: any stronger then RC4 (at best).
>
>*If* the source of randomness is good, it has some advantages
over vanilla RC4.
>For example, consider the implications of a chosen-plaintext
attack on
>both schemes. It is not as strong as an OTP, though - a known
plaintext
>attack would work much the same as it would on plain RC4.
>
>It doubles the size of your messages. It seems unlikely that
any benefits
>will compensate for this.
Nope. At best you have RC4 there, no matter how you look at
it. The idea is just plain silly, and alot of silly examples
are in AC (hence the term 'example').
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Mike Oliver <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: More on Pi and randomness
Date: Fri, 19 May 2000 19:47:46 -0700
Steve and Darla Wells wrote:
>
> Thought I'd share this factoid, although not of great relevance to this
> discussion
>
> 3 . 1 4 1 5 9 2 6 5 3 5 8 9 7 9 3 2 3 8 4 6 2 6 4 3 3 8 3 2 7 9 5 0 2 8 8 4
> 1 9 7 1 6 9 3 9 9 3 7 5 1 0
>
> The number decimal places of pi required be sufficient to inscribe a circle
> around the visible universe that doesn't deviate from perfect circularity by
> more than the distance across a single proton. (I committed this simple
> string to memory, hehe)
To how many decimal places is the "visible universe" flat? Not that many,
I'll wager.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Interpretation of Hitachi patent claims
Date: Fri, 19 May 2000 21:06:06 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> I think I could understand the 'claim 1' there, but apparently
> my poor English knowledge prevented me from comprehending
> 'claim 10'.
Here's my translation of claim 10 into something like pseudo code:
I2 = A ! PT1
I1 = @ I2
I3 = I1 <<< B1
I5 = ! I3
I4 = PT2 @ I5
I6 = I4 <<< B2
I7 = PT3 @ I6
I8 = ID7 <<< B3 ; This part isn't entirely clear
I8 = @(I8, I4, I7)
CT = @ I8
Where:
Data
A = some predefined set of bits
Ix = The xth intermediate value of the claim
PT[x] = Plaintext[x] -- parts are not necessarily equal or ordered
CT = Ciphertext
Bx = number of bits of rotation. B1 != B2, B2 != B3
Operations
! = Some undefined method of derivation
@ = Some arithmetic operation (not necessarily always the same)
<<< = circular shift (rotate)
The part I say isn't entirely clear doesn't seem to define a sequence
in the claim, but says there's a rotate AND that the eighth
intermediate data is depends on the eighth intermediate data, which I
interpreted to mean the operations take place in the order defined,
but the claim doesn't really say this, nor make the dependency
entirely clear, as it could have by, e.g., defining a ninth piece of
intermediate data.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: More on Pi and randomness
Date: Sat, 20 May 2000 03:16:55 GMT
Mike Mccarty Sr wrote:
> You took my statement out of context. The context is whether PI be
> normal in some base.
> WHY DO PEOPLE LIKE YOU POST SUCH ANNOYING DRIVEL TAKING PEOPLE'S
> STATEMENTS OUT OF CONTEXT LIKE THIS?
You did not provide any such context when you tossed your previous
posting into sci.crypt.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
