Cryptography-Digest Digest #394, Volume #12 Thu, 10 Aug 00 03:13:00 EDT
Contents:
1-time pad is not secure... ([EMAIL PROTECTED])
Re: Not really random numbers (Scott Nelson)
Re: Internet-based secret algorithm? ("kihdip")
Re: Physical RNG ("Joseph Ashwood")
Re: Simple Cypher? ("Joseph Ashwood")
Re: 1-time pad is not secure... (Samuel Paik)
Re: Hey I'm a nubee, can anyone help ? ("Joseph Ashwood")
Re: Not really random numbers ("Joseph Ashwood")
Re: Internet-based secret algorithm? ("Lyalc")
Re: Cryptography Certifications ("Joseph Ashwood")
Re: Cryptography Certifications ("Joseph Ashwood")
Re: Empathic encryption? ("Joseph Ashwood")
Re: Hey I'm a nubee, can anyone help ? ("Joseph Ashwood")
Re: 1-time pad is not secure... (fvw)
Re: 1-time pad is not secure... ("Joseph Ashwood")
How can I do "certificate validation" in C? (haifeng)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: 1-time pad is not secure...
Date: Thu, 10 Aug 2000 06:11:11 GMT
Here's a different viewpoint.
I think all the crypto-books are wrong. One-time pad is only secure
based on the assumption that random numbers do exist.
But can you prove that random numbers really exist? No.
Can you generate truely random numbers? No.
It's like 1/x tends to zero but you'll never get zero, if you use
enough bytes to hold the number.
One-time pad is only computationally secure, no difference than any
other systems. The key-generating process may be duplicated, if not
exactly, to some probability. And because the key is so long, getting
at least a portion of the key right will be easier than in systems with
a shorter key.
Get the picture? You can duplicate the key-generating parameters:
computer model, OS, PRNG, date, time, location, hardware, software,
room temperature, humidity, magnetic field... The list goes on and on.
Then the longer the key, the higher possibility that you'll get
something right.
--Sisi
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Not really random numbers
Reply-To: [EMAIL PROTECTED]
Date: Thu, 10 Aug 2000 06:23:15 GMT
On Wed, 9 Aug 2000 "Jamie" <[EMAIL PROTECTED]> wrote:
[edited]
>...I need ideas for a number
>generator that satisfy the following contidions:
>
>1 The magnitude of the generated numbers can be specified, 2^30, 2^35,
>2^40... 2^90
>
>2 The period must be greater then 2^^20
>
>3a Given a short fragment of the sequence it must be difficult to deduce the
>next number in sequence
>3b Given one number it must be unlikely that another number is both close in
>value and close in position in the sequence
>(vague but I guess I mean that a "hacker" wont succed randomly guessing the
>next number)
>
>4 The sequence must be re-startable.
>
>5 No need for an even distribution or anything like that.
>
To be restartable, it must be a finite state machine
(so you're looking for a pseudo random sequence)
and someone (or something) must remember the starting state(s)
To be secure, the state must be kept secret.
These are not killer problems, but they are things to keep in mind.
I suggest encrypting a counter with a variable sized block cipher.
Off the top of my head;
for n = start to end
state = n
for i = 1 to 10000
low_byte_of_state = sbox((low_byte + key[i % keysize]) % 256)
rotate state 5 bits
next
next
sbox is a random permutation of the bytes 0-255.
% denotes mod
With this you can make the number of bits in the state any size
larger than 8, and it's reasonable secure, but terribly slow.
A ruby-lackoff construction using only as many bits of the s-function
as needed would probably work too.
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Re: Internet-based secret algorithm?
Date: Thu, 10 Aug 2000 08:25:30 +0200
I cannot see how you could benefit from the internet.
I agree that you'll be able to use it as a random generator or perhabs as a
"public key" generator ( if we don't start to discuss how often we meet the
phrase 'The requsted URL was not found' )
But I cannot see the advantage here compared to the 'normal' methods.
If you're talking about using the entire internet as an 'algorithm', then
I'm concerned with performance, and the fact that an evesdropper could
monitor the web-pages you visit.
Kim
Max Polk wrote in message ...
>Would an Internet-
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Physical RNG
Date: Wed, 9 Aug 2000 23:25:24 -0500
You can do a whole hell of a lot better than that piece of
crap that Szopa is trying to sell again. He's a dumber than
average troll. His crap not only fails just about every
known test, he can't figure out anything without someone
else's help, he didn't realize you asked for hardware as
opposed to crap^H^H^H^Hsoftware. So to summarize; Szopa is
an idiot, and you don't want his stuff.
Joe
"Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in
message news:[EMAIL PROTECTED]...
> Ed wrote:
> >
> > Hello,
> >
> > I'm searching for a physical random number generator.
> > But I've have important constraint :
> > - it should be plugged in a PCI bus
> > - it should be useable under Solaris system ( or Unix
system)
> >
> > If you know a physical RNG that don't match these
criteria,
> > it could help me.
> >
> > Please send any information to : [EMAIL PROTECTED]
> >
> > Edouard DESSIOUX
> > Everbee
>
> You obviously want to generate random numbers.
>
> You cannot do any better than:
>
> Go to http://www.ciphile.com and download a shareware copy
of
> OAR-L3: Original Absolutely Random - Level3 random number
> generator software.
>
> Go to the Downloads Currently Available web page.
>
> Or you can get OAP-L3: Original Absolute Privacy - Level3
encryption
> software package shareware.
>
> You should check this software out.
>
> A.S.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Simple Cypher?
Date: Wed, 9 Aug 2000 23:27:26 -0500
"Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in
message news:[EMAIL PROTECTED]...
> Go to http://www.ciphile.com and get your shareware copy
of OAP-L3:
> Original Absolute Privacy - Level3 encryption software
package.
Or save yourself some time, effort, disk space, sanity, and
intelligence, and leave the great dimwitted one to himself.
Joe
ps the reason I have taken to lowering my word usage is
because as we've learned previously Szopa can barely
understand a preschooler, let alone something as
sophisticated as modern english.
------------------------------
From: Samuel Paik <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Thu, 10 Aug 2000 06:46:46 GMT
[EMAIL PROTECTED] wrote:
> But can you prove that random numbers really exist? No.
> Can you generate truely random numbers? No.
You are welcome to try to predict inter-arrival times for
radioactive decay events. I don't recall the assumptions
underlying the "no hidden variables" proof for quantum
mechanics, but that seems to imply that quantum processes
are not predictable at low levels, only in aggregate expected
quantities.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Hey I'm a nubee, can anyone help ?
Date: Wed, 9 Aug 2000 23:34:56 -0500
First, and foremost do not listen to the fool that calls
himself Anthony Szopa. Realistically PGP is your best
option, it's encryption is considered strong, and it is
quite good for loal files. If you want something that
handles logical disks consider ScramDisk.
Joe
"ya_boy" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Just wondering , without going into all osrts of technical
stuff, what
> is a good enceyption program for encrypting files . Not
necessarily PGP.
> I dont' want to send them over the net but secure my
company's rechords.
> Will PGP encrypt files well or do you actually have to
have the file you
> encrypted address to someone's public key?
> Any help deeply appreciated.
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Not really random numbers
Date: Wed, 9 Aug 2000 23:36:50 -0500
This is getting boring to do, but anyway. if Szopa wrote it,
it's worse than useless. See my comments elsewhere on this
group for more details.
Joe
------------------------------
From: "Lyalc" <[EMAIL PROTECTED]>
Subject: Re: Internet-based secret algorithm?
Date: Thu, 10 Aug 2000 16:52:55 +1000
Traffic analysis makes this weak, i'd think - see which sites you visit, and
analyse them.
Also, you need very static content for long term secrets - maybe this is too
unreliable in such situations.
Lyal
Max Polk wrote in message ...
>Would an Internet-based secret algorithm be worthwhile? What I mean by
>"Internet-based" is the following:
>
>1. You find lots of web sites, usenet posts, etc., from all over the
>world.
>2. According to a secret algorithm, you extract bytes of text from them,
>extract chunks of bits within images on them, extract things from Acrobat
>PDF files on some of them, etc.
>3. Use the above data as your key to encrypt your plaintext.
>
>We are currently *VERY FOCUSED* on having all the information you need to
>decipher a message inside that message (public key crypto
>notwithstanding).
>
>This strong focus makes cracking an encrypted message a simple matter of
>number crunching on a very big computer before it is broken.
>
>With this Internet-based secret algorithm, you are spreading out the
>information you need to decipher the message all over the world on
>various web pages, inside images, tucked away in various places.
>
>The raw amount of information on the Internet makes the likelihood of
>simple number crunching on the message impossible. After all, what bytes
>would you pick from which web site as your source for number crunching?
>
>Furthermore, what possible pattern could be found to weaken the secret
>algorithm? It is quite impossible to take all the information on the
>Internet and come up with all possible keys. What's so good is that the
>Internet total data size is still growing rapidly.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Cryptography Certifications
Date: Wed, 9 Aug 2000 23:48:55 -0500
"Steve" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In addition to this eloquent language below one has to
have a
> vocabulary which is nearer cryptic than plane text and
uses larger
> than ordinary words which adds to the confusion of what
you are trying
> to say hell if a cryptographer wanted to retire he'd have
to learn to
> speak 4rd grade English again
>
> Oh yes forget the punctuation that leads to sentences
which can easily
> be deciphered AND DON'T GET CAUGHT YELLING VERY MUCH
EITHER
>
> Shit I used paragraphs, back to the drawing board
Ahh, you can do better than that, I actually got away with
using "obfuscation of entropy" in a job interview. I never
plan on speaking 4th grade English, maybe 12th grade, but
never fourth (guess I can't be president then).
Of course for all you know I could use the words "Dude" and
"and" overly in person.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Cryptography Certifications
Date: Wed, 9 Aug 2000 23:52:20 -0500
Actually correctness to be easy to consider, because
correctness is outside the bounds of performance. In crypto
correctness to me is a matter of invertability. Given that
crypto requires correctness, a strong hash actually requires
incorrectness (or rather a different type of correctness),
the correctness proofs are generally very straightforward,
being little more than things like "See Feistel Structure
Proof" or "All methods used are invertable, therefore the
sum is invertable."
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Empathic encryption?
Date: Wed, 9 Aug 2000 23:53:10 -0500
Oddly that sounds like a fairly good idea. Although it will
be difficult to tell when the following note should be
obvious (the only immediate option is the chord resolutions
which are often infrequent). I dunno, could be fun. Of
course it's very much like steganigraphically inserting
something into an ordered pseudo-random stream, but I
wouldn't call it empathic encryption a computer could decode
just as easily.
Joe
"Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I can think of one kind of [bizarre?] stenography for
sending
> information to a musician. Start with music which has
been generated by
> a computer following various rules of composition... so it
will be a
> good, well formed, though probably unimaginative piece of
music. Then,
> every nth note, change that note so that it is, to a
professional
> musician, obviously not right, and where, hopefully, the
note that
> *should* be there, is also obvious. The difference
between the note
> that *is*, and the note that *should be* is one nibble of
data. Print
> the data as sheet music, and send it in the mail. Or even
send it by
> email, as a midi... It would, after all, be a valid midi;
Of course,
> you'd have to be a musical genious to be able to decode it
by just
> listening to it.
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Hey I'm a nubee, can anyone help ?
Date: Wed, 9 Aug 2000 23:53:37 -0500
PGP will do much better than anything dimwit (aka Szopa) has
written. PGP can be highly trusted (unlike whatever Szopa
sells), and is widely trusted (unlike whatever Szopa sells).
There have been no significant progress against PGP (unlike
what Szopa sells, even though he has quite often insisted
that it is not so and has even gone so far as to not
recognise the attack against is worthlessware).
Joe
"ya_boy" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Just wondering , without going into all osrts of technical
stuff, what
> is a good enceyption program for encrypting files . Not
necessarily PGP.
> I dont' want to send them over the net but secure my
company's rechords.
> Will PGP encrypt files well or do you actually have to
have the file you
> encrypted address to someone's public key?
> Any help deeply appreciated.
>
------------------------------
From: [EMAIL PROTECTED] (fvw)
Subject: Re: 1-time pad is not secure...
Reply-To: [EMAIL PROTECTED]
Date: Thu, 10 Aug 2000 07:00:35 GMT
<8mth1u$vpt$[EMAIL PROTECTED]> ([EMAIL PROTECTED]):
>Can you generate truely random numbers? No.
yes. time between radioactive decays for instance is a
textbook example of a perfect random generator.
>One-time pad is only computationally secure
If you use a prng and have enough data on the prng, yes.
otherwise, no.
>no difference than any
>other systems.
yes there is, a 100 byte message encrypted with des would have only
2^64 possible keys, meaning the chance of a second valid plaintext
in that keyspace is very small.
a 100 byte message encrypted with a OTP would have would have
2^800 keys, meaning all possible messages could be 'bruteforced'
from that plaintext. Even with a prng, all possible plaintexts
are possible (although eventually the state of the prng will leak
out, making cryptoanalysis possible. See the BBS OTP thread in this
newsgroup).
>The key-generating process may be duplicated, if not
>exactly, to some probability.
To even get close to duplicating a system you'd have to have microphones,
thermometers and network monitors right next to the person at the time
he's getting the data from the prng. Not to mention quantum mechanics
and chaos theory.
>And because the key is so long, getting
>at least a portion of the key right will be easier than in systems with
>a shorter key.
No it won't. I think you're assuming that you only have one try, but
that's not the way it goes in cryptography.
>Get the picture? You can duplicate the key-generating parameters:
>computer model, OS, PRNG, date, time, location, hardware, software,
>room temperature, humidity, magnetic field...
No you can't.
> The list goes on and on.
yes, it does indeed.
>Then the longer the key, the higher possibility that you'll get
>something right.
nope.
I suggest you read applied cryptography, and possibly some books
on chance. If you're really feeling adventurous, try something
on Quantom mechanics.
--
Frank v Waveren
[EMAIL PROTECTED]
ICQ# 10074100
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Thu, 10 Aug 2000 00:05:11 -0500
Actually I believe those questions were stated as
assumptions in the OTP proof. Namely that a perfect random
numnber generator exists (along with certain requirements),
and that the pad is secret. The ability to reproduce the
sequence is actually an inverse of the length, namely
1/2^length. This is because the aforementioned perfectRNG
must be perfectly balanced, not only at infinite but be
finitely balanced at all intermediate levels (that is to
say, given bits 0 through n-1 and n+1 through infinity it
must be impossible to derive the value of bit n).
So in fact we do get effective zero. Right now we draw the
line of effective zero at about 128-bits (reference AES
block sizes), since a OTP realizes this in exactly 128-bits,
the 129th bit can be considered to be predictable with
probability 0.5 (completely unbiased).
The proof also relies on the availability of a "perfect"
cipher, of which only XOR is the only one known (I can
supply the criteria if needed). This makes it very simple to
expand in the theoretic realm, however with only XOR being
known to meet the criteria there are other issues.
Now OTP is a purely theoretic construct, so the availability
of the required parts is not of interest, they only become
of the most damning form when one attempts to create a
realization of the theoretic construct, which has proven
impossible to this day.
Joe
<[EMAIL PROTECTED]> wrote in message
news:8mth1u$vpt$[EMAIL PROTECTED]...
> Here's a different viewpoint.
>
> I think all the crypto-books are wrong. One-time pad is
only secure
> based on the assumption that random numbers do exist.
>
> But can you prove that random numbers really exist? No.
> Can you generate truely random numbers? No.
>
> It's like 1/x tends to zero but you'll never get zero, if
you use
> enough bytes to hold the number.
>
> One-time pad is only computationally secure, no difference
than any
> other systems. The key-generating process may be
duplicated, if not
> exactly, to some probability. And because the key is so
long, getting
> at least a portion of the key right will be easier than in
systems with
> a shorter key.
>
> Get the picture? You can duplicate the key-generating
parameters:
> computer model, OS, PRNG, date, time, location, hardware,
software,
> room temperature, humidity, magnetic field... The list
goes on and on.
> Then the longer the key, the higher possibility that
you'll get
> something right.
>
> --Sisi
>
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: haifeng <[EMAIL PROTECTED]>
Subject: How can I do "certificate validation" in C?
Date: Thu, 10 Aug 2000 10:08:53 +0300
Hello
who knows some knowledge about x509v3, CA?
How can I do "certificate validation" in C or C++?
it include "signed, integrity, validity....."
You know "Version 3 certificate structure". It has version , serial
number, signature,issuer, validity, ......
Thanks.
HF:)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
