Cryptography-Digest Digest #441, Volume #13 Mon, 8 Jan 01 17:13:01 EST
Contents:
$$$ NEW WAY!! TO MAKE FAST CASH $$$ ([EMAIL PROTECTED])
Re: Comparison of ECDLP vs. DLP (Paul Crowley)
Linear analysis (Benjamin Goldberg)
Re: GOST 28147-89 (Benjamin Goldberg)
Linear analysis (Benjamin Goldberg)
Linear analysis (Benjamin Goldberg)
Re: Fastest way to factor primes? (Simon Johnson)
Re: HMAC-MD5 problems ("Bob Luking")
Re: HMAC-MD5 problems ("Bob Luking")
Re: Idiots guide to Montgomery multiplication (John Bailey)
Re: NSA and Linux Security (digiboy | marcus)
Re: Fastest way to factor primes? (digiboy | marcus)
Re: Genomes ("Douglas A. Gwyn")
Re: xor'd text file - Cryptanalyis of Simple Aperiodic Substitution ("Douglas A.
Gwyn")
secure RNG ("Dobs")
NIST hmac fips (Roger Schlafly)
Re: NIST hmac fips (DJohn37050)
Re: Comparison of ECDLP vs. DLP (DJohn37050)
Re: Need of very simple algorithms? ("Brian Gladman")
Re: Fastest way to factor primes? (Bob Silverman)
t (Frog2)
Re: NIST hmac fips (Roger Schlafly)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: $$$ NEW WAY!! TO MAKE FAST CASH $$$
Date: Mon, 08 Jan 2001 10:29:58 GMT
rw
begin 644 cash.html
M/&AT;6P^#0H\:&5A9#X-"CQT:71L93Y5;G1I=&QE9"!$;V-U;65N=#PO=&ET
M;&4^#0H\;65T82!H='1P+65Q=6EV/2)#;VYT96YT+51Y<&4B(&-O;G1E;G0]
M(G1E>'0O:'1M;#L@8VAA<G-E=#UI<V\M.#@U.2TQ(CX-"CQS8W)I<'0@;&%N
M9W5A9V4](DIA=F%38W)I<'0B/@T*/"$M+0T*9G5N8W1I;VX@34U?;W!E;D)R
M5VEN9&]W*'1H95523"QW:6Y.86UE+&9E871U<F5S*2![("\O=C(N,`T*("!W
M:6YD;W<N;W!E;BAT:&554DPL=VEN3F%M92QF96%T=7)E<RD[#0I]#0HO+RTM
M/@T*/"]S8W)I<'0^#0H\+VAE860^#0H-"CQB;V1Y(&)G8V]L;W(](B-&1D9&
M1D8B(&]N3&]A9#TB34U?;W!E;D)R5VEN9&]W*"=H='1P.B\O=W=W+G!R:79A
M=&5G;VQD+F-O;2]J;VEN+G!H=&UL/W=M7VQO9VEN/71T8F]Y,C1F<29A;7`[
M=VU?<')O9W)A;3U40R9A;7`[=VU?<F5F=7)L/6AT='`E,T$O+W=W=RYM:6ME
M=FED+G1O<&UO9&5L+F-X+R<L)W1E<W0G+"=W:61T:#TQ+&AE:6=H=#TQ)RDB
M/@T*/'`@86QI9VX](F-E;G1E<B(^/&9O;G0@<VEZ93TB-2(^/&(^/&9O;G0@
M8V]L;W(](B,P,#`P,#`B/DY%140@0T%32"P@1D%35"!-3TY%62`-"B`@250@
M4D5!3$Q9(%=/4DM3(2$A(3PO9F]N=#X\+V(^/"]F;VYT/CPO<#X-"CQP/B`\
M82!H<F5F/2)H='1P.B\O;6]B>61I8VMS+F-O;2]C;VUM;VYS+U1O;4-L86YC
M>6AA;&PO;65S<V%G97,O.30N:'1M;"(^:'1T<#HO+VUO8GED:6-K<RYC;VTO
M8V]M;6]N<R]4;VU#;&%N8WEH86QL+VUE<W-A9V5S+SDT+FAT;6P\+V$^/"]P
5/@T*/"]B;V1Y/@T*/"]H=&UL/@T*
`
end
���������������������������������
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: Comparison of ECDLP vs. DLP
Date: Mon, 08 Jan 2001 19:29:41 GMT
DJohn37050 wrote:
> A security proof on ECDSA will be showing up shortly. It is interesting to
> note that in this case, the proof does not apply to DSA.
> Don Johnson
More information would be interesting. On what assumptions does the
security of ECDSA rest, with this proof?
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Linear analysis
Date: Mon, 08 Jan 2001 19:34:24 GMT
I've read a bit about linear analysis, and I want to attempt it on my
hypercrypt cipher, which is available at:
http://users.powernet.co.uk/eton/guest/beng/hypercrypt.txt
However, I'm having trouble seeing how to do so. I want to try and find
a break on reduced round (OROUNDS=1) version of hypercrypt, using either
the currently listed sbox (which is taken from TC5), or with the AES
sbox.
Both of the sboxen I'm considering are fairly nonlinear. I fail to see
how to even begin doing the linear attack on even the 4 round 16 bit
fiestel, let alone on the entire cipher.
The fiestel is 4 rounds since that is the minimum number needed to be
secure against differential analysis.
--
Power interrupts. Uninterruptable power interrupts absolutely.
[Stolen from Vincent Seifert's web page]
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: GOST 28147-89
Date: Mon, 08 Jan 2001 19:43:47 GMT
Tom St Denis wrote:
>
> In article <92r39t$3el$02$[EMAIL PROTECTED]>,
> "[Basic]" <[EMAIL PROTECTED]> wrote:
> >
> > "Tom St Denis" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
> > news:92qpg3$f3c$[EMAIL PROTECTED]...
> > > In article <92qmr2$q4n$06$[EMAIL PROTECTED]>,
> > > "[Basic]" <[EMAIL PROTECTED]> wrote:
> > > > Hi,
> > > >
> > > > I need some test values for the GOST 28147-89 algo. If anyone
> > > > could please encrypt a block of 8 {0} bytes with a key array of
> > > > 32 {0} bytes and the S-Boxes as followed in ECB mode.
> > > >
> > > > SBox_one 4,10,9,2,13,8,0,14,6,11,1,12,7,15,5,3
> > >
> > > This sbox has DPmaxs > 4.
> >
> > hu? what is DPMmaxs ?
>
> The xor-pair maximum for the first sbox is 6 not 4 like it should be.
> These are not really secure sboxes. I didn't test for SAC or BIC but
> I bet they wouldn't pass either.
>
> >
> > >
> > > I bet the rest do too.
> > >
> > > Did you pick these at random?
> >
> > No they where used by the russian central bank.
> >
> > I currently don't care about the design of the SBoxes. I need some
> > test values to check if the implementation works.
>
> Then what's the point? If the sboxes are weak who cares if it works?
Which is worse, a correctly implemented cipher with weak sboxes, and an
incorrectly implemented cipher with strong sboxes? Generating new
sboxes is easy. Finding and correcting implementation mistakes often
isn't.
There's no point in worrying about the strength of the sboxes if the use
of them is wrong.
--
Power interrupts. Uninterruptable power interrupts absolutely.
[Stolen from Vincent Seifert's web page]
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Linear analysis
Date: Mon, 08 Jan 2001 19:45:43 GMT
Subject:
Linear analysis
Date:
Mon, 08 Jan 2001 19:34:24 GMT
From:
Benjamin Goldberg <[EMAIL PROTECTED]>
Organization:
EarthLink Inc. -- http://www.EarthLink.net
Newsgroups:
sci.crypt
I've read a bit about linear analysis, and I want to attempt it on my
hypercrypt cipher, which is available at:
http://users.powernet.co.uk/eton/guest/beng/hypercrypt.txt
However, I'm having trouble seeing how to do so. I want to try and find
a break on reduced round (OROUNDS=1) version of hypercrypt, using either
the currently listed sbox (which is taken from TC5), or with the AES
sbox.
Both of the sboxen I'm considering are fairly nonlinear. I fail to see
how to even begin doing the linear attack on even the mixing component
(a 4 round 16 bit fiestel), let alone on the entire cipher.
The fiestel is 4 rounds since that is the minimum number needed to be
secure against differential analysis.
--
Power interrupts. Uninterruptable power interrupts absolutely.
[Stolen from Vincent Seifert's web page]
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Linear analysis
Date: Mon, 08 Jan 2001 19:47:20 GMT
I've read a bit about linear analysis, and I want to attempt it on my
hypercrypt cipher, which is available at:
http://users.powernet.co.uk/eton/guest/beng/hypercrypt.txt
However, I'm having trouble seeing how to do so. I want to try and find
a break on reduced round (OROUNDS=1) version of hypercrypt, using either
the currently listed sbox (which is taken from TC5), or with the AES
sbox.
Both of the sboxen I'm considering are fairly nonlinear. I fail to see
how to even begin doing the linear attack on even the mixing component
(a 4 round 16 bit fiestel), let alone on the entire cipher.
The fiestel is 4 rounds since that is the minimum number needed to be
secure against differential analysis.
--
Power interrupts. Uninterruptable power interrupts absolutely.
[Stolen from Vincent Seifert's web page]
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Fastest way to factor primes?
Date: Mon, 08 Jan 2001 19:47:20 GMT
In article <93bbgn$ktv$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <939s7n$gt0$[EMAIL PROTECTED]>,
> Simon Johnson <[EMAIL PROTECTED]> wrote:
> > In article <[EMAIL PROTECTED]>,
> > Steve Portly <[EMAIL PROTECTED]> wrote:
> > > What would be the fastest way to determine if 362,293,147 is
prime?
> > > Wouldn't a prime number sieve be the fastest method?
> > >
> > >
> > Just about the way you named this thread. To test wether a number is
> > prime you do not factor. Asking the question 'What are the factors
of
> N'
> > is different to asking 'Is N prime'. The complexity of factoring is
> > believed to increase expodentially with an increase in input size.
>
> Where did you get this misinformation?
>
> (1) It is not a matter of 'belief'. Noone 'believes' your statement.
The meaning of the word 'belief' was not aimed at the belief that this
was an expondential problem (the reason i used expondential is because
i was unsure or not about the actual difficultly of the problem), but
more wether the problem is hard or not. With this meaning, it is quite
proper to state that it is generally believed that factoring a
composite is a hard problem.
> (2) The complexity most certainly is NOT exponential, as we
> have algorithms that are faster than exponential.
Well if it isn't, i'm sorry for providing disinformation. But in
Applied Cryptography the NFS time estimate is given by the following
function, is this not an expondential function:
e^(1.923+0(1))(ln(n))^(1/3)(ln(ln(n)))^(2/3)
And if so, why not?
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "Bob Luking" <[EMAIL PROTECTED]>
Subject: Re: HMAC-MD5 problems
Date: Mon, 08 Jan 2001 20:20:15 GMT
Apologies from a crypto newbie. It is, of course a hash function, and I
should
have called it that.
Joseph Ashwood <[EMAIL PROTECTED]> wrote in message
news:eKflKr2dAHA.274@cpmsnbbsa09...
> I think you're a bit confused.
>
> > I've built. My MD5 stream cipher algorithm is thoroughly tested
>
>
> This is the beginning of your biggest problems. MD5 is not a stream cipher
> it as you said in the next line, a hash function. They are very different
> entities.
>
> > and working, but I' m not getting the proper digest out.
>
> > MD5 cipher block
I didn't mean "block cipher", I meant block of code running the hash.
Sorry for the confusion.
>
> Here's a similar problem, MD5 is not a block cipher, it's a hash function.
> Since you seem to be having problems with it, I'd recommend that you grab
a
> free version of the code (there are plenty), and make use of it.
Alternately
> you could have a look at RFC 1321 which details MD5 and is quite good at
it.
The original C code in RFC 1321 works quite well (with the repair of a
couple of small
typos). It was most useful in debugging the internal hash engine. And the
padding.
Bob
[EMAIL PROTECTED]
------------------------------
From: "Bob Luking" <[EMAIL PROTECTED]>
Subject: Re: HMAC-MD5 problems
Date: Mon, 08 Jan 2001 20:29:55 GMT
Thanks, Bryan. Its all working now.
Bob
[EMAIL PROTECTED]
Bryan Olson <[EMAIL PROTECTED]> wrote in message
news:935tqi$ltl$[EMAIL PROTECTED]...
> Bob Luking wrote:
> > I've encountered some problems running an HMAC-MD5 engine
> > I've built. My MD5 stream cipher algorithm is thoroughly tested
> > and working, but I' m not getting the proper digest out. I believe
> > that the packing order of my words into the inner engine is wrong.
>
> If your MD5 hash really is working, you can ignore the packing
> order when building HMAC from it. See what you get when you
> MD5-hash the byte sequence (given in hex):
>
> 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d
> 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36
> 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36
> 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36
> 48 69 20 54 68 65 72 65
>
> The correct answer is:
>
> 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb
>
> Those are the inputs and outputs for the "inner hash" in the
> given example. If that's not what you get, then your MD5 is
> bad. If that is what you get, then the problem is in your
> construction of the pre-image.
>
>
> Below is Python code for simple, single-call HMAC-MD5,
> HMAC-SHA-1, and generic HMAC. Both SHA-1 and MD5 are standard
> Python libraries.
>
>
> --Bryan
>
>
> |
> | import sha
> | import md5
> | import string
> |
> |
> | def xor_strings(s1, s2):
> | """Pass two strings of the same length; returns their
> | bit-wise exclusive or.
> | """
> | char_list = map(lambda x, y: chr(ord(x) ^ ord(y)), s1, s2)
> | return string.join(char_list, "")
> |
> | def hmac(message, key, hash_function, block_size):
> | """Generic HMAC, as per RFC 2104. The hash function must
> | follow the usual Python new..update..digest interface.
> | """
> | if len(key) > block_size:
> | key = hash_function.new(key).digest()
> | ipad = chr(0x36) * block_size
> | opad = chr(0x5C) * block_size
> | key = key + chr(0) * (block_size - len(key))
> | hash1 = hash_function.new(xor_strings(key, ipad))
> | hash1.update(message)
> | hash2 = hash_function.new(xor_strings(key, opad))
> | hash2.update(hash1.digest())
> | return hash2.digest()
> |
> | def hmac_sha1(message, key):
> | return hmac(message, key, sha, 64)
> |
> | def hmac_md5(message, key):
> | return hmac(message, key, md5, 64)
> |
>
>
>
> Sent via Deja.com
> http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (John Bailey)
Subject: Re: Idiots guide to Montgomery multiplication
Date: Mon, 08 Jan 2001 20:28:22 GMT
On Mon, 08 Jan 2001 11:37:51 GMT, [EMAIL PROTECTED] wrote:
>Hi,
>
>I need an idiots guide to montgomery multiplication, i have read
>numerous paper,thesis and web pages and i'm still no closer to sorting
>it out. I have a degree in electronics so i need something that
>doesn't go too deep into the maths...in fact i'm not that bothered
>abount the math i just need to know how to implemement one. I need a
>step by step guide on where each parameter comes from, how to calc
>them. I have noticed that the "mod" operator is used in many of the
>desciptions but i am tring to find a "mod" so..arrragggg..i don't
>know...please someone put me out of my misery...
Handbook of Applied Cryptography, chapter 14
http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf
quoting:
Montgomery reduction is a technique which allows efficient
implementation of modular multiplication without explicitly carrying
out the classical modular reduction step.
Let m be a positive integer, and let R and T be integers such that R >
m; gcd(m; R) = 1
Suppose x and y are integers such that 0 < x,y < m.
Let
x_ = xR mod m and
y_ = yR mod m.
The Montgomery reduction of x_y_ is xyR
(end quote)
There probably isn't any simple explaination available. If you are
really desperate, use:
multiply(p,h,m) /* Multiplies p by h modulo m. Leaves result in p. */
char *p, *h, *m ;
{ char *j, *k, *l ;
j = q + 225 ;
k = q + 240 ;
l = q + 255 ;
j = "0000000000000" ;
copy(xero,j) ;
copy(p,k) ;
copy(h,l) ;
while(strcmp(xero,l) < 0)
{ if(halve(l) == 1)
{ add(j,k) ;
mod(j,m) ;
}
add(k,k) ;
mod(k,m) ;
}
copy(j,p) ;
}
the h.files for which are at:
http://www.frontiernet.net/~jmb184/interests/sci.crypt/old_trunk/
Its not Montgomery but its purpose is the same.
John
------------------------------
From: digiboy | marcus <[EMAIL PROTECTED]>
Subject: Re: NSA and Linux Security
Date: Mon, 08 Jan 2001 20:37:29 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> If you have evidence of this (highly illegal) event,
> please send it to me and I'll see that an investigation
> is launched. Frankly I doubt that it occurred, but if
> it did the individual responsible should be prosecuted.
I can't see that happening... the proof or any investigation. I heard
that rumour too though, can't exactly place where, but I have a feeling
it was a book of some sorts. Perhaps... "The Code Book". *shrugs*
...oh, and maybe it wasn't an individual action. You can't really tell
when it comes to the intelligence agencies, there's lots of objectives
that any single person simply won't know.
Any person/group, civilian or otherwise, could try to get
investigations run on the NSA (or in my case the GCHQ) till we're red
in the face but nothing would come of it. Unless it touched a raw nerve
about security precausions, in which case noone would hear the results
anyway. Well, for a few decades.
I have very little doubt in my mind though that things like this would
occur. It makes sense under quite a few situations if you think about
it.
--
[ marcus ] [ http://www.cybergoth.cjb.net ]
[ ---- http://www.ninjakitten.net/digiboy ]
Sent via Deja.com
http://www.deja.com/
------------------------------
From: digiboy | marcus <[EMAIL PROTECTED]>
Subject: Re: Fastest way to factor primes?
Date: Mon, 08 Jan 2001 20:39:51 GMT
In article <[EMAIL PROTECTED]>,
Steve Portly <[EMAIL PROTECTED]> wrote:
> What would be the fastest way to determine if 362293147 is prime?
> Wouldn't a prime number sieve be the fastest method?
Already knowing the answer? ;P~
--
[ marcus ] [ http://www.cybergoth.cjb.net ]
[ ---- http://www.ninjakitten.net/digiboy ]
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Genomes
Date: Mon, 8 Jan 2001 20:08:04 GMT
Mok-Kong Shen wrote:
> Could you or someone else kindly give a good reference of
> Allan variance or a tiny summary of it?
http://www.allanstime.com/AllanVariance/
It's essentially a 2-point variance, used for oscillators.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: xor'd text file - Cryptanalyis of Simple Aperiodic Substitution
Date: Mon, 8 Jan 2001 20:13:49 GMT
Paul Pires wrote:
> ... To me, It seems that:
> *if you can make a stream cipher that breaks the locational relationship
> between ciphertext, state and plaintext. AND
> *if you can make a stream cipher that automagically authenticates. AND
> *if you can do these things without loosing the speed and simplicity
> advantages......
> Then, it might just be interesting.
Genuine stream ciphers (e.g. those long used by government)
often meet these requirements. It is only with the advent
of amateur cryptology that "stream cipher" has been confuted
with "XOR with a key stream". XORing with a key stream is
more properly designated as a "key generator" style of
cryptosystem, and its vulnerabilities are quite well known.
------------------------------
From: "Dobs" <[EMAIL PROTECTED]>
Subject: secure RNG
Date: Mon, 8 Jan 2001 22:03:46 +0100
I am looking for good random number generator which can be used in
cryptography, ( for example in key generating) . If anybody knows where I
can find such a secure generators implemented in C ( not in Visual C :),
Could You please write me back or send it to me. I need 3,4 or 5 such a
generators to compare. I would be greatful for help:))))
Best regards
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: NIST hmac fips
Date: Mon, 08 Jan 2001 13:14:07 -0800
Keyed-Hash Message Authentication Code (HMAC)
On January 5, 2001, NIST announced that a Draft FIPS for HMAC
(keyed-hash message authentication code) is available for public review
and comment.
http://csrc.nist.gov/cryptval/hmac.html
The HMAC specification in this draft FIPS is a generalization
of HMAC as specified in Internet RFC 2104, HMAC, Keyed-Hashing for
Message Authentication, and ANSI X9.71, Keyed Hash Message
Authentication Code.
http://csrc.nist.gov/cryptval/hmac/fr-hmac-200101.html
It wasn't obvious to me how the new HMAC spec differs from
RFC 2104. Anyone else notice?
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 08 Jan 2001 21:18:17 GMT
Subject: Re: NIST hmac fips
I notice that they say the key length is a min of L/2 and the output length is
L/2 where L is the hash output length. Is this a diff?
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 08 Jan 2001 21:19:22 GMT
Subject: Re: Comparison of ECDLP vs. DLP
I have not yet read the paper, just heard about it thru the 'net. It is on my
to be read list.
Don Johnson
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Need of very simple algorithms?
Date: Mon, 8 Jan 2001 21:38:57 -0000
"Robert Scott" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Sun, 7 Jan 2001 15:23:50 -0000, "Brian Gladman"
> <[EMAIL PROTECTED]> wrote:
>
> >
> >What does your 'handy user' have to do encryption with? If he or she has
> >anything more than their brain it may well be good enough to run AES.
> >
> >AES is simple enough to implement in mobile phones, in hand held devices
> >like the Palm Pilot (where it is already available) and in a number of
> >scientific calculators (e.g. TI86).
>
> If you want an application that could benefit from the best security
> but still may not have the resources to run AES, consider remote
> keyless entry. A generalized crack in a widely-used cipher could
> be of great interest to a car theft ring. But the market dictates
> that the keyfobs that implement this technology have to cost under
> $1 and generally have severe RAM and ROM limitations. Can you
> implement AES is a Microchip 12C508?
I have just looked up the spec of the 12C508 and My guess is that it is too
small for AES since it only has 25 bytes of RAM. However the 16C505 has 72
bytes of RAM and this suggests that AES might be possible in this device -
this would depend on the instruction set though (which I have not checked).
Brian Gladman
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Fastest way to factor primes?
Date: Mon, 08 Jan 2001 21:32:25 GMT
In article <93d5g4$4fl$[EMAIL PROTECTED]>,
Simon Johnson <[EMAIL PROTECTED]> wrote:
> > > is different to asking 'Is N prime'. The complexity of factoring
is
> > > believed to increase expodentially with an increase in input size.
> >
> > Where did you get this misinformation?
> >
> > (1) It is not a matter of 'belief'. Noone 'believes' your statement.
>
> The meaning of the word 'belief' was not aimed at the belief that this
> was an expondential problem
Huh? I quote from above:
"The complexity of factoring is believed to increase expodentially
(sic) with an increase in input size."
That is a pretty clear statement and directly contradicts your rejoinder
on its own merits.
>(the reason i used expondential is because
> i was unsure or not about the actual difficultly of the problem),
Then SAY THAT. Don't make a misleading mathematical statement!
> > (2) The complexity most certainly is NOT exponential, as we
> > have algorithms that are faster than exponential.
>
> Well if it isn't, i'm sorry for providing disinformation. But in
> Applied Cryptography the NFS time estimate is given by the following
> function, is this not an expondential function:
>
> e^(1.923+0(1))(ln(n))^(1/3)(ln(ln(n)))^(2/3)
>
> And if so, why not?
May I suggest that you study some math before making further
pronouncements? I am NOT saying "don't participate". I AM saying
"stop making mathematical pronouncements".
The complexity function clearly is not exponential! Why do you think
that it is? It certainly grows more slowly than e^x. Why is this
an issue?
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Frog2 <[EMAIL PROTECTED]>
Date: 8 Jan 2001 22:07:34 -0000
Subject: t
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: NIST hmac fips
Date: Mon, 08 Jan 2001 14:08:29 -0800
DJohn37050 wrote:
> I notice that they say the key length is a min of L/2 and the output length is
> L/2 where L is the hash output length. Is this a diff?
If that is the only difference, then I'd say the new fips is
more of a specialization than a generalization.
It looks like the output is at least 4 or L/2. So it could be a
full L bytes in the fips.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
