Cryptography-Digest Digest #727, Volume #13 Wed, 21 Feb 01 04:13:01 EST
Contents:
Re: My encryption system..... ("Joseph Ashwood")
Re: Digital signature w/o original document ("Joseph Ashwood")
Re: Hardware RNG - Where can I order one? ("Joseph Ashwood")
Re: Ciphile Software: Why .EXE files so large ("Michael Brown")
Re: Super strong crypto (David Wagner)
Re: Shall you reach to Heaven to help the work of Angels to help those who want to
reach Heaven ... tell me the truth and I shall reach Heaven ... (Turd Fredericks)
Re: is "randomness" an information source? ("Joseph Ashwood")
Re: New unbreakable code from Rabin? ("Douglas A. Gwyn")
Re: New unbreakable code from Rabin? ("Douglas A. Gwyn")
Re: New unbreakable code from Rabin? ("Douglas A. Gwyn")
Re: MQV implementation ("Alexander Schmitt")
Re: Random number encryption ("Douglas A. Gwyn")
The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and Weep Boys (.)
Re: Super strong crypto ("Bryan Olson")
----------------------------------------------------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: My encryption system.....
Date: Fri, 16 Feb 2001 11:30:05 -0800
[comments inline]
"Keill_Randor" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> a one-pad cipher IS NOT
> the best system possible.
This is your first completely false statement. Firstly because you
apparently can't even write the name correctly, it is "One Time Pad" and
considering the fact that it is mathematically proven to be completely
unbreakable (under certain constraints), and the simple fact that you seem
incapable of defining your algorithm completely (more on that later), I find
it safe to say that you lack the education to judge that OTP is truly better
than whatever it is that you supposedly have.
> All data encryption is about is changing a piece of information into
another, in
> such a way as to allow you a) to get it back later, and b) stop any
> 'unauthorised' people finding out what it originally was.
You do seem to have this correct. However you are lacking in several other
areas. You have failed to address what abilities "unauthorized" people have.
This is a very important step in the process.
> The ULTIMATE
> solution, therefore, is to split a peice of information into two or more
> EXISTING (innocuous) peices of information that CANNOT INDIVIDUALLY BE
PROVEN
> TO BE ENCRYPTED..................
Actually this is called secret splitting, it is far from encryption, but
related.
>
> My system at it's best can do this, (Though I have no doubt that it will
be
> very difficult).
If your system isn't always at it's best then it is worthless.
>
> The by-product of this, is being able to turn ANY peice of information
into ANY
> peice of information, which again, makes it uncrackable. (And completely
screws
> up a lot of laws I know about).
Yeah, whatever. I think we saw an example of this before, see your challenge
and the OTP based response.
>
> At it's best, (if splitting it into two or more existing peices isn't
possible),
> my system can do a:
Problem #I lost count: You are redefining the best of your algorithm again,
not realizing that an algorithm does not have best in terms of results, it
either succeeds or fails. What you have created is a system.
>
> Compound, non-repeating, multiple solution, multiple key, multiple
algorithm,
> mutiple dimension, multiple depth, variable size encrypt, with multiple
phase
> and multiple direction encoding, and (optional) Multiple variable
ciphers....
I love it when people manage to throw every word they think is a buzzword
into a post. Let's break this apart:
Compound: <sarcasm>Now that's a brilliant observation, I bet no one would've
ever thought to make a compound cipher</sarcasm> Oh wait, that applies to
EVERY cipher above a vigenere (and arguably to the Vigenere)
non-repeating: MAJOR PROBLEM!!!!!! If it does not repeat then not all
possible inputs will decrypt
multiple solution: This is computer science not chemistry, multiple solution
simply does not apply
multiple key: WRONG!!!! what you have is a large key that is used in a
grossly inefficient way, otherwise you would recognize it as a single key
multiple algorithm: WRONG!!!!!! you have a single algorithm that is the
iterative application of multiple subalgorithms
multiple dimension: Clearly a misspelling what you meant was multiple
dementia, and it does not apply to the cipher
multiple depth: You really need to learn the lingo, there's no such thing as
depth in ciphers, except for maybe the depth of despair when you realize
that your "unbreakable" cipher is actually worthless
variable size encrypt: This one actually makes sense
multiple phase : this is an algorithm? or is it a light wave?
multiple direction encoding: in other words it has it's own built in
chaining mode. Please strip it out and publish the 2 separately
multiple variable ciphers (optional) : in an algorithm nothing is "optional"
except integrity checks. As to having a cipher with multiple variables,
that's pretty obvious, it has to have at least a key and data.
> Trust me, if I encrypted something with all of this attached, then NO-ONE
would
> ever crack OR solve it, without knowing EVERYTHING about it.
With all of what? Your pretend buzzwords?
> Still looking for a job..... (Any offers???). (I cannot drive though, and
I am
> currently broke...).
<sarcasm>Gee I can't figure out why</sarcasm>
> (P.S. If no-one else has what I have, does that make me King Cryppie???).
No, it means we hope you're not contagious
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Digital signature w/o original document
Date: Fri, 16 Feb 2001 13:07:03 -0800
[comments after]
"David Sowinski" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I am interested in generating a digital signature that can later be
verified
> without the original document. I recall coming across a homomorphic
> encryption/signature scheme awhile back, but cannot find much information
on
> it now. Does anybody know if this is possible?
I see no reason to suspect it is not possible. In fact a simple way that
sort of defeats the question through unusual means, is to generate a
signature of the signature, and keep the tuple {signatiure, signature of
signature} as the signature. However that sort of cheats.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Hardware RNG - Where can I order one?
Date: Fri, 16 Feb 2001 13:54:09 -0800
Unfortunately Intel made it rather clear that you can't tell from software
whether or not a system supports it. Apparently if the chip isn't present it
returns, umm, random data.
Joe
"Paul Rubin" <[EMAIL PROTECTED]> wrote in message
> Is there a simple way to tell if my mb supports this? It's a Thinkpad
> a20p laptop, PIII processor. Thanks.
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Subject: Re: Ciphile Software: Why .EXE files so large
Date: Wed, 21 Feb 2001 18:25:37 +1300
"Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Sundial Services wrote:
> >
> > VB is simply an excruciatingly bad interpreter.
> >
> > Usually, crypto primitives ARE written with optimizing compilers, with
> > some assembly for the heavy-duty bit-twiddling. But a DECENT
> > interpreter could certainly manage the job, at least for low-volume
> > encryption.
> >
> > >Paul Crowley wrote:
> > >
> > > "Michael Brown" <[EMAIL PROTECTED]> writes:
> > > > Isn't it effectively interpreted? I've never used Python, but after
seeing
> > > > the shocking performance of VB when you try to do anything fast I
have a
> > > > great suspicion of interpreted languages.
> > >
> > > Yes. From a performance point of view, Python would be a bad language
> > > to implement, say, Rijndael in.
> > >
> > --
> > ------------------------------------------------------------------
> > Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259
> > mailto:[EMAIL PROTECTED] (PGP public key available.)
> > > Fast(!), automatic table-repair with two clicks of the mouse!
> > > ChimneySweep(R): "Click click, it's fixed!" {tm}
> > > http://www.sundialservices.com/products/chimneysweep
>
>
> I just don't understand: don't you know that VB 6.0 has a full
> machine code compiler now? It generates native machine code
> executables. It is no longer an interpreted language. Of course
> you can still generate P-code. You have the option now: Pseudo
> code or native machine code executables.
>
> AS
It still can't compile properly, as in Pascal or C, because it doesn't know
in advance what the variable "a" is going to be used for. If you disassemble
the code you'll see it's just a heap of DLL calls ...
Michael
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Super strong crypto
Date: 21 Feb 2001 05:31:05 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Paul Rubin wrote:
>[EMAIL PROTECTED] (David Wagner) writes:
>> I assume familiarity with the modern theory of concrete security;
>> for background, see, e.g., [1] (especially Section 5).
>
>What's [1]?
Oops, sorry. I intended to point you to
http://www-cse.ucsd.edu/users/mihir/papers/gb.html
------------------------------
From: [EMAIL PROTECTED] (Turd Fredericks)
Subject: Re: Shall you reach to Heaven to help the work of Angels to help those who
want to reach Heaven ... tell me the truth and I shall reach Heaven ...
Date: Wed, 21 Feb 2001 06:10:15 GMT
On 20 Feb 2001 20:34:04 GMT, [EMAIL PROTECTED] wrote:
>
>Walking on the bridge to Heaven .... what was build by telling the truth and
>nothing but the truth ... you shall reach the light ... to fight those
>satanic forces that violate the Jehovah's Law and attack the Kingdom of ATOK
>(good) and so helping the forces of ALOK (evil) in the world of AGOD ... you
>as the agent of an Angel shall fight with others like you ...
>
>Markku (vladimireuru) from Tallahassee, Florida ... on the way to Heaven ....
>
>
> ----- Posted via NewsOne.Net: Free (anonymous) Usenet News via the Web -----
> http://newsone.net/ -- Free reading and anonymous posting to 60,000+ groups
> NewsOne.Net prohibits users from posting spam. If this or other posts
>made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
Somebody forgot his meds again :-(
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: is "randomness" an information source?
Date: Sat, 17 Feb 2001 21:44:07 -0600
"Daniel Ortmann" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Can someone clear this up?
Randomness can be viewed as an information source, especially in
cryptography, or more accurately it can be viewed as the output of an
information source. This is commonly referred to as a random source, or a
source of randomness. I agree with Gwyn, the paper by Shannon is a very good
resource in this direction, and if nothing else a very good resource to have
read if you will be dealing with anything regarding exchange of information.
A program like what you suggest your friend made is reasonable. It presents
a fixed filter based on the random input. Reading Shannon's paper will help.
A good example of this is e-mail, there is a substantial quantity of
randomness (aka entropy) floating through any busy mail gateway, the mail
gateway is itself a program, but it passes this entropy through without
alteration. In the same chain of entropy passing from one source to another
in e-mail, the originating user is the source of that entropy, if he/she
makes use of the rolls of dice to write that e-mail the processing will take
those rolls, translate them into ASCII characters, and transfer the
characters from one system to the next. At the other end what is received
cannot be considered pure entropy (we cannot guarantee that it has not been
read somewhere in the middle), however we can make a set of assumptions
stating that we assume that the information has not been read since it was
entered, or if read was not remembered, this makes the conversion from dice
rolls to ASCII to dice roll an entropy maintaining system. What your friend
has built may or may not apply to this model (I don't know what the program
does).
> Also, one other question: How do I best explain the difference between
the
> high information content of a message, each bit of which is described as
> "random", and the content of a message which was generated by a
meaningless
> random roll of the dice?
Actually from a randomness/entropy view there is no difference, just one has
the entropy more clouded than the other. If you were to take those dice
rolls and choose from a selection of papers, your choice of papers would
have the entropy of the dice rolls.
What seems to be causing the confusion, is the reading vs not reading of the
random data. As I'm sure you know, once data has been read and used (even
through remembering) it has no entropy, and this seems to be what you want
to say. That is one of the assumptions that your friends program makes, that
your friend probably hasn't thought of, but was your immediate response.
Joe
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: New unbreakable code from Rabin?
Date: Wed, 21 Feb 2001 07:56:02 GMT
Ichinin wrote:
> Dare i mention the syncronisation problem for both parties;
> i.e. do they need precicely tuned atom clocks?
Synchronization wouldn't be a big problem if the random-bit pool
were given suitable structure, such as serial-numbered packets.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: New unbreakable code from Rabin?
Date: Wed, 21 Feb 2001 07:57:34 GMT
Mok-Kong Shen wrote:
> So one has a huge public (truly) random bit sequence
> and it is the starting point of the segment which is
> used to encrypt ...
No, the key bits would not be contiguous. Their locations
would be determined by a mutually-keyed index generator.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: New unbreakable code from Rabin?
Date: Wed, 21 Feb 2001 08:00:54 GMT
Erwin Bolwidt wrote:
> I don't really see how launching a satelite for your private
> communications is more practical ...
I think it is envisioned that a single constellation of satellites
could broadcast the random bit streams for everybody in the world
to use (each channel its own subset).
------------------------------
From: "Alexander Schmitt" <[EMAIL PROTECTED]>
Subject: Re: MQV implementation
Date: Wed, 21 Feb 2001 09:02:31 +0100
>
> Which compiler are you using? some people have had problems with signed
> vs unsigned variables and the shift (>>) instruction. If it's a signed
shift
> the upper bits will all be set and it never clears (so you get an infinite
loop).
I am using the MS VC/C++ 6.0 Compiler and the MS VC/C++.NET Compiler on a
Pentium II (333 MHz) with W2K. I think this could be such a problem as you
have described.
>
> Check out GMP, MIRACL or freelip for large integer routines. Peter
Gutmann and
> Wei Dai also have nice crypto libraries which include large integer math
routines.
> so lots to choose from!
Thanks, I will check it.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Random number encryption
Date: Wed, 21 Feb 2001 08:08:47 GMT
John Savard wrote:
> On Tue, 20 Feb 2001 14:29:40 -0600, Taylor Francis <[EMAIL PROTECTED]>
> wrote, in part:
> >Can someone tell me why random number encryption isn't (seemingly) used
> >much?
> It's a big hassle getting all that key from point A to point B in
> advance.
Indeed, if you could deliver N bits of key securely, why not
just use that capability to send the N-bit message immediately.
------------------------------
From: . <[EMAIL PROTECTED]>
Subject: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and Weep Boys
Date: Wed, 21 Feb 2001 02:17:05 -0600
>From the article at:
http://www.nytimes.com/2001/02/20/science/20CODE.html?pagewanted=all
February 20, 2001
The Key Vanishes: Scientist Outlines Unbreakable Code
By GINA KOLATA
A computer science professor at Harvard says he has found a way to
send coded messages that cannot be deciphered, even by an all-powerful
adversary with unlimited computing power. And, he says, he can prove
it.
If he is right, and he does have some supporters, his code may be the
first that is both practical and provably secure. While there are
commercially available coding systems that seem very hard to break, no
one can prove that they cannot be cracked, mathematicians say.
In essence, the researcher, Dr. Michael Rabin and his Ph.D. student
Yan Zong Bing, have discovered a way to make a code based on a key
that vanishes even as it is used. While they are not the first to have
thought of such an idea, Dr. Rabin says that never before has anyone
been able to make it both workable and to prove mathematically that
the code cannot be broken.
"This is the first provably unbreakable code that is really
efficient," Dr. Rabin said. "We have proved that the adversary is
helpless."
Dr. Richard Lipton, a computer science professor at Princeton, who is
visiting this year at the Georgia Institute of Technology, said, "It's
like in the old `Mission Impossible,' where the message blows up and
disappears."
Someone who uses one of today's commercially available coding systems,
Dr. Lipton explained, uses the same key — mathematical formulas for
encoding and decoding — over and over. Eventually, they may be forced,
perhaps by a court order, to give up the key. Or the key may be
stolen. But with Dr. Rabin's system, the message stays secret forever
because the code uses a stream of random numbers that are plugged into
the key for encoding and decoding. The numbers are never stored in a
computer's memory, so they essentially vanish as the message is being
encrypted and decrypted.
"If someone walks into my office with a court order or if they put a
gun to my head they still could not read my conversations," Dr. Lipton
said.
In a sense, say some mathematicians and computer scientists, Dr. Rabin
may have solved the ultimate problem in cryptography, one that has
driven research for centuries: finding a provably unbreakable code
that is also practical. But, they say, the paradox is that the
discovery has come at a time of vigorous debate over whether such a
code will make much difference in keeping communications private.
Some say that a provably unbreakable code could have profound effects,
keeping secret messages secret forever. But others say that codes
today are already so good that there is little to be gained by making
them provably, rather than just probably, unbreakable.
For now, Dr. Rabin's idea is simply a scheme backed up by a
mathematical proof that he has been presenting to scientists at
seminars. No company is lurking in the background to sell it, and Dr.
Rabin says he has no commercial interests in it.
"I never commercialize anything," Dr. Rabin said. "I am not in that
business." Instead, he said, he did the work because it was a
challenge.
Dr. Rabin's idea is simplicity itself, at least in the world of
encryption. Previous coding methods rely for their security on the
limitations of computing power. They assume that if breaking a code
requires enough calculations, even the best computers will not be able
to do it.
But, Dr. Rabin said, there is no proof that such codes are secure.
Their security hinges on the belief that no one will find a shortcut
to doing the calculations. It is always possible that such a shortcut
exists, waiting to be discovered by a clever mathematician.
Dr. Rabin relies instead on the limits of memory banks in computers.
No matter how powerful a computer is, no computer can store an
unlimited amount of data. And yet that is what is required for an
eavesdropper to break his code.
The coding starts with a continuously generated string of random
numbers, say from a satellite put up to broadcast them or from some
other source. The numbers can be coming by at an enormous speed — 10
million million per second, for example.
The sender of a message and its recipient agree to start plucking a
sequence of numbers from that string. They may agree, for example, to
send a message, encoded with any of today's publicly available
encryption systems saying "start" and giving instructions on capturing
certain of the random numbers. As they capture the numbers, the sender
uses them to encode a message, and the recipient uses the numbers to
decode it.
An eavesdropper can know the mathematical formula used to encode and
decode, but without knowing the exact sequence of random numbers that
were used in the formula to send a particular message, the
eavesdropper cannot decode the message. And the only way to have that
sequence is to just happen to be storing numbers from the unending
stream at exactly the right moment.
If the eavesdropper, for example, had a secret way to decode the
message saying "start" and it took a minute to do the calculation
needed to decode it, it would be too late by the time the eavesdropper
got going. The sender and recipient would already have their string of
numbers and that string of numbers, once broadcast, could never be
retrieved. It would be infeasible to store the endless string of
numbers in any computer and so they are essentially gone forever.
Often, Dr. Rabin said, eavesdroppers will capture and store encoded
messages hoping to decode them at later, either when computers have
improved — making it easier to do the calculations to break a code —
or when the method for encoding and decoding is known, perhaps because
it has been stolen. But, he said, messages encoded with his system can
never be broken by these means because the random numbers used in
encoding and decoding are used once and are never stored.
"That is why I call it `everlasting security,' " he said.
Dr. Richard DeMillo, chief technology officer at Hewlett-Packard, said
that what interested him about the scheme was that it "reshuffles the
policy deck."
"Normally," he explained, "agencies put the burden of wiretapping on
the carrier." A telephone company, for example, would have to allow an
agency like the Federal Bureau of Investigation to listen in on coded
material. But with this system, the agency would still have the burden
of trying to capture the appropriate stream of random numbers, a task
that would be technologically infeasible.
Dr. Lipton also said the scheme could thwart law enforcement agencies.
"If I'm saying to you, `Buy 1,000 shares of I.B.M., I'm sure it's
going to go up,' " he said, "and if that was an insider trading
situation, five years from now the F.B.I. could go after you."
If the agency had the encrypted message in hand, it could demand the
key to read it, he said. But, Dr. Lipton said, if the random numbers
used to encode were used once and never stored, the agency would be
hamstrung. "It changes the ground rules," he said.
Dr. Lipton added that, as a computer scientist, he appreciated the
proof that the code could not be broken. "Michael's big contribution
has been the proof that the system actually works," he said. "It's one
of those things that sounds obvious but the mathematics is quite
hard."
Of course, what is good for those who want privacy may not be good for
law enforcement. Even the cryptography systems sold today are a
problem for the F.B.I. "Uncrackable encryption allows drug lords,
terrorists and even violent gangs to communicate about their criminal
intentions without fear of outside intrusion," the F.B.I. director,
Louis J. Freeh, told the Senate in 1998, according to a transcript
from the Federal Document Clearing House. "This type of encryption
also allows these same people to maintain electronically stored
evidence of their crimes beyond the reach of law enforcement."
Still, some computer experts said that while it might be interesting
in theory to have a provably unbreakable code, the practical
importance of Dr. Rabin's code may be minimal.
Some, like Dr. Dorothy Denning, a computer science professor at
Georgetown, and Dr. Cipher Deavours, a professor of computer science
and mathematics at Kean University in Union, N.J., said the code was
simply impractical for large messages. The larger the message, the
longer the string of random numbers needed to encode it, and the more
difficult it would be to send.
"It's a cute idea, but it's simply unmanageable," Dr. Deavours said.
Others, like Dr. Lipton, disagreed. "I think it is quite practical,"
he said. And Dr. Rabin insisted that computers would have no problem
with the encryption scheme, even with long messages that were sent
among a large group of people.
Beyond the question of whether the system would work in practice, some
question it because, they say, the role of cryptography in protecting
privacy has been overblown.
"If you think cryptography is the answer to your problem, then you
don't know what your problem is," said Dr. Peter G. Neumann, a
computer scientist at SRI International in Menlo Park, Calif.
Dr. Neumann explained that there are always ways to get around
cryptography barriers and that these methods have nothing to do with
breaking codes.
"It's like the voting machines," he said. "You'd like to have some
integrity in the electoral process and now folks are coming out of the
woodwork saying, `We have this perfect algorithm for privacy and
security.' "
But, he said, while the systems may use cryptography to make sure that
when someone touches a screen to vote, that vote is transmitted with
perfect security, who's to ensure the integrity of the person who
programs the computer?
"There is no guarantee that your vote actually goes into the computer
the way it looks on the touch screen," Dr. Neumann said. "What does it
take to buy a computer programmer? A couple of years' salary and a
house in the Cayman Islands?"
Bruce Schneier, who is founder and chief technical officer for
Counterpane Internet Security in San Jose, said that, as a scientist,
he liked the idea of a provably secure system. "Research like this
should be encouraged," he said. "But research is different from
engineering."
But in the real world, a burglar confronted by an impenetrable lock on
the front door may well go round to the back and just smash a window.
"I'm a cryptographer by trade," Mr. Schneier said. "And a provably
secure cryptosystem doesn't do me any good. We're putting a stake in
the ground and hoping the enemy runs into it and now we're arguing
about whether it should be one mile tall or two miles tall. It doesn't
matter. The enemy will walk around it," he added.
Dr. Robert Morris, a retired cryptographer who was chief scientist for
the National Security Agency, the nation's code-making and code-
breaking agency, also questioned the primacy of cryptography.
"As far as I can see, he seems to be correct — it's a provably secure
method," Dr. Morris said. "But does that mean no one can read it?
Nah."
He explained: "You can still get the message, but maybe not by
cryptanalysis. If you're in this business, you go after a reasonably
cheap, reliable method. It may be one of the three B's: burglary,
bribery or blackmail. Those are right up there along with
cryptanalysis in their importance."
Dr. Rabin said that just because there are other weaknesses in
communications systems, that did not mean that secure encryption was
not important.
It is as though medical researchers started arguing that there is no
need to find a cure for AIDS, Dr. Rabin said. After all, many more
people die of heart disease, and if you cure people of AIDS, heart
disease can still strike them.
"This is not a reason not to work on H.I.V.," Dr. Rabin said. "The
problem of H.I.V. is still important."
Dr. Morris said that even though the actual breaking of codes might
not be necessary to read encrypted messages, Dr. Rabin's method could
have an effect. "In a sense, what it does is shift the emphasis from
cryptanalysis to some other sort of attack," he said.
------------------------------
From: "nospam"@"nonsuch.org" ("Bryan Olson")
Subject: Re: Super strong crypto
Date: Wed, 21 Feb 2001 08:20:35 GMT
Douglas A. Gwyn wrote:
>Bryan Olson wrote:
>> Is "natural lifetime" some property of a key?
>
>No, it's a property of the encryption method.
>Surely you know? that real symmetric-key systems
>require the key to be changed at intervals calculated
>to resist cryptanalysis.
Can you provide a citation for "natural lifetime"? How do
you determine it for, say, RC4, Rijndael or RSA?
The key changes in real systems are there to limit the damage
from exposed keys; keys are changed long before any known or
suspected cryptanalytic attack could break the system.
--Bryan
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
