Cryptography-Digest Digest #780, Volume #13 Fri, 2 Mar 01 14:13:01 EST
Contents:
Re: Will RIJNDAEL EVER HAVE BIJECTIVE MODES? (SCOTT19U.ZIP_GUY)
Re: => FBI easily cracks encryption ...? (Charles Lyttle)
Re: Will RIJNDAEL EVER HAVE BIJECTIVE MODES? (SCOTT19U.ZIP_GUY)
Re: Super strong crypto ("Douglas A. Gwyn")
Re: Text of Applied Cryptography (Paul Rubin)
Re: RSA Key Generation ("Roger Schlafly")
Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and Weep Boys
([EMAIL PROTECTED])
Re: Super strong crypto (SCOTT19U.ZIP_GUY)
Re: philosophical question? ("Douglas A. Gwyn")
Re: Rabin's Unbreakable Code ([EMAIL PROTECTED])
Re: RSA Key Generation ("Roger Schlafly")
test (br)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Will RIJNDAEL EVER HAVE BIJECTIVE MODES?
Date: 2 Mar 2001 16:28:48 GMT
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote in
<[EMAIL PROTECTED]>:
> I looked at various FIPS and RFC that may be implimented for
>the new AES cipher. My fear is that not even one fully bijective
>mode will be allowed.
> I thought people would at least look at Matt Timmermans cool
>implimentation of RIJNDAEL that is bijective. But it seems that
>the phony crypto gods are either to stupid to understand what he
>did or they don't want only those who kiss assed there way into the
I meant "do" not "don't" I reread what I wrote a few times but
unfortunatly I see what I wnat to see and not what I actaully wrote.
My dslexia is showing throw. I know that many say insulting the
so called crypto gods does not work. I guess that I never liked
kissing the ass of stupid people. Maybe if I played the game like
the dishonest FBI agent I could have gone far. Instead I have
always played fair (except poker lying part of game) and that
is why I never become a spy. However the idots in management
also seemed to wrongly think I was the type who could become
a spy. Maybe they think the honest smart people become spys
so they made people like me piss many times for Uncle and questioned
my closely during security briefs. Will the ass holes ever learn that
the real spys go to church and kiss ass to get into management.
Yes yes I know saying your not something makes one think you are.
I use to say at work that I was not the father of a single girl
having a baby. People imediately started spreading rumors that I
was the father.
Sorry for the rant. I hope rest of text was clear. If not
ask questions.
>closed group.
>
> For others of you out there in crypto land. Would it be nice
>to have a version of RIJNDAEL that handles all 8-bit binary files
>so that any file could be uniquely encrypted? And would it not
>be nice to have a encryption mode that can treat any file as
>an encrypted file. What I mean by this last statement is
>if one tests a worng key it can lead uniquely to file that when
>encrypted comes back to the same file.
>
> There are many methods that can do these transformations in a
>fully bijective way. You don't even need special modes of
>RIJNDAEL to make the concept work. You can even use it in ECB
>mode with full blocks only.
>
> The key is to convert any file to a "finitely odd file"
>then convert that back to the unque file of the desired block
>size. Then encrypt the file with standard RIJNDAEL.
>At which point you convert it back to "finitely odd file"
>and then convert that to 8-bit binary file.
>
> This is not that hard I can put all the intermediate programs
>on a page at my site. So user only needs the ECB full BLOCK
>RIJNDAEL code for middle stage.
>
>
> If one wants more security and likes the god of random
>one can even have more than one RIJNDEAL encryption and
>use my rotate file program with correct conversions so
>that more than one pass of RIJNDEAL occurs over randomly
>rotated files.
> If an enemy tries to test a wrong set of keys it will
>still be unique to a unique file and random values will be such
>that if you reencrypt and use random values that pop out with
>wrong key you get the same file back. It works for any 8-bit
>binary type of file.
>
>
>David A. Scott
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Charles Lyttle <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Fri, 02 Mar 2001 17:06:48 GMT
Mok-Kong Shen wrote:
>
> Frank Gerlach wrote:
> >
> [snip]
> > Physically securing a crypto device is always a precondition of good
> > security.
> > But don't expect the Palm to be any better than your PC. Someone could
> > use a flaw in the PalmOS and quietly suck some data from your Palm the
> > next time you put it into the cradle.
> > And if the Palm is used like a PC (with lots of third-party programs)
> > then there are a lot more opportunities...
> > And if you are absolutely paranoid, even hardware flaws could provide an
> > opportunity for attack.
>
> Maybe one has also to care electromagnetic emanations.
>
> M. K. Shen
Definately. It's not that difficult to build a Tempest like enclosure.
Line a small room with 2 layers of metal foil separated by 1/2" wood
laths. Use only battery powered lights and computers. But it might be
difficult to explain having one, especially in a country with no human
rights. Here in the US, we would just act like Mel Gibson.
--
Russ Lyttle
"World Domination through Penguin Power"
The Universal Automotive Testset Project at
<http://home.earthlink.net/~lyttlec>
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Will RIJNDAEL EVER HAVE BIJECTIVE MODES?
Date: 2 Mar 2001 16:59:43 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<LGPn6.5711$[EMAIL PROTECTED]>:
>
>"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> I looked at various FIPS and RFC that may be implimented for
>> the new AES cipher. My fear is that not even one fully bijective
>> mode will be allowed.
>> I thought people would at least look at Matt Timmermans cool
>> implimentation of RIJNDAEL that is bijective. But it seems that
>> the phony crypto gods are either to stupid to understand what he
>> did or they don't want only those who kiss assed there way into the
>> closed group.
>>
>> For others of you out there in crypto land. Would it be nice
>> to have a version of RIJNDAEL that handles all 8-bit binary files
>> so that any file could be uniquely encrypted? And would it not
>> be nice to have a encryption mode that can treat any file as
>> an encrypted file. What I mean by this last statement is
>> if one tests a worng key it can lead uniquely to file that when
>> encrypted comes back to the same file.
>
>Apparently you didn't read all the papers. The CTR mode can encrypt
>single bit files just as easily as 8-bit or 128-bit ones.
I just found a paper on the net talking about CTR mode. You
are correct if implimented correctly one could encrypt any length file
with it and any file could be considered an encrypted file.
However after reading it. I don't belive it is as secure
as some of the other modes. But I belive it will be the main
mode for AES in the future. What I was looking at was padding
schemes that are applied to other modes such as CBC or even ECB.
The main draw back I see with CTR mode is you have to send a
unique starting value with the encryption or else if two messages
sent with the exat same key and the same counter value then
knowing nothing about the key just having one plaintext file
and the coresponding cipher text file. You can trivally get
any message from other ciphertext files. Worse than that you
could modify the second message so that a phony message actually
gets sent to second person all without ever knowing the key
used. So it is ripe with potential dangers and something the
NSA would love people to use.
If I have missed something specail about it please comment back.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Fri, 2 Mar 2001 16:49:04 GMT
David Wagner wrote:
> Douglas A. Gwyn wrote:
> >If you can devise a practical attack on the example I
> >posted as "phase 2", I would appreciate hearing it.
> Actually, I already did that. See my previous post on
> chosen-plaintext/ciphertext attacks.
No, that attack assumed that one already had control over
what plaintext was transmitted *and* could read whatever
plaintext was deciphered on the receiving end. I maintain
that if you can do that then *no* method of encryption can
attain privacy; cryptanalysis isn't necessary in that case.
My concern is with the typical case where the enemy might
know that, say, 1048576 zero-valued PT bits have been
transmitted on a one-way channel since the initial use of
the key, the enemy has captured all of the corresponding
ciphertext, and starting with the next block a legitimate
non-zeros PT message will be sent, with the enemy still
monitoring the CT channel. What would it take to prevent
the enemy from reading any of that message, assuming that
the enemy has the best cryptanalytic team the world has
ever seen? This is a realistic scenario of great practical
importance, that is not adequately addressed by the vast
majority of published cryptologic literature.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: alt.anonymous.messages,alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography
Date: 02 Mar 2001 09:41:10 -0800
"Ryan M. McConahy" <[EMAIL PROTECTED]> writes:
> Where can I find the text of Applied Cryptography in text or MSWord
> format? I found it for Acrobat, but I'd wrather have it in something
> smaller...
There are PDF to text conversion programs around.
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: RSA Key Generation
Date: Fri, 02 Mar 2001 17:45:46 GMT
That is a good argument for showing the futility of choosing strong primes.
But it does not give an attack on Mike's F9 rule. About 3% of randomly
chosen prime pairs will satisfy his rule anyway.
"Jakob Jonsson" <[EMAIL PROTECTED]> wrote in message
news:97oibu$98c$[EMAIL PROTECTED]...
> I don't think this helps. If xp is close to yq for any known numbers x, y
> (not necessarily x=y=1), then you are in danger:
>
> For any x,y we have
>
> (xp+yq) - 2*sqrt(xyn)
>
> (xp+yq)^2-4*xyn
> = ----------------
> xp+yq+2*sqrt(xyn)
>
> (xp-yq)^2
> ~ ---------
> 2*(xp+yq)
>
> In particular, as soon as (xp-yq)^2 is smaller or not much larger than
> 2*(xp+yq), then you will be able to guess xp+yq and hence guess p and q.
> With your method, it may well be the case that 9p+15q will be close to
> 2*sqrt(135n), which is just as harmful as the case that p+q is close to
> 2*sqrt(n).
>
> Jakob
>
>
> "Michael Scott" <[EMAIL PROTECTED]> skrev i meddelandet
> news:isPn6.37330$[EMAIL PROTECTED]...
> > Its also good to keep p and q as far apart as possible.
> >
> > One way is to fix the top nibble of p as F and the top nibble of q as 9.
> > This "F9" rule doesn't reveal anything of practical use for
cryptanalysis
> >
> > Mike Scott
> >
> > "Mark Reed" <[EMAIL PROTECTED]> wrote in message
> > news:2cGn6.56062$[EMAIL PROTECTED]...
> > > Hi all !
> > >
> > > This is my first post (though you might say I'm a long time listener),
> so
> > > sorry if this has already been asked....
> > >
> > > In RSA key generation, 2 primes are found by getting random data and
> > setting
> > > the most and least significant bits are set to ensure the prime length
> is
> > > half the required modulus length and that it is odd. Then this is
> > checked,
> > > then the next candidate (say by adding two) until it is 'probably
prime'
> > > enough for use.
> > >
> > > If only the top bit is set, the key length may be one less than
> required -
> > > as an example for a 512 bit RSA key with
> > > p = 0x80......
> > > q = 0x80......
> > >
> > > then
> > >
> > > n = 0x40......
> > >
> > > My question is whether this is common practice, or if generally the
top
> > two
> > > bits of each prime
> > > (guaranteeing n > 0x90......)
> > >
> > > I suppose another possibility is that primes are generated until n is
> the
> > > required bitlength.
> > >
> > > Unless this method is used, isn't security compromised ? ie. n can be
> > less
> > > than the number of bits required or the top two bits of each prime are
> > known
> > > to be one.
> > >
> > > Thanks in advance,
> > >
> > > Mark.
> > >
> > >
> >
> >
>
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and Weep
Boys
Date: 02 Mar 2001 09:47:08 -0800
"Mxsmanic" <[EMAIL PROTECTED]> writes:
> <[EMAIL PROTECTED]> wrote:
>
> > Obviously any system which can transmit data down
> > a fiber can do so through empty space.
>
> That is not obvious to me. Fiber ensures a clear path from start to
> finish. An atmosphere does not.
"Empty space".
> > Because you can prove that even using relatively
> > insecure PRNGs you can still get provable security
> > by using them to index into a random source larger
> > than will fit into the eavesdropper's memory. That's
> > right, you can prove it. Surprised?
>
> If the random source is larger than the eavesdropper's memory, why do
> you need a PRNG at all? You can just start at any convenient point,
> because if your spook doesn't have a recording of the stream, he cannot
> reconstruct it, even if he knows where you started.
First, you would have to at least agree with the other party where to
start, which represents a shared secret. And if you're going to share
a secret you can make the eavesdropper's job much harder by using a
PRNG to spread your sampling out over a long period of time. If you
just grab a megabit for a pad from a terabit source that takes a
microsecond. If the eavesdropper happens to record that blip, you're
done for. But if you take samples from data over many hours and xor a
random subset together to form your pad, the eavesdropper has to
record that whole data period in memory. The PRNG lets you do this
and is a crucial element.
> Conversely, if your eavesdropper has enough memory to hold all the
> random bits, using a PRNG to pick a starting point will not help you.
Duh. The whole discussion is predicated upon the assumption that the
bit stream exceeds the memory capacity of the eavesdropper.
> And since the number of bits from which you can choose is constrained by
> time (you cannot use streams from the past, and you cannot index too far
> into the future to be practical), the amount that your enemy must
> memorize may well be quite manageable.
Right, or he might just break into your computer and find out what you
are recording, or he could torture you to extract your secrets. All
these issues are outside the scope of the discussion. Try to focus.
> > That's what is proven; read the papers (Maurer 97, Rabin 99).
>
> Where are they?
They are in the Crypto conference proceedings, available at a good
university library. Books, they're made of bound paper. You've
probably heard of them.
> > The shared secret can be of modest size, yet you
> > get far more security than that.
>
> The shared secret is either unnecessary or useless. As I've said above,
> if the bad guys have the entire bit stream, they don't need your key
> into that stream; they can just shift it back and forth until your
> message pops out--so keeping your key secret accomplishes nothing.
> Conversely, if they don't have your bit stream, then they'll never
> decrypt your message, even if you publish your starting point in the New
> York Times.
And using the shared secret magnifies the size of the bit stream they
need to save.
> There's another problem with this. It may be fine for real-time
> encryption and decryption, but what if you want to store encrypted data?
It doesn't walk the dog, either. Must be worthless.
> > So this scheme actually amplifies the security beyond
> > the size of the shared secret!
>
> The shared secret has nothing at all to do with security. The entire
> scheme depends on how much memory your opponent has. If he has enough,
> he'll crack your encryption, no matter what shared secret you use; if he
> doesn't have enough, he'll never crack your encryption, even if you make
> your "secret" key public.
You were the one claiming that an N bit shared secret could give you
only N bits of security:
: 3. Since the only secret key in this algorithm is the starting point in
: the stream, and since one must assume that any public portion of an
: algorithm is known to all in its entirety, one must assume that all the
: security of this algorithm resides in the secret key that gives the
: starting point of the random bit stream to use for encryption (and
: decryption). Blah, blah...
: Suppose the satellite broadcasts a million terabits per
: second. If the starting point can be anywhere within, say, a week, this
: equates to a key length of less than 80 bits. So cracking the
: encryption amounts to a brute-force attack against an 80-bit key.
Now you have reversed and claim that it has no effect on security.
Neither is correct, although your new position is closer to the truth.
You do need a certain size of shared secret in order to achieve
provable security; the PRNG has to be random enough.
Alpha
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Super strong crypto
Date: 2 Mar 2001 18:14:05 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in
<[EMAIL PROTECTED]>:
>David Wagner wrote:
>> Douglas A. Gwyn wrote:
>> >If you can devise a practical attack on the example I
>> >posted as "phase 2", I would appreciate hearing it.
>> Actually, I already did that. See my previous post on
>> chosen-plaintext/ciphertext attacks.
>
>No, that attack assumed that one already had control over
>what plaintext was transmitted *and* could read whatever
>plaintext was deciphered on the receiving end. I maintain
>that if you can do that then *no* method of encryption can
>attain privacy; cryptanalysis isn't necessary in that case.
>
>My concern is with the typical case where the enemy might
>know that, say, 1048576 zero-valued PT bits have been
>transmitted on a one-way channel since the initial use of
>the key, the enemy has captured all of the corresponding
>ciphertext, and starting with the next block a legitimate
>non-zeros PT message will be sent, with the enemy still
>monitoring the CT channel. What would it take to prevent
>the enemy from reading any of that message, assuming that
>the enemy has the best cryptanalytic team the world has
>ever seen? This is a realistic scenario of great practical
>importance, that is not adequately addressed by the vast
>majority of published cryptologic literature.
>
Doug I think it would be far better if the enemy was
not just transferring PT zero encrypted data. He should
be encrypting random data so that traffic much harder to
analyze. A special random packet that is not encrypted for
the random data could be used by the enemy as a start of message
indicater. That way the people sending the message could ignore
the data till the wake up packet sent. And the people trying
to analyze the continuous packets would have no knowledge of
when the random data stopped and real data started.
It would be a much harder thing to break. I would hope
the government is smart enough to do this kind of thing but
I doubt it.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: philosophical question?
Date: Fri, 2 Mar 2001 17:35:48 GMT
"Joe H. Acker" wrote:
> Maybe I am confused by the notion of randomness people seem to use on
> sci.crypt.
Not everybody contributing to sci.crypt is always right...
> If you take two events A and B as a sign for something, and
> the probability that A will occur is exactly one half, and the
> probability that A or B will occur is exactly one (no source of error),
> then the actual occurance of A or B will be truly random. This can be
> extended to an exact definition of randomness for any sign-system and
> channel under consideration, can't it?
Generally, probabilists start with a definition of "random variable"
as simply a function over a probability space with an associated
probability distribution function. The effect of the mathematical
operations amounts to drawing samples of the possible values for the
variable, with occurrence weighted according to the PDF. *Independent*
random variables are such that the sampling of each is not influenced
by *any*thing other than the corresponding variable's PDF. For a RNG
we usually require that successive outputs are samples of independent
random variables over identical probability spaces with identical PDFs.
The most useful, convenient, and intuitive distribution is the uniform
one, which in the case of bit-stream generators means the possible
values of 0 and 1 have equal weight (1/2) in the PDF. (Gaussian
distribution is another important case, for analysis of measurement
errors etc.)
> But here, people seem to use randomness in the sense of
> unpredictability, but that's something different. Why? Because if a
> TRNG happens to output 1 a few hundred times in sequence, which is
> quite inprobable but can happen, then there should be a high-probability
> that next time it will output a 0.
No, that's the Gambler's Fallacy. Each successive sample of a TRNG
is independent of all previous samples; its probabilities are
determined by the (unchanging) PDF and by nothing else.
> That's of course the reason why there's a limit in roulette, because
> otherwise you could use the well-known strategy to bet on odd, double
> the amount of money if you loose and bet it on even and so on, or
> start from the beginning if you win.
The reason for a limit to to ensure that the House can pay off any
winning bet, no matter how lucky the player gets. The doubling
strategy does not work; each play is expected to lose the standard
house percentage (5.26%), so when played a sufficiently large number
of times the expected loss is around 5.26% of the sum of all bets.
Another way of looking at it is that if you start with $1000 and
intend to keep playing until you end up with $1000000, the odds are
that you'll go bankrupt before reaching your goal.
> I've understood the original question in the way, wether there is a
> sign-system not invented by humans, that could be applied to true
> random sequences and convey some information (in the ordinary sense
> of "information"). I don't think so, but anyway, that's a religious
> question.
Only to the extent that the discussion becomes irrational. Any
countable set of distinguishable signs can be index-numbered and
used to represent information the same was as any conventional
sign system, although the *meaning* (and value) of the information
as judged by some human depends on the sign system. Signs as such
really have nothing to do with the issue of information content,
but rather with its interpretation. For example, I can encode any
integer in a base-64 system commonly used for embedding binary data
in e-mail sent via the SMTP protocol; this system uses digits and
letters of the English alphabet but does not have any meaning as
English language. Those characters just serve as a convenient set
of distinguishable symbols in terms of which we encode arbitrary
information.
> And you cannot even apply information theory to a true random
> sequence, if you have no clue about the sign-system used.
If you have evidence of the sequence, then sure you can deal with
it using standard information theory. If you mean that the entire
gamut of possible symbols aren't known, just those that appear in
the available sample, there is in fact a way to reliably estimate
the total size of the symbol set (due to Turing, Good, et al.)
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Rabin's Unbreakable Code
Date: 02 Mar 2001 10:26:29 -0800
Bob Harris <[EMAIL PROTECTED]> writes:
> I read an AP article in today's newspaper about a proof by Michael Rabin and
> Ynazhong Ding (aparently a Havard CS professor and a doctoral student) that
> can be used to "make a code indecipherable by even the most powerful
> computers."
That's amazing that you read about it today. I suggest that you get a
new newspaper.
> I searched the web, and this newsgroup, but haven't been able to find a
> reference to this proof. Does anyone here have any info about it?
It has apparently not been published. Perhaps it will be at
Eurocrypt. Rabin published at Crypto 99 an earlier version, and
Maurer had an earlier result at Crypto 97. The latter is available
on the web from
ftp://ftp.inf.ethz.ch/pub/publications/papers/ti/isc/wwwisc/CacMau97b.ps
and a link to the 99 Rabin paper is at
http://link.springer.de/link/service/series/0558/bibs/1666/16660065.htm.
Alpha
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: RSA Key Generation
Date: Fri, 02 Mar 2001 18:31:00 GMT
"Roger Schlafly" <[EMAIL PROTECTED]> wrote in message
news:e%Qn6.1$[EMAIL PROTECTED]...
> That is a good argument for showing the futility of choosing strong
primes.
> But it does not give an attack on Mike's F9 rule. About 3% of randomly
> chosen prime pairs will satisfy his rule anyway.
>
> "Jakob Jonsson" <[EMAIL PROTECTED]> wrote in message
> news:97oibu$98c$[EMAIL PROTECTED]...
> > I don't think this helps. If xp is close to yq for any known numbers x,
y
> > (not necessarily x=y=1), then you are in danger: ...
Sorry, I misinterpreted your comment. I guess the point of your message
was that the F9 rule is no safer than a CC rule or FF rule or any similar
rule.
You are right. Such rules might some technical convenience, but have no
crypto significance that I know of.
------------------------------
From: br <[EMAIL PROTECTED]>
Subject: test
Date: Fri, 02 Mar 2001 13:52:20 -0400
hi
I'm newbie.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
