Cryptography-Digest Digest #831, Volume #13 Wed, 7 Mar 01 20:13:00 EST
Contents:
Re: => FBI easily cracks encryption ...? ("Mxsmanic")
Re: => FBI easily cracks encryption ...? ("Mxsmanic")
Re: => FBI easily cracks encryption ...? ("Mxsmanic")
Re: Encryption software ("Simon Johnson")
Re: Monty Hall problem (was Re: philosophical question?) (Adam Stephanides)
Re: Again on key expansion. ("Cristiano")
Re: Monty Hall problem (was Re: philosophical question?) (Adam Stephanides)
Re: How to find a huge prime(1024 bit?) (John Wasser)
Re: passphrase question (Gomez ADDams)
Re: Question re Asymmetric Encr'n ("Arnold Shore")
Re: => FBI easily cracks encryption ...? (Free-man)
Re: One time authentication (David Wagner)
Re: Problem with BBS implementation ("Tom St Denis")
Re: Cipher idea ("Tom St Denis")
Re: Cipher idea ("Tom St Denis")
Re: => FBI easily cracks encryption ...? (Matthew Montchalin)
hardwire prime & generator in Diffie-Hellman? ("Julian Morrison")
Re: => FBI easily cracks encryption ...? (Matthew Montchalin)
Re: hardwire prime & generator in Diffie-Hellman? ("Tom St Denis")
So far OT: British shows ("Daniel Johnson")
Creating serial numbers? ("Lior Messinger")
Re: hardwire prime & generator in Diffie-Hellman? ("Julian Morrison")
Re: One time authentication (D. J. Bernstein)
Re: hardwire prime & generator in Diffie-Hellman? ("Tom St Denis")
Re: Super strong crypto ("Douglas A. Gwyn")
Re: Keystoke recorder (Thomas Boschloo)
Re: Urgent DES Cipher source code !!!!! (Thomas Boschloo)
----------------------------------------------------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Wed, 07 Mar 2001 21:30:26 GMT
"kroesjnov" <[EMAIL PROTECTED]> wrote in message
news:985kmm$2sl7l$[EMAIL PROTECTED]...
> You might wanna know, that if you have the source
> code, it is very easy to write an exploit for the
> program/os.
Except that this isn't true. Some operating systems _really are_
secure, and having the source code only tells you just how secure they
actually are, and how little chance you have of compromsing them. Not
everything is written like Windows or UNIX.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Wed, 07 Mar 2001 21:30:29 GMT
"kroesjnov" <[EMAIL PROTECTED]> wrote in message
news:985kqj$2t2vd$[EMAIL PROTECTED]...
> But I don`t like to wait for it to happen either...
> Then it will be to late...
What is the likelihood that it will happen?
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Wed, 07 Mar 2001 21:34:15 GMT
"Jim D" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> ...and IBM was very active in helping Hitler to round
> up the Jews.
No more so than makers of pens and pencils.
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: Encryption software
Date: Wed, 7 Mar 2001 22:05:10 -0800
Curtis R. Williams <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Has anyone in this group (or elsewhere on the net) evaluated commonly
> available encryption software programs. I'm pretty good at spotting
> the obvius phonies, but there are many programs that look reasonable.
> Does anyone actually try and verify that algorithms are properly
> implemented?
PGP is as good as it gets, its free and open-source (this allows you to
check that the program does what its meant to). My advice is never buy a
program to which you don't have the source.
Simon.
------------------------------
Subject: Re: Monty Hall problem (was Re: philosophical question?)
From: Adam Stephanides <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Date: Wed, 07 Mar 2001 22:10:51 GMT
in article [EMAIL PROTECTED], Virgil at
[EMAIL PROTECTED] wrote on 3/5/01 5:15 PM:
> In article <980nk6$aor$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Arturo Magidin) wrote:
>
>>> Indeed. In the standard Monty Hall problem, the standard answer
>>> requires all of these assumptions:
>>>
>>> 1. The car is more valuable than the goats.
>>> 2. The car was equally likely to be behind any of the 3 doors.
>>> 3. After I pick a door, Monty always opens another door and shows me a
>>> goat.
>>> 4. In case I picked the door with the car, Monty is equally likely to
>>> open either one of the other two doors.
>>>
>
> I think that assumption 4 is unnecessary. If you have already picked the
> door hiding the car, it is irrelevant which of the other doors Monty
> picks, it is only necessary that he pick one of them.
No, Arturo Magidin is correct. Suppose that whenever you pick door 1 and
the car is behind door 1, Monty opens door 3. Then, as Fred Galvin pointed
out, if Monty opens door 3, it no longer makes a difference whether you stay
with door 1 or switch to door 2; your probability of winning is 50% either
way, as can easily be seen by constructing a table of the probabilities. If
the chances (in the situation above) of Monty's opening door 2 and door 3
are nonzero but unequal, then it pays to switch whichever door he open; but
now, once Monty opens door 3, the probability that the car is behind door 1
is no longer 33%. Of course, it remains true that P(car behind door 1|Monty
opens door 2)*P(Monty opens door 2) + P(car behind door 1|Monty opens door
3)*P(Monty opens door 3) = 33%.
Another way of putting it is that the standard argument depends upon the
fact that Monty's opening a door provides no information about whether or
not the car is behind the door you picked. If assumption 4 does not hold,
this is no longer true.
--Adam
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: Re: Again on key expansion.
Date: Wed, 7 Mar 2001 23:04:33 +0100
> I have an idea you might like, for making measuring things easier:
> instead of multiplying your 512 bit integer by a point, why not do an
> exponentiation of some primitive (3, I suppose), with a 512 bit modulo?
Sure, I like it! It's very fast! But I think this is a little dangerous. It
seems a kind of a BBS generator and it can degenerate to a very short period
(consider 8^3 mod 6). I can make the (slow) initializzation only once but I
think that it's better the SALEK's method.
> Anyway, it doesn't matter if you use sha as your hash, or point
> multiplications, or whatever else... as long as you use a method for
> which there are no shortcuts to do it faster, then the time it takes you
> to strengthen your key is the same as the time it takes the enemy to do
> the operation, and thus he has to do that much more work.
>
> Oh, and accurate measurements are everything!
Thank you very, very much for yours clear answers.
Cristiano
------------------------------
Subject: Re: Monty Hall problem (was Re: philosophical question?)
From: Adam Stephanides <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Date: Wed, 07 Mar 2001 22:20:39 GMT
in article [EMAIL PROTECTED],
Fred Galvin at [EMAIL PROTECTED] wrote on 3/5/01 12:54 PM:
> Let me repeat the question very slowly. The car may be behind door
> #3. If the car is behind door #3, it doesn't matter which door I pick,
> I get a goat either way. Therefore, in deciding between door #1 and
> door #2, it makes sense to disregard the possibility that I am
> choosing between two goats, and assume that I am choosing between a
> goat and a car. My *question* was: should the *decision* I make, based
> on the (right or wrong) *assumption* of a goat behind door #3, be any
> different from the decision I would make based on the certain
> knowledge of a goat behind door #3? (The answer, by the way, is no, of
> course not.)
But in the standard Monty Hall problem, you don't just know that there is a
goat behind #3. You also know that if there is a car behind #1, then Monty
could have opened door #2 but didn't. This knowledge changes the
probabilities, and it has no equivalent in your assumption.
--Adam
------------------------------
Subject: Re: How to find a huge prime(1024 bit?)
From: John Wasser <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,sci.math
Date: Wed, 07 Mar 2001 22:42:12 GMT
[[ This message was both posted and mailed. ]]
In article <985sua$[EMAIL PROTECTED]>, Gregory G Rose <[EMAIL PROTECTED]>
wrote:
> In article <[EMAIL PROTECTED]>, Dik T. Winter <[EMAIL PROTECTED]> wrote:
>> The premissa is: "there is a finite number of primes". Multiplying
>> them all together and adding 1 shows that the resultant number is
>> not divisible by any prime. Hence by the definition of prime it
>> must be prime, contradicting the premissa.
>
> I'm sure someone else has already pointed this
> out, but my news feed is flaky at the moment, so
> I'll chime in anyway.
>
> The number you get by multiplying all the primes
> together and adding one might not be prime itself;
> however, it must have prime factors which are not
> in the list.
But if you have multiplied ALL primes together there can't be any
"prime factors which are not on the list". The proof of an infinite
number of primes is based on the contradiction found when the
assumption of a finite number of primes is assumed.
I agree that it is confusing to say "the product of a bunch of primes
plus 1" is a prime when we can prove that it isn't necessarily so. It
is only 'true' when the bunch contain ALL primes which we are
attempting to prove is not possible!
Another way to say it that might be less confusing:
Given any list of primes, multiply them together and add one. You now
have a number that is not divisible by any of the primes in the list.
This number is either a prime itself or proves the existance of prime
factors that were not in the list. No matter how many primes are in
the list you can always prove that there is at least one more so the
total number of primes is infinite.
------------------------------
Subject: Re: passphrase question
From: Gomez ADDams <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Date: Wed, 07 Mar 2001 15:47:15 -0700
in article [EMAIL PROTECTED], Anonymous
at [EMAIL PROTECTED] wrote on 3/5/01 7:00 AM:
> I was thinking about using a decryption passphrase for software like PGP
> and the like that would consist of a very long string of characters like:
>
> ......aaaaaaaaaa$$$$$$$$$$$fffffffffffDDDDDDD5555
>
>
> I would remember the passphrase by just remembering there are 7 periods, 10
> a's, 11 $'s, 11f's, and 7 D's, and 4 5's.
...
> I know the security in public key encryption lies
> in the protection of the private key, and that long private key passphrases
> would make for a more secure system.
Actually, as I understand it, it is not the length of the passphrase, but
its entropy. And entropy _tends_ to increase with length. However, a very
long password with only a few characters in it (such as yours), would tend
to have lower entropy and therefore not be as good a passphrase to use.
I'm sure someone will correct me if I'm mistaken, and then you and I will
both learn something.
Incidentally, if I were planning a scheme to remember my passphrase, I
don't think I'd discuss it publicly.
- Gomez ADDams
.................................
I'm so good I don't have to brag.
------------------------------
From: "Arnold Shore" <[EMAIL PROTECTED]>
Subject: Re: Question re Asymmetric Encr'n
Date: Wed, 7 Mar 2001 17:54:43 -0500
Thanks, guys - the responses are appreciated. But, re " ... choosing a
random symmetric key to be used for CAST, and encrypting that using the ECC
public-key crypto."
How then is this symmetric key reconstituted at decrypt time, since only the
public key is used?
as
------------------------------
From: [EMAIL PROTECTED] (Free-man)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Wed, 07 Mar 2001 23:06:47 GMT
On Wed, 07 Mar 2001 21:30:29 GMT, "Mxsmanic" <[EMAIL PROTECTED]>
wrote:
>"kroesjnov" <[EMAIL PROTECTED]> wrote in message
>news:985kqj$2t2vd$[EMAIL PROTECTED]...
>
>> But I don`t like to wait for it to happen either...
>> Then it will be to late...
>
>What is the likelihood that it will happen?
He has a much better chance of being hit by lightning, drowning
in his bathtub, getting cancer or some other deadly disease, or
a million other bad things but don't tell him because he will
probably advocate for millions of more laws to protect himself.
Rich Eramian
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: One time authentication
Date: 7 Mar 2001 23:39:48 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Yes. Carter-Wegman authentication (universal hashing) provides
provable, perfect authentication, much like the OTP provides provable,
perfect secrecy. As with a OTP, you need large amounts of key material
(too large to be practical for most systems). There have been many
papers written on the subject.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Problem with BBS implementation
Date: Wed, 07 Mar 2001 23:52:02 GMT
"Dobs" <[EMAIL PROTECTED]> wrote in message news:985qa9$jmt$[EMAIL PROTECTED]...
> ok thanks for answer, maybe U can also tell me where can I find a source
> code of such a large prime numbers generator which can I use in this
program
> ::)))))))))))))
GnuMP and MPI are two good libs. MPI is far easier to use and install (and
is ANSI C). GnuMP is faster...
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Cipher idea
Date: Thu, 08 Mar 2001 00:02:52 GMT
"Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> This idea is rather similar to some of Terry Ritter and Tom Denis'
> ideas, but I'll post it anyway :)
>
> t(0..15) = data being enciphered
> k(0..15) = encryption key
> k(i) = k(i-1)^k(i-4)^k(i-15)^k(i-16) = round keys (0 <= i < 512)
> xtimes(z) = (z<<1) ^ ((z&0x80) ? (0x11b) : 0)
> s(x) = sbox with LP_max <= 1/4 and DP_max <= 1/8, and no fixed points.
> AES's sbox will do fine, or a random one made with Tom's sboxgen.
(shameless plug). Sboxgen is at
http://tomstdenis.home.dhs.org/src/sboxgen.c if you are interested.
> for r = 0..3: for i = 0..3: for j = 0..7:
> (a, b) = t(FFT(i,j))
FFT(i, j) as in a balanced mixer (like in TC2 and CS-Cipher)?
> off = r*128 + i*32 + j*4
> a = s(s(a^k(off+0))^k(off+1))
> b = s(s(b^k(off+2))^k(off+3))
You use a LFSR for the key gen so the round keys are linearly dependant...
> c = xtimes(a^b)
> t(FFT(i,j)) = (a^c, b^c)
> end for; end for; end for
>
> Number of rounds is chosen to be >2 (to avoid mitm attacks), and as a
> power of 2 (for aesthetics), giving a minimum of 4 rounds.
>
> Key scheduling is simply an LFSR with the order 16 polynomial (0,1,4,15,
> 16). This means that the cipher can work with very little extra RAM;
> very useful for limited memory architectures. Transforming the last 16
> bytes of round key into the starting key is a linear op, and easy to
> calculate. Also, for decrypting, I need to start with the last bytes,
> and run the LFSR backwards; also easy to do. Of course, if you've lots
> of memory, you just expand the key into a 512 byte array, and don't
> worry about such silly things.
Don't use the output of the LFSR directly... bad medicine.
>
> 0x11b is taken from Rijndael. I see nothing about it that makes it
> better than any other order 8 polynomial, except that I think it's
> primitive.
so is 0x169 :-) (my fav from Twofish)
> LP_max is chosen for security against linear analysis:
> (1/LP_max)^2x >= 256, x=2,
> 1/LP_max^4 >= 256,
> -4 lg LP_max >= 8,
> lg LP_max <= -2
> LP_max <= 1/4
>
> DP_max is chosen for security against differential analysis:
> (2/DP_max)^x >= 256, x=2,
> 2 lg 2/DP_max >= lg 256
> 2 (1 - lg DP_max) >= 8
> lg DP_max <= -3
> DP_max <= 1/8
>
> This makes the substitutions of a and b approximately SPRPs. I say
> approximate, since it's only differential and linear analysis that
> they're resistant to, not anything else. They are definitely vulnerable
> to dictionary attacks and brute force. They are probably vulnerable to
> related key attacks. However, since (I hope) attacking the substitution
> depends on getting at it in isolation, and (I hope) this is impossible,
> I'm not worried.
>
> Can anyone suggest any theoretical (or worse, practical!) attacks?
Can you describe the FFT function please?
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Cipher idea
Date: Thu, 08 Mar 2001 00:06:31 GMT
"Simon Johnson" <[EMAIL PROTECTED]> wrote in message
news:985ue2$k52$[EMAIL PROTECTED]...
> >They are probably vulnerable to
> > related key attacks. However, since (I hope) attacking the substitution
> > depends on getting at it in isolation, and (I hope) this is impossible,
> > I'm not worried.
>
> Making the round-key generator self-shrinking would remove the possibility
> of related key attacks. But of course, you'd have to store all the
> round-keys in arrays or something because you couldn't run the generator
> backwards.
This is time intense and doesn't preclude related keys (hint LFSRs are
linear so just make one that would make a similar stream!)
>
> > Can anyone suggest any theoretical (or worse, practical!) attacks?
>
> I can't suggest a break :)
>
> A quick question, if dpmax is low and using (2/dpmax)^x (where x is the
> number of rounds) is the plain-text requirement to exploit this dpmax....
if
> the number of plain-texts required is greater than the number in existance
> does this prove security against all diff attacks (like truncated
> differentials etc....)....
>
> Is the same true for linear cryptanalysis as well?
>
> Simon.
>
>
>
------------------------------
From: Matthew Montchalin <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Wed, 7 Mar 2001 16:03:57 -0800
On 7 Mar 2001, Richard Herring wrote:
|> I just think that safety from terrorists and foreign army`s weights
|> more me, then absolute privacy. This does not mean I do not want any
|> privacy...
|
|Your entire argument is based on a fallacy, a false dichotomy.
|The number of possible outcomes is not limited to two.
|
|You are assuming that if *you* give up *your* privacy, so will the
|terrorists and foreign armies. Is that a reasonable assumption?
When you put it that way, it all makes a whole lot more sense.
Of course, terrorists, and foreign intelligence agencies, and, heck,
domestic 'rogue' officers never give up any of *their* privacy. I
sure don't expect to be gaining anything by giving up mine.
------------------------------
From: "Julian Morrison" <[EMAIL PROTECTED]>
Subject: hardwire prime & generator in Diffie-Hellman?
Date: Thu, 08 Mar 2001 00:11:29 +0000
(preemptive warning: I'm cookbooking this from "the handbook of applied
crypto", openssl, and such; I am not by any stretch of the imagination a
mathematician)
1) What is the security implications of hardwiring in the prime/genrator
startup pair for DH key exchange? Does it compromise the protocol or is
it safe?
2) If it's safe to do this, does it become more safe the larger the prime
is?
------------------------------
From: Matthew Montchalin <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Wed, 7 Mar 2001 16:11:50 -0800
On Wed, 7 Mar 2001, CR Lyttle wrote:
|> TEMPEST "eavesdropping" is very resource intensive and not something
|> that's done at random. If that van's parked across the street, you
|> did something to bring it there.
|
|I've seen and built system for less than $100 that can read your
|monitor from across the street. Several countries have regular patrols
|checking, from the street, what their citizens are watching on TV or
|listening to on radios. (Does England still do that?). Such technology
|has been available for over 50 years. It just keeps getting cheaper.
What is the easiest way to screen yourself (that is, your screen)
from this sort of unwanted eavesdropping? If you have lots of screens
turned on, and lots of phone lines going, how can they tell which one
you are doing stuff with? Not that I do anything like that, of course;
my own premises are extremely clean, in a very legitimate sense. Of
course, in the next few days I will be heading to a big metropolitan
area to make a contact with someone who makes a contact with someone
else (or maybe I am just saying this because I am yanking their chain,
haha). But from a hypothetical situation, how would 'spooks' zero
in on the right monitor and right phone line?
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: hardwire prime & generator in Diffie-Hellman?
Date: Thu, 08 Mar 2001 00:27:42 GMT
"Julian Morrison" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> (preemptive warning: I'm cookbooking this from "the handbook of applied
> crypto", openssl, and such; I am not by any stretch of the imagination a
> mathematician)
>
> 1) What is the security implications of hardwiring in the prime/genrator
> startup pair for DH key exchange? Does it compromise the protocol or is
> it safe?
>
> 2) If it's safe to do this, does it become more safe the larger the prime
> is?
As long as it's a "strong prime" (i.e (p-1)/2 is a large prime) and large
enough it should be safe to use a single prime/generator for a slew of
users.
Tom
------------------------------
From: "Daniel Johnson" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: So far OT: British shows
Date: Wed, 7 Mar 2001 18:22:14 -0600
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
(cross posted)
Sam Simpson wrote in message ...
>(At the risk of extending the life of a wayyyyyyyyyyyyyy off topic
>thread ;)
>
>Out of interest, what British comedies do you guys get? More
>importantly, which of these do you think is funny? Which don't
>appeal?
(Yeah, it's incredibly OT, but so what? Think of it as a cultural
exchange...)
Locally (State of Oklahoma in the USA), we get "Keeping Up
Appearances", "Are You Being Served", "Time Goes On"(?), "One Foot In
The Grave", and "The Vicar Of [???]". The only one I have ever
watched with any regularity was the first on that list. The only
reason I stopped watching it every time it came on was they ran out of
new episodes. "Are You Being Served" and "One Foot In The Grave" are
too much like the common "sitcom of the season" drivel we get from
Califonia. I think they show a decent mystery series with Patricia
Rutledge (sp?) once in a while....
Through the modem, off the server, over the T1, past the frame-relay,
< < NOTHIN' BUT NET > >
Daniel Johnson
[EMAIL PROTECTED]
- -Remove N.o.S.p.A.m. and all dots but the obvious one to reply-
Public PGP Keys & other info: http://dannyj.come.to/pgp/
> > My news server "misses" posts occasionally. If I don't reply to <
> > < a question or something, please repost and/or e-mail me. < <
=====BEGIN PGP SIGNATURE=====
Version: 6.5.8.03ckt http://irfaiad.virtualave.net/
Comment: http://DannyJ.Come.To/PGP/
Comment: KeyID: 0xEAF19C50163E81EF
iQA/AwUBOqbQs+rxnFAWPoHvEQKecwCgkMPohCv6yHzFBoW5dgzdcO/jFeQAoPg5
/kQs2tCbSJQDmfFZHKaw6rQo
=MtAn
=====END PGP SIGNATURE=====
------------------------------
From: "Lior Messinger" <[EMAIL PROTECTED]>
Subject: Creating serial numbers?
Date: Sun, 4 Mar 2001 19:37:08 +0200
Hi,
I need to create a very large set of unique serial numbers (10-100
millions). The requirements:
1. No one can create but me
2. Minimum number of digits. In Hex its 7 Digits, I'd like to stick to that
How do I do it? We have only general knowledge of cryptography, so...
Thanks for _any_ info,
Lior Messinger
------------------------------
From: "Julian Morrison" <[EMAIL PROTECTED]>
Subject: Re: hardwire prime & generator in Diffie-Hellman?
Date: Thu, 08 Mar 2001 00:57:05 +0000
"Tom St Denis" <[EMAIL PROTECTED]> wrote:
> As long as it's a "strong prime" (i.e (p-1)/2 is a large prime) and
> large enough
If I use OpenSSL's DH setup for this, and then just dump out the prime so
I can later hardwire it in, will that fit the criteria above?
Also: how many bits of prime is minimum to achieve vs-government level
security?
> it should be safe to use a single prime/generator for a slew of users.
How many uses is "a slew"?
This is intended to be used as a handshake key-exchange on first meeting
someone in a peer-to-peer system I intend to become fairly ubiquitous. So,
whatever gets hardwired will get quite a lot of excercise.
------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Subject: Re: One time authentication
Date: 8 Mar 2001 00:55:20 GMT
Tim Tyler <[EMAIL PROTECTED]> wrote:
> I have not succeeded in locating further details of such a "perfect"
> signature scheme. Can anyone provide a pointer to something like this?
> Or offer a brief description?
http://cr.yp.to/hash127.html
http://cr.yp.to/hash127/faq.html
http://cr.yp.to/papers.html#hash127
---Dan
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: hardwire prime & generator in Diffie-Hellman?
Date: Thu, 08 Mar 2001 01:00:04 GMT
"Julian Morrison" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> wrote:
>
> > As long as it's a "strong prime" (i.e (p-1)/2 is a large prime) and
> > large enough
>
> If I use OpenSSL's DH setup for this, and then just dump out the prime so
> I can later hardwire it in, will that fit the criteria above?
I have no clue.
>
> Also: how many bits of prime is minimum to achieve vs-government level
> security?
"government level" doesn't exist. Just use a prime of atleast 1024 bits.
> > it should be safe to use a single prime/generator for a slew of users.
>
> How many uses is "a slew"?
>
> This is intended to be used as a handshake key-exchange on first meeting
> someone in a peer-to-peer system I intend to become fairly ubiquitous. So,
> whatever gets hardwired will get quite a lot of excercise.
A slew means under sqrt((p-1)/2).
Tom
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Thu, 08 Mar 2001 01:01:53 GMT
David Wagner wrote:
> k = DES_0(x) xor AES_0^{-1}(c)
Okay, by engineering the block function to have this property,
naturally you can exploit it without having to do much work.
It was never my intent to apply this new mode of operation to
inherently crappy block encryptions; the idea was to take a
"fairly good" system that might have unknown vulnerabilities to
sophisticated C/A and make it more nearly perfect by blocking
the most likely *general* practical avenues of attack. This is
similar to the intent of a standard mode of operation, except
the latter generally focuses on more specific attacks.
------------------------------
From: Thomas Boschloo <[EMAIL PROTECTED]>
Subject: Re: Keystoke recorder
Date: Thu, 08 Mar 2001 00:30:13 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Alberto wrote:
>
> It's seems that the easiest way to access encrypted data is to gain
> access to the target computer and install such device.
>
> Have you ever seen one of them? How does it look like? How can you
> defend yourself against this kind of attack?
You should use Chris Drake's patented Netsafe anti-keylogging
protection. It really works!! You can find it at
<http://www.ozemail.com/~netsafe> and it will protect against all known
and unknown key loggers both existing and in the future. It will also
make any software program tamper-proof! It really is great and at such a
low price you really get value for money!
There is a discussion about it going on in news:alt.security.pgp as we
speak, (and oh yeah, it will be broken next week, by me ;-)
Thomas J. Boschloo
Den Helder, Holland
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
iQB5AwUBOqa2cQEP2l8iXKAJAQGZ7gMZAT8YE7scad0RkRtc2AF3DG/+eazGd9OO
jM65h6YT9NlKCmhHU5qU8khDV6hUIWiMlMdy4OypvlOVLDLIWBtVxPMfY7v4tQPk
/fs2o2o+EX2FcvWRCHCBLLC9yDOyjhcBxJdzxA==
=2m+J
=====END PGP SIGNATURE=====
--
Jessica "I'm not bad, I'm just drawn that way"
------------------------------
From: Thomas Boschloo <[EMAIL PROTECTED]>
Subject: Re: Urgent DES Cipher source code !!!!!
Date: Thu, 08 Mar 2001 01:33:56 +0100
Latyr Jean-Luc FAYE wrote:
>
> I have tried that but I haven't found something revelant.
> I apologies for botherring you with my request.
> I thought that we were in a friendly and helpful environement
>
> Latyr
>
> "Sam Simpson" <[EMAIL PROTECTED]> a écrit dans le message news:
> G5sn6.122$[EMAIL PROTECTED]
> > If it's urgent, whu don't you pull your finger out and learn to using a
> > f*cking search engine..........
Des is an old Dutch work for 'from the'. It also is a word for 'The' in
German when combined with the second 'naamval' (dutch). So it doesn't
surpise me a 'beginners' search on 'DES' turned up only useless links.
Giving more terms worsens the situation on some search engines.
'Rijndael' should be a much better word for a crypto-algorithm. Much
better than names like 'mars', 'serpent', etc :-) Ever wondered why the
FBI called their tapping system 'carnivore' or the british called their
newest freedom restriction law 'RIP'. Makes you wonder, doesn't it ;-P
Thomas
--
Jessica "I'm not bad, I'm just drawn that way"
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
