Cryptography-Digest Digest #965, Volume #13 Wed, 21 Mar 01 20:13:01 EST
Contents:
Re: How to eliminate redondancy? (SCOTT19U.ZIP_GUY)
Re: SSL question (Anne & Lynn Wheeler)
Re: SSL question (those who know me have no need of my name)
Re: A future supercomputer (Mok-Kong Shen)
Re: A future supercomputer ("JCA")
Re: Most secure way to add passphrase verification to "CipherSaber" (Joe H. Acker)
Re: A future supercomputer (Anne & Lynn Wheeler)
Re: Applied Cryptography Source Disk ([EMAIL PROTECTED])
VB3 crypto (Ryan M.McConahy)
Re: RC4 test vectors after gigabyte output?. (Luis Yanes)
Re: Idea ("Joseph Ashwood")
Re: SSL question ("Joseph Ashwood")
Re: Algebraic 1024-bit block cipher ("Jimi Thompson")
Re: Security of Triple-DES ("Joseph Ashwood")
Re: Fast and Easy crypt send ("Joseph Ashwood")
Re: Strong Primes ("Joseph Ashwood")
Re: How to eliminate redondancy? (moving steadily towards being computer (Steve
Portly)
Re: RC4 test vectors after gigabyte output?. (Luis Yanes)
Re: NSA in the news on CNN ("Douglas A. Gwyn")
Re: Most secure way to add passphrase verification to "CipherSaber" (Paul Rubin)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: How to eliminate redondancy?
Date: 21 Mar 2001 21:52:04 GMT
[EMAIL PROTECTED] (Benjamin Goldberg) wrote in
<[EMAIL PROTECTED]>:
>Given a general purpose (bijective, nonpermutative) compressor whose
>domain is the set of all files, but whose range is a proper subset of
>the set of all files, and... Given a general purpose (bijective,
>permutative) encipherer whose domain is the set of all files, and whose
>range is also the set of all files.
>
>We can create a system which compresses and the encrypts, and it will
>have the following properties:
>
>The domain of the system is the set of all files, and the range of the
>system is the set of encrypted versions of those files which the
>compressor outputs.
>
>Now that the domain and range of the combined compress + encrypt system
>are both defined, it is easy to see that it is a bijection. It is also
>easy to see that it is not a permutation, since the range of the system
>is a proper subset of the set of all files, and thus not equal to the
>domain.
Your the one who choose the word perutation. And yes it sounds
like your describing my idea of how compression with encryption should
be done.
For set set of real files ( maybe your proper subset if inifinte )
let X be a member of that set S1. let S2 be the set of all binary
8-bit byte files. let Y be a memmber of that set.
then if the compressor for any X has Uncompress( Compress( X )) = X
and for any file Y having Compress( Uncompress( Y )) = Y
and since your doing fully bijective encryption on S2 to S2 by the
encryption part.
The two in series make for a fully bijective compression encryption
scheme and that is what I am striving for. Bijective Compression that when
properly mated to a bijective encryption process if done correctly can
make this happen.
snip rest of dribble!!
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
Subject: Re: SSL question
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Wed, 21 Mar 2001 22:06:41 GMT
Paul Rubin <[EMAIL PROTECTED]> writes:
> Normally the definition of a client and a server is that the client
> initiates sessions. If you're saying you want a remote site to
> initiate a session on a user's PC, no problem. You install a server
> program on the user's PC and a client program on the remote site.
>
> If you're just trying to periodically update data in a browser, then
> the usual way is to use the html meta tag to refresh the data once
> a minute, or else do something similar with javascript. That's
> completely independent of SSL and can be done with or without SSL.
note however, most server software (i.e. software that accepts
connections from remote sources) are typically cleansed from personal
machines since they frequently are avenues for exploits ... and most
users aren't nominally sophisticated enuf to securely manage platforms
containing software that accepts connections from remote
clients. There is frequently also questions about client software that
initiates sessions from a user's machine without direct end-user
action.
--
Anne & Lynn Wheeler | [EMAIL PROTECTED] - http://www.garlic.com/~lynn/
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: SSL question
Date: Wed, 21 Mar 2001 22:37:35 -0000
<E3B0C971A11DD511A68D0000E830AEE3746C@ZAPTECHSERVER> divulged:
>but SSL can be used for other purposes can't it?
you can use it for more than "e-commerce," but you cannot use it for
more than securing a comminucations channel, since that is all it does.
>My need is for a server to be able to initiate a session with a client
>also in order to update data on its clients. Can SSL facilitate this?
no, wrong kind of protocol, and it has no "logic" by which the decision
to accept a connection (much less to wait for it in the first place).
you can use/install a control or applet, or use javascript, client
refresh, or server "push."
server push does not establish a connection to the client. the client
doesn't close the connection to the server, and the server continues to
deliver data as and when necessary. this method is deprecated.
i suggest an applet or control.
--
okay, have a sig then
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A future supercomputer
Date: Wed, 21 Mar 2001 23:50:48 +0100
JCA wrote:
>
> "Mok-Kong Shen"<[EMAIL PROTECTED]> wrote:
>
> > Computing power is ONE of the fundamental requirements. If everything
> > else is solved in theory, without the computing power to do that is
> > futile, like one understands perfectly how a rocket works but without
> > the required fuel. With more computing power, one can try algorithms
> > that would otherwise be impossible. (See e.g. simulation of nuclear
> > explosions, which was why the ASCIs were built.) M. K. Shen
>
> Let me turn your analogy upside down - in order to actually launch a
> rocket one must be able to build a fuselage first. But just having this skill
> without knowing the physical principles on which rockets are based will
> take one nowhere fast.
>
> The same with raw computing power and the human brain. Humongous
> horsepower is probably a relatively minor part of the solution, and hence
> my belief that ASCI and Blue Gene are not likely to change things at all in
> this respect.
If I understood you arguments correctly, your point
is that one should first do good researches to understand
the fundamental problem of how the brain works, for without
that understanding mere computing power is of no use. But
such researches are themselves dependent on computers! One
has till this day yet only some plausible theories and
speculations about the brain. One of the apparently
promising ways of study is to try out some theories via
computer simulations. The brain is an extremely huge and
complex network of neurons with a large computing power
potential. In order to carry out such work one needs
correspondingly large computing resources. Isn't that
logical? Note that I was not saying that with a big
supercomputer a success is guaranteed but that without
taking a first step of building such a machinery it is
entirely hopeless of ever achieving the goal (of building
a machine with high 'intelligence'). If you think that
computing power is unessential, let me first remark that
the design of modern computers itself is dependent on
the availability of large computing power. What would the
diverse fields of natural sciences of today have been, if
we hadn't had a large number of fast and comparatively
cheap processors? The first computer I used was very very
slow compared to those of the current time. At a later
time point I was fascinated, as I first used a PC of 16
MHz, for it was very fast compared to the old one. Do you
think that there would have been space flight or results
like the Human Genome Project or even the good (though
not yet satisfactory) weather forcasting, etc. etc., if
the availability of computing resources had stopped at
that stage and all what one has today were a rather small
number of computers comparable in power to the 16 MHz PC
that I once had?
M. K. Shen
------------------------------
From: "JCA" <[EMAIL PROTECTED]>
Subject: Re: A future supercomputer
Date: Wed, 21 Mar 2001 14:41:41 -0800
In article <[EMAIL PROTECTED]>, "Anne & Lynn Wheeler"
<[EMAIL PROTECTED]> wrote:
> the counter argument is that huge amounts of excess, disposable
> resources result in all sorts of new innovation. lots of innovation is
> going on with computers in the past ten years that wouldn't have
> happened in the 60s .... in large part because of the lack of computer
> resources.
Innovations that, by and large, people already knew how to do, but
lacked the necessary resources. Which is not the case when it comes
to artificially reproducing the capabilities of a human brain - not only
we probably don't have the minimum resources for it yet but, far more
crucially, we also don't have a clue how to begin to do it. The big huge
amounts of computing power looming in the horizon are not likely to give
us such clue on their own.
------------------------------
From: [EMAIL PROTECTED] (Joe H. Acker)
Subject: Re: Most secure way to add passphrase verification to "CipherSaber"
Date: Thu, 22 Mar 2001 00:07:18 +0100
John L. Allen <[EMAIL PROTECTED]> wrote:
> I wanted to avoid having to hash the entire plaintext, which was why
> I was limiting it to the first 64 bytes.
How about
IV, E(CRC32(H(CRC32(msg)))), E(msg)
a checksum mechanism reduces bandwith. But maybe
IV, E(CRC32(H(msg))), E(msg)
isn't much slower. Perhaps a faster checksum mechanism like Adler would
do as well. Of course, this check can sometimes fail, but that's usually
not a big problem.
Regards,
Erich
------------------------------
Subject: Re: A future supercomputer
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Wed, 21 Mar 2001 23:16:45 GMT
"JCA" <[EMAIL PROTECTED]> writes:
> Innovations that, by and large, people already knew how to do, but
> lacked the necessary resources. Which is not the case when it comes
> to artificially reproducing the capabilities of a human brain - not only
> we probably don't have the minimum resources for it yet but, far more
> crucially, we also don't have a clue how to begin to do it. The big huge
> amounts of computing power looming in the horizon are not likely to give
> us such clue on their own.
and the counter example is a lot of people doing aha's after viewing
various digital visualization processes that weren't generally
available (or available at all) 20 years ago ... not purely limited to
how do computational operations occur ... but also about how lots of
other things in the world happen. The other area is correlation and
regression processing of huge amounts of data ... uncovering
non-intuitive relationships between various cause and effect.
And while both of the above ... digital visualization and correlation
& regression processing have been applied to large number of different
areas of discovery ... they've also been used specifically in the area
of brain research and activity (i.e. lots & lots of digital recording
of brain physical operation ... and then being able to various sorts
of analytical studies as well as digital visualization of the
information).
--
Anne & Lynn Wheeler | [EMAIL PROTECTED] - http://www.garlic.com/~lynn/
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Applied Cryptography Source Disk
Reply-To: *
Date: Wed, 21 Mar 2001 23:19:15 GMT
On Wed, 21 Mar 2001 21:09:02 +0100, "Stevan Gostojic"
<[EMAIL PROTECTED]> wrote:
>I was wondering if it is possible to find the source code from the book the
>on the Web?
ftp.zedz.com
cd...
/pub/crypto/applied-crypto
------------------------------
From: Ryan M.McConahy <Use-Author-Address-Header@[127.1]>
Date: 21 Mar 2001 23:31:55 -0000
Subject: VB3 crypto
Hello,
I was wondering, where can I get a crypto library/program/DLL for Visual
Basic 3?
Thank-you.
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
------------------------------
From: Luis Yanes <[EMAIL PROTECTED]>
Subject: Re: RC4 test vectors after gigabyte output?.
Date: Thu, 22 Mar 2001 00:55:30 +0100
On Wed, 21 Mar 2001 18:01:36 -0000 [EMAIL PROTECTED] (those who
know me have no need of my name) wrote:
><34Nt6.90673$[EMAIL PROTECTED]> divulged:
>
>>If your implementation matches for about a kb or so then I think you can be
>>assured it's ok.
>
>are you sure about that?
The available test vectors I've found are even much shorter than that.
Really don't mind much about it, but just was surprised that wasn't
published.
>>> 73's de Luis
>>
>>Amateur radio dude?
>
>>>Ampr: eb7gwl.ampr.org
>
>$ whois ampr.org
>[...]
>Amateur Radio Digital Communications (AMPR-DOM)
>[...]
Yes. But I'm asking for curiosity not for any amateur radio application,
although I've just wrote some lazy code with it for authetication
purpouses, that probably nobody should use.
73's de Luis
mail: melus0(@)teleline(.)es
Ampr: eb7gwl.ampr.org
http://www.terra.es/personal2/melus0/ <- PCBs for Homebrewed Hardware
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Idea
Date: Wed, 21 Mar 2001 15:36:23 -0800
To translate (since you are obviously either new to newsgrouos, the
internet, or playing dumb), "those who . . . ." wants you to stop switching
the e-mail address you are coming from. This will allow him to set his
newsreader to simply ignore everything you say. It's a very useful feature
when someone demonstrates that their only purpose in a newsgroup is to waste
bandwidth. Since you are being uncooperative about it, he is prepared to
block all of netcom.ca simply because he finds your posts that useless (at
least useless enough to block all the other posters from netcom.ca). I'm
sure you're addresses have made it into several killfiles.
Joe
"amateur" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> ????????????????
>
>
>
> those who know me have no need of my name wrote:
> >
> > <[EMAIL PROTECTED]> divulged:
> >
> > >I'm not using a secret algorithm.
> >
> > will you please keep a single from header. i really don't want to
> > killfile all of netcom.ca. thank you.
> >
> > --
> > okay, have a sig then
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: SSL question
Date: Wed, 21 Mar 2001 15:45:55 -0800
There are two ways that are immediately obvious for this:
1) The server contacts the client to tell it to initiate a connection (e.g
S->C(UDP-like connection): Update available
C:open tcp connection to server
C/S negotiation
.....
)
2) The client accepts SSL connections and you use the client-auth feature of
SSL to verify the server identity.
Either of those should work for most situations.
Joe
"Patrick Knight" <[EMAIL PROTECTED]> wrote in message
news:E3B0C971A11DD511A68D0000E830AEE3746C@ZAPTECHSERVER...
> I am reading about SSL and it seems that any transaction using SSL is
> initiated by the client. For e-commerce I guess I can understand this
> but SSL can be used for other purposes can't it? My need is for a server
> to be able to initiate a session with a client also in order to update
> data on its clients. Can SSL facilitate this?
>
> Thanks,
>
> PK
>
>
> --
> Posted from [63.115.79.131]
> via Mailgate.ORG Server - http://www.Mailgate.ORG
------------------------------
From: "Jimi Thompson" <[EMAIL PROTECTED]>
Crossposted-To:
alt.computer.security,alt.security,alt.security.pgp,comp.security.misc,de.comp.security.firewall,de.comp.security.misc
Subject: Re: Algebraic 1024-bit block cipher
Date: Wed, 21 Mar 2001 18:20:53 -0600
Why not just hire Zixit (www.zixit.com) to handle this for you? They
already do this and besides you need to make sure that you aren't infringing
them.
HTH,
Jimi
Alexander Ernst <[EMAIL PROTECTED]> wrote in message
news:98supd$jrk$[EMAIL PROTECTED]...
> An objective of this cipher is to use
> pure finite group algebra for encryption and decryption.
> In this design we do not use permutations or XOR
> operations. Performance of this implementation is
> approximately 4,8 Mbyte/sec. Measured avalanche
> effect is 49,7%. Block size is 1024 bit or 128 bytes.
> Secret key length is 256 bytes. We use finite group
> of the order 65536. Elements of the group are words
> (2 bytes). So we call this word architecture.
>
> 128 byte block consists of 64 words. Each word is
> considered to be an element of group of order 65536.
> In our implementation we use two round approach.
> Two groups Group1 and Group2 are derived from the
> secret key. A plain text block is encrypted first
> using Group1 and then using Group2. Cipher block is
> decrypted first using Group2 and then using Group1.
>
> Delphi source code and description in pdf are
> available for download at www.alex-encryption.de.
> Please, follow the link for algebraic cipher
> at the end of download list.
>
> Regards.
> Alex
>
>
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Security of Triple-DES
Date: Wed, 21 Mar 2001 15:46:12 -0800
Any attack on DES can be used on triple-DES, the only problem is that none
of them are of any use, generally they would require knowledge of more
unique outputs than the entire codebook. As of right now the best attacks on
3DES hover at around 2^90 work, which is far outside the realm of possible
success.
Joe
"Arne Baltin" <[EMAIL PROTECTED]> wrote in message
news:995cqo$8om$[EMAIL PROTECTED]...
> Hi experts,
>
> once more: how secure is the Triple-DES?
> I think an attack against (single-)DES with
> known plaintext of length 2^43 in 1994 succeeded.
> Is there an analogy to Triple-DES?
> I hope someone will answer me.
>
> Thanks,
> Arne Baltin
>
>
>
>
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Fast and Easy crypt send
Date: Wed, 21 Mar 2001 15:59:53 -0800
Your sequence is not random, almost all of the randomness disappeared
immediately when you eliminated the outer key (which I assume we both agree
happened). From there the only randomness left is the randomness in the
original sequences, which had very little discernable randomness, so they
can be pulled apart with a minor amount of difficulty. The first thing you
need to realize is that the text you're encrypting is far from random, it
has strong order, bias, etc. English is a good example, English text has
between 1 and 2 bits of entropy per character (depending on several
factors), this is quite a distance from the 8 bits that are used per
character in ASCI, and further from the 16 and 32 bits that are used in
various Unicodes. I still say that the place you need to start is in reading
a book on cryptography.
Joe
"amateur" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I'm still not convinced. I do not have to know cryptography to
> undertstand that a RANDOM sequence is non information at all.
> My encrypted text is RANDOM serie.
> How could you exploit random sequence???
>
>
>
> Joseph Ashwood wrote:
> >
> > Honestly, I have explained it, I'm not going to explain it any more,
read
> > the sci.crypt FAQ, read a book on cryptography, if you still don't get
it,
> > then just realize that you don't get cryptography, and don't try. If you
do
> > get it then you will immediately realize that the only valid decryption
of
> > your example was in fact 10011001, and that attempting to fix this
problem
> > is useless. To reiterate please read a book on cryptography, please read
the
> > sci.crypt FAQ, both will explain in great detail just exactly why your
> > algorithm is completely useless.
> > Joe
> >
> > "amateur" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Strong Primes
Date: Wed, 21 Mar 2001 16:12:31 -0800
Well it's actually fairly simple lambda(p)*k = lambda(N) where k depends on
q, so proving it with respect to lambda(N) makes the use of lambda(p)
unnecessary, because lambda(N) only supplies additional possibilities to
build short cycles, the proof of cycles on lambda(N) also apply to those of
lambda(p) (I would've thought that at least make that statement in the
paper, but I didn't read it too carefully). This results in the proof with
regard to lambda(p) being simply "by the proof on lambda(N)"
The order of e mod p is relevant only in the selection of p and e, e must be
prime relative to p (and p-1, both of which are easily confirmed), this
makes the order maximal (by the original RSA proof of invertability) so
there is no discussion that is necessary. The order versus p-1 is the same
as lambda(p), so it stems from the proof of lambda(p) which stems from
lambda(N).
It was basically a paper saving device, it was assumed that the reader would
have a substantial basis in mathematics which would lead them to immediately
see that lambda(N) implied lambda(p) implied p-1 implied several other
things that weren't needed for understanding.
Joe
"Peter Engehausen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Dear Joseph!
>
> Thanks for your reply!
>
> > The move to lambda(N) is necessary for the proof because the short
cycles
> > are not a result of p or q, but of the lambda reduction of them. This
stems
> > from the inversion of RSA (aka decryption) which requires, not knowledge
of
> > p or q, but knowledge of lambda(N).
>
> Actually it's my belief, that what a "complete" argumentation should
discuss
> not only the order of e modulo \lambda(N) (it should be small, if you like
to
> mount the attack, see equation 16), but also the order of e modulo
\lambda(p)
> (see equation 18 & 19).
>
> I just realized, that I had a typo in my last mail: I wrote ord (e) mod p
> instead of ord (e) mod \lambda(p) = ord (e) mod p-1. Strange ... The
authors
> wrote mod p on page 17 too. Do I miss something? Isn't the order of e mod
p
> irrelevant? I need to know, when the exponent of C is equal to 1,
therefore I
> need to know the order e mod p-1 and/or the order of e mod \lambda(N).
>
> I'm really lost! HELP!
>
> > Everything else is just argument for that statement.
>
> But is the arguemntation correct?
>
> Best wishes,
> Peter
>
> PS: And I still don't understand this part:
>
> "Suppose r does not divide ord(e) mod \lambda(N). It follows immediately
> that e must be an r-th power mod p. This follows form Lagrange's
> Theorem: ord(e) must divide p-1, and we have assumed that r divides p-1
> but r does not divide ord(e). Hence e must be an r-th power mod p."
>
> ord(e) mod \lambda(N) must divide p-1? I'm not sure if I remember
> Lagrange's Theorem well... The order of a subgroup divides the order of
> it's group. Hence for every e which is coprime to \lambda(N) the order
> of e mod \lambda(N) must divide the order of (Z/\lambda(N)Z)^*. This is
> \phi(\lambda(N)), isn't it? I can't see why ord(e) divides p-1...
>
> And further on: You say, if r and ord(e) divide both p-1 and r doesn't
> divide ord(e) than e must be an r-th power.
> Sounds obvious, but why? I'm still too blind to see through.
>
>
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Subject: Re: How to eliminate redondancy? (moving steadily towards being computer
Date: Wed, 21 Mar 2001 19:47:43 -0500
Tom St Denis wrote:
> "SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > [EMAIL PROTECTED] (Tom St Denis) wrote in
> > <xU4u6.98657$[EMAIL PROTECTED]>:
> >
> > >
> > >"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> > >news:[EMAIL PROTECTED]...
> > >> [EMAIL PROTECTED] (Tom St Denis) wrote in
> > >> <ep4u6.98534$[EMAIL PROTECTED]>:
> > >>
> > >> >
> > >> >"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> > >> >news:[EMAIL PROTECTED]...
> > >> >> I think you know my anwser to that but to elighten others I
> > >> >> will explain what a good sized key is. It is as large as possilbe
> > >> >> while getting the job done so as to not to cause the user to much
> > >> >> time waiting.
> > >> >
> > >> >There are other problems with using million byte keys.
> > >> >1. Where to get that much good entropy?
> > >>
> > >> Godd question. The anwser is you most likely don't.
> > >> But at least with my system you can use what you can get.
> > >> And you can still use a passord of any size to use the
> > >> key. Of cousre just like anything else best to use on
> > >> computer you have full control of. And if your master
> > >> password to short and some. One gets to test it they
> > >> may find the password.
> > >
> > >Ahh... but would a million bad bits be better then 192 good bits (bad =
> > >nonrandom, good=random as can be)
> > >
> >
> > If by bad you mean something like the total amount of entropy
> > in the not so random million bits. Was less than the entropy
> > in the more random 192 bits. Then I think even a kid like you
> > knows the anwser. But using 200 bits where the first 192 bits
> > are the same as your short key. and 8 good random bits would most
> > likely kick ass if first part of millon bit key.
>
> Hmm you missed the point. If you have a million bit key but every bit is
> biased by say p=0.999999999, q=0.000000001 then what's the point?
>
> My real point is about efficiency. It's easier to get, store, use,
> manipulate 192 (or whatever...) bits then 1million bits. So if 192 bits are
> truly random and only say 1/10000 of the million bits are random then is it
> really any better?
>
> Note that the avg RNG based on a computer only gets about a few bits per
> second at the most. If you sample too quickly it's not decorrelated
> enough.... so a million bit key could take a week to make whereas 192 bits
> may take a minute or so...
>
> Tom
Even if you could get a thousand good bits of entropy a second, this still isn't
enough bits to supply something like a Vernam cipher variant for a server
application.
------------------------------
From: Luis Yanes <[EMAIL PROTECTED]>
Subject: Re: RC4 test vectors after gigabyte output?.
Date: Thu, 22 Mar 2001 01:53:35 +0100
On 21 Mar 2001 21:48:36 GMT [EMAIL PROTECTED] (Ian Goldberg) wrote:
>Careful! You're likely correct if you compare the *internal states*,
>but NOT if you compare the *outputs*.
If you have access to the internal state of a known good RC4
implementation, and can reverse it to compare, but I haven't.
>Remember that Ada version of RC4 that was posted here a few weeks back?
>it had a bug such that it would be correct for several kb, but by the
>time you've output 64KB, it would likely have started outputing all
>0's.
Then the published test vectors are almost useless. If them can't even
catch a bug like the xor swap, how could I have some certainity about the
correctness of my implementation?.
73's de Luis
mail: melus0(@)teleline(.)es
Ampr: eb7gwl.ampr.org
http://www.terra.es/personal2/melus0/ <- PCBs for Homebrewed Hardware
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NSA in the news on CNN
Date: Thu, 22 Mar 2001 01:03:14 GMT
John Hairell wrote:
> FBI HQ downtown also has a gift shop.
So do CIA and DIA, but the public can't get to them.
I don't think the National Cryptologic Museum's gift shop
proceeds go to NSA itself. There is a museum Foundation
that deals with museum funds, also organizes seminars etc.
At an Agilent briefing today I heard that a single card
for a VXi box such as might be used for signal detection
and acquisition goes for $20,000. I shudder to think what
the whole system costs, but somehow I don't think it's
possible to support operations by selling coffee mugs :-)
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Most secure way to add passphrase verification to "CipherSaber"
Date: 21 Mar 2001 17:03:50 -0800
"John L. Allen" <[EMAIL PROTECTED]> writes:
> I was thinking about adding some rudimentary passphrase (Key)
> verification check capability to the CipherSaber protocol (see
> http://ciphersaber.gurus.com/). So, among the following choices,
All of them complicate ciphersaber so much that they defeat its
purpose. Ciphersaber is not intended as an ftp replacement. It's
supposed to be a bare minimum needed to provide confidentiality. You
can tell if your password is correct because if you use the wrong
password to decrypt, you get garbage out.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
