Cryptography-Digest Digest #336, Volume #14 Fri, 11 May 01 14:13:00 EDT
Contents:
Re: Cryptanalysis Question: Determing The Algorithm? (John Savard)
Re: good x86 coders (help please) ("Tom St Denis")
Re: Security with provable strength. (John Savard)
Re: NSA "Headline Puzzle" confusion ... ("Jack Lindso")
Re: RNG problem (David Wagner)
Re: Micali-Schnorr pseudorandom bit generator (Mark Wooding)
Re: Tiny s-boxes ("Simon Johnson")
Re: Security with provable strength. (Mark Wooding)
Re: Are low exponents a problem with RSA? (DJohn37050)
Re: Best encrypting algoritme (SCOTT19U.ZIP_GUY)
Re: Best encrypting algoritme ("Tom St Denis")
Re: research on polymorphic crypto/Best Possible Privacy? (Tim Tyler)
Off-topic - UK crime statistics (was Re: Best, Strongest Algorithm) (David Hopwood)
Re: Are low exponents a problem with RSA? (SCOTT19U.ZIP_GUY)
Re: Quasi Functions, a way to design Maximum Secure Cipher ("Scott Fluhrer")
Re: Horst Feistel (Matthew Skala)
Re: Best encrypting algoritme (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Cryptanalysis Question: Determing The Algorithm?
Date: Fri, 11 May 2001 15:56:58 GMT
On Fri, 11 May 2001 13:12:30 GMT, [EMAIL PROTECTED] (Bo
Dömstedt) wrote, in part:
>If we do, how much can we gain?
>First, we need a sufficiently large algorithm space (to prevent serial
>or parallel search as discussed above). We have seen (indications on)
>that this is no problem, but I feel that most readers don't think that
>this is obvious at all. This is due to that most conventional block
>ciphers are iterated substitution/transposition ciphers, and what
>else can possibly exist??
Even within that restricted domain, allowing the algorithm to be
modified can increase the effective key immensely.
>Second we must prevent the cryptanalyst from learning which algorithm
>we are using.
But then you yourself must design the algorithm, and you can only use
it to send your own messages. So to get a secure algorithm, a very
large investment of expertise is needed, with a small return.
>We may, however, annoy the cryptanalyst by using several cipher
>algorithms. We may even select cipher algorithms on the fly, possibly
>as a function of the IV (or similar arrangement...).
Why limit yourself to making the algorithm key-agile in the algorithm?
Why not _really_ get wild, and make the algorithm used data-dependent?
(Naturally, you'll need to use the Feistel-round principle so that the
resulting block cipher is invertible.)
In Quadibloc III, I only made the algorithm key-dependent, but in
Quadibloc VIII I allowed the algorithm to vary - in a very limited
way, involving the interchange of two different encipherment steps -
based on the block being enciphered.
It is described at:
http://home.ecn.ab.ca/~jsavard/crypto/co040712.htm
So far, that is the latest of the ciphers in the Quadibloc series.
John Savard
http://home.ecn.ab.ca/~jsavard/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: good x86 coders (help please)
Date: Fri, 11 May 2001 15:55:24 GMT
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:zqTK6.66111$[EMAIL PROTECTED]...
> One thing I learned is that there are tons of better coders here than me.
> Which is why I want to ask if anyone would be interested in writting up a
> short expose of TC15 in assembler optimized for the pentium (i.e basic
> pairing and such). It doesn't have to be a complete package, just be able
> to encrypt a block (no decryption required) with an expanded key that will
> be provided.
>
> I could code my own but the results would not reflect that of top notch
> coders. (yes I feel like a hypocrite posting this).
Arrg... hello is this group on?
Anyways... I started a port but for some reason it doesn't quite encrypt
properly.
The package is at
http://tomstdenis.home.dhs.org/tc15_asm.zip
You need DJGPP and NASM to build it.
With an optimized LT and unoptimized sboxes it gets 296 cycles per block or
18.5 cycles per byte. I bet if I optimized the sboxes I could get it
lower...
Tom
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Security with provable strength.
Date: Fri, 11 May 2001 16:02:45 GMT
On 11 May 2001 13:47:11 GMT, [EMAIL PROTECTED] (Mark Wooding) wrote, in
part:
>Let's say we want to find K. Collect N bits of plaintext and ciphertext
>(and random strings R),
If you have known plaintext, you don't need to recover K, because you
have the binary string used to encipher any other message enciphered
with K. So the 'provable security' applies only to the case of unknown
plaintext, and the system, to be secure, MUST use a new key for every
message (otherwise, it succumbs the way a one-time-pad used twice
would).
However, your attack does show something new: that it's insecure if
part of a single message is known, and you want to recover the other
part.
John Savard
http://home.ecn.ab.ca/~jsavard/
------------------------------
From: "Jack Lindso" <[EMAIL PROTECTED]>
Subject: Re: NSA "Headline Puzzle" confusion ...
Date: Fri, 11 May 2001 19:18:22 +0200
I didn't read the whole text but it seems that third one is a concatenation
of the previous two.
--
Anticipating the future is all about envisioning the Infinity.
http://www.atstep.com
====================================================
"Mitchell Morris" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> First, here is a link to the NSA's "Headline Puzzle":
>
<URL:http://www.nsa.gov/programs/kids/standard/dashboard/master/index.shtml
> >
>
> Basically, there is a procedure that uses three English words to create a
> set of related monoalphabetic ciphers. These ciphers are then used to
> encipher hypothetical newspaper headlines, one headline per cipher. The
> resulting ciphertexts are given to the player. The challenge is to
> determine what the three initial words (key, setting, and hat) were.
>
> After reading the "Strategy" page (which includes an example solution),
I'm
> rather confused. There, it suggests using the longest permutation chain
> recovered as your candidate mixed alphabet, then using that as a plaintext
> record each of the matching ciphertexts below it in a tableau. Each of
> these ciphertexts must (by dint of the construction of them) be slides of
> each other, and so you can fill in many of the missing blanks in the
> tableau by correllating the rows. In the example, however, a 'W' appears
in
> the "solved" tableau when it didn't appear at all in the preliminary
> tableau and I don't see where it came from.
>
> The "example" then repeats this procedure with another permutation chain,
> then concludes:
> Now you can use the information you have from your headline
> recoveries and the fact that you know that each row in the table
> is a slide of every other row to complete the table and recover
> a chain of all 26 letters.
> followed by a diagram that includes a significantly larger tableau with
one
> row completely filled in and I don't see how tableaus 1 and 2 led to the
> construction of tableau 3.
>
> I have to assume I'm not an idiot, so I'm hoping I just misunderstood
> something fairly trivial in the explanation. Can anyone suggest where I've
> gone astray?
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: RNG problem
Date: 11 May 2001 16:31:18 GMT
Dobs wrote:
>In Micali Schnorr generator the output is concatenation of
>z1||z2||z3||.....||zl
>where to obtain Zi we have to take k least significanct bits of Yi
>and Yi=Xi-1^e mod n ( Yi can be number between 1 and n-1 so Yi can be
>as well very small number)
>What if Yi will be very small number ( lets say 8 bits long) and our
>k=614.so we have to take 614 least significant bits of Yi
Why don't you calculate the probability that Yi is like this?
I expect that it will answer your question.
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Micali-Schnorr pseudorandom bit generator
Date: 11 May 2001 16:32:46 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> > >> >3. It's provably as secure as factoring.
> > >>
> > >> I'm pretty sure the original paper related security to the problem
> > >> of whether a number was or was not a square modulo pq, which is a
> > >different
> > >> problem from factoring pq. It is well-known that factoring allows
> > >> square determination, but I did not know that the converse had been
> > >> shown.
> >
> > >Finding square roots is the same as factoring.
> >
> > Yes, but the security proof in the original BBS paper was related
> > to determining with probability greater than 1/2 whether a number was
> > a square, WITHOUT exhibiting the square root.
>
> Um ok. Well BBS is secure as long as you can't take square roots afaik...
> I don't see how just knowing if X^2 is a QR will give you any info.
The original paper proved a polynomial-time reduction from predicting the
generator's output to predicting quadratic residuosity.
A later paper by Vazirani and Vazirani proves a polynomial-time
reduction from prediction to factoring.
-- [mdw]
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: Tiny s-boxes
Date: Fri, 11 May 2001 17:38:28 +0100
David Wagner <[EMAIL PROTECTED]> wrote in message
news:9dfj7o$fn8$[EMAIL PROTECTED]...
> Simon Johnson wrote:
> >I assume it attacks the algebraic structure of the s-box?
>
> Yes.
>
> >Another question: Does the formation of this attack require some kind of
> >precomputation, like in differential analysis where you generally have to
> >generate a difference table?
>
> No, there's no precomputation. (But your impression of differential
> cryptanalysis seems to be at odds with my understanding, so maybe I didn't
> understand your question.)
Well, to clarify my incoherent ramblings =):
Usually you have to know the structure of the s-box with respect to
differential cryptanalysis to break the cipher... which generally requires
finding an fixed input difference to the box that produces a fixed output
from the box with high probability. And its the 'work' required to find this
difference which I label as precomputation.
To be 100% certain that a particular input difference causes a set output
difference with the highest probability possible for that s-box (the
DP-Max)... I'd conjecture that the minimum amount of work required is
2^(2n), where n is the size of the input into the box. e.g. for a 8x8
s-box... we have to use the s-box 2^16 times to get all the difference
mappings for the s-box.
My idea (which wont work with the interpolation attack, since no
precomputation is required) was to make the s-box so large that finding
_any_ difference by brute-force is computationally infeasible. I hope this
clears my ideas up!
Simon.
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Security with provable strength.
Date: 11 May 2001 16:34:28 GMT
John Savard <[EMAIL PROTECTED]> wrote:
> If you have known plaintext, you don't need to recover K, because you
> have the binary string used to encipher any other message enciphered
> with K.
I assumed that a new R was chosen for each message, so the masking value
changes each time.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 11 May 2001 16:42:16 GMT
Subject: Re: Are low exponents a problem with RSA?
It is obvious that VENONA has NOTHING directly to do with public key
encryption. My point was simply that something that was "provably" strong was
weak in practise due to the "dirty details" and that these details involved a
failure in the RNG.
I have heard/thought I heard that some of these failures were caused
deliberately as a way to form a method of attack. That is, the hope was, since
the method was "provably secure" the Russians would not suspect it was being
broken.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best encrypting algoritme
Date: 11 May 2001 16:42:22 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in
<[EMAIL PROTECTED]>:
>
>It is better to have larger blocks (the extreme is the
>whole message). But one has somehow decided to use block
>encryption and has chosen a small block size (e.g. for
>hardware reasons). In order to get nevertheless a bit the
>benefits of large block processing, one employs a (particular)
>technique, which is the chaining. So chaining is a compromise,
>or an afterthought, if you like. It may be mentioned that
>Scott has for years advocated whole file processing in the
>group (though personally I am not fond of the specific
>methods he uses).
>
Thanks for remembering me.
But I do have a question for you. You say your not fond
of the methods I use. However one of the methods I have
been trying to get people to use instead of the possible
weak version of Rijndael from the AES people is Matts BICOM
where make you make 3 passes through file
pass 1 BICOM with a key
pass 2 reverse file end for end
pass 3 BICOM again
This does treat the whole file as a single block.
What would you say about that kind of encryption
scheme.
Of cousre if it is a text message will could use shaws
GrandView method before the first BICOM
Take Care
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best encrypting algoritme
Date: Fri, 11 May 2001 16:58:50 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Mok-Kong Shen) wrote in
> <[EMAIL PROTECTED]>:
> >
> >It is better to have larger blocks (the extreme is the
> >whole message). But one has somehow decided to use block
> >encryption and has chosen a small block size (e.g. for
> >hardware reasons). In order to get nevertheless a bit the
> >benefits of large block processing, one employs a (particular)
> >technique, which is the chaining. So chaining is a compromise,
> >or an afterthought, if you like. It may be mentioned that
> >Scott has for years advocated whole file processing in the
> >group (though personally I am not fond of the specific
> >methods he uses).
> >
>
> Thanks for remembering me.
> But I do have a question for you. You say your not fond
> of the methods I use. However one of the methods I have
> been trying to get people to use instead of the possible
> weak version of Rijndael from the AES people is Matts BICOM
>
> where make you make 3 passes through file
> pass 1 BICOM with a key
> pass 2 reverse file end for end
> pass 3 BICOM again
>
> This does treat the whole file as a single block.
> What would you say about that kind of encryption
> scheme.
>
> Of cousre if it is a text message will could use shaws
> GrandView method before the first BICOM
What exactly is BICOM anyways? How is AES used in BICOM?
Also do you realize that your method is slow, cumbersome and can't be used
for streaming or realtime data?
Tom
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: research on polymorphic crypto/Best Possible Privacy?
Reply-To: [EMAIL PROTECTED]
Date: Fri, 11 May 2001 16:53:06 GMT
Mark Wooding <[EMAIL PROTECTED]> wrote:
[Best Possible Privacy/"polymorphic" cryptography]
: The idea it seems to be based on -- twiddling `the algorithm' in a
: key-related way -- is hardly new, and I don't think I've seen any
: variant which actually turned out to have any merit. [...]
I tentatively nominate Ritter's cypher stacks for this acolade.
--
__________ http://rockz.co.uk/ http://alife.co.uk/ http://hex.org.uk/
|im |yler http://atoms.org.uk/ http://mandala.co.uk/ [EMAIL PROTECTED]
------------------------------
Date: Fri, 11 May 2001 17:56:40 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Subject: Off-topic - UK crime statistics (was Re: Best, Strongest Algorithm)
=====BEGIN PGP SIGNED MESSAGE=====
"Douglas A. Gwyn" wrote:
> "SCOTT19U.ZIP_GUY" wrote:
> > ... But if you look at the UK my understanding is
> > crime is going up. ...
>
> Of course it is, but it has nothing to do with spying.
> They stupidly disarmed the law-abiding populace, giving
> criminals less to fear. Same in Australia.
This is completely off-topic, but in the interests of accuracy,
total reported crime statistics in the UK are going down, except
that reported violent crime is going up. Any theories you may have
about the relation of that to gun control policy should be discussed
on, for example, talk.politics.guns, not sci.crypt.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOvuCrzkCAxeYt5gVAQHdIAf/Y4AkFJ9Ylf0koGKKDH5uN8pEBUGfaoMD
A+diIozVLh/iivHpkP4W81IDH7gMKQvZWzNZc9z3m0WWnxVrz8rQn7WurKQme7cI
vpdpt7GXN8JGU0wV0qasiTVvAFtpKYqo8u//Sxjvd9jRZ2PQw0MjcOJ5XhTNp4+i
HiFpwwbvlzWcIXjlhvK/aidoAPb8i+VZMCkS8/Q6ABLs9wX6ux9v2rvxECvRBPFQ
vNZIB3Z7AH2xmDM4VL4Sl9uDR6lgezfPasdofBNRqr/u80/JKhoMYY6/LKyrDzjz
LrkQdlArfHZ4fvY+S3RuvUD5rYsZa3Ts847W2R4Gt82qOWx3QEZ5Fw==
=Xk4S
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Are low exponents a problem with RSA?
Date: 11 May 2001 16:55:23 GMT
[EMAIL PROTECTED] (DJohn37050) wrote in
<[EMAIL PROTECTED]>:
>It is obvious that VENONA has NOTHING directly to do with public key
>encryption. My point was simply that something that was "provably"
>strong was weak in practise due to the "dirty details" and that these
>details involved a failure in the RNG.
What you are saying is very very common in crypto. You take
what seems to be fairly strong like Rijndeal and than you combine
it in something like PGP with nonbijective compression to make
it very weak. So weak that only one key can decrypt to something
that could have been encrypted. That key being the one used.
Yet you can argue till blue in the dace. And the people with
loudest voices say that these little details don't need to
be worred about since so small. But they are easy to fix.
>
>I have heard/thought I heard that some of these failures were caused
>deliberately as a way to form a method of attack. That is, the hope
>was, since the method was "provably secure" the Russians would not
>suspect it was being broken.
>Don Johnson
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Quasi Functions, a way to design Maximum Secure Cipher
Date: Thu, 10 May 2001 22:28:07 -0700
Kostadin Bajalcaliev <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hello
>
> After a years of research I have finally define the Quasi Function theory,
> and its practical implementation in cryptography the Polymorphic
> Encryption.
> Here is only the Introduction chapter of the thesis describing the results
> accomplished. I hope you will have interest to examine this thesis, all
the
> comments and suggestions are welcomed. The full text of the thesis is
> available at
>
> http://eon.pmf.ukim.edu.mk/~kbajalc/algo/theory/pme
> or
> http://kbajalc.tripod.com/algo/theory/pme
>
> As a illustration here is the round function of SQ6 the cipher
implementing
> the theory described in the thesis:
>
> B0 B1 B2 B3 - are 32-bit words, Message BLOCK
> S0 S1 ... S15 - 32-bit words, the KEY
> F[0..0xFFFFFFFF](A1,A2) - array of functions returning 32-bit word
>
>
> Each Round is Defined as
>
> B3^=F[B0](B1,B2);
> (B0,B1,B2,B3)=(B3,B0,B1,B2) /* rotation */
>
>
> The function is defined as:
>
> T{i,j} denote the number formed from the i-th to the j-th bit of T
> Op = {+,xor,*,-}; Op[i] denote the i-th element of set Op
> S[0..15] array of 32-bit words = 512-bits of KEY
>
> F[G](A,B,C)= (S[g]<<<g) og A og (S[g]<<<g) og B og (S[q]<<<g)
Don't forget you'll need to define the associativity.
>
> og - operation choused by G
> g - the value of a particular binary substring of G
>
> -------------------------
> F[T](A1,A2) = (S[{T{3..0}] <<< T{7..4}) \\
> op[T{25..24}] A1
> \\
> op[T{27..26}] (S[T{11..8}] <<< T{15..12})
\\
> op[T{29..28}] A2
> \\
> op[T{31..30}] (S[T{19..16}] <<< T{23..20});
>
> Fox example having T=To=11 01 00 10 0010 1101 0101 1001 1011 1010
> The function F will be:
>
> F[To](A1,A2) = (S[10] <<< 11) * A1 + (S[9] <<< 5) xor A2 - (S[13] <<< 2);
>
> ==================================================================
>
>
> 1. Introduction
>
> Maximum Secure Cipher (MSC) is an encryption algorithm immune to all
> possible
> (existing and to-be-invent) attacks. Existence of an attack against MSC
> implies a
> need for a significant knowledge about the key as a precondition to launch
> it. The
> growing disparity between the advance of the cipher-design and the
> cryptanalysis
> indicate a convergence in the process of developing secure ciphers. The
> limit of this
> process is the MSC.
Here's how to break this "immune to all possible attacks" cipher:
Consider an input differential of (0, 0x80000000, 0, 0).
During round 1, we can select B0 so that the last operation selected by G
will be "*", and with probability 2**-1, the lsbit of S[T{19..16}] <<<
T{23..20}will be zero. This will give a zero differential to the output of
F[G](A,B,C), and hence the output differential of round 2 will be:
(0, 0, 0x8000000, 0)
During round 2, with probability 2**-3, the last operation selected by G
will be "*", and the lsbit of S[T{19..16}] <<< T{23..20}will be zero. This
will give a zero differential to the output of F[G](A,B,C), and hence the
output differential of round 3 will be
(0, 0, 0, 0x8000000)
Round 3 is the trivial differential. The output differential of round 4
will be:
(0x8000000, 0, 0, 0)
During round 4, with probability 2**-1, bit 30 of B0 will be 1 and hence the
operations selected will be - and ^. In addition, with probability 2**-13,
the outputs of the - and ^ operations will happen to be the same, and hence
with probability 2**-14, there will be a zero differential to the output of
F[G](A,B,C), and hence the output differential of round 4 will be:
(0, 0x8000000, 0, 0)
Continuing on, we find that this has a probability
2**-(1+3+0+14+3+3+0+14+3+3+0+14+3+3+0) = 2**-64 of extending through 15
rounds.
And so, this attack is:
- Send through 2**74 or so chosen pairs with the above differential. Look
for outputs that look like the differential held through 15 rounds (three of
the output words will match). There are an expected 2**10 true hits, and
essentially no false hits (a false would would have probability 2**-96).
Now that we know we have outputs which we know differ in only the last
round, use that to solve for the elements of the S array, which is the key.
Glancing at it, it appears that 2**10 such pairs should be more than
sufficient.
Free hint: no cryptographer with a clue would ever confidently describe
anything he invented as "immune to all possible (existing and
to-be-invent[sic]) attacks", at least, not without an iron-clad mathematical
proof in hand.
--
poncho
------------------------------
From: [EMAIL PROTECTED] (Matthew Skala)
Subject: Re: Horst Feistel
Date: 11 May 2001 10:15:39 -0700
In article <9dgcnv$20m$[EMAIL PROTECTED]>,
Vinokurov Andrey <[EMAIL PROTECTED]> wrote:
>Is Horst Feistel native American or an immigrant?
Be warned that in the USA, if you say "native American", most people will
think you mean a member of the indigenous population. If you mean it
literally, as someone born in the USA (possibly from ancestors who
immigrated in the last few hundred years), then you have to say "American
native", or "American-born" or indeed almost anything else besides "native
American".
--
Matthew Skala
[EMAIL PROTECTED] "I fish stranger things than you
http://www.islandnet.com/~mskala/ out of my granola every morning."
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best encrypting algoritme
Date: 11 May 2001 17:13:24 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<eTUK6.66540$[EMAIL PROTECTED]>:
>
>"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> [EMAIL PROTECTED] (Mok-Kong Shen) wrote in
>> <[EMAIL PROTECTED]>:
>> >
>> >It is better to have larger blocks (the extreme is the
>> >whole message). But one has somehow decided to use block
>> >encryption and has chosen a small block size (e.g. for
>> >hardware reasons). In order to get nevertheless a bit the
>> >benefits of large block processing, one employs a (particular)
>> >technique, which is the chaining. So chaining is a compromise,
>> >or an afterthought, if you like. It may be mentioned that
>> >Scott has for years advocated whole file processing in the
>> >group (though personally I am not fond of the specific
>> >methods he uses).
>> >
>>
>> Thanks for remembering me.
>> But I do have a question for you. You say your not fond
>> of the methods I use. However one of the methods I have
>> been trying to get people to use instead of the possible
>> weak version of Rijndael from the AES people is Matts BICOM
>>
>> where make you make 3 passes through file
>> pass 1 BICOM with a key
>> pass 2 reverse file end for end
>> pass 3 BICOM again
>>
>> This does treat the whole file as a single block.
>> What would you say about that kind of encryption
>> scheme.
>>
>> Of cousre if it is a text message will could use shaws
>> GrandView method before the first BICOM
>
>What exactly is BICOM anyways? How is AES used in BICOM?
I think you know what it is TOM. But here is the URL.
http://www3.sympatico.ca/mtimmerm/
let me explain again how AES is in BICOM. Matt took the
code supplyed by the AES people for 128 bit block size
RIJNDAEL with 256 bit key space. Every use of the algorithm
envoles full block sizes. Yet he manges to keep every thing
totally bijective.
your could take a 3 byte file "TOM" for example
end decrypt it with a password to get an input file.
that when encrypted with same password comes back to
that file.
He has full source code with it and he writes like
a modern programmer not with my old ways. So even
young guys like you might have a chance to understand it.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
