Cryptography-Digest Digest #358, Volume #14 Tue, 15 May 01 12:13:01 EDT
Contents:
Re: Horst Feistel (pronounce) ("Thomas J. Boschloo")
Re: where to get RSA/DSA code? ("Thomas J. Boschloo")
Re: Are low exponents a problem with RSA? (DJohn37050)
Re: new cipher (jlcooke)
Re: new cipher ("Henrick Hellström")
Re: good x86 coders (help please) (Vincent Quesnoit)
Re: new cipher ("dexMilano")
Re: An Empirical Public Key Algorithm Methodology ("Jakob Jonsson")
Re: Encryption/Hash Permissions (Kent Briggs)
Re: which public key algorithm is easy & gd to use? (Kent Briggs)
Re: new cipher (Paul Crowley)
Re: Hughes DH variant (Kent Briggs)
Re: Hughes DH variant (Randy Langer)
Re: ON-topic - UK crime statistics (was Re: Best, Strongest Algorithm) ("Douglas A.
Gwyn")
Re: good x86 coders (help please) ("Douglas A. Gwyn")
Re: TC15 analysis ("Scott Fluhrer")
Re: ON-topic - UK crime statistics (was Re: Best, Strongest Algorithm)
(SCOTT19U.ZIP_GUY)
Re: Not a realistic thing to do......Why? (Keill Randor)
Re: which public key algorithm is easy & gd to use? (Paul Crowley)
Re: Encryption/Hash Permissions (Paul Crowley)
Re: new cipher (Paul Crowley)
FYI: Results on EM attacks on smart cards ("Josyula R. Rao")
----------------------------------------------------------------------------
From: "Thomas J. Boschloo" <[EMAIL PROTECTED]>
Subject: Re: Horst Feistel (pronounce)
Date: Tue, 15 May 2001 14:20:46 +0200
=====BEGIN PGP SIGNED MESSAGE=====
"Thomas J. Boschloo" wrote:
> Fay stel looks a bit wrong to me (from my domain you can see that I am
> Dutch, we get German language in high-school). I would say "horst
> fi-stal". (accent on first syllable)
I have been doing some more thinking about this, and maybe German is
more similar to English than it is to Dutch in this case. We have the
sound 'ei' or 'ij' like in Rijmen or Rijndael (see bottom of
<http://www.esat.kuleuven.ac.be/~rijmen/rijndael> for pronunciation of
the 'ij'. I personally think the 'Rhine's 'i' is a good one. But
honestly, I don't think you english speaking people have something that
really sounds like 'ei'. You might even not be able to hear the
difference in the dutch 'ei'/'ij' and the 'ay' from 'Shy' etc. To me
there is a difference however.
Germans speak 'Feistel' a bit like 'Faystil' but you just have to avoid
'thinking' the 'Aye'. It sounds very 'ordi' in my ears.
My final pronunciation would probably be something like:
Meister
Maestro
Faestro
Feistel
(with stress on the 'Fei' and the 'stel' should sound like in the
english 'Bell').
I hope this is not completely off-topic in this broad newsgroup.. (can't
find it in the FAQs). Maybe a MP3 would do the trick, but my grasp the
the alpha subjects like German and English is not one of my strong
points. Neither is math compared to the likes of you, but compared to
most people I know, my math is pretty good. I know what complex numbers
and Euler formula's are
Higest regards,
Thomas
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
Comment: My homepage <http://home.soneraplaza.nl/mw/prive/boschloo>
iQB5AwUBOwERDAEP2l8iXKAJAQEjewMgq+kjkszS3lqlOobdgSUyPsTJLWm/XTdk
Tj1wphX3y83/7VygQtzLY+mJFozxMXgCDJlWuLkWYJm+aKVuhUihatRQAgGyt1XW
2fkq4BbVyV7CpZ/yLlNw4Q/CaE6JylUkD9fA6g==
=WMXw
=====END PGP SIGNATURE=====
--
"Software patents harm the flow of free information"
------------------------------
From: "Thomas J. Boschloo" <[EMAIL PROTECTED]>
Subject: Re: where to get RSA/DSA code?
Date: Tue, 15 May 2001 14:21:57 +0200
=====BEGIN PGP SIGNED MESSAGE=====
Hilda wrote:
>
> hi, thanks for the replys
>
> is there any way i can get free source codes for RSA/DSA?
> there are so many algorithms to use... but i'm a new user to cryptography.
> ...
> is RSA/DSA/others in that reply mails the best for beginners?
> our system doesn't need to be v secure, just fairly secure is enough ..
> anyway, the most important thing is, where to get the codes? (e.g. on web)
In addition to OpenSSL, you could perhaps also try <www.pgpi.org> and
get the 6.5.8 sources. Older sources like 5.0i might be shorter, but
probably also more buggy so I would go for the latest versions.
If you only need RSA, try pgp263is.zip. It is both short and fairly well
trusted. (RSA does both sign and encrypt, so you won't need the DSS
part)
Regards,
Thomas
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
Comment: My homepage <http://home.soneraplaza.nl/mw/prive/boschloo>
iQB5AwUBOwERUwEP2l8iXKAJAQEDeAMfZY3woEcSVhVyxvqWSnSmi1EQALy9xcn7
eZ2kMuFsO/Q5XqQJi+fNSucKJk0eLKBHvNB+hoEglhHmJhcU3vw7D8KBDPyUPdDb
w/OhGcPNhwOrJg8mPJK24AEncdtFTrJ/AcC2Xg==
=QSTU
=====END PGP SIGNATURE=====
--
"Software patents harm the flow of free information"
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 15 May 2001 12:36:06 GMT
Subject: Re: Are low exponents a problem with RSA?
I never think RSA is ideal, what does that mean. I think of it as a tool with
attributes, other methods have other attributes, choose the right tool.
Don Johnson
------------------------------
From: jlcooke <[EMAIL PROTECTED]>
Subject: Re: new cipher
Date: 15 May 2001 12:54:25 GMT
>From the same people how gave us Magenta. Closed to the public for
years and years, and when submitted to the AES, it took 10 minutes of
questions from the audience to crack it. I'm weary.
JLC
dexMilano wrote:
>
> from NTT
>
> http://www.securitywatch.com/newsforward/default.asp?AID=7188
------------------------------
From: "Henrick Hellström" <[EMAIL PROTECTED]>
Subject: Re: new cipher
Date: Tue, 15 May 2001 13:20:27 +0200
I found a diagram at http://www.nttamerica.com/news/2000/000310_a.html and a
vague description at http://www.nttamerica.com/news/2000/000310.html#07. The
general structure doesn't look that amazing.
--
Henrick Hellström [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
"dexMilano" <[EMAIL PROTECTED]> skrev i meddelandet
news:9dr2q1$junp9$[EMAIL PROTECTED]...
> I can't find any source/document related to this news.
>
> Any suggestion?
>
> dex
>
> "dexMilano" <[EMAIL PROTECTED]> ha scritto nel messaggio
> news:9dr1kj$jr6qf$[EMAIL PROTECTED]...
> > from NTT
> >
> > http://www.securitywatch.com/newsforward/default.asp?AID=7188
> >
> >
>
>
------------------------------
From: Vincent Quesnoit
Subject: Re: good x86 coders (help please)
Date: Tue, 15 May 2001 15:12:58 +0200
Reply-To: [EMAIL PROTECTED]
I would do the rotates in memory, since anyway you cannot perform two rotates in
parallel because the number of bits is not the same for the different dwords.
There might be some overlap between the rotates in the ALU and MMX instructions
in the FPU.
As in :
pxor mm0,[ebp+16*%1] ; a in low b in high
pxor mm1,[ebp+16*%1+8]; c in low d in high
; do linear transform
movq mm3,mm1 ;
punpckhdq mm3,mm1 ; d in low c in high
movq memdc,mm3 ; to memory for rol
rol dword memdc,1 ; d<<<1
rol dword memdc+4,14 ; c<<<14
pxor mm3,memdc ; d<<<1 xor c in low, c<<<14 xor d in high
pxor mm0,mm3 ; new a in low, new b in high
movq mm2,mm0 ;
punpckhdq mm2,mm0 ; b in low a in high
movq memab,mm0 ; to memory for rol, a in lower address
rol dword memab,9 ; a<<<9
rol dword memab+4,6 ; b<<<6
pxor mm2,memab ; b xor (a<<<9) in low, a xor (b<<<6) in high
pxor mm1,mm2 ; new c in low, new d in high
;sbox
However the sbox code is not easy to parallelize because of the dependencies.
Vincent
Tom St Denis a écrit :
> "Vincent Quesnoit"
> <[EMAIL PROTECTED]> wrote in
> message
> news:[EMAIL PROTECTED]...
> > I guess you also would have to consider using MMX code on the pentium,
> which
> > would perform two "ands", "xors", or "ors" at a time.
> > Unfortunately I dont currently have an assembler that supports the MMX
> > instructions.
> > The same is probably true on the Athlon.
>
> Use NASM if you like. It's free and very capable :-o
>
> Well I could try using MMX the problem lies in the rotates I must perform.
> A rotate in MMX requires 3 ops (shift+shift+or) and for most MMX ops you get
> a latency of 1 and a througput of 1/2. So it would take upto 6 cycles to
> perform a rotate vs 1 or 2 in the normal ALU.
>
> Tom
------------------------------
From: "dexMilano" <[EMAIL PROTECTED]>
Subject: Re: new cipher
Date: Tue, 15 May 2001 15:50:33 +0200
That's why I love NG:
What you think it could be a good news, it could be an old news.
thx for all references.
dex
"jlcooke" <[EMAIL PROTECTED]> ha scritto nel messaggio
news:[EMAIL PROTECTED]...
> From the same people how gave us Magenta. Closed to the public for
> years and years, and when submitted to the AES, it took 10 minutes of
> questions from the audience to crack it. I'm weary.
>
> JLC
>
> dexMilano wrote:
> >
> > from NTT
> >
> > http://www.securitywatch.com/newsforward/default.asp?AID=7188
------------------------------
From: "Jakob Jonsson" <[EMAIL PROTECTED]>
Subject: Re: An Empirical Public Key Algorithm Methodology
Date: Tue, 15 May 2001 16:54:19 +0200
I would say that this is basically what Courtois, Goubin, and Patarin are
doing, but on a higher level (the equations are on a byte level rather than
on a bit level). They have designed three signature schemes (FLASH, SFLASH,
QUARTZ) that are submitted to the NESSIE project (www.cryptonessie.org). See
http://www.minrank.org/ for more information about these schemes and also
some encryption schemes. During the years, Patarin has suggested several
constructions (some of them with equations on a bit level as well); see
http://www.cs.technion.ac.il/~biham/publications.html for a clever attack
against one of them.
I believe the hard part is to find a system where the size of the public key
is manageable (i.e., not megabytes). The MinRank team claims to have found
a variety of solutions, but they are all very new and not widely scrutinized
yet.
Jakob
"Jim Steuert" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> An Empirical Public Key Algorithm Methodology
>
> Does anyone know of a public key algorithm
> methodology like
> this. It almost seems to simple. Or perhaps
> there is a flaw
> I haven't considered.
>
> 1) Form a simple feistel (or other simple
> like rc4) cipher (and thus it's inverse)
> 2) Form the boolean equations of the
> forward cipher,
> say 160 equations in 160 boolean
> variables. This
> could be very large (many megabytes,
> as in the
> simulation of the SHA-1 feistel hash
> function
> in Dean's thesis)
> 3) Group those equations my randomly
> choosing
> the variables (there are 160!
> (factorial) choices).
> 4) Publish the re-grouped forward cipher
> as the
> public key algorithm.
> 5) Keep the simple feistel algorithm as
> the private algorithm.
>
> This works only if the random choice of
> boolean groupings
> doesn't explode combinatorially and also
> hides the initial
> feistel (or other simple) cipher algorithm.
>
> Please let me know if anyone has experience
> with this
> methodology. Or is there some flaw I've
> missed. Of course,
> it still remains to be proven with a
> practical example.
>
> -Jim Steuert
>
>
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: Encryption/Hash Permissions
Date: Tue, 15 May 2001 09:55:01 -0500
Mark Wooding wrote:
> RC2 and RC4 are `trade secrets' of RSA Security Inc.
FYI: RC2 was officially published a few years ago:
http://www.rsasecurity.com/news/pr/970627.html
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: which public key algorithm is easy & gd to use?
Date: Tue, 15 May 2001 10:00:08 -0500
Paul Crowley wrote:
> I would vote DHAES for encryption, and Schnorr for signatures.
Isn't Schnorr still encumbered by a patent?
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
Subject: Re: new cipher
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Tue, 15 May 2001 15:03:10 GMT
"Jakob Jonsson" <[EMAIL PROTECTED]> writes:
> Camellia, EPOC, PSEC, and ESIGN are all submissions to NESSIE, so you can
> find documentation at
>
> https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions.html
>
> The algorithms have been publicly available for at least eight months, so
> the announcement does not make sense to me (clearly, they don't mean that
> the algorithms are to be released into the public domain).
If I recall correctly, these algorithms are to be put under a
worldwide, royalty-free license, like AES. This is great news if
true, but I can't now find a mention on the Camellia home page...
http://info.isl.ntt.co.jp/camellia/
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: Hughes DH variant
Date: Tue, 15 May 2001 10:16:05 -0500
Tom St Denis wrote:
> Good reason to invest in AC2..
>
> Page 515...
> ------
> (1) Alice choose a random integer x and generates
> k = g^x mod p
> (2) Bob chooses a random large integer y and sends Alice
> Y = g^y mod p
> (3) Alice Sends bob
> X = Y^x mod p = g^yx mod p
> (4) Bob computes
> z = y^-1
> k' = X^z mod p
I've got some notes written in my AC2 margins on this protocol. I remember
exchanging emails with both Hughes and Schneier several years ago on the
subject:
In Step 2, y needs to be relatively prime to p-1. If p is a strong prime such
that (p-1)/2 is prime then y can be any odd number except (p-1)/2. If q is a
prime factor of p-1 (as in DSA), then y can be any integer less than q. Then z
= y^-1 mod q (using Extended Euclid) or z = y^(q-2) mod q using Euler.
In Step 4, z = y^-1 mod (p-1)
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
From: Randy Langer <[EMAIL PROTECTED]>
Subject: Re: Hughes DH variant
Date: Tue, 15 May 2001 15:19:03 GMT
Tom St Denis wrote:
> "Randy Langer" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> >
> >
> > Tom St Denis wrote:
> >
> > > "Randy Langer" <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]...
> > > >
> > > >
> > > > Tom St Denis wrote:
> > > >
> > > > > "Randy Langer" <[EMAIL PROTECTED]> wrote in message
> > > > > news:[EMAIL PROTECTED]...
> > > > > > Can anyone point me to example C/C++ source and/or a complete
> > > > > > description for Eric Hughes' variant on the Diffie-Hellman key
> > > exchange
> > > > > > algorithm? The info I have at hand appears to be incomplete, and
> I'd
> > > > > > like to get it right the first time. A Google search for this
> turned
> > > up
> > > > > > zilch.
> > > > >
> > > > > Good reason to invest in AC2..
> > > > >
> > > > > Page 515...
> > > > > ------
> > > > > (1) Alice choose a random integer x and generates
> > > > > k = g^x mod p
> > > > > (2) Bob chooses a random large integer y and sends Alice
> > > > > Y = g^y mod p
> > > > > (3) Alice Sends bob
> > > > > X = Y^x mod p = g^yx mod p
> > > > > (4) Bob computes
> > > > > z = y^-1
> > > > > k' = X^z mod p
> > > > >
> > > >
> > > > "z = y^-1". A true (floating point) inversion, or mod something??? As
> I
> > > say, it
> > > > looks a little incomplete. I assume it's suppose to be (mod p), but I
> > > always
> > > > like confirmations...
> > >
> > > I think it's obious that you need y^-1 mod p-1. Since bob knows y (and
> no
> > > one else) by calcing this and doing k' = (g^yx)^(1/y) mod p he gets g^x
> mod
> > > p which is k.
> > >
> > > Tom
> >
> > Yep. Just don't like unexpected surprises. The fact that it wasn't stated
> > explicitly made me wonder why, that's all.
>
> Righto. There are better ways todo this type of thing.
>
> I.e find someones public key y such that y = g^x mod p, then make up a
> random k and send them g^k mod p, you can now both use g^xk mod p as a
> private key. Simple effective and to the point. You can calc g^xk mod p
> before talking to Bob as long as you know his public key .
>
> Tom
Okay, thanks. I'm already starting to get some heat from Corporate about
intellectual property, patents, etc. on all this. They know that Diffie-Hellman
has already gone through the patent cycle and is now in the public domain.
Unless I can demonstrate to them that Hughes and/or the variant you describe
above is free of encumberences, I'm willing to bet that the legal eagles are
going to insist I stick with DH for safety reasons. So we'll see. DH is three
transactions instead of two, which won't kill me in this particular
application. But things could be different in future projects, so I like to
have as much information at hand as I can when the rubber hits the road.
Thanks again...
- RL
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: ON-topic - UK crime statistics (was Re: Best, Strongest Algorithm)
Date: Tue, 15 May 2001 14:55:27 GMT
Arturo wrote:
> On Sat, 12 May 2001 15:06:43 -0600, [EMAIL PROTECTED] (wtshaw) wrote:
> >In elementary school, we had 4-10's and 22's and caried them to class
> >occasioinally, shot them at recess, took bullets apart, ignited contents
> >and fired the caps with a rock. The powder sometimes went into bombs,
> >most that fizzled. We shot firewirks, including banned ones from
> >Oklahoma, made our own cannon that fired projectiles of sticks, grass, and
> >rocks as we played war games with old building materials. In high school,
> >we had our own rocket club and some of these thing went for miles. We had
> >not adult supervision, made our own membership cards, and met to try out
> >our latest projects.
> Gosh, if the soviets did it, you guys yell out to the entier world how
> bellicous and committed to world domination are. But since it´s you, there´s
> nothing wrong? If you want them to defend their country, do it right: just send
> them to compulsory military service, then have then re-train and do field
> exercises every year under strictly military supervision, a la Swss. You won´t
> convince me than pre-teenagers playing McGyver or A-team will do better than
> blowing up Fed buildings.
?? What are you ranting about? The text you cited had nothing to
do with world domination or compulsory military training. (Any
rebuttal of your naive statements on these should clearly be done
elsewhere.)
> >Otherwise, nobody cared, we were learning lot about physics, not trying to
> >bump each other off.
> I´ve teaching physics for well over a decada, and I can tell you,
> there´s no need to shoot a rifle in order to understand momentum or ballistic
> motion.
The fellow didn't say that his particular experiences were *necessary*
for learning physics, he said that they were part of his learning
experience and were not bellicose. It is certainly true that an
important factor in education is the student *wanting* to learn, and
it makes sense to exploit the interests that he has on his own to
help motivate a subject. Some schools have model rocket clubs that
provide incentive to learn some math and physics. A standard example
in beginning physics classes is the projectile fired at an angle. Etc.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: good x86 coders (help please)
Date: Tue, 15 May 2001 14:40:09 GMT
Vincent Quesnoit wrote:
> Unfortunately I dont currently have an assembler that supports the MMX
> instructions.
I'm pretty sure that a patch for MASM is available for free.
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: TC15 analysis
Date: Tue, 15 May 2001 08:13:54 -0700
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:4zeL6.76746$[EMAIL PROTECTED]...
> I started my analysis of TC15 (more than just poking). I am looking for
low
> hamming weight differentials (i.e low active sbox count).
I just verified that there are no single round iterative differentials (at
any probability level) with hamming weight 6 or less.
My next step: two round iterative differentials...
--
poncho
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: ON-topic - UK crime statistics (was Re: Best, Strongest Algorithm)
Date: 15 May 2001 15:34:57 GMT
aquiranNO$[EMAIL PROTECTED] (Arturo) wrote in
<[EMAIL PROTECTED]>:
>On Sat, 12 May 2001 15:06:43 -0600, [EMAIL PROTECTED] (wtshaw) wrote:
>
>>In article <[EMAIL PROTECTED]>, Jim D wrote:
>>
>
>>In elementary school, we had 4-10's and 22's and caried them to class
>>occasioinally, shot them at recess, took bullets apart, ignited
>>contents and fired the caps with a rock. The powder sometimes went
>>into bombs, most that fizzled. We shot firewirks, including banned
>>ones from Oklahoma, made our own cannon that fired projectiles of
>>sticks, grass, and rocks as we played war games with old building
>>materials. In high school, we had our own rocket club and some of
>>these thing went for miles. We had not adult supervision, made our own
>>membership cards, and met to try out our latest projects.
>
> Gosh, if the soviets did it, you guys yell out to the entier world
> how
>bellicous and committed to world domination are. But since it´s you,
>there´s nothing wrong? If you want them to defend their country, do it
>right: just send them to compulsory military service, then have then
>re-train and do field exercises every year under strictly military
>supervision, a la Swss. You won´t convince me than pre-teenagers
>playing McGyver or A-team will do better than blowing up Fed buildings.
Actaully I suspect kids growing up in the Soviet Union
country side are much like the
kids in the country in the US. So I am not sure what your driving at.
I think from what little knowledge I have the Swiss system is pretty
dam good. I often wondered about shows like the A-team. I persoonally
think they where in no help to kids. They showed all kinds of automatic
gun file bouncing off empty oil drums and such with no one hurt. I
think this does far more damage to city kids that showing that people
really die and get maimed. If it had a more real level of violence it
might actually cause less trouble with kids.
>
>
>>Otherwise, nobody cared, we were learning lot about physics, not trying
>>to bump each other off.
>
> I´ve teaching physics for well over a decada, and I can tell you,
>there´s no need to shoot a rifle in order to understand momentum or
>ballistic motion.
>
I think I did great in physics becasue of what I learned using
guns as a kid. Maybe your specail in that you did not need to have
experence with a rifle. But I assure you that you aren't everybody
and just because you saw no use for it. Does not mean that others
not only saw a use for it but got a great benefit from it.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Keill Randor <[EMAIL PROTECTED]>
Subject: Re: Not a realistic thing to do......Why?
Date: Tue, 15 May 2001 14:58:16 +0000
"Tom St Denis" <[EMAIL PROTECTED]> wrote in article
<%_VL6.92784$[EMAIL PROTECTED]> :
>>
>> I AM comparing the system I have to an OTP, and it IS realistic to do so.
>
>If you seriously believe that you need a new line of work.
>
>> If you want security, then ANY system that is crackable, as far as I am
>concerned, is not good enough. (Granted, I am not a good enough
>mathematician to make much of a dent in PKI, though if I got together with a
>decent mathematician and a programmer, we might be able to work something
>out). As for symmetrical systems, though, as far as I am concerned if it's
>crackable its not very good....
>
>Again if you believe this you will never be a serious cryptographer.
>
>> I need to get the system I have made into a program, and see just how fast
>it really is, at it's most basic. (It pretty nmuch is an OTP) - (It'll
>still be far more secure than Rijndael).
>
>"pretty much an OTP" is a meaningless bloody term. For <insert some
>figureheads name> sake why must sci.crypt go thru this every week.
>
>Either it is an OTP or it's NOTHING LIKE AN OTP. There is no "quasi-otp".
>
The reason why I said "pretty much" is that it CAN be an OTP, if you wish to use it as
such....
The problem with what I have, is that it is more of a 'framework' within which any
system can be built, rather than a system in its own right, but again, the line is
pretty blurred... It's TOO flexible for it's own good.....
At it's worst, what I have is still better than nothing - (but not much) - and at's
it's 'best' - (depending on how you look at it), not even God would be able to crack
it, or solve it - (i.e. if the key(s) and ciphertext were known)...
Of course, though, the best way to use it would be to find the right point - (for
you), somewhere in the middle...
The problem with cryptography, (especially current systems), is that the REAL
security, lies with the algorithm, provided it's used as such - there's far more
combinations for that than there EVER will be for the key(s).... The problem is
coming up with a usable system that takes advantage of it.... Hopefully the program I
have in mind will help somewhat, but it's still just the foundations of it....
The program I have in mind is called DATE MANIPULATION - (the most powerful program of
ALL time....).
Keill Randor
[EMAIL PROTECTED]
_______________________________________________
Submitted via WebNewsReader of http://www.interbulletin.com
------------------------------
Subject: Re: which public key algorithm is easy & gd to use?
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Tue, 15 May 2001 16:01:12 GMT
Kent Briggs <[EMAIL PROTECTED]> writes:
> Paul Crowley wrote:
>
> > I would vote DHAES for encryption, and Schnorr for signatures.
>
> Isn't Schnorr still encumbered by a patent?
Yes, unfortunately so; I meant only that it's the conceptually
simplest secure signature scheme, not that I'd recommend it for real
use.
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark
------------------------------
Subject: Re: Encryption/Hash Permissions
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Tue, 15 May 2001 16:01:13 GMT
Kent Briggs <[EMAIL PROTECTED]> writes:
> FYI: RC2 was officially published a few years ago:
>
> http://www.rsasecurity.com/news/pr/970627.html
http://www.ietf.org/rfc/rfc2268.txt
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark
------------------------------
Subject: Re: new cipher
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Tue, 15 May 2001 16:01:12 GMT
jlcooke <[EMAIL PROTECTED]> writes:
> From the same people how gave us Magenta. Closed to the public for
> years and years, and when submitted to the AES, it took 10 minutes of
> questions from the audience to crack it. I'm weary.
No, Magenta was Deutsche Telekom, this is Mitsubishi and NTT. Also I
believe Magenta was devised for the AES, so "years and years" is an
exaggeration. Camellia is based on the E2 AES submission, which was
one of the stronger candidates.
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark
------------------------------
From: "Josyula R. Rao" <[EMAIL PROTECTED]>
Subject: FYI: Results on EM attacks on smart cards
Date: Tue, 15 May 2001 12:10:12 -0400
As part of our work on side channel cryptanalysis, Pankaj Rohatgi and I have
been investigating EM attacks on smart cards.
At this stage, we are releasing part of our results in the form of a
preprint. The gist of the preprint is that EM side channel carries more
information than the power side channel and thus could be used to break some
power analysis countermeasures. To avoid any controversy, the preprint only
describes EM attacks on test code on an unspecified smart card.
The paper entitled "EMpowering Side Channel Attacks" can be downloaded from
either http://eprint.iacr.org/2001/037.ps
or from our web site http://www.research.ibm.com/intsec/emf.html.
JR Rao
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
