Cryptography-Digest Digest #417, Volume #14 Wed, 23 May 01 15:13:01 EDT
Contents:
Re: survey (Mok-Kong Shen)
Re: Best, Strongest Algorithm (Tim Tyler)
Re: Best, Strongest Algorithm (Tim Tyler)
Re: Small (not fast) RIPEMD-160 (jlcooke)
Re: PRNG question from newbie (Stefan Lucks)
Re: Best, Strongest Algorithm (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (SCOTT19U.ZIP_GUY)
Ideas for project (Simon West)
Re: Best, Strongest Algorithm (Tim Tyler)
Re: Best, Strongest Algorithm (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (Paul Rubin)
Re: Ideas for project (Paul Rubin)
Re: Help with a message ("Robert Reynard")
Re: Weird Rijndael test vectors wanted ("Brian Gladman")
Re: TC15a analysis ("Tom St Denis")
Re: People with x86 cpus (please reply) ("Tom St Denis")
Re: survey ("Tom St Denis")
Re: survey ("Tom St Denis")
Re: Best, Strongest Algorithm ("Tom St Denis")
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: survey
Date: Wed, 23 May 2001 19:13:55 +0200
"Douglas A. Gwyn" wrote:
>
> Joseph Ashwood wrote:
> > ... Explore the boundaries, we know that the middle of the sandbox
> > offers some good secure areas, but it's crowded, find something that can
> > distinguish your designs from the designs of others. ...
>
> Joseph made some good points. One class of cryptosystem that has
> not been thoroughly explored in the open literature is stream
> ciphers that are *not* of the key-generator class. Some solid
> theoretical results there would be publishable, and a good system
> along those lines would have many uses. Not all communications
> are block-oriented!
Would you please explain a bit on the meaning of 'stream
ciphers that are not of the key-generator class'? Do
you refer to certain methods of generation of the
key stream (the bit sequence) or do you mean that the
key stream is used in other ways than xor (or similar
very simple operations)? Could you illustrate with
an example (certainly not necessarily a good cipher but
serving to render the concept understandable)? Thanks
in advance.
M. K. Shen
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm
Reply-To: [EMAIL PROTECTED]
Date: Wed, 23 May 2001 17:27:46 GMT
John Savard <[EMAIL PROTECTED]> wrote:
: (SCOTT19U.ZIP_GUY) wrote, in part:
:> Yes Joe and the other phony crypto gods refuse to openly state
:>that full RIJNDAEL can be used in a full block mode that is not
:>a weakened 3 letter chaining mode. Where the result can still be
:>bijective to byte files on input and output. They seem to wrongly
:>think only something weak like a counter mode can do this.
: Ah. Then you don't claim that you can, with Rijndael, using your
: preferred "full block mode", encipher a one byte compressed input to a
: one byte output?
That /might/ happen, once in a blue moon ;-)
--
__________
|im |yler http://rockz.co.uk/ http://alife.co.uk/ http://atoms.org.uk/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm
Reply-To: [EMAIL PROTECTED]
Date: Wed, 23 May 2001 17:33:38 GMT
John Savard <[EMAIL PROTECTED]> wrote:
: "Joseph Ashwood" <[EMAIL PROTECTED]> wrote, in part:
:>At one point you specifically stated that BICOM could
:>output a single byte output that was Rijndael encrypted, that always has
:>been, and always will be the problem.
: But that _is_ possible. Just use counter mode, for example.
BICOM doesn't use counter mode.
: I agree you can't use ECB mode, or CBC mode, to produce a one-byte
: Rijndael-encrypted output.
You can if you post-process the output, using a bijection betwen the set
of 128-bit-granular files, and the set of byte-granular files.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: jlcooke <[EMAIL PROTECTED]>
Subject: Re: Small (not fast) RIPEMD-160
Date: 23 May 2001 17:47:26 GMT
I wasn't kidding...for needy causes like this I'm cheep.
JLC
jlcooke wrote:
>
> I'll write you one for $500. :)
>
> JLC - picking on the little guys.
>
> Ian Stirling wrote:
> >
> > Anyone know of any small C or perl implementation of this?
> >
> > I'm looking for something under the 5-10K (compiled) of ones I've found.
> > Under 2K would be ideal.
> > For computing a password hash, so another cipher isn't an option.
> >
> > --
> > http://inquisitor.i.am/ | mailto:[EMAIL PROTECTED] | Ian Stirling.
> > ---------------------------+-------------------------+--------------------------
> > "Melchett : Unhappily Blackadder, the Lord High Executioner is dead
> > Blackadder : Oh woe! Murdered of course.
> > Melchett : No, oddly enough no. They usually are but this one just got
> > careless one night and signed his name on the wrong dotted line.
> > They came for him while he slept." - Blackadder II
------------------------------
From: Stefan Lucks <[EMAIL PROTECTED]>
Subject: Re: PRNG question from newbie
Date: Wed, 23 May 2001 19:51:17 +0200
On Wed, 23 May 2001, Paul Crowley wrote:
> Stefan Lucks <[EMAIL PROTECTED]> writes:
> > The paper I mentioned above indicates that something similar cannot exist
> > for Random Oracles.
[...]
> If there were some way we could make precise the idea of a Random
> Oracle that any Turing machine gains "magical" access to, perhaps the
> discrepancy the paper points to could be closed?
Yes, that is right. It is probably a good idea to try to describe more
precisely, what kind of property you require from entity H, rather than to
simply require H to be a "random oracle". The first time I have seen this
reasoning was in a Crypto 97 paper from Ran Canetti ("Towards realizing
random oracles: Hash functions that hide all partial information"), which
introduces a notion called "oracle hashing". This is not a generic
replacement for random oracles, but Canetti describes specific
cryptosystem-constructions which are povably secure when using "oracle
hashing".
There are two disadvantages of this approach. Assume you have a couple of
constructions, using some hash function H and provably secure in the
random oracle model if H is regarded as a random oracle.
1. For a given construction, it may be *very* difficult (and probably
is often impossible) to find more precise requirements for H, such
that you can still prove the constructions to be secure (without
using the oracle model).
2. Even if you succeed for a couple of constructions, you are likely to
end up with incompatible sets of requirements for H for each
construction. Thus, you do not have a single property for H such that
you know all constructions are secure, but your results are something
like the following:
* If H satisfies R1 then construction C1 is secure.
* If H satisfies R2 then construction C2 is secure.
* If H satisfies R3 then construction C3 is secure.
* ...
Nevertheless, I believe the current trend of research is to use random
oracles if you can't help, but to try to avoid them if possible.
--
Stefan Lucks Th. Informatik, Univ. Mannheim, 68131 Mannheim, Germany
e-mail: [EMAIL PROTECTED]
home: http://th.informatik.uni-mannheim.de/people/lucks/
====== I love the smell of Cryptanalysis in the morning! ======
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm
Date: 23 May 2001 17:47:25 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>John Savard <[EMAIL PROTECTED]> wrote:
>: (SCOTT19U.ZIP_GUY) wrote, in part:
>
>:> Yes Joe and the other phony crypto gods refuse to openly state
>:>that full RIJNDAEL can be used in a full block mode that is not
>:>a weakened 3 letter chaining mode. Where the result can still be
>:>bijective to byte files on input and output. They seem to wrongly
>:>think only something weak like a counter mode can do this.
>
>: Ah. Then you don't claim that you can, with Rijndael, using your
>: preferred "full block mode", encipher a one byte compressed input to a
>: one byte output?
>
>That /might/ happen, once in a blue moon ;-)
I agree it would be hard to find a one byte input file
that when run through BICOM would map to a one byte output
file. However its rather trival to find a 17 or 18 byte input
file that gets encrypted to a one byte output file.
The problem is that many are still use to the phony
crypto god notion of adding data to make the process weak
so there brain refuses to function correctly when it comes
to proper bijective compression encrption programs. Rather
than try to test it or think. The Reflex is that they have
to attack since any error in there belief system might start
the whole house of cards collapseing.
The phony ellite have done an excellant job in distorting
the earlyer Shannon principles that good encryption could
be based on.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm
Date: 23 May 2001 17:54:09 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>John Savard <[EMAIL PROTECTED]> wrote:
>: "Joseph Ashwood" <[EMAIL PROTECTED]> wrote, in part:
>
>:>At one point you specifically stated that BICOM could
>:>output a single byte output that was Rijndael encrypted, that always has
>:>been, and always will be the problem.
>
>: But that _is_ possible. Just use counter mode, for example.
>
>BICOM doesn't use counter mode.
>
>: I agree you can't use ECB mode, or CBC mode, to produce a one-byte
>: Rijndael-encrypted output.
>
>You can if you post-process the output, using a bijection betwen the set
>of 128-bit-granular files, and the set of byte-granular files.
I am surprised John doesn't see this. Just like I was surprised
he attacked me for years about his failings in the operation of PGP.
He is smart enough to sit down and think this through. Or at least
I think his is smart enough, Unless I have over estimated his
IQ.
John knows about the various bijection methods between files
of different fields and the FOF files. But I guess his hatred for
me blurs his possible good sense.
Joe on the other hand is clueless. He most likely hasn't been
spoon feed the concepts so they are clearly over his head for the
time being. But maybe there is hope for both of them yet. They
can still repent the error of there ways.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (Simon West)
Subject: Ideas for project
Date: 23 May 2001 10:56:31 -0700
Hello,
I am in the final few months of a Master's Degree
conversion course in I.T. I am currently in the initial
investigation stages of my final project
which is in the area of Web Security and data encryption.
So far I have acheived a general understanding of the
basics of symmetric and asymmetric encryption and background
history, legislation, etc but still have to get to grips fully
with the number theory underlyingthe algorithms.
This is acheivable.
What I am seeking are ideas, from those of you more
learned in the subject, as to suitable iteresting applications
which could be developed during a two month project.
I intend to learn Java in the course of the project.
My current programming skills include Ada95,
a little C++, HTML, XML and a little javascript.
Any ideas that I could consider would be very much
appreciated.
Cheers,
SIMON WEST.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm
Reply-To: [EMAIL PROTECTED]
Date: Wed, 23 May 2001 17:53:07 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote in message
:news:<[EMAIL PROTECTED]>...
:> [EMAIL PROTECTED] (Joseph Ashwood) wrote in <OXFxVM$1AHA.190@cpmsnbbsa07>:
: I bet you 1000$ if you publish serious analysis of Bicom and why it's
: better than say CTR mode for encrypting messages you will get the fame
: and glory you so desire.
It certainly has some different properties - here is some of the upside:
* Use of the same key on different messages is much better with BICOM, due
to the whitening.
* Bitflipping produces a huge error extension in BICOM - but none in
counter mode.
* BICOM compresses - files should be smaller, so there's less cyphertext
for the attacker to look at and messages are brought closer to the
unicity distance, so the likelihood of multiple correct-looking decrypts
is increased.
:> Let me state in a way you can understand. The NSA wants only
:> people to use RIJNDEAL in weak ways. They may provide a
:> list of programs that use RIJNDEAL in blessed ways. Matt has
:> used RIJNDEAL but it wont be blessed since its not as weakly
:> implimented as the NSA likes. He doesn't use nonbijective compression
:> like PGP. He doesn't use padding thats nonbijective. It will
:> encrypt any file. And any file can be uniquely decyrpted using
:> any key. This is not the kind of implimentaion the NSA wants
:> people to even know about. They don't even want people to
:> know about the concept. Since it allows for strong encryption
:> if uses in serial with another bijective encryption system.
:> It does add in the information helpful for breaking as other
:> methods do.
: That's a fine paragraph. You lack proof for both assumptions.
: 1) BICOM is secure
: 2) BICOM is better than anything currently out.
: I have listed alot of features of CTR mode over BICOM (again for
: clarity sake)
[snip 1-3]
: 4. CTR is provably as secure as the underlying block cipher (assuming
: the keys are all random).
How is this an advantage over BICOM?
[snip 5 & 6]
: Yes, Bicom provides other things such as "bijectiveness" (which is the
: entirely wrong word when talking about a block cipher).
BICOM is not a block cypher.
: But BICOM does not provide any of the 6 above points.
Yes it does.
: Further more problems with BICOM
: 1. No proof of security.
No proof for CTR mode either.
: 2. Not provably more secure then CTR mode
That depends on the assumptions and the attack model somewhat. If BICOM
compresses the target text - and brute force is the best attack - it will
be provably more secure than counter mode.
: 3. Not seekable
: 4. Not random access
Those are the same point with different numbers.
: 5. Not suitable for low end processors
You mean it's /slightly/ more complex than Rijndael itself? That is true.
: 6. Not as simple as CTR
That is only really a factor if you're having to write code.
Since working implementations of both exist, it doesn't make much odds
under many circumstances.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm
Date: 23 May 2001 18:08:55 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>Tom St Denis <[EMAIL PROTECTED]> wrote:
>: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote in message
>: news:<[EMAIL PROTECTED]>...
>:> [EMAIL PROTECTED] (Joseph Ashwood) wrote in
>:> <OXFxVM$1AHA.190@cpmsnbbsa07>:
>
>: I bet you 1000$ if you publish serious analysis of Bicom and why it's
>: better than say CTR mode for encrypting messages you will get the fame
>: and glory you so desire.
>
>It certainly has some different properties - here is some of the upside:
>
>* Use of the same key on different messages is much better with BICOM,
>due
> to the whitening.
>* Bitflipping produces a huge error extension in BICOM - but none in
> counter mode.
>* BICOM compresses - files should be smaller, so there's less cyphertext
> for the attacker to look at and messages are brought closer to the
> unicity distance, so the likelihood of multiple correct-looking
> decrypts is increased.
>
First of all TOM is a liar. He would never give me a 1000 dollars
he is not that honest. Second it should be obvious to anyone BICOM
is more secure. Than a RIJNDEAL in CTR mod. I think Tom knows this
he is just being an ass as usual.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm
Date: 23 May 2001 11:24:04 -0700
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
> Skipjack was intended, among other things, for safeguarding
> information within the government. The only specific known
> "weakness" intentionally built in was the key-escrow protocol,
> which is not a property of the encryption algorithm itself.
Another intentional weakness of Skipjack is the 80-bit key, which
according to some documents that Jim Gillogly posted a few years ago,
was intended to become breakable by brute force within a few decades
of when Skipjack was first designed.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Ideas for project
Date: 23 May 2001 11:26:44 -0700
[EMAIL PROTECTED] (Simon West) writes:
> I am in the final few months of a Master's Degree
> conversion course in I.T. I am currently in the initial
> investigation stages of my final project
> which is in the area of Web Security and data encryption.
> So far I have acheived a general understanding of the
> basics of symmetric and asymmetric encryption and background
> history, legislation, etc but still have to get to grips fully
> with the number theory underlyingthe algorithms.
> This is acheivable.
> What I am seeking are ideas, from those of you more
> learned in the subject, as to suitable iteresting applications
> which could be developed during a two month project.
> I intend to learn Java in the course of the project.
> My current programming skills include Ada95,
> a little C++, HTML, XML and a little javascript.
> Any ideas that I could consider would be very much
> appreciated.
Are you planning (or willing) to release the results as free software?
If so, I have some ideas I could suggest and would be willing to offer
advice along the way if that was useful. But if not, then I'd be
basically working for you for nothing if I got involved, which doesn't
excite me very much.
Just wondering.
Paul
------------------------------
From: "Robert Reynard" <[EMAIL PROTECTED]>
Subject: Re: Help with a message
Date: Wed, 23 May 2001 14:34:45 -0400
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Amethyste wrote:
> > IC1 = 0.069
> > IC2 = 0.054
> > IC3 = 0.064
>
> I have to object to this. A proper Index of Coincidence
> is the ratio of the observed number of coincidences to the
> expected number of coincidences, and therefore is somewhere
> around 1. I know there are textbooks that misdefine this,
> but it is important to have a standard unit of scale (1)
> in order to interpret the statistic.
I don't think so. I don't think William Friedman defined it that way either.
According to the Encylopedia of Cryptology, the Index of Coincidence (IC)
for a random mixture of letters is 0.0385 and the IC for a typical plaintext
message is 0.0667.
The formulation or 'test,' is the measure of the liklihood that any pair of
letters in a message are equal to each other. When the measured value is
0.0667, then this likihood is the same (coincides) as that of a typical
plaintext message.
Expectation of occurrences, or coincidences, plays no part in the definition
or calculation.
Robert Reynard
Author, Secret Code Breaker series of crypto books for young readers (8-16
yr.)
Secret Code Breaker Online at ==> http://codebreaker.dids.com
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Weird Rijndael test vectors wanted
Date: Wed, 23 May 2001 19:38:09 +0100
"Simon Josefsson" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Brian Gladman" <[EMAIL PROTECTED]> writes:
>
> > > > KEY=0000000000000000000000000000000000000000
> > > > PT=00000000000000000000000000000000
> > > > CT=32CB23EE8DEBD0D4E0983EE4D3318A5F
>
> > > KEY=0000000000000000000000000000000000000000
> > > PT=00000000000000000000000000000000
> > > CT=94B434F8F57B9780F0EFF1A9EC4C112C
> >
> > These values are correct, the earlier ones quoted are wrong.
>
> Thanks, I've corrected my implementation now. Here's a challenge:
> Given the errorenous output above (first one), what simple
> implementation misstake did I make? <g>
It is hard enough getting it right without test vectors, without having to
guess what others have done to get it wrong :-)
Brian Gladman
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: TC15a analysis
Date: Wed, 23 May 2001 18:46:09 GMT
"jlcooke" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> > a = ROTL(a, 1);
> > b = ROTL(b, 9);
> > c = ROTL(c, 17);
> > temp = (c*3) + (d*9);
> > a += temp;
> > b -= temp;
> > temp = (a*3) + (b*9);
> > c += temp;
> > d -= temp;
> >
> > We see by the second "temp = (a*3) + ..." that the first "temp" will
> > evaluate to -6 * temp which losses a bit but at least is not zero.
>
> I'll suggest using a multiply by 2 in GF(2^8) again. But you've heard
> me say this before and are probably getting annoyed, right Tom? :)
Curious, where would you place the GF mult?
>
> > Also the
> > reason I picked 3 and 9 is that on an x86 you can mult by these in a
single
> > clock cycle. I believe if I am not mistaken that even Alphas have
special
> > +- 2^k multipliers upto k=3 don't they?
>
> Yes. And DSPs have native "scale and accumulate" operations if you're
> interested in designing a good embedded cipher.
> a = a + b*c;
> a = a - b*c;
I shall keep that in mind.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: People with x86 cpus (please reply)
Date: Wed, 23 May 2001 18:46:41 GMT
"jlcooke" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> PIII 666 + 2/3. 215 cycles
>
> Also, for Linux. Your tc15_x86.asm isn't POSIX asembly. as86 will not
> assemble it.
Use the nix port of NASM
Tom
>
> JLC
>
> Tom St Denis wrote:
> >
> > I need people with the following cpus to run a program (or alternatively
> > build the source which is on my website) to test the speed of my cipher.
> >
> > - Pentium, PPro, PII, PIII
> > - Amd K6, K6-II, K7 (original not T-bird)
> > - Cyrix MII
> >
> > The program gives speeds in clock cycles so the clock rate of your cpu
is
> > irrelevant. The program was tested with DJGPP but should port easily to
> > Linux via GCC. I need people to run the program in a shell prompt with
all
> > other stuff closed (or alternatively goto dos completely). Once you run
it
> > copy all of the output and email it to me.
> >
> > If you can help just download
> >
> > http://tomstdenis.home.dhs.org/tc15a_asm.zip
> >
> > or the binary
> >
> > http://tomstdenis.home.dhs.org/tc15a_spd.exe
> >
> > Thanks,
> > --
> > Tom St Denis
> > ---
> > http://tomstdenis.home.dhs.org
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: survey
Date: Wed, 23 May 2001 18:47:21 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Joseph Ashwood wrote:
> > ... Explore the boundaries, we know that the middle of the sandbox
> > offers some good secure areas, but it's crowded, find something that can
> > distinguish your designs from the designs of others. ...
>
> Joseph made some good points. One class of cryptosystem that has
> not been thoroughly explored in the open literature is stream
> ciphers that are *not* of the key-generator class. Some solid
> theoretical results there would be publishable, and a good system
> along those lines would have many uses. Not all communications
> are block-oriented!
Ah... good idea... :-)
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: survey
Date: Wed, 23 May 2001 18:48:04 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> > "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Tom St Denis wrote:
> > > > Well my design is simple and faster than most other known block
ciphers.
> > > > Does that count?
> > > No.
> > > void encrypt(const char *key, char *data) { } // very fast and simple
> > And you call me immature? Wow, you guys have high standards... double
> > standards but high none the less.
>
> I was making an important point. I'm sorry you missed it.
I posted a complete algorithm and rough paper to talk about the decisions I
made.
Your reply was just immature and a poke. Sorry, what did I miss?
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm
Date: Wed, 23 May 2001 18:50:41 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> > BTW Scottu_zipguy, the NSA is not out to get you. I bet they have
> > never heard of you except in some jokingly fashion. There are what
> > 300 million us citizens? Why would the govt care about 1/300million
> > of it's population? Randomly that's 2^-28 chance of being picked on.
>
> Now Tom has indulged in some illogical reasoning of his own;
> *if* the Agency has a special interest in D.Scott, it wouldn't
> be as a randomly chosen citizen, but rather selected on the
> basis of special characteristics, to wit his crypto work or
> related comments. Although I see no reason why they should be
> worried.
My point was randomly not explitcitly. IOW Why would the NSA target out of
all of the KKK, NeoNazi, etc, nut-jobs, target one raving poster to
sci.crypt?
Besides in the States they will just make your thoughts illegal at some
point anyways. No cloak and dagger, just take the metaphorical whiteout to
the constitution :-)
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
