Cryptography-Digest Digest #545, Volume #14 Thu, 7 Jun 01 06:13:00 EDT
Contents:
Re: Is this a weakness in RSA key generation? ("Scott Fluhrer")
Re: fast CTR like ciphers? (Volker Hetzer)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Mok-Kong Shen)
Re: Notion of perfect secrecy ("Jeffrey Walton")
Humor, "I Must be a Threat to National Security" ("David G. Boney")
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: AES question ([EMAIL PROTECTED] (=?iso-8859-1?q?=D8yvind?=)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
Re: Notion of perfect secrecy ("Tom St Denis")
Re: Humor, "I Must be a Threat to National Security" ("Chaotic")
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
Re: Def'n of bijection (Mark Wooding)
----------------------------------------------------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Is this a weakness in RSA key generation?
Date: Wed, 6 Jun 2001 23:21:26 -0700
Bill Unruh <[EMAIL PROTECTED]> wrote in message
news:9fh2l5$6si$[EMAIL PROTECTED]...
> In <[EMAIL PROTECTED]> [EMAIL PROTECTED]
(Mark Borgerding) writes:
>
> ]I found that pgp 2.6.2 may sometimes generate a private exponent n
> ]that does not entirely match the RSA spec (as I know it)
>
> ]An RSA private exponent d
> ]1) d*e = 1 , mod (p-1)*(q-1)
>
> ]which implies
> ]2) d*e = 1 , mod (p-1)
> ]3) d*e = 1 , mod (q-1)
>
>
> ]pgp seems to occasionally generate a key that satisfies 2&3, but not
> ]1.
> ]I know that stmt #1 implies 2&3, but the reverse is not true.
>
> ]My question is: is this something to worry about? What effect would
>
> Yes. It will not work. You will not be able to decrypt anything.
It won't??? Would you please do me the favor of finding a p, q, d, e, x s.t.
p, q prime
p != q
d*e = 1 mod (p-1)
d*e = 1 mod (q-1)
((x**e)**d) != x mod pq
If, as you say, "it will not work", it should be pretty trivial to find such
a quintuplet.
--
poncho
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: fast CTR like ciphers?
Date: Thu, 07 Jun 2001 09:48:45 +0200
Tim Tyler wrote:
>
> Volker Hetzer <[EMAIL PROTECTED]> wrote:
> : Tim Tyler wrote:
>
> [fast primitive for CTR mode]
>
> :> My understanding is that what this application requires is a PRF - not a
> :> block cypher.
>
> : Well, in that case the attacker can distinguish the message stream from
> : a random stream.
>
> What - if a PRF is used to generate it?
No, if a block cipher (i.e. a prp) was used to generate it.
> While I believe it's customary to describe any system where there's
> a faster attack than brute force as being broken, I don't think
> this case is much of a concern if the opponent is one's little sister.
That's the academic definition. However, if there's a fixed, known and
proven reduction from one property (distinguishable from a random stream)
to a property you want to avoid (guessing the key or decrypting a message)
you can check your numbers and then decide wheather this particular attack
is of relevance to your application.
As it happens, this prp/prf stuff is IMHO only relevant if you either want to
use the ctr mode as a prng or go over so much of the counter space that
known-plaintext attacks or attacks based on the set of remaining blocks become
possible.
Remember, if you look at a fibre optics ocean cable, something like
80-130Gbit/s, we're talking about 2^62 bit per year. (Hoping I got the numbers
right here.) This is still a quarter of the amount of data you need to distinguish,
lets say AES-CTR from a random stream, much less get to work on predicting the
next block. In this case, the conclusion would be that the speed advantage of
CTR is much more important than an attack that only works if the lifetime of the
key exceeds the lifetime of the cable by a ridiculously large number of years.
Greetings!
Volker
--
They laughed at Galileo. They laughed at Copernicus. They laughed at
Columbus. But remember, they also laughed at Bozo the Clown.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 10:29:05 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
> >>
> >> I would have to read what Shannon wrote in more detail to say how what
> >> this thread is about relates to what he wrote.
>
> Actually its Tommy and Mok that need to read up.
>
> >>
> >> My main concern is with the definition and usage of the term
> >> "perfect secrecy" - I'd like to see what Shannon wrote,
> >> whether his proof relates to what he wrote, and whether others
> >> have followed his usage properly.
> >>
> >> That OTP's leak length information - and thus fail to conceal
> >> plaintexts properly is rather well known - indeed most other cyphers
> >> do this as well.
> >>
> >> Tom (and other posters) seem to have got the idea that the ordinary
> >> OTP is actually perfect at concealing information about the plaintext,
> >> given the cyphertext.
> >>
> >> That does /seem/ to be what Shannon said:
> >>
> >> ``The first definition of information-theoretic secrecy was given by
> >> Shannon, the founder of information theory. It is called perfect
> >> secrecy and means by definition that the plaintext is statistically
> >> independent of the encrypted data. This is equivalent to saying that
> >> the enemy cryptanalyst can do no better than guessing the plaintext
> >> without knowledge of the encrypted data, no matter how much time and
> >> computing power is used.''
> >>
> >> - http://www.inf.ethz.ch/department/TI/um/research/keydemo/Background.
> >> html
> >>
> >> ...but he is also supposed to have proved that the (conventional?) OTP
> >> has this property, which it does not. I'll resolve the apparent
> >> friction between these ideas by reading his actual words and proof.
> >>
> >> I'm curious to learn the historical roots of the (clearly mistaken)
> >> idea that conventional OTPs are perfect in this way. Is Shannon
> >> responsible? ...or those who came after him?
> >
> >I sincerely look forward to learn what you are going
> >to find out.
> >
> >Meanwhile I believe that the following is correct about
> >the issue: The OTP processing only guarantees that the
> >particular work that is performed doesn't give the opponent
> >any (more) information. It doesn't exclude however the
> >existence of other processing that could reduce the
> >information that he could otherwise have about the message.
> >As a special example, if any message is sent from my home,
> >the opponent knows that some person is present there (or
> >at least someone has programmed my computer to undertake
> >that action) at the particular time point. (That could
> >mean under circumstances quite a lot, e.g. when for
> >months no message had ever been sent.) No encryption
> >scheme, however 'perfect', could deprive him from
> >obtaining that knowledge. On the other hand, I could
> >manage to send the message from another place, in which
> >case he wouldn't have that information. Thus in a sense
> >the word 'perfect' in 'perfect security' is only to be
> >understood as one of terminology (definition) only and
> >does not have the common connotation of 'perfection'
> >(the ideal, the absolute best).
> >
>
> No "perfect security" means what it says see my
> other posts where I quote Shannon directly.
I know Shannon's definition. Tell me, why my view above
contradicts that in terms of a-priori and a-posteriori
probability.
M. K. Shen
------------------------------
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: Notion of perfect secrecy
Date: Thu, 7 Jun 2001 04:39:02 -0400
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
Hello David,
I apologize for my ignorance. I agree with Neil. I think I
understand your point with padding. But I'm not sure I
agree with it.
For example, if blocks are 64 Bytes, on average the last
block of 64 bytes will contain 32 padded bytes (again, on
average). This would imply that the adversary would know
what the plain text padded bytes are (some hand waving, but
a possible assumption). But this additional information
does not lend itself to plain text or key recovery (except
for the average of 32 trailing bytes).
I don't feel this is in opposition to Shannon's theories.
But there are clearly much more astute minds that visit this
NG. They could probably reveal my flawed thinking. I think
other cryptosystems could be vulnerable, but not the one
time pad.
For whatever reason, padding may be beneficial; but I don't
feel its required for the OTP. I also don't feel it
compromises the plain text either.
Respectfully,
Jeff
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in
message news:[EMAIL PROTECTED]...
| [EMAIL PROTECTED] (Tom St Denis) wrote in
| <kmBT6.47362$[EMAIL PROTECTED]>:
|
| >Ok this has gone on too long.
| >
| >Typically what you guys are missing is that the length of
the message is
| >not the secret. It's the contents of the message.
|
| <crap sniped>
|
| >At any rate if the length is important just pad the
message. Make the
| >message fit to be a multiple of say 64 bytes or
something.
|
| DUH??? GEE WHIZ length may mean something so pad to make
it
| match longest message for "perfect security" READ SHANNON
YOU IDOIT
| you can't have it both ways little BOY.
|
| David A. Scott
| --
| SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
| http://www.jim.com/jamesd/Kong/scott19u.zip
| My website http://members.nbci.com/ecil/index.htm
| My crypto code http://radiusnet.net/crypto/archive/scott/
| MY Compression Page
http://members.nbci.com/ecil/compress.htm
| **NOTE FOR EMAIL drop the roman "five" ***
| Disclaimer:I am in no way responsible for any of the
statements
| made in the above text. For all I know I might be drugged
or
| something..
| No I'm not paranoid. You all think I'm paranoid, don't
you!
|
------------------------------
From: "David G. Boney" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Humor, "I Must be a Threat to National Security"
Date: Thu, 7 Jun 2001 04:39:00 -0400
This is a multi-part message in MIME format.
=======_NextPart_000_0021_01C0EF0B.C56BA9E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
My frustrations with trying to find a job in government service are =
summarized in an essay I have posted that is titled, "I Must be a Threat =
to National Security". I have also placed my rejection letters from the =
CIA and NSA on-line.
http://www.seas.gwu.edu/~dboney/security.html
If anyone knows of any computer or network security engineer positions =
open, developer or administrator, in the Washington, DC area, that are =
commercial, non-government, non-government contractor, and don't require =
a clearance, please drop me a line. You can surf my home page to get a =
picture of my qualifications. Resume available upon request.
--=20
Sincerely,
David G. Boney
mailto:[EMAIL PROTECTED]
http://www.seas.gwu.edu/~dboney
=======_NextPart_000_0021_01C0EF0B.C56BA9E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4613.1700" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>My frustrations with trying to find a =
job in=20
government service are summarized in an essay I have posted that is =
titled, "I=20
Must be a Threat to National Security". I have also placed my rejection =
letters=20
from the CIA and NSA on-line.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://www.seas.gwu.edu/~dboney/security.html";>http://www.seas.gw=
u.edu/~dboney/security.html</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>If anyone knows of any computer or =
network security=20
engineer positions open, developer or administrator, in the Washington, =
DC area,=20
that are commercial, non-government, non-government contractor, and =
don't=20
require a clearance, please drop me a line. You can surf my home page to =
get a=20
picture of my qualifications. Resume available upon =
request.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><BR>-- <BR>Sincerely,<BR>David G. =
Boney<BR><A=20
href=3D"mailto:[EMAIL PROTECTED]";>mailto:[EMAIL PROTECTED]</A><BR><A=20
href=3D"http://www.seas.gwu.edu/~dboney";>http://www.seas.gwu.edu/~dboney<=
/A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV></BODY></HTML>
=======_NextPart_000_0021_01C0EF0B.C56BA9E0==
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 08:49:25 GMT
JPeschel <[EMAIL PROTECTED]> wrote:
: I could try to make the case that since I have some ciphertext, I know
: some information about the plaintext: That it actually exists! But I'd be
: kidding around. :-)
The definition of perfect secrecy could be reformulated to
cope with null cyphertexts if that was considered necessary.
In practice, it would probably be a bad idea to do this, most of the time.
At the moment the definition asks how much information is gained by the
attacker by observation of the cyphertext.
Allowing null cyphertexts might be desirable under some circumstances -for
example if you can guarantee message delivery - since the additional
message state does indeed offer the opportunity of improving secrecy.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 08:53:53 GMT
JPeschel <[EMAIL PROTECTED]> wrote:
: Tim Tyler [EMAIL PROTECTED] writes:
: Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
:>: Are you saying that the opponent can read the meaning
:>: from the length?
:>
:>He can if he knows the possible messages are "Yes" or "No".
:>
:>Say he just saw a message going the other way in the clear that read:
:>
:>``Did you destroy the evidence? Keep it brief - answer "yes" or "no".
:> Also, OTP-encrypt your reply for maximum security''.
: It seems unlikely, to me, anyway, that first message would be sent
: in the clear. But let's suppose it happens, and the correspondent
: follows directions. As the attacker you see three encrypted characters
: sent in reply. You immediately assume the answer is yes, however,
: the correspondent wrote:
: No.
: (He included the period, which was also encrypted, -- three characters.)
: Suppose this punctuation-conscious correspondent replied:
: Yes.
: (Also including the period, but four characters.)
: Now, you might think that he'd written yes with a period. He might have
: written yeah without a period. But maybe he didn't follow the directions
: exactly and could have could have written:
: Nope
: (Without the period.)
Suppose only two characters arrive, what then?
If you nitpick the examples without actually attacking the basic point, we
will only find other ones.
Where would your objection be if the word for the affirmative had seven
letters?
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 09:01:16 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Consider BICOM for example. It can map a 8 bit cyphertext to
:> one of some 2^128 plaintexts - considerably more than your figure of 2^8.
: There are in total 2^8 possible ciphertexts.
You were talking about a *particular* 8 bit cyphertext, of which there was
one, not 2^8
There are *many* more than 2^8 possible cyphertexts altogether.
: What is the cardinality of the set of plaintexts that correspond to them?
Well you don't /really/ want to know that, but...
The size of the set of plaintexts that could correspond to
2^8 cyphertexts them in some cyphersystems can be calculated by:
How many possible plaintexts are there in your whole system?
How many can be represented by your key? Multiply that by 2^8
(for the number of different cyphertexts you asked me to consider).
Take the smaller of these two figures, and you have my reply.
--
__________ http://rockz.co.uk/ http://alife.co.uk/ http://hex.org.uk/
|im |yler http://atoms.org.uk/ http://mandala.co.uk/ [EMAIL PROTECTED]
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 09:06:03 GMT
JPeschel <[EMAIL PROTECTED]> wrote:
: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes, in part:
: [EMAIL PROTECTED] (JPeschel) wrote in
:>>Point me to where Shannon says that the length of the plaintext
:>>must be kept secret.
:>Joe do you really need your hand held? I read the whole thing
:>I think you're a big boy and can read it yourself.
: Save your bullshit, Dave. If you can point me to where Shannon says
: the length of the plaintext must be kept secret, do it.
"perfect secrecy is defined by requiring of a system after a
cyptogram is intercepted by the enemy the a posteriori probabilites
of this cryptogram representing various messages be identaically the
same as the a priori probabilites of the same message before the
interception."
If the length of the plaintext is revealed by the cyphertext, this
condition does not hold.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 09:14:06 GMT
SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
: Joe if your serious about encryption. You should read
: Shannon's article "Communication Theory of Secrecy Systems" [...]
: In it he says "perfect secrecy is defined by requiring of
: a system after a cyptogram is intercepted by the enemy the
: a posteriori probabilites of this cryptogram representing
: various messages be identaically the same as the a priori
: probabilites of the same message before the interception."
So, Shannon states the definition sensibly ;-)
Shannon is also credited with the proof that the OTP has perfect secrecy,
which I believe should also be in the paper you reference?
Have you looked at that? Is it clear what system Shannon is talking
about there? Does he apply his own definition properly?
Is the system he considers one where the possible plaintexts under
consideration are all the same length?
--
__________
|im |yler Email: [EMAIL PROTECTED] ICQ :31813604 Yahoo messenger: tt2333
------------------------------
Subject: Re: AES question
From: [EMAIL PROTECTED] (=?iso-8859-1?q?=D8yvind?=
Date: 07 Jun 2001 11:26:51 +0200
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> BTW, isn't it that in a mobile
> communication standard an algorithm originated in
> Japan would be used instead of AES? Does anyone know
> the reason why?
>
In the standard for 3rd generation mobile communication[1], KASUMI[2],
a variant of the MISTY algorithm[3] is used for encryption. At the
time the decision was made to use KASUMI, the AES competition was not
yet finalized, and I believe that is the reason AES was not used.
AES/Rijndael is, however, used in the example set of 3GPP
authentication algorithms known as MILENAGE[4].
[1] http://www.3gpp.org/
[2] http://www.etsi.org/dvbandca/3GPP/3gppspecs.htm
[3] http://www.security.melco.co.jp/MISTY/MISTY.htm
[4]
ftp://ftp.3gpp.org/tsg_sa/WG3_Security/2000_meetings/TSGS3_16_Sophia_Antipolis/Docs/PDF/S3-000730.pdf
--
Øyvind Eilertsen
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 09:22:51 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
: Meanwhile I believe that the following is correct about
: the issue: The OTP processing only guarantees that the
: particular work that is performed doesn't give the opponent
: any (more) information.
The opponent knows more about the plaintext after observing the
cyphertext than he knew before he saw it - namely the length.
The violates perfect secrecy.
: It doesn't exclude however the existence of other processing
: that could reduce the information that he could otherwise
: have about the message. As a special example, if any
: message is sent from my home, the opponent knows that
: some person is present there (or at least someone has
: programmed my computer to undertake that action) at
: the particular time point. (That could mean under
: circumstances quite a lot, e.g. when for months no
: message had ever been sent.) No encryption
: scheme, however 'perfect', could deprive him from
: obtaining that knowledge. On the other hand, I could
: manage to send the message from another place, in which
: case he wouldn't have that information. Thus in a sense
: the word 'perfect' in 'perfect security' is only to be
: understood as one of terminology (definition) only and
: does not have the common connotation of 'perfection'
: (the ideal, the absolute best).
Traffic analysis information is indeed often present -
but we are talking about once a message exists, does
the attacker gain anything by looking at the cyphertext.
That's what the definition of "perfect secrecy" talks about.
Perfect secrecy applies to encryption devices. Time of
message transmission etc is considered to be outside its scope.
A conventional OTP, that preserves message length and is
asked to deal with variable length messages does *not*
have Shannon's perfect secrecy property.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 09:34:13 GMT
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> writes:
> > <[EMAIL PROTECTED]> wrote in message
> >> Tim Tyler <[EMAIL PROTECTED]> writes:
> >>>
> >>> ...but why only consider the possible messages of size 2^n? This is
> >>> a tiny subset of the messages that could have been transmitted.
> >>
> >> Right! That's why ``perfect secrecy'' is only attainable if the
ciphertext
> >> is longer than *any* possible plaintext. All messages must have
infinite
> >> length.
> >
> > You're a loon.
>
> That's not nice! Anyway, your sarcasm detector must be busted.
Sorry but anyone who argues fundemental truths is a loon. :-)
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Notion of perfect secrecy
Date: Thu, 07 Jun 2001 09:34:52 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Tom St Denis) wrote in
> <kmBT6.47362$[EMAIL PROTECTED]>:
>
> >Ok this has gone on too long.
> >
> >Typically what you guys are missing is that the length of the message is
> >not the secret. It's the contents of the message.
>
> <crap sniped>
>
> >At any rate if the length is important just pad the message. Make the
> >message fit to be a multiple of say 64 bytes or something.
>
> DUH??? GEE WHIZ length may mean something so pad to make it
> match longest message for "perfect security" READ SHANNON YOU IDOIT
> you can't have it both ways little BOY.
Typically the MEANING of the message is not stored in the length.
Tom
------------------------------
From: "Chaotic" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Re: Humor, "I Must be a Threat to National Security"
Date: Thu, 07 Jun 2001 09:37:02 GMT
This is a multi-part message in MIME format.
=======_NextPart_000_0181_01C0EE74.71FD0C00
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Aww that's gotta suck.
Chaotic.
Trust no one!
David G. Boney <[EMAIL PROTECTED]> wrote in message =
news:E4HT6.3857$[EMAIL PROTECTED]...
My frustrations with trying to find a job in government service are =
summarized in an essay I have posted that is titled, "I Must be a Threat =
to National Security". I have also placed my rejection letters from the =
CIA and NSA on-line.
=20
http://www.seas.gwu.edu/~dboney/security.html
=20
If anyone knows of any computer or network security engineer positions =
open, developer or administrator, in the Washington, DC area, that are =
commercial, non-government, non-government contractor, and don't require =
a clearance, please drop me a line. You can surf my home page to get a =
picture of my qualifications. Resume available upon request.
=20
--=20
Sincerely,
David G. Boney
mailto:[EMAIL PROTECTED]
http://www.seas.gwu.edu/~dboney
=20
=20
=======_NextPart_000_0181_01C0EE74.71FD0C00
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Aww that's gotta suck.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Chaotic.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Trust no one!</FONT></DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: =
0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV>David G. Boney <<A =
href=3D"mailto:[EMAIL PROTECTED]";>[EMAIL PROTECTED]</A>>=20
wrote in message <A=20
=
href=3D"news:E4HT6.3857$[EMAIL PROTECTED]";>news:E4HT6.3857$aK4.2694=
[EMAIL PROTECTED]</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>My frustrations with trying to find a =
job in=20
government service are summarized in an essay I have posted that is =
titled, "I=20
Must be a Threat to National Security". I have also placed my =
rejection=20
letters from the CIA and NSA on-line.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><A=20
=
href=3D"http://www.seas.gwu.edu/~dboney/security.html";>http://www.seas.gw=
u.edu/~dboney/security.html</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>If anyone knows of any computer or =
network=20
security engineer positions open, developer or administrator, in the=20
Washington, DC area, that are commercial, non-government, =
non-government=20
contractor, and don't require a clearance, please drop me a line. You =
can surf=20
my home page to get a picture of my qualifications. Resume available =
upon=20
request.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><BR>-- <BR>Sincerely,<BR>David G. =
Boney<BR><A=20
href=3D"mailto:[EMAIL PROTECTED]";>mailto:[EMAIL PROTECTED]</A><BR><A=20
=
href=3D"http://www.seas.gwu.edu/~dboney";>http://www.seas.gwu.edu/~dboney<=
/A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial =
size=3D2></FONT> </DIV></BLOCKQUOTE></BODY></HTML>
=======_NextPart_000_0181_01C0EE74.71FD0C00==
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 09:37:13 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> JPeschel <[EMAIL PROTECTED]> wrote:
> : [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes, in part:
> : [EMAIL PROTECTED] (JPeschel) wrote in
>
> :>>Point me to where Shannon says that the length of the plaintext
> :>>must be kept secret.
>
> :>Joe do you really need your hand held? I read the whole thing
> :>I think you're a big boy and can read it yourself.
>
> : Save your bullshit, Dave. If you can point me to where Shannon says
> : the length of the plaintext must be kept secret, do it.
>
> "perfect secrecy is defined by requiring of a system after a
> cyptogram is intercepted by the enemy the a posteriori probabilites
> of this cryptogram representing various messages be identaically the
> same as the a priori probabilites of the same message before the
> interception."
>
> If the length of the plaintext is revealed by the cyphertext, this
> condition does not hold.
How? If you have an 8-bit ciphertext all 256 plaintexts are equally
probable. That follows this distribution.
You're idea of security only works if your cipher can produce infinite
length ciphertexts. (of course your idea of security is vastly flawed)
I would hate to use 1.7 x 10^55 bytes of ram to send a 10 byte message
home....
Tom
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Def'n of bijection
Date: 7 Jun 2001 09:37:24 GMT
Tim Tyler <[EMAIL PROTECTED]> wrote:
> It /looks/ like you're doing something like performing sums with
> finite sets and expecting the results to make sense when considering
> infinite ones.
Hmm, yes. A bit careless of me. I ought to know better than that.
-- [mdw]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
