Cryptography-Digest Digest #560, Volume #14 Fri, 8 Jun 01 01:13:00 EDT
Contents:
Re: Any Informed Opinions? (Bob Silverman)
Re: Knapsack security??? Ah....huh ("rosi")
Re: Any Informed Opinions? ("Jeffrey Walton")
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes
(sisi jojo)
What is a skeleton book? ("John A. Malley")
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("John A. Malley")
Re: Notion of perfect secrecy (SCOTT19U.ZIP_GUY)
Re: Simple C crypto ("Dirk Bruere")
Re: Any Informed Opinions? ("Dirk Bruere")
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes
(SCOTT19U.ZIP_GUY)
Re: MD5 for random number generation? (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: What is a skeleton book? ("Robert J. Kolker")
Re: Best, Strongest Algorithm (gone from any reasonable topic) (JPeschel)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Bob Silverman)
Subject: Re: Any Informed Opinions?
Date: 7 Jun 2001 20:04:03 -0700
"Robert J. Kolker" <[EMAIL PROTECTED]> wrote in message
news:<[EMAIL PROTECTED]>...
> Does anyone have informed opinions
> on what influence quantum computing
> will have on cryptography and
> cryptanalysis?
I have such an opinion.
>
> Qbits are alive and real. It remains to
> be seen if genuine computers can be
> made from them.
You just stated my opinion.
Does anyone remember when wafers were going to be a "panacea to
technology limitations"? Ditto for "Josephson Junctions" or
"Room temperature superconductors" or "Gallium Arsenide"??
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: Knapsack security??? Ah....huh
Date: Fri, 8 Jun 2001 00:21:58 -0400
Dear John,
Thank you for the reply.
I will perhaps never know why you think I am taunting you.
But if you do, whether it is really due to me, I apologize.
Merc42 asked in pretty general terms about the knapsack
problem and you seem eager to know. I offered to share
information. Is this fair?
First, I do not know how far we can go. The requirement for
basic knowledge will still apply. Without that, we can get stuck
anywhere.
So, is it a go?
I think it is only fair that I give you enough information on
what is ahead. I have some simple stuff, from which I would like
to see if certain things are as trivial as I seem to see. So I give the
best shot I can fire and would like you to help me. I will put
forth two quite non-technical questions, which do not require
definitive answers (or in other words, what answers come back is
not that important). There is one technical issue I would appreciate
it if you could share your thoughts with us, but that is not really
expected. It is up to you. The issue is to prove from what I
give you that P != NP. (Hope you are still in your chair if you
were:). Checked, I am still in mine)
Please do not be alarmed. It should be simple. Ideas about
both the two questions and the P!=NP issue can be formed in
your head by simply ‘staring at’ a construction I give you for a
few minutes. I am not saying that you may come up with all
the boring details of a proof after reading and thinking about
it for a few minutes. I mean that you can get the sense of it.
So you now may see that I am not in NTRU, not just because
I have nothing to do with NTRU. What I want is to complete the
sentence about "THE" whole issue and put a small fullstop to
it. Simple enough?
I caution that I am not interested in other way of proving this
time and you may not use the material on P!=NP for the past
couple of years (should there have been any). Of course, you
can prove (or even disprove) P!=NP in any way, but I am only
interested in a result from the construction I give you. You may
comment on other related things and virtually anything that you
feel relevant. Clear? If you need, I can help in a very limited way,
such as telling you the few alphabetical letters summing up a
proof. There are more than one way to prove, I believe. As
long as a proof is based on the construction, you can use any
technique.
I think, I can go even more specific on the two questions.
I will give you two statements about the construction. Both are
lies, obvious lies. What I want you to help is to comment on the
two lies. In particular, I hope you point out why they are lies
and more interestingly, in my opinion, is that you see that even
they are lies, they are practically valid. (Be aware, that I did not
say that a proof will have such kind of lies, or any lies, in it)
You do not have to say what I expect you to say. You can
oppose me anywhere, as long as you are truthful to yourself.
So if you think this is of interest to you and this can be
a go, please let me know. But I repeat, if you are only
interested in NTRU, we are definitely not on the same track.
(I am pretty sure that is the case, which makes a pretty good
excuse. :) But please prove me wrong.)
Any other readers are interested? Want to help? Please
let me know.
By the way, thanks for the pointers to the articles. I may
have missed it, but could you tell me what exploitable spots
of NTRU have you found or any new techniques, to avoid the
q-vectors for example?
Thanks tremendously.
--- (My Signature)
John Bailey wrote in message <[EMAIL PROTECTED]>...
>On Wed, 6 Jun 2001 22:47:27 -0400, "rosi" <[EMAIL PROTECTED]> wrote:
>
>>John & Merc,
>>
>> Are you serious? I am still waiting.
>
>http://www.frontiernet.net/~jmb184/interests/sci.crypt/cracked/3_re_New_alg
.txt
>contains the analysis of a diophantine encryption sytem proposed by
>Dan Smith that I reviewed the way I assume you are offering to do for
>the NTRU system. The analysis responded to a post on sci.crypt of May
>22, 1998 which is filed at:
>http://www.frontiernet.net/~jmb184/interests/sci.crypt/cracked/1_re_New_alg
.txt
>Feel free to look at the other posts in the thread also filed there.
>Some, but not all made the trip from Dejanews to Google.
>
> If you can outline a comparable dissection, showing resonable
>parallels between the NTRU system and a peer reviewed comparision
>system, that would be great. Otherwise, don't taunt.
>
>John
------------------------------
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: Any Informed Opinions?
Date: Thu, 7 Jun 2001 23:14:28 -0400
: A few nS is enough if it completes the calculation you need.
Good point. Has anyone conjectured how much time will be required
before the QC can collapse?
"Dirk Bruere" <[EMAIL PROTECTED]> wrote in message
news:AEWT6.20084$[EMAIL PROTECTED]...
:
: "Jeffrey Walton" <[EMAIL PROTECTED]> wrote in message
: news:3b2016d4$0$[EMAIL PROTECTED]...
: > Quantum cryptography has been demonstrated at AT&T labs (is the lab
: > correct?) upto a distance of about 15 km in a fibre. This number
has
: > probably improved. Bennet and Brassard built the protoype. See the
: > section Technical Limits in Quantum Cryptography in
: > http://www.aro.ncren.net/phys/proceed.htm for a more complete
treatment
: > (but somewhat out of date). A recent but less technical article can
be
: > found at http://www.wired.com/news/privacy/0,1848,40969,00.html
:
: > The computers that will factor and solve DLP are still in their
infancy.
:
: So we are told.
: So far the max I have heard of is a 7 qubit demo. Useful machines
probably
: start at around the 50qubit mark, and we are officially a long way
from
: that. However, who knows what a billion dollars of NSA money might
have come
: up with?
:
: > From what I understand, they have been demonstarted; but only exist
for
: > less than nanoseconds. I don't have a reference for the
demonstartion.
: > I think it was read in a journal.
:
: A few nS is enough if it completes the calculation you need.
:
: > It does not appear a quantum computer will break a quantum
cryptosystem.
:
: There is a 'no cloning' theorem in QM which makes it secure. However,
it is
: known that QM is not the last word in desriptions of nature,
especially
: where the crucial 'measurement process' (collapse of the wave
function) is
: concerned. This is at the heart of quantum computing and is not
understood,
: despite plenty of speculation, incluing consciousness as the agent.
:
: > A quantum computer will probably break all classical computer based
: > cryptosystems. Mollin, An Introduction to Cryptography, p.267.
:
: There is also speculation that QCs will follow 'Moores Law', although
its
: rather early to tell. This means that every two years or so the number
of
: qubits will double. If so most cypher systems will be insecure within
this
: decade.
:
: Dirk
:
:
:
:
------------------------------
From: [EMAIL PROTECTED] (sisi jojo)
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large
Primes
Date: 7 Jun 2001 20:11:21 -0700
I think math skill is not related to math knowledge. Advanced Math is
more like a mystic language. I made up an example. I'm sure it reflects
the learning experience of a lot of people.
Some author uses the term metric space in an article. Suppose you don't know
the term. you can't follow the argument. What is a metric space? So you start
searching.
Elementary algebra books don't cover it.
Advanced algebra books don't cover it.
Then you find a book that uses the term but does not describe it.
Then you find a book that has a definition. The book is the type that has one
line of English text for every 20 lines of equation. The definition (probably)
involves all of the following: an arbitrarily small epsilon, a ball of epsilon
neighborhood, some open/closed/compact/complete sets, a few bounds, some more
terms you have never heard of... then take the limit too. Do you understand it?
Sort of. Do you see how it fits into the original article? Nope.
Eventually you land your hands on a book unrelated to algebra. On the footnote
of a certain page, it says metric space is space with a metric(distance)
function. So that's what it is! You immediate dig up your algebra book, review
everything, make sure you get the concept correct. After hours and hours of
work, you finally know what a metric space is.
Now you go back to the original article. You wonder what sophisticated proof
requires a sophisticated metric space definition...
To your surprise, nothing sophisticated at all! The author is only talking
about the number of bits that are different between 2 messages! A 5 year old
knows what that means!
Your S.O. starts to hear words he/she has never heard you speak before:
!@#$%^&*(*()%$@@!$%^%^#$@$$^&^*
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: What is a skeleton book?
Date: Thu, 07 Jun 2001 20:14:57 -0700
I picked up a copy of "The Emperor's Codes, The Breaking of Japan's
Secret Ciphers" by Michael Smith (now available in the states and
recently recommended by a poster here in sci.crypt) and encountered a
term I've never seen before - a "skeleton book."
Chapter 2, pg. 24, there's this paragraph - a quote from Commander
Alistar Denniston, responsible for the day-to-day operations at the
Government Code and Cipher School in England. Mr. Denniston is talking
about intercepted Japanese Navy traffic:
"From then onwards," Denniston wrote, "there was a flow of traffic by
bag to London where the various codes were segregated and broken as far
as possible and a return flow of officers with skeleton books to carry
on the work locally."
What is this 'skeleton book'? (I suspect it's a British idiom I've never
encountered before.)
I found no mention of it in Kahn's "Codebreakers" or any definition of
it in "The Emperor's Codes." And I tried a Google search - no results.
Thanks for any info,
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 20:50:45 -0700
"SCOTT19U.ZIP_GUY" wrote:
[...]
>
> Try taking another look.
I did.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Notion of perfect secrecy
Date: 8 Jun 2001 03:52:35 GMT
[EMAIL PROTECTED] (John Savard) wrote in
<[EMAIL PROTECTED]>:
>On Thu, 7 Jun 2001 00:39:15 -0700, "Neil Couture"
><[EMAIL PROTECTED]> wrote, in part:
>
>quoting David A. Scott:
>>> DUH??? GEE WHIZ length may mean something so pad to make it
>>> match longest message for "perfect security" READ SHANNON YOU IDOIT
>>> you can't have it both ways little BOY.
>
>>Maybe i read Shannon wrong but as I understand a key of lenght n is
>>enough for encrypting
>>a msg of lenght n. that's it.
>
>You're both right.
>
>If the longest message has length N, but your current message is of
>length n (and includes an end-of-message indication) you only require
>a key of length n for perfect secrecy, because the N-n bits remaining
>may be generated at random by the sender without the intended
>recipient requiring any additional key bits.
>
But Tommy only wants to send the number of bits of whatever
message he choose. He does not wish to mask length of shorter
messages by sending extra bytes. So though adding random data
to pad would work. Tommy does not wish to do this.
>John Savard
>http://home.ecn.ab.ca/~jsavard/frhome.htm
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Dirk Bruere" <[EMAIL PROTECTED]>
Subject: Re: Simple C crypto
Date: Fri, 8 Jun 2001 05:02:34 +0100
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:o6XT6.55186$[EMAIL PROTECTED]...
>
> > > > That is not a major worry.
> > >
> > > Then what is?
> >
> > Someone fiddling with a file on a computer because they're bored for
> 10min?
>
> And if they are lucky and happend to know how to make a website?
A copyright lawsuit?
> > > Why even bother with crypto? Just xor the file with 0xAA.
> >
> > Quite likely a variant of that will be used, unless there is some
> > almost-as-simple and stronger alternative.
> > Hence my inquiry.
>
> Well if you find something patent it and sell it to the MPAA and RIAA.
You
> will make literally millions!
Doesn't sound too difficult.
Just need a bucket of qubits.
Dirk
------------------------------
From: "Dirk Bruere" <[EMAIL PROTECTED]>
Subject: Re: Any Informed Opinions?
Date: Fri, 8 Jun 2001 05:05:47 +0100
"Jeffrey Walton" <[EMAIL PROTECTED]> wrote in message
news:3b204234$0$[EMAIL PROTECTED]...
> : A few nS is enough if it completes the calculation you need.
>
> Good point. Has anyone conjectured how much time will be required
> before the QC can collapse?
Entanglement can last indefinately.
It depends on outside influences performing a QM 'measurement'. Nobody knows
for sure what that actual process entails.
The problem is keeping a large number of bits entangled and isolated, but
not so isolated you can't do anything with them.
Dirk
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large
Primes
Date: 8 Jun 2001 03:57:53 GMT
[EMAIL PROTECTED] (David Wagner) wrote in
<9fp4cm$2s77$[EMAIL PROTECTED]>:
>Joseph Ashwood wrote:
>>Take a simpler
>>problem 1+1=2, everyone learns that in 1st grade (some earlier, some a
>>little later), but it takes a doctorate in mathematics, and a few hundred
>>pages of very intricate math to prove it without assuming things.
>
>Bah. One cannot prove 1+1=2 without assuming things.
I know it not your style to answer easy questions but
why don't you go out on a limb and say how one use a
OTP crypto system. If you have as the possible input
space several different messages of various length.
When you encypt using one time pad to get "perfect secrecy"
in the Shannon sense. If you do and are honest I will
stop bring up the fact you stated scott19u dead by slide
attack when in fact you later mentioned you never fully
understood what my method did.
Hey I tried.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: MD5 for random number generation?
Reply-To: [EMAIL PROTECTED]
Date: Fri, 8 Jun 2001 04:12:16 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> :> :> Toby Sharp wrote:
:> :> :> > I've heard of people using MD5 for random number generation. But,
:> :> :> > as far as I can tell, MD5 is a one-way hash algorithm. How is
:> :> :> > this used for random numbers? [...]
:>
:> :> : Yeah, you have to make sure though, that your PRNG is forward and
:> :> : backwards safe. [...]
:>
:> :> So you could just use
:> :>
:> :> : H[i] = HASH(SEED || i)
:> :>
:> :> : Which is essentially a CTR mode of operation.
:> :>
:> :> It looks like you're thinking of state compromises that don't affect
:> :> SEED.
:> :>
:> :> If you think SEED might also be compromised, backward secrecy is
:> :> hardly possible (without a source of entropy anyway) - and the
:> :> second equation offers no forward secrecy.
:>
:> : Here's a tip. Give some thought to what you post.
:>
:> : No PRNG is ever secure if the initial seed is compromised. The seed is
:> : what determines the PRNG output...
:>
:> Security in the face of state compromise is a very important part of
:> what forward secrecy in RNGs is all about.
: Yes. And my PRNG I proposed is forward secure.
: H[i] = HASH(SEED || I)
: Suppose you guess H[i], how do you get H[i+1] or H[i-1]?
You don't.
However, say someone breaks into your office and wanders out with i and
SEED.
With this information they have access to all the past outputs of the RNG.
This is known as a "backtracking attack" - and can be of significance if
the RNG is used for key generation - since you don't want numerous past
keys to be compromised by a single lapse of security on some future date.
Backtracking attacks can be prevented - they are not inherent in all PRNGs.
:> As for backward secrecy - this is (as I mentioned) impossible in a PRNG
:> whose state has been compromised. However, the OP never mentioned PRNGs.
: Are you sure? Read the subject line!
I see an R, an N and a G there - but can see no sign of a P.
While concealing the forward evolution of a PRNG is impossible in the face
of state compromise, this is not true of other types of random number
generator.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Fri, 8 Jun 2001 04:18:18 GMT
JPeschel <[EMAIL PROTECTED]> wrote:
: Tim Tyler [EMAIL PROTECTED] writes:
:>JPeschel <[EMAIL PROTECTED]> wrote:
:>: I could try to make the case that since I have some ciphertext, I know
:>: some information about the plaintext: That it actually exists! But I'd be
:>: kidding around. :-)
:>
:>The definition of perfect secrecy could be reformulated to
:>cope with null cyphertexts if that was considered necessary.
: Now don't start re-defining again! (Yeah, I know you don't think you've
: re-defined anthing.)
IIRC, according to Scott this reformulation was discussed by Shannon
himself.
:>Allowing null cyphertexts might be desirable under some circumstances -for
:>example if you can guarantee message delivery - since the additional
:>message state does indeed offer the opportunity of improving secrecy.
: Even if you enciphered null or random plaintext, you still know, upon
: looking at the ciphertext that a plaintext existed. [...]
That wasn't the idea. A null cyphertext represents the absence of a
cyphertext - and the absence of a corresponding plaintext. It's just a
name for non-existence.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Fri, 8 Jun 2001 04:24:58 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
:> [...] if your set is a bunch of different
:> length messages just XOR and sending then where you always
:> have more than one possible message for a given length you
:> may "have some security" but some is not the same as "perfect"
:> since you have many messages from your input set that have
:> been iliminated.
: That doesn't matter at all. Even if you know the original message occupied
: 128 bits but there are only 13 possible remaining messages it's still
: perfectly secure. Since the remaining messages have a 1/13 chance of being
: the correct one you can't tell the correct one from a false one.
Except for the fact that they are different lengths - so regardless of
the probability of their arising as plaintexts, you can easily distinguish
them if given a corresponding cyphertext.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Fri, 8 Jun 2001 04:39:09 GMT
[EMAIL PROTECTED] wrote:
: Tim Tyler <[EMAIL PROTECTED]> writes:
:> I assume you didn't understand :-( I figure that makes you a lost cause.
: Don't go easy on me--give me the full-bore mathematical proof [...]
You expect me to create a "full-bore mathematical proof" for something so
obvious as to be totally unpublishable - just to satifsy your curiousity
on usenet?
While the fact that compression is likely to increases the density of
plausible decrypts ay any given cyphertext size, a rigorous proof
of the fact would undoubtedly run to several pages - in part since
the conclusion is a statistical one.
Sorry - but I have better things to do with my time than trying to educate
the demonstrably uneducatable.
I've shown you the form of the proof twice now. If for some reason you
desperately want to quantify everything, you have everything you need to
do so available.
:>:> Did you miss my 129 bit message?
:>
:>: If that's not the only message you send, then we're NOT dealing with
:>: only 129 bits; we're dealing with all the bits you encrypted with that
:>: key.
:>
:> No - not if there are multiple messages and key per message.
: If there is a separate key per message, you do realize that you have
: a serious key distribution problem, don't you?
No I don't. What if keys are already distributed? What if I'm swapping
emails with uncle Boris - and we have a whole floppy disc's worth of keys
that we exchanged when we met a year ago?
Anyway, what has key distribution got to do with the issue of
whether compression increases the proportion of plausible decrypts -
apart from attempting to distract attention from it?
: Hint: That's why one-time-pads aren't used for everything.
I'm not talking about one time pads! That would be a complete waste of
keyspace. Or are you not following the argument at all?
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Fri, 8 Jun 2001 04:44:58 GMT
Tim Tyler <[EMAIL PROTECTED]> wrote:
: [EMAIL PROTECTED] wrote:
: : [...] *THE* system I've described above is *THE* system w.r.t. which
: : you claim BICOM provides a genuine increase in secrecy--namely,
: : English messages up to 1K in size.
: Compression increases the chance of message collisions regardless of
: the size of the message. However the absolute chance of
: collisions may well be low for large messages.
: Where did I previously mention messages of 1K in size? Can you quote
: me doing so?
Apparently not. It appears to me that you fabricated this in order to
represent me as defending the indefensible. That's the third time you
appear to have pulled an unpleasant debating trick in our discussions.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Fri, 8 Jun 2001 04:50:10 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Where the attacker has a priori knowledge that the message is going
:> to be either "yes" or "no" - but doesn't know which.
: That's just a contrived example of how to not use an OTP. Obviously in this
: case the two messages are vastly different.
: If your system calls for sending booleans send bits not ASCII words.
: I mean seriously, outside of a contrived example an OTP is perfectly secure.
[...]
: Making contrived ways to break something is not only pointless but futile.
: It proves nothing.
That single example proves that the OTP is vulnerable to attack
if plaintext length is equal to cyphertext length, and plaintext lengths
can vary.
If you don't think it proves anything, you need to re-examine your idea of
proof.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Robert J. Kolker" <[EMAIL PROTECTED]>
Subject: Re: What is a skeleton book?
Date: Fri, 08 Jun 2001 01:04:31 -0400
"John A. Malley" wrote:
>
> What is this 'skeleton book'? (I suspect it's a British idiom I've never
> encountered before.)
A collection of partial decryptions?
Bob Kolker
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 08 Jun 2001 05:05:14 GMT
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
"Tom St Denis" [EMAIL PROTECTED] writes:
> >"JPeschel" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
>> Yikes! Now that comparison doesn't make any sense at all. Cipher meant
>> the same thing then as it does now, for instance, Vigenere cipher,
>Playfair
>> Cipher, Vernam cipher, etc.
>
>Hmm... perhaps I haven't look at this formally. I always thought cipher was
>not a real word.
>
>I stand corrected.
Okeedokee. Some would write "okeydokey." I'm not sure if that's a real word,
but I like it.
I think Tim would write okeydoke. :-)
Now isn't that better than all this perfect OTP talk?
What I'd really like is a recipe for a perfect margarita, a recipe with which
we can concoct
at least one perfect pitcher of drinks for one day. I want the recipe to be a
true
margarita. One that screams, "I am a margarita in and of myself." After one
perfect
pitcher of margaritas I won't care if the rest are less than perfect -- until
the next day
when it's margarita time again.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
