Cryptography-Digest Digest #967
Cryptography-Digest Digest #967, Volume #11 Wed, 7 Jun 00 10:13:01 EDT Contents: Re: An interesting page on the Rabin-Miller PP test (Robin Chapman) Re: Brute forcing for Counterpane's Password Safe ("Dave Foulger") Re: Brute forcing for Counterpane's Password Safe (Volker Hetzer) Re: Brute forcing for Counterpane's Password Safe (Paul Rubin) Re: Some dumb questions (Mok-Kong Shen) Re: Statistics of occurences of prime number sequences in PRBG output as (Mok-Kong Shen) Re: Some dumb questions (Mok-Kong Shen) Re: testing non linearity of arithmetic-logic combinations (tomstd) Re: Observer 4/6/2000: "Your privacy ends here" (Paul Shirley) Re: Thoughts on an encryption protocol? (Mark Wooding) Re: software protection schemes (Runu Knips) Re: Brute forcing for Counterpane's Password Safe (Rex Stewart) Re: Evidence Eliminator, is it patented, copyrighted, trademarked ? (jungle) Re: Some dumb questions (Volker Hetzer) Re: Brute forcing for Counterpane's Password Safe (Volker Hetzer) Re: software protection schemes (jungle) Re: Is OTP unbreakable?/Station-Station (Tim Tyler) From: Robin Chapman [EMAIL PROTECTED] Crossposted-To: sci.math Subject: Re: An interesting page on the Rabin-Miller PP test Date: Wed, 07 Jun 2000 09:13:05 GMT In article 393db17a$[EMAIL PROTECTED], [EMAIL PROTECTED] (Andrew John Walker) wrote: Thanks, I don't fully understand the maths yet but it's good to see a result! Would this line of reasoning work with forms such as p^2*q or p*q*r? I expect so. If eventually a general result could be found it would allow for much more accurate estimates of how often this test produces non-witnesses for a particular sized composite, forinstance by taking 100 50d numbers and factoring them. I'm not so optimistic. The number of non-witnesses will depend quite strongly on the form of the number n, as pq or pqr or p^2 q etc., and will also depend very strongly on how the primes p and q etc. interact. For instance in the pq case d = gcd(p-1, q-1) can be anything from 2 up to p-1, which may be of the order of sqrt(n). -- Robin Chapman, http://www.maths.ex.ac.uk/~rjc/rjc.html "`The twenty-first century didn't begin until a minute past midnight January first 2001.'" John Brunner, _Stand on Zanzibar_ (1968) Sent via Deja.com http://www.deja.com/ Before you buy. -- From: "Dave Foulger" [EMAIL PROTECTED] Subject: Re: Brute forcing for Counterpane's Password Safe Date: Wed, 7 Jun 2000 11:15:52 +0100 Joeseph Smith [EMAIL PROTECTED] wrote in message news:rab%4.30$[EMAIL PROTECTED]... I've been asked to help the executor of the estate of a fellow who recently died in Florida. The fellow was techno-savvy enough to use Password Safe from Counterpane to hold his various account names and passwords. Unfortunately, he was not real-world savvy enough to leave a way for his heirs to recover the data. The executor has tried various obvious passwords (names of grandchildren, significant dates and places, etc.), but they have not worked. Does anyone have a program that does brute force password guessing for Counterpane's Password Safe program? Alternatively, does anyone have the details of the file format and algorithms so I can write one? Bruce's website says that it uses Blowfish and that a 2.0 version would be published with source, but I don't think the 2.0 version was ever published. Does anyone have source to it? Please reply to the list, since I believe the answer will be generally useful. Joe Ask Bruce for the backdoor nsa key ;-) Dave -- From: Volker Hetzer [EMAIL PROTECTED] Subject: Re: Brute forcing for Counterpane's Password Safe Date: Wed, 07 Jun 2000 10:22:52 + Dave Foulger wrote: Joeseph Smith [EMAIL PROTECTED] wrote in message news:rab%4.30$[EMAIL PROTECTED]... I've been asked to help the executor of the estate of a fellow who recently died in Florida. The fellow was techno-savvy enough to use Password Safe from Counterpane to hold his various account names and passwords. Unfortunately, he was not real-world savvy enough to leave a way for his heirs to recover the data. The executor has tried various obvious passwords (names of grandchildren, significant dates and places, etc.), but they have not worked. Ask Bruce for the backdoor nsa key ;-) I agree. Since you appear to have a legitimate reason, you (or the executor) can propably count on the goodwill of Counterpane. But I don't think that they designed weaknesses into their product, so you'll IMHO be out of luck anyway. Greetings! Volker -- The early bird gets the worm. If you want something else for breakfast, get up later. -- From: [EMAIL PROTECTED] (Paul Rubin) Subject: Re: Brute forcing for Counterpane's Password Safe Date: 7 Jun 2000 10:38:09 GMT
Cryptography-Digest Digest #968
Cryptography-Digest Digest #968, Volume #11 Wed, 7 Jun 00 11:13:01 EDT Contents: Re: Is OTP unbreakable?/Station-Station (Tim Tyler) Re: software protection schemes (Jim Steuert) BeeCrypt 1.0.0 released (Bob Deblier) Re: Question about recommended keysizes (768 bit RSA) ("Thomas J. Boschloo") DH-Key Exchange Questions. ([EMAIL PROTECTED]) Enigma Variations (John Spicer) Re: DH-Key Exchange Questions. (Anton Stiglic) Re: Thoughts on an encryption protocol? (Dido Sevilla) Re: DH-Key Exchange Questions. (Mark Wooding) Re: Observer 4/6/2000: "Your privacy ends here" (me) Re: testing non linearity of arithmetic-logic combinations ("Dark Nebular") Re: Request for review of "secure" storage scheme (Baruch Even) Re: Question about recommended keysizes (768 bit RSA) (Paul Koning) Re: Some citations (Paul Koning) vb crypto library ("norman") From: Tim Tyler [EMAIL PROTECTED] Subject: Re: Is OTP unbreakable?/Station-Station Reply-To: [EMAIL PROTECTED] Date: Wed, 7 Jun 2000 13:25:59 GMT Nicol So [EMAIL PROTECTED] wrote: : Tim Tyler wrote: : Bryan Olson [EMAIL PROTECTED] wrote: : : The method presented by ciphermax is flawed, but a one-time : : random key does offer provable authentication, and no other : : technique does. : : The scheme you describe - like other sorts of "provable" security does : not actually /prevent/ the possibility of faking identity. Instead it : tries to reduce it to 1/S. : I don't think Bryan Olson characterized the protection offered by the : scheme as "prevention". He only referred to it as "provable", which is : true. [...] It's true only in an abstract, mathematical world. In the real world, there's no guarantee of being able to produce a "random key" in the first place - and this is the world where authenticity is actually important. : The "proof" also depends on an unprovable assumption - the existence of an : unguessable random stream. : I think there is some confusion here. [...] : Apparently, your objection is that there might not be anything in the : physical world of which a sequence of independent, uniformly distributed : 0-1 variables is a good model. That's a fair question, but that has : nothing to do with proofs. [...] : You seem to be very skeptical about the existence of "unguessable random : streams". What kind of evidence would it take to convince you that : physical phenomena exist that correspond (closely) to idealized unbiased : coin flips? [...] I beleive a "close" correspondence may well exist in some cases, but... IMO, the question of whether such a stream can be generated for cryptographic purposes (in the face of an active attacker) is far from resolved. : Your "standard of proof" seems to be very high. If you look : at other things in everyday life, you'll find that we accept : mathematical models as _adequate_ based on much lower standards than : yours. We know that Newtonian mechanics is only approximate, yet we : build cars, bridges, buildings etc on it. Nobody claims to have **proved** that these bridges won't fall down. An academic with such a "proof" would undoubtedly be ridiculed. : These sorts of concern always make me uneasy about the use of the term : "provable" in relation to secrecy, or authentication. : : It seems to me that "provable" security is almost a sort of academically- : respectable snake-oil marketing technique :-| : The term "provable" does mean something--rigor of reasoning in the : mathematical model. Unfortunately, many researchers use the term to : refer to results that don't guarantee what a reader might expect when : he sees the word "provable". It seems to me that more qualifications are needed. I see textbooks referring to the OTP as "provably" secure, and an "unbreakable" crypto system. Only rarely does it get mentioned that without a secure source of randomness - something which has never been demonstrated to exist - these systems are not secure, let alone "provably" secure. -- __ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED] |im |yler The Mandala Centre http://mandala.co.uk/ I'm pink :. I'm spam -- From: Jim Steuert [EMAIL PROTECTED] Subject: Re: software protection schemes Date: Wed, 07 Jun 2000 09:58:15 -0400 I actually coded one of those schemes for Solaris. Here's how it worked: 1. It used /proc file system ioctl() calls to hook the read,write,open, access, lseek, etc calls. This is similar to the way truss, strace (public domain), and debugger packages work for various unixes. 2. It used the solaris processor id (there is an faq on spoofing this) and other "tricky" means of identifying the specfic client machine. A client must issue a command which generates a machine-specific code, and then is given a corresponding key which would only work on that machine. 3. For example, my "runner"
Cryptography-Digest Digest #969
Cryptography-Digest Digest #969, Volume #11 Wed, 7 Jun 00 13:13:00 EDT Contents: Re: Enigma Variations (Jim Gillogly) An idea of a simple unsophisticated encryption scheme (Mok-Kong Shen) Re: Some dumb questions (Mok-Kong Shen) Re: Cryptographic voting ("Thomas J. Boschloo") Re: Could RC4 used to generate S-Boxes? (Simon Johnson) Re: Enigma Variations (Mok-Kong Shen) Re: Thoughts on an encryption protocol? (John Myre) Re: Some citations (Mok-Kong Shen) Re: Question about recommended keysizes (768 bit RSA) (Jerry Coffin) Re: Observer 4/6/2000: "Your privacy ends here" ("Morgan Holt") Re: Cryptographic voting (Mok-Kong Shen) Re: testing non linearity of arithmetic-logic combinations (Terry Ritter) Re: testing non linearity of arithmetic-logic combinations (tomstd) Re: Could RC4 used to generate S-Boxes? (tomstd) Re: Some dumb questions (Jim Reeds) Re: Request for review of "secure" storage scheme (Anne Lynn Wheeler) Re: testing non linearity of arithmetic-logic combinations (Mark Wooding) Re: Cryptographic voting (zapzing) Re: testing non linearity of arithmetic-logic combinations (tomstd) Re: Solution for file encryption / expiration? (Frank M. Siegert) From: Jim Gillogly [EMAIL PROTECTED] Subject: Re: Enigma Variations Date: Wed, 07 Jun 2000 15:13:50 + John Spicer wrote: This led me to wonder what was the state of the cryptography used by the Allies and what in-roads had the Germans and Japanese made? Did the Allies learn from their successes against the Axis cryptos and strengthen their own, or did they fall into the same traps? The Germans read American M-209 traffic, according to POW interviews. So far as we know (unclassified, anyway) none of the Axis powers read SIGABA, the top US system. If the British Typex was ever broken, I don't know about it. At a conference I attended one speaker said that while the blunders of German operators made the Allied c/a effort much easier than it otherwise would have been, the Allied operators were even sloppier. I didn't get a feel for how much actual traffic was compromised by this. The Japanese had some notable non-successes, including a failure to read JFK's Playfair rescue message after PT-109 was rammed out from under him; and an inability to crack the Navajo Code Talkers' tactical system, even with the coerced help of at least one native Navajo POW who wasn't trained in the system. -- Jim Gillogly Sterday, 18 Forelithe S.R. 2000, 15:01 12.19.7.4.18, 11 Edznab 1 Zotz, Eighth Lord of Night -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: An idea of a simple unsophisticated encryption scheme Date: Wed, 07 Jun 2000 17:23:21 +0200 The following sketch of an encryption scheme is not claimed to be particularly strong, being, I suppose, comparable and in fact in some sense related to the methods centred on base conversions (see the recent thread 'A Family of Algorithms, Base78Ct', initiated by wtshaw), nor entirely novel, being simply composed of basic and well-known techniques (I should appreciate obtaining pointers, if the same is already in the literature). It is a tiny response to wtshaw's recent advocacy of wide crypto diversity (cf. his utopic idea of 'a cipher each day'). Let n be the block size in bits and N=2^n. Let a range [d1, d2] be chosen. Generate with a PRNG (with a secret key as seed) a set of relatively prime numbers g_i in that range, such that their product GN. (For simplicity of implementation, one could choose g_i to be all primes.) Choose a random number R in [0, G-N]. Let P be the integer number that represents the block of plaintext currently to be processed and Q=P+R. Compute the sequence c_i with c_i = Q mod g_i Let c_i be appropriately represented, e.g. in hexs or decimals and separated from one another with separators, and let S be the string of their concatenation. (One could dispense with the separators, but this is an implemention issue.) Do a random permutaton of the elements of S. This results in the ciphertext C. The decryption of C is straightforward with application of the Chinese remainder theorem. M. K. Shen == http://home.t-online.de/home/mok-kong.shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Some dumb questions Date: Wed, 07 Jun 2000 17:23:15 +0200 Volker Hetzer wrote: Mok-Kong Shen wrote: It is my fault for not having clearly/correctly stated what I had in mind when I wrote that 'there is no plaintext knowledge available'. I assume that the opponent knows the language used and even has a good frequency distribution. But I assume (from what I know about practical use of OTP) also that OTP is not used 'purely', i.e. not used alone, and that there is a processing step before doing the xor, in order to prevent the opponent from
Cryptography-Digest Digest #970
Cryptography-Digest Digest #970, Volume #11 Wed, 7 Jun 00 16:13:00 EDT Contents: Re: testing non linearity of arithmetic-logic combinations (Terry Ritter) Re: DH-Key Exchange Questions. ([EMAIL PROTECTED]) Re: software protection schemes (Mike Rosing) Re: Thoughts on an encryption protocol? (Mike Rosing) Re: Request for review of "secure" storage scheme (Rodd Snook) Re: Enigma Variations (Jim) Re: testing non linearity of arithmetic-logic combinations ("Adam Durana") Re: DES -- Annoyed ([EMAIL PROTECTED]) Re: Some dumb questions (Bryan Olson) Re: Enigma Variations (Joseph Reuter) Re: Call for evaluating and testing a stream cipher program ([EMAIL PROTECTED]) Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (zapzing) From: [EMAIL PROTECTED] (Terry Ritter) Subject: Re: testing non linearity of arithmetic-logic combinations Date: Wed, 07 Jun 2000 17:16:38 GMT On 7 Jun 2000 16:27:09 GMT, in [EMAIL PROTECTED], in sci.crypt [EMAIL PROTECTED] (Mark Wooding) wrote: tomstd [EMAIL PROTECTED] wrote: Latin squares have the problem of consuming too much memory, That depends on how large they are, surely. A pair of 4 x 4 squares wouldn't be any larger than a standard S-box. We have 64MB+ in the usual computer, and 2nd level cache is going on-chip and increasing rapidly. The raw store is available. Since hardware continues to change, it seems more useful to concentrate on the structure of the cipher per se than to limit the structure to what current computing hardware does best. What current hardware does best is simple "linear" computation, which is just what we do not want a cipher to be. A single Latin square is most likely to be used as a replacement for the XOR operation in a stream cipher, thus opposing known-plaintext attacks on the confusion sequence. Such an Ls can be a 2 dimension index of bytes, a total of 64KB. But a far smaller alternative is to use my patented Dynamic Substitution technique: http://www.io.com/~ritter/#DynSubTech http://www.io.com/~ritter/DYNSUB.HTM in which case we have a little more computation, and the usual small table. I have described such a cipher: http://www.io.com/~ritter/CLO2DESN.HTM and even still I have yet to see any published results on good sboxes formed by Latin Squares. Surely you could analyse it in pretty much the same way as you do a normal S-box: look at the output difference probabilities for each input difference as usual; look at its nonlinearity in a similar way, and so on. http://www.io.com/~ritter/ARTS/PRACTLAT.HTM In any event, it can't be much weaker than XOR, so you're onto a winner from a strength point of view. If we describe this sort of strength as an unknowable transformation (the ability to key-select one from among a large number of different transformations), at least a keyed Latin square *has* strength; XOR has none at all. And if we describe this strength as nonlinearity, at least a Ls *can* have strength; again, XOR has none at all. The only question is whether it's worth it for the performance penalty. A Latin square is a table look-up, an array access. In general, the reason to use an explicit Latin square instead of a computation is that the Ls can be far more complex. In the end, a complex transformation is what we want. --- Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/ Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM -- From: [EMAIL PROTECTED] Subject: Re: DH-Key Exchange Questions. Date: Wed, 07 Jun 2000 17:27:10 GMT In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Mark Wooding) wrote: [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I've been playing with DH-Key exchange and come across few problems with large numbers before doing the mod part. This sounds like you're doing it wrong. Do the modular reduction after each multiplication. You need a multiprecision maths library of some kind to deal with (at least) 700-odd bit numbers. The problem I'm having is storing the results when doing the claculations using VBScript. It doesn't like big numbers. So you are right I'm doing something wrong - using VBScript. I just wondered if I could get away with a prime number of 71 ... well at least I now know. I'll start looking for a maths lib and use a proper language although my work mates are quite impressed with the idea of using an insecure medium to generate keys. The Dan Quail version I have knocked up - using JavaScript and ASP's - I'll make available for political reasons. Namely that governments want to control maths, when you get to play with the maths in question it makes it more real and the position of the "controller" look really silly. Anyway enough ranting and thanks for the help. Sent via Deja.com http://www.deja.com/ Before you buy. -- From: Mike Rosing [EMAIL
Cryptography-Digest Digest #971
Cryptography-Digest Digest #971, Volume #11 Wed, 7 Jun 00 19:13:01 EDT Contents: questions on TEA (Dido Sevilla) Re: Thoughts on an encryption protocol? (Dido Sevilla) Re: Cryptographic voting (David A Molnar) Re: Some dumb questions (E-mail) Re: RIP Bill 3rd Reading in Parliament TODAY 8th May ("Scotty") Re: Thoughts on an encryption protocol? (Dido Sevilla) Re: Observer 4/6/2000: "Your privacy ends here" (Bob) Re: Cryptographic voting (Mok-Kong Shen) Re: Some dumb questions (Mok-Kong Shen) Another Idea for attacking Storin (tomstd) Re: testing non linearity of arithmetic-logic combinations (Mok-Kong Shen) equation involving xor and mod 2^32 operations (Anton Stiglic) Re: Brute forcing for Counterpane's Password Safe ([EMAIL PROTECTED]) Re: testing non linearity of arithmetic-logic combinations (Terry Ritter) Re: Observer 4/6/2000: "Your privacy ends here" (Marcin Tustin) Re: Thoughts on an encryption protocol? ([EMAIL PROTECTED]) Re: Enigma Variations (Sundial Services) Re: Brute forcing for Counterpane's Password Safe ([EMAIL PROTECTED]) Re: equation involving xor and mod 2^32 operations (John Myre) From: Dido Sevilla [EMAIL PROTECTED] Subject: questions on TEA Date: Thu, 08 Jun 2000 04:10:00 +0800 This post has to do with the Tiny Encryption Algorithm (TEA) described by Wheeler and Needham (http://www.cl.cam.ac.uk/ftp/users/djw3/tea.ps and http://www.cl.cam.uk/ftp/users/djw3/xtea.ps). Has anyone tried to use this block cipher? From what I see, the algorithm is really quite simple and looks pretty easy to code, even in most forms of assembly language. It doesn't go through quite as many contortions as the more sophisticated algorithms do, but it runs a fairly simple core through a lot of rounds (32 to be exact). Does it have any weaknesses which the authors have not described in their papers yet? -- Rafael R. Sevilla [EMAIL PROTECTED] +63 (2) 4342217 Mobile Robotics Laboratory +63 (917) 4458925 University of the Philippines Diliman -- From: Dido Sevilla [EMAIL PROTECTED] Subject: Re: Thoughts on an encryption protocol? Date: Thu, 08 Jun 2000 04:19:35 +0800 Mike Rosing wrote: If you use a PK system you can eliminate this weak link. It would reduce your maintanance costs substantually if a person doesn't have to travel around to every box (except for repairs) every so often. Might not mean much with a few boxes, but if you get to have lots of them, it'll add up. Frankly, I don't think all the effort to implement a PK system is worth it in this case. There will only be 34 client terminals, one per building, and given the financial constraints of my employer, it will be a very long time before any more will be necessary. These are also not so widely distributed, so going to every terminal should not take more than a day. Handbook of Applied Cryptography and Applied Cryptography are good starting points. Any websites or other online docs I can look at for stream ciphers and cryptographically secure PRNG's? -- Rafael R. Sevilla [EMAIL PROTECTED] +63 (2) 4342217 Mobile Robotics Laboratory +63 (917) 4458925 University of the Philippines Diliman -- From: David A Molnar [EMAIL PROTECTED] Crossposted-To: sci.math Subject: Re: Cryptographic voting Date: 7 Jun 2000 20:08:57 GMT In sci.crypt Anton Stiglic [EMAIL PROTECTED] wrote: Jim Ferry wrote: I was wondering if there's a way for a small group of people (less than 100) to vote cryptographically. ... Check out http://www.acm.org/crossroads/xrds2-4/voting.html for a starters There's also a bibliography at http://theory.lcs.mit.edu/~cis/voting/greenstadt-voting-bibliography.html which may be helpful. Thanks, -David -- From: E-mail [EMAIL PROTECTED] Subject: Re: Some dumb questions Date: Wed, 7 Jun 2000 16:41:41 -0400 Bryan, How much would the effort have been hindered if the second use of the pad was done after transforming the pad with a pseudo-random number generator (and the pad is discarded after its second use)? Jim Trek http://eznet.net/~progress [EMAIL PROTECTED] On Wed, 7 Jun 2000, Bryan Olson wrote: In article, [...] 2. If an ideal OTP is misused, in that it is used a small number n of times, how is one going to attack, if absolutely no known plaintext is available? As a final project in an under grad crypto course I worked on finding the smallest n such that I could, in practice, break the n-time pad. I assumed english language text coded in ASCII, and XOR as the OTP combiner. I found n=2. I created a table of 4-gram frequencies from about ten megabytes of text, and a program to interactively try these against the target ciphertext. The user would enter a position in the text, and the program
Cryptography-Digest Digest #972
Cryptography-Digest Digest #972, Volume #11 Thu, 8 Jun 00 00:13:01 EDT Contents: Re: Brute forcing for Counterpane's Password Safe (Paul Rubin) Re: Some dumb questions (Bryan Olson) Re: Retail distributors of DES chips? (Thor Arne Johansen) Re: Brute forcing for Counterpane's Password Safe (Roger Schlafly) Re: testing non linearity of arithmetic-logic combinations ("cranky cransky") Re: equation involving xor and mod 2^32 operations (tomstd) Re: testing non linearity of arithmetic-logic combinations ("cranky cransky") Re: Brute forcing for Counterpane's Password Safe (Paul Rubin) Re: Enigma Variations (Paul Rubin) Re: equation involving xor and mod 2^32 operations (Scott Contini) Re: Brute forcing for Counterpane's Password Safe (Roger Schlafly) Re: equation involving xor and mod 2^32 operations (tomstd) Re: Question about recommended keysizes (768 bit RSA) ("Trevor L. Jackson, III") Re: bamburismus ("Trevor L. Jackson, III") Opening digital envelope decrypting data encrypted with DES3 (Abid Farooqui) From: [EMAIL PROTECTED] (Paul Rubin) Subject: Re: Brute forcing for Counterpane's Password Safe Date: 7 Jun 2000 23:15:20 GMT Volker Hetzer [EMAIL PROTECTED] wrote: The heirs would normally care about stuff like bank accounts, which the executor should be able to locate by knowing the SSN (tax ID number) of the dead person. I was assuming that there is a legally defensible reason for this. Is there any circumstance in your country where you can be legally forced to hand over encryption keys to somebody else or where they can be seized while you're absent or dead? This gets debated in the newsgroups sometimes and the answer seems to be "no" (in the case of stuff like passwords) but "yes" for physical objects such as documents. However, that's not relevant here. I'm saying that without direct evidence, I'm skeptical of the story about the dead person in Florida as posted by the fairly obvious pseudonym Joe Smith at hotmail.com. I think it's more likely that someone wants to crack a password belonging to a living person who doesn't want it cracked, and the cracker is not being honest with us about it. I don't feel inclined to be helpful in that situation. -- From: Bryan Olson [EMAIL PROTECTED] Subject: Re: Some dumb questions Date: Wed, 07 Jun 2000 23:38:13 GMT E-mail asked: How much would the effort have been hindered if the second use of the pad was done after transforming the pad with a pseudo-random number generator (and the pad is discarded after its second use)? That would depend on the PRNG, and my experiment doesn't say (for any PRNG). One trouble with these "in practice" investigations is that they are very sensitive to the exact conditions. --Bryan -- email: bolson at certicom dot com Sent via Deja.com http://www.deja.com/ Before you buy. -- From: Thor Arne Johansen [EMAIL PROTECTED] Subject: Re: Retail distributors of DES chips? Date: Thu, 08 Jun 2000 02:26:11 +0200 If after all this flaming/discussion/exploration you're still interested in a DES chip, you should check out: http://www.pcc.pijnenburg.nl/ BR, Thor A. Johansen -- From: Roger Schlafly [EMAIL PROTECTED] Crossposted-To: talk.politics.crypto Subject: Re: Brute forcing for Counterpane's Password Safe Date: Wed, 07 Jun 2000 17:11:14 -0700 Paul Rubin wrote: I was assuming that there is a legally defensible reason for this. Is there any circumstance in your country where you can be legally forced to hand over encryption keys to somebody else or where they can be seized while you're absent or dead? This gets debated in the newsgroups sometimes and the answer seems to be "no" (in the case of stuff like passwords) but "yes" for physical objects such as documents. BTW, Justice Thomas on the US Supreme Court just expressed the opinion that the answer should be "no" for documents (if you plead the Fifth in a criminal case). See: http://supct.law.cornell.edu/supct/html/99-166.ZC.html The case involved Web Hubbell who Clinton prosecutor Ken Starr forced to produce a lot of financial documents, and was then charged with various irregulaties. The majority sided with Hubbell, but did not go as far as Thomas. (For those outside the US, Hubbell was a friend of Clinton and the assistant Attorney General.) You'd never know it from the press he gets, but IMHO Clarence Thomas's opinions are models of clarity compared to the mush that others like O'Connor and Souter write, and Thomas is the most reliable defender of the Bill of Rights on the Supreme Court. -- From: "cranky cransky" [EMAIL PROTECTED] Subject: Re: testing non linearity of arithmetic-logic combinations Date: Thu, 8 Jun 2000 11:03:19 +1000 thankyou all for the information. its has been helpfull. Terry Ritter [EMAIL