Cryptography-Digest Digest #884
Cryptography-Digest Digest #884, Volume #12 Tue, 10 Oct 00 01:13:01 EDT
Contents:
Developer courses in PKI? ([EMAIL PROTECTED])
Re: NSA quote on AES (Greggy)
Re: NSA quote on AES (Greggy)
Re: NSA quote on AES (Greggy)
Re: NSA quote on AES (Greggy)
Re: NSA quote on AES (Greggy)
Re: NSA quote on AES (Greggy)
Re: Microsoft CAPI's PRNG seeding mechanism (Greggy)
Re: A new paper claiming P=NP ("Trevor L. Jackson, III")
Re: NSA quote on AES (Jim Gillogly)
Re: NSA quote on AES (David Schwartz)
Re: Can anyone point me to info on this privacy code ?Big sample included.
(webb)
Re: Quantized ElGamal ("John A. Malley")
RSA signing in Perl on FreeBSD (Pete Ness)
Re: Any products using Rijndael? (Charles Blair)
Re: xor algorithm ("Paul Pires")
Re: Why trust root CAs ? (Greggy)
AES Runner ups (Greggy)
From: [EMAIL PROTECTED]
Subject: Developer courses in PKI?
Date: Tue, 10 Oct 2000 01:59:32 GMT
I'm looking into developing my product such that it fits into
a PKI infrastructure properly. Obviously, I would like to take
some courses since I've never even worked with PKI before in
my life. I only have a vague notion of certificates and would
like to learn exactly what this is, with the help of a real-
life teacher, not a book.
Does anyone have any suggestions for courses (preferably in
the Bay Area, or Hawaii :-) ) from companies that would teach
PKI courses from the perspective of programmers, and NOT
certificate server admins?
Thanks,
Kev
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: NSA quote on AES
Date: Tue, 10 Oct 2000 02:09:04 GMT
> > :> >"The National Security Agency (NSA) wishes to congratulate the
> National
> > :> >Institute of Standards and Technology on the successful
selection of
> an
> > :> >Advanced Encryption Standard (AES). It should serve the nation
well.
> In
> > :> >particular, NSA intends to use the AES where appropriate in
meeting
> the
> > :> >national security information protection needs of the United
States
> > :> >government."
> > :>
> > :>These are weseal words if nothing else. To say they will use
it
> > :> where its appropraite does not mean anything at all. They may
> > :> only use it in the sense of decoding messages. And they don't say
> > :> where its appropriate for them to use. But I guess it is to much
> > :> to expect an honest anwser from them.
> >
> > : Once again we can see that accuracy and objective analysis are
not among
> > : your stronger abilities.
> >
> > : You see 'where appropriate' as a 'let out' clause but you fail to
notice
> > : that the statement also says that NSA intends to use the AES in
meeting
> the
> > : national security ***information protection*** needs of the United
> States
> > : government".
> >
> > : There are none so blind as those who will not see.
> >
> > The get-out clause reduces the positive statement about intended use
> > to meaninglessness.
>
> What you mean is that *you* see this statement as meaningless because
you
> judge that NSA is being insincere in making it.
No, I think what he means is that it is insincere because it is coming
from an insincere agency cloaked in insincerity and it offers no
meaningful information for any of us to glean from. I mean what did
you expect the NSA to say?
They said what I would have expected them to say - absolutely nothing
of substance.
--
If I were a cop, I would refuse to go on any no knock raid.
But then, I am not a cop for basically the same reasons.
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: NSA quote on AES
Date: Tue, 10 Oct 2000 02:11:50 GMT
> It can be interpreted in various ways.
Ya, like "We say nothing, we mean nothing!"
--
If I were a cop, I would refuse to go on any no knock raid.
But then, I am not a cop for basically the same reasons.
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: NSA quote on AES
Date: Tue, 10 Oct 2000 02:11:01 GMT
> >> :>These are weseal words if nothing else. To say they will use
it
> >> :> where its appropraite does not mean anything at all. They may
> >> :> only use it in the sense of decoding messages. And they don't
say
> >> :> where its appropriate for them to use. But I guess it is to much
> >> :> to expect an honest anwser from them.
> >>
> >> : Once again we can see that accuracy and objective analysis are
not among
> >> : your stronger abilities.
> >>
> >> : You see 'where appropriate' as a 'let out' clause but you fail
to notice
> >> : that the statement also says that NSA intends to use the AES in
meeting
> >the
> >> : national security ***information protection*** needs of the
United
> >States
> >> : government".
> >>
> >> : There are none so bl
Cryptography-Digest Digest #883
Cryptography-Digest Digest #883, Volume #12 Mon, 9 Oct 00 22:13:00 EDT Contents: Re: A new paper claiming P=NP (glenn) Re: Quantized ElGamal (Tom St Denis) Re: What is "freeware"? (was: Re: Any products using Rijndael?) (John Savard) Re: Microsoft CAPI's PRNG seeding mechanism (dbt) Re: RC5 Test Vectors (David Hopwood) Re: SDMI challenge (dbt) Re: xor algorithm (Tom St Denis) Re: SDMI - Answers to Major Questions (Tom St Denis) Re: Any products using Rijndael? (Tom St Denis) Re: Why wasn't MARS chosen as AES? (Greggy) Re: NSA quote on AES (Greggy) Re: NSA quote on AES (Greggy) Re: NSA quote on AES (Greggy) From: glenn <[EMAIL PROTECTED]> Crossposted-To: comp.theory,sci.math,sci.op-research Subject: Re: A new paper claiming P=NP Date: Tue, 10 Oct 2000 04:03:23 +0300 On Tue, 10 Oct 2000 13:23:26 +1300, Ross Smith <[EMAIL PROTECTED]> wrote: >Ah, but that "...or worse" gives them an out. If reviewing a proof is >P-time, but *finding* the proof is *worse* than NP-time, then reviewing >can still be easier than finding without contradicting P=NP. I'm not aware of the technicalities of the N=NP problem, but I know that it is a major problem. Can someone say for sure if the presented proof is right? -- glenn -- From: Tom St Denis <[EMAIL PROTECTED]> Subject: Re: Quantized ElGamal Date: Tue, 10 Oct 2000 01:13:28 GMT In article <[EMAIL PROTECTED]>, "William A. McKee" <[EMAIL PROTECTED]> wrote: > What is Quantized ElGamal? What is a timing-attack? Is ElGamal secure or > has it been broken? Quantification means to reduce with loss of information. PCM audio is quantised for example, so are DCT coefficients of MP3 and JPEG images. Quantized ElGamal does not make sense. A timing attack is based on the *implementation* of an algorithm. For example in ElGamal I must raise something with my private exponent. I could time how long it takes to guess at the bits of my exponent (see the multiply-square method). ElGamal is vaguely as difficult as the discrete logarithm problem. So when implemenented and used properly it's secure. For example a proper implementation of ElGamal with a 200 bit prime is not secure no matter how good the hardware, but ElGamal with a 2000 bit prime is not guaranteed to provide security. Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] (John Savard) Subject: Re: What is "freeware"? (was: Re: Any products using Rijndael?) Date: Tue, 10 Oct 2000 01:10:49 GMT On 10 Oct 2000 01:12:49 +0200, [EMAIL PROTECTED] (Paul Schlyter) wrote, in part: >I don't understand that "in between freeware and public domain" stuff. >Either the program is copyrighted, or it is not copyrighted. It cannot >be "in between", can it? Therefore open source is copyrighted freeware. But it is a special category. Ordinary freeware is free, but otherwise subject to the usual conditions associated with commercial packages: you can't distribute a modified version, you don't get the source, and so on. Open source software, on the other hand, lets you do most of the things you can do with public-domain software - except hide it in something that you can pass off as all your own work, which others cannot use as you used the original. So it is a distinct class of program. It is copyrighted, but the copyright is put to a different use. John Savard http://home.ecn.ab.ca/~jsavard/crypto.htm -- From: [EMAIL PROTECTED] (dbt) Crossposted-To: sci.crypt.random-numbers Subject: Re: Microsoft CAPI's PRNG seeding mechanism Date: Tue, 10 Oct 2000 01:19:43 GMT Jack Love <[EMAIL PROTECTED]> says: >>MS is well-known for not taking security seriously. >> >Windows 2k was recently given a C2 rating. C2 is extremely meaningless. It's a marketing label required to get your foot in the door for most government contracts. -- David Terrell| "Instead of plodding through the equivalent of Prime Minister, NebCorp | literary Xanax, the pregeeks go for sci-fi and [EMAIL PROTECTED] | fantasy: LSD in book form." - Benjy Feen, http://wwn.nebcorp.com | http://www.monkeybagel.com/ "Origins of Sysadmins" -- Date: Mon, 09 Oct 2000 23:51:46 +0100 From: David Hopwood <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Subject: Re: RC5 Test Vectors =BEGIN PGP SIGNED MESSAGE= Chris Kerslake wrote: > > I am looking for test vectors for RC5 (and eventually other ciphers). http://www.users.zetnet.co.uk/hopwood/crypto/scan/ For RC5, see RFC 2040 (this only includes test vectors for CBC mode, but it's easy to derive single-block test vectors from them). If you're thinking of using RC5, bear in mind that it is patented. > I have downloaded three different crypto-libraries off the Net and > have been trying to compare them, but before getting too
Cryptography-Digest Digest #882
Cryptography-Digest Digest #882, Volume #12 Mon, 9 Oct 00 21:13:00 EDT
Contents:
Re: What is "freeware"? (was: Re: Any products using Rijndael?) ("Paul Pires")
Re: xor algorithm ("Paul Pires")
Re: What is "freeware"? (was: Re: Any products using Rijndael?) (John Savard)
Re: Why trust root CAs ? ("Lyalc")
Re: Why trust root CAs ? ("Lyalc")
Re: On block encryption processing with intermediate permutations (Bryan Olson)
R: newbie pathetic question ("Danilo")
Re: Advanced Encryption Standard - winner is Rijndael (wtshaw)
Re: TEA (David Wagner)
Re: It's Rijndael (David Wagner)
Quantized ElGamal ("William A. McKee")
Re: Microsoft CAPI's PRNG seeding mechanism (Tim Tyler)
Re: A new paper claiming P=NP (Mark William Hopkins)
Re: Internet Security Question (Paul Schlyter)
Re: What is "freeware"? (was: Re: Any products using Rijndael?) (Paul Schlyter)
Re: A new paper claiming P=NP (Ross Smith)
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: What is "freeware"? (was: Re: Any products using Rijndael?)
Date: Mon, 9 Oct 2000 15:10:17 -0700
Paul Schlyter <[EMAIL PROTECTED]> wrote in message
news:8rss7n$cv8$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>,
> Runu Knips <[EMAIL PROTECTED]> wrote:
>
> > Besides the fact that I believe Blowfish is very
> > hard to break (as described above), the two
> > *fish ciphers are also free, while using IDEA
> > legally is only possible in (a) freeware or
> > (b) for a IMHO really expensive license.
>
> What do youi consider "freeeware" ? Any software which can be
> legally used for free? Well, that's what I though, until I
> encountered someone in another NG who by "freeware" meant
> "copyrighted freeware" -- according to that person, "public domain"
> was a class of its own, distinct from "freeware". And most other
> participants in the NG seemed to agree.
>
> So I'd like to ask the participants in this NG: how do you
> define "freeware"? And in particular: is "public domain" one
> class of "freeware", or is it distinct from "freeware"?
I think the OP had it right. There is Public Domain. Where the user
is un-encumbered in his use of the technology (Note: does not mean
you can swipe copyrighted material verbatim) and Patented; Where
a license fee is paid to the owner OR a royalty free grant is made OR
where party B licenses from party A and supplies the software gratis
to all other parties. "Freeware". Freeware, to me, means the actual code
given to use for free.
Free is the status of the intellectual property in general as opposed to
encumbered.
Some folks confuse Non-Public Domain with secret. Typically,
Non-Public Domain is painfully disclosed and in the Public record.
It is the rights to commercialize that are restricted, not the knowledge
itself.
Paul
--
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: xor algorithm
Date: Mon, 9 Oct 2000 15:10:49 -0700
William A. McKee <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Antonio Merlo <[EMAIL PROTECTED]> wrote in message
> news:8rs4sr$mm7$[EMAIL PROTECTED]...
> > How strong will be an encryption method based on a xor operation with a
> pass
> > phrase (or password) an a buffer to encrypt? (suppossed a very strong
> > password of, let's say 16 letters, combining uppercase, lowercases and
> > digits)
> > How will you cryptoanalise that algoritm?
> >
> >
>
> If you use your password to seed a pseudo random number generator (PRNG)
> like ISAAC, WAKE, etc. and xor the buffer with the PRNG output, I think it
> can be quite secure. I may be wrong. I'm such a newbie :)
I'm a newbie too but I think you should point out that not all PRNG's
are equal. There are PRNG's and then there are Cryptographically
secure PRNG's. I am not sure about ISAAC. Regardless, this is a
stream cipher and has use limitations. A blanket statement that it
can be "Quite secure" could be misleading.You cannot re-use a keyed stream.
If the same key is used for two different messages and a
plaintext is known for one, it is trivial to slove for the other plaintext.
There are ways of dealing with this but it's not like falling off a log.
Stream ciphers and Block ciphers are not two different, but equivalent,
methods
How the password is used to seed the PRNG is not trivial either.
This can be hosed easily.
Paul
> Cheers,
> Will.
>
> --
> William A. McKee
> [EMAIL PROTECTED]
> Asia Communications Quebec Inc.
> http://www.cjkware.com
>
> "We're starfleet: weirdness is part of the job." - Janeway
>
>
>
>
--
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: What is "freeware"? (was: Re: Any products using Rijndael?)
Date: Mon, 09 Oct 2000 22:12:03 GMT
On 9 Oct 2000 18:37:11 +0200, [EMAIL PROTECTED] (Paul Schlyter)
wrote, in part:
>So I'd like to ask the participants in this NG: how do you
>define "freeware"? And in particul
Cryptography-Digest Digest #881
Cryptography-Digest Digest #881, Volume #12 Mon, 9 Oct 00 18:13:01 EDT
Contents:
Re: xor algorithm (Simon Johnson)
Re: A new paper claiming P=NP (Daniel A. Jimenez)
Re: A new paper claiming P=NP (Jeremy Spinrad)
Re: On block encryption processing with intermediate permutations (Bryan Olson)
The science of secrecy: Simple Substition cipher ("KK")
Re: securely returning password info to a server from a client (Thomas Wu)
Re: Choice of public exponent in RSA signatures (DJohn37050)
Re: A new paper claiming P=NP (Scott Craver)
Re: On block encryption processing with intermediate permutations (Mok-Kong Shen)
Re: A new paper claiming P=NP (David Eppstein)
Re: A new paper claiming P=NP (Stas Busygin)
Re: A new paper claiming P=NP (Stas Busygin)
Re: A new paper claiming P=NP (Daniel A. Jimenez)
Re: Internet Security Question (David Hopwood)
Re: The science of secrecy: Simple Substition cipher (Scott Craver)
Re: A new paper claiming P=NP (Stas Busygin)
Re: A new paper claiming P=NP (Scott Craver)
Re: SDMI - Answers to Major Questions (Scott Craver)
Re: The science of secrecy: Simple Substition cipher (John Savard)
Re: Looking Closely at Rijndael, the new AES (John Savard)
Re: Looking Closely at Rijndael, the new AES (John Savard)
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: xor algorithm
Date: Mon, 09 Oct 2000 19:19:58 GMT
In article <8rs4sr$mm7$[EMAIL PROTECTED]>,
"Antonio Merlo" <[EMAIL PROTECTED]> wrote:
> How strong will be an encryption method based on a xor operation with
a pass
> phrase (or password) an a buffer to encrypt? (suppossed a very strong
> password of, let's say 16 letters, combining uppercase, lowercases and
> digits)
> How will you cryptoanalise that algoritm?
>
>
Okies, lets say you repeated you're key over and over (which is the
generally regarded techique). Its easy to prove this is insecure. If
you circularly shift the cipher-text by the number of characters the
key contains. Then xor the shifted version with its self, the key drops
out and it becomes breakable without a key. In algebra:
C_1 = T_1 XOR K
C_2 = T_2 XOR K
Simultaneously:
C_2 XOR C_2 = T_1 XOR T_2
A description of exactly how to break it can be found in 'Applied
Cryptography'
Hope this helps,
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (Daniel A. Jimenez)
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: 9 Oct 2000 14:39:07 -0500
In article <[EMAIL PROTECTED]>,
Rajarshi Ray <[EMAIL PROTECTED]> wrote:
>"David C. Ullrich" wrote:
>> Yes. (And it's not just a theoretical thing: It happens all the
>> time that an algorithm that takes time O(n^2) is actually much
>> faster than one that takes time O(n).)
>
>Yes, I've noticed that Big-Oh bounds are often not reliable estimates of
>complexity in practice. But I didn't think this was because of the kind
>of anomaly you mentioned, i.e. it behaves badly for practically large
>values while behaving well in the limit. I thought the problem with
>Big-Oh estimates in practice was due to unaccounted issues of
>implementation details. Is that not the problem, in most cases anyway?
That's part of the problem. Also, big-Oh doesn't always tell the whole
story, since it's just an upper bound. Quicksort has a running time
of O(n^2) to sort n elements, but is almost always faster than, say,
merge sort, which is O(n log n). In cases like these, you can prove that
Quicksort has a running time of O(n log n) with high probability, but you
can't just say Quicksort is O(n log n) without qualifying it.
--
Daniel Jimenez [EMAIL PROTECTED]
"I've so much music in my head" -- Maurice Ravel, shortly before his death.
" " -- John Cage
--
From: [EMAIL PROTECTED] (Jeremy Spinrad)
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: 9 Oct 2000 19:58:57 GMT
Some people are claiming that big O analyses do not do a good job of
reflecting behavior of programs. Although I know of examples of this (e.g.
simplex outperforms its worst case analysis in practice), I am
curious as to whether saying this is common is at all justified. It certainly
goes against my intuition that there are lots of programs out there such
that the O(n^2) algorithm is beating up on the O(n) algorithm on inputs
of large enough size so that time is a factor, as one poster implied.
As to the P = NP paper; there is an entirely different reason for having
an implementation. Previous claims of this types have proved to be moving
targets; a hole is found by a reviewer, and the author adds a patch to the
hole and still claims an algorithm. It would be nice to have a program at
Cryptography-Digest Digest #880
Cryptography-Digest Digest #880, Volume #12 Mon, 9 Oct 00 15:13:00 EDT
Contents:
SDMI - Answers to Major Questions ([EMAIL PROTECTED])
Re: Choice of public exponent in RSA signatures (DJohn37050)
Re: Can anyone point me to info on this privacy code ?Big sample (John Myre)
What is "freeware"? (was: Re: Any products using Rijndael?) (Paul Schlyter)
Re: FTL Computation ([EMAIL PROTECTED])
Re: FTL Computation ([EMAIL PROTECTED])
Re: Error-correcting code ? ([EMAIL PROTECTED])
Re: WEP (Ichinin)
Re: Looking Closely at Rijndael, the new AES (John Savard)
Re: Rijndael test vectors (John Savard)
Re: A new paper claiming P=NP (Rajarshi Ray)
Re: Rijndael test vectors (John Savard)
Re: FTL Computation ("Paul Lutus")
Re: On block encryption processing with intermediate permutations (Bryan Olson)
Re: On block encryption processing with intermediate permutations (Mok-Kong Shen)
Re: The talk of R. Moris (Jim Gillogly)
Re: securely returning password info to a server from a client ("William A. McKee")
MITM attack ("William A. McKee")
Re: Looking Closely at Rijndael, the new AES (John Myre)
Re: xor algorithm ("William A. McKee")
From: [EMAIL PROTECTED]
Subject: SDMI - Answers to Major Questions
Date: Mon, 09 Oct 2000 17:03:35 GMT
Hi folks - having read a number of Internet articles and posts from
concerned and/or irate MP3 fans about the possible future of MP3s
in an SDMI-oriented world, I was lucky enough to get SDMI
executive director Leonardo Chiariglioni on the phone to ask him
some of these questions directly -- some of his answers are pretty
interesting. Check out the interview at
http://www.neato.com/default.asp?goto=Articles/neatonicks.asp
Topics we covered, among others:
- will SDMI-compatible players ALWAYS play unencoded MP3s
- will SDMI watermarking affect audio quality
- the possibility of re-encoding SDMI files as regular MP3s from an
analog signal
- the success of "Hack SDMI"
-- Nick Appleby
NEATO-nicks at NEATO.com
http://www.neato.com/default.asp?goto=Articles/neatonicks.asp
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Choice of public exponent in RSA signatures
Date: 09 Oct 2000 17:20:02 GMT
I think that in this case the signature includes the message.
Don Johnson
--
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Can anyone point me to info on this privacy code ?Big sample
Date: Mon, 09 Oct 2000 11:12:54 -0600
Jim Gillogly wrote:
> Actually, that'd be a good way to do stego.
Yeah, well, it *was* a good way...
JM
--
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: What is "freeware"? (was: Re: Any products using Rijndael?)
Date: 9 Oct 2000 18:37:11 +0200
In article <[EMAIL PROTECTED]>,
Runu Knips <[EMAIL PROTECTED]> wrote:
> Besides the fact that I believe Blowfish is very
> hard to break (as described above), the two
> *fish ciphers are also free, while using IDEA
> legally is only possible in (a) freeware or
> (b) for a IMHO really expensive license.
What do youi consider "freeeware" ? Any software which can be
legally used for free? Well, that's what I though, until I
encountered someone in another NG who by "freeware" meant
"copyrighted freeware" -- according to that person, "public domain"
was a class of its own, distinct from "freeware". And most other
participants in the NG seemed to agree.
So I'd like to ask the participants in this NG: how do you
define "freeware"? And in particular: is "public domain" one
class of "freeware", or is it distinct from "freeware"?
--
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se orpaul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pauschhttp://welcome.to/pausch
--
Date: Mon, 09 Oct 2000 13:18:44 -0700
From: [EMAIL PROTECTED]
Crossposted-To: sci.astro,sci.physics.relativity,sci.math
Subject: Re: FTL Computation
ca314159 wrote:
>
> If the projection of a spot of light can virtually move FTL
> then so too can the projected images of a slide rule's slides.
> The computation 'in effect', takes place FTL.
>
But the time between when you move the slide and you see
the projection is still the round trip light travel time
to the thing you're projecting the slide onto.
The real limitation is how fast you can transmit information.
John Anderson
--
Date: Mon, 09 Oct 2000 13:35:02 -0700
From: [EMAIL PROTECTED]
Crossposted-To: sci.astro,sci.physics.relativity,sci.math
Subject: Re: FTL Computation
Paul Lutus wrote:
>
> ca314159 <[EMAIL PROTECTED]> wrote in message
> news:8rpohl$t7q$[EMAIL PROTECTED]...
>
> > If the projectio
Cryptography-Digest Digest #879
Cryptography-Digest Digest #879, Volume #12 Mon, 9 Oct 00 13:13:01 EDT
Contents:
Re: Rijndael has a very good S-Box (John Savard)
Re: Choice of public exponent in RSA signatures (DJohn37050)
Re: Rijndael has a very good S-Box (John Savard)
Re: A new paper claiming P=NP (David C. Ullrich)
Re: education where ???please help ("Sam Simpson")
Re: Rijndael test vectors (Tim Tyler)
Re: Looking Closely at Rijndael, the new AES (Tim Tyler)
Re: It's Rijndael (Tim Tyler)
Re: Choice of public exponent in RSA signatures (Francois Grieu)
Re: A new paper claiming P=NP (Rajarshi Ray)
Re: A new paper claiming P=NP (David C. Ullrich)
Re: Looking Closely at Rijndael, the new AES (John Myre)
Re: Why trust root CAs ? (Anne & Lynn Wheeler)
Re: Rijndael test vectors (John Myre)
new SNAKE web page ([EMAIL PROTECTED])
Re: Why trust root CAs ? (Vernon Schryver)
Re: Requirements of AES (Rob Warnock)
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Rijndael has a very good S-Box
Date: Mon, 09 Oct 2000 12:43:19 GMT
On Mon, 09 Oct 2000 12:28:27 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
>The differential behavior of the Rijndael S-box is simply astounding.
>If you consider S(i) xor S(i xor diff), for all 256 values of i, this
>expression will often take on a value zero or two times instead of
>once, as is ideal...and may take on one value _four_ times.
The same is true of the inverse S-box.
109 * x xor 77 is the best GF(2^8) approximation of the inverse S-box,
and it is true 10 times out of 256. For the inverse S-box, however,
clumps of approximations with different xor constants do not appear.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
--
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Choice of public exponent in RSA signatures
Date: 09 Oct 2000 13:29:03 GMT
In ISO 9796-2 draft and IEEE P1363a, PSS using no RN is being thought of as
"similar" to FDH. They are not identical, but this simplifies things if no RN
is available.
Don Johnson
--
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Rijndael has a very good S-Box
Date: Mon, 09 Oct 2000 13:30:54 GMT
On Mon, 09 Oct 2000 12:28:27 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
>For a=1 and a=23, there are multiple "approximations" that show up,
>and most commonly they are true around 8 times.
There was a bug in my program; I didn't use logarithms in G(2^8)
properly.
When corrected, no linear approximation is true more than 6 times for
the S-box - and the same, of course, applied, as it must, to the
inverse S-box as well. Neither was the "clumping" behavior observed,
although for some values of a, four values of b produced
approximations.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
--
From: [EMAIL PROTECTED] (David C. Ullrich)
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: Mon, 09 Oct 2000 13:43:30 GMT
Reply-To: [EMAIL PROTECTED]
On Mon, 09 Oct 2000 04:47:22 GMT, Rajarshi Ray <[EMAIL PROTECTED]>
wrote:
[...]
>Is it not possible to implement the presented algorithm and try it out
>on examples to see the growth rate, just as a preliminary check?
No. Suppose that a(n) is a sequence of integers and
a(n) = 2^(2^(^n)) for all n less than 10^(10^10). Does a(n)
have polynomial growth?
>--
>"The most incomprehensible thing about the universe is
> that it is comprehensible."
>
> - Albert Einstein
--
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: education where ???please help
Date: Mon, 9 Oct 2000 14:50:56 +0100
Royal Holloway (near Egham, that's near you, right?) offers
postgraduate courses (including M.Sc).
They've got / had a few "big names" there, including Prof F.Piper,
Sean Murphy, D.Gollmann and Matt Robshaw. Course details are
available at: http://isg.rhbnc.ac.uk/
--
Sam Simpson
http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
simon <[EMAIL PROTECTED]> wrote in message
news:8rqd3m$pl6$[EMAIL PROTECTED]...
> dear group i live in surrey uk and wish to learn about cryptography
> but i cannot find anywhere that offers any courses please could
anybody
> point me in a direction
> i would be very grateful
> SIMON P.
>
>
--
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Rijndael test vectors
Reply-To: [EMAIL PROTECTED]
Date: Mon, 9 Oct 2000 11:50:04 GMT
John Savard <[EMAIL PROTECTED]> wrote:
: Let me tell you a little story.
: In the course of my previous employment, a programmer in a neighboring
: office was trying to write a program in BASIC to draw pie charts on
: his new plotter with his shiny new IBM Personal Computer AT.
: But the pie charts
Cryptography-Digest Digest #878
Cryptography-Digest Digest #878, Volume #12 Mon, 9 Oct 00 09:13:00 EDT
Contents:
Re: Why trust root CAs ? (Vernon Schryver)
Re: Why trust root CAs ? (Daniel James)
Re: Why trust root CAs ? (Daniel James)
Re: It's Rijndael (Marc)
Re: Any products using Rijndael? (Runu Knips)
Re: Choice of public exponent in RSA signatures (Francois Grieu)
xor algorithm ("Antonio Merlo")
Re: SDMI challenge (Dido Sevilla)
Re: Internet Security Question ("Tony")
Re: xor algorithm (Eric Hambuch)
Re: securely returning password info to a server from a client ("Arnold Shore")
Re: Microsoft CAPI's PRNG seeding mechanism ("ink")
Re: The talk of R. Moris (Ross Anderson)
Rijndael has a very good S-Box (John Savard)
SSL/TLS Certificate Request message ("Johnny")
Re: Why trust root CAs ? (Anne & Lynn Wheeler)
Re: Advanced Encryption Standard - winner is Rijndael (Tim Tyler)
Re: Why trust root CAs ? (Anne & Lynn Wheeler)
From: [EMAIL PROTECTED] (Vernon Schryver)
Subject: Re: Why trust root CAs ?
Date: 8 Oct 2000 08:52:32 -0600
In article <[EMAIL PROTECTED]>,
Anne & Lynn Wheeler <[EMAIL PROTECTED]> wrote:
> ...
>However, if public keys are registered (along with the domain name),
>the existing domain name infrastructure could return the public key in
>addition to other information.
>
>This creates something of a catch-22 for ca infrastructure ... fixing
>the domain name integrity (with public keys) so that CAs can rely on
>domain name integrity as the authoritative source for domain names
>... also creates the avenue making the domain name certificates
>redudant and superfulous.
Like the new secure DNS machinery, where every DNS server signs its
answers, establishing a chain of authenticating public key signatures back
to the root?
There's promise there, but also problems. I've not been keeping up, but
I understand that one problem is that they've not figured out how to sign
all of the RR's in .com before it's time to sign them all again. It takes
time to sign 30,000,000 records with a public key. Another problem is
that adding signatures make packets on the wire a lot bigger.
Vernon Schryver[EMAIL PROTECTED]
--
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: Why trust root CAs ?
Date: Mon, 09 Oct 2000 10:20:49 +0100
Reply-To: [EMAIL PROTECTED]
In article , Lyalc wrote:
> An electronic signature related to a specific purchase order has no inherent
> relationship to an electronic signature on the transaction paying for that
> order. That's how business is today, and neither CAs nor certs are going to
> change that anytime soon.
No, I'm afraid you're probably right. That doesn't alter the fact that the
technology exists to improve the security of the whole business model.
> A certificate issued by your bank has no meaning when it comes to your
> ability to send an email or be bound by the email's contents, apart from
> saying "person X is known to us and has an account".What's in it for the
> bank? The bank has the same liability, added infrstructure to operate and
> no cost savings. Why would a bank be a CA?
A bank would be a CA to issue certificates for its own customers' online
banking and eCommerce activities because that eliminates the need for anyone
to trust a 3rd-party CA. A bank might well not want to accept any liability
for any other use of the certificates it issues - but could do so as a service
to its customers if those customers demanded it (e.g. to stop them moving
their business to another bank that did offer that service).
> Trusting Root CAs:
> Well, you can only trust them as much as you trust your software - no more.
> If a false "CA Root" cert is inserted into the CA Cert store ..., then
> any certificate signed by that false CA will be trusted by your machine.
You have to trust the software, certainly, and that is a problem that can be
at least partly solved by code-signing and other such techniques.
If the certificate store for the root CA cert is a read-only file on your
(smart) credit card you can have rather more confidence in it than if it just
resides on a disk.
> Will you check the CA trust chain and CRL for every cert you receive?
> If not, then you rely on the trust you place in your machine, not the CA.
One should make that check, yes, whenever the certificate is used for any
value-bearing transaction. I wouldn't expect a bank or credit card company to
have to uphold any payment made using a revoked or expired certificate.
Cheers,
Daniel
--
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: Why trust root CAs ?
Date: Mon, 09 Oct 2000 10:20:50 +0100
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Anne & Lynn Wheeler wrote:
> in retail business wtih consumer ... having consumer "identity"
> certificates ... creates privacy issues.
In face-to-face retail business,
Cryptography-Digest Digest #877
Cryptography-Digest Digest #877, Volume #12 Mon, 9 Oct 00 05:13:00 EDT
Contents:
Re: Can anyone point me to info on this privacy code ?Big sample (Jim Gillogly)
Re: (fwd) A secure encrypted IRC network. (David Schwartz)
Re: A new paper claiming P=NP (Rajarshi Ray)
Re: Microsoft CAPI's PRNG seeding mechanism (Jack Love)
Re: education where ???please help (Dido Sevilla)
RC5 Test Vectors ("Chris Kerslake")
ElGamal in Java ("William A. McKee")
Re: It's Rijndael (Bryan Olson)
Re: Internet Security Question ("Tony")
Re: CRC vs. HASH functions (Bryan Olson)
Re: How Colossus helped crack Hitler's codes (Olivier Breard)
Re: Why wasn't MARS chosen as AES? (Runu Knips)
Re: On block encryption processing with intermediate permutations (Mok-Kong Shen)
RSA Cryptography Today FAQ (1/1) ([EMAIL PROTECTED])
Re: SDMI challenge (Scott Craver)
Re: Internet Security Question (Paul Rubin)
Re: A new paper claiming P=NP (Volker Hetzer)
Re: It's Rijndael (Bryan Olson)
Re: SDMI challenge (Scott Craver)
Re: SDMI challenge (David Blackman)
Re: TEA (Runu Knips)
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Can anyone point me to info on this privacy code ?Big sample
Date: Mon, 09 Oct 2000 04:16:05 +
webb wrote:
> I found a Usenet post in what appears
> to be a privacy code - looks to me like the stuff
> Subject: kqelm pcmncy insue deloe kjkskbz fhe efm tbeuf
> mkf From: [EMAIL PROTECTED] Date: 2000/04/09 Newsgroups:
> alt.fan.ed-wood
>
> Zefbfkllr rertsm xeky auifueemm flfasslf uny oeeiy oivei teu ysde
> feapi mbaxi mcf ndsvkm esr umuie!
It's produced by a spamming tool called Hipcrime.
See: http://www.howardknight.net/hipcrime/NewsAgent.html
There's no plaintext underneath it.
Actually, that'd be a good way to do stego. Since everybody
there's no underlying plaintext in this type of post, they won't bother
trying to decrypt it, just snarling at the spammers each time it turns
up.
--
Jim Gillogly
Trewesday, 18 Winterfilth S.R. 2000, 04:12
12.19.7.11.2, 5 Ik 5 Yax, Sixth Lord of Night
--
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: (fwd) A secure encrypted IRC network.
Date: Sun, 08 Oct 2000 21:30:59 -0700
those who know me have no need of my name wrote:
>
> <[EMAIL PROTECTED]> divulged:
>
> >The network seems to work well, and a lot of users come to it,
> >but as far as I know - it is in development stages.
>
> 120 isn't very many users. have you modeled what the flow requirements
> might be like when thousands are using it?
RC4 is fast enough that a server encrypting/decrypting with it could
easily encrypt/decrypt more traffic than could fit down its 'net pipes.
DS
--
From: Rajarshi Ray <[EMAIL PROTECTED]>
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: Mon, 09 Oct 2000 04:47:22 GMT
Stas Busygin wrote:
>
> Dear Fellows!
>
> A new paper has just been published in Stas Busygin's Repository
> for Hard Problems Solving. It is "An Efficient Algorithm for the
> Minimum Clique Partition Problem" by A. Plotnikov. Please find this
> proposal on efficient solving of an NP-hard problem at:
> http://www.busygin.dp.ua/clipat.html
> http://www.geocities.com/st_busygin/clipat.html (mirror)
>
> The publication policy of the repository may be found at:
> http://www.busygin.dp.ua/call.html
> http://www.geocities.com/st_busygin/call.html (mirror)
>
> Best regards,
>
> Stas Busygin
> email: [EMAIL PROTECTED]
> WWW: http://www.busygin.dp.ua
Is it not possible to implement the presented algorithm and try it out
on examples to see the growth rate, just as a preliminary check?
--
"The most incomprehensible thing about the universe is
that it is comprehensible."
- Albert Einstein
--
From: Jack Love <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Microsoft CAPI's PRNG seeding mechanism
Date: Sat, 07 Oct 2000 22:00:13 -0700
On Fri, 06 Oct 2000 07:30:18 -0700, JCA <[EMAIL PROTECTED]>
wrote:
>Pascal JUNOD wrote:
>
>> Does someone have any information about it, or do I have to trust
>> Microsoft about their crypto
>> capabilities ?
>>
>
>If anything, you would have to adopt the opposite attitude: trust that
>
>their crypto capabilities are flawed.
>
>MS is well-known for not taking security seriously.
>
>
>
Windows 2k was recently given a C2 rating.
--
From: Dido Sevilla <[EMAIL PROTECTED]>
Subject: Re: education where ???please help
Date: Mon, 09 Oct 2000 13:42:57 +0800
simon wrote:
>
> dear group i live in surrey uk and wish to learn about cryptography
> but i cannot find anywhere that offers any courses please could anybody
> point me in a direction
> i would be very grateful
> SIMON
