Cryptography-Digest Digest #720
Cryptography-Digest Digest #720, Volume #13 Tue, 20 Feb 01 08:13:01 EST
Contents:
Re: FAQ ("John A. Malley")
New unbreakable code from Rabin? (Roger Schlafly)
Re: New unbreakable code from Rabin? ("Douglas A. Gwyn")
Re: Super strong crypto (wtshaw)
Re: My encryption system. (Paul Crowley)
Re: Given any arbitrary numbers a and b.Can I ALWAYS find a (Jan Kristian Haugland)
Re: Euler's totient function and factoring (Stefan Katzenbeisser)
Re: New unbreakable code from Rabin? (Mok-Kong Shen)
Re: Super strong crypto (Mok-Kong Shen)
Re: New unbreakable code from Rabin? (Hard)
Re: The Kingdom of God ("Jashter")
Re: Is there an algorithm to sequentially enumerate all transcendental numbers?
("Henrick Hellström")
Re: Ciphile Software: Why .EXE files so large (Anthony Stephen Szopa)
Re: OverWrite freeware completely removes unwanted files from hard drive (Anthony
Stephen Szopa)
Re: Is there an algorithm to sequentially enumerate all transcendental numbers?
Re: New unbreakable code from Rabin? (John Savard)
Re: New unbreakable code from Rabin? (John Savard)
Re: What's a KLB-7? (John Savard)
Re: Given any arbitrary numbers a and b. Can I ALWAYS find a transcendental number
between a and b? (John Savard)
From: "John A. Malley" [EMAIL PROTECTED]
Subject: Re: FAQ
Date: Mon, 19 Feb 2001 21:22:40 -0800
kwd_kwp0ee9j9 wrote:
where can I find this newsgroup FAQ?
Posted here every 28 days or so, and there's a copy at
http://www.landfield.com/faqs/cryptography-faq/
Hope this helps,
John A. Malley
[EMAIL PROTECTED]
--
From: Roger Schlafly [EMAIL PROTECTED]
Subject: New unbreakable code from Rabin?
Date: Mon, 19 Feb 2001 21:45:09 -0800
From the NY Times:
In essence, the researcher, Dr. Michael Rabin and his Ph.D.
student Yan Zong Bing, have discovered a way to make a code
based on a key that vanishes even as it is used. While they are not the
first to have thought of such an idea, Dr. Rabin says that never before
has
anyone been able to make it both workable and to prove mathematically
that the code cannot be broken.
"This is the first provably unbreakable code that is really efficient,"
Dr.
Rabin said. "We have proved that the adversary is helpless."
http://www.nytimes.com/2001/02/20/science/20CODE.html?pagewanted=all
(free reg reqd)
--
From: "Douglas A. Gwyn" [EMAIL PROTECTED]
Subject: Re: New unbreakable code from Rabin?
Date: Tue, 20 Feb 2001 06:07:29 GMT
Roger Schlafly wrote:
From the NY Times:
Thanks for the pointer. Upon closer examination, this is a method
that I have seen before, perhaps in this newsgroup -- basically,
establish a publicly visible stream of random bits, and the
communicating parties select a running sample from the bit stream
pool according to some agreed-upon rule, and use that as an XOR
stream one-time key. The idea is apparently that since the enemy
cannot store all the "infinite" bit pool, he cannot keep up with
the communicants, since he doesn't know in advance of analysis
which of the pool bits need to be recorded.
--
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Super strong crypto
Date: Mon, 19 Feb 2001 23:53:58 -0600
In article [EMAIL PROTECTED], Bryan Olson
[EMAIL PROTECTED] wrote:
Actually, the straw-man system loops out. Sending a
new key encrypted under the old key does not move away
from the unicity distance, so the system has to send
another immediately, then another, then another
I suppose some systems would actually loop out, but this is no excuse for
systems that loop as a norm.
Is "natural lifetime" some property of a key?
So given systems for which computational security
cannot be determined, you can produce systems with the
same property.
One aspect of strength is surely having the rough equivalent of a long
unicity distance, but that concept may be fading. Nevertheless, being
able to use a key for a longer time because it can resist analysis
oflanger passages seems important.
--
Better to pardon hundreds of guilty people than execute one
that is innocent.
--
Subject: Re: My encryption system.
From: Paul Crowley [EMAIL PROTECTED]
Date: Tue, 20 Feb 2001 06:32:52 GMT
Boris Kazak [EMAIL PROTECTED] writes:
(P.S. If no-one else has what I have, does that make me King Cryppie???).
Time to set an appointment with a psychiatrist...
In this country, we don't take our kids to the shrink for being
adolescent...
("All I wanted was a Pepsi! But she wouldn't give it to me!")
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
--
From: Jan Kristian Haugland [EMAIL PROTECTED]
Crossposted-To: sci.math
Subject: Re: Given any arbitrary numbers a and b.Can I ALWAYS find a
Date: Tue, 20 Feb 2001 07:41:09 +0100
John Savard wrote:
On Mon, 19 Feb
Cryptography-Digest Digest #721
Cryptography-Digest Digest #721, Volume #13 Tue, 20 Feb 01 11:13:00 EST
Contents:
Reverse encoding question^2 (Paul Starzetz)
Re: MQV implementation ("Alexander Schmitt")
Re: Is there an algorithm to sequentially enumerate all transcendental numbers?
(David C. Ullrich)
Re: Given any arbitrary numbers a and b. Can I ALWAYS find a transcendental number
between a and b? (David C. Ullrich)
Re: The Kingdom of God (Alun Jones)
Re: The Kingdom of God (William Hugh Murray)
Re: Given any arbitrary numbers a and b. Can I ALWAYS find a transcendental number
between a and b? (Dave Seaman)
Re: CipherText patent still pending (John Myre)
From: Paul Starzetz [EMAIL PROTECTED]
Subject: Reverse encoding question^2
Date: Tue, 20 Feb 2001 14:15:46 +0100
Hi ppl,
thanks for the answer to my previous posting, I didn't realize that my
problem is really simple :-)
Here comes a real one:
given a cipher C (working on 8 byte long blocks) and encrypted text X,
what plaintext shall I use to
obtain X, _if_ the encryption key of the cipher C is known AND we need
to change the last plain text block to contain some function F of the
preceeding plain text blocks and one free 32 bit value.
I have to solve this problem for either blowfish or 3des and the
function F to be the well known (I think) crc32 code.
Small example:
I have to produce 3des-cbc encrypted data having full controll over the
used encryption key and the one 32bit free value, but after encryption
the output has to be e.g.:
0xabdc0001 whatever 0xabdc0001 whatever ... 0xabdc0001 whatever [DEFINED VALUE]
[NOT IMPORTANT]
-- CBC block 0 -- -- CBC block 1 -- ... -- CBC block N-1 -- --- CBC
block N --
8 bytes 8 bytes8 bytes 8
bytes
where whatever doesn't matter (I can set it to be whatever I want),
0xabdc0001 is the value I want to be the first 32 bits of every 8 byte
block (I must be able to deal with any integer here) and DEFINED VALUE
is what I want to be in the last encrypted data block. NOT IMPORTANT
stands for the resulting encrypted data after we stored the crc32 in the
plain text but the value doesn't matter (it only needs to be decryptable
again and result in valid crc32 value at this position after decryption
of the whole packet)
before encryption we would have the following data:
[plain block 0] [plain block 1] ... [plain block N-1] [FREE VALUE CRC32]
where plain blocks results from decrypting cipher blocks 0...N-1 (with
the 0xabdc0001's), crc32 is the crc32 checksum taken over the plain text
blocks 0...N-1 AND the FREE VALUE (8*N+4 bytes). FREE VALUE is the 32
bit value we can vary. We can change the FREE VALUE before crc32 is
calculated but after encryption of the last (Nth) block I want to obtain
DEFINED VALUE in the place of FREE VALUE. DEFINED VALUE is some integer,
if it would simplify this problem, it can be assumed to be 0x.
So the problem I have is that the CBC des (or another cipher) code would
encrypt the whole 8 byte block mixing the value of CRC32 with free
value. I wonder if there exists a solution to this.
I attach the crc32 code, if it isn't so common...
Paul.
/* = */
/* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or */
/* code or tables extracted from it, as desired without restriction. */
/**/
/* First, the polynomial itself and its table of feedback terms. The*/
/* polynomial is */
/* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 */
/**/
/* Note that we take it "backwards" and put the highest-order term in*/
/* the lowest-order bit. The X^32 term is "implied"; the LSB is the */
/* X^31 term, etc. The X^0 term (usually shown as "+1") results in */
/* the MSB being 1. */
/**/
/* Note that the usual hardware shift register implementation, which */
/* is what we're using (we're merely optimizing it by doing eight-bit*/
/* chunks at a time) shifts bits into the lowest-order term. In our */
/* implementation, that means shifting towards the right. Why do we */
/* do it this way? Because the calculated CRC must be transmitted in*/
/* order from highest-order term to lowest-order term. UARTs transmit */
/* characters in order from LSB to MSB. By storing the CRC this way,*/
/* we hand it to the UART in the order low-byte to high-byte; the UART */
/* sends each low-bit to hight-bit; and the result is
Cryptography-Digest Digest #722
Cryptography-Digest Digest #722, Volume #13 Tue, 20 Feb 01 11:13:00 EST Contents: [SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 (Shannon Appel) From: Shannon Appel [EMAIL PROTECTED] Subject: [SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 Crossposted-To: alt.security,comp.security.misc,comp.protocols,comp.infosystems.www.misc,alt.answers,comp.answers,news.answers,sci.answers Date: 20 Feb 2001 15:47:43 GMT Content-type: text/x-usenet-FAQ; version=1.1; title="[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1" Archive-name: computer-security/ssl-talk-faq Posting-Frequency: monthly Last-modified: Nov 16 12:00:00 PST 1998 Version: 1.1.1 (text) Mon Nov 16 12:00:00 PST 1998 URL: http://www.consensus.com/security/ssl-talk-faq.html Copyright-Notice: (c) Copyright 1996-1998 by Consensus Development Corporation -- All Rights Reserved SSL-Talk FAQ Secure Sockets Layer Discussion List FAQ v1.1.1 Mon Nov 16 12:00:00 PST 1998 FAQ Maintained by: Shannon Appel [EMAIL PROTECTED] Consensus Development Corporation http://www.consensus.com/ The latest edition of this FAQ can always be found at: http://www.consensus.com/security/ssl-talk-faq.html http://www.consensus.com/security/ssl-talk-faq.txt Copyright (c) 1996-1998 Consensus Development Corporation - All Rights Reserved * Due to the November 15, 1998 dissolution of the SSL-Talk mailing list, this will be the last version of this FAQ in its current form. It will be replaced by a more general TLS SSL FAQ in the near future that is not tied to any mailing list or newsgroup. * All information contained in this work is provided "as is." All warranties, expressed, implied or statutory, concerning the accuracy of the information of the suitability for any particular use are hereby specifically disclaimed. While every effort has been taken to ensure the accuracy of the information contained in this work, the authors assume(s) no responsibility for errors or omissions or for damages resulting from the use of the information contained herein. This work may be copied in any printed or electronic form for non-commercial, personal, or educational purposes if the work is not modified in any way, provided that the copyright notice, the notices of any other author included in this work, and this copyright agreement appear on all copies. Consensus Development Corporation also grants permission to distribute this work in electronic form over computer networks for other purposes, provided that, in addition to the terms and restrictions set forth above, Consensus Development Corporation and/or other cited authors are notified and that no fees are charged for access to the information in excess of normal online charges that are required for such distribution. This work may also be mentioned, cited, referred to or described (but not copied or distributed, except as authorized above) in printed publications, on-line services, other electronic communications media, and otherwise, provided that Consensus Development Corporation and any other cited author receives appropriate attribution. Comments about, suggestions about, or corrections to this document are welcomed. If you would like to ask us to change this document in some way, the method we appreciate most is for you to actually make the desired modifications to a copy of the posting, and then to send us the modified document, or a context diff between the posted version and your modified version (if you do the latter, make sure to include in your mail the "Version:" line from the posted version). Submitting changes in this way makes dealing with them easier for us and helps to avoid misunderstandings about what you are suggesting. Many people have in the past provided feedback and corrections; we thank them for their input. In particular, many thanks to: Christopher Allen [EMAIL PROTECTED] Shannon Appel [EMAIL PROTECTED] Nelson Bolyard [EMAIL PROTECTED] Tim Dierks [EMAIL PROTECTED] Eric Greenberg [EMAIL PROTECTED] Charles Neerdaels [EMAIL PROTECTED] Bruce Schneier [EMAIL PROTECTED] Tom Weinstein [EMAIL PROTECTED] Jonathan Zamick [EMAIL PROTECTED] Remaining ambiguities, errors, and difficult-to-read passages are not their fault. :) == CONTENTS 1) THE
Cryptography-Digest Digest #723
Cryptography-Digest Digest #723, Volume #13 Tue, 20 Feb 01 14:13:01 EST
Contents:
Re: New unbreakable code from Rabin? (Erwin Bolwidt)
Question about RSA excryption... (Taylor Francis)
Re: Question about RSA excryption... ("Jeff Moser")
Re: New unbreakable code from Rabin? (Steve Portly)
Re: A different concept for email encryption ?? (Paul Crowley)
Re: Password authentication with symmetric key exchange (Paul Crowley)
Re: Is there an algorithm to sequentially enumerate all transcendental numbers?
(Paul Crowley)
Re: CipherText patent still pending (Benjamin Goldberg)
Re: Super strong crypto (Benjamin Goldberg)
Re: Question about RSA excryption... (Benjamin Goldberg)
Re: Key expansion. ("Cristiano")
Re: MQV implementation (Mike Rosing)
Re: Question about RSA excryption... ([EMAIL PROTECTED])
Re: New unbreakable code from Rabin? (Mok-Kong Shen)
Anonymous web surfing? (Mok-Kong Shen)
Re: Password authentication with symmetric key exchange ("Henrick Hellström")
Re: Key expansion. ("Cristiano")
Re: Fast DES-crypt question ("Didier F.")
From: Erwin Bolwidt [EMAIL PROTECTED]
Subject: Re: New unbreakable code from Rabin?
Date: Tue, 20 Feb 2001 16:52:59 +0100
Hard wrote:
[...]
You can fit a stack of common DVD disks (4GB - very conservative) 18
of them to an inch in the space a human man would stand (six stacks at
72 inches each) and have eight hours worth of this stream.
Now it is true that most individuals or groups of individuals could
not keep up with this, but I'm *sure* the NSA could if it would mean
being able to chew through a significant portion of encrypted traffic.
The adversary does not appear to be helpless. But again, one of you
is probably going to clue me in as to why Dr. Rabin's scheme is
provably impossible to crack.
BTW, thanks for the post, Mr. Schlafly.
I wonder why this method should be considered 'practical'. The NY Times
article talks about some source of the random data, like a satelite
broadcasting a random data stream at an extremely fast rate.
I don't really see how launching a satelite for your private
communications is more practical than sending a One-Time Pad on a set of
DVD's to another party. Well-funded terrorist groups, drug traffickers,
military organizations and other well-funded people could probably do
both with a reasonable guarantee of success.
A One-Time Pad could have been intercepted or copied while it was being
sent to the receiver, and a satelite can also be tampered with before
launch or perhaps even after launch if the adversary has enough
technology.
Using a 'random data source' that you don't control is even worse, since
you have no guarantee at all then that it is really random. The easiest
way to crack this scheme seems to me to make sure that the random data
source (like the satelite) is instead a good PRNG that can be repeated
by an attacker that knows the seed of the generator.
But that's just what I think after reading the NY Times article, I'd
hope that Rabin has something better.
Erwin
--
From: Taylor Francis [EMAIL PROTECTED]
Subject: Question about RSA excryption...
Date: Tue, 20 Feb 2001 10:53:14 -0600
Admittedly, I'm a beginner, but the RSA method, seems to produce the
same ciphertext for the same plaintext. Despite the prime numbers and
difficultites of factoring, doesn't this just produce a simple
substitution cipher?
How is this difficulty overcome?
--
From: "Jeff Moser" [EMAIL PROTECTED]
Subject: Re: Question about RSA excryption...
Date: Tue, 20 Feb 2001 12:06:57 -0500
same ciphertext for the same plaintext. Despite the prime numbers and
difficultites of factoring, doesn't this just produce a simple
substitution cipher?
No,
p = 1234567891
q = 9876543211
N = pq = 12193263122374638001
e = 65537
d = 12191402595354763373
Encrypting the message "111222" yields: 4883125278959820367
Encrypting the message "222111" yields: 9586466168913275336
As you can see, the encrypted values are quite different. If you send the
same message over and over.. consider adding "salt" of random bits to the
front of a message.
Jeff
--
From: Steve Portly [EMAIL PROTECTED]
Subject: Re: New unbreakable code from Rabin?
Date: Tue, 20 Feb 2001 12:20:27 -0500
Erwin Bolwidt wrote:
[...]
Using a 'random data source' that you don't control is even worse, since
you have no guarantee at all then that it is really random. The easiest
way to crack this scheme seems to me to make sure that the random data
source (like the satelite) is instead a good PRNG that can be repeated
by an attacker that knows the seed of the generator.
But that's just what I think after reading the NY Times article, I'd
hope that Rabin has something better.
It sounds as though you believe that the output of a good algorithmic PRNG
is less likely to
Cryptography-Digest Digest #724
Cryptography-Digest Digest #724, Volume #13 Tue, 20 Feb 01 17:13:01 EST
Contents:
Re: Question about RSA excryption... (Taylor Francis)
Re: Key expansion. ("Cristiano")
Re: A different concept for email encryption ?? (Paul Rubin)
Re: Anonymous web surfing? (Paul Rubin)
Re: Key expansion. (Ichinin)
Re: Question about RSA excryption... ("Jeff Moser")
Re: New unbreakable code from Rabin? (Ichinin)
Re: Question about RSA excryption... (Jerry Coffin)
Re: Given any arbitrary numbers a and b. Can I ALWAYS find a (Richard
Heathfield)
Random number encryption (Taylor Francis)
Re: Key expansion. ("Cristiano")
Shall you reach to Heaven to help the work of Angels to help those who want to reach
Heaven ... tell me the truth and I shall reach Heaven ... ([EMAIL PROTECTED])
Re: Is there an algorithm to sequentially enumerate all transcendental ("Trevor L.
Jackson, III")
Re: New unbreakable code from Rabin? ("Trevor L. Jackson, III")
Re: New unbreakable code from Rabin? ("Trevor L. Jackson, III")
Re: New unbreakable code from Rabin? ("Trevor L. Jackson, III")
Re: The Kingdom of God ("Trevor L. Jackson, III")
Re: Is there an algorithm to sequentially enumerate all transcendental (Doug
Kuhlman)
From: Taylor Francis [EMAIL PROTECTED]
Subject: Re: Question about RSA excryption...
Date: Tue, 20 Feb 2001 13:13:21 -0600
Jeff Moser wrote:
p = 1234567891
q = 9876543211
N = pq = 12193263122374638001
e = 65537
d = 12191402595354763373
Encrypting the message "111222" yields: 4883125278959820367
Encrypting the message "222111" yields: 9586466168913275336
how did you do that? byte by byte or digit by digit or pair by pair,
how? and how did the ciphertexts turn out different?
--
From: "Cristiano" [EMAIL PROTECTED]
Subject: Re: Key expansion.
Date: Tue, 20 Feb 2001 20:05:01 +0100
I don't think that Cristiano wanted to do anything more than encrypt
messages securely (without having to keep a copy of the key bits).
Yes, this is what I want to do.
However, it interest me also the case in which I am the unique owner of the
message.
Cristiano
--
From: Paul Rubin [EMAIL PROTECTED]
Subject: Re: A different concept for email encryption ??
Date: 20 Feb 2001 11:21:48 -0800
Paul Crowley [EMAIL PROTECTED] writes:
Under some circumstances PK-based identifiers make sense; see SPKI.
If you need them to be shorter, hash them and truncate all but, say,
the first 96 bits of the hash; you don't have to worry about birthday
attacks against the hash function, only second preimage attacks, which
are much more expensive.
With MIME-style 8-into-6 encoding, 96 bits is 16 characters:
[EMAIL PROTECTED]
which I think is pretty practical.
How do you use the hash as a public key? I missed something.
--
From: Paul Rubin [EMAIL PROTECTED]
Subject: Re: Anonymous web surfing?
Date: 20 Feb 2001 11:24:25 -0800
Mok-Kong Shen [EMAIL PROTECTED] writes:
The German news magazine Spiegel in its recent issue
(19th Feb) reports that a software firm Safeweb sales a
product named Triangle Boy that enables one to surf on the
internet anonymously without leaving any traces. Does
anyone have experience with that software or can tell
the principles of its functioning? I can't yet imagine
that surfing from a fixed location couldn't be recorded
and analysed for finding out which sites (at least some
of them) one has visited. Thanks.
Triangle Boy is either still unreleased or was just released, so nobody
in the general public has experience with it yet.
Basically it's just an http proxy that you can run on your own
computer, that rewrites url's in html that it passes through,
so A can surf B's website through yours:
Ayour computerB
and B sees web hits coming from your computer rather than A's.
Safeweb's proxy is similar to Anonymizer.com but they did a really
nice job. Give it a try: www.safeweb.com.
--
From: Ichinin [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Key expansion.
Date: Sat, 17 Feb 2001 19:16:49 +0100
Cristiano wrote:
If I want to use 192 or 256 bits how would I do?
There are problems if I withdraw only 128 bits instead of 160 (I don't want
to use MD5)?
Hi.
Unless there is an algorithm that require K to be of this size, fail to
see
why you need the key to be expanded into N extra bits?
Think of it like this:
A 32 bit key, say 0x11223344 expanded into 0x1122334455667788, (still)
only
require 2^32 encryptions + expansions = hardly an increase in security.
(OTOH: If you needed a keystream, then i'd understand.)
Regards,
Glenn
--
From: "Jeff Moser" [EMAIL PROTECTED]
Subject: Re: Question about RSA excryption...
Date: Tue, 20 Feb 2001 14:45:20 -0500
"Taylor Francis" [EMAIL PROTECTED] wrote in
Cryptography-Digest Digest #725
Cryptography-Digest Digest #725, Volume #13 Tue, 20 Feb 01 20:13:00 EST
Contents:
Re: Is there an algorithm to sequentially enumerate all transcendental numbers?
("Doom the Mostly Harmless")
Re: Is there an algorithm to sequentially enumerate all transcendental numbers?
(Paul Rubin)
Re: Rnadom Numbers ("Joseph Ashwood")
Re: Big Numbers in C/C++ ("Joseph Ashwood")
Re: Super strong crypto ("Joseph Ashwood")
Re: A seriously different cipher concept (long) ("Paul Pires")
Re: New unbreakable code from Rabin? (Kenneth Almquist)
Re: 448 bits Hash algorithm ("Joseph Ashwood")
Re: New unbreakable code from Rabin? (John Savard)
Re: Random number encryption (John Savard)
Re: Is there an algorithm to sequentially enumerate all transcendental (Robert
Glass)
Re: New unbreakable code from Rabin? (Charles Blair)
Re: New unbreakable code from Rabin? (mike vernal)
Re: New unbreakable code from Rabin? (Sundial Services)
From: "Doom the Mostly Harmless" [EMAIL PROTECTED]
Crossposted-To: sci.math
Subject: Re: Is there an algorithm to sequentially enumerate all transcendental
numbers?
Date: Tue, 20 Feb 2001 22:22:37 GMT
"Dik T. Winter" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
In article 8Oek6.8603$[EMAIL PROTECTED] "Doom the
Mostly Harmless" [EMAIL PROTECTED] writes:
It is impossible to create an ordinal set of trancendental numbers
because
between any two given, there is an infinite number.
I do not know what you mean by "ordinal set". But when you mean
"enumeration"
you are correct, but for the wrong reason. For instance, the rational
numbers
I apologize if I was unclear. I'm someone who is good at math, not a
mathematician, so it's entirely likely I got it wrong.
I was trying to answer what I thought the originator of this discussion
meant, rather than what he actually asked. What I was attempting to say is
that there's no way to say "this is the first, and this is the second, etc."
in numerical order. I suppose that if you were to pick one method for
generating them and a fixed starting point, you could come up with a
consistent ordering based on that, but that didn't seem to be what he was
asking for.
I admit, a bit of this discussion has sailed over my head, but I suspect
that it has for the originator, as well. If it's not, I apologize for
slighting him. :-)
Anyway, I was simply trying to be clear, rather than rigorous.
--
To air is human
--Doom.
--
From: Paul Rubin [EMAIL PROTECTED]
Crossposted-To: sci.math
Subject: Re: Is there an algorithm to sequentially enumerate all transcendental
numbers?
Date: 20 Feb 2001 14:26:59 -0800
Doug Kuhlman [EMAIL PROTECTED] writes:
Are there any non-diagonalization proofs?
Yes. At the very least, you can prove it with a power set argument
(prove no set can have the same cardinality as its power set ...)
That is a diagonalization proof ;-)
--
From: "Joseph Ashwood" [EMAIL PROTECTED]
Subject: Re: Rnadom Numbers
Date: Wed, 14 Feb 2001 11:51:11 -0800
"Douglas A. Gwyn" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
Mok-Kong Shen wrote:
and that black box does not have other entropy input,
A "black box" practically by definition has some entropy
associated with it
I suppose you could make an argument for that stand on the basis of unknown
design. I would personally count that as a one time addition of entropy, so
if you use the box once and only once you get the full amount of added
entropy, but in general you only get 1/(number of times it's been used
entropy) added from it, so at infinite (where most computer science
discussions take place), there is no entropy added by the device. So in
reality there is some addition of entropy, but I feel it can and should be
ignored.
Joe
--
From: "Joseph Ashwood" [EMAIL PROTECTED]
Subject: Re: Big Numbers in C/C++
Date: Wed, 14 Feb 2001 12:03:13 -0800
"Edward Rustin" [EMAIL PROTECTED] wrote in message Does anyone know
where I can find information about working with big (1024
bit+) numbers under C or C++?
openSSL has one, www.openssl.org
Joe
--
From: "Joseph Ashwood" [EMAIL PROTECTED]
Subject: Re: Super strong crypto
Date: Wed, 14 Feb 2001 12:39:16 -0800
I think I have insite into real security, of course everyone should know by
now that I am not averse to an extended conversation about it.
Actually I should rephrase that, I think I have an understanding of the
requirements to secure data as much as possible, that exceeds the general
statements made on this group (including those often made by myself).
The location of the lines, what qualifies, and naming conventions are
clearly open for debate. However for ideal security there are several
necessary devices that need to be
Cryptography-Digest Digest #726
Cryptography-Digest Digest #726, Volume #13 Wed, 21 Feb 01 00:13:01 EST
Contents:
question1,2,2a,3,4,5,5a,5b,5c,6 ("h4jiwk9j")
Re: New unbreakable code from Rabin? ([EMAIL PROTECTED])
SIX FIGURE SALARIES ("LeeJ")
Re: Indicative key generation, encryption/decryption time ("Joseph Ashwood")
Re: asking for stream cipher resource ("Joseph Ashwood")
Re: question1,2,2a,3,4,5,5a,5b,5c,6 (Paul Rubin)
Re: "RSA vs. One-time-pad" or "the perfect enryption" ("Joseph Ashwood")
Re: Super strong crypto (David Wagner)
Re: Super strong crypto (David Wagner)
Re: [release] OutGuess 0.2 - steganographic tool (Niels Provos)
Re: New unbreakable code from Rabin? ("Malcolm Herring")
Re: New unbreakable code from Rabin? ([EMAIL PROTECTED])
Re: Super strong crypto (Paul Rubin)
From: "h4jiwk9j" [EMAIL PROTECTED]
Subject: question1,2,2a,3,4,5,5a,5b,5c,6
Date: Tue, 20 Feb 2001 21:09:54 -0500
I am fairly new to cryptography, though with a good math background, and
have several questions:
(thank you in advance for your time)
my goal: learn as much as I can in order to, eventually, write decent
cryptographic algorithms or at least be able to thoroughly understand them.
1.Do you have to be a good cryptanalyst before you can call yourself a good
cryptographer?
2.Do you learn by practicing with breaking codes? Can you break codes
"theoretically"?
2a.Where can you find material to work on? (if you need to do so, but I
strongly believe you do)
3.What classic textbooks are a good source of practice problems?
4.If you really want to crack difficult chipers mustn't you possess
excellent programming tools/skills?
5.My user name is the encryption of my dog's name. Isn't this a rather
stupid problem? Anyway, does it make sense to ask you what my dog's name is?
Will your answer tell me if you are a good cryptanalyst (I'm sure you'll say
"no"!)? DO you need to know the algorithm that I used to encrypt it?
6. Am I the only one that doesn't particularly love "applied cryptography,
2nd ed."?
Thank you for your advice and for telling me how to put my hands in to all
this.
Kwd (this is my name encrypted with the same algorithm)
--
From: [EMAIL PROTECTED]
Subject: Re: New unbreakable code from Rabin?
Date: 20 Feb 2001 18:25:06 -0800
Haven't seen any detailed information, but a paper by Christian Cachin
and Ueli Maurer from Crypto 97 seems to have a similar result:
Unconditional Security Against Memory-Bounded Adversaries
Abstract
We propose a private-key cryptosystem and a protocol for key agreement by
public discussion that are unconditionally secure based on the sole
assumption that an adversary's memory capacity is limited, while no
assumption about his computing power is made. The scenario assumes that a
random bit string of length slightly larger than the adversary's memory
capacity can be received by all parties. The random bit string can for
instance be broadcast by a satellite or over an optical network, or
exchanged over an insecure channel between the communicating parties. The
proposed schemes require very high bandwidth but can nevertheless be
practical.
Here we have the same two elements: provable security and an assumption
of an adversary with limited memory.
The Caichin/Maurer paper presents a potential realization which is on
the verge of being practical. Assume the existence of a 16 Gbit/s
satellite channel that is used for one day, making a total of 1.5 E15
bits. Assuming that the adversary can store no more than 100 Tbytes,
8.8 E14 bits, this will exceed his memory.
The parties share an initial secret key of 102 bits. They use this to
randomly select a shared hash function that will serve as an index
into data stream, and they sample about 1.7 E9 bits (200 MBytes).
However, with these parameters the adversary potentially has
information about some of these bits, so the parties go through a
privacy amplification phase (essentially they hash their shared bits).
The authors show that they can extract 6 MB of virtually secret
information. The adversary knows not more than 1E-20 bits with
probability about 1E-4. The 6 MB of data can be used directly as a
one time pad, for example.
Perhaps the Rabin result improves on these figures, or uses a
different security model. It is curious that it is getting so much
attention when previous results are known for what seems to be a
similar problem. Perhaps the newspaper story misrepresents the novel
aspect of the results.
Alpha
--
From: "LeeJ" [EMAIL PROTECTED]
Subject: SIX FIGURE SALARIES
Date: Tue, 20 Feb 2001 21:42:26 -0500
Do you need extra cash?
Work at home 10-15 hours a week around your schedule. No up-front money
required. Earn $500-
$1,000 part-time or $2,000-$6,000 full time. Full online training is
provided! All you need is a
computer with Internet and email access
