Cryptography-Digest Digest #720
Cryptography-Digest Digest #720, Volume #13 Tue, 20 Feb 01 08:13:01 EST Contents: Re: FAQ ("John A. Malley") New unbreakable code from Rabin? (Roger Schlafly) Re: New unbreakable code from Rabin? ("Douglas A. Gwyn") Re: Super strong crypto (wtshaw) Re: My encryption system. (Paul Crowley) Re: Given any arbitrary numbers a and b.Can I ALWAYS find a (Jan Kristian Haugland) Re: Euler's totient function and factoring (Stefan Katzenbeisser) Re: New unbreakable code from Rabin? (Mok-Kong Shen) Re: Super strong crypto (Mok-Kong Shen) Re: New unbreakable code from Rabin? (Hard) Re: The Kingdom of God ("Jashter") Re: Is there an algorithm to sequentially enumerate all transcendental numbers? ("Henrick Hellström") Re: Ciphile Software: Why .EXE files so large (Anthony Stephen Szopa) Re: OverWrite freeware completely removes unwanted files from hard drive (Anthony Stephen Szopa) Re: Is there an algorithm to sequentially enumerate all transcendental numbers? Re: New unbreakable code from Rabin? (John Savard) Re: New unbreakable code from Rabin? (John Savard) Re: What's a KLB-7? (John Savard) Re: Given any arbitrary numbers a and b. Can I ALWAYS find a transcendental number between a and b? (John Savard) From: "John A. Malley" [EMAIL PROTECTED] Subject: Re: FAQ Date: Mon, 19 Feb 2001 21:22:40 -0800 kwd_kwp0ee9j9 wrote: where can I find this newsgroup FAQ? Posted here every 28 days or so, and there's a copy at http://www.landfield.com/faqs/cryptography-faq/ Hope this helps, John A. Malley [EMAIL PROTECTED] -- From: Roger Schlafly [EMAIL PROTECTED] Subject: New unbreakable code from Rabin? Date: Mon, 19 Feb 2001 21:45:09 -0800 From the NY Times: In essence, the researcher, Dr. Michael Rabin and his Ph.D. student Yan Zong Bing, have discovered a way to make a code based on a key that vanishes even as it is used. While they are not the first to have thought of such an idea, Dr. Rabin says that never before has anyone been able to make it both workable and to prove mathematically that the code cannot be broken. "This is the first provably unbreakable code that is really efficient," Dr. Rabin said. "We have proved that the adversary is helpless." http://www.nytimes.com/2001/02/20/science/20CODE.html?pagewanted=all (free reg reqd) -- From: "Douglas A. Gwyn" [EMAIL PROTECTED] Subject: Re: New unbreakable code from Rabin? Date: Tue, 20 Feb 2001 06:07:29 GMT Roger Schlafly wrote: From the NY Times: Thanks for the pointer. Upon closer examination, this is a method that I have seen before, perhaps in this newsgroup -- basically, establish a publicly visible stream of random bits, and the communicating parties select a running sample from the bit stream pool according to some agreed-upon rule, and use that as an XOR stream one-time key. The idea is apparently that since the enemy cannot store all the "infinite" bit pool, he cannot keep up with the communicants, since he doesn't know in advance of analysis which of the pool bits need to be recorded. -- From: [EMAIL PROTECTED] (wtshaw) Subject: Re: Super strong crypto Date: Mon, 19 Feb 2001 23:53:58 -0600 In article [EMAIL PROTECTED], Bryan Olson [EMAIL PROTECTED] wrote: Actually, the straw-man system loops out. Sending a new key encrypted under the old key does not move away from the unicity distance, so the system has to send another immediately, then another, then another I suppose some systems would actually loop out, but this is no excuse for systems that loop as a norm. Is "natural lifetime" some property of a key? So given systems for which computational security cannot be determined, you can produce systems with the same property. One aspect of strength is surely having the rough equivalent of a long unicity distance, but that concept may be fading. Nevertheless, being able to use a key for a longer time because it can resist analysis oflanger passages seems important. -- Better to pardon hundreds of guilty people than execute one that is innocent. -- Subject: Re: My encryption system. From: Paul Crowley [EMAIL PROTECTED] Date: Tue, 20 Feb 2001 06:32:52 GMT Boris Kazak [EMAIL PROTECTED] writes: (P.S. If no-one else has what I have, does that make me King Cryppie???). Time to set an appointment with a psychiatrist... In this country, we don't take our kids to the shrink for being adolescent... ("All I wanted was a Pepsi! But she wouldn't give it to me!") -- __ \/ o\ [EMAIL PROTECTED] /\__/ http://www.cluefactory.org.uk/paul/ -- From: Jan Kristian Haugland [EMAIL PROTECTED] Crossposted-To: sci.math Subject: Re: Given any arbitrary numbers a and b.Can I ALWAYS find a Date: Tue, 20 Feb 2001 07:41:09 +0100 John Savard wrote: On Mon, 19 Feb
Cryptography-Digest Digest #721
Cryptography-Digest Digest #721, Volume #13 Tue, 20 Feb 01 11:13:00 EST Contents: Reverse encoding question^2 (Paul Starzetz) Re: MQV implementation ("Alexander Schmitt") Re: Is there an algorithm to sequentially enumerate all transcendental numbers? (David C. Ullrich) Re: Given any arbitrary numbers a and b. Can I ALWAYS find a transcendental number between a and b? (David C. Ullrich) Re: The Kingdom of God (Alun Jones) Re: The Kingdom of God (William Hugh Murray) Re: Given any arbitrary numbers a and b. Can I ALWAYS find a transcendental number between a and b? (Dave Seaman) Re: CipherText patent still pending (John Myre) From: Paul Starzetz [EMAIL PROTECTED] Subject: Reverse encoding question^2 Date: Tue, 20 Feb 2001 14:15:46 +0100 Hi ppl, thanks for the answer to my previous posting, I didn't realize that my problem is really simple :-) Here comes a real one: given a cipher C (working on 8 byte long blocks) and encrypted text X, what plaintext shall I use to obtain X, _if_ the encryption key of the cipher C is known AND we need to change the last plain text block to contain some function F of the preceeding plain text blocks and one free 32 bit value. I have to solve this problem for either blowfish or 3des and the function F to be the well known (I think) crc32 code. Small example: I have to produce 3des-cbc encrypted data having full controll over the used encryption key and the one 32bit free value, but after encryption the output has to be e.g.: 0xabdc0001 whatever 0xabdc0001 whatever ... 0xabdc0001 whatever [DEFINED VALUE] [NOT IMPORTANT] -- CBC block 0 -- -- CBC block 1 -- ... -- CBC block N-1 -- --- CBC block N -- 8 bytes 8 bytes8 bytes 8 bytes where whatever doesn't matter (I can set it to be whatever I want), 0xabdc0001 is the value I want to be the first 32 bits of every 8 byte block (I must be able to deal with any integer here) and DEFINED VALUE is what I want to be in the last encrypted data block. NOT IMPORTANT stands for the resulting encrypted data after we stored the crc32 in the plain text but the value doesn't matter (it only needs to be decryptable again and result in valid crc32 value at this position after decryption of the whole packet) before encryption we would have the following data: [plain block 0] [plain block 1] ... [plain block N-1] [FREE VALUE CRC32] where plain blocks results from decrypting cipher blocks 0...N-1 (with the 0xabdc0001's), crc32 is the crc32 checksum taken over the plain text blocks 0...N-1 AND the FREE VALUE (8*N+4 bytes). FREE VALUE is the 32 bit value we can vary. We can change the FREE VALUE before crc32 is calculated but after encryption of the last (Nth) block I want to obtain DEFINED VALUE in the place of FREE VALUE. DEFINED VALUE is some integer, if it would simplify this problem, it can be assumed to be 0x. So the problem I have is that the CBC des (or another cipher) code would encrypt the whole 8 byte block mixing the value of CRC32 with free value. I wonder if there exists a solution to this. I attach the crc32 code, if it isn't so common... Paul. /* = */ /* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or */ /* code or tables extracted from it, as desired without restriction. */ /**/ /* First, the polynomial itself and its table of feedback terms. The*/ /* polynomial is */ /* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 */ /**/ /* Note that we take it "backwards" and put the highest-order term in*/ /* the lowest-order bit. The X^32 term is "implied"; the LSB is the */ /* X^31 term, etc. The X^0 term (usually shown as "+1") results in */ /* the MSB being 1. */ /**/ /* Note that the usual hardware shift register implementation, which */ /* is what we're using (we're merely optimizing it by doing eight-bit*/ /* chunks at a time) shifts bits into the lowest-order term. In our */ /* implementation, that means shifting towards the right. Why do we */ /* do it this way? Because the calculated CRC must be transmitted in*/ /* order from highest-order term to lowest-order term. UARTs transmit */ /* characters in order from LSB to MSB. By storing the CRC this way,*/ /* we hand it to the UART in the order low-byte to high-byte; the UART */ /* sends each low-bit to hight-bit; and the result is
Cryptography-Digest Digest #722
Cryptography-Digest Digest #722, Volume #13 Tue, 20 Feb 01 11:13:00 EST Contents: [SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 (Shannon Appel) From: Shannon Appel [EMAIL PROTECTED] Subject: [SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 Crossposted-To: alt.security,comp.security.misc,comp.protocols,comp.infosystems.www.misc,alt.answers,comp.answers,news.answers,sci.answers Date: 20 Feb 2001 15:47:43 GMT Content-type: text/x-usenet-FAQ; version=1.1; title="[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1" Archive-name: computer-security/ssl-talk-faq Posting-Frequency: monthly Last-modified: Nov 16 12:00:00 PST 1998 Version: 1.1.1 (text) Mon Nov 16 12:00:00 PST 1998 URL: http://www.consensus.com/security/ssl-talk-faq.html Copyright-Notice: (c) Copyright 1996-1998 by Consensus Development Corporation -- All Rights Reserved SSL-Talk FAQ Secure Sockets Layer Discussion List FAQ v1.1.1 Mon Nov 16 12:00:00 PST 1998 FAQ Maintained by: Shannon Appel [EMAIL PROTECTED] Consensus Development Corporation http://www.consensus.com/ The latest edition of this FAQ can always be found at: http://www.consensus.com/security/ssl-talk-faq.html http://www.consensus.com/security/ssl-talk-faq.txt Copyright (c) 1996-1998 Consensus Development Corporation - All Rights Reserved * Due to the November 15, 1998 dissolution of the SSL-Talk mailing list, this will be the last version of this FAQ in its current form. It will be replaced by a more general TLS SSL FAQ in the near future that is not tied to any mailing list or newsgroup. * All information contained in this work is provided "as is." All warranties, expressed, implied or statutory, concerning the accuracy of the information of the suitability for any particular use are hereby specifically disclaimed. While every effort has been taken to ensure the accuracy of the information contained in this work, the authors assume(s) no responsibility for errors or omissions or for damages resulting from the use of the information contained herein. This work may be copied in any printed or electronic form for non-commercial, personal, or educational purposes if the work is not modified in any way, provided that the copyright notice, the notices of any other author included in this work, and this copyright agreement appear on all copies. Consensus Development Corporation also grants permission to distribute this work in electronic form over computer networks for other purposes, provided that, in addition to the terms and restrictions set forth above, Consensus Development Corporation and/or other cited authors are notified and that no fees are charged for access to the information in excess of normal online charges that are required for such distribution. This work may also be mentioned, cited, referred to or described (but not copied or distributed, except as authorized above) in printed publications, on-line services, other electronic communications media, and otherwise, provided that Consensus Development Corporation and any other cited author receives appropriate attribution. Comments about, suggestions about, or corrections to this document are welcomed. If you would like to ask us to change this document in some way, the method we appreciate most is for you to actually make the desired modifications to a copy of the posting, and then to send us the modified document, or a context diff between the posted version and your modified version (if you do the latter, make sure to include in your mail the "Version:" line from the posted version). Submitting changes in this way makes dealing with them easier for us and helps to avoid misunderstandings about what you are suggesting. Many people have in the past provided feedback and corrections; we thank them for their input. In particular, many thanks to: Christopher Allen [EMAIL PROTECTED] Shannon Appel [EMAIL PROTECTED] Nelson Bolyard [EMAIL PROTECTED] Tim Dierks [EMAIL PROTECTED] Eric Greenberg [EMAIL PROTECTED] Charles Neerdaels [EMAIL PROTECTED] Bruce Schneier [EMAIL PROTECTED] Tom Weinstein [EMAIL PROTECTED] Jonathan Zamick [EMAIL PROTECTED] Remaining ambiguities, errors, and difficult-to-read passages are not their fault. :) == CONTENTS 1) THE
Cryptography-Digest Digest #723
Cryptography-Digest Digest #723, Volume #13 Tue, 20 Feb 01 14:13:01 EST Contents: Re: New unbreakable code from Rabin? (Erwin Bolwidt) Question about RSA excryption... (Taylor Francis) Re: Question about RSA excryption... ("Jeff Moser") Re: New unbreakable code from Rabin? (Steve Portly) Re: A different concept for email encryption ?? (Paul Crowley) Re: Password authentication with symmetric key exchange (Paul Crowley) Re: Is there an algorithm to sequentially enumerate all transcendental numbers? (Paul Crowley) Re: CipherText patent still pending (Benjamin Goldberg) Re: Super strong crypto (Benjamin Goldberg) Re: Question about RSA excryption... (Benjamin Goldberg) Re: Key expansion. ("Cristiano") Re: MQV implementation (Mike Rosing) Re: Question about RSA excryption... ([EMAIL PROTECTED]) Re: New unbreakable code from Rabin? (Mok-Kong Shen) Anonymous web surfing? (Mok-Kong Shen) Re: Password authentication with symmetric key exchange ("Henrick Hellström") Re: Key expansion. ("Cristiano") Re: Fast DES-crypt question ("Didier F.") From: Erwin Bolwidt [EMAIL PROTECTED] Subject: Re: New unbreakable code from Rabin? Date: Tue, 20 Feb 2001 16:52:59 +0100 Hard wrote: [...] You can fit a stack of common DVD disks (4GB - very conservative) 18 of them to an inch in the space a human man would stand (six stacks at 72 inches each) and have eight hours worth of this stream. Now it is true that most individuals or groups of individuals could not keep up with this, but I'm *sure* the NSA could if it would mean being able to chew through a significant portion of encrypted traffic. The adversary does not appear to be helpless. But again, one of you is probably going to clue me in as to why Dr. Rabin's scheme is provably impossible to crack. BTW, thanks for the post, Mr. Schlafly. I wonder why this method should be considered 'practical'. The NY Times article talks about some source of the random data, like a satelite broadcasting a random data stream at an extremely fast rate. I don't really see how launching a satelite for your private communications is more practical than sending a One-Time Pad on a set of DVD's to another party. Well-funded terrorist groups, drug traffickers, military organizations and other well-funded people could probably do both with a reasonable guarantee of success. A One-Time Pad could have been intercepted or copied while it was being sent to the receiver, and a satelite can also be tampered with before launch or perhaps even after launch if the adversary has enough technology. Using a 'random data source' that you don't control is even worse, since you have no guarantee at all then that it is really random. The easiest way to crack this scheme seems to me to make sure that the random data source (like the satelite) is instead a good PRNG that can be repeated by an attacker that knows the seed of the generator. But that's just what I think after reading the NY Times article, I'd hope that Rabin has something better. Erwin -- From: Taylor Francis [EMAIL PROTECTED] Subject: Question about RSA excryption... Date: Tue, 20 Feb 2001 10:53:14 -0600 Admittedly, I'm a beginner, but the RSA method, seems to produce the same ciphertext for the same plaintext. Despite the prime numbers and difficultites of factoring, doesn't this just produce a simple substitution cipher? How is this difficulty overcome? -- From: "Jeff Moser" [EMAIL PROTECTED] Subject: Re: Question about RSA excryption... Date: Tue, 20 Feb 2001 12:06:57 -0500 same ciphertext for the same plaintext. Despite the prime numbers and difficultites of factoring, doesn't this just produce a simple substitution cipher? No, p = 1234567891 q = 9876543211 N = pq = 12193263122374638001 e = 65537 d = 12191402595354763373 Encrypting the message "111222" yields: 4883125278959820367 Encrypting the message "222111" yields: 9586466168913275336 As you can see, the encrypted values are quite different. If you send the same message over and over.. consider adding "salt" of random bits to the front of a message. Jeff -- From: Steve Portly [EMAIL PROTECTED] Subject: Re: New unbreakable code from Rabin? Date: Tue, 20 Feb 2001 12:20:27 -0500 Erwin Bolwidt wrote: [...] Using a 'random data source' that you don't control is even worse, since you have no guarantee at all then that it is really random. The easiest way to crack this scheme seems to me to make sure that the random data source (like the satelite) is instead a good PRNG that can be repeated by an attacker that knows the seed of the generator. But that's just what I think after reading the NY Times article, I'd hope that Rabin has something better. It sounds as though you believe that the output of a good algorithmic PRNG is less likely to
Cryptography-Digest Digest #724
Cryptography-Digest Digest #724, Volume #13 Tue, 20 Feb 01 17:13:01 EST Contents: Re: Question about RSA excryption... (Taylor Francis) Re: Key expansion. ("Cristiano") Re: A different concept for email encryption ?? (Paul Rubin) Re: Anonymous web surfing? (Paul Rubin) Re: Key expansion. (Ichinin) Re: Question about RSA excryption... ("Jeff Moser") Re: New unbreakable code from Rabin? (Ichinin) Re: Question about RSA excryption... (Jerry Coffin) Re: Given any arbitrary numbers a and b. Can I ALWAYS find a (Richard Heathfield) Random number encryption (Taylor Francis) Re: Key expansion. ("Cristiano") Shall you reach to Heaven to help the work of Angels to help those who want to reach Heaven ... tell me the truth and I shall reach Heaven ... ([EMAIL PROTECTED]) Re: Is there an algorithm to sequentially enumerate all transcendental ("Trevor L. Jackson, III") Re: New unbreakable code from Rabin? ("Trevor L. Jackson, III") Re: New unbreakable code from Rabin? ("Trevor L. Jackson, III") Re: New unbreakable code from Rabin? ("Trevor L. Jackson, III") Re: The Kingdom of God ("Trevor L. Jackson, III") Re: Is there an algorithm to sequentially enumerate all transcendental (Doug Kuhlman) From: Taylor Francis [EMAIL PROTECTED] Subject: Re: Question about RSA excryption... Date: Tue, 20 Feb 2001 13:13:21 -0600 Jeff Moser wrote: p = 1234567891 q = 9876543211 N = pq = 12193263122374638001 e = 65537 d = 12191402595354763373 Encrypting the message "111222" yields: 4883125278959820367 Encrypting the message "222111" yields: 9586466168913275336 how did you do that? byte by byte or digit by digit or pair by pair, how? and how did the ciphertexts turn out different? -- From: "Cristiano" [EMAIL PROTECTED] Subject: Re: Key expansion. Date: Tue, 20 Feb 2001 20:05:01 +0100 I don't think that Cristiano wanted to do anything more than encrypt messages securely (without having to keep a copy of the key bits). Yes, this is what I want to do. However, it interest me also the case in which I am the unique owner of the message. Cristiano -- From: Paul Rubin [EMAIL PROTECTED] Subject: Re: A different concept for email encryption ?? Date: 20 Feb 2001 11:21:48 -0800 Paul Crowley [EMAIL PROTECTED] writes: Under some circumstances PK-based identifiers make sense; see SPKI. If you need them to be shorter, hash them and truncate all but, say, the first 96 bits of the hash; you don't have to worry about birthday attacks against the hash function, only second preimage attacks, which are much more expensive. With MIME-style 8-into-6 encoding, 96 bits is 16 characters: [EMAIL PROTECTED] which I think is pretty practical. How do you use the hash as a public key? I missed something. -- From: Paul Rubin [EMAIL PROTECTED] Subject: Re: Anonymous web surfing? Date: 20 Feb 2001 11:24:25 -0800 Mok-Kong Shen [EMAIL PROTECTED] writes: The German news magazine Spiegel in its recent issue (19th Feb) reports that a software firm Safeweb sales a product named Triangle Boy that enables one to surf on the internet anonymously without leaving any traces. Does anyone have experience with that software or can tell the principles of its functioning? I can't yet imagine that surfing from a fixed location couldn't be recorded and analysed for finding out which sites (at least some of them) one has visited. Thanks. Triangle Boy is either still unreleased or was just released, so nobody in the general public has experience with it yet. Basically it's just an http proxy that you can run on your own computer, that rewrites url's in html that it passes through, so A can surf B's website through yours: Ayour computerB and B sees web hits coming from your computer rather than A's. Safeweb's proxy is similar to Anonymizer.com but they did a really nice job. Give it a try: www.safeweb.com. -- From: Ichinin [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: Key expansion. Date: Sat, 17 Feb 2001 19:16:49 +0100 Cristiano wrote: If I want to use 192 or 256 bits how would I do? There are problems if I withdraw only 128 bits instead of 160 (I don't want to use MD5)? Hi. Unless there is an algorithm that require K to be of this size, fail to see why you need the key to be expanded into N extra bits? Think of it like this: A 32 bit key, say 0x11223344 expanded into 0x1122334455667788, (still) only require 2^32 encryptions + expansions = hardly an increase in security. (OTOH: If you needed a keystream, then i'd understand.) Regards, Glenn -- From: "Jeff Moser" [EMAIL PROTECTED] Subject: Re: Question about RSA excryption... Date: Tue, 20 Feb 2001 14:45:20 -0500 "Taylor Francis" [EMAIL PROTECTED] wrote in
Cryptography-Digest Digest #725
Cryptography-Digest Digest #725, Volume #13 Tue, 20 Feb 01 20:13:00 EST Contents: Re: Is there an algorithm to sequentially enumerate all transcendental numbers? ("Doom the Mostly Harmless") Re: Is there an algorithm to sequentially enumerate all transcendental numbers? (Paul Rubin) Re: Rnadom Numbers ("Joseph Ashwood") Re: Big Numbers in C/C++ ("Joseph Ashwood") Re: Super strong crypto ("Joseph Ashwood") Re: A seriously different cipher concept (long) ("Paul Pires") Re: New unbreakable code from Rabin? (Kenneth Almquist) Re: 448 bits Hash algorithm ("Joseph Ashwood") Re: New unbreakable code from Rabin? (John Savard) Re: Random number encryption (John Savard) Re: Is there an algorithm to sequentially enumerate all transcendental (Robert Glass) Re: New unbreakable code from Rabin? (Charles Blair) Re: New unbreakable code from Rabin? (mike vernal) Re: New unbreakable code from Rabin? (Sundial Services) From: "Doom the Mostly Harmless" [EMAIL PROTECTED] Crossposted-To: sci.math Subject: Re: Is there an algorithm to sequentially enumerate all transcendental numbers? Date: Tue, 20 Feb 2001 22:22:37 GMT "Dik T. Winter" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... In article 8Oek6.8603$[EMAIL PROTECTED] "Doom the Mostly Harmless" [EMAIL PROTECTED] writes: It is impossible to create an ordinal set of trancendental numbers because between any two given, there is an infinite number. I do not know what you mean by "ordinal set". But when you mean "enumeration" you are correct, but for the wrong reason. For instance, the rational numbers I apologize if I was unclear. I'm someone who is good at math, not a mathematician, so it's entirely likely I got it wrong. I was trying to answer what I thought the originator of this discussion meant, rather than what he actually asked. What I was attempting to say is that there's no way to say "this is the first, and this is the second, etc." in numerical order. I suppose that if you were to pick one method for generating them and a fixed starting point, you could come up with a consistent ordering based on that, but that didn't seem to be what he was asking for. I admit, a bit of this discussion has sailed over my head, but I suspect that it has for the originator, as well. If it's not, I apologize for slighting him. :-) Anyway, I was simply trying to be clear, rather than rigorous. -- To air is human --Doom. -- From: Paul Rubin [EMAIL PROTECTED] Crossposted-To: sci.math Subject: Re: Is there an algorithm to sequentially enumerate all transcendental numbers? Date: 20 Feb 2001 14:26:59 -0800 Doug Kuhlman [EMAIL PROTECTED] writes: Are there any non-diagonalization proofs? Yes. At the very least, you can prove it with a power set argument (prove no set can have the same cardinality as its power set ...) That is a diagonalization proof ;-) -- From: "Joseph Ashwood" [EMAIL PROTECTED] Subject: Re: Rnadom Numbers Date: Wed, 14 Feb 2001 11:51:11 -0800 "Douglas A. Gwyn" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Mok-Kong Shen wrote: and that black box does not have other entropy input, A "black box" practically by definition has some entropy associated with it I suppose you could make an argument for that stand on the basis of unknown design. I would personally count that as a one time addition of entropy, so if you use the box once and only once you get the full amount of added entropy, but in general you only get 1/(number of times it's been used entropy) added from it, so at infinite (where most computer science discussions take place), there is no entropy added by the device. So in reality there is some addition of entropy, but I feel it can and should be ignored. Joe -- From: "Joseph Ashwood" [EMAIL PROTECTED] Subject: Re: Big Numbers in C/C++ Date: Wed, 14 Feb 2001 12:03:13 -0800 "Edward Rustin" [EMAIL PROTECTED] wrote in message Does anyone know where I can find information about working with big (1024 bit+) numbers under C or C++? openSSL has one, www.openssl.org Joe -- From: "Joseph Ashwood" [EMAIL PROTECTED] Subject: Re: Super strong crypto Date: Wed, 14 Feb 2001 12:39:16 -0800 I think I have insite into real security, of course everyone should know by now that I am not averse to an extended conversation about it. Actually I should rephrase that, I think I have an understanding of the requirements to secure data as much as possible, that exceeds the general statements made on this group (including those often made by myself). The location of the lines, what qualifies, and naming conventions are clearly open for debate. However for ideal security there are several necessary devices that need to be
Cryptography-Digest Digest #726
Cryptography-Digest Digest #726, Volume #13 Wed, 21 Feb 01 00:13:01 EST Contents: question1,2,2a,3,4,5,5a,5b,5c,6 ("h4jiwk9j") Re: New unbreakable code from Rabin? ([EMAIL PROTECTED]) SIX FIGURE SALARIES ("LeeJ") Re: Indicative key generation, encryption/decryption time ("Joseph Ashwood") Re: asking for stream cipher resource ("Joseph Ashwood") Re: question1,2,2a,3,4,5,5a,5b,5c,6 (Paul Rubin) Re: "RSA vs. One-time-pad" or "the perfect enryption" ("Joseph Ashwood") Re: Super strong crypto (David Wagner) Re: Super strong crypto (David Wagner) Re: [release] OutGuess 0.2 - steganographic tool (Niels Provos) Re: New unbreakable code from Rabin? ("Malcolm Herring") Re: New unbreakable code from Rabin? ([EMAIL PROTECTED]) Re: Super strong crypto (Paul Rubin) From: "h4jiwk9j" [EMAIL PROTECTED] Subject: question1,2,2a,3,4,5,5a,5b,5c,6 Date: Tue, 20 Feb 2001 21:09:54 -0500 I am fairly new to cryptography, though with a good math background, and have several questions: (thank you in advance for your time) my goal: learn as much as I can in order to, eventually, write decent cryptographic algorithms or at least be able to thoroughly understand them. 1.Do you have to be a good cryptanalyst before you can call yourself a good cryptographer? 2.Do you learn by practicing with breaking codes? Can you break codes "theoretically"? 2a.Where can you find material to work on? (if you need to do so, but I strongly believe you do) 3.What classic textbooks are a good source of practice problems? 4.If you really want to crack difficult chipers mustn't you possess excellent programming tools/skills? 5.My user name is the encryption of my dog's name. Isn't this a rather stupid problem? Anyway, does it make sense to ask you what my dog's name is? Will your answer tell me if you are a good cryptanalyst (I'm sure you'll say "no"!)? DO you need to know the algorithm that I used to encrypt it? 6. Am I the only one that doesn't particularly love "applied cryptography, 2nd ed."? Thank you for your advice and for telling me how to put my hands in to all this. Kwd (this is my name encrypted with the same algorithm) -- From: [EMAIL PROTECTED] Subject: Re: New unbreakable code from Rabin? Date: 20 Feb 2001 18:25:06 -0800 Haven't seen any detailed information, but a paper by Christian Cachin and Ueli Maurer from Crypto 97 seems to have a similar result: Unconditional Security Against Memory-Bounded Adversaries Abstract We propose a private-key cryptosystem and a protocol for key agreement by public discussion that are unconditionally secure based on the sole assumption that an adversary's memory capacity is limited, while no assumption about his computing power is made. The scenario assumes that a random bit string of length slightly larger than the adversary's memory capacity can be received by all parties. The random bit string can for instance be broadcast by a satellite or over an optical network, or exchanged over an insecure channel between the communicating parties. The proposed schemes require very high bandwidth but can nevertheless be practical. Here we have the same two elements: provable security and an assumption of an adversary with limited memory. The Caichin/Maurer paper presents a potential realization which is on the verge of being practical. Assume the existence of a 16 Gbit/s satellite channel that is used for one day, making a total of 1.5 E15 bits. Assuming that the adversary can store no more than 100 Tbytes, 8.8 E14 bits, this will exceed his memory. The parties share an initial secret key of 102 bits. They use this to randomly select a shared hash function that will serve as an index into data stream, and they sample about 1.7 E9 bits (200 MBytes). However, with these parameters the adversary potentially has information about some of these bits, so the parties go through a privacy amplification phase (essentially they hash their shared bits). The authors show that they can extract 6 MB of virtually secret information. The adversary knows not more than 1E-20 bits with probability about 1E-4. The 6 MB of data can be used directly as a one time pad, for example. Perhaps the Rabin result improves on these figures, or uses a different security model. It is curious that it is getting so much attention when previous results are known for what seems to be a similar problem. Perhaps the newspaper story misrepresents the novel aspect of the results. Alpha -- From: "LeeJ" [EMAIL PROTECTED] Subject: SIX FIGURE SALARIES Date: Tue, 20 Feb 2001 21:42:26 -0500 Do you need extra cash? Work at home 10-15 hours a week around your schedule. No up-front money required. Earn $500- $1,000 part-time or $2,000-$6,000 full time. Full online training is provided! All you need is a computer with Internet and email access