Cryptography-Digest Digest #967
Cryptography-Digest Digest #967, Volume #13 Thu, 22 Mar 01 03:13:00 EST
Contents:
Re: Is Evidence Eliminator at all useful ?? (Eric Lee Green)
Re: Fill-in-the-blank codes (similar to Error-correcting codes) (Eric Jacobsen)
Re: What the Hell...Here's what my system can do at it's best... (Eric Lee Green)
Re: Strong Primes (Peter Engehausen)
Re: Fill-in-the-blank codes (similar to Error-correcting codes) ("Brian McKeever")
Re: What the Hell...Here's what my system can do at it's best... (SCOTT19U.ZIP_GUY)
Re: Advice on storing private keys (Paul Rubin)
Re: Fill-in-the-blank codes (similar to Error-correcting codes) (Jyrki Lahtonen)
Re: Fill-in-the-blank codes (similar to Error-correcting codes) (Roy Hulen Stogner)
Re: I was so so right about PGP ... so right when I started writing (Frank
Gerlach)
From: [EMAIL PROTECTED] (Eric Lee Green)
Subject: Re: Is Evidence Eliminator at all useful ??
Reply-To: [EMAIL PROTECTED]
Date: 22 Mar 2001 00:08:35 -0600
On Wed, 21 Mar 2001 01:50:35 -0800, David Schwartz <[EMAIL PROTECTED]>
wrote:
>Tom St Denis wrote:
>> > Send me $125 and I'll send you my detailed report on the strengths and
>> > weaknesses of Evidence Eliminator.
>> Now why would I do that? :-?
> When I said "you", I didn't mean you. I meant those naive new users you
>were talking about. As many of them as possible.
Heheh. And even if it did work, I make it a point not to deal with
people with such dubious business policies (see my .sig).
--
Eric Lee Green [EMAIL PROTECTED] http://www.badtux.org
AVOID EVIDENCE ELIMINATOR -- for details, see
http://badtux.org/eric/editorial/scumbags.html
== Posted via Newsfeeds.Com, Uncensored Usenet News ==
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
=== Over 80,000 Newsgroups = 16 Different Servers! ==
--
From: [EMAIL PROTECTED] (Eric Jacobsen)
Crossposted-To: sci.math,comp.dsp
Subject: Re: Fill-in-the-blank codes (similar to Error-correcting codes)
Date: Thu, 22 Mar 2001 06:22:22 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 21 Mar 2001 21:07:54 -0500, Bob Harris
<[EMAIL PROTECTED]> wrote:
>I'm looking for information on a topic similar to error-correcting codes,
>but I'm not sure if work has been done on this type of code, and if so, what
>it would be called in the literature.
>
>The idea is to have a code that includes two redundant bits, and be able to
>'correct' any two errors, with the additional knowledge of which two bits
>might be errant.
>
>For example, if I wanted to have a 7-bit code (2 of the bits are redundant),
>I might receive 0 0 x 0 x 1 0, where 'x' indicates missing bits. I need to
>be able to fill in the missing bits (which is why I called this 'fill in the
>blanks).
If the intent is to not even transmit (or store or convey, whatever)
the missing bits, then this is a "punctured code", where some of the
information has been intentionally deleted. If the idea is to always
transport all of the bits and be able to detect and correct errors,
then that is a slightly different situation.
It is indeed stretching things a bit to ask a system with only two
redundant bits to be able to detect and correct two errors. It is an
even bigger stretch to puncture two bits, add two bits of redundancy,
and expect *any* additional coverage in error detection or correction.
So, yes, you're asking a lot here.
Generally speaking, a block code like what you describe performs very
well if, with N redundancy bits added, it can detect and correct N/2
errored bits. This depends, of course, on the type of code, amount of
complexity you can tolerate, etc., but the point is that you are
having difficulty because you're asking a bit much.
>If only 1 bit can be missing then the problem is easy-- the single redundant
>bit is a parity bit (regardless of the number of message bits).
And a single parity bit only provides detection of single errors.
There is no correction capability, and if there are multiple errors
all bets are off.
> I've tried
>to solve the 2-bit problem, but have been unsuccessful.
I've always thought that one of the big problems with the world is
that there is entirely too much two-bit engineering being done
already.
> I can't even prove
>to myself whether it is possible or impossible. I understand the basics of
>algebraic codes, so I don't feel like I'm a total dimwit. On the other
>hadn, I feel like I oughta be able to crack this nut.
>
>Any help/pointers would be appreciated. I'm not looking for someone to
>solve the problem, just to point me in the right (or promising) direction.
This is a very difficult problem. You may want to look into such
topics as block codes (somebody mentioned Hamming codes, which is a
good start, and also look at things like BCH codes). If your intent
is to delete the bits in question, then compression algorithms are
relevant, and ther
Cryptography-Digest Digest #966
Cryptography-Digest Digest #966, Volume #13 Thu, 22 Mar 01 01:13:01 EST
Contents:
Re: A future supercomputer ("Douglas A. Gwyn")
Re: What happens when RSA keys don't use primes? ("Tom St Denis")
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) ("Tom St Denis")
Re: [OT] Java ("Douglas A. Gwyn")
Re: DEA standard S-tables beginner question. ("Douglas A. Gwyn")
Re: I was so so right about PGP ... so right when I started writing about PGP and
about one author so right . (Eric Lemar)
Re: redodancy ("Douglas A. Gwyn")
Re: One-time Pad really unbreakable? ("Douglas A. Gwyn")
Re: An extremely difficult (possibly original) cryptogram ("Douglas A. Gwyn")
Fill-in-the-blank codes (similar to Error-correcting codes) (Bob Harris)
Re: How to eliminate redondancy? (moving steadily towards being (Steve Portly)
Re: Fill-in-the-blank codes (similar to Error-correcting codes) (Randy Poe)
Re: unbreakable code ("Scott Fluhrer")
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) ("Tom St Denis")
Re: NSA in the news on CNN (JPeschel)
Re: can a remailer send a message to multiple people? (An Metet)
Re: RC4 test vectors after gigabyte output?. (Gregory G Rose)
Re: Attn: Chris Drake and Thomas Boschloo (Chris)
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: A future supercomputer
Date: Thu, 22 Mar 2001 01:10:36 GMT
JCA wrote:
> ... I don't think that throwing in more computational power helps
> all that much, and I therefore don't agree with you. That is,
> there are a number a fundamental issues that must be understood
> and sorted out first. Till then, this extra horsepower, in my view,
> albeit welcome, is not likely to cast much more new light, much
> less to provide a solid foundation to compete with humans.
Absolutely. In the early days of digital computers, they were
called "giant brains" etc., but their operation is quite unlike
that of real brains. To the extent that machine "intelligence"
has been attained at all, it has not been done in the same way
that humans go about thinking. Pouring cycles on the MI problem
makes even less sense than pouring money on social problems.
--
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: What happens when RSA keys don't use primes?
Date: Thu, 22 Mar 2001 01:26:14 GMT
"Mxsmanic" <[EMAIL PROTECTED]> wrote in message
news:bv7u6.25457$[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> news:3u6u6.98761$[EMAIL PROTECTED]...
>
> > No it means you should use a mathematically sound
> > probable prime generator such that the probability
> > of failure is astronomically small. (i.e Rabin-Miller)
>
> And if it fails, how will you know?
You just will... who cares if the probability of failure is 2^-107 will you
ever see a failure?
Tom
--
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: How to eliminate redondancy? (moving steadily towards being computer
science terminology)
Date: Thu, 22 Mar 2001 01:27:39 GMT
"Steve Portly" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tom St Denis wrote:
>
> > "SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > [EMAIL PROTECTED] (Tom St Denis) wrote in
> > > :
> > >
> > > >
> > > >"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> > > >news:[EMAIL PROTECTED]...
> > > >> [EMAIL PROTECTED] (Tom St Denis) wrote in
> > > >> :
> > > >>
> > > >> >
> > > >> >"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> > > >> >news:[EMAIL PROTECTED]...
> > > >> >>I think you know my anwser to that but to elighten others I
> > > >> >> will explain what a good sized key is. It is as large as
possilbe
> > > >> >> while getting the job done so as to not to cause the user to
much
> > > >> >> time waiting.
> > > >> >
> > > >> >There are other problems with using million byte keys.
> > > >> >1. Where to get that much good entropy?
> > > >>
> > > >> Godd question. The anwser is you most likely don't.
> > > >> But at least with my system you can use what you can get.
> > > >> And you can still use a passord of any size to use the
> > > >> key. Of cousre just like anything else best to use on
> > > >> computer you have full control of. And if your master
> > > >> password to short and some. One gets to test it they
> > > >> may find the password.
> > > >
> > > >Ahh... but would a million bad bits be better then 192 good bits (bad
=
> > > >nonrandom, good=random as can be)
> > > >
> > >
> > >If by bad you mean something like the total amount of entropy
> > > in the not so random million bits. Was less than the entropy
> > > in the more random 192 bits. Then I think even a kid like you
> > > knows the anwser. But using 200 bits where the first 192 bits
> > > are the
Cryptography-Digest Digest #965
Cryptography-Digest Digest #965, Volume #13 Wed, 21 Mar 01 20:13:01 EST
Contents:
Re: How to eliminate redondancy? (SCOTT19U.ZIP_GUY)
Re: SSL question (Anne & Lynn Wheeler)
Re: SSL question (those who know me have no need of my name)
Re: A future supercomputer (Mok-Kong Shen)
Re: A future supercomputer ("JCA")
Re: Most secure way to add passphrase verification to "CipherSaber" (Joe H. Acker)
Re: A future supercomputer (Anne & Lynn Wheeler)
Re: Applied Cryptography Source Disk ([EMAIL PROTECTED])
VB3 crypto (Ryan M.McConahy)
Re: RC4 test vectors after gigabyte output?. (Luis Yanes)
Re: Idea ("Joseph Ashwood")
Re: SSL question ("Joseph Ashwood")
Re: Algebraic 1024-bit block cipher ("Jimi Thompson")
Re: Security of Triple-DES ("Joseph Ashwood")
Re: Fast and Easy crypt send ("Joseph Ashwood")
Re: Strong Primes ("Joseph Ashwood")
Re: How to eliminate redondancy? (moving steadily towards being computer (Steve
Portly)
Re: RC4 test vectors after gigabyte output?. (Luis Yanes)
Re: NSA in the news on CNN ("Douglas A. Gwyn")
Re: Most secure way to add passphrase verification to "CipherSaber" (Paul Rubin)
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: How to eliminate redondancy?
Date: 21 Mar 2001 21:52:04 GMT
[EMAIL PROTECTED] (Benjamin Goldberg) wrote in
<[EMAIL PROTECTED]>:
>Given a general purpose (bijective, nonpermutative) compressor whose
>domain is the set of all files, but whose range is a proper subset of
>the set of all files, and... Given a general purpose (bijective,
>permutative) encipherer whose domain is the set of all files, and whose
>range is also the set of all files.
>
>We can create a system which compresses and the encrypts, and it will
>have the following properties:
>
>The domain of the system is the set of all files, and the range of the
>system is the set of encrypted versions of those files which the
>compressor outputs.
>
>Now that the domain and range of the combined compress + encrypt system
>are both defined, it is easy to see that it is a bijection. It is also
>easy to see that it is not a permutation, since the range of the system
>is a proper subset of the set of all files, and thus not equal to the
>domain.
Your the one who choose the word perutation. And yes it sounds
like your describing my idea of how compression with encryption should
be done.
For set set of real files ( maybe your proper subset if inifinte )
let X be a member of that set S1. let S2 be the set of all binary
8-bit byte files. let Y be a memmber of that set.
then if the compressor for any X has Uncompress( Compress( X )) = X
and for any file Y having Compress( Uncompress( Y )) = Y
and since your doing fully bijective encryption on S2 to S2 by the
encryption part.
The two in series make for a fully bijective compression encryption
scheme and that is what I am striving for. Bijective Compression that when
properly mated to a bijective encryption process if done correctly can
make this happen.
snip rest of dribble!!
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
--
Subject: Re: SSL question
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Wed, 21 Mar 2001 22:06:41 GMT
Paul Rubin <[EMAIL PROTECTED]> writes:
> Normally the definition of a client and a server is that the client
> initiates sessions. If you're saying you want a remote site to
> initiate a session on a user's PC, no problem. You install a server
> program on the user's PC and a client program on the remote site.
>
> If you're just trying to periodically update data in a browser, then
> the usual way is to use the html meta tag to refresh the data once
> a minute, or else do something similar with javascript. That's
> completely independent of SSL and can be done with or without SSL.
note however, most server software (i.e. software that accepts
connections from remote sources) are typically cleansed from personal
machines since they frequently are avenues for exploits ... and most
users aren't nominally sophisticated enuf to securely manage platforms
containing software that accepts connections from remote
clients. There is frequently also questions about client software that
initiates sessions from a user's machine without direct end-user
action.
--
Anne & Lynn Wheeler | [EMAIL PROTECTED] - http://www.garlic.com/~lynn/
-
Cryptography-Digest Digest #964
Cryptography-Digest Digest #964, Volume #13 Wed, 21 Mar 01 17:13:01 EST
Contents:
Re: A future supercomputer ("JCA")
Re: Idea ("Simon Johnson")
Re: Defining a cryptosystem as "broken" ("Joseph Ashwood")
Re: What happens when RSA keys don't use primes? ("Joseph Ashwood")
Re: What happens when RSA keys don't use primes? ("Joseph Ashwood")
Applied Cryptography Source Disk ("Stevan Gostojic")
Re: An extremely difficult (possibly original) cryptogram (daniel mcgrath)
Re: Most secure way to add passphrase verification to "CipherSaber" ("John L. Allen")
Re: Popular Mechanics article on NSA (John Savard)
Re: redodancy (John Savard)
Re: What happens when RSA keys don't use primes? (Doug Stell)
Re: A future supercomputer (Anne & Lynn Wheeler)
SSL question (Patrick Knight)
Re: I was so so right about PGP ... so right when I started writing (Frank Gerlach)
Re: NSA in the news on CNN (Doug Stell)
Security of Triple-DES ("Arne Baltin")
Re: SSL question (David Schwartz)
Re: SSL question (Paul Rubin)
Re: looking for "Crowds" ("thomas kuehne")
Re: RC4 test vectors after gigabyte output?. (Ian Goldberg)
Re: [OT] Java (Frank Gerlach)
Re: Advice on storing private keys (Darryl Wagoner)
Re: Idea (amateur)
From: "JCA" <[EMAIL PROTECTED]>
Subject: Re: A future supercomputer
Date: Wed, 21 Mar 2001 11:59:00 -0800
In article <[EMAIL PROTECTED]>, "Mok-Kong Shen"
<[EMAIL PROTECTED]> wrote:
> Computing power is ONE of the fundamental requirements. If everything
> else is solved in theory, without the computing power to do that is
> futile, like one understands perfectly how a rocket works but without
> the required fuel. With more computing power, one can try algorithms
> that would otherwise be impossible. (See e.g. simulation of nuclear
> explosions, which was why the ASCIs were built.) M. K. Shen
Let me turn your analogy upside down - in order to actually launch a
rocket one must be able to build a fuselage first. But just having this skill
without knowing the physical principles on which rockets are based will
take one nowhere fast.
The same with raw computing power and the human brain. Humongous
horsepower is probably a relatively minor part of the solution, and hence
my belief that ASCI and Blue Gene are not likely to change things at all in
this respect.
--
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: Idea
Date: Wed, 21 Mar 2001 20:23:24 -0800
John Joseph Trammell <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On 19 Mar 2001 06:58:53 GMT, SCOTT19U.ZIP_GUY wrote:
> > Time is to precious wasting it using a spell checker.
>
> Your time is more precious than mine, then? I'd say that
> time is too precious to waste writing unintelligible
> scribblings, but hey, maybe that's just me.
But then I'd argue that there is sufficient redundancy in his English for
you to make sense, very quickly, of his far from unintelligible text and
your just being a little silly.
Simon.
--
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Defining a cryptosystem as "broken"
Date: Wed, 21 Mar 2001 12:04:44 -0800
I think we agree on that, no there's no way we can be certain of an
attackers compute power (or analytic power for that matter). So it will take
conservative estimation, buffer zones, whatever you want to call it, and we
can still be bitten by it. However with cryptography it's fairly well known
that all we can do is fix the odds in our favor, just as we assume that no
one will guess a 128-bit number on the first try. I think we agree though.
Joe
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Joseph Ashwood wrote:
> >
> > Of course the user will have problems. That's where well paid
cryptanalysts
> > come in :) I think I can say safely that we all agree that most systems
> > simply haven't been designed with security in mind (I point to MS
> name here/> as an example). The difference is that I did not say this is
a
> > countable set, only you have made that assumption about what I have
said.
> > What I have said is that a threat/attack model needs to be made, I have
> > never said that it is an easy problem, I have never said that the set of
all
> > models is countable (although because I expect that they will all be
finite
> > in length they are not only countable but finite), I have only said that
one
> > needs to be constructed for the situation. Choosing the right model
should
> > be done for the user, in fact the programmer will fix the threat/attack
> > model whether he/she knows it or not. The only decision about the
> > threat/attack model that the user makes is which programs to use. I am
not
> > discussing an arbitrary change it at run time impossibility, I am
discussing
> > exactly what I have done for a period of year
Cryptography-Digest Digest #963
Cryptography-Digest Digest #963, Volume #13 Wed, 21 Mar 01 15:13:01 EST
Contents:
Re: unbreakable code (Benjamin Goldberg)
Re: Fast and Easy crypt send (Hard)
Re: unbreakable code ("Tom St Denis")
Re: redodancy (Fermat)
[OT] Java (Benjamin Goldberg)
New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Bob C.)
Re: Most secure way to add passphrase verification to "CipherSaber" (Benjamin
Goldberg)
Re: [OT] Java (Jeffrey Williams)
Re: redodancy (Benjamin Goldberg)
Re: [OT] Java ("Tom St Denis")
Re: What happens when RSA keys don't use primes? (Doug Stell)
Re: I was so so right about PGP ... so right when I started writing(Frank
Gerlach)
Re: NSA in the news on CNN (John Hairell)
Re: I was so so right about PGP ... so right when I started writingabout PGP and
about one author so right . ("Mxsmanic")
Re: I was so so right about PGP ... so right when I started writing about PGP and
about one author so right . ("Mxsmanic")
Re: What happens when RSA keys don't use primes? ("Mxsmanic")
Re: What happens when RSA keys don't use primes? ("Mxsmanic")
Re: What happens when RSA keys don't use primes? ("Mxsmanic")
Re: Popular Mechanics article on NSA ("Mxsmanic")
Re: Advice on storing private keys (SCOTT19U.ZIP_GUY)
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: unbreakable code
Date: Wed, 21 Mar 2001 18:38:07 GMT
Tom St Denis wrote:
>
> "dexMilano" <[EMAIL PROTECTED]> wrote in message
> news:99ad0o$dorm$[EMAIL PROTECTED]...
> > For the others
> > "
> >
> > About all Rabin's scheme buys you is that you don't have to know
> > how to build a decent random number generator. In all other respects
> > it's just a standard one-time pad.
> >
> >
> > -Ben
> >
> > ".
>
> Whoever said the above is a friggin liar. The BBS generator (or any
> other SQRT type thing) is not like an OTP at all.
>
> Tom
Umm, Tom, he's talking about Rabin's *recent* scheme, where both parties
are listening to a high speed source of truly random bits, and use a
cheap, otherwise insecure, PRNG to tell how many bits to skip/take from
this source. He's NOT talking about the rather older RSA-like scheme,
where the message is squared, mod some n=pq.
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
--
From: [EMAIL PROTECTED] (Hard)
Subject: Re: Fast and Easy crypt send
Date: Wed, 21 Mar 2001 18:44:29 GMT
you can prepend "rank " to your handle.
that will clear it up.
--
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: unbreakable code
Date: Wed, 21 Mar 2001 18:47:25 GMT
"Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> >
> > "dexMilano" <[EMAIL PROTECTED]> wrote in message
> > news:99ad0o$dorm$[EMAIL PROTECTED]...
> > > For the others
> > > "
> > >
> > > About all Rabin's scheme buys you is that you don't have to know
> > > how to build a decent random number generator. In all other respects
> > > it's just a standard one-time pad.
> > >
> > >
> > > -Ben
> > >
> > > ".
> >
> > Whoever said the above is a friggin liar. The BBS generator (or any
> > other SQRT type thing) is not like an OTP at all.
> >
> > Tom
>
> Umm, Tom, he's talking about Rabin's *recent* scheme, where both parties
> are listening to a high speed source of truly random bits, and use a
> cheap, otherwise insecure, PRNG to tell how many bits to skip/take from
> this source. He's NOT talking about the rather older RSA-like scheme,
> where the message is squared, mod some n=pq.
Whoopsy doodle... hehehe I wasn't following the thread that closely...
Sorry..
Tom
--
From: Fermat <[EMAIL PROTECTED]>
Subject: Re: redodancy
Date: Wed, 21 Mar 2001 19:52:13 +0100
Something like this?
n= function_countstrings()
i=0
Repeat
[
i=i+1
word(i) = word_to_compare
for j= 1 to i-1
( if word(j)=word_to_compare
then function_Remove redundance (word_to_compare)
)
for j=i+1 to n
(if word(j)=word_to_compare
then function_Remove redundance (word_to_compare)
)
]
until i=n
dexMilano wrote:
> Is there some simple algoritm to remove redodancy in text?
> I tried ZIP but it's too heavy.
>
> Thx
>
> dex
--
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: [OT] Java
Date: Wed, 21 Mar 2001 18:56:32 GMT
Tom St Denis wrote:
[snip]
> Sorry this is OT but...
>
> JAVA sucks... it's slow, non-portable and gives errors on anything a
> normal C compiler would just warn you about. It's hard to develop
> software for...
>
> Tom
Absolutely! I mean, I try to assign a pointer to int to a pointer to
float, and in C, it would give me a warning about as
Cryptography-Digest Digest #962
Cryptography-Digest Digest #962, Volume #13 Wed, 21 Mar 01 14:13:01 EST
Contents:
Re: Most secure way to add passphrase verification to "CipherSaber"
(SCOTT19U.ZIP_GUY)
Re: BBS ("Dobs")
Re: Advice on storing private keys (those who know me have no need of my name)
Re: I was so so right about PGP ... so right when I started writing (Frank Gerlach)
Re: redodancy ("Tom St Denis")
Re: Advice on storing private keys (those who know me have no need of my name)
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) ("Tom St Denis")
Re: BBS ("Tom St Denis")
Re: RC4 test vectors after gigabyte output?. (those who know me have no need of my
name)
Re: I was so so right about PGP ... so right when I started writing about PGP and
about one author so right . ("Tom St Denis")
Re: RC4 test vectors after gigabyte output?. ("Tom St Denis")
Re: What do we mean when we say a cipher is broken? (David Wagner)
Re: What do we mean when we say a cipher is broken? (David Wagner)
Re: Fast and Easy crypt send (amateur)
Re: redodancy (amateur)
Re: What happens when RSA keys don't use primes? ("Kristopher Johnson")
Re: How to eliminate redondancy? (Benjamin Goldberg)
Re: What happens when RSA keys don't use primes? ("Tom St Denis")
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Most secure way to add passphrase verification to "CipherSaber"
Date: 21 Mar 2001 17:32:14 GMT
[EMAIL PROTECTED] (John L. Allen) wrote in
<[EMAIL PROTECTED]>:
>I was thinking about adding some rudimentary passphrase (Key)
>verification check capability to the CipherSaber protocol (see
>http://ciphersaber.gurus.com/). So, among the following choices, Which
>of these message streams is most secure as a means of providing a way
>for the decryptor to verify the correctness of the decryption Key
>without giving an attacker useful info:
>
>0. IV, E(msg) # This is the current
>CipherSaber protocol
>1. IV, E(IV), E(msg) # bad: "known plaintext"
>2. IV, E(E(IV)), E(msg)
>3. IV, E(E(msg{1..10})), E(msg)# bad: "known plaintext"
>4. IV, E(E(E(msg{1..10}))), E(msg)
>5. IV, H(msg{1..64}), E(msg)
>6. IV, E(H(msg{1..64})), E(msg)
>7. IV, E(Key), E(msg)
>8. IV, H(Key), E(msg)
>9. IV, E(H(Key)), E(msg)
>
>Where, IV is a random initialization vector.
>E() is an encryption algorithm using key Key.
>H() is a hash function.
>msg is the message
>msg{1..N} is the first N bytes of the message.
>
>Also, if a hash function is not available, what is the best way then?
>
>I lean toward #9 if a hash is available, otherwise, maybe #2 or #4.
>Encrypting the key and sending that as in #7 doesn't _look_ too good at
>first, but is it really that bad?
>
>John.
>
>
There are other ways to add security that gives no information
to an attacker. I will post a way on the net in a few days. It
will be different than the method I posted at the gov AES site.
but will be of possible use by you. I can give you the basic flow
of it. Howeve it will increase the time to encrypt and decrypt
plus it makes it an 'ALL or Nothing type of encryption" Here is
basic flow. For one assume a message composed in only a subset
of characters.
You have a messeage composed of ony certain characters.
1) you compress it using my compress h2comaf.exe
this makes a special FOF file on output.
or alternatively. You have a file that is a binary file of any
number of 8-bit bytes or you convert to a file or that form and
then run my program hat converts it to a FOF file.
2)You know run my code to convert a FOF file to binary file
that has form where at least one field exists and is 6 bytes
long and rest of fields if they exist is 1 byte in length each.
3) this is phase where you add the authentication and identity
check. You as a user has a secrect auth code which is a series
of values 0-5 in value. For this example say 4 digits of 1 2 3 5
Now you call rotatan and apply the first rotation to the file
and then uses DSC to bind the number in the file.
You repeat above so it occurs 4 times with each of the values above.
4) at this point you still will have a file of at least 6 bytes
where every possible value is possible. run my code to map to
FOF files.
5) run h2uncaf.exe to uncompress the file. Where the condition
file is the set of all 256 bit possible valuses. The ouput
file is a normal byte type of file.
6) run reverse and then compress with h2com.exe you know have
a normal binary byte file of any possiable value.
*
here you need an encryption program that is fully bijective
from 8 bit binary files to 8 bit binary files
***
the resulting ouput can be any 8- bit byte type of file.
And even if by chance you test this with an output file one
byte long. You will end up when yo
Cryptography-Digest Digest #961
Cryptography-Digest Digest #961, Volume #13 Wed, 21 Mar 01 13:13:00 EST
Contents:
Re: How to eliminate redondancy? (Joe H. Acker)
Re: can a remailer send a message to multiple people? ("Thomas J. Boschloo")
Most secure way to add passphrase verification to "CipherSaber" ("John L. Allen")
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) (SCOTT19U.ZIP_GUY)
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) ("Tom St Denis")
Re: How to eliminate redondancy? (SCOTT19U.ZIP_GUY)
Re: How to eliminate redondancy? (SCOTT19U.ZIP_GUY)
Re: I was so so right about PGP ... so right when I started writing about PGP and
about one author so right . (Arturo)
Re: How to eliminate redondancy? ("Tom St Denis")
Re: OK...dumb question (Taylor Francis)
Re: OK...dumb question ("Tom St Denis")
Re: A future supercomputer (Mok-Kong Shen)
Re: Advice on storing private keys (Darryl Wagoner)
redodancy ("dexMilano")
Re: One-time Pad really unbreakable? (Jonathan Thornburg)
Re: One-time Pad really unbreakable? (Jonathan Thornburg)
Re: I was so so right about PGP ... so right when I started writing about PGP and
about one author so right . (those who know me have no need of my name)
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) (SCOTT19U.ZIP_GUY)
From: [EMAIL PROTECTED] (Joe H. Acker)
Subject: Re: How to eliminate redondancy?
Date: Wed, 21 Mar 2001 17:27:56 +0100
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> > There are no incorrect definitions, just more or less appropriate
> > ones.
>
> No. The range of a function has a well defined meaning. Using a
> meaning other than the correct definition is incorrect.
Okay, it was a misunderstanding. I take the term "definition" a lot more
strictly than you do. In my terminology, it is an abbreviation and the
definiens and the definiendum must be substitutable in any
context---except for grammatical adjustments when used informally.
> From the Merriam-Webster dictionary's definition of "range":
> 6a the space or extent included, convered, or used.
> 8a the set of values a function may take.
> 8b the class of admissible values of a variable.
I wouldn't consider the Merriam-Webster dictionary to be always right,
but in this case, it certainly does correctly explain the naming
convention. My point was rather, that I felt some posters were making
themselves appear more stupid than they are just to be able write
polemic replies to a potentially valuable suggestion.
> If you correctly consider (for example) the gzip function, it's domain
> is the set of all files, and it's range is the set of those files
> producable by gzip. It would be incorrect to say that it's range is the
> set of all files.
In German, it's sometimes called "Vorbereich" and "Nachbereich" so I
assumed that it's someting like "input range" and "output range" in
English. Thanks for the clarification.
> Thus, you can see how nonpermutative compressors intruduce
> distinguishing characteristics. This kind of distinguishability is very
> very minor, since we normally must have a huge amount of known plaintext
> for most attacks, and it is just as easy/just as difficult to obtain,
> regardless of which type of compressor is used.
That's what I believe as well. But perhaps, a special attack against
nonpermutative compression+encryption could be invented. After all,
nonpermutative compression does not only allow a quick shortcut for the
correct plaintext, there could be more sophisticated attacks that
exploit the fact that a certain nonpermutative compressor fails to
decompress so many possible sequences of symbols. For example, if one
would combine the severe restrictions on the compressor output (or
decompressor input) with an attack on the cipher, this perhaps could
drastically limit the amount of plaintext needed. That's something
serious cryptanalists might want to take a look at.
> > What do cryptanalists say about s-bijective compression once they have
> > learned what "s-bijective" is supposed to mean?
>
> Most cryptanalysts ignore David Scott since he acts like a Troll.
Oh well, his replies aren't very polite sometimes. But after all, his
views about compression seem to be correct, although he might
overestimate a bit the amount of security earned by permutative
compression.
Anyway, thanks for your reply. I think we can agree that "permutative"
and "nonpermutative" compression could be good shortcut terms to name
the different types of compression.
Regards,
Erich
--
From: "Thomas J. Boschloo" <[EMAIL PROTECTED]>
Subject: Re: can a remailer send a message to multiple people?
Date: Wed, 21 Mar 2001 15:42:49 +0100
Incognito wrote:
>
> Can I use the mixmaster 2.0.3 to send a message anonymously to more
>
Cryptography-Digest Digest #960
Cryptography-Digest Digest #960, Volume #13 Wed, 21 Mar 01 12:13:00 EST
Contents:
Re: What happens when RSA keys don't use primes? (Gene Styer)
Re: What the Hell...Here's what my system can do at it's best... (SCOTT19U.ZIP_GUY)
I was so so right about PGP ... so right when I started writing about PGP and about
one author so right . ([EMAIL PROTECTED])
This was in 1999 ... I was so right about PGP etc. although I had know this
since 1993 ... ([EMAIL PROTECTED])
DEA standard S-tables beginner question. ("Yaniv Sapir")
Re: I was so so right about PGP ... so right when I started writing (Frank Gerlach)
Re: How to eliminate redondancy? (SCOTT19U.ZIP_GUY)
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) ("Tom St Denis")
Re: OK...dumb question (Taylor Francis)
Re: How to eliminate redondancy? ("Tom St Denis")
Re: I was so so right about PGP ... so right when I started writing about PGP and
about one author so right . ("Tom St Denis")
Re: DEA standard S-tables beginner question. ("Tom St Denis")
Re: OK...dumb question ("Tom St Denis")
Re: AES encryption speed vs decryption speed (John Worley)
Subject: Re: What happens when RSA keys don't use primes?
From: [EMAIL PROTECTED] (Gene Styer)
Date: 21 Mar 2001 15:18:38 -
In article <[EMAIL PROTECTED]>, Hard <[EMAIL PROTECTED]> wrote:
>On Wed, 21 Mar 2001 10:40:09 GMT, "Mxsmanic" <[EMAIL PROTECTED]>
>wrote:
>
>>"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
>>news:[EMAIL PROTECTED]...
>>
>>> In my humble understanding this is all a
>>> probability issue. If the chance that the
>>> 'believed' primes being composite is
>>> sufficiently small, then it can be justified
>>> that one takes the risk of the vulnerability.
>>
>>I understand that. I just don't understand exactly what the
>>"vulnerability" actually is. Will the encryption/decryption
>>systematically break? Or will it break only occasionally, for certain
>>plaintexts or ciphertexts? Or will it work fine, but become very
>>vulnerable to cryptanalysis? Or something else?
>>
>
>That is a question I've had, too. You described it well. I wonder if
>any will answer it as clearly as it was posed?
Well, I decided to do a quick test:
p = 15 (ok, I know this isn't prime, but this is only a test...)
q = 7 (we'll let this one be prime)
n = 105
e = 5 (need d relatively prime to 14*6=84)
d = 17 (need d*e==1 mod 84)
using bc:
(10^5) % 105 = 40(40^17) % 105 = 10
(18^5) % 105 = 93(93^17) % 105 = 18
So my guess would be that having a non-prime will still work, but that it
would be easier (but not easy) to factor n and thus determine d.
Eugene Styer
[EMAIL PROTECTED]
--
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: What the Hell...Here's what my system can do at it's best...
Date: 21 Mar 2001 15:38:25 GMT
[EMAIL PROTECTED] (Keill Randor) wrote in
<[EMAIL PROTECTED]>:
>H, sounds about right. Just wait and see if my system hits the
>'net. It's so simple at it's core, and inherantly uncrackable, so
>exactly what they'll make of it I'm not sure... I solved this problem
>from the ground up: I know that my last post was a little, well,
>convoluted, but as I said, that's what it does at it's best, which very
>few people will need, BUT it will always be possible that someone HAS
>worked out an alternative solution, and the one you have isn't the
>'real' one. It's ALL about trust, at the end of the day...
>
>To answer a couple of points, the three parts to the puzzle contained in
>the two paragraphs could literally be ANY part of them, either a word,
>sentence or part, therof. As I said, it's not a challenge, just a demo.
>
I am not sure you anwsered my questions. What part was what in your
example. Does it work for all files or just text. Could you explain
your example!!
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
--
From: [EMAIL PROTECTED]
Crossposted-To: alt.politics.org.cia,alt.2600,comp.security
Subject: I was so so right about PGP ... so right when I started writing about PGP and
about one author so right .
Date: 21 Mar 2001 15:43:52 GMT
Cryptologists from Czech company ICZ detected serious security vulnerability
of an international magnitude
A bug has been found in worldwide used security format OpenPGP.
Cryptography-Digest Digest #959
Cryptography-Digest Digest #959, Volume #13 Wed, 21 Mar 01 10:13:00 EST
Contents:
Re: What do we mean when we say a cipher is broken? (John Savard)
Re: What do we mean when we say a cipher is broken? (John Savard)
Popular Mechanics article on NSA (John Savard)
Re: What happens when RSA keys don't use primes? ("Paul Thomas")
Re: What happens when RSA keys don't use primes? ("Paul Thomas")
Re: What happens when RSA keys don't use primes? ("Tom St Denis")
OK...dumb question (Taylor Francis)
Re: IDEA test vectors (Benjamin Goldberg)
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) (SCOTT19U.ZIP_GUY)
Re: OK...dumb question ("Tom St Denis")
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) ("Tom St Denis")
Re: OK...dumb question (SCOTT19U.ZIP_GUY)
Re: unbreakable code ("dexMilano")
Re: unbreakable code ("Tom St Denis")
Re: How to eliminate redondancy? (Benjamin Goldberg)
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) (SCOTT19U.ZIP_GUY)
Re: What the Hell...Here's what my system can do at it's best... (Keill Randor)
("Frog2000")
Re: A future supercomputer ("JCA")
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: What do we mean when we say a cipher is broken?
Date: Wed, 21 Mar 2001 12:12:28 GMT
On 20 Mar 2001 20:35:58 GMT, [EMAIL PROTECTED] (David Wagner)
wrote, in part:
>Douglas A. Gwyn wrote:
>>Strange, because I didn't define anything that could be called
>>"Gwyn-security". I merely pointed out that Crowley had been
>>overly restrictive; I could easily take a Crowley-secure stream
>>and use it to encipher in such a way that there would exist an
>>*easy* "distinguisher" test, yet the CT would be exactly as
>>secure as per Crowley.
>Yes, that's just what I said. Crowley-security is sufficient---but
>not always necessary---for security. I apologize if some other name
>than "Gwyn-security" would have been more appropriate.
What is interesting, however, is that Douglas Gwyn's specific example
may (or may not) help to point the way of a criterion that is less
restrictive but more useful. (If the example was simply, say, using
the Crowley-secure system, and then giving the output distinctive
armor, that, of course would be trivial, but still a point not to
forget.)
The beauty of a different definition of security than the one needed
in practice, as long as it is strict enough (even if it is excessively
strict) is of course that it may be usable in proofs of security.
Of course, the question of how to achieve security in practice - where
conditions like 'this hash function is secure', or 'the key of this
block cipher can't be found more quickly than by brute force with only
one block of known plaintext' are not really believed, even if they
are hoped to be true - can legitimately involve the intention of using
systems more complicated than those we are prepared to say anything
definite about at present.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
--
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: What do we mean when we say a cipher is broken?
Date: Wed, 21 Mar 2001 12:20:19 GMT
On 20 Mar 2001 20:37:40 GMT, [EMAIL PROTECTED] (David Wagner)
wrote, in part:
>Just because we can't prove that a cipher is Crowley-secure
>doesn't mean that the notion isn't useful. It's the right
>goal to shoot for, and if anyone finds an attack that shows
>that Rijndael is not Crowley-secure, then I'd argue we should
>re-consider whether Rijndael is the best cipher to use.
Why is it the right goal to shoot for?
The reasons are probably the following:
- except for certain contrived cases, it is reasonable to suspect that
a lack of Crowley-security may indicate a weakness against real
cryptanalysis
- because the Crowley-secure condition is so strong, it is easier to
find attacks that show a cipher does not meet it.
People who are looking for ciphers that are strong, with strength
above that which we can easily prove exists, should therefore approve
of the availability of this tool for testing ciphers. Even if it does
happen to break their first designs.
I am not trying to be on the opposite "side" from you in some war;
rather, I want the two sides to understand and learn from each other.
I'm not saying the academic experts have much to learn from any
individual amateur in most cases, but there is a certain perspective
shared by many amateurs that does have validity: when it is important
to protect the security of a message, it is necessary to reach out
beyond the kinds of cipher system that are well understood.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
--
From: [EMAIL PROTECTED] (John Savard)
Subject: Popular Mechanics article on NSA
Date: Wed, 21 Mar 2001 12:23:34 GMT
They refer
Cryptography-Digest Digest #958
Cryptography-Digest Digest #958, Volume #13 Wed, 21 Mar 01 07:13:01 EST
Contents:
Re: Strong Primes (Peter Engehausen)
Re: A future supercomputer (Frank Gerlach)
Re: Defining a cryptosystem as "broken" (Mok-Kong Shen)
Re: Codes that use *numbers* for keys (Daniel)
Re: A future supercomputer (Mok-Kong Shen)
Re: looking for "Crowds" (Mok-Kong Shen)
Re: NSA in the news on CNN ("Mxsmanic")
Re: NSA in the news on CNN ("Mxsmanic")
Re: Is Evidence Eliminator at all useful ?? (David Schwartz)
What happens when RSA keys don't use primes? ("Mxsmanic")
Re: What happens when RSA keys don't use primes? (Mok-Kong Shen)
Re: What happens when RSA keys don't use primes? ("Mxsmanic")
Re: I encourage people to boycott and ban all Russian goods and services, if the
Russian Federation is banning Jehovah's Witnesses ... ("")
Hours of work done on RSA, ECC or NTRU ? (Jyrki Lahtonen)
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) (those who know me have no need of my name)
Re: => TV detection (was: FBI easily cracks encryption ...?) (Richard Herring)
Re: What happens when RSA keys don't use primes? (Hard)
From: Peter Engehausen <[EMAIL PROTECTED]>
Subject: Re: Strong Primes
Date: Wed, 21 Mar 2001 07:03:29 -0100
Reply-To: [EMAIL PROTECTED]
Dear Joseph!
Thanks for your reply!
> The move to lambda(N) is necessary for the proof because the short cycles
> are not a result of p or q, but of the lambda reduction of them. This stems
> from the inversion of RSA (aka decryption) which requires, not knowledge of
> p or q, but knowledge of lambda(N).
Actually it's my belief, that what a "complete" argumentation should discuss
not only the order of e modulo \lambda(N) (it should be small, if you like to
mount the attack, see equation 16), but also the order of e modulo \lambda(p)
(see equation 18 & 19).
I just realized, that I had a typo in my last mail: I wrote ord (e) mod p
instead of ord (e) mod \lambda(p) = ord (e) mod p-1. Strange ... The authors
wrote mod p on page 17 too. Do I miss something? Isn't the order of e mod p
irrelevant? I need to know, when the exponent of C is equal to 1, therefore I
need to know the order e mod p-1 and/or the order of e mod \lambda(N).
I'm really lost! HELP!
> Everything else is just argument for that statement.
But is the arguemntation correct?
Best wishes,
Peter
PS: And I still don't understand this part:
"Suppose r does not divide ord(e) mod \lambda(N). It follows immediately
that e must be an r-th power mod p. This follows form Lagrange's
Theorem: ord(e) must divide p-1, and we have assumed that r divides p-1
but r does not divide ord(e). Hence e must be an r-th power mod p."
ord(e) mod \lambda(N) must divide p-1? Im not sure if I remember
Lagrange's Theorem well... The order of a subgroup divides the order of
its group. Hence for every e which is coprime to \lambda(N) the order
of e mod \lambda(N) must divide the order of (Z/\lambda(N)Z)^*. This is
\phi(\lambda(N)), isnt it? I cant see why ord(e) divides p-1...
And further on: You say, if r and ord(e) divide both p-1 and r doesnt
divide ord(e) than e must be an r-th power.
Sounds obvious, but why? Im still too blind to see through.
--
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: A future supercomputer
Date: Wed, 21 Mar 2001 10:11:15 +0100
Mok-Kong Shen wrote:
> BTW, I read that ASCI White has about 1/1000th of the estimated
> computational power of the human brain. So with Blue Gene a
> machine could have a solid foundation to attempt to compete
> with a human being.
If anybody comes up with a brain simulation of a mouse, then it makes
sense to talk about that at all.
>
> M. K. Shen
--
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Defining a cryptosystem as "broken"
Date: Wed, 21 Mar 2001 10:14:45 +0100
Joseph Ashwood wrote:
>
> Of course the user will have problems. That's where well paid cryptanalysts
> come in :) I think I can say safely that we all agree that most systems
> simply haven't been designed with security in mind (I point to MS name here/> as an example). The difference is that I did not say this is a
> countable set, only you have made that assumption about what I have said.
> What I have said is that a threat/attack model needs to be made, I have
> never said that it is an easy problem, I have never said that the set of all
> models is countable (although because I expect that they will all be finite
> in length they are not only countable but finite), I have only said that one
> needs to be constructed for the situation. Choosing the right model should
> be done for the user, in fact the programmer will fix the threat/attack
> model whether he/she knows it or not. The only decision about the
> threat/attack model that the user makes is which programs to use
