Cryptography-Digest Digest #643
Cryptography-Digest Digest #643, Volume #14 Mon, 18 Jun 01 19:13:00 EDT Contents: About Principia Mathematica (long) (Mok-Kong Shen) Re: BigNum Question (Tim Tyler) Cypherus encryption software (Andrew Palumbo) Re: Counter mode, the better way to do it? ("Julian Morrison") Re: Counter mode, the better way to do it? ("Tom St Denis") Re: Counter mode, the better way to do it? ("Julian Morrison") Re: Counter mode, the better way to do it? ("Tom St Denis") Re: About Principia Mathematica (long) (Fred W. Helenius) Re: About Principia Mathematica (long) (Karl Forsberg) Re: Cypherus encryption software (Paul Rubin) Re: Is ECB truly more secure than CBC? (David Hopwood) Re: Cypherus encryption software ("Tom St Denis") Re: Is ECB truly more secure than CBC? ("Tom St Denis") Re: Is ECB truly more secure than CBC? ("Tom St Denis") Re: Counter mode, the better way to do it? ("Julian Morrison") Re: Help on GF(2^N) ("Simon Johnson") Re: Help on GF(2^N) ("Tom St Denis") Re: Counter mode, the better way to do it? ("Tom St Denis") Re: Cypherus encryption software ("Joseph Ashwood") From: Mok-Kong Shen <[EMAIL PROTECTED]> Crossposted-To: sci.math Subject: About Principia Mathematica (long) Date: Tue, 19 Jun 2001 00:07:41 +0200 In connection with a recent discussion in sci.crypt, I obtained some seemingly radically different opinions or facts on the readability of Whitehead and Russell's Principia Mathematica, a book which I till the present have only heard talking about but never even actually seen. On the one extreme there was a regular in sci.crypt reporting that he had read most of that book while yet in high school. On the other extreme there was an acquaintance of mine claiming that most graduate students in math attempting to read that book would be coming up against a stone wall ('beissen auf Granit'). Fascinated thus by this huge disparity of opinions/facts, I undertook to collect certain matters concerning the book which appear to be of some general interest: (1) Availability. Currently the Cambridge University Press offers the full version at $595.00 and an abridged version at $52.95. Big public libraries are likely to have the full version (e.g. the library of Deutsches Museum in Munich). A company selling rare books offers on the internet the first edition (666+772+491 pages) for $45,000.00, while another offers the second edition (674+742+491 pages) for 3500 pounds. (2) Contents of the book. (Source: http://www.illc.uva.nl/~seop/archives/fall2000/ entries/principia-mathematica/) Principia Mathematica appeared in three volumes which together are divided into six parts. Volume 1 begins with a lengthy Introduction containing sections entitled "Preliminary Explanations of Ideas and Notations", "The Theory of Logical Types" and "Incomplete Symbols". It also contains Part I, entitled "Mathematical Logic", which contains sections on "The Theory of Deduction", "Theory of Apparent Variables", "Classes and Relations", "Logic of Relations", and "Products and Sums of Classes"; and Part II, entitled "Prolegomena to Cardinal Arithmetic", which contains sections on "Unit Classes and Couples", "Sub- Classes, Sub-Relations, and Relative Types", "One-Many, Many-One and One-One Relations", "Selections", and "Inductive Relations". Volume 2 begins with a "Prefatory Statement of Symbolic Conventions". It then continues with Part III, entitled "Cardinal Arithmetic", which itself contains sections on "Definition and Logical Properties of Cardinal Numbers", "Addition, Multiplication and Exponentiation", and "Finite and Infinite"; Part IV, entitled Relation-Arithmetic", which contains sections on "Ordinal Similarity and Relation- Numbers", "Addition of Relations, and the Product of Two Relations", "The Principle of First Differences, and the Multiplication and Exponentiation of Relations", and "Arithmetic of Relation-Numbers"; and the first half of Part V, entitled "Series", which contains sections on "General Theory of Series", "On Sections, Segments, Stretches, and Derivatives", and "On Convergence, and the Limits of Functions". Volume 3 continues Part V with sections on "Well-Ordered Series", "Finite and Infinite Series and Ordinals", and "Compac
Cryptography-Digest Digest #643
Cryptography-Digest Digest #643, Volume #13 Tue, 6 Feb 01 17:13:01 EST Contents: Re: Free Encryption Software (Greggy) Re: Encrypting Predictable Files (Bryan Olson) Re: Pseudo Random Number Generator (Mok-Kong Shen) Re: One way function for Passwords. ("Joseph Ashwood") Re: Free Encryption Software (Greggy) Re: Free Encryption Software (Greggy) Re: One way function for Passwords. ("Moritz Voss") Re: Actually I monitored activities of this NSA´s P1363 Group for many years . actually was just around 5 % of my interest in this specific fields I have always liked non-random random number ...I like to use ever changing environment for randomne ("Amaury Jacquot") Re: Questions about Diffie-Hellman (DJohn37050) Re: Mod function ([EMAIL PROTECTED]) Re: On combining permutations and substitutions in encryption (Terry Ritter) Re: Scramdisk, CDR and Win-NT ("Sam Simpson") DSA flaw - RNG biased (David Crick) Re: CipherText patent still pending (Bryan Olson) Re: Encrypting Predictable Files ([EMAIL PROTECTED]) From: Greggy <[EMAIL PROTECTED]> Subject: Re: Free Encryption Software Date: Tue, 06 Feb 2001 20:09:31 GMT In article <#MX$hlxiAHA.273@cpmsnbbsa07>, "George Peters" <[EMAIL PROTECTED]> wrote: > Greetings, > > An entire suite of encryption applications are available at > http://www.endecs.com/uenigma.zip . It contains two file systems, client > internet email, ftp and point to point communications and some source code. > Well worth the download. > I just looked at the web page and thought, Why would I want to let you handle my personal communications? I thought encryption was designed to keep you from it? No response is necessary. I merely wished to point out that the idea is just silly... > GP > > -- I prefer the fourth amendment over a drug free society. Did W declare the national emergency over yet and give us back constitution rule? No? Why am I not surprised? Sent via Deja.com http://www.deja.com/ -- From: Bryan Olson <[EMAIL PROTECTED]> Subject: Re: Encrypting Predictable Files Date: Tue, 06 Feb 2001 20:13:44 GMT Paul Housley wrote: [...] > There are some parts of the files which are predictable. [...] > I am concerned that, by knowing what part of the file is > supposed to decrypt to, this may help people to find the > encryption key. > > Any advice, particularly concerning the RC4 algorithm? RC4 is designed to resist known-plaintext attacks, and so far no one has shown it doesn't. It is _not_ designed to encrypt multiple messages with the same key. Always derive a new key RC4 key for each message. --Bryan Sent via Deja.com http://www.deja.com/ -- From: Mok-Kong Shen <[EMAIL PROTECTED]> Subject: Re: Pseudo Random Number Generator Date: Tue, 06 Feb 2001 21:28:49 +0100 Bryan Olson wrote: > > Mok-Kong Shen wrote: > > What can be proved is the following: > > > > For m non-degenerate independent integer random variables > > over [0,n-1] their sum mod n approaches a uniform random > > variable as m increases. If one of the random varaible is > > uniform, then any value of m results in a uniform random > > variable. > > Counterexample: Lent n = 49, and the distribution of each > variable be uniform over the 42 integers in [1..48] that are > not divisible by 7, and zero elsewhere. That's what is excluded by 'non-degenerate'. Sorry, if the term is not standard or common. M. K. Shen -- From: "Joseph Ashwood" <[EMAIL PROTECTED]> Subject: Re: One way function for Passwords. Date: Tue, 6 Feb 2001 12:11:14 -0800 Well I can't speak for LotusNotes, however such functions do exist and are actually fairly commonplace. The most popular ones are MD5, and SHA-1. There are several others of varying degrees of strength and size. The property you are looking for is commonly expressed as finding x, and x' such that F(x)=F(x') and x =/= x'. Since this is being used for passwords it is actually a slightly different problem, given H find x such that F(x)=H. These are actually very similar statements and one commonly implies the other. What I would recommend, and would probably be the concensus here would be to use SHA-1, it's fast, strong, free, respected, etc, and it's available several places the original documentation is available in the NIST FIPS (www.nist.gov), and implementations are available several places including www.openssl.org Now about verifying against those passwords. You might want to discuss that here also, there are several issues with it. Joe -- From: Greggy
Cryptography-Digest Digest #643
Cryptography-Digest Digest #643, Volume #12 Sat, 9 Sep 00 22:13:00 EDT Contents: Re: Intel's 1.13 MHZ chip (Guy Macon) Re: Security of whitening alone? ("Alexis Machado") SV: Intel's 1.13 MHZ chip ("Morten Ostberg") Re: ExCSS Source Code (Eric Lee Green) Re: ExCSS Source Code (Eric Lee Green) Re: Intel's 1.13 MHZ chip ("Abyssmal_Unit_#3") Re: RSA?? ("Abyssmal_Unit_#3") Re: Intel's 1.13 MHZ chip (S. T. L.) Re: ExCSS Source Code (Anonymous) RSA Patent -- Were they entitled to it? ("Aztech") Re: RSA Patent -- Were they entitled to it? (Larry Kilgallen) Re: RSA Patent -- Were they entitled to it? ("Aztech") Re: Carnivore article in October CACM _Inside_Risks ("dog7") Re: RSA Patent -- Were they entitled to it? (Bill Unruh) Re: Bytes, octets, chars, and characters ("Dik T. Winter") Re: blowfish problem ("Dik T. Winter") Re: SV: Intel's 1.13 MHZ chip (John Savard) RC5-SAFE? - SAFEBOOT ("lala") Re: RSA Patent -- Were they entitled to it? (Jim Gillogly) Re: SV: Intel's 1.13 MHZ chip (S. T. L.) Carnivore -> Fluffy Bunny? (Jim Gillogly) From: [EMAIL PROTECTED] (Guy Macon) Subject: Re: Intel's 1.13 MHZ chip Date: 09 Sep 2000 21:31:23 GMT Mok-Kong Shen wrote: > >Sorry, please replace MHZ by GHZ. Good start. Now replace GHZ with GHz. -- From: "Alexis Machado" <[EMAIL PROTECTED]> Subject: Re: Security of whitening alone? Date: Sat, 9 Sep 2000 18:41:53 -0300 "Andru Luvisi" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]... > > Assuming one has a well known good random transformation, for example > DES encryption with a well known key, what attacks can you see against > the following algorithm? > > Let p(x) be the transformation. Let q(x) be the inverse transformation. > Let the 128 bit key k have a left part, l, and a right part r. > ^ means xor. > > E_k(x) = p(x^l)^r > D_k(y) = q(x^r)^l > Some questions: 1) "D_k(y)" is a function of "y" ? If so, why "y" doesn't appear in the function definition ? 2) "x" and "y" are the two halfs of a 128-bit plaintext ? -- From: "Morten Ostberg" <[EMAIL PROTECTED]> Subject: SV: Intel's 1.13 MHZ chip Date: Sat, 9 Sep 2000 23:47:09 +0200 Guy Macon <[EMAIL PROTECTED]> skrev i diskussionsgruppsmeddelandet:8pea7b$[EMAIL PROTECTED] > >Sorry, please replace MHZ by GHZ. > > Good start. Now replace GHZ with GHz. Whats your problem ??? I perfectly understood his first posting, wich btw was very interesting! For f--k sake, get a life! -- From: Eric Lee Green <[EMAIL PROTECTED]> Subject: Re: ExCSS Source Code Date: Sat, 09 Sep 2000 15:58:34 -0700 Reply-To: [EMAIL PROTECTED] Ichinin wrote: > CSS does NOT protect against copying, you can still copy a DVD > just as easy as a paper, since the decryption keys are copied > as well when you copy the DVD data from one medium to another, > which allows for proper playback in any cd = CSS is bullocks! I believe that the decryption keys can only be retrieved via a special command to the hardware, i.e., they are NOT read from the first sectors using the normal SCSI or IDE READ() command, and do NOT show up on the sector map. In addition, writable media has the section of media used for the decryption keys mapped to system WOM (Write Only Memory :-). > It's only EFFECTIVE MEASURABLE property is the region codes. True, since pirates don't do byte-by-byte copies to writable media anyhow. Most pirate copies of DVDs are actually made on the exact same equipment that makes the "legit" copies, sometimes even in the exact same factories. Amazing, what a little bribery of factory managers being paid $8 per week will get you :-). > (And again... DMCA is VOID outside the US.) Err, the U.S. has a million men in uniform and billions of dollars in expensive military hardware that say different. Or as Earl K. Long, former governor of Louisiana, once said in exasperation when his legislature urged him to defy an edict of the U.S. government, "Goddammit, we're talking about the government of the U.S. of A. here, they got the goddamn ATOMIC BOMB!". If your country refuses to enforce the DMCA, they will shortly be corrected (unless their name is China). Remember, we're talking about the same rogue nation that invaded a sovereign country, arrested its leader, and hauled him off to Miami to jail him because he refused to kow-tow to his former CIA comptrollers the same rogue nation that willfully and with disdain has ignored every treaty it has ever mad
Cryptography-Digest Digest #643
Cryptography-Digest Digest #643, Volume #11 Thu, 27 Apr 00 05:13:00 EDT Contents: Re: OAP-L3: What is the period of the generator? (NFN NMI L. a.k.a. S.T.L.) Re: Magnetic Remenance on hard drives. (NFN NMI L. a.k.a. S.T.L.) Re: OAP-L3: Semester 1 / Class #1 All are invited. ("Joseph Ashwood") Re: U-571 movie (NFN NMI L. a.k.a. S.T.L.) Re: Requested: update on aes contest (Jerry Coffin) Re: Magnetic Remenance on hard drives. (jungle) Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - (jungle) Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - (jungle) Re: Help: encrypting bit fields (lcs Mixmaster Remailer) Help Needed www.Great-Mind.com ([EMAIL PROTECTED]) Re: Career Opportunities @ Cloakware (David A Molnar) Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - (Arturo) Re: AEES 16 rounds ([EMAIL PROTECTED]) Re: new Echelon article (Volker Hetzer) Re: ECC's vulnerability to quantum computing (Eric Hambuch) Re: What does XOR Mean???!!! (Guy Macon) From: [EMAIL PROTECTED] (NFN NMI L. a.k.a. S.T.L.) Subject: Re: OAP-L3: What is the period of the generator? Date: 27 Apr 2000 05:15:48 GMT <> Quack quack quack. -*---*--- S.T. "andard Mode" L. ***137*** STL's Wickedly Nifty Quotation Collection: http://quote.cjb.net -- From: [EMAIL PROTECTED] (NFN NMI L. a.k.a. S.T.L.) Subject: Re: Magnetic Remenance on hard drives. Date: 27 Apr 2000 05:18:24 GMT <> Duh, try Symantec.com. I found a mention of it when I was looking up Norton Ghost (which wasn't useful for my purposes anyways). Burn a floppy to delete its contents, says Gutmann. I agree. -*---*--- S.T. "andard Mode" L. ***137*** STL's Wickedly Nifty Quotation Collection: http://quote.cjb.net -- From: "Joseph Ashwood" <[EMAIL PROTECTED]> Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited. Date: Wed, 26 Apr 2000 22:42:53 -0700 Crossposted-To: talk.politics.crypto To everyone, ya know, with Szopa here I kind of miss D Scott, he at least had the intelligence to find new personal attacks. Joe -- From: [EMAIL PROTECTED] (NFN NMI L. a.k.a. S.T.L.) Subject: Re: U-571 movie Date: 27 Apr 2000 06:02:59 GMT Teraflop supercomputers are fast, badass computers. They have everything to do with breaking codes. <> The Japanese had a history of launching unannounced attacks. Ask the Russians. -*---*--- S.T. "andard Mode" L. ***137*** STL's Wickedly Nifty Quotation Collection: http://quote.cjb.net -- From: Jerry Coffin <[EMAIL PROTECTED]> Subject: Re: Requested: update on aes contest Date: Thu, 27 Apr 2000 00:18:22 -0600 In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says... > Jerry Coffin <[EMAIL PROTECTED]> writes: > > > Assuming you're talking about something like multiple layers of > > firewalls/proxy servers (and not multiples running in parallel) then > > yes, the same general reasoning applies. > > No, I'm talking about multiple parallel points of entry. That's not analogous to anything we've discussed. > > Assume for the moment that NIST decided all five finalists were AES > > ciphers. Further assume that you choose exactly one of those for > > your use. > > I *cannot*! My supplier of services today tells me that they have two > ways to accept this piece of data: in cleartext or CBC-Blowfish encrypted. > In this case, I'm happy because we already trust Blowfish in other places. > But if they were using DES, we'd probably have to trust DES, too. Okay, so they pick it instead of you. What exactly does this have to do with anything? Assume for the moment that they decide to support an AES cipher when a decision is made. I don't see where this makes any real difference to anything. If they decide NOT to support one of them, then the number of ciphers chosen for AES has no bearing on anything, since you're not using any of them anyway. > > Assume still further that ALL the civilian AND government > > cryptanalysts decide to attack that cipher to the exclusion of the > > other four. > > > > This gives you essentially the worst case scenario. > > No and no. Worst case scenario would be: Civilian cryptoanalysts > don't even look at the cipher I use (for example, because they think > it has theoretically boring design), and government cryptoanalysts are > only interested in it alone (for example, because I happen to share my > choice of cipher with somebody very important
Cryptography-Digest Digest #643
Cryptography-Digest Digest #643, Volume #10 Sun, 28 Nov 99 16:13:01 EST Contents: Re: Random Noise Encryption Buffs (Look Here) (lordcow77) Re: Random Noise Encryption Buffs (Look Here) ("Trevor Jackson, III") Re: Random Noise Encryption Buffs (Look Here) ("Trevor Jackson, III") Re: Random Noise Encryption Buffs (Look Here) ("Trevor Jackson, III") Re: A dangerous question (David A Molnar) Re: AES cyphers leak information like sieves (John Savard) Re: Random Noise Encryption Buffs (Look Here) (Tim Tyler) Re: A dangerous question (John Kennedy) Re: brute force versus scalable repeated hashing (Johnny Bravo) Re: Fact or Fiction ? >> Quantum device breaks RSA-512 encryption in 12micro sec (Jim Dunnett) Re: Random Noise Encryption Buffs (Look Here) (Guy Macon) Re: Q: If the NSA can routinely crack crypto... (David Crick) Re: Random Noise Encryption Buffs (Look Here) (Guy Macon) Re: Random Noise Encryption Buffs (Look Here) (Guy Macon) Use of two separate 40 bit encryption schemes ("tony.pattison") From: lordcow77 <[EMAIL PROTECTED]> Subject: Re: Random Noise Encryption Buffs (Look Here) Date: Sun, 28 Nov 1999 07:12:06 -0800 In article <81r7pg$lmg$[EMAIL PROTECTED]>, Tom St Denis > Ok look at it another way. > If I took two exact copies [leave the copying theory behind here] > of an > atom, and placed them in two exact same environments. Would they > not > decay the same way? If so, that's hardly random at all. > Tom Hidden variables theories must introduce explicit nonlocality of a non-wavefunction object in order to deal with quantum entanglement. Put another way, there is no metaphorical tiny clock in the nucleus of an item that tells the atom to decay when the alarm sounds. If it were possible to perform the above experiment (you can't, since you can't even copy the atom exactly), you would still find that the decay behavior of both atoms would be uncorrelated. Please do us all a favor and study some physics before making incomprehensible pronouncements. * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- Date: Sun, 28 Nov 1999 10:33:18 -0500 From: "Trevor Jackson, III" <[EMAIL PROTECTED]> Subject: Re: Random Noise Encryption Buffs (Look Here) Douglas A. Gwyn wrote: > "Trevor Jackson, III" wrote: > > Guy Macon wrote: > > > In article <81ogtv$upa$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tom St Denis) >wrote: > > > >Ok, explain to me something that is truly random. > > > The time it takes for an individual atom of potassium-40 > > > to decay to Argon-40. > > If you claimed a way to influence the decay process it would be possible to verify >your > > claim. But if you claim that it is impossible to influence the decay process, it >is > > impossible to prove that claim. Since your statement above presumes that the decay > > process cannot influenced, your statement cannot be verified or proven. So it >rests on > > a belief rather than a scientific rationale. > > That makes no sense whatever. The decay rate of an isotope is > determined by the nature of the isotope, and is a random variable. Hardly. We _observe_ that the behavior of unstable nuclei fit the model of random events, but we cannot prove that it must be so. We cannot even explain the behavior. By "explain" I'm referring to the process by which phenomena are reduced to equations which predict, with limited precision, future behavior. Given Gmm/r^2 I can predict the immediate future of a satellite in orbit. The length of the prediction interval is inversely related to the precision of the predicted position. Now AFAIK, no amount of measurement of a single nuclei will permit any kind of prediction of its future emissions. We can predict the statistical behavior of collections of nuclei, but that's not an "explanation" of the behavior any more than predicting the decay of the orbits of a collection of satellites is an "explanation" of the process. > The probability distribution is a simple exponentional function > of time, and derives from fundamental physical laws that involve > inherent randomness (not mere lack of information that could in > principle be acquired). No. You are _asserting_ ther randomness of the process, not proving it. The sum-of-all-histories calculation applied to particles method involves no a priori randomness AFAIK. > These laws are part of the best-verified > theory of natural phenomena that we have. Yup. And the least understood. Your message is a perfect e
Cryptography-Digest Digest #643
Cryptography-Digest Digest #643, Volume #9Thu, 3 Jun 99 07:13:01 EDT Contents: Re: Oriental Language Based Enryption (Mok-Kong Shen) Re: what cipher? (Terry Ritter) Re: random numbers in ml ([EMAIL PROTECTED]) how do I make RSA keyring? (Bo Hedemark Pedersen) Re: New Computer & Printer for Dave Scott (Matthew Skala) Re: block ciphers vs stream ciphers (A. N. Alias) Re: random numbers in ml ([EMAIL PROTECTED]) CRC32 (iLLusIOn) Re: Viability of encrypted flash cards? ("Douglas A. Gwyn") Re: Security ([EMAIL PROTECTED]) Re: what cipher? ("Douglas A. Gwyn") Re: what cipher? (fungus) Re: PGP probability of choosing primes? (Bob Silverman) From: Mok-Kong Shen <[EMAIL PROTECTED]> Subject: Re: Oriental Language Based Enryption Date: Wed, 02 Jun 1999 13:42:28 +0200 Patrick Juola wrote: > > You're not taking into account the translation process. The > additional explicitness I cite isn't just a theoretical observation, > but a practical one by made by linguists in the field -- and you > can't blithely reverse the direction of the translation arrow. We are considering (everyday) normal messages, not literal works, for crypto purposes. So if the translation is good, one shouldn't be able tell which is the original and which is the translation. Lots of technical documents in multiple languages are excellent examples of equivalent translations. I think that even the concept of being an 'original' is questionable. If I know two foreign languages to about the same extent and write a business letter first in one language and after finishing it write a version in the other language, do you also think that there is some intrinsic difference between the two? (Here I myself am the translator.) I suppose that you assume that a translation must be poorer. This may be true for literary works, especially those of famous writers. But for ordinary messages this shouldn't be the case if the translator is a capable one (much depends on his education, training, etc.) Of course, if someone who is poor in one or even both of the languages attempts a translation, then the result could be catastrophic. On the other hand there are plenty of people fluent in several languages, some even grown up with two or three languages. > > One of the sources of this additional explicitness is the necessity > of setting the (target) text in a new cultural framework. There's > a good example from the work of Baker (1997?) -- the sentence "The > example of Truman was always on my mind," when translated into > Arabic, turned into a complete paragraph that more or less explained > to Arabic-speaking readers just who the hell Truman was. In general, > any time you're doing any sort of writing, you are implicitly making > expectations about the background of the reader -- and the more the > (actual) readers differ from your assumed background, the more work > the translator will need to put in to bring people up to speed. You example is not appropriate in the current context. We are considering the case where a message X is translated to Y, encrypted then decrypted to Y and then translated back to X'. Here the people involved know the context of the message. (In your example 'Truman' would then simply become a phonetic equivalent of it in Arabic, nothing more.) > > >The issue of being 'more explicit' > >is not entirely clear to me. > > It's a question of what sort of explanatory information needs to be > provided in the text. I suppose that this is covered above. M. K. Shen -- From: [EMAIL PROTECTED] (Terry Ritter) Subject: Re: what cipher? Date: Thu, 03 Jun 1999 04:36:41 GMT On Wed, 2 Jun 1999 21:09:19 -0400, in <[EMAIL PROTECTED]>, in sci.crypt "Particle" <[EMAIL PROTECTED]> wrote: >I'm looking for a stream cipher, or a block cipher >that works in 8-bit intervals. (actually, I'm looking for >the algorithm, I'm planning on implementing it myself) > >It is very important that the ciphertext retain the length >of plain text. It is extremely difficult to have a secure cipher which does not expand the ciphertext to some extent. In particular, the usual additive stream cipher must "never" re-use its ciphering or confusion sequence. That means we need a different key for every "message," and so probably implies at least a message key in addition to the data, which thus expands the ciphertext. There is some possibility of allowing some re-use of stream cipher confusion sequences in ciphers which discard additive combiners like exclusive-OR for table-based reversible nonlinear combiners such as Dynamic Substitution. (Note: I own Dy