Cryptography-Digest Digest #569, Volume #9 Thu, 20 May 99 07:13:02 EDT
Contents:
Re: Biprime Cryptography, Part II ("Douglas A. Gwyn")
Re: Random permutation (Christopher)
RSA Q: If I have e, phi(n) - d and n, can I recover d? (Dean Povey)
Project ("Dennis Gaffney")
Re: RSA Q: If I have e, phi(n) - d and n, can I recover d? (Paul Rubin)
Re: Project (David A Molnar)
Re: CRC16 polynomials ("hapticz")
Complexity Question ("Mike Murray")
Re: looking for independant encryption strength analysis ("Zulkifli Hamzah")
Re: Can Somebody Verify My DES execution? ([EMAIL PROTECTED])
Re: Strength of PGP 1.0 conventional block cipher? (David Crick)
Re: Looking for ScramDisk/PGPDisk user experiences ("Michel Bouissou")
Re: Biprime Cryptography, Part II (Vernon Schryver)
Re: Little Irish girl's algorithm? (Mok-Kong Shen)
Re: where can i find a frequency list? (Mok-Kong Shen)
Re: looking for independant encryption strength analysis (Jerry Coffin)
Re: Biprime Cryptography, Part II (Mok-Kong Shen)
Re: RSA Q: If I have e, phi(n) - d and n, can I recover d? (Bo Lin)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Biprime Cryptography, Part II
Date: Thu, 20 May 1999 03:22:15 GMT
John Savard wrote:
> The field of "public-key cryptography" itself is confusingly named for
> some people. If the key is public, how can it be used to keep secrets?
I'm sorry, but not only is the term well established by now, it is
only confusing to someone who doesn't have an inkling of how it works,
which is true of nearly anything one could think of.
> I propose the name
> Open-Setup Encryption
> as a less confusing alternative.
That is *more* confusing to the uninitiated.
------------------------------
From: [EMAIL PROTECTED] (Christopher)
Subject: Re: Random permutation
Date: Wed, 19 May 1999 23:41:20 -0400
I would think that the distribution wouldn't be uniform. Suppose the first
call of rand16() returns 1, now an index of 2 has a 2/16 probablility
instead of 1/16. After 2 is chosen, 3 has a 3/16 and so on.
In article <7hqmc6$nvp$[EMAIL PROTECTED]>, Stephen Weis
<[EMAIL PROTECTED]> wrote:
|:| Bryan Olson <[EMAIL PROTECTED]> wrote:
|:| :> > If efficient means we want to use the fewest calls to our
|:| :> > random number generator, use the same idea as we used to generated
|:| :> > a uniform choice in [0..n) given a uniform and independent bit
|:| :> > source. Suppose rand16() returns a random choice from [0..15].
|:|
|:| I had an idea on how to permute a range of numbers [0..n] while
|:| minimizing calls to a random number generating function. Basically, j
|:| ust use the random number as an index into an array. If it is already
|:| filled, increment modulo n to the next available slot.
|:|
|:| [snipped code]
|:|
|:| To permute n elements, it will make only n calls to random(). I ran
|:| this over about 10000 runs and kept track of the results. The
|:| distribution appeared to be even. How could I better test the
|:| "randomness" of the generated permutation? Could there be some
|:| problems with naively incrementing to the next available index
|:| when collisions occur?
|:|
|:| [snipped java code]
------------------------------
From: [EMAIL PROTECTED] (Dean Povey)
Subject: RSA Q: If I have e, phi(n) - d and n, can I recover d?
Date: 20 May 1999 04:28:04 GMT
Hi all,
I have a question regarding RSA keys. Is it possible to give away
phi(n) - d in addition to the usual e and n without being able to recover�
d or phi(n)?
Cheers.
Dean.
--
Dean Povey, | e-m: [EMAIL PROTECTED] | Cryptozilla:
Research Scientist | ph: +61 7 3864 5120 | www.cryptozilla.org/
Security Unit, DSTC | fax: +61 7 3864 1282 | Oscar - PKI Toolkit:
Brisbane, Australia | www: security.dstc.edu.au/ | oscar.dstc.qut.edu.au/
------------------------------
From: "Dennis Gaffney" <[EMAIL PROTECTED]>
Subject: Project
Date: Wed, 19 May 1999 21:33:08 -0700
Hi, I'm doing a project on Cryptography, could anybody give me the URL of
any good sites?
Thanks
DG
"Good times, good times" Phil Hartman
BILL: It smells like an ashtray when I pee. Is there anything you can do to
help with that?
DAVE: Gosh, I hope not.
Coffee machine broken.. no coffee!"
"Hey Mr. James, ... Buttafuco"
I HART PHIL HARTMAN
1 year w/ a little less laughter
in the world...
1948-1998
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: RSA Q: If I have e, phi(n) - d and n, can I recover d?
Date: Thu, 20 May 1999 05:06:56 GMT
In article <7i030k$647$[EMAIL PROTECTED]>,
Dean Povey <[EMAIL PROTECTED]> wrote:
>Hi all,
>
>I have a question regarding RSA keys. Is it possible to give away
>phi(n) - d in addition to the usual e and n without being able to recover
>d or phi(n)?
ed = 1 mod phi(n), where e is the (known) public exponent.
Let A=phi(n) - d. Then eA = e*phi(N) - ed = -1 mod phi(N).
So B=eA + 1 is a multiple of phi(N). Find D so that eD = 1 mod B
and you have a decryption exponent.
What on earth possessed you to want to give away phi(n) - d???
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Project
Date: 20 May 1999 05:23:25 GMT
Dennis Gaffney <[EMAIL PROTECTED]> wrote:
> Hi, I'm doing a project on Cryptography, could anybody give me the URL of
> any good sites?
Ron Rivest has a page full of useful crypto links at
http://theory.lcs.mit.edu/~rivest/crypto-security.html
You can find a list of interesting cryptographers at
http://www.swcp.com/~mccurley/cryptographers/cryptographers.html
Should you just happen to like linear algebra and lattices, check
out http://www.dice.ucl.ac.be/~fkoeune/LLL.html
Beyond that you will need to specify -- are you just looking for
project ideas, or do you have something in mind? Once you've got
a topic, you can find if anyone's working on it or close to it
and then, insh'allah, they've posted their work someplace.
Good luck,
-David Molnar
------------------------------
From: "hapticz" <[EMAIL PROTECTED]>
Subject: Re: CRC16 polynomials
Date: Thu, 20 May 1999 01:06:34 -0400
ftp://www.internode.net.au/clients/rocksoft/papers/crc_v3.txt
--
best regards
[EMAIL PROTECTED]
remove first "email" from address, sorry i had to do this!
Russell Harper wrote in message <[EMAIL PROTECTED]>...
|The CRC16 polynomial used in XMODEM can be represented by 0x1021 =
|1000000100001. Does anyone know of a link where there are other CRC16
|polynomials and a description of their relative merits? Or a way to
|determine them empirically?
|
|Thanks in advance...
|
|Russell
|
|[EMAIL PROTECTED]
|
|
------------------------------
From: "Mike Murray" <[EMAIL PROTECTED]>
Subject: Complexity Question
Date: Thu, 20 May 1999 01:54:09 -0700
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
I was talking to a professor of mine, recently, and she gave me
some hints on big-O notation, and computational complexity, for a
problem I've been working on. However, I have one more question
(which is pretty simple, and I'm relatively sure of the answer), which
I want to double check.
For a given algorithm, O(n) is in terms of the size of a variable
n. How do we define the size of n? Is it the actual integer value of
n, or is it the size of n in terms of length in bits? (which would
actually be log(base 2) of n). For example:
if n = 32,000, would the O(n) be in terms of 32,000, or 16 (bits)?
This question is kind of strange, I suppose, but, if we double the
size of n = 32,000, we have n = 64,000. However, if we double n=16 to
n=32, the actual integer value goes from 32,767 to (about) 2,000,000.
I'm relatively sure that O(n) is in terms of n itself, rather than
log n, but I want to double check this before I go any farther.
Mike
=====BEGIN PGP SIGNATURE=====
Version: PGP 5.5.5
iQA/AwUBN0PNsf5WqcMdbVvFEQJnTQCg7gVJ8CgPaULrNlmyXJ2VhxBUjHkAnjLk
WAmwYcGsjJoYVsyETr+puD/U
=8+9w
=====END PGP SIGNATURE=====
------------------------------
From: "Zulkifli Hamzah" <[EMAIL PROTECTED]>
Subject: Re: looking for independant encryption strength analysis
Date: Thu, 20 May 1999 14:00:36 +0800
Reply-To: "Zulkifli Hamzah" <[EMAIL PROTECTED]>
Hi,
Just an opinion:
1)
" .. test'll demonstrate the presence of bug, not the absence ... "
--- quoted anonymous.
2) By using standard algo., one can be assure that at least minimal attempts
have been executed to find the weakness.
Best Regards,
ZulH
zul_hATleapfrogDOTcomDOTmy
(replace the AT, DOT)
Anyway, what would you think of an algorithm with highly secure key of
3000 or 10000 bits ? (compared to 56-bit key in DES).
Isnt that really secure ?
The only trade-off is the speed....
Matthew Bennett wrote in message
<7huvnf$7e7$[EMAIL PROTECTED]>...
>Hi,
>
>Since I've had no response to my previous posting, I assume getting an
>independent strength analysis of an "un-tested" encryption method is not
>simple enough to be done casually by someone.
>
>As an independent test of the encryption strength of files outputted by my
>program is required for an interested company, I would be very grateful for
>any information people in this newsgroup might be able to offer. Does
>anyone know of a link/e-mail to someone that would be prepared to offer
such
>an analysis. I assume they will ask for a fee, so any likely idea of cost
>would also be appreciated. Please bear in mind that I am a programmer, not
>an encryption expert, so I know very little of this subject. I do however
>believe the encryption produced by my program is secure, though
>understandably this company would rather have an independent test performed
>on the encrypted files produced.
>
>Like I have said, any information would be a great help - though obviously
>an actual "encryption strength analysis" contact is mainly what I am
looking
>for. I am sure I am not the only one who has needed such a service!
>
>
>Best regards,
>
>
>Matthew Bennett
>DataCloak author
>http://www.btinternet.com/~bennett/datacloak.html
>
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Can Somebody Verify My DES execution?
Date: Thu, 20 May 1999 06:19:14 GMT
Cryptlib has a bunch of test vectors. You should be
able to find it at:
http://members.xoom.com/InfoSysSec/software.html
- Jeff
--
Author, Programming Mobile Objects with Java
[ It's NOT a mobile agents book, dang it! ]
http://www.DistributedObjects.com
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
Date: Fri, 14 May 1999 09:43:59 +0100
From: David Crick <[EMAIL PROTECTED]>
Subject: Re: Strength of PGP 1.0 conventional block cipher?
David Crick wrote:
>
> Well I now have possesion of something which calls itself PGP 1.0 :)
>
> Public key length options are 286, 510 or 990 bits, hashing is MD4,
> compression is LZHuf and conventional encryption is an enhancement
> of "Charles Merritt's algorithm".
>
> I just wondered how secure the latter is ~8 years on. Has it held
> up, or is it an interesting exercise for budding cryptologists?
I hasten to add that I'm interested in attacks other than brute
force!
--
+-------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] http://members.tripod.com/~vidcad/ |
| Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
| PGP Public Keys: 2048-bit RSA: 0x22D5C7A9 4096-DH/DSS: 0x87C46DE1 |
+-------------------------------------------------------------------+
------------------------------
From: "Michel Bouissou" <[EMAIL PROTECTED]>
Subject: Re: Looking for ScramDisk/PGPDisk user experiences
Date: Thu, 20 May 1999 11:11:43 +0200
Sundial Services a écrit dans le message
<[EMAIL PROTECTED]>...
>We are acquiring a laptop computer that will carry working-copies of
>source-code to our software products ... the crown jewels of our
>kingdom, obviously, and we need to be certain that this material will be
>safe from disclosure even if the computer itself takes someone else's
>flight.
>
>This sounds like an obvious application for ScramDisk or PGPDisk, which
>would allow us to secure the important materials on the drive so that
>they would be worthless to a thief.
Scramdisk will be excellent for that purpose.
--
Michel Bouissou <[EMAIL PROTECTED]> DH/DSS ID: 0x80DBBD8F
Protégez votre correspondance avec PGP: http://come.to/pgpenfrancais
Participez depuis chez vous à la recherche d'une intelligence
extra-terrestre!: http://setiathome.ssl.berkeley.edu/
------------------------------
From: [EMAIL PROTECTED] (Vernon Schryver)
Subject: Re: Biprime Cryptography, Part II
Date: 19 May 1999 15:47:45 -0600
In article <7hv11j$rcn$[EMAIL PROTECTED]>,
David A Molnar <[EMAIL PROTECTED]> wrote:
>John Savard <[EMAIL PROTECTED]> wrote:
>> The alternative to it, whose patent has already expired, can be termed
>> the MEPG algorithm (Mutual Exponent Product Generation), a special
>
>Please not this particular acronym. It's too close to MPEG and it's
>hard to pronounce.
More to the point, it is a waste of time to try to sweep back the ocean.
RSA encryption will always be called RSA encryption in common speech,
regardless of what RSA Data Security, Inc. or anyone else prefers,
proposes, demands, litigates, suggests, or lobbies, just like "bandaid,"
"klenex," and "jello".
A case study of the difficulties of fighting popular names is in MLPPP
and MPPP. The official name of the protocol defined by RFC 1990 and RFC
1717 is "MP", as in the title of the RFC's, "The PPP Multilink Protocol
(MP)." What do most people use? "MP" is at best third most common. MPPP
is the name of a proprietary marketing chimera of dubious utility from an
equipment vendor. MLPPP is probably a better name invented by people
outside of the IETF working group who never read the drafts of the RFC
and popularize by the hordes trade rag consultants and equipment
salescritters who couldn't find an authoritative copy of an RFC if you
spelled w-w-w-dot-r-f-c-dash-e-d-i-t-o-r-dot-o-r-g for them.
At worst, commercial outfits selling RSA encryption might need to talk
about "Encryption compatible with RSA** Encryption ... **copyright RSA
Data Security, Inc." instead of "RSA Encryption." Besides, have any
lawyers looked at how RSA has used "RSA"? Isn't it true that unless they
almost always used it in the right form (capitalization, not as an
adjective, etc), it's already a generic term? (If you've worked for a
big outfit, you know how extremely picky the company lawyers are about
public text containing company trademarks. Looking at the FAQ on
www.rsa.com, I see many uses of "RSA" whose equivalents of other names
would have had company landsharks of my acquaintance frothing--but I don't
understand trademark law.) If RSA Data Security, Inc. does manage to
trademark "RSA" meaning the algorithm, couldn't a competitor use "Rivest
Shamir Adleman encrpytion" or something similarly similar in its documents,
and let the general public continue to use "RSA"?
--
Vernon Schryver [EMAIL PROTECTED]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Little Irish girl's algorithm?
Date: Thu, 20 May 1999 11:45:49 +0200
Nemo999 wrote:
>
> I think her name was supposed to be Flannery and I couldn't find anything on
> it. I'm happy I can stop looking for it since its a fake story.
The German Computer Zeitung reported sometime back that she will
present a paper on her method in Crypto 99.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: where can i find a frequency list?
Date: Thu, 20 May 1999 11:54:52 +0200
Patrick Juola wrote:
>
>
> Easy enough to roll your own.
To write a program is trivial. But to get the material (and the
resources) is another matter.
>
> And, I suspect, not the stuff that you would find published tables
> for (or find them to be any use if someone *were* fool enough to
> publish such a table).
>
> In general (and vastly oversimplified), most of the "high frequency"
> stuff in linguistic distributions is general, language-specific but
> not document-specific information. For example, the most common words
> in almost any English document of interest are words like 'the' and 'of';
> high-frequency, low-meaning "function words."
>
> When you subtract out the high frequency digraphs, you'll be left with
> the underlying distribution of the low(er) frequency words in the
> document of interest, which tend to be very strongly associated with
> the content and register of the document. So the words that are moderately
> common in (e.g.) a Ph.D. dissertation will have little to do with the
> words that are moderately common in an issue of _Sports Illustrated_;
> furthermore, the January _Sports Illustrated_ may well have little to
> do with the July _SI_ as the content will have changed so radically.
>
> This *might* be an interesting way to do document classification -- but
> the cryptographic applications are limited.
I am interested to know by how much the frequency distribution
of single characters changes through the subtraction for exactly
the same source materials from which the published tables were
obtained.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: looking for independant encryption strength analysis
Date: Thu, 20 May 1999 02:15:03 -0600
In article <7i08fm$avf$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> " .. test'll demonstrate the presence of bug, not the absence ... "
> --- quoted anonymous.
Mildly misquoted, but really due to Edgser Dijkstra.
> Anyway, what would you think of an algorithm with highly secure key of
> 3000 or 10000 bits ? (compared to 56-bit key in DES).
> Isnt that really secure ?
> The only trade-off is the speed....
It depends on the algorithm -- DES is reasonably secure using a 56-bit
key because it's a well-designed algorithm. In the time DES has been
in use, MANY algorithms with larger keys have been found to be much
less secure. Just for example, DES was based on Lucifer, which used a
128-bit key, but has since been found to be considerably less
resistant to attack via differential cryptanalysis.
The size of the key primarily governs the difficulty of a brute-force
attack. If the algorithm isn't well designed, there may be an attack
that is substantially easier than brute-force.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Biprime Cryptography, Part II
Date: Thu, 20 May 1999 12:17:36 +0200
John Savard wrote:
>
> During the year 2000, the patent on the encryption system devised by
> Drs. Rivest, Shamir, and Adleman will expire. As the common name of
> that encryption system is also part of the name of the company owning
> the patent, this name may be subject to trademark protection.
>
> So some people were looking for another name for that particular
> public-key algorithm.
Simple: Any permutation of the three characters.
M. K. Shen
------------------------------
From: Bo Lin <[EMAIL PROTECTED]>
Subject: Re: RSA Q: If I have e, phi(n) - d and n, can I recover d?
Date: Thu, 20 May 1999 10:57:11 +0100
M = (C^-1)^A mod N since A = -d mod phi(N).
Paul Rubin wrote:
> In article <7i030k$647$[EMAIL PROTECTED]>,
> Dean Povey <[EMAIL PROTECTED]> wrote:
> >Hi all,
> >
> >I have a question regarding RSA keys. Is it possible to give away
> >phi(n) - d in addition to the usual e and n without being able to recover
> >d or phi(n)?
>
> ed = 1 mod phi(n), where e is the (known) public exponent.
> Let A=phi(n) - d. Then eA = e*phi(N) - ed = -1 mod phi(N).
> So B=eA + 1 is a multiple of phi(N). Find D so that eD = 1 mod B
> and you have a decryption exponent.
>
> What on earth possessed you to want to give away phi(n) - d???
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
