Cryptography-Digest Digest #590, Volume #11 Fri, 21 Apr 00 02:13:01 EDT
Contents:
Re: The Illusion of Security ("Rich Ankney")
Re: pollard-rho for polynomials (lordcow77)
Re: Requested: update on aes contest (Tom St Denis)
Re: pollard-rho for polynomials (Tom St Denis)
Re: pollard-rho for polynomials (Tom St Denis)
Re: $100 Code Challenge - I BROKE the code!!!!! Here's the plaintext as proof
(conman)
Re: Requested: update on aes contest ("Adam Durana")
Re: Requested: update on aes contest (Terry Ritter)
Re: Data Encryption in Applet? (Abid Farooqui)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Anthony Stephen Szopa)
Re: Requested: update on aes contest (Terry Ritter)
Re: $100 Code Challenge - I BROKE the code!!!!! Here's the plaintext as proof
(mindlag)
Q: complementation priority of DES (J)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Anthony Stephen Szopa)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Anthony Stephen Szopa)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Anthony Stephen Szopa)
Re: password generator ("Joseph Ashwood")
----------------------------------------------------------------------------
From: "Rich Ankney" <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Thu, 20 Apr 2000 20:25:28 -0400
I think the proper term is *troll*. Shit, I hope this isn't the moronic
Szopa again...
Tom St Denis wrote in message <[EMAIL PROTECTED]>...
>This is a joke right?
>
>Tom
>
>[EMAIL PROTECTED] wrote:
>>
>> All Product ciphers based on DES and the Feistel Network can be broken
>> without an Exhaustive Key Search.....
>>
>> The secret lies in the Non Linear F Function...This can be decomposed
>> into Algebraic Linear Primitives...and the Key can be recovered
>> relatively easily...The Backdoor Function...
>>
>> The illusion that the Strength of an Algorithm is in the Key length is
>> just that...an illusion....with detailed knowlage of the algorithm,
>> Algebraic decomposition is possible with no significant computing
>> power requirements...
>>
>> This is the biggest disinformation in history...all Public
>> Product Ciphers are week and vulnerable...
>>
>> Public Key systems based on Large Primes are also breakable without an
>> exhaustive key search....
>>
>> It has been calculated that a 500 bit RSA key will take 20 seconds to
>> break on a supercomputer......
>>
>> Sent via Deja.com http://www.deja.com/
>> Before you buy.
------------------------------
Subject: Re: pollard-rho for polynomials
From: lordcow77 <[EMAIL PROTECTED]>
Date: Thu, 20 Apr 2000 17:12:58 -0700
A probabilistic algorithm for factoring polynomials would
essentially be a waste of time unless it could do this task much
more rapidly than the best existing algorithms, which are very
good indeed. The classical Berlekamp deterministic algorithm can
do this in cases where the underlying field of the polynomial is
small. Even when this field is large, there are many randomized
algorithms which work very well in practice (Cantor-Zassenhaus
comes to mind). For arbitrary univariate polynomials, the best
method is probably to transform the polynomial into a square-
free one, factor it modulo a well chosen small prime, and
perform Hensel lifting of the result, followed by a search for
the factors which is performed heuristically. The Pollard Rho
style algorithm that you have presented will not be more
efficient than these; polynomial factoring is not nearly as a
difficult a problem as the factoring of arbitrary integers.
Moreover, (x+1) would not be a good choice for the iterant in
your Pollard Rho variation, not that it is even a "basis" for
any imaginable space that one would be interested in. Why do you
believe it to a basis for the general space of all polynomials
of a given order? Do you know what the definition of a basis is?
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Requested: update on aes contest
Date: Fri, 21 Apr 2000 01:00:08 GMT
Bruce Schneier wrote:
>
> On Wed, 19 Apr 2000 18:22:32 -0400, "Trevor L. Jackson, III"
> <[EMAIL PROTECTED]> wrote:
> >I know that you have stated that you are opposed to multiple selections.
> >Would your position on this issue be influenced by a pair of selections
> >distinguished by performance? Say Twofish or RC6 as primary, and R++ as
> >secondary?
>
> No. One standard. Only one. Not two. One.
So the concensus is one standard?
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: pollard-rho for polynomials
Date: Fri, 21 Apr 2000 01:00:47 GMT
Paul Rubin wrote:
>
> In article <[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> >Has it ever been discussed in academia to use the pollard-rho method to
> >factor polynomials? I tried it out during english (I was bored, let's
> >say Hamlet is not all that interesting....). I factored
>
> There are already perfectly good deterministic algorithms for factoring
> polynomials. It's a much easier problem than factoring integers.
Call it fooling around. I don't know the other "well-known" methods
primarly because it's not taught in my school. So I am reaching here.
Cheers,
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: pollard-rho for polynomials
Date: Fri, 21 Apr 2000 01:02:34 GMT
lordcow77 wrote:
>
> A probabilistic algorithm for factoring polynomials would
> essentially be a waste of time unless it could do this task much
> more rapidly than the best existing algorithms, which are very
> good indeed. The classical Berlekamp deterministic algorithm can
> do this in cases where the underlying field of the polynomial is
> small. Even when this field is large, there are many randomized
> algorithms which work very well in practice (Cantor-Zassenhaus
> comes to mind). For arbitrary univariate polynomials, the best
> method is probably to transform the polynomial into a square-
> free one, factor it modulo a well chosen small prime, and
> perform Hensel lifting of the result, followed by a search for
> the factors which is performed heuristically. The Pollard Rho
> style algorithm that you have presented will not be more
> efficient than these; polynomial factoring is not nearly as a
> difficult a problem as the factoring of arbitrary integers.
> Moreover, (x+1) would not be a good choice for the iterant in
> your Pollard Rho variation, not that it is even a "basis" for
> any imaginable space that one would be interested in. Why do you
> believe it to a basis for the general space of all polynomials
> of a given order? Do you know what the definition of a basis is?
A basis is something that can represent any element of something...errr
like in three-space you have the standard basis vector (1, 1, 1). Every
point in three-space can be represented with it.
I figured (x + 1) would be the simplest such 'constant' or basis to add
in each itteration. I know simply '1' will not do since it doesn't
introduce any variables...
Any pointers on if my idea will work at all? I have tried it on a very
few and limited polynomials...
Tom
------------------------------
From: conman <[EMAIL PROTECTED]>
Subject: Re: $100 Code Challenge - I BROKE the code!!!!! Here's the plaintext as proof
Date: Fri, 21 Apr 2000 02:45:20 GMT
>>The following is a message encoded using a new routine I have designed.
>>The text is a written message in English. In order to test just how
>>strong the encryption is, I have posted it here for anyone interested
>>to try to crack it. The first person to successfully crack it will get
>>$100. Seriously, $100, no kidding.
I boke the amazing cipher. The plaintext reads:
====================================================================
Dear Mummy, Please send more money, I've decided to take super secret
double- oh- seven spy classes at night. My income from bagging
groceries at ZippyMart doesn't cover the weekly tuition. The classes
are really neato. They showed me how to use my free glow-in-the-dark
Turbo Ninja decoder ring to post encrypted challenges to usenet.
Nobody can figure out my special code. Life has suddenly become very
fulfilling. This is even better than having a girlfriend!
Sincerely,
Poindexter
================================================================
So I cracked your cipher..
Please mail a money order for US$100 (Seriously, $100, no kidding.) to
Ultra-Amazo Code Breakers Inc.
P.O. Box 0x4AC98F31
Dingleberry, North Dakota 31415-9265
(personal checks not accepted)
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: Requested: update on aes contest
Date: Fri, 21 Apr 2000 00:10:05 -0400
> A possible explanation. I think the more obvious one is that NIST
> asked them to give a presentation on why THEIR algorithm should be
> chosen. Adam Durana in a previous message actually said:
>
> "The greatest part of the whole conference was definitely the end,
> where a representative of each team had a chance to explain why
> his cipher is better than the others, it was fun."
Actually that wasn't me who said that. However this anonymous person seems
to raise the general issue I did in a post I made to this same thread, which
no one has replied to. There was something else I asked of Mr. Schneier and
other authors of AES candidates which I was really hoping to get a response
to. I asked if you could not choose your own submission then which one
would you like to see win? I think this would be quite revealing especially
if one cipher in particular was chosen by most.
- Adam
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Requested: update on aes contest
Date: Fri, 21 Apr 2000 04:21:00 GMT
On Thu, 20 Apr 2000 23:12:31 GMT, in <[EMAIL PROTECTED]>,
in sci.crypt [EMAIL PROTECTED] (Bruce Schneier) wrote:
>On Wed, 19 Apr 2000 18:22:32 -0400, "Trevor L. Jackson, III"
><[EMAIL PROTECTED]> wrote:
>>I know that you have stated that you are opposed to multiple selections.
>>Would your position on this issue be influenced by a pair of selections
>>distinguished by performance? Say Twofish or RC6 as primary, and R++ as
>>secondary?
>
>No. One standard. Only one. Not two. One.
Right. One standard. Consisting, for example, of every cipher not
yet explicitly broken.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Abid Farooqui <[EMAIL PROTECTED]>
Crossposted-To:
comp.lang.java.security,microsoft.public.java.security,comp.lang.java.programmer
Subject: Re: Data Encryption in Applet?
Date: Fri, 21 Apr 2000 04:13:25 GMT
Why not simply use SSL on your web server and limit the ciphers to 3A and 27
(on apache). These are strong ciphers DES3 etc. Put the applet on a SSL
protected page and then the applet will be downloaded with your secret key
being sent in an encrypted fashion and thus allowing you the flexibility to
generate the secret key on the server.
Abid Farooqui
[EMAIL PROTECTED] wrote:
> Hi
>
> I am looking for a way to encrypt data through an applet using symmetric
> (or asymmetric) encryption. I thought of sending an applet containing a
> symmetric key to a client. This is key is to perform encryption on some
> data on the client side. Anybody has any idea how to do this in Java or
> has any source codes in Java?
>
> Thanks in advance
>
> Greg
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Thu, 20 Apr 2000 22:06:20 -0700
Tom St Denis wrote:
>
> Anthony Stephen Szopa wrote:
> > You insist on knowing what you are talking about. And here I will
> > prove you do not: the software says explicitly that it is
> > recommended that all user input be true random numbers, etc.,
> > and two methods are suggested:
> >
> > 1) number beans and place them in a bottle and shake them up then
> > withdraw them one at a time and this will be your input sequence
>
> That's a bad idea. If you start with say just '0' and '1' on the
> beans. Well if you had 50 to start (25 '0' and 25 '1') if you pull a
> '0' out you are now more likely to pull a '1' out next. So that type of
> 'rng' is flawed because it becomes biased.
>
> You should have added "and place the bean back when you are done".
>
> > 2) use a deck of cards with the two jokers. Add two jokers from
> > another deck and label each one with one of the four suits giving
> > a deck of 56 cards with 14 cards in each suit with the jack, queen,
> > king, joker representing the 11, 12, 13, & 14. Shuffle this deck
> > and then peel off one card at a time from the top of the deck and
> > place each card in a pile according to suit. You will then have
> > four 14 number sequences that can be used for input, etc.
> >
> > Did you not read the Help Files?
> >
> > Obviously not.
>
> Well "help files" should turn into "credible academic project". Make
> your information more presentable (and mature) and people will take you
> seriously.
>
> > I think you are pathetic to present yourself as a credible poster
> > when you clearly do not know what you are talking about.
>
> And you want positive feedback when you make comments like this? What
> do *we* *owe* you?
>
> Tom
You still don't know what you are talking about.
You are not drawing random digits / numbers from the bottle of
numbered beans, you are drawing random number sequences of the
numbers 1 - 14.
You say you are in high school?
Is it a high school for morons?
You apparently still have not read the Help Files and certainly
not retained the most basic facts given in them, you think you know
something yet consistently prove you know nothing.
Then you have the nerve to critique my Help Files as being
inadequate, and you have the ridiculous audacity to tell me to
make them more presentable and mature while you are a blithering
knuckle head.
You have never offered any factual support for even one of your
positions. You can't even write a coherent paragraph. You might
as well forget about going to a university.
You are now in the permanent kill file.
You couldn't give any positive feed back if your life depended on it.
Who in their right mind would waste anymore of their time with such
a jerk?
Not I.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Requested: update on aes contest
Date: Fri, 21 Apr 2000 05:11:27 GMT
On Fri, 21 Apr 2000 00:10:05 -0400, in
<xsQL4.634$[EMAIL PROTECTED]>, in sci.crypt "Adam Durana"
<[EMAIL PROTECTED]> wrote:
>[...]
>Actually that wasn't me who said that. However this anonymous person seems
>to raise the general issue I did in a post I made to this same thread, which
>no one has replied to. There was something else I asked of Mr. Schneier and
>other authors of AES candidates which I was really hoping to get a response
>to. I asked if you could not choose your own submission then which one
>would you like to see win? I think this would be quite revealing especially
>if one cipher in particular was chosen by most.
But will anyone be satisfied if most of the experts will testify that
the standard is a second-rate cipher?
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
Subject: Re: $100 Code Challenge - I BROKE the code!!!!! Here's the plaintext as proof
From: mindlag <[EMAIL PROTECTED]>
Date: Thu, 20 Apr 2000 22:05:37 -0700
Funny, I got that exact same message when I decrypted it. I
want my one hundred dollars.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: J <[EMAIL PROTECTED]>
Subject: Q: complementation priority of DES
Date: Fri, 21 Apr 2000 00:29:14 -0500
Hi...
Can you explain to me how I prove it ?
Thank you
J....
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Thu, 20 Apr 2000 22:27:57 -0700
Taneli Huuskonen wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In <[EMAIL PROTECTED]> Anthony Stephen Szopa
> <[EMAIL PROTECTED]> writes:
>
> [...]
> >Table 1 -
>
> >Usg IIP MixFile1 MixFile2 MixFile3 Digit
> >5 8 6327491805 5382460791 1352094678 9
> >1 3 7246301598 6153704298 7801354926 3
> >6 5 7845069213 4019682573 2184065379 4
> >2 9 1904735268 4273860915 8670159423 7
> >4 1 0819374256 6421935087 9710324865 9
> >3 7 3145682790 8601534279 8523419670 4
> >1 2 1495638027 4139708562 8642375190 4
> >4 0 6712958403 9152743860 7618943205 5
> >6 4 1093865724 6491830725 2705941368 6
> >2 6 8610273495 3091268475 1846327095 8
> >5 8 7568421390 6729480531 0876925413 8
> >3 1 9310845672 0567483192 0835974162 9
>
> >Usg = usage
> >IIP = initial index pointer
>
> Usg IIP MixFile1 MixFile2 MixFile3 Digit
> 1 8 6327491805 5382460791 1352094678 9
> 2 3 7246301598 6153704298 7801354926 7
> 3 5 7845069213 4019682573 2184065379 1
> 4 9 1904735268 4273860915 8670159423 3
> 5 1 0819374256 6421935087 9710324865 0
> 6 7 3145682790 8601534279 8523419670 6
>
> Taneli Huuskonen
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 5.0i for non-commercial use
> Charset: noconv
>
> iQA/AwUBOP7aE1+t0CYLfLaVEQIHUwCfVX4MwuwPnlYto8AJW4iZYItupEIAniEv
> BsuX8t0/6YeuufEKHuaOytQ1
> =3O5z
> -----END PGP SIGNATURE-----
> --
> I don't | All messages will be PGP signed, | Fight for your right to
> speak for | encrypted mail preferred. Keys: | use sealed envelopes.
> the Uni. | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
You obviously don't have a clue what a table is for or what you are
looking for in this table or what you need to reply to let me know
that you "get it."
When I release OAP-L3 Version 4.3 I will make available the paper I
wrote explaining the fundamentals upon which Version 5.0 will be
based. This table will be included, of course.
Also note that you have misrepresented the random number generator
when you say the random digit generator in OAP-L3 is not
cryptologically secure.
You have chosen one part of the random number generator and made
this claim. The entire random number generator process results
in the random numbers contained in the OTPs, and not the random
digits from the MixFile process you address.
I entertained you when you suggested that you could predict
subsequent digits from the MixFile process you referred to to
see where it would lead.
Your requirements to do this only prove that the entire random number
generator process IS secure and here is why.
There is only one legitimate test for determining the security of
encryption software: this test is that the cracker needs to know
all about the encryption software's inner workings, the cracker
needs to have a substantial amount of plain text, and the
corresponding encrypted text. From this knowledge and this
information the cracker must crack all encrypted messages.
You are only asking essentially for the key to the MixFile / random
digit process and then trying to predict subsequent random digits.
You want this key (once removed) and expect someone to believe you
have cracked this process then you leap to the conclusion that the
entire random number generator / generation is flawed.
You are not in my kill file but I will only reply to honest and
intelligent posts from you in the future.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Thu, 20 Apr 2000 22:40:54 -0700
James Felling wrote:
>
> Anthony Stephen Szopa wrote:
>
> > James Felling wrote:
> > >
> > > > <Gigantic snip of epic proportions>
> > > >
> > > > You don't know what you are talking about.
> > > >
> > > > You cannot even describe the process of how the final OTPs are
> > > > created from start to finish.
> > >
> > > I can post the materials from your website which I have reviewed extensively.
>This certianly
> > > skirts the line as to describing clearly, but if it passes for you, I guess it
>will have to
> > > pass for me.
> > >
> > > >
> > > >
> > > > OAP-L3 has no bias because I say so,
> > >
> > > First good reason to doubt your credibility.
> > >
> > > > AND because I have provided
> > > > a solid and sound argument why, in the Theory and Processes Help
> > >
> > > > Files available at http://www.ciphile.com
> > >
> > > No, you have not provided a "solid and sound argument why" what you have
>provided is a very,
> > > very complex algorithim that does in many steps what most algorithims do in a
>few, and still
> > > have not explained how with the artifact laden Mix files one may generate clean
>OTPs.
> > >
> > > >
> > > >
> > > > There is no more bias in the OTPs from OAP-L3 than there are from
> > > > picking true random numbers since the recommended use requires
> > > > that the user input true random numbers when choosing what
> > > > processes to run and what input parameters to use in each process.
> > > > True random numbers in: true random numbers out. This should be
> > > > a no brainer.
> > >
> > > Really? Your logic is flawed at at least two points
> > >
> > > 1) People are lousy pickers of "true random numbers" -- we tend to pick
>favorites, and to
> > > avoid certian patterns and select other "more random looking ones" -- hand
>generated OTPs
> > > were an insecure point in many early code departments.
> > >
> > > 2)A simple example of the falehood of random numbers in, random numbers out. -
>If I write a
> > > program and ask for a random number, and whatever I do my program outputs the
>number 4867,
> > > then what I have is "random numbers in, single number out" -- while I do not
>claim that your
> > > program is flawed in any similar manner, just because I imput some random
>numbers, and do some
> > > calculations based on them all it means is that my program is at MOST as random
>as its inputs,
> > > and in many cases it means that my program is less random than its inputs.
> > >
> > > >
> > > >
> > > > I have supported everything I have said here in this news group
> > > > and in the Help Files available at my web site. None of you have
> > > > supported anything you have said.
> > >
> > > Your RNG ( used to generate your mix files) has a definite and obvious flaw that
>should be
> > > visible to anyone who has ever taken a serious look at it. There are points
>where the 10
> > > digit permutation("scramble" may be easily masked out of the generated data, and
>given since
> > > that is no longer there, attacks versus the "Mix", "redistribute" and "scramble"
>are easily
> > > available. If you do not know of what I speak, ask, and I will gladly provide
>further more
> > > information. True this is a minor flaw( one of many), and as you have setup
>your code data
> > > under it is reasonably secure, but if 5 minutes of analisys of your mix file
>generation gives
> > > this, what other flaws lurk? Let me say this now "your algorithim is secure--
>at least versus
> > > me", but I do not feel that the level of security it gives is close to that of
>much easier to
> > > use programs, nor do I feel that it provides any premium in any way versus
>existing free
> > > software such as PGP.
> > >
> > > >
> > > >
> > > > Mr. Huuskonen claims that the current implementation of the random
> > > > digit generator is not cryptologically sound.
> > >
> > > True.
> > >
> > > > Have any of you
> > > > asked Mr. Huuskonen if the output from the random digit generator
> > > > is used to encrypt messages?
> > >
> > > No it is not, at leas not directly. It is not used to encode in the same way
>that in a car
> > > with power steering, turning the steering wheel does not actually move the
>wheels, it moves
> > > something which in turn makes something else move the wheels. -- the RNG is used
>to make
> > > things that are processed to make other things, that are combined with other
>things, which
> > > eventually after many steps, produces the output.
> > >
> > > > No, none of you have. This is
> > > > because none of you knows what they are talking about.
> > >
> > > We aren't the only people in this discussion that don't seem to know what they
>are talking
> > > about.
> > >
> > > >
> > > >
> > > > The output from the random digit generator is not used to encrypt
> > > > messages in OAP-L3.
> > >
> > > Semi-true
> > >
> > > > And there is no way Mr. Huuskonen or anyone
> > > > else is going to get the extensive secret data required to attempt
> > > > an analysis as he has proposed.
> > >
> > > Probably true, unless OAP-L3 goes into general use.
> > >
> > > > If one could, they would also have
> > > > access to the key and or the OTPs themselves, and would not waste
> > > > the time attempting such an analysis.
> > >
> > > Umm, real breaks of real cyphers are generally done by testing and eliminating
>possible
> > > guesses -- this analisys is precisely the sort that would be done to aquire such
>data.
> > >
> > > > So the idea that the random
> > > > digit generator is not cryptologically sound is a statement with no
> > > > implications to the security of OAP-L3 software as currently
> > > > implemented.
> > >
> > > Try "minimal" unless, of course, it is actually used to encrypt real quantities
>of data.
> > >
> > > >
> > > >
> > > > I guess it is like they say in Orange County, California:
> > > >
> > > > "If you don't get it: you don't get it."
> > >
> > > And you sir, don't get it.
> >
> > You insist on knowing what you are talking about. And here I will
> > prove you do not: the software says explicitly that it is
> > recommended that all user input be true random numbers, etc.,
> > and two methods are suggested:
> >
> > 1) number beans and place them in a bottle and shake them up then
> > withdraw them one at a time and this will be your input sequence
> >
> > 2) use a deck of cards with the two jokers. Add two jokers from
> > another deck and label each one with one of the four suits giving
> > a deck of 56 cards with 14 cards in each suit with the jack, queen,
> > king, joker representing the 11, 12, 13, & 14. Shuffle this deck
> > and then peel off one card at a time from the top of the deck and
> > place each card in a pile according to suit. You will then have
> > four 14 number sequences that can be used for input, etc.
>
> Simply put, such methods were used to hand generate OTPs in the specific example I
>gave you. The
> problems you will run into is that people will deliberately subvert such processes,
>or not shuffle
> sulficiently.
>
> In addition I note that you have chosen to respond to only one of the two points I
>have raised.
>
> >
> >
> > Did you not read the Help Files?
> >
> > Obviously not.
> >
> > I think you are pathetic to present yourself as a credible poster
> > when you clearly do not know what you are talking about.
An automobile will crash if the operator does not drive according
to instructions and safety procedures.
A secretary will not be able to type the bosses correspondence on
her word processor if the word processor instructions are not
followed.
OAP-L3 is not secure if you do not follow recommended usage. Yes,
that is correct.
What have you offered here of any value?
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Thu, 20 Apr 2000 22:32:51 -0700
"Douglas A. Gwyn" wrote:
>
> Anthony Stephen Szopa wrote:
> > This is all so richly comical.
>
> That's because instead of conducting a technical dialogue,
> you're just insisting that you're right and everybody else
> is intellectually dishonest. And instead of explaining
> the principles in terms that would make sense to a working
> cryptologist, you simply direct us to figure it out
> ourselves from the "help files". How about treating this
> as a genuine technical discussion? For example, tell me
> why my observation (based on examining the "help files")
> that at least one of the three columns of generated "mix"
> could be recovered by chaining is flawed (as you claimed).
> I suspect that most cryptologists will have no real
> interest in your system if their concerns are not addressed
> in good faith.
Real cryptologists understand my Help Files.
See my post to Mr. J. Felling's post.
If the shoe fits...
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: password generator
Date: Thu, 20 Apr 2000 22:49:49 -0700
Unfortunately, while I was gone strange thigns happened and
my computer ended up powered down (with no output). I'll try
again tomorrow.
Joe
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
