Cryptography-Digest Digest #616, Volume #11 Tue, 25 Apr 00 11:13:01 EDT
Contents:
Re: OAP-L3: Semester 1 / Class #1 All are invited. ("Douglas A. Gwyn")
Re: OAP-L3: Semester 1 / Class #1 All are invited. ("Douglas A. Gwyn")
Re: Szopa: troll or snake-oil salesman? ("Douglas A. Gwyn")
Re: factor large composite (DJohn37050)
Re: factor large composite (Steve Roberts)
What does XOR Mean???!!! ("Austin Locke")
Re: What does XOR Mean???!!! (Tom St Denis)
Re: GOST related key attack ([EMAIL PROTECTED])
Re: What does XOR Mean???!!! (Mel Yorkian)
Re: OAP-L3: Semester 1 / Class #1 All are invited. ("Trevor L. Jackson, III")
Re: factor large composite (Scott Contini)
Re: new Echelon article (Diet NSA)
Re: new Echelon article ("Trevor L. Jackson, III")
Re: new Echelon article (Diet NSA)
Re: new Echelon article (Diet NSA)
Re: papers on stream ciphers (Richard Parker)
Re: CAST (Richard Parker)
Re: The Illusion of Security ("Joseph Ashwood")
Re: S-BOXES ("Joseph Ashwood")
Re: papers on stream ciphers ("Joseph Ashwood")
Re: new Echelon article (biugung - OG, original gog)
how many bases? ([EMAIL PROTECTED])
Re: Brute force (was Re: Why is this algorithm insecure?) (Richard Heathfield)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Mon, 24 Apr 2000 00:47:45 GMT
"Trevor L. Jackson, III" wrote:
> Please support your claim that "real cryptologists" understand your
> help files by providing the names of at least two who will confirm
> your claim.
You're wasting effort on this. Clearly from the context, what he
meant was that "real cryptologists" *should* understand his help
files, or in other words, if his help files don't make sense to
you then the fault must be yours..
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Mon, 24 Apr 2000 00:56:32 GMT
Anthony Stephen Szopa wrote:
> In order to solve a problem that contains variables, you must not
> only have a method but you must also have inputs for these method
> variables.
> What exactly will be the inputs to your hypothetical method? Where
> will they come from? How much input data will you need?
> Short of breaking into your opponents computer, bugging this computer,
> etc., the accepted answer to this question is: the cracker only has
> substantial plain text and the corresponding encrypted text as well as
> complete knowledge of the encryption software / process(es).
> What exactly are you assuming here regarding OAP-L3?
Just as you state, except weaker: a known-plaintext attack against
the known system.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Szopa: troll or snake-oil salesman?
Date: Mon, 24 Apr 2000 01:11:42 GMT
"NFN NMI L. a.k.a. S.T.L." wrote:
> <<Mine is proudly in the list becuase>>
> .... you're a quack.
While D.Scott sure has sounded like a paranoid quack,
he actually has proposed some apparently original ideas
that have merit. (Although, in my opinion, not enough
merit to make systems that don't incorporate them
dramatically inferior.)
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: factor large composite
Date: 24 Apr 2000 01:32:02 GMT
Yes, you need to be very specific about what properties the number has (e.g.,
composed of 2 primes or what), assume the adversary knows the formula for how
it was generated (but not the seed) how it will be used and perhaps misused in
crypto, etc.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (Steve Roberts)
Subject: Re: factor large composite
Date: Mon, 24 Apr 2000 02:00:37 GMT
Richard Heathfield <[EMAIL PROTECTED]> wrote:
>EP847 wrote:
>>
>> Can anyone tell me what the fastest method of factoring a 2048 bit RSA key is
>> ( i know the time will be *very* long )
>> thank you
>
>The fastest method is to ask the guy who originally designed the key
>what its factors are. Seriously.
>
>If he won't tell you, you can resort to bribery, I suppose. Naturally, I
>stop short of recommending rubberhosing.
>
.... and if s/he won't be bribed, or may tell you the wrong answer,
you can simply read the factors from the computer storage or
reverse-engineer the software that uses them. And then you can be
sure you have the right answer. It may be difficult to get at the
computer to do this, but it's much easier than factoring the damn
thing any other way.
Steve Roberts
------------------------------
From: "Austin Locke" <[EMAIL PROTECTED]>
Subject: What does XOR Mean???!!!
Date: Mon, 24 Apr 2000 02:29:34 GMT
I am trying to do a project on cryptography, but nowhere can I find out what
XOR means. Someone?
Austin
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: What does XOR Mean???!!!
Date: Mon, 24 Apr 2000 02:36:12 GMT
Austin Locke wrote:
>
> I am trying to do a project on cryptography, but nowhere can I find out what
> XOR means. Someone?
>
XOR is short for Exclusive Binary Or (or simply addition modulo 2, or
addition without carry, etc...).
i.e
0 xor 0 = 0
0 xor 1 = 1
1 xor 0 = 1
1 xor 1 = 0
Tom
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: GOST related key attack
Date: Mon, 24 Apr 2000 02:42:50 GMT
In article <8dv8rm$ut3$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David A. Wagner) wrote:
> Good point.
>
> But it may be worth pointing out that these keys are also weak
> in another sense: encryption is the same as decryption (up to
> possibly a swap of the halves of the block). This weakness may
> be more of a practical concern than related-key attacks.
>
> Actually, I think any of the 2^128 keys of the form ABCDDCBA has
> this "encryption = decryption" property, and this is an even more
> general class of weak keys.
>
Sir,
I remember reading about this 'involution' property in your "Advanced
Slide Attacks".
You are correct about practicality. A small class of related key hardly
seems worth worrying about. It seems like I have seen several papers
that say GOST is immune to subkey rotation, however. In general this
appears to be true but GOST is not totally immune. Yet another good
example of why a simple linear key schedule should be avoided.
Apparently, the designers of DES knew about this type of attack more
than twenty years ago.
--Matthew
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Mel Yorkian)
Subject: Re: What does XOR Mean???!!!
Date: Mon, 24 Apr 2000 03:20:56 GMT
"Austin Locke" <[EMAIL PROTECTED]> wrote:
>I am trying to do a project on cryptography, but nowhere can I find out what
>XOR means. Someone?
The exclusive-or function is true if A is true or B is true, but not both.
Another way of saying it is that the function is true if A and B are
different, but false if they are the same.
Here's an example of the XOR function used to encrypt a byte of data:
Plain text = 10110110
Encryption key = 01101101
Encrypted text = 11011011
Here's how the XOR function is used with that same encryption key to
decrypt the data:
Encrypted text = 11011011
Encryption key = 01101101
Decrypted data = 10110110
--
"Mel Yorkian" is actually 0761 983245 <[EMAIL PROTECTED]>.
012 3456789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
Date: Sun, 23 Apr 2000 23:56:36 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
"Douglas A. Gwyn" wrote:
> "Trevor L. Jackson, III" wrote:
> > Please support your claim that "real cryptologists" understand your
> > help files by providing the names of at least two who will confirm
> > your claim.
>
> You're wasting effort on this. Clearly from the context, what he
> meant was that "real cryptologists" *should* understand his help
> files, or in other words, if his help files don't make sense to
> you then the fault must be yours..
You're probably right.
Mea culpa, mea culpa, mea minima culpa.
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: factor large composite
Date: 24 Apr 2000 03:48:44 GMT
In article <[EMAIL PROTECTED]>,
Andrew Carol <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, DJohn37050
><[EMAIL PROTECTED]> wrote:
>
>> I think it goes without saying that this question of factoring depends
>> tremendously on how much "other" info is available. Is the 2048 number used
>> in
>> RW or RSA? If so, what is the public exponent? What was the seed? In
>> practise, MOST 2048 bit numbers can be factored, or at least split.
>> Don Johnson
>
>Most can be factored only because most have many, many small factors.
that is not true (see below).
>Sadly the ones choosen for RSA have only two factors which are quite
>large. It can certainly be factored, but only in time measured in
>years or decades.
>
>Oh well.....
It is not easy to factor a randomly chosen 2048-bit number (approx
617 digits). For example, the following probabilities come from
the well-known paper by Knuth and Trabb Pardo. These are asymptotic
probabilities - so there may be significant differences for "small" numbers.
With probability 1/2, the second largest prime factor of a randomly chosen
N is asymptotically at least N^0.21172 . This means that for a 2048-bit
number, the second largest prime factor will be at least 131-digits half
the time. The cofactor consisting of the second largest prime and
the first largest prime cannot be factored in reasonable time using
either ECM and NFS.
With probability 0.75, the second largest prime factor of a randomly chosen
N is asymptotically at least N^0.12191 . This means that for a 2048-bit
number, the second largest prime factor will be at least 76-digits three
quarters of the time. Unless you're extremely lucky to have the largest
and second largest primes to both be about 76-digits, this number is
probably not factorable using modern algorithms and technology. In the
case that you are extremely lucky, then it can be done with NFS in the
same order of computation time that was used for RSA-155.
In general, randomly chosen large numbers are difficult to factor. :-(
Scott
------------------------------
Subject: Re: new Echelon article
From: Diet NSA <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,alt.journalism.print,alt.journalism.newspapers
Date: Sun, 23 Apr 2000 20:50:05 -0700
In article <[EMAIL PROTECTED]>
, "Trevor L. Jackson, III" <
[EMAIL PROTECTED]> wrote:
>I defy you to name one way in which I am "helped" by the
government for which
>there is not a superior alternative available.
If you are an extreme isolationist, then
the gov't may not be helping you that
much, but otherwise see Doug Gwyn's
reply. In addition, there is highway
maintenance, funding for basic scientific
research, etc. I could give many examples
of useful contributions the gov't has made
such as the development of satellites
which are essential for today's wireless
communications, but first you might want
to learn something about history.
Whenever you use the internet you are
using a technology developed from
Arpanet which was initiated by the U.S.
military. Businesses often cannot take
the risks of funding certain types of
science & technology because the
potential pay-off may be too far away.
>Feasibility has little or no relation to equity or justice.
Often they are
>complements.
>
If you live in a (false) utopia, you might
be able to separate the ideals or
intentions underlying laws from the
practical realization of those same laws,
but not here in this world. The feasiblity
of defining realistic laws and enforcing
those laws is very important.
>
>The surveillance isn't the issue. The issue is who pays for it.
As we have already discussed, who else is
going to pay for it? The subset of citizens
that are ballerinas? Or, perhaps the
grocers?
>>
>> Personally, I only have to worry about my
>> privacy in regards to criminal activity,
>> not governmental activity.
>
>This is a naive perspective.
>
You seem more paranoid than I seem
naive. Realistically, what would the gov't
do to me? Are they planning to use
binoculars to spy on me when I'm in the
bathroom, waiting for me to make a
down*load* into the toilet ala "Austin
Powers: The Spy Who Shagged Me" ?
>The historical paranoia of the Russian culture will serve them
well. ;-)
Perhaps, but previously the Russian
people, on average, were so used to
surveillance, etc. that they became
fatalistic about it, kind of gave up, and
continued to let Communism oppress
them. The average life expectancy for a
male in Russia is no better than it was
100 years ago, a trend opposite of that in
more developed countries.
The Russian people didn't stand up to
their regime & now they're still suffering
the consequences. My town just had a big
225th anniversay celebration of the
Revolutionary War- when we overcame
British oppression and went on to
establish a real Constitution (which
Russia has only done recently). BTW, the
Russian military should stay the fuck out
of Chechnya and the Balkans. (During the
Cold War, when I visited Russia, we used
to throw shit at the tank and truck
convoys- aahhh, sweet memories).
" V hfdt afogx nfvw ufo axb (o)(o) " - Gtnjv
====================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Date: Mon, 24 Apr 2000 00:01:58 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: new Echelon article
"Douglas A. Gwyn" wrote:
> "Trevor L. Jackson, III" wrote:
> > I defy you to name one way in which I am "helped" by the government
> > for which there is not a superior alternative available.
>
> Courts (contract enforcement and dispute resolution).
> Military (defense against foreign aggression).
> Police (apprehending domestic criminals).
>
> Note of these is working as well as it could, but there is no
> superior alternative available.
This is a matter of (off topic) opinion, so I'll refrain from further comment.
> The really big problem with the really big current US government
> is that the populace has come to depend on it for forced
> reallocation of other people's resources, i.e. gangsterism.
Yes. But this dynamic is the essence of government. Big or little, it has a
characteristic aroma.
------------------------------
Subject: Re: new Echelon article
From: Diet NSA <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,alt.journalism.print,alt.journalism.newspapers
Date: Sun, 23 Apr 2000 21:45:10 -0700
In article <
[EMAIL PROTECTED]
net>, [EMAIL PROTECTED] wrote:
>The students had tough questions. "Will an agent's mission ever
be to
>kill somebody?" one asked.
Nowadays, the CIA wouldn't be stupid
enough to use its regular agents for
assassination, if they were going to
conduct such a mission. However, there
are confirmed cases of the CIA using its
agents to set up assassinations in the
past. Remember that Pavitt is addressing
*kids*, and he would probably have gotten
in trouble if he said things that were
inappropriate for children.
>"You tried very hard to kill Castro," piped up a boy.
>
>"Those were times that are long gone," Pavitt said. "It was
wrong
>then, in my mind, and it is wrong today."
If Pavitt has this same belief towards
tyrants like Hitler (e.g., Saddam Hussein)
then Pavitt is a fuckin' wuss- a pansy,
and a disgrace to the history of America.
How d'ya like my Easter spirit? If you
think my attitude stinks, then try
smelling my underwear.
another girl. "We're stealing from
>terrorists" and other national enemies, Pavitt said, to prevent
them
>from harming the nation.
What if the CIA is not stealing, but is
instead reading info which is supposed to
be private? It might be wrong for a kid to
read his sister's diary, but this is not the
same as actually stealing the diary and
running off with it.
" V hfdt afogx nfvw ufo axb (o)(o) " - Gtnjv
====================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: new Echelon article
From: Diet NSA <[EMAIL PROTECTED]>
Date: Sun, 23 Apr 2000 22:13:17 -0700
In article <[EMAIL PROTECTED]>
, "Trevor L. Jackson, III" <
[EMAIL PROTECTED]> wrote:
>
>
>"Douglas A. Gwyn" wrote:
>> Courts (contract enforcement and dispute resolution).
>> Military (defense against foreign aggression).
>> Police (apprehending domestic criminals).
>>
>> Note of these is working as well as it could, but there is no
>> superior alternative available.
>
>This is a matter of (off topic) opinion, so I'll refrain from
further comment.
>
Your village called. Their idiot is missing.
The above is not a matter of opinion, but
of fact. Perhaps you don't care that the
Allies won WWII, etc. but you *are* using
data networks to post to newsgroups, so
you might thank the U.S. Army for
initiating Arpanet in the first place.
>Yes. But this dynamic is the essence of government. Big or
little, it has a
>characteristic aroma.
>
>
Don't tell me- let me guess. This aroma is
a stinky one and you have some ingenious
proposal for how modern society can
function without taxation.
" V hfdt afogx nfvw ufo axb (o)(o) " - Gtnjv
====================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Richard Parker <[EMAIL PROTECTED]>
Subject: Re: papers on stream ciphers
Date: Sun, 23 Apr 2000 22:26:38 -0700
Tom St Denis <[EMAIL PROTECTED]> wrote:
> Looking for papers about stream ciphers. It seems block ciphers are the
> norm lately...
>
> Looking for prng/stream ciphers. Preferably not based on lfsrs....
In addition to the papers mentioned by David Hopwood, you may wish to take a
look at SEAL 3.0:
P. Rogaway and D. Coppersmith, "A Software-Optimized
Encryption Algorithm," Journal of Cryptology, v. 11, n. 4,
1998, pp. 273-287.
<http://www.cs.ucdavis.edu/~rogaway/papers/seal-abstract.html>
-Richard
------------------------------
From: Richard Parker <[EMAIL PROTECTED]>
Subject: Re: CAST
Date: Sun, 23 Apr 2000 22:53:18 -0700
Tom St Denis <[EMAIL PROTECTED]> wrote:
> I want to find as many papers on CAST as I can... I already have
> CAST-128 and CAST-256 (the aes pdf file) I want to see stuff for CAST
> (the original).
Tom,
The inventor of CAST, Carlisle Adams, works at Entrust. Most of his papers
can be found somewhere on Entrust's web site. Here are the two papers that
directly discuss the original CAST algorithm:
C. Adams, "Constructing Symmetric Ciphers Using the CAST Design
Procedure," in Selected Areas in Cryptography, E. Kranakis and
P. Van Oorschot (ed.), Kluwer Academic Publishers, 1997, pp.71-104.
<http://www.entrust.com/resourcecenter/pdf/cast.pdf>
CAST Design Procedure Addendum
<http://www.entrust.com/resourcecenter/pdf/castadd.pdf>
You'll also want to look at the following web page:
CAST Encryption Algorithm Related Publications
<http://saturn.ee.queensu.ca:8000/cast/>
-Richard
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Sun, 23 Apr 2000 23:04:15 -0700
"Mike Kent" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Joseph Ashwood wrote:
>
> > ... There has been no proof of the randomness of
anything,
>
> Just to get things clear ... what counts as random, and
what
> counts as proof?
A mathematical/logic of randomness. I would accept the
mathematic/logic proof that there is some randomness in a
source S that can be distilled into pure randomness. Since
this is primarily a discussion of OTP, and the randomness
necessary, two things must be proven
1) That given outputs (-inf, n-1) and (n+1, inf) it is
impossible to determine the value of n (e.g. there is no
correlation)
2) The value of each output is unbiased (each output value
occurs with exactly equal probablity given an infinite
sequence).
> > If I am wrong, please give a reference.
>
> Hard to tell if you are right or wrong without a clear
> understanding of what you're claiming.
I am simply claiming that there has been no logic based
proof that anything is truly random.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: S-BOXES
Date: Sun, 23 Apr 2000 23:32:40 -0700
> Are an algorithm's S-Boxes' tailor made for just that
algorithm or could
> their be transplanted into another algorithm without loss
of strength?
The answer is both yes and no, for both. Generally the
S-boxes are custom made for each algorithm, and that each
s-box set creates different levels of security for each
algorithm. In addition the algorithms sometimes use s-boxes
in different ways.
If the s-boxes from a cipher are moved to another cipher
they must be reanalyzed in the context of the current
cipher, to determine how the security has changed. Sometimes
the strength can be increased, the example of the original
IBM cipher that became DES, originally the s-boxes offered a
not as high level of security, at the request of the NSA
they changed the S-boxes and that increased the security.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: papers on stream ciphers
Date: Sun, 23 Apr 2000 23:43:40 -0700
> The session key management issue, that arises because
stream ciphers
> need a different key for each message (to resist the known
weaknesses of
> stream ciphers).
I will ask only one thing, that you support your claim that
there are given weaknesses of stream ciphers, if so what are
they? There is no reason to use XOR, so one could easily
substitute any symmetric cipher of your choice, so any claim
if absolute insecurity of a stream cipher, would have a
correlating given weakness in block ciphers.
> This issue is complex because not only the system
> designer must be convinced that a unique secret session
key is used for
> each message, but each participant must be independently
convinced as
> well, according to the trust model implied in a given
application. For
> instance, the session key management issue might
additionally call for
> secret key freshness assurance for each participant.
Again, on what grounds? There has been no proof that a
stream cipher must obey these rules, for example CipherSabre
breaks these rules by applying an Initialization Vector to
the key before use, something which has long been encouraged
to prevent attacks.
>
> The other issue ("knowledge") you seem to be referring to
is less clear
> to me. If it is a percieved need to change the properties
of stream
> ciphers, it looks like an impossible task. In any event,
you might look
> at http://www.connotech.com/frogbit.htm which is *not* a
stream cipher
> proposal, but mainly a proposal to add integrity
protection, given that
> a stream cipher primitive is the only tool at hand.
My statement was actually made to voice my encouragement of
the exploration of stream ciphers. Right now, very little is
publically known about them, compared to block ciphers, a
new stream cipher (secure or not) can make a relatively
large impact on the knowledge of the community. Additionally
frogbit seems to be quite upfront about requiring that the
stream cipher be applied on one bit at a time, something
which severely limits the usable techniques (it would
certainly not work in the obvious way if you were to use DES
in place of the XOR).
Joe
------------------------------
From: biugung - OG, original gog <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,alt.politics.org.nsa,alt.journalism.print
Subject: Re: new Echelon article
Date: Mon, 24 Apr 2000 06:53:30 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> An interesting report at NBC:
>
> http://www.msnbc.com/news/394993.asp?cp1=&cp1=1
>
> U.S. spying pays off for business
>
> Same old claims that intelligence gathering is _solely_ to thwart
> bribery but includes confirmation that Clintonistas made economic
> intelligence gathering by CIA/NSA a policy matter, and started
> requiring the formation of a "Daily Economic Intelligence Brief."
>
Interesting. The black money CIA are whores for the highest bidder.
When will this cold war relic be eradicated?
Echelon runs on some serious juice. Someone should figure out how to
make a directed energy ray to de-volve plutonium, radiation and uranium.
Know what I mean? Kind of like alchemy only backwards.
Blast those underground power plants they have running this equipment,
they'd then have to join the domestic, civilian power grid. Then, all
those black, grey, yellow and red projects will run on white money.
Sanctioned and on the up and up or *poof* gone.
--
[EMAIL PROTECTED] to repost, archive and translate into
other languages
=-=-=-=-==-=-=-=-=-=-=-=-==-=-=-=-===-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Chinese military forum: http://www.anyboard.net/plaboard/
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: how many bases?
Date: Mon, 24 Apr 2000 06:50:28 GMT
> >According to Robert D. Silverman (*), citing an article by
> >I. Damgard, P. Landrock et C. Pomerance, for numbers 512 bits
> >or more, 8 Miller-Rabin tests are enough for an error
> >probability below 2^-100.
>
> This assumes that the number to be tested for primality was selected
> randomly. If you don't know anything about where the number came from
> (for example, if somebody e-mailed you some number and asked you to
> test if it were prime) then you would require 50 iterations to
> have probability below 2^-100.
how do you calculate that? I mean, how do you find 50?
and i want to say that the paper writen by Pinch states that there
should be n bases for n digit number. Any comments?
And thanks for the replies ...
I implement basic tests - being even test - division by small primes
(upto 8191)
- prime power test - lucas - lehmann(euler)
but Miller Robin - how many bases?
and is there a formula?
thanks ...
ps : ok, Frobenius is good - but i don't have enough math knowledge
to write its code ... If someone supplies me the algorithm, why not?
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Mon, 24 Apr 2000 08:23:47 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: Brute force (was Re: Why is this algorithm insecure?)
Sandy Harris wrote:
>
> [EMAIL PROTECTED] (Richard Heathfield) spake thus:
>
> >Tom St Denis wrote:
> >>
> >> Richard Heathfield wrote:
> >> > > The task of brute-forcing 2^128 different keys is out of reach for
> >> > > any known adversary.
> >> >
> >> > But wasn't it done recently?
> >>
> >> I sincerely hope you are joking with this last question.
>
> No. He's confusing key lengths for public key algorithms and symmetric
> algorithms, a really common error.
That is precisely what I was doing. I can see the point, too. If an
algorithm requires special properties of its keys (for example, product
of two primes or whatever) which drastically reduces the useful
keyspace, then it's clearly going to be easier to brute-force than one
that doesn't have such special requirements.
> Of course, if the attacker finds some weakness in the cipher, then he
> need not use brute force and the above is irrelevant.
Indeed, and this is what my original question was trying to establish.
It would appear that my 20,000 bit key is by no means sufficient. And,
instead of using a longer key, my time would be better spent attending
to the algorithm. More news on that real soon now - perhaps within mere
months!
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
34 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (63
to go)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
