Cryptography-Digest Digest #443, Volume #14 Fri, 25 May 01 20:13:00 EDT
Contents:
Re: A generic feistel cipher with hash and gf(257) mixers (Jim Steuert)
Re: A generic feistel cipher with hash and gf(257) mixers (Tom St Denis)
Re: Break on Schneiers first proposed "self-study cipher" (SCOTT19U.ZIP_GUY)
Re: Break on Schneiers first proposed "self-study cipher" (Tom St Denis)
Getting back to the self-study Analysis (Tom St Denis)
Re: Good crypto or just good enough? (SCOTT19U.ZIP_GUY)
Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a fool ?
("BenZen")
Re: Good crypto or just good enough? (Bryan Olson)
Re: Break on Schneiers first proposed "self-study cipher" ("Sam Simpson")
Re: Good crypto or just good enough? (Tom St Denis)
Re: Break on Schneiers first proposed "self-study cipher" (Tom St Denis)
Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a fool ?
("BenZen")
----------------------------------------------------------------------------
From: Jim Steuert <[EMAIL PROTECTED]>
Subject: Re: A generic feistel cipher with hash and gf(257) mixers
Date: Fri, 25 May 2001 18:42:01 -0400
Ok, perhaps I didn't use the right terminology. But given
f1(x,y,z) each function generates a balanced truth table.
And given any two of the x and y, and the output f value (0 or 1),
there is only a single unique z which can generate that
output. Likewise since these are bit-sliced on a 32-bit word,
this applies to the entire 32-bit values of x,y,z, and the bitwise
output word. I call that "invertible", although your terminology
3,1-Multipermutation is more precise.
But that is precisely what Bob Jenkin's round does
a=a-b; a=a-c; a=a^(rot1(c,13))
could just as well be an f-function. f(a,b,c) In fact, it is
stronger in the sense that it is not simply bit-sliced.
The failure of the KHF hash function (David Wagner's paper)
was due to the fact that the bit-sliced f-functions were only
just that: bit-sliced. Bob Jenkin's functions, due to the addition,
allow bit carries, which make neighboring bits depend on each other,
adding to the avalanche characteristics.
Tom St Denis wrote:
> Jim Steuert wrote:
> >
> > You are of course right about SHA-1, the 3x1 bit-sliced sboxes are
> > f1(x,y,z) = ( z^ (x & ( y ^ z ))
> > f2(x,y,z) = ( x^y^z)
> > f3(x,y,z) = ( (x&y)|(x&(x|y)))
>
> I don't know if you copied these right since F3 will simplify to (x&y) |
> (x&y) = x&y.
>
> > which are all invertible multipermutations, (and balanced) i.e. their truth table
> > represents all 8 possible values. I believe that they are equivalent
> > to Bob Jenkin's mixing rounds, so calling them sboxes is not a valid
> > analogy for this example.
>
> And they are not invertible multipermutations. They are non-surjective
> [*] 3,1-Multipermutations at best.
>
> > And even that still doesn't change the major point of this cipher, specifically,
> > that
> > an invertible sha-1 type thing, followed by a key mixed in the middle
> > followed by another invertible sha-1 is a reasonable cipher.
> >
>
> "is a reasonable cipher" is questionable. First, it's not efficient in
> space or time. Second, it's not simple. Third, it hasn't been
> analyzed. I wouldn't jump to conclusions so quickly.
>
> [*] To the guru's: did I use the word "surjective" right there? I keep
> forgetting...
>
> Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: A generic feistel cipher with hash and gf(257) mixers
Date: Fri, 25 May 2001 22:57:05 GMT
Jim Steuert wrote:
>
> Ok, perhaps I didn't use the right terminology. But given
> f1(x,y,z) each function generates a balanced truth table.
> And given any two of the x and y, and the output f value (0 or 1),
> there is only a single unique z which can generate that
> output. Likewise since these are bit-sliced on a 32-bit word,
> this applies to the entire 32-bit values of x,y,z, and the bitwise
> output word. I call that "invertible", although your terminology
> 3,1-Multipermutation is more precise.
Um, still wrong. How can a 3 => 1 function be invertible?
> But that is precisely what Bob Jenkin's round does
> a=a-b; a=a-c; a=a^(rot1(c,13))
> could just as well be an f-function. f(a,b,c) In fact, it is
> stronger in the sense that it is not simply bit-sliced.
> The failure of the KHF hash function (David Wagner's paper)
> was due to the fact that the bit-sliced f-functions were only
> just that: bit-sliced. Bob Jenkin's functions, due to the addition,
> allow bit carries, which make neighboring bits depend on each other,
> adding to the avalanche characteristics.
True, but look at Serpent. It's all bit oriented and considered secure.
Tom
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Break on Schneiers first proposed "self-study cipher"
Date: 25 May 2001 22:32:08 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" wrote:
>>
>> [EMAIL PROTECTED] (Tom St Denis) wrote in
>> <[EMAIL PROTECTED]>:
>>
>> >
>> >First off he made money by provided a text that enables millions of
>> >people to learn about crypto. I feel that's not a "plug" on society.
>> >
>>
>> I see it OK to SPAM if you make money.
>
>You see it as SPAM, 999,999 other people see it as news.
And you speak for 999,999 people who love to get email
messages asking for money with out them even asking for
the email.
Tommy grow up. Do you really have the delusions that
you can speak for 999,999 people. Get real.
>
>>
>> >Second if you proposed BICOM professionally (like all real academia
>> >would have) he might have looked at it already. I imagine he's a
>> >busy person and doesn't follow sci.crypt too closely.
>> >
>>
>> I didn't write BICOM. But I doubt Matt would have much
>> more luck presenting it than I did when the ACM people lied
>> about me being allowed to publish. Also its hard to publish stuff
>> thats new or different. Much good stuff is not recognized till
>> years later. Working in the government I had a boss that tried
>> to publish some of my algorithms for inetial naviagtion update
>> methods. They never got anywhere they where to different. However
>> much of my code is still in use. Many of my data reduction and
>> alignmetn techniques that are still in use never made it to a
>> publisher. It was just to different. I have been searching the
>> net to see if any of the methods Matt and I use for biejctiveness
>> in HUFFMAN and ARITHMETIC codes is out there. So far I have
>> not seen it. But I doubt if a DR DOBBS or any journal would accept
>> a right up on it. Yes my wirtting is shitty. But when I worked
>> they had people who could spell and add commas and reword things
>> so that wasn't the reason back then. But I suppose in a few
>> years some BS equivlanet in blessed compression circles will
>> do a write up and they will drink a toast to him. Or maybe IBM
>> will like it and then say there existing patinent covers all
>> use of it. Even though they never new about it. Hell they have
>> to pay lawyers to do something. And legal stealing is what
>> most business is all about.
>
>I won't even comment on this.
>
>> As for your buddy. My sources say he reads this stuff so there
>> is a good chance you could end up with a job through or from him.
>> All you have to do is keep telling the world how great he is.
>
>I've never met him. Aside from an email I sent two years ago I doubt he
>knows I exist.
Tom are you acting stupid again. Yes he knows of you by your messages
here. He also knows of me. He hates me. But that to be expected I
don't worship him or think he is that hot. I've stated before I
think Ritter knows more about encyption than him.
>
>> >Third, I am not even close to being qualified to work for
>> >Counterpane. I don't have the requisit knowledge about how TCP, UDP,
>> >etc protocols work, or even how to program them (outside of a limited
>> >WinSock 2 API). Also his company is in USCA, and if you remember I
>> >live in CAN ON.
>> >
>>
>> Yes faking humility wins lots of points.
>
>I'm being modest. It's knowing when to admit you are not qualified that
>will earn you points in the community.
>
well you seem qualifed to think BICOM was obviously
less secure than CTR mode of RIJNDAEL why the pretense
now.
>> I no little of his company. If hes half as smart as
>> I think he is it would be a Nevada company. Also
>> companies never have enough money so they grow.
>> So just wait you may get to work for him and stay
>> in Canada. Also you might try the CIA or NSA I am sure
>> they could use young blood anywhere.
>
>I won't comment on this aside from the the fact that I think you should
>look at a map sometime. The CIA/NSA do not exist in CAN ON.
>
I am very sure there are many employees of both companies in
that great land up North.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Break on Schneiers first proposed "self-study cipher"
Date: Fri, 25 May 2001 23:17:17 GMT
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Tom St Denis) wrote in
> <[EMAIL PROTECTED]>:
>
> >"SCOTT19U.ZIP_GUY" wrote:
> >>
> >> [EMAIL PROTECTED] (Tom St Denis) wrote in
> >> <[EMAIL PROTECTED]>:
> >>
> >> >
> >> >First off he made money by provided a text that enables millions of
> >> >people to learn about crypto. I feel that's not a "plug" on society.
> >> >
> >>
> >> I see it OK to SPAM if you make money.
> >
> >You see it as SPAM, 999,999 other people see it as news.
>
> And you speak for 999,999 people who love to get email
> messages asking for money with out them even asking for
> the email.
> Tommy grow up. Do you really have the delusions that
> you can speak for 999,999 people. Get real.
Hmm, afaik I have never heard of Schneier SPAMMing people about his
book. He has better things todo I imagine.
>
> >
> >>
> >> >Second if you proposed BICOM professionally (like all real academia
> >> >would have) he might have looked at it already. I imagine he's a
> >> >busy person and doesn't follow sci.crypt too closely.
> >> >
> >>
> >> I didn't write BICOM. But I doubt Matt would have much
> >> more luck presenting it than I did when the ACM people lied
> >> about me being allowed to publish. Also its hard to publish stuff
> >> thats new or different. Much good stuff is not recognized till
> >> years later. Working in the government I had a boss that tried
> >> to publish some of my algorithms for inetial naviagtion update
> >> methods. They never got anywhere they where to different. However
> >> much of my code is still in use. Many of my data reduction and
> >> alignmetn techniques that are still in use never made it to a
> >> publisher. It was just to different. I have been searching the
> >> net to see if any of the methods Matt and I use for biejctiveness
> >> in HUFFMAN and ARITHMETIC codes is out there. So far I have
> >> not seen it. But I doubt if a DR DOBBS or any journal would accept
> >> a right up on it. Yes my wirtting is shitty. But when I worked
> >> they had people who could spell and add commas and reword things
> >> so that wasn't the reason back then. But I suppose in a few
> >> years some BS equivlanet in blessed compression circles will
> >> do a write up and they will drink a toast to him. Or maybe IBM
> >> will like it and then say there existing patinent covers all
> >> use of it. Even though they never new about it. Hell they have
> >> to pay lawyers to do something. And legal stealing is what
> >> most business is all about.
> >
> >I won't even comment on this.
> >
> >> As for your buddy. My sources say he reads this stuff so there
> >> is a good chance you could end up with a job through or from him.
> >> All you have to do is keep telling the world how great he is.
> >
> >I've never met him. Aside from an email I sent two years ago I doubt he
> >knows I exist.
>
> Tom are you acting stupid again. Yes he knows of you by your messages
> here. He also knows of me. He hates me. But that to be expected I
> don't worship him or think he is that hot. I've stated before I
> think Ritter knows more about encyption than him.
There is more to computer security than encryption.
> >> >Third, I am not even close to being qualified to work for
> >> >Counterpane. I don't have the requisit knowledge about how TCP, UDP,
> >> >etc protocols work, or even how to program them (outside of a limited
> >> >WinSock 2 API). Also his company is in USCA, and if you remember I
> >> >live in CAN ON.
> >> >
> >>
> >> Yes faking humility wins lots of points.
> >
> >I'm being modest. It's knowing when to admit you are not qualified that
> >will earn you points in the community.
> >
>
> well you seem qualifed to think BICOM was obviously
> less secure than CTR mode of RIJNDAEL why the pretense
> now.
No, I never said BICOM was insecure. I just said you have yet to prove
it's any better. I proved that in many instances it's less desirable
than CTR (such as streamed data, or on a microcontroller).
> >> I no little of his company. If hes half as smart as
> >> I think he is it would be a Nevada company. Also
> >> companies never have enough money so they grow.
> >> So just wait you may get to work for him and stay
> >> in Canada. Also you might try the CIA or NSA I am sure
> >> they could use young blood anywhere.
> >
> >I won't comment on this aside from the the fact that I think you should
> >look at a map sometime. The CIA/NSA do not exist in CAN ON.
> >
>
> I am very sure there are many employees of both companies in
> that great land up North.
So what? Again we get into this "magical conspiracy crap".
Like I said about a year ago, 99.99% of all people that will cheat you
on the net are not NSA types. They are "malicious" crackers and
criminals. If you think the NSA stakes out amazon looking for secrets
you are dead wrong.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Getting back to the self-study Analysis
Date: Fri, 25 May 2001 23:21:31 GMT
Anyways, not like my original thread didn't go down hill...
Any hints or tips? I am gonna work it out on paper a bit more later
on... I can't figure out how to exploit the linear relationship
A xor K = B
A' xor K = B'
(Dave you are not invited into this thread).
Tom
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Good crypto or just good enough?
Date: 25 May 2001 23:10:55 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" wrote:
>>
>> [EMAIL PROTECTED] (Tom St Denis) wrote in
>> <[EMAIL PROTECTED]>:
>>
>> >
>> >Simple make Scottu19 a single instruction on a cpu. There I
>> >disproved your "lemma". Now Scottu19 is efficient and non-complex.
>>
>> Just like in K-complexity theres more than a single instruction.
>> The real heart of scott19u is the keyenc.key file. which holds
>> the base 19X19 S table info. So you need at least a million bytes
>> just to hold that. You forget this is not your simple short key
>> weak kind of cipher.
>
>You forget that your million byte table was made by a 2kb piece of
>code... Boowah.. one point for tom.
Actaully I suggest people use random data if possible for that
table. How they get is there problem as anybody who needs random
data for anything. Also for contests I used simple means to create
the tables and told how I did it. Yes in the constest it was easier
for someone to break then if I used real random data.
>
>So what. You are in the same boat as Twofish. Are the sboxes really
>random or just a function of some key material and precomputed to save
>time?
No not the same. The encyrpted key file is stored and created
somewhere esle.
>
>Your 19x19 table isn't a trully random 19x19 it's a table that was
>shuffled and such by a shorter program...
No Tommy. The code allows for any single cycle S table to be
used. You find or get a random single cycle S table and it could
be used by my code. There are no exceptions.
>
>>
>> >
>> >> Hiding of input output pairs to the
>> >> underlying block encryption.
>> >
>> >This is impossible and you know it. You can't possibly hide the
>> >input and output in a chosen plaintext attack (for example).
>>
>> Well if you unserstood what "wrapped PCBC" you would see
>> this is another one of your misconceptions. I feel its a
>> strong feature of good secure encryption since your correct
>> in your distorted view of the world. None of the blessed 3
>> letter approved NSA methods as used with DES would hide such
>> pairs. But Scott19u does hid them. A plain text attack would
>> not give them to you. The whole purpose of the Slide attack
>> was to just find these pairs.
>>
>> Again to get back to point you never anwsered do you see
>> yet how a one byte output from BICOM could be one of many many
>> thousand of possible input messages or is still impossible in
>> your mind. Remember MR BS is watching. So either change to something
>> else or cleverly ignore this part of message.
>
>Um differential attacks are worthless against CTR mode encryption too.
>CTR is more efficient. Thus CTR wins.
Well I see your not going to anwser I can't tell if that
will impress MR BS or not.
>
>You know if you were not the only poster in sci.crypt I would haved
>ignored you long ago.
>
Thats funny from the only guy who was in my killfile.
I only took you out becasue I thought you were young and
might possible want to learn somthing. Lets do each other
a favor. Since its obvious you can't anwser the questions
and going farther is not going to win more points. You
my even lose points with MR BS if this goes to long. Lets
put each other in our kill file for the rest of the month.
Hi you kept threatening to do it so I beat you to the punch.
GOOD BYE YOUR THE WEAKEST LINK.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "BenZen" <[EMAIL PROTECTED]>
Subject: Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a
fool ?
Date: Fri, 25 May 2001 19:33:37 -0400
John Savard wrote in message <[EMAIL PROTECTED]>...
>On Thu, 24 May 2001 20:22:21 -0400, "BenZen" <[EMAIL PROTECTED]>
>wrote, in part:
>
(.)
>The fact that certain fractal methods don't produce a uniformly
>distributed output can be dealt with easily enough by hashing the
>output.
>
That's one side effect of also getting an ordinary file through a ZIP like
compression (including the hashing part).
>From your suggestion; I am adding a TEST for my experiments.
I'll be compressing Fractal bitstreams vs pseudorandom for a short study.
> In general, though, fractal methods are regarded as of dubious
>security and as inefficient for good reason. Certainly expecting to
>come up with something "100% safe" as a neophyte seems unrealistic.
>
Yes, Unrealistic.... I'm starting to believe it myself ;)
>Yet I do think fractal methods may ultimately have a legitimate place,
>supplementing more conventional methods to make analysis more
>difficult. But I really think you need to learn more before proposing
>to come up with something new and different that works.
>
I've got to try... But I thank you and the others for the tips given.
I shall take some time before I try reinvent the square wheel,
as someone else said to me.
>John Savard
>http://home.ecn.ab.ca/~jsavard/frhome.htm
Congratulation on this web site; Also congratulation on your
QUADIBLOC.. I was planning on XOR'ing my data with the fractals.
I'm glad for this much, we newbies, have in common with the pro's..LOL
Your Cryptographic compendium is very well done; I am hooked.
I noted in your design you considered security issues not only against
brute force, but realizing the potential of smarter attacks.
I will read the juicy details later; Things are starting to stike my attention:
'Block Cipher Square : Joan Daeman, Lars Knudsen, Vincent Rijmen'
http://www.esat.kuleuven.ac.be/~rijmen/square/index.html
Document which inspired Rijmen for the AES algorithm; The author
mention a combined attack sheme that would result in a six round attack.
Faster than brute force.
(although infeasible with current technology he says.)
I shall read more indeed; To better understand what Cypher is up against.
Dedicated attacks.
Tom St-Denis wrote about the importance of understanding
linear and differential attacks by experimenting a little with them.
Wishing you the best in Edmunton,
I'll take my time and learn some more... The Maths of this is the most difficult part.
Ben
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Good crypto or just good enough?
Date: Fri, 25 May 2001 16:34:26 -0700
Tom St Denis wrote:
>
> My old employer asked me to ask the group this question.
>
> Would you settle for crypto that is "just secure enough" or "is as
> secure as we know how to make it". Both within reason.
People seem to have the principles, but not the implications.
The one way to blow a decision among several low-cost options
that all exceed requirements, is to expend a lot of effort
making the choice.
Today, crypto has two serious problems:
1. We don't really understand complexity.
2. The world runs on cleartext.
Sci.crypt is flooded with conjectural ideas for symmetric
encryption, and endless debate over 3DES vs Rijndael vs
combining 17 different ciphers. None of that addresses any
problem anyone actually has.
--Bryan
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: Break on Schneiers first proposed "self-study cipher"
Date: Sat, 26 May 2001 00:31:36 +0100
That's the sad thing about sci.crypt, the first response is always a troll
from Scooter or Szopa.
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "SCOTT19U.ZIP_GUY" wrote:
> >
> > [EMAIL PROTECTED] (Tom St Denis) wrote in
<[EMAIL PROTECTED]>:
> >
> > >I wanted to beat this idea around.
> > >
> > >In Schneiers (he's a thoughtful person btw) "Self-Study" guide he
> > >proposes to break eight rounds of RC5 without rotations.
> > >
> >
> > I see you have this idea that Mr BS is a thoughtful person.
> > Do you have any basis for this idea. Have you ever meet him in
> > person. Also if you read things from his company. How do you
> > know he wrote them.
>
> I called him thoughtful because he spends more time doing productive
> things then this
>
> That and he publishes all his research on his website for free, and he
> indexed about 2500 papers, and ...
>
> Is that enough "basis"?
>
> Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Good crypto or just good enough?
Date: Fri, 25 May 2001 23:37:43 GMT
Bryan Olson wrote:
>
> Tom St Denis wrote:
> >
> > My old employer asked me to ask the group this question.
> >
> > Would you settle for crypto that is "just secure enough" or "is as
> > secure as we know how to make it". Both within reason.
>
> People seem to have the principles, but not the implications.
> The one way to blow a decision among several low-cost options
> that all exceed requirements, is to expend a lot of effort
> making the choice.
>
> Today, crypto has two serious problems:
> 1. We don't really understand complexity.
> 2. The world runs on cleartext.
>
> Sci.crypt is flooded with conjectural ideas for symmetric
> encryption, and endless debate over 3DES vs Rijndael vs
> combining 17 different ciphers. None of that addresses any
> problem anyone actually has.
Maybe Academia should swing vines over to more practical problems then?
After thinking about it I think alot of block ciphers are not too far
away from "Security by Obscurity." If you think about it the only thing
that makes Twofish (for example) secure is the requirement for us to
mount a brute force attack. there is no proof of the inability to mount
a shortcut attack though...
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Break on Schneiers first proposed "self-study cipher"
Date: Fri, 25 May 2001 23:42:41 GMT
Sam Simpson wrote:
>
> That's the sad thing about sci.crypt, the first response is always a troll
> from Scooter or Szopa.
True...
Um, did you have any hints on the original question at hand.
Question (in general for the group): Would breaking my own
really-really-toy ciphers count as practice? I would imagine so. I
could easily invent a cipher that on the onset looks sound but falls
quickly.
The problem I am having with attacking something like 6 rounds of DES is
outside of reinventing differential analysis I can't possibly imagine
myself finding an attack.
I think another problem with people starting Cryptanalysis is that the
attacks in general sound much more complicated then they really are.
For example, when I finally understood how differential analysis works I
smacked myself on the forehead for taking so long. Similarly with
Linear analysis.
The big hang up I found was key extraction. At first I got how the
differences would propagate, but I didn't understand how that gives key
material.
etc...
Tom
------------------------------
From: "BenZen" <[EMAIL PROTECTED]>
Subject: Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a
fool ?
Date: Fri, 25 May 2001 20:05:40 -0400
Tom St Denis wrote in message <[EMAIL PROTECTED]>...
>BenZen wrote:
>>
(..)
>> That only encourages me to find-out the reason it can't work;
>> I don't like to take another mind's doubts for an answer.
>
>Fractals are not inherantly random that's a big problem. For a good bit
>stream generator (I assume that's what we are talking about) you need
>some generator that is not self similar.
>
One thing I don't understand yet, is the necessity for 'randomness'.
I would be satisfied with a non-periodic sequence of sufficient lenght.
As long as it meets certain criterias; I can't express properly here.
>Of course in theory the period
>of a Julia Set is infinite but in practical terms there is only so much
>resolution you can get. And it's not terribly random :-(
>
Yes, but it is very easy to create fractal variants... A Fractal formula
could be so small it fits in the key. ;)
Do I really need randomness, as much as I need complexity.
For example PI's decimals are not random; but they are quite complex.
I don't understand how we still have to fear brute-force attacks,
when we can achieve streams of these level of complexity without periodicity
over quadrillion's of digits...
Then all I cant think is that by simply XOR'ing such as stream with the
data; The data simply can never be guessed by any brute force in the
quadrillion's years to come...As long as the original data is matching the
statistical characteristics of the encoding stream; combining both is bound
to be undecypherable.
** I got to learn more. **
(..)
>Of course its good to listen but also to touch and feel. Alot of
>attacks dont make sense to me. Only through actually trying them have I
>learned how differential and linear attacks work.
>
Thanks for the tip.... I also don't understand how can someone expect
brute force to crack a modern cypher.
>(Now if I only had
>the math+tact+education+work to back me up in my studies...).
>
It's never too late.
'Never give-up, Never surrender' - Galaxy Quest (film)
Regards,
Ben
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
