Cryptography-Digest Digest #617, Volume #14 Fri, 15 Jun 01 13:13:01 EDT
Contents:
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and
Large Primes ([EMAIL PROTECTED])
Re: NIST Rng Test Software (Unix) (Mok-Kong Shen)
Re: HELP WITH RSA ENCRYPTION/DECRYPTION INCLUDING GARNER CRT ALGORITHM (cohalloran)
Re: HELP WITH RSA ENCRYPTION/DECRYPTION INCLUDING GARNER CRT ALGORITHM ("Tom St
Denis")
Re: HELP WITH RSA ENCRYPTION/DECRYPTION INCLUDING GARNER CRT ALGORITHM (Erwann
ABALEA)
Re: National Security Nightmare? (Charles Lyttle)
Re: Diffusion limits in block ciphers (Mark Wooding)
Re: Alice and Bob Speak MooJoo ("Douglas A. Gwyn")
Re: Substitution Humor! ("Thierry Falissard")
Re: HELP WITH RSA ENCRYPTION/DECRYPTION INCLUDING GARNER CRT ALGORITHM ("Tom St
Denis")
Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (wtshaw)
Re: hello? (wtshaw)
Re: CipherText E-mail encryption ("Prichard, Chuck")
Re: CipherText E-mail encryption ("Prichard, Chuck")
Those 8x32's I made !!! ("Tom St Denis")
Re: CipherText E-mail encryption ("Tom St Denis")
Re: ENCRYPTION TYPE - UNKNOWN! :( ("Douglas A. Gwyn")
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, ("Douglas A.
Gwyn")
Re: Substitution Humor! ("Douglas A. Gwyn")
Re: CipherText E-mail encryption ("Prichard, Chuck")
Re: CipherText E-mail encryption ("Tom St Denis")
Re: Avoiding RSA padding altogether? (David Hopwood)
----------------------------------------------------------------------------
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and
Large Primes
From: [EMAIL PROTECTED]
Date: 15 Jun 2001 09:20:09 -0400
Mok-Kong Shen <[EMAIL PROTECTED]> writes:
>
> I am not a mathematician, let alone a logician. But from
> what I know it seems to be true that one has learned that
> the route taken by the two authors is a dead end only
> (or mainly) 'through' the very knowledge of their failure.
And once we know it was a failure, we make a note of the fact, and don't
bother reading that work anymore. But we still sincerely love Russel and
Whitehead as people. Does that make you feel better?
> BTW, you must know better as mathematician of how to currently best
> learn the foundations of arithmatics.
Yes. To learn arithmetic, go to school.
Len.
--
It's always difficult to imagine the effects of a free market when you've
never tried one.
-- Dan Bernstein
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NIST Rng Test Software (Unix)
Date: Fri, 15 Jun 2001 15:15:04 +0200
Brice wrote:
> I have now given up on compiling the NIST Rng test software on a PC running
> Windows and i have reverted to a Unix machine.
>
> I have managed to compile the code without any problems but i am not getting
> the same results as those given by NIST when i run the test software on the
> test samples.
>
> Does anyone know of any bugs in the code ? Has anyone got some executable
> under Unix that they could maybe send me?
Why not communicate with the NIST people?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (cohalloran)
Subject: Re: HELP WITH RSA ENCRYPTION/DECRYPTION INCLUDING GARNER CRT ALGORITHM
Date: Fri, 15 Jun 2001 14:24:07 GMT
On Fri, 15 Jun 2001 02:09:01 GMT, "Tom St Denis"
<[EMAIL PROTECTED]> wrote:
>
>"Boyd Roberts" <[EMAIL PROTECTED]> wrote in message
>news:9gbqdk$da1$[EMAIL PROTECTED]...
>> "tE!" <[EMAIL PROTECTED]> a écrit dans le message news:
>[EMAIL PROTECTED]
>> >
>> > tom st denis sucks. who gives a **** about his crap comments anyway ?
>> >
>>
>> was '****' encoded with a OTP? are you trying to say crap or fuck?
>>
>> or that other _terrible_ f word: frog
>>
>> toad, of course, is the correct term.
>>
>> [with apologies to _the league of gentleman_]
>
>Why would frog be terrible?
You must be french.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: HELP WITH RSA ENCRYPTION/DECRYPTION INCLUDING GARNER CRT ALGORITHM
Date: Fri, 15 Jun 2001 14:34:28 GMT
"cohalloran" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Fri, 15 Jun 2001 02:09:01 GMT, "Tom St Denis"
> <[EMAIL PROTECTED]> wrote:
>
> >
> >"Boyd Roberts" <[EMAIL PROTECTED]> wrote in message
> >news:9gbqdk$da1$[EMAIL PROTECTED]...
> >> "tE!" <[EMAIL PROTECTED]> a écrit dans le message news:
> >[EMAIL PROTECTED]
> >> >
> >> > tom st denis sucks. who gives a **** about his crap comments anyway ?
> >> >
> >>
> >> was '****' encoded with a OTP? are you trying to say crap or fuck?
> >>
> >> or that other _terrible_ f word: frog
> >>
> >> toad, of course, is the correct term.
> >>
> >> [with apologies to _the league of gentleman_]
> >
> >Why would frog be terrible?
>
> You must be french.
Nope. I think this is a vastly inappropriate topic. I can think off the
top of my head two French cryptographers. [Vaudenay and Pascal, well I
dunno if Pascal is french but afaik Vaudenay is].
Tom
------------------------------
From: Erwann ABALEA <[EMAIL PROTECTED]>
Subject: Re: HELP WITH RSA ENCRYPTION/DECRYPTION INCLUDING GARNER CRT ALGORITHM
Date: Fri, 15 Jun 2001 16:56:39 +0200
On Fri, 15 Jun 2001, Tom St Denis wrote:
> "cohalloran" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > On Fri, 15 Jun 2001 02:09:01 GMT, "Tom St Denis"
> > <[EMAIL PROTECTED]> wrote:
> >
> > >
> > >"Boyd Roberts" <[EMAIL PROTECTED]> wrote in message
> > >news:9gbqdk$da1$[EMAIL PROTECTED]...
> > >> "tE!" <[EMAIL PROTECTED]> a écrit dans le message news:
> > >[EMAIL PROTECTED]
> > >> >
> > >> > tom st denis sucks. who gives a **** about his crap comments anyway ?
> > >> >
> > >>
> > >> was '****' encoded with a OTP? are you trying to say crap or fuck?
> > >>
> > >> or that other _terrible_ f word: frog
> > >>
> > >> toad, of course, is the correct term.
> > >>
> > >> [with apologies to _the league of gentleman_]
> > >
> > >Why would frog be terrible?
> >
> > You must be french.
>
> Nope. I think this is a vastly inappropriate topic. I can think off the
> top of my head two French cryptographers. [Vaudenay and Pascal, well I
> dunno if Pascal is french but afaik Vaudenay is].
I don't know if you're talking about Blaise Pascal, or another Pascal...
If it's Blaise Pascal, then yes, he *was* french (he died several
centuries ago).
--
Erwann ABALEA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
------------------------------
From: Charles Lyttle <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Fri, 15 Jun 2001 15:30:02 GMT
[EMAIL PROTECTED] wrote:
> =
> "Boyd Roberts" <[EMAIL PROTECTED]> writes:
> =
> > "Tom St Denis" a =E9crit:
> >>
> >> So it is in fact "A plethora of people is here" since it's only one
> >> plethora?
> >
> > the word 'people' forces you to use 'are'.
> =
> Incorrect. ``A plethora is here.'' ``Really? What sort of plethora?''
> ``A plethora of people.''
> =
> Len.
> =
> --
> > We [hackesses] about our lives like most human beings, maybe even
> > a little better.
> =
> Or in your case, a little dumber.
> -- Phrack Magazine
A pair of pants are on the floor?
Pants is on the floor?
Isn't English fun?
-- =
Russ Lyttle
"World Domination through Penguin Power"
The Universal Automotive Testset Project at
<http://home.earthlink.net/~lyttlec>
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Diffusion limits in block ciphers
Date: 15 Jun 2001 15:34:43 GMT
Tim Tyler <[EMAIL PROTECTED]> wrote:
> I would defend the idea. You are likely to be compressing in one
> direction anyway, so you only need diffusion in the other direction to
> get a complete AONT.
No. You need randomization, at least.
The formalization of AONTs that I've seen requires that an adversary
which provides two strings can't decide (with better than 1/2
probability) which of its two strings corresponds to a given AONT output
which has some (say 128) bits missing from (from known positions). OAEP
fits this bill well; I think Rivest's package transform does too.
> : I am not an advocate (for example) of fast weak round functions and
> : adding tons of rounds. [...]
>
> Whereas I am. I think this technique may well produce fast strong
> cyphers in hardware better than the competition. I would agree that
> this thesis has yet to be put to the test properly, though.
I think there's something to be said for this approach.
My designs, such as they've been, have tended to use fairly simple
structures, although I've usually managed to make them strong enough for
them not to require many rounds.
-- [mdw]
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Alice and Bob Speak MooJoo
Date: Fri, 15 Jun 2001 14:48:28 GMT
"Robert J. Kolker" wrote:
> Mok-Kong Shen wrote:
> > ... The language is call LINCOS, if I don't err.
> Used by 3 or 4 people world wide. Up there with INTERLAN,
> a failred universal language invented in the 50's.
> I suspect more people speak T'lingon (Klingonasse) than LINCOS.
Artificial languages for various purposes are fun to explore.
This week I heard that NSA has used one called "Bord" (after
the Bordic word for "word") in linguistic aptitude testing.
I wish I had more details but I don't.
------------------------------
From: "Thierry Falissard" <[EMAIL PROTECTED]>
Subject: Re: Substitution Humor!
Date: Fri, 15 Jun 2001 17:52:06 +0200
I don't quite see what's humorous.
After ol, ve frenchmen pronuns Inglich ekzaktli lik zat...
<[EMAIL PROTECTED]> a écrit :
> Substitution Humor!
>
(snip)
>
> After zis fifz yer, ve vil hav a reli sensibl riten styl. Zer vil be no
> mor trubl or difikultis and evrivun vil find it ezi to understand ech
> ozer. Ze drem vil finali kum tru! And zen ve vil tak over ze
> world!
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: HELP WITH RSA ENCRYPTION/DECRYPTION INCLUDING GARNER CRT ALGORITHM
Date: Fri, 15 Jun 2001 16:17:39 GMT
"Erwann ABALEA" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Fri, 15 Jun 2001, Tom St Denis wrote:
>
> > "cohalloran" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > On Fri, 15 Jun 2001 02:09:01 GMT, "Tom St Denis"
> > > <[EMAIL PROTECTED]> wrote:
> > >
> > > >
> > > >"Boyd Roberts" <[EMAIL PROTECTED]> wrote in message
> > > >news:9gbqdk$da1$[EMAIL PROTECTED]...
> > > >> "tE!" <[EMAIL PROTECTED]> a écrit dans le message news:
> > > >[EMAIL PROTECTED]
> > > >> >
> > > >> > tom st denis sucks. who gives a **** about his crap comments
anyway ?
> > > >> >
> > > >>
> > > >> was '****' encoded with a OTP? are you trying to say crap or fuck?
> > > >>
> > > >> or that other _terrible_ f word: frog
> > > >>
> > > >> toad, of course, is the correct term.
> > > >>
> > > >> [with apologies to _the league of gentleman_]
> > > >
> > > >Why would frog be terrible?
> > >
> > > You must be french.
> >
> > Nope. I think this is a vastly inappropriate topic. I can think off
the
> > top of my head two French cryptographers. [Vaudenay and Pascal, well I
> > dunno if Pascal is french but afaik Vaudenay is].
>
> I don't know if you're talking about Blaise Pascal, or another Pascal...
> If it's Blaise Pascal, then yes, he *was* french (he died several
> centuries ago).
Nono, Pascal Junod.
Tom
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY
Date: Fri, 15 Jun 2001 10:03:05 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> >
> > Carefully read what I said above that there can be no SINGLE universally
> > useful measure of security. I say that there can be MANY that have
> > different uses as different aspects of strength are directly available.
> > Those that want to escape a solution of the strength problem because it is
> > complex miss the utility of such an effort.
>
> The problem with having many different measures is
> the situation when these measures seem to have no
> inherent relation to one another (let alone to be
> convertible like inch and centimeter). Given a particular
> cipher, which measure should one use? If there is no
> clear-cut answer, then the co-existence of different
> measures is confusing in my humble view.
>
> M. K. Shen
End use can hint at what is important. Different end uses demand
different security characteristics. See what trouble we get into when
industry tries to develop and market the perfect auto/truck as a solution
to all transportation needs, the SUV. The result is inefficiency and
faults parented from marriages of discordant concepts.
AES for a more encompassing purpose than is practical given its
limitations can create more problems than it solves. Many here try to add
tires of different makes to improve the utility while kicking thge tires
as a measure of improvement to be credited to the great potential of base
algorithm. Nothing really follows in such a system of dodgeball logic.
--
In trying to get meaning from the TmV-OK saga, remember that
those who do not learn from history are apt to repeat it.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: hello?
Date: Fri, 15 Jun 2001 10:12:21 -0600
In article <_%mW6.124959$[EMAIL PROTECTED]>, "Tom St
Denis" <[EMAIL PROTECTED]> wrote:
> "S Degen" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> >
> >
> > Tom St Denis wrote:
> > >
> > > What gives? Nobody answers any real sci.crypt questions here anymore!
> > >
> > > Or am I just globally killfiled?
> >
> > yes.
> >
>
> Now I must be new to killfiles. If I am globally killfiled how did you get
> this?
>
> Tom
Those building killfiles sooner or later grow bored because they tend to
overexercise their pickiness to exclude almost everybody.
--
In trying to get meaning from the TmV-OK saga, remember that
those who do not learn from history are apt to repeat it.
------------------------------
From: "Prichard, Chuck" <[EMAIL PROTECTED]>
Subject: Re: CipherText E-mail encryption
Date: Fri, 15 Jun 2001 16:32:13 GMT
A possible solution to having the same datafile encryption key in all
copies
of the application is to simply educate users about their vulnerabillity
encouraging them to secure their computers.
They can make practices of removing the datafiles while on extended
leaves,
hiding it where it is safe.
Strongly urging that this be done would improve the overall system,
building
the user's confidence in it by virtue of his belief in his own
resourceful
solution.
The application could assist by providing a simply porting utility
feature
for saving and purging the datafiles. (Of course yo get into the issue of
making certain the files are permanatly erased. Simply keeping a good
backup
copy of the data for last resort is also a good practice to encourage.)
I favor building on this approach wherever practical and especially,
where
it can build such confidence without leaving any doubts often created by
placing a great amount of faith in an algorithm's purported integrity.
-C. Prichard
------------------------------
From: "Prichard, Chuck" <[EMAIL PROTECTED]>
Subject: Re: CipherText E-mail encryption
Date: Fri, 15 Jun 2001 16:34:33 GMT
I am experiencing an unusual delay in encoding larger (20KB) CXT files
with BASE-64.
The same RTF plaintext file is encoded very rapidly.
Any ideas?
-C. Prichard
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Those 8x32's I made !!!
Date: Fri, 15 Jun 2001 16:38:18 GMT
Hey those 8x32s I made using truncated input GF inversion have a DPmax of
2/256 or 1/128 just like those from CAST.
So without much thought or theory I made sboxes that are about as decent as
the ones from CAST [in a fraction of the time too].
The only downfall with the GF inversion sboxes is they have a low algebraic
degree. Some form of linear mixing [like an affine transform on the output]
could be used. It wouldn't slow down the algorithm at all and help avoid
those attacks.
http://tomstdenis.home.dhs.org/big.zip
has the code to make them and eight 8x32s.
They have awesome diffusion too. Over all pairs of inputs (with non-zero
diff) the output difference is in all four bytes with a 99.7% prob.
So my sboxes are easy to make and there are many of them [2^24 8x32s]. They
are about as NL as can be, they have a low DPmax and very high diffusion.
BTW: I counted the DPmax based on an idea Simon and I came up with. I
basically listed all the output differences [all 255*128 of them] then I
sorted the list and looked for the highest run.
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: CipherText E-mail encryption
Date: Fri, 15 Jun 2001 16:44:42 GMT
"Prichard, Chuck" <[EMAIL PROTECTED]> wrote in message
news:tOqW6.1184$[EMAIL PROTECTED]...
> I am experiencing an unusual delay in encoding larger (20KB) CXT files
> with BASE-64.
>
> The same RTF plaintext file is encoded very rapidly.
>
> Any ideas?
Don't use Visual Basic?
Tom
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: ENCRYPTION TYPE - UNKNOWN! :(
Date: Fri, 15 Jun 2001 15:35:39 GMT
Total Annihilation wrote:
> If you now what it is then point me in the name of some information on it
> coz I would like to crack this on my own really :)
Hints: first, tally the number of occurrences of each character.
Notice that the alphabetic characters have a distinct distribution
different from that of the punctuation characters.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack,
Date: Fri, 15 Jun 2001 16:00:28 GMT
Mok-Kong Shen wrote:
> I am not a mathematician, let alone a logician. But from
> what I know it seems to be true that one has learned that
> the route taken by the two authors is a dead end only
> (or mainly) 'through' the very knowledge of their failure.
No, the futility of their endeavor was demonstrated by
others. The only role that PM played was to provide a
well-known example of a logical system that could be
Goedel-numbered. A number of other axiomatic systems
could have been used as an example instead of PM.
> ... I happened to read in a literature saying that,
> although their work failed, that work as such has an
> essential (positive) influence on the advancement of the
> following researches undertaken by others in that and
> related fields.
Not to my knowledge (which is extensive although not
exhaustive). I actually *read* (most of) PM in high
school, and despite frequently being involved in
research involving logic and formal systems, I have
found no use at all for the contents of PM, not even
the notation (which is cumbersome).
> that that book has set forth a good style of rigor in
> attempting axiomatization of arithmatics that stimulates
> later similar works in logics.
There is no doubt that PM served as an impetus to the
formalist approach to mathematics. However, several
other contemporary logicians were just as concerned
about rigorous methods of deduction. PM is sometimes
used as a standard example, but only as an example.
> BTW, you must know better as mathematician of how to
> currently best learn the foundations of arithmatics. In a
> math course for non-mathematicians that I had taken very
> long time ago, that was dealt with very quickly with the
> Peano axioms. But I remember that my fellow-students who
> majored in math studied a book written by Landau on that
> topic and that book was not extremely thin (though
> certainly not comparable at all in extent to that of
> Whitehead and Russell) and had an appearance of some
> difficulty for me (as least as far as my impression of
> that time goes). So, pending more knowledge of experts'
> view, I am yet not very sure that the two authors had
> extremely overexagerated in the treatment of their
> subject in the sense that they wrote in unnecessarily
> long-winded and expensive (for the readers' energy)
> ways.
? PM wasn't "long-winded"; it was almost entirely
formalism. It isn't that axiom sets are especially
complicated; the problem is that it takes a *lot* of
formalism to spell out *every* step in a logical chain
of deduction when only very basic axioms are used. So,
back to 1 + 1 = 2, there are lots of ways to prove that,
but the details depend on what one can start with.
Using only very low-level concepts and axioms forces a
lot of development that is not necessary when one can
take for granted higher-level concepts and theorems.
I have a paper on Jaskowski's system of deduction that
I hope to post on a Web site some day; it contains
examples of strict step-by-step deductive reasoning,
and can serve as a demonstration of the fact that such
derivations are typically long, tedious, and boring.
> Another thing that I happened to know and may be
> interesting in this connection is that not quite
> long ago in a certain university a math prof spent
> one 'entire' semester to explain the foundations of
> arithmetics such that, because of consequently less
> time available to treat other stuffs in the succeeding
> semesters, the students under that prof were found to
> be at disadvantages to work out the normal types of
> math exam sheets (where the foundations of arithmatics
> are rarely an issue) in comparison to fellow-students
> that were under other profs who treated the topic of
> foundations of arithmetics rather tersely and quickly.
> So it seems correct to say that even under the 'current'
> mathematics professors opinions could essentially differ
> as to what details/extents an upcoming mathematician
> should learn about the foundations of arithmeics.
Of course; people have differing opinions on almost
anything. It sounds like that professor did the
students a disservice. On the other hand, perhaps they
were so poorly prepared before entering the course that
the professor saw it would be a waste of time to develop
more advanced topics until there had been remedial work
on the basics. I see this in high school math classes,
where the majority of the students don't have even an
elementary-school level of competency in math.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Substitution Humor!
Date: Fri, 15 Jun 2001 16:14:42 GMT
Thierry Falissard wrote:
> After ol, ve frenchmen pronuns Inglich ekzaktli lik zat...
Tray droll.
------------------------------
From: "Prichard, Chuck" <[EMAIL PROTECTED]>
Subject: Re: CipherText E-mail encryption
Date: Fri, 15 Jun 2001 17:00:22 GMT
> > I am experiencing an unusual delay in encoding larger (20KB) CXT
files
> > with BASE-64.
> >
> > The same RTF plaintext file is encoded very rapidly.
> >
> > Any ideas?
>
> Don't use Visual Basic?
>
> Tom
>
VB does the encoding quickly on a plaintext RTF while it takes much, much
longer on CXT.
??? I wonder why. No spaces in the CXT??? It seems odd.
-C. Prichard
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: CipherText E-mail encryption
Date: Fri, 15 Jun 2001 17:02:45 GMT
"Prichard, Chuck" <[EMAIL PROTECTED]> wrote in message
news:GarW6.1187$[EMAIL PROTECTED]...
>
> > > I am experiencing an unusual delay in encoding larger (20KB) CXT
> files
> > > with BASE-64.
> > >
> > > The same RTF plaintext file is encoded very rapidly.
> > >
> > > Any ideas?
> >
> > Don't use Visual Basic?
> >
> > Tom
> >
> VB does the encoding quickly on a plaintext RTF while it takes much, much
> longer on CXT.
>
> ??? I wonder why. No spaces in the CXT??? It seems odd.
Ok I will be honest. I have no clue what CXT is.
Tom
------------------------------
Date: Fri, 15 Jun 2001 07:46:15 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Subject: Re: Avoiding RSA padding altogether?
=====BEGIN PGP SIGNED MESSAGE=====
Benjamin Goldberg wrote:
> Paul Crowley wrote:
> > Something I wondered while reading the descriptions of OAEP and PSS.
> > Is there a simpler way to ensure that the input to RSA is unstructured
> > and fairly pseudorandom, by moving away from thinking of it as
> > "padding" altogether?
> >
> > For encryption, it seems like something akin to DHAES would be
> > applicable to RSA: choose a random number R fairly between 0 and N-1
> > (where N is the RSA modulus), encrypt R using RSA without padding and
> > send that as a header, and use Hash(R) as a secret key to encrypt and
> > MAC your message.
>
> Umm, wouldn't you prefer to pick R between 2 and N-1?
[0, N-1] works fine and is equally secure.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOymvETkCAxeYt5gVAQHOGwf/eohiQZO7X4cy/jF40yFATZTrLRlJJd9+
cMMIccOzVZCdYnyPWXCbhW11w8NybXgpCWNSTPX6/kTOn6PgWm5VZp5DXOFfuFsK
oFieYZWMtDjhXt7rNrTXGoBM7oMZVtXky1ZE2A5LYn6rzDpPvPl7TD9URvaJb1oM
xEM3vkSCHU/YCq5sywds7VPd92LwtV+ciW056hNW4e/Uzf9VM3uPciBWaqJvptEO
DItGfxNUEOa04ug9W5aQgPW02f7Z554GID3gdoDpB6S4knW9Qgqde2ZvQcz2ZuQO
Dtjbb0yq5Ji7JeTGZigUITd08aWlKS+SErW9MH0Gov6bz0vr+nXdiA==
=9UMB
=====END PGP SIGNATURE=====
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
