Cryptography-Digest Digest #336, Volume #9 Sun, 4 Apr 99 10:13:07 EDT
Contents:
Re: Software for breaking polyalphabetic substitution ciphers (JPeschel)
Bad use of hashes. (was: Re: GPS, encrypted data base and mushroom (Nathan Kennedy)
Re: True Randomness & The Law Of Large Numbers (Bryan G. Olson; CMSC (G))
Re: RC4 CAN SOMEONE TELL ME IF THIS WILL WORK? ("Sassa")
Re: True Randomness & The Law Of Large Numbers (Bryan G. Olson; CMSC (G))
Re: New Hash Algorithim ("Douglas A. Gwyn")
Re: Alert: "HAPPY99.EXE" e-mail/newsgroup virus ("Cameron McCormack")
Diffie Hellman - avoiding the man in the middle (Peter Gunn)
Re: True Randomness & The Law Of Large Numbers ("Trevor Jackson, III")
Re: True Randomness & The Law Of Large Numbers ("Trevor Jackson, III")
Re: New Hash Algorithim (new Idea) ([EMAIL PROTECTED])
Re: RC4 CAN SOMEONE TELL ME IF THIS WILL WORK? ([EMAIL PROTECTED])
Re: quick RSA key generation question ("Trevor Jackson, III")
Analysis of RC5/6 and IDEA ([EMAIL PROTECTED])
Re: Random Walk ("Trevor Jackson, III")
Re: Norton diskreet ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Software for breaking polyalphabetic substitution ciphers
Date: 4 Apr 1999 08:12:03 GMT
>[EMAIL PROTECTED] (wtshaw)writes:
>Surely Jim G. has the ready software. Eh, guy?
He (and others) should: it's easily found on the net.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Nathan Kennedy <[EMAIL PROTECTED]>
Subject: Bad use of hashes. (was: Re: GPS, encrypted data base and mushroom
Date: Sun, 04 Apr 1999 16:24:47 +0800
[EMAIL PROTECTED] wrote:
<snip>
> Unfortunately, even 10 cm precision does not guarantee the
> mushroom is there. Even if the timing is right and the mushrooms grow
> well there is a chance that somebody has already picked them up.
> Knowing this fact in advance will be beneficial to the picker. He would
> merely skip the spot and go straight to the next one. Gribnik Pro, a
> soupped up version of the program, offers a solution even to this
> problem. When one member of a group of hunters picks a mushroom,
> or finds that the spot has been cleared by a low tech babushka, he
> marks the spot on the map and shares his knowledge with the others.
>
> The sharing has a drawback. If a persons posts the coordinates of the
> spot he has just cleared all others become aware of the spot. A good
> hunter keeps best spots secret. Messrs. Shen and Sherstyuk founded
> a web site where the
> users of Gribnik Pro could post the coordinates of their spots in an
> encrypted form. (To be more precise, a so-called one-way hash
> function of the coordinates is posted on the web.) This way, the
> competitors cannot read the coordinates off the web. However, if two
> people know about one spot, the program would compare the hash
> function values of the coordinates from the data bases of the two
> hunters. This allows one hunter to post a note that the spot has been
> visited without revealing the coordinates of the spot. Those who also
> happen to be aware of the same spot will be able to understand the
> message. Others, who have not been to the spot will remain unaware
> of it. This yet another example of how, with little help from modern
> cryptography, one can eat a cake and still have it. The cryptographic
> part of Gribnik was contributed by Roman Avdanin of Invincible Data
> Systems, Inc. (http://www.incrypt.com)
<snip>
Since this is supposed to be about crypto--
These claims are deceptive and false. Undoubtably the system is dependent
on proprietary software for security, i.e. OBSCURITY, not security.
Deceptive, because hashes can be used very similarly for true security.
False, because this system as described here is insecure.
Insecure, in that all one has to do is download the hashes of the
coordinates and run a dictionary attack.
Given a list of hashes of coordinates with 10cm resolution anywhere on the
face of the earth, one could recover them, in 7 x 10^19 hashes max. Given
that you wouldn't expect mushrooms to grow in the Pacific, and you are
probably interested in mushrooms only over a few hundred square miles max,
AND that the coordinates probably are not that specific, it would only take
a tiny fraction of that work.
Think about it. How are you going to KNOW that someone has actually
visited this spot? Just b/c they hashed the coordinates? No!!
Only a hardware solution will work. The only secure way to do this would
be something like this. The GPS satellite itself sends not just the
coordinates to the GPS device, but also a hash of the coordinates + a
secret GPS key, that only the satellite owners know (and they must be
trusted!). Plus maybe a crypto-signed timestamp would be good. Only the
GPS satellite actually KNOWS that you are in position X. (And I don't
know, maybe there's a way to lie to the satellite too, but that's a
different matter).
Nate
--
bogosort(int *l,int n){int i,a,b;do{a=random()%n;b=random()%n;i=l[a];
l[a]=l[b];l[b]=i;i=1;while(i<n&&l[i-1]<=l[i])i++;}while(i<n);}
------------------------------
From: [EMAIL PROTECTED] (Bryan G. Olson; CMSC (G))
Subject: Re: True Randomness & The Law Of Large Numbers
Date: 4 Apr 1999 09:13:35 GMT
R. Knauer ([EMAIL PROTECTED]) wrote:
: On Thu, 01 Apr 1999 22:38:43 GMT, [EMAIL PROTECTED] wrote:
: >Feller's point in no way implies that a large portion of molecules
: >will be farther than 10,000 units from the mean after a million
: >unbiased leftward/rightward events.
: >In fact 10,000 units at n=1000000 is 20 standard deviations; 0.05*n
: >is 100 standard deviations. Even with a gallon of perfume, we expect
: >_no_ particles that far out.
: Then how do you explain the weird "abnormal" things that Feller
: discusses in the chapters on the random walk and the uniform Bernoullu
: process? And what is his second volume about fluctuations all about?
: Is he advancing snake oil, or is there something fundamental about
: random processes he is trying to tell us?
I haven't written anything that implies no statistician will write
about abnormal phenomena or fluctuations. You simply have not
understood what theory applies where.
: Quantum mechanics is all about true randomness, yet after nearly a
: full century, no one has come up with a satisfactory mathematical
: model to explain the "collapse of the wave vector".
And to show that your predictions about a random walk are wrong,
we certainly don't need to.
: IOW, I am challenging your contention that true randomness can even be
: modeled mathematically, even to the extent that you can determine with
: reasonable certainty tbat a process is not truly random based on
: statistical tests.
But your doing it by not defining your terms.
: I find it a bit curious that no one has challenged my contention that
: if you could model true randomness using statistical models, that you
: could then use them to filter the output of PRNGs to produce true
: random sequences - which we know is impossible.
O.K.; I'll bite. First I challenge you to define what you mean.
I'll assert that statistical hypothesis testing can show that some
bad candidate TRNGs are in fact bad. Now precisely how can you use
this to deterministically generate true random numbers?
: I have read most of what Greg Chaitin has written about the Unknown in
: mathematics, and I am basing much of what I am claiming on those
: meta-mathematical considerations - although it does not show in these
: discussions. I am waiting to get past these hurdling blocks, so we can
: really get down to business with regards to True Randomness.
While I've merely read about the fundamentals of probability and
statistics. I've found that understanding a little is better than
cataloging a lot. I've often joked that I have a friend who's into
Chaos Theory, only he thinks the point is that we must find and kill
some butterfly.
: >You wrote
: Sorry, but I do not care to spend time on nitpicking.
Gee, I was under the impression you lived for it.
: >> Are you saying that a run of 100 zeros conclusively demonstrates that
: >> a TRNG is malfunctioning? How about a run of 100 zeros in a sequence
: >> of 10^9 bits?
: >Yes. Reject the candidate TRNG.
: No. The best you can decide is that the TRNG is *possibly* broken,
: which then requires you to check it out.
Given any reasonable estimate on the probability that the TRNG
is broken in such a way as to produce 80 zeros in a row, I
quantify a lower bound on the probability that the candidate
TRNG is broken, and that probability will be close enough to one
that I can safely reject it.
Even with no estimate on the probability of broken TRNGs, I
can say that my policy of rejecting TRNGs if the 10^9 bit test
produces a string of 80 zeros has a negligible probability of
rejecting a good TRNG. If I, and everyone else in the world,
devote the rest of our lives to TRNG testing, we would not
expect anyone adopting this criterion to reject a single good
TRNG.
: >Yes, but let's solve one problem at a time. You want precise
: >quantitative arguments, I ask at least that you follow those
: >given. Under our binomial distribution with p=q=0.5 and
: >n=1000000, the number 0.05*n is 100 standard deviations. We
: >do not expect particles outside of 100, or even 20 standard
: >deviations from the mean.
: Yet Feller shows that a significant number of sequences are outside
: that range. It all depends on how you pose the measurement.
It was you who posed the question, and you said it was a
binomial distribution. Now can you quote Feller as saying
a significant proportion of sequences with p=q=0.5 and n=
1,000,000 will differ from the mean by 50,000 or more?
: I have known for over 35 years that the Gaussian distribution falls
: off very slowly. And I realize that the lone sequence at the far outer
: reaches is the sequence that is all zeros or all ones, and that
: compared to the rest of the sequences, it is very lonely out there.
Again, I must point out the importance of quantitative reasoning.
How long you've known what and the loneliness out there will not
help us answer the question. One hundred standard deviations
will.
: What does that have to do with true randomness, in particular
: statisticall measures of true randomness?
It was you who brought the question up, so you can decide what
it has to do with what you were talking about. I cannot see
how it could have been relevant if your conclusions were correct,
but irrelevant that your conclusions are wrong.
--Bryan
------------------------------
From: "Sassa" <[EMAIL PROTECTED]>
Subject: Re: RC4 CAN SOMEONE TELL ME IF THIS WILL WORK?
Date: Sun, 4 Apr 1999 12:14:04 +0200
Reply-To: [EMAIL PROTECTED]
3-Apr-99 21:58 you wrote:
> Mahlzeit
> [EMAIL PROTECTED] wrote:
>> > for(i=0 ; i< 10 ; i++ , p++ , q++) /* Combine Key to make initalzation
>> > */
>> > { *p = *q; /* VECTOR */
>> > }
> Interesting way to say memcpy.
say,
for( i=10+1; i--; *p++=*q++ );
:)
--
Sassa
Apiary Inc.
______
@()(_)
/\\
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Bryan G. Olson; CMSC (G))
Subject: Re: True Randomness & The Law Of Large Numbers
Date: 4 Apr 1999 09:17:53 GMT
R. Knauer wrote:
: Yet people still insist that if their pet RNG
: passes such and such a statistical test, it is truly random.
: Hell, the famous FIPS-140 says that. Have you ever read FIPS-140?
Can you quote where FIPS-140 says that? Note that saying to
reject a generator that fails statistical tests is not the
same thing.
--Bryan
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: New Hash Algorithim
Date: Sun, 04 Apr 1999 09:35:18 GMT
Rheda Barretina wrote:
> I've looked at your code and at MD5 pseudo-code also.. but the two
> algorithms seem to be based just on tons of mathematical and binary
> operations, which - I think- have their oposed operation... So, what
> makes them really irreversible?
Essentially *any* "hash" is by nature irreversible, since it maps
many input values to a single output value, so information is lost
about which one of the possibilities was the actual input.
*Cryptographic* hash functions are intended to provide such a large
output space that one who does not already know the input cannot
effectively find *any* input that will produce a given output.
> Wouldn't the use of irreversible operations make a hash function really
> secure? (except for plain text attacks & brute force, of course..)
It is easy to devise an irreversible operation, e.g. just discard
all but the first yay bits of the input and call the result the hash.
The difficulty is in devising one that meets the criterion for
*cryptographic* hashing as I descibed above.
There are other, more sophisticated criteria too, but that should
suffice.
------------------------------
From: "Cameron McCormack" <[EMAIL PROTECTED]>
Crossposted-To:
comp.lang.pascal.delphi.misc,comp.databases.paradox,comp.databases.ms-access
Subject: Re: Alert: "HAPPY99.EXE" e-mail/newsgroup virus
Date: Sat, 3 Apr 1999 22:58:58 +1000
I see they've arrested the guy who wrote the virus. He was charged with
five offences (can't remember what they were), and if he was sentenced to
the maximum possible extent for each offence, he'd get 40 years in prison!
Cameron
_____________________
[EMAIL PROTECTED]
------------------------------
From: Peter Gunn <[EMAIL PROTECTED]>
Subject: Diffie Hellman - avoiding the man in the middle
Date: Sun, 04 Apr 1999 14:16:10 +0100
Hi,
Im coding a simple diffie hellman key exchange for use with a network
proggie,
and I'm wondering if anyone could help me out with a few pointers...
Asssuming...
g base (==2)
x1 'random' number, chosen by user app (< p-1)
p large prime (prolly 1024bit)
x2 'random' number, chosen by server app (< p-1)
it works like this (just a plain vanilla Diffie-Hellman)...
1) After connecting, user application works out y1=(g^x1)%p
and sends this to the server
2) Server works out y2=(g^x2)%p and sends this back to the
client
3) Client works out z1=(y2^x1)%p and feeds the output
through a hash function to give a secret key for symettric
block cipher.
4) Server works out z2=(y1^x2)%p and feeds the output
through a hash function to give a secret key for symettric
block cipher.
5) Both client & server have the same secret key, and
encrypt/decrypt all traffic with a block cipher.
Ok, my questions...
1) Is a fixed base of g==2 ok??
2) Does x1 and x2 both have to be > p-1 ??
3) If x1 and x2 are in the range 0...2^128
is this enough??? or does the range depend on
the size of prime used (obviously 2^R (where R
is the top of the range) must be larger
than p-1 ??)
4) I would like to used a block cypher with a key
length >=128 bit, but Ive heard hearsay that
the security of a DH key exchange depends on the
size (as in bits) of the prime used... is 1024bits
enough to make the key exchange 'as secure' as
the 128bit encryption?? how do you compare these
things??
5) can the prime be public and have a fixed value?
6) How can I avoid a man in the middle attack where
he sits between the client and server and
exchanges his own DH values with them??
ttfn
PG.
------------------------------
Date: Sun, 04 Apr 1999 09:29:24 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
R. Knauer wrote:
>
> On Sat, 03 Apr 1999 09:37:32 -0500, "Trevor Jackson, III"
> <[EMAIL PROTECTED]> wrote:
>
> >Classic puzzle:
> >
> > Those we caught we threw away,
> > Those we didn't catch, we kept.
> >
> >The answer was supposed to have eluded Pascal, driving him mad: Fleas.
> >Note that fleas are insects -- bugs.
>
> Berry Paradox: "True randomness cannot be described."
>
> But that statement itself is a description of true randomness.
No, it is not.
>
> >Right. However, those RNGs will not pass the analytic inspection test.
> >Any deterministic RMG trivially fails the inspection test
>
> What do you mean by "analytic inspection test"?
The moral equivalent of peer review. Logically it consists of a
comparison of the device against the known weaknesses of other devices.
E.g., Is the device deterministic? Does it have bias, or worse drift?
Is it well insulated (against an adversary influencing the output)?
Does the implementation actually follow the original design?
These are issues that the designed *shuould have* considered prior to
the construction of the device. Once the device exists and is operable,
all of the issues need to be reviewed, and the operation compared to the
predicted pattern (not the output, the mechanism: data rate, operable
temperature range, etc.)
------------------------------
Date: Sun, 04 Apr 1999 09:32:09 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
R. Knauer wrote:
>
> On Sat, 03 Apr 1999 10:10:06 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
> wrote:
>
> >In fact it is not hard to create
> >a RNG whose output passes almost any standard statistical test
> >for a uniform, uncorrelated sequence, yet can be cracked by a
> >good cryptanalyst.
>
> In a lengthy debate on sci.crypt 1 1/2 years ago, it took nearly one
> thousand posts for a prevailing consensus of opinion to emerge that
> was in agreement with what you just stated. Even now, you can spot
> people on sci.crypt who claim that their magical tests certify the
> unbreakability of their RNG with certainty.
Really. Either name one or retract this statement.
>
> Now the question is whether a RNG whose output fails standard
> statistical testing can *necessarily* be cracked by a good
> cryptanalyst. I hope it won't take one thousand posts for a prevailing
> consensus to emerge this time.
The answer is obvious: No. There is a vast gap between "crackable by a
good cryptanalyst" and not provable secure.
>
> BTW, a prevailing consensus does not mean one in agreement with my
> position. In the first debate referenced above, I was one of those who
> had maintained that statistical tests were adequate to certify the
> unbreakability of a RNG. I am maintaining the position in this second
> debate, because I do not automatically accept statistical test failure
> as the criterion rejecting a RNG as breakable. But who knows - I may
> be wrong again. Nobody said a Devil's Advocate had to be correct.
>
> >It depends on the actual requirement. There can be bias in a
> >keystream so long as it does not provide any leverage to the
> >enemy analyst. And I would say the the necessary "inspection"
> >is by no means simple; sophisticated mathematical analysis is
> >called for, along with experience in exploiting vulnerabilities
> >of similar systems.
>
> If you are talking about a physical device then you must treat it like
> a piece of scientific equipment and certify its performance using
> accepted scientific techniques, including a peer-reviewd design audit
> and diagnostic tests for each subsystem.
>
> >The main thing is, *if* system security requires certain
> >distributional properties of the keystream, and *if* one
> >can discover with an appropriate test that the keystream
> >is reproducibly not meeting those requirements, *then*
> >the keystream is defective for this security application.
>
> What are the distributional properties of the keystream for the
> general (proveably secure) OTP cryptosystem? By "general", I mean no
> assumptions and no restrictions on its intended usage.
>
> Bob Knauer
>
> "The brave men who died in Vietnam, more than 100% of which were
> black, were the ultimate sacrifice."
> - Marion Barry, Mayor of Washington, DC
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: New Hash Algorithim (new Idea)
Date: Sun, 04 Apr 1999 11:14:33 GMT
I was just thinking, wouldn't a cipher be a good hash?
I modified RC5 to become a 256-bit hash, check it out at
http://members.tripod.com/~tomstdenis/hash.c
You need to know about RC5 to figure this one out.
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RC4 CAN SOMEONE TELL ME IF THIS WILL WORK?
Date: Sun, 04 Apr 1999 11:10:26 GMT
> for( i=10+1; i--; *p++=*q++ );
memcpy(p, q, 10);
:)
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
Date: Sun, 04 Apr 1999 09:45:37 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: quick RSA key generation question
Fritz J Schneider wrote:
>
> On Sat, 3 Apr 1999 [EMAIL PROTECTED] wrote:
>
> > Huh? I don't understand what you are asking. The most signficant bit of
> > any number is always 1. And if you propose that you generate p and q such
> > that they have leading zeros then turn on the MSB, I simply note that that
> > action changes p and q.
> >
> > What are you REALLY looking for?
>
> No need to get snippy. Let me clarify. Using an appropriately
> seeded Blum-Blum-Shub PRNG, I generate two random bitstrings of the length
> required for for p and q. I'm setting the LSB to 1 in both because
> there's no sense in running a primality test on an even number. What I'm
> wondering is if it is standard practice to set the MSB of those randomly
> generated bitstrings (that are possible values for p and q) to 1 to ensure
> that p and q have sufficiently large values.
> I subsequently trial divide each by small primes and then use
> miller-rabin. While they're compositie, I increment by two and test
> again.
>
I believe the standard technique is to first pick a width (512, 1024,
etc.). Set the *two* MSBs of that width to one and fill the rest with
random bits.
------------------------------
From: [EMAIL PROTECTED]
Subject: Analysis of RC5/6 and IDEA
Date: Sun, 04 Apr 1999 13:11:02 GMT
I am looking for analysis on RC5 RC6 and IDEA. Even on reduced round
variants.
Thanks,
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
Date: Sun, 04 Apr 1999 10:07:08 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Random Walk
R. Knauer wrote:
>
> On Sat, 03 Apr 1999 11:06:22 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
> wrote:
>
> >If you build your "TRNG" exploiting quantum principles,
> >then construct a UBP such as a random walk from its output,
> >you will get the *same* "counterintuitive" features that
> >you gleaned from Feller. It isn't a matter of quantum vs.
> >classical, but rather of defective intuition.
>
> I disagree with the last statement.
>
> I believe that true randomness is a quantum phenomenon, and that
> classical "randomness" is not true randomness but is a form of
> pseudo-randomness. After all, in classical physics everything is
> determinant, so classical processes cannot be truly random.
Wrong. Classical systems can be as random as you like. Random, in this
discussion, means unpredictable. Determinism does not imply
predictability. It is necessary, but not sufficient. Preditability
requires both determinism and information about the initial conditions.
Madern physical threoies may have the property that they are
non-deterministic. If this is true then they are good sources for
unpredictability because the postulate of non-determinism yeilds a
conclusion (proof) of unpredictability.
OTOH, classical systems are unpredictable due the the lack of
information on initial conditions. Sun's lava lamps could, in theory,
be completely modeled deterministicly, yet the input bandwidth,
including such things as power line noise, radiant heat from the
presence of observers (inspectors), would be ridiculously large. The
model would be just a hash on that input stream.
Is this predictable? Hardly. It is not provably unpredictable the same
way non-deterministic systems are, but there is no reason to believe
that anyone could actually predict the input stream in practice. Given
the postulate specifying this lack of information regarding initial
conditions we can prove that the resulting classical system is
unpredictable.
Note that I prefer fish tanks to lava lamps.
>
> Classical physics relies on the ability to calculate an outcome with
> reasonable certainty. IOW, it relies on computable numbers. But there
> are an infinite count of uncomputable numbers between any two
> computable numbers, so classical physics is excluding an infinite
> count of different ways to determine a result.
>
> Quantum physics does not claim to be able to determine all results. I
> suspect that what is at work behind the scenes in a quantum process is
> something involving uncomputable numbers. Of course, those numbers are
> infinitely long, but so are computable numbers. Nevertheless, the
> universe has a way of using them to determine the outcome of quantum
> events.
>
> But that is just my conjecture. Who am I to know anyway? After all, I
> can't do that calculation on the back of an envelope, and it is not
> intuitively obvious upon casual inspection, either.
>
> Bob Knauer
>
> "The brave men who died in Vietnam, more than 100% of which were
> black, were the ultimate sacrifice."
> - Marion Barry, Mayor of Washington, DC
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Norton diskreet
Date: Sun, 04 Apr 1999 13:57:39 GMT
In article <7ds0un$ql4$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Well, what algoritihm does Norton Diskreet use? If it's something like
> XOR I can do this for you (and I'll do it for free ...), if it's, like,
> DES, then, well ... you're screwed.
>
> >
Unfortunately its DES but from what i've heard it is possible to break it.
Borut
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
