Cryptography-Digest Digest #93, Volume #9 Wed, 17 Feb 99 09:13:03 EST
Contents:
Re: More Security for Single-DES? (fungus)
Re: encryption debate (Gurripato (x=nospam))
Re: encryption debate (fungus)
Re: Block ciphers vs Stream Ciphers (fungus)
Re: Key generation benchmarks (Ian Goldberg)
Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness Come
From ?!? *** ) ([EMAIL PROTECTED])
Re: encryption debate (R. Knauer)
Re: encryption debate (R. Knauer)
Re: True Randomness ("Trevor Jackson, III")
Re: encryption debate ("Lassi Hippeläinen")
Re: True Randomness (R. Knauer)
Re: Really lousy random numbers (Patrick Juola)
VHDL models for cryptographic modules ("CIR etudes")
US government rules for cryptographic material ? ("CIR etudes")
Re: encryption debate (R. Knauer)
Re: encryption debate (Patrick Juola)
Re: security? (och)
----------------------------------------------------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: More Security for Single-DES?
Date: Wed, 17 Feb 1999 22:22:28 +0100
Terry Ritter wrote:
>
> That is the claim for DESX. But DESX is fairly well known, and has
> been an option for years. So why are the bankers going to Triple-DES
> instead of DESX? I *know* they hate tripling their encryption
> overhead....
>
DESX is only secure against brute force attacks, it has very little
extra strangth against differential cryptanalysis. Banks tend to
send a lot of very similar messages, perfect for a differential
cryptoanalyser...
Having said this, DESX with frequent key changes should be as secure
as Triple DES.
PS: Oh, and banks are very conservative....
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED] (Gurripato (x=nospam))
Subject: Re: encryption debate
Date: Wed, 17 Feb 1999 10:57:18 GMT
On Tue, 16 Feb 1999 08:51:42 -0800, Dennis Suchta <[EMAIL PROTECTED]> wrote:
>> There is no "Right To Privacy" in common law. There is only the right
>> to be free from unreasonable searches and seizures.
>>
>> Amendment IV
>>
>> The right of the people to be secure in their persons, houses, papers,
>> and effects, against unreasonable searches and seizures, shall not be
>> violated,
This is a good operational definition of the Right to Privacy
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: encryption debate
Date: Wed, 17 Feb 1999 22:16:37 +0100
BVBECK wrote:
>
> I am a student with Metropolitan University in St. Paul, MN. working
> on a thesis. The topic of the thesis is the debate on strong encryption.
This really belongs in talk.politics.crypto, not sci.crypt.
> Answer as many or as few as you like, and any comments you would care
> to make.
>
> What is your age?
> <20 21-30 31-40 41-50 >50 No answer
>
31-40
> Are you?
> Male Female No answer
>
Male
> Is using a cell phone, pager or email a normal part of your daily routine?
> Yes No No answer
>
Yes
> Is using a computer a part of your daily routine?
> Yes No No answer
>
Yes
> Does your employer rely on cell phones, pagers or emails?
> Yes No No answer
>
Yes
> How many calls do you make a week to or from a cell phone?
> 0-10 11-25 26-50 50+ No answer
>
0-10
> How many times a week to you send or receive messages from a pager?
> 0-10 11-25 26-50 50+ No answer
>
0
> How many email messages a week do you send or receive?
> 0-10 11-25 26-50 50+ No answer
>
26-50
> Have you heard news reports of people eavesdropping using radio scanners?
> Yes No No answer
>
Yes
> Could eavesdropping be either embarrasing or damaging to you or your
> employer?
> Yes No No answer
>
Yes
> Do either you or your employer use password protection on computers?
> Yes No No answer
>
No
> Do you think police investigators should be able to conduct wiretaps on
> phones, pagers and email (with court approval)?
> Yes No No answer
>
No.
This is a very loaded question. Let me ask you a another loaded question
in reply:
Would you allow the police to install video cameras in your house, and
on street corners, on the condition that they would only switch them
on with court approval?
The government has show time and time again that if you give them an
inch, they'll take several thousand miles. My personal life should not
be transparent to anybody. Imagine a bunch of police officers listening
in to an intimate phone call and laughing at what two lovers are saying
to each other. Imagine low rank IRS people wasting time by looking up
the tax declarations of the rich and famous for "fun", etc...
As one of the sci.crypt posters says: "power is no fun unless you can
abuse it". Experience has shown that if you give the government an
inch, they'll take several thousand miles. eg. Anti money laundering
laws, forfeiture laws, the "bank secrecy act", yada, yada, yada...
If my right to privacy precludes wiretapping then the the police will
have to use some of the other methods at their disposal. This belief
doesn't mean I'm on the side of the criminals as a casual observer
might imply by reading my answer to your question.
> SIDE TWO:
> The benefit of the right to privacy outweighs the benefits to law
> enforcement being able to conduct some investigations, and/or the
> government can’t manage the ‘back doors’ well enough so no one else
> could use them.
>
> Which side to you agree more strongly with?
>
> Side One Side Two No answer
Very definitely side two.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: Block ciphers vs Stream Ciphers
Date: Wed, 17 Feb 1999 22:11:57 +0100
Patrick Juola wrote:
>
> In fact, he could change the order by simply changing these bytes
> please sell $100,000 worth of IBM
> ^ ^^^
> w/o even understanding what the original order was, and simply hope
> to get a meaningful message -- which in the case of stock abbreviations
> is rather likely
>
If you send this kind of message without any kind of signature or
checksum then you deserve all you get...
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED] (Ian Goldberg)
Subject: Re: Key generation benchmarks
Date: 17 Feb 1999 12:38:29 GMT
In article <[EMAIL PROTECTED]>,
Felix Geiringer <[EMAIL PROTECTED]> wrote:
>Sorry if you read this on a different security newsgroup.
>
>I'm trying to generate quotable timings for key-pair generation on popular
>PKCSs. I am outside the US and cannot download source. Can anybody please
>help?
Why can't you download source? www.openssl.org.
- Ian
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
sci.skeptic,sci.philosophy.meta,sci.psychology.theory,alt.hypnosis,sci.logic
Subject: Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness
Come From ?!? *** )
Date: Wed, 17 Feb 1999 12:57:41 GMT
Isn't random such a fantastic word?
to me, it looks like ants run around 'randomly'
when someone breaks in snooker - the balls shoot off 'randomly'
I don't know where this idea of Random based conscioussness comes
from, Random Consciousness is an oxymoron...
Consciousness based on Chaos or complexity theory perhaps?
OR, what i suspect, you are somehow referring to Quantum Theory - this
may well be random in a sense.
Consciosness needs this so called 'randomness' to exploit so it ca
"have its way", or so to speak.
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: encryption debate
Date: Wed, 17 Feb 1999 13:18:37 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 16 Feb 1999 20:17:59 -0600, [EMAIL PROTECTED] (wtshaw) wrote:
>> We all realize that the Constitution can never be properly restored.
>> That is why the only solution to this nightmare is secession.
>What makes you think that our local gaggle of political geese have more
>sense than those somewhere else?
Local political geese can more easily have their goose cooked by the
local citizens they work for.
Democracy only works at the local level. As soon as politicians become
distant, demagoguery sets in because there is nothing citizens can do
about it.
>At least, when most of them are in a
>highly decorated place, inside the beltway, they are easier to keep an eye
>on, and have difficulty in directing enforcing wild notions in the
>hinterlands.
Politicians are much easier to keep an eye on when they are local.
>Even though not in the realistic cards, we here in Texas do reserve the
>treaty right to divide into six different states and get ten more
>senators.
Secession is much easier and much better.
How many decades since the term "United States" was plural? Does
anyone have a clue what the term "sovereignty of the several states"
really means?
Bob Knauer
"Towering genius disdains a beaten path. It seeks regions hitherto
unexplored. It sees no distinction in adding story to story, upon
the monuments of fame, erected to the memory of others. It denies
that it is glory enough to serve under any chief. It scorns to tread
in the footsteps of any predecessor, however illustrious. It thirsts
and burns for distinction; and, if possible, it will have it, whether
at the expense of emancipating slaves, or enslaving free men."
-- Abraham Lincoln
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: encryption debate
Date: Wed, 17 Feb 1999 13:24:14 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 17 Feb 1999 10:57:18 GMT, [EMAIL PROTECTED] (Gurripato
(x=nospam)) wrote:
>>> Amendment IV
>>> The right of the people to be secure in their persons, houses, papers,
>>> and effects, against unreasonable searches and seizures, shall not be
>>> violated,
> This is a good operational definition of the Right to Privacy
But it is glaringly deficient. For one thing it does not prohibit
"reasonable" searches and seizures. If the govt wants to violate your
"right to privacy", it has the legitimate means to do it:
"...and no warrants shall issue, but upon probable cause, supported by
oath or affirmation, and particularly describing the place to be
searched, and the persons or things to be seized. "
Bob Knauer
"Towering genius disdains a beaten path. It seeks regions hitherto
unexplored. It sees no distinction in adding story to story, upon
the monuments of fame, erected to the memory of others. It denies
that it is glory enough to serve under any chief. It scorns to tread
in the footsteps of any predecessor, however illustrious. It thirsts
and burns for distinction; and, if possible, it will have it, whether
at the expense of emancipating slaves, or enslaving free men."
-- Abraham Lincoln
------------------------------
Date: Tue, 16 Feb 1999 08:19:50 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: True Randomness
Douglas A. Gwyn wrote:
> [EMAIL PROTECTED] wrote:
> > Taped permanently to my monitor is a quarter, next to which is written, in red
> > ink, CRYPTOGRAPHICALLY SECURE BIT GENERATOR. When I need a few random bits, I
> > take out the old coin, flip them out. A lot of bitching goes on in this
> > newsgroup about how unportable most random-generation is, or how randomness
> > can't be found, or where to find randomness, etc, etc, etc, but why not just
> > get off your asses and flip a coin?*
> > * This advice DOES NOT apply to NSA cryptographers, whose hands are too tired
> > and sore from masturbating to flip a coin. They'll have to find something
> > else.
>
> NSA cryptographers are aware that coin flipping is not perfectly
> random, and have tools that can detect that.
So they can tell the left handers from the right handers eh?
------------------------------
From: "Lassi Hippeläinen" <[EMAIL PROTECTED]>
Subject: Re: encryption debate
Date: Wed, 17 Feb 1999 14:36:40 +0200
fungus wrote:
> BVBECK wrote:
> <klipklap>
> > SIDE TWO:
> > The benefit of the right to privacy outweighs the benefits to law
> > enforcement being able to conduct some investigations, and/or the
> > government can’t manage the ‘back doors’ well enough so no one else
> > could use them.
> >
> > Which side to you agree more strongly with?
> >
> > Side One Side Two No answer
>
> Very definitely side two.
>
> --
> <\___/>
> / O O \
> \_____/ FTB.
Setting privacy against law enforcement is a smoke screen.
When encryption is limited, its main impact is on ease of industrial espionage.
Nowadays all governental intelligence agencies also monitor international
competition vs. domestic industry, and somehow the gathered information tends to
leak into the hands of the domestic companies.
Strong economy is a part of national security, you know. Ask the Russians.
-- Lassi
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness
Date: Wed, 17 Feb 1999 13:31:18 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 17 Feb 1999 08:23:55 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>> >NSA cryptographers are aware that coin flipping is not perfectly
>> >random, and have tools that can detect that.
>> All finite sequences are at best pseudo-random, that is, they can be
>> tested by pseuo-random statistical tests - but that does not make them
>> truly random. It is the generation process that is either truly random
>> or not, and that cannot be determined algorithmically from finite
>> outputs.
>That misses my point
What was your point?
>(as well as being wrong anyway).
And just exactly what is wrong, anyway?
>Coin flipping is not even asymptotically random.
Oh, really? Perhaps you can tell us why.
>It has nothing to do with algorithmic complexity etc.
That's interesting - Li & Vitanyi use it as an example of a Bernoulli
Process all throughout their book on Kolmogorov Complexity.
You have read Li & Vitanyi's book, haven't you?
Bob Knauer
"Towering genius disdains a beaten path. It seeks regions hitherto
unexplored. It sees no distinction in adding story to story, upon
the monuments of fame, erected to the memory of others. It denies
that it is glory enough to serve under any chief. It scorns to tread
in the footsteps of any predecessor, however illustrious. It thirsts
and burns for distinction; and, if possible, it will have it, whether
at the expense of emancipating slaves, or enslaving free men."
-- Abraham Lincoln
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Really lousy random numbers
Date: 17 Feb 1999 08:31:53 -0500
In article <[EMAIL PROTECTED]>,
Bo Dömstedt <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] (John Curtis) wrote:
>> O.K. please entertain this rather naive question:
>>
>> Let posit that a TRNG exists, that outputs a perfect
>> 16 bit random number every 50 microsecs.
>>
>> Unfortunately, the TRNG is less than perfect, and
>> a sinusoidal signal with a period of 16.6666 millisecs appears
>> additively mixed in with the perfect 16 bit random numbers at a
>> signal level such that the spurious signal toggles bit 4
>> of the TRNG at its peak.
>>
>> If one were to employ this badTRNG to encrypt an English
>> ASCII message via OTP how much of the clear text is recoverable?
>The pad input 16 bit noise, or only 15 bit noise if one bit is known.
>English text contains about 0.5-1.5 bits of noise/character
>(e.g. entropy). That would be 1-3 bits of entropy for 16 bits
>words. Add the values together and you will get 16-19 bits
>of c-t (ciphertext) noise for each output word. Clearly, any
>wiretapping three-letter-agency cannot acquire more than
>16 of these bits....
>--- The quality of the OTP random number stream must be
>enough to fill the non-random part of the plaintext.
>Even a perfect OTP requires a perfect noise sequence
>only if you plan to transmit 000....000....000..000
This analysis simply doesn't make sense. You need enough randomness
to *mask* the non-random plaintext, not to fill the rest of the bits
in some mystical way. If I were transmitting (known) seven-bit ASCII
through an eight-bit channel, my pad doesn't need to produce random
bits for the high bit. If I were transmitting nybbles in the low
half of my bytes (and zeros in the high half), I wouldn't need to
encrypt the high half.
And, even more obviously, if what I'm transmitting is at or near the
channel threshhold (c. 8 bits/byte or 16 bits/word), that doesn't mean
I can get away with a worse pad. I need a *better* pad, not a worse
one, as the channel use increases.
-kitten
------------------------------
From: "CIR etudes" <[EMAIL PROTECTED]>
Subject: VHDL models for cryptographic modules
Date: Wed, 17 Feb 1999 14:38:01 +0100
Hi,
Do you know if we can buy some VHDL (or Verilog) models
of cryptographic modules (like DES, RSA,....) ?
Bye
Thierry Schneider
------------------------------
From: "CIR etudes" <[EMAIL PROTECTED]>
Subject: US government rules for cryptographic material ?
Date: Wed, 17 Feb 1999 14:34:41 +0100
Hi,
I have created a VHDL and Verilog (Hardware Description Language)
description of a
DES and TDEA modules.
For people how are not familiar with these languages, VHDL is a text file
which contains a
description of a module that can be implemented in a chip. This is mainly
intellectual
property.
My question is the following:
I know that the US government has imposed some restrictions in the sale of
cryptographic
materiel. What happens if I want to sale (licence) my source code ? Actually
I am living in
Switzerland (there is no restriction from the Swiss gouvernemnt side), so
what happens
if I try to sell my VHDL to a US-based company ?
What happens if I live in the US ? Can I sale my code to a US based company
? Can I
sell it to foreign companies ?
Thanks a lot for your answers
Bye
Thierry
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: encryption debate
Date: Wed, 17 Feb 1999 13:41:52 GMT
Reply-To: [EMAIL PROTECTED]
>Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
>> But as an NRA sticker once said "An armed society
>> is a polite society" .
>The NRA was quoting Robert Anson Heinlein. In Heinlein's works in
>general, and the source of the quote, "Revolt in 2100", in particular,
>one can find his reason for making the claim. It is not because
>people fear each other, but because all of the rude people are dead.
>I can live with that.
The post below is from someone who researched the Heinlein quote:
+++++
Often, when perusing "patriot" lists, one sees a quotation attributed
to Robert Anson Heinlein stating:
"An armed society is a polite society."
Lots of folks have used it, but I've never seen a citation, so I set
about verifying it for myself. I found it two-thirds of the way
through Chapter 15 of *Beyond This Horizon* (Copyrights 1948, 1942).
In the Signet edition I was reading, that translates to page 147. The
complete pargraph reads thus:
"Well, in the first place an armed society is a polite society.
Manners are good when one may have to back up his acts with his life.
For me, politeness is the *sine qua non* of civilization. That's a
personal evaluation only. But gunfighting has a strong biological
use. We do not have enough things that kill off the weak and the
stupid these days. But to stay alive as an armed citizen a man has to
be either quick with his wits or with his hands, preferably both.
It's a good thing"
+++++
Bob Knauer
"Towering genius disdains a beaten path. It seeks regions hitherto
unexplored. It sees no distinction in adding story to story, upon
the monuments of fame, erected to the memory of others. It denies
that it is glory enough to serve under any chief. It scorns to tread
in the footsteps of any predecessor, however illustrious. It thirsts
and burns for distinction; and, if possible, it will have it, whether
at the expense of emancipating slaves, or enslaving free men."
-- Abraham Lincoln
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: encryption debate
Date: 17 Feb 1999 08:41:36 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On Wed, 17 Feb 1999 10:57:18 GMT, [EMAIL PROTECTED] (Gurripato
>(x=nospam)) wrote:
>
>
>>>> Amendment IV
>
>>>> The right of the people to be secure in their persons, houses, papers,
>>>> and effects, against unreasonable searches and seizures, shall not be
>>>> violated,
>
>> This is a good operational definition of the Right to Privacy
>
>But it is glaringly deficient. For one thing it does not prohibit
>"reasonable" searches and seizures. If the govt wants to violate your
>"right to privacy", it has the legitimate means to do it:
>
>"...and no warrants shall issue, but upon probable cause, supported by
>oath or affirmation, and particularly describing the place to be
>searched, and the persons or things to be seized. "
The government also has the legitimate means to violate your right to
peaceably assemble by arresting and imprisoning you for an unrelated
crime.
The idea that any rights are absolute and without exception has been
specifically denied by Constitutional scholars.
-kitten
------------------------------
From: [EMAIL PROTECTED] (och)
Subject: Re: security?
Date: Wed, 17 Feb 1999 14:06:42 GMT
On Mon, 15 Feb 1999 08:18:35 GMT, "John Doe" <[EMAIL PROTECTED]> wrote:
unless it happend thousands of years ago,
but then.. who knows what 'the aliens' just
might have picked up.. and then the NSA
comes back in the picture again... darn.
>That is assuming that the conspiracy theorists arent correct. If they are
>then there is no doubt some way for the NSA to scan the brain and get all
>data contained in it.
>
>
/* --------------------------------------------
Correct my email address in order to reply to me personally,
by removing XXX@ and inserting the @ instead of .
*/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
