Cryptography-Digest Digest #358, Volume #10 Mon, 4 Oct 99 03:13:07 EDT
Contents:
Re: Blowfish exportable? (Johnny Bravo)
Re: A simple preprocessing scheme for plaintexts (wtshaw)
Re: Is 128 bits safe in the (far) future? (Scott Nelson)
Re: crypto export rules changing ("Melinda Harris")
Re: radioactive random number generator (Boris Kazak)
Re: radioactive random number generator (John Larkin)
Re: radioactive random number generator (Scott Nelson)
Re: Random number generation ("j.w.altena")
Re: radioactive random number generator (Dan Day)
Re: Perfect Shuffle Algorithm? (Dan Day)
Re: Factoring public keys attack? (UBCHI2)
Re: Schrodinger's Cat and *really* good compression (Dan Day)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Blowfish exportable?
Date: Sun, 03 Oct 1999 18:48:26 GMT
On Sun, 3 Oct 1999 13:28:53 -0700, dogHaus <[EMAIL PROTECTED]> wrote:
>[This followup was posted to sci.crypt and a copy was sent to the cited
>author.]
>
>I am developing software that includes encryption capabilities. The
>encryption is only used to encrypt communications between my client
>software and a central server.
>
>Blowfish looks suitable for my needs - if I embed Blowfish, will my
>client software still be exportable overseas?
Since you didn't say where you are exporting from, we can't give you an
appropriate answer. Contact your government and ask them.
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: A simple preprocessing scheme for plaintexts
Date: Sun, 03 Oct 1999 18:52:58 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote about a scheme.
Interesting. As I see it, anything that diffuses text could be along the
lines of cipher block chaining modes, that I mostly avoid, can help.
Merely do the procedure to the blocks of plantext, encrypt, and preform
the prodedure again on ciphertext blocks. Several variations are
possible.
--
Sometimes a small mistake can lead to fortunate reward.
Charlie Chan
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Is 128 bits safe in the (far) future?
Reply-To: [EMAIL PROTECTED]
Date: Mon, 04 Oct 1999 01:40:00 GMT
On Sun, 03 Oct 1999 20:05:23 +0200, "Thomas J. Boschloo"
<[EMAIL PROTECTED]> wrote:
>Arne Hoffmann wrote:
>>
>> ... but in a paper of Ralf Senderek I read this:
>>
>> ______________________________________________________________________
>>
>
><snip>
>
>> If you assume the size of a high-performance computer system performing
>> keytests is 0.3 mm for electronic or optical transfer of information, it
>> can only perform 1 000 000 000 000 operations (10^12) per second,
>> otherwise it has to be smaller. Over a period of 317 years or 10 003 759
>> 200 seconds that will sum up to 10 003 759 200 000 000 000 000
>> operations. This ability to perform no more than 10^22 operation during
>> 317 years is truly not sufficient for testing 10^22 different IDEA-keys
>> because every keytest requires more than a single operation cycle. But
>> even if it was possible to do a keytest that fast, the large number of
>> 10^38 IDEA-keys would be searched for no more than 0.000 000 000 000 000
>> 029 percent. Thus a specific IDEA-key will not be found even if "lots"
>> of those high-performance computers will work parallel to test the keys.
>
>But if the size of one functioning component is 1 Angstrom unit (1e-10
>m), and the size of the computer system is 0.3 x 0.3 x 0.3 mm^3, the
>numbers would become different.
>
>(3e8 m/s) / (1e-10 m) = 3e18 operations a second
>(0.3 mm)^3 / (1e-10 m)^3 = 2,7e-11 m^3 / 1e-30 m^3 = 2,7e19 units
>
>Multiplied this becomes 8,1e37 operations a second. This is 2^126 bits
>(I didn't aim to get this number!). So with four of those machines you
>would exhaust the keyspace of IDEA in just one second.
>
>A box of (3476 km)^3, in which our moon would fit, filled with these
>mighty units however would do 1,3e68 operations a second. Equaling 2^226
>operations a second. Running this for a hundred years (2^10 seconds)
>would just about crack a 237 bit key (could be a hundred years later if
>you have bad luck).
>
>Back to the real world; my P150MMX does 1,5e8 operations a second. Not
>10^12 or 10^18 ;-) And a circuit the size of an angstrom will probably
>never be, maybe a few thousand angstroms. So you could at least
>substract 15 bits from your for ever safe number of bits. And it will
>never be the size of the moon, so you could gain another 30 bits there.
>So that leaves 190 as the ultimate safe number of bits?
>
>Please review these numbers (rougly) and comment,
>Thomas
>
>BTW We're not talking about the next few hundred years! We are talking
>about the _far_ _far_ future, with a lot of technology, time, money and
>resources at our disposal!
>
The current _known_ limits do allow 128 bit keys to be broken
in the _far_ _far_ future. It's not unreasonable to assume a
circuit can be made of a single molecule, and a single Idea
tester could be made of just a few hundred such circuits.
The cracker could even fit in a normal room, and crack the
code in under a week. Although it would require more energy
than Hover Dam generates in a week, it wouldn't take
more energy than is theoretically available on the earth.
Theory and practice are not the same of course, and we're still
a long way from anything even close to this. Note that if Moore's
Law holds, it would take over a hundred years before 128 bit
keys are breakable, if it ever does become possible.
So it seems like a good bet for the practically minded.
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
From: "Melinda Harris" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: crypto export rules changing
Date: Sun, 3 Oct 1999 21:07:49 -0400
Looks like we better reconsider our disclosure or even considering the
introduction of David Matthias Mimms encryption software (ANEC) to any
government entity?
Stephen M. Gardner <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Greg wrote:
>
> > ANY licensing by the government constitutes compromised software.
> > No one will ever be able to have confidence that the software they
> > are using has a trap door courtesy of NSA secret requirements if
> > it had to pass NSA for a government license.
>
> Even open source software? I don't think so. Some people seem to
> have an almost mystical faith in the NSA to pull off supernatural acts
> of evil. Get a grip folks. One does not have to trust the government
> (any government) to trust one's own eyes and the eyes of thousands of
> people who couldn't possibly be on the NSA payroll. Crimus, I see more
> than a few folks here whose dosages are still in need of minor
> adjustment. ;-)
>
> --
> Steve Gardner Technical Staff Member 1320 Systems Engineering
> ALCATEL USA
> 1225 N. Alma Road Tel: 972-996-5888
> Richardson Tx. 75081-2206 http://ctnwww.aud.alcatel.com/~gardsm/
>
> You who choose to lead must follow,
> But if you fall you fall alone,
> If you should stand then who's to guide you?
> If I knew the way I would take you home.
>
> "Ripple" -- The Grateful Dead
>
>
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Sun, 03 Oct 1999 15:38:02 -0400
Reply-To: [EMAIL PROTECTED]
jjlarkin wrote:
>
> Radioactive decay is not only messy to implement, it produces a random
> pulse train, hardly suitable for turning into nicely distributed
> gausian noise.
>
> A zener diode is a great noise generator. Bias a 10-volt zener at about
> 0.5 ma, and you'll get nice wideband noise across it. Amplitude will be
> about 300 nv per root Hz (300 nv times the square root of the bandwidth
> of the following amplifier). If the amp has a decent highpass response
> (ie, cut out low-frequency 1/f noise) the result will be excellently
> random gausian noise with very low autocorrelation for reasonable
> sample rates. Just digitize it, or slice it and clock into a shift
> register.
>
> If you want perfect 1:0 balance and even lower autocorrelation, stir
> the zener's random output into the guts of a pseudo-random shift
> register.
>
> easy!
>
> John
=======================
And one more elegant idea - feed the output of this Zener diode
into a Voltage Controlled Oscillator, feed the output of this VCO
into a flip-flop, and at any time when needed sample a random bit.
Best wishes BNK
------------------------------
From: John Larkin <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Sun, 03 Oct 1999 20:21:13 -0700
Boris Kazak wrote:
>
> jjlarkin wrote:
> >
> > Radioactive decay is not only messy to implement, it produces a random
> > pulse train, hardly suitable for turning into nicely distributed
> > gausian noise.
> >
> > A zener diode is a great noise generator. Bias a 10-volt zener at about
> > 0.5 ma, and you'll get nice wideband noise across it. Amplitude will be
> > about 300 nv per root Hz (300 nv times the square root of the bandwidth
> > of the following amplifier). If the amp has a decent highpass response
> > (ie, cut out low-frequency 1/f noise) the result will be excellently
> > random gausian noise with very low autocorrelation for reasonable
> > sample rates. Just digitize it, or slice it and clock into a shift
> > register.
> >
> > If you want perfect 1:0 balance and even lower autocorrelation, stir
> > the zener's random output into the guts of a pseudo-random shift
> > register.
> >
> > easy!
> >
> > John
> -----------------------
> And one more elegant idea - feed the output of this Zener diode
> into a Voltage Controlled Oscillator, feed the output of this VCO
> into a flip-flop, and at any time when needed sample a random bit.
>
> Best wishes BNK
Boris,
actually, that would probably increase the autocorrelation, since the
VCO will tend to oscillate about an average frequency.
John
--
******************************************************************h
John Larkin, President phone 415 753-5814 fax 753-3301
Highland Technology, Inc
320 Judah Street [EMAIL PROTECTED]
San Francisco, CA 94122 http://www.highlandtechnology.com
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Reply-To: [EMAIL PROTECTED]
Date: Mon, 04 Oct 1999 00:49:38 GMT
On 3 Oct 1999 13:10:52 -0400, [EMAIL PROTECTED] (Jeff Brandenburg)
wrote:
>In article <L1yJ3.4923$[EMAIL PROTECTED]>,
>Dave VanHorn <[EMAIL PROTECTED]> wrote:
>>
>>> As far as I can see, the only reason to construct such a hardware
>>> random number generator is the coolness factor. Sure, anybody
>>> can make a noise source with just a resistor and a capacitor,
>>> but it takes a real engineer to use a dangerous radioactive source.
>
>^^^ This was sarcasm, right?
>
More like humor, but basically right. According to the
CRC Handbook of Chemistry and Physics "Natural Alpha particles
will traverse only a few centimeters of air before coming to rest."
Not really dangerous. And it requires something like a
computer with an I/O pin to use the noise you can get from a
resistor and a capacitor, so that part is more brag than fact.
The point I was trying to make is that the project is
interesting because you learn about radiation detectors,
and how smoke alarms work, (and other esoteric stuff) not
because it's a good hardware random number generator.
For the vast majority of people, timing keystrokes and
a cryptographically secure random number generator would
suffice. Yarrow is free and requires no hardware at all -
you can't beat that price.
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
From: "j.w.altena" <[EMAIL PROTECTED]>
Subject: Re: Random number generation
Date: Sun, 3 Oct 1999 09:22:59 +0200
Hi Scott,
You asks for more information, here it is:
At Statistics Netherlands (SN) we have a project called the "virtual
census". For this project we combine al the individual data on persons we
have at SN. This individual data is from registrations and surveys. At the
end this (yearly and probably longitudinal) virtual census will comprise all
the data of 16 million dutch, their jobs, households, houses, social
benefits, etc.
Due to our privacy regulations we must split as soon as possible the so
called identifiying variables (address, zip-code, etc) from the statistical
variables (age, wages,etc). Some people of my staff are allowed to work with
only the identifying variables (staff which are responssible for linking the
individual data form different sources), others with only the statistical
variables. A very limited part of my staff is allowed to work - only for a
limited time - with both groups of variables. They must assign the
identifying numbers.
We need this identifying numbers for the following:
When we get a file with the individual data we assign to each record a two
unrelated unique - identifying - numbers. One of them is not a number from
1 to N because that could - at a some stage - give some information. Then we
split the file in three parts: one part with at each row only the two unique
numbers (the linking-table). One part with at each row one unique number and
the identifying variables (the identifying part) and ond a part with the
other unique number and the statistical variables (the statistical part). My
staff is only granted rights for the part they need te use for their job. In
this manner it isn't possible to get access to the statistical data when you
have access to the identifying data, v.v. Then we sort the three files on
their (first) indentifying number. To be more secure, we enrypt the
linking-table so that it's impossible for our automation-staff to link the
data as well. When we need tot combine the two groups of variables, we can
use the linking table to do this (to do that, we need a lot of signatures).
So we need a lot of unique ("random") numbers of a the specified size, may
be this explanation give you some help.
One remark: One could also assign one unique number and use an encryption of
that number as a second number. We rejected that idea because it leans on
the "security" of the encryption algorithm. This security may be good as
this moment, but we need a procedure which will last for at least fifty
years or so
With kind regards
Jan Willem Altena
Head department integration and presentation socio-economic statistics
Statistics Netherlands
[EMAIL PROTECTED]
Scott Nelson <[EMAIL PROTECTED]> schreef in berichtnieuws
[EMAIL PROTECTED]
> On Thu, 30 Sep 1999 21:25:55 +0200, "j.w.altena"
> <[EMAIL PROTECTED]> wrote:
>
> >At Statistics Netherlands we would like to have to our disposition about
> >10E9 random identifying numbers with a length of 10 (decimal) positions.
> >These numbers should preferably not be generated all at the same moment,
but
> >the set should be extendable in steps. We think we can use encryption
for
> >the generation of these numbers. An idea is to take the numbers 1 to n in
> >the first step and encrypt them. In the next step n+1 to m is encrypted
and
> >so on. As an additional requirement we would like the encrypted numbers
to
> >be numbers (and not letters or other characters) as well.
> > Who knows a solution for this problem or does somebody has an other
> >solution?
> > (The solution to assign the ascci-value to each byte doesn't work, for
> >then more than 10 positions are required.)
> >Erik van Lith ( [EMAIL PROTECTED] )
> >
> >
> Not sure what you're asking for here, it would help if you could
> specify the problem a little better, i.e.:
>
> Do the identifying numbers have to be unique?
> How sparse is the output? i.e. How close to 10000000000
> numbers will you really need?
> How 'random' does it need to be? i.e. Why not just
> use the numbers 1-n?
> Do you need to have a reversible function? I.e. given
> the ID, do you need to know original number which produced it?
>
>
> Assuming you want a function which takes as input the numbers
> 0-9999999999 and produces a new psuedo-random number in the
> range 0-9999999999, but you're not very concerned about the
> security of the numbers, you could map them with a LCG function:
> f(x) = (x * (20*A+1) + P) mod 10000000000
> where A is an arbitrary constant and P is prime.
> Simple in concept, but hard for most computers given the
> size of the numbers (over 32 bits)
>
> Scott Nelson <[EMAIL PROTECTED]>
>
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Mon, 04 Oct 1999 04:27:15 GMT
On Sun, 03 Oct 1999 17:40:25 GMT, Larry Phillips <[EMAIL PROTECTED]> wrote:
>> Thermal noise: needs no shielding, needs no permits, causes no
>> hysteria
>
>I think I'd rather cause the hysteria. There is an entire subset of
>folks that I not only don't give a damn about, but that I am willing to
>annoy whenever the opportunity presents itself.
A man after my own heart...
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Crossposted-To: sci.stat.math,sci.math
Subject: Re: Perfect Shuffle Algorithm?
Date: Mon, 04 Oct 1999 04:49:23 GMT
On Tue, 28 Sep 1999 09:22:58 +0200, Mok-Kong Shen <[EMAIL PROTECTED]>
wrote:
>> I was given a problem for a job interview for a computer programming
>> job. I was to write a routine that cuts a computer simulated deck and
>> performs a perfect shuffle. A perfect shuffle, you cut the deck x cards
>> from the top. Then the bottom card from the top stack deck goes down
>
>Is this your definition of a perfect shulffle or is it from a
>literature reference?
In card-shuffling vernacular, a "perfect shuffle" is one in which
the cards from each hand fall in perfect alternation -- one from
the left hand, then one from the right, and so on. The "perfection"
refers not to how well it mixes the deck, but to how well (evenly)
they are intertwined (as opposed to a sloppy shuffle that intertwines
big clumps of cards).
I've seen magicians who can quickly perform perfect shuffles
at will (and also split a deck into two even stacks of 26).
As a parlor trick, they shuffle a new deck N times (I forget
the proper "N", but I'm sure you guys can easily figure it out),
returning it to its original order, freaking out audience members
who aren't aware of the cycles involved.
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: [EMAIL PROTECTED] (UBCHI2)
Subject: Re: Factoring public keys attack?
Date: 04 Oct 1999 03:09:43 GMT
Here is how you do it:
The institute was founded a few weeks after news leaked from the Israel's
Weizmann Institute that it was using a mixture of quantum computing and special
optical technology to break the RSA-512 code, the system used by the European
banking system. It claims it has developed a hand-held device that can break
the code in 12 microseconds.
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Subject: Re: Schrodinger's Cat and *really* good compression
Date: Mon, 04 Oct 1999 05:05:17 GMT
On Thu, 30 Sep 1999 16:43:48 GMT, [EMAIL PROTECTED] wrote:
>My understanding is this: the wave function collapses when it can be
>observed. In other words, when information is emitted then, trivially,
>the probabilistic wave function disappears. No human observer, or
>feline observer, or sentient observer is necessary for this to happen.
I'm not sure if I've ever seen it stated in quite this way,
but my "take" on the whole issue is that "observer" and
"measuring device" are equivalent, and that both are objectively
defined as "that which causes a collapse of the wave function".
But then, on alternate days, I'm of the opinion that the wave
function *never* collapses -- the only reason we think it does
is that we set up situations that restrict us to see/detect/measure
only one outcome, and as a result there are a zillion superimposed
observers/measuring devices simultaneously, each of which
see/measure one "slice" of the superimposed whole (and each
convinced that they are seeing/measuring "one" outcome). I know
this sounds like the "many worlds" or "branching worlds" view,
but in my version it's not bifurcating universes, just multiply
overlapping wave functions (which now include multiply overlapping
observers). And when the results of the varying outcomes fade
away, so does the overlap.
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
