Cryptography-Digest Digest #359, Volume #10 Mon, 4 Oct 99 13:13:03 EDT
Contents:
Re: Schrodinger's Cat and *really* good compression (john baez)
Re: Factoring public keys attack? (Patrick Juola)
Papers of DAVID CHAUM (Simon Schlauri)
Binary representation (Emmanuel Drouet)
Legality of using strong RSA encryption to comm. weak symmetric key (jwaring)
Re: Announcement of results ([EMAIL PROTECTED])
Re: Addition/subtraction mod 256 vs. XOR (Paul Crowley)
Re: msg for Dave Scott (Tom St Denis)
Re: Factoring public keys attack? (fungus)
Re: Announcement of results ([EMAIL PROTECTED])
Re: Factoring public keys attack? (UBCHI2)
Re: radioactive random number generator (Dirk Bruere)
Source code for Unix crypt ("Dawie Strauss")
Re: Factoring public keys attack? (Patrick Juola)
Re: Factoring public keys attack? (Bob Silverman)
Re: 512-bit key broken in microseconds?! (fungus)
RSA-512 Broken by Israelis ([EMAIL PROTECTED])
Re: Schrodinger's Cat and *really* good compression ("Tony T. Warnock")
Re: rc5-128 bit (Tom St Denis)
Re: Suggestion to JSH: take a look at the factorization problem (Peter Gunn)
Re: simple algorithm for hardware device? (David Kessner)
Re: radioactive random number generator (-Bodnar,B.L.)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (john baez)
Subject: Re: Schrodinger's Cat and *really* good compression
Date: 3 Oct 1999 22:46:39 -0700
In article <[EMAIL PROTECTED]>,
Tony T. Warnock <[EMAIL PROTECTED]> wrote:
>If we place the cat in an adiabatic box, the gravitational field should
>be the same for a dead, or live cat. (Or even half-dead.)
I don't know what you mean by an "adiabatic box" ("adiabatic"
refers to conditions which change slowly enough that no entropy
is generated), but the gravitational field produced by a cat
doesn't depend much on the nature of any box containing it. If
the position of the cat is a bit different, it will produce
a sufficiently different gravitational field to cause its
quantum state to become entangled with that of its environment.
Of course the gravitational field depends on the positions of
all the atoms comprising the cat, not whether the cat is "alive"
or "dead".
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Factoring public keys attack?
Date: 3 Oct 1999 21:12:02 -0400
In article <[EMAIL PROTECTED]>,
UBCHI2 <[EMAIL PROTECTED]> wrote:
>Instead of trying to factor a prime based public key after somebody has used
>it, why not have a lookup table of all the keys. It is quicker to create the
>keys than to factor a key. So just do the following:
>
>1) 10-20 Years ago, you started your massively parallel computers creating all
>possible prime based keys for 128, 512, 1024 and 2048 bit keys. You made the
>keys so you also know the primes. Don't do any factoring at all.
>
>2) Now just use a lookup table of the all keys you created to determine the
>two primes that an encryptor is using. This is sort of like the "Find" file
>command in windows. This eliminates the need for factoring. It also takes
>advantage of the fact that creating keys is quick and can be done in advance.
>
>Why do people think that factoring cryptanalysis will only start once a key is
>used?
Possibly because the lookup table that you describe would require an
uncomfortably large fleet of standard-sized universes to hold.
There are approximately n/(ln n) primes less than n -- crunching the
math yields, for example, that there are about 10^151 primes less than 512
bits. The volume of the universe is about 10^84 cubic centimeters; modern
technology can't yet put a gate into less than a cubic nanometer.
So we can only store 10^84*10^9*10^9*10^9 primes if we filled the universe
with silicon and used it for storage. With only a "mere" 10^50 universes,
we could complete the table.
-kitten
------------------------------
Date: Mon, 04 Oct 1999 10:29:12 +0200
From: Simon Schlauri <[EMAIL PROTECTED]>
Subject: Papers of DAVID CHAUM
Hi all,
I am looking for the papers of David Chaum, which were on the former
digicash homepage. Digicash was acquired by another firm in the meantime
which deleted the papers and didn't put a link on their page, either.
Now dozens if not hundreds of links out there in the web go to nowhere
and the papers have gone.
Does anyone have a clue where the papers can be found today?
Thank you for your e-mail
Simon
------------------------------
From: Emmanuel Drouet <[EMAIL PROTECTED]>
Subject: Binary representation
Date: Mon, 04 Oct 1999 10:39:18 +0100
Hello,
I'd like to carry out calculation on 160 bits numbers.
My first idea was to use arrays of 160 cells with booleans and to define
Xor, multiplication, division between two binary but it's very very
slow...
Could you tell me if I have to change my representation or improve my
operations (do you know efficients algorithms) ?
(I'm programming in java)
Thanks for your suggestions,
Manu
------------------------------
From: jwaring <[EMAIL PROTECTED]>
Subject: Legality of using strong RSA encryption to comm. weak symmetric key
Date: Mon, 04 Oct 1999 09:00:30 GMT
As I understand it if strong RSA encryption is used then the
corresponding private key must be handed over to an escrow authority.
However I am not clear whether this is the case when RSA encryption is
only used to encrypt a weak symmetric key. Is anyone aware of specific
proposals regarding this issue ?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.theory
Subject: Re: Announcement of results
Date: Mon, 04 Oct 1999 11:12:56 GMT
In article <[EMAIL PROTECTED]>,
Alex <[EMAIL PROTECTED]> wrote:
>
> What am I doing wrong?
>
> Alex.
>
Hi, Alex. You're not doing anything wrong. Bill Unruh was correct - it
was trying to unzip into a directory containing a space. This has now
been altered, and both paper and diagrams should just unzip into a
postscript file (without preserving any directory structure).
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: Addition/subtraction mod 256 vs. XOR
Date: 4 Oct 1999 09:43:25 +0100
[EMAIL PROTECTED] (Mike DeTuri) writes:
> I was wondering if there is any benefit to encrypting using addtion
> mod 256 in RC4 instead of the standard XOR. Of course, decryption
> would be subtraction mod 256.
Unless new properties of RC4 are found, it should make no difference
whatsoever except that it will no longer be interoperable and you'll
need separate routines for encryption and decryption. I see no gains.
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: msg for Dave Scott
Date: Mon, 04 Oct 1999 11:50:55 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> : So generally a 'blind' keysearch is the only way.
>
> I'd say at least 99% of cypher breaks depend on techniques which are
> different from a "blind" keysearch.
>
> : And may I remind this group the brute force of the keyspace is not
> : the only way to go.
>
> You could if you hadn't just written the preceeding sentence which says
> almost exactly the opposite.
Actually the sentence above refers to the cipher, and the one below refers to
the system.
What I mean is 'you might not be able to break the cipher, but the system as
a whole may have a flaw'. Of course no one has found anything wrong with my
system (I am however improving on it).
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: Factoring public keys attack?
Date: Mon, 04 Oct 1999 01:59:22 +0200
UBCHI2 wrote:
>
> why not have a lookup table of all the keys. It is quicker to
> create the keys than to factor a key.
Simple.
Because there are more possible keys than there are atoms
in the universe.
Not even the NSA can budget a hard disk big enough to old
them all.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.theory
Subject: Re: Announcement of results
Date: Mon, 04 Oct 1999 11:44:05 GMT
In article <7t5k7s$7l8$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Bill Unruh) wrote:
>
> Yes, and I think you have tried hard to make getting the paper as hard
> as possible. That page points you to another page which points you to
a
> Zip file, which unzips into a directory structure with blanks in the
> directory name (This may be OK in Win, but can cause havoc in say
> command line Unix.)
Apologies for the space in the directory structure. Glad you managed to
download it anyway.
> >The main point of this paper (that I am hosting for the author) is a
> >construction which claims to use coherent optics and the wavefront
> >reconstruction property to solve various computationally hard
problems
> >(that is NP-complete problems, and trapdoor functions such as prime
> >factorisation).
>
> It would of course be worthwhile if the author actually showed how, in
> detail, to use this technique to solve even one hard problem-- not in
> princple, but in practice.
>
I don't understand exactly what you are asking for here. The author
describes in detail how to use the system described to solve SAT
problems. Are you asking for a worked example of an individual case, or
do you mean that you won't be convinced until you see an actual physical
construction?
> Note that trading exponential complexity in time for that in space is
no advantage.
>
At no point does this construction use exponential complexity in space.
Perhaps this should have been made more explicit - however, the paper
does state that basically the same apparatus is used for evaluating
particular propositions and solving the satisfiability problem. I
understand you had some problems with the diagrams, but this is also
made clear in figure 11.
> >This is an extraordinary claim, and although the paper has now been
> >distributed for several months to a number of researchers in the
field of
> >optics and computational complexity, the author (perhaps
understandably)
> >wishes to remain anonymous at this stage.
>
> And what have their remarks been?
>
Again, can I refer you to the paper that you are commenting on? In the
section "Conclusions", the subsection "Discussion of results claimed"
starts with the phrase "The following points arise from discussions
resulting from an informal circulation ..."
If you mean that you wish to know whether it was considered valid - the
consensus from optics researchers has been that it is a convoluted
example of some basic principles but should be fine in theory, and the
consensus from theorists of computation has been that it is an
extraordinary claim, although the logical constructions used seem o.k.,
but they don't know enough about coherent optics to comment in detail.
Presumably this is why it is now being advertised on these newsgroups,
to invite comments from people who understand both fields.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (UBCHI2)
Subject: Re: Factoring public keys attack?
Date: 04 Oct 1999 12:26:10 GMT
The point I'm making is also that you don't need to make a lookup table of all
keys less than 512 bits. You only need to make a lookup table of keys that are
exactly 512 bits. This is because everyone sets there key length to exactly
128, 512, 1024 or 2048. This creates a vulnerability.
------------------------------
Date: Mon, 04 Oct 1999 12:40:31 +0100
From: Dirk Bruere <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Hironobu SUZUKI wrote:
>
> I didn't see all of this discussion, but I guess that background
> radiation is OK for little length of random number or seeds for
> pesudo-random number generator.
> Background radiation can be detected by big size of Geiger-Muller
> counter tube or many number of Geiger-Muller counter tubes.
That's OK for you to say, what with your convenient nuclear explosion,
but what about people who don't fill the bathtub with supercritical
amounds of Uranium Oxide carried in buckets?
I suppose (being in Britain) we'll just have to wait for yet another
leak from our totally safe Sellafield plant.
Dirk
------------------------------
From: "Dawie Strauss" <[EMAIL PROTECTED]>
Subject: Source code for Unix crypt
Date: Mon, 4 Oct 1999 14:12:57 +0200
Anybody know where I can find source code for the Unix "crypt()" function?
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Factoring public keys attack?
Date: 4 Oct 1999 08:55:44 -0400
In article <[EMAIL PROTECTED]>,
UBCHI2 <[EMAIL PROTECTED]> wrote:
>The point I'm making is also that you don't need to make a lookup table of all
>keys less than 512 bits. You only need to make a lookup table of keys that are
>exactly 512 bits.
So instead of 10^50 universes, you only need ~5*10^49? I'm afraid
the practical implications of this limitation escape me.
-kitten
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Factoring public keys attack?
Date: Mon, 04 Oct 1999 14:16:10 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (UBCHI2) wrote:
> Instead of trying to factor a prime based public key after somebody
has used
> it, why not have a lookup table of all the keys. It is quicker to
create the
<snip>
May I suggest that you do the arithmetic?? Try counting
the number of possible keys. Then get back to us.
Hint: The number of primes less than M is about M/log M.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: 512-bit key broken in microseconds?!
Date: Mon, 04 Oct 1999 14:32:28 +0200
Arthur Dardia wrote:
>
> I just read on Slashdot that apparently Israelis have broken 512-bet
> keys in the microseconds.
>
A "handheld" device using both optical *and* quantum
technologies, eh?
I bet the Americans will be annoyed when the Israelis
refuse to sell it to them...
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED]
Subject: RSA-512 Broken by Israelis
Date: Mon, 04 Oct 1999 12:41:21 GMT
Apparently the Israelis have broken RSA-512, the standard for internet
banking, in less than 1 second.
http://www.sunday-times.co.uk/news/pages/tim/99/09/29/timintint02001.htm
l?1341861
Casey
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Schrodinger's Cat and *really* good compression
Date: Mon, 04 Oct 1999 08:54:33 -0600
Reply-To: [EMAIL PROTECTED]
john baez wrote:
> In article <[EMAIL PROTECTED]>,
> Tony T. Warnock <[EMAIL PROTECTED]> wrote:
>
> >If we place the cat in an adiabatic box, the gravitational field should
> >be the same for a dead, or live cat. (Or even half-dead.)
>
> I don't know what you mean by an "adiabatic box" ("adiabatic"
> refers to conditions which change slowly enough that no entropy
> is generated), but the gravitational field produced by a cat
> doesn't depend much on the nature of any box containing it. If
> the position of the cat is a bit different, it will produce
> a sufficiently different gravitational field to cause its
> quantum state to become entangled with that of its environment.
> Of course the gravitational field depends on the positions of
> all the atoms comprising the cat, not whether the cat is "alive"
> or "dead".
I'll go along with that. I was trying to get at the same thing but not
expressing my muddled ideas very well.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: rc5-128 bit
Date: Mon, 04 Oct 1999 13:12:23 GMT
In article <7t8f6e$gen$[EMAIL PROTECTED]>,
"John Croll" <[EMAIL PROTECTED]> wrote:
> this program allows any one who is good at logic problems and word
games
> to decypher plain text from an rc-5 cypher regardless of key length.
the
> only
> caveat is that the plaintext must conform to standard english grammar.
this
> method is not well suited to extracting numerical data. as is, the
program
> only dumps data concerning one cypher hex and one letter at a time.
their
> is a rem'ed out block where i tried to add scoring for the whole
alphabet.
> but my programming skills are not up to the task. if you improve it,
you
> may copyright that improvement.
That's funny because RC5 is not a simple Vingenere cipher and cannot be
broken that way (well I would argue it can't be easily broken that way).
Your attempt to find correlations between single bytes and the keys is
very obtuse. Another point is that the round keys are not linearly
correlated and cannot be solved that way.
I would love to see you break a RC5 message... here you go
afaqaa5rYrLDWmaC6RbaaaaaaaaaOgsungT4tWnzfhMwc4ehUKY}}}RlAcH4n46xnENyRaSr
3PgP}H0p9OImjAOEMMODClTtWzImCyvIx9zuV}VGyyLwwIAF}f7NmjvFzFFP7SglEHrhSt17
Ymr{k4PwEsvVay4u36NGvEhgBNv6Fm9SG
Now just load it (it's a peekboo 1.5 msg) and gimme the plaintext.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Peter Gunn <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Suggestion to JSH: take a look at the factorization problem
Date: Mon, 04 Oct 1999 15:57:46 +0100
David Bernier wrote:
> To: James Harris
>
> Perhaps you have heard that the integer factorization has the
> reputation of being a hard problem. There is at least one
> way to show that a number n .gt. 2 is composite: to find
> a with 1 .lt. a .lt. n such that a^(n-1) =/= 1 (mod n)
> [one "a" does the job!]. If you could make some headway on
> the integer factorization problem, you could become famous.
> Also, you could earn cash prizes from RSA.com, who organize
> factorization challenges. They have a site with lots
> of unfactored composite numbers. You might want to check
> out their Web page at:
> http://www.rsasecurity.com/rsalabs/factoring/index.html
>
> Might you be interested?
I think he might not get too far, but who knows, someone will
probably make a breakthrough eventually :-)
Anyways, as I recently found out while doing a bit of investigation,
you dont actually have to factor the number to find out what its
factors are... sounds weird, but its true...
say we have a large composite number which was created
by multiplying together two primes p,q...
N=pq
We could work out the sum of the divisors, which would be S=N+p+q+1
without factoring then subsititue p=S-N-q-1 to give
N=q(S-N-q-1)
and then solve for q.
You can work out the sum of the divisors using a mechanism derived by
which
the following code snippet implements (formulae a bit later on :-)...
long sumofdivisors(long n)
{
long c=0,p=0,t=0,s=-1;
while (1)
{
s=-1*s; c=1-c; p=(3*c*c-c)>>1;
if (n-p<=0) break;
t+=s*sumofdivisors(n-p);
c=0-c; p=(3*c*c-c)>>1;
if (n-p<=0) break;
t+=s*sumofdivisors(n-p);
}
if (n-p==0)
t+=s*n;
return t;
}
And here is the theory bit...
Euler noted that the n'th pentagonal number is (1/2)*n*(3*n-1)...
1,5,12,22,35,51,70,...
but that if the formulae was extended to allow n <= 0 then you get...
...,40,26,15,7,2,0,1,5,12,22,35,60,...
now, if we re-arrange this so that we alternate between
positive and negative n=1,-1,2,-2,3,-3,4,-4,... we get
1,2,5,7,12,15,22,26,35,40,51,57,70,...
The thing to notice here is that the differences between successive
numbers alternates between the nautral numbers and the odd numbers...
Euler started to multiply out the infinite product...
(1-x)(1-x^2)(1-x^3)(1-x^4)...
and discovered the first few terms were...
1-x-x^2+x^5+x^7-x^12-x^15+...
and was convinced that the powers of x were indeed the pentagonal
numbers...
This eventually led to two nifty formulas...
p(n)=p(n-1)+p(n-2)-p(n-5)-p(n-7)+p(n-12)+...
[ p(0)=1 ]
which calculates the partitions of n, and
o(n)=o(n-1)+o(n-2)-o(n-5)-o(n-7)+o(n-12)+...
[ o(0)=n ]
which works out the sum of the divisors of n without factoring n.
This isnt any easier than factoring though so it doesnt really help,
but I thought it was interesting :-)
For instance here is a slightly more optimised mechanism which Ive
used to write a novel prog to find primes...
#include <stdio.h>
#define TABLE_SZ 65538
long tab[TABLE_SZ];
long o(long n)
{
long c=0,p=0,t=0,s=-1;
while (1)
{
s=-1*s; c=1-c; p=(3*c*c-c)>>1;
if (n-p<=0) break;
t+=s*tab[n-p];
c=0-c; p=(3*c*c-c)>>1;
if (n-p<=0) break;
t+=s*tab[n-p];
}
if (n-p==0)
t+=s*n;
return t;
}
main(int argc,char **argv)
{
long q;
for (q=1;q<TABLE_SZ;q++)
tab[q]=o(q);
printf("1 is prime\n");
for (q=1;q<TABLE_SZ;q++)
{
if (tab[q]==q+1)
printf("%ld is prime\n",q);
}
}
Pretty cool, huh!?
ttfn
PG :)
------------------------------
From: David Kessner <[EMAIL PROTECTED]>
Subject: Re: simple algorithm for hardware device?
Date: Mon, 04 Oct 1999 09:09:17 -0600
Reply-To: [EMAIL PROTECTED]
Luigi Funes wrote:
> Volker Hetzer ha scritto nel messaggio
> <[EMAIL PROTECTED]>...
> >If we knew more about your problem we could probably suggest
> >another solution instead of a poor algorithm.
>
> I hope to explain better my problem with some schematics...
> My encrypting device is placed between a computer
> sending data, and a network controller.
<ASCII schematics deleted>
There are several problems with this approach.
First, let's talk about the hardware itself. The main
problem is that there are few or no FPGA's that have
an input to output time of only 5ns-- even when just
doing a simple XOR. I won't say that it's impossible
(you can do it in some FPGA's with careful floorplanning,
etc), but it is overly restrictive.
A better approach would be to pipeline the whole thing.
Thus, the CPU writes the data to the FPGA, and the FPGA
writes it to the network controller. This, of course, would
increase the amount of logic required, but it would allow the
use of much more sophisticated encryption algorithms rather
than the simplistic one you mentioned.
The second problem with your approach has to do with
the communications protocol itself. You didn't mention the
communications protocol, or what the network controller
is. I can point out any specific problems, because I don't
know what your exact application is, but I can point out
potential problems.
In the case of Ethernet, you would want to switch encryption
on/off on a packet by packet basis, or switch keys on each
packet. This is difficult when receiving, since you don't know
which computer is transmitting to you until the CPU has parsed
the packet. In this application, you would want the encryption/
decryption logic to be more of a coprocessor to the CPU and
not inserted into the communications stream.
In another proprietary communications scheme, you will need
to provide a way for the devices to synchronize their random
number generators (or other encryption algorithm). This is
almost impossible when the decryption logic is inserted in the
communication stream unless it can be bypassed. But bypassing
or modifying the decryption on a packet by packet basis requires
logic "upstream" that is capable of parsing the packet and
determining what needs to be done on the data packet. You
didn't show this logic in your simple diagram.
Adding to the complexity is error detection, resynchronization,
and other communication issues. You should think through
these issues completely before committing to any one encryption
hardware architecture.
Hope that helps!
David Kessner
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (-Bodnar,B.L.)
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: 4 Oct 1999 13:28:49 GMT
In article <[EMAIL PROTECTED]>,
Scott Nelson <[EMAIL PROTECTED]> wrote:
>On 2 Oct 1999 17:49:29 -0400, [EMAIL PROTECTED] (Jeff Brandenburg)
>wrote:
>
>>In article <gYsJ3.4513$[EMAIL PROTECTED]>,
>>Dave VanHorn <[EMAIL PROTECTED]> wrote:
>>>
>>>Ross <[EMAIL PROTECTED]> wrote in message
>>>news:[EMAIL PROTECTED]...
>>>> Some time ago, Mike Rosen put a paper on his web page which describes
>>>> in fair detail how to use the radioactive source from a commercial
>>>> smoke detector to generate true random numbers. Seemed a great
>>>> constructional project to me - I wish an electronics hobby magazine
>>>> would put it out in kit form. Mike's description is fairly detailed,
>>>> but if a non-engineer wants to construct it, more details are
>>>> required. Also, I wondered if different constructors would obtain
>>>> different number distributions, due to variation in dimensions of the
>>>> housing and other such parameters.
>>>
>>>This is an idea I put forth in circuit Cellar discussions years ago.
>>>Everyone freaked out over using radioactives, even though it's only alpha
>>>particles that can be stopped by paper.
>>
>>So why bother using them, when thermal noise is everywhere? Granted,
>>the distinct thud of a charged particle has more drama than the muted
>>hiss of a resistor, but aren't they both equally random in the end?
>>
>
>As far as I can see, the only reason to construct such a hardware
>random number generator is the coolness factor. Sure, anybody
>can make a noise source with just a resistor and a capacitor,
>but it takes a real engineer to use a dangerous radioactive source.
>You could do it in a ridiculously hard way, but then you'd
>have to compete with things like http://lavarand.sgi.com/
>and http://www.fourmilab.ch/hotbits/
>
>
>
>http://www.cs.berkeley.edu/~daw/rnd/index.html
>has a number of links to hardware RNG's, including;
>http://www.cs.berkeley.edu/~daw/rnd/smoke-alarm
>
>Scott Nelson <[EMAIL PROTECTED]>
Actually, there are some VERY good reasons for building a TRUE random number
generator based on radioactive decay (or some other naturally occurring
phenomenon). The two which immediately come to mind are autocorrelation
elimination and the unsettling observation by Marsaglia that pseudorandom
numbers "fall mainly in the planes" (Marsaglia, G., "Random Numbers Fall
Mainly in the Planes", Natl. Acad. Sci. Proc., 61:, 1968, pages 25-28).
I have to worry about these effects ALL THE TIME while conducting Monte-Carlo
analysis of packet switching systems.
One of my co-workers (PhD physicist from Fermi Labs) told me several months
ago that sometime in the late 1970s/early 1980s this radioactive decay
approach was used to build a huge table of uncorrelated random numbers for
some nuclear effects simulations. The engineers recorded the data on several
magnetic tape reels.
So, there are some VERY good reasons for using these exotic approaches...
Bohdan Bodnar
Lucent Technologies, Inc.
[blanks added to keep silly posting software happy]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
