Cryptography-Digest Digest #540, Volume #10 Wed, 10 Nov 99 18:13:03 EST
Contents:
Re: Research suggestion? (Medical Electronics Lab)
Re: Research suggestion? (wtshaw)
Re: Research suggestion? (Bob Silverman)
Re: What sort of noise should encrypted stuff look like? (Medical Electronics Lab)
PR - Web Confidential for Windows (Alco Blom)
Security Precautions in Communicating Audit Results using Information Networks
(Markku J. Saarelainen)
Re: What's gpg? <PHILOSOPHY 101> (Boudewijn W. Ch. Visser)
Re: One-time-pad simulator. (Tom St Denis)
Re: Proposal: Inexpensive Method of "True Random Data" Generation ("james d. hunter")
Re: What sort of noise should encrypted stuff look like? (Tom St Denis)
Re: Proposal: Inexpensive Method of "True Random Data" Generation (Dave Seaman)
Re: Proposal: Inexpensive Method of "True Random Data" Generation (Russell Harper)
Re: Proposal: Inexpensive Method of "True Random Data" Generation ("james d. hunter")
Re: Phraseology [U-Boat Enigma Machines] (John Savard)
----------------------------------------------------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: Research suggestion?
Date: Wed, 10 Nov 1999 12:43:48 -0600
Rick Decker wrote:
>
> I have a student (senior double major in math, cs) who's interested in
> doing a thesis in crypto. Problem is that I'm trained as a topological
> graph theorist cum computer scientist and don't know much more about
> the subject than what I need to teach it in my algorithms course.
>
> Anyone have a suggestion for a research project that would be suitable
> for a semester-length project? My student is pretty quick, but the
> project need not lead to original results-- a new interpretation or
> tweak of an existing result would be satisfactory. The thesis is
> nominally in cs, but need not include a programming component.
There's a lot of algebraic geometry guys heading into elliptic
curve math to help solve some open problems. Elliptic curve
math is pretty vast, and there are lots of applications to crypto.
Finding isogeny cycles is recent stuff, finding ways to do it
efficiently would be a good project (there are several papers
on the subject, but they don't give much detail about code!)
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Research suggestion?
Date: Wed, 10 Nov 1999 12:59:18 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> I have a student (senior double major in math, cs) who's interested in
> doing a thesis in crypto. Problem is that I'm trained as a topological
> graph theorist cum computer scientist and don't know much more about
> the subject than what I need to teach it in my algorithms course.
>
> Anyone have a suggestion for a research project that would be suitable
> for a semester-length project? My student is pretty quick, but the
> project need not lead to original results-- a new interpretation or
> tweak of an existing result would be satisfactory. The thesis is
> nominally in cs, but need not include a programming component.
>
There is that big question of what is cryptographic strength. It is one
of those questions that some say shouold not be asked, can't be asked, and
will only give ambiguious results. But, the problem is that it must be
and will be continually asked.
It is not necessarilly a calculation intensive question to survey the
different ideas involved.
--
Defend Privacy....tell an official now and then that something is none of their
business.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Research suggestion?
Date: Wed, 10 Nov 1999 18:54:22 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> I have a student (senior double major in math, cs) who's interested in
> doing a thesis in crypto. Problem is that I'm trained as a
topological
> graph theorist cum computer scientist and don't know much more about
> the subject than what I need to teach it in my algorithms course.
>
> Anyone have a suggestion for a research project that would be suitable
> for a semester-length project?
How about implementing a Pollard-rho attack on DSA?
(i.e. attacking the subgroup mod q instead of the full group Z/pZ*,
where q | p-1).
I have not seen anyone do this yet.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: What sort of noise should encrypted stuff look like?
Date: Wed, 10 Nov 1999 12:57:41 -0600
Tom St Denis wrote:
> What is pink noise?
Pink noise has higher low frequency amplitude than high
frequency. Usually, it falls off as 1/f (i.e, if you plot
amplitude versus frequency on a log-log graph you get a
straight line with negative slope). There are also
"natural" noises which fall off as 1/f^2. It turns out
that ocean waves and music both have a 1/f^2 amplitude
vs. frequency plot.
For crypto, we map frequencies between the highest (alternating
bits) and lowest (the whole message length). Everything
outside that range is zero, and not useful. So "white noise"
has a clear meaning, the amplitude vs frequency plot is flat.
Not perfectly flat tho, sample to sample should show lots
of variations! This is why there are lots of tests associated
with "randomness". It's easy to find obvious signals, it's
pretty hard to find "random", because everything is some kind
of signal! But if they wash out enough, nobody can detect the
next bit and that's the most important aspect of a crypto code.
Patience, persistence, truth,
Dr. mike
------------------------------
From: Alco Blom <[EMAIL PROTECTED]>
Subject: PR - Web Confidential for Windows
Date: Wed, 10 Nov 1999 20:48:01 +0100
Web Confidential for Windows
Web Confidential is an intuitive, easy-to-use program for
managing user IDs, passwords, registration numbers, and the like.
Thanks to the use of a number of advanced features of Windows 95/98,
Web Confidential can be used in close conjunction with popular Internet
software, such as Netscape Navigator and Microsoft Internet Explorer.
While Web Confidential is suitable for a wide variety of personal data,
from credit card numbers to serial numbers, Alco Blom designed Web
Confidential particularly for the World Wide Web in mind. "Increasing
numbers of Web sites maintain some form of user registration," points
out Blom. "You may not realize it, but in the course of time you may
registered at a couple of dozen sites. Do you remember the passwords
you entered for all of them?"
Web Confidential allows Web surfers to store URLs, user IDs, and
passwords in one secure location. Web Confidential can automate the
process of logging into a password-secured Web page by automatically
passing URL, user ID, and password to your Web browser.
To ensure the personal information stored in Web Confidential remains
confidential, the program's password files can be encrypted using
state-of-the-art encryption technology.
Web Confidential supports keys of up to 448 bits in length, using the
Blowfish algorithm.
Alco Blom and Arno Stobbe have released Web Confidential as shareware.
After a trial period of thirty days, users are encouraged to register
the program for US$20. The Home Page of Web Confidential is:
<http://www.web-confidential.com>
FTP Download:
<ftp://ftp.web-confidential.com/pub/web-confidential.zip>
Web Confidential runs on Windows 95/98/NT.
Contact Arno Stobbe at: <mailto:[EMAIL PROTECTED]>
------------------------------
From: Markku J. Saarelainen <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,soc.culture.russian,soc.culture.europe
Subject: Security Precautions in Communicating Audit Results using Information Networks
Date: Wed, 10 Nov 1999 20:08:38 GMT
Surely no communication system is 100 % trustworthy. However, by
encrypting your email messages (personal and business), you shall be
able to have these sealed envelops. Of course, depending on algorithms,
key lenghts, internal security arrangements (plain files prior to
encryptions etc. .. and so on) among other things (the whole crypto
system), these seals may be weaker or stronger, but they would enable
people to have these sealed envelops. Often executives and other
professionals perceive the cryptography "strangely" and hesitate using
it. And new information technologies make it so convenient for people to
write and send messages that they often forget their own security. Back
in 1994, I wrote an article. See below.
---
Security Precautions in Communicating Audit Results using Information
Networks
May, 1994
The new technology has had and will have in the future a tremendous
impact on the privacy of individuals and corporations. Laws and
regulations can not keep up with the speed of the technological
development. The information technology - especially so called highways
- have enabled everyone to communicate faster and more conveniently with
each other cross-organizationally. However, this has also increased
risks involved in communicating sensitive and confidential information
such as intelligence audit results. Different network applications have
different security risks; many networks can be very accessible to any
competent Information Technology (IT) specialist. Would you like to
share your private nonconformities with everyone without your own
authorization? Or would you like to be the person who is responsible for
a confidential audit, but who then shares this information with everyone
unknowingly and possibly faces some legal problems? Truly speaking, I
would not want to be this person.
So the information technology, if it is used improperly and without
proper precautions, may create threats to all parties involved in the
intelligence system audit: auditee, auditor and client. These problems
may exist in the facility's Local Area Networks (LANs),
inter-organizational networks (WANs), cross- organizational networks
such as Internet - and even any wireless networks such as cellular
telephone networks. The security risks may materialize in an
unauthorized and improper use of user accounts or in unethical
monitoring and surveillance of the communication channels. The level of
the security risk depends on the communication system. If your
organization has a very flexible system and all individuals have access
to all information - be aware that your audit reports may be read by
anyone in this system. Also if you are sharing your audit findings via
Internet or via other cross- organizational networks, be aware that
someone may read your confidential e-mail messages, files and any other
communication between you (auditor), client and auditee.
Every intelligence system auditor should make every effort to ensure
that the audit stays confidential and should take the following
precautions, when the information technology is used for planning,
performing and then reporting the intelligence audit:
1. Make certain that you know which parts of the audit information is
confidential and sensitive; this may depend on the audit - sometimes the
whole audit may be confidential including the scope.
2. Find out who has access to your user account or computer and then
determine if persons having access to your information are ethical and
not using the audit information for their own political purposes; if
necessary perform or request a security audit.
3. Find out who can monitor your audit communication in the network.
4. Make certain that there are policies for the information technology
personnel that prevent the wrong use of any network information.
5. Be certain that your passwords are well protected - and change your
passwords frequently.
6. If you are not satisfied with the information security arrangements,
do not communicate via networks, do not store confidential information
in the network or in your computer; store your audit results in your own
private disks, and only provide hard copies of these results as it is
necessary.
7. If you need to communicate via networks, but you are not satisfied
with the security arrangements, use proper encryption software to
protect your information.
8. Avoid communicating any confidential and sensitive audit information
via Internet, if you are not using any encryption software.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Boudewijn W. Ch. Visser)
Subject: Re: What's gpg? <PHILOSOPHY 101>
Date: 10 Nov 1999 20:14:14 GMT
On 10 Nov 1999 07:36:19 GMT, Paul Rubin <[EMAIL PROTECTED]> wrote:
[..]
>The homework problem story is about John Milnor. I've forgotten what
>the result was--nothing as spectacular as the independence of CH, but
>it was some then-open problem in topology. He was a freshman and the
>class was a graduate topology seminar, and in some versions of the
>story, the prof thought he was some undergrad who had wandered into
>the room by accident. I'm sure the actual details are published
>somewhere.
The homework problem story is (also ?) about George Dantzig :
[
From: [EMAIL PROTECTED] (John Sidles)
The soon-to-be-famous student who solved a previously unsolved
problem, in the mistaken belief that it was a homework
assignment, was indeed...
****** George Dantzig ******.
His first-person account can be found (along with many other
fascinating accounts) in the book "More Mathematical People".
Here is the full reference; this book is highly recommended....
~Title: More mathematical people : contemporary conversations / edited
by Donald J. Albers, G.L. Alexanderson, Constance Reid.
Edition: 1st ed.
Pub. Info.: Boston : Harcourt Brace Jovanovich, c1990.
Phy Descript: 375 p.
Notes: Includes bibliographical references.
LC Subject: Mathematicians -- Interviews.
Mathematicians -- Biography.
Other Author: Albers, Donald J., 1941-.
Alexanderson, Gerald L.
Reid, Constance.
]
Boudewijn
--
+--------------------------------------------------------------+
|Boudewijn Visser | E-mail:[EMAIL PROTECTED] |
| -finger for PGP-keys.- | http://www.ph.tn.tudelft.nl/~visser |
+-- my own opinions etc ---------------------------------------+
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: One-time-pad simulator.
Date: Wed, 10 Nov 1999 20:34:52 GMT
<snip>
It's not an otp. You have made a rng. Is there any source or
documentation to your rng? What's the period? Is it linear? etc.
Read up on what an OTP actually is then come back :)
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "james d. hunter" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Wed, 10 Nov 1999 15:31:20 -0500
Reply-To: [EMAIL PROTECTED]
Martin Trump wrote:
>
> In article <[EMAIL PROTECTED]>, james d. hunter
> <[EMAIL PROTECTED]> writes
> > What is the difference between a random number and a number
> > that is random in the _statistical_ sense? I assume that
> > you are thinking of a random theory of numbers, such
> > as set theory or category theory.
>
> As a non-mathematician I've read this thread in sci.misc with interest.
>
> I have a vague memory of reading long ago that a series of truely random
> numbers will have a particular distribution of serially increasing and
> serially decreasing sequences.
>
> Could anyone refresh my memory please? (In not too technical terms if
> poss :-)
That's one criterion that's used for a pseudo-random sequence.
"Scientists" call them pseudo-random sequences for the same
reason that they call some forces, "pseudo" forces. They are
just basically clueless, clueless, clueless about the universe.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: What sort of noise should encrypted stuff look like?
Date: Wed, 10 Nov 1999 20:39:13 GMT
In article <wOhW3.83$[EMAIL PROTECTED]>,
"karl malbrain" <[EMAIL PROTECTED]> wrote:
>
> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Tom St Denis wrote:
> > > ... why do they call it white noise?].
> >
> > White light consists of all colors of the visible spectrum with
> > approximately equal intensity. So when any spectrum consists of
> > all frequencies with approximately equal intensity, it is called
> > "white". The "noise" aspect should be obvious; if not, try
> > feeding it to an audio player and hear what it sounds like.
>
> No it's not obvious: the noise here is the difference between the
THREE
> frequencies we can actually deal with in our eyes to determine WHITE
as a
> subjective color, and ALL colors of the visible spectrum as an
objective
> analysis. Karl M
The eyes can detect more then three frequencies of light (or RF for you
techies out there). The eyes just happend to be more sensitive to
GREEN then any other color. It just like the human ear is more
sensitive to 1-4khz etc...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Dave Seaman)
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: 10 Nov 1999 15:47:40 -0500
In article <[EMAIL PROTECTED]>,
james d. hunter <[EMAIL PROTECTED]> wrote:
> What is the difference between a random number and a number
> that is random in the _statistical_ sense? I assume that
> you are thinking of a random theory of numbers, such
> as set theory or category theory.
A number is random in the _statistical_ sense if it passes all the
statistical tests for randomness. For example, each possible n-digit
block of digits should occur once in every 10^n digits, in the long run.
In other words, it's a normal number, base 10.
For all we know, pi may very well be normal base 10 (no one has proved it
one way or the other). Even so, pi cannot be a random number, because it
is generated by a finite algorithm.
Randomness means incompressibility. A digit string of length n is random
if there is no way to express it in fewer than n symbols. For example, a
string of 100 1's is nonrandom because "100 1's" has fewer than 100
symbols and it determines the string. An infinitely long string of
symbols is nonrandom if there is any finite way to generate the string.
That's why pi is excluded.
On the other hand, there are only countably many real numbers that have
finite descriptions, and therefore the remaining numbers are all "random"
in this sense. It's just that we obviously can't name such a number in
any finite amount of space.
--
Dave Seaman [EMAIL PROTECTED]
Stay of execution granted for Mumia Abu-Jamal.
<http://mojo.calyx.net/~refuse/altindex.html>
------------------------------
From: Russell Harper <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Wed, 10 Nov 1999 20:56:19 GMT
Mike Oliver wrote:
> ...
> Maybe I'm misunderstanding you, but if I'm not, then your parenthetical
> remark is impossible. Any number whose radix-b representation (any b) may be
> calculated with a fixed finite amount of memory, is in fact rational.
> ...
I'm probably mistaken - but there's supposed to be some computational
advantage to the Bailey-Borwein-Plouffe Pi Algorithm above and beyond
that it uses powers of sixteen, and a related memory advantage.
Otherwise I'm not sure what the fuss is about...
Russell
------------------------------
From: "james d. hunter" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Wed, 10 Nov 1999 16:04:14 -0500
Reply-To: [EMAIL PROTECTED]
Dave Seaman wrote:
>
> In article <[EMAIL PROTECTED]>,
> james d. hunter <[EMAIL PROTECTED]> wrote:
>
> > What is the difference between a random number and a number
> > that is random in the _statistical_ sense? I assume that
> > you are thinking of a random theory of numbers, such
> > as set theory or category theory.
>
> A number is random in the _statistical_ sense if it passes all the
> statistical tests for randomness. For example, each possible n-digit
> block of digits should occur once in every 10^n digits, in the long run.
> In other words, it's a normal number, base 10.
But, the statistical tests for randomness are subject to the
whims of the statistitians.
> For all we know, pi may very well be normal base 10 (no one has
proved it
> one way or the other). Even so, pi cannot be a random number,
because it
> is generated by a finite algorithm.
>
> Randomness means incompressibility. A digit string of length n is
random
> if there is no way to express it in fewer than n symbols. For
example, a
> string of 100 1's is nonrandom because "100 1's" has fewer than 100
> symbols and it determines the string. An infinitely long string of
> symbols is nonrandom if there is any finite way to generate the
string.
> That's why pi is excluded.
"Incompressible" is one definition of "random". It's not the
only one and sometimes not the best one.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: talk.politics.crypto,talk.politics.misc
Subject: Re: Phraseology [U-Boat Enigma Machines]
Date: Wed, 10 Nov 1999 21:28:19 GMT
Patricia Gibbons <[EMAIL PROTECTED]> wrote, in part:
>I would think that "submerge" is when it goes under on purpose
>and "sink" is when it went under water in a manner other than
>on purpose..
I thought that that's what I said!
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
