Cryptography-Digest Digest #656, Volume #10 Wed, 1 Dec 99 02:13:02 EST
Contents:
Re: AES cyphers leak information like sieves (wtshaw)
Re: Open BCRYPT/1 brute-force analysis (David Hopwood)
Update for the SCOTT19U Contest (SCOTT19U.ZIP_GUY)
Re: Cryptological discovery, rediscovery, or fantasy? (David Hopwood)
Re: bits of diffiehellman private key (David Hopwood)
Re: bits of diffiehellman private key (David Hopwood)
Re: bits of diffiehellman private key (Scott Fluhrer)
Re: digraph frequencies (William Rowden)
Re: What part of 'You need the key to know' don't you people get? (Brian Chase)
Re: What part of 'You need the key to know' don't you people get? (Brian Chase)
Re: What part of 'You need the key to know' don't you people get? (Brian Chase)
Re: more about the random number generator (Guy Macon)
Re: What part of 'You need the key to know' don't you people get? (Brian Chase)
Decyption proof cellphones in Europe? [x3] (The Watchman)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: AES cyphers leak information like sieves
Date: Tue, 30 Nov 1999 22:47:48 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> > In article <[EMAIL PROTECTED]>, "Peter K. Boucher"
> > <[EMAIL PROTECTED]> wrote:
> > > Posting insults laced with obscenity is not conducive to either
> > > endeavor.
> > Street English may be beneath the ability of some to understand.
I thin you did not understand this...some expressions are trivial and part
of the rubric of some upbringings.
>
> Insults laced with obscenity have no place in an intellectual
> discussion. Generally, when somebody takes that tack then it
> appears that they have no further intellectual content to
> convey, perhaps because they lost the technical debate.
We will see if that is the case here.
>
> Anyway, dignifying illiteracy with fancy names doesn't make
> it any more legitimate.
I agree it is illegitimate, and not preferred. You do need to get beyond
it if you can, or at least not let it get in your way. Now is the time for
the military to dismiss any that do not follow the same rule, or do they
tolerate it because it is legitimate there?
Does the security of the country depend on the purity of language, work in
spite of expletives, or depend on their inclusion? Remember, David
learned to talk the talk and walk the walk of the military, where his
language and behavior would be acceptable from what I have seen myself.
At least, it is legal in context.
--
Love is blind, or at least figure that it has astigmatism.
------------------------------
Date: Wed, 01 Dec 1999 03:53:00 +0000
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Open BCRYPT/1 brute-force analysis
=====BEGIN PGP SIGNED MESSAGE=====
At <http://members.tripod.de/privacy/>, there are some documents
analysing the security of "Open BCRYPT", which implements passphrase-
based symmetric encryption, by the program's author.
However, there is a serious error in the analysis of brute force
cracking times, at <http://members.tripod.de/privacy/cracking.txt>.
The page says:
# the assumptions are based on RFC 1810, Report on MD5 Performance,
# June 1995, from which i quote:
#
# "MD5 cannot be implemented in existing technology at rates in excess
# of 256 Mbps in hardware, or 86 Mbps in software."
This is for a *single instance* of MD5. A brute force attack on a
passphrase hash allows effectively unbounded use of parallelism, so
these rates must be multiplied by the number of instances.
That means that the times estimated for a brute force crack (for example,
360 years for an 8-character random alphanumeric password, although
I haven't checked the other assumptions that is based on) must be divided
by the number of hash instances the attacker can afford to implement and
run in parallel.
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
"Attempts to control the use of encryption technology are wrong in principle,
unworkable in practice, and damaging to the long-term economic value of the
information networks." -- UK Labour Party pre-election policy document
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOESbYjkCAxeYt5gVAQEwAAgAiF403i5eSkJAnSVTYsPZ1mm84g5OGHJc
sNxg8bjv9L9nb/81W5b5+3t0FRYn7gj0OsRY9EG+oKSlRoXp27kvCNg6/ZYD8EzH
PnYC+118VmvsCd4LutVDzkmFLhT7up3IT9TKxVB5aXUyu38kqvdOCwSCdAF6rvMj
6UOvaKp0P4TigC2rNnH4TVhb9HSbqphv11aJwieUoEe3IuO2Nk6rILdjSxg07cD9
8X7hxpOsB2iXSPuP0676d9y36gxy8MOfeIzqSyfUZpEX9nyfqHj7L6mgGzxRP92K
pFIRfVzC8a2gxiZinG44PRwPGgXqzQvITDUV37NleszmKFfbL9lbcg==
=IsMS
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Update for the SCOTT19U Contest
Date: Wed, 01 Dec 1999 05:22:53 GMT
The latest clue is on my site. This is the last clue I will end it
XMAS day. Later this month will Load the "One to One RLE
with adaptive huffman compressor" on a test file of
abbaaabbb up to a 1000 character string so file 500,500 bytes long
the program achiveces better than 280:1 compression and
still statisfes Comprss(Decompress(X))=X for any file X
as well as Decompress(Compress(X))=X fpr any file X.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
Date: Wed, 01 Dec 1999 04:01:12 +0000
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: sci.math,sci.misc,alt.privacy
Subject: Re: Cryptological discovery, rediscovery, or fantasy?
=====BEGIN PGP SIGNED MESSAGE=====
Lyal Collins wrote:
>
> It's also very easy to use on-time symmetric keys that can never be
> recovered even if the user does provide the password.
>
> If every use of the password results in a new key, then the password
> is of no use in recovering prior messages.
That doesn't necessarily follow. It is true only for cryptosystems that
provide perfect forward secrecy.
> If only the recipient can decode the message, then you need to trust
> your recipient to not disclose the contents.
>
> And, this is easy to achieve by either symmetric or public key based
> techniques without the overhead of handshaking.
Perfect forward secrecy is typically only achievable in systems that use
public key techniques, and some kind of handshaking (i.e. two-way
communication) - although the handshaking may be spread over more than
one message not sent at the same time.
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
"Attempts to control the use of encryption technology are wrong in principle,
unworkable in practice, and damaging to the long-term economic value of the
information networks." -- UK Labour Party pre-election policy document
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOESdZTkCAxeYt5gVAQEUYwgAwzujkKBTZZ5eualvHxkQbAVW9B4H0j7w
71Kc9tBfhYtC1fRkxWACzGMakqbMI2gmUojC5LiMgIhHyNrPu0svamKm8bEorFum
lGPtI/JfNGdwgyh5BXnvfGEfutSiUYWRIDu9+REWzj9kHRRMtDLFy4y9vNvsrMVT
VwLGYlSWQizEH22jM+PrPC/3GRGbMjVmNdsQ9G6xrvUZztDKo1dhx92K3ZfqRL8C
+681nRiUYxCsZF0RguT8PA87KloaG28lCS1UW+sm5I4pZfOnV3cwSwHAx+1QA8BL
sGVBEFYDX7nGVvNO55H3AgJcu+ex3r16793QCE9b2p9dK1e3ksHDSA==
=X34i
=====END PGP SIGNATURE=====
------------------------------
Date: Wed, 01 Dec 1999 04:04:07 +0000
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: bits of diffiehellman private key
=====BEGIN PGP SIGNED MESSAGE=====
Tom St Denis wrote:
>
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (DJohn37050) wrote:
> > All generators are equal in that if you can solve for one, you can
> > solve for any. But there are some concerns if a bad guy could PICK
> > a generator that is in a known relationship (known only to the bad
> > guy) to another generator.
> >
> > And the generator should generate a prime order subgroup, else you
> > may be open to small subgroup attacks, see IEEE P1363.
>
> By small subgroup attacks you are refering to the giant-step, baby-step
> algorithm right?
No. A small subgroup attack is an active attack where the agreed value
is forced to lie in a small set, which can then be brute-forced. In
the general case, this could happen because one or both of the public
keys used are not valid, or because one or both of the values sent in
the protocol are chosen to be g^((p-1)/k) for some small k.
In itself this isn't very significant for plain, unauthenticated
Diffie-Hellman, because:
a) the legitimate parties Alice and Bob gain nothing from forcing the
secret value to lie in a small set (since they could just as easily
leak the session key).
b) plain Diffie-Hellman has other active attacks against it (e.g. man-in-
the middle) which are usually no harder to apply than a small subgroup
attack.
The P1363 annex talks about it in the context of MQV (an authenticated
protocol based on Diffie-Hellman), where it is significant.
> Does anybody have [the baby-step giant-step algorithm for discrete logs]
> in .ps or .pdf format somewhere? I would love to read about it.
http://www.cacr.math.uwaterloo.ca/hac/about/chap3.ps or .pdf
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
"Attempts to control the use of encryption technology are wrong in principle,
unworkable in practice, and damaging to the long-term economic value of the
information networks." -- UK Labour Party pre-election policy document
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOESeBTkCAxeYt5gVAQGjcAf/bJ650EiwSXoxu8MqlH+bk9fv0sQVBlXp
PsldnDagFMMmGug9trXj5fHoE6tZF9twCvQ+4zZwqOEMyuz0wVWZzgt4jOaJpWsG
ufxF24S3LSM5+283lqlNSyEtuzJOhCXIC/7L/bPt2oc3aW/8DeP1UgrfcXyBlEPP
xRgBuvLpDQZ3VNCcssbWq09xKjlOjtFOw8RAbT5cQ7K95IOSgKbZK/D2cdhsOnT9
fQaYeiJf9yfeANeQfNWLupjOO7TmlvnfV6Z5/yqfIasBv3x21iBFGa4k50BonkCN
VtR1dgar8N3pWjQuHYTSDu1p5lKfM56ECA/R4uGdgOKioL/7Fjb2Ag==
=VwxF
=====END PGP SIGNATURE=====
------------------------------
Date: Wed, 01 Dec 1999 04:06:04 +0000
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: bits of diffiehellman private key
=====BEGIN PGP SIGNED MESSAGE=====
DJohn37050 wrote:
>
> No, that is not small subgroup. See IEEE P1363 security considerations
> annex for DH.
In case anyone has difficulty finding this, the P1363 home page is at
http://stdsbbs.ieee.org/groups/1363/index.html
(To get the username and passphrase, subscribe to the stds-p1363 mailing
list; you can then unsubscribe if you like. I don't really know why they
bother with this, but I suspect I would be told off for publishing the
username/passphrase here.)
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
"Attempts to control the use of encryption technology are wrong in principle,
unworkable in practice, and damaging to the long-term economic value of the
information networks." -- UK Labour Party pre-election policy document
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOESefzkCAxeYt5gVAQHmnAf/dmmeUj5w21YHLuZg0Kz4klpTQpkYrXJF
ZUBi+z8c7dEQRdBEUl0qw59clA0Anz7xzsWzxbEEEcs2osj1GaVqSiDruH21RE/H
Jl1G1eQgCuhAsBqiyVt1xb0Nu88rYd5HuiBNxR/+Xd3IYr7cW+JmQWzCNaNWqO1U
WeXRHnfyDZ/nWPw0L6kj5e/IdxRw/giHXMEhUWiPly5BbSGtkWjDlk1IXCi0Pa/o
ZkKBpQKktOSY5ZT9MunwOqDk4KITcASBNbeTrNiwEnzy+UgCDe7yt4NAkP8igCjB
WzcIrqQYYAtux8iUDCdDH9WcPiL4ALCloNBDjjOlceOOfWKj6/DrnQ==
=7CvS
=====END PGP SIGNATURE=====
------------------------------
From: Scott Fluhrer <[EMAIL PROTECTED]>
Subject: Re: bits of diffiehellman private key
Date: Wed, 01 Dec 1999 05:47:34 GMT
In article <[EMAIL PROTECTED]>,
David Hopwood <[EMAIL PROTECTED]> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Tom St Denis wrote:
>>
>> In article <[EMAIL PROTECTED]>,
>> [EMAIL PROTECTED] (DJohn37050) wrote:
>> > All generators are equal in that if you can solve for one, you can
>> > solve for any. But there are some concerns if a bad guy could PICK
>> > a generator that is in a known relationship (known only to the bad
>> > guy) to another generator.
>> >
>> > And the generator should generate a prime order subgroup, else you
>> > may be open to small subgroup attacks, see IEEE P1363.
>>
>> By small subgroup attacks you are refering to the giant-step, baby-step
>> algorithm right?
>
>No. A small subgroup attack is an active attack where the agreed value
>is forced to lie in a small set, which can then be brute-forced. In
>the general case, this could happen because one or both of the public
>keys used are not valid, or because one or both of the values sent in
>the protocol are chosen to be g^((p-1)/k) for some small k.
Actually, for those k's that are too large for brute force, but sqrt(k)
are not, and you have O(sqrt(k)) memory sitting around, big-step/little-step
works just fine. And, IIRC, Pollard Rho is another way of achieving the
same work effort, without the memory requirement. Either of these attacks
increases the size a subgroup must be so that it is not a security problem.
--
poncho
------------------------------
From: William Rowden <[EMAIL PROTECTED]>
Subject: Re: digraph frequencies
Date: Wed, 01 Dec 1999 05:49:03 GMT
In article <81ktar$it1$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> Can anybody provide me with a table of frequencies for two-letter
> combos in the englis language? (digraphs)
Courtesy of O. Phelps Meaker via Helen Fouche Gaines, a chart showing
frequencies of English digrams ("actual count made on 10,000 letters of
literary text"--find the missing letter) is below. The format is
comma-separated values, ready for importing into your favorite
spreadsheet or text program. (Watch out for line wrap; lines
generally begin with a comma and a letter.) The request didn't specify
which type of digrams; the values below must be without regard to word
breaks (since the rows and columns are equal). Now go buy
_Cryptanalysis: a study of ciphers and their solution_ so Dover
Publications, Inc. doesn't hunt us down.
,,First Letter,,,,,,,,,,,,,,,,,,,,,,,,,,
Second,,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,Total
Letter,A,1,8,44,45,131,21,11,84,18,,,34,56,54,9,21,,57,75,56,18,15,32,3,
11,,804
,B,32,,,18,11,2,2,1,7,,,7,9,7,18,1,,4,13,14,5,,,,11,,162
,C,39,,12,4,64,9,1,2,55,,,8,1,31,18,,,14,21,6,17,,3,5,10,,320
,D,15,,,10,107,1,1,1,16,,,28,2,118,16,,,16,6,9,11,,4,,4,,365
,E,,58,55,39,39,25,32,251,37,2,28,72,48,64,3,40,,148,84,94,11,53,30,1,12
,5,1231
,F,10,,1,12,23,14,3,2,27,,,5,,8,94,,,6,13,5,1,,1,,3,,228
,G,18,,,2,20,1,1,,10,,,1,,75,3,,,6,6,1,12,,,,5,,161
,H,,,46,3,15,6,16,5,,,,,1,9,3,7,,3,30,315,2,,48,,5,,514
,I,16,6,15,57,40,21,10,72,,,8,57,26,37,13,8,,77,42,128,5,19,37,4,18,2,71
8
,J,,2,,1,1,1,,,,,,1,,3,,,,1,,,,,,,,,10
,K,10,,8,,2,,,,8,,,3,,3,5,,,11,2,,,,,,,,52
,L,77,21,16,7,46,10,4,3,39,,,55,,10,17,29,,12,6,12,28,,4,,6,1,403
,M,18,1,,9,43,3,1,1,32,,,4,5,7,44,,,15,14,14,9,,1,,4,,225
,N,172,,,5,120,2,3,2,169,,3,1,3,9,145,,,12,19,8,33,,10,,3,,719
,O,2,11,59,37,46,38,23,46,63,4,3,28,28,65,23,28,,54,71,111,2,6,17,1,28,,
794
,P,31,,1,7,32,3,1,1,3,,,2,16,7,29,26,,8,24,8,17,,2,4,7,,229
,Q,1,,,1,14,,,,,,,2,,,,,,,2,,,,,,,,20
,R,101,6,7,10,154,4,21,8,21,,,2,,5,113,42,,18,6,30,49,,1,,5,,603
,S,67,5,1,32,145,8,7,3,106,,2,12,6,51,37,3,,39,41,32,42,,3,,17,,659
,T,124,,38,39,80,42,13,22,88,,1,19,6,110,53,14,,63,121,53,45,,6,1,21,,95
9
,U,12,25,16,8,7,11,8,2,,4,,8,13,12,96,7,20,6,30,22,,,1,1,1,,310
,V,24,,,4,16,1,,,14,,,2,,4,13,,,5,2,4,,,1,,3,,93
,W,7,,1,9,41,4,2,7,1,,3,5,2,15,36,1,,10,27,16,,,2,,14,,203
,X,,,,,17,,,,1,,,,,1,,,,,,,1,,,,,,20
,Y,27,19,,6,17,1,1,1,,,3,47,3,14,4,2,,17,4,21,1,,,,,,188
,Z,1,,,,,,,,4,,,,,,2,,,,,,1,,,,,1,9
,Total,805,162,320,365,1231,228,161,514,719,10,51,403,225,719,794,229,20
,602,659,959,310,93,203,20,188,9,10000
--
-William
SPAM filtered; damages claimed for UCE according to RCW19.86
PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2000-08-01
Fingerprint: FB4B E2CD 25AF 95E5 ADBB DA28 379D 47DB 599E 0B1A
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Brian Chase)
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Wed, 1 Dec 1999 06:02:39 GMT
In article <[EMAIL PROTECTED]>,
Jerry Coffin <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>> It seems to me that a block chaining mode that diffuses information from
>> the plaintext throughout the cyphertext will generally cause the analyst
>> more problems.
>
>In theory it might help prevent some types of known plaintext attacks.
>In reality, unless there IS a known-plaintext attack to prevent, it
>makes no difference at all.
I guess a good question would be "known by whom?" Non-public entities
like the NSA, other countries' intelligence agencies, and even private
corporations, will always have access to _at least_ as much knowledge as
is publicly discussed. The general cryptographic community will never
have access to any set of knowledge greater than any of these other
entities. We're always at a disadvantage with respect to everyone else.
In theory we can be as good as they are, but we'll never be better.
So where does that leave us? Unless we can prove there are no
cryptanalysis methods which can compromise a given cipher, not taking
futher measures to ensure that cipher is secure is just plain
irresponsible.
At the very least, diffusing the original plaintext message information
throughout the entire enciphered message does seem to ensure that common
cryptanalysis practices are less likely to succeed on message fragments.
... And I'll reiterate, to hell with error detection/correction
capabilities inherent to an encryption algorithms. Leave that to the
mechanism by which you actually communicate your encrypted messages. In
the very best case, predictable structure in your encrypted data will have
no impact on cracking it. But under circumstances where you can't prove
you're cipher is operating in this best case scenerio, why take the risk?
The odds are that the redundancy will weaken the cipher.
Isn't this just common sense, or am I on drugs here?
-brian.
--
--- Brian Chase | [EMAIL PROTECTED] | http://world.std.com/~bdc/ -----
It was powered by one AA battery from Radio Shack, in other words, half
a normal AA battery. -- K.
------------------------------
From: [EMAIL PROTECTED] (Brian Chase)
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Wed, 1 Dec 1999 06:28:44 GMT
In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> wrote:
>James Felling <[EMAIL PROTECTED]> wrote:
>: Ah.. I see my error.
>
>[snip]
>
>: I see your point. Notationally the steps are
>: 1.Encrypt M with K, V is IV.[C=Ek(V,M)]
>: 2. DECRYPT C with K, X is IV.[D=Dk(X, Ek(V, M))]
>
>: The first block out is M[1] XOR V XOR X
>: The second is M[2], and the ith is M[i]
>
>: The IV drops out after block 1.
>
>: I see. Excellent point.
>
>The initial value the message was encoded with is irrelevant to decrypting
>any but the first block of any chunk of the message you might have.
>
>Now we just have to wait to see if Tom St Denis can grasp this.
Wow, this has been an amazingly difficult point to get across. I commend
your efforts Tim. In the several hundred messages I've read through
today, I can almost understand David Scott's expression of frustation.
:-) Well, almost. Certainly his attitude and approach only aggravates
matters, but everyone here outside of you tends to preemptively dismiss
David's posts.
Too many people here get their panties all bunched up to easily. And I
get the distinct impression that a little more "empirical" investigation
would be beneficial to the group. Math is fun and well suited for playing
around with.
-brian.
--
--- Brian Chase | [EMAIL PROTECTED] | http://world.std.com/~bdc/ -----
It was powered by one AA battery from Radio Shack, in other words, half
a normal AA battery. -- K.
------------------------------
From: [EMAIL PROTECTED] (Brian Chase)
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Wed, 1 Dec 1999 06:38:25 GMT
In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> wrote:
>Tom <[EMAIL PROTECTED]> wrote:
>: As to this being a weakness - it means you only need two blocks for
>: brute force. That's unimportant, as far as I can tell. [...]
>
>If that were all it meant, nobody would be bothering point it out.
>
>It *also* means that /any/ other type of crack - besides brute force -
>/also/ only needs part of the file. This affects attacks based on known
>plaintexts, chosen plaintexts, adaptive chosen-partial plaintexts - in
>fact virtually any cryptanalytic technique you care to think of.
>
>Knowing part of a file is more common than knowing all of it.
>
>Choosing part of a file is easier than choosing all of it.
I think this flaw is even more significant. It seems likely that given
the full set of encrypted message blocks or a large number of them, one
would better the chances at a successful cryptanalytic attack.
I think it's true that there is no proof that it's easier to crack with
the additional blocks, but it's certainly not harder with more blocks.
-brian.
--
--- Brian Chase | [EMAIL PROTECTED] | http://world.std.com/~bdc/ -----
It was powered by one AA battery from Radio Shack, in other words, half
a normal AA battery. -- K.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: more about the random number generator
Date: 01 Dec 1999 01:49:12 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Brian Chase) wrote:
>Naive question here. Let's say you had access to some "optimum
>compressor" which would take arbitrary data sets distill them into their
>most compact form. By definition, the resulting data must have no
>predictable redundancies, yes? Could you use optimally compressed data
>sets as sources for random numbers?
Last night I wrote a lossless compression routine that runs fast and packs
over a megabyte of data into a single bit. I have a minor bug somewhere
in the decode routine, but I am sure that I will have it fully debugged
by this time tomorrow...
--
Numeric Recipes? Who would ever want to cook a numeric?
------------------------------
From: [EMAIL PROTECTED] (Brian Chase)
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Wed, 1 Dec 1999 06:52:05 GMT
In article <81k552$3pa$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
>My point is your line of thinking is as valid as 'no cipher is secure
>because the keys are not truly random'. This is potentially true, but
>not practically true.
>
>No system I know off has been attacked because they use CBC, it's has
>always been bad cipher, bad rng, mem leaks, etc. Therefore your
>concern is unwarranted.
[snip]
So wait, what you're saying is that we shouldn't be concerned with
something that we're not sure is a weakness because we, the disadvantaged
public, have never seen it exploited?
MY GOD! THERE IS AN NSA CONSPIRACY GOING ON HERE!!!
No reasonable concern is unwarranted unless you can prove it is
unwarranted. What kind of mathematicians are you people?!
-brian.
--
--- Brian Chase | [EMAIL PROTECTED] | http://world.std.com/~bdc/ -----
It was powered by one AA battery from Radio Shack, in other words, half
a normal AA battery. -- K.
------------------------------
Date: 1 Dec 1999 06:56:21 -0000
From: [EMAIL PROTECTED] (The Watchman)
Subject: Decyption proof cellphones in Europe? [x3]
Crossposted-To: alt.2600,alt.privacy
Hey Folks,
Yesterday I heard a news commentary by Daniel Schorr of NPR
criticizing some of the technical failings of the US intelligence
community in the face of advances and developments throughout the rest
of the world (e.g. NSA failed to decrypted Indian communications that
would have tipped us off to their pending nuclear tests because of
their use of strong encryption).
He also made a passing comment that "North Koreans are using
decyption-proof cell phones readily available in Europe...." That
caused me to raise my ears. My understanding was that the A5 algorithm
basic to GSM encryption had been broken by a bunch of amateurs a
couple of years back. Anybody know what he's refering to here?
PS: For those interested, the entire commentary can be heard at:
http://www.npr.org/ramfiles/atc/19991129.atc.03.ram
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unlogged. The address shown in the From header, if any,
is unverified and maybe wrong. - Widow Anonymous Remailer -
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
