Cryptography-Digest Digest #860, Volume #10 Fri, 7 Jan 00 11:13:01 EST
Contents:
Re: If you're in Australia, the government has the ability to modify y (The King)
Re: is signing a signature with RSA risky? (Pascal Scheffers)
Re: Square root attacks against DSA? (Paulo S. L. M. Barreto)
Re: Square? (Paulo S. L. M. Barreto)
Re: Unsafe Advice in Cryptonomicon (Terje Elde)
Re: MARS (Volker Hetzer)
Re: Wagner et Al. (Guy Macon)
Re: OLD RLE TO NEW BIJECTIVE RLE (John Savard)
Re: Truly random bistream ("Tony T. Warnock")
----------------------------------------------------------------------------
Date: 7 Jan 2000 08:25:34 -0000
From: The King <[EMAIL PROTECTED]>
Subject: Re: If you're in Australia, the government has the ability to modify y
>> Why does anyone think that a warrant is needed in America
>> any more? FBI agents walked into a home in central CA
>> looking for evidence, no warrant, no request to enter,
>> just brushed the owner aside- looking for evidence of two
>> militia men's attempt to blow up two huge gas tanks.
>> So the man who was brushed aside (yes, they just walked
>> in right in front of him) decided he should leave that
>> militia after the FBI visit.
>
> This doesn't sound right. Unless there is a warrant, eminent danger,
> owner approval, police can't just come in. /If/ they did, they know
> that any evidence would be thrown out of court as illegally obtained.
Poppycock. The 4th Amendment has been rent asunder by 20 years worth of
government pecking under the banners of "War on Drugs" "War on Crime"
and the latest boogieman "Domestic Terrorism", just as most of the other
rights we mere citizens are supposed to have. Hell, the law-enforcement
industry even wants to repeal the Miranda decision. Read up on the RICO
and CALEA statutes.
> If this did happen, the home owner should sue.
Sure he can sue. But first he must go to court and the court must decided
to *let* him sue. Then he can go to court again to sue. Then he can grind
for years in the court system, spending every last dollar over a period of
years battling the law-enforcement industry with their infinite time money
and manpower, all to be told "Yes the cops were wrong to do that. Sorry."
A citizen should never *never* NEVER allow a LEO onto his property and
especially his home unless presented with a warrant. If a LEO wants to talk
to you, tell him you'll be happy to speak with him at some neutral location
with your attorny present. If you don't have an attorney you'd best get one
right quick!
Steve
------------------------------
From: [EMAIL PROTECTED] (Pascal Scheffers)
Subject: Re: is signing a signature with RSA risky?
Date: Fri, 07 Jan 2000 08:33:02 GMT
>I don't understand what you mean. You sign a message (not a
>signature).
I should re-phrase my question:
Basically, can Alice generate another message and, by modifying her
private exponent, still get the same signature?
Can Alice later generate a signature over m', with another private
key.
m^s_a mod n_a = m'^s_a' mod n_a
What I intend to do in practice is:
Alice has a message for Bob. She signs it.
Alice sends the signature of the message to Trent, who then adds a
timestamp and gives the timestamp and his signature over it back to
alice.
Alice sends the message with her signature and Trents timestamp to
Bob.
------------------------------
From: Paulo S. L. M. Barreto <[EMAIL PROTECTED]>
Subject: Re: Square root attacks against DSA?
Date: 7 Jan 2000 03:17:15 -0800
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
>
>Attack the r value using Pollard rho, which can then be used to discover the
>private key from s.
This was my very first idea, but how do you start the attack? Pollard rho
assumes (as do Pollard lambda and Shanks) that you know g^k mod p, but all you
have is (g^k mod p) mod q.
Paulo.
------------------------------
From: Paulo S. L. M. Barreto <[EMAIL PROTECTED]>
Subject: Re: Square?
Date: 7 Jan 2000 03:06:21 -0800
In article <853p87$h7b$[EMAIL PROTECTED]>, Scott says...
>
>In article <[EMAIL PROTECTED]>,
> Paul Crowley <[EMAIL PROTECTED]> wrote:
[...]
>>For some applications the smaller block size could be a disadvantage.
>>Square has a 128-bit blocksize. Rijndael supports blocksizes of 128,
>>192, and 256 bits.
>I haven't looked at Rijndael in detail, but do you mean "keysizes of 128,
>192, and 256 bits"? An AES candidate must support those three keysizes,
>but need support a block size of only 128 bits.
Yes, he does. Rijndael supports both keysizes and blocksizes of 128, 192, and
256 bits, giving 9 combinations. The number of rounds is size dependent,
however: 10 rounds if both parameters are 128, 12 rounds if the larger of them
is 192, and 14 rounds if the larger of them is 256.
Paulo.
------------------------------
From: [EMAIL PROTECTED] (Terje Elde)
Subject: Re: Unsafe Advice in Cryptonomicon
Date: Fri, 07 Jan 2000 11:58:09 GMT
In article <[EMAIL PROTECTED]>, John Savard wrote:
>However, although the display is the _easiest_ target, given a
>competent adversary, the actual computations the computer is
>performing, signals to and from the keyboard, signals to and from the
>hard drive, and so on, are also targets, and thus, TEMPEST-type
>precautions deal with *all* RF emissions from a computing device.
In stephenson's defense it should be said that we already know he was
using a encrypted harddrive, and he wasn't typing exactly typing in the
cleartext in the normal sense of the word either.
Terje Elde
--
BOO!
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: MARS
Date: Fri, 07 Jan 2000 13:07:59 +0000
Albert Yang wrote:
>
> I agree with you. Mars I don't trust in terms of security; so right off
> the bat they are out in my book. RC6 is clean, and easy to remember,
> but it doesn't fit well in things like smartcards etc... And also, when
> you get off the 32 bit platform, it's performance drops dramatically.
Not to forget
http://csrc.nist.gov/encryption/aes/round2/comments/19990812-lknudsen.pdf .
> Twofish and Rijndael both are close to RC6 in terms of speed, and both
> fit in 8 bit devices well. Rijndael is based off square, and fairly
> new, so that's what I think it might have against it, otherwise a great
> algorithm.
Rijandel is not US. Even if the US gov. has finally stopped declaring the
rest of the world to be cryptographically inferior I can't imagine NIST
choosing an algorithm whose inventors are juristically immune to any
gagging for US "national security" reasons.
Same goes for serpent.
> Twofish seems a bit complex. Serpent is slow compared to
> the twofish and rijndael. But it's overly conservative, which is a good
> thing in the crypto world IMHO, and so it has a chance based on it's
> security margain. Also, those 3 are all free, which means I can use it
> without royality, which makes me smile.
But the winner is required to be royalty free. Mars as well as any other.
This leaves (for me) Mars and Twofish. I'd place my bets on that
order.
Greetings!
Volker
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Wagner et Al.
Date: 07 Jan 2000 08:24:52 EST
In article <uzQjtsMW$GA.253@cpmsnbbsa02>, [EMAIL PROTECTED] (Joseph Ashwood) wrote:
>
>I find your claim that the memory space is not accessable somewhat suspect.
>I for one have used MS VC++'s attach to process option for debugging quite
>often, and have for the most part not had it fail, even on programs for
>which I did not have source access. This indicates to me that there are
>debugger calls in the system which allow access in just exactly the way you
>claim cannot be done.
> Joseph
It would help a great deal if you would argue against what is actually
being claimed. Try "the memory space is not accessable UNDER NT UNLESS
THE ADMINISTRATOR ACCOUNT TURNS ON THAT ABILITY FOR YOUR CLASS OF USER".
First of all, were you using NT? NT has better security than 95/98.
Second, were you logged on as Administrator? If you were logged on
as an ordinary user, your debugging attempt would have failed.
Under Administrative Tools --> User Manager --> Policies --> User Rights
with "Advanced User Rights" clicked, you will find the list of which
users can debug programs.
NT has good enough security to get a C3 rating in non-networked mode.
Alas, the default configuration isn't all that secure, but once you
lock things down properly, it is very secure indeed.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: OLD RLE TO NEW BIJECTIVE RLE
Date: Fri, 07 Jan 2000 13:54:25 GMT
On Fri, 07 Jan 2000 05:24:42 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote:
>You are really reaching now. The huffman was bad enough but RLE?
>It's not even worth thinking about. Why not work out a more efficent
>enigma or something?
I could think of many reasons to criticize his posts, or to dismiss
the importance of his work, but this is not one I would have thought
of.
Anyhow, whatever techniques he is using with RLE are likely to be more
similar than those needed for Huffman - which does have its place - to
those needed to achieve David A. Scott's goal of one-to-one
compression with a compressor of the type you seem to approve of, the
Lempel-Ziv family. Perhaps that's what we're going to hear about next.
(For myself, while I too think removing certain reduncancies from
compression have their uses, I quarrel with any attempt to emphasize
one-to-one purity at the expense of bias. That was the flaw in his
Huffman proposal.)
For LZ type compression, what I would do to improve things is: instead
of starting from the beginning to add an extra bit to every character
to say "this is just a character", I would echo literally the
uncompressed file until the first repeat of a previously used byte
value. Before that happens, it is impossible for a repeat of a
previously used string of bytes to take place.
Of course, doing that one may miss the chance to flag that first byte
repeat as part of a _two-byte_ repeated string.
Since the length of the buffer of past strings isn't always a power of
two, using a Huffman code (or at least a prefix-property variable
length code) (longer codes to the older strings, or those least
recently used) or even arithmetic coding might be the sort of thing DS
will consider using to improve LZ, although combining LZ and Huffman
may have already been done.
But LZ is sufficiently complicated that if DS is addressing RLE in
order to "warm up" for that task, I cannot object, on the basis of the
admittedly limited utility of RLE, to his sharing his intermediate
results with us.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Truly random bistream
Date: Fri, 07 Jan 2000 08:04:15 -0700
Reply-To: [EMAIL PROTECTED]
Once you have used the bits, they are not random anymore. Two
computations done with the same bit stream are correlated. If the stream
is used twice to encode and decode a single message, this is fine. If it
is used again it's not good anymore. See the Venona page.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
