Cryptography-Digest Digest #659, Volume #11 Sat, 29 Apr 00 06:13:01 EDT
Contents:
Re: Speaking of HD Overwriting... (NFN NMI L. a.k.a. S.T.L.)
Re: factor large composite (Johnny Bravo)
Re: factor large composite (Johnny Bravo)
Re: sci.crypt think will be AES? ([EMAIL PROTECTED])
New and want to learn ("Monolo")
Re: sci.crypt think will be AES? (Roger)
Re: Science Daily overstates significance? (Bill Unruh)
Re: The Illusion of Security ("Joseph Ashwood")
Re: AEES 16 rounds ("Joseph Ashwood")
Help In encryption!!! ([EMAIL PROTECTED])
Help with Encryption Algorithm ("news.shinbiro.com")
Re: A naive question (Mok-Kong Shen)
Re: Another naive question (Mok-Kong Shen)
Re: sci.crypt think will be AES? (Terry Ritter)
Re: sci.crypt think will be AES? (Terry Ritter)
Re: Can a password be to long? ("Douglas de la Torre")
Re: Intel drops serial number (Vernon Schryver)
Re: Karatsuba threshold ("Michael Scott")
Re: A naive question (John Savard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (NFN NMI L. a.k.a. S.T.L.)
Subject: Re: Speaking of HD Overwriting...
Date: 29 Apr 2000 04:30:34 GMT
<<What I failed to make clear is the difficulty of reading the parts where "the
very outer edge of the area affected by the laser will not be as heated as more
central parts of that area [and] on rewriting, jiggling of the laser, etc, may
cause the laser to miss those outer edges and not melt the entire previous
area".
You will have a hard time using light, because the wavelength would be too long
to see such small details.>>
Of course. And no one said reading overwritten HDs was easy either. But my
question still remains: IS there something left there, after a bit has been
overwritten, that would indicate the bit's former state? Even if you have to
go over the CD-RW atom by atom with an STM.
-*---*-------
S.T. "andard Mode" L. ***137***
STL's Wickedly Nifty Quotation Collection: http://quote.cjb.net
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Date: Sat, 29 Apr 2000 00:41:38 -0400
On 27 Apr 2000 23:45:26 GMT, David A Molnar <[EMAIL PROTECTED]>
wrote:
>> Yeah, but those clients were just returning bogus information so
>> that the score for that person was inflated. The SETI@Home people
>> were asking about ways to prevent that from happening.
>
>Yeah - that's why you check each packet 3 times. If you ever see someone
>return bogus information -- as indicated by disagreements among the 3
>checks -- then you can check it yourself. Afterwards set the score of
>liars to zero.
You miss the point, the default result is "nothing unusual". At
best they are looking for a very slim chance of one packet with
something unusual in it. They are not scoring for information found
in a packet, but total number of packets processed. Given that out of
the thousands of packets sent out, all of them return "nothing
unusual". It isn't much of a challenge to just process a small
fraction of a packet and return "nothing unusual".
The real problem is if a true positive is returned as a negative;
quite a loss for the human race just because some moron wants a higher
score on a web page perhaps two hundred people on the planet actually
look at and care about.
One of my suggestions was to distribute false positive packets and
check the returns on those packets.
>> "The most merciful thing in the world, I think, is the inability
>> of the human mind to correlate all it's contents." - HPL
>
>anyone know if the Cthulhu 2000 press kit is out yet?
! Cthulhu for President in 2000. The only Choice to end the last
millennium.*
* - Brought to you by the Eldar Party to elect Cthulhu.
--
Best Wishes,
Johnny Bravo
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all it's contents." - HPL
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Date: Sat, 29 Apr 2000 00:43:41 -0400
On Fri, 28 Apr 2000 19:21:29 GMT, Tom St Denis <[EMAIL PROTECTED]> wrote:
>> Risk vs reward, sure the chances are next to nil that a large RSA
>> key will be broken, but if the machines are going to be sitting idle
>> anyway, why not have them trying to crack it? The cost is nothing,
>> the payoff is huge, and if you get very, very lucky, you succeed.
>
>You are missing a big point. Sure the sieving step of the NFS could be
>done for 768 bit composites, however to actually store and manage the
>matrix when you try to solve it will be a problem. This is why
>factoring general composites > 500 bits is taking a long time.
>
>At best we will have computers to somewhat meet the requirements
>probably in 10 years or less. I dunno the exact requirements to factor
>the number (check any paper on NFS).
Wasn't thinking of NFS. Simple trial and error division on assigned
blocks of divisors to prevent duplication of effort. Nearly no chance
of success, but what the hell. You are using other people's computers
to do the work. And a nice payoff if you get lucky, and no real cost
if you don't. Sort of like getting a free lotto ticket.
--
Best Wishes,
Johnny Bravo
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all it's contents." - HPL
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: sci.crypt think will be AES?
Date: Sat, 29 Apr 2000 04:57:00 GMT
Terry Ritter <[EMAIL PROTECTED]> wrote:
[...]
> what a patent is. A patent is about novelty, and not your particular
> interpretation of what might be worthwhile. A patent is also about
> claims and what the issued patent actually covers, not your
> interpretation of the title. In fact, a good patent will be written
[...]
Yes, but in the case of those examples, at least a couple were clearly
less than novel. Certainly holding your ice cream scoop in a flame is
_not_ the sort of earth shaking science that screams for patent
protection. Nor was I overly impressed with the idea of putting a bell
on you stocking to detect Santa Claus.
Moving on the one that I don't actually understand, it's possible to
patent novelty hats and protect the arangment of whatever silly
objects you've glued to them. Now, I realise people want to protect
their market share, but shouldn't trademarking and copyright issues be
in a seperate forum? Undeniably, the two hats I mentioned were novel,
but not _innovative_.
I also fail to grasp the blanket patent application idea, where some
people (and companies) insist on patenting every idea they ever
have. It would, in my opinion, be better if you could just mail your
application to a seperate section of the office and not even have it
reviewed unless someone tried to patent the same thing later.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: "Monolo" <[EMAIL PROTECTED]>
Subject: New and want to learn
Date: Fri, 28 Apr 2000 21:54:16 -0700
Hello, I am new, and wish to learn lots about cryptology. If anyone would
mind helping me, could you e-mail me at [EMAIL PROTECTED]??? Thanks!
Monolo
------------------------------
From: Roger <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Date: Fri, 28 Apr 2000 22:18:37 -0700
Terry Ritter wrote:
> >Suppose you owned a plot of land, and a neighbor builds a house
> >close to your property line. Certainly the neighbor should know
> >where the line is, and build on his side of the line. You may
> >not know exactly where the line is, and may not think it is
> >your responsibility to know.
> >
> >Nevertheless, a judge is going to expect you to act in a timely
> >manner. If sit back and watch the house being built on your
> >property, then you are probably going to lose that property.
>
> If I hear that somebody is building on a plot adjacent to mine, I
> expect them to know where the dividing line is. And if they do not, I
> may have just gained a living room.
Yes, they should know where the line is. Nevertheless, you will not
gain a living room.
> When NIST comes through with funding to analyze their claim, I may
> consider allocating my time for that. More likely, when AES comes
> into use, I will -- at a time of my choosing -- consider whether the
> standard infringes my property and whether substantial damage has been
> done.
And you can tell the world about how you think you have been
done an injustice. And maybe you will be right. But you won't
get the legal system to do anything for you.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Science Daily overstates significance?
Date: 29 Apr 2000 05:35:33 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (NFN NMI L. a.k.a.
S.T.L.) writes:
>The first statement is right. The second sort of isn't. Quantum computing, as
>I understand it, allows factoring to be done in polynomial time, but it's still
>slower than multiplication. At worst, if I remember correctly, it does not
No, essentially not slower than multiplication. The key size would have
to be astronomical for the difference to be significant.
>spell the death of RSA, just the arrival of larger keysizes. And symmetric
>keysizes will have to be doubled, I think.
Yes, the Grover algorithm could in theory demand that.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Fri, 28 Apr 2000 22:30:31 -0700
Again I will state that these changes change the algorithm,
which of course has different security properties. Changing
the s-boxes certainly changes the security. Changing the key
schedule is as I stated before the difference between
Vigenere and a stream cipher. Changing them both arbitrarily
one could claim that Blowfish, DES, IDEA, and CAST are the
same.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: AEES 16 rounds
Date: Fri, 28 Apr 2000 22:38:44 -0700
The problem I had was that they were not identified in a way
that seperated them from 3rd grade multiplication tables. My
problem was in fact not with the table itself but with the
label. Now that the issue has been clarified it's a
non-issue to me.
Joe
> No, it's a matter of appreciating that conventional
> arithmetic is not the only possible way to combine
> "numbers". In fact, the first table (with or without
> the row/column labels) is commonly known as a "group
> multiplication table" or, for an Abelian group like
> this, sometimes the "group addition table", depending
> on what notation one uses for the binary operator.
------------------------------
From: [EMAIL PROTECTED]
Subject: Help In encryption!!!
Date: Sat, 29 Apr 2000 06:13:10 GMT
Hi:
I was wondering which would be the best and
easiest encryption algorithm to code using C++,
such that it could be implemented for a class
project. Also can someone point me to some
encryption algorithms where there is a full
description of the process.
Thanks a lot!
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "news.shinbiro.com" <[EMAIL PROTECTED]>
Subject: Help with Encryption Algorithm
Date: Sat, 29 Apr 2000 15:52:32 +0900
Hi,
We receive encrytped data from a system that was contractor developed. The
same contractor provided us with a decryption exe file, but we don't have
access to the source code. We want to take over the whole process
ourselves, but need to come up with a way to decrypt the data we receive.
My gut feeling is that the routine isn't rocket science, but it's more than
I can figure out. So,
1. Is there software out there that can analyze an encrypted file, along
with a decrypted version and attempt to determine the encryption scheme?
--or--
2. Anyone out there want to take a look at it?
Thanks,
Charles
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A naive question
Date: Sat, 29 Apr 2000 09:10:12 +0200
"NFN NMI L. a.k.a. S.T.L." wrote:
> If you have, (I don't like 56) 256 bits of cryptographically secure random
> bits, then they can be used as an OTP. Or they can be used as the key to a
> symmetric cipher (block or otherwise) that is "unbreakable" in that its only
> weakness is to brute-forcing. In that case, the longer the message encrypted,
> no weakness appears because of the definition of the cipher. Real ciphers will
> tend to leak more and more information as the amount of ciphertext generated
> increases.
As I wrote in another post, it seems strage that in the above the one is totally
unbreakable, while the other is unbreakable albeit with one weakness that
you mentioned (in both cases message and key have 256 bits).
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Another naive question
Date: Sat, 29 Apr 2000 09:29:39 +0200
Joseph Ashwood wrote:
> In general I'm inclined to say that the difficulty will be
> the same, but if E is chosen properly, the difficulty should
> increase. Honestly this is in terms of analysis difficulty
> this is equivalent to multiple encryption, which is a
> double-edged sword.
Thank you. I think this points out a possible utility of the scheme,
namely
in case the encryption algorithm is not fast enough and one does not
have
a continuous stream of message to transmit the whole day. One can then
with spare time pre-compute C1 (P1 is not any message actually needed
by the partner but is an arbitrarily agreed upon text material) and
then, when
a message P2 is to be sent, simply (quickly) obtain C3 and send it to
the
communication partner, since xor is extremely fast. Of course, there is
management problem in connection with P1 that has to be carefully taken
into
consideration. It may be noted that one could even have several C11,
C12, ......
and xor these to form C1s and use that to compute C3.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: sci.crypt think will be AES?
Date: Sat, 29 Apr 2000 07:33:27 GMT
On Sat, 29 Apr 2000 04:57:00 GMT, in
<wYtO4.62557$[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] wrote:
>Terry Ritter <[EMAIL PROTECTED]> wrote:
>[...]
>> what a patent is. A patent is about novelty, and not your particular
>> interpretation of what might be worthwhile. A patent is also about
>> claims and what the issued patent actually covers, not your
>> interpretation of the title. In fact, a good patent will be written
>[...]
>
>Yes, but in the case of those examples, at least a couple were clearly
>less than novel.
Perhaps *you* have checked out the claims of those patents (in the
context of their body), but *I* sure haven't. Absent that, I am
unwilling to make the uninformed judgment you seem to want.
Everything depends upon the actual claims.
>Certainly holding your ice cream scoop in a flame is
>_not_ the sort of earth shaking science that screams for patent
>protection.
A patent is not about *your* particular interpretation of what might
be worth protecting. Maybe you are not too fond of ice cream scoops,
but some people use them, and in particular ways, and other people
manufacture scoops for those users. The manufacturer may even have an
ice cream scoop design department, and may have paid well for a new
design which has peculiar advantages to certain users, and which they
wish to offer exclusively. What is wrong with that?
>Nor was I overly impressed with the idea of putting a bell
>on you stocking to detect Santa Claus.
But it is not about impressing you.
>Moving on the one that I don't actually understand, it's possible to
>patent novelty hats and protect the arangment of whatever silly
>objects you've glued to them. Now, I realise people want to protect
>their market share, but shouldn't trademarking and copyright issues be
>in a seperate forum? Undeniably, the two hats I mentioned were novel,
>but not _innovative_.
There is a different type of patent -- a design patent -- which just
reflects the arrangement of objects, and not what they do. If someone
is using design patents as the basis for criticizing the PTO, they are
biasing the argument and attempting to deceive.
>I also fail to grasp the blanket patent application idea, where some
>people (and companies) insist on patenting every idea they ever
>have.
But it is not about us. Whoever owns the novel idea can decide
whether they want patent protection. *They* decide.
>It would, in my opinion, be better if you could just mail your
>application to a seperate section of the office and not even have it
>reviewed unless someone tried to patent the same thing later.
That sure would have simplified things for me. Everybody who thinks
it is so easy to get a serious patent should have to actually do it.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: sci.crypt think will be AES?
Date: Sat, 29 Apr 2000 07:37:04 GMT
On Fri, 28 Apr 2000 22:18:37 -0700, in <[EMAIL PROTECTED]>,
in sci.crypt Roger <[EMAIL PROTECTED]> wrote:
>Terry Ritter wrote:
>> >Suppose you owned a plot of land, and a neighbor builds a house
>> >close to your property line. Certainly the neighbor should know
>> >where the line is, and build on his side of the line. You may
>> >not know exactly where the line is, and may not think it is
>> >your responsibility to know.
>> >
>> >Nevertheless, a judge is going to expect you to act in a timely
>> >manner. If sit back and watch the house being built on your
>> >property, then you are probably going to lose that property.
>>
>> If I hear that somebody is building on a plot adjacent to mine, I
>> expect them to know where the dividing line is. And if they do not, I
>> may have just gained a living room.
>
>Yes, they should know where the line is. Nevertheless, you will not
>gain a living room.
>
>> When NIST comes through with funding to analyze their claim, I may
>> consider allocating my time for that. More likely, when AES comes
>> into use, I will -- at a time of my choosing -- consider whether the
>> standard infringes my property and whether substantial damage has been
>> done.
>
>And you can tell the world about how you think you have been
>done an injustice. And maybe you will be right. But you won't
>get the legal system to do anything for you.
And what, precisely, would be your qualifications to make a legal
judgment?
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: "Douglas de la Torre" <[EMAIL PROTECTED]>
Subject: Re: Can a password be to long?
Date: Sat, 29 Apr 2000 00:40:41 -0700
Check out http://www.diceware.com . This is a perfect example of how you
can use a passphrase composed of 'plain English' words, and yet get lots of
security.
Each word in a diceware passphrase adds 15 bits of security.
-Doug
------------------------------
From: [EMAIL PROTECTED] (Vernon Schryver)
Crossposted-To: talk.politics.crypto
Subject: Re: Intel drops serial number
Date: 28 Apr 2000 13:38:40 -0600
In article <[EMAIL PROTECTED]>, Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
>Arturo wrote:
>> Hurrah for them, seems like they finally saw the light.
>
>Which may not have been anonymity concerns so much as the
>realization that they couldn't impose the ID plan on all
>computer architectures, so it was a non-starter.
Especially since the so called "light" was mostly silly noise from people
with far few clues than they think they have about their privacy. Only
kooks, the extremely ignorant, and those with unstated political or other
axes to grind could have ever claimed that the PIII ID in the chip could
affect anyone's privacy. There are so many other globally unique computer
ID's are avaliable and in current use that while the PIII ID would have
been quite handy, it was not significant. The many WIN32 applications
that need system serial numbers are already using the ancient 80*86 CPUID
instruction, the NETBIOS mechanism for getting a LAN MAC address, the
UuidCreate() library function, one of the other mechanisms, or a
combination of those and still other techniques.
The nonsense from the Intel salescritters about how the PIII ID would have
been used in HTTP traffic was even worse than the privacy noise, since
they could have checked with people with technical clues to see that it
was silly.
Vernon Schryver [EMAIL PROTECTED]
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Re: Karatsuba threshold
Date: Sat, 29 Apr 2000 10:56:18 +0100
"Michael Scott" <[EMAIL PROTECTED]> wrote in message
news:LXkO4.8527$[EMAIL PROTECTED]...
> Some experimental results wrt the Pentium/Pentium Pro processor can be
found
> in ftp://ftp.compapp.dcu.ie/pub/crypto/timings.doc
>
...also available as ftp://ftp.compapp.dcu.ie/pub/crypto/timings.ps
Mike Scott
> Mike Scott
>
> Fastest is best.
> MIRACL multiprecision C/C++ library for big number cryptography
> Free implementations of Schoof's Algorithm for Elliptic Curves
> http://indigo.ie/~mscott
>
>
>
>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: A naive question
Date: Sat, 29 Apr 2000 09:54:10 GMT
On Fri, 28 Apr 2000 08:28:44 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>Like mixing water into whisky,
>the qualtity of each cup of the drink rapidly deteriorates as
>more water is involved. Is this line of thought reasonable?
Only one aspect of the quality deteriorates rapidly:
information-theoretic security.
With DES as the cipher, though, brute-force search is possible, and so
the total quality is affected. With a larger key to begin with, and a
good cipher, overall security doesn't deteriorate so rapidly, because
there is the question of the work factor in breaking the message:
Shannon's paper is where you should look.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
