Cryptography-Digest Digest #661, Volume #11 Sat, 29 Apr 00 13:13:01 EDT
Contents:
Re: Intel drops serial number (Andy Dingley)
Re: sboxes for the bored... (Tim Tyler)
Re: sci.crypt think will be AES? ("Trevor L. Jackson, III")
Re: The Illusion of Security (Tim Tyler)
Re: Severe security flaw in FineCrypt v2.1 (=?iso-8859-1?Q?Emmanu=EBl?= Sustronck)
Re: sboxes for the bored... (Tom St Denis)
Re: The Illusion of Security (Tom St Denis)
Re: Intel drops serial number (Isaac)
Re: The Illusion of Security (Tim Tyler)
Extending the sboxgen and differential analysis (Tom St Denis)
Re: Extending the sboxgen and differential analysis (Tom St Denis)
Re: Vs: Requested: update on aes contest (wtshaw)
Janet and John learn about bits (was Re: Problems with OAP-L3) (Richard Heathfield)
Re: sboxes for the bored... (Tim Tyler)
Wanting to learn cryptography ("Monolo")
Re: sci.crypt think will be AES? (Roger)
How would a 15 year old start? ("Monolo")
Re: Wanting to learn cryptography (Tom St Denis)
Re: As long as we are asking naive questions... (Mok-Kong Shen)
----------------------------------------------------------------------------
From: Andy Dingley <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Intel drops serial number
Date: Sat, 29 Apr 2000 15:17:19 +0100
[EMAIL PROTECTED] (Vernon Schryver) a écrit :
>Especially since the so called "light" was mostly silly noise from people
>with far few clues than they think they have about their privacy.
The clueless have one huge advantage over the clueful
- there's far more of them.
It would be nice if state legislators faced with UCITA or Straw's RIP
simply picked up the CluePhone and placed a call to one of several
obvious "names". This isn't likely to happen though, so we need to
learn how to manage the clueless masses in a way that motivates them
against the real issues like these, as well as P3ID
PS - Isn't there something a little "Spook"y about discussing privacy
with someone from "rhyolite" ? I have this vision of "calcite" as a
huge orbiting umbrella 8-)
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: sboxes for the bored...
Reply-To: [EMAIL PROTECTED]
Date: Sat, 29 Apr 2000 14:24:24 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: Terry Ritter wrote:
:> In sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote:
:> >"Douglas A. Gwyn" wrote:
:> >> However, there are apparently different measures of nonlinearity;
:> >> are they strictly equivalent? E.g., do all comparable bent
:> >> functions have the same "Ritter nonlinearity", and is that
:> >> necessarily maximal?
:> >
:> >I dunno what he is talking about the walsh transform (taken from "On
:> >linear cryptanalysis") will give you a negative when the function is
:> >affine, a positive when it's linear and close to zero if it's neither.
:>
:> Is that true? I don't think so. Let's see you deliver a few examples
:> where that is so.
: Look at the paper, there are negative entries in the WT table of SBOX 5.
"Yes", you get negative entries, but "no", it's not possible to relate
negative entries to affine functions and positive ones to linear ones.
:> In any case, Boolean function nonlinearity is defined as a distance,
:> not a direction. [...] Boolean function nonlinearity is the number
:> of bits which must change to reach the closest affine function. [...]
: Yeah of course it's a direction, lower negative = affine, higher
: positive = linear (or is it vice versa?). [...]
Individual entries in the transform do not equate to non-linearity.
Non-linearity can be derived by combining all the entries in the restlting
WT - and the result's always an unsigned value.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
Date: Sat, 29 Apr 2000 11:07:53 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
[EMAIL PROTECTED] wrote:
> Terry Ritter <[EMAIL PROTECTED]> wrote:
> [...]
> > what a patent is. A patent is about novelty, and not your particular
> > interpretation of what might be worthwhile. A patent is also about
> > claims and what the issued patent actually covers, not your
> > interpretation of the title. In fact, a good patent will be written
> [...]
>
> Yes, but in the case of those examples, at least a couple were clearly
> less than novel. Certainly holding your ice cream scoop in a flame is
> _not_ the sort of earth shaking science that screams for patent
> protection. Nor was I overly impressed with the idea of putting a bell
> on you stocking to detect Santa Claus.
>
> Moving on the one that I don't actually understand, it's possible to
> patent novelty hats and protect the arangment of whatever silly
> objects you've glued to them.
Look into the definitions of "utility" and "design" patents. Utility patents
protect functionality and design patents protect esthetics.
> Now, I realise people want to protect
> their market share, but shouldn't trademarking and copyright issues be
> in a seperate forum? Undeniably, the two hats I mentioned were novel,
> but not _innovative_.
>
> I also fail to grasp the blanket patent application idea, where some
> people (and companies) insist on patenting every idea they ever
> have. It would, in my opinion, be better if you could just mail your
> application to a seperate section of the office and not even have it
> reviewed unless someone tried to patent the same thing later.
>
> --
> Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Reply-To: [EMAIL PROTECTED]
Date: Sat, 29 Apr 2000 14:55:48 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: John Savard wrote:
:> >> Tom St Denis wrote:
:> >> > Of course of all the ciphers used since the 70's none of them have yet
:> >> > been broken.
:> But as to the earlier controversial statement:
:>
:> If you mean, starting in 1980, and you don't really mean any cipher
:> that anyone has _used_ since then, but simply those ciphers that were
:> generally recognized as secure in that time, you would still have a
:> problem [snip DES]
:> During the 1970s, there was LUCIFER, which fell to differential
:> cryptanalysis. And during the 1980s and 1990s, lots of people still
:> used snake oil.
: What standard is LUCIFER part of? So what? At the same time FEAL was
: proposed, and broken, so was LOKI89 and a bunch of other ciphers. DES
: was part of a standard.
You /didn't/ say:
"Of all the ciphers internatially recognised as standard since the
70's none of them have yet been broken."
...you said:
"Of course of all the ciphers used since the 70's none of them have yet
been broken."
A little criticism of this seems quite appropriate.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: =?iso-8859-1?Q?Emmanu=EBl?= Sustronck <[EMAIL PROTECTED]>
Subject: Re: Severe security flaw in FineCrypt v2.1
Date: Sat, 29 Apr 2000 15:09:34 GMT
My sincere apologies for not deleting the binary attachment before
posting this forwarded mail. It slipped through before I noticed it.
Again, my apologies.
--
Best regards,
Emmanuël Sustronck
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: sboxes for the bored...
Date: Sat, 29 Apr 2000 15:15:13 GMT
Tim Tyler wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : Terry Ritter wrote:
> :> In sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote:
> :> >"Douglas A. Gwyn" wrote:
>
> :> >> However, there are apparently different measures of nonlinearity;
> :> >> are they strictly equivalent? E.g., do all comparable bent
> :> >> functions have the same "Ritter nonlinearity", and is that
> :> >> necessarily maximal?
> :> >
> :> >I dunno what he is talking about the walsh transform (taken from "On
> :> >linear cryptanalysis") will give you a negative when the function is
> :> >affine, a positive when it's linear and close to zero if it's neither.
> :>
> :> Is that true? I don't think so. Let's see you deliver a few examples
> :> where that is so.
>
> : Look at the paper, there are negative entries in the WT table of SBOX 5.
>
> "Yes", you get negative entries, but "no", it's not possible to relate
> negative entries to affine functions and positive ones to linear ones.
>
> :> In any case, Boolean function nonlinearity is defined as a distance,
> :> not a direction. [...] Boolean function nonlinearity is the number
> :> of bits which must change to reach the closest affine function. [...]
>
> : Yeah of course it's a direction, lower negative = affine, higher
> : positive = linear (or is it vice versa?). [...]
>
> Individual entries in the transform do not equate to non-linearity.
>
> Non-linearity can be derived by combining all the entries in the restlting
> WT - and the result's always an unsigned value.
I was wrong, the negative values mean the characteristic is more then
equally probable, zero means it's unbiased, and greater then zero means
it holds less then probable. When we look at the entry of the WT on
sbox5 where we find a "-20" this means that you can form a linear
equation of some bits in sbox 5 that will hold with probability p = 1/2
+ 20/64 or 81.25% of the time.
Is that right?
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://tomstdenis.n3.net/search.html, it's entirely
free
and there are no advertisements.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Sat, 29 Apr 2000 15:16:02 GMT
Tim Tyler wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : John Savard wrote:
> :> >> Tom St Denis wrote:
>
> :> >> > Of course of all the ciphers used since the 70's none of them have yet
> :> >> > been broken.
>
> :> But as to the earlier controversial statement:
> :>
> :> If you mean, starting in 1980, and you don't really mean any cipher
> :> that anyone has _used_ since then, but simply those ciphers that were
> :> generally recognized as secure in that time, you would still have a
> :> problem [snip DES]
>
> :> During the 1970s, there was LUCIFER, which fell to differential
> :> cryptanalysis. And during the 1980s and 1990s, lots of people still
> :> used snake oil.
>
> : What standard is LUCIFER part of? So what? At the same time FEAL was
> : proposed, and broken, so was LOKI89 and a bunch of other ciphers. DES
> : was part of a standard.
>
> You /didn't/ say:
>
> "Of all the ciphers internatially recognised as standard since the
> 70's none of them have yet been broken."
>
> ...you said:
>
> "Of course of all the ciphers used since the 70's none of them have yet
> been broken."
>
> A little criticism of this seems quite appropriate.
Very true, I was hoping that "standardized" ciphers was understood.
My mistake.
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://tomstdenis.n3.net/search.html, it's entirely
free
and there are no advertisements.
------------------------------
From: [EMAIL PROTECTED] (Isaac)
Crossposted-To: talk.politics.crypto
Subject: Re: Intel drops serial number
Date: Sat, 29 Apr 2000 15:23:23 GMT
On 28 Apr 2000 13:38:40 -0600, Vernon Schryver <[EMAIL PROTECTED]> wrote:
>
>Especially since the so called "light" was mostly silly noise from people
>with far few clues than they think they have about their privacy. Only
>kooks, the extremely ignorant, and those with unstated political or other
>axes to grind could have ever claimed that the PIII ID in the chip could
>affect anyone's privacy. There are so many other globally unique computer
>ID's are avaliable and in current use that while the PIII ID would have
>been quite handy, it was not significant. The many WIN32 applications
>that need system serial numbers are already using the ancient 80*86 CPUID
>instruction, the NETBIOS mechanism for getting a LAN MAC address, the
>UuidCreate() library function, one of the other mechanisms, or a
>combination of those and still other techniques.
>
>The nonsense from the Intel salescritters about how the PIII ID would have
>been used in HTTP traffic was even worse than the privacy noise, since
>they could have checked with people with technical clues to see that it
>was silly.
>
Assuming that it was silly, how can you claim that people who thought
they saw privacy concerns were kooks, ignorant or had evil motives while
admitting that Intel claimed that the PIII ID could and should be used
exactly the way the evil, ignorant kooks feared?
There is no question that the PIII ID had the potential for being far
more universal than those other IDs you discuss, and with Intel pushing
the thing certainly had the potential for being more widely used as a
universal ID than those other things. I suggest that people who don't
even see a potential problem lack imagination. For those who think the
potential wasn't real, I simply disagree.
Isaac
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Reply-To: [EMAIL PROTECTED]
Date: Sat, 29 Apr 2000 15:20:35 GMT
Joseph Ashwood <[EMAIL PROTECTED]> wrote:
:> Presumably, if an AES break were used for credit card
:> fraud, word would get out before the losses were serious.
:
: How big do you consider serious? Let's face it, if someone
: is smart enough to break AES, they're gonna be smart enough
: to use that information deceptively.
[snip banking example]
: Of course I'd never do this, I'd come to sci.crypt ask for test
: vectors, and post solutions, giving word of the break before I
: announced details, it would be too critical.
If such a cypher were widely deployed - and then trivially broken - you
may have to wait *years* before announcing details, in order to give
everyone a fair chance to change their systems, if "serious losses" were
to be avoided.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Extending the sboxgen and differential analysis
Date: Sat, 29 Apr 2000 15:51:25 GMT
I am not to-to familiar with differential analysis, so this my seem
stupid... bear with me here.
If I wanted to extend my sboxgen program to test for differential
characteristics... Could I use the following code?
(for n by n boxes)
for x = 0 to n
for y = 0 to n
DT[F(x) xor F(x xor y)] += 1
Where DT is a table with 'n' elements initially set to zero. After this
is complete the table should have a even count in each element of DT.
I.e each element should be equal to 'n'.
Is this even remotely usefull or ontrack? Please answer!!
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Extending the sboxgen and differential analysis
Date: Sat, 29 Apr 2000 16:04:25 GMT
Tom St Denis wrote:
>
> I am not to-to familiar with differential analysis, so this my seem
> stupid... bear with me here.
>
> If I wanted to extend my sboxgen program to test for differential
> characteristics... Could I use the following code?
>
> (for n by n boxes)
> for x = 0 to n
> for y = 0 to n
> DT[F(x) xor F(x xor y)] += 1
Arrg.. that doesn't actually do anything usefull... I changed it to...
if (y == (p[x] xor p[x xor y]))
++DT[y]
For 4x4 sboxes I get 0..6 (as the min/max DT entries) on average...
I think this is too simple though....
Tom
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Vs: Requested: update on aes contest
Date: Sat, 29 Apr 2000 09:38:05 -0600
In article <8ecuiu$73p$[EMAIL PROTECTED]>, "Helger Lipmaa"
<[EMAIL PROTECTED]> wrote:
> Terry Ritter mailto:[EMAIL PROTECTED]:
>
> > That's sort of a self-selecting population, don't you think? Or do
> > you suggest that the result is representative of knowledgeable crypto
> > people everywhere?
> >
> > It sure doesn't represent my views.
> >
> > And voting is irrelevant in Science.
>
> This self-selecting population is actually the only population (may be NSA
> excluded) on this planet who knows ANYTHING about the cipher security.
> I was not present this time, but looking at the results (for example, answer
> to the question "which algorithms definitely SHOULD be selected for the
> standard") I am not surprised at all: I know from personal experience that
> most of the cryptographers and cryptanalysts really think that way.
> Moreover, also I think that way.
>
Government in general treats security like a *party* game, in which the
players do not really respect the need for overall good security, just
that the game requires some passing references to it now and then for
publicity's sake.
It is pathetic that government does not mandate for itself that sensitive
material be kept in an encrypted form, as especially should be done on
losable laptops. When the state of the game is to create an AES, and put
it in the paws of idiotic and egocentric bureaucrats who poo poo good
security as an encumberance, something is amiss. A scientific approach to
security gets beyond smoke and mirrors, a quite fearful alternative for
those who like to use political savvy to twist things to suit themselves.
If NSA is in charge of governmental security, it should make believers out
of the casual opportunists that endanger it from within. Otherwise, AES
is merely a tool that is more apt to be abused that used for the public
good. These people have a problem, or few, richly deserved, I might add.
--
(x)(r)(d)[d][c] [s]<x>[i]<o>[g] <a><n>
------------------------------
Date: Sat, 29 Apr 2000 17:20:39 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Janet and John learn about bits (was Re: Problems with OAP-L3)
Anthony Stephen Szopa wrote:
>
> "Douglas A. Gwyn" wrote:
> >
> > Tom St Denis wrote:
> > > 3) Why perms of 0-9? You waste alot of space that way, why not 0-16 or
> > > 0-255?
> >
> > Yes, that is an obvious question that deserves an answer.
> > I have my own theory as to the *real* answer to that,
> > but let's use this question as a "litmus test" to see
> > whether OAP-L3's author sincerely wants us to understand
> > his system.
>
<snip>
>
> I am not sure if it is in the Help Files but it is in the patent
> application that there is no restriction on number base. Base 16
> could be used. The problem with Base 16 is that there would then be
> 16! possible unique permutations of the hex digits 0 - 15 and current
> pc computers are too slow to take advantage of the greater security
> Base 16 would provide. Also storage requirements may pose a problem,
> etc.
>
[Disclaimer: I'm not a cryptologist.]
I find it surprising that anyone can attempt to defend their
cryptographic technique when they don't understand about
security-in-the-key, or killfiles (Mr Szopa's killfile seems to work
more as a slightly-woundedfile) - but when they don't even understand
about storage requirements, surprise is no longer adequate and, like Mr
Adams, I am forced to resort to astonishment.
Let's deal with the "storage requirements problem" first. And it looks
like we'll have to go back to first principles to do so.
Most modern computers use lots and lots of bits, each of which can store
one of two values, 0 or 1.
A combination of four bits is required, therefore, to store the digits 0
through 9.
0000 - 0 0001 - 1
0010 - 2 0011 - 3
0100 - 4 0101 - 5
0110 - 6 0111 - 7
1000 - 8 1001 - 9
The numbers 0 through 99 can thus be represented in one 8-bit byte.
(Bytes need not be 8 bits, but I see no need to go down that road right
now.) To store a value such as 16304791, then, we need 4 bytes. This
encoding system (or a slight modification of it) is sometimes known as
binary coded decimal.
If we extend our numbering sequence to encompass the hexits A, B, C, D,
E, F to represent 10 through 15 decimal, we can extend our 4-bit table
to include
1010 - A 1011 - B
1100 - C 1101 - D
1110 - E 1111 - F
We can now store values 0 through 255 in one 8-bit byte. Much more
efficient. We can now store 16304791 in hexadecimal as F8CA97, giving a
storage requirement of only 3 bytes.
It is therefore more efficient to store values in base 16 than in base
10. More values can be stored in fewer bytes, because no bits are
wasted.
If your algorithm is such that you need factorial(NUMBER_BASE) bytes or
nybbles of storage, then your claim that you can use any number base is
clearly false. Even using base 10, are you seriously telling me that you
need (either 1.75 or) 3.5 Megabytes of memory or disk space (10! is
actually 3628800), just to /encrypt/ stuff? What planet are you on? In
the real world, we like our utility applications to use less memory than
that. A lot less. Remember that encryption provides no benefits. It only
stops other people reading your stuff. That's not a positive benefit,
just a (perhaps vital) prevention mechanism. Important, but not
something that adds value to an enterprise. So it should be as
unobtrusive as possible. 3 megabytes is not unobtrusive.
Now let's address the other point, that of speed. I have several
computers in my study. The most powerful is a Pentium II/400MHz machine.
Admittedly, it runs Windows NT, but nevertheless it's still pretty
quick.
If we have two cryptography applications, one of which uses its memory
efficiently, runs on my PII/400 at an acceptable speed, and offers me
reliable security, and the other which doesn't use its memory
efficiently, runs on my 400 MHz box at a speed which even its author
says is far too slow, and is based on source code which has not been
published and therefore has not had the chance to be validated by the
cryptographic community - thus making its security untrustworthy - which
application do you think anyone with a brain will buy?
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
34 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (63
to go)
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: sboxes for the bored...
Reply-To: [EMAIL PROTECTED]
Date: Sat, 29 Apr 2000 16:16:13 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : Terry Ritter wrote:
:> :> In sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote:
:> :> >I dunno what he is talking about the walsh transform (taken from "On
:> :> >linear cryptanalysis") will give you a negative when the function is
:> :> >affine, a positive when it's linear and close to zero if it's neither.
:>
:> :> In any case, Boolean function nonlinearity is defined as a distance,
:> :> not a direction. [...] Boolean function nonlinearity is the number
:> :> of bits which must change to reach the closest affine function. [...]
:>
:> : Yeah of course it's a direction, lower negative = affine, higher
:> : positive = linear (or is it vice versa?). [...]
:>
:> Individual entries in the transform do not equate to non-linearity.
:>
:> Non-linearity can be derived by combining all the entries in the restlting
:> WT - and the result's always an unsigned value.
: I was wrong, the negative values mean the characteristic is more then
: equally probable, zero means it's unbiased, and greater then zero means
: it holds less then probable.
0 means that the hamming distance to the corresponding linear function
is /exactly/ what would be expected by chance - i.e. half the bits need to
change to give that particular linear function.
Negative values should be interpreted in a very similar manner to
positive ones.
A negative value means that fewer bits differ than we would expect, and a
positive one means more bits differ.
A negative value means it's closer to the linear function f() under
consideration, and a positive one means its closer to !f() - i.e.
NOT(f()). Since NOT(f()) is /also/ (by most definitions) a linear
function, there's not much difference between them - from the POV of
non-linearity or cryptography, anyway.
: When we look at the entry of the WT on sbox5 where we find a "-20" this
: means that you can form a linear equation of some bits in sbox 5 that
: will hold with probability p = 1/2 + 20/64 or 81.25% of the time.
: Is that right?
I don't /think/ so.
The basic idea that the existence of a single entry with a large magnitude
indicates high linearity seems correct.
Having said this, a thought-experiment with a low non-linearity of 2
(corresponding to an entry of the WT of +/-30) suggests that the best
linear approximation would be good - but not that it would hold almost all
the time across all possible inputs, as your equation appears to suggest.
Note that asking me to derive an equation for p would probably not produce
anything useful ;-/
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: "Monolo" <[EMAIL PROTECTED]>
Subject: Wanting to learn cryptography
Date: Sat, 29 Apr 2000 09:30:57 -0700
I am 15, and wish to learn cryptography, I am the head of my class in math,
love puzzels, questions, and mental and long work. If anyone would be able
to help me please send me an e-mail or reply to this message on the
newsgroup, thanks so very much.
JJ
------------------------------
From: Roger <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Date: Sat, 29 Apr 2000 09:35:08 -0700
Terry Ritter wrote:
> And what, precisely, would be your qualifications to make a legal
> judgment?
I am the Chief Justice of the US writing under a pseudonym.
Sarcasm aside, I am not making a legal judgment. That will
happen after you goto court. I am just telling how the US
legal works. If you want to learn more, trying looking up
laches or equitable estoppel. Eg, for a brief definition, see:
http://www.lectlaw.com/def/l056.htm
------------------------------
From: "Monolo" <[EMAIL PROTECTED]>
Subject: How would a 15 year old start?
Date: Sat, 29 Apr 2000 09:34:42 -0700
As I said, in my pervious post, I would love to learn, I read Tom's post
back to me after I sent it, sorry for the duplication. I was wondering, what
would be the best way to start? Are there any good online resources?
JJ
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Wanting to learn cryptography
Date: Sat, 29 Apr 2000 16:39:00 GMT
Monolo wrote:
>
> I am 15, and wish to learn cryptography, I am the head of my class in math,
> love puzzels, questions, and mental and long work. If anyone would be able
> to help me please send me an e-mail or reply to this message on the
> newsgroup, thanks so very much.
>
> JJ
Ask, we try to answer.
Tom
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: As long as we are asking naive questions...
Date: Sat, 29 Apr 2000 18:48:09 +0200
Guy Macon wrote:
> My extremely limited messing around with crypto has shown me that in
> some systems encrypting twice with the same algorithm and key turns
> the plaintext into itself. My first naive impression of multiple
> encryption with different algorithms and keys would make the attackers
> job much harder. But would it? Could it be that some common elements
> that I don't understand are undoing each other, making the result easier
> to crack rather than harder? I am very wary of deviations from normal
> practices when I am dealing with things that I don't fully understand.
> In many fields the real expert can break the rules because he knows the
> details, but a newbie needs to stich to the rules until he knows which
> ones can be broken under certain conditions.
The one system known to fulfill what you said at the beginning is using xor
to encrpyt. For encrpyting twice with the same key gives the identity
mapping.
It is, I suppose, not difficult to 'construct' plenty of algorithms that do
the same.
If one does multiple encryptions with the same component cipher, like 3DES,
one has to well take care of this possibility. With well-designed component
ciphers of sufficiently different nature, this possibility is likely to be
very low,
though one normally can't (or at least can't easily) prove the 'absolute'
non-existence of that.
I agree that what you said about the use of crypto by common users does
reflect the reality. However, I personally believe that there is no golden
way
out of that dilema. Recently I wrote elsewhere that in my personal opinion
anyone employing crypto is responsible to himself, just like driving a car
or
performing other actions that involve risks. There are experts' help and
aqvices
in all fields, including crypto. Unfortunately, this issue in crypto is
confounded,
I believe, to a comparatively higher degree than in most other scientific
fields
due to the involvement of various 'special interest' groups that aim to
influence
the public's beliefs in ways that suit them. We certainly all know that
there is
lobbying everywhere. However, lobbying is mostly pushed by monetary
interests, e.g. in tabacoo consumption, while in crypto it is pushed
essentially by interests derived from informatin security, with the
particular
interests often lying beyond the direct/official knowledge of the common
people. That's why I believe that experts' opinions in crypto have to be
taken
with a few more grains of salt than experts' opinions in other fields, like
e.g.
pharmacy. (Of course, that's my belief. Others may well believe the
opposite.)
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
