Cryptography-Digest Digest #671, Volume #11 Sun, 30 Apr 00 13:13:01 EDT
Contents:
Re: Janet and John learn about killfiles (was Re: Problems with OAP-L3) (Richard
Heathfield)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Tim Tyler)
Re: Janet and John learn about bits (was Re: Problems with OAP-L3) (Richard
Heathfield)
VCRPlus, Showview, Videoplus (Gerhard Zelczak)
Re: How would a 15 year old start? ("Trevor L. Jackson, III")
Re: How would a 15 year old start? (David A Molnar)
Re: How would a 15 year old start? (David A Molnar)
Re: OAP-L3: Secure, but WAY more dificult to use than other (Richard
Heathfield)
Re: Tempest Attacks with EMF Radiation ("Trevor L. Jackson, III")
Re: Of Mountains and Molehills (wtshaw)
Re: Tempest Attacks with EMF Radiation (Mok-Kong Shen)
Re: U-571 movie (Joaquim Southby)
Re: Tempest Attacks with EMF Radiation (Guy Macon)
(update) sboxgen and differences (Tom St Denis)
----------------------------------------------------------------------------
Date: Sun, 30 Apr 2000 16:22:31 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: Janet and John learn about killfiles (was Re: Problems with OAP-L3)
Anthony Stephen Szopa wrote:
>
> Richard Heathfield wrote:
>
> > Tom St Denis wrote:
<snip>
> >
> > > Mr Szopa has some thinking todo about making his algorithm(s) not only
> > > public but efficient.
> >
> > Possibly, but that's not his main problem. He has some really serious
> > thinking to do about his ability to deal with fellow professionals in a
> > professional way. It seems that anyone who dares take issue with him is
> > instantly killfiled - in a mysterious and magical process which allows
> > Mr Szopa to read their posts anyway, presumably so that he can killfile
> > them again, and again, and again.
> >
> > When he learns to talk to grown-ups as if they are grown-ups, I suspect
> > he can look forward to some excellent help from the heavyweight computer
> > scientists in this newsgroup (Doug Gwyn and so on) in making his
> > algorithm efficient.
> >
>
> You are not just storing a number. You are storing a permutation array
> because you need to be able to access each element of the
> permutation to access any digit of the permutation stored there
> when you run the processes.
When you've publicised your algorithm and the source code to at least
one implementation of it, perhaps these issues can be addressed.
>
> Do you still think you know as much about what you are talking
> about as you thought?
Whilst I have my own little area of expertise (such as it is) in another
field, I make no claim to be a cryptographer. You, however, are making
such a claim. Up to now, I have seen *evidence* that you know what
you're talking about, but no *proof* (you do know the difference,
right?) of such expertise.
> Maybe you need to think about the implications of what I just said.
Maybe you need to think about the implications of adopting a stupidly
bullish attitude to those who are trying to help you by asking for your
algorithm to be fully published so that it can be cryptanalysed by those
who do, in fact, know what they're talking about.
Your inability to understand:
(1) the importance of publishing your algorithm
(2) how to behave civilly toward your peers
(3) what killfiles are for
has severely diminished your credibility in this newsgroup.
My criticism of your credibility, of course, calls my own credibility
into question, but that's easy to deal with. I am not a cryptographer. I
am not a cryptanalyst. I don't claim to be either. I have a passing
interest in these matters, though, which is why I read this newsgroup. I
don't post here very often - certainly not as often as you - but when I
do post, it's usually in a quest to learn new information, and
occasionally to share what little information I have. I am not trying to
defend a commercial snake-oil security application, and I make a special
point of according due respect not only to those who clearly deserve it
(such as Doug Gwyn, who I happen to know is a clueful guy - although I
doubt he'd think the same of me) but also to those who have not yet
provided evidence of cluelessness.
Your own cluelessness, however, is not in doubt.
Because you are clueless, I'd like to explain to you what a killfile is,
before I add you to mine.
The idea of a killfile (sometimes called a message filter) is that you
give to your newsreading software (or, if you wish, email client
software) a rule for identifying articles you never want to see. For
example, you might wish not to see anything more of a particular thread
of which you have become tired, or you might wish never to see another
article by, say, Anthony Stephen Szopa, because you've decided that he's
completely bogus.
In Netscape, I use Edit/Message Filters... to bring up a dialog box.
Then I click on the New... button, and add the following information:
Filter name: AnthonyStephenSzopa
sender|subject: sender
contains|is|begins with|ends with: is
(filter field) : Anthony Stephen Szopa
then delete|mark read|ignore thread|watch thread : delete
Description : Bogus snake-oil salesman
then just click OK.
And I'll never see another posting from you again.
Which part of that don't you understand?
*plonk*
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
34 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (63
to go)
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Reply-To: [EMAIL PROTECTED]
Date: Sun, 30 Apr 2000 15:15:59 GMT
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> In sci.crypt James Felling <[EMAIL PROTECTED]> wrote:
:> : [...] No algorithim is bias free that is a fact of life.
:> : (Please review your information theory) -- all algorithims produce
:> : output with SOME bias -- the goal is to minimise this bias. The fact
:> : that you claim "no bias" seems to me to indicate that you have a
:> : flawed understanding og the way that things work.
:>
:> "Bias" is a technical term with a definition that implies that it can
:> be rather easy to generate streams with *absolutely* no bias.
:>
:> Perhaps you should say what you mean by this term if your definition
:> differs - if, say, you're using it as something like a synonym for
:> "deviations from randomness".
: Even true random processes have significant bias over relatively
: short runs. [...]
"Significant" has a statistical meaning. For short runs any conclusion is
less significant - simply because there are less data points involved.
I'd say even fairly ordered sequenes can't exhibit significant
deviations from randomness if the sequence is short enough.
: The longer the run the less the bias. The bias may never disappear
: but it will most certainly shift. The problem is identifying this bias.
Again, what do you mean by "bias"? According to one fairly orthodox use
of the term, "012345678901234567890123456789" is a stream of 30 digits
that displays zero bias - since it contains each individual digit with
equal frequency. Are you using bias refer to *any* deviations from
randomness?
: OAP-L3 produces the same sort of output as a true random process
: once the key reaches sufficient length, this length being, in part,
: the point where brute force attack becomes infeasible.
Really? Do you /know/ that - or is it your opinion? It seems to me
any RNG algorithm has to face the possibility of being distinguished
from a random stream by an attacker in a reasonable quantity of time.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
Date: Sun, 30 Apr 2000 16:25:13 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: Janet and John learn about bits (was Re: Problems with OAP-L3)
Anthony Stephen Szopa wrote:
>
> Richard Heathfield wrote:
> >
> > [Disclaimer: I'm not a cryptologist.]
> >
> > I find it surprising that anyone can attempt to defend their
> > cryptographic technique when they don't understand about
> > security-in-the-key, or killfiles (Mr Szopa's killfile seems to work
> > more as a slightly-woundedfile) - but when they don't even understand
> > about storage requirements, surprise is no longer adequate and, like Mr
> > Adams, I am forced to resort to astonishment.
> >
>
> It is clear you do not undersand the software adequately.
I don't claim to, and I don't need to. It's sufficient to know that
others here who could understand it, given the opportunity, have been
denied that opportunity by your fear of releasing sufficient information
to enable them to form a sensible judgement.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
34 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (63
to go)
------------------------------
From: [EMAIL PROTECTED] (Gerhard Zelczak)
Subject: VCRPlus, Showview, Videoplus
Date: Sun, 30 Apr 2000 15:23:49 GMT
If you're interested in the algorithm for these coding systems you might
consider visiting my website:
www.zelczak.com/vcrplus (VCRPlus informations in English)
or
www.zelczak.com/showview (more complete informations in German about all three
systems with a stress on Showview)
Gerhard Zelczak
------------------------------
Date: Sun, 30 Apr 2000 11:38:56 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: How would a 15 year old start?
Andy Dingley wrote:
> David A Molnar <[EMAIL PROTECTED]> a écrit :
>
> >Another thing to consider -- if you have the opportunity to take a course
> >in computer science, you might want to do that and then work in some kind
> >of cryptography.
>
> It's a rather arbitrary (and probably pointless) question, I'll grant,
> but as "career advice to the dedicated cryptologist" would you
> recommend comp sci ?
>
> Like many software geeks (non-crypto), I trained as a physicist. In
> the last decades I've only twice felt a lack of comp sci background,
> and they were minor. OTOH, the serious crypto people I work with all
> have a maths degree (and doctorate) behind them, not comp sci. Any
> practical crypto work need both, but the maths seems to be far more
> sophisticated than the code (i.e I can read their code, but I can't
> read their papers on elliptic curve functions).
>
> Is this just a perspective effect, from my more code-familiar
> viewpoint, or is crypto really a field where the basis of mathematical
> training is essential and the coding ability an afterthought ?
It may be useful to reinspect your experience categorizing it with respect to
symmetric versus asymmetric crypto. Asymmetric crypto is based on relatively
esoteric mathematics (number theory). Symmetric crypto does not have the same
level of prerequisite background in theoretical mathematics. Of course all
crypto is math intensive, but no more so than any other field of applied
mathematics.
Naturally, all of the professional (serious) cryptologists must be able to
handle asymmetric crypto because that's where the "action" has been for the
last ~20 years. The AES selection contest is a departure from the prevailing
focus on asymmetric crypto, but I doubt the AES result will be considered a
breakthrough in the sense of research results.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: How would a 15 year old start?
Date: 30 Apr 2000 15:19:28 GMT
Andy Dingley <[EMAIL PROTECTED]> wrote:
> David A Molnar <[EMAIL PROTECTED]> a écrit :
>>Another thing to consider -- if you have the opportunity to take a course
>>in computer science, you might want to do that and then work in some kind
>>of cryptography.
> It's a rather arbitrary (and probably pointless) question, I'll grant,
> but as "career advice to the dedicated cryptologist" would you
> recommend comp sci ?
First I should disclaim all credentials or ability to answer this
question. I'm an *undergrad*. I'm giving advice in this thread because I
started out in a very similar situation to that of the original poster. I
stand by that advice...but no way can I give "career advice to the
dedicated cryptologist" !
That being said...
> Like many software geeks (non-crypto), I trained as a physicist. In
> the last decades I've only twice felt a lack of comp sci background,
> and they were minor.
What do you consider a comp sci background?
In my case, I tend to lump such mathematical topics as
computational complexity theory (with the associated notion of
reduction), algorithm analysis, randomized algorithms, probabilistic
analysis of pretty much anything, and in fact everything else in Cormen,
Leiserson, and Rivest into "computer science." This may be because these
topics are taught in the computer science department here, and not by
math. All of these topics are helpful in cryptography.
> OTOH, the serious crypto people I work with all
> have a maths degree (and doctorate) behind them, not comp sci. Any
> practical crypto work need both, but the maths seems to be far more
> sophisticated than the code (i.e I can read their code, but I can't
> read their papers on elliptic curve functions).
The math certainly *is* sophisticated. Daunting, even. I'm taking math
classes in order to make it less daunting. I'm a computer science major,
however, because I want to have a very good idea of what to do with the
math once I've finished learning it. Plus I suspect I'm not enough of a
mathematician to be a math major.
In what kind of crypto do you work? elliptic curve type systems (from the
last sentence) ?
> Is this just a perspective effect, from my more code-familiar
> viewpoint, or is crypto really a field where the basis of mathematical
> training is essential and the coding ability an afterthought ?
Note that this is a different question than "does crypto need computer
science?" since computer science is a superset of just coding.
I think the answer to either question depends on what kind of crypto
you're doing...but at this point I'll defer to people who actually have
more experience.
Thanks,
-David
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: How would a 15 year old start?
Date: 30 Apr 2000 15:22:42 GMT
Andy Dingley <[EMAIL PROTECTED]> wrote:
> about crypto. If you don't know some of the background from outside
> sources, then AppC is going to be an awfully dry read.
OK -- another recommendation : find and download a copy of Pretty Good
Privacy. Read the documentation. and start using it!
http://web.mit.edu/network/pgp.html
After a while, you might want to know how it works...
Thanks,
-David
------------------------------
Date: Sun, 30 Apr 2000 16:34:28 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Secure, but WAY more dificult to use than other
Anthony Stephen Szopa wrote:
>
> You are better off ignoring the OAP-L3 encryption software package
> along with its Help Files.
Thank you for admitting it at last.
> You need at least average intelligence to understand it.
Ah, childish personal attacks. I expected nothing less from you.
It's undoubtedly true, of course, that "at least average intelligence"
is a requirement, and I flatter myself that I meet that requirement, but
it is equally true that this is not the only requirement. What is also
necessary is (a) a solid grounding in cryptography (which I lack, but
which others here possess in abundance) and (b) access to the full
algorithm and the source code of at least one implementation (which
appears to be completely unavailable).
> Interesting how difficult OAP-L3 is proving for most of those in this news group.
Not surprising, and here's why: Here's some ciphertext. Please decrypt
it.
hugiofs7hfgjkdstgy879wyti4ahufk4hi8cvesvh48hfa489ilfhueiflh4asweufh4893hyf349wahf84iolfh84a39;ht12397y14y234qhrkeaw&^7843ujrt435rh98yrt347h
Finished yet? Of course not. You'd need at least average intelligence to
do that. You'd also need the algorithm that was used to encrypt it. Duh.
>
> You would laugh your ass off if you only knew how many people in
> this news group have been spending serious time contemplating the
> OAP-L3 theory and its security.
I have indeed been laughing. I counted the number of people who are
treating you seriously. I needed to use all the fingers on neither hand.
> It is just too intriguing to ignore for the true enthusiast or the professional.
Not really.
> It is just too valuable for anyone seeking truly unbreakable encryption to ignore as
>well.
Not really.
> My reputation? What better way to establish one's reputation than
> one's work. All other considerations are secondary: and a distant
> secondary at that.
Your work is worthless because you won't provide the necessary
information to allow others to validate it.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
34 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (63
to go)
------------------------------
Date: Sun, 30 Apr 2000 11:54:49 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Tempest Attacks with EMF Radiation
Ryan Phillips wrote:
> I made my journey today to a local computer store and came across a device
> called X-ion (www.x-ion.org). They claim that their little stick on
> 'modules' will reduce EMF radiation by reversing the ion particles found in
> EMF. Can one place these on their monitor to prevent a tempest attack?
I think you'll be able to answer the question you posed when you consider the
nature of ions and of EMF radiation. EMF stands for ElectroMotive Force. Thus
the type of radiation is electromagnetic and the spectrum includes radio,
infrared, visible light, ultraviolet, X-ray, and gamma ray radiation. Such
radiation consists of electrical and magnetic fields -- energy.
Ions are atoms that have gained or lost an electron -- they are matter, not
energy
Since electromagnetic (EM) radiation (energy) contains no ions (matter),
reversing the non-existent ions is impossible.
On a more sensible basis, EM radiation is supposed to produce "bad" ions
(positive charge). The device in question is supposed to produce "good" ions
(negative charge) that will attract and neutralize the "bad" ions. Nowhere in
this process will you find any significant effect on the EM radiation. It
happily proceeds outward informing all and sundry.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Of Mountains and Molehills
Date: Sun, 30 Apr 2000 09:26:05 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
>
> > One approach is to use a simple set of those characters you actually need.
> > If you can predict this need, that is preferable, but we do like to be
> > spoiled a little, know no limitations and the like. As plaintext goes, 22
> > characters or less might be usable, whereas 27 is the minimum for
> > non-butchered spellings for English.
> >
> > Using key multiplexing, appropriate coding, I have demonstrated effective
> > use of base 18, for example, where many little capability is lost in
> > normal text passages.
>
> I admit that haven't fully understood what you wrote. But couldn't one do
> something similar to the 5 channel code of the old days and use only 4 bits
> since only lower case characters are needed? 4 bits provides a symbol space
> of only 16. However, defining a switching symbol to switch between two
> subsets of symbols one could code the normal English alphabet. If one use
> a pair of switching symbols, then the symbol space could be greatly expanded.
>
Of course you can, to any base, except for a true two. Interresting that
you mentioned 5 channels, but that is just base 32. I've considered doing
a faithful representation of such code, but the original included
characters for eighths for quoting stocks. It is from nineteenth century
stock tickers that computer coding directly springs.
As simple switching mechanisms, you can use hard selection, or momentary
selection...I have done both. It makes sense for text that lowercase is
the solid default. If absolute coding is used, it is unforgiving,
something which early techniques had to overcome. Commuication strings
should lead home after coding errors, like a horse turned loose by
mistake.
In coding, we return to telegraphic, which is base 3. And, so much is
built on them. In the current ACA Cryptogram is a discussion of solving
one variety of telegraphic based encryption in which allowed characters is
the goal. It is similiar that such a strategy would likely be used to
find a code passage as base 18, 37, 49, etc., when the characters are
clearly from something else.
--
Laughter is often the most pleasing result of successful analysis.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Tempest Attacks with EMF Radiation
Date: Sun, 30 Apr 2000 18:27:02 +0200
Ryan Phillips wrote:
> I made my journey today to a local computer store and came across a device
> called X-ion (www.x-ion.org). They claim that their little stick on
> 'modules' will reduce EMF radiation by reversing the ion particles found in
> EMF. Can one place these on their monitor to prevent a tempest attack?
My hardware knowledge is almost null. I conjecture, however,
that the article 'Wanna jam it?' in NewScientist, 22 April,
p.11, may be of some interest to you though it seems to be only indirectly
related to your issue.
M. K. Shen
============================
P.S.
Off-topic for the group: The same issue of NewScientist also
contains a number of interesting articles on creationism.
Marginally on-topic: Let's hope that no fundamentalists
would step into the scientific field of crypto, lest there
would be a holy cipher and all other algorithms would be
condemned to the eternal fire of the hell.
------------------------------
From: Joaquim Southby <[EMAIL PROTECTED]>
Subject: Re: U-571 movie
Date: 30 Apr 2000 16:31:20 GMT
In article <SCJO4.548$[EMAIL PROTECTED]> Stou
Sandalski, tangui [EMAIL PROTECTED] writes:
>That was a rhetorical question...
>
>Stou
>
You should have posted it in alt.rhetorical then.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Tempest Attacks with EMF Radiation
Date: 30 Apr 2000 13:07:48 EDT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Trevor L. Jackson, III) wrote:
>On a more sensible basis, EM radiation is supposed to produce "bad" ions
>(positive charge). The device in question is supposed to produce "good"
>ions (negative charge) that will attract and neutralize the "bad" ions.
Even this is suspect. The theory is that, because waterfalls put out a lot
of negative ions and waterfalls are relaxing, (combined with the fact that
hot, dry, dusty winds put out a lot of positive ions and are annoying),
that negative ions are good and positive ions bad. Alas for this theory,
ocean surf puts out lots of positive ions, and people find it relaxing.
Generating one sort of ion in a closed room tends to precipitate out dust,
which is a nice thing to do. Generating a balanced stream of both kinds
reduces static charge, which is why such generators are used in the
manufacture of electronic chips.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: (update) sboxgen and differences
Date: Sun, 30 Apr 2000 17:08:10 GMT
Ok after muddling with my code a bunch I came up with
for (dp = x = 0; x < n; x++)
for (y = 1; y < n2; y++)
if (y == (p[x] ^ p[x ^ y]))
++dp;
Where p[] is the sbox I am testing, n is the size of the input (i.e 256
for 8 bit inputs) and n2 is the size of the output.
Basically I am trying to count the amount of times an input
xor-difference is exhibited in the output. For most sboxes I get 256 +-
50.
Questions:
1) Am I understanding how to make a flat xor profile properly? I am
thinking 'dp' values of around 'n' is what you want, which means for
example in a 8x8 sbox you have a 1/256 chance of having an input xor
being exhibited in the output.
I would seriously appreciate more comments, suggestions and ideas. The
full source code can be found at http://24.42.86.123/sboxgen.c
Thanks,
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
