Cryptography-Digest Digest #677, Volume #11 Mon, 1 May 00 11:13:01 EDT
Contents:
Re: Tempest Attacks with EMF Radiation ("matt")
Re: Joystick as RNG (Tom St Denis)
Re: mod function? (Tom St Denis)
Re: mod function? (Richard Parker)
Re: Joystick as RNG (Mok-Kong Shen)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Taneli Huuskonen)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Tim Tyler)
Re: Joystick as RNG (Tim Tyler)
Re: Joystick as RNG (Tom St Denis)
Re: Joystick as RNG (Tom St Denis)
Re: about search and seisure of computers again (jungle)
Re: mod function? (Bob Silverman)
Re: What is the strongest encryption rate so far possible/achived? (Bob Silverman)
Re: S/MIME + Netscape v47 serious problem in symmetric encryption ... (Travis Farral)
Re: How would a 15 year old start? (Bob Silverman)
Re: How would a 15 year old start? (Bob Silverman)
Re: sci.crypt think will be AES? (Paul Koning)
----------------------------------------------------------------------------
From: "matt" <[EMAIL PROTECTED]>
Subject: Re: Tempest Attacks with EMF Radiation
Date: Mon, 1 May 2000 18:43:06 +0800
Hi.
At least according to Markus Kuhn & Ross Anderson, in "Soft Tempest:
Hidden Data Transmission Using Electromagnetic Emanations",
http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf, claimed that some TFT
LCD displays were even clearer than CRT displays.
My 10 cents.
Matt
"JimD" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On 30 Apr 2000 01:33:37 EDT, [EMAIL PROTECTED] (Guy Macon)
wrote:
>
> >In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Ryan
> >Phillips) wrote:
> >>
> >>I made my journey today to a local computer store and came across
a device
> >>called X-ion (www.x-ion.org). They claim that their little stick
on
> >>'modules' will reduce EMF radiation by reversing the ion particles
found in
> >>EMF. Can one place these on their monitor to prevent a tempest
attack?
> >
> >I am an Electrical Engineer who has designed products that passed
tests
> >for Tempest (which was interesting, considering that my security
clearance
> >at the time did not allow me to read the Tempest specification!).
> >
> >The device in question is a fraud, plain and simple. It will not
have
> >any effect on the amount of EMF or the amount of ions in the air.
> >
> >I would be glad to have a brief discussion about more effective
measures,
> >but to do so I need to know what kind of attacker you are trying to
stop.
>
> For my part I just wish the bloody monitor wouldn't interfere with
> the radio.
>
> While we're on the subject: does a TFT screen radiate?
>
> --
> Jim Dunnett.
>
> g4rga at thersgb.net
>
> Londoner? Vote for Ken!!
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Joystick as RNG
Date: Mon, 01 May 2000 10:52:57 GMT
Mok-Kong Shen wrote:
>
> Tom St Denis wrote:
>
> > It's a "gravis-gamepad"... What I do now is take X samples (sample =
> > y_axis xor x_axis) (where X >= 32) and xor them together. With 20,000
> > bits output it passes the ENT tests quite well (except it's off by a
> > percent on the monte carlo).
>
> I believe that it is usually true that xoring groups of bits together improves
> the quality of random bit sequences that are practically available. It would
> be nice to know in case anyone has opposite experiences to that.
If the bits are strongly biased you won't get anything terribly usefull.
I noted that the jrng (joystick-rng) always misses a good monte carlo by
about 1 to 3 %. It passes the 1/0 test and serial correlation. I want
to write a small fips-140 test program for it... will do that later.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: mod function?
Date: Mon, 01 May 2000 10:54:36 GMT
Steve Maughan wrote:
>
> I'm new to cryptology and I've got my first question.
>
> Basically, I've started reading Bruce Schneiders' Applied Cryptography
> and I've been coming across a function which seems to be used a lot
> called "mod". Can anyone explain to me what this function does?
>
> Thanks for any help.
Remainder of division. Did you read the part where he talks about
clock work? I.e two hours past eleven is one? 2 + 11 mod 12 = 1
13 / 11 = 1 R1 = 1*12 + 1
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://tomstdenis.n3.net/search.html, it's entirely
free
and there are no advertisements.
------------------------------
Subject: Re: mod function?
From: Richard Parker <[EMAIL PROTECTED]>
Date: Mon, 01 May 2000 11:06:01 GMT
Steve Maughan <[EMAIL PROTECTED]> wrote:
> Basically, I've started reading Bruce Schneiders' Applied Cryptography
> and I've been coming across a function which seems to be used a lot
> called "mod". Can anyone explain to me what this function does?
The book you are reading, "Applied Cryptography," describes the mod function
and modular arithmetic on pages 242-243.
-Richard
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Joystick as RNG
Date: Mon, 01 May 2000 13:52:52 +0200
Tom St Denis wrote:
>
> If the bits are strongly biased you won't get anything terribly usefull.
>
> I noted that the jrng (joystick-rng) always misses a good monte carlo by
> about 1 to 3 %. It passes the 1/0 test and serial correlation. I want
> to write a small fips-140 test program for it... will do that later.
Sure. Garbage in, garbage out. But assuming you have something
reasonable and want to have some further improvents, grouping a number
of bits thru xor seems to be normally a good idea. Certainly, one has to
do some tests before adopting any schemes in applications. There may
always be surprises, if one is not prudent enough, particularly in crypto.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Taneli Huuskonen)
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: 1 May 2000 14:44:48 +0300
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In <[EMAIL PROTECTED]> Anthony Stephen Szopa
<[EMAIL PROTECTED]> writes:
>Taneli Huuskonen wrote:
[...]
>> 1) Does OAP-L3 Version 5.0 contain a pseudorandom digit generator, each
>> output digit of which is generated from five data items, corresponding
>> to the leftmost five columns of your table, and mine as well?
>>
>> 2) If those five columns of my table were used as input to the
>> pseudorandom digit generator, one row at a time, would it output the
>> digits in the sixth column, except that the digit in the fifth row
>> should be 5?
You didn't answer.
[...]
>You have not proven a case why your machinations have anything to do
>with the security of OAP-L3.
My observation shows that for a large class of keys (those that involve
a non-trivial amount of processing before the generation of the
pseudorandom digit stream) there is a faster attack against OAP-L3 than
brute forcing the whole key. Hence, your "security level" calculations
are wrong. Of course, an attack requiring 10^100 tries is just as
impossible in practice as one requiring 10^1000 tries. In other words,
I know that your "security level" numbers are wrong, but I don't know
whether the mistake has any practical consequences whatsoever.
>So, why don't you first justify why your pathetic approach to show
>that OAP-L3 is insecure in any respect is logically justified and
>worthy of further consideration in light of the above points?
I'm not trying to show that OAP-L3 is insecure, as I don't know that
myself. I'm trying to clarify the assumptions its security depends on.
Taneli Huuskonen
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA/AwUBOQ1uJV+t0CYLfLaVEQIUsQCgqZqzkqmL16JdHx49nA8QIp4XuJgAoPvY
3FmkUqOaDVOH3JZmGv9+j8rd
=NFqW
=====END PGP SIGNATURE=====
--
I don't | All messages will be PGP signed, | Fight for your right to
speak for | encrypted mail preferred. Keys: | use sealed envelopes.
the Uni. | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
------------------------------
Crossposted-To: talk.politics.crypto
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Reply-To: [EMAIL PROTECTED]
Date: Mon, 1 May 2000 11:45:04 GMT
In sci.crypt Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> In sci.crypt Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
:> : Taneli Huuskonen wrote:
:> :TH> No, I didn't. I was careful to distinguish between the pseudorandom
:> :TH> digit generator, which is part of OAP-L3, and the whole of OAP-L3.
:> :TH>The former is definitely insecure. [...]
:>
:> : You are mistaken when you claim that "The former is definitely
:> : insecure."
:>
:> : How can the random digit generator be insecure when its output is not
:> : used to encrypt messages? It is not exactly the same, but the
:> : ridiculousness of your position is just as ridiculous as someone
:> : claiming that a safe is not secure because of the combination: someone
:> : can get in the safe if they have the combination. You want the
:> : combination to the random digit generator once removed (the random digit
:> : output) then claim that it is insecure. Insecure from what? [...]
:>
:> Your question appears to be rather basic.
:>
:> Random number generators do /not/ need to be used for encrypting messages
:> to be insecure - they have numerous other uses.
:>
:> A PRNG is generally considered broken if the seed can be determined from
:> a stretch of its output much more rapidly than through a brute-force
:> search of the seed-space - or if statistical predictions can be made
:> about unseen PRNG output before the period is reached.
:>
:> If the break is such that it can be performed in practice by an attacker,
:> this results in insecurity of the generator.
: We are talking about encryption.
: We ARE talking about secure encryption.
Explicitly, Mr Huuskonen said he was /not/ talking about this.
He wrote: "I was careful to distinguish between the pseudorandom
digit generator, which is part of OAP-L3, and the whole of OAP-L3."
His comments relate to the former.
: If a random number generator is used for a purpose that does
: not require security are you saying that it may somehow be
: insecure for that use?
No - but there are more applications requiring security than sending
messages. It makes perfect sense to discuss the security of a PRNG
if it is /not/ being used to send messages - since there are other
applications of secure RNGs.
IIRC, you originally yourself said that the random digit generator was
intended for use in Monte-carlo simulations and so forth. You didn't
list cryptography as among the intended applications when you presented
the generator.
: T.H. is talking about the random digit generator from which he will
: never obtain any useful input in practice for his supposed method of
: determining the MixFile sequences.
He's not discussing OAP-3. He's saying your PRNG is insecure.
: He cannot answer a question by changing the question or imagining
: another question.
It's you who is changing the question. Mr Huuskonen is saying the
PRNG you presented is insecure. This might not reflect terribly well
on OAP-3 - but it is not the same thing as breaking /that/.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Joystick as RNG
Reply-To: [EMAIL PROTECTED]
Date: Mon, 1 May 2000 11:52:54 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: Another rng idea is to use the input from a joystick. [...]
: Since almost everyone with a x86 PC has a joystick anyways, this may
: be usefull..
: Has this ever been discussed before?
Mine doesn't have a joystick. I expect many PCs in offices will not
either ;-)
It seems to me that use of a joystick is /very/ much like use of a mouse -
though more people have a mouse - and they are more likely to be wiggling
it while operating programs requiring seeds to be generated.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Joystick as RNG
Date: Mon, 01 May 2000 12:04:31 GMT
Mok-Kong Shen wrote:
>
> Tom St Denis wrote:
>
> >
> > If the bits are strongly biased you won't get anything terribly usefull.
> >
> > I noted that the jrng (joystick-rng) always misses a good monte carlo by
> > about 1 to 3 %. It passes the 1/0 test and serial correlation. I want
> > to write a small fips-140 test program for it... will do that later.
>
> Sure. Garbage in, garbage out. But assuming you have something
> reasonable and want to have some further improvents, grouping a number
> of bits thru xor seems to be normally a good idea. Certainly, one has to
> do some tests before adopting any schemes in applications. There may
> always be surprises, if one is not prudent enough, particularly in crypto.
>
> M. K. Shen
Well I wouldn't use this for crypto, it's just a neat experiment. I
extended the rng to throw out equal adjacent bits, it's much slower but
does a bit better.
More testing....
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Joystick as RNG
Date: Mon, 01 May 2000 12:05:47 GMT
Tim Tyler wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> : Another rng idea is to use the input from a joystick. [...]
>
> : Since almost everyone with a x86 PC has a joystick anyways, this may
> : be usefull..
>
> : Has this ever been discussed before?
>
> Mine doesn't have a joystick. I expect many PCs in offices will not
> either ;-)
They should. At any rate it's just an experiment.
> It seems to me that use of a joystick is /very/ much like use of a mouse -
> though more people have a mouse - and they are more likely to be wiggling
> it while operating programs requiring seeds to be generated.
How do you do that? Xor the x/y position together and take the result
mod 2? Will try that.
Tom
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy.anon-server,alt.privacy
Subject: Re: about search and seisure of computers again
Date: Mon, 01 May 2000 08:18:12 -0400
can you provide publicly available & US court documented facts that would
support your writing ?
"Albert P. Belle Isle" wrote:
> Due to the inordinate amount of nonsense posted on the subject of
> magnetic data remanence countermeasures, including spam about
> "military overwriting" from people who've never been near a MIL-SPEC,
> let alone had an EBI or SBI security clearance, I've added a few
> paragraphs of a summary nature which I hope may be helpful:
it would be helpful to provide documented information instead ...
from what you are writing, it's look to me that providing numerous number of
fully documented facts will be "child ply" for you ...
> Forensic disk data recovery attacks attempt to read "deleted" (or
> inadequately overwritten) magnetically stored data on your disk either
..............................
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: mod function?
Date: Mon, 01 May 2000 14:07:51 GMT
In article <[EMAIL PROTECTED]>,
Richard Parker <[EMAIL PROTECTED]> wrote:
> Steve Maughan <[EMAIL PROTECTED]> wrote:
> > Basically, I've started reading Bruce Schneiders' Applied
Cryptography
> > and I've been coming across a function which seems to be used a lot
> > called "mod". Can anyone explain to me what this function does?
>
> The book you are reading, "Applied Cryptography," describes the mod
function
> and modular arithmetic on pages 242-243.
I sure hope not.
On a computer, 'mod' can indeed be viewed as a function.
Within the more general context of cryptography, 'mod' is most
definitely NOT a function. It is an equivalence relation within a
set.
A set S = {x1, x2, x3, ......} is said to be an equivalence
relation mod n, for n, x_i \in Z if (x_i - x_j) is divisible by n
for all x_i \in S.
In other words, x_i = x_j mod n for all i,j if (x_i - x_j) is
divisible by n. x_i and x_j are said to be congruent mod n.
example. 3 = 10 = 17 = 24 = 31 = .... mod 7.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: What is the strongest encryption rate so far possible/achived?
Date: Mon, 01 May 2000 14:13:14 GMT
In article <[EMAIL PROTECTED]>,
"Monolo" <[EMAIL PROTECTED]> wrote:
> Just curious? Anyone know?
>
> JJ
No offense, but the question is meaningless gibberish.
One can asked for the *fastest* rate of encryption, or one can
ask for the most difficult to break encryption, but "strongest rate"
is nonsense.
And one can not answer either question I mentioned without further
constraints. A simple exclusive or stream cipher is probably the
fastest possible, but it isn't very secure. Without an idea of the
tradeoffs *you* are willing to make in trading speed for security,
the question you ask or imply can not be answered.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Travis Farral <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss
Subject: Re: S/MIME + Netscape v47 serious problem in symmetric encryption ...
Date: Mon, 01 May 2000 09:30:49 -0500
It just seems odd that the issue seems to exist in both the Outlook & Netscape mail
clients. Two other people I know of experience the same issue with Outlook. So far I
don't know anyone who has actually been able to produce a verified 128 bit encrypted
mail
using digital certificates. I simply stuck with PGP and quit using the Verisign method
as I was unsure what was happening behind the scenes.
Anyway, it would be interesting to find out why it keeps reporting only 40-bit
encryption.
-Travis
jungle wrote:
> user error [ my error ] ? NO ...
> windows error ? the certificate is handled by Netscape & not by win95 ... in my
> understanding ...
>
> Travis Farral wrote:
> >
> > I have seen both of these examples as well using Outlook Express 5.00 w/128 bit
> > security and a Verisign digital certificate on Windows 2000 Professional. Outlook
> > 2000 appears to perform the same on the same machine with the same certificate. Is
> > this a problem with Windows and not necessarily with the mail clients? Or is it
> > simply user error and something isn't set right? I beat my head over this several
> > weeks ago and finally gave into the fact that whatever encryption method you set it
> > for isn't necessarily what you will get.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: How would a 15 year old start?
Date: Mon, 01 May 2000 14:22:15 GMT
In article <[EMAIL PROTECTED]>,
Andy Dingley <[EMAIL PROTECTED]> wrote:
> David A Molnar <[EMAIL PROTECTED]> a écrit :
>
> >Another thing to consider -- if you have the opportunity to take a
course
> >in computer science, you might want to do that and then work in some
kind
> >of cryptography.
>
> It's a rather arbitrary (and probably pointless) question, I'll grant,
> but as "career advice to the dedicated cryptologist" would you
> recommend comp sci ?
>
> Like many software geeks (non-crypto), I trained as a physicist. In
> the last decades I've only twice felt a lack of comp sci background,
> and they were minor. OTOH, the serious crypto people I work with all
> have a maths degree (and doctorate) behind them, not comp sci. Any
> practical crypto work need both, but the maths seems to be far more
> sophisticated than the code
YES!!
The right way to start is by acquiring the BACKGROUND needed to learn
the cryptography. And for this you need to learn some elementary
number theory, combinatorics, probability theory, and elementary
abstract algebra.
You can't learn ANY subject without the right tools.
Look at this another way: suppose the original poster had asked
"How do I learn quantum mechanics?". The answer would be "learn the
math behind it first". The same applies here. Anyone who believes
otherwise is fooling themselves. You can't learn crypto without the
math. All you can do is hack crypto code without understanding....
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: How would a 15 year old start?
Date: Mon, 01 May 2000 14:28:22 GMT
In article <[EMAIL PROTECTED]>,
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote:
> It may be useful to reinspect your experience categorizing it with
respect to
> symmetric versus asymmetric crypto. Asymmetric crypto is based on
relatively
> esoteric mathematics (number theory). Symmetric crypto does not have
the same
> level of prerequisite background in theoretical mathematics.
This is a gross (but seemingly widely held) misconception.
You may believe you can learn about symmetric cryptography without
the math, but you are fooling yourself. All you can be is a tinkerer.
Your statement is totally wrong. You can not begin to understand modern
cryptanalytic techniques of symmetric ciphers without a strong
grounding in linear algebra, probability theory and combinatorics.
(look at the math behind linear and differential cryptanalysis).
Another example: try PROVING that RC6 is a Feistel Cipher without
basic number theory.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Date: Mon, 01 May 2000 11:02:54 -0400
Bryan Olson wrote:
>
> Paul Koning wrote:
> > Bryan Olson wrote:
> > >
> > > Richard Parker wrote:
> > > >...
> > > I don't think that's a threat. If they _deliberately_
> > > frustrate NIST's attempt to avoid inflicting damages, even
> > > by keeping quiet, then they've operated in bad faith and are
> > > not entitled to collect on the damages.
> >
> > That isn't the whole story, assuming it is even
> > accurate at all, which I doubt.
> >
> > It is entirely possible that patent holders would not
> > be aware of the requests by NIST.
>
> Well sure. If you change the premises my conclusions
> will not follow. The situation quoted clearly indicates
> a deliberate decision, motivated by the desire to
> incur actionable damages.
Right. But you clipped the second half of my comment,
where I talked about pending patents. It is perfectly
reasonable for an inventor to remain *deliberately* silent
about pending patents.
So I did not change the premises and yet did give an
example where your conclusion does not follow.
paul
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
