Cryptography-Digest Digest #697, Volume #11 Wed, 3 May 00 15:13:01 EDT
Contents:
Re: Deciphering Playfair (long) (Jim Gillogly)
Re: GPS encryption turned off (Doug Stell)
OT: See film at 11. (Was: Command Line Cypher?) (William Rowden)
Re: Command Line Cypher? (Mike Rosing)
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net" (JimD)
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net" (JimD)
Re: about search and seisure of computers again (JimD)
How Extend RMI Security System to handle Delegation (WTNJS)
Re: Different encryption results in Java/Perl ("Erik Chow")
Re: Any good attorneys? (Jim Gillogly)
Re: A naive question (Mok-Kong Shen)
Re: Any good attorneys? (Mok-Kong Shen)
Re: Any good attorneys? (Mok-Kong Shen)
Re: A naive question (Mok-Kong Shen)
Re: A naive question (Mok-Kong Shen)
Re: .KGB crypted files ("Stou Sandalski")
Re: factor large composite (Diet NSA)
Re: A naive question (Jim Gillogly)
----------------------------------------------------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Deciphering Playfair (long)
Date: Wed, 03 May 2000 17:28:28 +0000
Michael Jarrells wrote:
> Message 1:
> Ciphertext: EBCAYLVPUTALOQDPRMQV
> Plaintext: FLOWERSANDVEGETABLES
> Message 2:
> Ciphertext:
> FWFUIVGXVCZOWZYLEOXPIAPDUGNMLOAYXNQLQLTDNLYWXTOWXLYFVOUTZIAYEYWIYQOLYQV
> Partial Given Playfair: EQ?????BR????XK?P?D????U?
>
> Let me know if you can get this to work for both messages. I did not.
I see the problem. The same key does indeed work for both messages, but
there are garbles in the second message. Garbles in general can make it
very difficult to solve a cipher, and it's certainly not the first thing
you think of when attacking one. Here's the repaired second cipher -- try
your attack on this one:
old: FWFUIVGXVCZOWZYLEOXPIAPDUGNMLOAYXNQLQLTDNLYWXTOWXLYFVOUTZIAYEYWIYQOLYQV
new: FWFUVIGXVCOZWZYLEOXPIAPDUGNMLOAYXNQLAQLTDNLYWXTOWXLYFVOUTZIAYEYWITQOLYQV
** *
Good luck...
--
Jim Gillogly
Sterday, 13 Thrimidge S.R. 2000, 17:25
12.19.7.3.3, 2 Akbal 6 Uo, Ninth Lord of Night
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: GPS encryption turned off
Date: Wed, 03 May 2000 17:14:01 GMT
On 2 May 2000 20:45:07 GMT, [EMAIL PROTECTED] (Paul Rubin) wrote:
>The P/Y signal's accuracy is classified but is probably about 5-7
>meters. The signal is for military use only, and is encrypted, and is
>still encrypted and (mostly) unuseable by civilians and this is not
>intended to change. Since this is sci.crypt, I'll mention that I've
>heard that the encryption is some 1960's-vintage shift-register-based
>stream cipher; and what's worse, the keystream runs at 1/5th the
>symbol rate of the data stream, kind of like re-using a one-time pad.
>If that's true, decrypting the P code would make a fun cryptanalysis
>project for someone.
That's not the algorithm I've seen. Also, those vintage algorithms can
be very strong.
Also, they are trying to phase out the current encryption scheme and
go to a new one that is ultra-secure and ultra-secret. Not even the
GPS manufacturer or trusted manufacturer of crypto equipment is
allowed to know what it uses. It also supports Over The Air Rekey. The
idea is that some GI could leave his GPS receiver in a bar somewhere
and it will be useless in a very short time.
On 3 May 2000 16:20:39 GMT, [EMAIL PROTECTED] (Paul Rubin) wrote:
>It is only trivial to turn on and off in the sense that it's done
>(figuratively) by flipping a switch. It was very difficult
>politically to turn it off, and I think it will be politically
>impossible to turn it back on, once enough civilian services depend on
>it.
This is a very good and true point. Just imagine a commercial airliner
crashing into the terminal, because it had been turned back on and the
pilot wan't told.
------------------------------
From: [EMAIL PROTECTED] (William Rowden)
Subject: OT: See film at 11. (Was: Command Line Cypher?)
Date: 3 May 2000 17:47:02 GMT
In article <[EMAIL PROTECTED]>,
Runu Knips <[EMAIL PROTECTED]> wrote:
>Richard Heathfield schrieb:
>> Runu Knips wrote:
>> > "Michael J. Fromberger" schrieb:
>> > > In <8eieht$550$[EMAIL PROTECTED]> "Jimmy"
>> > > <[EMAIL PROTECTED]> writes:
>> > > >Thanks... the ole XOR encryption... yeah thats pretty secure :)
>> > > No! That's not XOR encryption. XOR is totally weak compared to this.
>> > > Whereas XOR flips only those bits which correspond to set bits in the
>> > > key, this cipher flips ALL the bits of the input! Talk about an
>> > > avalanche effect! ;)
>> > Avalanche ? Avalance of what ? Stupidity ?
>> Death of humour predicted. Film at 11.
>Hmm I know I've forgotten the ';-)' after my statement. However,
>I've no idea what 'Film at 11' could mean... (no I'm not a native
>english speaker).
In the U.S., news was typically on television at 11 PM. Stations
would provide short advertisements for the news to follow that
evening, often containing simply a headline and a promise of "details
at 11." (The original posts contain the typically British spellings
of "cypher" and "humour",--which I am continuing despite my
georgraphic location--so perhaps this is true elsewhere as well.)
You could interpret "Death of humour predicted...." to mean that the
comment "...Avalanche of what? Stupidity?" appeared to end a humourous
thread by taking it too seriously.
If that's the case, I've now buried the dead humour with this serious
reply.
--
-William
PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2000-08-01
Fingerprint: FB4B E2CD 25AF 95E5 ADBB DA28 379D 47DB 599E 0B1A
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Command Line Cypher?
Date: Wed, 03 May 2000 11:50:24 -0500
Runu Knips wrote:
>
> Richard Heathfield schrieb:
> > Runu Knips wrote:
> > > "Michael J. Fromberger" schrieb:
> > > > In <8eieht$550$[EMAIL PROTECTED]> "Jimmy" <[EMAIL PROTECTED]> writes:
> > > > >Thanks... the ole XOR encryption... yeah thats pretty secure :)
> > > > No! That's not XOR encryption. XOR is totally weak compared to this.
> > > > Whereas XOR flips only those bits which correspond to set bits in the
> > > > key, this cipher flips ALL the bits of the input! Talk about an
> > > > avalanche effect! ;)
> > > Avalanche ? Avalance of what ? Stupidity ?
> > Death of humour predicted. Film at 11.
>
> Hmm I know I've forgotten the ';-)' after my statement. However,
> I've no idea what 'Film at 11' could mean... (no I'm not a native
> english speaker).
It's a reference to the way news is advertised in the US. "Film"
is now video, but it's the same idea, a story on TV that's idiotic.
I see a smiley in the above quote, so you're safe :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (JimD)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Reply-To: JimD
Date: Wed, 03 May 2000 16:54:00 GMT
On Wed, 3 May 2000 01:41:24 +0100, "Garry Anderson" <[EMAIL PROTECTED]>
wrote:
>JimD <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> On Mon, 01 May 2000 20:06:12 GMT, [EMAIL PROTECTED] (Dan Day) wrote:
>>
>> >On Sun, 30 Apr 2000 10:24:47 +0100, "NoSpam" <[EMAIL PROTECTED]>
>wrote:
>
>> >>The government already has powers to tap phone lines linking computers,
>> >>but the growth of the internet has made it impossible to read all
>> >>material. By requiring service providers to install cables that will
>> >>download material to MI5, the government will have the technical
>> >>capability to read everything that passes over the internet.
>> >
>> >This crap is getting out of hand.
>>
>> Yes. But they won't have the staff, technical or financial
>> resources to do it.
>
>Then why did they ask for all this equipment to be put in?
>
>They will not need to read it all information that passes, programs will
>look for keywords.
>
>As all your work and social communication comes to be done on the Internet,
>the greater your lack of privacy.
>
>You will have a permanent phone tap, for them to do with as they will.
>
>The dangerous criminals and terrorists will get round this - so who do you
>think they are going to be looking at?
>
>Visit the number 1 UK organization - www.1UK.org
Here we go again! Nobody gives any consideration to the enormous
task of monitoring all EMail.
Agreed a dictionary computer will look for keywords, but first it
has to have access to all the traffic...which will have to be
stored somewhere for most of the time.
The sifted information has, eventually, to be looked at by a
(slightly) human. 0.5% of it would take all week to plough through.
They will be asking the ISPs for EMails from the people they
are targetting. Very much more efficient than hoping to pick
the right ones out of the noise of the entire Internet.
Most of what I've read about it results from terminal paranoia
and badly informed guesswork.
--
Jim Dunnett.
g4rga at thersgb.net
Londoner? Vote for Ken!!
------------------------------
From: [EMAIL PROTECTED] (JimD)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Reply-To: JimD
Date: Wed, 03 May 2000 16:54:01 GMT
On Wed, 03 May 2000 03:03:47 GMT, [EMAIL PROTECTED] (Dan Day) wrote:
>On Tue, 02 May 2000 15:16:50 GMT, [EMAIL PROTECTED] (JimD) wrote:
>>>
>>>This crap is getting out of hand.
>>
>>Yes. But they won't have the staff, technical or financial
>>resources to do it.
>
>Once they have the means, they'll make sure they solve the
>resource problem...
Well, given the way everything else they've put their hand
to has turned to shit, I don't think we've very much to
worry about!
--
Jim Dunnett.
g4rga at thersgb.net
Londoner? Vote for Ken!!
------------------------------
From: [EMAIL PROTECTED] (JimD)
Crossposted-To: alt.privacy.anon-server,alt.privacy
Subject: Re: about search and seisure of computers again
Reply-To: JimD
Date: Wed, 03 May 2000 16:54:05 GMT
On Wed, 03 May 2000 00:20:10 -0400, jungle <[EMAIL PROTECTED]> wrote:
>"by facts not by myths", please ...
>
>instead of quantifies such as :
>possible ???
>unlikely ???
>enormously expensive ???
>maybe ???
>attempt ???
>hope ???
>
>any real facts ?, please ...
What proof (other than common sense) is required?
Find out the cost of the equipment, the level of technical
expertise required and the time it would take to recover
a reasonable amount of data.
As you must know, there are much easier and very much cheaper
ways of getting your data.
Have you read the Gutman paper?
>JimD wrote:
>>
>> On Sun, 30 Apr 2000 19:26:51 -0400, jungle <[EMAIL PROTECTED]> wrote:
>> >wipe by 3 passes under PGP ...
>> >
>> >NO ONE recovered data, NO ONE provided prove,
>> >that data wiped with above description has been recovered, except providing
>> >over exaggerated statement that "it's maybe possible to recover" ...
>> >
>> >correct me when I'm wrong, by facts not by myths only ...
>> >
>> >I have f/d [ 1.44 mb ] wiped by pgp 3x information to recover, no one like to
>> >be famous for attempting recovery, but many "experts" are arguing that data
>> >recovery is possible after wiping it 7x times by pgp, which is more than 2
>> >times wiped that I have ...
>>
>> Possible, but unlikely, and in any case enormously expensive
>> just to make the attempt in the hope of recovering useful data.
>
>
--
Jim Dunnett.
g4rga at thersgb.net
Londoner? Vote for Ken!!
------------------------------
From: [EMAIL PROTECTED] (WTNJS)
Subject: How Extend RMI Security System to handle Delegation
Date: 03 May 2000 18:00:19 GMT
I have a questions. Please answer if you have the answer/suggestions.
Q:Extend RMI Security system to handle delegation, i.e. to provide the
possibility to the client to authorize remote server to access another server
on behalf of the client. Describe what security extensions are needed for the
client, remote server, and the new remote server to handle delegation in a
secure way.
-J
------------------------------
From: "Erik Chow" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.java.security
Subject: Re: Different encryption results in Java/Perl
Date: Wed, 3 May 2000 14:01:27 -0400
I would say it's due to little endian and big endian issue. Java is big
endian, and I think Perl is platform dependent. Make sure they are the same
before going any furthuer. If not, convert one of them.
Erik
<[EMAIL PROTECTED]> wrote in message news:8ekoij$tbc$[EMAIL PROTECTED]...
>
>
> I've been working on an encrypted communication with another company.
> I've discovered that my encryption code produces something different
> from the test package I was given (which is implemented in Perl).
> Having identified that my encrypt isn't producing the same thing that
> the test suite does, I'm not sure how to proceed. I think my
> implementation works (it encrypts/decrypts locally without problem).
> Please read below for more detail.
>
>
>
> There's a company that has a server that waits for connections, so I
> wrote code that connects and tries to have an encrypted conversation.
> I've implemented my side of the communication in Java using Cryptix
> 3.1.1. The spec that they gave me claims that all communication will
> be encrypted using Blowfish with CBC to produce ciphertext, followed by
> a simple hex-encoding. Decryption should follow the same steps in
> reverse.
>
> In local testing, I can take a plaintext string and Blowfish/CBC
> encrypt to produce hexed ciphertext, then I can de-hex and decrypt to
> produce the original plaintext. At this point, everything seems to
> work fine for me locally.
>
> However, I did some comparison testing comparing my code to a Perl
> package to verify that they both produce the same results. As luck
> would have it, they don't. I can encrypt something using my
> Cryptix/Java implementation, and encrypt the same original plaintext
> using the Perl implementation, and then compare the two hexed-
> ciphertext strings to conclude that they're completely dissimilar.
>
> I was given the perl package (Crypt-BF-1.00) and a test script (as an
> aside, I didn't find that package on perl.com, and I'm not sure how up-
> to-date it is), and it works. That is, the test script successfully
> sends/receives encrypted commands with the remote server.
>
> I'm not sure how to proceed at this point. I don't know if this is a
> problem with an initialization vector on my end, or some other step
> that I'm leaving out, or if there are any known incompatibilities or
> inconsistencies between Blowfish implmentations.
>
> Assuming that the Perl implementation is correct, how can I test my
> code for correctness? Does anyone else have any other ideas for how I
> might solve this? I can post sample code on a web page (both perl and
> java) if it's helpful.
>
> thanks in advance,
> -kaan
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Date: Wed, 03 May 2000 18:10:43 +0000
Mark Wooding wrote:
> 1. RSA Security seems to me to be a nasty piece of work in general.
While they're certainly aggressive in defending their patents, I think
they're net <very> positive in terms of total contribution to the state
of the art and the fight against GAK. I'd be much sadder if RSA went
under than if Microsoft went under.
> 2. The RSA algorithm is useful, standard and versatile. Neat tricks
> like signature blinding don't work so well with other systems.
>
> 3. RSA is only patented in the US, and even then only until
> 2000-09-20. I'll be holding a party to celebrate the occasion.
>
> 4. RC5 is probably patented everywhere, but it's not commonly used and
> has some known weaknesses. It's fast, but Twofish, Blowfish and
> RC4 are all faster.
>
> 5. Ditch RC5.
>
> 6. Stick to your guns on RSA.
Note that RSA Security did not ask him to ditch the RSA algorithm --
only RC5. They may already realize he's in Canada. I concur that
ditching RC5 is the right thing to do, and I would suggest continuing
to use RSA (perhaps with a warning to US users if he's so inclined)
if he thinks it adds a useful trick to your bag. Only if he's asked
to remove the RSA algorithm should he decide whether the pain of losing
it is worse than the pain of fighting for it. A priori it seems to me
it's a no-brainer, since it's not patented in his jurisdiction.
> Damn it, Jim: I'm a hacker, not a lawyer.
Me too!
--
Jim Gillogly
Sterday, 13 Thrimidge S.R. 2000, 18:02
12.19.7.3.3, 2 Akbal 6 Uo, Ninth Lord of Night
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A naive question
Date: Wed, 03 May 2000 20:25:29 +0200
William Rowden wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > If one uses the k bits as key to a perfect block cipher to
>
> A block cipher, however, cannot be not "perfect" in the same way that
> an OTP can theoretically be perfect (as above). I think this sentence
> refers to a block cipher for which the *best* known attack is brute
> force, i.e., all *known* attacks take more work than simply enumerating
> all possibilities and selecting the one that makes sense in the language
> of the plaintext. For this kind of attack, computational feasibility
> is the only issue. Beyond a roughly-estimated number of bits one of the
> enumerated messages will be highly probable, and all others will be
> improbable.
>
> > encrypt n*k bits, one commonly says that one can use brute force
> > to get the key and then get the whole n*k bits plaintext.
>
> Here is where the number of bits is relevant. Brute force is useful
> mostly when n*k is greater than the unicity distance, or the
> uncertainty in the key (H(K)) divided by the redundancy in the language
> of the plaintext (D).
>
> > But is it really so? Let n=1.
>
> Then n*k = k. If one assumes maximum ignorance so that H(K) = k, then
> k bits is sufficient information to produce a unique solution only if
> all k bits are redundant, that is, if there is only one possible
> plaintext of length k that therefore has a _a priori_ probability of 1.
> If that's the case, one doesn't need brute force.
>
> > This means that the opponent CAN get the k bits plaintext, if he does
> > brute force.
>
> No. All brute force will produce in this case is the set of all
> possible plaintexts. There would be insufficient information to choose
> the correct message.
So that means brute force can't suceed. Under which conditions would
brute force succeed? Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Date: Wed, 03 May 2000 20:26:13 +0200
Terry Ritter wrote:
> <[EMAIL PROTECTED]> wrote:
> >And one should also be VERY careful to examine whether a claimed
> >patent-free algorithm uses features from someone else than its author
> >and whether these features are patented but (knowingly or unknowingly)
> >not explicitly stated by the author in the documentation of the algorithm.
>
> Right. That is the problem with saying that the AES ciphers are "not
> patented." Just because someone makes something does not allow them
> to give up rights which others have begun to establish. All we can
> know is that the authors did (that is, were forced to) give up *their*
> rights; we do not know that the designs are unpatented by someone
> else.
I wonder whether it woundn't be a good idea to request that
NIST arranges for an insurance of there being no unknown
patent involvement in the AES winner. For if AES successfully
replaces DES and 3DES and gets widely used, it would be a
catastrophe should someday some person stands up and demands
big amounts of patent loyalties. This scenario is not 'virtual'.
I remember that in connection with the Y2K problem there was
a person who demanded loyalties form firms that offered Y2K
services. (I don't know how the story ended.) With an
insurance, the insurance company would have to come up with
the payments. It is fairly concevable that no insurance
company would venture to enter such deals. In that case a
viable alternative would be that NIST, which knows the best
about AES, does the insurance itself. If nobody is ready to
do the insurance, then it is clear to the users of AES that
there is very substantial chance of having oneday to pay
patent loyalties of yet unknown amount.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Date: Wed, 03 May 2000 20:26:17 +0200
Tom St Denis wrote:
>
> I would rather not argue and wrestle with RSA. I don't care enough. I
> don't need to use RC5 or RSA, so I don't think it's a big deal.
Patents are only valid in a country if these are granted by the patent office
of that country. You are living in Canada, why do you have to care
whether something is or is not forbidden in another country, as long as
it is not forbidden in your country?
If there is no patent for the stuff concerned in Canada, I guess it would
even be possible that you apply one for the same, thus acquiring for
you all rights of using that algorithm in Canada. Wouldn't that be
financially attractive for you?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A naive question
Date: Wed, 03 May 2000 20:26:07 +0200
"Douglas A. Gwyn" wrote:
> "Tony T. Warnock" wrote:
> > Joseph Ashwood wrote:
> > > The problem with that theory is that using that theory, a
> > > OTP on top of English is no longer perfect (and the same
> > > qualification should apply to what I responded to Shen),
> > > because there is only 1 bit of entropy per character. This
> > > means that the probability of plaintexts is extremely
> > > slanted. To the point where brute forcing this entire
> > > message would only be a matter of around 400 bits, instead
> > > of the 3200 bits that it should be.
> > The probability of plaintexts in English is independent of the
> > encryption method. The probability of the plaintext given the cyphertext
> > is uniform if using a one time pad. (Once, not 1+epsilon, see Venona.)
>
> No, the probability of a given plaintext is *not* uniform.
> If all that is known about the PT is that it is telegraphic
> English, then "Nothing to report" is much more probable than
> "Waverly wonderful", which is vastly more probable than
> "Mstroupsipfhwwmgj".
> Given a perfect-OTP-enciphered ciphertext of 17 characters
> and no further information, the likelihood of each possible
> 17-character plaintext is proportional to its probability in
> the parent population (telegraphic English).
Still, there can be plaintext candidates that amount to statements
of exactly opposite sense. So the analyst can't decide which is
the true plaintext.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A naive question
Date: Wed, 03 May 2000 20:25:47 +0200
Joseph Ashwood wrote:
> > I am afraid that I haven't yet quite understood what you
> wrote. To
> > repeat my points: If one uses n bits OTP to encrypt, is
> that breakable
> > or unbreakable?
>
> It is breakable. Brute force will break it, but nothing
> else.
Why is it then that one reads in the literature that OTP is not
breakable?
Is the argument there flawed? Thanks.
M. K. Shen
------------------------------
From: "Stou Sandalski" <tangui [EMAIL PROTECTED]>
Subject: Re: .KGB crypted files
Date: Wed, 3 May 2000 11:33:54 -0700
A much better newsgroup for this question is
alt.very.1337.haxors.and.craxors.requests.for.cracking.things
"jeremie" <[EMAIL PROTECTED]> wrote in message
news:8ep1sq$qlj$[EMAIL PROTECTED]...
> I found a web site on tripod with encrypted files dated last year, can
> someone tell me if the files can be break ?
>
> http://members.tripod.com/yseure
>
>
>
>
------------------------------
Subject: Re: factor large composite
From: Diet NSA <[EMAIL PROTECTED]>
Date: Wed, 03 May 2000 11:44:08 -0700
In article <A0OP4.2298$PY3.2549@client>
, "Dann Corbit" <[EMAIL PROTECTED]>
wrote:
>Wrong. I never said impossible.
I didn't state that you said "impossible".
If you remember correctly, you instead
wrote "infeasible".
RSA is not compromised by some wild-
eyed notion that has yet to pan out into
>something useful.
I have never made any *specific* claims
for the potential of QC. I was only
pointing out that others were making
categorical-type statements without
(seemingly) first considering the
potential.
"640K of memory ought to be enough for anybody" - Bill Gates (1981)
=================================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: A naive question
Date: Wed, 03 May 2000 18:49:20 +0000
Mok-Kong Shen wrote:
>
> Joseph Ashwood wrote:
>
> > > I am afraid that I haven't yet quite understood what you
> > wrote. To
> > > repeat my points: If one uses n bits OTP to encrypt, is
> > that breakable
> > > or unbreakable?
> >
> > It is breakable. Brute force will break it, but nothing
> > else.
>
> Why is it then that one reads in the literature that OTP is not
> breakable?
> Is the argument there flawed? Thanks.
No. Joseph is using "will break it" in a non-standard sense.
Nobody else I know would consider an N-bit cipher broken if
someone handed them a printout of all 2^N bit sequences that
could have produced it. See Shannon for relevant proofs.
Note that we're speaking of an ideal OTP, not a real-life
implementation. Check DejaNews for "Doug Gwyn and OTP" if
this distinction doesn't mean anything to you.
--
Jim Gillogly
Sterday, 13 Thrimidge S.R. 2000, 18:43
12.19.7.3.3, 2 Akbal 6 Uo, Ninth Lord of Night
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
