Cryptography-Digest Digest #729, Volume #11 Mon, 8 May 00 05:13:02 EDT
Contents:
Re: Hardware RNG (Samuel Paik)
Re: zeroknowledge.com and freedom.net - Snake oil? (Guy Macon)
Re: distributed RSA? ("Joseph Ashwood")
Re: Hardware RNG ("Joseph Ashwood")
Re: Hardware RNG ("Joseph Ashwood")
Re: The Illusion of Security ("Joseph Ashwood")
Re: Why no civilian GPS anti-spoofing? / proposal ("Douglas A. Gwyn")
Re: The Illusion of Security ("Douglas A. Gwyn")
Re: The Illusion of Security (Dennis Ritchie)
Re: Newbie question about primes (Jerry Coffin)
Re: Is there a Commercially Available Tranposition Program (wtshaw)
Re: Why no civilian GPS anti-spoofing? / proposal ([EMAIL PROTECTED])
Re: RC5 question (Pred.)
Re: Silly way of generating randm numbers? (David C. Ullrich)
Re: Newbie question about generating primes (Anders Thulin)
Re: Hardware RNG (Richard Parker)
Re: An argument for multiple AES winners (Mok-Kong Shen)
Re: SBOX using boolean logic (Mok-Kong Shen)
----------------------------------------------------------------------------
From: Samuel Paik <[EMAIL PROTECTED]>
Subject: Re: Hardware RNG
Date: Sun, 07 May 2000 20:11:36 -0700
Joseph Ashwood wrote:
> I currently have an application that could make use of some
> hardware number generation. I was wondering if someone could
> point me to some online resources for designs for the fool
> things. Thanx in advance.
How about the Intel hardware RNG paper?
--
Samuel S. Paik | http://www.webnexus.com/users/paik/
3D and multimedia, architecture and implementation
You dont know enough about X86 or kernel architectures to argue with me.
- <38b2dc12$0$[EMAIL PROTECTED]> "Leon Trotsky" to Terje Mathisen
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: zeroknowledge.com and freedom.net - Snake oil?
Date: 07 May 2000 23:59:04 EDT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Roger) wrote:
>
>"David A. Wagner" wrote:
>> In article <[EMAIL PROTECTED]>, Steve <[EMAIL PROTECTED]> wrote:
>> > And BTW, since the Freedom Network does not use latency or remix
>> > to muddy the digital trail, traffic analysis can determine who
>> > any user is, provided that someone with sufficient interest and
>> > funding cares.
>>
>> Care to elaborate? That was not my impression at all.
>> After all, I thought the whole architecture was based on mixing,
>> so I'm not sure where your comments are coming from, but I'd be
>> happy to be educated on what they're doing wrong.
>
>They can't do everything. If you are the only one using a
>particular server and someone monitors that server, then
>presumably traffic analysis will yield some info. Maybe
>not very much, but I think it is enough to keep Freedom Net
>from making absolute claims of anonymity.
Unless, of course, servers are programmed to send messages to
each other all of the time. I know that if I decided to use
the system I would seek out some like minded folks and have us
start sending a few random encrypted messages to each other
every day.
BTW, they don't do Linux, QNX, or Windows NT yet, which puts
them out of the running for a serios EE like me. I expect this
situation to change fairly soon.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: distributed RSA?
Date: Sun, 7 May 2000 20:49:36 -0700
I can see where under some circumstances, it would have
benefits (basically the computation for p and q can take
many more resources). But I think in general it's not a very
good idea. For ElGamal I don't think it would be such a bad
idea, basically just shrinking the storage space.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Hardware RNG
Date: Sun, 7 May 2000 20:51:19 -0700
Let's start with serial port, it really doesn't matter when
you're designing hardware, I'll add the extras to change it
to what's needed.
Joe
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Joseph Ashwood wrote:
> >
> > I currently have an application that could make use of
some
> > hardware number generation. I was wondering if someone
could
> > point me to some online resources for designs for the
fool
> > things. Thanx in advance.
> > Joe
>
> What is your platform?
>
> Tom
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Hardware RNG
Date: Sun, 7 May 2000 20:52:59 -0700
I need the actual designs (or a standard interface, like I
said in the other half of this thread, I'll build
conversions as needed), I can't be limited to just a couple
of motherboards.
Joe
> How about the Intel hardware RNG paper?
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Sun, 7 May 2000 20:56:46 -0700
But at the same time, you must remember that similar could
be said about Enigma from the German standpoint during WWII.
Until it's been _proven_ I consider the claim of perfection
to be at best foolish.
Joe
"Diet NSA" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> According to *known* Quantum
> Mechanics and regarding entangled photon crypto, the
individual
> photons have no polarization prior to measurement and the
outcome
> of each measurement is random.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Why no civilian GPS anti-spoofing? / proposal
Date: Mon, 08 May 2000 04:09:01 GMT
[EMAIL PROTECTED] wrote:
> I'm sure there are other problems too. The bottom line is, I'm not
> sure that every terrorist with a radio shack catalog will suddenly be
> crashing planes.
Nobody said that. A few state-backed terrorists steering a
few jumbo commercial airliners way off course would certainly
be sufficient to terrorize the public.
The fact is, our technological infrastructure is exceedingly
fragile, a fact that has many people concerned (and occasionally
somebody actually working on the problem). The more one puts
his eggs all in one basket, especially a fragile one, the more
likely a catastrophe will occur.
The sad thing is that GPS is a nearly ideal application for
public-key cryptography (everybody could decode, but only the
system itself could encode), which would have solved the
spoofing problem.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Mon, 08 May 2000 04:18:39 GMT
Tim Tyler wrote:
> What use is a piece of electronic equipment designed to amplify quantum
> events if you are unable to completely rule out the possibility that your
> opponent has a powerful lazer trained on your apparatus, or that he has
> replaced your radioactive source with a device of his own making?
> You can undoubtedly produce systems which are likely to be highly secure -
> but it still appears that you can't "prove" that you've got some
> particular level of security, without making unjustifiable assumptions.
Quantum cryptography is *provably* impervious (at a specified
confidence level) to meddling by outsiders. The only two
vulnerabilities are node capture, where the enemy is operating
the site instead of the agent you thought operated the site,
and denial of service, where the enemy expends so much energy
in "jamming" that your communications are in effect severed.
These are not new situations, and the military (for example)
has long ago developed solutions for them.
It appears to me that you've been trying to maintain an
untenable argument about the impossibility of truly random
bit generation. It is not impossible; we do it all the time,
and it works exceedingly well in practice. One small part of
wisdom lies in abandoning a losing position.
------------------------------
From: Dennis Ritchie <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Mon, 08 May 2000 04:44:25 +0000
"Douglas A. Gwyn" wrote:
> Quantum cryptography is *provably* impervious (at a specified
> confidence level) to meddling by outsiders. The only two
> vulnerabilities are node capture, where the enemy is operating
> the site instead of the agent you thought operated the site,
> and denial of service....
Out of curiosity, what's a good place to look for plausibly
useful techniques beyond those mentioned in Schneier for quantum
key exchange? The idea mentioned there is heavily dependent
on a very securely authenticated side channel (though one that
can safely be tapped). This raises the issue of the MITM who
spoofs both Bob and Alice, and also the one of practicality:
if the point of the exercise is to exchange keys or short
messages, how did they authenticate in the first place?
Dennis
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Newbie question about primes
Date: Sun, 7 May 2000 23:14:27 -0600
In article <8ektni$6n4$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> As I understand it, one of the key factors(pardon the pun) in the security
> of PGP and similar is the time taken to factor a large prime number.
> Does it not take an equally large amount of time to create a prime, which I
> would need were I to create a private/public key pair? Obviously it can't,
> or the thing wouldnt work.
There are two points to consider here: first of all, if you start
with (for example) 2 numbers of 100 digits apiece and multiply them
together, you get a result of around 200 digits. Factoring a 200-
digit number is a LOT more than twice as difficult as factoring 2
100-digit numbers.
Second, there are a number of ways of testing that a number is
probably prime that are a lot faster than actually factoring the
number. While these can indicate that a number is prime when it's
really composite, they do so VERY rarely.
Just for example, one particular test was run on all numbers up to 10
^12. In that range it passed 101 composite numbers compared to
approximately 3.6*10^10 numbers in that range that are really prime.
The first point means that in a couple of days I could factor numbers
to assure myself they were prime and in a couple of days, produce a
key right at the limit of anybody's ability to attack, or in a week
or so produce a key nobody could attack. The second point reduces
those numbers from the range of days down to minutes.
In theory, somebody could try to attack an RSA key using something
like Pollard's Rho, and IF the key really did have a large number of
small factors, they could find them. The chances of this succeeding
are so remote I doubt anybody would even bother trying -- I suppose
if you were desperate enough, you might give it a shot, but the odds
are quite literally worse than one in a million.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Is there a Commercially Available Tranposition Program
Date: Sun, 07 May 2000 22:35:50 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (UBCHI2) wrote:
> I am looking to purchase a program that can do columnar transpositions of text
> automatically. Is there such a program on the market?
There are lots of programs about, beginning with the most simple of
algorithms as used in recreational ciphers. Making all character
significant and with the keyword comnojunks, here is you question as
rendered by a myszkowski:
pt: I am looking to purchase a program that can do columnar transpositions
of text
automatically. Is there such a program on the market?
ct: I ta aupfasa to crdtiale r rnstons o.co tmp rc nseihrel iuaomacaainxtc
ye uomm eaoorpgtnmrott tt atrpg hage h lsomIhn ?k hao roulsak
Columns = 10: COMNOJUNKS; 1645628537
Normally, you wold not want to retain spaces, cases, and punctuation, but
that works if desired. This is gleaned from a low-level, short passage
program is one I wrote just for fun, and on the Mac, where programming is
fun anyway.
--
MSN--let us hold your family jewels for six months so we can learn how to draft your
account and get permission to do so. After that...squeeeeze....
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Why no civilian GPS anti-spoofing? / proposal
Date: Mon, 08 May 2000 06:05:05 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> Nobody said that. A few state-backed terrorists steering a
> few jumbo commercial airliners way off course would certainly
> be sufficient to terrorize the public.
I think my problem with the whole scenario is two-fold. First, I'm
basically as anti-gps as you can get. Having firsthand experience
using it, I find it of very limited use as an _aid to
navigation_. That's not to say it's a bad idea, or a waste of money,
just that it's primarily useful for doublechecking your current
location.
Second, it just seems obvious to me that a state sponsored terrorist
would have many cheaper/easier ways to terrorise air traffic than
this.
When you talk about sending planes off course though, the thought
occours to me that while causing planes to collide is farfetched, it
may be somewhat easier to keep one lost over the ocean long enough to
run out of fuel, or some other navigational shenanegin.
> The fact is, our technological infrastructure is exceedingly
> fragile, a fact that has many people concerned (and occasionally
> somebody actually working on the problem). The more one puts
> his eggs all in one basket, especially a fragile one, the more
> likely a catastrophe will occur.
Well, as I said above, you should _not_ be putting your eggs all in
the gps basket. Given that the navigator should still be navigating by
hand, large deviations from the GPS fix will be obvious. The challenge
then is to figure out which location is correct. Anywhere inside most
nations air space this should be trivial, over blue water it's
probably slightly more problematical.
> The sad thing is that GPS is a nearly ideal application for
> public-key cryptography (everybody could decode, but only the
> system itself could encode), which would have solved the
> spoofing problem.
I don't know, my experience with gps is limited to little black boxes
that I plugged into other little boxes. ;) I would think though, that
there would always be at least an impractical spoofing
attack. Assuming somehow the system sent a signal that everyone could
decode, which only it could generate. Then, if I wanted you to think
you were at point B rather than point A, why couldn't I go to B and
transmit the signal to you? Assuming the points were close enough that
you didn't notice the time difference, your equipment would assume it
was at B.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: Pred. <[EMAIL PROTECTED]>
Subject: Re: RC5 question
Date: Mon, 08 May 2000 06:28:25 GMT
> Why do you need the original key if you have the S-table? The S-table
> is all you need to encipher and decipher anything you want.
Because it's nice to know, say, an enemies/opponents key-selection
process. This is infeasible with the S-table, but may or may not be
possible given enough keys (e.g. when a PRNG is used to generate secret
keys).
- Pred
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (David C. Ullrich)
Crossposted-To: sci.math
Subject: Re: Silly way of generating randm numbers?
Date: Thu, 04 May 2000 15:37:46 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 03 May 2000 22:49:15 +0100, Richard Heathfield
<[EMAIL PROTECTED]> wrote:
>Julio César wrote:
>>
>> I dont know if this could help, but pi is in no way random.
>>
>
>For a contrary viewpoint, see Knuth, TAOCP, Vol II, p41.
Um, actually Knuth quotes Dr. Matrix as saying that
mathematicians consider the digits of pi random - this
shows just that Dr. Matrix does not know everything there
is to know about what mathematicians think.
>--
>
>Richard Heathfield
>
>"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
>
>C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
>34 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (63
>to go)
------------------------------
Crossposted-To: alt.math
From: Anders Thulin <[EMAIL PROTECTED]>
Subject: Re: Newbie question about generating primes
Date: Mon, 8 May 2000 07:17:11 GMT
JoeC wrote:
> Does it not take an equally large amount of time to create a prime, which I
> would need were I to create a private/public key pair?
One not-too-shoddy method is just to create a large odd random number,
and test it for primality. If it fails, increase the number by two.
If you keep on for too long, break off, and start anew.
But you really want to create a pair of primes, the product of which will
require *heavy* computation to factor; random methods are probably
not good enough for that.
> Could someone point me at a good source (or is there a quick explanation)
> for the obvious time difference between creating a prime, compared to
> factoring one, since I thought in order to determine if a number was prime,
> you had to factor it?
Try Knuth: Art of Computer Programming, vol. 2. You'll find some useful
material on probabilistic methods for primality testing, as well as more
formal ones. Hans Riesel's book Prime Numbers and Computer Methods for
Factorization may also be useful.
--
Anders Thulin [EMAIL PROTECTED] 040-10 50 63
Telia Prosoft AB, Hjälmaregatan 3B, 212 19 Malmö, Sweden
------------------------------
From: Richard Parker <[EMAIL PROTECTED]>
Subject: Re: Hardware RNG
Date: Mon, 08 May 2000 00:49:23 -0700
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
> I currently have an application that could make use of some
> hardware number generation. I was wondering if someone could
> point me to some online resources for designs for the fool
> things.
Will Ware describes his design for a hardware RNG at the following URL:
Hardware Random Bit Generator
<http://world.std.com/~wware/hw-rng.html>
A.P. Allan has a web page that contains a complete hardware and firmware
description of his design for a RNG. Note that he expects you to pay him
if you decide to use his design. The URL is:
ORB - Open Random Bit Generator
<http://members.home.com/apa1/orb/>
On the other hand, if you just want to purchase an inexpensive hardware RNG
then you might want to look at one of the following devices:
ComScire
<http://comscire.com/design.htm
Protego SG100
<http://www.protego.se/sg100_en.htm>
-Richard
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: An argument for multiple AES winners
Date: Mon, 08 May 2000 10:55:07 +0200
Simon Johnson wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote
> > I remember to have learned some time ago from
> > discussions in this group that having multiple AES
> > winners has the advantage of better coping with
> > the case that one winner is eventually found to
> > have certain weakness that is hiterto not
> > discovered.
>
> Hmmmm, I kinda think that would defy the point of having a standard, having
> multiple standards is a contradiction. If the AES was compromised, I believe
> NIST would drop the standard, and start looking for a entries for a
> replacement from scratch. (This has no factual basis, but would be logical,
> as it would be unfair to award '2nd' place etc....)
Fine. But what should the users of AES worldwide do in the meantime?
Wait and drink a cup of tee?
> > It just occurs to me that the same applies in
> > respect of hidden patent claims. If there are e.g.
> > three AES winners, the chance of all of them have
> > hidden patent claims is likely to be fairly small.
> > So if NIST is not able to insure (free of charge)
> > the absence of hidden patent claims to prevent
> > the potential catastrophe of users worldwide
> > having to pay someday patent loyalities, letting
> > there to be multiple AES winners is definitely
> > a good idea.
>
> A scary situation, but I think if someone did attempt this, it would damage
> their crediability so much that they would never be trusted again. I think
> the companies involved in the AES have too much to loose by using attempting
> this, and therefore they won't. Moreover, I think NIST would throw them out,
> since one of its specification is that the algorithm be freely availible,
> was it not?
Patents are not necessarily owned by companies. The patent holder can
be a private person. What should I care, if I could gain a milliarde through
enforcing a patent claim?
> > BTW, I like to ask at this opportunity a probably
> > dumb question. Is it certain that AES will be
> > freely available to all people of the world?
> > Would its use be restricted to applications such
> > as banking and also confined to the 'friendly'
> > nations? How about the Wassenaar Arrangements?
>
> Yes I believe it would, and even if it wasn't (available worldwide) , I very
> much doubt that would stop anyone for very long.
It is indeed very noteworthy that the crypto clauses of the Wassenaar
Arrangements, that are intended to limit export to algorithms with key
length up to a maximum of 56 bits, came into being AFTER the AES
project has been running. So, if the top-level people involved in
crypto policy are not totally il-logical or forgetful, there must be
something particular in this connection. Yet many people seem
to be happy for the forthcoming benediction without questioning
whether there could possibly be a catch.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: SBOX using boolean logic
Date: Mon, 08 May 2000 10:54:59 +0200
Tom St Denis wrote:
> I know now I should have gone from table to expression.
If you are very interested in S-box designs, you should search, till
quite long back, in the conference proceedings known as Crypto'xx
and Eurocrypt'xx, in the series Lecture Notes on Computer Science
published by the Springer-Verlag. There are really plenty of articles on
that issue which I suppose one should study before starting designing
one's own S-boxes.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
