Cryptography-Digest Digest #750, Volume #11 Wed, 10 May 00 21:13:01 EDT
Contents:
Re: UK issue; How to determine if a file contains encrypted data? (Dan Day)
Re: Why no civilian GPS anti-spoofing? / proposal (Andru Luvisi)
Who can declare "eminent domain" on patents? (Andru Luvisi)
Re: Who can declare "eminent domain" on patents? (Mok-Kong Shen)
Re: Encryption code or addons for VB? ("Phil Fresle")
Re: Microsoft CryptoAPI: Crypt32.lib problem ("Mr. Tines")
Re: Who can declare "eminent domain" on patents? (Mike Andrews)
Re: Prime Generation in C,C++ or Java ([EMAIL PROTECTED])
Re: Why no civilian GPS anti-spoofing? / proposal ([EMAIL PROTECTED])
For Jim-G about the NOVA "cipher contest" ... (Sundial Services)
Re: Who can declare "eminent domain" on patents? ("Trevor L. Jackson, III")
Re: RSA-primes, smoothness (David Hopwood)
Re: PlatyMAC a new Message Authentication Code. (David Hopwood)
Re: Generator for ElGamal? (David Hopwood)
Re: Prime Generation in C,C++ or Java (David Hopwood)
Re: high speed public key crypto (David Hopwood)
Re: Who can declare "eminent domain" on patents? (Y. Lionmaker)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Subject: Re: UK issue; How to determine if a file contains encrypted data?
Date: Wed, 10 May 2000 20:26:15 GMT
On Wed, 10 May 2000 20:05:31 +0100, Andy Dingley <[EMAIL PROTECTED]>
wrote:
>
>>Wouldn't help. It's possession that counts, not how you acquired it.
>>If They "have reason to believe" that it contains encrypted data,
>>the onus is on you to provide the keys.
>
>So what happens with a large jpeg, when one of Straw's minions asserts
>that it contains something steganographic (even if it doesn't) and
>you're faced with a 2 year jail sentence for refusal to provide the
>keys to something that doesn't even have them,
Then you're f*cked. That's why it's a very, very bad law.
>The UK. It's the best place to do e-commerce, honest.
*snort*.
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Re: Why no civilian GPS anti-spoofing? / proposal
Date: 10 May 2000 13:24:05 -0700
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
[snip]
> A Maglite probably doesn't have enough volume to present a serious threat, but
> these days anyone can produce a C:\ prompt on an LCD screen from less than
> 1/2" cubed. That leaves the rest of the laptop for more energetic uses.
[snip]
What about a little explosive smuggled inside a Maglite, a little
smuggled inside a laptop, a little smuggled inside a camara, a little
in the sole of a shoe, and so on. It could get handed off in the
post-checkpoint restroom to the next guy in the chain, each handoff
being a little larger than the last. This could happen over the
course of several days. Some of the people doing handoffs wouldn't
have to be smuggling explosives in themselves, and could even be
arriving or connecting passengers. You could get by with fewer people
if some of them "slept" in the airport while they were waiting a long
time for their flight. Once all of the explosive and supporting
technology was in the airport, it could be placed into a popular kind
of bag or briefcase, and using a little pickpocket style misdirection
(pretty woman bending over, person tripping and falling and needing a
hand up, or whatnot) you switch it for the matching bag of a legit
traveler. You'd probably want to have enough people to surround the
event, in order to make sure none of the other people in the airport
can see the switch happen. Do the switch right before they board, and
rig up the bag/case to explode immediately if opened (a bang on the
runway beats no bang at all, right?) and on a timer if not.
The scarry thing is, even if they took the maglite appart, you could
still rig up something that looked like a D cell, which provided the
correct ammount of power and had the correct weight, but would come
appart if three magnets were applied in the right places to release a
catch.
So what do you do? Disallow bateries? Force people to send laptops
and camaras through the xray machine, even when they don't trust it
not to dammage their equipment?
As always, security verses convenience. Unless we want to submit to
cavity searches and severe limitations on what we can carry with us,
we will have to accept some risk. I *would* however prefer to see
more dogs trained to find explosives instead of drugs. I care more
about a bomber making it onto my plane than a drug runner...
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Who can declare "eminent domain" on patents?
Date: 10 May 2000 13:30:52 -0700
Congress? The patent office? Would it be possible for some
government body to simply "define" AES as not violating any patents?
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Who can declare "eminent domain" on patents?
Date: Wed, 10 May 2000 23:27:27 +0200
Andru Luvisi wrote:
> Congress? The patent office? Would it be possible for some
> government body to simply "define" AES as not violating any patents?
In times of war with the application of emergency laws or under
dictatorship this kind of 'definitions' are indeed possible. But AES is
meant for use in times of peace and in all democratic countries of the
world, isn't it? Perhaps the involvement of patent problems in AES
gives some momentum to the question of whether the patent offices
should grant patents to all kinds of stuffs without posing a sufficiently
high threshold of merits. I suppose a similar situation is to be found in
patents of gene sequences.
M. K. Shen
------------------------------
From: "Phil Fresle" <[EMAIL PROTECTED]>
Crossposted-To: comp.programming
Subject: Re: Encryption code or addons for VB?
Date: Wed, 10 May 2000 22:39:17 +0100
Reply-To: "Phil Fresle" <[EMAIL PROTECTED]>
You can download a VB CryptoAPI wrapper from my web site, it is free and
includes the source code.
Phil
http://www.frez.co.uk
"Test51" <[EMAIL PROTECTED]> wrote in message
news:8f7ook$jk5$[EMAIL PROTECTED]...
> Hi,
>
> I searched through recent posts of this group but couldn't find an
> answer.
>
> Does anyone know of any site out there that contain code or other addons
> (DLL, ActiveX) to provide encryption in Visual Basic?
>
> Thanks.
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: "Mr. Tines" <[EMAIL PROTECTED]>
Subject: Re: Microsoft CryptoAPI: Crypt32.lib problem
Date: Wed, 10 May 2000 22:17:06 +0100
In article <[EMAIL PROTECTED]>, Luis Sousa <[EMAIL PROTECTED]>
writes
>Hi there folks ....
>
>While exploring the Microsoft Crypto API that comes with Visual C++ 6.0
>I've found that the wincript.h file does not contain some of the
>functions declarations and macros documented in MSDN, also crypt32.lib
>does not exports those functions. nevertheless the crypt32.dll that is
>in the \winnt\system32 exports all those functions missing in the header
>file ! Does anyone knows where to get this updated header and lib files
>? I've tried microsoft's site with no luck yet !
>Any help appreciated!
Look for the Platform SDK - this contains extended replacements for all
the standard header files. Ghod alone knows why this isn't standard in
VC++.
-- PGPfingerprint: BC01 5527 B493 7C9B 3C54 D1B7 248C 08BC --
_______ {pegwit v8 public key =581cbf05be9899262ab4bb6a08470}
/_ __(_)__ ___ ___ {69c10bcfbca894a5bf8d208d001b829d4d0}
/ / / / _ \/ -_|_-< http://www.ravnaandtines.com/
/_/ /_/_//_/\[EMAIL PROTECTED] PGP key on page
------------------------------
From: [EMAIL PROTECTED] (Mike Andrews)
Subject: Re: Who can declare "eminent domain" on patents?
Date: Wed, 10 May 2000 22:26:23 GMT
Scripsit Mok-Kong Shen <[EMAIL PROTECTED]>:
: Andru Luvisi wrote:
:> Congress? The patent office? Would it be possible for some
:> government body to simply "define" AES as not violating any patents?
: In times of war with the application of emergency laws or under
: dictatorship this kind of 'definitions' are indeed possible. But AES is
: meant for use in times of peace and in all democratic countries of the
: world, isn't it? Perhaps the involvement of patent problems in AES
: gives some momentum to the question of whether the patent offices
: should grant patents to all kinds of stuffs without posing a sufficiently
: high threshold of merits. I suppose a similar situation is to be found in
: patents of gene sequences.
In the US, the Patent Office has been known to issue a classified
patent at the behest of one or more of the military departments.
Cryptosystems are obvious targets forthis behavior.
--
[S]tandard complaint. Fish, barrel, tacnuke.
-- Red Drag Diva, in alt.sysadmin.recovery
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Prime Generation in C,C++ or Java
Date: Wed, 10 May 2000 23:12:34 GMT
Herb Savage <[EMAIL PROTECTED]> wrote:
> That's actually a (1-1/2^98) probability or greater than
> 99.999999999999999999999999999% probability.
Nuts, that's what you get for only having the method index instead of
the full api reference on hand. Lowering the certainty will still, of
course, make the method faster.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Why no civilian GPS anti-spoofing? / proposal
Date: Wed, 10 May 2000 23:16:19 GMT
David Formosa (aka ? the Platypus) <[EMAIL PROTECTED]> wrote:
> Well a vial of mercury in the maglite would be enought to scrap the
> airplane. A vial of hydrogen cyanide could kill everyone (or at least
> alot of people) in the plane. I expect you could fit enough plastic
> explosive to blow a hole in the plane's hull.
Well, we're wandering way off topic here now, but any biological or
chemical agent could be just as easily smuggled disguised as makeup in
a carry on. Given the amount of repsonses illustrating better ideas
for attacking planes then with a maglite, I think it's clear why they
don't dissasemble them. ;)
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
Date: Wed, 10 May 2000 16:22:18 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: For Jim-G about the NOVA "cipher contest" ...
:-)
I hope that you (and the by-now-long-suffering NOVA producers) realize
that your "cipher challenge" could happily go on for many months. Even
though the "cipher challenge" seems to have stopped with the Playfair
solutions, I'm equally sure that others are browsing through the other
more complicated ciphertexts.
------------------------------
Date: Wed, 10 May 2000 19:48:59 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Who can declare "eminent domain" on patents?
Andru Luvisi wrote:
> Congress? The patent office? Would it be possible for some
> government body to simply "define" AES as not violating any patents?
There are special considerations that affect the issuance of patents for
nuclear and space technology, but AFAIK there is no mechanism that can
retroactively cancel an issued patent. I suspect this isn't going to change
because, contrary to many of our government programs, the US patent system is
mandated by the constitution.
------------------------------
Date: Wed, 10 May 2000 05:39:33 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: RSA-primes, smoothness
=====BEGIN PGP SIGNED MESSAGE=====
DJohn37050 wrote:
[re: banking standards requiring strong RSA primes]
> No, they decided that the cost was nominal, and worth the disambiguation.
> What do you do if someone presents a RSA key where p-1 HAS all small
> factors? Go before a judge and let HIM/HER decide? Or perhaps worse,
> a jury?
That is beside the point, since there are *lots* of other ways for an RSA
key to be weak (all of which occur with negligable probability for large
enough key sizes, say >= 1024 bits), than for p-1 or q-1 to have only
small factors.
Either you trust the hardware or software that is generating keys to do so
correctly - in which case there is negligable probability of it creating a
key that is weak - or you don't - in which case all security bets are off
regardless of whether the standard specifies "strong" primes.
> Given these possibilities, the answer for banks was to disallow this
> possibility. If anyone comes and presents such an RSA key, it does not
> meet the standard.
And if they present a key where |p-q| is sufficiently small, or which is
unusually easy to factor using ECM (for example), it does meet the standard,
but is just as insecure.
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBORjm+DkCAxeYt5gVAQFkZAf/Yy2gtbCjm8bAoFpR9AFOn9506RgEO4nr
gTXtwrKksecbPCjWOZFPkc3SROeFqH4lQYV7eC6VSq+xHGo7AIRAXh8l1aYL/pEt
U2sktHixIYWd/vuQEkM3VAmSWykLF8+kb4rW+fik6Nu5WWzOaZHy+syw6KN4vene
gal7VfR9PDL5WAwPTfEXf6Y2T3Chl55/ScaYocRnRYQpq7x6RBRwFwnBFloSJRaG
KCeuDxXSwZS1t0aauZ+Nqzq4zhvEnhNessOMaFUPh19M6xOwI3ia9CwnGJOmLQ6g
+sR+qOwGIaMINnvWWHWqP/8/STi/2OdMPYSxvOdWrqmH21Q9Se6GFQ==
=/ffM
=====END PGP SIGNATURE=====
------------------------------
Date: Thu, 11 May 2000 00:03:14 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: PlatyMAC a new Message Authentication Code.
=====BEGIN PGP SIGNED MESSAGE=====
"David Formosa (aka ? the Platypus)" wrote:
> I've come up with an interesting way to construct a MAC. I'm
> interested in finding if there are any attacks or this construct is
> already well know.
>
> The two options I have for getting this analyzed seem to be make
> such a pain of myself claiming that I have an unbreakable system until
> people try to brake it just to shut me up, or offer some money to
> whoever brakes it.
Actually a MAC is a pleasant change from "unbreakable" ciphers - we
don't get too many MACs proposed here.
> As I'm purely an amateur and don't wish to profit from this endeavor
> (hence PlatyMAC is unpatented) I can't offer much, however $200
> Australian dollars will go to the first person who discovers a better
> then birthday attack on the system.
Normally that would be unwise, but in this case I think your money is
safe, given some assumptions on the PRNG (see below).
> ######################################################################
>
> Description of the system
>
> First an IV is created (this IV MUST be used only once).
I assume you mean that a new IV is used per-message, but that the key
can be used for several messages. Also the IV would presumably have
to be included with the MAC result.
> This is XORed with the key and used to initialize a secure
> pydorandom
^^^^^^^^^^ pseudo-random
> number generator.
> The plaintext concatenated with its length and then padded out to a
> multiple of 256bits.
>
> The plantext is then sent threw the compression function such that
>
> H_i = f ( P_i, H_(i-1) )
If each P_i is 256 bits, how do you pass both P_i and H_(i-1) to f
(since AFAICS, the definition of f seems to assume that its input is
256 bits)? Maybe each P_i is 128 bits (but in that case why is it
padded to a multiple of 256?)
I'll assume below that P_i and H_i are both intended to be 128 bits.
> The compression function is as follows
>
> f (data)
> hash = 0
> for i = 1 to 128
> mask = rand256
> flip = rand256
> fixed = rand256
>
> mflip = (flap ^ data) & mask
^^^^ I assume this was meant to be flip.
> mfixed = fixed & !mask
Don't you mean ~mask, if this is C notation?
> sout = mflip | mfixed
> hashbit = parity (sout)
>
> hash = hash * 2
> hash = hash | hashbit
> endfor
> return hash
> endf
This looks *very* slow.
In any case, because:
parity(a ^ b) = parity(a) ^ parity(b),
we have, assuming that the PRNG output is unbiased and uncorrelated:
hashbit = parity(data & mask) ^ parity((flip & mask) | (fixed & ~mask))
= parity(data & mask) ^ rand1
where rand1 is some random bit.
I.e. f is effectively equivalent to the following simpler algorithm:
hash = 0
for i = 1 to 128
mask = rand256
hashbit = parity(data & mask)
hash = hash * 2
hash = hash | hashbit
endfor
return hash ^ rand128
This (and therefore the original version) looks secure to me, because
any bit changes to data have a 0.5 probability of changing each bit
of the hash. Also, any information about the masks is hidden by XORing
the output with a random value. In fact, as David Wagner says, it
looks plausible that this is a provably secure 2-universal hash, under
the assumption that the PRNG output is a sequence of random bits.
I.e. if the PRNG is:
- secure as a stream cipher (i.e. produces output that cannot be
distinguished from random, and from which it is infeasible to
derive the key)
- immune to related key attack (because the attacker could choose
an IV related to a previous IV)
then the MAC should be secure, because of the Merkle-Damgaard result
mentioned by David Wagner.
However, requiring the PRNG to be immune to related key attack is
an undesirably strong assumption, and it would be better for it to
be initialised from a hash of the key and IV, rather than from
(key XOR IV). If the hash approximates a pseudo-random function, this
should make related-key attacks infeasible.
> Where rand256 returns a 256 bit pydorandom number and parity returns 0
> if there are an even number of ones in sout and 1 otherwise.
>
> ######################################################################
>
> Theory
>
> The f function acts like a big key dependent S box that is constantly
> being changed.
I don't think this is a particularly productive way of looking at it.
S-boxes are normally (not always) bijective, and normally (again, not
always) don't change between blocks.
> This is intended to frustrate analysis that depend on
> the sbox being fixed. In addition the multiplexer system (using mask)
> means that each bit on average is a function of half of the bits.
Yes, it is, and that's the most important property on which the
security depends.
> ######################################################################
>
> Problems
>
> The prime problem I see is that it may be to slow for practical use,
> also it would guzzle pydorandom bits like they where going out of
> fashion.
The modification I proposed uses just over a third as many pseudo-random
bits, but it is still much less efficient than other schemes that rely
on universal hashing in a similar way (and are therefore equally secure).
Anyway, it's very good for a first attempt. I wish all algorithms proposed
here by amateurs were as well-designed!
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBORnqoTkCAxeYt5gVAQGB7Af/XWJgtp6P/cJVvKn08K6J/OMMlTkECNg9
eNjLP6PQ9iwP9CO5ykFiiQ8PkxJn4AByPLRN5bHEU9SDqjbx6rQ2FNiNgbtQMQEt
lUc8QCwSkoyB1YWqezhmUyn+li2/OiZwhZeapjBwGEh+SsJH6o5ISZQSiiHGCVQ+
OouijxcYhyEHc4Zm0l8Rnsy3eZuNoTq9Hbi2nVLIiXNPpgpfAzYi0hxr+jKS+t4J
mtPrt9ZXyD7Xxdi3shDD4wVGSr3TMCnq5Jbf+v6mpmO++stlq92KIZJAvsTm2d26
8Wkp+Wqde+GlfbAMc1vQRrSEqn9Sx+99j7GMDcX88hi61xOtHBT/0A==
=+xFG
=====END PGP SIGNATURE=====
------------------------------
Date: Thu, 11 May 2000 00:47:12 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Generator for ElGamal?
=====BEGIN PGP SIGNED MESSAGE=====
[EMAIL PROTECTED] wrote:
> I was just looking at a piece of code that purported to implement
> ElGamal, and noticed they weren't making any checks to make sure that
> the "g" was really a generator. I knew that they used Schneier's
> Applied Cryptography as a reference, so looked in there and he says to
> just use a random g (which they have faithfully implemented)!
The brief descriptions in AC2 are not sufficient *on their own* to
implement any algorithm, particularly public key algorithms, accurately
and securely. They are intended simply as overviews. Although AC2 includes
references for almost every algorithm, it perhaps doesn't make it clear
enough that you really do need to read those references.
> Surely this is a mistake, right? The public key must include a pair
> <g,p>, where g is a generator for p.
g does not have to be a generator; however it should not just be random.
Ideally g should generate a subgroup of prime order, where the order
is large enough to prevent a square-root attack (say 2^180 or 2^200).
I suggest reading the following three papers:
Taher Elgamal,
"A Public-Key Cryptosystem and a Signature Scheme Based on Discrete
Logarithms,"
IEEE Transactions on Information Theory, v. IT-31, n. 4, 1985,
pp. 469-472, or
Advances in Cryptology - CRYPTO '84, pp. 10-18,
Springer-Verlag, 1985.
Y. Tsiounis, M. Yung,
"On the security of ElGamal-based encryption,"
1998 International Workshop on Practice and Theory in Public Key
Cryptography (PKC '98), February 5-6, Yokohama, Japan.
http://www.ccs.neu.edu/home/yiannis/papers/eg.ps
Paul C. van Oorschot, Michael J. Wiener,
"On Diffie-Hellman Key Agreement with Short Exponents,"
Advances in Cryptology - EuroCrypt '96.
and for an alternative to Elgamal with better security properties:
Michel Abdalla, Mihir Bellare, Phillip Rogaway,
"DHAES: An Encryption Scheme Based on the Diffie-Hellman Problem,"
Contribution to IEEE P1363a.
http://grouper.ieee.org/groups/1363/contributions/dhaes.pdf
(temporary URL), or
Theory of Cryptography Library.
http://philby.ucsd.edu/cryptolib/1999/99-07.html
The original paper by Elgamal, and van-Oorschot & Wiener's paper are on
the Springer-Verlag CD-ROM of CRYPTO and EuroCrypt proceedings between
1981 and 1997, which I would recommend highly.
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBORn00zkCAxeYt5gVAQECLQgAl2kBEWudeMTkslGDC8nvLaHN0WAGqdVi
nXsxLe1W24ZOd6OZ1tMykwAfiFOPWCMnyKP5VeoG0XyYFuVUPzBZYdoBftYWw/fQ
KNwMDHuViz4bATa0S0ymMX8nKSof99+N9KQka+yWUV4Vw9RaursitUo1bH/Cg66q
SZNmTKUNXeSsqp0KlXUnOR0HOvpoVHGef/zBH38fhFowzBxX4I+YQTdQWLc/FNtg
U38IprKHzHlhLhpQuaewHyypBt6NLZDbXJMDIy61tqjkUMvytcJlG5CiOXiQkAog
yufSXjWqxlxEi9Yes0n7ZlkxJJDP+Dszpl3qjaQLLZ0NgAmJlsleYw==
=MVIU
=====END PGP SIGNATURE=====
------------------------------
Date: Thu, 11 May 2000 00:53:08 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Prime Generation in C,C++ or Java
=====BEGIN PGP SIGNED MESSAGE=====
[EMAIL PROTECTED] wrote:
>
> Bob Silverman <[EMAIL PROTECTED]> wrote:
> >> > Is there a quick and relatively short algorithm in any of these
> > languages
> >> > for generating primes? The primes do not have to be huge, to the
> [...]
> > The poster said he wanted "5 to 10 digit primes". One does not
> > need a probabilistic method. All of the pseudoprimes less than
> > 25 * 10^9 with respect to bases 2,3,5,7 have been identified.
> > This gives a fast deterministic test. Albeit for 5 digits, trial
> > division or table lookup will be faster
>
> While I'll bow out to the correct answer from the expert, I feel
> obliged to point out that the short algorithm (in terms of LOC, not
> neccesarily speed) in Java is to use
> java.lang.BigInteger.isProbablePrime(int certainty).
For generating primes in Java, it's faster and more efficient to use
the appropriate BigInteger constructor, rather than this method (read
the BigInteger documentation for more detail).
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBORn2TDkCAxeYt5gVAQHhHAgAvAlFVoW9wCD8RNP8oT6SmbzPbhlBH1/U
WWFHJGhYveuJkhxoifq+tov0G9oH0lrR4wOEDs+VqK8UjLmFoilHzIhiPT+63vwO
3kOk2JxCqsqFqXsCxepTb5I57Y1XaxUPI46a8bHkGUbwqCQd6Kr6E7k7joN+FCUW
8qi5SC541qdcsh9slaGdmF1H6+8GZsnlITnF6e7Se5AHVqbX77mtM8u7RyTHa+Pf
cRTY4n79krhcvltEzhHxyydez+92G+6SJ8VwFSc3MDfD3NFCf90HKMY3wc/TBTSX
HabnKO9dSGWU6+il+0ayuqaRd3OsWP6myr4TAFiXJgzUrjlr2x/KzA==
=B20W
=====END PGP SIGNATURE=====
------------------------------
Date: Thu, 11 May 2000 01:11:08 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: high speed public key crypto
=====BEGIN PGP SIGNED MESSAGE=====
Mehdi Sotoodeh wrote:
>
> I have found a new public key crypto system that is fast, easy to
> implement and requires low level of system resources.
> I am looking for someone who is interested to work on this as a joint
> project. I specifically need help on evaluation and publication of the
> project.
> Please let me know if you are interested.
There is not enough information here for people to decide whether your
system is worth putting effort into. Post a brief description of the
mathematical problem that its security is based on.
If you are concerned about anyone stealing your idea, don't be. The
most likely outcome is that your scheme will be found to be less secure
or less practical than existing public key cryptosystems, in which case
you will have saved a lot of effort. If it does look secure and
practical, and it becomes widely used, then you'll probably be able to
take your pick of highly paid jobs. OTOH, if you patent the system, it
will likely disappear without trace, since there are several existing
widely used PK cryptosystems (to which RSA will added in September),
that are unpatented, and that people are for the most part perfectly
happy with.
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBORn6YTkCAxeYt5gVAQGXBQf/bjZvRLD1QD3lOcUkLNDRfUzKhe9XPPtP
zPzfR2Bggk2qfuyZjLaRlhO/hZfYHuXwO7RVPvb/TF+U7jfZO9mAgyLs5T32rL0l
4jXKxIaZfn8Q8ETUEUMC8LuazCqwOiL1/VOajUEojyciaVdBzyPG+0jQKLfRfzvk
j//rJJe2dTeKsq0hhYMlmC4peWEzpNiOFfQnQItX3G8jD5tu8yqJmKSdvmk1Ynuc
XzwGeRa3KTQM46SmlDirtprFz980WwBaf4tV5ClgxAD4Ok6Ik1b+AncavTDAdITB
VKJftdf8f2btaQ603eMAjdbq8EY7IJcMYK3hpXHnBt3thYkz+8/dGA==
=vDqm
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Y. Lionmaker)
Subject: Re: Who can declare "eminent domain" on patents?
Date: Thu, 11 May 2000 00:25:02 GMT
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote:
>There are special considerations that affect the issuance of patents for
>nuclear and space technology, but AFAIK there is no mechanism that can
>retroactively cancel an issued patent.
Many years ago some inventors applied for a patent on some rotating handles
for a wheelbarrow. They were awarded a patent for a "wheelbarrow and
attached handles". When they realized that they had a patent on the
wheelbarrow, they began notifying wheelbarrow companies that they owed them
royalties. When the companies protested, the erroneously issued patent was
retroactively canceled.
--
"Y. Lionmaker" is actually 5278 460139 <[EMAIL PROTECTED]>.
0 123456789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
