Cryptography-Digest Digest #365, Volume #12 Sun, 6 Aug 00 12:13:00 EDT
Contents:
Re: New William Friedman Crypto Patent (filed in 1933) ("Douglas A. Gwyn")
Re: Q: CD ("Douglas A. Gwyn")
Re: Hashing Algorithms (Mack)
Re: Secure Operating Systems (Mack)
RSA Cryptography Today FAQ (1/1) ([EMAIL PROTECTED])
Re: Has RSADSI Lost their mind? (Paul Rubin)
Re: IV for arfour (Guy Macon)
Re: Let us have Lattice (Tim Tyler)
Re: Random numbers and online-gambling (Tim Tyler)
Re: Secure Operating Systems ([EMAIL PROTECTED])
Re: New William Friedman Crypto Patent (filed in 1933) (Mok-Kong Shen)
Re: New toy cipher, please comment... (Mok-Kong Shen)
Q: Functions that are slow to invert (Mok-Kong Shen)
Re: Let us have Lattice (Mok-Kong Shen)
Re: Applications for One-Way Function? (Mok-Kong Shen)
Re: just saw a pre-release copy of Schneier's new book on ebay (Bruce Schneier)
Coupon collector's problem ("Artemios G. Voyiatzis")
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: New William Friedman Crypto Patent (filed in 1933)
Date: Sun, 06 Aug 2000 01:45:12 -0400
[EMAIL PROTECTED] wrote:
> ... They could be 50 years backlogged in reviewing material for
> declassification.
There is a fairly recent Executive Order requiring all classified
material to be reviewed and re/declassified after 50 years. The
amount that was classified over 50 years ago is staggering, and
very likely the backlog is such that they'll never catch up to
the point that they are reviewing just material from 50 to 51
years old. In addition to this supposedly automatic review,
re/declassification occurs when special attention has been
directed toward specific items, e.g. in response to a FOIA query.
I don't know what triggered the patent declassification; it might
have been in response to the USPTO trying to clean up their own
files.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Q: CD
Date: Sun, 06 Aug 2000 01:51:31 -0400
Mok-Kong Shen wrote:
> Is there an easily obtainable software with which one can
> conveniently read out bits from a CD at any specified (hardware)
> position? Thanks.
If you mean the encoded "pits", you'd need special hardware
support. By the time the information reached the computer
bus it has already been decoded.
If you mean the decoded data, it's almost trivial under many
UNIX-like operating systems:
fd = open("/dev/rdsk/cd0" /* or whatever */ , 0);
lseek(fd, 0, desired_offset);
read(fd, buffer, amount);
close(fd);
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: Hashing Algorithms
Date: 06 Aug 2000 06:15:52 GMT
>I reference Tom McCune here when I say that SHA1 is better than MD5...
>
>http://www.mccune.cc/PGPpage2.htm#Hash
>
>references:
>
>http://www.math.ohio-state.edu/~fiedorow/PGP/MD5_discussion << The good
>stuff here!!! (no offense Tom : )
>
>
>"George" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> First I'd like to thank everyone for the speedy responses to my last
>question
>> about IDEA. I have done some research on hashing algorithms, and I have
>been
>> told that the best hashing algorithms are MD5 and SHA. Am I outdated
>again
>> with my resources? What is the most "secure" hashing algorithm available
>to
>> the public today? Thank you for your time.
>>
>>
>> --
>> -George
>> [EMAIL PROTECTED]
>>
>
I believe there is an RSA inc. document recommending against using
MD5 in new designs. That seems to be a good argument against it
if the company supporting it thinks it is time to start taking it off the
shelf.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: Secure Operating Systems
Date: 06 Aug 2000 06:27:31 GMT
>Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>[...]
>> layered approach. Crypto could then be an outer layer. At the time
>> of design of UNIX, intrusion detection wasn't yet a word in the
>> vocabulary of CS, I suppose. To give a (certainly far-fetched)
>[...]
>
>When Unix was written, the world was a whole different place. It was
>normal for most places to simply leave the administrative account
>logged in on the console all day. (Because any console user was
>authorised to use it). Offices in the building didn't generally have
>locks on the doors, and the standard login mechanism provided abundant
>security against networked intrusion. (After all, there were no
>unfriendly hosts, and networks were primarily dial-up connections)
>Indeed, crypt(3) itself was impervious to exhaustive search, since a
>typical large, timesharing system could manage just over a single key
>check per second.
>
>The real answer though, is probably that the average user doesn't need
>or want what most people are talking about when you say secure
>operating system. It doesn't even make sense on personal
>computers. For example, Unix based systems hold Orange Book Ratings as
>high as B3, but the market for them is very limited.
>
>--
>Matt Gauthier <[EMAIL PROTECTED]>
>
>
The higher the level, the less 'User Friendly' the system becomes.
Example:
Certain systems will forbid printing without supervisory approval.
Good for security, bad for your typical home user.
Certain other systems allow remote users to use printers
without even a login.
Bad for security, very convienent for users.
Now most businesses probably need some level of secure operating
system. But probably not more than C1.
What businesses really need is better security of computing equipment.
After all if you 'lose' the computer someone can eventually break
into whatever data is in it. Unless all of the data is encrypted under
a password. And even that isn't so sure considering the way most
people pick passwords.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
Crossposted-To:
talk.politics.crypto,alt.security.ripem,sci.answers,talk.answers,alt.answers,news.answers
Subject: RSA Cryptography Today FAQ (1/1)
from: [EMAIL PROTECTED]
reply-to: [EMAIL PROTECTED]
Date: 06 Aug 2000 07:47:09 GMT
Archive-name: cryptography-faq/rsa/part1
Last-modified: 1997/05/21
An old version of the RSA Labs' publication "Answers to Frequently Asked
Questions about Today's Cryptography" used to be posted here until May
1997. These postings were not sponsored or updated by RSA Labs, and
for some time we were unable to stop them. While we hope the information
in our FAQ is useful, the version that was being posted here was quite
outdated. The latest version of the FAQ is more complete and up-to-date.
Unfortunately, our FAQ is no longer available in ASCII due to its
mathematical content. Please visit our website at
http://www.rsa.com/rsalabs/ to view the new version of the FAQ with your
browser or download it in the Adobe Acrobat (.pdf) format.
RSA Labs FAQ Editor
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Has RSADSI Lost their mind?
Date: 6 Aug 2000 07:54:14 GMT
In article <8m1jio$d3c$[EMAIL PROTECTED]>,
Matthew Skala <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
>Eric Lee Green <[EMAIL PROTECTED]> wrote:
>>There are some legal scholars who believe that, since no money
>>changed hands, the open source license is a "gift offer" rather than
>>a contract, and thus can be revoked at any time. That obviously is
>>not a notion that I (or the Free Software Foundation) agree with,
>>but some day somebody is going to try to test it in a court of law.
>
>Something sort of like that may be tested in a few days' time, in the
>Cyber Patrol reverse engineering case. Eddy L O Jansson and I released
>our work under unclear license terms, including the bare statement
>"Released under the GPL" without including a copy of the GPL, the usual
>disclaimers that go along with a GPL release, or spelling out *which* GPL;
>and the note "You are allowed to mirror this document and the related
>files anywhere you see fit." The plaintiffs, as part of the settlement
>agreement, purchased the copyrights to the work for a dollar; now they
>want to restrict its distribution.
>...
>Still, one court has already ruled on more than it needed to in this case,
>so we may yet see some kind of general ruling on the revocability of open
>source licenses. The hearing is scheduled for August 2nd in Boston. I
>maintain an FAQ at http://www.islandnet.com/~mskala/cpbfaq.html; I don't
>know where the best place to watch for news on the appeal will be, though.
>I'm not really in the loop for that.
I just checked that URL and it says you haven't heard what happened
with that hearing!! Doesn't your lawyer know?!
On the revocability question, if there's any company that would want
to try such a thing, it's RSADSI, which has operated the IP system as
ruthlessly as anybody short of the Scientologists, and would not
hesitate to try any legal tactic they thought they had a chance with.
And yet, when Phil Zimmermann released PGP 2.5 with RSAREF integrated,
RSADSI's hair practically caught on fire. They tried to revoke the
free redistributability of RSAREF, but apparently after a conversation
with MIT's lawyers, they gave up on the idea. Instead RSADSI itself
seems to have stopped distributing RSAREF, but of course many other
people kept distributing it and continue to do so to this day.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: IV for arfour
Date: 06 Aug 2000 07:56:11 GMT
Andreas Sewe wrote:
>
>
>
>"Guy Macon" wrote:
>
>> Andreas Sewe wrote:
>
>> >Perhaps you are right, concerning chosen-key-attacks,
>
>> Could you define "Chosen Key Attack" for me?
>
>Again pseudo-quoting from "Applied Cryptography", chapter 1.1:
>
>"Chosen-key-attack: This term does not mean, that the cryptanalyst is
>able to choose the key itself freely; it means instead that certain facts
>about the relations between different keys are known.
>This kind of attack is uncommon and not of importance in real life.
>(Described in chapter 12.4)"
>
>Well, concerning IVs this kind of attack can be imho important.
Hmmmm. As a practical matter, it would seem that anyone who uses
strong encryption would not reveal any facts about the relations
between different keys, and that's what makes it unimportant, even
concerning IVs. It seems to me that leaking such information would
be a real weakness no matter what system is being used. In other
words, if you wish your ciphertext to remain undecoded, don't reveal
anything about your plaintext or your key.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Let us have Lattice
Reply-To: [EMAIL PROTECTED]
Date: Sun, 6 Aug 2000 07:31:05 GMT
wtshaw <[EMAIL PROTECTED]> wrote:
: In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
:> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
:> : Finally, it is a linear transformation. [...]
:>
:> Yes. This appears to make it next-to-useless as an encryption device.
:
: Every useful encryption algorithm is build of primatives. To say that
: what we see here is next to useless would seem to target generally called
: modern algorithms more than me. Now, if you are volunteering to say
: something meaningful, say it.
If you're *not* proposing a cypher, beginning with the sentence:
"Lattice is a generic block cipher algorithm [...]"
...doesn't do a good job of making the position clear.
If this is simply a diffusion component, the discussion of keys and
rounds was extremely confusing. What would be the point of piling
linear components on top of one another?
Also, the idea that more rounds of this treatment would produce strength
seems mistaken. Even a million rounds of this will not produce anything
other than a linear transformation.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Namaste.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Random numbers and online-gambling
Reply-To: [EMAIL PROTECTED]
Date: Sun, 6 Aug 2000 07:45:16 GMT
Guy Macon <[EMAIL PROTECTED]> wrote:
: Matthew Skala wrote:
:>In article <8kovjq$[EMAIL PROTECTED]>,
:>Guy Macon <[EMAIL PROTECTED]> wrote:
:>>He should have used anonymity to notify the authorities.
:>
:>He shouldn't have needed to.
: He shouldn't have needed to, but he should have.
Perhaps he was hoping for a job as a security consultant with the
Alberta gaming authorities.
An anonymous tip off doesn't provide him with any reward for his hard
work.
Of course, a $15 million law suit isn't likely to reward him much either.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Namaste.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Secure Operating Systems
Date: Sun, 06 Aug 2000 08:30:04 GMT
Mack <[EMAIL PROTECTED]> wrote:
> Now most businesses probably need some level of secure operating
> system. But probably not more than C1.
The other issue is that most businesses are not organised like a
military unit or intelligence agency, and thus end up needing only
subsets of the levels. For example, almost all of them need some sort
of audit trail, very few have multiple intelligence officers.
> What businesses really need is better security of computing equipment.
> After all if you 'lose' the computer someone can eventually break
> into whatever data is in it. Unless all of the data is encrypted under
> a password. And even that isn't so sure considering the way most
> people pick passwords.
I'll go one step further on the limb. What most businesses need are
better IT people, to prevent the kind of idiotic desicions that so
often create unsafe systems. The amount of human error in this
particular field is really staggering to me.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: New William Friedman Crypto Patent (filed in 1933)
Date: Sun, 06 Aug 2000 12:16:09 +0200
wtshaw wrote:
>
> If something Friedman did is allowed to surface, surely it was a result of
> pondering what benefits this could bring them. Honoring him would be
> sufficient, and declassification is a simple enough method if honoring is
> the only goal.
I guess your are right, considering the fact that Hitachi's
rotation patent could menace AES.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: New toy cipher, please comment...
Date: Sun, 06 Aug 2000 12:16:03 +0200
"Frank M. Siegert" wrote:
>
> I put a C implementation of a toy cipher I thought up recently on my
> web server. Since I am only an interested amateur and this is my first
If you want many people to look at your stuff and have discussions
on it, you have to post a short but non-fuzzy description in
English plus maybe some concise pseudo-code about the essentials
that help understanding to this group. Not everyone reads C codes
as fluently as newspapers and perhaps some not at all.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Q: Functions that are slow to invert
Date: Sun, 06 Aug 2000 12:16:18 +0200
Are there practically implementable functions that are easy
to compute but rather expensive (but not comparable to the
oneway functions) to invert? What is desirable are such that
the cost factor could be varied to suit one's need by varying,
say, the size of the function argument. Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Let us have Lattice
Date: Sun, 06 Aug 2000 12:34:53 +0200
Tim Tyler wrote:
>
> wtshaw <[EMAIL PROTECTED]> wrote:
[snip]
> If this is simply a diffusion component, the discussion of keys and
> rounds was extremely confusing. What would be the point of piling
> linear components on top of one another?
>
> Also, the idea that more rounds of this treatment would produce strength
> seems mistaken. Even a million rounds of this will not produce anything
> other than a linear transformation.
I conjecture that in one situation concatenation of linear
transformations could be practically useful, namely when these
are applied to different block sizes that are relatively prime.
What do you think? Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Applications for One-Way Function?
Date: Sun, 06 Aug 2000 13:20:49 +0200
Ed Suominen wrote:
>
> Assume the existence of a one-way function with the following
> properties:
>
> 1. For any input value in the space {0,2^N}, there is a unique but
> unpredictable output value in the same space, {0,2^N}.
> 2. Each output value corresponds to only one possible input value (no
> collisions possible).
> 3. It is very easy (and very fast) to compute an output value from an
> input value, but computationally infeasable (e.g., 2^128
> possibilities) to compute an input value from an output value.
Question: Wouldn't a strong block cipher be a good substitute
of your function?
M. K. Shen
------------------------------
From: Bruce Schneier <[EMAIL PROTECTED]>
Subject: Re: just saw a pre-release copy of Schneier's new book on ebay
Date: Sun, 06 Aug 2000 09:34:56 -0500
On 05 Aug 2000 22:34:29 GMT, [EMAIL PROTECTED] (JPeschel)
wrote:
> jungle [EMAIL PROTECTED] writes:
>
>>it's not a book ...
>>
>>Ben Liberman wrote:
>>> I'm not a collector myself but, for anyone interested, I was wandering
>>> eBay and came across:
>>>
>>> "Signed Pre-Release Copy of Bruce Schneier's New Book: Secrets and Lies"
>>> http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=401272439
>
>Sure sounds like a book to me: uncorrected galley proofs with a cover,
>and signed by Bruce. Might be worth bidding on.
It is a book, a bound book. Publishers often produce a limited number
of bound galley copies before publication to give book reviewers an
advance chance to read the book. I have a bound galley of
Cryptonomicon, for example.
I would rather people read the final book, as there are some
corrections that did not get into the galley copy. But it may be
something to collect...I don't know.
Bruce
**********************************************************************
Bruce Schneier, Counterpane Internet Security, Inc. Tel: 408-556-2401
3031 Tisch Way, Suite 100PE, San Jose, CA 95128 Fax: 408-556-0889
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: "Artemios G. Voyiatzis" <[EMAIL PROTECTED]>
Subject: Coupon collector's problem
Date: Sun, 6 Aug 2000 18:45:36 +0300
Hi sci.crypt,
I have seen in many crypto-related publishings the "coupon collector's
problem" and I am trying to find a resource (preferably URL) of its proof.
Could you help me?
The problem states that if someone collects a coupon every day, out of N
possible, then one needs N*H_n days to have at least 50% probability of
collecting all N coupons. H_n is approximately lnN. In general, if one
collects K coupons every day, the probability becomes lnK/( lnN-ln(N-K))
This result is often utilized in challenge-response protocols, where one
responds in random to the challenges.
Thank you very much in advance.
--
Artemios G. Voyiatzis
"Think negative"
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
