Cryptography-Digest Digest #93, Volume #14 Fri, 6 Apr 01 13:13:00 EDT
Contents:
Re: Comment on SafeBoot's RC5 algorithm (Marc)
Re: Dynamic Substitution Question (newbie)
Re: Dickson Polynomials? (Ben Smith)
Re: COLOSSUS report on the Web (John Savard)
Re: Dickson Polynomials? (Mark Wooding)
Re: Data dependent arcfour via sbox feedback (Mark Wooding)
Re: Comment on SafeBoot's RC5 algorithm (Mark Wooding)
Re: Comment on SafeBoot's RC5 algorithm ("Brian Gladman")
I got accepted ("Tom St Denis")
SHA PRNG ("Dobs")
Re: I got accepted ("Sam Simpson")
Re: SHA PRNG ("Tom St Denis")
Re: I got accepted ("Tom St Denis")
Re: SHA PRNG ("Dobs")
Re: COLOSSUS report on the Web (Frode Weierud)
Re: Dynamic Substitution Question ("Trevor L. Jackson, III")
Re: SHA PRNG (Volker Hetzer)
Re: Dynamic Substitution Question ("John L. Allen")
Re: rc4 without sbox swapping/updating ("Simon Johnson")
Re: SHA PRNG ("Tom St Denis")
Re: SHA PRNG ("Tom St Denis")
Re: Recurrence Relations in a Finite Field (David Wagner)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Marc)
Subject: Re: Comment on SafeBoot's RC5 algorithm
Date: 6 Apr 2001 12:42:31 GMT
>cipher-block-chaining based on the sectors. The raw alg works at about
>400MB/s (yes, 400 megabytes of data per second) on a 1ghz athelon in
>W32.
The interesting thing is that my P3-800 FSB133 does hardly even read
more than 110 MB/s from RAM. If I were to make a loop that just reads
and writes data (with no encryption whatsoever) I would already achieve
only 55MB/s on my system.
What about your system, how is it equipped to support such high memory
throughput?
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Fri, 06 Apr 2001 08:53:35 -0300
What is Dynamic Substitution?
OTP is not dynamic substitution?
Vigenere is not dynamic substitution?
Can someone give a sample of dynamic substitution?
Thank you
Terry Ritter wrote:
>
> On Fri, 06 Apr 2001 03:46:03 GMT, in
> <[EMAIL PROTECTED]>, in sci.crypt Benjamin Goldberg
> <[EMAIL PROTECTED]> wrote:
>
> >Leaving the internals of any functions and structures unspecified
> >(except for their names), is the following an accurate model of Dyn Sub?
> >
> >opaque table;
> >
> >datum dynsub( datum d1, datum d2 ) {
> > datum output = substitute( d1, table );
> > table = permute( table, d1, d2 );
> > return output;
> >}
> >
> >We'll ignore *how* substitute works internally, and *how* permute works
> >internally, so long as permute does indeed use both values to change
> >table.
> >
> >Is this a valid representation of dynamic substitution, or isn't it?
>
> If we are talking about the patent rather than the technology, I doubt
> that any single model can fully describe the range of a patent. In
> general, in a patent claim, everything unspecified is allowed. It is
> by no means clear that any model could demonstrate every unspecified
> possibility.
>
> The appropriate way to test whether a design reads on a patent claim
> is to see whether every aspect of the claim exists in the design.
>
> Patent law is not my business. The precise interpretation of the
> unchanging words in a granted patent in the context of the law, PTO
> rules, and case law, is a legal issue, and I am not a patent attorney.
> On the other hand, as one tries to get increasingly close to the
> cannonical definition of any patent without taking a license, the
> legal risk necessarily grows; I think that is inherent and cannot be
> avoided.
>
> I would like to end all of the discussions on patenting as soon as
> possible. I see no natural end, and I have taxes to do.
>
> ---
> Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
> Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Ben Smith <[EMAIL PROTECTED]>
Subject: Re: Dickson Polynomials?
Date: Fri, 6 Apr 2001 23:05:40 +1000
On Thu, 5 Apr 2001, Tom St Denis wrote:
> "Stefan Katzenbeisser" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > g_k(a,x) = \sum_{i=0}^{\lfloor k/2\rfloor}
> \frac{k}{k-i}{{k-i}\choose{i}}(-a)^i x^{k-2i}
>
> Can you write this just using ascii math? i.e ^ for exponents, +/*- etc..?
I'm much happier for maths to be posted in TeX; when you get beyond using
exponentials and basic arithmetic it's the only way. But it has to be said
that it is rather exclusive for people who aren't used to reading it.
ben
--
Always - what does that mean?
Forever - what does that mean?
It means we'll manage
-- Tricky, Christiansands
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: COLOSSUS report on the Web
Date: Fri, 06 Apr 2001 12:58:02 GMT
On 6 Apr 2001 08:54:28 GMT, [EMAIL PROTECTED] (Frode Weierud)
wrote, in part:
>Paul Rubin <[EMAIL PROTECTED]> writes:
>>That's great, but for the pdf's, why not just make them from the
>>original scans?
>Because it is expected that most people would like to print the whole
>or part of this report. Few people have printers with 'legal' paper
>size which is what is needed to print the full original pages.
It may also be noted that a PDF file made directly from images of the
pages involved would be considerably larger in size, hence wasteful of
bandwidth. (A size reduction, to 14/11ths of the original size, could
fit legal-size images on letter-size paper.)
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Dickson Polynomials?
Date: 6 Apr 2001 13:39:44 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> Yeah I should learn latex, and the ascii art isn't legible due to a
> non-fixed width font. What would be cool is a free tool where you can copy
> paste that stuff and see what it is.....
Ah. Now what you're asking for is a newsreader which isn't hopelessly
deficient. There are plenty of these.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Data dependent arcfour via sbox feedback
Date: 6 Apr 2001 13:56:43 GMT
Terry Ritter <[EMAIL PROTECTED]> wrote:
> Because *I* can prove that DES is *NOT* a substitution table as
> expected in the Dynamic Substitution patent. In particular, the DES
> "table" cannot be initialized to be non-invertible:
>
> "The combiner can also be used to combine two pseudo-random confusion
> streams into a more-complex confusion stream. In this case, extraction
> may be unnecessary and so the combiner substitution tables need not be
> invertible."
Irrelevant. The important words in the quoted section are `may' and
`need not'. These words impose no restrictions. The entire sentence
`In this case ... invertible' extends the scope of things which might be
`combiner substitution tables' from some previous definition, but does
not restrict the sense of that phrase.
> >though not a simple table. However, it *can* be modeled
> >as a [64x64 bit] table.
>
> Gee, I thought you were one of those guys who is amused by all the
> silly patents granted by the PTO. Now you want to interpret a patent
> in the context of a 2**64-element table. Can you say anti-gravity?
> Faster-than-light? Perpetual motion?
>
> Let me see it work.
Wait for about fifty years and you'll see it. Betting against Moore's
law is unwise.
Anti-gravity, faster-than-light messages and perpetual motion are
contrary to our understanding of the universe. I don't think that
enormous storage capacity is really in the same league.
> >Any change in the DES key permutes the table
> >which the DES algorithm models. Thus, key feedback mode can be
> >considered prior art to Dynamic Substitution.
>
> And so we have yet *another* expert in patent law, one most willing to
> lend his expertise to anyone who will listen. His attitude is: "Let
> the chips fall where they may." He thinks nothing of damaging the
> reputation of an issued patent.
If a thing's reputation is ill-deserved, damaging that reputation is
right and good.
> Whump! [The sound of Hell freezing over.]
Bury me with ice-skates.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Comment on SafeBoot's RC5 algorithm
Date: 6 Apr 2001 14:12:14 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> "Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
> news:u5rS9EgvAHA.198@cpmsnbbsa09...
> > Let's deal with the factual incorrectness first. You have not been
> "thinking
> > and using RC5 for about 10 years," in fact according to
> > http://www.rsasecurity.com/rsalabs/faq/3-6-4.html you will find record of
> > RC5 only existing since 1994. You will also find that you cannot use RC5
> > with any key size, only those up to 2040 bits.
>
> Again this is wrong too. The max keysize should be exactly 2(R+1) W bit
> words. With RC5-32 that's 2R+2 32-bit words. In the case of R=12 that's
> 26*4=104 bytes er... 832 bits.
That's the maximum amount of searching you'd have to do to find the
key. However, the key schedule accepts more key material than this, and
the final round keys ought to depend on all of the input bits.
Apart from this, I think you're in agreement...
-- [mdw]
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Comment on SafeBoot's RC5 algorithm
Date: Fri, 6 Apr 2001 15:20:17 +0100
"Sam Simpson" <[EMAIL PROTECTED]> wrote in message
news:SB3z6.5316$[EMAIL PROTECTED]...
Hi Sam!
[snip]
> It would be interesting to see what a optimisation guru (e.g. Dr Brian
> Gladman et al) could manage with RC5, and what the RSA optimised
> implementation managed. Wie Dai manages just 40Mb/s (on a Celeron 850) -
> but I guess that's cross-platform and not optimised for the target
> platform.....
With the various options for RC5, the many different platform speeds, the
subtleties of obtaining accurate timings, the confusion between bits and
bytes and the quotation of speeds for incomplete implementations, I am
inclined to the view that this thread is largely a waste of time.
But, using the ***unoptimised*** RSA reference implementation of RC5 in
C with MS Visual C++ v6 and the following parameters
word size 32
rounds 12
bytes in key 16
on a PIII, I obtain a raw encryption/decryption cost (not including key
schedule setup cost) of just less than 3 machine cycles per bit. This
is not optimised and is hence at the low end of what is achievable.
Brian Gladman
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: I got accepted
Date: Fri, 06 Apr 2001 14:51:35 GMT
Yahooooooo!
I got accepted to 1 out of the 3 (so far) universities I applied too.
Yahooooo!
I would like to thank the posters in this group for if it weren't for my
hours consumed posting and learning here I probably would not have made
it!!!
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: "Dobs" <[EMAIL PROTECTED]>
Subject: SHA PRNG
Date: Fri, 6 Apr 2001 16:58:52 +0200
Hello,
I have few questions concerning SHA.
1. Can SHA be used as Random number generator? I know that first I have to
find padded message than compute message digest (which will be in hex
value). Than I have to find binary representation of this number, and it
will be generated random bit sequence, am I right???????????????
2. Will it be strong random number generator which could be used for
cryptographic aims?
Thanks, best regards
Michal
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Date: Fri, 6 Apr 2001 15:59:51 +0100
Where are you going then? What course are you taking? (Comp Sci?)
My impression is that Waterloo is *the* uni to go to for Crypto in Canada,
but that would be a post-grad course?
--
Regards,
Sam
http://www.scramdisk.clara.net/
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:XJkz6.36898$[EMAIL PROTECTED]...
> Yahooooooo!
>
> I got accepted to 1 out of the 3 (so far) universities I applied too.
> Yahooooo!
>
> I would like to thank the posters in this group for if it weren't for my
> hours consumed posting and learning here I probably would not have made
> it!!!
>
> --
> Tom St Denis
> ---
> http://tomstdenis.home.dhs.org
>
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Date: Fri, 06 Apr 2001 15:11:47 GMT
"Dobs" <[EMAIL PROTECTED]> wrote in message news:9aklhp$6kg$[EMAIL PROTECTED]...
> Hello,
> I have few questions concerning SHA.
> 1. Can SHA be used as Random number generator? I know that first I have
to
> find padded message than compute message digest (which will be in hex
> value). Than I have to find binary representation of this number, and it
> will be generated random bit sequence, am I right???????????????
> 2. Will it be strong random number generator which could be used for
> cryptographic aims?
> Thanks, best regards
> Michal
There are two ways (primarily) to use a hash function as a PRNG. The first
is a counter-method.
1. Make up a random string R and a binary counter C
2. Get T = HASH(R || C)
3. Increment C
4. Output T and goto 2 as required.
The second method is as an entropy masher :-)
1. Collect R bits of entropy from various sources. You have to be
conservative in your entropy estimation of the input. I.e a free-running
counter could give 0.5 bits per sample of real entropy, etc.
2. T = HASH(R)
3. Output T and goto 1 as required.
I suggest the former method, as long as you reseed R often enough it should
be secure.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Date: Fri, 06 Apr 2001 15:09:27 GMT
"Sam Simpson" <[EMAIL PROTECTED]> wrote in message
news:JTkz6.824$[EMAIL PROTECTED]...
> Where are you going then? What course are you taking? (Comp Sci?)
I got accepted for a BSC[H] in computer science. I am waiting for my two
other acceptance/reject letters...
> My impression is that Waterloo is *the* uni to go to for Crypto in Canada,
> but that would be a post-grad course?
Well I really want to learn math + comp.sci first. I may switch later for
crypto. I have a lot of math to learn like abstract algebra, number fields,
and a whole bunch of subjects I don't even know about (as compared to
comp.sci which is my second nature field).
Tom
------------------------------
From: "Dobs" <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Date: Fri, 6 Apr 2001 18:02:46 +0200
Could U describe me this algorithm more precisaly please::))))))))) I am
beginner :(((((
1. Make up a random string R and a binary counter C
2. Get T = HASH(R || C)
3. Increment C
4. Output T and goto 2 as required.
1. Just generate random string R like
466edfdffghk3m32b773lg74hg73273l4ffjlkl6636546 ????????
,what is binary counter C???
2. Counte T=HASH(R|| C) waht is R||C , what HASH will be doing
3. ok just increse the C
4. Here we have a loop, but how long will this algorithm work
????????????????????????????????????????????????????????
Thanks
Michal
------------------------------
From: [EMAIL PROTECTED] (Frode Weierud)
Subject: Re: COLOSSUS report on the Web
Date: 6 Apr 2001 15:47:53 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (John Savard) writes:
>>Because it is expected that most people would like to print the whole
>>or part of this report. Few people have printers with 'legal' paper
>>size which is what is needed to print the full original pages.
>It may also be noted that a PDF file made directly from images of the
>pages involved would be considerably larger in size, hence wasteful of
>bandwidth. (A size reduction, to 14/11ths of the original size, could
>fit legal-size images on letter-size paper.)
There is also the problem with printing as each page would then print as
graphics and it would take a lot longer to print. But the biggest
problem is with usability. Some of the scans would be very difficult or
even impossible to read due to the poor `original' copies. Also it
would no longer be possible to do text searches in the document
something which is quite useful. To better illustrate the problems
involved I have copied here the message from Professor J. V. Field
which was posted on the BP Mailing List this morning:
Date: Fri, 6 Apr 2001 02:12:12 +0100
From: J. V. Field <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [BPARK] _General report on Tunny with emphasis on statistical
methods_
This is an interim report on the progress of the project of
publishing Good, Michie, and Timms, _General report on Tunny with
emphasis on statistical methods_ (written in 1945). The work will
appear in book form and on the web as machine-searchable text.
This project is being carried out by Whitfield Diffie, Donald
Michie and myself, under the aegis of the Forum for the History of
Science, Technology and Medicine.
The _Report_, which was declassified in mid 2000, is a
typescript, in two volumes. The first, 276 foolscap pages, is largely
statistical (Good has a very distinguished career as a statistician).
The second, 229 pages, is concerned with the machines. Both volumes
are of very considerable historical interest.
The copy released by GCHQ and deposited at the Public Record
Office (at Kew) is a carbon. It is not known where the top copy
went. The carbon is not always easy to read. Numerous passages are
badly blurred, occasionally words are obliterated by overstrikes, and
there are manuscript additions, particularly to the mathematics,
which of course presented difficulties to the typists. Experts
advised us that it was not practical to scan the text since the
labour of correcting the results of automated Optical Character
Recognition would be equivalent to retyping.
The text needs historical editing, since in addition to small
errors, there are obscurities due to its being written by insiders
for insiders, sometimes using terminology that was never current
outside Bletchley Park. (We are deeply grateful to Tony Sale for
having provided an on-line version of the appropriate dictionary.)
Introductory essays will be provided by Donald Michie, Harry Fensom
and Whitfield Diffie. My own part is simply that of editor.
The Massachusetts Institute of Technology Press has agreed to
publish the book, and to make the text available on the PRO's
website, an arrangement to which the PRO has agreed. The Press is
moreover willing to meet part of the cost of retyping/typesetting.
To meet the remainder we have some financial support by the London
Mathematical Society, and the Royal Statistical Society, and we are
applying to the Royal Society for a grant.
===============
Frode
--
Frode Weierud Phone : +41 22 7674794
CERN, SL, CH-1211 Geneva 23, Fax : +41 22 7679185
Switzerland E-mail : [EMAIL PROTECTED]
WWW : home.cern.ch/frode/
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Fri, 06 Apr 2001 16:12:14 GMT
Terry Ritter wrote:
> I have taxes to do.
www.informamerica.com
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Date: Fri, 06 Apr 2001 18:48:47 +0200
Dobs wrote:
>
> Could U describe me this algorithm more precisaly please::))))))))) I am
> beginner :(((((
>
> 1. Make up a random string R and a binary counter C
> 2. Get T = HASH(R || C)
> 3. Increment C
> 4. Output T and goto 2 as required.
>
> 1. Just generate random string R like
> 466edfdffghk3m32b773lg74hg73273l4ffjlkl6636546 ????????
> ,what is binary counter C???
> 2. Counte T=HASH(R|| C) waht is R||C , what HASH will be doing
> 3. ok just increse the C
> 4. Here we have a loop, but how long will this algorithm work
> ????????????????????????????????????????????????????????
The point of the counter is imho to guarantee that the iteration
doesn't produce short cycles. The algorithm will work until the counter
flows over. Use a big counter. Since a hash function like sha takes
512Bit as input, you might as well have a 256 bit counter and a 256 bit
random string that gets recreated at boot time of your device. Or, maybe
sometimes the random string is made up of the last output of the hash plus
some entropy gathered from the system.
The chance that your device lives to see a 256 bit counter overflow are
rather slim, so don't worry about it. (Just imagining a glassbox at
Milliways with your device counting quietly along...)
Greetings!
Volker
--
They laughed at Galileo. They laughed at Copernicus. They laughed at
Columbus. But remember, they also laughed at Bozo the Clown.
------------------------------
From: "John L. Allen" <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Fri, 6 Apr 2001 16:11:19 GMT
Terry Ritter wrote:
> I would like to end all of the discussions on patenting as soon as
> possible. I see no natural end, and I have taxes to do.
Don't forget to include all the income you made from Dynamic Substitution
patent infringement lawsuit victories.
:-)
John.
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: rc4 without sbox swapping/updating
Date: Fri, 6 Apr 2001 17:48:50 +0100
Terry Ritter <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> On Wed, 04 Apr 2001 23:45:27 GMT, in <[EMAIL PROTECTED]>, in
> sci.crypt Ken Savage <[EMAIL PROTECTED]> wrote:
>
> >Terry Ritter wrote:
> >
> >> >is dynamically adjusted, but the DynSub patent does not apply to this
> >> >type of update (as far as I can tell.)
> >>
> >> "As far as you can tell?"
> >>
> >> Well, as far as *I* can tell, you have trouble reading. [...]
> >
> >
> >> >Any comments greatly appreciated.
> >>
> >> I bet.
> >
> >
> >As far as I can tell, I'm well able to read. While we may have
> >different interpretations of what we're reading, it distracts from
> >the DISCUSSION when snide comments find their way into replies.
>
> I'll tell you what distracts from the DISCUSSION, and that is your
> delusion that you have the expertise to make pronouncements and
> conclusions in patent law. They are often wrong and misleading and
> may do damage to the reputation of an issued patent. This is not a
> toy patent just because you find it discussed on sci.crypt; you need
> to be a great deal more careful.
>
>
> >As my previous message indicates, there is an alternate way to
> >interpret the claims in the patent. English, unfortunately, is
> >not mathematics, which is the very reason these alternatives
> >exist.
>
> Patent claims must be interpreted within the context of the patent.
> You don't get to supply just any meaning you want.
>
>
> >I will admit that we both have different goals here; I am actively
> >seeking a way to produce an rc4-compatible output stream without
> >seemingly violating the Dynamic Substitution patent. Hopefully, the
> >same techniques used in this endeavour can be used in other ciphers
> >or realms. You, knowing that rc4 involves sbox updates, and being the
> >holder of the DynSub patent, probably aren't too happy about these
> >attempts :) I wouldn't blame you.
>
> The issue is not one of goals, but fact.
>
> The patent clearly does cover tables which are non-invertible:
>
> "The combiner can also be used to combine two pseudo-random confusion
> streams into a more-complex confusion stream. In this case, extraction
> may be unnecessary and so the combiner substitution tables need not be
> invertible."
> The desirability of having non-invertible substitution tables is thus
> part of the patent text. Absent a specific restriction otherwise in
> the claim, that is what it may be. Any interpretation otherwise is
> just silly.
>
>
> >For me, it's not personal; I'm just doing my job (quite literally).
> >I hope in the future this sentiment is reciprocated.
>
> For me it is *both* personal *and* business. I find myself
> simultaneously defending the cast-in-stone words in a patent which I
> constructed a full decade ago, and also educating arrogant
> pseudo-experts in the reality of patents and patent claims.
>
> It is not your option to pick whatever definition you want for the
> words in the claims. The words in the claims must be interpreted in
> the context of the patent body.
>
> In this case, the patent body clearly, specifically and unambiguously
> describes using the patented mechanism with non-invertible tables to
> mix two confusion sequences:
>
> "The combiner can also be used to combine two pseudo-random confusion
> streams into a more-complex confusion stream. In this case,
> extraction may be unnecessary and so the combiner substitution tables
> need not be invertible."
> There simply can be no question about whether non-permutations were
> considered acceptable in tables as part of the patent.
>
> Since table contents are specifically allowed to be non-permutations,
> you would have to find a limitation in the claim which said the table
> needed to be a permutation. Independent claim 1 does not have that
> limitation, and so does not require that aspect to be present in any
> design matched to it. Something which is not specified is allowed to
> be any way at all.
>
> Surely you understand that it is only necessary to read on one claim
> to have an example of the protected invention. Surely you understand
> that anything beyond the limitations specified in the claims is not
> relevant to the comparison.
>
> Your views are simply not supported by the patent.
Hrm, what a mess... Why didn't u define your ideas in maths? The problem
here is that only one person understands this patent and that's you.... now
you say that Ken is making "pronouncements" about patent law.... Well I ask
you this question:
If patent laws were designed by people to serve for the people, then if
no-one except a select few can understand them, then are they serving the
people or themselves?
If Ken can't understand what he can or can't use in his modifications to RC4
by just reading your document then it is waste of time.
Its clear, no matter how long we argue about this, no-one really has a clear
idea what your patent is means and a large fraction of us probably don't
care wether they infringe on a patent or not...
Luckly, this madness doesn't apply to me... =)
Simon.
> ---
> Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
> Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Date: Fri, 06 Apr 2001 16:47:32 GMT
"Dobs" <[EMAIL PROTECTED]> wrote in message news:9akp9p$gep$[EMAIL PROTECTED]...
> Could U describe me this algorithm more precisaly please::))))))))) I am
> beginner :(((((
Sure.
>
> 1. Make up a random string R and a binary counter C
> 2. Get T = HASH(R || C)
> 3. Increment C
> 4. Output T and goto 2 as required.
>
>
> 1. Just generate random string R like
> 466edfdffghk3m32b773lg74hg73273l4ffjlkl6636546 ????????
Well you gather as much entropy you can from your environment.
> ,what is binary counter C???
A binary counter is just a t-bit counter that goes up.. i.e in C that's just
long x;
x = x + 1;
> 2. Counte T=HASH(R|| C) waht is R||C , what HASH will be doing
> 3. ok just increse the C
> 4. Here we have a loop, but how long will this algorithm work
Well it depends. If you are going to make a new long term key you may want
to flush the prng and restart it. etc..
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Date: Fri, 06 Apr 2001 16:48:29 GMT
"Volker Hetzer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Dobs wrote:
> >
> > Could U describe me this algorithm more precisaly please::))))))))) I am
> > beginner :(((((
> >
> > 1. Make up a random string R and a binary counter C
> > 2. Get T = HASH(R || C)
> > 3. Increment C
> > 4. Output T and goto 2 as required.
> >
> > 1. Just generate random string R like
> > 466edfdffghk3m32b773lg74hg73273l4ffjlkl6636546 ????????
> > ,what is binary counter C???
> > 2. Counte T=HASH(R|| C) waht is R||C , what HASH will be doing
> > 3. ok just increse the C
> > 4. Here we have a loop, but how long will this algorithm work
> > ????????????????????????????????????????????????????????
>
> The point of the counter is imho to guarantee that the iteration
> doesn't produce short cycles. The algorithm will work until the counter
> flows over. Use a big counter. Since a hash function like sha takes
> 512Bit as input, you might as well have a 256 bit counter and a 256 bit
> random string that gets recreated at boot time of your device. Or, maybe
> sometimes the random string is made up of the last output of the hash plus
> some entropy gathered from the system.
> The chance that your device lives to see a 256 bit counter overflow are
> rather slim, so don't worry about it. (Just imagining a glassbox at
> Milliways with your device counting quietly along...)
Well I would recommend flushing the prng every so often and espescially
before making long term keys. That way there is less of a risk.
Tom
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Recurrence Relations in a Finite Field
Date: 6 Apr 2001 16:57:52 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Jeffrey Walton wrote:
>Does anyone have any recommendations for reading on
>recurrence relations in the modulo n system? Any readable
>books on the subject would be greatly appreciated.
>
>Is it possible to have a recurrence relation in a finite
>field?
If those are *linear* recurrence relations, read about
linear feedback shift registers (LFSR's): they are
equivalent. There seems to be of good material -- e.g.,
Golomb's book -- on the topic.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
