Cryptography-Digest Digest #47
Cryptography-Digest Digest #47, Volume #13 Mon, 30 Oct 00 15:13:00 EST Contents: Re: BEST BIJECTIVE RIJNDAEL YET? ("Brian Gladman") Re: Q: Computations in a Galois Field ("Brian McKeever") Re: Graphics and Encription (Mok-Kong Shen) Re: Q: Computations in a Galois Field (Roger Schlafly) Re: Padding scheme? (Benjamin Goldberg) Re: BEST BIJECTIVE RIJNDAEL YET? (SCOTT19U.ZIP_GUY) Re: XOR based key exchange protocol - flawed? ([EMAIL PROTECTED]) CAST - test vectors ? ("Falissard") Re: Padding scheme? (SCOTT19U.ZIP_GUY) Re: Searching for a good PRNG (Tom St Denis) Re: XOR based key exchange protocol - flawed? (Tom St Denis) Re: RSA Multiprime (Tom St Denis) Re: How do I detect invalid passwords? ([EMAIL PROTECTED]) Re: RSA Multiprime (Simon Johnson) Re: rc4 proprieties (Ichinin) Re: Psuedo-random number generator (David Schwartz) Re: Psuedo-random number generator (David Schwartz) Re: Visual Basic (Ichinin) From: "Brian Gladman" [EMAIL PROTECTED] Subject: Re: BEST BIJECTIVE RIJNDAEL YET? Date: Mon, 30 Oct 2000 17:13:21 - "SCOTT19U.ZIP_GUY" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... [EMAIL PROTECTED] (Brian Gladman) wrote in x8aL5.3966$zO3.120805@stones: "SCOTT19U.ZIP_GUY" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... [EMAIL PROTECTED] (Brian Gladman) wrote in eN0L5.3659$zO3.111060@stones: But in arithmetic coding the original file length does need to be encoded in some way and Matt has a neat way of doing this (and one which I like). But his scheme is just one of many possible ways of encoding I think you don't know what he did since a length field is not use in Matts arithmetic coding. I did not say there was a length field - I just said that length is encoded and I do know how he does this. The legth is not added to the file. Zero information is added to Mastts compressest files. I certainly did not claim that the length is 'added' to the file - what I said was that it was encoded in the file, which is quite different. Moreover, while the encoding adds no _data_ , it certainly adds _information_ since the file length could not be recovered if it did not. Brian Gladman -- From: "Brian McKeever" [EMAIL PROTECTED] Subject: Re: Q: Computations in a Galois Field Date: Mon, 30 Oct 2000 09:25:52 -0800 "Benjamin Goldberg" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Brian McKeever wrote: No. It is easy to come up with examples of rings where some elements lack inverses. Could you give us an example of a non-invertable element in a ring with prime order? Well, I'm a little rusty, but let's try this: let R have p=prime elements. There is only 1 way to define + (since there is only 1 group of order p, up to isomorphism). Now define a*b=0 for any a, b in R. It's easy to check that we satisfy the ring axioms (most importantly, * obviously distributes over +), and it should be clear that none of the elements is invertible. Another way to see it is this ring doesn't have a mulitplicative identity, so it can't have invertible elements. Brian -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Graphics and Encription Date: Mon, 30 Oct 2000 18:25:52 +0100 wtshaw wrote: Grayscale is a lesser messy medium than real colors. It seemed like a good area to look at. Ther particulars are really cut and dried for me now. The essence of grayscale stego can be changing pixels in an subvisually decernable manner, but the added information units need not be one-to-one with pixels. I have never done such stego and my knowledge in that is also poor. But it is my understanding that one (pseudo-) randomly picks some pixels from the picture, maybe in certain restricted region of a picture, and then modify the pixel values. I use to think, however, that it should be much easier to do stego by modifiying numerical data that are so abundant, e.g. measurements of physical processes. It is in my view at least as normal for a person to send to a partner numerical data as pictures. That is, for serving as cover materials before the scrutinating eyes of a controller, numerical data are just as good. So I don't quite understand that doing stego with numerical data seems to have been neglected. M. K. Shen -- From: Roger Schlafly [EMAIL PROTECTED] Subject: Re: Q: Computations in a Galois Field Date: Mon, 30 Oct 2000 10:18:35 -0800 Brian McKeever wrote: No. It is easy to come up with examples of rings where some elements lack inverses. Could you give us an example of a non-invertable element in a ring with prime order? Well, I'm a little rusty, but let's try this: let R have p=prime element
Cryptography-Digest Digest #47
Cryptography-Digest Digest #47, Volume #10 Sat, 14 Aug 99 17:13:03 EDT Contents: Re: How to keep crypto DLLs Secure? (Eric Lee Green) Re: What the hell is XOR? (Xcott Craver) Re: Newbie Question - Do you need to have the message when you have a (Eric Lee Green) Re: Cipher-Feedback Mode ("karl malbrain") Honest Work from Home ("Marc Deneault") Re: Triple DES (168bit) -- Triple DES (112bit) ("karl malbrain") Re: Triple DES (168bit) -- Triple DES (112bit) ([EMAIL PROTECTED]) Re: NIST AES FInalists are ([EMAIL PROTECTED]) Re: I HOPE AM WRONG (Jim Dunnett) Re: Cipher-Feedback Mode (SCOTT19U.ZIP_GUY) Re: Statistical occurrence of letters in english ([EMAIL PROTECTED]) Re: Please help a HS student with an independent study in crypto ("Douglas A. Gwyn") Re: NIST AES FInalists are ("Douglas A. Gwyn") Re: Smart card generating RSA keys (Peter Gutmann) Re: IDEA in AES (Helger Lipmaa) Re: Positive News About JAWS Technologies ([EMAIL PROTECTED]) Algorithm M Demo ([EMAIL PROTECTED]) Re: Cipher-Feedback Mode ([EMAIL PROTECTED]) Re: I HOPE AM WRONG ([EMAIL PROTECTED]) Wrapped PCBC mode ([EMAIL PROTECTED]) Re: ORB - Open Random Bit Generator (Alwyn Allan) Re: Algorithm M Demo ([EMAIL PROTECTED]) From: Eric Lee Green [EMAIL PROTECTED] Subject: Re: How to keep crypto DLLs Secure? Date: Sat, 14 Aug 1999 10:37:43 -0700 "John E. Kuslich" wrote: Powerful tools exist today for devining the inner workings of ccode on the PC. For some examples of how these tools are exploited, please visit http://www.crak.com Exactly: Remember rule#1 of security: "Any system to which the intruder has physical access is insecure." It doesn't matter how much you encrypt something if the intruder can just sit at the end of the decryption engine and read the plain text over your shoulder. -- Eric Lee Greenhttp://members.tripod.com/e_l_green mail: [EMAIL PROTECTED] ^^^Burdening Microsoft with SPAM! -- From: [EMAIL PROTECTED] (Xcott Craver) Subject: Re: What the hell is XOR? Date: 31 Jul 1999 21:30:08 GMT #define swap(a, b)(a ^= (b ^= (a ^= b))) swap(i,i). Oops. Even if *you* don't do it, someone else will. Especially considering that someone's bound to use it in a sort, or some code in which array elements are swapped iteratively; All it takes is a tiny bounds overrun to zero out everything. Or an algorithm which swaps indiscriminately, such as some variants of selection sort. Not that you'd use selection sort. But then, there are plenty of good hacks, which I wish people would use more. And it still matters today in this age of fast CPUs and fast disks, because it's also an age of streaming media. Especially especially since a lot of the people with the knowledge of image/signal processing to do it right are more EE than CS, and less likely to know tricks which could give them big-time speedup. Steve -Caj -- From: Eric Lee Green [EMAIL PROTECTED] Subject: Re: Newbie Question - Do you need to have the message when you have a Date: Sat, 14 Aug 1999 10:44:09 -0700 Andrew Rutherford wrote: I want to be able to create a fixed length key or digest for a particualr document of any size, and send this created digest to a recipient who will be able to recreate EXACTLY the same message from this digest alone. I've put this question on the compression groups, but no answer, so I thought I'd try here. Not really. A digest is a member of a group of algorithms called a "one-way hash", for which computation is easy, but going the opposite way would require computational capacity beyond the conceivable. If your message was 1024 bytes long, this is 8192 bits, and thus you'd have to try every possible permutation of those 8192 bits in order to see which ones have the same hash as your digest. Furthermore, if you did not even know the length of the message being sent, you'd have to try every combination of bits for every number of bits from 8 to 8 million. I'm sure one of the mathematicians here can tell you how computationally difficult that'd be, but needless to say the heat death of the universe will come first. -- Eric Lee Greenhttp://members.tripod.com/e_l_green mail: [EMAIL PROTECTED] ^^^Burdening Microsoft with SPAM! -- Reply-To: "karl malbrain" [EMAIL PROTECTED] From: "karl malbrain" [EMAIL PROTECTED] Subject: Re: Cipher-Feedback Mode Date: Sat, 14 Aug 1999 11:07:12 -0700 [EMAIL PROTECTED] wrote in message news:7p3t3s$ml4$[EMAIL PROTECTED]... Two advantages of
Cryptography-Digest Digest #47
Cryptography-Digest Digest #47, Volume #9 Sun, 7 Feb 99 04:13:04 EST Contents: Re: MAC generation ("Richard Parker") Re: SCOTT COMPRESSION (fungus) Re: SCOTT COMPRESSION (Terry Ritter) Re: *** Where Does The Randomness Come From ?!? *** ("PAC") --- sci.crypt charter: read before you post (weekly notice) (D. J. Bernstein) Re: Foiling 56-bit export limitations: example with 70-bit DES ([EMAIL PROTECTED]) From: "Richard Parker" [EMAIL PROTECTED] Subject: Re: MAC generation Date: Sun, 07 Feb 1999 04:13:51 GMT "Vadim Lebedev" [EMAIL PROTECTED] wrote, in part: the MAC will be MD5(S+SecretPassPhrase) Vadim, You might want to take a look at the research of Bellare, Canetti, and Krawczyk. They've done a number of papers on using keyed hash functions to do message authentication. Try the following URL: http://www.research.ibm.com/security/keyed-md5.html They recommend the following construction: H(K XOR opad, H(K XOR ipad, text)) Where: 1) H is a cryptograhpic hash function, such as MD5 or SHA-1, 2) K is the secret key, 3) ipad is the byte 0x36 repeated for a hash block, and 4) opad is the byte 0x5C repeated for a hash block. Richard Parker [EMAIL PROTECTED] -- From: fungus [EMAIL PROTECTED] Subject: Re: SCOTT COMPRESSION Date: Sun, 07 Feb 1999 16:05:11 +0100 Eric W Braeden wrote: OK, but why don't we back up and ask what the raison d'etre for compression is in the first place? When generating high quality random numbers for use in seeds or keys it is common to take a file of some-what random system numbers and compress it before hashing with SHA-1 or MD5. Since compression is a reversible process, the total entropy remains the same. Data compression is a reversible process, cryptographic hashing is not... If the source file is compressible, you have increased the "density" of the entropy fed to the hash function, but what does this get you? More entropy in a fixed space. Most crypto keys have a fixed size, eg. 128 bits. The more entropy you can cram into that space, the better. -- \___/ / O O \ \_/ FTB. -- From: [EMAIL PROTECTED] (Terry Ritter) Subject: Re: SCOTT COMPRESSION Date: Sun, 07 Feb 1999 05:01:58 GMT On Sun, 07 Feb 1999 16:05:11 +0100, in [EMAIL PROTECTED], in sci.crypt fungus [EMAIL PROTECTED] wrote: [...] Data compression is a reversible process, cryptographic hashing is not... While true, this is also a step beyond. IF we process more "entropy" than the bits we produce as output, then *no* hash is reversible, cryptographic or not, linear or not. It is not the "cryptographic" or complex-transformation part which makes a hash irreversible, it is the loss of information. The "cryptographic" part refers to a presumed impossibility of finding or constructing two different messages which produce the same hash value. --- Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/ Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM -- From: "PAC" [EMAIL PROTECTED] Crossposted-To: sci.philosophy.meta,sci.physics,sci.skeptic Subject: Re: *** Where Does The Randomness Come From ?!? *** Date: Sat, 6 Feb 1999 21:50:37 -0800 PAC wrote in message 79j0m4$2b7$[EMAIL PROTECTED]... Colin Day wrote in message [EMAIL PROTECTED]... PAC wrote: Math is a closed system? I think that Godel would dispute that (if he weren't dead) Then I'll let my stuff stand until he rises again (; This is more my side from an earlier thread I do not understand what you mean. If you mean that math is a complete system, then that is not correct. Mathematics suffers from its own indeterminancy (Chaitin's Theorem) just as formal axiomatic systems do (Godel's Theorem) and computers programs do (Turing's Theorem). "Never a complete system even when dealing with simple infinity, but whatever answers that come to math will still be mathematical and resolved by itself and nothing beyond that. Otherwise leaving the ends open I suppose can imply that even the simplest variable can be non-mathematical being that it's never determined and the equations vary with the variables. It has internal relations that will always resolve things mathematically. But this does imply that math=universe being that the universe would be considered complete and math not, but this is obvious since math is not the all of reality, yet the most approachable // to the universe that we have. Absolute completeness would never be a part of math unless it encompassed all of reality." This falls simply to the classification of variables. Unresolved variables, i.e. Godel-type entities, imaginary numbers, infinity-related problems, have always been intrinsically a part of math and it is assu