Cryptography-Digest Digest #687
Cryptography-Digest Digest #687, Volume #12 Fri, 15 Sep 00 14:13:01 EDT
Contents:
Re: For the Gurus ("root@localhost " [EMAIL PROTECTED])
Re: sac fullfilling decorelated functions (Serge Vaudenay)
Re: 20 suggestions for cryptographic algorithm designers (SCOTT19U.ZIP_GUY)
CDMA tracking (was Re: GSM tracking) (Darren New)
Re: 20 suggestions for cryptographic algorithm designers (Runu Knips)
Re: 20 suggestions for cryptographic algorithm designers (Roger Schlafly)
Re: 20 suggestions for cryptographic algorithm designers (Roger Schlafly)
Re: For the Gurus (Jim Gillogly)
Re: Diffie-Hellman Questions ("Michael Scott")
From: "root@localhost spamthis" [EMAIL PROTECTED]
Subject: Re: For the Gurus
Date: Fri, 15 Sep 2000 12:11:37 -0400
Jim Gillogly wrote:
This one is getting a bit long. But read with patience, your questions
are answered.
/dev/null wrote:
This example is trivialized by not
using a randomized key alphabet.
Plain | ROW KEYS
---|
ETRLC0 | ABCDE
NOSFW2 | FGHI
IADPB4 | JKL
HMUJK6 | MN
GYVQXZ | OP
135789 | QR
STUVWX COL KEYS
YZ0123
456
78
9
P(E) = c(AS, AY, A4, A7, A9, ..., 9E)
P(9) = c(QX, Q3, XQ, XR)
OK, this is a Checkerboard cipher with known row and column
keys (Kerckhoffs' Law, the opponent knows everything except
the day's key).
We must assume the opponent knows everything except the key sets. In
this case there is no day's key. There may be a single key for a
message or the keys may be aperiodically changing. In a message of 200
characters there may be a dozen keys or there may be one. That is what
I am trying to figure out. How often must the key be changed?
The opponents monitor this news group, thus we are building the system
under the opponents noses. We are in the operational environment at
this time.
The key alphabet consists of A-Z
and 0-9. Alphabets are generated
by machine using the high order bits
of the Unix rand() function and the
following fragment of code.
x = (rand() (rand()%23));
I had assumed the method was supposed to be memorized, perhaps
so that no incriminating evidence would be found on the user.
That is not a problem. In the real world when things get physical, the
user trades information for time. Once a message is sent the key sheets
it used are destroyed immediatly.
The system will not be used to encrypt evidentiary or other material
which may not be legally transmitted via such a system. The user will
not be subject to 'capture' or arrest or ever be in physical danger.
The key streams will be generated on a stand alone machine which has
never been connected to the net. When machine assist is available it
will be used OFF LINE. It will not always be available. Remember, "You
can not trust software unless you can trust the hardware upon which it
is running."
However, if the user will have a Unix box available at encryption
time, why not run a good encryption system on it then?
The user will not always have access to a specific means of
communication. It is reasonable to assume that the user of the system
may have to use carrier pigeon, morse, telephony, push to talk, email,
whatever means is available. The user may be stuck with a fax machine.
The user consults, he communicates via whatever means is available at
the customer site.
If they
will be carrying incriminating material, why not a Palm Pilot?
The users are a company which provides electronic warfare training and
network security services to approved customers. The users will not be
carrying incriminating material. The users may need to discuss time
sensitive material in an emergency with a high level of security.
I still haven't seen the operating conditions and threat environment
specified.
This is to be a backup system. It's purpose is to remain stashed on the
user's person for emergency usage. The threat environment resembles the
environment that a HUMINT operative functions within, with the exception
that the user will be overtly representing himself to be what he is.
The operating environment will not be physically hostile BUT significant
resources may be expended in an attempt to discover the activities of
the consultant by parties who do not have a right to know. The users
must assume the all communications are monitored.
If a method to ensure the user never
used a cipher/plain pair twice were
So in this particular case no message can use more than four 9's?
Hurm... that can limit the kinds of messages you will send.
I am still trying to locate a frequency table for the entire set of A-Z
and 0-9. The cell assignments may change somewhat. I noticed that as
well and mentioned it in a round about way above.
established, what key change criteria
would improve the security
Cryptography-Digest Digest #687
Cryptography-Digest Digest #687, Volume #11 Tue, 2 May 00 15:13:01 EDT
Contents:
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net" (JimD)
Re: Any good attorneys? (Mok-Kong Shen)
Re: Any good attorneys? (Eric Lee Green)
Re: Tempest Attacks with EMF Radiation (Woody Brison)
Re: Different encryption results in Java/Perl (Mike Rosing)
Re: Karatsuba threshold (Robert Harley)
GPS encryption turned off (Doug Stell)
STU-III (Matt Linder)
Re: GPS encryption turned off ("Stou Sandalski")
Re: Any good attorneys? (Mike Rosing)
Do You Know Tammy and Jeff from Oregon? ("[EMAIL PROTECTED]")
Re: sci.crypt think will be AES? (Paul Koning)
Re: Interleaving for block encryption (Paul Koning)
Re: A naive question (Bryan Olson)
Re: A naive question (Mok-Kong Shen)
Re: GPS encryption turned off (Mike Andrews)
Re: Deciphering Playfair (long) (William Rowden)
Re: GPS encryption turned off (Doug Stell)
Re: STU-III (Doug Stell)
Re: Any good attorneys? (Eric Lee Green)
Re: Different encryption results in Java/Perl (zeadeATboink.stanford.edu)
From: [EMAIL PROTECTED] (JimD)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Reply-To: JimD
Date: Tue, 02 May 2000 15:16:50 GMT
On Mon, 01 May 2000 20:06:12 GMT, [EMAIL PROTECTED] (Dan Day) wrote:
On Sun, 30 Apr 2000 10:24:47 +0100, "NoSpam" [EMAIL PROTECTED] wrote:
The government already has powers to tap phone lines linking computers, but
the growth of the internet has made it impossible to read all material. By
requiring service providers to install cables that will download material to
MI5, the government will have the technical capability to read everything
that passes over the internet.
This crap is getting out of hand.
Yes. But they won't have the staff, technical or financial
resources to do it.
--
Jim Dunnett.
g4rga at thersgb.net
Londoner? Vote for Ken!!
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Any good attorneys?
Date: Tue, 02 May 2000 18:56:30 +0200
[EMAIL PROTECTED] write:
As far as writing your own code, patents in general cover a
means of doing something, not the details. So it would be the algorithm
itself that is patented, not the code.
I hope that someone of our group who has competent knowledge about
patents would check and verify your statement. My reason of doubt is
this: If anyone can write code according to a patented algorithm without
having to pay anything, how can the patent holder ever get money from
his patent?
And one should also be VERY careful to examine whether a claimed
patent-free algorithm uses features from someone else than its author
and whether these features are patented but (knowingly or unknowingly)
not explicitly stated by the author in the documentation of the algorithm.
Otherwise one could get into troubles, I suppose.
BTW, it is my personal opinion that there is a wide sprectrum of
applications, e.g. one's e-mails, where the speed of ciphers of the
genre of DES is not unconditionally required and could well tolerate
a degradation by a factor of, say, 20 or even 100. For such
applications it shouldn't be too hard, at least for an average member
of our group, I guess, to design one's own patent-free and above all
absolutely backdoor-free encryption algorithms that offer appropriate
security protections. (One shouldn't be too much over-impressed
by the authoritative status of the crypto popes and give up creating
one's own algorithms from the very beginning. Remember, even real
popes are NOT immortal. They all have an end of their lives just like
everyone of us.)
M. K. Shen
==
http://home.t-online.de/home/mok-kong.shen
--
From: Eric Lee Green [EMAIL PROTECTED]
Subject: Re: Any good attorneys?
Date: Tue, 02 May 2000 17:01:34 GMT
Mok-Kong Shen wrote:
[EMAIL PROTECTED] write:
As far as writing your own code, patents in general cover a
means of doing something, not the details. So it would be the algorithm
itself that is patented, not the code.
this: If anyone can write code according to a patented algorithm without
having to pay anything, how can the patent holder ever get money from
his patent?
Err, what he was saying is that even if you write the code from scratch from a
description of the algorithm, you must still pay royalties, because the
algorithm itself, not the code, is what is patented.
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(60
Cryptography-Digest Digest #687
Cryptography-Digest Digest #687, Volume #10 Sun, 5 Dec 99 21:13:01 EST
Contents:
Re: Random Noise Encryption Buffs (Look Here) ("Trevor Jackson, III")
Re: cookies (E. N. Kilomary)
Re: Distribution of intelligence in the crypto field (David A Molnar)
Re: Distribution of intelligence in the crypto field (David A Molnar)
VIC cipher's PRNG ("r.e.s.")
Re: --- sci.crypt charter: read before you post (weekly notice) (E. N. Kilomary)
Re: Random Noise Encryption Buffs (Look Here) (Tim Tyler)
Re: Why Aren't Virtual Dice Adequate? ("r.e.s.")
Re: Safeboot is it really safe (Matt)
Re: Safeboot is it really safe (Matt)
Re: Random Noise Encryption Buffs (Look Here) (Guy Macon)
Re: VIC cipher's PRNG (David Wagner)
Re: Why Aren't Virtual Dice Adequate? (Guy Macon)
Re: Why Aren't Virtual Dice Adequate? (Guy Macon)
Re: Why Aren't Virtual Dice Adequate? (Guy Macon)
Date: Sun, 05 Dec 1999 16:15:04 -0500
From: "Trevor Jackson, III" [EMAIL PROTECTED]
Subject: Re: Random Noise Encryption Buffs (Look Here)
Tim Tyler wrote:
Douglas A. Gwyn [EMAIL PROTECTED] wrote:
: Tim Tyler wrote:
: Whereas your position appears to be based on faith in the existence of
: genuine randomness in subatomic behaviour, and in our ability to
: magnify this up to a macroscopic scale, without distorting it at all.
: Do you know about SQUIDs? Photomultipliers? Etc.?
: Why are you wasting bandwidth arguing about quantum effects
: when you don't understand the subject? Go learn it first!
It seems to be necessary - since some people seem to have the idea that
a one-time pad is a realisable system.
Without a source of genuinely random numbers a one-time pad falls short of
theoretical perfection - and unfortunately, no source of demonstrably
genuinely random numbers is - or IMO is ever likely to be - known to
mankind.
Even if you believe that SQUIDs or photomultipliers are capable of
magnifying quantum events to a macroscopic scale without possibly
introducing any interference from other sources, I would love to
hear an explanation of how they could conceivably do this.
There is no need for esoteric equipment. The dark-adapted human eye detects
single quanta.
Alternatively, should you have a demonstration that quantum events are
themselves genuinely random, I would be delighted to hear that as well.
--
__
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
*If* /you/ copy this "tagline virus" *please* mutate it!
--
From: [EMAIL PROTECTED] (E. N. Kilomary)
Subject: Re: cookies
Date: Sun, 05 Dec 1999 21:37:33 GMT
[EMAIL PROTECTED] (Eric Murray) wrote:
The server placing the cookie can set restrictions on which
servers can access the cookie.
I don't believe that's true. A cookie can only be retrieved by the server
that planted it there.
--
"E. N. Kilomary" is actually [EMAIL PROTECTED] (6320 179458).
0 1 23456789 - Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
--
From: David A Molnar [EMAIL PROTECTED]
Subject: Re: Distribution of intelligence in the crypto field
Date: 5 Dec 1999 21:57:22 GMT
Douglas A. Gwyn [EMAIL PROTECTED] wrote:
Yeah, but he really ought not to be listing his clearances on a
public forum. For one thing, it makes him a target for anyone
who might want to exploit his access to nuclear and other
sensitive material, terrorists for example.
Oh, good point.
Except I doubt he'll be such a target now. :-(
-David
--
From: David A Molnar [EMAIL PROTECTED]
Subject: Re: Distribution of intelligence in the crypto field
Date: 5 Dec 1999 22:02:59 GMT
CLSV [EMAIL PROTECTED] wrote:
You would expect the NSA to ask the "father of combinatorics" to
work on their problems, wouldn't you ?
Yes, I didn't expect it being advertized 'though.
Fair enough. I can't find my copy of _Indiscrete Thoughts_, but I
think it has a reference to working at Los Alamos in the chapter
discussing Stan Ulam...but that is very different than actually listing
a Q clearance on your resume.
( smart combinatorists :-) are working for intelligence
agencies.
The crypto sixth column, as it were.
-David
--
From: "r.e.s." [EMAIL PROTECTED]
Crossposted-To: sci.math
Subject: VIC cipher's PRNG
Date: Sun, 5 Dec 1999 15:04:06 -0800
I was looking at the very simple PRNG used in the VIC
cipher, which operated with decimal digits. In pseudo-
code, and generalizing to base-b digits, registers
R(i)(i=1..b) are initialized to R(i)=key(i)(i=1..b),
and a stream is output by iterating the following:
==
R(b+1) = R(1) + R(2) (mod b)
R(i) = R(i+1) for i=1..b
output R(b+1)
==
What I'm wondering about is, fo
Cryptography-Digest Digest #687
Cryptography-Digest Digest #687, Volume #9 Thu, 10 Jun 99 11:13:02 EDT Contents: Re: huffman code length (Mok-Kong Shen) ATTN: Bruce Schneier - Street Performer Protocol (Anonymous) Re: rc4 vs. rand() ([EMAIL PROTECTED]) Re: IDEA-128 ([EMAIL PROTECTED]) Re: Jaws Tech's L5 Data Encryption Algorithm ([EMAIL PROTECTED]) Re: being burnt by the NSA ([EMAIL PROTECTED]) Re: Looking for a password encryption algorithm ([EMAIL PROTECTED]) Re: One Time Pad ([EMAIL PROTECTED]) Re: ATTN: Bruce Schneier - Street Performer Protocol (Mok-Kong Shen) Re: Does scott19u.zip make full use of it's large key size ? ([EMAIL PROTECTED]) Re: ATTN: Bruce Schneier - Street Performer Protocol ([EMAIL PROTECTED]) Anonymous comments on Street Performer Protocol (was: ATTN: Bruce...) (Larry Kilgallen) Re: ATTN: Bruce Schneier - Street Performer Protocol (Mok-Kong Shen) Re: Looking for a password encryption algorithm (Robert G. Durnal) Re: High precision integer arithmetic (Robert G. Durnal) Re: being burnt by the NSA (Gordon Grieder) Re: ATTN: Bruce Schneier - Street Performer Protocol (Bruce Schneier) From: Mok-Kong Shen [EMAIL PROTECTED] Crossposted-To: comp.compression,alt.comp.compression,sci.math Subject: Re: huffman code length Date: Thu, 10 Jun 1999 13:21:44 +0200 Alex Vinokur wrote: For more details about worst-case code see the message titled "Huffman codes and Fibonacci numbers" in comp.compression http://www.deja.com/getdoc.xp?AN=471802979fmt=text Recently I posed a question elsewhere concerning Huffman encoding. Since I don't yet have any appropriate answer, I like to take this opportunity to repost it here: The Huffman encoding is such that a uniform frequency distribution gives a balanced tree while extremely non-uniform distribution gives a tree very remote from being balanced. For a balanced tree of 4 symbols, for example, a frequency distribution of 0.20, 0.20, 0.21, 0.39 is possible but much more extreme distributions are not possible. Question: Given an arbitrary Huffman tree, how can we say something useful in quantitative terms concerning the possilbe frequency distributions that correspond to it? M. K. Shen -- Date: Thu, 10 Jun 1999 13:42:45 +0200 (CEST) From: Anonymous [EMAIL PROTECTED] Subject: ATTN: Bruce Schneier - Street Performer Protocol Bruce, I cannot believe you would put your name to such an outlandish proposal! If you wanted to float a trial balloon you could have done so under a pseudonym. The proposal on the website I just saw is INCREDIBLY NAIVE on your part. The fact that *you* - a well-respected (cough) authority in the field of data protection - came out and publically uttered these ideas vis-a-vis copyright protections will only lend more ammunition to those that seek to somehow suppress the free flow of information over the Internet. I cannot *believe* you would do something so foolish! You mentioned specifically "Motion Picture Houses". Good God, man! I'm having trouble typing here; please bear with me. Your failure to even come *close* to what any studio would refer to itself as, nevermind the entire Motion Picture Industry or Hollywood Film Studios, as they are *commonly* referred to by even the most casual observer - you distance yourself from any base of opinion that would even be considered "reasonable". Motion Picture House. Sheesh. Your argument should have encompassed the *entire* range of intellectual property as we know it today. Go ahead, why limit yourself to the movies? Or TV? Are you aware of the battle going on over MP3s in the music business today? What about that? What about all those MP3s, Bruce? The whole music industry isn't about to lie down and play dead, you know? Compare their earnings to TV and film - how naive can you possibly be? Bruce, you've lost any credibility you had. You come right out in the piece and say you will address the technical and economic issues. Then you add in the "social" issues for good measure. OK, chief. This is why we techies get a bad name in business circles. If you believe *any* of your proposal for the "Street Performer Protocol" has a chance in hell - look at the numbers, Bruce, look at the money, I implore you. Eh, good luck. You're a great crypto guy, but you're not on my list anymore of influential people up-and-coming in the 21st Century. Best Regards, JB -- From: [EMAIL PROTECTED] Subject: Re: rc4 vs. rand() Date: Thu, 10 Jun 1999 11:03:13 GMT In article 7jng8o$lgv$[EMAIL PROTECTED], Michael J. Fromberger [EMAIL PROTECTED] wrote: A function is a relation which maps each element of the domain to at most one element of the range. A function is one-to-one, or "injective", if no two element
