Cryptography-Digest Digest #687
Cryptography-Digest Digest #687, Volume #12 Fri, 15 Sep 00 14:13:01 EDT Contents: Re: For the Gurus ("root@localhost " [EMAIL PROTECTED]) Re: sac fullfilling decorelated functions (Serge Vaudenay) Re: 20 suggestions for cryptographic algorithm designers (SCOTT19U.ZIP_GUY) CDMA tracking (was Re: GSM tracking) (Darren New) Re: 20 suggestions for cryptographic algorithm designers (Runu Knips) Re: 20 suggestions for cryptographic algorithm designers (Roger Schlafly) Re: 20 suggestions for cryptographic algorithm designers (Roger Schlafly) Re: For the Gurus (Jim Gillogly) Re: Diffie-Hellman Questions ("Michael Scott") From: "root@localhost spamthis" [EMAIL PROTECTED] Subject: Re: For the Gurus Date: Fri, 15 Sep 2000 12:11:37 -0400 Jim Gillogly wrote: This one is getting a bit long. But read with patience, your questions are answered. /dev/null wrote: This example is trivialized by not using a randomized key alphabet. Plain | ROW KEYS ---| ETRLC0 | ABCDE NOSFW2 | FGHI IADPB4 | JKL HMUJK6 | MN GYVQXZ | OP 135789 | QR STUVWX COL KEYS YZ0123 456 78 9 P(E) = c(AS, AY, A4, A7, A9, ..., 9E) P(9) = c(QX, Q3, XQ, XR) OK, this is a Checkerboard cipher with known row and column keys (Kerckhoffs' Law, the opponent knows everything except the day's key). We must assume the opponent knows everything except the key sets. In this case there is no day's key. There may be a single key for a message or the keys may be aperiodically changing. In a message of 200 characters there may be a dozen keys or there may be one. That is what I am trying to figure out. How often must the key be changed? The opponents monitor this news group, thus we are building the system under the opponents noses. We are in the operational environment at this time. The key alphabet consists of A-Z and 0-9. Alphabets are generated by machine using the high order bits of the Unix rand() function and the following fragment of code. x = (rand() (rand()%23)); I had assumed the method was supposed to be memorized, perhaps so that no incriminating evidence would be found on the user. That is not a problem. In the real world when things get physical, the user trades information for time. Once a message is sent the key sheets it used are destroyed immediatly. The system will not be used to encrypt evidentiary or other material which may not be legally transmitted via such a system. The user will not be subject to 'capture' or arrest or ever be in physical danger. The key streams will be generated on a stand alone machine which has never been connected to the net. When machine assist is available it will be used OFF LINE. It will not always be available. Remember, "You can not trust software unless you can trust the hardware upon which it is running." However, if the user will have a Unix box available at encryption time, why not run a good encryption system on it then? The user will not always have access to a specific means of communication. It is reasonable to assume that the user of the system may have to use carrier pigeon, morse, telephony, push to talk, email, whatever means is available. The user may be stuck with a fax machine. The user consults, he communicates via whatever means is available at the customer site. If they will be carrying incriminating material, why not a Palm Pilot? The users are a company which provides electronic warfare training and network security services to approved customers. The users will not be carrying incriminating material. The users may need to discuss time sensitive material in an emergency with a high level of security. I still haven't seen the operating conditions and threat environment specified. This is to be a backup system. It's purpose is to remain stashed on the user's person for emergency usage. The threat environment resembles the environment that a HUMINT operative functions within, with the exception that the user will be overtly representing himself to be what he is. The operating environment will not be physically hostile BUT significant resources may be expended in an attempt to discover the activities of the consultant by parties who do not have a right to know. The users must assume the all communications are monitored. If a method to ensure the user never used a cipher/plain pair twice were So in this particular case no message can use more than four 9's? Hurm... that can limit the kinds of messages you will send. I am still trying to locate a frequency table for the entire set of A-Z and 0-9. The cell assignments may change somewhat. I noticed that as well and mentioned it in a round about way above. established, what key change criteria would improve the security
Cryptography-Digest Digest #687
Cryptography-Digest Digest #687, Volume #11 Tue, 2 May 00 15:13:01 EDT Contents: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net" (JimD) Re: Any good attorneys? (Mok-Kong Shen) Re: Any good attorneys? (Eric Lee Green) Re: Tempest Attacks with EMF Radiation (Woody Brison) Re: Different encryption results in Java/Perl (Mike Rosing) Re: Karatsuba threshold (Robert Harley) GPS encryption turned off (Doug Stell) STU-III (Matt Linder) Re: GPS encryption turned off ("Stou Sandalski") Re: Any good attorneys? (Mike Rosing) Do You Know Tammy and Jeff from Oregon? ("[EMAIL PROTECTED]") Re: sci.crypt think will be AES? (Paul Koning) Re: Interleaving for block encryption (Paul Koning) Re: A naive question (Bryan Olson) Re: A naive question (Mok-Kong Shen) Re: GPS encryption turned off (Mike Andrews) Re: Deciphering Playfair (long) (William Rowden) Re: GPS encryption turned off (Doug Stell) Re: STU-III (Doug Stell) Re: Any good attorneys? (Eric Lee Green) Re: Different encryption results in Java/Perl (zeadeATboink.stanford.edu) From: [EMAIL PROTECTED] (JimD) Crossposted-To: uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net" Reply-To: JimD Date: Tue, 02 May 2000 15:16:50 GMT On Mon, 01 May 2000 20:06:12 GMT, [EMAIL PROTECTED] (Dan Day) wrote: On Sun, 30 Apr 2000 10:24:47 +0100, "NoSpam" [EMAIL PROTECTED] wrote: The government already has powers to tap phone lines linking computers, but the growth of the internet has made it impossible to read all material. By requiring service providers to install cables that will download material to MI5, the government will have the technical capability to read everything that passes over the internet. This crap is getting out of hand. Yes. But they won't have the staff, technical or financial resources to do it. -- Jim Dunnett. g4rga at thersgb.net Londoner? Vote for Ken!! -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Any good attorneys? Date: Tue, 02 May 2000 18:56:30 +0200 [EMAIL PROTECTED] write: As far as writing your own code, patents in general cover a means of doing something, not the details. So it would be the algorithm itself that is patented, not the code. I hope that someone of our group who has competent knowledge about patents would check and verify your statement. My reason of doubt is this: If anyone can write code according to a patented algorithm without having to pay anything, how can the patent holder ever get money from his patent? And one should also be VERY careful to examine whether a claimed patent-free algorithm uses features from someone else than its author and whether these features are patented but (knowingly or unknowingly) not explicitly stated by the author in the documentation of the algorithm. Otherwise one could get into troubles, I suppose. BTW, it is my personal opinion that there is a wide sprectrum of applications, e.g. one's e-mails, where the speed of ciphers of the genre of DES is not unconditionally required and could well tolerate a degradation by a factor of, say, 20 or even 100. For such applications it shouldn't be too hard, at least for an average member of our group, I guess, to design one's own patent-free and above all absolutely backdoor-free encryption algorithms that offer appropriate security protections. (One shouldn't be too much over-impressed by the authoritative status of the crypto popes and give up creating one's own algorithms from the very beginning. Remember, even real popes are NOT immortal. They all have an end of their lives just like everyone of us.) M. K. Shen == http://home.t-online.de/home/mok-kong.shen -- From: Eric Lee Green [EMAIL PROTECTED] Subject: Re: Any good attorneys? Date: Tue, 02 May 2000 17:01:34 GMT Mok-Kong Shen wrote: [EMAIL PROTECTED] write: As far as writing your own code, patents in general cover a means of doing something, not the details. So it would be the algorithm itself that is patented, not the code. this: If anyone can write code according to a patented algorithm without having to pay anything, how can the patent holder ever get money from his patent? Err, what he was saying is that even if you write the code from scratch from a description of the algorithm, you must still pay royalties, because the algorithm itself, not the code, is what is patented. -- Eric Lee Green [EMAIL PROTECTED] Software Engineer Visit our Web page: Enhanced Software Technologies, Inc. http://www.estinc.com/ (60
Cryptography-Digest Digest #687
Cryptography-Digest Digest #687, Volume #10 Sun, 5 Dec 99 21:13:01 EST Contents: Re: Random Noise Encryption Buffs (Look Here) ("Trevor Jackson, III") Re: cookies (E. N. Kilomary) Re: Distribution of intelligence in the crypto field (David A Molnar) Re: Distribution of intelligence in the crypto field (David A Molnar) VIC cipher's PRNG ("r.e.s.") Re: --- sci.crypt charter: read before you post (weekly notice) (E. N. Kilomary) Re: Random Noise Encryption Buffs (Look Here) (Tim Tyler) Re: Why Aren't Virtual Dice Adequate? ("r.e.s.") Re: Safeboot is it really safe (Matt) Re: Safeboot is it really safe (Matt) Re: Random Noise Encryption Buffs (Look Here) (Guy Macon) Re: VIC cipher's PRNG (David Wagner) Re: Why Aren't Virtual Dice Adequate? (Guy Macon) Re: Why Aren't Virtual Dice Adequate? (Guy Macon) Re: Why Aren't Virtual Dice Adequate? (Guy Macon) Date: Sun, 05 Dec 1999 16:15:04 -0500 From: "Trevor Jackson, III" [EMAIL PROTECTED] Subject: Re: Random Noise Encryption Buffs (Look Here) Tim Tyler wrote: Douglas A. Gwyn [EMAIL PROTECTED] wrote: : Tim Tyler wrote: : Whereas your position appears to be based on faith in the existence of : genuine randomness in subatomic behaviour, and in our ability to : magnify this up to a macroscopic scale, without distorting it at all. : Do you know about SQUIDs? Photomultipliers? Etc.? : Why are you wasting bandwidth arguing about quantum effects : when you don't understand the subject? Go learn it first! It seems to be necessary - since some people seem to have the idea that a one-time pad is a realisable system. Without a source of genuinely random numbers a one-time pad falls short of theoretical perfection - and unfortunately, no source of demonstrably genuinely random numbers is - or IMO is ever likely to be - known to mankind. Even if you believe that SQUIDs or photomultipliers are capable of magnifying quantum events to a macroscopic scale without possibly introducing any interference from other sources, I would love to hear an explanation of how they could conceivably do this. There is no need for esoteric equipment. The dark-adapted human eye detects single quanta. Alternatively, should you have a demonstration that quantum events are themselves genuinely random, I would be delighted to hear that as well. -- __ |im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED] *If* /you/ copy this "tagline virus" *please* mutate it! -- From: [EMAIL PROTECTED] (E. N. Kilomary) Subject: Re: cookies Date: Sun, 05 Dec 1999 21:37:33 GMT [EMAIL PROTECTED] (Eric Murray) wrote: The server placing the cookie can set restrictions on which servers can access the cookie. I don't believe that's true. A cookie can only be retrieved by the server that planted it there. -- "E. N. Kilomary" is actually [EMAIL PROTECTED] (6320 179458). 0 1 23456789 - Use this key to decode my email address and name. Play Five by Five Poker at http://www.5X5poker.com. -- From: David A Molnar [EMAIL PROTECTED] Subject: Re: Distribution of intelligence in the crypto field Date: 5 Dec 1999 21:57:22 GMT Douglas A. Gwyn [EMAIL PROTECTED] wrote: Yeah, but he really ought not to be listing his clearances on a public forum. For one thing, it makes him a target for anyone who might want to exploit his access to nuclear and other sensitive material, terrorists for example. Oh, good point. Except I doubt he'll be such a target now. :-( -David -- From: David A Molnar [EMAIL PROTECTED] Subject: Re: Distribution of intelligence in the crypto field Date: 5 Dec 1999 22:02:59 GMT CLSV [EMAIL PROTECTED] wrote: You would expect the NSA to ask the "father of combinatorics" to work on their problems, wouldn't you ? Yes, I didn't expect it being advertized 'though. Fair enough. I can't find my copy of _Indiscrete Thoughts_, but I think it has a reference to working at Los Alamos in the chapter discussing Stan Ulam...but that is very different than actually listing a Q clearance on your resume. ( smart combinatorists :-) are working for intelligence agencies. The crypto sixth column, as it were. -David -- From: "r.e.s." [EMAIL PROTECTED] Crossposted-To: sci.math Subject: VIC cipher's PRNG Date: Sun, 5 Dec 1999 15:04:06 -0800 I was looking at the very simple PRNG used in the VIC cipher, which operated with decimal digits. In pseudo- code, and generalizing to base-b digits, registers R(i)(i=1..b) are initialized to R(i)=key(i)(i=1..b), and a stream is output by iterating the following: == R(b+1) = R(1) + R(2) (mod b) R(i) = R(i+1) for i=1..b output R(b+1) == What I'm wondering about is, fo
Cryptography-Digest Digest #687
Cryptography-Digest Digest #687, Volume #9 Thu, 10 Jun 99 11:13:02 EDT Contents: Re: huffman code length (Mok-Kong Shen) ATTN: Bruce Schneier - Street Performer Protocol (Anonymous) Re: rc4 vs. rand() ([EMAIL PROTECTED]) Re: IDEA-128 ([EMAIL PROTECTED]) Re: Jaws Tech's L5 Data Encryption Algorithm ([EMAIL PROTECTED]) Re: being burnt by the NSA ([EMAIL PROTECTED]) Re: Looking for a password encryption algorithm ([EMAIL PROTECTED]) Re: One Time Pad ([EMAIL PROTECTED]) Re: ATTN: Bruce Schneier - Street Performer Protocol (Mok-Kong Shen) Re: Does scott19u.zip make full use of it's large key size ? ([EMAIL PROTECTED]) Re: ATTN: Bruce Schneier - Street Performer Protocol ([EMAIL PROTECTED]) Anonymous comments on Street Performer Protocol (was: ATTN: Bruce...) (Larry Kilgallen) Re: ATTN: Bruce Schneier - Street Performer Protocol (Mok-Kong Shen) Re: Looking for a password encryption algorithm (Robert G. Durnal) Re: High precision integer arithmetic (Robert G. Durnal) Re: being burnt by the NSA (Gordon Grieder) Re: ATTN: Bruce Schneier - Street Performer Protocol (Bruce Schneier) From: Mok-Kong Shen [EMAIL PROTECTED] Crossposted-To: comp.compression,alt.comp.compression,sci.math Subject: Re: huffman code length Date: Thu, 10 Jun 1999 13:21:44 +0200 Alex Vinokur wrote: For more details about worst-case code see the message titled "Huffman codes and Fibonacci numbers" in comp.compression http://www.deja.com/getdoc.xp?AN=471802979fmt=text Recently I posed a question elsewhere concerning Huffman encoding. Since I don't yet have any appropriate answer, I like to take this opportunity to repost it here: The Huffman encoding is such that a uniform frequency distribution gives a balanced tree while extremely non-uniform distribution gives a tree very remote from being balanced. For a balanced tree of 4 symbols, for example, a frequency distribution of 0.20, 0.20, 0.21, 0.39 is possible but much more extreme distributions are not possible. Question: Given an arbitrary Huffman tree, how can we say something useful in quantitative terms concerning the possilbe frequency distributions that correspond to it? M. K. Shen -- Date: Thu, 10 Jun 1999 13:42:45 +0200 (CEST) From: Anonymous [EMAIL PROTECTED] Subject: ATTN: Bruce Schneier - Street Performer Protocol Bruce, I cannot believe you would put your name to such an outlandish proposal! If you wanted to float a trial balloon you could have done so under a pseudonym. The proposal on the website I just saw is INCREDIBLY NAIVE on your part. The fact that *you* - a well-respected (cough) authority in the field of data protection - came out and publically uttered these ideas vis-a-vis copyright protections will only lend more ammunition to those that seek to somehow suppress the free flow of information over the Internet. I cannot *believe* you would do something so foolish! You mentioned specifically "Motion Picture Houses". Good God, man! I'm having trouble typing here; please bear with me. Your failure to even come *close* to what any studio would refer to itself as, nevermind the entire Motion Picture Industry or Hollywood Film Studios, as they are *commonly* referred to by even the most casual observer - you distance yourself from any base of opinion that would even be considered "reasonable". Motion Picture House. Sheesh. Your argument should have encompassed the *entire* range of intellectual property as we know it today. Go ahead, why limit yourself to the movies? Or TV? Are you aware of the battle going on over MP3s in the music business today? What about that? What about all those MP3s, Bruce? The whole music industry isn't about to lie down and play dead, you know? Compare their earnings to TV and film - how naive can you possibly be? Bruce, you've lost any credibility you had. You come right out in the piece and say you will address the technical and economic issues. Then you add in the "social" issues for good measure. OK, chief. This is why we techies get a bad name in business circles. If you believe *any* of your proposal for the "Street Performer Protocol" has a chance in hell - look at the numbers, Bruce, look at the money, I implore you. Eh, good luck. You're a great crypto guy, but you're not on my list anymore of influential people up-and-coming in the 21st Century. Best Regards, JB -- From: [EMAIL PROTECTED] Subject: Re: rc4 vs. rand() Date: Thu, 10 Jun 1999 11:03:13 GMT In article 7jng8o$lgv$[EMAIL PROTECTED], Michael J. Fromberger [EMAIL PROTECTED] wrote: A function is a relation which maps each element of the domain to at most one element of the range. A function is one-to-one, or "injective", if no two element