Cryptography-Digest Digest #19, Volume #11 Sun, 30 Jan 00 21:13:01 EST
Contents:
Re: Using blowfish as a one-way hash? (Tom St Denis)
Re: Intel 810 chipset Random Number Generator (Guy Macon)
Re: Intel 810 chipset Random Number Generator (Guy Macon)
Re: A question about odd grilles (John Savard)
Re: KEA gains something with RSA instead of D-H (David Wagner)
Re: Strong stream ciphers besides RC4? (Uri Blumenthal)
Re: Intel 810 chipset Random Number Generator (Guy Macon)
Re: Court cases on DVD hacking is a problem for all of us (Highdesertman)
Re: NIST, AES at RSA conference (Bryan Olson)
Re: Intel 810 chipset Random Number Generator (Michael Kagalenko)
Re: Intel 810 chipset Random Number Generator (Michael Kagalenko)
Re: Intel 810 chipset Random Number Generator (Michael Kagalenko)
Re: Intel 810 chipset Random Number Generator (Michael Kagalenko)
Re: Intel 810 chipset Random Number Generator (Michael Kagalenko)
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Using blowfish as a one-way hash?
Date: Mon, 31 Jan 2000 00:04:27 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (ChenNelson) wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In _Applied Cryptography_ Schneier noted that blowfish is not to be
> used as a one-way hash. Why is this so, in CBC mode?
>
That would be a MAC or Message Authetication Code. He does list
several ways to use block ciphers as hashes elsewhere in the book. I
would stictly suggest against using a block cipher as a hash.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 30 Jan 2000 19:16:22 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Jerry
Coffin) wrote:
>Here's where I truly screwed up: I didn't read the attributions
>carefully enough, and thought it was Michael Kagalenko to whom I was
>replying.
>As above -- I basically got sick to death of Mr. Kagalenko spouting
>nonsense and _thought_ I was replying to him. Most of the time when I
>write a message like this one, I just use it to blow of a bit of
>steam, and delete it before it goes anywhere. In this case it
>accidentally got sent out; even though I think it accurately
>characterizes nearly everything he (NOT you) has said in the thread, I
>really didn't intend make a public statement about it quite so
>strongly. In any case, it wasn't intended to be directed toward you
>at all.
Thanks. I was beginning to wonder if someone was impersonating you.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 30 Jan 2000 19:28:49 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Jerry
Coffin) wrote:
>> May I assume from this that you are
>> in agreement with Michael Kagalenko's opinions about how crystal
>> oscillators work?
>
>God NO! That was what I'd intended to object to. It seems to me that
>he's spouting complete nonsense about something of which he hasn't the
>least grasp at all. At least as far as I can tell, if crystal
>oscillators acted like he claims, we could plan on the average
>oscillator drifting by tens of percent over a matter of a few days of
>use, but then by being turned off and back on, they'd magically start
>back up at rated frequency again. I'll grant anybody that turning one
>off for a while will usually result in a small change in frequency
>simply because most oscillators generate at least a little heat, so
>the crystal will normally cool off a little when it's not in use, but
>the effect here is usually quite minor, and at any rate jitter and
>thermal drift are fundamentally unrelated in any case.
I think you got his claim backwards (not suprising given that he
really doesn't make any sense at all 99% of the time!) He is saying
that the "thermal drift" (which he says happens when the temperature
of the crystal is kept constant, so it's not what you are thinking
it is) of (frequency?) diverges from the starting point in the same
manner that a particle does under brownian motion AND THAT THIS
DIVERGENCE STAYS THE SAME EVEN WHEN YOU TURN OFF THE POWER
OVERNIGHT!!! Have you ever seen the output of a player behave
like that? Neither have I. Only aging of the quartz acts
like that, and he specifically excluded that as a possibility.
He is right about one thing, though. Nobody understands his theory.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: A question about odd grilles
Date: Mon, 31 Jan 2000 00:10:17 GMT
On Sun, 30 Jan 2000 21:24:18 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>Boris Kazak wrote:
>> One workable solution can be to use this central hole right during the
>> first quadrant positioning, and ignore it during the 3 remaining
>> quadrants. This is easy to do while encrypting and while decrypting.
>But this means that the plaintext character put in at that location
>is fixed, i.e. does not move as do the other characters taking part
>in the whole transpositon effected by the grille. Hence, it seems
>better to either ignore it or to put in a null there.
Huh? It "moves" or not just as much as all the other letters written
down in the holes of the grille in its first position.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: KEA gains something with RSA instead of D-H
Date: 30 Jan 2000 16:30:42 -0800
In article <[EMAIL PROTECTED]>,
John Savard <[EMAIL PROTECTED]> wrote:
> Hence, if a protocol like KEA were used, sending two session keys in
> opposite directions simultaneously, but with RSA instead of
> Diffie-Hellman, with the XOR of the two session keys being used as the
> actual session key, communications would remain secure *even if the
> private key of one party had been compromised*.
Good point! I haven't seen this observation before.
Does anyone have any clue why KEA uses XOR to combine the two session
keys, instead of simply hashing them with (say) SHA-1?
------------------------------
From: Uri Blumenthal <[EMAIL PROTECTED]>
Subject: Re: Strong stream ciphers besides RC4?
Date: Sun, 30 Jan 2000 19:31:00 -0500
Reply-To: [EMAIL PROTECTED]
Gregory G Rose wrote:
> Comparitively minor tweaks to SOBER fix the
> important problems found by Bleichenbacher and
> Patel (and independently by Royal Holloway).....
> ......In the meantime, a design paper about
> "the t-class SOBER Stream Ciphers" is online at
> http://www.home.aone.net.au/qualcomm.
Yup, the one in PDF format. But the source reference
is "mailto: [EMAIL PROTECTED]" (:-). How to remedy
this? I'd like to play with it.
> [2]: Free for non-embedded use, we only care about
> cellphones and such stuff.
Good!
> Individual export licenses happily applied for. Currently undergoign
> a one-time review for online export (note: from Australia, not the US).
(:-) Pls let me know the results.
--
Regards,
Uri [EMAIL PROTECTED]
-=-=-==-=-=-
<Disclaimer>
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 30 Jan 2000 19:39:00 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Douglas A. Gwyn) wrote:
>
>Tim Tyler wrote:
>> While (obviously) you could - in principle - extract *some* randomness
>> from crystal clock drift, it is /far/ from clear that the effect could
>> be used to produce random numbers at a practical rate.
>
>The idea of using a *crystal* as basis for a RNG was dumb in the
>first place, and the entire "discussion" since then seems to have
>been an attempt to rationalize what was always a mistake.
Hey! I just figured out two ways to use crystals as a basis for a RNG!
METHOD ONE:
Step one: Remove from can
Step two: Write "Heads" on one side of the crystal.
Step three: Write "Tails" on the other side of the crystal.
(be sure to use same weightb of ink and distribute
it the same over the surface!)
Step four: Put in a cup, shake 32 times, throw on to a
temperature stabalized optically flat surface.
Step five: Apply Nov Neuman Compensation.
Step six: Repeat, starting at step 4.
METHOD TWO:
Step one: Obtain a large quantity of Crystals.
Step two: Sell them (I suggest going to Sedona, Arizona)
Step three: Use the money to buy a computer with an Intel
810 chipset Random Number Generator on board.
------------------------------
From: [EMAIL PROTECTED] (Highdesertman)
Subject: Re: Court cases on DVD hacking is a problem for all of us
Date: Mon, 31 Jan 2000 00:38:57 GMT
Reply-To: [EMAIL PROTECTED]
And here we have a problem of public perception versus reality:
Perception: Hackers are evil people bent on chaos and destruction and
the stealing of credit card numbers.
Reality: Most "hackers" are self taught computer literate individuals
that often feel more comfortable in their own sub culture than society
at large. Most are not criminals, and simply use their skills for
their own amusement or that of thier friends. In some cases they get
good paying jobs doing what they used to do for fun. Most of the time,
thier activities are either harmless, or in fact, benefit others, such
as the recent case where hackers notified AOL of a security weakness
in thier servers.
Perception: The Linux folks that hacked the DVD crypto were out to
destroy as much of hollywoods DVD market share as possible, and give
illegal pirateers of video a new tool for copying and distributing the
disks.
Reality: If a DVD software module for Linux had been available, none
of this would have happened to begin with. Neccessity really is the
mother of cryptoanalysis.
Now for some perceptions by the crypto community that I believe to be
incorrect:
Perception: Any code is fair game to cracking. I have the *right* to
reverse engineer, diff analyze or in any way crack anything that is
encrypted. In fact, I have a duty to do so, so everyone will know
whether or not it is a trustable algorythm.
Reality: Aren't we biting our own tails here? We are the community
that so strongly defends an individuals right to privacy, yet we deny
that right to the DVD industry simply because they are a for-profit
industry? It is wrong of us to assume that simply because the owners
of the DVD crypto are keeping the code from us, that we have the right
to crack it and see what it is. This is the same attitude our
government has about us you know. What is it we are "hiding" that we
don't want our government to see. Why would *we* need crypto? What
kind of extremist *wouldn't* trust his own government with a key
escrow system. The government believes that they have a right to our
data if the need presents itself. We believe we have the right to the
proprietary DVD crypto if the need presents itself. Sorry boys, but
you can't have it both ways. You can't say that you have the right to
crack a proprietary software encryption system and distribute that
information and then demand the right to absolute privacy of our own
data.
It is important for us as a community to be able to see some shades of
grey. Certainly it is essential that we retain the right to analyze
published encryption code for flaws. This is how it was discovered
that such "trusted" algorythms as DES were actually insecure and open
to attack.
But we must also recognise that the purpose of crypto is to protect
the privacy of others. That *includes* corporate privacy, and the
protection of proprietary information. We may not like having to
swallow that, as we like to focus on individual privacy. Nonetheless,
we no more have a right to crack and distrubute DVD crypto, than the
government has the right to hold escrow keys on our data. I know there
are many who will violently oppose this point of view, but I believe
if we are to survive, and our views are to be accepted by society, a
middle ground will have to be found.
Did any of you consider that as a result of this hacking, we are
likely to see a surge of pirating of DVD's? Not by hackers, but by
those who would take advantage of the work done by those hackers. And
hollywood will not absorb this cost. It will be passed on to the
consumer in the form of higher DVD costs.
We can't be extremists. We have to recognise the rights of others. And
the DVD industry has rights as well. The right to protect it's
property both intellectual and real, from theft.
Cheers,
Mathew
On Tue, 25 Jan 2000 17:43:23 GMT,
[EMAIL PROTECTED] (Troed) wrote:
>http://slashdot.org/article.pl?sid=00/01/25/0827258
>
>This has the potential to stop a lot of what is being done in the
>cryptographic industry. What Jon and a few others did was to reverse
>engineer an existing crypto algorithm, find out its weaknesses, and
>then use and publish their knowledge.
>
>Question yourselves - how many of us professional and hobbyist
>cryptographers haven't reverse engineered crypto algorithms?
>
>I have.
>
>Jon Johansen also did - and then found out that Hollywood used their
>influenses to get the Norwegian government to take him in for
>questioning, sieze his equipment, threatening him (and his father)
>with several years in prison.
>
>Do what you feel needs to be done - especially those of you that are
>"well known names in the industry".
>
>___/
>_/ - in support of Jon Johansen
>
>Also, more info on http://www.opendvd.org
>
>
>
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: NIST, AES at RSA conference
Date: Mon, 31 Jan 2000 00:44:37 GMT
In article <[EMAIL PROTECTED]>,
CLSV <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
>
> > CLSV <[EMAIL PROTECTED]> wrote:
>
> > > A *single* algorithm that breaks *all* key-based ciphers?
> > > I think/believe that this is awfully close to being
> > > reducible to the Halting Problem.
>
> > By "key based", I mean I'm assuming the usual model in which
> > the algorithms are known to the attacker and the key is
> > secret, and by "practical" I mean encryption and decryption
> > with a given key are reasonably efficient. Clearly if we
> > allow our solver to take arbitrarily large but finite time,
> > we could actually construct such a thing, since exhaustive
> > search halts.
>
> But not in polynomial time.
I was responding to your point about the halting problem,
which has nothing to do with polynomial time.
> Still the problem is too
> vague to make any specific claims.
In the past I've considered specific models that do consider
polynomial and exponential time. For an example see:
http://x42.deja.com/getdoc.xp?AN=407897337&CONTEXT=938477175.12452024&hi
> For example the definition
> of "breaking a cipher" is very ambiguous. If you consider
> enumerating all keys until the right one is found than there
> are no secure ciphers but you say that the existence of
> such an algorithm is uncertain so you probably don't consider
> this as breaking a cipher.
We seek a system that is practical in use and intractable to
break. There are a variety of ways to model the problem,
and so far no one has produced a reasonable model in which
they can prove computational security exists.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 31 Jan 2000 01:10:19 GMT
Reply-To: [EMAIL PROTECTED]
Guy Macon ([EMAIL PROTECTED]) wrote
]In article <87088q$jah$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Michael
]Kagalenko) wrote:
]
]> You did not measure it becasue you were not looking for it. You were
]> measuring jitter, an entierly different thing.
]
]Quick, name the company that makes the most popular jitter test set.
]What? You can't do it? How do you know what it measures?
This is getting boring. A dozen posts, and you still haven't began to
use any reading comprehension skills you may have.
]Now explain the proper procedure for graphing long term crystal
]drift against an atomic clock. Can't do that either?
]
]Explain the proper method for measuring short term variations
]that lie between the above two measurement techniques. No?
]
]Have you ever connected any piece of test equipment to a crystal
]oscillator? Not even an oscilloscope?
]
]Does anyone here want to hear the joke about the drunk on the freeway?
]
]Maybe later in life, after you have learned to read, write, count,
]and think, you will have more success. True, these are rudimentary
]skills that many of us "normal" people take for granted that
]everyone has an easy time of mastering. But we sometimes forget
]that there are "challenged" persons in this world who find these
]things more difficult. If I had known, that this was your case then
]I would have never read your posts. It just wouldn't have been
]"right". Sort of like parking in a handicap space. I wish you the
]best of luck in the emotional, and social struggles that seem to be
]placing such a demand on you. I hope this helps...
]
](Note to self: check that killfile - must be a typo or something)
Thanks for a good laugh. Do you always respond to an arguments with rants ?
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 31 Jan 2000 01:18:21 GMT
Reply-To: [EMAIL PROTECTED]
Guy Macon ([EMAIL PROTECTED]) wrote
]>God NO! That was what I'd intended to object to. It seems to me that
]>he's spouting complete nonsense about something of which he hasn't the
]>least grasp at all. At least as far as I can tell, if crystal
]>oscillators acted like he claims, we could plan on the average
]>oscillator drifting by tens of percent over a matter of a few days of
]>use, but then by being turned off and back on, they'd magically start
]>back up at rated frequency again.
I have said several times that this is not what I mean. Are you capable of
reading ?
] I'll grant anybody that turning one
]>off for a while will usually result in a small change in frequency
]>simply because most oscillators generate at least a little heat, so
]>the crystal will normally cool off a little when it's not in use, but
]>the effect here is usually quite minor, and at any rate jitter and
]>thermal drift are fundamentally unrelated in any case.
]
]I think you got his claim backwards (not suprising given that he
]really doesn't make any sense at all 99% of the time!) He is saying
]that the "thermal drift" (which he says happens when the temperature
]of the crystal is kept constant, so it's not what you are thinking
]it is) of (frequency?)
I have said twice that average frequency does not drift. You must
have severe reading difficulty.
] diverges from the starting point in the same
]manner that a particle does under brownian motion
I have told you that analogy of the position of Brwonian particle is
not frequency. What's wrong with your reading skills ?
] AND THAT THIS
]DIVERGENCE STAYS THE SAME EVEN WHEN YOU TURN OFF THE POWER
]OVERNIGHT!!! Have you ever seen the output of a player behave
]like that? Neither have I. Only aging of the quartz acts
]like that, and he specifically excluded that as a possibility.
]
]He is right about one thing, though. Nobody understands his theory.
It is fairly entertaining thread, as far as I am concerned. All
the electrical engineers and programmers from sci.crypt keep
attributing to me things that I sepocifically, repeatedly and
clearly disclaimed. As they say, no one is more deaf than the one
unwilling to listen.
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 31 Jan 2000 01:22:02 GMT
Reply-To: [EMAIL PROTECTED]
Guy Macon ([EMAIL PROTECTED]) wrote
]In article <8707mg$ege$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Michael
]Kagalenko) wrote:
]
]>
]> Well, your assertions clearly indicate that you do not understand the
]> reason why the drift I am talking about exists. Too bad for Perkin-Elmer
]> and the rest of them; may be, they should have hired someone better.
]> And BTW, jitter has nothing to do with the phenomenon I am describing.
]>
]
]You are right. I don't understand the reason for the drift for the
]same reason that I don't understand the reason for fairies, elves.
]or Unicorns exist. I have never seen such a drift as you describe
]and niether has anyone else (including you!). If it exists it
]is not what you described. If it is what you described, it does
]not exist.
Well, in a word, - nope.
]It is VERY difficult to understand the reason why the drift you are
]talking about exists when it doesn't. There is Jitter, there is
]thermal drift, there is VCC drift, and there is crystal aging,
]there is phase locking through E fields, and a few other effects.
]Of those possibilities, only crystal aging behaves as you describe
](does not "reset" to zero when I turn the power off for 24 hours).
I have told you that the average frequency does not drift. As of now,
I told this about 5 times. But it never hurts to repeat, when dealing
with people who have an apparent reading impairment.
]You have no data. You have no observations. You have never built
]the circuit you describe. You have never fed the resault of the
]circuit you describe into a test that looks for bias. This isn't
]science - it's faith.
]
](Didn't I killfile him already? Grumble Grumble...)
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 31 Jan 2000 01:22:29 GMT
Reply-To: [EMAIL PROTECTED]
Guy Macon ([EMAIL PROTECTED]) wrote
]In article <8707mg$ege$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Michael
]Kagalenko) wrote:
]
]>
]> Well, your assertions clearly indicate that you do not understand the
]> reason why the drift I am talking about exists. Too bad for Perkin-Elmer
]> and the rest of them; may be, they should have hired someone better.
]> And BTW, jitter has nothing to do with the phenomenon I am describing.
]>
]
]You are right. I don't understand the reason for the drift for the
]same reason that I don't understand the reason for fairies, elves.
]or Unicorns exist. I have never seen such a drift as you describe
]and niether has anyone else (including you!). If it exists it
]is not what you described. If it is what you described, it does
]not exist.
Well, in a word, - nope.
]It is VERY difficult to understand the reason why the drift you are
]talking about exists when it doesn't. There is Jitter, there is
]thermal drift, there is VCC drift, and there is crystal aging,
]there is phase locking through E fields, and a few other effects.
]Of those possibilities, only crystal aging behaves as you describe
](does not "reset" to zero when I turn the power off for 24 hours).
I have told you that the average frequency does not drift. As of now,
I told this about 5 times. But it never hurts to repeat, when dealing
with people who have an apparent reading impairment.
]You have no data. You have no observations. You have never built
]the circuit you describe. You have never fed the resault of the
]circuit you describe into a test that looks for bias. This isn't
]science - it's faith.
]
](Didn't I killfile him already? Grumble Grumble...)
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Subject: Re: Intel 810 chipset Random Number Generator
Date: 31 Jan 2000 01:26:35 GMT
Reply-To: [EMAIL PROTECTED]
Tim Tyler ([EMAIL PROTECTED]) wrote
]Vernon Schryver <[EMAIL PROTECTED]> wrote:
]
]: As far as I know, the only method Mr. Kagalenko has come even slightly
]: close to proposing seemed to involve measuring the drift of a personal
]: computer's clock compared to high precision clocks via the Internet. []
]
]...though it appears that another crystal clock in the same enclosure
]would do almost as well.
As a matter of fact, upon reflection you may be right.
]The temperature fluctuations under discussion are generated at least
]partly by factors internal to the crystals. In other words a shared
]ambient teperature would reduce - but not eliminate - the noise present
]in the crystals.
I am not sure it even reduce it. A calculation needs to be made to answer
that question. Analogy with Brownian particle is more
qualitative than quantitative, but, pursuing it, distance between two
Brownian particles would be random, just like their absolute positions.
Atomic clock may not be necessary after all.
]It's not easy for me to believe that getting random numbers via this route
]would produce a very rapid stream, since crystal oscillators are designed
]to *minimise* the component of random noise.
I agree that the random bits may be slow in coming by this route. But so
far I am seeing blanket denials of the existence of this effect.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
