Cryptography-Digest Digest #243, Volume #9 Tue, 16 Mar 99 19:13:03 EST
Contents:
Re: Self-executing encryption program (EO)
Re: RSA in JavaScript? (Paul Schlyter)
Re: Secure Hash (new idea) (Jim Gillogly)
Re: Certicom Benchmark ([EMAIL PROTECTED])
Re: a-8d~0.2844.5k:-89y (Keith Drake)
Re: a-8d~0.2844.5k:-89y (Keith Drake)
Re: a-8d~0.2844.5k:-89y ("Steven Fisher")
Re: a-8d~0.2844.5k:-89y (Ben Fisher)
----------------------------------------------------------------------------
Date: 16 Mar 1999 18:21:19 -0000
From: EO <Use-Author-Address-Header@[127.1]>
Subject: Re: Self-executing encryption program
=====BEGIN PGP SIGNED MESSAGE=====
Sundial Services wrote ...
<snip>
>So I can't offer a better example but I'm sure hoping someone else
>does. There is a market there. [P.S. My wish-list would be "it
>requires nothing more than DOS to do the decrypt..."]
You might want to wait for Andy Jeffries' proggie. However,
there *are* self-decrypting programs for Windows, some of
which are free. F-Secure Desktop can make self-decrypting
packages and is also free. Downsides for it are that the
sources haven't been published, and it also installs some
other features as well. Once installed, you don't have to
use the additional features though, and they won't get in
the way... Anyway, it's produced outside of the US and uses
non-crippled Blowfish.
You can find it from
http://www.europe.datafellows.com/f-secure/desktop/index.html
- --EO
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of nym.alias.net.
Date: Tue Mar 16 18:21:15 1999 GMT
From: [EMAIL PROTECTED]
=====BEGIN PGP SIGNATURE=====
Version: 2.6.2
iQEVAwUBNu6hH05NDhYLYPHNAQF+ugf9FiIa4Wwz3guGzLtU2K0+fJW4PP4PCZ0x
vVyT21ICyTSyBIau4WtbbalcBqX35pPP5/JTVqrrse0BKT0SYirk5J6zcSGUUTPV
lk2ufOtGrZKokMgYo2I7HerYxZgRVOqlTEpuLtQcPaM036ezrItZZMJI2nRWC3W/
Uhb1vd7GaJjXUahmyqb7YwS6/f7NlRU/p4JZZQRAF1nIAng9urz77bopW1XVEINo
9W3usJjpRdb8Iv646K+7HICl9yjpPdZUzWj6QFLv+MJSrsWmLFDaW6PFFflNiz8H
m4IL6IakOYnXXtliu0X6FGk5n6IyvDTbVTAqiGp+GsyELfJ3GO50Bg==
=eWmA
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: RSA in JavaScript?
Date: 16 Mar 1999 19:51:12 +0100
In article <7cli2a$stv$[EMAIL PROTECTED]>,
Christian Braun <[EMAIL PROTECTED]> wrote:
> I strongly believe, that any implementation of RSA in JavaScript would be
> much too slow! You need to calculate with very large numbers (e.g. powers
> of 1024 bit numbers)!
Well, you don't really compute the full power -- instead you do a
series of modular multiplications: on the average 1.5*n
multiplications, where n is the number of bits in the exponent. Each
multiplication n times n bits produces an intermediate result 2n bits
wide, which is immediately reduced by the modulus to n bits.
But I agree: doing this in Javascript would be much much too slow.
Even Java would be too slow -- the core arithmetic code must here
be in at least C, preferably assembler.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Secure Hash (new idea)
Date: Tue, 16 Mar 1999 12:10:29 -0800
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
> I believe I improved the randomness of the output by using better diffusion in
> the induction part. I have run some simple test (2^20 4-byte tests), and have
> found that all of the symbols have a 0.0039 probability with 0.16% chance of
> error.
You may still have a bias toward 0-bits in SHC2. I changed my test a bit
by checking batches of 2^20 hashes of 20 bytes each from /dev/urandom, using
your 128-bit hashes (32-bit words), and counting the total number of 1-bits
and 0-bits in the output hashes. I ran 10 sets of these. For random
outputs one would expect about half the runs to have more 1-bits, and half
to have more 0-bits. Here's the raw data:
# bytes # 1-bits # 0-bits
16777216 67097046 67120682
16777216 67101232 67116496
16777216 67101852 67115876
16777216 67108746 67108982
16777216 67103882 67113846
16777216 67101924 67115804
16777216 67106912 67110816
16777216 67109890 67107838
16777216 67101648 67116080
16777216 67102914 67114814
In only one run were there more 1-bits than 0-bits. This isn't a clear loser
as were the SHC runs -- 1 out of 10 can happen at random sometimes -- but it
is an eyebrow-raiser that suggests you might want to do more testing.
For comparison, with the same kind of run using SHA-1, 7 out of 10 had more
1-bits, using the first 128 bits of the SHA-1 hash to keep the total number
of bytes constant. For MD5, 4 out of 10 had more 1-bits. Neither of these
raises my eyebrow -- you might want to quantify this more precisely with a
chi-square.
--
Jim Gillogly
Sterday, 24 Rethe S.R. 1999, 19:55
12.19.6.0.9, 4 Muluc 2 Cumku, Ninth Lord of Night
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Certicom Benchmark
Date: Tue, 16 Mar 1999 18:21:18 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Francis Tan) wrote:
> Going back to the benchmark result from Certicom IPSEC implementation
>
> 163 bit ECDH 239 bit ECDH
> Key Generation 4.90ms 9.60ms
> Shared Secret 4.75ms 10.00ms
>
> Does anyone know why the shared secret is faster than the key
> generation in 163 bit ??
Why do you say it is faster? 4.75 vs. 4.90 is virtually the same. I am
sure there is some measurement error. A 3.06% difference is insignificant.
>
> I assume that in key generation, we are performing a scalar
> multiplication of a fixed point, while in shared secret it is a scalar
> multiplication of a random point since the public key can varies.
>
> Shouldn't the key generation be faster since there are numerous
> efficient method of scalar multiplication with precomputations?
Yes. But I doubt whether precomputation was used.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Keith Drake <[EMAIL PROTECTED]>
Crossposted-To:
rec.pets.cats.misc,comp.lang.pascal.delphi.components.misc,rec.humor.oracle.d,rec.sport.rugby.league,alt.prophecies.nostradamus,talk.politics.misc,alt.messianic,alt.prophecies.cayce
Subject: Re: a-8d~0.2844.5k:-89y
Date: Tue, 16 Mar 1999 15:00:03 -0600
<Extremely verbose explanation of the "Facts" of Crist's death, etc cut
into tiny little shreds>
/Somebody/ has WWWWWWAAAAAAAAAAYYYYYYYYYYY too much time on their
hands. Besides, isn't a major part of "faith" in trusting that God
exists even without 'proof.' I'm not sure who this guy is trying to
convince.... us or himself. I didn't realize that boring people to
death was a way to convice them that Jesus Christ is Lord..... hrmph,
maybe I'm Wrong....
Keith "Firm believer, even without the 'devidence'" D.
------------------------------
From: Keith Drake <[EMAIL PROTECTED]>
Crossposted-To:
rec.pets.cats.misc,comp.lang.pascal.delphi.components.misc,rec.sport.rugby.league,alt.prophecies.nostradamus,talk.politics.misc,alt.messianic,alt.prophecies.cayce
Subject: Re: a-8d~0.2844.5k:-89y
Date: Tue, 16 Mar 1999 16:58:24 -0600
<Extremely verbose explanation of the "Facts" of Crist's death, etc cut
into tiny little shreds>
/Somebody/ has WWWWWWAAAAAAAAAAYYYYYYYYYYY too much time on their
hands. Besides, isn't a major part of "faith" in trusting that God
exists even without 'proof.' I'm not sure who this guy is trying to
convince.... us or himself. I didn't realize that boring people to
death was a way to convice them that Jesus Christ is Lord..... hrmph,
maybe I'm Wrong....
Keith "Firm believer, even without the 'devidence'" D.
------------------------------
From: "Steven Fisher" <[EMAIL PROTECTED]>
Subject: Re: a-8d~0.2844.5k:-89y
Date: Tue, 16 Mar 1999 22:21:41 -0000
Crossposted-To:
rec.pets.cats.misc,comp.lang.pascal.delphi.components.misc,rec.humor.oracle.d,rec.sport.rugby.league,alt.prophecies.nostradamus,talk.politics.misc,alt.messianic,alt.prophecies.cayce
Does this mean the Bulls are going to win at Wembley or is Jason Robinson
and Tuigamala trying to convert us ?
Please stay out of our Rugby league group with this tosh
Thanks
Steven
reject wrote in message <[EMAIL PROTECTED]>...
>
>Please read this article very carefully before responding.
>Also, be sure to add "alt.prophecies.nostradamus" and your
Well and truly snipped
------------------------------
From: Ben Fisher <[EMAIL PROTECTED]>
Crossposted-To:
rec.pets.cats.misc,comp.lang.pascal.delphi.components.misc,rec.humor.oracle.d,rec.sport.rugby.league,alt.prophecies.nostradamus,talk.politics.misc,alt.messianic,alt.prophecies.cayce
Subject: Re: a-8d~0.2844.5k:-89y
Date: Tue, 16 Mar 1999 14:05:29 -0800
Keith Drake wrote:
>
> <Extremely verbose explanation of the "Facts" of Crist's death, etc cut
> into tiny little shreds>
>
> /Somebody/ has WWWWWWAAAAAAAAAAYYYYYYYYYYY too much time on their
> hands. Besides, isn't a major part of "faith" in trusting that God
> exists even without 'proof.' I'm not sure who this guy is trying to
> convince.... us or himself. I didn't realize that boring people to
> death was a way to convice them that Jesus Christ is Lord..... hrmph,
> maybe I'm Wrong....
>
> Keith "Firm believer, even without the 'devidence'" D.
GOD: I refuse to prove I exist, for proof denies faith, and without faith,
I am nothing.
Man: But the babelfish is a dead give away...
etc...
Ben
--
Meddle not in the affairs of Dragons | I don't claim to
For you are Crunchy | speak for Intel.
And taste good with Catsup | Yet.
Modify my email address to reply
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
