Cryptography-Digest Digest #275, Volume #9 Wed, 24 Mar 99 07:13:03 EST
Contents:
Re: Random Walk (R. Knauer)
Re: Limitations of testing / filtering hardware RNG's (Jim Gillogly)
Re: Symmetric vs. public/private (Bryan Olson)
Re: Testing Algorithm (hash) ("Sam Simpson")
Re: password ("Douglas A. Gwyn")
references for RC-5 ("Mark Hammell")
compare RSA and D-Hellman ([EMAIL PROTECTED])
Re: Live from the Second AES Conference (wtshaw)
Computer Security Education ([EMAIL PROTECTED])
Re: RSA key distribution ("Roger Schlafly")
Re: On Moduli that are not quite kosher... (Bryan Olson)
Re: password (Mark Carroll)
large big huge numbers ([EMAIL PROTECTED])
Re: references for RC-5 ([EMAIL PROTECTED])
Re: compare RSA and D-Hellman ([EMAIL PROTECTED])
ORYX algorithm ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random Walk
Date: Wed, 24 Mar 1999 01:33:13 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 23 Mar 1999 23:24:32 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>It is hard to judge a citation out of context, but certainly
>this does not contradict what Trevor said (which is correct).
Then read the book. When you have, come back and tell us your opinion.
Until then, your comments are just more snake oil.
>What Feller seems to be saying is that the particular system
>is not ergodic.
Ergodicitiy has nothing to do with crypto-grade randomness. You are
just trying to obfuscate the issue with buzz words.
>Also that "common sense" can lead one astray,
>but I think we all know that.
Apparently many people do not.
>We're not talking about the experts, we're talking about R. Knauer.
No, we are talking about the experts. I am just the messenger.
I am not so presumptious to claim that I am an expert. That gives me a
decided advantage over those who claim that they are experts, but who
are really not. For one thing, I can expose them for the fakes they
are.
>I don't know about Trevor, but I *have* read many of Kolmogorov's
>writings. None of them have contradicted what Trevor said.
>(And I would be surprised if they did, since I expect Kolmogorov
>to know better.)
Your expectations are of no value. All you are doing is more
blustering and more pontification.
It is noteworthy that all you have done since you joined these
discussions is to spout a bunch of stupid buzz words. Why not engage
in the discussion with honest commentary that shows that you have a
command of the issues.
>To the contrary, Trevor knows that one should understand a
>subject before attempting to work in it.
Then he should take his own advice.
>I will say that
>many introductory statistics books aren't very good and
>may even make erroneous statements from time to time.
>I don't recall Triola making this particular error (that
>statistical tests assume an infinite sample)
I never said that statistical test in general require an infinite
sample - you are trying to put words in my mouth.
I said that statistical tests for randomness assume infinite
sequences. That is a completely different thing that what you claim I
said.
Infinite sequences require a continuous sample space, and finite
sequences are sampled from a discrete sample space. Do you have any
idea what that means?
>when I helped
>a student using that text last summer, and it's the sort
>of "howler" that I would have noticed.
Oh - you're an academic. You are used to bullshitting students.
Now I know what your problem is. <jeez>
Bob Knauer
"Mistrust those in whom the impulse to punish is strong."
--Friedrich Nietzsche
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Limitations of testing / filtering hardware RNG's
Date: Thu, 11 Mar 1999 10:32:43 -0800
Reply-To: [EMAIL PROTECTED]
I started replying to Patrick Juola's message (with which I agree) to add
a couple of points, but couldn't stomach the HTML. Trevor, <do> turn it
off for Usenet!
> > > R. Knauer wrote:
> > > > If you filter the output as you suggest, then the TRNG is no longer
> > > > proveably secure in principle.
> > Trevor Jackson, III wrote:
> > > Show me the leak. Otherwise stop repeating this nonsense.
> Jim Gillogly wrote:
> > OK. Just to be definite, let's assume that [you filter the TRNG
> > stream so that] there will never be a run of 8 0-bits in a row.
> >
> > We now have a message coming in. The ciphertext starts "YNAQJ BFPGD".
> > ... I can tell with certainty that this message did not
> > start with "YES" or "INREP LYTOY".
Trevor Jackson, III wrote:
> In principle (theory) you are correct. However, in practice it is
> meaningless. Consider the 10 character message that you used as an example.
> A perfect OTP would allow any plsible decruption of those 10 characters or
> N^10 possible decryptions where N is 64 or 256 depending on your alphabet.
> Let's say N=64 to give you the maximum benefit of the doubt.
I don't care what N is. Let's call it 26 for the purpose of exposition.
The point of a OTP is that it leaks no information. As soon as you let
it leak even one bit ("this letter is not a Y"), you lose all the theorems
and you must start being careful. Let's make my example even more pointed.
You are the chairman of the Federal Reserve of the Duchy of Florin, and
each day you send a message to all 100 branches of the Federal Reserve
bank, each of which has its own OTP to talk to you. The message is
one of "UPXX", "DOWN", or "EVEN". I have tapped your outgoing line. If
I can tell which way you're moving the interest rate before it reaches
the Florinese bourse, I get rich.
If you're using a true OTP with each of the branches, I'm out of luck. I
can see that you've sent 100 4-letter messages, and that's all. If one of
the messages says "DOWN", I shrug, since I know it was by chance. If you're
filtering as hypothesized above, I win almost every day with a simple
positional frequency count, because the 100 messages will have at most 25
letters in each of the four positions. It's a near certainty that one of
the letters of the other messages will appear in one or more positions of
the ciphertext, and I'll be able to eliminate those messages.
When you muck about with your TRNG stream this way, you lose all the
theorems about infallibility, and have to start doing other things to
achieve "acceptable" levels of confidence. You're then talking about
"good enough" rather than "perfect security".
OTP is a special case. If you muck with it, you must redo the analysis.
> > Filtering the TRNG stream in the way you suggest (eliminating runs
> > of 0's or 1's) breaks this assumption.
>
> In theory yes. In practice no. Try it yourself. Set up a filter allowing
> only the best 50% of pads and show that it "breaks" the cipher.
A cipher need not be read completely in order to leak some information.
A OTP does not leak any information other than a bound on the length.
--
Jim Gillogly
19 Rethe S.R. 1999, 18:02
12.19.6.0.4, 12 Kan 17 Kayab, Fourth Lord of Night
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Symmetric vs. public/private
Date: Tue, 23 Mar 1999 18:48:39 -0800
"Bo D�mstedt" wrote:
> It doesn't matter if you use pubic key encryption
> or symmetrical (secret key) encryption. You still have
> to distribute the keys securely. To do that efficiently you
> need a key distribution centre. The centre is called a key
> signing authority if you use public key encryption .
What do you mean by "securely"? Do you mean with authentication,
privacy or both?
Of course if "securely" means something different in the case
of public key distribution from what it means in the case of
secret key distribution, then the "doesn't matter" claim is
nonsense.
--Bryan
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: Testing Algorithm (hash)
Date: Mon, 22 Mar 1999 11:43:20 -0000
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
[EMAIL PROTECTED] wrote in message
<7d1arb$61t$[EMAIL PROTECTED]>...
>
>> _Applied Cryptography_ is an excellent b-day present. Whomever it
is
>> that's giving it to you has good taste. :-)
>
>Well I hope my mother will pick it up for my 17th (April 7th :) ).
It
seems
>kinda nerdish, but hey it's what I like :)
Happy bd in advance!
>BTW, is that book really that good? I have only heard good things
about
it,
>which is why I want to get it. Is there anything I should know about
it
>first? (Any errata?)
It's a reasonably good book - and is perfect for inspiring people.
Problem is, some people quote it as if it were gospel - forgetting
that the
book is now 3 or 4 years out of date....You need to read crypto
journals in
order to obtain a more up-to-date picture.
If AC captures your imagination, then you will simply have to buy
Handbook
of Applied Cryptography by A.J.Menezes, P.C.van Oorschot &
S.A.Vanstone.
This book is harder to get into but contains far more detail than
AC2.
Regards,
- --
Sam Simpson
Comms Analyst
http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi
Crypto Components. PGP Keys available at the same site.
If you're wondering why I don't reply to Sternlight, it's because
he's kill
filed. See http://www.openpgp.net/FUD for why!
=====BEGIN PGP SIGNATURE=====
Version: 6.0.2ckt http://members.tripod.com/IRFaiad/
iQA/AwUBNvYsxu0ty8FDP9tPEQKnEQCfSXJN8deYtpxXYkw5I5pjwUowDzgAniuF
z1Hg0FLM5IySkkjgJYypHmjc
=h+9u
=====END PGP SIGNATURE=====
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: password
Date: Wed, 24 Mar 1999 01:50:45 GMT
Anthony King Ho wrote:
> In plain UNIX C, is there a way to display * as user enter password as
> input, or blank the input just like the UNIX logon does?
If I understand you correctly, you want to write a C function
for a UNIX system that will prompt the user for a password
and avoid echoing the characters that the user types.
Modern UNIX systems have the getpass() library function for this:
#include <unistd.h>
password = getpass("Password:");
There may also be a similar getpassphrase() function.
------------------------------
From: "Mark Hammell" <[EMAIL PROTECTED]>
Subject: references for RC-5
Date: 24 Mar 1999 04:42:17 GMT
To whomever may read this:
I am working on preliminary research for a brief paper I am to write for an
undergrad. course in cryptography. I would like to know if any one has any
good links, references, books, papers, general literature, etc.. on RC-5. I
am not too concerned with the variation (eg RC-56, RC-64), I am more
concerned with trying to understand it's inner workings, why it's safe, and
it's specific mathematical properties and conditions.
If you have some info, just drop me a line. Thanks in advance.
-Mark
--
Mark K. Hammell
RC Box 0306
28 Westhampton Way
University of Richmond, VA 23173
ph: 804.662.3083
mailto:[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: compare RSA and D-Hellman
Date: Wed, 24 Mar 1999 05:24:43 GMT
hi
sorry, if this is duplicate message - i've got an error with news-server.
i wonder, if there was ever found any weakness in Diffie-Hellman's algorithm
(yes, that old-old algorithm :).
i know it as SKIP algorithm, but i am not sure if it is a common name for
it. ( you know, shared_secret = a^(p*q) mod n )
i suppose, there was found some weakness, or why should they have to develop
RSA? for this so called "skip" algorithm is much-much more easy to
implement. and it seems to me to be not the less strong.
i did not use any software, endrypting with RSA, so i'd like to know, how
fast it enciphers.
thanks for any reply.
--
Sassa
Apiary Inc.
______
@()(_)
/\\
[EMAIL PROTECTED]
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Live from the Second AES Conference
Date: Tue, 23 Mar 1999 23:41:52 -0600
In article <7d6q7j$mvs$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> This point was made dramatically clear by the next speaker, IBM's
> Pankaj Rohatgi...... He surveyed all 15 candidates declaring them
all unfit.
I maintian that the criteria were written in order to prevent a really
strong cipher from getting much consideration. It is refreshing to see
this statement actually being made.
.....
>
> So who will make it to the second round? No idea.
>
Thanks for your report
--
If I have not offended you lately, be patient as I will probably get a round to it.
As a critic, I am probably duty bound to say things that I otherwise would not if I
were trying to butter people up; is honesty the best policy, or just politically
correct at certain times?
------------------------------
From: [EMAIL PROTECTED]
Subject: Computer Security Education
Date: Wed, 24 Mar 1999 03:28:26 GMT
Good afternoon,
My name is Geoff Whittington and I am soon graduating from U of Waterloo, in
Canada with a Joint Honours Computer Science, Combinatorics & Optimization,
Co-op degree. I am interested in computer security including cryptography.
I have the privelage of being a student in Professor Scott Vanstone's
cryptography course.
I would like to learn about the other aspects of computer security - is there
an educational institution that can facilitate my wish?
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: RSA key distribution
Date: Tue, 23 Mar 1999 23:53:32 -0800
[EMAIL PROTECTED] wrote in message <7d89rr$u8u$[EMAIL PROTECTED]>...
>In article <01be7519$3e375b40$[EMAIL PROTECTED]>,
> "dino" <[EMAIL PROTECTED]> wrote:
>> Hi everyone
>> my customer asked me to assure him about uniform distribution of RSA
keys.
>> Can anyone help me?
>
>Sure. What would you like to know?
>
>email me.
I am sure that "bobs" can help you, but his views on this subject are
somewhat controversial. He helped the ANSI X9.31 committee adopt
a complicated construction for RSA keys, even though many experts
believe that the construction adds nothing of any value over a simple
random choice method.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: On Moduli that are not quite kosher...
Date: Wed, 24 Mar 1999 02:09:53 -0800
Ted Kaliszewski wrote:
> Still on the subject of moduli that are products of two primes
> but are readily factored:
[...]
> Recently, I have identified
> a rather neat and, apparently, novel method that will generate such
> moduli and also moduli that are evidently not pseudoprimes but still
> easily factored.
> Here is a recipe for generating such moduli:
> 1. Choose a prime p0, called a generator prime, of a desired
> size,
> 2. Construct a prime p1 = k1*p0 + 1
> 3. Construct a prime p2 = k2*p0 + 1, k1, k2 -even integers
> 4. Construct a modulus n = p1 * p2
[...]
I'm skeptical of this amazing claim. Can you factor,
1555019265662279955579865924999352179660783776980219226795021289047
6638023568155098398296209614936940782369410214807767428105972157615
8882128854634374054976108987191441608631172213633272426171234290471
3372542797588588924258330824013808353547208737660021946496785945401
97728702261831713156266052132579313130529 ?
It's a number of typical RSA modulus size, 1024 bits, but I
constructed it using the procedure quoted above. The desired size
of p0 was two bits.
--Bryan
------------------------------
From: [EMAIL PROTECTED] (Mark Carroll)
Subject: Re: password
Date: 24 Mar 1999 11:46:56 +0000 (GMT)
In article <[EMAIL PROTECTED]>,
Anthony King Ho <[EMAIL PROTECTED]> wrote:
(snip)
>In plain UNIX C, is there a way to display * as user enter password as
>input, or blank the input just like the UNIX logon does?
(snip)
It might be worth seeing how ssh does it, as the code is available and
somewhat commented, and it compiles on a variety of Unices.
-- Mark
------------------------------
From: [EMAIL PROTECTED]
Subject: large big huge numbers
Date: Wed, 24 Mar 1999 11:40:42 GMT
Is 'peasant russian exponents' the fastest way to calc x^y with big numbers?
Also what is a quick algorithm for calculating if a big number is prime?
Thanks,
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: references for RC-5
Date: Wed, 24 Mar 1999 11:38:44 GMT
> I am working on preliminary research for a brief paper I am to write for an
> undergrad. course in cryptography. I would like to know if any one has any
> good links, references, books, papers, general literature, etc.. on RC-5. I
> am not too concerned with the variation (eg RC-56, RC-64), I am more
> concerned with trying to understand it's inner workings, why it's safe, and
> it's specific mathematical properties and conditions.
You can pick up the source code for RC4/5/6 at
http://members.tripod.com/~tomstdenis/crypto.htm
Also goto Dr Rivests page at:
http://theory.lcs.mit.edu/~rivest/
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: compare RSA and D-Hellman
Date: Wed, 24 Mar 1999 11:36:47 GMT
<snip>
DH is the a^(x*y). However DH is not an encryption algorithm. The goal of DH
is to share a secret number (key).
RSA is C = P^e mod PQ, and has the inverse exponent P = C^d mod PQ, where 'd'
and 'e' are discrete-inverses.
The only weakness in public key systems are imposters. For example in DH,
person A wants to talk to person B, but must go thru person C. Person C could
pretend to be the other person.. i.e
ideal:
A --> C --> B
A <-- C <-- B
man-in middle attack: When A tries to send to B, C pretends he is B. But
still relays the info to B. When C sends to B he pretends he is A. etc...
You can do the same with RSA.
A ---> C ---> B (with RSA key of A)
With rsa key of B A <--- C <--- B
Attack:
A --> C ----> B (key of C)
With key of C A <--- C <---- B
Etc...
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: ORYX algorithm
Date: Wed, 24 Mar 1999 11:59:39 GMT
I read the paper on ORYX cracking. Pretty neato. However I noticed a grave
error (?) and I would like some feedback.
It states under cipher-text only you can still crack it if you know the
original statistics of the plaintext. I.e text or voice data. The problem
is, a) you don't know the plaintext and can't guess at it's statistics, and
b) what is the plaintext is compressed?
Does anybody have a paper on ORYX (like the original) I only have the analysis
paper.
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
