Cryptography-Digest Digest #287, Volume #9 Fri, 26 Mar 99 04:13:03 EST
Contents:
Re: password ([EMAIL PROTECTED])
Re: RSA key distribution (Michael Sierchio)
Re: On Moduli that are not quite kosher... (Ted Kaliszewski)
Re: Randomness based consciousness?. (Was: Re: *** Where Does The (Aaron-Dirk
Boyden)
Re: Live from the Second AES Conference (Nicol So)
Re: compare RSA and D-Hellman (Scott Fluhrer)
Re: Session key establishment protocol with symmetric ciphers (Thomas Wu)
Re: compare RSA and D-Hellman (Scott Fluhrer)
Re: RNG quality in browsers? ("Sassa")
Re: Crytpo Gurus - Please comment on this sceneario ("Sassa")
Re: My Book: "The Unknowable" ("karl malbrain")
Re: PKI on LINUX (Dean Povey)
Papers on Security and Cryptography ("Jim Press")
Re: RNG quality in browsers? (Dean Povey)
IDEA Encryption (Curious George)
Re: RSA key distribution ("Roger Schlafly")
Re: My Book "The Unknowable" (karl malbrain)
Re: Random Walk (R. Knauer)
Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness Come
From ?!? *** ) ("hapticz")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: password
Date: Thu, 25 Mar 1999 23:06:37 GMT
The sci.crypt newsgroup has been dropped from my uswest.net news server.
Has anyone else had problems like this??
Is there another news server that carries this group??
JK
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Michael Sierchio <[EMAIL PROTECTED]>
Subject: Re: RSA key distribution
Date: Thu, 25 Mar 1999 16:52:29 -0800
Reply-To: [EMAIL PROTECTED]
Roger Schlafly wrote:
> I am sure that "bobs" can help you, but his views on this subject are
> somewhat controversial...
Not all readers of sci.crypt are aware of the history between
Schlafly and RSA, PKP et al. Roger has a bit of an axe to grind,
I'm afraid.
------------------------------
From: Ted Kaliszewski <[EMAIL PROTECTED]>
Subject: Re: On Moduli that are not quite kosher...
Date: Thu, 25 Mar 99 19:53:45 -0500
Yes, this is an exception for all primes can be represented by k*2 +1.
However, if you are so dubious, try something more sensible and verify it
for yourself. Or still, better, give me a 1024-bit modulus that IS a pseudo
prime. I will deliver the factors, charge free and prompto!
------------------------------
Date: Thu, 25 Mar 1999 19:41:31 -0500
From: Aaron-Dirk Boyden <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To:
sci.skeptic,sci.philosophy.meta,sci.psychology.theory,alt.hypnosis,sci.logic
Subject: Re: Randomness based consciousness?. (Was: Re: *** Where Does The
"R. Knauer" wrote:
> I leave you with this quote:
>
> +++++
> "If you want to build a robust universe, one that will never go wrong,
> then you dosn't want to build it like a clock, for the smallest bit of
> grit will cause it to go awry. However, if things at the base are
> utterly random, nothing can make them more disordered. Complete
> randomness at the heart of things is the most stable situation
> imaginable - a divinely clever way to build a universe."
> -- Heinz Pagels
If you built a clockwork universe, there'd be no place for the grit to
come from. Why, then, worry about grit?
--
---
Aaron Boyden
"It is wrong always, everywhere and for anyone, to believe
anything upon insufficient evidence." W. K. Clifford
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: Live from the Second AES Conference
Date: Thu, 25 Mar 1999 20:20:38 -0500
William hugh Murray wrote:
>
> DJohn37050 wrote:
> >
> > Yes, I mention AB encryption (or even more) as Super AES in my paper as a
> > possibility for the paranoid that want to spend the MIPS.
> > Don Johnson
>
> Of course, the value of super-encryption, even 3DES, assumes that
> encryption is the weak link in one's security. Since that is almost
> never the case, why bother? I ask this as a serious question. It seems
> to me that the entire AES effort spends incredible amounts of treasure
> on the easy part of the security problem.
>
> What am I missing?
I see things a little differently. It is true that cryptography is
often not the weakest link of a system, but it has the potential of
becoming it when you start fixing other weak links. When you have fixed
things to a point where all the weak links are approximately equally
difficult to breach, you might be tempted to stop because at that point
strengthening any single link will merely shift the weakest link to
somewhere else. To strengthen security beyond that level, you've got to
start somewhere and you don't want to be limited by the _current_ weak
links. Unless strengthening the cryptography is taking away a
significant amount of resources that could otherwise be used to
profitably strengthen other weak links, doing it is worthwhile (up to a
point).
I don't think we are really spending that much resources on an improved
encryption standard, considering the number of future systems that can
benefit from the effort.
Nicol
------------------------------
From: Scott Fluhrer <[EMAIL PROTECTED]>
Subject: Re: compare RSA and D-Hellman
Date: Fri, 26 Mar 1999 02:07:57 GMT
In article <7denj3$[EMAIL PROTECTED]>,
Scott Fluhrer <[EMAIL PROTECTED]> wrote:
> Although, I thought [pathetically weak defense warning]
>that many composites had quasi-generators, which had elements of order
>phi(N) (although I also know that some composites do not). Looks like it's
>time for me to hit the books again...
Man, I really should learn to hit the books first, and then post. The only
composites that have such "quasi-generators" are composites of the forms
4, p^i and 2*p^j, where p is an odd prime, i>=2 and j>=1
Ok, can I slink away now?
--
poncho
------------------------------
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: Session key establishment protocol with symmetric ciphers
Date: 25 Mar 1999 17:00:42 -0800
Philipp Ineichen <[EMAIL PROTECTED]> writes:
> I'm going to implement a symmetric cipher which encrypts/decrypts the
> traffic between a server and a client. There will be just one user using
> this connection. During the server installation the user will be
> prompted for a password, which will be saved as output of a 128 bit
> one-way hash on a local database.
>
> The client sends a message containing his name to the server. The server
> looks up the client in his database. If the client is in the database,
> the server generates a session key to be used between the client and
> him. The server encrypts that session key with the clients secret key
> (XOR) and sends it to the client. The client now decrypts the message
> and retrieves the session key. The secret key is a 128 bit one-way has
> of his password. This protocol is similar to the Kerberos. Do I miss
> something? Is there a security hole besides that only the password
> proves the identity. Is Kerberos covered by a patent?
There is no forward secrecy in this protocol. Compromising a session key
reveals the password hash. Revealing the password hash compromises all
session keys exchanged while that password was in effect, both past and
future. Then there are problems with dictionary attacks and related-key
attacks (xor-ing two of the server's replies gives you the xor of two
session keys).
Instead of developing an ad-hoc solution, consider using something like
SRP, a well-tested protocol that does exactly what you need, resists all
the attacks mentioned above, and is freely available, with reference C
and Java implementations with full source. <http://srp.stanford.edu/srp/>
--
Tom Wu * finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/srp/
------------------------------
From: Scott Fluhrer <[EMAIL PROTECTED]>
Subject: Re: compare RSA and D-Hellman
Date: Fri, 26 Mar 1999 01:32:04 GMT
In article <7ddla3$ig6$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>In article <7dc30r$[EMAIL PROTECTED]>,
> Scott Fluhrer <[EMAIL PROTECTED]> wrote:
>> In article <7dbvh5$5a9$[EMAIL PROTECTED]>,
>> [EMAIL PROTECTED] wrote:
>
>stuff deleted, most of which was correct, except:
>
>
>>
>> A real reason for making A prime is to make the DLP harder: for composite A,
>> all the attacker does is take the factorization of A
>
>And if A is 1024 bits, (say) please explain how one achieves this
>factorization?
Well, [gulp] yes, that is a problem. I was sort of assuming that the
factorization was publicly known.
>
>The real reason for taking A prime is that we want the exponentiation to
>take place in a cyclic group. i.e. it can be generated by just one element.
Yup, you're right. Although, I thought [pathetically weak defense warning]
that many composites had quasi-generators, which had elements of order
phi(N) (although I also know that some composites do not). Looks like it's
time for me to hit the books again...
>
>
>>, and solve the DLP for
>> each component prime. This is a lot easier than solving the DLP for a
>> similarly sized prime A.
>
>Yes. If the factorization can be obtained. That is a big if.
^^^
Hey! I was at least slightly right!
--
poncho
------------------------------
From: "Sassa" <[EMAIL PROTECTED]>
Crossposted-To: comp.infosystems.www.browsers.misc
Subject: Re: RNG quality in browsers?
Date: Thu, 25 Mar 1999 23:21:13 +0200
Reply-To: [EMAIL PROTECTED]
hi
> It would be wasteful to use 128-bit algorithms if the RNG generating the
> keys has only a 32-bit seed or something stupid like that.
well... if one RNG alone, then indeed, you need 4 bytes to determine initial
random seed. but what if you choose one of, say, 4 32-bit RNGs using fifth
32-bit RNG? i suppose, it will become (32/2)*4 byte sequence?
--
Sassa
Apiary Inc.
______
@()(_)
/\\
[EMAIL PROTECTED]
------------------------------
From: "Sassa" <[EMAIL PROTECTED]>
Subject: Re: Crytpo Gurus - Please comment on this sceneario
Date: Thu, 25 Mar 1999 23:05:52 +0200
Reply-To: [EMAIL PROTECTED]
hi
> The people who do the typing won't type with maximal randomness.
there was a proggie, that was predicting next man's digit:
a human was asked to input a number 0 or 1 several times, randomly. computer
gathered information, and then it guessed what a human will type this time.
according to the real human input, computer corrected its guessing
coefficients. after ~20 steps it guessed humans answer at... mmm.... 60 or
70 percent? probability (i do not remember, it was a little article on
reocgnition). but i am afraid to give you false information.
anyway, human's answers were _pretty_ predictable.
--
Sassa
Apiary Inc.
______
@()(_)
/\\
[EMAIL PROTECTED]
------------------------------
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: My Book: "The Unknowable"
Date: Thu, 25 Mar 1999 17:25:51 -0800
In article <01be644b$81df6a60$a40933ac@W102172>,
"VERDIGRIS" <a@b> wrote:
> > Karl M. wrote:
> >
> > < After looking through your paper: The difference between MATTER
> > < being paramount and INFORMATION being paramount is the difference
> > < between
> >
> > < RANDOM=CHAOS/COMPLEXITY and
> >
> > < RANDOM=INFORMATION*COMPLEXITY.
> >
> > And the reference from Chaitin
> > (http://www.umcs.maine.edu/~chaitin/unknowable/ch7.html)
> > apparently being:
> >
> > [ The conventional view is that matter is primary, and that
> > [ information, if it exists, emerges from matter. But what if
> > [ information is primary, and matter is the secondary phenomenon!
> > [ After all, the same information can have many different material
> > [ representations in biology, in physics, and in psychology: DNA, RNA;
> > [ DVD's, videotapes; long-term memory, short-term memory, nerve
> > [ impulses, hormones. The material representation is irrelevant, what
> > [ counts is the information itself. The same software can run on many
> > [ machines.
> *****
> Verdigris: The 'conventional' view that matter is primary is a materialist
> conception. Information is meaningful data and data is noise which can
> be understood in the context of an information system. Mind is a
> necessary component of information because neither data or information
> can be defined outside the agency of mind. Information is what mind
> understands about matter and is not itself inherent in matter.
>
> Data stands in relation to information as a wff stands in relation to
> an axiomatic system. Noise corresponds to non-wff strings. The
> possibility of wffs depends on the 'random' strings of noise from
> which the wffs are selected according to the metalogical rules.
> The existence of a random field is a prerequisite for the existence
> of information. This chaotic ground becomes divided into the
> comprehensible and the incomprehensible. If the real world is
> like this, then a single theory of everything would be impossible,
> regardless of Godelian theory, because order can only exist in
> the context of the random and the incomprehensible. Mathematically
> this is obvious from any complete but finite random field which contains
> every possible 'order' within itself. The distinction between random and
> ordered in this context ceases to exist, because each string (or
equivalent
> form) has the same status as any other as a possible 'fact'.
> *****
Thank you for the kind reply to my admitedly NON-MATHEMATICAL posting here.
However, from my background, DATA does not derive from a RANDOM field, but
from the application of INFORMATION to MATERIAL THINGS BY SUBJECTS -- e.g.
people.
Under materialism, CHAOS is BROKEN DOWN in order to LIQUIDATE RANDOMNESS
(See the <<equation>> above, the liquidated part being the quotient). It's
the REMAINDER that I'm after. This should read ABILITY to USE -- USEABILITY
is DETERMINED by MATTER'S admittance of INFORMATION -- see an electronics
definition of OPERATIONAL AMPLIFIERS. Karl M
------------------------------
From: [EMAIL PROTECTED] (Dean Povey)
Subject: Re: PKI on LINUX
Date: 26 Mar 1999 02:41:35 GMT
[EMAIL PROTECTED] writes:
>Hi everybody,
>I would like to know whether there is Public Key Infrastructure related
>toolkit available for LINUX like the Microsoft Crypto API available on
>Windows platforms. I would also like to know whether they are available
>whether they are available for free.
>I looked up the sites www.kernel.org and www.linux.org, but they do not have
>any information on this.
Try: http://oscar.dstc.qut.edu.au/, it's free as long as you don't redistribute
it in a product, and it comes with source code. Oscar contains a C++ lib
and utilities to support:
o Generation, signing and verification of X.509 v3 certificates for RSA,
Diffie-Hellman and DSA keys.
o Also supports Cross certificates for shortening certification paths.
o Signatures using RSA with SHA-1, RIPEMD-160, MD5 and MD2 and DSA with SHA-1.
o Also supports the HMAC algorithm, as well as the DES and
SKIPJACK symmetric algorithms.
o Support for PKCS#7 Signatures, Netscape signed key
challenges, and PKCS#10 Certificate Requests.
o PKIX compliant certification path processing
o many standard X.509 certificate and CRL extensions.
o Netscape certificate type extension for use with java
code signing in Netscape, S/MIME email or as an SSL
client certificate.
o Publishing and retrieving Certificates and CRLs in an LDAP directory.
o Storage of private keys in PKCS#8 format encrypted with DES keys using
PKCS#5 password based encryption.
It is currently supported on Solaris 2.x and Linux with egcs-1.0.1 or better.
--
Dean Povey, | e-m: [EMAIL PROTECTED] | Cryptozilla:
Research Scientist | ph: +61 7 3864 5120 | www.cryptozilla.org/
Security Unit, DSTC | fax: +61 7 3864 1282 | Oscar - PKI Toolkit:
Brisbane, Australia | www: security.dstc.edu.au/ | oscar.dstc.qut.edu.au/
------------------------------
From: "Jim Press" <Jim.Press.icl.com>
Crossposted-To: comp.security,comp.security.misc
Subject: Papers on Security and Cryptography
Date: Mon, 22 Mar 1999 14:51:27 -0000
you'll find electronic copies of various papers I've had published at one
time or another at:
http://home.freeuk.net/jpress
Jim Press
------------------------------
From: [EMAIL PROTECTED] (Dean Povey)
Crossposted-To: comp.infosystems.www.browsers.misc
Subject: Re: RNG quality in browsers?
Date: 26 Mar 1999 03:01:38 GMT
Mika Niemi <[EMAIL PROTECTED]> writes:
>Can anyone tell me about the quality of (pseudo) random number
>generators
<snip>
>PGP used to have a method for generating random seeds from the timing of
>users keystrokes. Putting something like this in a browser would be
>more
>convincing to me than some animated lock -icon (Well, maybe now this can
>be done if Netscape has become open source).
At least in the case of the X version, Netscape starts collecting X Events
(mouse movement/clicks, keyboard etc) as soon as it starts up to use as seed
info for the PRNG.
Cheers.
--
Dean Povey, | e-m: [EMAIL PROTECTED] | Cryptozilla:
Research Scientist | ph: +61 7 3864 5120 | www.cryptozilla.org/
Security Unit, DSTC | fax: +61 7 3864 1282 | Oscar - PKI Toolkit:
Brisbane, Australia | www: security.dstc.edu.au/ | oscar.dstc.qut.edu.au/
------------------------------
From: Curious George <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: IDEA Encryption
Date: Thu, 25 Mar 1999 23:03:56 +0100
Where can I find a source code of IDEA Encryption? Is IDEA the
strongest encryption right now?
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: RSA key distribution
Date: Thu, 25 Mar 1999 22:29:24 -0800
Michael Sierchio wrote in message <[EMAIL PROTECTED]>...
>Not all readers of sci.crypt are aware of the history between
>Schlafly and RSA, PKP et al. Roger has a bit of an axe to grind,
>I'm afraid.
That wasn't the reason for my message, but in the interests of full
disclosure ...
RSADSI is currently suing me. Its allegations are baseless, so perhaps
it is just retaliation for the lawsuit I brought against it. Some
information
is available at:
http://bbs.cruzio.com/~schlafly/pkp.htm
(I hope to update it shortly. Currently there are some settlement
discussions.)
I don't know whether requiring strong primes is in RSADSI's business
interests or not. Either way, the issue is controversial.
------------------------------
From: karl malbrain <[EMAIL PROTECTED]>
Subject: Re: My Book "The Unknowable"
Date: Thu, 25 Mar 1999 22:08:20 GMT
In article <01be644b$81df6a60$a40933ac@W102172>,
"VERDIGRIS" <a@b> wrote:
> > Karl M. wrote:
> >
> > < After looking through your paper: The difference between MATTER
> > < being paramount and INFORMATION being paramount is the difference
> > < between
> >
> > < RANDOM=CHAOS/COMPLEXITY and
> >
> > < RANDOM=INFORMATION*COMPLEXITY.
> >
> > And the reference from Chaitin
> > (http://www.umcs.maine.edu/~chaitin/unknowable/ch7.html)
> > apparently being:
> >
> > [ The conventional view is that matter is primary, and that
> > [ information, if it exists, emerges from matter. But what if
> > [ information is primary, and matter is the secondary phenomenon!
> > [ After all, the same information can have many different material
> > [ representations in biology, in physics, and in psychology: DNA, RNA;
> > [ DVD's, videotapes; long-term memory, short-term memory, nerve
> > [ impulses, hormones. The material representation is irrelevant, what
> > [ counts is the information itself. The same software can run on many
> > [ machines.
> *****
> Verdigris: The 'conventional' view that matter is primary is a materialist
> conception. Information is meaningful data and data is noise which can
> be understood in the context of an information system. Mind is a
> necessary component of information because neither data or information
> can be defined outside the agency of mind. Information is what mind
> understands about matter and is not itself inherent in matter.
>
> Data stands in relation to information as a wff stands in relation to
> an axiomatic system. Noise corresponds to non-wff strings. The
> possibility of wffs depends on the 'random' strings of noise from
> which the wffs are selected according to the metalogical rules.
> The existence of a random field is a prerequisite for the existence
> of information. This chaotic ground becomes divided into the
> comprehensible and the incomprehensible. If the real world is
> like this, then a single theory of everything would be impossible,
> regardless of Godelian theory, because order can only exist in
> the context of the random and the incomprehensible. Mathematically
> this is obvious from any complete but finite random field which contains
> every possible 'order' within itself. The distinction between random and
> ordered in this context ceases to exist, because each string (or equivalent
> form) has the same status as any other as a possible 'fact'.
> *****
Thank you for the kind reply to my admitedly NON-MATHEMATICAL posting here.
However, from my background, DATA does not derive from a RANDOM field, but
from the application of INFORMATION to MATERIAL THINGS BY SUBJECTS -- e.g.
people.
Under materialism, CHAOS is BROKEN DOWN inorder to LIQUIDATE RANDOMNESS (See
the <<equation>> above, the unusable part being the dividend). It's the
REMAINDER that I'm after. This should read ABILITY to USE -- USEABILITY is
DETERMINED by MATTER'S admittance of INFORMATION -- see an electronics
definition of OPERATIONAL AMPLIFIERS. Karl M
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random Walk
Date: Thu, 25 Mar 1999 22:23:52 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 25 Mar 1999 21:53:50 GMT, Dave Knapp <[EMAIL PROTECTED]> wrote:
>Geez, you've got a lot of gall.
No, you took my comment out of context.
But I really do not care what you think of me - your comment alone
tells me all I need to know about you.
>You refuse to read even the most basic book on statistics,
Who says I refuse any such thing? And who says that I have not already
read such books? You are being very presumptious.
> but presume that your understanding of Kolmogorov is
>perfect and that everyone should bow down to it, despite your daily
>demonstration that you have NO understanding of statistics or
>probability.
If you don't like my posts, then feel free not to read them.
>I wonder why nobody takes you seriously?
Actually many people take what I post seriously. The proof of that is
that the threads are active.
Bob Knauer
"Outside of the killings, Washington D.C. has one of the lowest
crime rates in the country".
-- Marion Barry, Mayor of Washington D.C.
------------------------------
From: "hapticz" <[EMAIL PROTECTED]>
Subject: Re: Randomness based consciousness?. (Was: Re: *** Where Does The
Randomness Come From ?!? *** )
Date: Fri, 26 Mar 1999 03:12:31 -0500
Crossposted-To:
sci.skeptic,sci.philosophy.meta,sci.psychology.theory,alt.hypnosis,sci.logic
when the other universes become involved, "grit" is introduced. concept of
"purity" is mans own narrowed perceptions of the universe.
an open mind is a terrible thing to waste!
religion relies on absolute power of single theories, leaving all too many
other realities in the lurch.
--
best regards
[EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
