Cryptography-Digest Digest #288, Volume #9 Fri, 26 Mar 99 11:13:05 EST
Contents:
Re: compare RSA and D-Hellman ("Sassa")
Re: compare RSA and D-Hellman ("Sassa")
Tripple DES key length. (OlafP)
Re: password (Mark Carroll)
Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness
Come From ?!? *** ) (R. Knauer)
Re: RSA key distribution (Paul Rubin)
Factorising large numbers ([EMAIL PROTECTED])
Re: Factorising large numbers - Correct reply address (Martin Sykes)
"WHAT�S THAT ROTTEN SMELL IN PHOENIX?"...We need your help! ([EMAIL PROTECTED])
Re: PKI on LINUX (Matthias Bruestle)
Re: Crytpo Gurus - Please comment on this sceneario (Matthias Bruestle)
Re: Live from the Second AES Conference (Volker Hetzer)
Re: RNG quality in browsers? (Mika Niemi)
Re: Crytpo Gurus - Please comment on this sceneario (Patrick Juola)
Re: Random Walk (Patrick Juola)
Re: IDEA Encryption (Sundial Services)
Assymetry cryptography is dead :)) ("Arthur")
Re: Random Walk ("Trevor Jackson, III")
Re: PKI on LINUX (Peter Gutmann)
Re: Factorising large numbers (Jim Gillogly)
Re: Live from the Second AES Conference ("Trevor Jackson, III")
----------------------------------------------------------------------------
From: "Sassa" <[EMAIL PROTECTED]>
Subject: Re: compare RSA and D-Hellman
Date: Fri, 26 Mar 1999 10:45:23 +0200
Reply-To: [EMAIL PROTECTED]
> See IEEE P1363.
thank you.
where can i find it on the net?
--
Sassa
Apiary Inc.
______
@()(_)
/\\
[EMAIL PROTECTED]
------------------------------
From: "Sassa" <[EMAIL PROTECTED]>
Subject: Re: compare RSA and D-Hellman
Date: Fri, 26 Mar 1999 10:42:52 +0200
Reply-To: [EMAIL PROTECTED]
hey, it seems you've rambled a bit,
so, i'll type my question again:
0. define A = 2^(128*8) = '1' and 128 zero bytes.
1. choose random 128 byte g and distribute it to the second party.
2. first party generates random x.
3. second party generates random y.
4. parties exchange g^x mod A and g^y mod A respectively.
5. now they can exchange messages, encrypted with
shared_secret key= g^(x*y) mod A
will it be easy for the third party knowing g, A, g^x mod A and g^y mod A
to calculate x and y? or maybe there exists z that g^(x*y) mod A= g^(x*z)
mod A if A is not prime or it does not accord to any other restriction?
as you see, factorization of A is obvious...
(if i understand 'factorization' term ok :)
i hope that....
--
Sassa
Apiary Inc.
______
@()(_)
/\\
[EMAIL PROTECTED]
------------------------------
From: OlafP <[EMAIL PROTECTED]>
Subject: Tripple DES key length.
Date: Fri, 26 Mar 1999 11:09:46 +0100
Hi everyone,
I've been looking through various websites and FAQ about DES encryption.
Unfortunately, still something isn't quite clear to me regarding tripple-DES
encryption. I know there are various modes, but what is considered to be
(legally) the keylength when using tripple DES ? Is it considered as a
specific key, tripple-DES-56 or is it considered as a 168 bit keylength ?
Any reference on the web where I can find that info would also be very
welcome.
Thanks,
Olaf
------------------------------
From: [EMAIL PROTECTED] (Mark Carroll)
Subject: Re: password
Date: 26 Mar 1999 11:02:57 +0000 (GMT)
In article <7defhl$bjn$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>The sci.crypt newsgroup has been dropped from my uswest.net news server.
):
>Has anyone else had problems like this??
Probably.
>Is there another news server that carries this group??
http://www.jammed.com/newzbot-cgi-bin/group-search.pl?group=sci.crypt
may be what you want, ethical considerations aside.
-- Mark
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Crossposted-To:
sci.skeptic,sci.philosophy.meta,sci.psychology.theory,alt.hypnosis,sci.logic
Subject: Re: Randomness based consciousness?. (Was: Re: *** Where Does The
Randomness Come From ?!? *** )
Date: Fri, 26 Mar 1999 11:06:27 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 25 Mar 1999 19:41:31 -0500, Aaron-Dirk Boyden
<[EMAIL PROTECTED]> wrote:
>If you built a clockwork universe, there'd be no place for the grit to
>come from. Why, then, worry about grit?
As everyone knows: "Grit Happens"
Bob Knauer
"Outside of the killings, Washington D.C. has one of the lowest
crime rates in the country".
-- Marion Barry, Mayor of Washington D.C.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: RSA key distribution
Date: Fri, 26 Mar 1999 11:11:19 GMT
In article <7df9gn$655$[EMAIL PROTECTED]>,
Roger Schlafly <[EMAIL PROTECTED]> wrote:
>I don't know whether requiring strong primes is in RSADSI's business
>interests or not. Either way, the issue is controversial.
Let me guess. RSADSI has a patent on the method of generating these
supposedly strong primes. So in order to follow the standard, you
have to license from them. How convenient?
------------------------------
From: [EMAIL PROTECTED]
Subject: Factorising large numbers
Date: Fri, 26 Mar 1999 11:25:46 GMT
Hi,
This is my first time here. A while ago I had an idea for
factorising large numbers which I haven't seen anyone mention anywhere
so I thought I'd run it past you all.
The basic idea is as follows. Suppose we want to factorise 21.
We can see that it ends with a 1 so we can deduce that the two factors
of it must end with either 1,1 (twice) 3,7 , 7,3 or 9,9(twice).
That is, 6 combinations out of 100 so we can immediately throw away
94% of the search space. This can then be carried on to the second
from last digit and so on. I've implemented a version which converts
the numbers to binary and works on them before converting the answers
back because I think it gives me a slight edge over doing it in
decimal.
I can give anyone the code (C++) if they want it although its a bit
messy and I've got a lot more ideas for optimising it which I haven't
implemented yet. I tested it on MSVC5 as a console application and it
works quite nicely. I've tested it on a few numbers and it seems to
get better as the numbers get bigger. As an aside, does anyone have a
large number (prime x prime) which I could test it on?
Martin Sykes
------------------------------
From: [EMAIL PROTECTED] (Martin Sykes)
Subject: Re: Factorising large numbers - Correct reply address
Date: Fri, 26 Mar 1999 11:31:46 GMT
Whoops, it should be [EMAIL PROTECTED], not [EMAIL PROTECTED] I just
copied his news reader and forgot to change the profile.
------------------------------
From: [EMAIL PROTECTED]
Subject: "WHAT�S THAT ROTTEN SMELL IN PHOENIX?"...We need your help!
Date: Thursday, 25 Mar 1999 20:09:59 -0600
Reply-To: [EMAIL PROTECTED]
"WHAT�S THAT ROTTEN SMELL IN PHOENIX?" That�s the title of a featured story in TIME
Magazine
http://cgi.pathfinder.com/time/magazine/1998/dom/981123/special_report.corporat5a.html
(11/23/98 issue) and the reason TIME came to Phoenix to find out why a BRILLIANT grass
roots group is making such a big stink about an even bigger one. BLATANT air
pollution, toxic spills, illegal zoning, corporate welfare from a single huge SUMITOMO
SITIX factory smack dab in the middle of a residential area! Our relentless group has
won every single legal battle against them. We are ready to go to trial for certain
victory, EXCEPT, we just don�t have enough money! Don�t let another corporate giant
get away with bullying another innocent neighborhood. PLEASE DONATE. We need your
help! Any contribution over $50.00 will be returned to donor when we win and should
we collect our legal fees.
Please send donations to Sumitomo Legal Fund, Citizen's Environmental Awareness
League, P.O. Box 30333, Phoenix, AZ 85046-0333. Please include your name and address
if you want your donation returned when we collect our legal fees.
For more information about our orgainziation and our fight please visit our web site
at http://www.ceal.com.
&o.@""
------------------------------
From: [EMAIL PROTECTED] (Matthias Bruestle)
Subject: Re: PKI on LINUX
Date: Fri, 26 Mar 1999 09:07:39 GMT
Mahlzeit
[EMAIL PROTECTED] wrote:
> I would like to know whether there is Public Key Infrastructure related
> toolkit available for LINUX like the Microsoft Crypto API available on
> Windows platforms. I would also like to know whether they are available
> whether they are available for free.
Have you looked at SSLeay (OpenSSL) or cryptlib?
Mahlzeit
endergone Zwiebeltuete
--
PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
--
Die Grauheit wird jetzt demokratisiert.
-- Joerg Kachelmann
------------------------------
From: [EMAIL PROTECTED] (Matthias Bruestle)
Subject: Re: Crytpo Gurus - Please comment on this sceneario
Date: Fri, 26 Mar 1999 09:06:20 GMT
Mahlzeit
Sassa ([EMAIL PROTECTED]) wrote:
> a human was asked to input a number 0 or 1 several times, randomly. computer
> gathered information, and then it guessed what a human will type this time.
> according to the real human input, computer corrected its guessing
> coefficients. after ~20 steps it guessed humans answer at... mmm.... 60 or
> 70 percent? probability (i do not remember, it was a little article on
> reocgnition). but i am afraid to give you false information.
> anyway, human's answers were _pretty_ predictable.
I would say 60-70% are pretty unpredictable. It is more on the
random guessing side (50%) than on the prediction side. To adjust
for this little loss, you could account each number a randomness
of a halve bit.
Mahlzeit
endergone Zwiebeltuete
--
PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Live from the Second AES Conference
Date: Fri, 26 Mar 1999 14:43:29 +0100
[EMAIL PROTECTED] wrote:
>
> Here is my report on the second and last day of AES2.
First, thanks.
>
> So who will the winner(s) be? No idea. Many people expressed the
> opinion that this may indeed not be a fully technical choice. For
> example, it is difficult to imagine the main AES chosen by NIST
> for the US government could be a foreign cipher.
Yeah, and then restricting export to the very country they got the
algorithm from.
BTW, thanks to any non-US cryptographers who overcame any possible grudges against
the US gvt. and participated anyway. I really hope the US gvt. honors this
by finally abandoning those stupid export restrictions.
Volker
------------------------------
From: Mika Niemi <[EMAIL PROTECTED]>
Crossposted-To: comp.infosystems.www.browsers.misc
Subject: Re: RNG quality in browsers?
Date: Fri, 26 Mar 1999 07:50:21 -0600
Dean Povey wrote:
> At least in the case of the X version, Netscape starts collecting X Events
> (mouse movement/clicks, keyboard etc) as soon as it starts up to use as seed
> info for the PRNG.
I take it then that key management is not really part of BSAFE? Too bad.
Anyway, at least Netscape has its source available, so this kind of
thing
can be checked for.
Mika Niemi
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Crytpo Gurus - Please comment on this sceneario
Date: 26 Mar 1999 09:09:10 -0500
In article <[EMAIL PROTECTED]>,
Matthias Bruestle <[EMAIL PROTECTED]> wrote:
>Mahlzeit
>
>
>Sassa ([EMAIL PROTECTED]) wrote:
>
>> a human was asked to input a number 0 or 1 several times, randomly. computer
>> gathered information, and then it guessed what a human will type this time.
>> according to the real human input, computer corrected its guessing
>> coefficients. after ~20 steps it guessed humans answer at... mmm.... 60 or
>> 70 percent? probability (i do not remember, it was a little article on
>> reocgnition). but i am afraid to give you false information.
>
>> anyway, human's answers were _pretty_ predictable.
>
>I would say 60-70% are pretty unpredictable.
Depends on the use; for some applications that would be pretty bad.
Also, remember that this is gained on only about 20 bits of training
data. What could the computer do at 200 bits? 2000?
-kitten
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Random Walk
Date: 26 Mar 1999 09:05:57 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On 25 Mar 1999 10:09:28 -0500, [EMAIL PROTECTED] (Patrick Juola)
>wrote:
>
>>It's a gamble.
>
>Which in some instances is unacceptable.
>
>If someone hired you to build a cryptosystem that could not be broken,
>and threatened you with death if it did get broken, I suspect that
>unless you are suicidal, you will not gamble.
No, I wouldn't take the job.
>>If you're completely risk-averse, then you won't
>>accept *any* degree of uncertainty.
>
>The problem is not in the willingness or unwillingness of accepting
>any degree of uncertainty.
>
>The problem is in accepting an unknown amount of uncertainty.
That's where "expert judgement" comes in. In my "expert judgement,"
I don't want that job and I won't take it.
-kitten
------------------------------
Date: Fri, 26 Mar 1999 07:27:18 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: IDEA Encryption
Curious George wrote:
>
> Where can I find a source code of IDEA Encryption? Is IDEA the
> strongest encryption right now?
Let's keep a sense of perspective here: nearly all the "real" crypto
systems you're reading about are extremely strong, as long as they are
properly applied. And that, of course, is the linchpin of it all. The
weak link is when the systems are used by humans.
------------------------------
From: "Arthur" <[EMAIL PROTECTED]>
Subject: Assymetry cryptography is dead :))
Date: Fri, 26 Mar 1999 17:27:55 +0300
Try this one, please: 4731083528105746283956593479028465928745473.
------------------------------
Date: Fri, 26 Mar 1999 10:04:57 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Random Walk
R. Knauer wrote:
>
> On Thu, 25 Mar 1999 21:53:50 GMT, Dave Knapp <[EMAIL PROTECTED]> wrote:
>
> >Geez, you've got a lot of gall.
>
> No, you took my comment out of context.
>
> But I really do not care what you think of me - your comment alone
> tells me all I need to know about you.
>
> >You refuse to read even the most basic book on statistics,
>
> Who says I refuse any such thing? And who says that I have not already
> read such books? You are being very presumptious.
>
> > but presume that your understanding of Kolmogorov is
> >perfect and that everyone should bow down to it, despite your daily
> >demonstration that you have NO understanding of statistics or
> >probability.
>
> If you don't like my posts, then feel free not to read them.
>
> >I wonder why nobody takes you seriously?
>
> Actually many people take what I post seriously. The proof of that is
> that the threads are active.
Flame wars are the ultimate in active threads. If you want activity,
change your topic from "Knauer is right" to "Knauer is an idiot" or
"Everyone but Knauer is an idiot". The result will be a lively, active
thread that sheds a great deal of light (heat) on various issues.
But will anyone *care*? Probably not.
>
> Bob Knauer
>
> "Outside of the killings, Washington D.C. has one of the lowest
> crime rates in the country".
> -- Marion Barry, Mayor of Washington D.C.
------------------------------
From: [EMAIL PROTECTED] (Peter Gutmann)
Subject: Re: PKI on LINUX
Date: 26 Mar 1999 15:03:10 GMT
[EMAIL PROTECTED] writes:
>Hi everybody,
>I would like to know whether there is Public Key Infrastructure related
>toolkit available for LINUX like the Microsoft Crypto API available on
>Windows platforms. I would also like to know whether they are available
>whether they are available for free.
You could look at cryptlib, http://www.cs.auckland.ac.nz/~pgut001/cryptlib/,
of which I've just released something heading towards a final beta. cryptlib
provides the ability to create and read S/MIME messages (with real encryption,
not the usual RC2/40), a reasonably complete PKIX and X.509v3 certificate
handling implementation (YMMV), and various other useful features like key
databases, a certificate trust manager, automated checking of certs against
CRL contents, LDAP directory access, and other odds and ends - grab a copy of
the manual (available via the link in the "Download" section) for more
information.
Peter.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Factorising large numbers
Date: Fri, 26 Mar 1999 06:33:16 -0800
[EMAIL PROTECTED] wrote:
> works quite nicely. I've tested it on a few numbers and it seems to
> get better as the numbers get bigger. As an aside, does anyone have a
> large number (prime x prime) which I could test it on?
You can use PGP to generate an RSA key and use your program to factor
that. Here's a relatively short PGP key which was factored several
years ago:
3193508200533105601431099148202479609827976414818808019973596061739243\
9454375249389462927646908605384634672078311787
If you can factor this one handily, try some of the unknown ones
and earn cash prizes in the RSA challenge at
http://www.rsa.com/rsalabs/html/factoring.html
--
Jim Gillogly
Trewesday, 4 Astron S.R. 1999, 14:25
12.19.6.0.19, 1 Cauac 12 Cumku, First Lord of Night
------------------------------
Date: Fri, 26 Mar 1999 10:26:01 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Live from the Second AES Conference
John Savard wrote:
>
> William Hugh Murray <[EMAIL PROTECTED]> wrote, in part:
>
> >Of course, the value of super-encryption, even 3DES, assumes that
> >encryption is the weak link in one's security. Since that is almost
> >never the case, why bother? I ask this as a serious question. It seems
> >to me that the entire AES effort spends incredible amounts of treasure
> >on the easy part of the security problem.
>
> >What am I missing?
>
> You are fundamentally correct.
>
> However,
>
> - when there is a weakness in most parts of computer security, they can
> only be exploited by certain people, who may need physical proximity, or
> who may need to take a risk of getting caught. Weaknesses in ciphers can be
> exploited by passive eavesdroppers halfway around the world.
In addition to the physical locatilty you described, I think temporal
locality is another factor that influences the desire for "unreasonably"
strong ciphers. Given that we want some secrets to remain secret for up
to 50 years, we have to anticipate that an adversary might spend 50
years beating on a message whose incerception took only a fraction of a
second.
As an example of the difficulty of this problem, consider the
duplication of keys. A physical key is easy to duplicate given a master
as a reference. But what if, by simply recording the usage of the key,
its properties could later be determined and a duplicate constructed?
An extreme example would be the reconstruction of the key from a video
or picture of a user applying it to a lock. If this kind of capability
was suspected we'd soon see "unreasonable" key architecture and
deployment.
Of course the real situation is even worse in that a duplicate physical
key cannot be tested without applying it to the actual target lock,
which is not a hidden process. A cipher key can be tested in secret by
applying it to intercepted messages (the metaphorical equivaent of
applying the duplicate key to a picture of the target lock). Since the
attacker has all of these after-the-fact issues in his favor, the
defender has to invest a large amount of effort before the fact. This
inequality cannot ever be adjusted.
Physical security can be increased after the fact. A suspect lock can
be changed without disturbing the objects being secured. A
cryptographic lock can never be changed or even tweaked. There is
*nothing* the defender can do to protect messages already sent. Thus
the premium wil always be on the side of "unreasonably" strong ciphers.
>
> - improvements in the speed and cost of computers mean that DES _is_ too
> weak. Yes, encryption is only the easy and obvious tip of the security
> iceberg. (Did somebody else say this before? I wouldn't want to plagiarize
> Bruce.) But that's not a reason for making a certain minimal effort to make
> it adequate before going on to the "real" problems. And, no offence, but
> the AES effort can be described as "minimal" - in terms of the expenditures
> made by the U.S. Government, the rewards offered to participants, and so
> on. When the U.S. Government is *serious* about wanting a new cryptosystem,
> it goes to the NSA.
>
> So, in conclusion, I'd say that the AES effort is spending no more effort
> than necessary on what is the easy part of the security problem, but still
> a part that needed a little work at the moment.
>
> John Savard (teneerf is spelled backwards)
> http://members.xoom.com/quadibloc/index.html
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
