Cryptography-Digest Digest #328, Volume #9 Fri, 2 Apr 99 16:13:03 EST
Contents:
Re: Random Walk (Herman Rubin)
Re: ---- Two very easy secret key Cryptosystems ([EMAIL PROTECTED])
Re: Q: encryption-friendly hard disk controllers or drives (Medical Electronics Lab)
Re: Announce - ScramDisk v2.02h (Paul Koning)
Re: S/MIME interoperability: 40 bits only? (Gurripato (x=nospam))
Re: Random Walk (R. Knauer)
Re: Announce - ScramDisk v2.02h (Terry Ritter)
Re: True Randomness & The Law Of Large Numbers (Herman Rubin)
Re: Random Walk (Herman Rubin)
Re: True Randomness & The Law Of Large Numbers (R. Knauer)
Re: Random Walk ("Tony T. Warnock")
Re: North Korean A3 code (Jim Dunnett)
Re: How does one start cracking ciphers? (Coen Visser)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Subject: Re: Random Walk
Date: 2 Apr 1999 13:07:51 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On Fri, 02 Apr 1999 00:17:27 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
>wrote:
>>There have been researchers looking into such questions, however.
>>There are actually some pretty good papers about entropy in QM
>>available on the net.
>I am aware of that. In fact I have cited some of them, and the books
>that have compiled them. Cerf and Adami come to mind.
>>A point that is generally agreed is that whatever is going on at
>>the quantum superposition level, it is inconsistent with standard
>>probability theory (a la Feller, for example), although it is
>>usually described in probabilistic terms.
>Can you explain what you believe is inconsistent with standard
>probability theory?
According to quantum mechanics, whatever observations are taken
satisfy standard probability theory. What happens between
observations does not admit an explanation of that manner.
There is no joint distribution of quantities which are not
simultaneously observable.
>Are you saying that true randomness cannot be modeled mathematically?
>Hell, I have been arguing that for several months now.
Not at all. It is just that the universe is likely to be more
complicated than the simplest models.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: ---- Two very easy secret key Cryptosystems
Date: Fri, 02 Apr 1999 13:56:46 GMT
In article <Wh_M2.7$[EMAIL PROTECTED]>,
"David Starr" <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote in message <7dtbuo$rq4$[EMAIL PROTECTED]>...
> >Allow me to point out that this system is trivially breakable.
> >e = GCD(e*a, e*b, e*c)
> >
> >enough said?
>
> e is not necessarily GCD(A,B,C).
> For instance:
> a = 64
> b = 16
> c = 32
> e = 2
>
> Assuming e = 1 is illegal (otherwise ea=A), e will be a common factor of
> (A,B,C) in { 2..GCD }.
Oh please. If A,B,C are large blocks, then prob(GCD(A,B,C)) != 1 will
be low. Further, even if A,B,C are not coprime, it is only a small number
of additional values of e to check for correctness.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: Q: encryption-friendly hard disk controllers or drives
Date: Fri, 02 Apr 1999 12:19:12 -0600
Ralph Bauchman wrote:
>
> Anyone know of any hard disk controllers or drives themselves that
> are "encryption-friendly" ? That is, might there be controllers/ drives
> with a built-in or easily-added-on encryption feature? I'm thinking
> along the lines of a controller with an empty IC socket designed to
> hold an encryption IC. Plug in chip, load with key somehow then
> e/d occurs as data flows into/out of drive transparent to user. If
> one loaded the key via an iButton port over a wire straight to the
> chip the system itself need not even be aware of its existance.
I have proposed building a box which sits on a SCSI line which
would be independent of the computer and disk drive and would
do the encryption/decryption transparently. Unfortunatly, I live
in the USA, so I can't export such a weapon of war. If you are in
the US, and can afford to pay for the design of this box, I'll be
happy to build it!
Patience, persistence, truth,
Dr. mike
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: Announce - ScramDisk v2.02h
Date: Fri, 02 Apr 1999 12:11:22 -0500
Question on FAT32 support...
It sure would be nice to be able to put a FAT32 volume inside the
scramdisk "disk". It looks to me like that's not allowed because
you do the formatting in the application rather than supporting
the format operations in the driver. Why is that? Easier?
Some issue with where things are in the scrambled volume?
paul
--
!-----------------------------------------------------------------------
! Paul Koning, NI1D, D-20853
! Xedia Corporation, 119 Russell Street, Littleton, MA 01460, USA
! phone: +1 978 952 6000 ext 115, fax: +1 978 952 6090
! email: [EMAIL PROTECTED]
! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink. It can make you shoot at tax collectors
! -- and miss!"
! -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
! in "Time Enough for Love"
------------------------------
From: [EMAIL PROTECTED] (Gurripato (x=nospam))
Subject: Re: S/MIME interoperability: 40 bits only?
Date: Fri, 02 Apr 1999 14:36:07 GMT
On Thu, 1 Apr 1999 21:38:27 GMT, [EMAIL PROTECTED] (Peter Pearson)
wrote:
>I'm trying to use Netscape's 4.02 Communicator to
>exchange encrypted email with a correspondent who uses
>a Microsoft mail reader. I have deselected all ciphers
>except 168-bit 3DES, and my correspondent has specified
>168-bit 3DES for outgoing messages, but when I read
>email from him, Communicator says it was encrypted with
>40-bit RC2, and similarly when he reads email from me.
Strange. Did you really deselected all ciphers? Check not
only SSL v2 but also v3. Maybe your corresponded (or you) has
specified other ciphers and he/she/you is/are unable to use higher
encryption. For us non-USers, ciphers such as 3DES can be used "where
allowed"
>Is this pathetic capability all we can expect from these
>products, or am I overlooking some important setting?
>Is there, at least, a way to tell Communicator that if
>it's going to encrypt an outgoing message with a joke
>cipher instead of the cipher I asked for, it should at
>least %$#$in warn me?
>
Again, check your security settings well. And make sure both
your correspondent and you used approved (US) Communicator software,
instead of the "where allowed" version. If the latter is the case,
you can upgrade to real strong crypto (either allowed or not) through
the fortify patch: www.fortify.net
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random Walk
Date: Fri, 02 Apr 1999 19:06:09 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 02 Apr 1999 09:25:44 -0700, "Tony T. Warnock"
<[EMAIL PROTECTED]> wrote:
>It's not so much that it is inconsistent, it's that the basic space is not
>the same. Much of classical probability theory is described in terms of a
>Sigma-algebra. In QM, the basic objects are rays in a Hilbert space. The
>set-operations, union, intersection, complement, etc., may not be defined
>for the Hilbert space objects. The Hilbert space has a different algebraic
>structure. There is a lot of research on the topic now. I've seen several
>books in the last few months, but of course I don't remember the names.
You seem to be saying that there are strong mathematical reasons for
why classical probability and statistics do not apply to quantum
mechanical processes, in particular ones which are truly random.
I realize this is a leap (in the direction of my position, at that),
but is it possible than classical probability and statistics have
little if anything to do with true randomness,and that classical
pseudo-random models are grossly inaccurate except at infinity?
Bob Knauer
"First, it was not a strip bar, it was an erotic club. And second,
what can I say? I'm a night owl. Anyway the bitch set me up."
- Marion Barry, Mayor of Washington DC
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Crossposted-To: alt.security.pgp
Subject: Re: Announce - ScramDisk v2.02h
Date: Fri, 02 Apr 1999 19:03:38 GMT
On Fri, 02 Apr 1999 17:41:35 GMT, in
<7e2vge$o82$[EMAIL PROTECTED]>, in sci.crypt [EMAIL PROTECTED]
wrote:
>[...]
>The point of that section of the document was that an adversary is not aware
>of which algorithm you use....They have no method of detecting whether TEA,
>Blowfish, IDEA, 3DES etc is used. Both PGPDisk & Bestcrypt plainly state the
>algorithm employed.
>
>So, to "brute force" a ScramDisk container an adversary has to effectively
>try all 10 ciphers, whereas to brute force other products containers they
>only have to try 1 cipher. Is this snake oil? No.
For some years I have been promoting the idea of using multiple
ciphers, but my argument is different:
1. I see little keyspace (brute-force search) advantage with just a
few ciphers. If we had a robust industry of replaceable cipher
modules, with tens of thousands of possibilities and growing all the
time, *then* we get some keyspace. But with just 10 ciphers, the
keyspace advantage is lost in the noise of attacks which need 2**43
known-plaintexts.
2. The big advantage of having a huge number of ciphers is the burden
it places on any Opponent, who necessarily must keep up. Opponents
must distinguish each cipher, obtain it, break it, then construct
software and perhaps even hardware to automate the process. Given a
continuous production of large numbers of new ciphers, I believe that
"keeping up" must have a terrible cost that not even a country can
afford.
3. The risk of using a single popular cipher (no matter how
extensively analyzed) is that a vast amount of information is
protected by one cipher. This makes that cipher a special target -- a
contest with a payoff far beyond the games we normally play. I think
we want to avoid using such a cipher.
4. To make the cost of multiple ciphers real, we cannot keep using
the same cipher, but instead must use different (new) ciphers
periodically. We will want to use the same cipher-system, so our
system must support "clip-in" modules for ciphers which have not yet
been written.
5. One of the facts of ciphering life is that we cannot prove the
strength of any cipher. Even NIST review and group-cryptanalysis does
not give us proven strength in a cipher, so any cipher we select might
be already broken, and we would not know. We cannot change this, but
we can greatly improve our odds as a user, by multi-ciphering under
different ciphers. Doing this means an Opponent must break *all* of
those ciphers -- not just one -- to expose our data. I like the idea
of having three layers of different cipher, each with its own key.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: 2 Apr 1999 13:29:45 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On Thu, 01 Apr 1999 23:31:40 -0500, "Trevor Jackson, III"
><[EMAIL PROTECTED]> wrote:
>>The problem with this construction is simple. While we believe that
>>women are either pregnant or not, there is no test, statistical or not,
>>that will be 100% accurate.
>Oh, come on now. There are any number of tests that are 100% decisive.
>There is the simple test of xraying the uterus and seeing the fetus
>with your own eyes. There are characterstic harmones that are present
>in the blood only when the woman is pregnant. Once the corpus luteum
>ruptures all sorts of substances are released that give telltale signs
>of successful fertilization.
None of these tests is decisive. How do we know that the fetus
is alive? Many of these "characteristic hormones" are produced
in recognized medical conditions. We have had implanted fetuses
develop; the corpus luteum did not rupture in this case. And if
the ovum is removed, the corpus luteum has ruptured.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Subject: Re: Random Walk
Date: 2 Apr 1999 13:21:41 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On Fri, 02 Apr 1999 03:35:49 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
>wrote:
.................
>Are you claiming that quantum mechanics is "obvious"?
Yes and no.
>Get outta here! Quantum mechanics is anything but obvious. Even the
>classical one dimensional uniform random walk is anything but obvious.
>Nothing worth considering is ever obvious, except to a sophomoric
>mentality.
It is obvious, in that the mathematical model is easily understood,
if one has the appropriate background. This does not mean that
we know all the results. This does not even apply for the integers,
and their structure can be fully characterized on one page.
>>but: Take the 2-slit experiment as the
>>canonical example (and Feyman says this is appropriate);
>Feynman is dead now, and much has happened since his death. Quantum
>Entanglement is all the rage now. Entanglement attempts to explain in
>probabilistic terms what is going on in the QM measurement process.
>>So it is not even treatable using probability theory;
>What you really mean is that quantum mechanics is not treatable with
>*standard* probability theory. Quantum mechanics is its own
>non-standard probability theory using complex numbers in Hilbert
>space. It is a probability theory in its own right.
No, it is not probability theory. It is something not yet
understood. Feynman misused mathematical terms; in principle,
one should be able to start from the ideas of the "Feynman
integral", but it is not an integral, and the action integral
involved in it is also not an integral.
The mathematics of infinitesimal quantum transformations is
not yet known, except in non-relativistic terms.
.................
>+++++
>A true random number is one that is produced by a True Random Number
>Generator (TRNG), which is a process that generates all possible
>fininte sequences equiprobably, namely in an independent and
>equidistributed manner.
>+++++
While we can discuss the properties of such, this does not mean that
there is such a beast.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Fri, 02 Apr 1999 19:00:55 GMT
Reply-To: [EMAIL PROTECTED]
On 2 Apr 1999 13:29:45 -0500, [EMAIL PROTECTED] (Herman
Rubin) wrote:
>None of these tests is decisive. How do we know that the fetus
>is alive?
You mean that you cannot tell if the fetus is alive using xrays to see
it inside the mother's uterus moving around?
Bob Knauer
"First, it was not a strip bar, it was an erotic club. And second,
what can I say? I'm a night owl. Anyway the bitch set me up."
- Marion Barry, Mayor of Washington DC
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Random Walk
Date: Fri, 02 Apr 1999 09:25:44 -0700
Reply-To: [EMAIL PROTECTED]
"Douglas A. Gwyn" wrote:
>
> A point that is generally agreed is that whatever is going on at
> the quantum superposition level, it is inconsistent with standard
> probability theory (a la Feller, for example), although it is
> usually described in probabilistic terms.
It's not so much that it is inconsistent, it's that the basic space is not
the same. Much of classical probability theory is described in terms of a
Sigma-algebra. In QM, the basic objects are rays in a Hilbert space. The
set-operations, union, intersection, complement, etc., may not be defined
for the Hilbert space objects. The Hilbert space has a different algebraic
structure. There is a lot of research on the topic now. I've seen several
books in the last few months, but of course I don't remember the names.
Tony
------------------------------
From: [EMAIL PROTECTED] (Jim Dunnett)
Subject: Re: North Korean A3 code
Date: Fri, 02 Apr 1999 19:18:43 GMT
Reply-To: Jim Dunnett
On 2 Apr 1999 14:56:32 GMT, [EMAIL PROTECTED] (Mike
Andrews) wrote:
>Mike Andrews ([EMAIL PROTECTED]) wrote in article
><7e1120$fif$[EMAIL PROTECTED]>:
>: Jim Dunnett ([EMAIL PROTECTED]) wrote in article
><[EMAIL PROTECTED]>:
>
>: : Incidentally, anyone know where I could obtain a copy of an
>: : old-fashioned merchant-shipping code, either to buy in book form
>: : or to download?
>
>: I have the two-volume codebook which is publised as Hydrographic
>: Office publication somethingorother. Sorry; I'm in my office, and
>: the books are at home. It's presumably published by various countries
>: in their national languages, such that the codegroups and meanings
>: have the same mappings in all language variations.
>
>: I'm copying myself on this so that I can look it up when I get home.
>
>These may still be available from the U.S. Government Printing Office.
>They're H.O. No. 103 _International Code of Signals_ Vol I - Visual
>and H.O. No. 88 _International Code of Signals_ Vol II - Radio
Oh I see...you're in the USA. Bit further than 6 miles then!
I wonder if these you quote above are what I'm looking for.
The commercial/shipping/banking codes were designed to save money
on telegrams rather than provide secrecy. The encode section would
look something like:
Arrive/ed/ing................ZCFDG
Please Arrange bunkering.....HBNYC
Wednesday/s..................QRFCG
4/th.........................BPTSQ
August.......................MFFOR
= Arriving 4 August. Please arrange bunkering= would be sent as:
=ZCFDG BPTSQ MFFOR HBNYC= (4 chargeable words instead of six!)
The decode section would list the code-groups in alphabetical
order with their meanings.
(Of course you could always apply an additive key to make it
more secure).
--
Regards, Jim. | The English are much more likely to be
olympus%jimdee.prestel.co.uk | hypocritical than the Scots. Scots are
dynastic%cwcom.net | often rude and blunt, but they are at
nordland%aol.com | at least truthful.
marula%zdnetmail.com | - Muriel Spark, Author & Loyal Scot.
Pgp key: pgpkeys.mit.edu:11371
------------------------------
From: [EMAIL PROTECTED] (Coen Visser)
Subject: Re: How does one start cracking ciphers?
Date: 2 Apr 1999 21:07:33 GMT
consalus <[EMAIL PROTECTED]> writes:
>This may be a silly question, but I cannot remember seeing it covered in
>anything I've read thus far.
>How does one crack ciphers?
>Generally.
>I've read about Differential and Linear cryptoanalysis in Applied
>Cryptography,
>but he didn't describe how to do them, just generally how they works.
>Are there other, simpler methods?
>I supose one could just look at the code and try to figure out
>weaknesses, but I'd imagine there'd be something more systematic than that.
When you want to crack a cipher that consists of n rounds you can just
apply 1 round and try to crack it. If you succeed you try 2 rounds et cetera.
That is a simple start.
Regards,
Coen Visser
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
