Cryptography-Digest Digest #380, Volume #9 Mon, 12 Apr 99 20:13:03 EDT
Contents:
SCRAMDISK question (Subscriber)
Re: True Randomness & The Law Of Large Numbers (R. Knauer)
Re: Security problems: Europe (Jim Dunnett)
Re: True Randomness & The Law Of Large Numbers (John Briggs)
Re: True Randomness & The Law Of Large Numbers (R. Knauer)
Re: help in decrypting a message using the playfair cipher (John Savard)
Re: True Randomness & The Law Of Large Numbers (R. Knauer)
Where are the Arab Muslims? ([EMAIL PROTECTED])
Re: Announce - ScramDisk v2.02h (Jerry Coffin)
Re: True Randomness & The Law Of Large Numbers (R. Knauer)
Re: Where are the Arab Muslims? ("Patrick Patriarca")
PGP HowTo (Ben)
Encryption Key Length Question ([EMAIL PROTECTED])
Re: Where are the Arab Muslims? (Unclaimed Mysteries)
Re: Encryption Key Length Question (David A Molnar)
----------------------------------------------------------------------------
From: Subscriber <[EMAIL PROTECTED]>
Subject: SCRAMDISK question
Date: Mon, 12 Apr 1999 19:55:30 GMT
After downloading version 2.02h from the download
page, I notice the zip file has two files within:
1 - SdInstal.exe
2 - sd.vxd
When I first tried running the SdInstal program, it came
up with some error screen about not finding the sd.vxd
file. I followed the instructions about placing that file into
my IOSUBSYS file and rebooted, then I tried running
the SdInstal program again. I was anticipating some
type of install program to walk me through the installation,
but instead, this file actually seems to be the program
itself, not an installer. Is this correct and/or normal ?
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Mon, 12 Apr 1999 19:59:15 GMT
Reply-To: [EMAIL PROTECTED]
On 12 Apr 1999 12:46:33 -0500, [EMAIL PROTECTED] (Herman
Rubin) wrote:
>Fisher very strongly pushed this use of point null hypotheses.
>Even now, there are very few papers considering the real
>problem, which is to decide if the erroneous null is useful.
Speaking of Fisher and his influence on physics, I point to a book
someone mentioned earlier.
>From amazon.com:
+++++
Physics from Fisher Information : A Unification
by B. Roy Frieden
Hardcover (February 1999)
Cambridge Univ Pr (Short); ISBN: 052163167X
Reviews
Book Description
This book contains a development of most known physics from a
unifying principle of information extremization. The principle states
that when knowledge is sought by a person, the act of seeking creates
for that observer the physical law that gives rise to the knowledge.
For example, in making a measurement of position, the observer
locally creates quantum mechanics--the physical law that gives rise
to such a measurement. In this way, man creates his own local
reality. For observations that do not involve time directly, the act
of seeking such knowledge amounts to a game of information hoarding
between the observer and nature. The payoff of the game is the law
of physics in question.
+++++
Unfortunately it is not available in the libraries right now.
FWIW,
Bob Knauer
"The contagious people of Washington have stood firm against
diversity during this long period of increment weather."
- Marion Barry, Mayor of Washington DC
------------------------------
From: [EMAIL PROTECTED] (Jim Dunnett)
Subject: Re: Security problems: Europe
Date: Mon, 12 Apr 1999 18:49:17 GMT
Reply-To: Jim Dunnett
On 11 Apr 99 16:09:55 GMT, [EMAIL PROTECTED] wrote:
> Experts have little doubt that the NSA is at the forefront of the
> European industrial espionage war, not least because Washington has
> instructed its security services to collect information for the benefit
> of American industry. Early in his presidency, Bill Clinton decreed
> that industrial espionage should be one of the main tasks of the CIA.
> "What is good for Boeing is good for America," he was quoted as
> saying...
This should surprise no-one, but it does highlight the
appalling state of European telecomms security.
--
Regards, Jim. | The only people worried about Scottish
olympus%jimdee.prestel.co.uk | independence are the English. Why is
dynastic%cwcom.net | that?
nordland%aol.com |
marula%zdnetmail.com | - Alex Salmond, Leader SNP.
Pgp key: pgpkeys.mit.edu:11371
------------------------------
From: [EMAIL PROTECTED] (John Briggs)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: 12 Apr 99 16:31:44 -0400
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (R. Knauer)
writes:
> On 12 Apr 99 09:29:26 -0400, [EMAIL PROTECTED] (John Briggs)
> wrote:
>>> I assume that comes from the Standard Normal (z) Distribution.
>
>>Nope. I computed the probability of each total bias value explicitly.
>
> Actually that is what I meant.
Ok. But it bears little resemblance to what you said.
>>If I were an expert, I might have assumed a normal distribution, figured
>>out how many standard deviations out we were and looked up a probability.
>>And I probably could have whipped out a couple of theorems to quantify
>>how close this binomial distribution is to being normal.
>
> According to Triola, the normal approximation is quite adequate for a
> sample size of 30 and greater (IIRC).
Depends on what attribute of the normal approximation is important
in context, I'm sure.
>>For the test result. The one whose distribution I just computed and
>>specified. Did you not follow the steps?
>
> Yes, but you introduced that second distribution in an ad hoc manner.
> I have never seen anything like that before. But then that doesn't
> mean anything.
What second distribution are you talking about? There are two
obvious possibilities. The distribution of sums of 20,000 bits.
And the distribution of the pass/fail test result that is computed
from the sum of 20,000 bits.
I'll guess that you are talking about the pass/fail test result.
Ad hoc? No. It comes straight from the problem definition.
Unfamiliar? As you say, that's meaningless.
>>Let me include again the text you apparently quoted without reading:
>
> I read it. That doesn't mean I understood it.
You quote stuff and respond to it without understanding it first?
That would explain much.
>>Let's try again, more slowly...
>
> That's better...
>
> Is this going to get published in a comic book version?
Is that the best you got?
>>The sum of all 20,000 bits is also a random variable with a distribution.
>
> The sum of all 20,000 bits is the random walk variable Sn, the one
> with abnormal properties.
The sum of all 20,000 bits is a random variable with a distribution.
Do you agree or disagree?
>>A formula whose value is 1 if the sum is inside a certain range and 0 if
>>the sum is outside a certain range is also a random variable with a
>>distribution.
>
> I got that part. What I did not get is your motive for introducing it.
The result of the FIPS-140 monobit test is just such a random variable.
Note that this statement bears a striking resemblance to the
statement that you quote next.
>>The test result is just such a random variable.
>>Distributions have parameters that describe them.
>
> Not always. The infinitely large flat distribution, as well as any
> other distribution that is not square integrable, does not have a
> variance. But that is nitpicking.
Yes. It is nitpicking. And yes. Always. Mean, variance, standard
deviation, median, mode, minimum and maximum are not the only parameters
there are.
>>Given assumptions about the joint distribution of 20,000 bits
>>one can compute the distribution of the sum.
>
> That would be the distribution for the random walk.
That would be the distribution for the coordinate value of the endpoint
of a 20,000 hop one-dimensional random walk in which the hops are each
either zero or one unit in the +x direction.
The distribution of random walks is something else entirely.
>>Which part did you not understand?
>
> The part where you complicated the issue by bringing in the
> distribution for pass/fail. It appears contrived.
Contrived or not, it's what you asked for.
FIPS-140 is a pass/fail test. Its results have a distribution.
That distribution has parameters. You asked for the test parameters.
And you agreed that that meant the parameters for the distribution of
the test results.
> You did not have to go to all that trouble - the original distribution
> which gave you the preliminary results was a parameterized
> distribution since it was based on the random walk.
But you didn't ask for the parameters for that distribution.
You asked for the parameters of the test results. The possible
test results are "pass" and "fail".
John Briggs [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Mon, 12 Apr 1999 20:09:56 GMT
Reply-To: [EMAIL PROTECTED]
On 12 Apr 1999 13:26:00 -0500, [EMAIL PROTECTED] (Herman
Rubin) wrote:
>I suggest you refer to a more advanced text.
I ordered the book you recommened from the library, the one by
Billingsley.
Bob Knauer
"The contagious people of Washington have stood firm against
diversity during this long period of increment weather."
- Marion Barry, Mayor of Washington DC
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: help in decrypting a message using the playfair cipher
Date: Mon, 12 Apr 1999 21:23:40 GMT
Jim Gillogly <[EMAIL PROTECTED]> wrote, in part:
>What's the message, and how does your teacher feel about you
>getting help from Usenet on the assignment?
Given:
>>The plaintext is said to be from the bible.
my guess is that what's going on here is that we're not dealing with
somebody taking a cryptography course, but rather that a Sunday School
teacher has, by mistake, assigned a class a Playfair-enciphered scripture
as a "puzzle" without realizing that they're quite difficult to break
without specialized knowledge.
Normally, I agree, people doing homework problems for academic credit
shouldn't try to get Usenet to do their work for them, but I don't think
that's necessarily what's going on here.
John Savard (teneerf is spelled backwards)
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Mon, 12 Apr 1999 22:11:51 GMT
Reply-To: [EMAIL PROTECTED]
On 12 Apr 1999 15:52:24 -0400, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>>And Big Al was wrong, too. The Universe is just one big crap shoot at
>>the quantum level when it comes to measurement. There are no hidden
>>variables. Locality is not observed. Systems do become entangled over
>>super-luminal distances.
>Must be really convenient to have All The Answers when none of the
>real, Ph.D. equipped, physicists have that kind of confidence.
Actually most of the real physicists accept the standard model of QM.
Just look at their publications. How many have you seen reference
hidden variable theories, or are at odds with the quantum entanglement
experiments of the past 1.5 decades? Bread and butter QM, as it is
practiced in the trenches, is as standard as it gets.
There are some very interesting new approaches to QM at places like
the Sante Fe Institute but the jury is still out. And it is not clear
that these new theories about the Physics Of Information are going to
do any damage to standard QM.
To restate the tenents of the standard theory is not to have "all the
answers" but is a recognition that standard QM is an exceptionally
robust theory.
Bob Knauer
"The contagious people of Washington have stood firm against
diversity during this long period of increment weather."
- Marion Barry, Mayor of Washington DC
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.med.transcription,sci.space.policy,sci.electronics.repair
Subject: Where are the Arab Muslims?
Date: Mon, 12 Apr 1999 22:12:08 GMT
Where are the Arab Muslims? It's obvious that the KKKommunist-Nazis in Russia
and Serbia are the real Satans killing Muslims, but where is the shock and
outrage from the Arab Muslims???!!!
Drunken-imcompetent-ass Yelstin and KGB-stooge Primakov are begging with
their filthy, stinky KKKommie paws for Western capitalist IMF money but have
the gall to threaten us!!!
I say NUKE THE KKKKOMMIES!!!
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: Announce - ScramDisk v2.02h
Date: Mon, 12 Apr 1999 15:30:03 -0600
In article <7eshpd$c28$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> Why not make cipher selection for the compound cipher part of the key? The
> first one or two bytes of the key could be used to select 3 (or whatever
> number is desirable) ciphers out of a pool of equally good ciphers.
>
>
> This sounds (imho) like a good idea - as long as there are no disastrously
> weak combinations of ciphers.
This might optimize speed slightly, but I don't see it helping
security. If you're going to include code for a number of forms of
encryption, from a viewpoint of security, you might as well just
always use ALL the forms of encryption supported, and use the entire
key as a key instead some of it as a key and some to select the
method(s) of encryption to be used.
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Mon, 12 Apr 1999 22:31:42 GMT
Reply-To: [EMAIL PROTECTED]
On 12 Apr 99 16:31:44 -0400, [EMAIL PROTECTED] (John Briggs)
wrote:
>Ok. But it bears little resemblance to what you said.
That's because you misread what I said.
>> According to Triola, the normal approximation is quite adequate for a
>> sample size of 30 and greater (IIRC).
>Depends on what attribute of the normal approximation is important
>in context, I'm sure.
The attribute is the difference between two distributions as
determined by n, the sample size.
That difference becomes negligible for sample sizes n = 30.
>What second distribution are you talking about?
The one in which you created the random variable for success/fail.
>There are two
>obvious possibilities. The distribution of sums of 20,000 bits.
That is the first one.
>And the distribution of the pass/fail test result that is computed
>from the sum of 20,000 bits.
That is the second one.
>I'll guess that you are talking about the pass/fail test result.
Yep.
>Ad hoc? No. It comes straight from the problem definition.
>Unfamiliar? As you say, that's meaningless.
I have never seen it before. But that doesn't mean anything.
>You quote stuff and respond to it without understanding it first?
>That would explain much.
Interestingly I have managed to understand enough to challenge your
dogmatic notions about statistical tests such as the FIPS-140 Monobit
Test.
Did you read Herman Rubin's most recent comments?
>The sum of all 20,000 bits is a random variable with a distribution.
>Do you agree or disagree?
The sum of the bits is Sn, the random walk variable. It is indeed
distributed for the uniform one dimensional random walk.
>The result of the FIPS-140 monobit test is just such a random variable.
Yes, Sn is a random variable.
>Yes. It is nitpicking. And yes. Always. Mean, variance, standard
>deviation, median, mode, minimum and maximum are not the only parameters
>there are.
In the original context, the term "parameter" used by Triola was the
mean and the variance. He says so explicitly in his book.
>That would be the distribution for the coordinate value of the endpoint
>of a 20,000 hop one-dimensional random walk in which the hops are each
>either zero or one unit in the +x direction.
You need to redefine the sample space for bits as {+1, -1}. Or shift
the origin to +1/2. Whichever.
>The distribution of random walks is something else entirely.
See above.
>Contrived or not, it's what you asked for.
Not really. I didn't ask for just *any* parameters, I asked for the
parameters that Triola was referring to: the mean and the variance.
>FIPS-140 is a pass/fail test. Its results have a distribution.
If you are referring to the Monobit Test, then you are making a gross
assumption, one which goes to the very heart of this whole matter.
Didn't you read Herman Rubin's most recent post?
Bob Knauer
"The contagious people of Washington have stood firm against
diversity during this long period of increment weather."
- Marion Barry, Mayor of Washington DC
------------------------------
From: "Patrick Patriarca" <[EMAIL PROTECTED]>
Crossposted-To: sci.med.transcription,sci.space.policy,sci.electronics.repair
Subject: Re: Where are the Arab Muslims?
Date: Mon, 12 Apr 1999 18:41:05 -0400
<[EMAIL PROTECTED]> wrote in message
news:7etr3g$gjp$[EMAIL PROTECTED]...
> Where are the Arab Muslims? It's obvious that the KKKommunist-Nazis in
Russia
> and Serbia are the real Satans killing Muslims, but where is the shock and
> outrage from the Arab Muslims???!!!
>
> Drunken-imcompetent-ass Yelstin and KGB-stooge Primakov are begging with
> their filthy, stinky KKKommie paws for Western capitalist IMF money but
have
> the gall to threaten us!!!
>
> I say NUKE THE KKKKOMMIES!!!
Great... more killfile bait....
------------------------------
Date: Tue, 13 Apr 1999 01:02:51 +0000
From: Ben <[EMAIL PROTECTED]>
Subject: PGP HowTo
Hi is there any pgp-howto out there? I couldn't find in PGP's web site.
I want to learn how to set key-block and about its security issue.
regards
------------------------------
From: [EMAIL PROTECTED]
Subject: Encryption Key Length Question
Date: Mon, 12 Apr 1999 22:47:50 GMT
Question:
Would, say, a 1,000 bit key XORed and scrambled with 1,000 bits of plain text
be more secure than 56-bit or 112-bit DES? In other words, does the
mathematical properties of the DES algorithm make it more secure than a
simple XOR and scramble even when the length of the XOR key is much larger
than the length of the DES key?
Thanks.
Randy
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Unclaimed Mysteries <[EMAIL PROTECTED]>
Crossposted-To: sci.med.transcription,sci.space.policy,sci.electronics.repair
Subject: Re: Where are the Arab Muslims?
Date: Mon, 12 Apr 1999 19:01:23 -0500
Patrick Patriarca wrote:
>
> <[EMAIL PROTECTED]> wrote in part:
> > I say NUKE THE KKKKOMMIES!!!
>
> Great... more killfile bait....
You mean KKKKILLFILE?
Sorry. Gotta go.
--
It KKKKKKame from Unclaimed Mysteries
C. L. Smith, Maximum Director
http://www.unclaimedmysteries.net/
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Encryption Key Length Question
Date: 12 Apr 1999 23:39:10 GMT
[EMAIL PROTECTED] wrote:
> Question:
> Would, say, a 1,000 bit key XORed and scrambled with 1,000 bits of plain text
> be more secure than 56-bit or 112-bit DES? In other words, does the
Depends on what the key is. If it's exactly as long as the plaintext, *and*
it is completely unpredictable, then this is a one time pad. One time pads
are more secure than DES, assuming that you encrypt more
than 56 or 112 bits with DES.
If the key is partially predictable, then you have to figure out what "partially"
means. Then you can answer the question in terms of how long an adversary
will take to break your XOR by exploiting this structure vs. how long it
takes to break DES. You can get some values for how long it takes to break
DES by looking at Applied Cryptography or maybe Mihir Bellare's paper on
"A Concrete Treatment of the DES Modes of Operation."
(and probably Rogaway, but can't remember off the top of my head)
Note that one way to make the key predictable is to have a key shorter than
the message and simply repeati
the key to make up the difference.
This is a really bad idea. Ask the people
at Project Venona.
> mathematical properties of the DES algorithm make it more secure than a
> simple XOR and scramble even when the length of the XOR key is much larger
> than the length of the DES key?
I think you need to look at the ratio of the XOR key to plaintext. If
they are equal, then you need to ask how unpredictable the key is. Then you
can figure out how secure the system is in terms of how much effort it
might take to break it. Compare that to the best known results for DES.
My gut feeling is that you'll find the XOR system to be much more fragile
in the sense that it will be very sensitive to not-very-unpredictable
keys or keys shorter than the plaintext. DES, on the other hand, gets
by just fine with 56 bits. On the gripping hand, DES can't be a real
one-time-pad for messages longer than about 56 or 112 bits (whatever the
unicity distance is), while the XOR with a long enough unpredictable key
can.
None of this helps you against Deep Crack, though. ;-)
-David
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
