Cryptography-Digest Digest #983, Volume #8 Wed, 27 Jan 99 18:13:02 EST
Contents:
Re: hardRandNumbGen ("Trevor Jackson, III")
Re: My comments on Intel's Processor ID Number ("Trevor Jackson, III")
Re: long keys from short ones ("Trevor Jackson, III")
Re: My comments on Intel's Processor ID Number (Ian Miller)
Re: Metaphysics Of Randomness (Patrick Juola)
Re: RC4 question (Mr. Tines)
FUDwatch - BBC Radio 4 last night (Mr. Tines)
Re: Random numbers from a sound card? (Jim Dunnett)
Re: My comments on Intel's Processor ID Number ([EMAIL PROTECTED])
Re: Inforamtionpool sas&chiffrier (John Savard)
Re: Japanese Purple encryption ([EMAIL PROTECTED])
Re: Random numbers generator and Pentium III ([EMAIL PROTECTED])
Re: Metaphysics Of Randomness (R. Knauer)
Re: Random numbers from a sound card? (R. Knauer)
Re: Random numbers from a sound card? (R. Knauer)
----------------------------------------------------------------------------
Date: Wed, 27 Jan 1999 15:44:49 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: hardRandNumbGen
R. Knauer wrote:
> On Wed, 27 Jan 1999 12:13:29 -0500, "Trevor Jackson, III"
> <[EMAIL PROTECTED]> wrote:
>
> >R. Knauer wrote:
>
> Could I ask you to keep the header information with my attribution,
> just like you did for the nested poster below. Thanks.
>
> >> On 27 Jan 1999 10:21:56 -0500, [EMAIL PROTECTED] (Patrick Juola)
> >> wrote:
>
> >> >On the other hand, if I can get a copy of your code, I can just read
> >> >the code and determine your biases. But you can't rely on keeping
> >> >your code secret....
>
> >> I can rely on keeping it just as secret as I keep my keys. If my code
> >> has been compromised, so have my keys.
>
> >Hardly. One can change keys arbitrarily. Once cannot change code so often
> >(here code == algorithm not .EXE).
>
> How about making your algorithm (code) part of the key? That way you
> could change algorithms as often as you change keys.
In theory you can do this by encoding the algorithm appropriately. However, you
need a clever encoding scheme such that all key values translate to valid
algoirhms. In addition, you need to show that all such encoded algorithms are
"secure".
------------------------------
Date: Wed, 27 Jan 1999 16:05:18 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: My comments on Intel's Processor ID Number
Roger Schlafly wrote:
> Trevor Jackson, III wrote in message <[EMAIL PROTECTED]>...
> >There are two interpretations of the phrase "used for ID". One is proof
> >of ID and the other is uniqueness of ID. He is using the former in the
> >sense of authentication. You are using the latter in the sense of
> >labeling.
>
> The SSN is used for authentication all the time. Eg, UC Santa Cruz
> uses the SSN as the student ID, and students frequently authenticate
> themselves by giving a SSN. Likewise banks, brokers, etc
> frequently use SSN for that purpose.
No. All of those purposes are based on the fact that an SSN is a unique
identifier.
The value of the SSN in these situations is that it crosses all
organizational boundaries. I.e., the bank can contact a credit agency, an
employer can contact the IRS, etc. It is the universality of the SSN that is
valued here, not the proof of identity. (Except in the weak case that by
knowing the relationship between name, address, phone, DOB, and SSN one shows
consistency and that is adequate "proof").
------------------------------
Date: Wed, 27 Jan 1999 16:25:54 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: long keys from short ones
Scott A. Berg wrote:
> Pardon my naivete, but:
>
> Suppose you had a really good generator of short random numbers, e.g.
> digitize Brownian motion into 32 bits. Could you just concatenate (string
> together) several of these to end up with a really long, truly random
> sequence (OTP)?
>
> While I want to say "Yes, of course", I know that a complex process can
> sometimes generate a sequence that is non-obvious but still not random. My
> favorite example is in Knuth volume I where he has this long example of
> jumping to a randomly chosen subroutine that generates a random number, but
> ends up with a terrible generator.
Different kind of problem. Knuth's generator used it's own output to drive the
internal selection process. This closing of the feedback loop created
degenerate niches in the system's state space.
In principle you can string togeher any number of independent samples. But you
must have, or create, that independence before you agglomerate the
constituents.
------------------------------
From: [EMAIL PROTECTED] (Ian Miller)
Subject: Re: My comments on Intel's Processor ID Number
Date: Wed, 27 Jan 1999 21:33:51 +0000
Bruce Schneier wrote in article at
http://www.zdnet.com/zdnn/stories/comment/0,5859,2194863,00.html:-
>Yes, the processor number is unique and cannot be
>changed, but the software that queries the processor
>is not trusted.
Why is the software the queries the processor not trusted? If I were
righting licence protected software I would issue the instruction to query
the processor directly, not via an O/S call. Unless Intel have made it
some form of protected mode instruction, there is no reason not to issue
the instruction directly. Why should a read-only instruction be protected
in any way? No-one competent is going to trust anyone else's software to
do this for them. There will be no general hack that will fake the Id. for
all programs.
Naturally there remains the possibility of reverse engineering and hacking
the executable to bypass the licence protection, but that is true of any
licence control system. It will not be "too easy to hack", and it will
work. It will be _very_ popular with software vendors. Whether it is
popular with users will depend on whether the software vendors drop the
licensing costs to match the higher payment rates. If they do it will be
very popular with users too.
If you really are worried about your machine having a unique Id., I suggest
that you remove the Ethernet adapter. That has a unique Id., and I know of
at least one software protection scheme that uses those Id.s. That is
equally open to privacy abuse. It was less useful for software protection
as means of reading the Id.s varied considerably according to the make and
model of the card. However I think the plug-and-pray peripheral standard
may have changed that.
Ian
---
The above e-mail address is temporary and will be discontinued presently
see http://www.bifroest.demon.co.uk/address.html for a current address
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Metaphysics Of Randomness
Date: 27 Jan 1999 14:58:49 -0500
In article <[EMAIL PROTECTED]>,
Medical Electronics Lab <[EMAIL PROTECTED]> wrote:
>R. Knauer wrote:
>>
>> It just occured to me after finishing Chaitin's new book, "The
>> Unknowable", that perhaps one reason people insist on using
>> statistical tests to characterize numbers as random - which we know is
>> incorrect for purposes of crypto - is that one can presumably
>> characterize certain numbers by such means, but only if they are
>> infinite in length.
>>
>> One might be tempted to say that if a very large number is
>> characterized as random by statistical methods, then it is "almost"
>> perfectly random. But as I understand it, that is a error in
>> judgement. If the numbers you are using are finite, then the only way
>> you can decide if they are random for purposes of cryto is to
>> characterize the generator that produced them.
>
>I'm confused. How else other than statistics can I tell if a
>TRNG is working? The stats certainly tell me when it's *not*
>working!
>
>You need to know several things to be reasonably confident that
>bits are random. 1) the circutry and equipment are what you
>designed, 2) everything is shielded from outside influence and
>3) the stats say "it still looks random".
>
>A user of a piece of equipment can inspect 2, but they only
>have statistics to tell them if the RNG is actually working.
Yes. But if they *only* have the stats and can't check the
design and the shielding, then the stats don't mean much.
>The truely paranoid should have an o'scope tho! :-)
Absolutely. Or those who are going to be assuring others
that the system works.
-kitten
------------------------------
From: Mr. Tines <[EMAIL PROTECTED]>
Subject: Re: RC4 question
Date: 27 Jan 1999 20:51 +0000
###
On Wed, 27 Jan 1999 13:05:07 -0600, in
<78nkst$kdn$[EMAIL PROTECTED]>
"Hai Huang" <[EMAIL PROTECTED]> wrote.....
> I am a newbie in encryption. I downloaded a source code for rc4
encryption,
> and compiled it under Borland c++5.0.
>
> I run the program by type in "rc4 4432411432 <sample.txt >sample1.txt",
and
> the program give me a new file called sample1.txt which contains the
> encrypted information. But how do i decrypt sample1.txt back? I tried
to
> type in "rc4 4432411432 <sample1.txt >sample2.txt", and sample2.txt
contains
> only a fraction of the original data in sample.txt. I don't know what is
> wrong with it. Can anyone tell me what i did wrong? Thanks in advance.
stdin is an ASCII-based stream; and the character control-Z
is recognised as an end-of-file marker in such streams under
DOS. Your decryption will have run up to the first such
character in the ciphertext input. You'll have to use an
explict file name and open and read from the FILE *, or
apply some ASCII armouring to your ciphertext.
-- PGPfingerprint: BC01 5527 B493 7C9B 3C54 D1B7 248C 08BC --
_______ {pegwit v8 public key =581cbf05be9899262ab4bb6a08470}
/_ __(_)__ ___ ___ {69c10bcfbca894a5bf8d208d001b829d4d0}
/ / / / _ \/ -_|_-< www.geocities.com/SiliconValley/1394
/_/ /_/_//_/\[EMAIL PROTECTED] PGP key on page
### end pegwit v8 signed text
a26e3fa359cacf972115115f310065491ceff7709c3ac4952ad60af8ae0b
dae01ec05084177ea0542ebeea45b5ce80c736ed11b1d4bc0d696c7d1202
------------------------------
From: Mr. Tines <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,comp.security.pgp.discuss
Subject: FUDwatch - BBC Radio 4 last night
Date: 27 Jan 1999 21:47 +0000
###
I caught a brief snippet on BBC Radio 4 last night which
sounds like someone is trying to massage public opinion
in advance of the GAK-ish proposals we've been hearing
rumour of - a brief comment about "Criminals logging on
to the internet and hiding their activities with codes
that take weeks to crack"
-- PGPfingerprint: BC01 5527 B493 7C9B 3C54 D1B7 248C 08BC --
_______ {pegwit v8 public key =581cbf05be9899262ab4bb6a08470}
/_ __(_)__ ___ ___ {69c10bcfbca894a5bf8d208d001b829d4d0}
/ / / / _ \/ -_|_-< www.geocities.com/SiliconValley/1394
/_/ /_/_//_/\[EMAIL PROTECTED] PGP key on page
### end pegwit v8 signed text
b22e226694ce35a7c614937a3ef92f3b30e7606e36668091beb3968b1460
d1e16a3b8255b779fe93594be56a100ef7806d036c623fe7d25ce6293ef0
------------------------------
From: [EMAIL PROTECTED] (Jim Dunnett)
Subject: Re: Random numbers from a sound card?
Date: Wed, 27 Jan 1999 21:38:38 GMT
Reply-To: Jim Dunnett
On Wed, 27 Jan 1999 16:44:40 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>R. Knauer wrote:
>>
>> On Wed, 27 Jan 1999 14:56:34 +0100, Mok-Kong Shen
>> <[EMAIL PROTECTED]> wrote:
>>
>> >But to say there IS (in the sense of EXISTS) something
>> >perfect can be misleading.
>>
>> Does a Perfect Circle EXIST?
>>
>> If you say is does, is that misleading?
>
>If the word 'IS' is employed in a context without the connotation
>of 'EXISTS' then it is NOT misleading, otherwise it IS misleading.
It depends on what the meaning of 'is' is. 8)
--
Regards, Jim. | I would be happy to see the devil's
olympus%jimdee.prestel.co.uk | buttermilk banned from Society.
dynastic%cwcom.net |
nordland%aol.com | - Iain Paisley, discussing Guiness.
marula%zdnetmail.com |
Pgp key: wwwkeys.uk.pgp.net:11371
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: My comments on Intel's Processor ID Number
Date: Wed, 27 Jan 1999 22:00:01 GMT
In article <[EMAIL PROTECTED]>,
"Trevor Jackson, III" <[EMAIL PROTECTED]> wrote:
> Roger Schlafly wrote:
>
> > Bruce Schneier wrote in message <[EMAIL PROTECTED]>...
> > >I wrote a column on Intel's Processor ID number for ZDNet. You can
> > >read it at:
> > >
> > >http://www.zdnet.com/zdnn/stories/comment/0,5859,2194863,00.html
> >
> > Your analogy is to a national ID number which is on a card that no
> > one examines. Hence it is useless for identification, you argue.
> >
> > But that is almost precisely what we have. I have a Social Security
> > number, but I have never shown my card to anyone because I lost
> > it long ago. And yet my SSN is still used for identification.
>
> There are two interpretations of the phrase "used for ID". One is proof
> of ID and the other is uniqueness of ID. He is using the former in the
> sense of authentication. You are using the latter in the sense of
> labeling.
>
>
My social securtiy fits more in line with the way the government
really does things. THEY FUCKING LIE.
on the bottom of my card it says
"FOR SOCIAL SECURITY AND TAX PURPOSES-NOT FOR IDENTIFICATION"
I like to point this out and show the card when I get asked
in person to use my ID I argue in vain that it is illegal to
use it for identification which was the real main purpose for
its intorduction and if your younger than me the new id cards
do not have this caption on the bottom.
David Scott
http://cryptography.org/cgi-bin/crypto.cgi/Misc/scott19u.zip
http://members.xoom.com/ecil/index.htm
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Inforamtionpool sas&chiffrier
Date: Wed, 27 Jan 1999 22:00:51 GMT
[EMAIL PROTECTED] () wrote, in part:
>However, the diagram shows a diode matrix as a separate component:
No, that was for the Enigma-like rotor machine.
John Savard
http://www.freenet.edmonton.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Japanese Purple encryption
Date: Wed, 27 Jan 1999 21:28:05 GMT
John,
Thanks.
I am particularly interested in the
Siemens & Halske Geheimschreiber. Do you know
if any of these machines exist, and if there is
an antique market for such machines?
How many of them were made, also Enigma machines.
===========================================================
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> [EMAIL PROTECTED] wrote, in part:
>
> >Does anyone know of an software emulator to illustrate
> >the algorithm used in the Japanese WWII purple cypher?
> >If not, can someone explain the algorithm used?
>
> Try:
>
> http://members.xoom.com/quadibloc/ro020304.htm
>
> or
>
> http://www.freenet.edmonton.ab.ca/~jsavard/ro020304.html
>
> John Savard
> http://www.freenet.edmonton.ab.ca/~jsavard/index.html
>
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Random numbers generator and Pentium III
Date: Wed, 27 Jan 1999 22:16:22 GMT
In article <[EMAIL PROTECTED]>,
> I don't think
> anyone knows what "really random" is tho.
>
> Patience, persistence, truth,
> Dr. mike
>
According to my girlfriend, true randomness is me.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Metaphysics Of Randomness
Date: Wed, 27 Jan 1999 22:49:09 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 27 Jan 1999 12:46:21 -0600, Medical Electronics Lab
<[EMAIL PROTECTED]> wrote:
>I'm confused.
Join the club - many people are confused about random numbers in
crypto.
Even when you think you know everything about randomness, something
else comes along to figure out. That's what makes it fun.
>How else other than statistics can I tell if a
>TRNG is working?
You can't - unless you diagnose the hardware and find it is out of
spec. A good design will have these diagnostics built in.
When I did experimental physics for a living, I always calibrated my
equipment before a run. If you did not, it was certain suicide. The
inherent tendency of all equipment is to give incorrect results - the
Murphy's Law of experimental science. if you were not on top of it,
you were in for a sad time later.
>The stats certainly tell me when it's *not* working!
No! The only thing that tells you a TRNG is not working is its
internal diagnostics.
Now, I maintain that because of special characteristics of digital
circuits, there are two very common faults - a shorted outut and a
floating output that is pulled up. Those conditions will produce
pathological sequences, namely all 0s or all 1s respectively. I
maintain that you can shut the TRNG down for maintenance when that
happens with out affecting its random output characteristics when you
restart it after you fix it. After all, there is no starting point -
any beginning for output is valid. So shutting it down in those
special cases does not affect the security of the TRNG.
>You need to know several things to be reasonably confident that
>bits are random.
>1) the circutry and equipment are what you
>designed, 2) everything is shielded from outside influence and
I agree fully with those 2 criteria.
>3) the stats say "it still looks random".
That is fundamentally wrong. Since all possible sequences can be
generated by a TRNG, there are no particular sequences that are not
random. Therefore those that don't "look random" are actually random
if they are generated by a TRNG.
There are no sequences that a TRNG outputs that "look random". All
finite length outputs of a properly operating TRNG are random - ALL
finite sequences, each and every one of them without exception.
Your statistical notion of randomness only applies to infinite length
strings. I believe that is called the law of large numbers, but I
could be wrong - it's been a long time since I studied statistical
mechanics.
>A user of a piece of equipment can inspect 2, but they only
>have statistics to tell them if the RNG is actually working.
Wrong! I will concede only those two pathological sequences above. All
other (finite) sequences are valid random numbers even if they don't
pass any statistical tests.
As I pointed out in an earlier post, statistical tests only work on
infinite numbers. You cannot use them to characterize the randomness
of finite length numbers.
>Chances are they don't have logic analyzers and o'scopes to
>check the RNG themselves (1).
Then they have no business building a TRNG.
If anyone ever buys a TRNG, make the seller show you the design, the
tests, the built in diagnostics, the workbench of the R&D group, etc.
That's what is required in industry, so it should be your requirement
too.
Otherwise just use ROT13 and save yourself a lot of expense.
>As a user, stats are all you have,
But that does not make then valid.
You do see how illogical your statement is, don't you?
>so I don't see how it's an "error in judgement" to use
>that to determine if your RNG is still working.
They don't tell you anything. That alone should be enough to know that
it's an error in judgement to use them - they don't work at all!
>The truely paranoid should have an o'scope tho! :-)
Having designed digital equipment myself, I can't imagine any digital
circuit designer worth his salt without one, paranoid or not. It would
be like an auto mechanic without wrenches.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random numbers from a sound card?
Date: Wed, 27 Jan 1999 23:01:14 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 27 Jan 1999 12:02:38 -0600, Medical Electronics Lab
<[EMAIL PROTECTED]> wrote:
>> To 'just look' is certainly not ensuring (compare watching a
>> magician pulling rabits out of his hat). We have to ascertain
>> how 'random' the sequence we get really is. And that's one of
>> the real and big problem for the practice.
>Which is what makes this whole discussion so much fun.
Then you're a masochist. :-)
Once you catch on to all this, you will see why.
>DIEHARD
>and Diaphony and autocorrelation all measure "random" in a slightly
>different way.
Those things don't measure the crypto-grade randomness of finite
numbers at all. They try to make inferences about the generator from
finite samples, which is useless for purposes of crypto. They will
pass the outputs of PRNGs that can be cracked.
We need an update to the Snake Oil FAQ desperately!
>If the output of a TRNG appears random to all those
>tests, we can say it "looks" random.
Just what makes a finite number produced by a TRNG "look random"?
Why do you thing that characteristics that apply only to infinite
numbers can also apply to finite ones with equal certitude?
What does "vanishingly small" mean to you?
>It is "perfect" as far as we can measure.
That measure is worthless for crypto-grade random numbers.
> Isn't that good enough?
Nope. Not even close.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random numbers from a sound card?
Date: Wed, 27 Jan 1999 23:04:32 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 27 Jan 1999 21:38:38 GMT, [EMAIL PROTECTED] (Jim
Dunnett) wrote:
>>If the word 'IS' is employed in a context without the connotation
>>of 'EXISTS' then it is NOT misleading, otherwise it IS misleading.
>It depends on what the meaning of 'is' is. 8)
Hey, is there an echo in here? :-)
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
