Cryptography-Digest Digest #4, Volume #9 Sat, 30 Jan 99 02:13:05 EST
Contents:
Re: some brief questions (David A Molnar)
Recluse Creates Encryption-Based Imagery (JTyburczy)
Re: Random numbers from a sound card? (R. Knauer)
Re: hardRandNumbGen (R. Knauer)
Re: hardRandNumbGen (R. Knauer)
Re: Random numbers generator and Pentium III (R. Knauer)
Re: Random numbers generator and Pentium III (R. Knauer)
Re: Random numbers generator and Pentium III (R. Knauer)
Re: Idea for plaintext steganography ("Michael A. Greenly")
Re: *** Where Does The Randomness Come From ?!? *** (Ron Cecchini)
Shattered Dreams (rosi)
Re: Smaller RC6 (handWave)
need help to solve - JJ (WTNJS)
need help to solve this question (WTNJS)
Re: My comments on Intel's Processor ID Number ("R H Braddam")
----------------------------------------------------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: some brief questions
Date: 30 Jan 1999 02:10:55 GMT
David A Molnar <[EMAIL PROTECTED]> wrote:
> Ciphertext is supposed to look random. It's not, of course, because it's
> generated by algorithmic means and as we all know from von Neumann, this
> is a "state of sin." In the best case, the ciphertext is
> indistinguishable from random data without the key.
> This is actually kind of interesting, since you will see
> papers which talk about security in terms of how long it
> will take a machine to distinguish ciphertext from a
> random string. That, or the probability of
distinguishing a bit from some random bit in a string
are what occupy some proofs of security. I'm not
completely comfortable with it yet, but it
is quite interesting..
------------------------------
From: [EMAIL PROTECTED] (JTyburczy)
Subject: Recluse Creates Encryption-Based Imagery
Date: 30 Jan 1999 02:35:19 GMT
Rural savant challenges classical neuroscience with new 'fractile' image
process. Challenged by experts. Story at:
http://members.aol.com/jrubu/noyes.htm
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random numbers from a sound card?
Date: Sat, 30 Jan 1999 03:09:39 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 29 Jan 1999 08:38:00 -0700, "Tony T. Warnock"
<[EMAIL PROTECTED]> wrote:
>Normality is certainly necessary but not sufficient. It's a good start.
>More than normality is needed. I can give you many normal numbers but none
>of them are "random."
Are they infinite?
>Champernowne's number is the simplest example:
>1,10,11,100,101,110,111,...=11011100101110111.... It is easy to prove that
>all k-bit patterns have the proper frequency.
Yes, but only if the number is infinite.
>This is all that is needed
>for normality. (The concept of normality was introduced by Borel about
>1909.) The digits of a normal number satisfy the strong law of large
>numbers, that is, 1/2 ones, 1/2 zeros, 1/4 00's, 1/4 01's, 1/4 10's, 1/4
>11's, ..., 1/1024 1101101101's, etc.
Chaitin cover this in his papers - for those who want an accessible
reference.
>The problem is that the strong law of large numbers is not very strong. In
>Champernowne's number, the excess of ones over zeros grows as N/log(N) for
>N bits.
Is that really a problem? Whoevewr said that bias was an intrinsic
property of infinite random numbers?
>The ratio goes like 1/2+1/log(N), really slow. The dispersion is
>also not correct. The law of the iterated logarithm fails for all these
>sequences.
This what I like about the Internet in general, and Usenet forums like
sci.crypt in particular. There is always someone who knows the
something about something - someone who is willing to jump in and
expose that.
Without the Truth to seek out, life is completely meaningless. [Cf.
Camus, "The Myth Of Sysiphus" and the concept of "Lucidity".]
Your further elaborations would be most higly regarded by me amd all
the lurkers on sci.crypt. The concept of randomness is fundamental to
an understanding of how we consider Order, the thing which
distinguishes us from dirt. The concept of randomness is at the heart
of Quantum Mechanics, which has incredible predictive value.
>Of course both the above laws (large numbers, iterated logarithm) are
>statistical in nature and do not indicate how difficult it is to guess
>successive bits of a number. Complexity of computation and statistical
>properties are only equivalent in the limit of infnitely many infinitely
>long sequences.
Another excellent contribution to the FAQ on crypto-grade randomness.
But I point out that computational complexity has nothing fundamental
to do with crypto-grade randomness, nor QM. In those realms everything
is possible, even the most simple of sequences. In fact, I believe we
are here because the simpler sequences prevailed.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: hardRandNumbGen
Date: Sat, 30 Jan 1999 03:16:36 GMT
Reply-To: [EMAIL PROTECTED]
On 29 Jan 1999 08:56:25 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>Can you promise yourself that you'll never want to Email yourself a
>copy of Microsoft Word?
I pray every day to the Creator Of The Known Universe that I might be
spared that very trip into Hell.
The problem with the capitalist system is that the people who are in
the best position to make it work, like Bell Labs with their UNIX, do
not bother to support it - and that lets predators like MicroShaft get
the temporary upper hand.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: hardRandNumbGen
Date: Sat, 30 Jan 1999 03:18:06 GMT
Reply-To: [EMAIL PROTECTED]
On 29 Jan 1999 08:59:41 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>>You throw out the suspect bad generators and argue that such a
>>practice is safe. But what is your argument for the generators that
>>you do not throw out?
>That the amount of the bias *that I measured* is less than some
>threshhold. If I can live with that threshhold and I believe that
>no other (untested) source of bias is likely to be present, then
>the cypher is safe to use.
>If I don't believe that -- or the threshhold is too high -- then
>I can't place any reliance on a negative result.
Then you accept bad generators and reject good ones.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random numbers generator and Pentium III
Date: Sat, 30 Jan 1999 03:23:44 GMT
Reply-To: [EMAIL PROTECTED]
On 29 Jan 1999 10:07:36 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>The belief that to be knowledge something must be objectively
>quantifiable is not science, but scientism.
AKA Postivism.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random numbers generator and Pentium III
Date: Sat, 30 Jan 1999 03:22:27 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 29 Jan 1999 14:29:44 GMT, [EMAIL PROTECTED] wrote:
>>>Then let the readers of this group know these and say clearly and in
>>>detail, PLEASE.
>>
>> You have to define "scientifically precise" first.
>
>Pretty strange quibble. Yes, he's got a characterization. A
>scientifically precise one. But he can't give it to us because he
>doesn't think Mok-Kong Shen has defined "scientifically precise". In
>spite of the parenthetical definition that appears in the quoted text.
>And in spite of the fact that he already said "Yes" without asking for
>any further definitions.
>
>Perhaps R. Knauer needs to define what he means by "Yes".
>
>"Yes" = "Oui" = "Wee". R. Knauer makes wee wee on your question.
>"No" = "Know". If he'd said that, it would have meant he knew the answer.
>
> John Briggs [EMAIL PROTECTED]
If there was ever a reason for declaring that this poster is
completely irrelevant to sci.crypt, this post of his is prima facie
evidence.
He was a complete moron last year and is carrying out that genetic
directive even to this day.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random numbers generator and Pentium III
Date: Sat, 30 Jan 1999 03:29:41 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 29 Jan 1999 13:18:18 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>Knauer appears to be failing this test.
Did someone take my name in vain?
I have stated that a crypto-grade random number, defined as one that
is suitable for the proveably secure OTP cyrptosystem, is one that is
generated by a True Random Number Generator (TRNG), which is a device
capable of producing all possible sequences of a given funite length
equiprobably.
If you are going to be a critic, then criticize my statement instead
of wasting everyone's time with cheap ad hominens.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: "Michael A. Greenly" <[EMAIL PROTECTED]>
Subject: Re: Idea for plaintext steganography
Date: Fri, 29 Jan 1999 22:09:02 -0600
Another idea would be to use the number of characters per line. Even
parity is a bit set odd parity is a bit clear. This has the advantage
that it could be applied to existing text. Although there is quite a
bit of expansion.
--
Michael Greenly
[EMAIL PROTECTED]
http://www.pinenet.com/~mgreenly
Kevin G. Rhoads wrote in message
<01be4a6e$1ab85aa0$LocalHost@stupidwin95>...
>Now add Haiku and you'll have something.
>
>Automated Haiku generation is old hat. Computer generated Haiku
>can be fairly reasonable as Haiku (at least to me, I'm no poetry
>expert) and you can use the even/odd number of letters in each
>word (as an example) as your one bit.
>
>Of course, THEY may become suspicious if you start sending
>lots of Haiku all of a sudden (no matter who THEY are for you).
>--
>Kevin G. Rhoads, Ph.D. (Linearity is a convenient fiction.)
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Ron Cecchini)
Crossposted-To: sci.skeptic,sci.philosophy.meta
Subject: Re: *** Where Does The Randomness Come From ?!? ***
Date: Sat, 30 Jan 1999 00:25:20 -0500
[EMAIL PROTECTED] (Bart Lidofsky) wrote:
> > *** Either Randomness does not exist OR the Universe is an Open System.
>
> You have not adequately covered the possibility of true randomness
> in a closed Universe. This is a major topic in scientific philosophy,
> where the tide of opinion is in almost continuous flux.
The first step is to try to *define* "true randomness"!
good luck & good night
ron
------------------------------
From: rosi <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.theory
Subject: Shattered Dreams
Date: Fri, 29 Jan 1999 23:55:15 -0800
I have seen falsehood in politics; I have seen lies in religion; I
have see injustice in legal systems. I HELD mathematics above all that.
When I was a young kid, I wanted to be a king, all powerful and
with loyal knights around me, so that I could ensure justice in the
world. Then one sudden day, all this changed when I heard a small,
somewhat feeble, but nevertheless clear voice:
He's got nothing on!
------------------------------
From: handWave <[EMAIL PROTECTED]>
Subject: Re: Smaller RC6
Date: Fri, 29 Jan 1999 21:06:38 -1000
DJohn37050 wrote:
>
> I may be misunderstanding something but a 32-bit blockcipher is open to text
> attacks after about 2**16 blocks have been encrypted. This is less than 1M.
> Don Johnson
Thank you for raising this feature of RC6-8/4/10.
This vulnerability is not a bug, it is a feature.
Smartcard transactions do not need to involve
large amounts of data. The scenario can limit
any one key to encrypt less than one megabyte.
2**16 is 64k blocks, this is 256k bytes. If each
smart card transaction used 256 bytes of encrypted
data, 1024 transactions could be done with one key
securely. After that a new key would be negotiated
with the bank. The user would have incentive to stay
in touch. And non-smartcard users would not want to use
this algorithm. But before more details of the features are
disclosed, a review of the scenario will be given.
RC6-8/4/10 has a block size with 8 bit words to
make up the four word block. It uses 4 rounds for speed
and selective vulnerability. It uses 10 bytes of key so
brute force attacks by amateur analysts is too difficult.
It is a small, weak version of RC6 which can be implemented
in hardware so non-smartcard users cannot reprogram firmware
for more rounds or wider words. It would be used in Cipher Block
Chaining mode (CBC) using an Initialization Vector (IV) from an
on-chip random number generator. The IV would be encrypted and
sent as the first block of ciphertext. The recipient would
decrypt the IV and use it for CBC mode decryption of the
transaction. An eight bit error correcting code is sent
after each block to correct up to 3 bits of
transmission errors.
The "selective vulnerability" strategy is
used to let skilled cryptanalysts break codes
from the smartcard using techniques which most hackers
would not attempt. In 4 rounds, RC6 achieves diffusion
and bit change propagation that is near to an ideal level,
so unskilled adversaries are baffled by it. With the IV, the
32 bit block size cannot be used to memorize useful code
translations. After one key has been used 1024 times,
the smartcard outputs a warning saying the "key is
worn out". Legitimate users are secure from
any profit-oriented adversary, but may be
observed by intelligence agencies who
have secret methods. This is the
"fuzzy backdoor" concept.
In this way, no key
recovery hardware
is needed that
may weaken it
too much.
The number
of rounds may
be adjusted to 5
or 6 as needed, according
to bank decisions. After all,
bank examiners can see the plaintext
of all credit card transactions. And the
9600 baud IO speed of a smartcard will slow down
some attacks so much that they are useless. For example,
in the RC6 documentation, version 1.1 of August 20, 1998 on
pages 15 and 16, it discusses how many plaintext-ciphertext pairs
are needed to break a reduced round RC6. While they do not address
specifically RC6-8/4/10, they do discuss 20 round and smaller
versions. For 20 rounds they indicate that a key with 128 bits
would require 2^128 pairs of plaintext and ciphertext to figure
out the key. For 8 rounds 2^47 pairs are needed. If 80 bit
keys are used "I figure" about 2^30 pairs are needed for
an 8 round version. At 9600 baud, those 64 billion bits
would take 11 weeks to communicate. So it appears that
4 rounds is insecure. Never mind. Sorry. Bye.
------------------------------
From: [EMAIL PROTECTED] (WTNJS)
Subject: need help to solve - JJ
Date: 30 Jan 1999 05:24:04 GMT
In one of Dorothy Sayers's mysteries, Lord Peter is confronted with the message
shown below. He also discovers the key to the message, which is a sequence of
integers:
787656543432112343456567878878765654
3432112343456567878878765654433211234
message:
I thought to see the fairies in the fields, but I saw only the evil
elephants with their black backs. Woe! how that sight awed me! The
elves danced all around and about while I heard voices calling clearly.
Ah! how I tried to see-throw off the ugly cloud-but no blind eye of a
mortal was permitted to spy them. So then came minstrels, having gold
trumpets, harps and drums. These played very loudly beside me,
breaking that spell. So the dream vanished, whereat I thanked Heaven. I
shed many tears before the thin moon rose up, frail and faint as a sickle of
straw. Now though the Enchanter gnash his teeth vainly, yet shall he
return as the spring returns. Oh, wretched man! Hell gapes, Erebus now
lies open. The mouths of Death wait on thy end.
------------------------------
From: [EMAIL PROTECTED] (WTNJS)
Subject: need help to solve this question
Date: 30 Jan 1999 05:27:14 GMT
In one of Dorothy Sayers's mysteries, Lord Peter is confronted with the message
shown below. He also discovers the key to the message, which is a sequence of
integers:
787656543432112343456567878878765654
3432112343456567878878765654433211234
message:
I thought to see the fairies in the fields, but I saw only the evil
elephants with their black backs. Woe! how that sight awed me! The
elves danced all around and about while I heard voices calling clearly.
Ah! how I tried to see-throw off the ugly cloud-but no blind eye of a
mortal was permitted to spy them. So then came minstrels, having gold
trumpets, harps and drums. These played very loudly beside me,
breaking that spell. So the dream vanished, whereat I thanked Heaven. I
shed many tears before the thin moon rose up, frail and faint as a sickle of
straw. Now though the Enchanter gnash his teeth vainly, yet shall he
return as the spring returns. Oh, wretched man! Hell gapes, Erebus now
lies open. The mouths of Death wait on thy end.
QUESTION : Decrypt this message
------------------------------
From: "R H Braddam" <[EMAIL PROTECTED]>
Subject: Re: My comments on Intel's Processor ID Number
Date: Fri, 29 Jan 1999 23:51:38 -0600
Vernon Schryver wrote in message
<78qm26$d2b$[EMAIL PROTECTED]>...
>
>How does one box "address" the PIII ID number you any
other box? As I
>understand network stuff (I wrote my first code to
make computers talk
>over phone lines in the 1960's), one machine cannot
"address" anything
>in some other machine without some prior agreements.
In recent decades,
>such prior agreements have commonly been called
"protocols." Exactly
>which protocol would be used to pass the PIII ID? No
existing IP (i.e.
>IETF) protocol including HTTP allows random remote
boxes to "address"
>anything in your box without your box's permission, or
if there is such
>a protocol, it is used to fetch things that are more
interesting than the
>serial number of one of your CPU's, such as your
passwords and key rings.
>
It still works the same way it did then. The problem
is, there are too many players in the game. Intel will
make the CPUID and the instruction to retrieve it
available, and Microsoft will use it, probably in a
signed DLL in a subroutine that runs in the most
protected Ring 0 mode. The DLL might also contain other
routines essential for the operation of Windows, and
tampering with it could result in only being able to
run in Safe mode without any I/O drivers loaded. Trust
them to make tampering with the CPUID a very tricky
operation.
Even so, it will be necessary to query your computer
for the CPUID, but it could be done in a way you
wouldn't know about it. One guess would be a session on
a different socket, not part of the "normal" http
session. Different methods for initiating that session
might exist for different requesters like merchants,
banks, servers, and law enforcement agencies.
>Is there any chance that this whole hoohaw is no more
than the simple,
>good idea of machine readable serial number in silicon
but announced
>by Intel marketeeers who think (to use one word) that
"addressing"
>arbitrary contents in remote boxes makes sense without
a whole lot of
>standards committee politics, plenty of code from
programmers at a lot
>of outfits, and at least a few years of elapsed time?
>--
One question is "Who do you trust?". How can you be
sure that the ID feature is really turned off when you
think it is? Maybe you aren't interested in discussion
of controversial subjects, or concerned that your
discussions might be monitored by law enforcement
agencies. Would you consent to a permanent wiretap on
your telephone? Would you consent to all mail being
opened and read by law enforcement agents? My answer to
both questions is NO, and this post may contain a
trigger word which would cause it to be analyzed by an
LEA computer.
>Vernon Schryver [EMAIL PROTECTED]
--
Rick [EMAIL PROTECTED]
Murphy's Law is the only sure thing in the universe.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
