Cryptography-Digest Digest #6, Volume #9 Sat, 30 Jan 99 13:13:03 EST
Contents:
Re: RNG Product Feature Poll (R. Knauer)
Re: Random numbers generator and Pentium III (R. Knauer)
Re: Random numbers from a sound card? (R. Knauer)
Re: Random numbers generator and Pentium III (R. Knauer)
Re: Shattered Dreams (rosi)
Re: Shattered Dreams (rosi)
Re: Shattered Dreams (rosi)
Re: Shattered Dreams (rosi)
WORDPERFECT 6.1 PASSWORD ("Javier hans master")
Re: Some simple questions on ECC implementation (Robert Harley)
Re: Who will win in AES contest ?? (David Hamilton)
Re: Washington, a DES based cipher. (wtshaw)
Re: Random numbers generator and Pentium III (R. Knauer)
Re: hardRandNumbGen (Kurt Wismer)
Re: *** Where Does The Randomness Come From ?!? *** ("Tom Norback")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: RNG Product Feature Poll
Date: Sat, 30 Jan 1999 14:15:22 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 29 Jan 1999 18:39:10 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote:
>As I see it, the main opportunity for statistical testing comes
>*before* the output decision is made. We can compare the raw
>randomness to what we expect from the theoretical source. We can use
>that data to optimize the machine.
Indeed! That is exactly how one proves up a radioactive TRNG - by
measuring the radioactive decay itself to make sure the system is
working as expected. If the decay measuring apparatus is not properly
tuned, you will get incorrect results, it must be tested as part of
the setup procedure. And since electronics can drift, it needs to be
tested periodically.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random numbers generator and Pentium III
Date: Sat, 30 Jan 1999 14:26:07 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 29 Jan 1999 19:59:52 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>Correct. We label the "just know" information as unscientific and the result of any
>rigorous investigation, major or minor, as scientific. The reason we apply these
>lables is that the "just know" information is not objectively verifiable or
>repeatable. The purpose of a scientific investigation is to render the reslts
>objectively verifiable and/or repeatable.
There is another element to scientific investigation, and that is to
find a reason for why something happens. The ability to reduce a
seemingly random process algorithmically is at the heart of finding
reasons for its occurance.
In this example here, it is not enough to discover a test to decide on
poison or not. It is required that a reason be found for why some
mushrooms are poisonous and some are not.
>Sure it's valid. I'd eat mushrooms on the advice of an experienced cook. But it is
>not scientific.
You wouldl not eat the mushrooms if the cook couldl not give a valid
reason for why he claims that they are not poisonous. If he does not
have a reason, then he is just guessing - and this could be your
unlucky day.
If someone handed you a revolver with only one cartridge in it, and he
told you it was perfectly safe to put it to your head and pull the
trigger, wouldn't you want to know his reason for saying it was
perfectly safe? If he told you he knew it was perfectly safe because
he can see the bullet from the front of the cylinder and it is not in
the firing position, you would accept that as proof that the gun was
safe. But if he did not offer a valid reason, you would not accept his
claim of perfect safety - at least not scienfically.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random numbers from a sound card?
Date: Sat, 30 Jan 1999 14:51:49 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 29 Jan 1999 08:38:00 -0700, "Tony T. Warnock"
<[EMAIL PROTECTED]> wrote:
>Champernowne's number is the simplest example:
>1,10,11,100,101,110,111,...=11011100101110111.... It is easy to prove that
>all k-bit patterns have the proper frequency. This is all that is needed
>for normality. (The concept of normality was introduced by Borel about
>1909.) The digits of a normal number satisfy the strong law of large
>numbers, that is, 1/2 ones, 1/2 zeros, 1/4 00's, 1/4 01's, 1/4 10's, 1/4
>11's, ..., 1/1024 1101101101's, etc.
>The problem is that the strong law of large numbers is not very strong. In
>Champernowne's number, the excess of ones over zeros grows as N/log(N) for
>N bits. The ratio goes like 1/2+1/log(N), really slow. The dispersion is
>also not correct. The law of the iterated logarithm fails for all these
>sequences.
In re-reading this I spotted something I do not understand. You state
that for the Champernowne number "all k-bit patterns have the proper
frequency". I assume that is true for k = 1, one of the possible
values for k.
Then you say that in Champernowne's number there is an "excess of ones
over zeros". How can that be if "all k-bit patterns have the proper
frequency"? The "proper frequency" for k = 1 as described by you: "The
digits of a normal number satisfy the strong law of large numbers,
that is, 1/2 ones, 1/2 zeros".
How come you state that Champernowne's number has an "excess of ones
over zeros"?
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random numbers generator and Pentium III
Date: Sat, 30 Jan 1999 14:54:18 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 29 Jan 1999 20:30:00 -0500, "Kazak, Boris" <[EMAIL PROTECTED]>
wrote:
>In all the heated discussion about "statistical" randomness
>versus "crypto-grade" randomness one crucial thing appears
>never to be said in open. We generate the random numbers not
>for our own fun, but with a PURPOSE...
And the purpose has been clearly stated here several times recently.
The stated purpose for generating crypto-grade random numbers is to
satisfy the requirements of the proveably secure OTP cryptosystem.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: rosi <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.theory
Subject: Re: Shattered Dreams
Date: Sat, 30 Jan 1999 10:02:32 -0800
If you would like to catch the eye and ear of the mathematics
and science community, do the following.
Matt wrote:
> (A copy of this message has also been posted to the following newsgroups:
> sci.crypt, sci.math,comp.theory)
>
> [EMAIL PROTECTED] wrote:
>
> > Main focus: If NDTM is realizable, coNP=NP.
>
> This is FALSE, regardless of what you mean by "realizable."
>^^^^^^^^^^^^^^^^^
In this one single statement, dear Matt, you introduced an ABSOLUTE
falsehood and one totally unsupported claim. If we can introduce things
in this fashion, math will be rish in no time!
Maybe it is good that you switch from claiming and 'proving' P!=NP
to claiming and 'proving' coNP!=NP.
This is not an insult to logic but a compliment.
Liked through quiescence.
Come on, logic community. Come on!
------------------------------
From: rosi <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.theory
Subject: Re: Shattered Dreams
Date: Sat, 30 Jan 1999 10:04:33 -0800
Matt wrote:
> This is because the meaning of "solve" is different when talking about
> nondeterministic algorithms. This has been explained to you in many
So it does depend on what the word solves solves.
This is not an insult to mathematics but a compliment.
Lauded through quiescence.
Come on, mathematics community. Come on!
------------------------------
From: rosi <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.theory
Subject: Re: Shattered Dreams
Date: Sat, 30 Jan 1999 10:05:20 -0800
Matt wrote:
> No Turing machine actually "exists" in the sense that it can be built,
> physically, in real life. For one thing, part of the definition of the TM
> is that it has infinite memory. This is why I have called turing machines
> "theoretical concepts."
>
> However, just because it does not physically exist (this is what I meant
> by "theoretical") doesn't mean that it is not well-defined.
>
> Both NDTMs and DTMs "exist," but only on paper. These conceptual Turing
> machines can be used to create algorithms for real computers. However, in
> the case of the NDTM, these deterministic algorithms do not have the same
> order of growth as their nondeterministic counterparts. TIME(x) does not
> mean the same thing as NTIME(x).
>
Lost me completely.
(E.g. these deterministic ... NDTM is deterministic?)
Get clear about concept, theory and hypothesis. I asked you to show
us the difference you know about NDTM and DTM in terms of the three. I
see you 'conveniently' skipped hypothesis.
Get to know Turing's Thesis and read my Argument carefully before
you comment. I laid down the scope of my discussion very clearly.
> "What is a NDTM useful for?" An NDTM which solves X in polynomial time is
> useful for writing a program to solve X in exponential time.
Which book is this from? Or your theory?
I told you that _YOURS_ (meaning the one you guys adopt) can not even
solve SS within exponential time! Sorry, listening ability.
(In case you later find yourself trapping yourself: to solve SS is
NOT to solve an instance.)
I trust you. 'in polynomial time' is for 'in exponential time'.
Anybody still not clear?
This is not an insult to mathematics but a compliment.
Loved through quiescence.
Come on, mathematics community. Come on!
------------------------------
From: rosi <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.theory
Subject: Re: Shattered Dreams
Date: Sat, 30 Jan 1999 10:01:13 -0800
Can any one please help me with contacting experts in complexity
theory or any expert in whatever branch of mathematics who might be
interested in the question: coNP?=NP?
In particular, I would like to get to know from the authors of
"Handbook of Applied Cryptography" concerning their exact meaning
of P and NP and certificate, as well as NP by certificate.
If you would like to give me their e-mail addresses, I would
greatly appreciate it.
Thank you very much in advance.
--- (My Signature)
P.S.
Dear Matt, thank you for your cc'ing on to me your last post,
and I would not have known it otherwise (as I mentioned that
posts sometimes get purged in three or four days and I can not
devote all my time to 'significant' questions but have to deal
with worldly stuff. I have a family to feed.)
I ask for help is because I can no longer know who knows what.
Some people are modest, saying they are not gurus. Then when you
listen to them lecturing, you tend to believe they are honest
and truthful.
I ask for help is because I have a logical difficaulty as well.
I believe coNP?=NP was claimed to be an interesting problem by
at least quite a few (me too, only that I do not see it as
important). Now I show that coNP=NP, we neither got 'jsut trivia'
nor 'a hard problem solved'. Some say that they do not understand
me, so they understand 'to solve is not to solve' and all that?
Then listening to those lectures, it seems to me that those modest
people seems to say that they can easily prove (1+2), but they
seem unable to get 1+2=? (Or they might mean it is trivial to prove
(1+1) but they can not get 1+1=????)
Totally confused!
I take this opportunity to thank people who helped me with my
other question concerning the purge frequency of posts in news
groups (namely sci.crypt). A few I tried to thank by replying to
the e-mail sent to me, but my replies were bounced back. Anyway,
my thanks (without mentioning your names as your private e-mail
may indicate you wuold like your names to be confidential.)
------------------------------
From: "Javier hans master" <[EMAIL PROTECTED]>
Subject: WORDPERFECT 6.1 PASSWORD
Date: Fri, 29 Jan 1999 18:26:47 +0100
Please, i've forgotten the password of a wordperfect 6.1 document, how can I
get it?????
Is it possible?????
i would thank if you reply to my mail address at
[EMAIL PROTECTED]
thanks
(delete "deletethis" from the mail adress for get the rigth adress, thanks)
------------------------------
From: Robert Harley <[EMAIL PROTECTED]>
Subject: Re: Some simple questions on ECC implementation
Date: 30 Jan 1999 16:58:30 +0100
"Pedro F�lix" <[EMAIL PROTECTED]> writes:
> I would like to extend the library to support ECC, so I have some few
> questions:
>
> 1.What are the most used GFs in ECC: GF(2^m), GF(p) or GF(p^k)? (with p
> prime >2), and what are the ranges of m, p and k (for a security equivalent
> to 1024-bit RSA).
Most used? Who knows. None are used much. But if you want to do it
right, pick a large field at random. At random means that it will
almost certainly be of the form GF(p). The prime p should be
something like 200 or 300 bits long.
Then pick a curve at random i.e., random coefficients a and b in y^2 =
x^3+a*x+b. Then check various sanity conditions (discriminant non
zero, number of points divisible by a large prime etc).
The hardest part is likely to be counting points but you only have to
do it initially to choose your curve. Avoid the temptation of picking
a field of special form and/or a curve of special form. That may make
counting points easy but it is lunacy as far as security is concerned.
> 2.What are the "best" references [...]
No idea.
> In this point I'm specially interested on
> the equivalent of the Montgomery residues over the fields GF(2^m) and
> GF(p^k) (If such thing exist, which I think it does).
Sure they do. But for 2^m or p^k you can pick an irreducible
polynomial that is very sparse so that reducing modulo it goes very
quickly anyway. Over GF(p) you can use Montgomery's trick as usual.
Rob.
------------------------------
From: [EMAIL PROTECTED] (David Hamilton)
Subject: Re: Who will win in AES contest ??
Date: Sat, 30 Jan 1999 14:28:37 GMT
=====BEGIN PGP SIGNED MESSAGE=====
[EMAIL PROTECTED] wrote:
(snip insults ... which means snip all)
David A. Scott continues to demonstrate his fear of answering cryptography
questions that are based on his postings, assertions and claims ... because
his only answers are insults. The reason for David A. Scott's fear is that he
understands what his answers will demonstrate about him.
David Hamilton. Only I give the right to read what I write and PGP allows me
to make that choice. Use PGP now.
I have revoked 2048 bit RSA key ID 0x40F703B9. Please do not use. Do use:-
2048bit rsa ID=0xFA412179 Fp=08DE A9CB D8D8 B282 FA14 58F6 69CE D32D
4096bit dh ID=0xA07AEA5E Fp=28BA 9E4C CA47 09C3 7B8A CE14 36F3 3560 A07A EA5E
Both keys dated 1998/04/08 with sole UserID=<[EMAIL PROTECTED]>
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
Comment: Signed with RSA 2048 bit key
iQEVAwUBNrMVVMo1RmX6QSF5AQHr4wgAkJeHTMpdcFknEjSgiuE4LIMO/O4QTocT
YlTn9tbR4lITJ13YLf+TS9H7XHFeb2hLR2deXmkPHuwUuZZjzzP9fuHsihzfaNHg
Pj9qjRuNbK8ZXXXEYrZaR/By3lM/coXeboG4WafNnOlRHOpdcY3rmuE2RBvgUac3
BgDKxbg6nyiKTF8WTZDwvum709tRCaDKaYwOsA59T+jlw0u0LpuyNlVikYvS5E5s
SqZOwkSM/xfoU00a3GVwd7NYq6BXDds7Qy7MHCagd05GTbd1lKTIMGyGONvESL8W
MzR8D/jQq3M87Djcyhy90RQn2UxEl0Y3yzA4B8kmwACN16by5sfvtA==
=tLc9
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Washington, a DES based cipher.
Date: Sat, 30 Jan 1999 09:44:11 -0600
>Build ciphertext by getting 64 bits from each DES encryption,
64+64+64=192. If
>you desire output in base 64, you get 64, or 21 1/3 from each DES block.
oops, that should have been 32 characters, or 10 2/3 from each DES block.
--
A much too common philosophy:
It's no fun to have power....unless you can abuse it.
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random numbers generator and Pentium III
Date: Sat, 30 Jan 1999 16:39:36 GMT
Reply-To: [EMAIL PROTECTED]
On Sat, 30 Jan 1999 10:18:27 -0500, "Kazak, Boris" <[EMAIL PROTECTED]>
wrote:
>> The stated purpose for generating crypto-grade random numbers is to
>> satisfy the requirements of the proveably secure OTP cryptosystem.
>Agreed without objection. This is precisely why unguessability by
>the opponent comes first, and statistical properties come second.
My problem with statistical properties goes deeper than that.
Statistical properties are inadequate for determining proveable
security, and therefore have no value whatsoever. What possible good
are statistical tests that can pass a non-secure PRNG?
The fact is that their use leads to a false sense of confidence, which
is the surest way to have problems with crypto.
Bob Knauer
"I place economy among the first and most important virtues and
public debt as the greatest dangers to be feared. We must not
let our rulers load us with perpetual debt."
--Thomas Jefferson
------------------------------
From: [EMAIL PROTECTED] (Kurt Wismer)
Subject: Re: hardRandNumbGen
Date: Sat, 30 Jan 1999 17:15:11 GMT
Patrick Juola ([EMAIL PROTECTED]) wrote:
: In article <[EMAIL PROTECTED]>,
: Kurt Wismer <[EMAIL PROTECTED]> wrote:
: >R. Knauer ([EMAIL PROTECTED]) wrote:
: >: Learn what crypto-grade randomness is. The concept is deceptively
: >: simple once you understand it. But first you have to give up all other
: >: definitions of randomness from other fields like statistics.
: >
: >: The key to understanding is that randomness depends on the generation
: >: process, not the numbers themselves. The number 000...0 fails all
: >: sorts of statistical tests, but can be a random number if it is
: >: generated by a TRNG. Until you analyze the method of generation, you
: >: cannot know.
: >
: >this is the definition i've used for years... strangely, nothing i ever
: >learned in statistics ever suggested i was wrong...
: Possibly because it isn't. 8-)
: On the other hand, it also looks suspiciously like the result of
: an incompetent engineer *trying* to build a RNG.
: Which is it? Your call. You know the engineers that you hired....
the null output you mean?
i can't know simply by looking at the output... statistical tests can be
diagnostic and suggest whether bias was unintentionally introduced... if the
generator is relatively cheap i might ask the engineers (or maybe a
different group of engineers) to build another to see if it behaves
similarly... might also want to have group go over the first one with a
fine tooth comb to make sure it meets design specifications...
it may be that the design is prone to errors in implementation, in which
case it should be redesigned (at least if the rng is meant for large
scale production)... it might also be a statistical anomaly... i don't
see any foolproof method of verifying that the trng is indeed a trng,
however...
--
"some speak the sounds but speak in silent voices
like radio is silent though it fills the air with noises
its transmissions bring submission as ya mold to the unreal
mad boy grips the microphone wit' a fistful of steel"
------------------------------
From: "Tom Norback" <[EMAIL PROTECTED]>
Crossposted-To: sci.skeptic,sci.philosophy.meta
Subject: Re: *** Where Does The Randomness Come From ?!? ***
Date: Sat, 30 Jan 1999 18:06:33 GMT
Marty Fouts wrote in message ...
>
>My personal definition is 'effect without cause'. Using the
>formulation we were discussing before, If a system has a configuration
>C_n followed by a configuration C_(n+1) and there exists no F such
>that C_(n+1) = F(C_n) (other than an F which trivially enumerates
>states as successors) then C_(n+1) 'had no cause', and is a truely
>random state.
>
QM does deny the possibility of a function such as F. This is not the same,
however, as saying that C_(n+1) has no causal relation to C_(n) or that
C_(n+1) is a random state. What QM suggests is that the future is
underdetermined (not "undetermined") by the past. Every configuration
C_(n+1) does indeed have its efficient cause in C_(n). But C_(n) does not
necessitate one particular C_(n+1).
It may be that likening reality to a system with discrete configurational
states introduces difficulties into our analysis.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
