Cryptography-Digest Digest #19, Volume #9 Tue, 2 Feb 99 07:13:03 EST
Contents:
Re: *** Where Does The Randomness Come From ?!? *** (Marty Fouts)
Cracking 128bit (Anonymous)
Re: irrational idea continued (Gregory G Rose)
Re: Washington, a DES based cipher.
Re: Cracking 128bit (JPeschel)
Re: quick newbie question ([EMAIL PROTECTED])
Re: Random numbers generator and Pentium III (fungus)
Re: Cracking 128bit (fungus)
Re: Crypt Info ???? (fungus)
Re: yet another U.S export restriction ques... (wtshaw)
Re: irrational idea continued ("Trevor Jackson, III")
Re: Cracking 128bit (Volker Hetzer)
Re: Fialka Punch Card Speculation (Frode Weierud)
Re: Random numbers generator and Pentium III ("Trevor Jackson, III")
----------------------------------------------------------------------------
Crossposted-To: sci.skeptic,sci.philosophy.meta
Subject: Re: *** Where Does The Randomness Come From ?!? ***
From: Marty Fouts <[EMAIL PROTECTED]>
Date: 01 Feb 1999 21:12:43 -0800
>>>>> Tom Norback pounded silicon into:
>> When Bohr was asked for the complementary property of "truth" he
>> thought about it for a while and then said "clarity".
>>
>> Cool. Do you have a reference for that quote? That's a Bohr-ism
>> I didn't know before and like a lot.
>>
> It's from a footnote in Steven Wienberg's "Dreams of a Final
> Theory". I don't own the book or I'd give you the page number.
> (If I recall, one of the chapters made a remarkably good case for
> reductionism. Other than that I remember thinking that Wienberg
> is clearly a better physicist than a philosopher.)
I've still got my copy, which I didn't finish reading, as I agree with
you about Weinberg. I'll find the footnote, thanks for the pointer.
> As far as your causality/acausality inquiry goes, I think I've
> already said too much. It just seems to me that the C(n)
> formalism implicitly assumes that things can "just exist" when QT
> only seems to allow "existing for".
I'm trying to tighten the C(n) formulism up so that it is clear that
within it 'these MUMBLE' are the conditions that would imply 'just
exist'.
> Like Feynman said, "Science hasn't found any stuff yet."
yup.
--
that is all
------------------------------
From: Anonymous <[EMAIL PROTECTED]>
Subject: Cracking 128bit
Date: 2 Feb 1999 06:30:37 +0100
I had been under the assumption that good 128 bit encryption
would take billions of years to crack.
But then I came across this
http://www.securitydynamics.com/products/datasheets/securpc.html
"...Cracking a single 128-bit RC4 key is an effort costing an
estimated half billion dollars and taking more than six months to
achieve."
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Subject: Re: irrational idea continued
Date: 1 Feb 1999 21:39:22 -0800
In article <795b7b$2bl$[EMAIL PROTECTED]>, almis <[EMAIL PROTECTED]> wrote:
>First: The idea of the square root of a prime is poor because the
>continued fraction of such a number is periodic. Perhaps the cube root
>or a combination of this and a transendental.
>[...]
I have a reprint of a paper entitled "Cryptography
Based on Transcendental Numbers", by Josef
Pieprzyk, Hossein Ghodosi, Chris Charnes and Rei
Safavi-Naini of Wollongong University.
Unfortunately, it doesn't say what journal it has
come from. If you want to follow up, you might
email [EMAIL PROTECTED]
In section 3.1 it says "Algebraic numbers [...]
However the resulting sequences are insecure."
(Algebraic numbers are simply numbers which are
roots of a polynomial equation with integer
coefficients. Obviously square and cube roots are
algebraic, because they satisfy the equations x^2 -
a == 0 or x^3 - a == 0, respectively.
Transcendental numbers are irrational numbers
which are not algebraic.)
Some transcendentals are also subject to the same
attack; examples given include arcsin and log,
with algebraic operands.
They go on to give two examples which are not
subject to the known forms of attack:
1. a^b, where a is an integer > 1 and b is a
"quadratic irrational" (ie. a square root).
2^sqrt(2), for example, is such a transcendental.
2. certain products of terms like in (1), such as
2^sqrt(2) * 3^sqrt(3).
They then give a couple of ways to encrypt using
such numbers, one of which is to use the digit
string as a stream cipher.
So there is more out there about this than you
might think.
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
QUALCOMM Australia VOICE: +61-2-9181 4851 FAX: +61-2-9181 5470
Suite 410, Birkenhead Point http://people.qualcomm.com/ggr/
Drummoyne NSW 2047 B5 DF 66 95 89 68 1F C8 EF 29 FA 27 F2 2A 94 8F
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Washington, a DES based cipher.
Date: 1 Feb 99 04:33:24 GMT
wtshaw ([EMAIL PROTECTED]) wrote:
: Mechanism of Encryption: Taking the plaintext 6 bits at a time, begin
: building three strings of 64 bit each. A Selection Key of AFCEFB would
: mean that bits A and F are assigned to the first string, C and E to the
: second, and F and B to the third.
Actually, this isn't quite enough to get super security at single-DES
speeds, but you're on a profitable track.
: 64!=296 bits, but that would be politically incorrect.
I'm not sure if you mean the key is too long for export restrictions...
or if you mean that 256! would be more politically correct. (More
importantly, it makes more efficient use of the computers we happen to
have handily available.)
But yes, once you do that too, you have obtained, at single-DES speeds,
all the security one might wish for.
Even better, I would suggest having four byte substitutions, and
substituting both before and after the step of distributing the bits
between the three DES encryptions.
Oh, dear. You've given me the idea for a cipher meeting the AES candidate
criteria.
Use just two DES encryptions. Use the ICE method to divide the bits
between the two (with masking, there is no need to use individual
instructions on single bits) - with a four-of-eight code to ensure that
exactly four bits of each byte are swapped.
Use substitutions before and after.
But I think that this kind of thing, under the name of "Fenced DES", has
been discussed before. Terry Ritter has an elaborate construction - my
previous simpler construction was shown to be weak. (Instead of the ICE
method, I tried a PHT, but that doesn't quite work.) ... but on the other
hand, perhaps a bit swap will do what the PHT cannot.
John Savard
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Cracking 128bit
Date: 2 Feb 1999 06:15:31 GMT
>Anonymous <[EMAIL PROTECTED]>writes:
>I had been under the assumption that good 128 bit encryption
>would take billions of years to crack.
>But then I came across this
>
>http://www.securitydynamics.com/products/datasheets/securpc.html
>
>"...Cracking a single 128-bit RC4 key is an effort costing an
>estimated half billion dollars and taking more than six months to
>achieve."
Then you should be safe!
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: quick newbie question
Date: Tue, 02 Feb 1999 05:23:49 GMT
Yeah, try my windoze cryptogram breaker at
http://prawn.resnet.tamu.edu/solver.htm
I'd be grateful for any feedback.
- Alex
>Does anyone know where I can get software that would expidite the solution of a
>subsitution cipher (Letter frequency analysis, dictionary checking, etc...)?
>Preferably dos/win but any will do. Thanks for your time.
>
>B
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: Random numbers generator and Pentium III
Date: Mon, 01 Feb 1999 18:43:26 +0100
"Trevor Jackson, III" wrote:
>
> R. Knauer wrote:
>
> > What statistical test? There is none.
>
> You keep repeating this same falsehood. Please get it straight. The fact
> that there is no statistical test that is sufficient to qualify a sequence
> as random DOES NOT mean that a sequence can be qualified as random without
> passign the necessary statistical tests.
>
So if a finite number fails your test, does that mean it isn't random?
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: Cracking 128bit
Date: Tue, 02 Feb 1999 08:20:55 +0100
Anonymous wrote:
>
> I had been under the assumption that good 128 bit encryption
> would take billions of years to crack.
Correct (for a brute force attack).
> But then I came across this
>
> http://www.securitydynamics.com/products/datasheets/securpc.html
>
> "...Cracking a single 128-bit RC4 key is an effort costing an
> estimated half billion dollars and taking more than six months to
> achieve."
I think "more than six months" is accurate... ;-)
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: Crypt Info ????
Date: Tue, 02 Feb 1999 08:11:10 +0100
Jekman321 wrote:
>
> I have absolutely nothing to hide on my pc, but if I have a love poem to
> my wife stashed on the HD, I feel that it is none of "Big Brothers"
> business (or anyone else's for that matter).
>
Correct.
> There are some exceptions. I am wondering if any encryption software out
> there over 90-bit is subjected to any laws within the US.
>
Only export of software is controlled, not import.
> I have looked into a Swiss company (www.sls.net) that boasts a program
> with a 168-bit encryption algorithm. What I am wondering, is that, do
> these companies have to provide the Commerce Dept. with a key of any sort
> so that Uncle Sammy would have the capabilities to crack the code..??
Nope.
> From the looks of their program (DataGuard), I believe it might be
> worthwhile investment. Can anyone give some insight..??
>
I don't know anything about their program.
How often will you be using the software? How much computer experience
do you have? There are plenty of free programs around which will
probably do the same job. Many of them are regarded by us as better
because they don't hide their algorithms behind "company secrets"
(ther are very few secrets in crytography...) and there are no
clueless marketing men to deal with.
> While doing a small amount of research, I came across a company who
> mentioned or boasted that their software is not susceptible to "Forensic
> Software" attacks. My question is....Can someone give me the "short"
> version of what "forensic" attacks are..??
>
"Forensic attaack" is a buzz phrase invented by the marketing people
of that company. (Short enough?)
> Can Uncle Sammy & the SS obtain my "key" with a "key" retrieval
> program..??
Not if the program is any good.
> Is there anything out there to just prevent OLE Uncle Sammy from
> sticking his nose into my hd, e-mail, or business..?? Or @ least make
> it a serious pain in their ass to have even tried..??
>
Yes, plenty of things (some of them very simple) can make this impossible.
What type of computer and operating system do you have? What kind of
usage are we looking at?
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: yet another U.S export restriction ques...
Date: Tue, 02 Feb 1999 00:47:30 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> Furthermore, it requires that it be implemented in software that cannot be
> altered by any other software in a way that results in stronger encryption.
> Hardware need not apply. Any estimates on how much software fits in this
> category? I personally do not believe in tamper-proof software, but perhaps
> BXA is more up on this than I. (That latter bit was sarcasm, by the way.)
>
It's the same old song and dance that in effect prohibits export of
encryption which results in text available to the clipboard or otherwise.
It would not matter whether it was pasted in or copied out, read from or
written to files. And, how many text oriented software packages do not
use the clipboard, and don't handle files? These features are those that
actually make encryption useful for business purposes.
It all really makes no sense, which seems to the the purpose of it. So
much smoke and so many mirrors are better kept to a sideshow at the
circus.
--
A much too common philosophy:
It's no fun to have power....unless you can abuse it.
------------------------------
Date: Tue, 02 Feb 1999 05:27:49 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: irrational idea continued
almis wrote:
> As an interested amateur i don't respond as often as i should,
> but the responses to 'too simple to be safe' warrent some comment.
>
> First: The idea of the square root of a prime is poor because the
> continued fraction of such a number is periodic. Perhaps the cube root
> or a combination of this and a transendental.
What do yo mean by this comment? The greeks went banans when someone proved
that one and sqrt(2) could not be expressed in the same system as ratios of
integers (i.e., sqrt(2) is irrational). In fact they were so upset with the
prover they wanted to kill him to hide the truth.
In what sense is the continued fraction of sqrt(2) periodic?
>
>
> Second: The algorithm itself affords protection.
> As an example lets expand the cube root of 3 a little.
> k=1.44224957 ...
> The algorithm states that you throw away the leading digit and
> treat the rest as a string of numbers.
> Take each number in turn and turn it into its bit representation.
> That is 4 =>100
> Add this to the key K.
> Take the next number, and do it again. i.e. 4=>100
> Now K=100100
> Contine till the end.
> So K=100100101010010011011101
> Use K and XOR to encrypt your data.
> One can already see the problem.
> Given ciphertext and associated plaintext one easily
> derives the correct key K.
> However the algorithm gives only a partial answer to the question:
> What numbers were used to generate this key ?
> How about 204105004635 ?
> Sure, but this does not match the expansion for the correct integer.
> And there are a lot more...
> This looks enough like a one-way function to warrent further investigation.
>
> Lastly: I await a reprint of a Lenstra article concerning the non-randomness
> of some irrational and trancendental numbers and some ideas on Lattice
> reduction.
> So the issue still remains; given that God has wispered in your ear the
> correct number sequence,
> starting probably at some offset from the begining. Can one find the correct
> integer whose
> cube root was used to generate the sequence?
>
> Some more ideas to mull.
> Given that the irrational space is dense. One can generate any random
> sequence of integers
> and there will exist an irrational number that will expand to the same
> sequence.
By "any sequence of integers" do you mean any finite sequence or any infinite
sequence?
> There also exists an irrational number, A, whose expansion is the string of
> prime numbers.
> That is A=.2357111317...
> It would be nice to know if A can be written in another way, you know, a+SQR
> T(b) or someting
> like that. (i tried a fractional expansion, but it didn't look very
> promising.)
>
> And when all's said and done we still achieve perfection in the one-time
> pad.
> ...al
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Cracking 128bit
Date: Tue, 02 Feb 1999 09:24:15 +0100
Anonymous wrote:
>
> I had been under the assumption that good 128 bit encryption
> would take billions of years to crack.
> But then I came across this
>
> http://www.securitydynamics.com/products/datasheets/securpc.html
>
> "...Cracking a single 128-bit RC4 key is an effort costing an
> estimated half billion dollars and taking more than six months to
> achieve."
Well, there are good and bad algorithms. The good ones get
more security out of 128 Bit than the bad ones.
Volker
------------------------------
From: [EMAIL PROTECTED] (Frode Weierud)
Subject: Re: Fialka Punch Card Speculation
Date: 2 Feb 1999 08:06:09 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (John Savard) writes:
>[EMAIL PROTECTED] (Frode Weierud) wrote, in part:
>>I have seen this with respect to the Enigma and the Geheimschreiber
>>machines and all such misconceptions seems never to die afterwards. So I
>>prefer to wait until I have all the elements in hand.
>Although I've made changes to my Fialka description to get closer to
>the truth, I suppose I'm one of the offenders in that respect...
>despite trying to indicate my speculations as such, it is still
>dangerous.
Yes, there is always a risk, however, if it is clearly stated that it
is speculations the risk is clearly diminished. I feel that an important
part of any scientific discipline is to speculate, turn things around,
test out theories and pose hypothesis. And if this is done in a way
where it is clear what is going on, and the theories and speculations are
probed from all corners to see if they have any validity, I feel these
are valid exercises.
Therefore I don't blame you at all for what you are doing. You are
doing exactly what any cryptanalyst with respect for himself would
do when he is faced with a new machine or system. Try to piece it
together with the little of available information that he has at his
disposal.
However, when we don our historian hats I feel we should be a lot more
careful with our speculations, specially about the machines. In many
cases the machines are still there to tell the tale and we had better
get it right. Where we are often forced to speculate is about the
usage of the machines. Where were they used, who used them, how were
they used, how often were the keys changed, what was the volume of the
traffic? Very often many of these question will remain open and only an
approximative answer can be given.
So, John, please don't be afraid of continuing your knowledgeable
speculations. I think we all can profit and learn from them.
Frode
--
Frode Weierud Phone : +41 22 7674794
CERN, SL, CH-1211 Geneva 23, Fax : +41 22 7679185
Switzerland E-mail : [EMAIL PROTECTED]
WWW : wwwcn.cern.ch/~frode
------------------------------
Date: Tue, 02 Feb 1999 05:49:44 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Random numbers generator and Pentium III
fungus wrote:
> "Trevor Jackson, III" wrote:
> >
> > R. Knauer wrote:
> >
> > > What statistical test? There is none.
> >
> > You keep repeating this same falsehood. Please get it straight. The fact
> > that there is no statistical test that is sufficient to qualify a sequence
> > as random DOES NOT mean that a sequence can be qualified as random without
> > passign the necessary statistical tests.
> >
>
> So if a finite number fails your test, does that mean it isn't random?
It means that we have some confidence (probability) that it is not random. The
confidence is defined statistically.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
