Cryptography-Digest Digest #63, Volume #9 Wed, 10 Feb 99 08:13:04 EST
Contents:
Re: What is left to invent? ("Trevor Jackson, III")
Re: Intel's description of the Pentium III serial number (Hosun Sacreligious Lee)
Re: Encoding for telephone over Internet (Patrick Juola)
Re: Schneier key stretching? (The DoggFather)
Re: Who will win in AES contest ?? (Serge Vaudenay)
Re: Clarification on PGP. pls (Gurripato (x=nospam))
Re: What is left to invent? (Terry Ritter)
Re: On a Method of Session Key Generation (revised) (Terry Ritter)
what do u think about this algorithm of mine? (Klaus Rohde)
Re: Clarification on PGP. pls ("Wm. Toldt")
Two simple questions about RSA ("Gustavo")
Re: RNG Product Feature Poll ("Wm. Toldt")
Re: Intel's description of the Pentium III serial number (Terje Mathisen)
Re: Intel's description of the Pentium III serial number (John F Carr)
Re: Sanity check on authentication protocol (Eric Norman)
Kolmogorov Complexity Resources (Olivier Bousquet)
Re: Two simple questions about RSA (Peter L. Montgomery)
----------------------------------------------------------------------------
Date: Wed, 10 Feb 1999 00:14:02 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: What is left to invent?
R. Knauer wrote:
> On Tue, 09 Feb 1999 19:35:41 GMT, [EMAIL PROTECTED] (Gurripato
> (x=nospam)) wrote:
>
> > Most of the scientific community, however, adheres to the
> >Copenhaguen interpretation of QM, in which nature is essentially
> >indeterministic and all the information about a system can be obtained
> >from its wave function.
>
> There are different verisons of the Copenhagen interpretation. One,
> due to von Neumann, asserts that the wave function "collapses" to the
> measured value from an ensemble of actual occurances. IOW,
> Schrodinger's Cat is actually both dead and alive until the door is
> opened, and the measurement "determines" one or the other state.
>
> The other interpretation is that the Cat is either dead or alive but
> not both, and opening the door merely lets you know which is it. The
> problem with that is it implies a simple superposition of |dead> and
> |alive> without any quantum interference effects.
>
> There are several Letters To The Editor on this topic in the most
> recent issue of Physics Today.
>
> >While hidden variable theories have not been
> >completely disproven, the odds are against them.
>
> The thing that makes me skeptical about hidden variable theories is
> the utter lack of any progress over the decades. The idea first
> surfaced with Louis DeBroglie and his pilot waves. That was back in
> the initial days of Quantum Mechanics, in the first quarter of this
> rapidly expiring century.
>
> Hidden variable theory reminds me of geocentric astrology - it has an
> element of the truth in it, but is completely wrong for very
> fundamental reasons. Instead of simplifying matters, it seems like a
> lot of complicated contrivances are necessary to give it any life at
> all.
>
> Yet people like Gell-Mann are working on it (so-called "theory of
> decoherent histories"). Go figure, eh.
>
I think Penrose is doing some interesting work in this area in that he is
attempting to regenerate modern physics using complex math rather than real
math. I think he's looking for some interesting effects on the time axis.
Sort of like Kirchoff's laws that use imaginary subcircuit values.
I'd *love* to see an interpretation of QM that was symmetrical about the
time axis, but I doubt I'll live that long.
------------------------------
From: Hosun Sacreligious Lee <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.intel
Subject: Re: Intel's description of the Pentium III serial number
Date: 10 Feb 1999 06:07:32 GMT
Nogami <[EMAIL PROTECTED]> writes:
: On Mon, 8 Feb 1999 20:17:44 +0000, Anthony Naggs
: <[EMAIL PROTECTED]> wrote:
: >>> What I AM concerned about is websites (and software authors) that just
: >>> block all access unless you enable it, thus forcing your hand.
: >
: >This doesn't make much sense, why should a web site care if I'm using my
: >home PC, a PC at work, in a cybercafe or in college where I'm doing an
: >evening course?
: Ever tried getting on Microsoft's online support pages with cookies
: disabled? It totally locks you out. No cookies = no entry.
Which also asks the question, "Why don't groups like Junkbusters call for
a boycott of Microsoft?"
--
\\ \\ Hosun S. Lee // Vorpal Bunny(TM)
\\-\\ http://www.vorpalbunny.com
( 0-0) "My advice to intelligent teenagers in love: Take your dates to
{_^_} THE WATERBOY. If they like it, break up." - Roger Ebert on the
worst movies of 1998.
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Encoding for telephone over Internet
Date: 1 Feb 1999 09:17:06 -0500
In article <7900fr$6rb$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>why do you you think that a real time communication doesnt need
>as much security ?
Because, as I stated below, most real-time communications don't need
to stay secret as long. The interesting lifespan of the sort of data
communicated by telephone is typically measured in hours or day. There's
a reason that people don't "sign" contracts over the phone.
-kitten
------------------------------
From: The DoggFather <[EMAIL PROTECTED]>
Subject: Re: Schneier key stretching?
Date: Wed, 10 Feb 1999 06:21:54 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Christopher) wrote:
> I found it using AltaVista, anyway the PDF is at
> http://www.counterpane.com/low-entropy.pdf
Thanks, Christopher.
___/Mike ...two legs good, four legs bad?...
__/. | Why conform?
\-__ \___ ...and by the way, where are we going?
\ And why am I in this handbasket?
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Serge Vaudenay)
Subject: Re: Who will win in AES contest ??
Date: 4 Feb 1999 09:02:41 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Hironobu Suzuki) writes:
|>
|> [...]
|> If ONLY one ANSI C cipher code is given, it will be running all cpu.
|> [...]
|>
As a matter of fact, E2, HPC, Loki97, MARS, RC6, Serpent and Twofish failed
to submit an ANSI C code to NIST. (Test failed on big endian machines or
64-bit platforms. See http://www.dmi.ens.fr/~granboul/recherche/AES.html) I
believe that all effecient implementation must actually be dedicated to cpus.
Making the code portable is a matter of compilation options.
Serge Vaudenay
------------------------------
From: [EMAIL PROTECTED] (Gurripato (x=nospam))
Subject: Re: Clarification on PGP. pls
Date: Wed, 10 Feb 1999 07:36:08 GMT
On Tue, 9 Feb 1999 23:42:43 +0000, Andrew
<[EMAIL PROTECTED]> wrote:
>Hello,
>
>Where is the strength in PGP?
>
>I understand that it being public key helps because the password never
>has to be transmitted, and I also understand that it works by using
>large, prime (unfactorable) numbers.
>
>However, when the key is generated the program asks for a password; what
>does it do with that password? How do the key and the password tie
>together?
The password is used to protect your private key ring, so that
nobody can try to use it to encrypt/sign forged messages.
>For all I know this is also something you hear 5 times/day, but in Bill
>Gates' autobiography he says that "The biggest advance in cryptography
>would be the discovery of a way to factor large prime numbers".
>
>--
Same guy who talked about being no need for people to use
<64kB. No wonder the Internet business passed him by while he was too
busy with Windows 95.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: What is left to invent?
Date: Wed, 10 Feb 1999 08:31:56 GMT
On Tue, 09 Feb 1999 13:38:12 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (R. Knauer) wrote:
>On Tue, 09 Feb 1999 04:07:13 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote:
>
>>>> But there *is* *no* PROVABLY random source.
>
>>>That's not so;
>
>>That *is* so.
>
>Radioactive decay can be proved to be random to within an arbitrarily
>small error. This can be done by measurements on the indeterminancy of
>the time of decay (half life measurements) and measurements of the
>indeterminancy of the energy level of the excited state which produces
>the decay (measurements of the Mossbauer Effect spectrum).
When I say "source" here, I mean a practical machine producing real
results. In this context, the quality of randomness in abstract
"radioactive decay" is essentially metaphysical: perfect True
Randomness may be in there somewhere, but if we cannot also tap it
perfectly, it may as well not be.
>[...]
>I do not believe anyone is expecting "ABSOLUTE PROOF". But the fact
>that we cannot ever achieve "ABSOLUTE PROOF" is no excuse to accept
>poor measurement techniques.
Yet as soon as I said "there *is* *no* PROVABLY random source," you
could hardly wait to disagree. The issue is *indeed* about PROOF.
When we implement a TRNG machine, the randomness we get can be very
good, and surely "random enough" for security in practice. But it
will NEVER be PROVABLY secure. If the goal of all this TRNG stuff is
to have "the one PROVABLY secure cipher," that is a goal which can
never be met.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: On a Method of Session Key Generation (revised)
Date: Wed, 10 Feb 1999 08:32:33 GMT
On Tue, 09 Feb 1999 18:11:44 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (R. Knauer) wrote:
>[...]
>This is a discussion about what constitutes crypto-grade randomness,
>including proveable security. As long as ciphers can be shown to be
>unbreakable, I will accept them as crypto-grade, even if a small but
>inconsequential amount of information leaks from the ciphers.
I take the "shown to be unbreakable" phrase to mean some "proof" of
strength. The issue is indeed about PROVEN security.
Over 50 years of mathematical cryptography has yet to produce any such
proof. Systems which even get close to such claims (e.g., BB&S, RSA,
DH) still get a great deal of jaundiced scrutiny. If we limit
cryptography to only provably-secure ciphers, we will not be sending
many messages: There are no such ciphers.
And with all this work and *no* examples of ultimate success, one
might be tempted to think that there is some inherent reason.
Personally, I suspect that a provably secure cipher simply cannot
exist.
>[...]
>Either the cipher is unbreakable or it is not. If it is not, then it
>is hardly worthy of further consideration.
A practical OTP is breakable if the "pad" can be found to be
sufficiently non-random. And since we are unable to test that no such
fault exists, we also cannot PROVE that a practical TRNG is
unbreakable. Just like other ciphers.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Klaus Rohde)
Subject: what do u think about this algorithm of mine?
Date: Fri, 29 Jan 1999 16:11:37 +1100
i don't know anything about encryption, but one day i was thinking about
it and had an idea for an algorithm which, as far as i can see, is
unbreakable.
you take byte n of a text stream and XOR it with byte n of the key to
produce byte n of the cipher text.
to me this seem's unbreakable, because by applying the right key any
cipher text can be decoded into literally anything of the same length,
meaning that unless someone has the key, they can't gain anything out of
the cipher text.
any thoughts or ideas (or proof that what im saying is nonsense) would be cool.
:-) peter
------------------------------
From: "Wm. Toldt" <[EMAIL PROTECTED]>
Subject: Re: Clarification on PGP. pls
Date: Wed, 10 Feb 1999 01:33:52 -1000
> On Tue, 9 Feb 1999 23:42:43 +0000, Andrew
> <[EMAIL PROTECTED]> wrote:
> > in Bill
> >Gates' autobiography he says that "The biggest advance in cryptography
> >would be the discovery of a way to factor large prime numbers".
There is a way to factor large primes which I am willing to divulge to
you. Once you see how it is done, you will wonder why you did not think
of it by yourself. If you want the secret, just ask for it here.
------------------------------
From: "Gustavo" <[EMAIL PROTECTED]>
Subject: Two simple questions about RSA
Date: Wed, 10 Feb 1999 11:18:47 +0100
Hallo everyone.
A couple of questions about RSA:
1. On many books it is shown that, given the key pair (d,e),
the modulus n=pq and a message m, RSA works thanks to the Euler
theorem, provided that (m,n)=1. What if (m,n)!=1 (i.e. p or q
divide m)?
2. What if the modulus n has more than two prime factors
(apart from the obvious fact that factoring is easier)?
Thanks for your help!
Gustavo
------------------------------
From: "Wm. Toldt" <[EMAIL PROTECTED]>
Subject: Re: RNG Product Feature Poll
Date: Wed, 10 Feb 1999 01:27:11 -1000
Herman Rubin wrote:
> Random does not imply independent or equidistributed.
This statement appears to be wrong. Not only is it contrary to my
opinion, but a book by Donald Knuth says the following:
"The sequence is random if it has every property that is shared by all
infinite sequences of independent samples of variables from the uniform
distribution". (J. N. Franklin)
"A random sequence is a vague notion embodying the idea of a sequence in
which each term is unpredictable to the uninitiated and whose digits pass
a certain number of tests, traditional with statisticians and depending
somewhat on the uses to which the sequence is to be put".
So it is written.
------------------------------
From: Terje Mathisen <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.intel
Subject: Re: Intel's description of the Pentium III serial number
Date: Wed, 10 Feb 1999 11:39:15 +0100
Brent Cornwell, Pediatrics Computer Administrator wrote:
> however, faking the serial number may be a possibility, depending on whether
> the instruction(s) used to get the serial number from the processor are
> priveledged (ring 0) instructions, or not.... if they are, then i can see it
> DEFINITELY being a hacker's first task for the P3... all they'd have to do
Since Intel's web documents have confirmed my guess about an extension
ot the CPUI opcode, this isn't possible:
CPUID is a user-mode instruction, as well as the documented way to
serialize the cpu instruction stream from user code.
I.e. there's no way Intel could make this a ring 0 opcode.
Terje
--
- <[EMAIL PROTECTED]>
Using self-discipline, see http://www.eiffel.com/discipline
"almost all programming can be viewed as an exercise in caching"
------------------------------
From: [EMAIL PROTECTED] (John F Carr)
Crossposted-To: comp.sys.intel
Subject: Re: Intel's description of the Pentium III serial number
Date: 10 Feb 1999 11:28:50 GMT
In article <[EMAIL PROTECTED]>,
Terje Mathisen <[EMAIL PROTECTED]> wrote:
>CPUID is a user-mode instruction, as well as the documented way to
>serialize the cpu instruction stream from user code.
>
>I.e. there's no way Intel could make this a ring 0 opcode.
They could make CPUID privileged when eax=read serial, or make it
return a different value (e.g. 0|0|0 or "I Don't Know") in user mode.
--
John Carr ([EMAIL PROTECTED])
------------------------------
From: Eric Norman <[EMAIL PROTECTED]>
Subject: Re: Sanity check on authentication protocol
Date: Tue, 02 Feb 1999 23:21:38 -0600
Paul Onions wrote:
>
> On Thu, 28 Jan 1999 19:58:59 -0600, Eric Norman
> <[EMAIL PROTECTED]> wrote:
> >
> >Since Alice and Bob share a secret, don't you get authentication
> >for free? That is, Alice encrypts a message with the secret and
> >sends it to Bob. Bob now knows that the message came from Alice
> >since she's the only one who could have encrypted it (this
> >assumes that Bob can recognize a "valid message").
>
> You don't get authentication for free. The final parenthesised
> comment hits the nail on the head. It's not always possible for Bob
> to recognise a valid message. For example if Alice is just sending an
> encrypted nonce (single-use random value) then Bob has no means of
> verifying (upon decryption) that the value he computes is indeed the
> one that Alice sent. That's why it's always good practice to use MACs
> (as was pointed out by Antti).
The point I was trying to make is that you don't need any fancy
back and forth protocol to get authentication when Alice and Bob
share a secret. Just one message from Alice to Bob will do as long
as the message is carefully constructed and the mechanism for such
construction is known by both. Details about "careful construction"
aren't specified, but additional protocol exchanges seem unnecessary.
--
Eric Norman
"Congress shall make no law restricting the size of integers
that may be multiplied together, or the number of times that
an integer may be multiplied by itself, or the modulus by
which an integer may be reduced".
------------------------------
From: Olivier Bousquet <[EMAIL PROTECTED]>
Crossposted-To: comp.theory,comp.ai,sci.math,comp.compression
Subject: Kolmogorov Complexity Resources
Date: Wed, 10 Feb 1999 11:55:54 +0000
==============661385ADCCC20F48A6813FE0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Kolmogorov Complexity Resources
http://www.stud.enst.fr/~obousque/kolmogorov.html
I am building a new page with resources about Kolmogorov Complexity
(a.k.a. Chaitin Complexity, Algorithmic Complexity...), including
tutorials,
homepages, conferences, on-line papers....
Please visit and send any comment/addition to :
[EMAIL PROTECTED]
Enjoy !
Olivier Bousquet
http://www.stud.enst.fr/~obousque/
==============661385ADCCC20F48A6813FE0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<HTML>
Kolmogorov Complexity Resources
<BR><A
HREF="http://www.stud.enst.fr/~obousque/kolmogorov.html">http://www.stud.enst.fr/~obousque/kolmogorov.html</A>
<BR>
<BR>I am building a new page with resources about Kolmogorov Complexity
<BR>(a.k.a. Chaitin Complexity, Algorithmic Complexity...), including tutorials,
<BR>homepages, conferences, on-line papers....
<P>Please visit and send any comment/addition to :
<BR><A HREF="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</A>
<P>Enjoy !
<P>Olivier Bousquet
<BR> <A
HREF="http://www.stud.enst.fr/~obousque/">http://www.stud.enst.fr/~obousque/</A>
<BR>
<BR><A HREF="http://www.stud.enst.fr/~obousque/kolmogorov.html"></A> </HTML>
==============661385ADCCC20F48A6813FE0==
------------------------------
From: [EMAIL PROTECTED] (Peter L. Montgomery)
Subject: Re: Two simple questions about RSA
Date: Wed, 10 Feb 1999 11:57:15 GMT
In article <79rmn8$1d3$[EMAIL PROTECTED]>
"Gustavo" <[EMAIL PROTECTED]> writes:
>Hallo everyone.
>A couple of questions about RSA:
>1. On many books it is shown that, given the key pair (d,e),
> the modulus n=pq and a message m, RSA works thanks to the Euler
> theorem, provided that (m,n)=1. What if (m,n)!=1 (i.e. p or q
> divide m)?
>2. What if the modulus n has more than two prime factors
> (apart from the obvious fact that factoring is easier)?
>
>Thanks for your help!
>
>Gustavo
>
1) The requirements are:
n = p*q, where p, q are prime
p <> q
(p-1) divides d*e - 1 and (q-1) divides d*e - 1
If m is a message, then m^p == m (mod p) by
Fermat's little Theorem, whether m is divisible by p or not.
Put otherwise, p divides m*(m^(p-1) - 1).
From p-1 divides d*e - 1 follows m^(p-1) - 1 follows
m^(d*e - 1) - 1. Therefore p divides
m*(m^(d*e-1) - 1) = m^(d*e) - m.
Similarly q divides m^(d*e) - m.
Since p and q are distinct primes they must be coprime.
Hence n = p*q divides m^(d*e) - m in all cases.
2) n can have over two prime factors if they are distinct
and each (p-1) divides d*e - 1.
--
[EMAIL PROTECTED] Home: San Rafael, California
Microsoft Research and CWI
If Clinton and Lewinsky merely partied together, why the fuss?
If they went further, where's the baby?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
