Cryptography-Digest Digest #83, Volume #9 Tue, 16 Feb 99 15:13:02 EST
Contents:
Re: True Randomness (Noah Paul)
Re: RNG Product Feature Poll (Noah Paul)
Testing Algorithms (Stoned Nick Vlassopoulos)
Re: Crack On-Line ("Andrew G. Tereschenko")
Re: An observation on sci.crypt ([EMAIL PROTECTED])
encryption debate (BVBECK)
Re: True Randomness ("Douglas A. Gwyn")
Re: encryption debate ("Douglas A. Gwyn")
Re: Really lousy random numbers ("Douglas A. Gwyn")
Re: Testing Algorithms ("Wm. Toldt")
Re: hardRandNumbGen (Patrick Juola)
Re: encryption debate ("Bruce Christensen")
Re: some hash questions (Vektor)
----------------------------------------------------------------------------
From: Noah Paul <[EMAIL PROTECTED]>
Subject: Re: True Randomness
Date: 15 Feb 1999 20:39:26 GMT
>I believe it would be even better if you changed the naming, from 0 vs 1
>to X vs Y.
>
However, females are about 1.5% more common than males. A complete
disaster from a cryptographer's standpoint. Sperm-basede cryptography,
if chromonzones are used for the random bits, would be unreliable.
A suspicion lurks somehwere in the back of my head that either Bruce
Schneier* or the NSA has thought of this before we did ... :-)
* Note to Bruce: This is a joke. No offense is intended. Compliments
to you for ``Applied Cryptography''.
>
>:-)
>
>Terje
>>
>> >
>> >hoo haaa+ACE- NSA, masturbation hmmm....
>> >
>> >now that gets me thinking, how about a microscopic viewing device that
>> >observes the flaggelating spermatozoa and creates a +ACI-random element+ACI-
> fr
>> >om
>> >some aspect of their orientation as they thrash themselves to some death+ACE
>-
>> >
>> >--
>> >best regards
>> >hapticz+AEA-email.msn.com
>
>--
>- <[EMAIL PROTECTED]>
>Using self-discipline, see http://www.eiffel.com/discipline
>"almost all programming can be viewed as an exercise in caching"
------------------------------
From: Noah Paul <[EMAIL PROTECTED]>
Subject: Re: RNG Product Feature Poll
Date: 15 Feb 1999 20:47:15 GMT
>All:
>
>My company is developing a hardware random number generator, based on
>radioactive decay, which will be a component of a larger turnkey (server)
>product. The device is an external peripheral with a serial connection to
>the CPU and back-end serial connections that allow you daisy-chain these
>RNG devices to provide higher throughput.
>
I want one. Will it run under Linux?
>
>The device currently works. It's output is a measly 3K per second, but
>the raw data passes Diehard and every other test we've thrown at it. Of
>course, that doesn't prove that the output is random, but at least we know
>it passes those tests. ;)
>
(I'm assuming that means 3072 bits ...) That's enough for a decent
sized PGP key (2048 bits), plenty of DES keys, ... 3Kbps is plenty.
If you want to make sure it's random, you need to make the specs
public. If you do, please send me them!
>
>We are considering the addition of a hash algorithm to the setup. There
>have been messages posted to this newsgroup in the past regarding hashing
>hardware RNG outputs, but I haven't been able to discern a consensus on
>whether or not an additional hash is a Good Thing.
>
My $0.002: Hash is unnecessary and possibly dangerous in case
of a bug or a bad algorithim.
>
>Basically, we're considering the following options:
>
>1) Don't add a hash. (This is the easy one!)
>
>2) Add a hash routine to the firmware within the RNG.
> a) It's always enabled.
>
Absolutely Not. I cannot tolerate devices or programs where extras
like that are always enabled.
>
> b) Enabled with a push button on the device.
>
That's not a bad idea. Or perhaps you should make another product
to hash the output of this one, to keep the price down of the first
one.
>
>3) Add a hash routine in the software on the server.
> a) It's always enabled.
> b) Optionally enabled via admin interface.
>
This question is irrelevant unless your design is proprietary. In
that case, it is completely useless because we can't review it.
>
>Addendum: If we include a hash in the firmware, which hash algorithm will
>be used? If we implement a hash in software, we can offer multiple
>algorithms for the administrator to choose from. We are considering both
>MD5 and SHA-1. We have also talked about a plug-in type architecture, and
>publishing the API for it, so savvy administrators and design their own
>hash algorithms.
>
SHA-1 is from the NSA. As Bruce Schneier said, ``If the NSA wants
to design a good algorithim, they probably can. If they want to make
an algorithim with holes, they can make it too.'' Result = use MD5.
>
>The purpose of this post is to solicit opinions and commentary and,
>hopefully, allow me to gain some kind of consensus regarding the various
>options. Of course, we could be barking up the wrong tree, too. It would
>even be helpful to realize _that_.
>
>Thanks for your time.
>
np
>
>DSC
>
>____________________________________________________________________
>Dan S. Camper [EMAIL PROTECTED]
>Borrowed Time, Inc.
------------------------------
From: Stoned Nick Vlassopoulos <[EMAIL PROTECTED]>
Subject: Testing Algorithms
Date: Mon, 15 Feb 1999 23:05:08 +0200
Hello there ...
Is there an efficient way to check how good an encryption algorithm is
???
(I mean besides calculating it's complexity, etc ...)
Thanks In Advance ...
Nick Vlassopoulos
------------------------------
From: "Andrew G. Tereschenko" <[EMAIL PROTECTED]>
Subject: Re: Crack On-Line
Date: Tue, 16 Feb 1999 02:36:45 +0200
http://www.distributed.net/
"Peter K." wrote:
> Naturally it was question
> Peter
> On Mon, 15 Feb 1999 17:59:37 GMT, [EMAIL PROTECTED] (Peter K.)
> wrote:
>
> >Is there any computer readily available on-line to cracking (DES for
> >example)
> >Peet
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: An observation on sci.crypt
Date: Tue, 16 Feb 1999 00:14:44 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Emrul Islam <[EMAIL PROTECTED]> wrote:
> >Hello there,
> >Over the last few weeks I have noticed a real big increase in
> >the number of articles being posted in this group, and also the
> >cryptographic intellegence levels on average have gone up.
> It has?
Well maybe he started reading more of my posts.
> Bo D�mstedt
> Protego Information AB
> http://www.protego.se/sg100_en.htm
>
>
http://cryptography.org/cgi-bin/crypto.cgi/Misc/scott19u.zip
http://members.xoom.com/ecil/index.htm
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (BVBECK)
Subject: encryption debate
Date: 16 Feb 1999 03:55:02 GMT
I am a student with Metropolitan University in St. Paul, MN. working on a
thesis. The topic of the thesis is the debate on strong encryption. Password
protection programs for computers have gotten so strong that police
investigators cannot understand wiretaps or read email going to and from on
drug dealers, money launderers and such. To counter this they are proposing a
law that would require the makers of password protection programs to provide a
'backdoor' so that with court approval they could decipher what the criminals
are saying. This law is being strongly opposed by free speech advocates.
None of this data will be used for any other purpose, or given to any other
parties. Reponses only will be tallied, and then the return message deleted.
There will be no other attempt to contact participants, either by myself or the
University.
Answer as many or as few as you like, and any comments you would care to make.
What is your age?
<20 21-30 31-40 41-50 >50 No answer
Are you?
Male Female No answer
Is using a cell phone, pager or email a normal part of your daily routine?
Yes No No answer
Is using a computer a part of your daily routine?
Yes No No answer
Does your employer rely on cell phones, pagers or emails?
Yes No No answer
How many calls do you make a week to or from a cell phone?
0-10 11-25 26-50 50+ No answer
How many times a week to you send or receive messages from a pager?
0-10 11-25 26-50 50+ No answer
How many email messages a week do you send or receive?
0-10 11-25 26-50 50+ No answer
Have you heard news reports of people eavesdropping using radio scanners?
Yes No No answer
Could eavesdropping be either embarrasing or damaging to you or your employer?
Yes No No answer
Do either you or your employer use password protection on computers?
Yes No No answer
Do you think police investigators should be able to conduct wiretaps on phones,
pagers and email (with court approval)?
Yes No No answer
SIDE ONE:
Allowing strong password protection programs to be sold or used would provide
an easy way for anyone to foil criminal investigators. Law enforcement wants a
�back door� built into every encryption program. Without it, it would be
impossible to �listen in�, even with a search warrant
SIDE TWO:
The benefit of the right to privacy outweighs the benefits to law enforcement
being able to conduct some investigations, and/or the government can�t manage
the �back doors� well enough so no one else could use them.
Which side to you agree more strongly with?
Side One Side Two No answer
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness
Date: Tue, 16 Feb 1999 05:17:32 GMT
[EMAIL PROTECTED] wrote:
> Taped permanently to my monitor is a quarter, next to which is written, in red
> ink, CRYPTOGRAPHICALLY SECURE BIT GENERATOR. When I need a few random bits, I
> take out the old coin, flip them out. A lot of bitching goes on in this
> newsgroup about how unportable most random-generation is, or how randomness
> can't be found, or where to find randomness, etc, etc, etc, but why not just
> get off your asses and flip a coin?*
> * This advice DOES NOT apply to NSA cryptographers, whose hands are too tired
> and sore from masturbating to flip a coin. They'll have to find something
> else.
NSA cryptographers are aware that coin flipping is not perfectly
random, and have tools that can detect that.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: encryption debate
Date: Tue, 16 Feb 1999 05:37:47 GMT
BVBECK wrote:
> I am a student with Metropolitan University in St. Paul, MN.
> working on a thesis. ...
Surely, your Statistics & Sampling instructor explained that
such a poll is inherently too biased to have any scientific
validity.
Why not analyze the *principles* involved, rather than ask
for random opinions?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Really lousy random numbers
Date: Tue, 16 Feb 1999 05:33:13 GMT
John Curtis wrote:
> Let posit that a TRNG exists, that outputs a perfect
> 16 bit random number every 50 microsecs.
> Unfortunately, the TRNG is less than perfect, and
> a sinusoidal signal with a period of 16.6666 millisecs appears
> additively mixed in with the perfect 16 bit random numbers at a
> signal level such that the spurious signal toggles bit 4
> of the TRNG at its peak.
I don't know why you call this a "TRNG", but if the signal without the
sinusoidal perturbation asymptotically passes all statistical tests for
randomness, so will the perturbed signal you described.
That would *not* be true if the perturbation were, for example, to make
that occasional bit always 0, or always 1.
> If one were to employ this badTRNG to encrypt an English
> ASCII message via OTP how much of the clear text is recoverable?
In the case you describe, without the key stream one could not obtain
any information about the message via any sort of pure analysis of the
cipher stream.
In the alternate situation I described, with a moderately long cipher
stream the defect in the key could be discovered (e.g. via Fourier
analysis), but the vast majority of the message is unrecoverable;
very little information leaks through (one bit in every 5,000 or so,
which is too sparse to interpolate successfully).
The real weakness in such a scheme is that the key has to be somehow
transmitted to the intended recipient, and *that* might be intercepted.
------------------------------
From: "Wm. Toldt" <[EMAIL PROTECTED]>
Subject: Re: Testing Algorithms
Date: Mon, 15 Feb 1999 19:41:18 -1000
Stoned Nick Vlassopoulos wrote:
>
> Hello there ...
>
> Is there an efficient way to check how good an encryption algorithm is
> ???
> (I mean besides calculating it's complexity, etc ...)
>
> Thanks In Advance ...
>
> Nick Vlassopoulos
Your question is not well formed. What type of efficiency do you need? Be
specific. Do you want the check to be fast? Do you want it to be cheap?
Do you need to understand it yourself or do you have cryptographers on
your staff to do the work for you? Is it an unknown algorithm or a
commercially purchased one? Be specific.
By "good" do you mean fast? Small memory? Cryptographically secure?
Please rephrase your question in a way that is less vague, and more
articulately expressed. As it stands, I can only answer "yes".
Wm. Toldt
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: hardRandNumbGen
Date: 15 Feb 1999 15:25:55 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On 15 Feb 1999 13:11:35 -0500, [EMAIL PROTECTED] (Patrick Juola)
>wrote:
>
>>Not necessarily. This technique is sufficient but not necessary
>>for removing bias, and there may be other, more appropriate
>>techniques depending on your needs. For example, this technique
>>throws away approximately 1/2 of the generated bits, which means
>>that your random number generator needs to generate bits in excess
>>of twice the needed volume. This could rightly be objected to
>>as inefficient.
>
>>A further objection is that the number of bits that may need to
>>be generated and thrown away are unbounded, and as such this would
>>be inappropriate to use in a real-time system where response time
>>is required to be faster than a certain threshhold. In plain English,
>>I may be unwilling to wait several seconds before my RNG spits out
>>any data.
>
>>Furthermore, if you are sufficiently confident that your generator
>>is unbiased, such a technique is redundant.
>
>>So this is an engineering question, and not a formal requirement.
>
>Until another proveably secure anti-skewing technique can be
>identified, it has the advantage that it works.
Well, yes, but if you simply perform a different case analysis, you
can come up with better -- or at least different, which will
be better in some circumstances -- techniques with the same
property.
For example, if one generates bits four at a time, instead of in
pairs, one can achieve better coverage of input-space and waste
less of the generator, at a cost of greater hardware complexity
and cost (and a longer proof of correctness).
>Regarding non-TRNG streams (such as text streams), one thing that I
>forgot to ask when we were discussing decorrelation techniques is
>whether those schemes proposed, such as CRC hash or the LZ77
>compression algorithm you suggested, also remove bias?
Yes, but not provably. Think about the result of a CRC operating
on an all-zero stream. LZ77 would do better -- but at the price
of eventually ceasing to generate output at all.
-kitten
------------------------------
From: "Bruce Christensen" <[EMAIL PROTECTED]>
Subject: Re: encryption debate
Date: Tue, 16 Feb 1999 06:38:35 GMT
No decent thesis advisor would accept a paper based on statistics
gathered in this manner.
Is it not suspicious that someone doing his thesis is using AOL and not
the Internet access provided by his university or college?
------------------------------
From: Vektor <"vektor_"@hotmail.com(orsoyouthink!)>
Subject: Re: some hash questions
Date: Tue, 16 Feb 1999 02:30:44 -0500
[EMAIL PROTECTED] wrote:
>
> VB is a toy language. I don't know any intelligent people who haven't
> stopped using BASIC at the onset of puberty.
hahahaha...thats funny. You obviously dont know that many people with an
IQ over 100, and I doubt you've hit puberty yet.
just because you dont understand something doesnt mean its 'a toy
language'.
I was around when C was a 'toy language', and the 'intelligent people'
were using assembly. anything higher level than assembly was considered
a 'toy language'. I stood by C then, just like i stand by VB now.
keep your narrow minded, ignorant comments to yourself, kid.
This is sci.crypt, not inbred.C.programmers.
-Alex
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
