Cryptography-Digest Digest #101, Volume #9 Thu, 18 Feb 99 12:13:03 EST
Contents:
Re: encryption debate ("Trevor Jackson, III")
random number generator??? (Uri Fridman)
Re: random number generator??? ("Sam Simpson")
Re: SSL Doc (Volker Hetzer)
Re: Block ciphers vs Stream Ciphers
Re: Telephone Encryption (R. Knauer)
Re: Randomness of coin flips (R. Knauer)
Re: random number generator??? (R. Knauer)
Re: True Randomness (R. Knauer)
Re: Really lousy random numbers (Bo D�mstedt)
Re: True Randomness (R. Knauer)
Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness Come
From ?!? *** ) (Seisei Yamaguchi)
Re: Randomness of coin flips ([EMAIL PROTECTED])
Re: Really lousy random numbers (Patrick Juola)
Re: Randomness of coin flips (Patrick Juola)
Re: encryption debate (Andrew Haley)
Re: random number generator??? ("Sam Simpson")
Re: Protecting Against Replay Attacks With Nonrandom IV (John Savard)
Re: Bruce's Feb. "CRYPTO-GRAM" (John Savard)
----------------------------------------------------------------------------
Date: Tue, 16 Feb 1999 16:43:24 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: encryption debate
Michael Sierchio wrote:
> Patrick Juola wrote:
>
> > >There is no "Right To Privacy" in common law.
> >
> > There is, I'm afraid. It's in Amendement X, the one that says
> > that unenumerated rights exist, and was identified by the Warren
> > Court in _Roe vs. Wade_.
>
> Amendment X grants unenumerated rights to the STATES. I believe
> you mean to refer to Amendment IX. Unless my Anheuser's Disease
> is affecting my memory.
This is an error. The phrase is the states or the people. Note that
this is one of the keys to the proper interpretation of some of the
enumerated rights in which the term "the people" appears. Clearly "the
people" is not a synonym for the states.
>
>
> But Knauer was referring to Common Law -- a uniquely Anglo-Saxon
> construct. Europe (and S. America) generally follow variants of
> the Napoleonic Code, and follow statute rather than precedent.
------------------------------
From: Uri Fridman <[EMAIL PROTECTED]>
Subject: random number generator???
Date: Thu, 18 Feb 1999 11:13:51 +0200
This is a multi-part message in MIME format.
==============24FA91E5821869E18C4A1377
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
hi, maybe this is not the right place to ask, but since cryptography
uses strong random num generators i'll ask.
i need some algorithm (in pascal/delphi) to generate random numbers, it
doesn't matter is they are bit, byte, word, etc...
any ideas?
please e-mail answer.
thanks for the time!
--
Uri Fridman
[EMAIL PROTECTED]
[EMAIL PROTECTED]
"...the further we go, the older we grow,
the more we know, the less we show..."
=====BEGIN PGP PUBLIC KEY BLOCK=====
Version: 2.6
mQBtAzZXFiEAAAEDAJfbBmE5Yc9E3OoEF8Ku6vSlDdzen3e9uhdctdN6Hsz4MnhY
0zkxuYEnW5RBpj4nn/SxyLtqwtHBVUMdHlwkuTsRnN1U3Tjy+adjI23GbIY4iXKV
j0mgDGr5XV73w+WjjQAFEbQXVXJpIDx1cmlmcmlkQHlhaG9vLmNvbT4=
=VVEj
=====END PGP PUBLIC KEY BLOCK=====
==============24FA91E5821869E18C4A1377
Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Uri Fridman
Content-Disposition: attachment; filename="vcard.vcf"
begin: vcard
fn: Uri Fridman
n: Fridman;Uri
org: Afek Engineering Projects LTD.
email;internet: [EMAIL PROTECTED]
title: Programmer
x-mozilla-cpt: ;0
x-mozilla-html: FALSE
version: 2.1
end: vcard
==============24FA91E5821869E18C4A1377==
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: random number generator???
Date: Thu, 18 Feb 1999 09:58:47 -0000
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Uri,
It depends specifically what you are after. My web page (URL in my
.sig) contains several of Dave Bartons excellent stream / block ciphers
(including an implementation of ARC4), which could be used as
pseudo-random number generators.
If you need "real randomness" rather than a deterministic output, then I
am currently creating a component that will hash a large number of user
inputs (mouse moves, key presses, high resolution timings etc) and
produce a "real random" output.
Please contact me off list if I can help further,
- --
Sam Simpson
Comms Analyst
http://www.hertreg.ac.uk/ss/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
If you're wondering why I don't reply to Sternlight, it's because he's
kill filed. See http://www.openpgp.net/FUD for why!
Uri Fridman wrote in message <[EMAIL PROTECTED]>...
>hi, maybe this is not the right place to ask, but since cryptography
>uses strong random num generators i'll ask.
>i need some algorithm (in pascal/delphi) to generate random numbers, it
>doesn't matter is they are bit, byte, word, etc...
>any ideas?
>
>please e-mail answer.
>
>thanks for the time!
>
>--
>Uri Fridman
>
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>
>"...the further we go, the older we grow,
>the more we know, the less we show..."
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.0.2
iQA/AwUBNsvkUu0ty8FDP9tPEQJWjQCgvq80g9+YnKQH8Znouz4vrqa+0MYAoLXo
KJv0ZA8wpVrgN1HzDvX2ZV2s
=KQzz
=====END PGP SIGNATURE=====
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: SSL Doc
Date: Thu, 18 Feb 1999 11:22:20 +0100
John wrote:
>
> Hi Guys,
> I doubt this message has already been posted. Sorry for the inconvenience.
> Could
> any body point me to a good SSL documentation ?
There is the TLS (SSL3.1) RFC. I found it quite ok.
It's rfc 2246 (http://www.ietf.org/rfc/rfc2246.txt).
Volker
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: Block ciphers vs Stream Ciphers
Date: Thu, 18 Feb 1999 12:24:07 +0100
On Thu, 18 Feb 1999, Douglas A. Gwyn wrote:
> ?? Block ciphers are *less versatile*, because you can't use them on
> a symbol-by-symbol transmission, whereas you can always "block up"
> the data used with a stream cipher.
>
You may use them in OFB-mode and use 8 bit (or whatever the size of your
characters is) per block to encrypt them.
To speed up the system you may store the complete block and use it for
several encryptions of single characters.
Whatever anybody could do with a stream cipher can as well be done with a
block cipher in OFB or CFB mode.
But how could I implement CBC mode in a stream cipher?
Andreas Enterrottacher
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Telephone Encryption
Date: Thu, 18 Feb 1999 11:43:49 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 17 Feb 1999 20:44:38 -0800, "Roger Schlafly"
<[EMAIL PROTECTED]> wrote:
>The chips are now called "Fortezza". They no longer have the
>"Law Enforcement Access Field" that was so controversial.
Are there any commercial telephones being made with that technology?
Bob Knauer
"The first principle of a civilized state is that power is
legitimate only when it is under contract."
--Walter Lippmann
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Randomness of coin flips
Date: Thu, 18 Feb 1999 11:47:13 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 17 Feb 1999 20:06:05 -0500, Nicol So <[EMAIL PROTECTED]>
wrote:
>Since I usually just pick up the coin the way it
>was from the last flip and flip again, the distribution of runs don't
>seem to be the way it would be were successive coin flips truly
>independent of one another.
What do you mean by "don't seem to be the way it would be were
successive coin flips truly indenndent of one another"?
If coin flips were truly independent of one another, what would you
expect to happen that is any different from what you observed?
Bob Knauer
"The first principle of a civilized state is that power is
legitimate only when it is under contract."
--Walter Lippmann
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: random number generator???
Date: Thu, 18 Feb 1999 11:50:22 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 18 Feb 1999 09:58:47 -0000, "Sam Simpson"
<[EMAIL PROTECTED]> wrote:
>If you need "real randomness" rather than a deterministic output, then I
>am currently creating a component that will hash a large number of user
>inputs (mouse moves, key presses, high resolution timings etc) and
>produce a "real random" output.
How will you know that the results of that scheme will produce true
random numbers?
>If you're wondering why I don't reply to Sternlight, it's because he's
>kill filed. See http://www.openpgp.net/FUD for why!
Hey, where is Ol' Sternlight these days?
Bob Knauer
"The first principle of a civilized state is that power is
legitimate only when it is under contract."
--Walter Lippmann
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness
Date: Thu, 18 Feb 1999 11:43:07 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 18 Feb 1999 04:39:23 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>For example, one can compare the likelihood of the observed
>sequence for the true-random model versus the MLE HMM model.
Please, spare us the obscure acronyms.
And while you are at it, how about defining "the true-random model".
>> >> You have read Li & Vitanyi's book, haven't you?
>>>No,
>> Then it is highly recommended that you do.
>Why? Do they say anything new?
Read it and find out, especially the sections on randomness and
induction/inference.
The authors point out the absurdity of trying to characterize
randomness using statistical tests. It seems that there is a bit of
circularity contained in that scheme. Another absurdity comes from the
realization that statistical tests measure certain kinds of
regularity, and by definition randomness is that which has no
regularity.
Bob Knauer
"The first principle of a civilized state is that power is
legitimate only when it is under contract."
--Walter Lippmann
------------------------------
From: [EMAIL PROTECTED] (Bo D�mstedt)
Subject: Re: Really lousy random numbers
Reply-To: [EMAIL PROTECTED]
Date: Thu, 18 Feb 1999 13:48:00 GMT
[EMAIL PROTECTED] (Patrick Juola) wrote:
>This analysis simply doesn't make sense. You need enough randomness
>to *mask* the non-random plaintext, not to fill the rest of the bits
>in some mystical way.
I am just stating that if H(input) and H(key) are XORed together,
the enemy can learn at most H(channel). As H(input)>0 and
H(key) = H(channel)-eps, it is likely, in any practical situation,
that H(input) > eps, and that the secret input plaintext will be
reasonable independent of statistical deficiencies of the key
stream.
>If I were transmitting (known) seven-bit ASCII through an eight-bit
>channel, my pad doesn't need to produce random bits for the high bit.
OK. Than you have H(channel) = 7 bits/char.
> If I were transmitting nybbles in the low half of my bytes
> (and zeros in the high half), I wouldn't need to encrypt the high half.
OK. Than you have H(channel) = 4 bits/char.
>And, even more obviously, if what I'm transmitting is at or near the
>channel threshhold (c. 8 bits/byte or 16 bits/word), that doesn't mean
>I can get away with a worse pad. I need a *better* pad, not a worse
>one, as the channel use increases.
You should not assume H(input) = 0. If you are transmitting
on a byte channel i.e. H(channel)=8 bits/char with a high
information source with a rate of H(input)=6 bits/char, it is
indeed likely that even an extremely biased OTP source
with H(key) = 7 bits/char would be enough -- as
H(key) + H(input) = 6 + 7 = 13 bits/char, and the enemy
can learn at most H(channel) = 8 bits/char. Due to correlation's
in the XOR function the safety margin will be less --- and this
could easily be checked.
====
During the cold war the Russians made OTP strings
by typing digits at random on typewriters -- a low
digit 1-5 was often followed by a high digit 7,8,9, or 0.
Despite that this was a U.S. national security related
problem, no OTP leak could be exploited by analysing
pads obtained when apprehending spies.
It is really of no importance if
>This analysis simply doesn't make sense
or not, because the-best-of-the-best has
already checked this out -- and the OTP stream
do not have to be of 100% quality to do its job.
95% was good enough for the Russians.
Bo D�mstedt
Cryptographer
Protego Information AB
http://www.protego.se
Fax: +46 40 30 36 46
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness
Date: Thu, 18 Feb 1999 15:39:14 GMT
Reply-To: [EMAIL PROTECTED]
On 18 Feb 1999 15:13:26 GMT, [EMAIL PROTECTED] (Coen Visser)
wrote:
>The book gives an very thorough overview on theory of Kolmogorov complexity,
>randomness, incompressibility et cetera from the perspective of theoretical
>computer science. Furthermore the book contains a nice introduction on
>the basic principles needed to understand the main text. It's a wanna have.
Rarely is there one book that serves as the "bible" for a given
subject. It appears that this book is the standard against which
others will have to be measured when it comes to discussions of
randomness, complexity and induction/inference.
>Hmm, they also talk about Martin-Lof tests for randomness. I don't know
>your definition of a statistical test but a Martin-Lof test could be
>regarded as one (I think). Not that it would be practical, because you
>need a lot of different tests to say something about the randomness of
>an object.
It was my understanding that Martin-Lof criteria are more definitions
than actual tests for true randomness. Maybe that is what you mean by
"practical" above.
We have a criterion (in secure crypto) for true randomness in terms of
the specification for a True Random Number Generator (TRNG), namely
that a TRNG must be capable of generating all possible finite
sequences equiprobably. But that is not an "effective" test, in terms
of Martin-Lof "effective computability".
There can be no "effective computable" tests for true randomness,
otherwise the sequence is not truly random. This goes to the heart of
the Godel incompleteness problem, the Turing halting problem and
Chaitin's indeterminability in pure mathematics.
You cannot effectively recursively enumerate all the possible
regularities that could make a number not truly random, therefore you
cannot construct an algorithmic test to prove that a number is truly
random.
To put it in terms of the authors (p. 55):
"Again, satisfaction of all effectively testable prerequisites for
randomness is some form of regularity."
Yet a true random number by definition is one which has NO regularity
of any kind.
They go on to comment:
"Maybe nature is more lawless than adhering strictly to regularities
imposed by the statistics of [pseudo-] randomness."
Bob Knauer
"The first principle of a civilized state is that power is
legitimate only when it is under contract."
--Walter Lippmann
------------------------------
From: [EMAIL PROTECTED] (Seisei Yamaguchi)
Crossposted-To:
sci.skeptic,sci.philosophy.meta,sci.psychology.theory,alt.hypnosis,sci.logic
Subject: Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness
Come From ?!? *** )
Date: 18 Feb 1999 13:48:34 GMT
Hi, this is Seisei.
To make sure,
I believe the consciousness is based by causality, but,
I believe the spirit ``carve (seek) one's own destiny''.
It is realized at the ``human level'' as emergenced level.
In article <7a3pq6$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>If the link ---adaptive network--- pattern of the brain cells
> (include pattern generating routine (distributed system) )
>is TRUE RANDOM,
>
>it means our consciousness
> ---cells network organized from astronomical number of
>pulses come from the interfase and self feedback system---
>is controled by TRUE RANDOMNESS.
>
>
>I think, coming soon the time to decide which one.
>Our consciousness is {
> * Randomness based.
> * Causality based.
>}.
--
Seisei Yamaguchi (%name = ( "first",jp( "�$B@D@1�(B" ), "family",jp( "�$B;38}�(B" ) ))
http://hp.vector.co.jp/authors/VA010205/
Today is first day of rest of the life.
jp( "�$B:#F|$O;D$j$N?M@8$N:G=i$NF|�(B" ) --from BH90210 (jp)
I want your indication. jp( "�$B%,%D%s$H8@$C$F$/$l�(B" )
I want workplace we may sing and dance if the job isn't bear on music.
jp( "�$B$_$s$J$G2N$C$FMY$l$k;E;v>l�(B (�$BHs2;3Z7O$N$G$b�(B)
�$B$,$"$C$?$i$$$$$J�(B" )
My message is copylefted (see GPL) .
I limit number of my lovers to 68, at a time.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Randomness of coin flips
Date: Thu, 18 Feb 1999 08:06:02 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In <[EMAIL PROTECTED]>, on 02/18/99
at 11:47 AM, [EMAIL PROTECTED] (R. Knauer) said:
>On Wed, 17 Feb 1999 20:06:05 -0500, Nicol So <[EMAIL PROTECTED]>
>wrote:
>>Since I usually just pick up the coin the way it
>>was from the last flip and flip again, the distribution of runs don't
>>seem to be the way it would be were successive coin flips truly
>>independent of one another.
>What do you mean by "don't seem to be the way it would be were successive
>coin flips truly indenndent of one another"?
>If coin flips were truly independent of one another, what would you
>expect to happen that is any different from what you observed?
I remember reading an interesting paper years ago on coin flips. IIRC if a
series of coin flips become biased one way or the other (ie: more heads
than tails) the more skewed the series became the less likely it was to
return to a 50-50 series and was more likely to become more biased.
Sorry I don't have the paper anymore but it should not be that hard to
find.
- --
- ---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
- ---------------------------------------------------------------
Tag-O-Matic: See the Future; See OS/2. Be the Future; Run OS/2.
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.0i OS/2 for non-commercial use
Comment: Registered_User_E-Secure_v1.1b1_ES000000
Charset: cp850
wj8DBQE2zBI5lHpjA6A1ypsRAsA9AJoCIYx9jAbd2eQktdBPy+nvG9z+pwCgu2+Z
SnnMhF39IuaZbdDYe8idCJA=
=a+nX
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Really lousy random numbers
Date: 18 Feb 1999 09:00:48 -0500
In article <[EMAIL PROTECTED]>,
Bo D�mstedt <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] (Patrick Juola) wrote:
>>This analysis simply doesn't make sense. You need enough randomness
>>to *mask* the non-random plaintext, not to fill the rest of the bits
>>in some mystical way.
>I am just stating that if H(input) and H(key) are XORed together,
>the enemy can learn at most H(channel). As H(input)>0 and
>H(key) = H(channel)-eps, it is likely, in any practical situation,
>that H(input) > eps, and that the secret input plaintext will be
>reasonable independent of statistical deficiencies of the key
>stream.
>>If I were transmitting (known) seven-bit ASCII through an eight-bit
>>channel, my pad doesn't need to produce random bits for the high bit.
>OK. Than you have H(channel) = 7 bits/char.
>> If I were transmitting nybbles in the low half of my bytes
>> (and zeros in the high half), I wouldn't need to encrypt the high half.
>OK. Than you have H(channel) = 4 bits/char.
>>And, even more obviously, if what I'm transmitting is at or near the
>>channel threshhold (c. 8 bits/byte or 16 bits/word), that doesn't mean
>>I can get away with a worse pad. I need a *better* pad, not a worse
>>one, as the channel use increases.
>
>You should not assume H(input) = 0. If you are transmitting
>on a byte channel i.e. H(channel)=8 bits/char with a high
>information source with a rate of H(input)=6 bits/char, it is
>indeed likely that even an extremely biased OTP source
>with H(key) = 7 bits/char would be enough -- as
>H(key) + H(input) = 6 + 7 = 13 bits/char, and the enemy
>can learn at most H(channel) = 8 bits/char. Due to correlation's
>in the XOR function the safety margin will be less --- and this
>could easily be checked.
But the more important analysis is that H(key) is 7 bits/char, which is
*GREATER* than the 6 bits/char of the the input -- and hence the
key is capable of masking the input completely.
-kitten
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Randomness of coin flips
Date: 18 Feb 1999 08:56:23 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On Wed, 17 Feb 1999 20:06:05 -0500, Nicol So <[EMAIL PROTECTED]>
>wrote:
>
>>Since I usually just pick up the coin the way it
>>was from the last flip and flip again, the distribution of runs don't
>>seem to be the way it would be were successive coin flips truly
>>independent of one another.
>
>What do you mean by "don't seem to be the way it would be were
>successive coin flips truly indenndent of one another"?
>
>If coin flips were truly independent of one another, what would you
>expect to happen that is any different from what you observed?
Well, *IF* -- and I'm cheerfully hypothesizing in blissful ignorance
here -- *IF* Ms. So's coin flipping technique tends to put an even
number of flips on the coin, then she will observe that the bigrams
HH and/or TT tend to dominate over HT and TH. This means that
she'll see longer than expected runs.
Similarly, if her technique tends to put an odd number of flips on
the coin, she'll see more HT and TH bigrams, which means she'll see
shorter than expected runs.
Either of these could be confirmed or disconfirmed quantitatively
with a quarter, an elementary stats textbook, and a bit of -- or a
lot of -- patience.
-kitten
------------------------------
From: [EMAIL PROTECTED] (Andrew Haley)
Subject: Re: encryption debate
Date: 18 Feb 1999 15:45:37 GMT
R. Knauer ([EMAIL PROTECTED]) wrote:
: BTW, since the US Constitution was suspended by A. (Adolf) Lincoln,
: Amerika's First Fascist Tyrant, and has never been properly restored,
: recent Title legislation circumvents the Fourth Amendment thru the
: principle that Might Makes Right - and since the Fascist Beast in
: Harlot Washington has all the Might it needs, that makes it Right, eh.
Three things:
1. This is off topic in sci.crypt.
2. Godwin's law- you lose, for the NNth time.
3. Have you any idea how silly you sound? "The Fascist Beast in
Harlot Washington," indeed. This is the sort of phrase that a nutcase
writing letters to the editor in green ink uses, except that now (of
course) nutcases use Usenet instead.
In your latest visit to sci.crypt I've been really impressed by the
way that you've managed mostly to post about cryptography. However,
it seems that happy situation has come to an end, and you are back to
using sci groups to spread your ludicrous political views.
Andrew.
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: random number generator???
Date: Thu, 18 Feb 1999 13:03:18 -0000
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
R. Knauer wrote in message <[EMAIL PROTECTED]>...
>On Thu, 18 Feb 1999 09:58:47 -0000, "Sam Simpson"
><[EMAIL PROTECTED]> wrote:
>
>>If you need "real randomness" rather than a deterministic output, then
I
>>am currently creating a component that will hash a large number of
user
>>inputs (mouse moves, key presses, high resolution timings etc) and
>>produce a "real random" output.
>
>How will you know that the results of that scheme will produce true
>random numbers?
You'll note that I refer to the numbers as "real random"... Basically
there is no *proof* that the numbers are indeed random.
I'll explain the method I employ:
Take a user defined number of "user events" (which can be either key
presses or mouse moves). An event includes the high resolution timer
details, system clock details, the actual data from the event (x,y pos
or key).
I tend to be inclusive with the data hashed (e.g. rather than worrying
about removing the least sig bits of the timer I just use all of the
data).
All of the events are run through a user selectable hash function
(currently SHA-1, RIPEMD or Haval).
This procedure is repeated until the desired number of bytes have been
outputted.
My empirical tests (with Diehard etc) show _very_ reasonable results,
even for very low numbers of events per hash.
Of course, this is in no way a "proof" of the strength (is a proof even
possible?), but I used the term "real random" to differentiate from a
deterministic RNG or stream cipher.
Certainly I'd appreciate any comments you or anyone else has.....
>>If you're wondering why I don't reply to Sternlight, it's because he's
>>kill filed. See http://www.openpgp.net/FUD for why!
>
>Hey, where is Ol' Sternlight these days?
I think he is now accessing comp.security.pgp.discuss from a "home for
the infirm".
Drop in to c.s.p.d and view his jihad of the month :-)
Regards,
- --
Sam Simpson
Comms Analyst
http://www.hertreg.ac.uk/ss/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
If you're wondering why I don't reply to Sternlight, it's because he's
kill filed. See http://www.openpgp.net/FUD for why!
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.0.2
iQA/AwUBNswPbO0ty8FDP9tPEQJf9wCg6Tape0wrZarDCjMLkQSu11CV0bkAni7G
oD+nOvJ2QE2PDL5vfP8cILAq
=ZNUR
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Protecting Against Replay Attacks With Nonrandom IV
Date: Thu, 18 Feb 1999 16:04:58 GMT
Bryan Olson <[EMAIL PROTECTED]> wrote, in part:
>But preventing replay attacks is a matter of authentication, not secrecy,
>and merely encrypting with CBC provides miserable authentication.
>Cryptosystems should detect forgeries, not just pass along garbage as if
>it were plaintext. Under the proposed timestamp scheme, if the attacker
>takes the head of a current message and appends the tail of an old one,
>the result will have a current timestamp and only two garbled blocks.
I have to admit that all of this is correct. If one is serious about
authentication, one ought to do much more than just make a trivial
modification to a standard encryption scheme which is deliberately
designed not to improve the security of the plain, unadorned block
cipher at its heart.
But if one is unwilling to do more, this is at least a start.
John Savard
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Bruce's Feb. "CRYPTO-GRAM"
Date: Thu, 18 Feb 1999 16:01:38 GMT
[EMAIL PROTECTED] (JPeschel) wrote, in part:
>This issue, February's, is great if you're
>interested, as I am, in snake-oil. In this
>issue Bruce names names.
He names other names in that issue too, and those are names one is
less likely to have heard before...
John Savard
http://members.xoom.com/quadibloc/index.html
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
