Cryptography-Digest Digest #135, Volume #9 Thu, 25 Feb 99 01:13:05 EST
Contents:
RC4 40 bit compared to RC4 128 bit. ("Rats")
Re: True Randomness - DOES NOT EXIST!!! (BRAD KRANE)
Re: True Randomness - DOES NOT EXIST!!! (Coen Visser)
Re: RC4 40 bit compared to RC4 128 bit. ("Steve Sampson")
Re: Define Randomness (Nicol So)
Re: Testing Algorithms (Patrick Juola)
Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness Come
From ?!? *** ) (tiger9)
Re: True Randomness - DOES NOT EXIST!!! ("H. Cheng")
Simple SSLeay client/server example? (Greg)
Re: Define Randomness (R. Knauer)
Re: True Randomness - DOES NOT EXIST!!! ("Trevor Jackson, III")
Re: Define Randomness ("Trevor Jackson, III")
Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness Come
From ?!? *** ) ("Alex Avila")
Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness Come
From ?!? *** ) ("Alex Avila")
Re: Define Randomness ("Trevor Jackson, III")
Re: Define Randomness (Michael Sierchio)
Re: Define Randomness ("Trevor Jackson, III")
Re: Pentium III Hardware Random Numbers ("Trevor Jackson, III")
Re: Testing Algorithms ("Trevor Jackson, III")
----------------------------------------------------------------------------
From: "Rats" <[EMAIL PROTECTED]>
Subject: RC4 40 bit compared to RC4 128 bit.
Date: Thu, 25 Feb 1999 14:10:15 +1300
Hi all
I've been looking through the "supposed RC4 algorithm" and I believe I've
come to grips with how it works.
However what puzzles me is the referrence sometimes used to describe RC4
i.e. RC4 40 bit and 128bit. What I don't understand is the relevance of the
bit values since the algorithm itself doesn't seem to make any mention of
it.
Any help will be appreciated.
Thanks in advance.
Ratnesh Gautam
P.S.
R Knauer please don't bother replying to this posting!
------------------------------
From: BRAD KRANE <[EMAIL PROTECTED]>
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: Thu, 25 Feb 1999 01:42:11 GMT
No where near a joke random does not exist!!! Every thing that happens
relies completly on something else.
~NuclearMayhem~
Get your copy of my encryption software at:
ftp://crypt:[EMAIL PROTECTED]:2600/Encryption/encrypt.zip
Coen Visser wrote:
> BRAD KRANE <[EMAIL PROTECTED]> writes:
>
> >True randomness does not exist. It always depends on some variable
> >at some *FIXED* time. FIXED times are not anywhere near random.
> >**EVERY** thing that goes on in the universe is hapening because of all
>
> [et cetera]
>
> This *is* a joke right?
>
> Wondering,
>
> Coen Visser
------------------------------
From: [EMAIL PROTECTED] (Coen Visser)
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: 25 Feb 1999 00:44:26 GMT
BRAD KRANE <[EMAIL PROTECTED]> writes:
>True randomness does not exist. It always depends on some variable
>at some *FIXED* time. FIXED times are not anywhere near random.
>**EVERY** thing that goes on in the universe is hapening because of all
[et cetera]
This *is* a joke right?
Wondering,
Coen Visser
------------------------------
From: "Steve Sampson" <[EMAIL PROTECTED]>
Subject: Re: RC4 40 bit compared to RC4 128 bit.
Date: Wed, 24 Feb 1999 19:39:40 -0600
I believe that Netscape uses only 128 bit RC4, and for export versions it
uses a 40 bit key, with the rest of the 128 bits being NULL.
So basically, 40 and 128 refer mostly to Web Browsers and SSL.
I haven't looked recently, but I think the RC4.C program that was published
had a 512 byte buffer to hold the key, but this was for Hex characters, so
that would be 512 x 4 or 2048 bits max, or something like that.
So the answer is, Netscape chose a number of bits for SSL, and the
State Department chose the 40 bit. Makes everything nice and standard...
There's probably some underlying maximum number of bits, but that is
left for an exercise to the student...
Steve
Rats wrote
>However what puzzles me is the referrence sometimes used to describe RC4
>i.e. RC4 40 bit and 128bit. What I don't understand is the relevance of the
>bit values since the algorithm itself doesn't seem to make any mention of
>it.
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: Define Randomness
Date: Wed, 24 Feb 1999 21:52:00 -0500
R. Knauer wrote:
>
> On Tue, 23 Feb 1999 23:05:32 -0500, Nicol So <[EMAIL PROTECTED]>
> wrote:
>
> >Equal probability of outcome is not necessary for randomness. Even a
> >source with a very skewed distribution of outcomes can be random--it
> >just has less entropy.
>
> ...
>
> BTW, what does it mean to speak of a given number having an entropy.
> Randomness and entropy both apply to the process by which numbers are
> generated, not the actual numbers themselves.
I didn't say anything about the entropy of a number--entropy is not a
property of a number. It should be quite clear from my wording that
entropy is a property of a source.
Nicol
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Testing Algorithms
Date: 24 Feb 1999 17:31:47 -0500
In article <[EMAIL PROTECTED]>,
Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
>Steven Runyeard wrote:
>
>> >No. The guess is only as valid as the assumptions it is based upon.
>> >Since you have based yours on nothing concrete, your guess is pretty
>> >useless.
>>
>> I don't agree. Because we are brought up in an environment with a
>> certain level of technology it's hard to imagine anything much
>> different. Let's look back at the technology surrounding Babbage in
>> the late 1800s. If anyone had suggested to him that within 100 years
>> someone could build a processor about an inch square that could
>> perform 2,000,000,000 instructions per second he would have sent them
>> to the nearest nut house. It would have taken a massive leap of faith
>> to believe it was possible. I feel that in another 100 years we would
>> have made an equally 'unbelievable' leap in technology. Don't limit
>> your thinking to the size of computers the size of melecules and
>> atoms. What about a computer made of super strings? Maybe even
>> smaller. Who knows? The point is we don't know what lies ahead of us.
>> My guess is no more worthless than yours.
>
>As we project farther into the future the "worth" of a guess approaches
>zero very quickly. However, your historical analogy does not consider
>one critical distinction, that being technology versus science. If we
>forsee technological limits such as the resolution limit to UV
>lithography, these should be ignored because we must assume new
>technologies will continue to be developed. In fact, technology
>projection is famously flawed for timidity rather than aggressiveness.
>For a reference see Heinlein's 1950, 1965, and 1980 projections. They
>were analyzed in "Expanded Universe" I think.
>
>Scientific limits are a different issue. If we project computation
>speeds based on the current model of reality we will hit limits such as
>the Plank length, speed of light, and the number of particles available
>in the observable universe. Projections that stay within the known
>scientific limits are of a different class than those that violate those
>limits.
>
>A superstring computer is certainly conceivable with modern theory, given
>some room for TBDs in the specs. But a computer that violates the speed
>of light is in the same class as divine inspiration.
Is it? I don't recall a single scientific experiment disproving the
possibility of FTL communication -- and a lot of Bell-type inequalities
that suggest it.
-kitten
------------------------------
From: [EMAIL PROTECTED] (tiger9)
Crossposted-To:
sci.skeptic,sci.philosophy.meta,sci.psychology.theory,alt.hypnosis,sci.logic
Subject: Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness
Come From ?!? *** )
Date: Wed, 24 Feb 1999 15:50:05 GMT
Simple, because logic is not fact. The 180 degree deal can be
proven and demonstrated to work in actuality and it is all within
the scope of human knowledge - no logic involved, just that it
works, which is the proof needed.
But how do you prove something OUTSIDE the scope of human knowledge
and human capability? Logic is only determined by the KNOWN
knowledge at the time, introduce new conflicting facts and all the
existing knowledge is thrown out in the garbage and a new "logic" is
developed just waiting to be also thrown out with the addition of
even more conflicting facts.
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>On Tue, 23 Feb 1999 14:31:44 GMT, [EMAIL PROTECTED] (tiger9) wrote:
>
>>That's my point: a lot of theories and absolutely no proof! We will
>>have to wait untill we die before any proof can or will be apparant,
>>or we may just cease to exist and never find out anyway.
>
>You are demanding the proof of a Positivist. How about accepting the
>proof of a mathematician?
>
>I mean, if you can accept the proof that there are 180 degrees in a
>triangle, why not accept logical truths in metaphysics?
>
>Bob Knauer
>
>"Democracy is the theory that the common people know what they
>want, and deserve to get it good and hard."
>--H.L. Mencken
>
------------------------------
From: "H. Cheng" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: Thu, 25 Feb 1999 04:17:42 GMT
I believe true randomness can be achieved by using a radioactive source. The
decay is VERY random and subjected to quatum mechanics. Also to predict anything,
you must know the initial condition, which is impossible once you start dealing
with the real world. There are just too many factors and then there's the
Uncertainty Priniciple, which I believe makes the radioactive decay random.
Alan DeKok wrote:
> In article <[EMAIL PROTECTED]>,
> BRAD KRANE <[EMAIL PROTECTED]> wrote:
> >
> >No where near a joke random does not exist!!! Every thing that happens
> >relies completly on something else.
>
> Sorry, nice try, but you're wrong. Go read about Heisenberg's
> uncertainty principle. (Among others)
>
> Everything that happens depends on things which are to some extent
> unknown, and unknowable. Add enough of that "unknown" up over time,
> and you've got complete unpredictability. Which is to say, randomness.
>
> Alan DeKok.
> --
> "Thus we can conjecture that Special Relativity may ultimately be derived from
> a simpler and more fundamental principle of _Conservation of Computational
> Resources_." - Complexity, Entropy, and the Physics of Information, p. 315.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Simple SSLeay client/server example?
Date: 24 Feb 1999 23:18:10 GMT
Hi;
Hoping someone can point me into the direction of example C code for
a client and also a server implementation using SSLeay with sockets.
All I'm trying to do is transfer encrypted data in a one way stream from X
to Y, and also with certificate authentication.
The SSLeay client server example with the distribution are not good
examples of simple implementations, particularly now they are all compiled
into the same executable. (The SSLeay programmers reference doesn't even
mention which headers to include or give a working simple piece of code.)
Many thanks for any workable example code.
Cheers
Greg
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Define Randomness
Date: Wed, 24 Feb 1999 21:52:19 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 24 Feb 1999 16:25:58 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>This is a false analogy. The flaw is the contained within the idea that
>an analysis is an experiment. There is no exhaustive
>examination/inspection/analysis that can prove a keystream secure. Thus
>there is no way to measure the security of a cipher experimentally. Since
>there is no unit of measure, repeatability is not possible, so the
>scientific method is compromised.
1) I build a TRNG to the best of my ability and have it certified by a
standards committee based on a design audit and internal diagnostic
tests.
2) I use the keystream to build a set of test ciphers from specially
designed messages which maximally leak information.
3) I submit those test ciphers to a committee of cryptanalysts who use
inferential methods to expose regularities, if any - like the Bayesian
method.
4) They measure an information leakage which gives you an indication
of how much you can use the TRNG before it begins to cause a problem.
Tell us why this program won't work.
>There are proofs that identify keystream weaknesses. But failure to find
>such a proof can be attributed to the analytic horizon effect among
>others. The inability to describe 'the limits of experimental error" due
>to lack of a metric for security means that the concept of experiment is
>not useful in this context. So a failure to find a proof of weakness does
>not constitute a proof of security.
I agree with that. But I am claiming that one can find a measure of
weakness using inferential techniques applied to test ciphers. The
prgram is to try to break test ciphers and use the amount of
information leakage as a quantitative measure of weakness. Surely an
inferential method like Bayesian inference has quantitatie measures of
the level of success as you turn the data-hypothesis crank each time.
>People do rely on the fact that peer review and long, intensive analysis
>have failed to find flaws in cipher systems. But characterizing these
>attempts to find weakness as experiments is an error.
I did not mean to imply that a design audit alone is sufficient,
although if it is based on a physical design, it has a much better
chance of certification than one based on an algorithmic design. I
have no idea how you would certify an algorithm itself - that sounds
very much like trying to solve the halting problem to me.
What I am doing here is to treat the TRNG as a piece of scientific
equipment, and using the same methodology to measure the proper
operation for a TRNG. You always run known experiments to prove out
your equipment.
Bob Knauer
"Democracy is the theory that the common people know what they
want, and deserve to get it good and hard."
--H.L. Mencken
------------------------------
Date: Wed, 24 Feb 1999 23:35:11 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: True Randomness - DOES NOT EXIST!!!
Coen Visser wrote:
> BRAD KRANE <[EMAIL PROTECTED]> writes:
>
> >True randomness does not exist. It always depends on some variable
> >at some *FIXED* time. FIXED times are not anywhere near random.
> >**EVERY** thing that goes on in the universe is hapening because of all
>
> [et cetera]
>
> This *is* a joke right?
>
> Wondering,
>
> Coen Visser
Passionate and righteous. Must be sincere. Wrong, but sincere.
------------------------------
Date: Wed, 24 Feb 1999 23:48:01 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Define Randomness
R. Knauer wrote:
> On Wed, 24 Feb 1999 20:54:51 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote:
>
> >>You need an unbiased generator for it to be crypto-grade random.
>
> >But that can be understood in misleading ways. In particular, the
> >original "generator" *can* have bias in its output, and yet *can* be
> >used for crypto, *provided* the output is "processed" to remove the
> >bias.
>
> Two comments:
>
> 1) Such anti-skewing processing must be included in the overall
> specification of the TRNG for it to be a genuine TRNG, so we are back
> where we started, namely:
>
> "You need an unbiased generator for it to be crypto-grade random".
>
> 2) I have not been convinced that anti-skewing does not introduce
> correlations, which would make the output unsuitable for crypto-grade
> ciphers. After all, the anti-skewing procedure is algorithmic, so
> there is always the opportunity to introduce correlation(s).
>
> The von Neumann method looks innocent on the surface since the
> probability of dibits 01 and 10 are the same, namely p*(1-p). But that
> says nothing about the correlations inherent in their appearance. If
> you start throwing out bits like in the von Neumann method, who knows
> what patterns are left behind.
That is exactly the point. No one knows. I.e., it is unpredictable.
>
>
> >It would not be correct, for example, to say that a crypto-grade
> >generator must *inherently* produce an unbiased output. While that
> >might be convenient, I doubt that any physical machine -- even
> >measuring the ideal flat source -- could produce a sufficiently flat
> >distribution in practice. So the output from physical generators
> >generally must be post-processed before use.
>
> I fully agree. A bias-free TRNG is an idealization, just like a
> (perfect) circle is an idealization. But that does not imply that
> algorithmic anti-skewing procedures should be used to fix a poorly
> implemented TRNG design.
>
> You don't run eccentric wheels on axles that are shaped like a crank,
> just to compensate for the eccentricity.
No, you put the rough lumber on a lathe and smooth it out. You do this
*without* the fear that the result will be a polygon.
You can deskew biased generators by inspecting a lage sample, where large
is calculated from your confidence requirements, and analyzing the bias
detected. Once that has been eliminated you have the specified comfidence
that the resulting generator is free of bias, correlation, etc.
------------------------------
From: "Alex Avila" <[EMAIL PROTECTED]>
Crossposted-To:
sci.skeptic,sci.philosophy.meta,sci.psychology.theory,alt.hypnosis,sci.logic
Subject: Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness
Come From ?!? *** )
Date: Wed, 24 Feb 1999 22:12:52 -0600
>There is only one real known reason for anything to exist: You exist.
>If you did not exist, nothing would exist for you.
>
>Bob Knauer
It seems to me that your argument begs the question.
It fails to provide a truly cogent reason for actual existence.
Your premise that things exist becase "you exist" presupposes
your conclusions that things exist.
Do not listen to this man's fallacious circular reasoning.
------------------------------
From: "Alex Avila" <[EMAIL PROTECTED]>
Crossposted-To:
sci.skeptic,sci.philosophy.meta,sci.psychology.theory,alt.hypnosis,sci.logic
Subject: Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness
Come From ?!? *** )
Date: Wed, 24 Feb 1999 22:09:13 -0600
>There is only one real known reason for anything to exist: You exist.
>If you did not exist, nothing would exist for you.
>
>Bob Knauer
doesn't your argument beg the question ?
------------------------------
Date: Wed, 24 Feb 1999 23:59:06 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Define Randomness
R. Knauer wrote:
> On Wed, 24 Feb 1999 16:31:56 -0500, "Trevor Jackson, III"
> <[EMAIL PROTECTED]> wrote:
>
> >> That generator is not crypto-grade random. If you used keystreams from
> >> that RNG you would leak significant amounts of information.
>
> >Not true. There are simple transforms that will remove the bias without
> >imposing any additional order (bias) on the sequence. The biasless
> >transformed sequence will not leak any information.
>
> As I commented earlier, such anti-skewing procedures must be included
> into the specification for the TRNG.
>
> Now here's the question for you - do these anti-skewing procedures
> introduce correlations into the keystream? After all, they are
> algorithmic, which means they produce a pattern.
Try this concept. The deskewing algorithm does not *impose* a pattern on the
data as some forms of processing might. It is the inverse of a pattern that
it imposes. Essentially, we take a bitstream exhibiting a defined pattern
and subtract the pattern. The (smaller) result is then passed on as
patternless data.
It is a *cancellation* of the defined patterns rather than an *imposition* of
a pattern.
------------------------------
From: Michael Sierchio <[EMAIL PROTECTED]>
Subject: Re: Define Randomness
Date: Wed, 24 Feb 1999 21:02:06 -0800
Reply-To: [EMAIL PROTECTED]
Terry Ritter wrote:
> We also cannot trust as ideal those things which are measurably not.
> Surely we should do what we can to make them as ideal as possible.
Excellence is the enemy of good.
- Voltaire
------------------------------
Date: Thu, 25 Feb 1999 00:02:42 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Define Randomness
Nicol So wrote:
> R. Knauer wrote:
> >
> > On Tue, 23 Feb 1999 23:05:32 -0500, Nicol So <[EMAIL PROTECTED]>
> > wrote:
> >
> > >Equal probability of outcome is not necessary for randomness. Even a
> > >source with a very skewed distribution of outcomes can be random--it
> > >just has less entropy.
> >
> > ...
> >
> > BTW, what does it mean to speak of a given number having an entropy.
> > Randomness and entropy both apply to the process by which numbers are
> > generated, not the actual numbers themselves.
>
> I didn't say anything about the entropy of a number--entropy is not a
> property of a number. It should be quite clear from my wording that
> entropy is a property of a source.
Shannon used the term information to describe the property of the data as
opposed to the property of the source. Would you accept unpredictability or
independence as synonyms for that property of the data?
------------------------------
Date: Thu, 25 Feb 1999 00:09:40 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Pentium III Hardware Random Numbers
[EMAIL PROTECTED] wrote:
> Is there some compelling reason why we should trust Intel?
No. The evaluation of the concepts does not require trust. The assumption
of completeness may require trust, and there may be compelling reasons why
we should *not* trust Intel. I.e., they may be (most probably are) telling
the truth, but they may not be telling all of it.
There is now a claim that the CPUID extension disable process is *not*
sticky. I suspect this is an example of an alternative explanation for
variance between what Intel says and the truth. They may not know the
truth.
------------------------------
Date: Thu, 25 Feb 1999 00:20:13 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Testing Algorithms
Patrick Juola wrote:
> In article <[EMAIL PROTECTED]>,
> Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
> >Steven Runyeard wrote:
> >
> >> >No. The guess is only as valid as the assumptions it is based upon.
> >> >Since you have based yours on nothing concrete, your guess is pretty
> >> >useless.
> >>
> >> I don't agree. Because we are brought up in an environment with a
> >> certain level of technology it's hard to imagine anything much
> >> different. Let's look back at the technology surrounding Babbage in
> >> the late 1800s. If anyone had suggested to him that within 100 years
> >> someone could build a processor about an inch square that could
> >> perform 2,000,000,000 instructions per second he would have sent them
> >> to the nearest nut house. It would have taken a massive leap of faith
> >> to believe it was possible. I feel that in another 100 years we would
> >> have made an equally 'unbelievable' leap in technology. Don't limit
> >> your thinking to the size of computers the size of melecules and
> >> atoms. What about a computer made of super strings? Maybe even
> >> smaller. Who knows? The point is we don't know what lies ahead of us.
> >> My guess is no more worthless than yours.
> >
> >As we project farther into the future the "worth" of a guess approaches
> >zero very quickly. However, your historical analogy does not consider
> >one critical distinction, that being technology versus science. If we
> >forsee technological limits such as the resolution limit to UV
> >lithography, these should be ignored because we must assume new
> >technologies will continue to be developed. In fact, technology
> >projection is famously flawed for timidity rather than aggressiveness.
> >For a reference see Heinlein's 1950, 1965, and 1980 projections. They
> >were analyzed in "Expanded Universe" I think.
> >
> >Scientific limits are a different issue. If we project computation
> >speeds based on the current model of reality we will hit limits such as
> >the Plank length, speed of light, and the number of particles available
> >in the observable universe. Projections that stay within the known
> >scientific limits are of a different class than those that violate those
> >limits.
> >
> >A superstring computer is certainly conceivable with modern theory, given
> >some room for TBDs in the specs. But a computer that violates the speed
> >of light is in the same class as divine inspiration.
>
> Is it? I don't recall a single scientific experiment disproving the
> possibility of FTL communication -- and a lot of Bell-type inequalities
> that suggest it.
OK, technically you are correct. Neither general relativity nor quantum
mechanics forbid FTL communication. However, researchers have been looking
for exactly such a mechanism for over 60 years and failed to find it. I admit
that they may find it in the next 60 years, or even tomorrow. But I won't bet
on it at any odds.
I may have chosen a poor example. Try numbers of particles. Assume that we
find the missing mass and it's all neutrinos (and not ones with rest mass).
In spite of the incredible size of that number of particles, it is a finite
number. So it represents a limit.
The universe may not be infinite. If it is finite, then there is some number
that we cannot count up to. That number is probably going to be pretty small
in exponential notation.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
