Cryptography-Digest Digest #143, Volume #9 Thu, 25 Feb 99 23:13:04 EST
Contents:
Re: RC4 40 bit compared to RC4 128 bit. (David Wagner)
Re: Define Randomness (Herman Rubin)
Re: My Book "The Unknowable" (karl malbrain)
Re: Snake Oil - "The flip side" (Matt Curtin)
Re: Define Randomness (R. Knauer)
Re: Quantum Computation and Cryptography (David A Molnar)
Re: Define Randomness (Michael Sierchio)
Re: Scramdisk File (Svend Olaf Mikkelsen)
Re: ElGamal key generation (Casey Sybrandy)
Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness Come
From ?!? *** ) ([EMAIL PROTECTED])
Re: My Book "The Unknowable" ([EMAIL PROTECTED])
Re: Testing Algorithms (Doggmatic)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: RC4 40 bit compared to RC4 128 bit.
Date: 25 Feb 1999 17:28:34 -0800
In article <[EMAIL PROTECTED]>,
Doug Stell <[EMAIL PROTECTED]> wrote:
> The secret key and public salt can be combined in any way you wish, as
> long as both parties agree on the method. (The US Government initially
> wanted simple concatenation.)
Intriguing. If SSL had followed the government's simple concatenation
proposal, the result would have weakened the protocol. It's a good thing
the designers insisted on the use of a hash function.
In particular, there would be active attacks needing complexity on the
order of 2^29 work, which is much less than you'd expect from a 40-bit
key. See
http://www.cs.berkeley.edu/~daw/my-posts/my-rc4-weak-keys
for details.
------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Subject: Re: Define Randomness
Date: 25 Feb 1999 19:19:06 -0500
In article <7b3kun$sm1$[EMAIL PROTECTED]>,
Patrick Juola <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
>Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
..............
>No. The point is that the vN method does not *introduce* patterns.
>If there are longer-range correlations in the input data, the vN method
>will not remove long-range correlations. What it *will* do is remove
>bias from independent bits.
One can have independence and patterns, and get worse numbers after
using vN than before.
Suppose, for example, that even numbered bits are 1 with probability
.6, and odd numbered .4. Then the probability of 10 and 01 are .36
and .16, which is which depending on the starting point. The resulting
bits are roughly .69 of the more common type.
The von Neumann, and more efficient, methods depend on not just
independence but constant probability.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
From: karl malbrain <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.physics,sci.logic
Subject: Re: My Book "The Unknowable"
Date: Fri, 26 Feb 1999 01:44:41 GMT
Please forgive the embarassment -- my reply to this post inadvertently removed
most of the original message (PacBell DECIDED today to relocate their news
server and in the CONFUSION I installed another news reader that I obviously
don't know how to USE yet)
In article <7b4efi$j6p$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Hi, just wanted to say that my book The Unknowable will
> be published this spring by Springer-Verlag. Meanwhile
> you can still preview it at
>
> http://www.umcs.maine.edu/~chaitin/unknowable
>
> and
>
> http://www.cs.auckland.ac.nz/CDMTCS/chaitin/unknowable
>
> Rgds,
> Greg Chaitin
After looking through your paper:
The difference between MATTER being paramount and INFORMATION being paramount
is the difference between
RANDOM=CHAOS/COMPLEXITY and
RANDOM=INFORMATION*COMPLEXITY.
The historical basis for the ANALYTICAL METHOD, I recognize as HEGELIAN.
Karl M
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Matt Curtin <[EMAIL PROTECTED]>
Subject: Re: Snake Oil - "The flip side"
Date: 25 Feb 1999 09:52:19 -0500
"jmp" <[EMAIL PROTECTED]> writes:
> The problem is that only a few tell you that the maximun key is 40,
> 56, or 64 bits - and they tell you in the small print at that. You
> think this is not Snake Oil??
There's a difference between snake oil and obsolete technology.
Otherwise well-designed ciphers (such as DES), whose keys are simply
too small, are obsolete. Ciphers capable of sufficiently large keys
(such as Blowfish) whose implementations top out at the sizes you
mention are best described as "crippled".
We are not doing ourselves any favors by blurring terminology, or
allowing it to be blurred by the media. Snake oil is a product
without good science behind it, whether a cryptosystem or an elixir.
"Virtual matrices", "pseudo OTP", cellular automata, and the like have
not been extensively studied in the research literature. A new idea
behind a new sort of cipher might well be a good idea, even a
breakthrough. But until it has been subject to peer review and
analysis, it is not good science.
--
Matt Curtin [EMAIL PROTECTED] http://www.interhack.net/people/cmcurtin/
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Define Randomness
Date: Thu, 25 Feb 1999 15:37:12 GMT
Reply-To: [EMAIL PROTECTED]
On 24 Feb 1999 19:51:24 -0500, [EMAIL PROTECTED] (Alan
DeKok) wrote:
> I think that's the crux of the matter. (I'm starting soon on "The
>physics of Fisher Information". Deriving physics from information theory.)
You mean "Physics from Fisher Information" by B. Roy Frieden, don't
you?
See also "Fire In The Mind" by George Johnson, which is about the
Sante Fe Institute.
> There is physical information which is *unknowable*, and thus can
>safely be used to generate unpredictable random numbers.
There is mathematical information that is unknowable too, and it can
be used to generate unpredictable random numbers - in principle
anyway.
See Greg Chaitin's books and papers:
http://www.umcs.maine.edu/~chaitin/
Bob Knauer
"Democracy is the theory that the common people know what they
want, and deserve to get it good and hard."
--H.L. Mencken
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Quantum Computation and Cryptography
Date: 26 Feb 1999 00:46:15 GMT
R. Knauer <[EMAIL PROTECTED]> wrote:
> the correspondents can detect it and stop the transmission.
if you're referring to the system described in _Applied Cryptography_
that uses polarizations and so on...well, yes. That does not
really strike me as "quantum computing", though. At least, not in
the way I think the question was getting at. i
Like, "is there some mathematical function which will be to quantum
computers what today's trapdoor functions are to poly-time machines,
and can we actually implement it ?" might be closer.
Do algorithms with running time 2**(2**n) collapse to 2**n , does
anyone know?
>>Not exactly practical yet. For the moment only a 2 bit QC has been
>>built. Getting above 10 bits is going to be very challenging. It will
>>be a few decades before you see a 128 bit QC.
> Do you have proof for that statement?
http://qso.lanl.gov/qc has a huge archive of papers. One of them describes
the implementation of an error-correcting code on a 3-qubit system.
That's the largest one I know about in practice. If anyone's built a
bigger one, please post! 3 bits is enough for a reversible XOR gate,
which may be to QC what NAND is to digital logic.
(the more I think about that statement, the less I like it, since it
seems to imply that you could reduce all computations to evaluating
3 qubits over and over. but I don't know if 'over and over' makes sense)
What I don't understand yet is whether a 128 bit QC is necessary or not
to do interesting things with 128 bit numbers.
Anyway, the popular explanations I've seen blame "decoherence" for the
fact that we don't have 128-bit QCs yet. This is supposed to be quite
hard to get around. I do not know of any theoretical results showing it
impossible to put together a system of >k bits, but that doesn't
make it less of an engineering challenge.
-David
------------------------------
From: Michael Sierchio <[EMAIL PROTECTED]>
Subject: Re: Define Randomness
Date: Thu, 25 Feb 1999 17:59:53 -0800
Reply-To: [EMAIL PROTECTED]
Terry Ritter wrote:
> ...If the OTP really was "the best"
> cipher, everyone would be using it....
You're being disingenuous. You know better. That's equivalent to
saying if Mercedes really were the best, everyone would be driving
one. Just as there are barriers to entry in the Mercedes market
($$$$), there is a barrier to using OTP that has nothing to do
with the proof of a TRNG -- key distribution.
------------------------------
From: [EMAIL PROTECTED] (Svend Olaf Mikkelsen)
Subject: Re: Scramdisk File
Date: Thu, 25 Feb 1999 23:59:06 GMT
Gregg Berkholtz <[EMAIL PROTECTED]> wrote:
>I am having difficulty mounting my scramdisk file.
>It worked fine yesterday (multiple mount/dismounts) I have the password
>written down (kept in wallet until I remember it, then it will be eaten)
>and have tried entering it multiple times with no success. I have also
>tried variations of the password.
I have written a program, which given the passwords will test the
integrity of a Scramdisk version 2.02c DES or Blowfish container
header. If the test fails, the reason might be wrong passwords or a
fatal damaged container file. If it succeeds it will in some (maybe
rare) cases be possible to get a hint on what's wrong. It works like
this:
C:\>sdchk bf.svl blowfish
SDCHK version 1.0. Copyright Svend Olaf Mikkelsen, 1999.
Tests integrity of Scramdisk version 2.02c container header.
This program contains cryptographic procedures from SSLeay,
written by Eric Young.
Pass Phrase 1: test 1
Pass Phrase 2: test two
Pass Phrase 3: test iii
Pass Phrase 4: test ?
Using keys at offset 0x0000:
Sector at 0x2000 equals sector at 0x2200
Sector at 0x2000 equals sector at 0x2400
Sector at 0x2200 equals sector at 0x2400
The string SCRMD found in bootsector.
Using keys at offset 0x1800:
Sector at 0x2000 equals sector at 0x2200
Sector at 0x2000 equals sector at 0x2400
Sector at 0x2200 equals sector at 0x2400
The string SCRMD found in bootsector.
Scramdisk compares two of the sectors at 0x2000, 0x2200 and 0x2400
after decryption, and if the are equal, the passwords are correct and
accepted. In version 2.02c there is a copy of the key material at
offset 0x1800, if the passwords have not been changed. It will then be
possible to solve cases, where the key at 0x0000 or the sectors at
0x2000 to 0x2400 are damaged. For Scramdisk 2.02g (without source) it
may be necessary to use another approach.
Got a thought: Since the key is not available at 0x1800 with new
passwords, maybe it is with the old passwords. Yes, it is. Bug or
feature in 2.02c?
The program is included as example in my (new) DES, Blowfish and SHA
library for MS Basic 7.1 (DOS), based on Eric Young's SSLeay. It is at
http://inet.uni2.dk/~svolaf/bascrypt.htm
--
Svend Olaf
------------------------------
From: Casey Sybrandy <[EMAIL PROTECTED]>
Subject: Re: ElGamal key generation
Date: Thu, 25 Feb 1999 21:48:25 -0500
Real easy solution to your problem, use Diffie-Hellman, they're technically
the same thing.
Erwin Molendijk wrote:
> I want to generate a key for use with the ElGamal public-key encryption
> algorithm.
>
> To generate a key pair, one uses this formula:
> y=(g^x) mod p
>
> Where p is a prime, g and x are random numbers smaller than p.
> The public key is: y,g and p
> The secret key is: x
>
> My questions:
> 1. Since p is public, can I use the same prime for all keys?
> 2. What size (in bits) should the p, g and x have? (eg. 2048?)
>
> Regards,
> Erwin
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.skeptic,sci.philosophy.meta,sci.psychology.theory
Subject: Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness
Come From ?!? *** )
Date: Fri, 26 Feb 1999 01:50:07 GMT
Is reality real?
ref http://home.earthlink.net/~lesterzick
Regards - Lester
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> On Wed, 24 Feb 1999 22:09:13 -0600, "Alex Avila" <[EMAIL PROTECTED]>
> wrote:
>
> >>There is only one real known reason for anything to exist: You exist.
> >>If you did not exist, nothing would exist for you.
>
> >doesn't your argument beg the question ?
>
> I do not believe so. Try using a reductio ad absurdum argument on it -
> try proving that reality does not exist.
>
> Within the framework of the worldview called Realism, you can't. You
> have to invoke non-Realism systems like Mysticism or Idealism or
> Phenomenalism, etc., and even then the non-reality of existence is
> just an axiom.
>
> If nothing existed, then and only then could you claim that reality
> does not exist. But you would not be around to make that assertion.
>
> This is explained in Thomas Aquina's book "On Being And Essence".
>
> Bob Knauer
>
> "Democracy is the theory that the common people know what they
> want, and deserve to get it good and hard."
> --H.L. Mencken
>
>
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.math,sci.physics,sci.logic
Subject: Re: My Book "The Unknowable"
Date: Fri, 26 Feb 1999 02:54:40 GMT
In article <7b4efi$j6p$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Hi, just wanted to say that my book The Unknowable will
> be published this spring by Springer-Verlag. Meanwhile
> you can still preview it at
>
> http://www.umcs.maine.edu/~chaitin/unknowable
Chaitin:
I browsed the chapters and I congratulate you twice, once on your book since
it rounds up much of your views on the subject, as well as on your initiative
to value the Internet as a discussion medium.
The Internet is an amplifier and it can surely either increase our own
intellectual value or reflect our want.
I hope we can we can have more books and papers on this subject, to foster
discussions and alternative/complementary views. And, more on the Internet.
Particularly illustrative of such need in this same subject of "randomness"
was the rather recent publication in Nature [v. 379, p. 804-806, 1996] and
Physics journals of "economic randomness models" that have investigated the
relevant factors that might underly company growth in size.
By analyzing empirical data for all publicly traded US manufacturing companies
between 1975 and 1991, Stanley et al. identify three basic characteristics
from the apparently random data in the time series used and use them to argue
that structures common to all firms might well be stronger determinants of
growth than production�related factors, which are different for companies
producing different goods. A far reaching conclusion -- but, a correct one?
In the paper "The Growth of Companies and the Water Level Fluctuations of the
River Danube", Janosi and Gallas
[http://w3.hlrz.kfa-juelich.de/~jason/donau.ps] performed the same
calculations on a completely different time-series: the daily water-level
fluctuations of the river Danube over 86. Surprisingly, the same three set of
characteristics were obtained as reported by Stanley et. al. -- but now
without any recognizable "organizational structure".
Thus, IMO, highlighting the collective "Roshach test" that elludes people
into projecting their own trusted patterns into their account of
observations. Which brings a key-word I felt missing in your chapters: In
your formalism, how do you account for trust when measuring information?
Cheers,
Ed Gerck
______________________________________________________________________
Dr.rer.nat. E. Gerck [EMAIL PROTECTED]
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Doggmatic <[EMAIL PROTECTED]>
Subject: Re: Testing Algorithms
Date: Fri, 26 Feb 1999 03:12:45 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Steven Runyeard) wrote:
> >No. The guess is only as valid as the assumptions it is based upon.
> >Since you have based yours on nothing concrete, your guess is pretty
> >useless.
>
> I don't agree. Because we are brought up in an environment with a
> certain level of technology it's hard to imagine anything much
> different. Let's look back at the technology surrounding Babbage in
> the late 1800s. If anyone had suggested to him that within 100 years
> someone could build a processor about an inch square that could
> perform 2,000,000,000 instructions per second he would have sent them
> to the nearest nut house. It would have taken a massive leap of faith
> to believe it was possible. I feel that in another 100 years we would
> have made an equally 'unbelievable' leap in technology. Don't limit
> your thinking to the size of computers the size of melecules and
> atoms. What about a computer made of super strings? Maybe even
> smaller. Who knows? The point is we don't know what lies ahead of us.
> My guess is no more worthless than yours.
>
> Steve
>
Okay .. given all that, as long as your computer is made of matter (or
even, anti-matter, I conjecture), it will conform (nasty word!) to the laws
of thermodynamics. Bruce Schneier brought up the point in his book. Every
action takes a discrete amount of energy to perform and thus, even if your
computer can load registers at speeds approaching light-speed, you still have
to power it. So, there is a key-size that will be prohibitively large to be
brute-forced with all the energy in this solar system (of which the sun is,
of course, the main source). So even with a Dyson sphere [large
solar-collector built around stars that, ideally, absorb all of their
energy], you'd still be limited to 2^187 keys per year (but, then again, what
would be the point of testing that many keys .. since there'd be no life left
in the solar system, because your computer took all the energy that would do
such mundane things as heat the planet, support plant life, etc...) So, to
quote my new favorite phrase, "until computers are built from something other
than matter and occupy something other than space" brute-forcing 256-bit keys
will be infeasible.
___/Mike ...two legs good, four legs bad? ... Why conform?
__/. | For my next trick, WATCH as this humble mouse breaks
\-__ \___ Windows at the mere press of a button.
\ Hey! Where are we going, and why am I in this handbasket?
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
