Cryptography-Digest Digest #147, Volume #9 Fri, 26 Feb 99 13:13:13 EST
Contents:
Re: Quantum Computation and Cryptography (Coen Visser)
Re: Testing Algorithms [moving off-topic] (Patrick Juola)
Re: VxD Crypto - Win 95/98/NT ("Trevor Jackson, III")
Legal procedures for using third party crypto? ([EMAIL PROTECTED])
Re: True Randomness - DOES NOT EXIST!!! (John Briggs)
Re: Define Randomness (R. Knauer)
Re: Testing Algorithms (Withheld)
Re: Testing Algorithms (Somniac)
Re: ElGamal key generation (Somniac)
Re: Define Randomness (Patrick Juola)
Re: Testing Algorithms (Patrick Juola)
Re: Scramdisk File ([EMAIL PROTECTED])
Re: Define Randomness (R. Knauer)
Re: Define Randomness (wtshaw)
Re: Not Quite Unbreakable... (wtshaw)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Coen Visser)
Subject: Re: Quantum Computation and Cryptography
Date: 26 Feb 1999 13:40:58 GMT
fungus <[EMAIL PROTECTED]> writes:
>
>"R. Knauer" wrote:
>>
>> A quantum computer results in an exponential increase in computing
No, as far as I know a n^2 increase in computing capability.
>> capability. That's because it contains all eigenstates simultaneously,
>> like a massively parallel classical machine. These eigenstates
>> interact in an exponentially large manner as the computer steps along.
>Ok, so we know the result's in there somewhere...
>...but how do we get it out?
People are working on that problem.
The main question is if quantum computers scale up like silicon computers do.
Regards,
Coen Visser
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Testing Algorithms [moving off-topic]
Date: 26 Feb 1999 09:08:59 -0500
In article <7b56hg$8m8$[EMAIL PROTECTED]>,
Doggmatic <[EMAIL PROTECTED]> wrote:
>In article <7b101l$q4v$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Patrick Juola) wrote:
>> In article <7avprg$jvm$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>>
>> The fundamental limit of powering a computer processor is *ZERO*.
>>
>> Power provides *NO* limitation on how big you can make a computer.
>>
>
> Uhh.... who told you that lie? Any process (the smallest possible relevent
>one of which is counting) requires a discrete (more than zero) amount of
>energy. So, unless your processor does *ZERO* work, it will consume more
>than ZERO energy. So, unless this computer is processing in another universe
>which is not subject to the physical of this one, there IS a limit.
Wrong. Look up "reversible computing" sometime; hell, this point was
explored at length in a Scientific American article sometime in the 70's.
Think of it this way -- what's the minimum amount of energy necessary
to move a brick five feet (horizontally)? On a frictionless surface
(there's those damned parasitic costs again), it will move, albiet
slowly, no matter how little force is applied.
So the fundamental limit to the amount of energy is zero.
-kitten
------------------------------
Date: Fri, 26 Feb 1999 07:46:46 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: VxD Crypto - Win 95/98/NT
R H Braddam wrote:
> Anthony Naggs wrote in message ...
> >After much consideration R H Braddam decided to share
> these wise words:
> >>According to the documentation for the Device Drivers
> >>Development Kit for Win 98/NT, page locking works
> >>correctly for Virtual Device Drivers (VxD) and device
> >>drivers (DxD - my own term, if not correct please
> >>advise).
> >
> >In Win95 device drivers can be in VxDs or (usually
> 16-bit) DLLs. Win98
> >adds WDM (Windows Driver Model) drivers that are more
> or less compatible
> >with NT.
> >
> Thanks for the correction, I must have misunderstood
> the documentation. I thought they were saying that a
> VxD was an intermediary program between the application
> programs and the actual hardware device drivers. I may
> have gotten that from the section where they said that
> a VxD could provide a "service" and not be associated
> with a physical device. Or maybe it was where they said
> that a VxD could be associated with several different
> hardware drivers. I'm not sure.
>
> >'DxD' is not a term anybody else would recognise.
> >
> Thankfully, no one will see it unless they read my
> posts, so no one will be confused by it. It seemed like
> a natural substitute for "hardware device driver" for
> anyone comfortable with VxD for Virtual Device Driver.
>
> >>One of the example VxDs in the DDK is Eatpages.VxD.
> It
> >>grabs and locks half of the available pages at
> boot-up
> >>and keeps them until shutdown. It is a very simple
> VxD
> >>and shows how to allocate, lock, unlock, and
> deallocate
> >>memory. The writer suggests that it could be used to
> >>simulate low memory conditions. It wouldn't work if
> VxD
> >>page-locked memory was swappable.
> >
> >That's what page locked memory is.
> >
> Yes, and if page locked memory worked correctly within
> the Windows development environment, Ari wouldn't have
> had to use a memory file in Yarrow. What I'm looking
> for is a way to make an app (Ring 3) generate a page
> fault if it tries to access memory used by the
> cryptosystem.
>
> >>Eatpages.VxD could also serve as a starting point for
> a
> >>secure memory allocator for Crypto functions. A VxD
> can
> >>map a pointer to its page-locked memory to an
> >>application's address space. A lot is needed to
> convert
> >>it to a memory allocator and manager, though.
> >
> >You need to be careful, memory in your VxD can be
> accessed by other VxDs
> >and even applications. It is not private. Windows 9x
> is single user
> >insecure o.s.
> >
> "Need to be careful" doesn't even scratch the surface.
> I guess I misread the docs again. I saw where they said
> that the VxD could get and supply a "global" pointer to
> other processes, and I interpreted that to mean that
> they couldn't access the VxD memory without the
> supplied pointer. Oops. Win9x being single user is fine
> with me, I don't need a multiuser OS. I'm trying to
> address one of the areas of insecurity.
> >
> >>My first inclination is to use two linked lists of
> >>structures (pointer, size, ...) and two chains of
> pages
> >>to allocate from. ...
> >> ... B-Trees might be better than linked
> >>lists. They're actually just a special case of a
> >>doubly-linked list, anyway. Comments?
> >
> >
> >It rather depends on what you're trying to achieve and
> your programming
> >preferences.
> >
> My programming preference is C++, but that isn't
> conducive to writing VxDs or hardware(less) device
> drivers..... C and Asm are necessary. I want a way of
> using crypto routines in a windowed application
> program which is harder to snoop than they would be if
> the crypto routines were in a dll or statically linked
> to the app. I'm not looking for impossible, I don't
> believe that exists, anyway. I'll settle for much more
> difficult, and try to make it as much more difficult as
> I can. As for the linked list vs BTree, I'm thinking of
> allocating from two chains of pages, one for small
> allocations of < 128 or 256 bytes, and one for larger
> allocations. I'd want a separate list or tree for each
> of those, and one (or two) for free'd memory. I want to
> keep the internally used allocation information out of
> the pages user blocks are allocated from. I'll have to
> try both lists and trees to find out the performance
> hit for trees
A couple of suggestions:
First, do not optimize your design too early. Implement a simple
version with one free list. You have many more important things to deal
with than performance.
Second, when you have a working system with one free list, add
multilevel free lists based on powers of two or (better) fibonacci
sequences. This kind of design is called a buddy system and is
extremely efficient. Research into buddy systems will pay big dividends
once you have the basic functionality working.
------------------------------
From: [EMAIL PROTECTED]
Subject: Legal procedures for using third party crypto?
Date: Fri, 26 Feb 1999 14:59:31 GMT
An application is being written in Java where I work that needs to include
crypto (for passwords, database access, etc.) Java provides an abstract layer
that we can code to, and just plug in third-party crypto.
We are looking at using RSA's modules. My question is do we have to apply for
export license with the commerce department (even if it is within the legal
56bit length)? If so, I read that we have to submit code to them for review.
How does this work if we really haven't written the crypto stuff (we just
access the well-known java "wrappers")? Isn't plugable crypto against the law
to export (e.g. someone in another country can just remove the 56bit stuff and
put in 128bit)?
Also, we are looking at RSA because they seem to be the well-known and
respectable company, however they require royalty payments. Are there other
alternatives besides using some modules found on someone's web site that they
claim are "secure"?
Thanks
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (John Briggs)
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: 26 Feb 99 09:47:25 -0400
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (R. Knauer)
writes:
> On Thu, 25 Feb 1999 20:42:45 GMT, BRAD KRANE <[EMAIL PROTECTED]>
> wrote:
>
>> The only true randomness is some thing that happens that doesn't rely on any
>thing
>>else but it self. The ony example of this is the creation of the universe it couldent
>>rely on any thing else but itself mainly because there was nothing else.
>
> Oh really? Nothing existed before the Universe, eh.
Really. Even the phrase "before the Universe" is devoid of meaning.
> That violates the law of causality, which is needed to explain how the
> Universe behaves. There could be no order in the Universe without the
> law of causality.
Please explicitly state this law of causality that you are invoking here.
It sounds like you are going for the Francis of Assisi line of bogus
logic:
"For every effect there must be a prior cause"
Which can then be used to fallaciously derive the existence of a
single root causeless cause of everything else -- the prime mover.
The Deity. The One.
The universe can proceed perfectly well without this "law".
Now Brad Krane seems to be claiming that the universe evolves in a
deterministic fashion from some starting state so that everything
that happens is, in principle, completely determined by that starting
state. While I disagree with this view, it is both self-consistent
and consisent with the experimental evidence. (It's hard to falsify
non-local hidden-variable theories).
> The notion that something came from Nothing will lead you to proving
> that only Nothing exists, which is an absurdity.
*snicker*. You philosophers and your word games. Let's see this
supposed proof.
John Briggs [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Define Randomness
Date: Fri, 26 Feb 1999 15:52:03 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 26 Feb 1999 04:35:46 GMT, Darren New <[EMAIL PROTECTED]>
wrote:
>> We *can* select the best cipher - the OTP. And we can select the best
>> TRNG - a radioactive decay TRNG.
>
>How about photon polarization? Would measuring the angle of polarization
>of photons (from a non-polarized source of course) yield the same level
>of randomness as measuring radioactive decay times?
I believe that such a process is equivalent to spontaneous emission
due to vacuum fluctuations, so it qualifies. After all, the gamma rays
that come roaring out of a radioactive nucleus that decays
spontaneously are photons too.
In general if you have a quantum system in an excited state and it
decays to the ground state spontaneously, I believe you have a
proveably quantum random process.
Bob Knauer
"Did you ever notice that when a politician does get an idea
he usually gets it all wrong?"
------------------------------
From: Withheld <[EMAIL PROTECTED]>
Subject: Re: Testing Algorithms
Date: Thu, 25 Feb 1999 22:57:23 +0000
Reply-To: Withheld <[EMAIL PROTECTED]>
In article <[EMAIL PROTECTED]>, "R. Knauer"
<[EMAIL PROTECTED]> writes
>On Thu, 25 Feb 1999 11:56:28 -0500, "Trevor Jackson, III"
><[EMAIL PROTECTED]> wrote:
>
>>Since this interpretation seems to forbid the practice of time travel rather
>>than the physics of time travel, and time travel is strongly connected to FTL
>>travel. I'd guess that FTL cannot be practiced even if the physics of the
>>universe permits it.
>
>Does that mean we aren't gonna have any more Star Trek Voyager movies?
>
>Dammit. Just when you find something you like, someone comes along and
>tells you that it can't exist.
>
>Bob Knauer
>
>"Democracy is the theory that the common people know what they
>want, and deserve to get it good and hard."
>--H.L. Mencken
>
If time travel were to become possible at any time in the future, our
betting shops would be full of people from the future....
--
Withheld
------------------------------
From: Somniac <[EMAIL PROTECTED]>
Subject: Re: Testing Algorithms
Date: Fri, 26 Feb 1999 07:49:46 -1000
Patrick Juola wrote:
in response to someone:
>Every
> >action takes a discrete amount of energy to perform and thus, even if your
> >computer can load registers at speeds approaching light-speed, you still have
> >to power it.
>
> This point is incorrect, no matter how many times Schneier's book is
> quoted. There is *no* minimum energy required for computation.
>
> -kitten
This is good news. Where can I buy a computer or logic gate that takes no
energy? I want one. For example, I want to buy one XOR gate that gives
back one energy unit when it goes to a zero, and takes one energy unit
when its output goes to a one. Is it made with one molecule? Is it solid
state or gas? I want to manufacture a 64 bit wide IC XOR gate using this
technology. Where can I purchase a license? What is the patent number?
Which journal describes its behaviour? I hope that you will not say one
has never been built. Do I need to build a black hole to make it work?
Does it need to travel near the speed of light to function efficiently?
Does it need to be at absolute zero temperature to give back the energy
it uses? Please explain its principles or give a reference book citation.
I have heard of a theory like that but it was never built. Such an
attractive logic gate should be built, unless it is impractical.
------------------------------
From: Somniac <[EMAIL PROTECTED]>
Subject: Re: ElGamal key generation
Date: Fri, 26 Feb 1999 07:53:14 -1000
Wei Dai wrote:
>
> In article <7b37vb$pth$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] says...
> > I want to generate a key for use with the ElGamal public-key encryption
> > algorithm.
> >
> > To generate a key pair, one uses this formula:
> > y=(g^x) mod p
> >
> > Where p is a prime, g and x are random numbers smaller than p.
> > The public key is: y,g and p
> > The secret key is: x
> >
> > My questions:
> > 1. Since p is public, can I use the same prime for all keys?
>
> Yes, but make sure (p-1)/2 is also prime.
>
> > 2. What size (in bits) should the p, g and x have? (eg. 2048?)
>
> g can be any size, as long as it is not 0, 1, or p-1. p should be
> at least 1024 bits and x should be at least 166 bits. For better
> security, p should be 2048 bits and x should be 228 bits or more.
768 bits is secure. Prove me wrong, or give some reason to believe your
1024 bit number as a minimum.
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Define Randomness
Date: 26 Feb 1999 12:10:41 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>>The last I heard from him on this was that the process was
>>exponentially complex (which means we cannot test all possibilities),
>>and also a probabilistic result, which seems to me to provide less
>>than I associate with the term PROOF.
>
>>I am confused as to how you could possibly interpret these
>>capabilities differently.
>
>I am referring to the concept I learned about in Li & Vitanyi called
>"pac-learning" where the acronym "pac" means "probably approximately
>correct." They discuss the induction models which lead to
>pac-learning.
>
>Are you claiming that all inductive learning is not worthy of being
>called a PROOF? If so, then you have a very restrictive notion of what
>constitutes a proof. BTW, deductive proofs are elusive sometimes as
>Godel pointed out, so even formal proofs are not perfect.
The problem with pac learning is that, as stated on the label, it's
only "probably approximately correct"; the probability and degree of
approximation are usually quantifiable, but at the end they end up
being no more than the statistical guesses with error bars that you
were objecting to in a different context.
>>For this to be useful, I think we would have to make the leap that we
>>have *identified* all possible hypotheses, which is impossible at
>>realistic length, and that we have *tested* all possible hypotheses,
>>which is even more impossible. I don't see this helping. Since you
>>do, perhaps you could explain how.
>
>I have never claimed to know the Bayesian induction technique, in
>particular as it applies to breaking stream ciphers, so I cannot
>explain anything. You will have to ask Patrick Juola, who has touted
>the Bayesian attack on several occasions earlier. I would be pleased
>to see a reference to that method myself.
>
>>I think "proof" means PROOF: a 100% iron-clad demonstration that no
>>other possibilities exist. This is *not* the same as proof *if* only
>>something else is what we hope and wish it to be.
>
>You are a dogmatist, namely only 100% dogmatic truth will suffice.
>
>You are excluding proofs arrived at by induction, such as recursively
>constructed proofs and experimental proofs. For example, in your
>system you could never accept that the speed of light is a constant,
>since there is no a priori reason to prove that it is.
>
>Never mind that there are very strong reasons, inductive reasons that
>come from both theory and experiment, that the speed of light is a
>constant, at least in a given locality in spacetime. Never mind that
>the constancy of the speed of light is contained in Maxwell's
>equations and is contained in the various measurements of the speed.
You're not being consistent here. On the one hand, you ask for
*proof* that a given cryptoystem is 100% unbreakable or that there
are firm bounds on the risk; when I point out that statements like
"a uniform Bernoulli process will generate uniform strings" are
provable to any desired degree of belief, you object because there
is some possibility that in a billion billion years, you might see
one violate the conditions of the test.
But this is exactly the same thing that we see with measurements of the
speed of light. It *might* well vary; all we can really say is that
the degree of variation is (with extremely high probability) less than
a few zillionths of a percent.
-kitten
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Testing Algorithms
Date: 26 Feb 1999 12:15:15 -0500
In article <[EMAIL PROTECTED]>, Somniac <[EMAIL PROTECTED]> wrote:
>Patrick Juola wrote:
>in response to someone:
>>Every
>> >action takes a discrete amount of energy to perform and thus, even if your
>> >computer can load registers at speeds approaching light-speed, you still have
>> >to power it.
>>
>
>> This point is incorrect, no matter how many times Schneier's book is
>> quoted. There is *no* minimum energy required for computation.
>>
>
>This is good news. Where can I buy a computer or logic gate that takes no
>energy?
You'll have to build one, I'm afraid. Start by getting a large fluid-filled
tube and putting a neutral-buoyancy ball in the tube. Measure how much
energy it takes to propel the ball from one end to the other. You get
much better performance if you use liquid helium as your fluid, which
means you may have some significant expenses in insulation if you want
to keep the parasitic heat loss low.
Once you've got your data path set up, you can build a Fredkin gate
fairly easily out of those components.
>I want to manufacture a 64 bit wide IC XOR gate using this
>technology. Where can I purchase a license? What is the patent number?
You don't need one.
>I have heard of a theory like that but it was never built. Such an
>attractive logic gate should be built, unless it is impractical.
Impractical? Twenty years ago 100Mbps fiber was impractical. Don't
try to tell me that you know what will be practial in 200 years.
-kitten
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Scramdisk File
Date: Fri, 26 Feb 1999 17:33:52 GMT
In article <[EMAIL PROTECTED]>,
Gregg Berkholtz <[EMAIL PROTECTED]> wrote:
> I am having difficulty mounting my scramdisk file.
> It worked fine yesterday (multiple mount/dismounts) I have the password
> written down (kept in wallet until I remember it, then it will be eaten)
> and have tried entering it multiple times with no success. I have also
> tried variations of the password.
>
> I can mount my other files on this disk but this one does not mount.
>
> The disk is a single FAT32 Partition on a Seagate 10.6 Gb running Win95.
>
> The file I am trying to mount was created with 1024Kb specfied as the
> size.
>
> Life just plain sucks sometimes. I just got my tape backup today and I
> have a customer waiting on a final copy of a database program. :-(
>
> Any help is GREATLY appreciated!
>
> Gregg Berkholtz
I don't know whether this helps, but I had a similar(ish) problem. I couldn't
get it to mount a .svl file, so I tried a test by creating a .svl with
different pass phrases. This worked ok.
I rebooted to test the new file, and cheerfully found that the reboot meant I
could now also read my original file as well.
Why not reboot and open the the volume as the first thing you do?
Simon
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Define Randomness
Date: Fri, 26 Feb 1999 15:57:45 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 25 Feb 1999 15:40:26 -0800, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote:
>Thank you for the philosophy that kept its feet on the ground. Some of this
>stuff reaches escape velocity. But I guess the posters have their reasons
>for wanting to transcend reality.
When quantum computers come online, it will take more than the comfort
of keeping one's feet on the ground to come up with new ways to beat
them.
>Crypto is above all else: practicable. And any discussions should keep this
>in mind.
I wonder how far science and mathematics would have advanced if people
in earlier times had aodpted that rather prosaic attitude.
Bob Knauer
"Did you ever notice that when a politician does get an idea
he usually gets it all wrong?"
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Define Randomness
Date: Fri, 26 Feb 1999 10:55:53 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
>
> Rolling dice, or picking lottery balls - those are classical physical
> processes. If they're sufficient to produce what is accepted as "true
> randomness", then, why wouldn't an _equally detailed_ computer
> simulation be acceptable?
>
A local resident, Frank, called me and asked me to come over. He had
carefully recorded and tabulated all of the Lottery winners for several
months, and noticed that there seemed to be a pattern of some numbers
coming up less or more frequently, and some more together than others. He
said he would pay lots of money for a program to predict the next winning
numbers. He got mad when I told his that it would be a waste of my time
and his money.
--
A much too common philosophy:
It's no fun to have power....unless you can abuse it.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Not Quite Unbreakable...
Date: Fri, 26 Feb 1999 11:15:16 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
>
> In reducing things to the lowest common denominator, I then had the
> idea to simplify things by replacing the Enigma by a Bazeries cylinder
> (a Jefferson wheel cipher, an M-94).
I had the same thought, long ago.
>
> Thinking of ways to ensure that each message was transposed
> differently led me to some complications. But even if one doesn't do
> that, surely the ciphertext from the first stage is good enough that
> there is very little to use in multiple anagramming?
>
.....
>
> With enough messages, one can create a map of the ciphertext, showing
> which letters come from the first block of 25, which letters come from
> the second, and so on...and that will be enough to tell a great deal
> about the transposition.
>
> A very difficult problem - not one I would be enthused about
> personally attempting - but not outside the reach of possibility.
It was a problem worth solving, and it was undertaken. What killed the
old system was the problem of distribution of new wheels. Surely, it is
still good if they are changed before sufficient ciphertext is accumulated
that would produce a solution, that being somewhat relative to the skills
of those working on the job.
For a minimum amount of ciphertext required, lest we forget the Shannon
efforts in that area, that quantity is somewhat indeterminate, still
surely might be relatively close to some sort of large floor value.
--
A much too common philosophy:
It's no fun to have power....unless you can abuse it.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
