Cryptography-Digest Digest #166, Volume #9 Mon, 1 Mar 99 09:13:07 EST
Contents:
Re: Can the quantum computer determine the truth from a lie? (Paul Kinsler)
Re: random number generator??? (Nathan Kennedy)
Re: Anyone know of any good stream chipers? (Paul Crowley)
Re: Scramdisk Security ("Sam Simpson")
Re: Unicity of English, was Re: New high-security 56-bit DES: Less-DES
([EMAIL PROTECTED])
Re: ScramDisk Website?? ("Sam Simpson")
Re: Scramdisk/DATMAN ("Sam Simpson")
Re: ScramDisk Website?? ([EMAIL PROTECTED])
Re: Testing Algorithms (Patrick Juola)
Re: Testing Algorithms (Patrick Juola)
Hoi-Kwong Lo to speak on Quantum Cryptology at UMBC ("Dr. Alan Sherman")
Re: Define Randomness (R. Knauer)
----------------------------------------------------------------------------
Crossposted-To: alt.privacy,talk.politics.crypto
From: [EMAIL PROTECTED] (Paul Kinsler)
Subject: Re: Can the quantum computer determine the truth from a lie?
Date: Mon, 1 Mar 1999 10:32:44 +0000 (GMT)
In alt.privacy Jay <[EMAIL PROTECTED]> wrote:
> All that having been said, however, we still don't know that QC will work
> for non trivial problems.
This statement should be rephrased to -- "We still dont know that will
will be able to build QC's big enough to solve non-trivial problems".
> ...Of course, we still will have to worry about molecular computing, which
> does not invoke spooky questionable theoreticals, and is much closer to
> reality. DNA type computation would be ideal for decryption analysis.
There is nothing "spooky" or questionable about the theoretical basis
of quantum computing.
#Paul.
------------------------------
From: Nathan Kennedy <[EMAIL PROTECTED]>
Subject: Re: random number generator???
Date: Sun, 21 Feb 1999 00:44:01 +0800
"R. Knauer" wrote:
> >People far more adequately equipped have
> >looked at SHA-1 and found no weaknesses.
>
> <idle speculation> On the other hand, the hidden regularities in SHA-1
> could be so subtle that only the math geniuses at NSA know about them.
> What if, for example, that the algorithm reduces to something simple?
> IOW, the creators took some simple calculation and made it look very
> complex, fooling everyone into thinking it is secure. I realize that a
> hash has to be virtually collision free as well as pass pseudo-random
> tests, but that could possibly be incorporated into the design without
> anyone spotting it. </idle speculation>
Well... SHA-1 has survived intense peer review pretty well unscathed so
far, which is more than can be said for MD-anything, third-party hashes
that were quite trusted... Of course time and peer review is the best
cryptographic test. My perception, incidentally, is that the NIST (which
is behind SHA-1, no?) tends to be very pro-crypto, even against the NSA's
efforts to undermine privacy. After all, they've published all these
algorithms and made a lot of excellent suggestions for security, they
always seemed to me to be pro-privacy, anti-regulatory types, but what do I
know. And I heard somewhere (web page? posting?) that the NSA had an AES
candidate, but the NIST told them to shove it.
> When you have the security (and prosperity) of the free-world as your
> prime directive, you will do anything and everything to gain the upper
> hand - and the NSA is no exception to that rule. I would not want it
> any other way myself.
Enemy of the State, here we come. Actually, I guess I'm taking this thread
out of the realm of sci.crypt, (I always should've been a lurker), but I
always had a more deregulatory opine of government. My idea of good
government keeps people from killing and stealing, and lets the citizens
take care of the rest. Too bad this isn't going to happen. If you have
this kind of attitude towards protecting the "security (and prosperity)" of
the free world (viz., deceiving the people, corrupting their personal
security, then using surveillance againt them), after a while there might
not be any free world left to protect. The NSA should stick to cracking
intercepted military transmissions, an occupation that they are afraid may
(and probably will) become obsolete unless they revert to these draconian
means of defending it.
Nate
(No offense, don't let me put words in your mouth. I know you didn't mean
it like you wanted *that*, but you get my point.)
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: Anyone know of any good stream chipers?
Date: 23 Feb 1999 09:09:27 -0000
"Rats" <[EMAIL PROTECTED]> writes:
> Definition of a "good" stream chiper according to me:
>
> A chiper that would require at least a $10,000 investment to crack within a
> reasonable time (say 3 - 4 hrs, 10 PII 300s working in parallel?).
There are very many stream ciphers out there that are well analysed
and well thought of in the crypto community, whose security is vastly
beyond what you specify, and indeed vastly beyond the brute-force
cryptanalytic resources of the planet Earth for at least the next
century. Security is not the problem.
What we need to know is what else you want from it. Lack of patent or
other legal encumberance? Small code size? Small table size?
Screaming raw speed? Conservative design?
Here's some names: Blum-Blum-Shub, RC4, WAKE, WAKE-ROFB, ISAAC,
Panama. There's also block ciphers in a variety of chaining modes.
RC4 (also known as Arcfour) is by far the easiest to understand and
implement, and really very neat; it's not patented, but RSADSI may
threaten a groundless lawsuit against you for using it if they think
you have money. Panama is around three times faster at the cost of
greater complexity and memory demands. Blum-Blum-Shub is provably as
hard as factoring and very much slower than any of the others.
When I know more about what you need I can point you in a particular
direction.
hope this helps,
--
__
\/ o\ [EMAIL PROTECTED] http://www.hedonism.demon.co.uk/paul/ \ /
/\__/ Paul Crowley Upgrade your legacy NT machines to Linux /~\
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: Scramdisk Security
Date: Mon, 1 Mar 1999 11:57:49 -0000
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
(Take this post with a pinch of salt - I'm involved with distributing
ScramDisk....)
We are aware of several individuals who have reviewed the source code.
None of this individuals have reported finding *any* security related
problems.
I guess you could call ScramDisk "medium" security (in the same way that
PGP / SFS etc could be considered medium)- in the end it is only a piece
of software that can simply be replaced by a trojan.
AFAIK there are no weaknesses (other than running on an inherently
insecure OS, but that can't be helped....)
Regards,
- --
Sam Simpson
Comms Analyst
http://www.hertreg.ac.uk/ss/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
If you're wondering why I don't reply to Sternlight, it's because he's
kill filed. See http://www.openpgp.net/FUD for why!
Chris Wilson wrote in message
<7bdggi$ia9$[EMAIL PROTECTED]>...
>I understand that Scramdisk sourse code is open for viewing and
analysis.
>Has anyone done so? Is there a critical analysis of Scramdisk?
>
>What is generally thought of this program? I am thinking of using it,
but I
>have heard it referred to as a "medium" security solution to file
>encryption. What are its weaknesses?
>
>Thank you,
>--- Chris
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.0.2
iQA/AwUBNtqAu+0ty8FDP9tPEQJsPgCeITek58AwcKku8j2Qpe2F0KYTH8QAoM86
dEv8caQFa6bUI9A3FQccvVgp
=JynG
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Unicity of English, was Re: New high-security 56-bit DES: Less-DES
Date: Mon, 01 Mar 1999 09:02:37 GMT
[EMAIL PROTECTED] wrote:
> Bryan Olson <[EMAIL PROTECTED]> wrote:
> > Given ciphertext, the two are not independent.
>
> No. Given ciphertext, the two equivocations are still independent -- as they
> measure different things and they also depend on the type of cipher used,
> number of keys, plaintext entropy, etc. And, for a given message length,
> message equivocation can be zero much before key equivocation is zero -- see
> Fig. 9 in Shannon's paper for example.
First, none of those show independence. Second, what I've been
saying is that message equivocation H_E(M) must be zero at or
before the number of intercepted letters for which H_E(K) is
zero. You say it can be zero "much before". Sure.
> > The key entropy is not zero anywhere in Ritchie's example.
[...]
> Of course, each of Doug's two tentative "Maine drag" solutions depends on a
> different substitution key, but ...what is the key equivocation? Zero, or
> not? A reader may believe that key equivocation is not zero, since you can
> sort of read both tentative solutions, and this coincides with your opinion
> above. [...]
Doesn't help your case. If you claim a unique solution for
the key, then you can use it to get a unique solution for
the message.
> > > Bryan Olson also wrote:
> > > > Shannon's random cipher model works perfectly well for a key space
> > > > of one key.
> > Ed Gerck replied:
> > > There is no randomness in a transformation that only depends on one key of
> > > unity probability. Your affirmation above and the ones snipped below do
not
> > > make sense.
>
> and Brian's rejoinded:
> >
> > I didn't say it's a cipher that looks random; I said Shannon's
> > random cipher model works perfectly well.
> | In Shannon's
> | construction, randomness enters in exactly once place: each key
> | is mapped to a random transformation. Is there some reason that
> | this cannot be done for a one key keyspace?
>
> Model for what? Works well for what? Shannon's random cipher model was used by
> him to model decipherment statistics.
Model of a cipher and works well for a one key cipher. If one
is not clear on the random cipher model from Shannon, most of
the crypto textbooks explain it as well.
> But, it needs at least two keys -- otherwise, the only assumed cause of
> variablity does not exist.
Shannon states the assumptions of the random cipher model,
and "Cause of variability" is not one of them.
> When you have just one key with unity probability
> it does not make sense to use such model since it cannot provide variability,
> it cannot provide the different interpretations for the plaintext (see my
> comments above to Doug's example) which yet exist and must be accounted for.
> So, the random cipher model will not work to provide a valid unicity formula
> in this case. It will lead to wrong results in n = H(K)/D.
Nonsense. A random cipher is constructed by mapping each key
to a random permutation of the message space. Take the one
key, map it to a random permutation, and there it is. It has
exactly as much variability as we expect from a one-key
keyspace. The formula gives a unicity distance of zero, which
agrees with what we can calculate directly.
The key equivocation is zero, and as I wrote in my previous
post:
|| Shannon implies
|| that the "unique solution" is the message corresponding to the
|| intercepted letters. As Shannon writes on page 686,
|| The summation H_E(K) is over all possible cryptograms of a certain
|| length, (say N letters) and over all keys. For H_E(M), the summation
|| is over all messages and cryptograms of length N. Thus H_E(K)
|| and H_E(M) are both functions of N, the number of intercepted letters.
At N=0 there is one zero letter message and cryptogram, so the
message equivocation is zero. Thus the unicity point is at zero
intercepted letters, and the unicity distance is zero.
In my previous post, I also asked:
|| If you don't think H_E(M) is zero at zero
|| intercepted letters, why do the graphs on pages 696 and 697 show
|| H_E(M) starting at (0,0) ?
--Bryan
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: ScramDisk Website??
Date: Mon, 1 Mar 1999 11:50:59 -0000
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
The ScramDisk web site has had literally thousands of hits per day since
being mentioned in Dvorak's PC Magazine article.
Sorry to disappoint all the people with conspiracy theories <g> - but
it's just a simple bandwidth issue I'm afraid.
Hopefully have more news in a day or two,
- --
Sam Simpson
Comms Analyst
http://www.hertreg.ac.uk/ss/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
If you're wondering why I don't reply to Sternlight, it's because he's
kill filed. See http://www.openpgp.net/FUD for why!
Chris Wilson wrote in message
<7bdfnk$h71$[EMAIL PROTECTED]>...
>It seems strange that the site should go down in the UK, but I had the
same
>problem: it simply vanished. I have found an alternative:
>
>http://www.ecn.org/crypto/soft/index.htm
>
>T & C Spargo wrote in message <01be63a5$b6886ba0$df7ffcd0@default>...
>>Do I have the incorrect address, or, is the site down??
>>
>>Please let me know, as this product is one of the best!!!
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.0.2
iQA/AwUBNtp/Ie0ty8FDP9tPEQImGwCfSbJ4bBOR+eIJzcjupfmiL6/wUOMAoNb5
lAWBRBUUXjX+zd5Y6/RT5v//
=Sh5q
=====END PGP SIGNATURE=====
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: Scramdisk/DATMAN
Date: Mon, 1 Mar 1999 13:30:16 -0000
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Why would that happen? The ScramDisk container is just a normal file
like all others....
The file wasn't mounted when you tried to do the backup or something
like that?
- --
Sam Simpson
Comms Analyst
http://www.hertreg.ac.uk/ss/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
If you're wondering why I don't reply to Sternlight, it's because he's
kill filed. See http://www.openpgp.net/FUD for why!
hapticz wrote in message ...
>this combination apparently does not function well. it appears to set
the
>.svl file to zero bytes on the datman tape. entire file was
unretrievable
>and inaccessable
>
>--
>best regards
>[EMAIL PROTECTED]
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.0.2
iQA/AwUBNtqWZ+0ty8FDP9tPEQJGvACdFiygT6z9BufVeze62qss10E2dwAAnjhA
PxaVtYoJUdh2asLcT73XGODC
=wGxe
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: ScramDisk Website??
Date: Mon, 01 Mar 1999 07:37:27 -0600
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In <7bdfnk$h71$[EMAIL PROTECTED]>, on 02/28/99
at 11:31 PM, "Chris Wilson" <[EMAIL PROTECTED]> said:
>It seems strange that the site should go down in the UK, but I had the
>same problem: it simply vanished. I have found an alternative:
>http://www.ecn.org/crypto/soft/index.htm
Sam Simpson is a regular poster to comp.security.pgp.discuss. From the sig
block of his last message the ScramDisk URL is:
http://www.hertreg.ac.uk/ss/
- --
- ---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
- ---------------------------------------------------------------
Tag-O-Matic: Don't be held back by yesterday's DOS! Try today's OS/2!
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.0i OS/2 for non-commercial use
Comment: Registered_User_E-Secure_v1.1b1_ES000000
Charset: cp850
wj8DBQE22phulHpjA6A1ypsRAt3NAKDVFwb0KkPvV6SRE6Coxzn2HytgTQCg9coa
ojIozeuyQwFfSYdj1JoFLnU=
=0Mix
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Testing Algorithms
Date: 1 Mar 1999 08:49:10 -0500
In article <[EMAIL PROTECTED]>,
Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
>
>
>R. Knauer wrote:
>
>> On Sun, 28 Feb 1999 03:15:18 +0100, fungus
>> <[EMAIL PROTECTED]> wrote:
>>
>> >*something* has to trigger a change of state...
>>
>> Yes, but it does not have to consume energy. By returning to the
>> original state, all the energy needed to trigger it was returned. The
>> concept of reversibility involves a closed cycle.
>
>I think not. There must be some non-zero energy expenditure or we're into perpetual
>motion.
Only if there's energy output.
-kitten
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Testing Algorithms
Date: 1 Mar 1999 08:53:33 -0500
In article <[EMAIL PROTECTED]>,
fungus <[EMAIL PROTECTED]> wrote:
>
>
>"R. Knauer" wrote:
>>
>> On Sun, 28 Feb 1999 03:14:19 +0100, fungus
>> <[EMAIL PROTECTED]> wrote:
>>
>> >Is it time to ask Bob for his peculiar definition of "reversible
>> >process"...
>>
>> The same one that physicists define as a Reversible Process - the one
>> where you go around a closed loop in phase space and end up with the
>> same energy as you started with.
>>
>
><snip>
>
>Well, yeeesss...
>
>...but I don't see the relevance in this context. We're talking
>about a computer CPU which needs to be controlled in some way.
>You can't just let the electrons (or whatever) float around in
>space. They have to be pushed back and forth at predefined
>intervals or chaos will follow.
>
>How do you push them without using energy?
You don't need to. You just get the energy back at the end of
the process.
A good financial example is a company AmEx card.
You charge the goods, the company pays the bill at the end of the
month. For a few days, you're ahead of the game (and the merchant
is behind), then it all catches up.
There's no limit to the amount of goods you can buy this way, even if
you never buy something over $100 (or over $1).
The trick, in the financial world, is that AmEx charges you for the
card (parasitic costs). But if AmEx decided to give you the card for
free....
-kitten
------------------------------
From: "Dr. Alan Sherman" <[EMAIL PROTECTED]>
Subject: Hoi-Kwong Lo to speak on Quantum Cryptology at UMBC
Date: 1 Mar 1999 08:56:09 -0500
The UMBC Security Technology Research Group Presents:
Dr. Hoi-Kwong Lo <[EMAIL PROTECTED]>
Hewlett-Packard Labs
Bristol, U. K.
Title: From quantum cheating to quantum security:
Introduction to Quantum Cryptology.
Time and Place:
5:30-6:45-pm
Wednesday, March 31, 1999
ACIV 015, UMBC
Abstract:
The contest between code-makers and code-breakers has been going on for
thousands of years. Recently, quantum mechanics has made a remarkable
entry in the field. On the one hand, it has been rigorously proven that
quantum cryptography can provide absolute security for communications
between two users. On the other hand, code-breakers in possession of a
quantum computer can easily break popular encryption schemes such as RSA
and Data Encryption Standard (DES) which are almost intractable for
classical computers. Here I survey these recent developments.
Host: Alan T. Sherman
[EMAIL PROTECTED]
===========================================================================
Dr. Alan T. Sherman
Associate Professor, Computer Science Faculty Advisor
Tele: (410) 455-2666 UMBC Chess Club
Fax: (410) 455-3969 Club tele: (410) 455-8499
www.csee.umbc.edu/~sherman www.umbc.edu/chess
Office: Room ECS 225j [EMAIL PROTECTED]
Department of Computer Science and Electrical Engineering
University of Maryland, Baltimore County
1000 Hilltop Circle
Baltimore, MD 21250
USA
Directions: Take Exit 47B off I95 and follow signs to UMBC. During
business hours, park in visitor's lot; at other times park in Lot 16 or 9.
===========================================================================
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Define Randomness
Date: Mon, 01 Mar 1999 13:56:42 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 28 Feb 1999 20:34:57 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>Note the key word here: "demonstrate". While this is an extremely convincing
>demonstration, it is not a proof. No matter how many events you pile up
>(statistically), you do not have a proof, merely a statistical expression with very
>high confidence.
You are disregarding what is called "Empirical Proof". You must be a
mathematician. <jeez>
[Another clue that you must be a mathematician is that you don't have
a sense of humor. Chaitin notes in one of his books that, in general,
Physicists are the ones with a sense of humor and Mathematicians are
the ones who lack a sense of humor.]
Wat are you gonna do about Chaitin Indeterminism - when you find out
that even your sacred formal axiomatic systems, the ones that
allegedly crank out all those neat "Real Proosf", are seriously flawed
too.
In fact, the *only* proof in some cases is Empirical Proof. You cannot
"prove" deductively that a given Turing Machine is going to halt. The
only way you can "prove" that it will halt is to run it and
empirically determine that it does indeed halt. Once you have
determined that it does halt, then you can declare that you have
conclusive Proof.
Bob Knauer
"If you want to build a robust universe, one that will never go wrong, then
you don't want to build it like a clock, for the smallest bit of grit will
cause it to go awry. However, if things at the base are utterly random, nothing
can make them more disordered. Complete randomness at the heart of things is the
most stable situation imaginable - a divinely clever way to build a universe."
-- Heinz Pagels
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
