Cryptography-Digest Digest #175, Volume #9 Tue, 2 Mar 99 17:13:05 EST
Contents:
Re: public read, secure write? (John Savard)
smart cards (MC1148 User)
Re: RSA Cryptography Crack (Jim Gillogly)
Re: Testing Algorithms [moving off-topic] (Darren New)
Pseudorandomness (Raul)
Pseudorandomness (Raul)
Pseudorandomness (Raul)
ScramDisk Web Page - back up! ("Sam Simpson")
Re: True Randomness - DOES NOT EXIST!!! (Darren New)
Re: Testing Algorithms (Herman Rubin)
Re: New high-security 56-bit DES: Less-DES (Bryan Olson)
sci.crypt.randomness (John Curtis)
Re: New Concepts on Pseudorandomness ("Douglas A. Gwyn")
Re: smart cards (Rayees Shamsuddin)
Re: One-Time-Pad program for Win85/98 or DOS ([EMAIL PROTECTED])
Re: True Randomness - DOES NOT EXIST!!! (BRAD KRANE)
Re: Can the quantum computer determine the truth from a lie?
([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: public read, secure write?
Date: Tue, 02 Mar 1999 16:34:36 GMT
Florian Erhard <[EMAIL PROTECTED]> wrote, in part:
>- only one person, the owner of the set, should be able to modify the
> data.
> (Modifications by everyone else should be noticeable, but don't have
> to be prevented.)
>- the information about who is the owner has to be stored with the data.
>- everyone should be able to read the data.
>- the bad guys have read and write access to the stored data.
Well, public keys will do that: simply have the data, and any
modifications to it, be signed by the owner.
John Savard (teneerf is spelled backwards)
http://members.xoom.com/quadibloc/index.html
------------------------------
From: MC1148 User <[EMAIL PROTECTED]>
Subject: smart cards
Date: Tue, 02 Mar 1999 10:51:24 -0500
I am a student in need of information regarding smart cards.
Anything from what they are to how the microprocessor works. This is
for a cryptography class so any information about the coding aspects
would be greatly appreciated. Send all messages to
[EMAIL PROTECTED] Thanks.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: RSA Cryptography Crack
Date: Tue, 02 Mar 1999 10:03:23 -0800
Reply-To: [EMAIL PROTECTED]
Jon wrote:
> On the BBC's News Website today article
> http://news.bbc.co.uk/hi/english/sci/tech/newsid_288000/288965.stm
> David Levy, head of Tiger Security Systems is quoted as saying:
> "The RSA encryption algorithm was supposed to be uncrackable until two guys
> in Cambridge University did it. Nothing is impossible."
>
> I was under the impression that there was no algorithm which would crack an
> RSA encoded message within a realistic time-scale due to the slow task of
> factorising 64 bit Numbers with only 2 (LARGE and unique) Prime Factors!
Factoring 64-bit numbers is fast. The best general attack known for
RSA public keys is factoring them, which is still intractable for the
usual size of keys (1024 bits is most common in PGP, for example).
> Could someone please direct me towards a Website with more information on
> the crack Mr Levy describes above.
The Levy quote appears to me quite misleading. Given his Cambridge
attribution, I assume he's referring to Ross Anderson and Markus Kuhn's
extensions to Boneh, DeMillo and Lipton's extensions to Biham & Shamir's
1996 work on differential fault analysis: breaking hardware implementations
of cryptosystems by inducing faults in their execution. That is, you
deduce algorithms and keys by seeing how they behave when you torture
the smartcard on which they're implemented. This is an important and
practical result, but by no means a general crack of "The RSA encryption
algorithm" under the Meaning of the Act.
See http://www.cl.cam.ac.uk/ftp/users/rja14/dfa for some detail.
Another attack similar in spirit is Paul Kocher's timing attack on RSA,
where if you have tight enough access to the hardware doing decryptions
(but not so tight that you have super-user privs and can see everything),
you can time the operations carefully enough to deduce the key.
These are attacks suitable only for special situations, and shouldn't
be touted as "cracking RSA" without any qualifications, as the quote
above would have it.
--
Jim Gillogly
Sterday, 10 Rethe S.R. 1999, 17:38
12.19.5.17.15, 3 Men 8 Kayab, Fourth Lord of Night
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: Testing Algorithms [moving off-topic]
Date: Tue, 02 Mar 1999 17:14:45 GMT
> In order to know that, I've got to know the size of the Universe. What
> is it? Then I'll tell you.
> P.S. I'm serious. Go look up "blackbody radiation" and you'll see why.
I know you're serious. I think you can estimate the diameter of the
universe by extrapolating the red-shift calculations to determine when
the distant galaxies (etc) are moving away from you at the speed of
light, right? So there *is* a lower limit on the energy of a photon.
Of course, I might just be quoting pop science vaguely remembered, so
who knows.
--
Darren New / Senior Software Architect / MessageMedia, Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
"The real universe is already debugged. We should just use it."
------------------------------
From: Raul <[EMAIL PROTECTED]>
Subject: Pseudorandomness
Date: Tue, 02 Mar 1999 18:41:39 +0100
I would like to know the lastest researches done in randomness and
pseudorandomness.
Nowadays, I am reading Goldreich's book: "Modern Cryptography,
Probabilistic Proofs and Pseudorandomness".
I think it is a good book. However, there are some concepts not very
well explained and not very clear, as:
� Computational Indistinguishability
� Negligible functions and noticeable functions
� Oracle machines
Does anyone know a good book, HTML-reference or papers that define these
concepts preciselly, and with examples?
Raul Gonzalo D�az
[EMAIL PROTECTED]
------------------------------
From: Raul <[EMAIL PROTECTED]>
Subject: Pseudorandomness
Date: Tue, 02 Mar 1999 18:41:49 +0100
I would like to know the lastest researches done in randomness and
pseudorandomness.
Nowadays, I am reading Goldreich's book: "Modern Cryptography,
Probabilistic Proofs and Pseudorandomness".
I think it is a good book. However, there are some concepts not very
well explained and not very clear, as:
� Computational Indistinguishability
� Negligible functions and noticeable functions
� Oracle machines
Does anyone know a good book, HTML-reference or papers that define these
concepts preciselly, and with examples?
Ra�l Gonzalo D�az
[EMAIL PROTECTED]
------------------------------
From: Raul <[EMAIL PROTECTED]>
Subject: Pseudorandomness
Date: Tue, 02 Mar 1999 18:41:20 +0100
I would like to know the lastest researches done in randomness and
pseudorandomness.
Nowadays, I am reading Goldreich's book: "Modern Cryptography,
Probabilistic Proofs and Pseudorandomness".
I think it is a good book. However, there are some concepts not very
well explained and not very clear, as:
� Computational Indistinguishability
� Negligible functions and noticeable functions
� Oracle machines
Does anyone know a good book, HTML-reference or papers that define these
concepts preciselly, and with examples?
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: ScramDisk Web Page - back up!
Date: Tue, 2 Mar 1999 19:24:08 -0000
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Hi all,
Finally, I am pleased to say that the ScramDisk web page is now
available at:
http://home.clara.net/scramdisk/
Once the DNS entries have propagated, the home page will be
available from the direct URL:
http://www.scramdisk.clara.net/
Please report any broken links to: [EMAIL PROTECTED]
Many thanks for your patience,
Sam Simpson
Comms Analyst
- -- http://www.scramdisk.clara.net/ for ScramDisk hard-drive
encryption & Delphi Crypto Components. PGP Keys available at the
same site.
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.0.2
iQA/AwUBNtw6wu0ty8FDP9tPEQLq+ACfVyOld3XJodCYL9dPNL1BiHeevC8AoJYr
t3+alFGmrbp4NltslvyJtyaT
=jYTQ
=====END PGP SIGNATURE=====
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: Tue, 02 Mar 1999 17:27:58 GMT
> Knowledge of the Supreme Being, arrived at by pure reason in
> conjunction with observation, is not a belief system, any more than
> Physics is a belief system.
But Physics is a belief system. Here are some of the beliefs it ascribes
to, unprovably:
1) That past behavior is a good indicator of future behavior,
2) Modus ponens (sp?)
3) That the manipulation of symbols (math) has a relationship to the
behavior of the universe,
4) That construction of equipment by a certain design shows evidence of
otherwise-unobservable phenomena. (E.g., that the tracks in a cloud
chamber are ionization trails of subatomic particles.)
None of these, especially the first two, are supportable. The failure to
ascribe to one or both of (1) and (2) are my definition of
"fundamentalist." And I learned this the hard way.
> You are confusing the God of religion with the Supreme Being of
> existential metaphysics. They are not the same.
So what are the measurable attributes of your Supreme Being?
> Physicists see all sorts of things that are seemingly impossible, like
> quantum teleportation.
No you don't. All you see is equipment that seems to indicate quantum
teleportation has taken place.
You know, this really is *not* the right newsgroup for this. I'm not
going to follow this up here any more, but feel free to continue in
email.
--
Darren New / Senior Software Architect / MessageMedia, Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
"The real universe is already debugged. We should just use it."
------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Subject: Re: Testing Algorithms
Date: 2 Mar 1999 13:08:05 -0500
In article <7be790$pvm$[EMAIL PROTECTED]>,
Patrick Juola <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, Somniac <[EMAIL PROTECTED]> wrote:
>>Herman Rubin wrote:
>>> The problem is NOT to produce state changes with extremely low
>>> energy; this is not difficult. It is to produce state changes
>>> which will not reverse spontaneously or from transient noise.
>>> A "permanent" magnet illustrates the situation; it has a large
>>> hysteresis loop, which means that most of the energy in changing
>>> its state goes off in heat, but this keeps it stable. Computer
>>> memory, and also the state of more accessible units, is like this;
>>> changeable, but not too easily so. The latter is what is needed
>>> to keep it from being lost.
--
>>Yes, true. And expand upon this wishful thinking about computing 2^256
>>answers without heating up the Earth by 99 degrees, consider the Carnot
>>Cycle using reversible adiabatic processes. No container has ever been
>>built which provides reversible adiabatic processes. Insulators are not
>>perfect, so some heat leaks out. Therefore, no one has ever built an
>>ideal Carnot engine. In addition, the intake temperature of a heat engine
>>must be lower than the exhast temperature.
>Yes, but at this point, the question is no longer a physical problem,
>but a technological one.
It is technological, but technology is limited by physics. Even in
liquid Helium, there is a "zero-point" energy level, and the noise
from this must be overcome. I believe we are approaching physical
limits; can we make a storage device smaller than a molecule? The
energy needed to switch from one state to another cannot be made too
low, or there will be spontaneous switching; this is a problem
already in high density read-write storage devices.
>The point, as originally made, was that counting up to 2^256 was impossible
>because there did not exist enough energy in the sun/galaxy/universe/whatever
>to toggle that many bits DUE TO PHYSICAL LIMITS. This is, demonstrably,
>not the case.
I am not sure what comes from the uncertainty principle applied to
the energy-time situation; the product of the uncertainties in energy
and time is also at least the normalized Planck constant. There have
been estimates due to quantum uncertainty; I believe that these are
far too low, because of the energy problems of maintaining stability,
and the size of the devices needed.
"Insulators are not perfect,... therefore no one has ever
>built an ideal Carnot engine." However, and let me stress this, I have
>no reason to believe -- and every reason to disbelieve -- that current
>insulator technology represents the acme above which science and
>civilization will never rise.
>>To make 2^256 calculations, there is not present device which can
>>succeed. Future developments cannot relied upon to create perpetual
>>motion computers that have reversible adders, nand gates, and memory. The
>>past shows that most inventions failed to become practical.
>... and I submit that this is exactly the sort of short-sighted thinking
>(exactly along the lines of "we've hit the ultimate limit of the photo-
>lithographic process") that results in failed predictions. You
>claim that technology "cannot be relied upon" to produce these kinds of
>devices -- but the conclusion that you wish to draw from that statement
>is that it can be relied upon NOT to produce these devices.
The size limitations I am thinking of are on the order of those of a
single molecule, or the interatomic distances in a crystal. These
are in "hailing distance", a factor of not too high a power of 10,
of what we now have. The "present rate" of increase of speed will
hit this in less than a century. I can see DNA-like molecules
enabling the production of such sized units, and these are now in
the foreseeable future.
>Which I firmly believe is an untenable position.
Even just using the quantum limitations does not get too far. To do
better than this, there will have to be stable "sub-quantum" states.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: New high-security 56-bit DES: Less-DES
Date: Tue, 02 Mar 1999 11:58:31 -0800
[EMAIL PROTECTED] wrote:
> Bryan Olson wrote:
> > Unicity distance makes perfect sense because it is perfectly well
> > defined.
>
> Not as a distance. You miss the main point here. The main point is not that
> you should not say "unicity distance" when referring to unicity but that
> unicity is NOT a distance --
I missed no such point. The issue arose when you commanded that
I stop using the established technical term, to which I declined.
| | do NOT use the word "distance" since it is NOT a "distance" as I have
| | commented before and in the paper.
| Again I must decline. "Unicity distance" is a term of art in the
| discipline.
My point was, from the start, that it doesn't matter whether one buys
your argument that it's not a distance. "Unicity distance" is still
correct.
[...]
> The secondary point is that, once you realize that unicity is not a distance
> then .. how could you continue to call it a distance?
And that is why I asked: Do you know what a term of art is? I am
calling the concept by its name, "unicity distance". It is a single
term. Attempts to interpret the name based on the common meaning of
component terms will fail, as is true of most any term of art.
--Bryan
------------------------------
From: [EMAIL PROTECTED] (John Curtis)
Subject: sci.crypt.randomness
Date: 2 Mar 1999 20:06:05 GMT
Is it time to start a newsgroup sci.crypt.randomness?
We seem to be spending 90% of our recent bandwidth
discussing randomness and it mathematical underpinnings
and <10% discussing cryptography.
This used to be a great newsgroup to kibbitz on and
learn something (my use).
Maybe we need sci.crypt.philosophy for discussions of
underpinnings.
I'm getting very bored.
ciao,
jcurtis
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: New Concepts on Pseudorandomness
Date: Tue, 02 Mar 1999 20:41:13 GMT
Raul wrote:
> Godreich's book: "Modern Cryptography, Probabilistic Proofs and
> Pseudorandomness" presents the new theory conceived by Blum, Goldwasser,
> Micali and Yao in which a pseudorandom generator is described as an
> algorithm that expands short random seeds into longer strings which
> cannot be told appart from the uniform distribution by any efficient
> procedure (in polinomical-time).
Note that that is different from having a significant likelihood of
detection by some (statistical) algorithm.
------------------------------
From: Rayees Shamsuddin <[EMAIL PROTECTED]>
Subject: Re: smart cards
Date: Tue, 02 Mar 1999 13:04:54 -0800
Hi,
Check out this link
http://147.252.69.202/paulb/smart.htm
i got it from the user group alt.technology.smartcards
also there is some basic info in IEEE Spectrum some time back.
if u find any other useful info, please let me know. i am also looking
for such info
regards
rayees
[EMAIL PROTECTED]
http://www.ece.orst.edu/~rayees
MC1148 User wrote:
> I am a student in need of information regarding smart cards.
> Anything from what they are to how the microprocessor works. This is
> for a cryptography class so any information about the coding aspects
> would be greatly appreciated. Send all messages to
> [EMAIL PROTECTED] Thanks.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security,alt.privacy
Subject: Re: One-Time-Pad program for Win85/98 or DOS
Date: Tue, 02 Mar 1999 21:07:08 GMT
In article <[EMAIL PROTECTED]>,
Jim Dunnett wrote:
> On Sun, 28 Feb 1999 23:53:27 GMT, [EMAIL PROTECTED] (R. Knauer) wrote:
>
> >On Sun, 28 Feb 1999 21:40:25 GMT, [EMAIL PROTECTED] (Jim
> >Dunnett) wrote:
> >
> >>Keys which are sufficiently random will do. There are lots
> >>of ways of generating them other than with a hardware device.
> >
> >Define "sufficiently random".
Arising from a non-computational source and having the full entropy
expected of a random source as measured by Ueli Maurer's Universal
Statistical Test for RNGs. Plus passing Diehard, of course.
Apologies for being precise/operational on *usenet*.
> All of this is fair enough, but in the real world you don't need
> to protect your plaintext for ever. XOR the bytes of two ZIPped
> files chosen at random from a large collection of CDs, cut the top
> and bottom off the resultant file and use that as random. That'll
> keep someone in NSA or GCHQ employed for many centuries.
1. You underestimate the adversary. See # 2.
2. You are blind to certain regularities in this keystream.
3. How are you going to measure this, or do your customers
drool/cower/hide their ignorance sufficiently when you
hand-wave that its not a problem?
> If you were terminally paranoid you could repeat this process twice
> with different file pairs and XOR the results again. Either way it
> would be 'sufficiently random' to defeat cryptanalysis for a very
> long time to come.
How do you know?
>If you require scientific perfection, then perhaps
> this isn't for you. :o)
If you want to make unverified statements, go start your
own religion, but stop wasting attentional bandwidth.
You start with *physical* complexity, you measure it, then you distill it,
you measure it again, perhaps re-distilling until pure, then your burn your
CDROM. (Then you label it with some popmusic label for transport, and give
it to your ambassadors.)
See RFC 1750 if you're serious.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: BRAD KRANE <[EMAIL PROTECTED]>
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: Tue, 02 Mar 1999 21:34:49 GMT
"R. Knauer" wrote:
> On 2 Mar 1999 06:47:01 GMT, BORIS KAZAK <[EMAIL PROTECTED]>
> wrote:
>
> > And this is all very sad...
>
> That is a pathological condition of your mind over which you have
> control - because you possess free will. If you freely choose not to
> be depressed over the human condition, then this is not vary sad at
> all.
>
> >If there indeed is some Supreme Being,
> >then IT is the Master, and we are merely slaves (or guinea pigs).
>
> That is completely absurd. Human beings have free will.
>
> > My philosophy as an atheist is very simple
>
> You cannot prove rationally that the Supreme Being does not exist and
> at the same time prove that existence is objectively real. The two are
> mutually contradictory on a rational basis.
>
> >I am a free man, there is no Lord above me, no Supreme Being.
>
> Those two statements are independent of one another. There is a
> Supreme Being and you are a free man.
>
> A person is as free as they freely choose to be free. They can freely
> choose to be a slave if they to. But if they do, they can't claim that
> free will does not exist just because they have freely chosen not to
> exercise it.
>
> The history of the human condition is the mass acceptance of some form
> of slavery and the acceptance of tyrants to enforce it.
>
> >I take guidance from no one, and I am myself fully responsible
> >for the consequences of my choices.
>
> You take your guidance from the environment, and that includes other
> human beings, whether they are alive or dead. The wisdom of the ages
> is part of that environment.
>
> > There is no word "believe" in my dictionary, I cannot "believe"
> >or "not believe". I must know, or I admit that I don't know.
>
> Knowledge of the Supreme Being, arrived at by pure reason in
> conjunction with observation, is not a belief system, any more than
> Physics is a belief system.
>
> You are confusing the God of religion with the Supreme Being of
> existential metaphysics. They are not the same.
>
> > And isn't it obvious that we see only certain kinds of processes
> >going on in the Universe not because other kinds of processes are
> >impossible, but simply because other kinds of processes go on
> >*without witnesses*, in such a universe organic life would be
> >impossible?
>
> Physicists see all sorts of things that are seemingly impossible, like
> quantum teleportation.
>
> I am coming to the conclusion that only Natural Scientists, in
> particular Physicists, can know with rational certainty that the
> Supreme Being must exist. In fact, I would go so far as to claim that
> such knowledge is the litmus test for whether a Natural Scientist
> really understands his field of endeavor.
>
> The Supreme Being MUST exist, or else only Nothing exists.
Explain to me then how this Supreme Being came into existance.
~NuclearMayhem~
>
>
> Bob Knauer
>
> "There is much to be said in favour of modern journalism. By giving us the opinions
> of the uneducated, it keeps us in touch with the ignorance of the community."
> --Oscar Wilde
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.privacy,talk.politics.crypto
Subject: Re: Can the quantum computer determine the truth from a lie?
Date: Tue, 02 Mar 1999 20:47:03 GMT
>reality. DNA type computation would be ideal for decryption analysis.
DNA decryption takes way too many moles to be realistic. This
was brought up a few issues after the _Science_ article that
introduced a method of solving a travelling-salesman-problem
with DNA string matching.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
