Cryptography-Digest Digest #209, Volume #9 Tue, 9 Mar 99 14:13:04 EST
Contents:
Re: DES => problems with decryption (Moh)
Re: Symmetric vs. public/private (Kent Briggs)
Re: DES => problems with decryption (Albert P. Belle Isle)
Re: is this Patented? (John Savard)
Re: Limitations of testing / filtering hardware RNG's (Medical Electronics Lab)
Re: RC4 and keysizes (and Legal info on RC4/5/6) (Jim Gillogly)
Re: ElGamal vs RSA (Medical Electronics Lab)
Re: RSA Key length (Medical Electronics Lab)
MD5 ([EMAIL PROTECTED])
Re: Modular Multipliers (Boris Kazak)
Re: DES => problems with decryption - des.h (0/1) (Jim Gillogly)
Re: Limitations of testing / filtering hardware RNG's (R. Knauer)
Re: Really Nonlinear Cipher Idea (Jayant Shukla)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Moh)
Subject: Re: DES => problems with decryption
Date: Tue, 09 Mar 1999 16:55:31 GMT
Hi,
actually I read the code about 20 times, looked
for spelling mistakes and logic mistakes and much
more. I tested every function separately and all
seem to work.
Still the whole process does not function at all
and I am really desperate now :-(
In case I do not use the routines of p-box and
S-box things work fine, but then it is no more
des and secure!
All the permuation things shouldn't be the problem.
I have send my whole code here now and hope some-
one can take a look at it. It should be very self-explaning.
The way I implemented the DES algorithm might not
be the fastetst, but that's how I understood.
As the Permutation is nothing serious, it would
be very kind if you could especially take a look
at the functions:
char *des (char *source, int mode);
void des_sub (long *source_block, long *key, long *target_block, int
mode);
long substitution (long *data_block);
void shifting(long *key_block, int round);
In case I did a mistake and I surely did otherwise it would
work it *must* be in one of these four functions.
I know that this message is very rude because
asking someone to read the code is not the fine way.
I still hope someone can afford to take 10-15 min. to
read it.
Thank you a lot in advance, I didn't sleep the last
20 hours because of this code :-( ...and still I cannot
find the mistake.
Best regards
-Moh
Begin des.h
====================================================================================================================
/* DES HEADER FILE containg everyting for des ecb encryption
and decrytion */
/************ SPECIAL DEFINES for DES *******************/
#define ENCRYPT 0
#define DECRYPT 1
/**************** FUNCTION DECLARATIONS ****************/
char *des (char *source, int mode);
void des_sub (long *source_block, long *key, long *target_block, int
mode);
long substitution (long *data_block);
void shifting(long *key_block, int round);
void key_permutation(long *key_block);
void initial_permutation(long *data_block);
void final_permutation(long *data_block);
void p_box(long *data_block);
void compression (long *key_block, long *new_key_block);
void expansion (long *data_block, long *new_data_block);
char *padding(char *data, int *number);
long char2int(char *c);
char* int2char (long l);
/****************** GLOBAL VARIABLES ******************/
long Key_Perm[56] = {57,49,41,33,25,17, 9, 1,58,50,42,34,26,18,
10, 2,59,51,43,35,27,19,11,
3,60,52,44,36,
63,55,47,39,31,23,15,
7,62,54,46,38,30,22,
14, 6,61,53,45,37,29,21,13,
5,28,20,12, 4};
int Key_Shifting[16] = {1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1};
long Compress_Perm[48] = {14,17,11,24,1,5,3,28,15,6,21,10,
23,19,12,4,26,8,16,7,27,20,13,2,
41,52,31,37,47,55,30,40,51,45,33,48,
44,49,39,56,34,53,46,42,50,36,29,32};
long Initial_Perm[64] =
{58,50,42,34,26,18,10,2,60,52,44,36,28,20,12,4,
62,54,46,38,30,22,14,6,64,56,48,40,32,24,16,8,
57,49,41,33,25,17,9,1,59,51,43,35,27,19,11,3,
61,53,45,37,29,21,13,5,63,55,47,39,31,23,15,7};
long Expand_Perm[48] = {32,1,2,3,4,5,4,5,6,7,8,9,8,9,
10,11,12,13,12,13,14,15,16,17,
16,17,18,19,20,21,20,21,22,23,24,25,
24,25,26,27,28,29,28,29,30,31,32,1};
long P_Box[32] = {16,7,20,21,29,12,28,17,1,15,23,26,5,18,31,10,
2,8,24,14,32,27,3,9,19,13,30,6,22,11,4,25};
long Final_Perm[64] = {40,8,48,16,56,24,64,32,39,7,47,15,55,23,63,31,
38,6,46,14,54,22,62,30,37,5,45,13,53,21,61,29,
36,4,44,12,52,20,60,28,35,3,43,11,51,19,59,27,
34,2,42,10,50,18,58,26,33,1,41,9,49,17,57,25};
long Target_Bits[32] = {0x1, 0x2, 0x4, 0x8,
0x10, 0x20, 0x40, 0x80,
0x100, 0x200, 0x400,
0x800,
0x1000, 0x2000,
0x4000, 0x8000,
0x10000, 0x20000,
0x40000, 0x80000,
0x100000, 0x200000,
0x400000, 0x800000,
0x1000000, 0x2000000,
0x4000000, 0x8000000,
0x10000000,
0x20000000, 0x40000000, 0x80000000};
/****************** SUBSTITUTION BOXES ******************/
long S_BOX[8][64] = {{14,4,13,1,2,15,11,8,3,10,6,12,5,9,0,7,
0,15,7,4,14,2,13,1,10,6,12,11,9,5,3,8,
4,1,14,8,13,6,2,11,15,12,9,7,3,10,5,0,
15,12,8,2,4,9,1,7,5,11,3,14,10,0,6,13},
{15,1,8,14,6,11,3,4,9,7,2,13,12,0,5,10,
3,13,4,7,15,2,8,14,12,0,1,10,6,9,11,5,
0,14,7,11,10,4,13,1,5,8,12,6,9,3,2,15,
13,8,10,1,3,15,4,2,11,6,7,12,0,5,14,9},
{10,0,9,14,6,3,15,5,1,13,12,7,11,4,2,8,
13,7,0,9,3,4,6,10,2,8,5,14,12,11,15,1,
13,6,4,9,8,15,3,0,11,1,2,12,5,10,14,7,
1,10,13,0,6,9,8,7,4,15,14,3,11,5,2,12},
{7,13,14,3,0,6,9,10,1,2,8,5,11,12,4,15,
13,8,11,5,6,15,0,3,4,7,2,12,1,10,14,9,
10,6,9,0,12,11,7,13,15,1,3,14,5,2,8,4,
3,15,0,6,10,1,13,8,9,4,5,11,12,7,2,14},
{2,12,4,1,7,10,11,6,8,5,3,15,13,0,14,9,
14,11,2,12,4,7,13,1,5,0,15,10,3,9,8,6,
4,2,1,11,10,13,7,8,15,9,12,5,6,3,0,14,
11,8,12,7,1,14,2,13,6,15,0,9,10,4,5,3},
{12,1,10,15,9,2,6,8,0,13,3,4,14,7,5,11,
10,15,4,2,7,12,9,5,6,1,13,14,0,11,3,8,
9,14,15,5,2,8,12,3,7,0,4,10,1,13,11,6,
4,3,2,12,9,5,15,10,11,14,1,7,6,0,8,13},
{4,11,2,14,15,0,8,13,3,12,9,7,5,10,6,1,
13,0,11,7,4,9,1,10,14,3,5,12,2,15,8,6,
1,4,11,13,12,3,7,14,10,15,6,8,0,5,9,2,
6,11,13,8,1,4,10,7,9,5,0,15,14,2,3,12},
{13,2,8,4,6,15,11,1,10,9,3,14,5,0,12,7,
1,15,13,8,10,3,7,4,12,5,6,11,0,14,9,2,
7,11,4,1,9,12,14,2,0,6,10,13,15,3,5,8,
2,1,14,7,4,10,8,13,15,12,9,0,3,5,6,11} };
/******************** DES MAIN FUNCTION ********************
coordination of the des process for a string
***********************************************************/
char *des (char *source, int mode)
{
char *target, *padded;
static long source_block[2], target_block[2], des_key_copy[2];
int number;
int i;
char temp[4];
memcpy(&des_key_copy, &des_key, sizeof (long)*2);
if (mode == ENCRYPT) {
padded = padding(source, &number); /* padd the block
*/
} else {
number = strlen(source) / 8;
}
target = malloc (sizeof(char) * (8 * number + 1));
for (i=0; i < number; i++) {
source_block[0] = char2int( memcpy(temp, padded+(i*8),
4));
source_block[1] = char2int( memcpy(temp,
padded+(i*8+4), 4));
des_sub(source_block, des_key_copy, target_block,
mode);
sprintf(target, "%s%s", target,
int2char(target_block[0]));
sprintf(target, "%s%s", target,
int2char(target_block[1]));
memcpy(&des_key_copy, &des_key, sizeof (long)*2);
}
if (mode == DECRYPT) {
target[strlen(target) - target[strlen(target)-1]] =
'\0'; /* cut off the padded extra text */
}
return target;
}
/****************** DES SUB MAIN FUNCTION ******************
does the actual des process for one 64-block
***********************************************************/
void des_sub (long *source_block, long *key, long *target_block, int
mode)
{
long *temp_key, *temp_data;
int i;
long keys[16][2];
temp_key = malloc (sizeof(long)*2);
temp_data = malloc (sizeof(long)*2);
initial_permutation(source_block);
key_permutation(key);
/* create a keylist */
for (i=0; i<16; i++) {
shifting(key, i);
compression (key, keys[i]);
}
/* encryption */
if (mode == ENCRYPT) {
for (i=0; i<16; i++) {
expansion(source_block, temp_data);
temp_data[0] ^= keys[i][0];
temp_data[1] ^= keys[i][1];
temp_data[0] = substitution(temp_data);
p_box(temp_data);
target_block[0] = source_block[1] ^
temp_data[0];
target_block[1] = source_block[0];
source_block[0] = target_block[0];
source_block[1] = target_block[1];
}
/* decryption */
} else {
for (i=15; i>=0; i--) {
expansion(&source_block[1], temp_data);
temp_data[0] ^= keys[i][0];
temp_data[1] ^= keys[i][1];
temp_data[0] = substitution(temp_data);
p_box(temp_data);
target_block[1] = source_block[0] ^
temp_data[0];
target_block[0] = source_block[1];
source_block[0] = target_block[0];
source_block[1] = target_block[1];
}
}
final_permutation(target_block);
}
/****************** SUBSTITUTION FUNCTION ******************
does the s-box stuff
***********************************************************/
long substitution (long *data_block)
{
long B=0, new_data_block=0;
int i, j, zeile, spalte;
for (j=0; j<2; j++)
for (i=0; i<4; i++, B=0) {
B = (data_block[j] >> (6*i) ) & 0x3F;
spalte = (B>>1) & 0xf;
zeile = (B & 0x1) | ((B>>4) & 0x2);
new_data_block |= (S_BOX[i+j*4][spalte +
zeile*16]) << (4*(i+j*4));
}
return (new_data_block);
}
/****************** SHIFTING FUNCTION ******************
for the shifting part
***********************************************************/
void shifting(long *key_block, int round)
{
int i, j;
for (i=0; i < Key_Shifting[round]; i++) {
for (j=0; j<2; j++) {
if ( key_block[j] & (1 << 27) ) {
key_block[j] <<= 1;
key_block[j] |=
Target_Bits[0];
key_block[j] &=
(~Target_Bits[28]);
} else
key_block[j] <<= 1;
}
}
}
/****************** KEY_PERMUT FUNCTION *******************
the key permutation at the begining
***********************************************************/
void key_permutation(long *key_block)
{
long temp_key_block[2];
int i, j, n=0;
int source_pos;
temp_key_block[0] = key_block[0];
temp_key_block[1] = key_block[1];
key_block[0] = 0;
key_block[1] = 0;
for (j=0; j<2 ; j++) {
for (i=0; i<28; i++ ) {
source_pos = Key_Perm[i + j*28] - 1;
if (source_pos >31) {
n = 1;
source_pos-=32;
}
if ( temp_key_block[n] & (1 << source_pos) ) {
key_block[j] |= Target_Bits[i];
}
n=0;
}
}
}
/****************** INITIAL_PERMUT FUNCTION ***************
initial permutation
***********************************************************/
void initial_permutation(long *data_block)
{
int i, j, n=0;
int source_pos;
long temp_data_block[2];
temp_data_block[0] = data_block[0];
temp_data_block[1] = data_block[1];
data_block[0] = 0;
data_block[1] = 0;
for (j=0; j<2 ; j++) {
for (i=0; i<32; i++ ) {
source_pos = Initial_Perm[i + j*32] - 1;
if (source_pos >31) {
n = 1;
source_pos-=32;
}
if ( temp_data_block[n] & (1 << source_pos) )
{
data_block[j] |= Target_Bits[i];
}
n=0;
}
}
}
/****************** FINAL_PERMUT FUNCTION *****************
final permutation
***********************************************************/
void final_permutation(long *data_block)
{
int i, j, n=0;
int source_pos;
long temp_data_block[2];
temp_data_block[0] = data_block[0];
temp_data_block[1] = data_block[1];
data_block[0] = 0;
data_block[1] = 0;
for (j=0; j<2 ; j++) {
for (i=0; i<32; i++ ) {
source_pos = Final_Perm[i + j*32] - 1;
if (source_pos >31) {
n = 1;
source_pos-=32;
}
if ( temp_data_block[n] & (1 << source_pos) )
{
data_block[j] |= Target_Bits[i];
}
n=0;
}
}
}
/****************** PBOX FUNCTION ******************
p-box primitive permutation
***********************************************************/
void p_box(long *data_block)
{
long temp_data_block = *data_block;
int i;
int source_pos;
*data_block = 0;
for (i=0; i<32; i++ ) {
source_pos = P_Box[i] - 1;
if (temp_data_block & (1 << source_pos) ) {
*data_block |= Target_Bits[i];
}
}
}
/****************** COMPRESSION FUNCTION ******************
compression part of the key
***********************************************************/
void compression (long *key_block, long *new_key_block)
{
int i, j, n=0;
int source_pos;
new_key_block[0] = 0;
new_key_block[1] = 0;
for (j=0; j<2 ; j++) {
for (i=0; i<24; i++ ) {
source_pos = Compress_Perm[i + j*24] - 1;
if (source_pos >27) {
n = 1;
source_pos-=28;
}
if ( key_block[n] & (1 << source_pos) ) {
new_key_block[j] |= Target_Bits[i];
}
n=0;
}
}
}
/****************** EXPANSION FUNCTION ******************
expansion of the datablock
***********************************************************/
void expansion (long *data_block, long *new_data_block)
{
int i, j;
int source_pos;
new_data_block[0] = 0;
new_data_block[1] = 0;
for (j=0; j<2 ; j++) {
for (i=0; i<24; i++ ) {
source_pos = Expand_Perm[i + j*24] - 1;
if ( *data_block & (1 << source_pos) ) {
new_data_block[j] |= Target_Bits[i];
}
}
}
}
/****************** PADDING FUNCTION ******************
fills the blocks called "padding"
***********************************************************/
char *padding(char *data, int *number)
{
int remainder;
char *new_data;
char fillin[8] ="0000000";
remainder = strlen(data)%8;
if (remainder == 0) {
new_data = malloc(sizeof(char) * (strlen(data)+ 8));
sprintf(new_data,"%s0000000%c",data,8);
} else {
new_data = malloc(sizeof(char) * (strlen(data)+
8-remainder));
fillin[7-remainder] = '\0';
sprintf(new_data,"%s%s%c",data,fillin,8-remainder);
}
*number = strlen(new_data)/8;
return(new_data);
}
/****************** CHAR2INT FUNCTION ******************
converts 4 chars into a 32-bit longint
***********************************************************/
long char2int(char *c)
{
long l;
l = (((int)c[3]) << 24) | (((int)c[2]) << 16) | (((long)
c[1]) << 8) | c[0];
return l;
}
/****************** INT2CHAR FUNCTION ******************
converts a 32-bit in into 4 chars
***********************************************************/
char* int2char (long l)
{
static char c[5];
c[0] = (l & 0xff);
c[1] = (l >> 8) & 0xff;
c[2] = (l >> 16) & 0xff;
c[3] = (l >> 24) & 0xff;
c[4] = '\0';
return c;
}
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: Symmetric vs. public/private
Date: Tue, 09 Mar 1999 16:31:07 GMT
[EMAIL PROTECTED] wrote:
> Not to toot my horn, but if you want sample code I wrote copies of Ronald L.
> Rivest's RC5 and RC6 in C. They are fully customizable (16/32/64 bit words),
> number of rounds and key size.
Keep in mind that RC5 and RC6 (unless it wins the AES) are covered by patent.
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
From: [EMAIL PROTECTED] (Albert P. Belle Isle)
Subject: Re: DES => problems with decryption
Date: Tue, 09 Mar 1999 18:08:32 GMT
Reply-To: [EMAIL PROTECTED]
Moh:
Without careful examination of the entire listing (which I haven't
taken the time to do) I can at least recommend that you stop telling
the compiler to cast bytes [0-to-256] as characters [-127-to-127].
For readability, typedef BYTE as unsigned char, and use it (and
pointers to it) to replace all your char and char* variables.
Albert P. BELLE ISLE
Cerberus Systems, Inc.
================================================
ENCRYPTION SOFTWARE
with Forensic Software Countermeasures
http://www.cerberus-sys.com/~infosec/
================================================
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: is this Patented?
Date: Tue, 09 Mar 1999 16:26:14 GMT
[EMAIL PROTECTED] () wrote, in part:
>New hash value = Encrypt( KEY=Old hash value, INPUT=Message block) XOR
>Encrypt( KEY=Message block, INPUT=Old hash value)
It has been noted in an E-mail I have recieved that this has one important
weakness: if the old hash value matches the current message block, the new
hash value is certainly zero.
Fortunately, Quadibloc IV, which uses this principle with its F-function,
uses a different S-box in the two cases, avoiding the symmetry. However,
the f-function is such that it really isn't clear that swapping the roles
of subkey and subblock input causes as profound a change as swapping the
key and the message block in DES.
As Quadibloc IV, unlike Quadibloc II and Quadibloc III, has no
key-dependent S-box, while it still includes features that make
differential cryptanalysis more difficult, it is conventional enough that
it doesn't make it totally impossible.
John Savard (teneerf is spelled backwards)
http://members.xoom.com/quadibloc/index.html
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: Limitations of testing / filtering hardware RNG's
Date: Tue, 09 Mar 1999 12:11:57 -0600
R. Knauer wrote:
> Statistical testing of the output of a TRNG is worthless- it's like
> running an experiment to confirm a theory and then using that theory
> to prove that the experiments are correct.
Isn't that what science does? How is confirming a theory with
experiment "worthless"?
Patience, persistence, truth,
Dr. mike
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: RC4 and keysizes (and Legal info on RC4/5/6)
Date: Tue, 09 Mar 1999 10:24:19 -0800
Reply-To: [EMAIL PROTECTED]
jay wrote:
> [EMAIL PROTECTED] wrote in article
> <7c3k7a$l1l$[EMAIL PROTECTED]>...
> >
>
> > A session key is the expand user key. i.e a rc4_key which has 256!
> > combinations.
> >
> If the user key contains repeats, the session key will as well, so I would
> still believe that the correct value is 256^256.
However, most of those keys are equivalent, since the result of
initializating is to pick a particular permutation of the 256-byte
key table, so there are at most "only" 256! non-equivalent RC4 keys.
Homework question 1: Can all 256! state array permutations be achieved
using the standard RC4 initialization method?
Homework question 2: If so, do the 256^256 distinct keys produce the
same number of each of the 256! permutations of the state array?
--
Jim Gillogly
Sterday, 17 Rethe S.R. 1999, 18:17
12.19.6.0.2, 10 Ik 15 Kayab, Second Lord of Night
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: ElGamal vs RSA
Date: Tue, 09 Mar 1999 12:20:36 -0600
Sam Simpson wrote:
>
> BTW does anyone still use GF(2^n)? It said as long as 14-years
> ago that GF(2^n) ought to be avoided in all cryptographic
> applications - who would still consider it in the same breath as
> GF(p)?
>
> Look forward to any pointers to more recent literature you may be
> able to provide.
Check out "Elliptic Curve Public Key Cryptosystems" for use of
GF(2^n). Who said it should be avoided? Have you got a reference
for that?
Patience, persistence, truth,
Dr. mike
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: RSA Key length
Date: Tue, 09 Mar 1999 12:38:22 -0600
dino wrote:
>
> Hi,
> I'm an IT consultant. My customer bought a PKI platform based on 1024 bit
> long RSA keys.
> Then we found that for this platform a length of 1024 bit means a length of
> 128 bytes, i.e. some key is 1017 bit long with most significant bits zero.
> Is this implementation right?
It could be fine. Check the length of the "p" and
"q" primes that make up the 1017 bit "n". If they
add up to 1017, you're ok. If they don't, you
lost bits someplace and the whole system may not
work.
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED]
Subject: MD5
Date: Tue, 09 Mar 1999 18:44:26 GMT
does any one know an URL for C source code for MD5 and also for the U. M.
Maurer's A Universal Statistical Test for Random Bit Generators.
thanks,
sachin.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: Modular Multipliers
Date: 9 Mar 1999 18:59:20 GMT
Reply-To: [EMAIL PROTECTED]
Henry Lewsal wrote:
> > 1. What can be said about the properties of the S-box
> > defined by this modular multiplication? Is it bijective, is it
> > in any way linear, how does it propagate differences?
> > (All this without looking at the particular multiplier,
> > since we assume the multiplier to be key-dependent)
>
> I assume you mean, the "factors" are key-dependent. In a multiplication
> the two factors might be any small values and then mod 2^16-1 is done.
> If both factors are smaller than 2^8, then the result will be smaller
> than the modulus. A bad situation can occur when the factors are
> very small: 4*71 mod 65537 = 00284, then if a small plaintext difference
> requires 5*71 to be multiplied the answer is 00355 so error propagation
> can be small in these cases. The statistics of these cases is easy to
> calculate and the probabilities of input differences versus output
> differences can be predicted. A conjecture is that there are
> non-uniform probabilities for differentials and Impossible Differentials.
> This non-uniformity of differentials is a vulnerability which needs
> to be cured by subsequent transformations. If only multiplication
> is used under a modulus, a conjecture is that it cannot be secured
> against differential cryptanalysis.
>
> Whether subsequent rotations help much is a subject for additional work.
>
Yes, this is a good hint, thank you, but my question was a little
more on the obscure side.
One of the factors is plaintext, it becomes key-dependent only in
the process of encryption. The other factor is the *multiplier*,
aka S-box, derived from the key and supposed to be unknown to the
attacker.
What can be asserted in this case? An additional complication can
make the choice of the *multiplier* plaintext-dependent, say out of
table with 256 key-derived multipliers. Then different plaintexts will
be processed through different sequence of S-boxes.
Still the underlying procedure will be modular multiplication, so
I wonder, is there anything fundamentally wrong with it?
Thanks again, respectfully BNK
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: DES => problems with decryption - des.h (0/1)
Date: Tue, 09 Mar 1999 11:01:28 -0800
Reply-To: [EMAIL PROTECTED]
Moh wrote:
> Still the whole process does not function at all
> and I am really desperate now :-(
What you need is more test data to see where the problem is coming
in. I suggest you get one of the numerous public domain DES
implementations and decorate it with some printfs to compare with
the comparable data in your own program.
Debugging 101 -- welcome to computing!
--
Jim Gillogly
Sterday, 17 Rethe S.R. 1999, 18:59
12.19.6.0.2, 10 Ik 15 Kayab, Second Lord of Night
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Limitations of testing / filtering hardware RNG's
Date: Tue, 09 Mar 1999 19:01:12 GMT
Reply-To: [EMAIL PROTECTED]
On 9 Mar 1999 13:27:19 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>Confirming a theory with experiment is circular reasoning.
>Testing a prediction with experiment isn't, but it verges on
>the circular.
>*DIS*proving a rival theory with experiment is how science really
>works.
Let's say some theorist concocts a conjecture about some phenomenon he
believes exists in physical reality. For example he might claim that
the speed of light is a finite constant.
If an experiment goes against a prevailing theory then your statement
is indeed correct. But that is only because there was a prevailing
theory to begin with.
If, on the other hand, the theory is about an entirely new phenomenon
for which there is no prevailing theory, then a successful experiment
can taken as confirmation of that new theory.
Bob Knauer
"There's no way to rule innocent men. The only power any government
has is the power to crack down on criminals. Well, when there aren't
enough criminals, one makes them. One declares so many things to be
a crime that it becomes impossible to live without breaking laws."
--Ayn Rand
------------------------------
From: [EMAIL PROTECTED] (Jayant Shukla)
Subject: Re: Really Nonlinear Cipher Idea
Date: 9 Mar 1999 18:29:19 GMT
[EMAIL PROTECTED] (John Savard) writes:
>Almost (there's Terry Ritter's autokey Dynamic Substitution, for example) a
>new frontier in cryptography! If key-dependent S-boxes create high
>security, it would seem that one which is even data-dependent as well would
>truly produce a cipher that defies analysis.
Key-dependent S-boxes are a good thing. They make differential
cryplanalysis a real nightmare. Fixed S-boxes are somewhere in
the middle, they may leak key information depending on how they
are chosen. Data dependent S-boxes are the worst. They allow
an attacker a great amount of flexibility in performing
cryptanalysis. There is a book by Biham and Shamir called
"Differential cryplanalysis of DES". It is a great book and
explains differential cryptanalysis in detail. Read it and draw
your own conclusions.
~Jayant
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
