Cryptography-Digest Digest #213, Volume #9 Wed, 10 Mar 99 09:13:03 EST
Contents:
Re: Limitations of testing / filtering hardware RNG's (Mark Currie)
Re: Quantum Computation and Cryptography (Bill Stewart)
Security of ASPSESSIONID ([EMAIL PROTECTED])
Re: RSA Key length (DJohn37050)
Re: How to decrypt this message? (Anonymous)
Re: Scramdisk newbie (Aman)
Re: Scramdisk newbie (Aman)
Letter Frequency English ([EMAIL PROTECTED])
Re: in response to RC4 stuff, plus TC1 ([EMAIL PROTECTED])
Re: Quantum Computation and Cryptography (R. Knauer)
Re: Limitations of testing / filtering hardware RNG's (R. Knauer)
Re: Limitations of testing / filtering hardware RNG's (R. Knauer)
Re: Letter Frequency English ([EMAIL PROTECTED])
Re: How to decrypt this message? ([EMAIL PROTECTED])
Cryptography FAQ (01/10: Overview) ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Mark Currie)
Subject: Re: Limitations of testing / filtering hardware RNG's
Date: 10 Mar 1999 08:18:39 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>I haven't been following this whole thread, so if I'm being irrelevant
>or redundant, I apologize.
>
>Trevor Jackson, III wrote:
>> R. Knauer wrote:
>> > On 9 Mar 1999 15:03:26 -0500, [EMAIL PROTECTED] (Herman Rubin)
>> > wrote:
>> > >Not just as diagnostics; if the outcome HAPPENS to be all 0's or all
>> > >1's, you would not want to use this for cryptography. There are other
>> > >outcomes which one would not want to use.
>> >
>> > If you filter the output as you suggest, then the TRNG is no longer
>> > proveably secure in principle.
>>
>> Show me the leak. Otherwise stop repeating this nonsense.
>
>OK. Just to be definite, let's assume that you have some threshold
>T where if you see T 0's in a row, you will remove all of them from
>the random bit stream, then pick up and continue. To make the example
>obvious, let's assume T=8, so that we know there will never be a run of
>8 0-bits in a row.
>
>We now have a message coming in. The ciphertext starts "YNAQJ BFPGD".
>Since we know that there are never 8 0-bits in a row, we know that the
>first character of the plaintext is not Y, the second character is not
>N, the third character is not A, and so on. This is precisely one of
>the weaknesses of Enigma, which allowed the Allies to place guessed
>plaintext. I can tell with certainty that this message did not
>start with "YES" or "INREP LYTOY".
>
>The key fact of a one-time pad is that it can give the attacker no
>information about the plaintext other than a bound on its length.
>Filtering the TRNG stream in the way you suggest (eliminating runs
>of 0's or 1's) breaks this assumption.
>
>As everybody keeps saying, of course, it's necessary to monitor your
>TRNG to make sure it isn't broken, and sending all 0's for a long
>time is a good sign that it's broken. However, "fixing" it so that
>it cannot produce certain strings even when it's working properly
>breaks the provable security of the OTP, just as R. Knauer says above.
>
I am sure that there are many examples where a specific type of filter could be
useful to an attacker. However, if you are operating in a high performance
environment where you are dishing out numbers continuously, and you do not
continuously check for sudden heavy biasing of the RNG source, then you may
only discover the problem after many many potentially bad values may have been
dished out. You may be continuously dishing out DES keys that are all 0's
except for one or two bits, hence defeating your "stuck at 0" check.
This is a tricky area I know. I am well aware of the dangers of filtering,
however I believe that there is a case for providing a measure of heavy bias
checking.
Whether you are testing for diagnostic reasons or to filter out values, can
amount to the same thing. In either case you are not allowing continuous
heavily biased values from being used. If you find that you are filtering out
values regularly, then you can flag an error condition and stop operation
until the RNG is fixed.
In the real world electronic systems can fail, and they don't alway fail in
a nice easily detectable way, such as "stuck at 0/1".
Mark Currie
------------------------------
From: Bill Stewart <[EMAIL PROTECTED]>
Subject: Re: Quantum Computation and Cryptography
Date: Wed, 10 Mar 1999 00:23:26 -0800
My guess is that the precision you can get from
quantum-magic computation things is limited by Heisenberg's Uncertainty
Principle,
which says you shouldn't be able to get much more accurate than Plank's
Constant.
If true (and intuition about quantum is often not true, especially from
people
who haven't cranked a Schroedinger equation in 20 years :-),
this means that a precision of 10**-34 (~2**-100) adds quite a few bits
to a cracker's repertoire, but nothing that can't be easily overrun
with longer keys; it's not a panacea for cracking NP-hard problems.
Anthony Stephen Szopa wrote:
> 3 years ago the solid state research center in the US was definitely
> fabricating quantum well structures that were very good but not good enough
> as far as uniformity and low defect rates were concerned. Who knows what
> their current state of development is?
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: microsoft.public.inetserver.iis
Subject: Security of ASPSESSIONID
Date: Wed, 10 Mar 1999 10:25:15 GMT
IIS generates a session id cookie for applications that (may) need them. The
MSDN library in the article "ASP Session ID Encryption and Session Security"
contains an overview of how they are generated, but is sadly lacking in
detail. Does any one have more detail on this. I would like to understand how
unpredictable this cookie is? Or better yet an analysis of how secure or
insecure it is. Is the answer different for those of us stuck with export
crypto?
Thanks,
F.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: RSA Key length
Date: 10 Mar 1999 01:51:14 GMT
It might also depend on what standard (if any) the system is supposed to meet.
For example, for ANSI X9F1 X9.31 (RSA/W sigs) the minimum modulus is 1024 bits,
so 1017 would not conform. This means that the high order bits is set to
binary 1. That is, a 1024 bit number MUST have the high order bit set to 1.
Don Johnson
------------------------------
From: Anonymous <[EMAIL PROTECTED]>
Subject: Re: How to decrypt this message?
Date: Wed, 10 Mar 1999 12:22:29 +0100 (CET)
The message begins:
"Saddam Hussein will assemble the arm..."
For a full translation, please send $10 cash to the following address:
Po Box 11588
Costa Mesa, CA 92627
USA
Hello can you tell me where i can get this messasge decoded, is there any
newgroups for such things?
34,170,42,170,165,1,90,41,170,139,160,17,25,27,98,162,161,170,84,23,50,38,16
1,42,32,81,4,98,189,102,152,72,242,200,85,77,120,80,102,33,205,181,125,197,2
8,104,26,84,89,86,208,125,98,6,92,69,68,70,234,176,162,86,54,70,84,98,32,165
,23,69,85,69,251,142,5,68,68,85,70,35,11,96,90,96,234,16,78,101,136,179,118,
14,148,189,217,139,234,91,149,212,241,220,141,217,161,159,65,108,159,38,239,
168,5,103,132,184,142,232,106,212,5,88,172,138,42,140,6,116,106,168,74,192,2
37,66,84,136,152,182,21,57,200,237,195,109,2,246,78,26,91,55,29,155,58,138,1
48,169,5,85,223,114,164,39,53,5,49,181,26,232,41,129,81,177,95,10,230,225,88
,149,25,17,134,130,152,21,25,149,20,236,52,93,195,81,84,85,179,48,39,174,226
,224,197,181,130,40,139,2,142,72,221,250,226,178,107,233,17,153,250,154,42,1
94,253,65,118,35,171,34,160,23,29,18,98,43,163,58,80,23,226,34,178,43,8,117,
165,38,169,43,138,178,173,185,117,173,8,75,249,189,202,205,228,117,228,41,18
0,204,194,100,220,189,228,42,1,185,73,221,68,252,198,231,98,225,86
------------------------------
From: [EMAIL PROTECTED] (Aman)
Subject: Re: Scramdisk newbie
Date: 10 Mar 1999 05:55:02 -0600
On 10 Mar 1999 01:18:51 -0000, brandon <[EMAIL PROTECTED]> wrote:
[]
> Mr Mundy in his response very kindly points out some distinctions, but
>there are still a lot of questions a beginner will ask: why do you need both
>(partitions and volumes), or do you need both?
Either. It is a matter of preference. Containers are essential in
supporting scramdisk volumes on CD media though.
>Will they function
>independently? What's the purpose of each attribute of the program? No question
>is too basic. People simply won't understand what specialised jargon means
>until they're told - after that it's easy. People attracted to Scramdisk aren't
>stoopid either.
First, a PARTITION means part or all, of a physical mass storage
device (often an electro- mechanical machine) which is connected to
your computer. Such a device (EG hard drive) can usually be split into
one or more accessable PARTITIONS by software...
A LOGICAL VOLUME is the entitty that makes your files available to
you.
Windows VOLUMES are seen as drive letters. Inside the 'My Computer'
cabinet window, you can see all your LOGICAL hard drives.
You may see more LOGICAL hard drives, than you have real hard drives
in the machine, because of their PARTITIONS. You can also see your CD
Rom, your floppy disk and Zip/Jaz drives etc if you have them, as
drive letters. A:, C:, D:. etc.
But these icons for the drive letters, on which you might click, are
the 'LOGICAL VOLUMES' you currently have available. When you refer to
something like:
F:\myprog\program.exe
You are referring to a program called 'program.exe' which is stored
on a LOGICAL VOLUME called F: (drive F) in a folder 'myprog'. You can
startup this program if you want. But it is clear, that this program
is visible to you on a visible 'logical volume'
But it is also clear, that this program consists of a string of BYTES.
Where are the BYTES for 'program.exe' ACTUALLY STORED ?
They must be somewhere, on one of the PHYSICAL hardware machines
connected to your PC..
That depends on the nature of drive 'F:'. Those bytes could be STORED
on a CD rom, a hard disk, a jaz disk, or (dare I say it) a currently
visible Scramdisk....... But to you they all (generally) appear very
much the same, as seen MOUNTED upon the desktop inside MY COMPUTER
Often, the DATA for drive F: might be STORED on a PHYSICAL PARTITION,
on one of the hard drives inside the computer... So here we have a
LOGICAL VOLUME, being implemented by the bytes found stored within a
particular hard disk PARTITION. IE The actual DATA for the LOGICAL
hard disk drive F: can be found STORED on the 2nd PARTITION of
PHYSICAL hard disk #2 (as an example)
But as above, the DATA for a particular LOGICAL drive does not HAVE
to be STORED on such a hard disk PARTITION. Any randomly accessable
source of bytes will do, in order to make a logical volume (DRIVE:)
appear on the system. Even some RANDOM ACCESS MEMORY would do, and
that is how we can make a ramdisk which appears like any other disk
whilst the system is running... We set aside some PHYSICAL RAM to
implement the LOGICAL disk drive...
Scramdisk, makes NEW (and encrypted) drive letters appear to the
system and in MY COMPUTER. These are LOGICAL drive letters. But, just
as a ramdisk, CD disk, Jaz disk, they need some data STORED somewhere
on some PHYSICAL machine.
Scramdisk has essentially two ways of storing its data needed to make
its new LOGICAL disks appear in MY COMPUTER etc -
WAY 1:
As a physical dedicated hard disk PARTITION. You create a normal empty
win/DOS partition on your hard drive, and get Scramdisk to take it
over. Then unlike normal windows partitions, it can be turned on and
off, and YOU can choose its drive letter yourself, without windows
deciding that for you...
WAY 2:
As a large single file STORED somewhere on ANOTHER normal (windows)
type VOLUME. This gets round the problem of creating a partition, and
also allows disk encryption on vastly different media, such as CD-ROM.
You can think of it, as a (encryped) VOLUME stored in a FILE, which
can be found on another VOLUME.
In short:
A logical VOLUME, is an abstracted disk drive (letter such as D: etc)
that the user and the software 'sees.'
A partition, or container FILE, is the physical place where the data
for the visible logical VOLUME can ACTUALLY be found. IE Where it
PHYSICALLY is in the machine...
If you look at such data directly in Scramdisk with a suitable
utility, either in the container FILE, or on a dedicated Scramdisk
PARTITION on a hard drive, you will simply see a lot of randomised
numbers, because the data is encrypted. You would find nothing that
made any sense at all.
Sorry about the length of this, especially as it's off charter
somewhat....
Regards.
Aman.
>
>In short, what the manual is lacking is a glossary.
>
>Brandon
>
>
>
>~~~
>This PGP signature only certifies the sender and date of the message.
>It implies no approval from the administrators of nym.alias.net.
>Date: Wed Mar 10 01:18:49 1999 GMT
>From: [EMAIL PROTECTED]
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQEVAwUBNuXIek5NDhYLYPHNAQE9xQf+Il0KK33PZpa+hKunNIgqCH//qUydwpvn
>GczDfyjD/gPxCo64KjRkzpdvrscOJt6IDZsHlbNyABq7urqzi48N5C7WIfxJhOav
>7t0zaEQRZh7vuxU9PamoJ3v4Q4ArJ08516bu46noOZNbu/q0MP9MooXmTaxDndOe
>0RKHdKu5uCNUo6BUWeYy2fBc/J8v9ksmEZp7Z7GlyL5fECFU9sqmgblrVUjbSVJy
>TrIJRhD2wCsJXgUT07uyuP3ETHySTbjy29Sj/C6CmtDzeve3LhPCp67IFNQRznqf
>JM/ST+FvQr/CO3XwqMD4TTv/qbd5W5/CCWOOq0iFpl6IPWp+yiutKw==
>=HYA5
>-----END PGP SIGNATURE-----
------------------------------
From: [EMAIL PROTECTED] (Aman)
Subject: Re: Scramdisk newbie
Date: 10 Mar 1999 06:02:03 -0600
On 10 Mar 1999 01:18:51 -0000, brandon <[EMAIL PROTECTED]> wrote:
>
>In short, what the manual is lacking is a glossary.
Perhaps.
But 'volume', 'partition' and 'file' are standard PC terms which apply
not just to Scramdisk, but to Windows and to Dos in general. They have
done for many years, so I hope you will forgive us when we credit the
users of our world class freeware disk scrambling software with a
modicum of basic PCee knowledge....
Regards,
Aman.
------------------------------
From: [EMAIL PROTECTED]
Subject: Letter Frequency English
Date: Wed, 10 Mar 1999 11:58:59 GMT
Reply-To: [EMAIL PROTECTED]
Hi
Can anyone spare the time to give a rookie a basic listing of letter
frequencies in spoken English.
thanks in advance
paul
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: in response to RC4 stuff, plus TC1
Date: Wed, 10 Mar 1999 11:48:07 GMT
> No, you prepend it to the key, not to the stream. The benefit is that
> it mixes the state array in a different way each time, even though the
> same secret symmetric key is used, and encryptions using that secret
> key will thus use a different key-stream. The private portion of the
> key is as long as you want: at least 90 bits (according to the N
> Cryptographers), and probably 128 bits (for definiteness). You have
> 2048 bits of key setup array to play with, so there's plenty of
> head-room here.
>
Now I get it. Thanks.
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Quantum Computation and Cryptography
Date: Wed, 10 Mar 1999 13:25:57 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 10 Mar 1999 00:23:26 -0800, Bill Stewart
<[EMAIL PROTECTED]> wrote:
>My guess is that the precision you can get from
>quantum-magic computation things is limited by Heisenberg's Uncertainty
>Principle,
>which says you shouldn't be able to get much more accurate than Plank's
>Constant.
>If true (and intuition about quantum is often not true, especially from
>people
>who haven't cranked a Schroedinger equation in 20 years :-),
>this means that a precision of 10**-34 (~2**-100) adds quite a few bits
>to a cracker's repertoire, but nothing that can't be easily overrun
>with longer keys; it's not a panacea for cracking NP-hard problems.
Your intuition just flunked. The Feynman computer, for example, is
guaranteed to give the correct answer when the cursor qubit is
properly located.
Read "Explorations In Quantum Computing" by Colin Williams and Scott
Clearwater.
Bob Knauer
"There's no way to rule innocent men. The only power any government
has is the power to crack down on criminals. Well, when there aren't
enough criminals, one makes them. One declares so many things to be
a crime that it becomes impossible to live without breaking laws."
--Ayn Rand
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Limitations of testing / filtering hardware RNG's
Date: Wed, 10 Mar 1999 13:37:53 GMT
Reply-To: [EMAIL PROTECTED]
On 10 Mar 1999 08:18:39 GMT, [EMAIL PROTECTED] (Mark Currie)
wrote:
>In the real world electronic systems can fail, and they don't always fail in
>a nice easily detectable way, such as "stuck at 0/1".
One way to circumvent that problem is to employ triple modular
redundancy (TMR) techniques. TMR is used in mission critical
applications like space flight and nuclear power plants.
For those who might not be familiar with TMR, simply put it is a
system which has three identical circuits for every subsystem, and
these three circuits are constantly moniroted for majority vote. If
one of the three votes "incorrectly", as measured by the other two
circuits, the majority vote is taken to be correct, and the subsystem
is flagged for repair. If there is no majority, as in an analog
circuit, then the subsystem is shut down.
In such manner, a defective subsystem of a TRNG could be isolated if
it started behaving incorrectly.
Bob Knauer
"There's no way to rule innocent men. The only power any government
has is the power to crack down on criminals. Well, when there aren't
enough criminals, one makes them. One declares so many things to be
a crime that it becomes impossible to live without breaking laws."
--Ayn Rand
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Limitations of testing / filtering hardware RNG's
Date: Wed, 10 Mar 1999 13:40:40 GMT
Reply-To: [EMAIL PROTECTED]
On 10 Mar 1999 07:32:58 GMT, [EMAIL PROTECTED] (Mark Currie)
wrote:
>I think we may be on different tracks here.
Yes. I am talking about a TRNG used with the OTP system, which is not
a real times system. You are talking about a real time stream cipher.
But that does not mean that the real time system can avoid periodic
subsystem diagnostic tests.
>This thread is getting boring now.
Then don't read it any more.
Bob Knauer
"There's no way to rule innocent men. The only power any government
has is the power to crack down on criminals. Well, when there aren't
enough criminals, one makes them. One declares so many things to be
a crime that it becomes impossible to live without breaking laws."
--Ayn Rand
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Letter Frequency English
Date: Wed, 10 Mar 1999 13:51:36 GMT
> Hi
>
> Can anyone spare the time to give a rookie a basic listing of letter
> frequencies in spoken English.
>
> thanks in advance'
Well if you are looking for entropy, they say about 2^13 per english word
(about 5 letters). However if you are looking for freq's. The volwels are
the highest, second to 'rstnop'. A simple 1st part of a huffman coder can
determine this for you.
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: How to decrypt this message?
Date: Wed, 10 Mar 1999 13:47:30 GMT
> "Saddam Hussein will assemble the arm..."
>
> For a full translation, please send $10 cash to the following address:
>
> Po Box 11588
> Costa Mesa, CA 92627
> USA
>
> Hello can you tell me where i can get this messasge decoded, is there any
> newgroups for such things?
Well if mr. Costa Mesa is smart he/she/it probably used a good cipher like
IDEA, CAST, 3DES, RC4/5/6, and your chances of deciphering it are about 1 in
a whole bunch. See that's not a challenge. Mr Costa Mesa should have at
least posted the algorithm used.
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers
Subject: Cryptography FAQ (01/10: Overview)
Date: 10 Mar 1999 14:05:04 GMT
Reply-To: [EMAIL PROTECTED]
Archive-name: cryptography-faq/part01
Version: 1.0
Last-modified: 94/01/11
This is the first of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read this part before the rest. We
don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in the last part.
Disclaimer: This document is the product of the Crypt Cabal, a secret
society which serves the National Secu---uh, no. Seriously, we're the
good guys, and we've done what we can to ensure the completeness and
accuracy of this document, but in a field of military and commercial
importance like cryptography you have to expect that some people and
organizations consider their interests more important than open
scientific discussion. Trust only what you can verify firsthand.
And don't sue us.
Many people have contributed to this FAQ. In alphabetical order:
Eric Bach, Steve Bellovin, Dan Bernstein, Nelson Bolyard, Carl Ellison,
Jim Gillogly, Mike Gleason, Doug Gwyn, Luke O'Connor, Tony Patti,
William Setzer. We apologize for any omissions.
If you have suggestions, comments, or criticism, please let the current
editors know by sending e-mail to [EMAIL PROTECTED] Bear in
mind that this is a work in progress; there are some questions which we
should add but haven't gotten around to yet. In making comments on
additions it is most helpful if you are as specific as possible and
ideally even provide the actual exact text.
Archives: sci.crypt has been archived since October 1991 on
ripem.msu.edu, though these archives are available only to U.S. and
Canadian users. Another site is rpub.cl.msu.edu in /pub/crypt/sci.crypt/
from Jan 1992. Please contact [EMAIL PROTECTED] if you know of
other archives.
The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto,
sci.answers, and news.answers every 21 days.
The fields `Last-modified' and `Version' at the top of each part track
revisions.
Table of Contents
=================
1. Overview
2. Net Etiquette
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
2.2. Do political discussions belong in sci.crypt?
2.3. How do I present a new encryption scheme in sci.crypt?
3. Basic Cryptology
3.1. What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key?
3.2. What references can I start with to learn cryptology?
3.3. How does one go about cryptanalysis?
3.4. What is a brute-force search and what is its cryptographic relevance?
3.5. What are some properties satisfied by every strong cryptosystem?
3.6. If a cryptosystem is theoretically unbreakable, then is it
guaranteed analysis-proof in practice?
3.7. Why are many people still using cryptosystems that are
relatively easy to break?
3.8. What are the basic types of cryptanalytic `attacks'?
4. Mathematical Cryptology
4.1. In mathematical terms, what is a private-key cryptosystem?
4.2. What is an attack?
4.3. What's the advantage of formulating all this mathematically?
4.4. Why is the one-time pad secure?
4.5. What's a ciphertext-only attack?
4.6. What's a known-plaintext attack?
4.7. What's a chosen-plaintext attack?
4.8. In mathematical terms, what can you say about brute-force attacks?
4.9. What's a key-guessing attack? What's entropy?
5. Product Ciphers
5.1. What is a product cipher?
5.2. What makes a product cipher secure?
5.3. What are some group-theoretic properties of product ciphers?
5.4. What can be proven about the security of a product cipher?
5.5. How are block ciphers used to encrypt data longer than the block size?
5.6. Can symmetric block ciphers be used for message authentication?
5.7. What exactly is DES?
5.8. What is triple DES?
5.9. What is differential cryptanalysis?
5.10. How was NSA involved in the design of DES?
5.11. Is DES available in software?
5.12. Is DES available in hardware?
5.13. Can DES be used to protect classified information?
5.14. What are ECB, CBC, CFB, and OFB encryption?
6. Public-Key Cryptography
6.1. What is public-key cryptography?
6.2. How does public-key cryptography solve cryptography's Catch-22?
6.3. What is the role of the `trapdoor function' in public key schemes?
6.4. What is the role of the `session key' in public key schemes?
6.5. What's RSA?
6.6. Is RSA secure?
6.7. What's the difference between the RSA and Diffie-Hellman schemes?
6.8. What is `authentication' and the `key distribution problem'?
6.9. How fast can people factor numbers?
6.10. What about other public-key cryptosystems?
6.11. What is the `RSA Factoring Challenge?'
7. Digital Signatures
7.1. What is a one-way hash function?
7.2. What is the difference between public, private, secret, shared, etc.?
7.3. What are MD4 and MD5?
7.4. What is Snefru?
8. Technical Miscellany
8.1. How do I recover from lost passwords in WordPerfect?
8.2. How do I break a Vigenere (repeated-key) cipher?
8.3. How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...]
8.4. Is the UNIX crypt command secure?
8.5. How do I use compression with encryption?
8.6. Is there an unbreakable cipher?
8.7. What does ``random'' mean in cryptography?
8.8. What is the unicity point (a.k.a. unicity distance)?
8.9. What is key management and why is it important?
8.10. Can I use pseudo-random or chaotic numbers as a key stream?
8.11. What is the correct frequency list for English letters?
8.12. What is the Enigma?
8.13. How do I shuffle cards?
8.14. Can I foil S/W pirates by encrypting my CD-ROM?
8.15. Can you do automatic cryptanalysis of simple ciphers?
8.16. What is the coding system used by VCR+?
9. Other Miscellany
9.1. What is the National Security Agency (NSA)?
9.2. What are the US export regulations?
9.3. What is TEMPEST?
9.4. What are the Beale Ciphers, and are they a hoax?
9.5. What is the American Cryptogram Association, and how do I get in touch?
9.6. Is RSA patented?
9.7. What about the Voynich manuscript?
10. References
10.1. Books on history and classical methods
10.2. Books on modern methods
10.3. Survey articles
10.4. Reference articles
10.5. Journals, conference proceedings
10.6. Other
10.7. How may one obtain copies of FIPS and ANSI standards cited herein?
10.8. Electronic sources
10.9. RFCs (available from [FTPRF])
10.10. Related newsgroups
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
