Cryptography-Digest Digest #232, Volume #9 Sun, 14 Mar 99 08:13:08 EST
Contents:
NES - Who cares? (Joe McGivern)
Re: Testing Algorithms [moving off-topic] (Doggmatic)
Re: The Magic Screw, Non-Secret Encryption, and the Latest WIRED (Frode Weierud)
Re: ElGamal vs RSA ("Roger Schlafly")
Re: Quantum Computation and Cryptography (wtshaw)
Re: Scramdisk Crash on Win 98 .. Suggestions ? ("Ludwig Fischer")
Re: NES - Who cares? (Joe McGivern)
Re: Network Associates - Can we trust their products? (David)
Re: Total beginner (Scott Fluhrer)
Re: Scramdisk Crash on Win 98 .. Suggestions ? (Shaun)
Re: ElGamal vs RSA (Wei Dai)
Re: Total beginner ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Joe McGivern <[EMAIL PROTECTED]>
Subject: NES - Who cares?
Date: Sun, 14 Mar 1999 07:04:10 GMT
If the NES does *not* post all cryptanalitic results then does it stand
to reason that NES will select a fast algorithm which only they know is
breakable in a way that only they can break it. Everyone will believe
that the best algorithm was chosen when in fact the mere selection of
that algorithm by the NES is that ciphers kiss of death.
It seems that in that vain, it would be an honor not to be selected.
Just a thought.
------------------------------
From: Doggmatic <[EMAIL PROTECTED]>
Subject: Re: Testing Algorithms [moving off-topic]
Date: Sun, 14 Mar 1999 07:23:36 GMT
In article <7c8lh3$mnp$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Patrick Juola) wrote:
> In article <7c74o2$pqm$[EMAIL PROTECTED]>,
> Doggmatic <[EMAIL PROTECTED]> wrote:
> >In article <7c3f59$4f7$[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] (Patrick Juola) wrote:
> >> In article <7bpipm$drj$[EMAIL PROTECTED]>,
> >> Doggmatic <[EMAIL PROTECTED]> wrote:
> >> >In article <7bonge$81b$[EMAIL PROTECTED]>,
> >> > [EMAIL PROTECTED] (Patrick Juola) wrote:
> >> >> >> In article <7b6tmq$ojt$[EMAIL PROTECTED]>,
> >> >> >> Doggmatic <[EMAIL PROTECTED]> wrote:
> >> >> >>
> >> >> >> >But I will look up this "reversible computing." For such a
> >> >> >> >great idea researched 30 years ago, you think I'd have my Free-
Energy
> >> >> >> >computer by now.
> >> >> >>
> >> >> >> I'll build one for you. Just buy me a frictionless surface.
> >> >> >[snip]
> >> >[snip my previous condescension]
> >> >> >accepted that there is no such thing as a "frictionless surface" in
this
> >> >> >universe. Here is where you can correct me if I'm wrong. I know that
> >> >> >theoretically you can have smoother and smoother surfaces, but I
thought
> >that
> >> >> >a frictionless surface is a physical impossiblilty
[snip]
> >> > Okay .. we'll play your game. Sample program:
> >> >
> >> > Time equals 0; <--- some arbitrary number Friction of surface equals
10;
> >> ><-- some random number beginning of a loop { time advances by 50
> >years;
> >> >engineers reduce friction of surface by a factor of ten so new Friction
of
> >> >surface now equals old Friction of surface divided by 10; Tell me what
the
> >> >new Friction of surface is; } end of loop...repeat loop only until
Friction
> >> >of surface equals 0 then stop; Tell me how many years have passed;
> >>
> >> Wrong stopping condition. Tell me; when friction is small enough that
> >> per-bit losses are less than 1/2^256 of an erg. At that point, you'll
> >> be able to count to 2^256 at a total cost of less than an erg of energy.
> >[snip approx answer]
> >>
> >> -kitten
> >
> >I almost concur, except that the limit of one erg is unnecessary. So long as
> >you can, at least, count up to 2^256 with some x number of available ergs of
> >energy, which is likely greater than just one erg. So let's assume we've got
> >a whole bunch'a ergs to use. What sounds good to you? We'll go with
10^60
> >ergs just sitting in our energy bank; is that enough? I know ... I know ..
> >you're thinking, "Hey, that's more energy than the Sun will release before it
> >goes nova [not counting the supernova itself]." .. or maybe "Wait! There
> >aren't even 10^60 atoms in this solar system - maybe we shouldn't have 10^60
> >ergs?" But, don't worry about those piddly little details, just humor
me.
> >We know that the energy of a state change is greater than or equal to
> >1.38e(-16) * TempOfUniv. We've got 10^60 ergs to spare and we want to run
> >something through 10^77 (2^256) state changes.
>
> That's the point -- we're not running the universe through state changes
> as we're using reversible computations.
>
> -kitten
>
I thought we established above that "reversible computing" is an ideal that
can never be achieved. That's when we got into the thing about "closer to
zero" and "equal to zero." Apparently, (and I could be wrong,) reversible
computing requires friction equal to zero. You've proponed for many days now
that engineers will achieve near-zero friction, but I thought we finally
killed the thing about the feasibility of frictionless surfaces when you
decided to veer off into an energy argument. I think I'll make my final
assertions here.
1) In the lifetime of this solar syatem, having physically-existant
computers count to 2^256 is impossible without reversible computing. 2)
Frictionless surfaces are impossible. 3) Any technology that requires a
frictionless surface is impossible. 4) (You implied) reversible computing
requires a frictionless surface. 5) Reversible computing is impossible. 6)
Since reversible computing is impossible, so is having physically-existant
computers count to 2^256 within the lifetime of this solar system.
Hopefully, there aren't any arguments left for you without introducing new
physical-law-breaking theories. If you must continue the discussion, then
please, point out the assertion (by number) that you disagree with. Wait.
Let me go ahead an make sure this discussion is dead.
requirements for arguments against assertion:
1) new physical-law-breaking theory
2) new physical-law-breaking theory
3) no argument possible against this assertion alone
4) contradicting your specifications of reversible computing
5) no argument possible against this assertion alone
6) new physical-law-breaking theory
So, I correct myself. You can either introduce a new physical-law-breaking
theory OR contradict yourself to continue this discussion. Which shall it be?
(Please say none :-)
___/Mike ...two legs good, four legs bad? ... Why conform?
__/. | For my next trick, WATCH as this humble mouse breaks
\-__ \___ Windows at the mere press of a button.
\ Hey! Where are we going, and why am I in this handbasket?
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Frode Weierud)
Subject: Re: The Magic Screw, Non-Secret Encryption, and the Latest WIRED
Date: 14 Mar 1999 08:27:37 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] () writes:
>This article adds quite a bit to what was in a paper on the subject
>available on the WWW that was mentioned in a post here (there's a pointer
>to it on Frode Weierud's site) some time ago.
When CESG (GCHQ's cipher and computer security brother) re-did their Web
pages they forgot to include the history of Non-Secret Encryption. After
I was told (I think by John Savard) that the link not longer was
functional I took contact with CESG. They promised to put the pages back
up which they have done. The pages are hidden in their history section.
However, there is a direct link from my Cryptology Web page at:
http://home.cern.ch/~frode/crypto
Frode
--
Frode Weierud Phone : +41 22 7674794
CERN, SL, CH-1211 Geneva 23, Fax : +41 22 7679185
Switzerland E-mail : [EMAIL PROTECTED]
WWW : wwwcn.cern.ch/~frode
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: ElGamal vs RSA
Date: Sat, 13 Mar 1999 23:53:15 -0800
[EMAIL PROTECTED] wrote in message <7cf8k4$mg2$[EMAIL PROTECTED]>...
>Asserting that someone does not have the technical background to
>provide an opinion on some subject is not an ad hominem attack.
My dictionary defines "ad hominem" as:
1 : appealing to feelings or prejudices rather than intellect
2 : marked by an attack on an opponent's character rather than by an answer
to the contentions made
http://www.m-w.com/
I have a PhD in Mathematics from U. California at Berkeley. How much
additional background is required to have an opinion on this subject?
>> Your statement implied that DL over GF(2^n) was easy.
>
>I said no such thing. The only easy problems in CS are polynomial time.
>I never said Coppersmith's algorithm is in P. What I said was that
>solving DL over FG(2^n) is significantly easier than DL over GF(p) for
>n ~ log(p).
And you also said:
"Coppersmith's algorithm applied to the former [GF(2^n)] makes it
unsuitable for cryptographic use."
Your statement is wrong. It might be correct if DL over GF(2^n) were
easy, but Coppersmith's algorithm leaves many reasonable values of n
outside its practical range.
>> If someone wants to use DL over GF(2^n), and his application is such
>> than n = 1024 is not safe enough, then he can pick n = 2048 or even
>> a larger value, if he wishes.
>
>And slow down encryption/decryption by at least a factor of 4 in the
process.
>And take up more space in certificates. And more bandwidth in key
exchange.
All of which might be mitigated by other factors in a particular
application.
After all, some people still use RSA even though EC has much lower
bandwidth.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Quantum Computation and Cryptography
Date: Sun, 14 Mar 1999 02:08:20 -0600
In article <7ccen1$vog$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
wrote:
> [EMAIL PROTECTED] (Bill Unruh) writes:
> >In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (R.
Knauer) writes:
> >>>I have heard plenty of
> >>>statements that such NAND gates are possible, that equations have
> >
> >Nand gates cannot be reversible. You can create a gate with two output
> >channels which is reversible.
> >But nothing which takes two inputs and
> >produces one output can ever be reversible.
Sorry to be difficult, but, and I hate to do this you get an F today in
digital logic, especially since a basic XOR gate has two inputs and one
output. As you surely should know, reversible in binary logic means
knowing the states of two of the three leads, knowing the operative table
referencing the two inputs and one output, and predicting the unspecified
state of the remaining lead.
> >
> >With a nand gate, you have three input states which go to the same
> >output. Thus you would need the second output to have three possible
> >states-- it could not be a binary output.
Three inputs or three states? Neither is descriptive of a NAND gate,
which is two inputs and two possible states for each input. Considering
two inputs, there are four total combinations, two bits. Yes each of the
wires can have a state, one of two per wire. Perhaps you did not realize
what you wrote, or levet out critical words, as it make no sense.
You can correctly correct any simple logic element and some more
complicated ones with nothing but NAND gates, 7400's or equivalent chips,
most often four gates per chip. In design, to efficiently use chips, you
must sometimes use resident elements to create other gates rather than
adding chips with excessive sections that might not be used at all.
Examples would be 1) to use a NAND gate for an inverter, or 2) two NAND
gates for a bistable flipflop, or 3) a NAND chased by an inverter or NAND
gate to make an AND gate.
With simple diodes you can gang inputs, replacing lots of gates; while
this is hard to appreciate in terms of routine logic, it is a wonderful
shortcut to circuit simplification, as is the addition of a few discrete
transistors and resistors along the way. I see DTL and TTL as
complementary, not exclusive; have I not said the same of different
information units?
In fact you can create logic elements and chip-worthy circuits that are
not otherwise unavailable, but wonderfully useful, with some
sleight-of-parts; as I evidence being a maverick with crypto theory, I've
always explored the unorthodox, and found some real gems in the
process....you can too.
In some ways, simple binary based logic is inadequate to replicate
important forms of digital logic. There are some early dissertations that
attempt to prove the opposite, but they work against themselves. When I
speak of different types of information units in an electronic sense, it
is from direct experience.
In speaking of the future of computing, for it to become what it should,
to some extent is necessary to think far beyond what are easily accepted
as limits in current design. Nature does not stress, and probably seldom
even does, binary. Technology will ultimately tend to follow for the same
important imperative, some things work better in certain ways; it just
takes time to get there. Time is one thing each of us is short on, so get
started.
--
Security efforts for an insecure platform are apt to be about as effective as
waterwings on a snake.
------------------------------
From: "Ludwig Fischer" <[EMAIL PROTECTED]>
Date: Sun, 14 Mar 1999 11:10:36 +0100 (CET)
Reply-To: "Ludwig Fischer" <[EMAIL PROTECTED]>
Subject: Re: Scramdisk Crash on Win 98 .. Suggestions ?
On Sat, 13 Mar 1999 22:56:45 GMT, Gary Cowell (QI'HoS) wrote:
>I have a 649MB Scramdisk file encoded with 3DES which is burned on a
>CD-R.
>
>If I mount this file directly from the CD-R and try to access files
>randomly from it,
Hallo !
Sorry for a beginners question
But, what is a 649MB Scramdisk file encoded with 3DES
and what is the purpose ???
==============
[EMAIL PROTECTED]
Vienna Austria
------------------------------
From: Joe McGivern <[EMAIL PROTECTED]>
Subject: Re: NES - Who cares?
Date: Sun, 14 Mar 1999 07:54:20 GMT
AES.
Joe McGivern wrote:
>
> If the NES does *not* post all cryptanalitic results then does it stand
> to reason that NES will select a fast algorithm which only they know is
> breakable in a way that only they can break it. Everyone will believe
> that the best algorithm was chosen when in fact the mere selection of
> that algorithm by the NES is that ciphers kiss of death.
>
> It seems that in that vain, it would be an honor not to be selected.
> Just a thought.
------------------------------
From: [EMAIL PROTECTED] (David)
Crossposted-To: alt.comp.virus
Subject: Re: Network Associates - Can we trust their products?
Date: Sun, 14 Mar 1999 11:05:35 GMT
You can completely trust them.
if you have any questions, you can always contact them.
If there is a real issue, they will forward it to the development
department.
Works good and will be even better.
David
On 14 Mar 1999 04:56:24 GMT, [EMAIL PROTECTED] () wrote:
>A little long, but take a coffee break and read with me in humor,
>okay? It isn't supposed to be 'dead' serious, but just a point
>I'd like some comments on, especially the validity of their products
>actually working like they should w/o subterfuge.
>
>---
>
>Intro:
>As you may all well know, the licensed version of McAfee virus scanners
>from their password FTP site was known to the Usenet newsgroup readers
>as far back as Jan 1997.
>(www.dejanews.com search:
>http://x7.dejanews.com/[ST_rn=ps]/getdoc.xp?AN=213502707.3&CONTEXT=921385556.2014249164&hitnum=17)
>
>This site has not changed in over three years, nor has the username and
>password, and has been posted numerous times to the Usenet newsgroups
>over this period.
>
>Today, you can find this exact URL, with .mcafee. changed to .nai. because
>McAfee was bought by NAI, on NAI's web site in clear view in a location
>where any five year old could reach in five clicks, or for that matter,
>all search engines in the world.
>
>---
>
>Okay, so either NAI, one of the world's largest security and virus
>protection companies in the world has got the _LAMEST_ site masters
>around, or they're 'deliberately' posting this publically on their web
>site today after the prior three years of common knowledge of the URL.
>
>To visit this public posting by NAI of this URL:
>http://www.nai.com/ -> drop down box to -> http://www.drsolomons.com
>(also bought up by NAI) -> Download/Updates -> Upgrades to Total Virus
>Defense -> United States / Canada -> and Voila! the direct password
>FTP URLs. (like I said, five clicks for any five year old)
>
>The new .nai. address has also been available in the Usenet newsgroups
>since 8/98 and I'll leave it to you to verify through Dejanews.
>
>---
>
>My Theory: (and maybe one episode too many of X-Files this week..)
>
>Could it be possible that NAI in conspiring to do the following:
>* Release virus products which require constant *.DAT upgrades as
>an income stream, even though it may be already possible to create
>an AI virus detection engine that will catch unknown ones w/o any
>problems (not counting those that appear with new technologies,
>such as Java viruses appearing after the engine was built before
>Java existed).
>* Release licensed versions of their products through their public
>web site to give key IS people a good run through their demo and
>licensed products so that there's a higher chance it'll be the
>first to be recommend. Buying the most popular (McAfee) and
>best (DrSolomons) virus scanners as reported by the trade magazines
>lend to this as well.
>* Capturing data from us through Personal PGP and/or their virus
>scanners during Internet sessions for their use.
>* And creating new virii themselves to promote the upgrade
>cycle. (After all, Microsoft loves this. What?! Office 97 doesn't
>work? No problem, just upgrade to Office 2000 and those problems
>will be fixed -- of course, not the new ones we introduced..)
>* etc., etc.
------------------------------
From: Scott Fluhrer <[EMAIL PROTECTED]>
Subject: Re: Total beginner
Date: Sun, 14 Mar 1999 12:22:32 GMT
In article <7cf6hf$f95$[EMAIL PROTECTED]>,
"Jonas Thörnvall" <[EMAIL PROTECTED]> wrote:
>Hello !
>
>http://www.algonet.se/~labah
>
>
>I'm a total beginner to cryptografy. And have no what so ever skill to
>judge, if a cipher is breakable in mathematical terms. Therefore i used
>pure logic creating my cipher.
"I have absolutely no idea what I'm doing, so I threw together some code"
I suggest that if you are a total beginner, and you seriously want to
learn, that you devote some time at least studying the standard references.
Schneier's "Applied Cryptography" would be a good start. If you don't
want to shell out the money, there's always libraries. If you don't want
to spend the time, you're not really serious.
Oh, and a word to the wise: even though you are not a native English
speaker, but people would respect your postings more if you spent a bit
more time getting your spelling right.
>I thought that if i performed a trappstep structuring/ordering on bit level
>and let the (frequense?) be set by password. And after that performed
>somkind of shifting, there would be impossible to tell if the bit
>(de)shifted led closer to the solution.
>As a metafor i used rubrics cube i'm aware about that it has locked
>position, but that's solvable.
>Of course there are a problem in the fact that the bits are the same, theyre
>just shifted, but then i thougt
>it´s really not a big problem if their shifting are random enough?
It's rather difficult to understand what you're saying, but if you are asking
whether a key-based bit permutation is good enough, the answer is simple:
no -- that can be reconstructed with a few known plaintext/ciphertext pairs
(and if you don't understand what that meant, you definitely need more
study)
Oh, and I tried your Web page. Normally, I whine at newbies not to shove
their code at me, and instead give me a mathematical description of their
algorithm. Here, you didn't even do that -- you gave me a black box (which
didn't even work). Next time, write up your algorithm in sufficient detail
that I could write a program for it on my computer (and you don't know what
type of computer or what programming language I use).
>
>Who knows one day i actually read a book on cryptography (The math seems
>rather complex.....)
If you don't like math, find a different hobby. Seriously.
>
>I enjoy your newsgroup(even if i understand little or none)
Feel free to lurk. However, it's no replacement for real study.
--
poncho
------------------------------
From: [EMAIL PROTECTED] (Shaun)
Subject: Re: Scramdisk Crash on Win 98 .. Suggestions ?
Date: Sun, 14 Mar 1999 12:38:21 GMT
On Sat, 13 Mar 1999 22:56:45 GMT, [EMAIL PROTECTED] (Gary
Cowell (QI'HoS)) wrote:
>I have a 649MB Scramdisk file encoded with 3DES which is burned on a
>CD-R.
>
>If I mount this file directly from the CD-R and try to access files
>randomly from it, Windows 98 will hang. Sometimes after one or two
>files have been loaded, sometimes more, but it will always eventually
>crash. This is the 'Power Switch' type of crash too. These crashes
>did not happen when I still had Windows 95.
Are you using 2.02G ?
Try creating another container with blowfish etc. as a test and see if
that crashes with a CD disk, just in case it is a speed issue in the
driver..
Shaun.
------------------------------
From: [EMAIL PROTECTED] (Wei Dai)
Subject: Re: ElGamal vs RSA
Date: Sun, 14 Mar 1999 03:33:08 -0800
In article <7cf8k4$mg2$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> The time difference is insignificant. And is platform and implementation
> dependent.With respect to CPU time, they are virtually the same. What makes
> DL slightly harder than factoring is that for DL, the matrix must be solved
> mod p, rather than mod 2. This takes a factor of log p more SPACE and a
> constant factor (depending on the wordsize of the machine solving the matrix)
> more time to solve the matrix. The sieving times are virtually the same.
Ok, that explains why DL results have lagged so far behind factoring
results - it must be hard to get time on computers with that much
memory.
However I don't understand why it takes only a contant factor more time
to solve a matrix mod p instead of mod 2. Shouldn't it take at least a
factor of log p more time? I guess most of the time in matrix solving is
spent on multiplying integers mod p, so the factor should be closer to
(log p)^2.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Total beginner
Date: Sun, 14 Mar 1999 12:39:10 GMT
I took a look at your page, and your algorithm looks neato. Would you mind
posting your algorithm? You talk about shifting, do you mean rotating?
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
