Cryptography-Digest Digest #241, Volume #9 Tue, 16 Mar 99 14:13:03 EST
Contents:
Re: Test vectors for RC4 (David A Molnar)
Re: Self-executing encryption program (Kent Briggs)
Re: Sites using Global ID from verisign (Paul Rubin)
Re: hash in javascript (Aidan Skinner)
Re: pRNG that is "predictable to the left"? (Mok-Kong Shen)
Re: Test vectors for RC4 (Dominik Werder)
----------------------------------------------------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Test vectors for RC4
Date: 16 Mar 1999 14:55:34 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> that is not yet broken the strength can not be expressed because
> there is no standard unit of strength of encryption algorithms to
> measure that unambiguiously.
well, we could always try to come up with something like
"call X (t, q_message, q_hash, e)-secure if
given amount of time t
q_message adaptive chosen plaintext decryptions
q_hash hashes (if the scheme uses 'em)
then
probability of obtaining {the key,
a plaintext, many plaintexts} is e"
following Bellare and Rogaway to exact security...
Now if only I knew how to prove a statement like this for RC4. :-(
-David
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: Self-executing encryption program
Date: Tue, 16 Mar 1999 16:17:22 GMT
Sundial Services wrote:
> So I can't offer a better example but I'm sure hoping someone else
> does. There is a market there. [P.S. My wish-list would be "it
> requires nothing more than DOS to do the decrypt..."]
My Puffer program will make self-extracting/decrypting executables. Puffer is a
Windows app but the exe's made are 16-bit DOS. See web site below for more info.
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Sites using Global ID from verisign
Date: Tue, 16 Mar 1999 16:38:32 GMT
In article <7clcuj$l46$[EMAIL PROTECTED]>,
Alberty Pascal <pal@nospam*bsb.be> wrote:
>I'm searching any sites using the Global ID from verisign which permit
>to export grade browsers to initate 128 bits ssl tunneling with
>SGC compliant web servers.
Try financial service sites (online banking and brokerages)
like www.schwab.com and so forth.
------------------------------
From: [EMAIL PROTECTED] (Aidan Skinner)
Subject: Re: hash in javascript
Date: 15 Mar 1999 23:01:06 GMT
On Mon, 15 Mar 1999 14:02:51 -0000, sol <[EMAIL PROTECTED]> wrote:
>if i could implament a hash in javascript on the client (proboblay take a
>year right) i would pefer to pass that and compare that to a pre hashed one
>on the server
You may wish to investigate SRP: http://srp.stanford.edu/
- Aidan
--
"Every time I see her I want to geek..."
"I say geek. If she runs then it was never meant to be. But if you talk
about routers, TCP/IP and programming and she stays, she's yours until the
counter flips"
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: pRNG that is "predictable to the left"?
Date: Tue, 16 Mar 1999 16:54:44 +0100
Christoph Haenle wrote:
>
> The advantage of making it possible to compute previous values is that
> the receiver doesn't have to archieve all values while he's still able
> to retrieve them if needed.
>
> For example, if you want to keep track of the numbers chosen in a
> lottery for the past n years, all you need to do is store the most
> recent
> outcome.
To analyze a good generator one would normally need a sufficiently
large quantity of values. But in this case, if one happens somehow
to obtain a recent value then the job is done. I suppose this
aspect should not be neglected.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Dominik Werder)
Subject: Re: Test vectors for RC4
Date: Tue, 16 Mar 1999 16:46:13 GMT
Youre right, but for example IDEA is not broken too, and Bruce
Schneier likes this algorithm very much....
Can I use RC4 to encrypt a network connection?
On Mon, 15 Mar 1999 16:19:45 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>Dominik Werder wrote:
>>
>> I search some test vectors for the RC4 algorithm.
>> And I have a question: How strong is RC4 as encryption algorithm?
>> (normal RC4, plainbyte XOR pseudo-random-byte)
>> thanks!
>
>Questions of your type is in general ill-posed. For an algorithm that
>is broken, the question need not be asked; for an algorithm
>that is not yet broken the strength can not be expressed because
>there is no standard unit of strength of encryption algorithms to
>measure that unambiguiously.
>
>M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
