Cryptography-Digest Digest #893, Volume #8 Tue, 12 Jan 99 17:13:05 EST
Contents:
Re: On the Generation of Pseudo-OTP (R. Knauer)
Re: Practical True Random Number Generator ([EMAIL PROTECTED])
Re: On the Generation of Pseudo-OTP (R. Knauer)
Re: What is left to invent? (Jayant Shukla)
Re: RSA-Modulus decomposition (David Hamilton)
Re: On the Generation of Pseudo-OTP (John Briggs)
Re: On the Generation of Pseudo-OTP (R. Knauer)
Re: On the Generation of Pseudo-OTP (R. Knauer)
Re: For Matt (Re: coNP=NP Made Easier?) ("Arthur L. Rubin")
Re: On the Generation of Pseudo-OTP ("Tony T. Warnock")
Re: On the Generation of Pseudo-OTP (Patrick Juola)
Re: On the Generation of Pseudo-OTP (R. Knauer)
Re: Practical True Random Number Generator (R. Knauer)
MacOS implementation of Blowfish / Twofish? (david)
Re: Practical True Random Number Generator (Mok-Kong Shen)
Re: On the Generation of Pseudo-OTP (John Briggs)
Re: On the Generation of Pseudo-OTP (R. Knauer)
Re: On the Generation of Pseudo-OTP (R. Knauer)
Re: Public key source code (R. Knauer)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: On the Generation of Pseudo-OTP
Date: Tue, 12 Jan 1999 19:48:19 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 12 Jan 1999 08:29:25 -0700, "Tony T. Warnock"
<[EMAIL PROTECTED]> wrote:
>Peter Wright describes another method of breaking a OTP. MI6 would just break into a
>spy's
>flat and photograph the pad. Details in "Spycatcher."
But that is not an analytical attack, so it doesn't count in this
discussion. BTW, anyone stupid enough to let the pad be available for
pictures doesn't need a pad to begin with - except maybe a padded
cell.
Our discussion centers around ways to generate crypto-grade stream
ciphers by either grabbing something (text, music) from the Internet
or an international newspaper, etc., or from some presumably random
algorithm like digit expansion of transcendental constants. The key
would involve the offset(s) into the bitstreams, which themselves are
kept secret. The stumbling block is how to decorrelate the bitstreams,
since they will definitely have some correlation present, not having
been made by a TRNG.
The specification does not require absolute security like a TRNG based
OTP, just enough security to be practical. But whatever the security
is, it must be certified by some acceptable means, such as the
resistance to a Bayesian Attack or one like it. Also it must be
resistant to the usual protocol attacks like known/given plaintext
attacks, but that should be pretty well covered because the pads are
used only once.
You undoubtedly are asking why not just use 128-bit IDEA and be done
with it. Two reasons come to mind: 1) This is really an exercise in
understanding the many characteristics of crypto-grade randomness (at
least for me it is); 2) IDEA has never been certified as secure to the
level of a brute force attack.
Stream ciphers have the apparent advantage that the certification of
security falls back on the stream generator - and its specification is
clearly understood. By contrast, the specification of IDEA and most
other complex block ciphers are so obscure that I can't image anyone
really understanding how they work, much less if they work as
advertised.
Bob Knauer
"Anyone that can get elected, is not qualified to serve."
--Lance Bledsoe
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Practical True Random Number Generator
Date: Tue, 12 Jan 1999 20:38:10 +0100
Mok-Kong Shen wrote:
>
> R. Knauer wrote:
>
> > >I don't see why the modified version is better than the original.
> >
> > You are introducing symmetry into the measurements, and now the
> > direction of time does not matter - so systematic errors such as the
> > decay of the radioactive source over time are cancelled and cannot
> > cause bias in the bitstream.
>
> Sorry, being not a physicist, I find it difficult to understand
> the 'direction of time'. Isn't it that time is uni-directional?
> Or could you refer to literature on perhaps the reversal of the
> direction of time? Thanks in advance.
>
Think of radioactive decay: The probability to get a count within a
fixed time - let's call it t1 - becomes smaller because of the decay.
Because of that the probability of 't2 < t1' is smaller than that of
't1 < t2' - this is the bias he talked about.
Now write the counts down on a tape. You may move along this tape either
in one or in the other direction. If you are moving in the same
direction as the time you'll get more 't1 < t2' while when moving in the
opposite direction you'll get more 't2 < t1', so by changing the
direction of time (or by changing the direction of your movement:)
you'll change the number of 0es and 1es, so your results are dependent
on the 'direction of time'.
Since time is unidirectional in the world as we can see it this causes
the bias.
BTW: Most physical processes are independent of time, only entropy in a
closed system is always growing.
Is our world based on the movement towards chaos?
Andreas Enterrottacher
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: On the Generation of Pseudo-OTP
Date: Tue, 12 Jan 1999 19:50:18 GMT
Reply-To: [EMAIL PROTECTED]
On 12 Jan 1999 16:26:52 GMT, [EMAIL PROTECTED] (John Briggs)
wrote:
>My guess at your answer: An optimal compression algorithm is one that
>produces the smallest ciphertext when presented with one particular
>plaintext. You choose the plaintext first, then the compression
>algorithm. (This obviously leads to a trivial optimum, but is the only
>meaning I can think of that makes the name "Chaitin" applicable).
My answer would be for you to read Chaitin's papers and decide from
there.
Bob Knauer
"Anyone that can get elected, is not qualified to serve."
--Lance Bledsoe
------------------------------
From: [EMAIL PROTECTED] (Jayant Shukla)
Subject: Re: What is left to invent?
Date: 12 Jan 1999 19:36:32 GMT
Nicko van Someren <[EMAIL PROTECTED]> writes:
>Darren New wrote:
>> We already have
>> ...
>> , what's left to be invented?
>An efficient reproducible Random Oracle.
> Nicko
>(For those out there unfamiliar with the term, a random oracle
>is a mythical device which when presented with a question it
>gives a truly random answer, with the proviso that if the question
>has been asked before it gives the same answer as last time.
If I take a rendom data string "S" and XOR it with a data
string "D", I get a completely random answer and the answer will
always be the same for a given that data string provided you do not
change "S". So, is this a rendom Oracle?
If I understand your explanation, Random Oracles are just pseudo
random number generators and I can see that they may be useful in
strengthning a cipher against chosen plain-text attack, that's about
it.
I personally would not consider them to be a major unconquered
frontier in cryptography. A public key system, that is provably
secure (unlike RSA or DH) would be at the top of my list.
regards,
Jayant
------------------------------
From: [EMAIL PROTECTED] (David Hamilton)
Crossposted-To:
alt.privacy,alt.security,alt.security.pgp,comp.security.pgp.discuss,talk.politics.crypto
Subject: Re: RSA-Modulus decomposition
Date: Tue, 12 Jan 1999 20:28:46 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Jim Felling <[EMAIL PROTECTED]> wrote:
>I hate to say this, but -- aernst331 does not make silly, untrue claims.
I think he does Jim. In message-ID <767v5b$dv1$[EMAIL PROTECTED]> posted
to sci.crypt on 28th December with the heading 'RSA-Broken!!!', he/she said
'It is vary easy to find private key knowing correspondent public one.' This
is untrue. In this context, I regard as being implicit in the use of the word
'easy' a relatively short time scale. Although the process may be 'easy'
(factor a number), it is very time consuming to achieve the result (find the
private key). In my Pocket Oxford Dictionary, for 'easy' it says (among other
things): 'achieved without great effort'. In my view, this reinforces my
belief that, if 'it' is easy, it can be done quickly. Imagine also a real
world situation. You go to your boss who says 'Is it easy to do xxx?' You say
'Yes.' Your boss says 'Good, when can I have xxx?' You say 'In 30 years.' I
imagine your boss would think you were telling fibs!
>He makes very, very silly/useless true claims.
This is also true of course.
(snip remainder)
David Hamilton. Only I give the right to read what I write and PGP allows me
to make that choice. Use PGP now.
I have revoked 2048 bit RSA key ID 0x40F703B9. Please do not use. Do use:-
2048bit rsa ID=0xFA412179 Fp=08DE A9CB D8D8 B282 FA14 58F6 69CE D32D
4096bit dh ID=0xA07AEA5E Fp=28BA 9E4C CA47 09C3 7B8A CE14 36F3 3560 A07A EA5E
Both keys dated 1998/04/08 with sole UserID=<[EMAIL PROTECTED]>
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
Comment: Signed with RSA 2048 bit key
iQEVAwUBNpuv1Mo1RmX6QSF5AQGf0wf+LfNuXqM4pdsDWoExKyJWIdDl5J/gOFF0
yQvRs7iEfGP27h+8SpgBnXlSf6r7pFLAS4sbaQrx7gh72mIDHuw07pyZosp4iSvi
d27VVSq9Xg0PGAd1NRYuv22TMfTM3CX3dSSFvgRfj83jHAhwzh2eZiXfYf+adFam
r69vc/y4At5L4wAqyKqYqiSP1malfQBzeL7Ru2gTU7xv1B3g9HbNKOLlmLKxoFms
i1Ud8ozI48MmL6fh2z8ru9l+d+raYmK2EOaLikZovhDejilvXeVC2ORZRCFhzuec
An0oewH2UxXLm1JfE/tApAYW3aMG4Uhwo7u0MAba+ja7kaDuo+MiCw==
=vr73
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (John Briggs)
Subject: Re: On the Generation of Pseudo-OTP
Date: 12 Jan 1999 20:57:33 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (R. Knauer)
writes:
>On 12 Jan 1999 16:26:52 GMT, [EMAIL PROTECTED] (John Briggs)
>wrote:
>
>>My guess at your answer: An optimal compression algorithm is one that
>>produces the smallest ciphertext when presented with one particular
>>plaintext. You choose the plaintext first, then the compression
>>algorithm. (This obviously leads to a trivial optimum, but is the only
>>meaning I can think of that makes the name "Chaitin" applicable).
>
>My answer would be for you to read Chaitin's papers and decide from
>there.
And you duck the question again.
I've asked you a simple, direct question three times now. And you've
refused to answer three times. That's not my problem. That's yours.
John Briggs [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: On the Generation of Pseudo-OTP
Date: Tue, 12 Jan 1999 19:13:17 GMT
Reply-To: [EMAIL PROTECTED]
On 12 Jan 1999 10:39:41 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>Quick summary of a Bayesian attack :
Is there an introductory text available that describes the Bayesian
method in general terms and/or in terms of cryptanalysis - and is
accessible to the layman?
Would it be accurate to say that if a given stream cipher could
withstand a full-blown Bayesian Attack that it is proveably secure
within some practical limit? IOW, is there a way to use the Bayesian
Attack to characterize stream ciphers, by perhaps measuring the amount
of information leakage for a given slightly imperfect stream
generator?
Notice that this characterization is not being used on individual
ciphers by themselves, but is testing the entire stream cipher system
including the stream generator. This is equivalent to performing tests
on a TRNG to characterize its performance, such as measuring the decay
of a radioisotope to make sure it obeys a first order rate equation.
Applying the Bayesian test to one cipher alone is not going to
characterize the randomness of the stream generator, as we all know.
Bob Knauer
"Anyone that can get elected, is not qualified to serve."
--Lance Bledsoe
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: On the Generation of Pseudo-OTP
Date: Tue, 12 Jan 1999 19:24:48 GMT
Reply-To: [EMAIL PROTECTED]
On 12 Jan 1999 10:16:03 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>But, as my half-assed remembrance tells me, the proof is actually
>expressed in terms like "pi is 'normal' to every base", where
>'normal' means that every (finite) digit stream appears *somewhere*
>in the decimal expansion of pi.
The Web page: ftp://www.cc.u-tokyo.ac.jp/README.our_latest_record
gives some of interesting digits sequences:
0123456789 : from 17,387,594,880-th of pi
0123456789 : from 26,852,899,245-th of pi
0123456789 : from 30,243,957,439-th of pi
0123456789 : from 34,549,153,953-th of pi
0123456789 : from 41,952,536,161-th of pi
0123456789 : from 43,289,964,000-th of pi
9876543210 : from 21,981,157,633-th of pi
9876543210 : from 29,832,636,867-th of pi
9876543210 : from 39,232,573,648-th of pi
9876543210 : from 42,140,457,481-th of pi
9876543210 : from 43,065,796,214-th of pi
09876543210 : from 42,321,758,803-th of pi
That shows you at a glance the futility of trying to characterize
individual sequences as random.
>This is necessary, but not sufficient, for producing a cryptologically
>random stream.... for example, the stream
>0.123456789101112131415161718192021...
>is also 'normal' to base 10, but is pretty pathetic as an OTP.
Is it? After all, it is one of the possible, equiprobable sequences
that a TRNG can generate.
>But PGP doesn't use numbers longer than the memory of the PC it's running
>on. 2048 bits are actually pretty small when you're dealing with
>expansions of trancendental numbers.
Is that true if you are talking about digit expansions?
>Because the Bayesian attack will work by seed counting as well as on
>an individual bit basis. As a practical attack, enumerating all 128-bit
>seeds is probably not reasonable. But that also requires that you be
>able to, on demand, generate up to 2^128 bits of the trancendental
>stream of interest. Smaller than that, and you run the risk that
>someone will simply enumerate the seeds and look for patterns in them.
How about doing it this way: I take a 128-bit offset into the digit
expansion of the transcendental constant and begin the digit expansion
one digit at a time until I get a sequence of length sufficient for my
current needs. In such manner, I do not have to calculate the first
2^128 digits.
Bob Knauer
"Anyone that can get elected, is not qualified to serve."
--Lance Bledsoe
------------------------------
From: "Arthur L. Rubin" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.theory
Subject: Re: For Matt (Re: coNP=NP Made Easier?)
Date: Tue, 12 Jan 1999 00:56:20 +0700
rosi wrote:
> I repeat (how many times I did?): if NDTM is realizable, coNP=NP.
I still don't know what you mean by that. (I wrote a few papers in
complexity theory in the 70s, which doesn't necessarily make me an
expert, but I consider myself knowledgable in the field.)
--
Arthur L. Rubin [EMAIL PROTECTED]
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: On the Generation of Pseudo-OTP
Date: Tue, 12 Jan 1999 13:52:38 -0700
Reply-To: [EMAIL PROTECTED]
Patrick Juola wrote:
1) how does one prove that an arbitrary real number is normal?
I don't know. The only constructions I know are lexographic. Then one just
counts digits. There are a couple papers by Stoneham in Acta Arithmetica from
the '70s that discuss Pi. Normality is a digit property, not in general the
result of being the value of some function.
2) what other properties besides normality would make an arbitary real useful
for cryptographic purposes?
Having the digits satisfy the law of the iterated logarithm would be nice.
There is a paper in a Japanese journal (I do not remember which one.) that shows
that no number constructed along the line of Champernowne's can satisfy this
law. There is also a paper by someone (I think one of the Borwein's) that claims
expermental tests on the digits of pi. I do not know how to construct such a
test.
LIL: let S be the number of 1's in the first N digits of a binary sequence.
The law of large numbers says that S/N is about 1/2. The strong law says this is
true for almost all sequences. The LIL says that
lim sup (S-N/2) /Sqrt(2N lnln( N))=1 with probability 1 and lim inf (same) =-1.
(Hope I got the details.)
N=>infinity
This means that the fluctuations of a randomly chosen sequences behave as
expected.
Tony
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: On the Generation of Pseudo-OTP
Date: 12 Jan 1999 13:52:48 -0500
In article <[EMAIL PROTECTED]>,
Tony T. Warnock <[EMAIL PROTECTED]> wrote:
>
>
>Patrick Juola wrote:
>
>> In article <[EMAIL PROTECTED]>,
>> R. Knauer <[EMAIL PROTECTED]> wrote:
>> >On 11 Jan 1999 16:41:29 -0500, [EMAIL PROTECTED] (Patrick Juola)
>> >wrote:
>> >
>> >>>How about specific constants like ln(c) or c^1/2, etc.? Can these be
>> >>>show to be random like pi on a case by case basis?
>> >
>> >>Yes. But on a case-by-case basis. It's *NOT* the case that
>> >>all transcendental numbers are "random" in a cryptographic
>> >>sense.
>> >
>> >But how does one do the characterization? What are the criteria for
>> >deciding that a given transcendental constant produces a crypto-grade
>> >random sequence? For that matter, how do we know that pi is random?
>>
>> Arcane and heavy mathematics, which I won't bore you with -- especially
>> as I don't know the details myself. I don't even own the necessary
>> textbooks to cite from any more, it was sufficiently long ago.
>>
>> But, as my half-assed remembrance tells me, the proof is actually
>> expressed in terms like "pi is 'normal' to every base", where
>> 'normal' means that every (finite) digit stream appears *somewhere*
>> in the decimal expansion of pi.
>>
>> This is necessary, but not sufficient, for producing a cryptologically
>> random stream.... for example, the stream
>>
>> 0.123456789101112131415161718192021...
>>
>> is also 'normal' to base 10, but is pretty pathetic as an OTP.
>
>You're on the right track here. Some clarifications:
>
>"Normal to base b" means that every finite digit stream occurs with the
>proper frequency, that is 001 occurs (base 2) 1/8 of the time, etc. Borel
>(1909) showed that with probability 1, all real numbers are normal to every
>base. I do not believe that there is a proof that Pi is normal to any base.
>
>The only normal numbers that I am aware of are those constructed like your
>example.[...]
Excellent. Glad to have a real real analyst join the discussion.
I could have sworn that such a proof existed for pi, but I will
of course defer to your superior knowledge. This does, however,
raise two rather fundamental questions
1) how does one prove that an arbitrary real number is normal?
2) what other properties besides normality would make an arbitary
real useful for cryptographic purposes?
-kitten
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: On the Generation of Pseudo-OTP
Date: Tue, 12 Jan 1999 19:32:29 GMT
Reply-To: [EMAIL PROTECTED]
On 12 Jan 1999 10:17:04 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>The citation was posted somewhere. In short form, some cleverdick whose
>name I have forgotten
A triplet of cleverdicks: Bailey-Borwein-Plouffe.
http://www.mathsoft.com/asolve/plouffe/plouffe.html
"David Bailey, Peter Borwein and Simon Plouffe have recently computed
the ten billionth digit in the hexadecimal expansion of pi. They
utilized an astonishing formula: [...], which enables one to calculate
the dth digit of pi without being forced to calculate all the
preceding d-1 digits. No one had previously even conjectured that such
a digit-extraction algorithm for pi was possible."
>digits of pi -- but the technique only works in base 16.
I thought that someone hasdicovered a general method that works to
base 2 - I think I saw it by following links on the above referenced
web page.
Bob Knauer
"Anyone that can get elected, is not qualified to serve."
--Lance Bledsoe
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Practical True Random Number Generator
Date: Tue, 12 Jan 1999 21:16:36 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 12 Jan 1999 12:18:22 -0600, Medical Electronics Lab
<[EMAIL PROTECTED]> wrote:
>I've also added plenty of
>well shielded electronics and have worked with a professor of
>statistics to ensure the output is "random" in the mathematical
>sense.
Can you share with us the methods used to characterize the source as
"random". In particular what happens when you run into an output
sequence that is random in the crypto sense, but does not look random
in the sense of algorthmic complexity?
Bob Knauer
"Anyone that can get elected, is not qualified to serve."
--Lance Bledsoe
------------------------------
From: [EMAIL PROTECTED] (david)
Subject: MacOS implementation of Blowfish / Twofish?
Date: Tue, 12 Jan 1999 21:21:19 GMT
Can anyone point me to a Mac implementation of these
or similar algorithms?
Source language unimportant.
TIA.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Practical True Random Number Generator
Date: Tue, 12 Jan 1999 20:42:30 +0100
R. Knauer wrote:
>
> Unless the ciphers created from the pads can withstand a Bayesian
> Attack, the random number generator you propose is not verified to be
> crypto-grade secure.
Sorry to say that after having read in another thead many occurences
of the term 'Bayesian Attack' I still have yet no concrete idea of
an implementation of such an attack. I mean I am still ignorant of
literatures that enable me to try to lauch such an attack on
a given cipher.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (John Briggs)
Subject: Re: On the Generation of Pseudo-OTP
Date: 12 Jan 1999 21:24:04 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (R. Knauer)
writes:
>On 12 Jan 1999 10:41:35 -0500, [EMAIL PROTECTED] (Patrick Juola)
>wrote:
>
>>It's *always* possible to compress *some* outputs of any generator.
>>However, if you can easily compress pi by a technque related to
>>the base-16 generator, this means that not all substrings are
>>equiprobable in all contexts.
>
>I still don't see that. Please elaborate.
All the infinite digits of pi can be easily compressed into just
two ASCII characters: "pi". They can even be compressed further
than that.
As is trivially obvious. No elaboration should have been required.
This says nothing about the probability with which any particular
substring occurs in the decimal expansion of pi -- assuming for the
moment that this probability is even well defined in the absence of a
specific selection mechanism.
Further, a claim that the digits of pi are "normal" would not mean
that all substrings are equiprobable in all contexts. It would mean
that they are equiprobable in the limit as the size of the leading
substring of pi from which they are randomly and uniformly selected
increases without bound.
John Briggs [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: On the Generation of Pseudo-OTP
Date: Tue, 12 Jan 1999 21:33:21 GMT
Reply-To: [EMAIL PROTECTED]
On 12 Jan 1999 14:37:37 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>The point, then, is that compressibility, per se, doesn't mean anything.
I do not understand that statement.
Chaitin makes a big deal about algorithmic reducibility, where the
intent is to find an algorithm, any algorithm, that will output the
original number, but is significantly smaller than N.
>Your statement above, that you can compress the concatenation of
>1000 sequences from a TRNG, is at best only probably true.
Yes - and the probability is very small, since only a small fraction
of the 2^N sequences can be algorithmically reduced to any significant
degree by any algorithm (remember that Chaitin requires that the
algorithm has no input, so you can't use a code for the sequence).
Chaitin does a calculation where he shows that if your objective is to
reduce sequences by N-10 or more, then only 0.1% will qualify.
>In point of fact, it's most likely false -- UNLESS the TRNG is generating
>odd sequences.
Not completely false - just extremely unlikely.
>The key is whether you pick the number first and then select a
>compression algorithm, or you pick the algorithm and then select
>a number.
John Briggs was having a problem with that earlier in another post.
According to Chaitin, you can find any algorithm you want as long as
it is the minimal one.
>For any given number, there is (of course) an algorithm
>that compresses it.
But not by very much for the vast majority of sequences (see above).
>But for any given compression algorithm, if
>you pick a random number, with probability near 1, it will not
>successfully compress that number.
That is not what Chaitin has in mind with his algorithmic complexity
theory for random numbers.
Bob Knauer
"Anyone that can get elected, is not qualified to serve."
--Lance Bledsoe
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: On the Generation of Pseudo-OTP
Date: Tue, 12 Jan 1999 21:37:33 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 12 Jan 1999 20:18:58 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>But what do you say to the fact that in the case I described
>the analyst can't say which of the three possible messages
>is the true one?
To be honest I have lost that subthread. Would you kindly repeat it
from the beginning - if you think it is worth pursuing.
>> That is about as random as it gets, folks.
>Fine that you say now the word 'about'.
I would not read anything into that slang expression.
>But so can, I believe, a properly designed 'intended approximation
>to an ideal OTP' of mine! Both CAN be good to 'practical levels'.
And I would like to believe you. Please show us the your reasons for
the design, slowly and one at a time, so we can critique them.
In particular show us how you are able to remove correlations to an
acceptable level - and more importantly how you can certify that you
actually succeeded in doing so.
Bob Knauer
"Anyone that can get elected, is not qualified to serve."
--Lance Bledsoe
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Public key source code
Date: Tue, 12 Jan 1999 21:41:19 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 12 Jan 1999 17:54:29 GMT, [EMAIL PROTECTED] (Paul Rubin) wrote:
>Try Peter Guttmann's cryptlib. It's kind of complicated, but gives
>every algorithm you could want. You should be able to find it
>quickly with a web search.
For the Search-Engine-Impared:
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
Bob Knauer
"Anyone that can get elected, is not qualified to serve."
--Lance Bledsoe
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
