Cryptography-Digest Digest #896, Volume #8 Wed, 13 Jan 99 04:13:04 EST
Contents:
Re: MacOS implementation of Blowfish / Twofish? (Wolf)
signature ("hapticz")
Re: MacOS implementation of Blowfish / Twofish? (Brad Aisa)
Re: Comments & note for Bryan (Re: coNP=NP Made Easier?) ("Patrick White")
Re: On the Generation of Pseudo-OTP (Patrick Juola)
Re: Practical True Random Number Generator ([EMAIL PROTECTED])
Re: Practical True Random Number Generator (Mok-Kong Shen)
Re: Birthday Attack calculations. (Terry Ritter)
Re: Contents of server gated certificates (Paul Rubin)
Re: Practical True Random Number Generator (Mok-Kong Shen)
Re: MacOS implementation of Blowfish / Twofish? (Wolf)
Re: Birthday Attack calculations. (Fred Van Andel)
Re: Help: a logical difficulty (Gurripato (x=nospam))
encryption-decryption ([EMAIL PROTECTED])
Re: What is better : Blowfish, Des, Tripple-Des ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Wolf <[EMAIL PROTECTED]>
Subject: Re: MacOS implementation of Blowfish / Twofish?
Date: Tue, 12 Jan 1999 20:21:17 -0600
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In article <j1Pm2.93$[EMAIL PROTECTED]>,
david <[EMAIL PROTECTED]> wrote:
> Can anyone point me to a Mac implementation of these
> or similar algorithms?
>
> Source language unimportant.
The only MacOS Blowfish implementation I've found is a piece of
freeware called MacBlowfish I ran across while foraging (I can't
recall where, maybe Replay), but I can't recommend it.
Its "Read Me" file states, "Who wrote these programs? A couple
of guys ... just for kicks. That's about all we have to say and
about all you need to know."
I played with it a bit before archiving it.
If you run across another, please let me know.
Regards.
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.0
Comment: RSA & DH Keys Available On Keyservers
iQA/AwUBNpwC7I7Et3TIxVBTEQJ5wACgyhPJCr4ugkNXOwv+tfBSbtnOPe0AmwfG
Zf9K0Roc5z1ZPcgdEm9FA/Nv
=2rfF
=====END PGP SIGNATURE=====
--
W O L F | [EMAIL PROTECTED]
"A little while she strove and much repented; And
whispering, 'I will ne'er consent' - consented."
- BYRON, "Don Juan," I
------------------------------
From: "hapticz" <[EMAIL PROTECTED]>
Subject: signature
Date: Tue, 12 Jan 1999 23:46:30 -0500
is there any way to use pgp signatures with outlook express without using
one of the commercial sites like Verisign??
--
best regards
[EMAIL PROTECTED]
------------------------------
From: Brad Aisa <[EMAIL PROTECTED]>
Subject: Re: MacOS implementation of Blowfish / Twofish?
Date: Tue, 12 Jan 1999 22:46:12 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Wolf wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>[message snipped]
> -----END PGP SIGNATURE-----
>
> --
> W O L F | [EMAIL PROTECTED]
> "People whose sigs are outside their signatures shouldn't
> be surprised if their sigs are tampered"
> - AISA, "This Post"
- --
Brad Aisa
[EMAIL PROTECTED] -- PGP 5.0 public key available at:
http://keys.pgp.com:11371/pks/lookup?op=get&search=0x6F053CE9
"Laissez faire."
=====BEGIN PGP SIGNATURE=====
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNpwW14AccBBvBTzpEQLqQgCbBEFYUxbZCAa14YM83ud02X3Rvp4An1Xu
ZOXNW+fPBlb8b0ESa4LIB55V
=NqCs
=====END PGP SIGNATURE=====
------------------------------
From: "Patrick White" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.theory
Subject: Re: Comments & note for Bryan (Re: coNP=NP Made Easier?)
Date: Wed, 13 Jan 1999 00:13:48 -0500
I just discovered and read this thread. Seems that many early posts are
lost, so I don't know what 26,27,46 and 47 are, and neither can I resolve
which problem SS is (subset sum perhaps?).
Nonetheless, you should all know that Ilias is entirely and unarguably
correct in all he has said. He gets an "A" in a solid undergraduate course
in Complexity Theory.
If you want to aruge more with Ilias, make sure you _completely_ understand
the first 12 chapters of Hopcroft and Ullman, or all of Kozen's new text,
because he has this material mastered.
(well, acutally you can gloss over the chapters on uncomputability, Post's
correspondence problem, and context-sensitive languages)
And actually, after you read the requisite chapters, you'll also realize
that Ilias is right and the argument will disappear into the ether. poof.
wouldn't that be nice?
-Patrick
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: On the Generation of Pseudo-OTP
Date: 12 Jan 1999 14:37:37 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On 12 Jan 1999 10:41:35 -0500, [EMAIL PROTECTED] (Patrick Juola)
>wrote:
>
>>It's *always* possible to compress *some* outputs of any generator.
>>However, if you can easily compress pi by a technque related to
>>the base-16 generator, this means that not all substrings are
>>equiprobable in all contexts.
>
>I still don't see that. Please elaborate.
>
>If I take the first 1,000 sequences from a TRNG, I can compress the
>concatenation somewhat. The fact that the concatnation was not the
>result of a digit expansion of pi should be irrelevant, unless there
>is some particular property of pi that imakes it fundamentally
>different from the concatenation of sequences from a TRNG.
The trick is that the ability to compress "some" outputs isn't really
meaningful.
For example, here's a really stupid compression algorithm :
If the string to be compressed is "1011011101111000101001:, output 0.
Otherwise, output a 1, then output the string to be compressed.
This compresses "some" strings (specifically, the memorized string)
in such a fashion that it can be reconstructed. It also expands
other strings by one byte. A simple pigeonhole argument will reveal
that *ALL* compression algorithms, when evaluated over all 2^N strings
of length N or less, must expand some of them if they compress any
of them, and will at best do nothing over an appropriately defined
average.
This, by the way, explains both why you can't (effectively) compress
a compressed file and why anyone who claims to have a universal compression
scheme that compresses ANYTHING is selling snake oil. But I digress.
The point, then, is that compressibility, per se, doesn't mean anything.
What is interesting, when you talk about real-world compression schemes,
is that they can be shown to work on some interesting subset of the
set of all strings -- for example, text has lots of interesting properties
(like the fact that it's very redundant) so there should be an algorithm
or two out there that compresses text well (and expands stuff that
isn't text). Voila, enter Bell, Witten, and someone's book on _Text
Compression_.
However, there's no a priori reason to believe that pi belongs to
any interesting class with interesting properties. And, in fact,
if it *had* any interesting propertites that made pi part of a
distinguishable class that compressed easily, then it wouldn't
really be random.
Your statement above, that you can compress the concatenation of
1000 sequences from a TRNG, is at best only probably true. In
point of fact, it's most likely false -- UNLESS the TRNG is generating
odd sequences.
The key is whether you pick the number first and then select a
compression algorithm, or you pick the algorithm and then select
a number. For any given number, there is (of course) an algorithm
that compresses it. But for any given compression algorithm, if
you pick a random number, with probability near 1, it will not
successfully compress that number.
-kitten
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Practical True Random Number Generator
Date: 13 Jan 1999 07:00:31 GMT
Reply-To: [EMAIL PROTECTED]
to get a random number you could use a polarized single-photon source and
then run it through a polarizer at an angle so that it's 50-50 weither or
not the photon gets through and then read the result into binary. of
course i don't think that single-photon sources are currently up to this...
--
Lamont Granquist ([EMAIL PROTECTED])
ICBM: 47 39'23"N 122 18'19"W
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Practical True Random Number Generator
Date: Wed, 13 Jan 1999 08:55:21 +0100
[EMAIL PROTECTED] wrote:
>
> Mok-Kong Shen wrote:
> >
> > R. Knauer wrote:
> >
> > > >I don't see why the modified version is better than the original.
> > >
> > > You are introducing symmetry into the measurements, and now the
> > > direction of time does not matter - so systematic errors such as the
> > > decay of the radioactive source over time are cancelled and cannot
> > > cause bias in the bitstream.
> >
> > Sorry, being not a physicist, I find it difficult to understand
> > the 'direction of time'. Isn't it that time is uni-directional?
> > Or could you refer to literature on perhaps the reversal of the
> > direction of time? Thanks in advance.
> >
>
> Think of radioactive decay: The probability to get a count within a
> fixed time - let's call it t1 - becomes smaller because of the decay.
> Because of that the probability of 't2 < t1' is smaller than that of
> 't1 < t2' - this is the bias he talked about.
>
> Now write the counts down on a tape. You may move along this tape either
> in one or in the other direction. If you are moving in the same
> direction as the time you'll get more 't1 < t2' while when moving in the
> opposite direction you'll get more 't2 < t1', so by changing the
> direction of time (or by changing the direction of your movement:)
> you'll change the number of 0es and 1es, so your results are dependent
> on the 'direction of time'.
> Since time is unidirectional in the world as we can see it this causes
> the bias.
>
> BTW: Most physical processes are independent of time, only entropy in a
> closed system is always growing.
> Is our world based on the movement towards chaos?
I understand now that the original sentence means that due to decay
the remaining material becomes less. But that, I presume, gives
rise to a solution of a differential equation that becomes smaller,
involving an exponential term. But in the present context of
measurements for two successive time intervals, how much is this
effect (from the exponential term) compared to the measurement errors
of the apparatus, including also the error of the time signal?
If the former is very small compared to the latter (I don't know),
then we don't need to consider it in practice. Would you say something
to my point? Thanks.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Birthday Attack calculations.
Date: Wed, 13 Jan 1999 07:52:27 GMT
On Wed, 13 Jan 1999 06:50:51 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (Fred Van Andel) wrote:
>[...]
>Using the equasion below the AVERAGE number of hashes that need to be
>tested is calculated by:
> i = 1'
> odds = 1;
> M = Whatever;
> while( odds > 0.5)
> {
> odds = odds * (M-i)/M;
> i++;
> }
>
>For a value of 1,000,000, i is 1178.
Which seems to compare rather well to the value 1177.9 computed from
my formula in the earlier posting:
| s(N,p) = (1 + SQRT(1 - 8N ln(p))) / 2
|
|where s is the expected number of samples needed, N the size of
|the population being sampled, and p the given probability.
|
|For N = 10**6 and p = 0.5 (so ln(p) = -0.693) we get 1177.9 instead
|of the usual handwave SQRT(N) = 1000 [...]
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Contents of server gated certificates
Date: Wed, 13 Jan 1999 07:14:35 GMT
In article <77gngq$tk5$[EMAIL PROTECTED]>,
Lyal Collins <[EMAIL PROTECTED]> wrote:
>Work I did on MS IIS3 and SGC a few months ago showed there is a separate
>root cert for SGC functions.
So can you load new SGC roots into the browsers???
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Practical True Random Number Generator
Date: Wed, 13 Jan 1999 09:02:59 +0100
Patrick Juola wrote:
>
> >Sorry to say that after having read in another thead many occurences
> >of the term 'Bayesian Attack' I still have yet no concrete idea of
> >an implementation of such an attack. I mean I am still ignorant of
> >literatures that enable me to try to lauch such an attack on
> >a given cipher.
>
> Quoting from
> http://fi-www.arc.nasa.gov/ic/projects/bayes-group/group/html/bayes-theorem-long.html
>
> >Bayes' theorem gives the rule for updating belief in a Hypothesis H
> >(i.e. the probability of H) given additional evidence E, and background
> >information (context) I:
> >
> > p(H|E,I) = p(H|I)*p(E|H,I)/p(E|I) [Bayes Rule]
> >
> >The left-hand term, p(H|E,I), is called the posterior probability, and
> >t gives the probability of the hypothesis H after considering the effect
> >of evidence E in context I. The p(H|I) term is just the prior probability
> >of H given I alone; that is, the belief in H before the evidence E is
> >considered. The term p(E|H,I) is called the likelihood, and it gives the
> >probability of the evidence assuming the hypothesis H and background
> >information I is true. The last term, 1/p(E|I), is independent of H, and
> >can be regarded as a normalizing or scaling constant. The information I
> >is a conjunction of (at least) all of the other statements relevant to
> >determining p(H|I) and p(E|I).
>
> In practical terms, it means that you can reason from the observed
> event (the evidence E) to the cause in a probabilistic fashion -- if
> you observe E, then the most likely hypothesis H is one that maximizes
> the probability of the hypothesis itself, together with the probability
> that the hypothesis would produce the effect.
>
> Stripped of (some of) the mathematical mumbo-jumbo, it means that
> we can reason about the probability of a particular input text being
> the plaintext based on the probability that a given stream was generated
> by our generators.
I think I have learnt some basic notions of the Bayesian theory. My
difficulty is how to turn that theory to actually attack a given
cipher. In the special case of streaming key from a generator,
if the generator is of not exactly known (to the analyst) type or
has a large number of parameters, I just don't see how one can plan
to design an implementation in the first place.
M. K. Shen
------------------------------
From: Wolf <[EMAIL PROTECTED]>
Subject: Re: MacOS implementation of Blowfish / Twofish?
Date: Tue, 12 Jan 1999 23:22:10 -0600
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In article <[EMAIL PROTECTED]>,
Brad Aisa <[EMAIL PROTECTED]>, apparently bored
one weekday evening, decided to change someone's
sig from a perfectly reasonable literary quote to:
> > W O L F | [EMAIL PROTECTED]
> > "People whose sigs are outside their signatures shouldn't
> > be surprised if their sigs are tampered"
> > - AISA, "This Post"
>
>
> - --
> Brad Aisa
> [EMAIL PROTECTED] -- PGP 5.0 public key available at:
> http://keys.pgp.com:11371/pks/lookup?op=get&search=0x6F053CE9
>
> "Laissez faire."
I still prefer _my_ quote, but thanks for the suggestion. ;)
Regards.
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.0
Comment: RSA & DH Keys Available On Keyservers
iQA/AwUBNpwtcI7Et3TIxVBTEQKVkACg2s/A/my8jBkH0s1rOBtGkUsAnuMAnR/W
5rDnuRvGiqfs2mpyBOHbXytG
=4l/q
=====END PGP SIGNATURE=====
--
W O L F | [EMAIL PROTECTED]
"A little while she strove and much repented; And
whispering, 'I will ne'er consent' - consented."
- BYRON, "Don Juan," I
------------------------------
From: [EMAIL PROTECTED] (Fred Van Andel)
Subject: Re: Birthday Attack calculations.
Date: Wed, 13 Jan 1999 06:50:51 GMT
Reply-To: [EMAIL PROTECTED]
"Trevor Jackson, III" <[EMAIL PROTECTED]> wrote:
>Thanks for the background exposition. I think I am slightly confused over the odds of
>finding the first collision and the odds of finding no or any collisions.
>
>For the purposes of the original issue we want the odds of finding the first
>collision.
>I.e., the expected wait. The series formula I described indicates the probability of
>finding no collisions, which also gives (by 1-p) the probability of finding any number
>of collisions.
>
>Presumably even odds of finding a single collision should take less work than even
>odds
>of finding all collisions. Is this correct?
Using the equasion below the AVERAGE number of hashes that need to be
tested is calculated by:
i = 1'
odds = 1;
M = Whatever;
while( odds > 0.5)
{
odds = odds * (M-i)/M;
i++;
}
For a value of 1,000,000, i is 1178.
Fred Van Andel
------------------------------
From: [EMAIL PROTECTED] (Gurripato (x=nospam))
Crossposted-To: sci.math
Subject: Re: Help: a logical difficulty
Date: Wed, 13 Jan 1999 08:47:20 GMT
On Tue, 12 Jan 1999 08:23:11 -0700, "Tony T. Warnock"
<[EMAIL PROTECTED]> wrote:
>> Amusingly enough, it became obvious when the local Blockbuster video
>> store switched to computerizing their videos for sale (as well as the
>> rented ones), as movies like "The 4th Protocol" moved from the "F's" to
>> the beginning of the section (as in ASCII). Bleh.
>
>It's worse in Spanish, Coahuila comes before Chihuahua. It is the
>responsibility of the program to get it right, not the users. Violation of
>this principle contributes the distrust of computers.
It is not a software problem. In Spanish, "ch" represents a
sound, and is not considered as c+h, but as a single entity. Get a
Spanish dictionary, and the words will be arranged as a,b,c,ch,d,e...
------------------------------
From: [EMAIL PROTECTED]
Subject: encryption-decryption
Date: Wed, 13 Jan 1999 08:36:16 GMT
Hi,
I'm looking for a suitable algorithm to encrypt a sequence of digits.
The plain sequence contains between 2 and 10 digits.
The encrypted sequence should contain only digits and should be of the same
length as the plain sequence.
I also need the decryption algorithm please.
Please send any suggestions/remarks directly to me at:
[EMAIL PROTECTED]
Thanks,
Zohar
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What is better : Blowfish, Des, Tripple-Des
Date: Wed, 13 Jan 1999 06:46:50 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> nRg wrote:
> > What is better and safer ?
> >
> > a blowfish encryption with 448bits
> > a DES encryption with 56bits
> > a Triple DES Encyrption with 112bits
>
> Blowfish and 3DES are almost certainly safer than DES; there's no
> effective difference in the key length (i.e. both are "long enough").
> DES is no longer secure enough for many applications, but is safer than
> sending plaintext. "Better" depends on the application: Blowfish is
> faster, 3DES is an easier drop-in replacement for DES, and DES should
> soon be exportable from countries that want to be able to read your
> transactions.
>
> > Are there any new technologies ? Please give me a URL to download them
>
> Yes, many. For the AES candidates to replace DES, see (for example)
> Brian Gladman's collection at http://www.seven77.demon.co.uk/aes.htm .
>
> For many real-world applications you'll be well served by using a
> canned package with strong crypto such as PGP, or rolling your own
> with tested techniques like CipherSaber ( http://ciphersaber.gurus.com ).
>
> --
> Jim Gillogly
> Sterday, 21 Afteryule S.R. 1999, 23:46
> 12.19.5.15.6, 6 Cimi 19 Kankin, Ninth Lord of Night
>
Actually the AES candidateS that are replaCements for the NSA clipper
are just trojan horse routines that the NSA is trying to force
on the public. The entropy in them is way to small to guarantee
safe secure encrypted message exchanges over the internet and
should not be trusted. A very very big Hill cipher or something
like a true all or nothing encryption method would better suit
ones needs for most security.
David A. Scott
Professional thorn in the side to fishy weak encryption methods!
http://cryptography.org/cgi-bin/crypto.cgi/Misc/scott19u.zip
http://members.xoom.com/ecil/index.htm
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
