Cryptography-Digest Digest #936, Volume #8 Wed, 20 Jan 99 14:13:02 EST
Contents:
Re: Metaphysics Of Randomness (R. Knauer)
Re: Metaphysics Of Randomness (Patrick Juola)
Re: Metaphysics Of Randomness (R. Knauer)
Re: (fwd) DES Challenge III Broken in Record 22 Hours ! (JPeschel)
Re: Metaphysics Of Randomness (R. Knauer)
Re: SSL - How can it be safe? (Paul Crowley)
Re: Metaphysics Of Randomness ([EMAIL PROTECTED])
Re: Metaphysics Of Randomness (R. Knauer)
Re: Metaphysics Of Randomness (Patrick Juola)
Re: Newbie Hashing Question (Mr. Tines)
Re: Metaphysics Of Randomness (R. Knauer)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Metaphysics Of Randomness
Date: Wed, 20 Jan 1999 14:39:21 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 20 Jan 1999 08:42:55 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>No. I know silly metaphysics when I see it. Not all metaphysics is silly.
Just what are those characteristics of such "silly metaphysics"? Is
the sole criterion for "silly" metaphysics that it offends your
personal prejudices?
The only way to show that a concept is "silly" is to show that it is
actually incorrect. Calling a concept by a pejorative name like
"silly" does not do anything but expose your personal biases.
I remind you that one famous scientist, Newton, was a practicing
sorcerer who spent considerable time and effort trying to fabricate
the Philosophers Stone. His famous "action at a distance" came
directly from Hermitic alchemy.
But your point is well taken, as the famous Sokal Hoax has
demonstrated recently. Nevertheless, no idea, however "silly" it might
seem at the outset, should be rejected outright just because it is not
part of contemporary dogma.
At the very least, an counterargument should be offered to show that
it is not a correct idea. As precise as physical science and
mathematics are, one would think that is not all that much to ask.
>Wrong. Totally, completely whacked.
That is very likely correct when viewed in a dogmatic manner. But I
remind you that there are still respected scientists who sincerely
believe that randomness and entropy are caused by human ignorance and
are not a fundamental property of physical reality.
In any event, calling a speculation "whacked" does not qualify as a
formal rebuttal. All it does is to expose your cultural bigotry
regarding scientific speculation.
>No. The key does not lose its randomness. Given the ciphertext they key is not
>revealed. Your conjecture is whaked. QED.
There you go again - trying to pass off ad hominems as scientific
proof.
Since you cannot offer anything substantive to this conjecture, you
might want to sit it out. After all, huddling in the middle of the
herd is much more comfortable for most people, especially dogmatic
people.
Best leave the "whacked" out speculation for thick-skinned people who
do not care personally what others think about their "silly"
conjectures - like me.
Bob Knauer
"Whatever you can do, or dream you can, begin it. Boldness has
genius, power and magic in it."
--Goethe
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Metaphysics Of Randomness
Date: 20 Jan 1999 09:49:17 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On 20 Jan 1999 08:13:48 -0500, [EMAIL PROTECTED] (Patrick Juola)
>wrote:
>
>>Another example -- the probability of any random child being a boy
>>is slightly higher than 0.5 (more boys are born than girls, by
>>a ratio of about 11:10).
>
>That must be the result of eugenic sex selection (since people prefer
>male babies), since I always heard that female babies outnumbered male
>babies by something like 55:45.
You heard wrong, I'm afraid. Male babies outnumber female babies,
even in the absence of (noticeable) sex selection.
>>And, at the extreme, if I had a single
>>atom of uranium in my possession, the odds of it decaying (or not)
>>while I watch it are not only not 0.5 -- but also dependent upon
>>the time I watch it.
>
>I have a problem with the last part of that statement.
>
>The probability that a particular (single) nucleus will decay in the
>time interval t -> t + dt is a constant independent of the time of
>that interval. This leads to the exponential decay law since:
>
>dN/dt = - k N.
This is true only if you watch for an infinitesimal amount of time
(which by definition is a fixed duration).
If you watch twice as long, you have -- to a first approximation --
approximately twice the chance of seeing a decay event. You can
test this yourself. Customers entering a bank do so at approximately
a Posson rate; watch the bank door for a minute, and have a friend of
yours watch for two minutes. The smart money would bet that your
friend has a greater chance of seeing someone come in.
>You said that you had a *single* nucleus in your possession, in which
>case there are no statistics involved, only the uniform probability
>for a decay event over time. IOW, the probability for a single nucleus
>to decay in the next 1 second interval is the same for it to decay in
>any 1 second interval for all time.
But not the same as the probability for it to decay in a three second
interval, which is approximately three times as great.
-kitten
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Metaphysics Of Randomness
Date: Wed, 20 Jan 1999 15:22:46 GMT
Reply-To: [EMAIL PROTECTED]
On 20 Jan 1999 09:49:17 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>You heard wrong, I'm afraid. Male babies outnumber female babies,
>even in the absence of (noticeable) sex selection.
Are you absolutely sure that such is the case, even going back several
decades in America?
>This is true only if you watch for an infinitesimal amount of time
>(which by definition is a fixed duration).
But that is what is meant by the instantaneous rate of decay. Once you
start averaging over an ensemble of nuclei then you get statistical
phenomena happening. Your comment had to do with a single nuclei, so I
did not consider it as part of an ensemble.
>If you watch twice as long, you have -- to a first approximation --
>approximately twice the chance of seeing a decay event. You can
>test this yourself. Customers entering a bank do so at approximately
>a Posson rate; watch the bank door for a minute, and have a friend of
>yours watch for two minutes. The smart money would bet that your
>friend has a greater chance of seeing someone come in.
That is because the finite time interval allows statistical phenomena
to take place. Obviously as the interval of observation increases
there is an increased probability that a decay will occur. But that
says nothing about the decay of a single nuclei, which is what I
thought you were commenting about.
>But not the same as the probability for it to decay in a three second
>interval, which is approximately three times as great.
The randomness of radioactive decay comes from an equal a priori
probability for decay in an infinitesimal interval. IOW, the decay
process does not care about statistical phenomena like you describe -
and that is what makes it random, the fact that any particular nucleus
can decay any time it pleases with equal (instantaneous) probability.
Bob Knauer
"Whatever you can do, or dream you can, begin it. Boldness has
genius, power and magic in it."
--Goethe
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: (fwd) DES Challenge III Broken in Record 22 Hours !
Date: 20 Jan 1999 17:29:40 GMT
>Mok-Kong Shen <[EMAIL PROTECTED]> writes:
>RSA Code-Breaking Contest Again Won by Distributed.Net and
>Electronic Frontier Foundation (EFF)
thanks Mok-Kong, I shall add the RSA link to my contest section!
J
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Metaphysics Of Randomness
Date: Wed, 20 Jan 1999 17:26:23 GMT
Reply-To: [EMAIL PROTECTED]
On 20 Jan 1999 10:48:07 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>Yes, but I'm not discussing *rates* -- I'm discussing *events*.
>The probability of an event occuring is formally independent of
>the rate until the factor of time enters into it....
I think this is just a semantic problem. What you meant by a "single"
event is not how I use the word "single" in this context. By "single"
event you meant one event, whereas I mean a particular event. That is
a prejudice I acquired from having spent time long ago doing such
calculations on a particular nucleus as it diffused about in a dilute
alloy.
By "single" you mean "any decay" from an ensemble of nuclei whereas I
mean "a particular decay" from a sample of only one nucleus. Those are
completely different meanings in terms of this discussion.
With that in mind, indeed you can talk statistically about a single
event, namely the next decay in some interval of time, whereas using
my meaning, the interval is not relevant in terms of its occurance in
time.
English is a pesky language, eh.
Bob Knauer
"Whatever you can do, or dream you can, begin it. Boldness has
genius, power and magic in it."
--Goethe
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: SSL - How can it be safe?
Date: 20 Jan 1999 10:18:54 -0000
[EMAIL PROTECTED] (Stefek Zaba) writes:
> SSL (and its IETF standards-track flavour, TLS), as most commonly used, has
> only the *server* authenticated.
"as most commonly used": are there flavours of use that authenticate
the client too then? And are there Web browsers than can do these
flavours?
tia,
--
__
\/ o\ [EMAIL PROTECTED] http://www.hedonism.demon.co.uk/paul/ \ /
/\__/ Paul Crowley Upgrade your legacy NT machines to Linux /~\
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Metaphysics Of Randomness
Date: Wed, 20 Jan 1999 18:08:16 GMT
Organization: DECUServe
Lines: 57
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (R. Knauer)
writes:
> On Wed, 20 Jan 1999 02:37:23 GMT, Darren New <[EMAIL PROTECTED]>
> wrote:
>>No. I'm saying that it is impossible to actually build a piece of
>>hardware that will run a program for which you cannot tell whether it
>>will halt. If your program only has a finite space to work in, then you
>>can write another program that will tell you whether it will halt.
>
> I wonder how this relates to the definition of a TRNG. In order for a
> TRNG to be capable of outputing all possible sequences of a given
> length equiprobably, must it have an "infinite space" to work with?
We can always decide whether a finite, deterministic algorithm will halt.
We cannot always decide whether a finite, nondeterministic algorithm will
halt.
We cannot always decide whether an infinite, deterministic algorithm will
halt.
We cannot always decide whether an infinite, nondeterministic algorithm will
halt.
It doesn't take "infinite space" to make it impossible to determine
whether a non-deterministic algorithm will halt.
This is not rocket science.
> Does the radioactive TRNG have an infinite space by virtue of the fact
> that the probability that a decay occur in t -> t + dt is a constant
> independent of time, and therefore the decay can occur at infinite
> time? Or does it mean that the wavefunction for the radioisotope has
> an infinite number of possible states? Is there something being
> "computed" behind the scenes in Quantum Mechanics?
It doesn't have "infinite space" in the first place, so these
maunderings are pointless.
> In any event, it is a tenent of crypto that you will fail to generate
> a true random number with a finite state machine, which implies - as
> you have pointed out for the Turing Machine - that one must have a
> system with an infinite number of states to get true randomness.
"True randomness" is a statistical property. No matter how many
states a deterministic machine has, it does not produce "random"
output in the statistical sense of the word. A deterministic machine
produces exactly one possible output. The probability of generating
that output is 100%. Not very random.
No matter how few states a non-deterministic machine has, it can
produce random output. If we can characterize each transition in
a non-deterministic finite state automaton as having a certain
probability then we can characterize the resulting output as having
a certain random distribution.
"Chaitin randomness" is not a statistical property. It is an intrinsic
attribute of strings. But then I thought we were all pretty well agreed
that "Chaitin randomness" was not a cryptographically useful concept.
John Briggs [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Metaphysics Of Randomness
Date: Wed, 20 Jan 1999 18:26:07 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 20 Jan 1999 12:32:32 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>OK then. On those grounds, let it be known that in my insufficiently humble opinion
>there is a negative amount of truth in your conclusion.
Oh, but that is a certainty, because I am not an Expert. Only Experts
have the enormous burden of having to be correct all the time.
Non-experts like me can be wrong and it won't ruin our day.
BTW, I happened to be reading a particular part of that book I have
cited several times ("Fire In The Mind"), and it just so happens that
the passage is focused on how randomness in Quantum Mechanics is
"dissipated" by the environment - which is one physicist's theory of
how one goes from the quantum realm to the classical realm.
It starts on page 161 and goes like this:
+++++
"If we follow the approach of some of the people at Santa Fe and Los
Alamos and admit information as another fundamental, along with mass
and energy, then quantum theory can be viewed in a subtly different
light. All that is required to break the symmetry of the wave function
is information processing. Not only are conscious observers
superfluous - the theory does not even require artifical observers
like photographic emulsions or photoelectric cells. The universe
itself might process information just as it processes matter and
energy.
[...]
"At Los Alamos, [Wojciech] Zurek and some of his colleagues have been
examining the difference between quantum and classical measurements in
an attempt to better understand how we come to know the world. The
trick, they say, is to follow the information. Where does it go when
we make a quantum measurement? In addition to its static attributes -
mass, spin, that which makes it an electron, a photon, or whatever - a
quantum particle carries this huge complex of dynamic information: the
wave function describing every possible state, and every possible
combination of states, that it might assume. When it is measured and
takes on one of these states, to the exclusion of all others, what
happens to the extra information? Does it dissipate into the
environment in an irreversible act of erasure?"
+++++
The writer goes on to discuss that part of this theory in which
collapse of the wavefunction is directly related to the loss of all
that information carried around by quantum particles. That information
is lost to the environment, and it is this continual loss of
information which causes the Classical Universe to be what it is.
So - speculating on the disappearance of randomness in a key when it
is used to encrypt a message is not quite as "silly" as it may seem at
first glance, at least if you want to speculate on the the ultimate
roots of randomness in the physical world. After all, it is that very
random character of such physical processes that are required to make
a TRNG work properly - so there is some king of tie-in somewhere.
Maybe.
Bob Knauer
"A man with his heart in his profession imagines and finds
resources where the worthless and lazy despair."
--Frederic the Great, in instructions to his Generals
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Metaphysics Of Randomness
Date: 20 Jan 1999 12:10:11 -0500
In article <01be4492$0ead3960$[EMAIL PROTECTED]>,
John Feth <[EMAIL PROTECTED]> wrote:
>
>
>R. Knauer <[EMAIL PROTECTED]> wrote in article
><[EMAIL PROTECTED]>...
>
>Snip
>
>> You cannot just preserve only those sequences that fit into your
>> information theory, sequences which individually pass some test
>> regarding entropy. That is an incorrect notion for purposes of crypto,
>> where randomness is the property of how the sequences are generated,
>> not a property of the sequences per se (for arbitrarily long
>> sequences).
>
>Gee, Bob, the digits in a sequence are either demonstrably correlated, or
>not. If they are not correlated, they occur randomly.
Doesn't follow, I'm afraid.
First, just because they're correlated doesn't mean that they're
*demonstrably* correlated; that's not a mathematical question but
a psychological one, depending on the mathematician's creativity and
mathematical talent.
Second, just because something is random does not mean that they're
uncorrelated.
> There is no test
>which will show how a random sequence was created, viz., no test which will
>show "...(that) randomness is the property of how the sequences are
>generated, not a property of the sequences per se.." as you suggest.
Yes, but there are certainly tests that will show you that *non*randomness
is a property of how the sequence was generated and not a property of
the sequence(s) per se. Randomness is what's left after you throw
out everything non-random.
-kitten
------------------------------
From: Mr. Tines <[EMAIL PROTECTED]>
Subject: Re: Newbie Hashing Question
Date: 19 Jan 1999 22:52 +0000
###
On Tue, 19 Jan 1999 21:42:25 GMT, in <[EMAIL PROTECTED]>
[EMAIL PROTECTED] (chris) wrote.....
>
> is one implementation of Saphhire II -based hashing the same as
> all other implementations?
>
> will the results of Updating a Sapphire II hash object with a
> given string yield the same results as Updating a different
> implementation with the same string?
It should do - provided that it is the same byte stream
that you're hashing (things like line ends and character
set encodings vary between machines).
-- PGPfingerprint: BC01 5527 B493 7C9B 3C54 D1B7 248C 08BC --
_______ {pegwit v8 public key =581cbf05be9899262ab4bb6a08470}
/_ __(_)__ ___ ___ {69c10bcfbca894a5bf8d208d001b829d4d0}
/ / / / _ \/ -_|_-< www.geocities.com/SiliconValley/1394
/_/ /_/_//_/\[EMAIL PROTECTED] PGP key on page
### end pegwit v8 signed text
ebd5a1c656bcf7f07545eff7fe791fced3537f9a9dac36fdb58c39b3ec9a
105895a6d969951fb3cbbfba787d10ddfe9bab3564a14e3848c1ac2f630d
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Metaphysics Of Randomness
Date: Wed, 20 Jan 1999 17:50:38 GMT
Reply-To: [EMAIL PROTECTED]
On 20 Jan 1999 16:26:24 GMT, "John Feth" <[EMAIL PROTECTED]>
wrote:
>Gee, Bob, the digits in a sequence are either demonstrably correlated, or
>not. If they are not correlated, they occur randomly. There is no test
>which will show how a random sequence was created, viz., no test which will
>show "...(that) randomness is the property of how the sequences are
>generated, not a property of the sequences per se.." as you suggest.
I never claimed that there was a property of the sequences per se. I
have always stated that crypto-grade randomness is a property of how
the numbers are generated - at least ever since our discussions over a
year ago.
This discussion has raged on for as long as I have been on sci.crypt,
which is off and on for over a year. We had a huge discussion
involving many participants from different fields which resulted in
over 1,000 posts by one person's count.
When we got finished, there was a prevailing consensus of opinion
regarding what we called "crypto-grade randomness" - the strongest
randomness required to prevent a Bayesian Attack on the OTP
cryptosystem.
That consensus led to the result that crypto-grade randimness is not a
property of a given random number, but the result of the number being
produced by a True Ramdom Number Generator (TRNG). A TRNG is a device
based on a physical process that is inherently random, e.g., a quantum
process like radioactive decay. Even chaotic processes were ruled out
because their randomness is not crypto-grade randomness, just a form
of obscurity caused by lack of calculational precision.
The property of a TRNG which makes it suitable for generating
crypto-grade random numbers is that it is capable of producing all
possible sequences of a given finite length equiprobably. The number
thus produced is random not because of some intrinsic characteristic
it has itself, but because it is generated by a TRNG. That means that
the sequences 111...1 and 000...0, however pathological they might
seem (and however improbable they might be), are nonetheless valid
random output sequences, and hence qualify as crypto-grade random
numbers.
The purists would not even permit filtering them out for fear of
ruining the proveable security of the OTP system. Later I contended
that you could use them for diagnostics without affecting the security
of the OTP for practical purposes. But that is academic since such
numbers have a vanishingly small probability of occurance for any
practical length OTP.
The upshot of all this is that there is no characteristic property of
a particular random number per se that makes it random or non-random.
All possible sequences of a given length are random for crypto
purposes if they are produced by a TRNG. The reason, of course, it
that if any sequence is produced equiprobably, then the there is no
reason for a cryptanalyst to believe any particular key is preferred
as the OTP. If there are 2^N equiprobable keys, then there are as many
possible messages. That means no one message is probable to any
measure. IOW, the system is proveably secure.
I have reiterated these comments in entirety a couple times recently
and the experts here have agreed with them. The fact that some people
still insist on characterizing a particular number as random or
non-random based solely on some presumed intrinsic property of the
number per se, is incorrect - at least according to the prevailing
consensus of opinion of cryptographers on sci.crypt.
Bob Knauer
"Whatever you can do, or dream you can, begin it. Boldness has
genius, power and magic in it."
--Goethe
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
