Cryptography-Digest Digest #444, Volume #9 Thu, 22 Apr 99 10:13:02 EDT
Contents:
Re: SHA-1 as f-function in Feistel construction (RDJ)
Re: Rijndael (Phil Howard)
DH keys in PGP ([EMAIL PROTECTED])
Re: Question about DH keys? ([EMAIL PROTECTED])
Re: mcrypt ([EMAIL PROTECTED])
Re: mcrypt (Christian Schroeter)
Symmetric encryption: Secret algorithms?? (Peter Gunn)
password pattern recognition ("chris G�nther")
Re: Prime Numbers Generator ("Trevor Jackson, III")
XTEA paper in PDF format now ([EMAIL PROTECTED])
Re: Free chapters from Handbook of Applied Cryptography ([EMAIL PROTECTED])
Re: Adequacy of FIPS-140 (R. Knauer)
Cryptography FAQ (01/10: Overview) ([EMAIL PROTECTED])
Cryptography FAQ (02/10: Net Etiquette) ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: (RDJ)
Subject: Re: SHA-1 as f-function in Feistel construction
Date: Thu, 22 Apr 1999 09:13:53 GMT
On Wed, 21 Apr 1999 08:29:33 -1000, Piso Mojado <[EMAIL PROTECTED]> wrote:
>That was written up for the Sixth Fast Software Encryption Workshop
>(FSE-6). The authors were Jacobsson, Stern, and Yung.
>"Scramble All, Encrypt Small."
>
>Scramble All, Encrypt Small: sharing work with a smart card
...
>The message is padded by the Card with a k bit random number. The
>padded message M is split in half ML, MR being two halves.
>The Host hashes the two halves and XORs in a Feistel network with
>the other half, making CL CR, two ciphertexts. The host extracts
>the last k bits of CR with and the Card encrypts that. The Host
>places that encrypted block in place of the extracted k bits.
>The message is now encrypted.
>
>To decrypt, the Host splits the ciphertext in half and sends the k
>bits of CR to the Card to decrypt. The host puts the decrypted block
>in place of the k bits. The Host hashes CR and CL and XORs in a Feistel
>structure with CL and CR to recover the message.
Thanks for the implementation example. Do you have any idea of (or do
you know where I should look to find) the apparent strength of a
SHA-1/Feistel cyhper?
Thanks again,
RDJ
------------------------------
From: [EMAIL PROTECTED] (Phil Howard)
Subject: Re: Rijndael
Date: Thu, 22 Apr 1999 08:21:49 GMT
On Wed, 21 Apr 1999 08:34:08 -1000 Piso Mojado ([EMAIL PROTECTED]) wrote:
| Paul Gover wrote:
| >
| > Paul Koning wrote:
| > > It's two syllables. The first one requires a sound not found in
| > > most languages. For a reasonable approximation, try "rhine-dahl".
| >
| > Am I right in vaguely recalling that "ij" actually came about as a
| > typesetter's approximation to "y" with a dieresis (") over it, so
| > the sound is a modified "y"?
| >
| > Paul Gover
|
| Rain Doll roll the R
I guess we'll probably end up giving it a shorter English spelling
like: ryndal
--
Phil Howard KA9WGN
[EMAIL PROTECTED] [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: DH keys in PGP
Date: Thu, 22 Apr 1999 01:37:25 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
How do DH keys work in PGP? I though it was a
key-agreement algorithm?
BTW, I am PGP signing my messages for two
reasons, A) something to play with. B) Charles
Booher, nuff said.
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0.2i
iQA/AwUBNx58APIPgV4W6pz7EQIHJQCgmFuDIVuSMC4e6Te9QGU1icHhX1gAoKNo
dczLTGvAWoDYsq/nx+2W4/aq
=/OSw
=====END PGP SIGNATURE=====
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Question about DH keys?
Date: Thu, 22 Apr 1999 10:58:54 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
> You're thinking of RSA. Diffie-Hellman doesn't work like that.
> The DH keys are not interchangeable.
>
Don't DH keys require an interactive protocal? How do they know the
shared secret
g^(x * y) mod P
When there is no feedback?
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0.2i
iQA/AwUBNx7/pvIPgV4W6pz7EQKXeQCg0f9VX0IRNtvoazLlM64RW+YsHDkAn0fd
FwsUwcSMrNNyQuIf0+NLEk6L
=HlXj
=====END PGP SIGNATURE=====
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: mcrypt
Date: Thu, 22 Apr 1999 10:56:17 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
> I've created a replacement for unix crypt. I used unpatented block
> algorithms like blowfish, twofish-128, tea (extended), safer64/128,
> des, tripledes, 3way, cast-128, rc2 and gost. The source code of
these
> algorithms is based on the code found in ftp.funet.fi/pub/crypt. As
you
> see there is nothing new (eg. algorithms) but rather an
implementation
> of the existing ones.
> The program can be found at ftp://argeas.cs-net.gr/pub/unix/mcrypt
> It is intended to run on all unix machines (64bit or 32bit, big or
> little-endian). These algorithms run in ECB, 8bit CBC, CBC or 8bit
OFB
> modes. Mcrypt is currently under development but it seems stable
enough.
> I released it under the GNU General Public License.
> I'd appreciate any feedback and comments.
Well I couldn't get to the FTP site.... I will try later.
May I suggest adding compression? That would make known
plaintext attacks rather difficult. Why not try the LZO compression
library, it's free and really fast.
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0.2i
iQA/AwUBNx7/CvIPgV4W6pz7EQI+3gCdFesXJ9aXgiO2UoTB17zTgGWg3r0AnArv
DuXv3SAib3gYeqQ+1YQ2GYD2
=p3VZ
=====END PGP SIGNATURE=====
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Christian Schroeter <[EMAIL PROTECTED]>
Subject: Re: mcrypt
Date: Thu, 22 Apr 1999 13:26:22 +0200
Reply-To: [EMAIL PROTECTED], [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> [...]
>
> Well I couldn't get to the FTP site.... I will try later.
me2
>
>
> May I suggest adding compression? That would make known
> plaintext attacks rather difficult. Why not try the LZO compression
> library, it's free and really fast.
...and where can I get the lib?
CU,
Christian
--
Die Europaeische Union will eMail-Werbung auf Kosten des Empfaengers
erlauben. Die c't sammelt zur Zeit "Unterschriften" um eine Petition
an das EU-Parlament weiterzureichen. Unter der URL
>>> http://www.politik-digital.de/spam/ <<<
kannst Du mehr erfahren, wenn es Dich interessiert.
------------------------------
From: Peter Gunn <[EMAIL PROTECTED]>
Subject: Symmetric encryption: Secret algorithms??
Date: Thu, 22 Apr 1999 12:23:23 +0100
It seems to me that most people's first impressions of
computer cryptography is that the algorithm is hidden
and the attacker has to somehow work this out from
the ciphertext. Perhaps this is just because not having
seen any encryption routines it is a logical first step
to try and work out the encryption routine before trying
to break it for a particular ciphertext, even tho this
is generally considered to be a freebie... either by
the fact its documented, or via reverse engineering.
Then when you find out a bit more, most ciphers are
'static' functions which combine plaintext with
material derived from a key to produce ciphertext...
C=P+K (where + means 'combine')
This is good stuff, and very effective and efficient.
But, it seems to me that any cipher is only 'secure'
as long as a way has not been found to comprimise
its intended brute force decryption effort, and that
can never be proven since people invent new ways of
attacking ciphers all the time.
It is therefore logical that applications designed
for any non-trivial period of longevity need to
support multiple algorithms in case some of the
one's it relies on gets comprimised.
Ive also noticed that encryption algorithms tend
to be designed to be implemented using a few
simple operations like shifts, adds, XOR, and so on.
So, I guess that its possible to implement a
reasonably efficient general purpose cipher
"interpreter" (or compiler?) based on a few
simple operations which could handle a number
of the popular block ciphers currently around,
and have the advantage that it could easily
be extended to handle new algorithms as they
are invented.
Taking this a stage further, would it not be
possible for the key or part of the key
to represent the cipher itself... and therefore
make cryptanalysis a real pain :-)
Of course, you'd have to have a mechanism of
generating such "key ciphers" as random
instructions probably wouldnt do anything
useful, but Im sure there are countless billions
of safe variations of common algorithms
that could be used.
Food for thought??
ttfn
PG.
------------------------------
From: "chris G�nther" <[EMAIL PROTECTED]>
Subject: password pattern recognition
Date: Thu, 22 Apr 1999 13:05:36 +0200
Hello all
I have succesfully programmed a stored procedure within my SQL-Server which
generates passwords for the users of our inter(intra-)net.
Now I'd like to know how good it works - say how difficult it is to get the
algorythm which genrates the passwords or maybe to find out a password.
For this reason I'm looking for a person who is able (and likes) to check an
excel-table (or as well a txt-document) with 5000-100000 passwords.
If anyone things he/she can do this and wants to try out if he/she can
figure out how the passwords are generated please mail me at:
[EMAIL PROTECTED]
thanX in advance
chris
------------------------------
Date: Thu, 22 Apr 1999 21:16:04 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Prime Numbers Generator
On a lark I launched the program mentioned below on a medium sized
workstation (details below). It has been running for over 70 wall-clock
hours getting 35 hours of CPU time. Since the algorithms appear to be
disk-intensive, the 50% fraction could be right. Very little else has
been running on the machine because the progam is barely nice.
However, the fact that the output files is at 861 MB, well over the
final size expected give me some pause. I suspect something is wrong.
-- Trevor
Th machine specs are as follows:
233 MHz K6
192 MB RAM
8 GB NTFS partition, around 3 GB free on a 40 Mb/sec SCSI (Adaptec
2940UW)
32-bit Windows, server version 4.00 build 1381 patch level 4
[EMAIL PROTECTED] wrote:
>
> Hello all,
>
> Using this program you can generate all
> prime numbers in the diapason from 2 to
> 0FFFFFFFFh. The program runs ca. 10 hours.
> The output file 'prime.hex' has the length
> ca. 694 Mb. The record's length is 4 bytes
> (dword-Assembler, integer- Delphi).
>
> Please be aware that 4 bytes in memory
> are dword type. You can get a correct presentation
> after loading dword in register or using correct
> integer type. You can split the output file
> using your own routine. The file can be 30 %
> compressed.
>
> To download the executable and Delphi 4
> source code (ZIP 161 Kb) please go in
> the download area at
>
> www.online.de/home/aernst
>
> Link : Prime numbers generator
>
> Known problem.
> The executable file is compiled under Windows NT.
> Would you start it under Windows 95/98 you should
> resize the dialog window. To avoid this the source
> should be recompiled.
>
> Regards
> Alex
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: XTEA paper in PDF format now
Date: Thu, 22 Apr 1999 11:02:53 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Howdy,
Cedomir Igaly was nice enough to convert the .RTF file
to .PDF so now more people can read the paper.
The paper talks about TEA and the proposed X-TEA (by the
TEA group) and the modifications I made (XTEA-1, XTEA-2 and
XTEA-3).
The paper is not strictly formal, but still is complete (abstract,
intro,
conlcusion and references)
This is my first paper actually being reconized. So if you want
to check it out, it's at
http://members.tripod.com/~tomstdenis/xtea.pdf
Thanks,
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0.2i
iQA/AwUBNx8AlvIPgV4W6pz7EQIgowCfRSiGZpyZwj+geX8WKr5K7pK2gowAniAS
ne9bey1ox5dKHcFdYRXCAFdD
=zDX6
=====END PGP SIGNATURE=====
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Free chapters from Handbook of Applied Cryptography
Date: Thu, 22 Apr 1999 10:53:42 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
> from our "Handbook of Applied Cryptography" for free download from
> our web site: www.cacr.math.uwaterloo.edu/hac/
> We hope these chapters will be of use to people.
> Any comments in this regard are greatly appreciated.
See now you people are really nice. You say 'read this book'
and you actually have it available.
Good work !!!
Hoorah for the nice people!
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0.2i
iQA/AwUBNx7+bvIPgV4W6pz7EQKzFwCfb8kRY2ZXgkid8rk2PtC5A3rmfL4AoP3G
Y0z1vbsij9/LsAmetA0WoiQi
=Fu+Z
=====END PGP SIGNATURE=====
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Adequacy of FIPS-140
Date: Thu, 22 Apr 1999 13:19:05 GMT
Reply-To: [EMAIL PROTECTED]
On 21 Apr 1999 18:10:39 -0400, [EMAIL PROTECTED] (Leonard R.
Budney) wrote:
>I would agree that an exhaustive search is not easy. However, text
>pulled from the web does suffer the same drawbacks as a book code:
>popular books offer a high probability of success; and human
>engineering is possible. For example, an ardent Christian is likely
>to use a Bible, hymnal, or some such.
>
>In the case of web documents, lots of human engineering is
>available. Proxy logs can be reviewed, network traffic (and hence
>viewing habits) scanned, altavista queries can isolate the few
>hundreds or thousands of documents reflecting strong interests,
>hobbies, etc..
You are leaving out some important considerations. You would acquire
textstreams from diverse random sources, some of which change on a
daily basis like newsfeeds, and you would obtain the streams by
offsetting into each text in a random manner. Then you would hash
these text streams individually and strongly mix them to create the
keystream.
Doing it in such manner would result in a number of combinations that
is far too large for an exhaustive search. Just linking to each
possible text source is impossible in any reasonable time.
Bob Knauer
European Parliament's Scientific and Technological Options Assessment,
Appraisal of Technologies of Political Control, including Mark-Free
Torture, implemented by the British military in Northern Ireland:
http://jya.com/stoa-atpc.htm
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers
Subject: Cryptography FAQ (01/10: Overview)
Date: 22 Apr 1999 13:25:58 GMT
Reply-To: [EMAIL PROTECTED]
Archive-name: cryptography-faq/part01
Version: 1.0
Last-modified: 94/01/11
This is the first of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read this part before the rest. We
don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in the last part.
Disclaimer: This document is the product of the Crypt Cabal, a secret
society which serves the National Secu---uh, no. Seriously, we're the
good guys, and we've done what we can to ensure the completeness and
accuracy of this document, but in a field of military and commercial
importance like cryptography you have to expect that some people and
organizations consider their interests more important than open
scientific discussion. Trust only what you can verify firsthand.
And don't sue us.
Many people have contributed to this FAQ. In alphabetical order:
Eric Bach, Steve Bellovin, Dan Bernstein, Nelson Bolyard, Carl Ellison,
Jim Gillogly, Mike Gleason, Doug Gwyn, Luke O'Connor, Tony Patti,
William Setzer. We apologize for any omissions.
If you have suggestions, comments, or criticism, please let the current
editors know by sending e-mail to [EMAIL PROTECTED] Bear in
mind that this is a work in progress; there are some questions which we
should add but haven't gotten around to yet. In making comments on
additions it is most helpful if you are as specific as possible and
ideally even provide the actual exact text.
Archives: sci.crypt has been archived since October 1991 on
ripem.msu.edu, though these archives are available only to U.S. and
Canadian users. Another site is rpub.cl.msu.edu in /pub/crypt/sci.crypt/
from Jan 1992. Please contact [EMAIL PROTECTED] if you know of
other archives.
The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto,
sci.answers, and news.answers every 21 days.
The fields `Last-modified' and `Version' at the top of each part track
revisions.
Table of Contents
=================
1. Overview
2. Net Etiquette
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
2.2. Do political discussions belong in sci.crypt?
2.3. How do I present a new encryption scheme in sci.crypt?
3. Basic Cryptology
3.1. What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key?
3.2. What references can I start with to learn cryptology?
3.3. How does one go about cryptanalysis?
3.4. What is a brute-force search and what is its cryptographic relevance?
3.5. What are some properties satisfied by every strong cryptosystem?
3.6. If a cryptosystem is theoretically unbreakable, then is it
guaranteed analysis-proof in practice?
3.7. Why are many people still using cryptosystems that are
relatively easy to break?
3.8. What are the basic types of cryptanalytic `attacks'?
4. Mathematical Cryptology
4.1. In mathematical terms, what is a private-key cryptosystem?
4.2. What is an attack?
4.3. What's the advantage of formulating all this mathematically?
4.4. Why is the one-time pad secure?
4.5. What's a ciphertext-only attack?
4.6. What's a known-plaintext attack?
4.7. What's a chosen-plaintext attack?
4.8. In mathematical terms, what can you say about brute-force attacks?
4.9. What's a key-guessing attack? What's entropy?
5. Product Ciphers
5.1. What is a product cipher?
5.2. What makes a product cipher secure?
5.3. What are some group-theoretic properties of product ciphers?
5.4. What can be proven about the security of a product cipher?
5.5. How are block ciphers used to encrypt data longer than the block size?
5.6. Can symmetric block ciphers be used for message authentication?
5.7. What exactly is DES?
5.8. What is triple DES?
5.9. What is differential cryptanalysis?
5.10. How was NSA involved in the design of DES?
5.11. Is DES available in software?
5.12. Is DES available in hardware?
5.13. Can DES be used to protect classified information?
5.14. What are ECB, CBC, CFB, and OFB encryption?
6. Public-Key Cryptography
6.1. What is public-key cryptography?
6.2. How does public-key cryptography solve cryptography's Catch-22?
6.3. What is the role of the `trapdoor function' in public key schemes?
6.4. What is the role of the `session key' in public key schemes?
6.5. What's RSA?
6.6. Is RSA secure?
6.7. What's the difference between the RSA and Diffie-Hellman schemes?
6.8. What is `authentication' and the `key distribution problem'?
6.9. How fast can people factor numbers?
6.10. What about other public-key cryptosystems?
6.11. What is the `RSA Factoring Challenge?'
7. Digital Signatures
7.1. What is a one-way hash function?
7.2. What is the difference between public, private, secret, shared, etc.?
7.3. What are MD4 and MD5?
7.4. What is Snefru?
8. Technical Miscellany
8.1. How do I recover from lost passwords in WordPerfect?
8.2. How do I break a Vigenere (repeated-key) cipher?
8.3. How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...]
8.4. Is the UNIX crypt command secure?
8.5. How do I use compression with encryption?
8.6. Is there an unbreakable cipher?
8.7. What does ``random'' mean in cryptography?
8.8. What is the unicity point (a.k.a. unicity distance)?
8.9. What is key management and why is it important?
8.10. Can I use pseudo-random or chaotic numbers as a key stream?
8.11. What is the correct frequency list for English letters?
8.12. What is the Enigma?
8.13. How do I shuffle cards?
8.14. Can I foil S/W pirates by encrypting my CD-ROM?
8.15. Can you do automatic cryptanalysis of simple ciphers?
8.16. What is the coding system used by VCR+?
9. Other Miscellany
9.1. What is the National Security Agency (NSA)?
9.2. What are the US export regulations?
9.3. What is TEMPEST?
9.4. What are the Beale Ciphers, and are they a hoax?
9.5. What is the American Cryptogram Association, and how do I get in touch?
9.6. Is RSA patented?
9.7. What about the Voynich manuscript?
10. References
10.1. Books on history and classical methods
10.2. Books on modern methods
10.3. Survey articles
10.4. Reference articles
10.5. Journals, conference proceedings
10.6. Other
10.7. How may one obtain copies of FIPS and ANSI standards cited herein?
10.8. Electronic sources
10.9. RFCs (available from [FTPRF])
10.10. Related newsgroups
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers
Subject: Cryptography FAQ (02/10: Net Etiquette)
Date: 22 Apr 1999 13:26:14 GMT
Reply-To: [EMAIL PROTECTED]
Archive-name: cryptography-faq/part02
Last-modified: 94/06/13
This is the second of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read the first part before the rest.
We don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in the last part.
The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto,
sci.answers, and news.answers every 21 days.
Contents:
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
2.2. Do political discussions belong in sci.crypt?
2.3. How do I present a new encryption scheme in sci.crypt?
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
Read news.announce.newusers and news.answers for a few weeks. Always
make sure to read a newsgroup for some time before you post to it.
You'll be amazed how often the same question can be asked in the same
newsgroup. After a month you'll have a much better sense of what the
readers want to see.
2.2. Do political discussions belong in sci.crypt?
No. In fact some newsgroups (notably misc.legal.computing) were
created exactly so that political questions like ``Should RSA be
patented?'' don't get in the way of technical discussions. Many
sci.crypt readers also read misc.legal.computing, comp.org.eff.talk,
comp.patents, sci.math, comp.compression, talk.politics.crypto,
et al.; for the benefit of people who don't care about those other
topics, try to put your postings in the right group.
Questions about microfilm and smuggling and other non-cryptographic
``spy stuff'' don't belong in sci.crypt either.
2.3. How do I present a new encryption scheme in sci.crypt?
``I just came up with this neat method of encryption. Here's some
ciphertext: FHDSIJOYW^&%$*#@OGBUJHKFSYUIRE. Is it strong?'' Without a
doubt questions like this are the most annoying traffic on sci.crypt.
If you have come up with an encryption scheme, providing some
ciphertext from it is not adequate. Nobody has ever been impressed by
random gibberish. Any new algorithm should be secure even if the
opponent knows the full algorithm (including how any message key is
distributed) and only the private key is kept secret. There are some
systematic and unsystematic ways to take reasonably long ciphertexts
and decrypt them even without prior knowledge of the algorithm, but
this is a time-consuming and possibly fruitless exercise which most
sci.crypt readers won't bother with.
So what do you do if you have a new encryption scheme? First of all,
find out if it's really new. Look through this FAQ for references and
related methods. Familiarize yourself with the literature and the
introductory textbooks.
When you can appreciate how your cryptosystem fits into the world at
large, try to break it yourself! You shouldn't waste the time of tens
of thousands of readers asking a question which you could have easily
answered on your own.
If you really think your system is secure, and you want to get some
reassurance from experts, you might try posting full details of your
system, including working code and a solid theoretical explanation, to
sci.crypt. (Keep in mind that the export of cryptography is regulated
in some areas.)
If you're lucky an expert might take some interest in what you posted.
You can encourage this by offering cash rewards---for instance, noted
cryptographer Ralph Merkle is offering $1000 to anyone who can break
Snefru-4---but there are no guarantees. If you don't have enough
experience, then most likely any experts who look at your system will
be able to find a flaw. If this happens, it's your responsibility to
consider the flaw and learn from it, rather than just add one more
layer of complication and come back for another round.
A different way to get your cryptosystem reviewed is to have the NSA
look at it. A full discussion of this procedure is outside the scope
of this FAQ.
Among professionals, a common rule of thumb is that if you want to
design a cryptosystem, you have to have experience as a cryptanalyst.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
