Cryptography-Digest Digest #493, Volume #9 Mon, 3 May 99 09:13:03 EDT
Contents:
Re: A challenge for you ! ("Douglas A. Gwyn")
Re: True Randomness & The Law Of Large Numbers ("Douglas A. Gwyn")
Re: Algorithms where encryption=decryption? (Anne Veling)
Re: Random Number Generator announced by Intel ([EMAIL PROTECTED])
Re: A challenge for you ! (Jim Gillogly)
Re: Factoring breakthrough? (Terje Mathisen)
mcrypt again (Nikos Mavroyanopoulos)
Re: A challenge for you ! (Russell)
Re: A challenge for you ! (Jim Gillogly)
Re: Hot new algorithm? (Jan-Christoph Puchta)
Re: A challenge for you ! (Russell)
Re: Stream Ciphers and Quantum Computer Resistance (David Crick)
Re: Hot new algorithm? (pete)
AES what's up? ([EMAIL PROTECTED])
Re: True Randomness & The Law Of Large Numbers ("Trevor Jackson, III")
Re: mcrypt again ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: A challenge for you !
Date: Mon, 03 May 1999 06:29:20 GMT
[EMAIL PROTECTED] wrote:
> No one ever tries to crack programs without source code.
It's the encryption that wants cracking, not necessarily the
original program used to perform the encryption. I took a quick
look at it and found lots of patterns, e.g. a certain pair of
bytes (the only ones with codes > octal 177) always occurred
together. Judging by the amount of pattern, I think it might be
no harder to crack than, say, the Zodiac ciphers (one of which is
still uncracked, by the way, if anybody wants a possibly
*important* cipher challenge to work on). But I lack the time
and motivation to delve into this one. We haven't heard from
Jim yet, maybe he's already cracked it.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Mon, 03 May 1999 06:38:46 GMT
"R. Knauer" wrote:
> You cannot infer the value of p from the 1-bit bias of a particular
> sequence.
Nobody except you has suggested that.
> Try to make sense out of this claim:
> "The probability p is determined to be 1/2 with a probability of 95%."
> What kind of sheer lunacy is that - a probability of a probability?
The problem with the claim you put in "quotes", which of course none
of your opponents is claiming, is that "p is 1/2" is what Rubin has
called a "point null hypothesis", i.e. it is *infinitely precise*
and therefore incapable of being supported by any finite amount of
actual evidence. However, that has nothing to do with the FIPS-140
Monobit test (or other statistical tests).
There is no lunacy in distributions of distributions. Alan Turing
exploited this idea to great advantage in certain cryptanalytic
applications.
------------------------------
From: Anne Veling <[EMAIL PROTECTED]>
Subject: Re: Algorithms where encryption=decryption?
Date: Mon, 03 May 1999 09:34:37 +0200
Emmanuel BRESSON wrote:
>
> Anne Veling wrote:
>
> > Or f(x)=1/x (not so useful for encryption)
>
> Why not ??? It works perfectly (computing modulo n, of course)
> Emmanuel
Because division of integers yields reals from time to time.
If my message is 4 (modulo 5) and I use 1/x for encryption, then what is
the encrypted message? 1/4=0.25 modulo 5??
Anne.
--
Anne Veling
[EMAIL PROTECTED]
http://www.medialab.nl/crew/anne/
According to the latest official figures, 43% of all statistics are
totally worthless.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Random Number Generator announced by Intel
Date: Mon, 03 May 1999 07:29:31 GMT
A recent quote from some Russian "Rocket Scientists" turned commercial
software developers. "Rocket science is nothing, all you need is a
container with one end cut off and an explosion."
Hey, they said it not me! They have a great additude about the
changes in the former Soviet Union. Oh and if you can spec it, they
can write it.
On Fri, 30 Apr 1999 12:54:50 +0100, Daniel James
<[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, Mok-Kong Shen wrote:
>> > The random
>> > number generator is only for use when an operating system is running,
>> > according to the documentation.
>> Can someone say what 'only for use when an operating system is running'
>> means?
>>
>
>At a guesss: it means that the instructions that retrieve the random data
>can only be used in operating system code, not in application program
>code. IOW in ring 0 code.
>
>You'd then need some kind of device driver for the OS of your choice to
>provide a user-mode API to access the information.
>
>Not rocket science.
>
>Cheers,
> Daniel.
>
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: A challenge for you !
Date: Mon, 03 May 1999 01:17:51 -0700
Jim Gillogly wrote:
> Another thing I noticed: look at the distribution of "words",
> where a word is defined as a set of non-space characters between
> spaces:
...
> Interestingly, even "word" lengths are far more common than odd
> lengths, all the way down. This may suggest some kind of digraphic
> system, with two bytes of ciphertext representing a single letter,
> presumably not including the spaces.
Oops, I was counting one space in the "word" lengths, so it's the
odd lengths that are most prevalent. This could indicate instead
a digraphic system that <includes> the space; or perhaps a system
where one member of the pair carries the information and the other
is a null.
--
Jim Gillogly
Highday, 12 Thrimidge S.R. 1999, 08:01
12.19.6.2.17, 13 Caban 5 Uo, Third Lord of Night
------------------------------
From: Terje Mathisen <[EMAIL PROTECTED]>
Subject: Re: Factoring breakthrough?
Date: Mon, 03 May 1999 08:54:40 +0200
Paul Rubin wrote:
>
> Terje Mathisen <[EMAIL PROTECTED]> wrote:
> >> The way of sieving that everyone has been using for 10 or 15 years
> >> doesn't take cache effects into account at all. As the speed of chips
> >> continues to increase faster than the latency of main memory, a
> >> cache-friendly method is bound to become more widespread eventually!
> >
> >Actually Rob, this has already happened, AFAIK.
> >
> >My own toy sieve code uses just 128 KB of table space, reusing the same
> >block for each new area to be searched.
>
> He's not talking about Erastosthenes' sieve ;-).
Sorry, I should have made it clearer that I do know there's a (big)
difference. :-)
That's why I called my own version a "toy sieve".
It would probably have been more instructional to list the speedups I
gained after making my toy version more cache friendly, as in 2-3X
faster.
I was once beaten in a programming competition where the winner's
approach was one I had considered, and decided against since it offered
no reduction in the number of data blocks searched, while using a less
dense memory layout.
What I had forgotten about though, was the fact that this alternate
approach would eventually get much better data cache reuse! (David
Stafford, the winner, ended up almost exactly twice as fast as my
theoretically (disregarding cache effects) more efficient algorithm.)
OTOH, I have absolutely no idea what the breakthrough we're supposed to
learn about tomorrow is going to look like. :-(
Terje
--
- <[EMAIL PROTECTED]>
Using self-discipline, see http://www.eiffel.com/discipline
"almost all programming can be viewed as an exercise in caching"
------------------------------
From: [EMAIL PROTECTED] (Nikos Mavroyanopoulos)
Subject: mcrypt again
Date: 3 May 1999 08:22:20 GMT
In a previous posting I announced the mcrypt program. I've received
some feedback about the fact that the program takes the plaintext
password given, and passes it to the cipher. I actually implemented
a mode where only 7bits (the most significant bit is stripped) of the input
characters are used but the previous mode is the default.
Do you think that this is a flaw in the program?
Some people suggested using an md5 sum of the keyword given, but I do not
think that this improves security in a brute force attack, am I right?
I plan to implement a mode where only 6bits of every input character
are used... (the most significant bit and the one next to it are stripped).
Do you think that this is adequate?
Nikos Mavroyanopoulos
mailto:[EMAIL PROTECTED]
http://sg1.math.uoi.gr/~ma06205
------------------------------
From: Russell <[EMAIL PROTECTED]>
Subject: Re: A challenge for you !
Date: Mon, 03 May 1999 19:49:34 +1200
Thanks to everyone who posted, ive learnt my lesson and i wont to it
again :)
After ive sorted it out, i will post the actual algorithm, but at the
moment its just a huge mess.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: A challenge for you !
Date: Mon, 03 May 1999 00:47:53 -0700
Douglas A. Gwyn wrote:
> I took a quick
> look at it and found lots of patterns, e.g. a certain pair of
> bytes (the only ones with codes > octal 177) always occurred
> together. Judging by the amount of pattern, I think it might be
> no harder to crack than, say, the Zodiac ciphers ... But I lack the time
> and motivation to delve into this one. We haven't heard from
> Jim yet, maybe he's already cracked it.
I also took a quick glance at it, and, like you, haven't had the
time to do a good job on it. Besides the stuff you mentioned,
the frequencies are not at all even, with some heavy outliers.
The space at the beginning looks like it could be a real space.
I don't doubt that it could be cracked by someone with a little
more enthusiasm.
Another thing I noticed: look at the distribution of "words",
where a word is defined as a set of non-space characters between
spaces:
Length #
4 255
5 9
6 172
7 5
8 114
9 6
10 81
11 8
12 55
13 5
14 39
16 37
17 7
18 19
19 4
20 19
21 4
22 13
23 5
24 4
25 1
26 4
27 2
28 4
31 1
32 1
34 2
36 1
50 2
Interestingly, even "word" lengths are far more common than odd
lengths, all the way down. This may suggest some kind of digraphic
system, with two bytes of ciphertext representing a single letter,
presumably not including the spaces.
Frank Lewis, one of the inner circle of cryptanalysts during WW2,
says that the first thing to do when approaching an unknown cipher
is to look for "phenomena": that is, anomalies in the statistics,
patterns, or traffic analysis of the cipher. Don't try to explain
them all at first, or allow them to side-track you... first just
enumerate them. Any theory you develop later for the nature of
the cipher will need to take them into account.
Modern strong ciphers are designed not to show any "phenomena" like
this, and if they do, it may indicate a weakness, whether exploitable
or not. This cipher shows a lot of phenomena, and is almost certainly
weak.
--
Jim Gillogly
Highday, 12 Thrimidge S.R. 1999, 07:30
12.19.6.2.17, 13 Caban 5 Uo, Third Lord of Night
------------------------------
From: Jan-Christoph Puchta <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.programming,de.org.ccc
Subject: Re: Hot new algorithm?
Date: Mon, 03 May 1999 09:06:21 +0200
[EMAIL PROTECTED] wrote:
>
> This is from a friend of mine. I think it's worth reading.
>
> Thanks for your feedback,
>
> Manuel
>
> -----------
>
> Numbersplit
>
> This is a method to split up big numbers into factors taking
> advantage of the 3rd binomic formula: (a-b)*(a+b)=a�+b�
This algorithm is known as Fermat's Algorithm and is quiet usefull for
factoring middle sized numbers by hand. In the form given it is much to
slow for larger numbers, however, a little consideration more leads
directly to some of the best known algorithm for factorization. Instead
of trying to solve the equation a^2-b^2=n, one solves the congruence
a^2-b^2 = 0 mod n. Now any solution yields some a and b, such that
n|(a-b)(a+b), and if a and b are random, we have some chance that not
all prime factors of n divide one of the two factors on the right hand
side. Now if one chooses an a close to n^{1/2}, computes a^2-n and
checks whether this is a square, one obtains the original algorithm.
However, there is a way to construct a direct hit from many nearly
misses: Assume that we found three numbers a_1, a_2, a_3, such that
a_1^2-n = 2b_1^2, a_2^2-n = 3 b_2^2, a_3^2-n = 6b_3^2. Then
(a1 a2 a3)^2 = (6 b1 b2 b3)^2 mod n, and we might get a nontrivial
factorization.
In practice one chooses some large set of primes and starts to look for
numbers a close to (k n)^{1/2} such that a^2-kn equals some square up to
a product of the primes chosen at the beginning, and if one found enough
such a, one has to solve some large linear equation mod 2 to construct a
factorization. One big advantage of this algorithm is that you can use
arbitrary many computers each searching in a neighbourhood of some
(k n)^{1/2}.
JCP
------------------------------
From: Russell <[EMAIL PROTECTED]>
Subject: Re: A challenge for you !
Date: Mon, 03 May 1999 22:16:50 +1200
Thanks for the analasys on it, but you are still slightly wrong :) It's
designed to trip people like you up, but i think its still fairly weak.
Jim Gillogly wrote:
> Jim Gillogly wrote:
> > Another thing I noticed: look at the distribution of "words",
> > where a word is defined as a set of non-space characters between
> > spaces:
> ...
> > Interestingly, even "word" lengths are far more common than odd
> > lengths, all the way down. This may suggest some kind of digraphic
> > system, with two bytes of ciphertext representing a single letter,
> > presumably not including the spaces.
>
> Oops, I was counting one space in the "word" lengths, so it's the
> odd lengths that are most prevalent. This could indicate instead
> a digraphic system that <includes> the space; or perhaps a system
> where one member of the pair carries the information and the other
> is a null.
>
> --
> Jim Gillogly
> Highday, 12 Thrimidge S.R. 1999, 08:01
> 12.19.6.2.17, 13 Caban 5 Uo, Third Lord of Night
------------------------------
Date: Sun, 02 May 1999 17:17:14 +0100
From: David Crick <[EMAIL PROTECTED]>
Subject: Re: Stream Ciphers and Quantum Computer Resistance
"SCOTT19U.ZIP_GUY" wrote:
>
> Actually if one wants quantum computer resistance one should not be
> so worried about reversiblity. But one should worry more about the
> overall entropy of the system.
[rest of crap deleted]
Yet again you show your ignorance, firstly of quantum computers and
algorithms (I'm doing PhD research into them), and secondly of
cryptology in general.
Your answer to everything seems to be "high entropy/long key". In
this I applaud you for consistently ranking #1 in the Snake Oil
Charts.
Perhaps the following quotes, archived at www.scramdisk.clara.net,
will give you food for thought with regards to yourself and your
oh-so-mighty scott ciphers:
(BS) "You cannot trust an encryption algorithm designed by someone
who had not 'earned their bones' by first spending a lot of time
cracking codes."
(PRZ) "...Practically no one in the commercial world of cryptography
qualified under this criterion!"
(BS) "Yes, and that makes our job at the NSA so much easier"
-- Coversation between Philip Zimmermann and Brian Snow, a senior
cryptographer with the NSA.
"Few false ideas have more firmly gripped the minds of so many
intelligent men than the one that, if they just tried, they could
invent a cipher that no one could break."
-- David Kahn
"Besides a mathematical inclination, an exceptionally good mastery
of one's native tongue is the most vital asset of a competent
programmer."
-- Edsger W.Dijkstra
"Am I being overly harsh or do others think that the multi-thousand
bit key is about sowing fear, uncertainty, and doubt for commercial
gain? DES? Not big enough! Triple DES? Not big enough! IDEA? Not
big enough! What you need is Dr. Phineas P. Snakeoil's mystery
elixir! Filled with matrices and Galois fields to improve the
digestion of dyspeptic managers everywhere! Step right up and get a
whole case full! Don't ask what's inside ladies and gentlemen! It's
a patent medicine that is only available here."
-- Stephen M. Gardner
David. (fed up of FUD)
--
+-------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] http://members.tripod.com/~vidcad/ |
| Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
| PGP Public Keys: 2048-bit RSA: 0x22D5C7A9 4096-DH/DSS: 0x87C46DE1 |
+-------------------------------------------------------------------+
------------------------------
From: pete <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.programming
Subject: Re: Hot new algorithm?
Date: Mon, 03 May 1999 07:43:57 -0400
Reply-To: [EMAIL PROTECTED]
Ross Crawford wrote:
> Pete,
> Read the algo again. It specifies z, a, b must be ODD numbers.
> Regards,
> ROSCO
Then instead, I'll say that it has the additional capability
of factoring even numbers unless (z/2) is 2 or odd.
--
pete
------------------------------
From: [EMAIL PROTECTED]
Subject: AES what's up?
Date: Mon, 03 May 1999 12:04:19 GMT
What's up with AES? Anything new? I dunno...
I have just finished reading all the papers last week, they are good. I think
the top two should be RC6/Twofish, since both seemed to have lots of work put
into them. Twofish is more public, but I think a little harder to implement
then RC6. Cast-256 looks good too as does Rijndael.
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
Date: Mon, 03 May 1999 08:14:48 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
>
> Would you characterize the process of electromagnetic radiation from
> just one measurement of the speed of light?
No, I'd make 20,000 of them. Then you'd complain that the 20,001st
might be different, and that the speed of light should not depend on a
single measurement.
Go read what you posted!
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: mcrypt again
Date: Mon, 03 May 1999 12:00:05 GMT
> In a previous posting I announced the mcrypt program. I've received
> some feedback about the fact that the program takes the plaintext
> password given, and passes it to the cipher. I actually implemented
> a mode where only 7bits (the most significant bit is stripped) of the input
> characters are used but the previous mode is the default.
> Do you think that this is a flaw in the program?
> Some people suggested using an md5 sum of the keyword given, but I do not
> think that this improves security in a brute force attack, am I right?
> I plan to implement a mode where only 6bits of every input character
> are used... (the most significant bit and the one next to it are stripped).
> Do you think that this is adequate?
>
Well we know that most bits in english are redunant (about 6.7 of them), why
not just use a 2~3 bit delta coding of the letters? You would need a longer
password (about 32 letters) but probably be more secure. Or you could take 4
bits (16 letters)... that's for 64 bit keys though...
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
