Cryptography-Digest Digest #576, Volume #9 Fri, 21 May 99 19:13:02 EDT
Contents:
Re: PGP Implementation of DH/DSS vs. RSA. (DJohn37050)
Re: Crypto export limits ruled unconstitutional (Patrick Juola)
Re: Reasons for controlling encryption ("Markku J. Saarelainen")
Re: Biprime Cryptography, Part II (John Savard)
Re: RSA Cryptography Question (John Savard)
Re: PGP Implementation of DH/DSS vs. RSA. (Doug Stell)
Re: Random permutation (AllanW)
Re: PK Security (Mark E Drummond)
Re: where can i find a frequency list? (Pete)
Re: Random permutation (AllanW)
Re: PGP Implementation of DH/DSS vs. RSA. ("Steven Alexander")
Re: Reasons for controlling encryption ("Stephen M. Gardner")
Re: Reasons for controlling encryption (Mike Fredenburg)
pentium 3 (Greg Bartels)
Re: Reasons for controlling encryption ("Douglas A. Gwyn")
Re: where can i find a frequency list? ("Douglas A. Gwyn")
Re: Reasons for controlling encryption (Greg Bartels)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: PGP Implementation of DH/DSS vs. RSA.
Date: 21 May 1999 17:43:51 GMT
Do not know about the particular instance of PGP and exactly what it does, but
using DSA and DH can be done correctly to provide digital signatures and key
establishment.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Crossposted-To: talk.politics.crypto
Subject: Re: Crypto export limits ruled unconstitutional
Date: 21 May 1999 14:16:22 -0400
In article <7i452a$4da$[EMAIL PROTECTED]>,
AllanW <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>> I was wondering how hard or simple it is to solve the general
>> problem of translating an arbitrary program in C into grammatically
>> correct and yet more or less readable English, because C is not too
>> simple in its syntax (form/structure). Anyway, I asked L. Mattila, the
>> author of c2txt2c, whether processing an arbitrary C program can
>> be done with his software. The answer I just got was 'Not yet. Maybe
>> some day in future.'
>>
>> I conjecture that such translations might be easier for programming
>> languages like LISP which are simpler in syntax. I believe that
>> translating assembler code or even machine instructions should
>> be the easiest jobs in this category. The assembler code lines
>> are mostly of the form 'operation operand1,operand2'. It shouldn't
>> be difficult to transform that to typical English sentences.
>>
>> Further, I believe that such translation software can be well built
>> table-driven. That is, through changing the table entries, one
>> easily gets different texts. This could provide some degree of
>privacy
>> when transfering crypto programs. Thus it is indeed feasible to
>> 'secretly' export genuinely (in all sense) executable codes
>(assembler
>> and machine instructions) of crypto materials of any strength as
>> (protected) plain English texts, showing once again the absolute
>> nonsense of crypto laws and Wassenaar regulations.
>
>The demonstration is more nonsensical than you seem to realize.
>That translation program would itself be an encryption program!
>Somehow I doubt that there is any special protection for
>encryption programs which are used only to encrypt other
>encryption programs.
>
>That raises interesting questions. 56-bit keys or smaller are
>not currently prohibited. But what if the key was not composed
>of bits? One might use a table of this sort:
>
> struct XLATE {
> char *c;
> char *text;
> } xlate[] = {
> { "for", "Wiggle" },
> { "while", "Waggle" },
> { "if", "Wobble" },
> { "else", "Wabble" },
> /* ... */
> { "/", "Wizzle" }
> };
<Ahem> This is just a codebook; it's relatively easy to fire
up some information theory and determine the "key" size of the
book. It's more likely, however, that the relevant Federal
agencies would simply refuse to permit export on the grounds
that you didn't provide them with a 56-bit or smaller "key."
-kitten
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Subject: Re: Reasons for controlling encryption
Date: Fri, 21 May 1999 14:12:40 -0700
An interesting thought was brought to my attention. In fact, the utilization
of encryption and cryptography is in many ways a communication process
rather than a simple encryption algorithm, protocol or program. Do you have
any feedback on this..?
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Biprime Cryptography, Part II
Date: Fri, 21 May 1999 19:22:58 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote, in part:
>John Savard wrote:
>> The field of "public-key cryptography" itself is confusingly named for
>> some people. If the key is public, how can it be used to keep secrets?
>I'm sorry, but not only is the term well established by now, it is
>only confusing to someone who doesn't have an inkling of how it works,
>which is true of nearly anything one could think of.
I certainly agree. I can't really claim that it is time to change; I
just thought that since the subject was raised, since I had thought of
what seemed to me to be a descriptive and accurate name, I'd mention
it.
>> I propose the name
>> Open-Setup Encryption
>> as a less confusing alternative.
>That is *more* confusing to the uninitiated.
I'm not sure about that. I think it is _much_ less likely to suggest
*erroneous* ideas about what is going on.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: RSA Cryptography Question
Date: Fri, 21 May 1999 19:20:14 GMT
"HypSoft" <[EMAIL PROTECTED]> wrote, in part:
>Does anyone know the reason that the RSA algorithm's encrypting process is
>one-to-one?
If you take a number that is relatively prime to the modulus, then if
you keep multiplying it by itself, you have to go through all the
possibilities before coming back to the start.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: PGP Implementation of DH/DSS vs. RSA.
Date: Fri, 21 May 1999 19:02:06 GMT
On Fri, 21 May 1999 09:14:35 -0700, Mike Fredenburg
<[EMAIL PROTECTED]> wrote:
>I have been having a running debate with my brother who sees himself as
>something of an expert on cryptology.
>
>He has flatly asserted that DH/DSS as implemented in PGP has been
>comprimised and that sophisticated "net denizens" (hackers) will not
>use anything other than RSA.
>
>I have reviewed the literature that I can find on the web and can find
>no indication that the PGP implementation of DH/DSS has been compromised
>or is weak.
Mike,
Let's ignore the phrase "as implement in ..." for the momemt and
concentrate on just the algorithms.
Your brother doesn't know what he is talking about. DH is believed to
be slightly stronger than RSA for the same key size. Neither DSS nor
DH have been shown to be weak.
Look at the FORTEZZA suite of algorithms, the remaining two of which
were declassified last June. The FORTEZZA is a Type 2 device, i.e.,
better than commercial (Type 3) and not quite as good as needed for
serious security (Type 1). It uses DSS and KEA. KEA is simply a
dual-DH and uses DSS-style keys and parameters. DSS also traces back
to ElGamal and DH.
On the other hand, it is conjectured that the government does not use
RSA or does not use it for very much. I have recently heard talk about
its use being allowed for commercial-like applications and data.
There was a thread no long ago in which a very knowledgable person
gave good details of the relative strength of the algorithms. The
bottom line was that RSA and DH are not very different in strength.
Disclaimer: None of this means that a particular implementation may or
may not have a weakness, regardless of the algorithm.
------------------------------
From: AllanW <[EMAIL PROTECTED]>
Subject: Re: Random permutation
Date: Fri, 21 May 1999 19:16:20 GMT
> > >> A problem raised in another thread is whether it is possible e.g.
> > >> to generate a random permutation of [0, 15], given only a random
> > >> generator for [0, 15] and no generator for [0, 14], etc. One way
> > >> I can think of is quite trivial: One obtains successive outputs
> > >> from the generator and discards duplicates until one gets 16
> > >> numbers.
> > >>
> > >> Question: Are there more efficient ways of achieving the same
> > >> goal?
> Robert Scott wrote:
> > Starting with A[i] = i for i=0...15,
> >
> > for(i=0; i<n; i++)
> > Interchange the value of A[i] and A[r(i)]
> >
> > where r(i) is a random number from 0...15. Make n at least 16.
In article <[EMAIL PROTECTED]>,
Terje Mathisen <[EMAIL PROTECTED]> wrote:
> This does _not_ generate all possible permutations with equal
> probability!
>
> To do so you need a slight twist, effectively equal to the original
> suggestion:
>
> for (i = N; i > 0; i--) {
> r = randN(i); // Generate a random number
> // in the [0..(i-1)] range
> swap(A[i],A[r]);
> }
Read the original poster's request again: We want to use a random
number generator that always returns 0 through 15. In other words,
we want to use randN(16) instead of randN(i).
Now go look at Robert Scott's algorithm again. Presumably r(i)
is the i'th element in a series of random numbers from [0...N-1].
On average this hits each number once in N iterations.
Each iteration swaps two elements. Thus, every element is swapped
at least once (when i is it's current position) and on average
one more time (when r(i) happens to return it's current position).
The new position is as random as the r() function; for any given
element, any one resulting position is as likely as any other
position.
Furthermore, this algorithm has predictable performance (fixed
for fixed N, linear with respect to N).
> This is the classic shuffle algorithm. This version can generate
> exactly N! different orderings with the same probability, assuming
> a TRNG as input.
Exactly the same claims can be made about Mr. Scott's version.
--
[EMAIL PROTECTED] is a "Spam Magnet" -- never read.
Please reply in newsgroups only, sorry.
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: Mark E Drummond <[EMAIL PROTECTED]>
Subject: Re: PK Security
Date: Thu, 20 May 1999 08:52:49 -0400
Patrick Juola wrote:
>
> Well, it's certainly not moot and probably never will be; as long
I thought not ... I guess what made me laugh was the way this person
just kind of passed off the whole notion of PK encryption like it was a
fly buzzing around his head. My understanding is that so long as we have
not found, er, "intelligent" solutions (by that I mean not exhaustive
keysearch) to the intractibility of the mathematical basis of these
systems, as computing power increases we can just keep on increasing the
key length.
It was very funny to hear because this person gave the impression that
with the new machine which we are to be getting (Sun E10000), cracking
such systems would be easy as pie. I, like many people the world over,
run Distributed.net's rc5des client software on my workstation and a
large number of other systems (Sun Ultra 30s, and a 12-way E4000). The
RC5-64 projects is currently running through 31Tkeys/sec and yet we have
only completed ~7% of the keyspace. Of course, we are dealing with
symmetric-key encryption but still ... the idea that a single E10000,
even maxed out with 64 processors (which it won't be) all dedicated
(which they won't be) to cracking a message encrypted with a PK system
in any reasonable amount of time is, I think, just wrong.
--
_________________________________________________________________
Mark E Drummond Royal Military College of Canada
[EMAIL PROTECTED] Computing Services
Linux Uber Alles perl || die
...there are two types of command interfaces in the world of
computing: good interfaces and user interfaces.
- Dan Bernstein, Author of qmail
------------------------------
From: [EMAIL PROTECTED] (Pete)
Subject: Re: where can i find a frequency list?
Date: 21 May 1999 19:10:35 GMT
Mok-Kong Shen ([EMAIL PROTECTED]) wrote:
: Patrick Juola wrote:
: >
: >
: > Easy enough to roll your own.
: To write a program is trivial. But to get the material (and the
: resources) is another matter.
i know -- i have /usr/dict/words and managed to get a text copy of the
bible (a great resource for cryptograms). then it was just a matter of
cat bible >> /usr/dict/words
then sort and uniq and voila!
pete
------------------------------
From: AllanW <[EMAIL PROTECTED]>
Subject: Re: Random permutation
Date: Fri, 21 May 1999 20:01:29 GMT
In article <[EMAIL PROTECTED]>,
Terje Mathisen <[EMAIL PROTECTED]> wrote:
> Robert Scott wrote:
> > Starting with A[i] = i for i=0...15,
> >
> > for(i=0; i<n; i++)
> > Interchange the value of A[i] and A[r(i)]
> >
> > where r(i) is a random number from 0...15. Make n at least 16.
>
> This does _not_ generate all possible permutations with equal
> probability!
I disputed this claim a few minutes ago, but now I realize that
you were right. Please ignore my earlier post.
I realized that there are N^N possible different sequences for
r(i)=i'th random value in [0...N], but there are N! different
permutations of the result. Since N^N isn't generally divisible
by N! there must be some results which can be reached from more
sequences than other results.
To manually test my assertion I enumerated all possible cases
with N=3, using letters (ABC) instead of digits for clarity.
There are N^N = 3^3 = 27 different sequences that r(i) could
return. There are four sequences each that result in ABC, CAB,
or CBA, but five sequences result in ACB, BAC, or BCA.
I'm still not certain WHY this is so, but I see that it must be
so. Therefore, your "slight twist" is required.
> To do so you need a slight twist, effectively equal to the original
> suggestion:
>
> for (i = N; i > 0; i--) {
> r = randN(i); // Generate a random number in the [0..(i-1)]
range
> swap(A[i],A[r]);
> }
>
> This is the classic shuffle algorithm. This version can generate
exactly
> N! different orderings with the same probability, assuming a TRNG as
> input.
--
[EMAIL PROTECTED] is a "Spam Magnet" --
never read.
Please reply in newsgroups only, sorry.
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: "Steven Alexander" <[EMAIL PROTECTED]>
Subject: Re: PGP Implementation of DH/DSS vs. RSA.
Date: Fri, 21 May 1999 14:44:35 -0700
I think that I may know where your brother's argument comes from. I have
heard others argue that the algorithms for DH/DSS are too new to be trusted
as opposed to RSA. This argument stems from the fact that PGP has only
recently used DH/DSS. Some netizens who are aware of cryptography enough to
be aware of RSA and DH hold this opinion but do not realize the actual
history of the algorithms or the associated mathematics.
-steven
------------------------------
From: "Stephen M. Gardner" <[EMAIL PROTECTED]>
Subject: Re: Reasons for controlling encryption
Date: Fri, 21 May 1999 16:14:17 -0500
Markku J. Saarelainen wrote:
> Actually ... a real story ...
>
> Once Bob asked Alice, if Bob knew a very unique language called "Boblingo" that
> nobody else knew, should Bob be able to teach Alice how to speak and understand
> this "Boblingo" in order to communicate in this language . Alice's answer was
> promptly "Yes". This just gives an interesting insight ...
>
> What do you think?
I think it sounds amazingly like a Zen Koan. Soon I will know if cryptography
has a buddha-nature. ;-)
--
Steve Gardner Technical Staff Member Q3 Agent Development
1225 N. Alma Road Tel: 972-996-5888
Richardson Tx. 75081-2206 http://ctnwww.aud.alcatel.com/~gardsm/
You who choose to lead must follow,
But if you fall you fall alone,
If you should stand then who's to guide you?
If I knew the way I would take you home.
"Ripple" -- The Grateful Dead
------------------------------
From: Mike Fredenburg <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Reasons for controlling encryption
Date: Fri, 21 May 1999 15:13:23 -0700
U.S. government officials have written extensively as to why they view
strong encryption in the hands of the average citizen as being a threat.
Currently, there are many reports of massive net "sniffing" operations
being conducted by the government looking for suspicious key words. This
document details U.S. government activities in this area:
http://jya.com/ic2000.zip
If everyone on the Internet were using strong encryption it would make it
very difficult in not impossible for government agencies to carry out
these activites. Of course if strong encryption were made illegal, only
strong civil libertarians and criminals would use it and the government
could crack down on them.
Unfortunately, many people who go into government like power and they do
not like technology that takes power away from them. Encryption is
definitely such a technology.
Remember, if privacy is outlawed, then only outlaws will have privacy.
Markku J. Saarelainen wrote:
> I have heard various reasons why commercial encryption is being
> controlled and what real motives are behind these control maneuvers. I
> would like to learn more what you think that real motives behind many
> encryption control issues are and how, if true, this might be tied to
> some commercial and business interests.
>
> Thanks,
>
> Markku
------------------------------
From: Greg Bartels <[EMAIL PROTECTED]>
Subject: pentium 3
Date: Fri, 21 May 1999 17:13:21 -0400
I've read that the pentioum III has a hardware random
number generator in it. Is it really random or
pseudo random? if really random, how did they do that?
has anyone run some randomness tests on it?
Greg
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Reasons for controlling encryption
Date: Fri, 21 May 1999 22:52:13 GMT
Mike McCarty wrote:
> Of course there isn't just *one* secret involved in making a
> successful nuclear weapon. Nor in making a successful cryptographic
> system. But the point was the arrogance involved in thinking that
> information of that sort can be suppressed.
It not only *can* be suppressed, it often *has* been suppressed.
> ... But just knowledge in general cannot be suppressed.
Oh, yes, it can, and in cases of national security it must be.
> ... This was used as rationale for the siezure and mortgage of all
> properties in the US to the Federal Reserve Bank ...
I'm no fan of the Federal Reserve system, but again, you're not
helping your cause by such wild statements.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: where can i find a frequency list?
Date: Fri, 21 May 1999 22:59:10 GMT
Pete wrote:
> i know -- i have /usr/dict/words and managed to get a text copy of the
> bible (a great resource for cryptograms). then it was just a matter of
> cat bible >> /usr/dict/words
> then sort and uniq and voila!
Assuming you had write permission on /usr/dict/words, that would have
appended the bible data to the end of /usr/dict/words, which ruins that
file.
Anyway, you can't get proper English letter frequencies from a
dictionary; you have to use actual text. Also, the Bible is likely to
have frequencies quite a bit different from most other English-language
documents. It is best to use a corpus of text that is representative
of that to which you intend to apply the letter frequencies. For
example, many traditional cryptographic frequency tables were made from
collections of telegraphic text, that being closest to what was going
to be analyzed.
------------------------------
From: Greg Bartels <[EMAIL PROTECTED]>
Subject: Re: Reasons for controlling encryption
Date: Fri, 21 May 1999 17:10:27 -0400
"Stephen M. Gardner" wrote:
>
> Markku J. Saarelainen wrote:
>
> > Actually ... a real story ...
> >
> > Once Bob asked Alice, if Bob knew a very unique language called "Boblingo" that
> > nobody else knew, should Bob be able to teach Alice how to speak and understand
> > this "Boblingo" in order to communicate in this language . Alice's answer was
> > promptly "Yes". This just gives an interesting insight ...
> >
> > What do you think?
>
> I think it sounds amazingly like a Zen Koan. Soon I will know if cryptography
> has a buddha-nature. ;-)
>
> --
> Steve Gardner Technical Staff Member Q3 Agent Development
> 1225 N. Alma Road Tel: 972-996-5888
> Richardson Tx. 75081-2206 http://ctnwww.aud.alcatel.com/~gardsm/
>
> You who choose to lead must follow,
> But if you fall you fall alone,
> If you should stand then who's to guide you?
> If I knew the way I would take you home.
>
> "Ripple" -- The Grateful Dead
encryption, when it comes down to it is nothing more than knowledge
transfer.
its saying that 7482020 multiplied by some other number gives you
another number, and you are forbidden to attempt that multiplication.
it really isn't my problem that the unknown number happens to be your
credit
card number.
while your outlawing encryption, why not just require all CPU
manufacturers
to remove the multiply opcode from their list of available instructions?
then find anyone who persues an advanced degree in numerical analysis,
and throw them in jail to protect the rest of the public.
Greg
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
