Cryptography-Digest Digest #594, Volume #9 Tue, 25 May 99 20:13:06 EDT
Contents:
The Sterling Approximation as it relates to OAP-L3 encryption software. (Anthony
Stephen Szopa)
Re: Oriental Language Based Enryption ([EMAIL PROTECTED])
Re: PGP Implementation of DH/DSS vs. RSA. (Guenther Brunthaler)
Re: NSA proves banks use poor crypto (Guenther Brunthaler)
Re: AES tweaks ([EMAIL PROTECTED])
Re: Oriental Language Based Enryption ("Markku J. Saarelainen")
re: scott and his encryption method ([EMAIL PROTECTED])
Re: block ciphers vs stream ciphers ([EMAIL PROTECTED])
Re: block ciphers vs stream ciphers ([EMAIL PROTECTED])
Re: AES tweaks ("Markku J. Saarelainen")
Re: AES tweaks ([EMAIL PROTECTED])
Looking for an RSA implementation ("Yu-Ning Ng")
Re: DSA (Digital Signature Standard) and the Schnorr Patents ("rosi")
Re: Symmantic question (Bruce Schneier)
Re: block ciphers vs stream ciphers (Bruce Schneier)
Re: Oriental Language Based Enryption (JUzarek)
Re: A question on congruential algebra ("Vedat Hallac")
Re: Oriental Language Based Enryption ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: The Sterling Approximation as it relates to OAP-L3 encryption software.
Date: Sat, 22 May 1999 12:52:07 -0700
Reply-To: [EMAIL PROTECTED]
==============31C1294BD4093BDAB9D85D2D
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sterling's Approximation for factorials:
n! @ (�(2pn)) (n/e)^n
where:
! denotes the factorial
e = 2.7182818... a transcendental constant used as the base of natural
logarithms
� symbolizes the square root function
n = 3,628,800 (for our purposes)
Suffice it to say that this is how many unique permutations of the
digits 0 - 9 there are with no repeats. For example: 0123456789,
0123456798, 0123456879, ... So there are 3,628,800! different ways to
sequence or order these ten-digit permutations within the set. And
there are three randomly sequenced sets of these 3,628,800 permutations
used to generate random numbers using this software, etc. So...
3,628,800! @ (�(2p3,628,800)) (3,628,800 / e)^3,628,800
3,628,800! @ (4775) (1,334,961)^3,628,800
3,628,800! @ (4775) (10^6)^3,628,800
3,628,800! @ (4775) (1E6)^3,628,800
3,628,800! @ (4775) (1E21,772,800)
3,628,800! @ (10^4) (1E21,772,800)
3,628,800! @ (1E21,772,800)
3,628,800! @ 1E22,000,000
This means that there are approximately 1E22,000,000 unique sequences
possible to arrange each of these 3,628,800 permutations.
Since three such files are used the statistical possibilities of
arranging these 10,886,400 permutations is about 1E66,000,000.
In general, all random digit output from three sets of these
permutations can be said to constitute a single OTP.
This is where the claim that there may be as many as approximately
1E66,000,000 possible OTPs generated using this software comes from.
==============31C1294BD4093BDAB9D85D2D
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Sterling's Approximation for factorials:
<p>n! <font face="Symbol">@</font> (<font face="Symbol">Ö</font>(2<font
face="Symbol">p</font>n))
(n/e)^n
<p>where:
<br>! denotes the factorial
<br>e = 2.7182818... a transcendental constant used as the base of natural
logarithms
<br><font face="Symbol">Ö</font> symbolizes the square root function
<p>n = 3,628,800 (for our purposes)
<p>Suffice it to say that this is how many unique permutations of the digits
0 - 9 there are with no repeats. For example: 0123456789, 0123456798,
0123456879, ... So there are 3,628,800! different ways to sequence
or order these ten-digit permutations within the set. And there are
three randomly sequenced sets of these 3,628,800 permutations used to generate
random numbers using this software, etc. So...
<br>
<p>3,628,800! <font face="Symbol">@</font> (<font face="Symbol">Ö</font>(2<font
face="Symbol">p</font>3,628,800))
(3,628,800 / e)^3,628,800
<p>3,628,800! <font face="Symbol">@</font> (4775) (1,334,961)^3,628,800
<p>3,628,800! <font face="Symbol">@</font> (4775) (10^6)^3,628,800
<p>3,628,800! <font face="Symbol">@</font> (4775) (1E6)^3,628,800
<p>3,628,800! <font face="Symbol">@</font> (4775) (1E21,772,800)
<p>3,628,800! <font face="Symbol">@</font> (10^4) (1E21,772,800)
<p>3,628,800! <font face="Symbol">@</font> (1E21,772,800)
<p>3,628,800! <font face="Symbol">@</font> 1E22,000,000
<p>This means that there are approximately 1E22,000,000 unique sequences
possible to arrange each of these 3,628,800 permutations.
<p>Since three such files are used the statistical possibilities of arranging
these 10,886,400 permutations is about 1E66,000,000.
<p>In general, all random digit output from three sets of these permutations
can be said to constitute a single OTP.
<p>This is where the claim that there may be as many as approximately 1E66,000,000
possible OTPs generated using this software comes from.
<br> </html>
==============31C1294BD4093BDAB9D85D2D==
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Oriental Language Based Enryption
Date: Tue, 25 May 1999 20:53:54 GMT
> I would be interested in learning a little more about some Oriental
> language based encryption processes and systems. If anybody has any
> information about this, please feel free to let me know .... Cheers !
> Markku
What type of cipher? I have never heard of any language dependant
cipher in my life (outside of anagrams...)
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: [EMAIL PROTECTED] (Guenther Brunthaler)
Subject: Re: PGP Implementation of DH/DSS vs. RSA.
Date: Tue, 25 May 1999 20:55:41 GMT
On Fri, 21 May 1999 14:44:35 -0700, "Steven Alexander"
<[EMAIL PROTECTED]> wrote:
>I think that I may know where your brother's argument comes from. I have
>heard others argue that the algorithms for DH/DSS are too new to be trusted
>as opposed to RSA.
While I'm far from being convinced that DH is better or worse than
RSA, I'm pretty sure that RSA is the newer algorithm: RSA is still
covered by a patent, while the patent on DH has already expired.
I definitively DO have doubts about some implementation details of the
newer PGP versions.
For instance, I remember having read some discussion (hmmm wasn't it
even in this newsgroup?) that the new "fast DH key generation" option
contains some flaws which perhaps may render the generated keys
insecure.
I also have notices significant changes in the source code creating
RSA keys. I didn't yet have had the time to check all the sources, but
until then I simply advise using some old PGP version for creating RSA
keys and import them into the new PGP versions.
I also have a bad feeling about the security of the new CAST
algorithm. I know that I may be terribly wrong and CAST may be one of
the finest algorithms invented ever, BUT I do not trust ANY algorithm
developed by the NSA by default - unless proven otherwise.
I really doubt the NSA will invest even a single penny in the
development of a technology that makes public encryption safer - never
trust a wolf who is selling life-insurances for sheep...
Greetings,
Guenther
--
Note: the 'From'-address shown in the header is an Anti-Spam
fake-address. Please remove 'nospam.' from the address in order
to get my real email address.
In order to get my public RSA PGP-key, send mail with blank body
to: [EMAIL PROTECTED]
Subject: get 0x2D2F0683
Key ID: 2D2F0683, 1024 bit, created 1993/02/05
Fingerprint: 11 71 47 2F AF 2F CD F4 E6 78 D5 E5 3E DD 07 B5
------------------------------
From: [EMAIL PROTECTED] (Guenther Brunthaler)
Subject: Re: NSA proves banks use poor crypto
Date: Tue, 25 May 1999 21:00:12 GMT
Now ya all know why it is possible that the NSA seems to have
virtually unlimited financial resources... :-)
Greetings,
Guenther
--
Note: the 'From'-address shown in the header is an Anti-Spam
fake-address. Please remove 'nospam.' from the address in order
to get my real email address.
In order to get my public RSA PGP-key, send mail with blank body
to: [EMAIL PROTECTED]
Subject: get 0x2D2F0683
Key ID: 2D2F0683, 1024 bit, created 1993/02/05
Fingerprint: 11 71 47 2F AF 2F CD F4 E6 78 D5 E5 3E DD 07 B5
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AES tweaks
Date: 25 May 1999 20:57:25 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> I feel that you are wrong. It is obvious the entire AES process is only
>aimed at keeping encryption easy for the NSA to read. As you know the
>NSA does its best to try to make encryption programs illegal to export
>since a large number of methods would make it hard to read peoples mail.
>So they came up with the CLIPPER chip but to many people screamed.
>So this is just an extension of that process. No way in HELL would the
>NSA let a secure method become a standard. I am not sure which horse
>in this race the NSA is backing but I would not trust any method where some
>of the developers could have been influenced by the NSA. and it is more than
>likely they can break several if not all of the methods that where granted
>this special status. I doubt if any method that is unbreakable by the NSA
>has a snow balls chance in hell of being blessed.
Why would the NSA bother with the clipper chip if they could just slip in
an encryption standard that they'd be able to break by some form of advanced
cryptanalysis? Why would they risk their credibility being completely shot
if someone in academia should come up with that method of cryptoanalysis and
break their cipher? The good thing about the AES is that the NSA can pick
a cipher that it understands and believes that other people (e.g. EU
states, Russia, China, et al) cannot break. If the NSA is discredited then
american corporations could turn in the future to some other standard,
perhaps developed in Europe for which the NSA was not part of the design
process. The NSA would lose.
And why doubt that the NSA would support a secure standard? Their job, after
all, is national security, and that is not limited to just their ability to
wiretap other people -- they also need to keep secrets in US corportations
really secret. It would not be good if defense contractors could have their
encrypted e-mail routinely read by foreign intelligence agents, now would
it?
--
Lamont Granquist ([EMAIL PROTECTED])
ICBM: 47 39'23"N 122 18'19"W
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Subject: Re: Oriental Language Based Enryption
Date: Tue, 25 May 1999 16:56:07 -0700
Well now you heard ... enlightening.. isn't it...?
[EMAIL PROTECTED] wrote:
> What type of cipher? I have never heard of any language dependant
> cipher in my life (outside of anagrams...)
>
> Tom
> --
------------------------------
From: [EMAIL PROTECTED]
Subject: re: scott and his encryption method
Date: Tue, 25 May 1999 20:52:29 GMT
<snip>
> I know that seeing him misinform newbies and peddle snake oil is
> very frustrating, but the best solution is really just to put him in
> your killfile and ignore him. Anything more would be wasted effort
> to no effect, and I would rather see people working on cryptographic
> theory and technology than beating their heads on the "Scott brick
> wall".
Well let's not be mean here. What if scott actually does formalize
it? Then you will keep ignoring him? That doesn't seem quite right.
Hint: Scott do yourself a favor and formally present the algorithm!!!
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: block ciphers vs stream ciphers
Date: Tue, 25 May 1999 20:45:06 GMT
> > That't not correct. For serial communication a byte-wide stream
cipher
> > would be better.
> I wrote "it doesn't hurt VERY MUCH" (to construct a stream cipher
> from a block cipher). Yes, a specialised cipher is always faster,
> but since it is often used for very little bandwidth (max. 10
keystrokes/s
> per user) there is not much gained.
> The construction (bc to sc) has the advantage, that
> the intensive security-analysis from the bc can be used.
>
You are absolutely correct. Personally I would pick an algorithm
suited for my needs, but that's just me.
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: block ciphers vs stream ciphers
Date: Tue, 25 May 1999 20:50:12 GMT
> Actually this has been explained many times. IF you go to my website
> you may learn something. But the contest I am running with scott19u
> is of the kind that can't be done with any of the current AES
candidates
> where the file size is not changed. I never said all stream ciphers
> are better than block methods.
Now that makes sense. Yeah :)
> I have but u well get mail from dolts like Hamelton that say
otherwise
Do you have published results (not in source or contest form). Try to
be more formal and people will treat you with the respect you deserve.
> Well if by compress you mean running the file through the compressor
any file
> can be compressed. If you mean that somefiles are such that when you
run
> through a compressor they my get longer. But they still get modifef
by the
> cmpressor some files just get longer.
> What is to explain. No method on earth or heaven above can causes
every file
> to get smaller.
I thought your method features (sports or has) compression? I thought
that was the strength of it.
> Well Tom if your using scott19u the encryption of the literals in
the front
> of the file. Are a function of everything that follows in the file so
there is
> no problem. If your stuck useing an AES candidate I do have a method
> that compress by a pass in forward direction and then in reverse
direction
> I have code and examples of how this compress would work at my web
page.
Tell you what I will pick up a copy tonight and do a simple analysis.
I will try to point anything and everything. Keep in mind I am no
expert...
> Thanks For asking Tom
>
No prob bob :) (I know your name is not bob, it just fitted...)
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Subject: Re: AES tweaks
Date: Tue, 25 May 1999 17:04:18 -0700
A good rule of thumb is that never overestimate the strength of your
encryption algorithm and never underestimate the capability how easily your
encryption can be broken. So if in the scale of 1-10, you estimate the
capability to break the algorithm is 5 (average), in the reality, it is most
likely to be 15 or 20. .. just a thought ...Cheers !
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AES tweaks
Date: 25 May 1999 20:37:39 GMT
Reply-To: [EMAIL PROTECTED]
David A Molnar <[EMAIL PROTECTED]> writes:
>In any case, it is probably a good thing to have this much attention
>paid to block ciphers...and even if they are all breakable by some
>secret NSA attack, past results tell us that this will be
>discovered about 25 years from now. Just in time to get my kids
>(should I have any) interested in cryptography.
Actually, if you look at the NSA record with particular regards to DES and
SHA1 they seem to be pretty honest and academic crypto doesn't seem to lag
them by too much.
--
Lamont Granquist ([EMAIL PROTECTED])
ICBM: 47 39'23"N 122 18'19"W
------------------------------
From: "Yu-Ning Ng" <[EMAIL PROTECTED]>
Subject: Looking for an RSA implementation
Date: Tue, 25 May 1999 21:46:47 GMT
I'm looking for RSA implementation source code. I've got the RSA
implementation by George Barwood available from funet, and the Crypto++ 3.1
library. Are there any other examples out there?
Thanks for you help.
..Yu-Ning
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: DSA (Digital Signature Standard) and the Schnorr Patents
Date: Tue, 25 May 1999 18:08:38 -0400
Dear Vin,
The text is a bit overwhelming. Excuse me for not reading it entirely
and carefully before this reply.
I do not think one needs to proclaim his standing on privacy and I
am not here. (Want to rub, but what against what :))
However, I think we somehow agree that as a patent issue, it is
'maybe or maybe not'. It can hardly made anything other than that.
For exmaple, if I say that Prof. Schnorr could even more
convincingly contribute to the advances in cryptography and
privacy of individuals if he had given out his patent for free. you at
once might challenge me for a proof. I can NOT give one. Equally, I
think it is a hard case to prove what you seem trying to show that his
patent 'deterred' the other side.
Maybe, legal profession is different. But this seems simple to me.
If Prof. Schnorr's patent had that effect as you seemed to show, then
it needs to be, IMO, a strong case. But you quoted and tried to show
it is (in the strongest sense) a 'maybe or maybe not'. How could you
be so sure that it had that kind of impact. We do not know, I believe,
what has really been on the mind of NSA, etc. While I am definitely not
here to deminish the positive role of Prof. Schnorr's scheme, I think
I am definitely not to ignore the individuals who contributed so much
to the status of Clipper as it stands today.
You need not agree with me.
Thank you very much.
--- (My Signature)
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: Symmantic question
Date: Tue, 25 May 1999 23:03:12 GMT
On Thu, 20 May 1999 15:03:38 GMT, Kent Briggs <[EMAIL PROTECTED]>
wrote:
>Mark E Drummond wrote:
>
>> Is there a proper way to complete the following sentances? :
>>
>> Every bit added to the key length increases the difficulty of an
>> exhaustive keysearch attack by [?].
>
>a factor of 2
...if the algorithm is designed properly.
>> Doubling the key length increases the difficulty of an exhaustive
>> keysearch attack by [?].
>
>a factor of 2 raised to the power of the original key length
...if the algorithm is designed properly.
This stuff doesn't happen by magic, you know. That's why there are so
many bad encryption algorithms out there.
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: block ciphers vs stream ciphers
Date: Tue, 25 May 1999 23:07:44 GMT
On Tue, 25 May 1999 15:01:06 +0200, "cairus" <[EMAIL PROTECTED]>
wrote:
>Hi.
>It seems that today the cryptographic community
>is much more interested in block ciphers than in
>stream ciphers. Which is the reason for this trend?
It's both historic and cultural. If you look at the early literature
on symmetric ciphers, people who liked block ciphers tended to propose
concrete designs--DES, Khufu, FEAL--while people who liked stream
ciphers tended to propose more abstract theories. Additionally, most
of the work on stream ciphers was done in Europe (you can look at the
proceedings of Crypto and Eurocrypt from the 1980s, and you see far
more stream cipher papers in Eurocrypt).
Because block ciphers tended to be actual designs, they tended to get
used more in products. (It's just easier for a non-cryptographer to
implement a concrete cipher with a name, than to create an instance of
a general design technique described in a mathematical paper.) This
reinforced the trend of block ciphers being more widely used, which
meant that more were designed, which meant that there were more
cryptanalysis papers on block ciphers, and so on.
When NIST solicited comments on AES, I suggested that they ask for a
stream cipher instead of a block cipher, but I was a small minority.
So we have even more block cipher work.
I would actually like to see more stream cipher work; constructions
like RC4 are not well enough understood.
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: [EMAIL PROTECTED] (JUzarek)
Subject: Re: Oriental Language Based Enryption
Date: 25 May 1999 23:18:22 GMT
>> I would be interested in learning a little more about some Oriental
>> language based encryption processes and systems. If anybody has any
>> information about this, please feel free to let me know .... Cheers !
>> Markku
>
>What type of cipher? I have never heard of any language dependant
>cipher in my life (outside of anagrams...)
>
>Tom
I agree with you Tom. Any cipher system used for english can be used with any
other language. The alphabets may be different but the same principles apply.
Chinese has some problems but, when converted to STC (Standard Telegraphic
Code), the numeric groups can then be enciphered by any means you want. Chinese
can also be transliterated to the english alphabet - PINYIN for ex - and then
enciphered.
------------------------------
From: "Vedat Hallac" <[EMAIL PROTECTED]>
Subject: Re: A question on congruential algebra
Date: Wed, 26 May 1999 09:23:25 +1000
>x^2 mod n = y
Hmmm... It seems to me the only option will be to factor n to p_i, i=0..k,
solve the
x_i^2 mod p_i == y mod p_i
for all i, and use the chinese remainder theorem to calculate x from x_i and
p_i, if x_i could be calculated for all p_i. I am not really sure is whether
the method will work or not, but it seems to have a good chance of being
correct ;-).
If I am not mistaken, the miracl library contains source for a square root
function for prime modulus. I downloaded the library from
ftp://ftp.compapp.dcu.ie/pub/crypto
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Oriental Language Based Enryption
Date: Tue, 25 May 1999 23:57:42 GMT
> Well now you heard ... enlightening.. isn't it...?
My life has changed dramatically :)
Where did you here about such ciphers though?
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
