Cryptography-Digest Digest #779, Volume #9 Sat, 26 Jun 99 01:13:02 EDT
Contents:
Re: DES-NULL attack ("Douglas A. Gwyn")
Re: "Breaking" a cipher ("Douglas A. Gwyn")
Re: Bytes of "truly random" data for PRNG seed. ("Douglas A. Gwyn")
Re: one time pad ("Douglas A. Gwyn")
Re: Kryptos article ("Douglas A. Gwyn")
Re: ElGamal without exponent reduction? (Bodo Moeller)
Re: generated pad for OTP? (S.T.L.)
Re: one time pad ("Douglas A. Gwyn")
Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day (BORIS KAZAK)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: DES-NULL attack
Date: Sat, 26 Jun 1999 03:34:36 GMT
John Savard wrote:
> Given the plaintext and cipher values, finding the key is
> intractable.
It isn't "intractable" for DES, as the handful of successful
attacks have demonstrated. However, there isn't any known way
of solving for the key that is dramatically better than the
exhaustive-search method used in the published successes.
Note that that doesn't prove that there *can be* no better way.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: "Breaking" a cipher
Date: Sat, 26 Jun 1999 03:16:27 GMT
It's pointless debating whether something is an "X" when the parties
don't mean the same thing by "X". To the working cryptanalyst, an
encryption system has been "broken" when he knows how to carry out
an actual attack against traffic in that system, under circumstances
that can be expected to actually occur sufficiently often, with a
fair chance of recovering an appreciable portion of the plaintext,
with the expenditure of a reasonable amount of resources (including
time). Quantifying all those approximate terms is a matter of
making judgments and trade-offs.
So, the published "linear cryptanalysis" attack against DES would
not be considered breaking the encryption, except under unusual
circumstances when one could feasibly expect to generate all those
chosen plaintexts, whereas the EFF's DES cracking machine *does*
break the encryption, so far as any organization that can afford
the cost per message per time is concerned. (It's still awfully
expensive for "production" use.)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Bytes of "truly random" data for PRNG seed.
Date: Sat, 26 Jun 1999 03:30:36 GMT
David A Molnar wrote:
> [EMAIL PROTECTED] wrote:
> > Does anyone have a link to the BBS paper online?
> I am photocopying it right after finishing this post.
> Will I be sued if I scan and post the photocopy ?
You could make a copy for your own research under the "fair use"
provisions of the Copyright Act, but publishing it without
permission of the copyright holder is forbidden and you might
not only be sued, but also subject to criminal prosecution.
You can subscribe to SIAM journals on-line:
http://epubs.siam.org/sam-bin/dbq/toclist/SICOMP
But if you just want a copy of the paper for "fair use"
purposes, get your local technical library to obtain a
copy for you.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: one time pad
Date: Sat, 26 Jun 1999 04:05:19 GMT
AllanW wrote:
> Heh heh, I like that. It's kind of like, "Give me a list of
> all well-known patterns, and then find the one that is least
> well-known!" The answer depends on the quality of the first
> list.
Or the somewhat famous, "0 and 1 are interesting because they
are the arithmetic units; 2 is interesting because it's the
smallest positive prime; ... 1729 is interesting because it is
the smallest counting number that can be expressed as the sum
of two cubes (of counting numbers) in two different ways; --
so what is the smallest *un*interesting counting number? Does
being the smallest uninteresting number make it interesting?"
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Kryptos article
Date: Sat, 26 Jun 1999 03:47:19 GMT
Jim Gillogly wrote:
> Is there another pool on the concave side of the cipher panels?
Not that I recall.
However, there are other pieces of the complete work scattered
around the courtyard: rocks, engravings, a stream, etc. Among
them is a lodestone, for its symbolism.
You can get a good look at the main message-bearing part of the
sculpture on a tape of the Today Show (7:16-7:21 EDT, Friday
25-Jun-1999). Some additional information can be found in the
book "Inside the CIA" by Clifton Berry Jr., but its Kryptos
photos are just the two we've all seen elsewhere.
------------------------------
From: [EMAIL PROTECTED] (Bodo Moeller)
Subject: Re: ElGamal without exponent reduction?
Date: 25 Jun 1999 12:38:26 GMT
David A Molnar <[EMAIL PROTECTED]>:
>> a = s_i / h_i mod f_i.
>> Obtain enough samples, use the Chinese Remainder Theorem, and you
>> have a.
> You know, if you phrase it that way, it sounds almost like one
> of these problems amenable to solution via embedding in a lattice
> and approximating with LLL. Perhaps that could be one way of
> figuring out how many is "enough samples".
Sorry if that step wasn't clear -- you have enough when the least
common multiple of the f_i's exceeds n: Note that what the CRT
gives you is
a mod lcm(f_1, ..., f_k),
and because of 0 < a < n you have
a mod lcm(...) = a if n <= lcm(...).
------------------------------
From: [EMAIL PROTECTED] (S.T.L.)
Subject: Re: generated pad for OTP?
Date: 26 Jun 1999 04:07:00 GMT
Pssst.
Don't call it a one-time-pad if you're making the "pad" with any sort of PRNG.
-*---*-------
S.T.L. ===> [EMAIL PROTECTED] <=== BLOCK RELEASED! 2^3021377 - 1 is PRIME!
Quotations: http://quote.cjb.net Main website: http://137.tsx.org MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 F00FC7C8
E-mail block is gone. It will return if I'm bombed again. I don't care, it's
an easy fix. Address is correct as is. The courtesy of giving correct E-mail
addresses makes up for having to delete junk which gets through anyway. Join
the Great Internet Mersenne Prime Search at http://entropia.com/ips/ Now my
.sig is shorter and contains 3379 bits of entropy up to the next line's end:
-*---*-------
Card-holding member of the Dark Legion of Cantorians, the Great SRian
Conspiracy, the Triple-Sigma Club, and the Union of Quantum Mechanics
Avid watcher of "World's Most Terrifying Causality Violations", "World's
Scariest Warp Accidents", and "When Tidal Forces Attack: Caught on Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #1: Thou Shalt Not Exceed The Speed of Light.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: one time pad
Date: Sat, 26 Jun 1999 03:56:00 GMT
AllanW wrote:
> Right. So there's no sense protecting against it.
But the stronger argument is that it's not a flaw and doesn't need
any protection in the first place.
------------------------------
From: BORIS KAZAK <[EMAIL PROTECTED]>
Subject: Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day
Date: Fri, 25 Jun 1999 21:23:28 -0400
Reply-To: [EMAIL PROTECTED]
Lincoln Yeoh wrote:
>
> On Fri, 25 Jun 1999 00:43:53 GMT, [EMAIL PROTECTED]
> (John Savard) wrote:
> >then, not only _should_ we omit using true random generator output
> >that is all zeroes, or that corresponds to some simple, regular
> >sequence that the cryptanalyst would, as it were, accidentally solve,
>
> Given a totally random generator running for an eternity, eventually you
> may get Shakespeare. But it's still random.
>
(***********)
=======================
Better still, open Jonathan Swift's "Gulliver" and read about
his trip to the flying island of LaPuta.
LaPuta's Academy of Sciences was operating a random word generator
exactly for this purpose. There is a schematic drawing, it might prove
useful for TRNG and OTP designers of today.
Also take notice of a project targeted at accumulation of Solar
Energy in organically grown cucumbers. (ibid)
Best wishes BNK
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
