Cryptography-Digest Digest #798, Volume #9 Tue, 29 Jun 99 08:13:04 EDT
Contents:
Re: Converting arbitrary bit sequences into plain English texts (Mok-Kong Shen)
Re: one time pad (Coen Visser)
Re: Secure link over Inet if ISP is compromized. ("Douglas A. Gwyn")
Re: PIII Random Number Generator? (Mok-Kong Shen)
Re: PIII Random Number Generator? ("Douglas A. Gwyn")
Re: PIII Random Number Generator? (Mok-Kong Shen)
Re: How do you make RSA symmetrical? ([EMAIL PROTECTED])
Re: Secure link over Inet if ISP is compromized. (Keith A Monahan)
Re: Tough crypt question: how to break AT&T's monopoly??? ([EMAIL PROTECTED])
Re: The One-Time Pad Paradox (Coen Visser)
Re: Why mirrors invert left-to-right (was: Kryptos article) (Nicol So)
Re: PIII Random Number Generator? ([EMAIL PROTECTED])
Re: Quasigroup engryption ([EMAIL PROTECTED])
Re: Block Ciphers and Crpytanalysis ([EMAIL PROTECTED])
Re: Why mirrors invert left-to-right (was: Kryptos article) ("Douglas A. Gwyn")
Re: Moores Law (a bit off topic) ([EMAIL PROTECTED])
Re: trapdoor one way functions ([EMAIL PROTECTED])
Re: How do you make RSA symmetrical? (Gergo Barany)
Re: Hamming Weight ([EMAIL PROTECTED])
Re: Hamming Weight ([EMAIL PROTECTED])
Re: crypt basics ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.cbm
Subject: Re: Converting arbitrary bit sequences into plain English texts
Date: Tue, 29 Jun 1999 12:43:43 +0200
Matthew Montchalin wrote:
>
> But I thought that what was really clever was the idea that Boris Kazak
> wrote, namely, where any given passage of ordinary text will ordinarily
> be given in lowercase, but uppercase characters will represent bytes that
> are 'on.' The state of Bits 4 and 6 of each such lowercase character
I said that Boris Kazak's suggestion is very nice. There are two
advantages over my original approach: (1) the file size expansion
factor is only about 8 instead of quite a bit more, (2) the ensemble
of sentences can now really constitute a sensible piece of text
instead of a collection of sentences with numerous repetitions and
without much connections with one another. In fact one can publish
that way the binary executable file of a strong crypto through
encoding it in the text of a book of, say, Charles Dickens. Any
reader, including those in the much feared unfriendly countries, can
easily write two filter programs, one for retrieving the strong
crypto, the other for enjoying reading the English classic.
It may thus be advisable now for the bureaucrats to think of laws to
forbid English books in general in order to suppress the progress
of the science of cryptology. Anyway, several thousand years ago
there was one emperor who ordered the burning of books as a means
to prevent there being educated people coming up who could think of
ideas of overthrowing his empire (overthrown only shortly thereafter).
Finally it may be of interest to note that Boris Kazak's method is
analogous to e.g. amplitude modulation in signal processing. It has
the virtue of being extremely simple to implement (though there
are some people, I believe, who use to equate simplicity to poor
quality in science).
M. K. Shen
=========================
http://www.stud.uni-muenchen.de/~mok-kong.shen/ (Updated: 12 Apr 99)
------------------------------
From: [EMAIL PROTECTED] (Coen Visser)
Subject: Re: one time pad
Date: 29 Jun 1999 10:53:44 GMT
[EMAIL PROTECTED] (Patrick Juola) writes:
>
>The major weakness of the OTP is that it requires that the key
>be as long as the message and sent securely over a channel.
>If you have a secure channel of sufficient capacity to take the
>key, it will also (by definition) take the message -- so why
>are you bothering with using an OTP?
I like to add that "secure" (as in secure channel) is not an absolute value.
OTPs can be usefull if you have more than 1 channel of communication each of
which has a security value less than 1 (absolute security).
Regards,
Coen Visser
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Secure link over Inet if ISP is compromized.
Date: Tue, 29 Jun 1999 10:59:20 GMT
Gene Sokolov wrote:
> ... If Alice sends Bob her public key or starts DH key exchange
> procedure, how does Bob know the data comes from Alice and not her
> compromized ISP?
How does Alice even know there is a human being at the other end
of the apparent link, let alone Bob? If Bob introduced himself
to Alice via the link, how does she know who he is? This issue
involves deep questions of identification, authentication, and
trust. It is evident that it cannot be solved without use of
some trusted agent.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: PIII Random Number Generator?
Date: Tue, 29 Jun 1999 12:08:03 +0200
Dale Clapperton wrote:
>
> Does anyone know of any studies done on whether the Random Number Generator
> on the Pentium III chips is truly random or not?
'True randomness' is a theoretical concept that can only be approximated
more or less well in this practical world. There is no scientifically
rigorously defined unit of measure of strength of an encryption
algorithm and hence, in particular, of the quality of a random number
generator for crypto use. Tests, if passed, give one some more or less
subjectively founded confidence but constitute in no case proof
of (absolute) security. Theories that are dependent on certain yet
unproven assumptions do no better.
M. K. Shen
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: PIII Random Number Generator?
Date: Tue, 29 Jun 1999 11:02:16 GMT
Mok-Kong Shen wrote:
> ... Theories that are dependent on certain yet
> unproven assumptions do no better.
That's nonsense -- random noise generators are based on *proven*
principles.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: PIII Random Number Generator?
Date: Tue, 29 Jun 1999 13:17:11 +0200
Douglas A. Gwyn wrote:
>
> Mok-Kong Shen wrote:
> > ... Theories that are dependent on certain yet
> > unproven assumptions do no better.
>
> That's nonsense -- random noise generators are based on *proven*
> principles.
How 'random' are these? Do you have a standard unit of meausre of
'randomness'?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: How do you make RSA symmetrical?
Date: Tue, 29 Jun 1999 11:09:07 GMT
<snip>
No offense but that was a really stupid post. Do you know what RSA is
for? The goal of PKC is to have TWO different keys. That way people
who don't know you can send you a message, and supposdely only you can
read it.
If you want symmetrical ciphers look up block (product) ciphers or
stream (keystream generators) ciphers. They are designed for what you
want.
I am not trying to be mean but you seem to not understand what PKC is
for...
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: Secure link over Inet if ISP is compromized.
Date: 29 Jun 1999 11:24:02 GMT
Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
: Gene Sokolov wrote:
: > ... If Alice sends Bob her public key or starts DH key exchange
: > procedure, how does Bob know the data comes from Alice and not her
: > compromized ISP?
: How does Alice even know there is a human being at the other end
: of the apparent link, let alone Bob? If Bob introduced himself
: to Alice via the link, how does she know who he is? This issue
: involves deep questions of identification, authentication, and
: trust. It is evident that it cannot be solved without use of
: some trusted agent.
Absolutely. And keep in mind that the current version of IP does not allow
for any sort of authentication of packets. And the ID and authentication
of people accessing machines is low and easily comprimised. The newer
version of IP (v6) which I don't expect to be implemented for QUITE some time
adds security built into the protocol.
Keith
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Tough crypt question: how to break AT&T's monopoly???
Date: Tue, 29 Jun 1999 11:16:27 GMT
In article <7l9v2c$ngk$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Bill Unruh) wrote:
> The message is not restricted. The decryption program however is
> restricted. Ie, as long as you did not send the self extracting
program
> along with the encrypted file, you would be OK. However that self
> extracting program would probably get you into hot water.
>
>
Well in Canada occording to the DOC (department of comm.) transmitting
encrypted information is illegal (last time I checked, my brother is an
amateur radio dude...). So that would probably include telephone and
modem type transmissions.
Of course I have never heard of anyone being arrested for such a
crime...Of course with ITAR you could always just snail the encrypted
msg :)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Coen Visser)
Subject: Re: The One-Time Pad Paradox
Date: 29 Jun 1999 10:42:40 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> writes:
>I like to take this opportunity to repeat an old question of mine
>related to the inability in the OTP case of the analyst to decide
>which is the correct message. If one doesn't have an ideal OTP
>but only something fairly random and uses it to XOR with the true
>message M_r together with n plausible messages M_1, M_2, ... M_n,
>what is the chance (as a function of n?) of the analyst to obtain
>the true message M_r?
If I understand you correctly then I would say that for large unknown n
the strength of this method depends on (upperbound) the degree of randomness
of the bitstring generated by M_1 (+) M_2 (+) ... (+) M_n. With (+) the
xor operator. This upperbound could get much lower if the (character frequency)
statistics of M_r and M_i (i != n) differ much. This is without regard for
the strength of you pseudo OTP.
Regards,
Coen Visser
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: Why mirrors invert left-to-right (was: Kryptos article)
Date: Tue, 29 Jun 1999 07:24:43 -0400
S.T.L. wrote:
>
> <<It's not even a physics problem--it's a
> philosophical one.>>
>
> It's not even a philosophical (gag) problem. It's NOT a problem!
The philosophical part of the puzzle is one's conception of what he
should look like when his image is normal and uninverted. In most
people's conception, this involves a (real or imaginary) observation
performed from a certain position and with a certain (preferred)
orientation.
> Mirrors invert FRONT-TO-BACK.
This is true.
> We like to think that L-R is reversed because we are bilaterally
> symmetric. This is, because as someone else said, our left side resembles our
> right side much more than our head resembles our feet.
This is not true. In the thought experiment in my previous message, the
person would observe the same apparent inversion even if he's obviously
not bilaterally symmetric (say, because of some costumes he's wearing).
There's a reason why I introduced the Polaroid pictures into the
experiment--the lateral inversion can be detected even with a machine,
and has nothing to do with the bilateral symmetry we've come to expect
of our images.
> If, however, we were
> simply C F Cl Br I atoms (if those exist), then we would have no problem - we
> would understand the concept of chirality and not be confused by the front-back
> switch.
>
> Have fun and avoid philosophy at all costs.
Philosophy can be fun too!
Nicol
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: PIII Random Number Generator?
Date: Tue, 29 Jun 1999 11:18:55 GMT
In article <7l913l$88i$[EMAIL PROTECTED]>,
"Dale Clapperton" <[EMAIL PROTECTED]> wrote:
> Does anyone know of any studies done on whether the Random Number
Generator
> on the Pentium III chips is truly random or not?
Nothing is 'truly' random. That aside I am taking a guess that the
PIII has a 20-bit LFSR.... just joking. They will not release the
specs on it. Know why? Me neither (hmm...). It's a blackbox for now,
until someone cracks it that is...
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Quasigroup engryption
Date: Tue, 29 Jun 1999 11:27:03 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> This is essentially Vigenere cipher with autokeying. The n-th
> ciphertext letter determines which alphabet will be used for (n+1)-st
> substitution. As the authors themselves admit, all the matrix of
> alphabets is easily reconstructable via a known-plaintext attack.
> Double or triple superencryption with different matrices can help,
> but nobody knows by how much.
That's what I was thinking.
> The mathematical notation just serves to make the idea look
> presentable and serious. A very good stuff for a dissertation,
> but please look elsewhere for security.
here's a good question. where exactly do you look for better security?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Block Ciphers and Crpytanalysis
Date: Tue, 29 Jun 1999 11:38:07 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Thank you! This is a very good report. I enjoyed reading it and
> recommend it to others.
It is a good intro paper. I liked it quite a bit. I would have
recommend reading it when it was first presented to this group. I got
a copy earlier this year... Hmm..
Another good paper is '16 Round Differential Cryptanalysis of DES'
which is by Biham.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Why mirrors invert left-to-right (was: Kryptos article)
Date: Tue, 29 Jun 1999 11:00:20 GMT
Jim Gillogly wrote:
> Not quite normal -- they'll appear upside down.
Depends on how you look at it.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Moores Law (a bit off topic)
Date: Tue, 29 Jun 1999 11:53:16 GMT
<snip>
Searching a 128-bit key in one day would require doing 2^111 keys per
second. Thats 2596148429267413814265248164610050 keys per second.
I don't think that's a likely thing. Currently in RC5/DES we can
search about 2^20 keys per second (give or take) on a MII 300
(233mhz). That would be quite a bit faster at 2^111...
I think we may see rates of around 2^40 (trillion keys per second) by
the year 2100, but that's a big iffy. If you take rough calcs' at
2^20 the DES cracker program (distributed) does 233000000/2^20 or 223
cycles per key (which is pretty amazing). At 2^40 I would require a
2^40(223) or 256,186,209 Mhz computer... Hmm not likely for a while.
Of course we could imagine a parallel network (say of around 2^32 a sec)
Basically I don't think 128-bit keys will be in trouble any time soon.
Even 64-bit keys are hard to search now, 80-bit is 'out of reach' which
may not mean much in 15 years...
That's my two cents and a bit (which would get you a hair cut in my
day... :) )
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: trapdoor one way functions
Date: Tue, 29 Jun 1999 11:13:14 GMT
In article <[EMAIL PROTECTED]>,
Nicol So <[EMAIL PROTECTED]> wrote:
> Are you sure exponentiation (defined over a suitable finite group) is
> trapdoor one-way, instead of just one-way? What kind of trapdoor
> information would allow you to compute discrete log fast?
The DLP and IFP are both trapdoor one-way. In the case of RSA you can
find the private key by factoring the modulus and building the keys.
If they work then voila. You would have to check out how they cracked
RSA-140 and such cause I am not sure....
DLP also has an inverse which is difficult to find. If it's defined as
g^x mod n (x < n, g = generator). Then there is some log(g^x mod n) /
log(g) which is hard to find (hence the problem). I am not sure if two
different inputs will produce the same output (i.e two logs...) but I
don't think there would be. Could someone comment?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Gergo Barany)
Subject: Re: How do you make RSA symmetrical?
Date: 29 Jun 1999 12:03:15 GMT
In article <[EMAIL PROTECTED]>, Gilad Maayan wrote:
>I'll probably be hammered for my stupidity, as in previous posts, but
>I'm asking it anyway. Is there anyway to make RSA symmetrical?
Use the algorithm as is, but don't give the public key to everybody;
instead, distribute the whole key pair as you would a key to a symmetric
system (i.e. only give it to trusted persons).
Gergo
--
These days the necessities of life cost you about three times what they
used to, and half the time they aren't even fit to drink.
GU d- s:+ a--- C++>$ UL+++ P>++ L+++ E>++ W+ N++ o? K- w--- !O !M !V
PS+ PE+ Y+ PGP+ t* 5+ X- R>+ tv++ b+>+++ DI+ D+ G>++ e* h! !r !y+
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Hamming Weight
Date: Tue, 29 Jun 1999 11:55:10 GMT
In article <7l800h$iki$[EMAIL PROTECTED]>,
Michael J. Fromberger <[EMAIL PROTECTED]> wrote:
> Actually, this is not quite correct. What Tom is describing here is
> Hamming -distance-, not Hamming -weight-. "Hamming weight" is simply
> the number of set bits in a bit-sequence. The typical definition of
> Hamming distance is the number of single-bit changes required to
> transform one bit-sequence into the other
Thanks for the correction. I normally think of it as C = A xor 0 for
population counts (distance from itself)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Hamming Weight
Date: Tue, 29 Jun 1999 11:57:30 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Correctness has a much higer value than speed. PLEASE look up the
> answers before you respond to simple questions.
This being true the poster could have always looked it up themselves.
I made a mistake, eh it happens, but really a hamming distance and
hamming weight are the same thing. Hamming weight is the distance from
all zero.
I.e
HD = a XOR b
HW = a XOR 0
I know they are not the same thing and I apologize for the mishap
(hmm....)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: crypt basics
Date: Tue, 29 Jun 1999 12:01:52 GMT
In article <01bec17f$3bbe7ee0$[EMAIL PROTECTED]>,
"Bernd Wachmann" <[EMAIL PROTECTED]> wrote:
> I'm new in the field of cryptography and I would like to
> ask some of you, which books would be good to
> learn the basics and which journals and internet
> homepages could help to get information about
> state of the art cryptography.
I would also suggest Applied Cryptography. I think you may have some
luck reading online papers as well. I have a site with some, as do
some other posters (Terry Ritter and Jon Savard). The papers will help
you find out what the basic cipher is like. What decisions they made
and more importantly why they made the decisions.
My site is at http://mypage.goplay.com/tomstdenis/block.html.
I would urge you to look up Terry Ritters page (www.io.com/~ritter I
believe...) he has a kick butt glossary which is worth printing off.
More importantly just get involved in the group. If you have read the
group for a bit you will notice I post a lot. Sometimes I am wrong but
it's one heck of a way to learn. And for the times I am not wrong you
help others :)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
