Cryptography-Digest Digest #801, Volume #9 Tue, 29 Jun 99 15:13:02 EDT
Contents:
Re: Quasigroup engryption (John Savard)
Re: Interesting RSA question (John Savard)
Re: Why mirrors invert left-to-right (was: Kryptos article) (John Savard)
Re: Why mirrors invert left-to-right (was: Kryptos article) ([EMAIL PROTECTED])
Re: one time pad (Greg Ofiesh)
Re: The One-Time Pad Paradox ("Dr.Gunter Abend")
Re: two questions ([EMAIL PROTECTED])
Re: Windows9x Crypt Function (David P Jablon)
Re: Good book for beginning Cryptographers? (Rayees S)
Re: Windows9x Crypt Function (S.T.L.)
Re: Windows9x Crypt Function ([EMAIL PROTECTED])
software encryptions ("Brad W, Falk")
Re: trapdoor one way functions (David A Molnar)
Re: Secure link over Inet if ISP is compromized. ("Else")
Re: trapdoor one way functions ("Anton Stiglic")
Re: How do you make RSA symmetrical? ([EMAIL PROTECTED])
Re: one time pad (William Tanksley)
Re: Tough crypt question: how to break AT&T's monopoly??? ("Rick Braddam")
Re: Bytes of "truly random" data for PRNG seed. ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Quasigroup engryption
Date: Tue, 29 Jun 1999 16:23:47 GMT
[EMAIL PROTECTED] wrote, in part:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
>> The mathematical notation just serves to make the idea look
>> presentable and serious. A very good stuff for a dissertation,
>> but please look elsewhere for security.
>here's a good question. where exactly do you look for better security?
Applied Cryptography, by Bruce Schneier, is filled with safe and
sensible advice.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Interesting RSA question
Date: Tue, 29 Jun 1999 16:41:03 GMT
[EMAIL PROTECTED] (Gilad Maayan) wrote, in part:
>Now, say you want to go the opposite route: Take a random 1000-bit
>long cyphertext, and decrypt it using the corresponding secret key, to
>get a 20-bit number.
If the ciphertext is random, what you get from decrypting it will be
1000 bits long nearly all the time, since the same "balooning" effect
happens either way.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Why mirrors invert left-to-right (was: Kryptos article)
Date: Tue, 29 Jun 1999 16:37:56 GMT
Nicol So <[EMAIL PROTECTED]> wrote, in part:
>Lincoln Yeoh wrote:
>> On Sat, 26 Jun 1999 03:49:50 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
>> wrote:
>> >Um, Jim, mirrors don't reverse in any particular direction.
>> >Martin Gardner had a discussion of this in one of his books:
>> >Why is your image in a flat mirror reversed left-to-right,
>> >not top-to-bottom?
>> Maybe it because your right hand looks like your left hand and your head
>> doesn't look like your feet?
>> They just mirror stuff, that's all, just like shadows in some ways.
>It's deeper than that. Without spoiling the fun, I can tell you that
>it's not an optics problem. It's not even a physics problem--it's a
>philosophical one.
>Consider this thought experiment: you stand in front of a mirror and
>take a portrait of yourself with a Polaroid camera. The picture
>basically captures what you see in the mirror. Then a friend of yours
>moves into the position where the mirror was, and takes another picture
>of you with another Polaroid camera.
>Now compare the two pictures, they are (basically) inverted images of
>each other *along the vertical axis*. Why does the inversion take place
>along one of infinitely many possible axes? Einstein said there's no
>preferred frame of reference in nature. Why does the inversion
>"phenomenon" take place along a particular axis but not others?
Since the fun has already been spoiled...
Between taking the two pictures, the Polaroid camera was rotated so
that its up-down axis remained invariant. Someone could have taken a
picture of you, and then could have done a backflip to photograph your
mirror image.
Let the mirror be at the end of a hallway leading north.
You face the mirror.
Your mirror image faces south. This makes sense, because the mirror
faces south, and so the direction _perpendicular_ to the mirror is
special.
Your right hand, which is on your east side, is also on the east side
of your mirror image...
just as your head, which is on top of you, is on the top of your
mirror image.
So, considering you and your mirror image in absolute coordinates,
neither up and down nor east and west are reversed: north and south
are reversed, which are special, because that axis is the one
perpendicular to the mirror, the other two being parallel to its
surface.
Normally, though, you don't talk about your "east" hand or your "west"
hand. Instead, you talk about your right hand and your left hand.
Right and left aren't absolute directions, the way up and down (or
east and west) are; instead, they are relative directions. They're
defined in terms of up and down and front and back (look at an object
from its front - hence, you are looking in its relative "back"
direction: right is 90 degrees counterclockwise from up, left is 90
degrees clockwise from up).
So, when you are facing the mirror, what happens makes sense: up and
down stay the same, but since north and south, corresponding to front
and back, are reversed in your image, the relative direction "right",
for your image, points to the image of your _left_ hand.
Suppose you weren't facing the mirror, but looking sideways. Then
right and left would be reversed in a "real" sense, but that wouldn't
make a difference: one still sees right and left as reversed, because
one maps oneself on to one's image by performing a rotation with a
constant vertical axis. Because that's a kind of motion people do in
real life more often than, say, backflips.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
Date: Tue, 29 Jun 1999 00:38:59 -0400
From: [EMAIL PROTECTED]
Subject: Re: Why mirrors invert left-to-right (was: Kryptos article)
Douglas A. Gwyn wrote:
>
> "S.T.L." wrote:
> > Mirrors invert FRONT-TO-BACK. When we imagine ourselves standing side-by-side
> > our mirror image, making our Fronts identical, then another direction MUST be
> > reversed. We like to think that L-R is reversed because we are bilaterally
> > symmetric. This is, because as someone else said, our left side resembles our
> > right side much more than our head resembles our feet. If, however, we were
> > simply C F Cl Br I atoms (if those exist), then we would have no problem - we
> > would understand the concept of chirality and not be confused by the front-back
> > switch.
>
> The trick is that, to compare the object and its image, we map one
> onto the other. For almost everyone, that mapping consists of
> treating the image as a real image (rather than virtual) and
> rotating the object *about a vertical axis*, then translating it
> onto the (real) image for comparison. The left-to-right reversal
> is a property of the specific mapping (rotation) we use.
The mapping is controlled by the frame of reference. Since the normal
one is not inertial, the vertical axis is special. In one word the
reason is "gravity".
------------------------------
From: Greg Ofiesh <[EMAIL PROTECTED]>
Subject: Re: one time pad
Date: Tue, 29 Jun 1999 16:28:04 GMT
> Actually, quantum mechanics predicts quite well. The hypothesis that
quantum
> fluxuations are random is one of the strongest.
Are you saying that sampling radioactive decay is a good source of
random bit generation? That was what I thought and I think the reply
top which you are responding said I was wrong.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Dr.Gunter Abend" <[EMAIL PROTECTED]>
Subject: Re: The One-Time Pad Paradox
Date: Tue, 29 Jun 1999 20:12:25 +0200
[EMAIL PROTECTED] wrote:
> But a OTP is provably secure. So maybe we are skeptic? Yes it
> would be a good hint if the ciphertext is all ASCII, but the
> chances of that happening...
>
> ... If it's an OTP then anything that comes out is secure.
> Even ASCII because 'how' do you know that was the plaintext.
> Your argument is that these weak types of streams could occur
> and give really big hints into the plaintext (hence the irony
> or paradox).
It may happen (in real life) that you guess the truth from an
accidental message, even if this message is pure nonsense.
I would prefer such encryption techniques that *never* produce
intelligible ciphertexts. If a ciphertext contains some letter
combinations that resemble words, it should be rejected, i.e. the
encryption should simply be repeated.
In the case of a OTP one simply could use the same keystring as
before, but starting with a little offset. This offset could be
mentioned in the ciphertext, or you simply pad the plaintext with
some meaningless bits (zeroes) at the beginning.
Do you see any weakness in this modified OTP method? It merely
excludes such ciphertexts that could give the adversary a hint,
even a misleading one. The actual keystring is still truely random.
This trick does not resolve the problem of OTP keystrings of all
0's or the like. Excluding these exceptional (but random!) strings
might weaken the cipher, however: how much? I suggest to skip
a portion of the random keystring in case the offset trick doesn't
work, i.e. several offset values produce letter combinations.
Do you see any weakness in skipping a part of the preselected
random keystring? This "skipping" could simply be done by
sending a meaningless message that consumes this "bad" part of
the keystring.
Ciao, Gunter Abend
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: two questions
Date: Tue, 29 Jun 1999 17:12:51 GMT
1. Block ciphers are actually more versitile than stream ciphers. A
block cipher can be used as a stream cipher, used within a contruction
to act as a hash function, and they can be run in different modes for
different security / reliability purposes.
2. As far as I know, no one has broken RC4. The only other stream
cipher that I know of that I haven't heard of being broken is SEAL.
3. There has been a lot of research done into stream ciphers, however I
think we're in a lull right now since people are analyzing the
properties of FCSR's (Feedback Carry Shift Registers). The big problem
with stream ciphers is generating a fast, "random" number generator. As
far as I know, every stream cipher outside of RC4 and SEAL have been
broken.
As far as I can tell, and I could be wrong, it is easier to develop a
good block cipher than it is to develop a good stream cipher. The other
thing is that block ciphers, as stated above, are more flexible. I do
believe that more research may need to be done with them since they are
typically better for high-speed data transmissions, as least from my
experience.
In article <7lannb$iee$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> It seems much attention is put towards block ciphers. My first
> question is why not stream ciphers? Stream ciphers are more versatile
> then block ciphers, normally much faster and smaller then block
> ciphers. For example RC4 uses only about 256 bytes of ram whereas RC5
> uses about 1KB and is much slower. So shouldn't attention be put
> towards stream ciphers?
>
> What about RC4? Has there been any progress to cracking it? What
> about alternatives? Are there any ciphers like it that perhaps use
> less ram/time?
>
> Tom
> --
> PGP key is at:
> 'http://mypage.goplay.com/tomstdenis/key.pgp'.
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (David P Jablon)
Subject: Re: Windows9x Crypt Function
Date: Tue, 29 Jun 1999 18:06:27 GMT
In article <7lau27$c95$[EMAIL PROTECTED]>,
David A Molnar <[EMAIL PROTECTED]> wrote:
>Andrew Whalan <[EMAIL PROTECTED]> wrote:
>> I am looking to doing some research on some distributed networking and it
>> has come up that it would be an ideal situation to implement a brute force
>> cryptanalysis engine. Other ideas include proving/disproving various
> [...]
>> If anyone could provide me with some information about the windows 9x crypt
>> function or provide me with some resources as where I could find some info
>> it would be great.
>
>It's not completely clear to me what you want - details on
>Microsoft's crypto APIs, the function used to encrypt screen
>saver passwords, or the system used to authenticate network
>connections.
>
>You may find www.counterpane.com/pptp.html interesting,
>though - it discusses some aspects of Windows 95 and NT
>implementation failures for Point to Point Tunneling Protocol.
PPTP is just one bad (good?) example case of a fundamentally
flawed design. Modern protocols like SPEKE, EKE and SRP do
not provide the opportunity for brute-force attack on the
network messages, regardless of how the password is chosen.
To a certain extent, SSL and other public-key assisted protocols
can also limit password exposures.
Exposing password-derived data to public view presents opportunities
for brute-force attack, and should be avoided whenever possible.
See www.IntegritySciences.com for discussion of these methods.
-- dpj
======================================================
David P. Jablon
[EMAIL PROTECTED]
<http://www.IntegritySciences.com>
------------------------------
From: Rayees S <[EMAIL PROTECTED]>
Subject: Re: Good book for beginning Cryptographers?
Date: Tue, 29 Jun 1999 11:05:55 -0700
I would suggest Network Security: Private communication in a
public world by Kaufman, Perlman and Speciner. It is the best book for
beginners. Its language is lucid.
Another book I have looked into is Cryptography and Network Security:
Principles and Practice(2nd ed) by Stallings. It is best used as a textbook.
It is up to date on some things. (http://www1.shore.net/~ws/Security2e.html)
Bruce Schneier's work is a good reference work and makes easy reading too.
HAC - Menezes is really useful if you really want to do some work on
cryptography. Has all the nitty gritty details.
rayees
Glenn Pure wrote:
> Paul Koning <[EMAIL PROTECTED]> wrote:
>
> >GyungHwa Jun wrote:
> >>
> >> "Handbook of Applied Cryptography" written by Alfred Menezes, Paul C.van
> >> Oorschot, Scott A. Vanstone.
> >
> >Definitely NOT that one, unless you have a healthy background in
> >mathematics. And not even then, actually, since it also assumes
> >you know a bunch about cryptography already.
> >
> >I'd recommend instead Bruce Scheier's "Applied Cryptography".
> >
> > paul
>
> Err, that's a bit heavy going too. The first book I read and would
> thoroughly recommend is Network Security: Private communication in a
> public world by Kaufman, Perlman and Speciner.
>
> Glenn
> Glenn Pure ([EMAIL PROTECTED])
> 66 Crozier Cct, Kambah ACT
> Canberra, Australia
> phone/fax +61 2 6231 6457
>
> Web page & PGP public key at http://www.pcug.org.au/~glennpur
------------------------------
From: [EMAIL PROTECTED] (S.T.L.)
Subject: Re: Windows9x Crypt Function
Date: 29 Jun 1999 18:17:11 GMT
<<Do you have a list of other problems which distribute well,
out of curiosity?>>
The ones that do well are generally made up of a large number of _independent_
tasks. If the tasks require even minimal constant communication, distributed
computing isn't that suitable. (For problems that have tasks that need to
intercommunicate, a massively parallel supercomputer is best). Therefore,
things like factoring via the GNFS (a supercomputer *must* finish the end,
serial part of the job), or cracking keys (each key is independent, all you
need to do is assign a range of keys and report "None" or "Whoo hoo, here's the
key: ########") are good to distribute. Others include finding hex digits of Pi
or optimal Golomb rulers. Nearly ideal, of course, is testing Mersenne numbers
for primality. The server assigns a 7-digit (8, maybe) to a computer, which
keeps that computer busy for weeks or even months, and then the computer just
reports back: "Here's a factor: ######", or "LL Test Negative, here's the
residue: HEX_DIGITS", or "Whoo hoo!". :-D
-*---*-------
S.T.L. ===> [EMAIL PROTECTED] <=== BLOCK RELEASED! 2^3021377 - 1 is PRIME!
Quotations: http://quote.cjb.net Main website: http://137.tsx.org MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 F00FC7C8
E-mail block is gone. It will return if I'm bombed again. I don't care, it's
an easy fix. Address is correct as is. The courtesy of giving correct E-mail
addresses makes up for having to delete junk which gets through anyway. Join
the Great Internet Mersenne Prime Search at http://entropia.com/ips/ Now my
.sig is shorter and contains 3379 bits of entropy up to the next line's end:
-*---*-------
Card-holding member of the Dark Legion of Cantorians, the Great SRian
Conspiracy, the Triple-Sigma Club, the Union of Quantum Mechanics, the
Holy Order of the Catenary, and People for Ethical Treatment of Digital
Tierran Organisms
Avid watcher of "World's Most Terrifying Causality Violations", "World's
Scariest Warp Accidents", "When Tidal Forces Attack: Caught on Tape",
and "When Kaons Decay: World's Most Amazing CP Symmetry Breaking Caught
On [Magnetic] Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #5: Thou Shalt Not Remain At Rest Inside An Ergosphere.
-*---*-------
S.T.L. ===> [EMAIL PROTECTED] <=== BLOCK RELEASED! 2^3021377 - 1 is PRIME!
Quotations: http://quote.cjb.net Main website: http://137.tsx.org MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 F00FC7C8
E-mail block is gone. It will return if I'm bombed again. I don't care, it's
an easy fix. Address is correct as is. The courtesy of giving correct E-mail
addresses makes up for having to delete junk which gets through anyway. Join
the Great Internet Mersenne Prime Search at http://entropia.com/ips/ Now my
.sig is shorter and contains 3379 bits of entropy up to the next line's end:
-*---*-------
Card-holding member of the Dark Legion of Cantorians, the Great SRian
Conspiracy, the Triple-Sigma Club, the Union of Quantum Mechanics, the
Holy Order of the Catenary, and People for Ethical Treatment of Digital
Tierran Organisms
Avid watcher of "World's Most Terrifying Causality Violations", "World's
Scariest Warp Accidents", "When Tidal Forces Attack: Caught on Tape",
and "When Kaons Decay: World's Most Amazing CP Symmetry Breaking Caught
On [Magnetic] Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #5: Thou Shalt Not Remain At Rest Inside An Ergosphere.
------------------------------
Date: Tue, 29 Jun 1999 01:19:55 -0400
From: [EMAIL PROTECTED]
Subject: Re: Windows9x Crypt Function
S.T.L. wrote:
>
> <<I am looking to doing some research on some distributed networking and it
> has come up that it would be an ideal situation to implement a brute force
> cryptanalysis engine.>>
>
> Hasn't that been done already? Distributed RC5 (Bovine! MOOOO!) cracking,
> distributed DES stuff, distributed.net, etc.
>
> Anyways, everyone knows that the best distributed-computing application is the
> search for Mersenne primes.
Well, there's prize money available for Mersennes. But the organizers
are also taking on other jobs like Golumb rulers and Cunningham numbers.
>
> -*---*-------
> S.T.L. ===> [EMAIL PROTECTED] <=== BLOCK RELEASED! 2^3021377 - 1 is PRIME!
> Quotations: http://quote.cjb.net Main website: http://137.tsx.org MOO!
> "Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 F00FC7C8
> E-mail block is gone. It will return if I'm bombed again. I don't care, it's
> an easy fix. Address is correct as is. The courtesy of giving correct E-mail
> addresses makes up for having to delete junk which gets through anyway. Join
> the Great Internet Mersenne Prime Search at http://entropia.com/ips/ Now my
> .sig is shorter and contains 3379 bits of entropy up to the next line's end:
> -*---*-------
>
> Card-holding member of the Dark Legion of Cantorians, the Great SRian
> Conspiracy, the Triple-Sigma Club, the Union of Quantum Mechanics, the
> Holy Order of the Catenary, and People for Ethical Treatment of Digital
> Tierran Organisms
> Avid watcher of "World's Most Terrifying Causality Violations", "World's
> Scariest Warp Accidents", "When Tidal Forces Attack: Caught on Tape",
> and "When Kaons Decay: World's Most Amazing CP Symmetry Breaking Caught
> On [Magnetic] Tape"
> Patiently awaiting the launch of Gravity Probe B and the discovery of M39
> Physics Commandment #5: Thou Shalt Not Remain At Rest Inside An Ergosphere.
------------------------------
From: "Brad W, Falk" <[EMAIL PROTECTED]>
Subject: software encryptions
Date: Tue, 29 Jun 1999 03:49:17 -0700
All,
I need to find a person that can write or give me some information on
software encryptions. I want to have a encryption generator that can give me
control of software expiration and encryption to specific host machines.
Anyone that can help me out I would be very happy to work with them on
contract basis.
Thank you,
--
Brad W. Falk
Virtual Set Systems Engineer
Devlin Design Group
[EMAIL PROTECTED]
[EMAIL PROTECTED]
619-535-9800 xt 6510
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: trapdoor one way functions
Date: 29 Jun 1999 17:25:05 GMT
Patrick Juola <[EMAIL PROTECTED]> wrote:
B
>>
>>A) IS FACTORING INTRINSICALLY DIFFICULT? This question has plagued
>>mathematicians for centuries.
>>
>>B) Even if factoring is hard, is there a way to break RSA that is easier than
>>factoring?
>>
>>Most people conjecture that the answers to A and B are Hell Yes and No, in that
>>order. :-D
> Schneier claims somewhere in Applied Crypto -- no, I haven't verified
> the claim myself, so I just present it as heresay -- that there are
> RSA variants that are *provably* as strong as factoring.
Do you consider Rabin an RSA variant ? :-D
In any case, breaking "straight" Rabin with no padding
applied to the messages beforehand gives you square
roots mod N. If you can take square roots, you can
factor the modulus. Therefore any break is as
difficult as factoring.
Anyway, it may be the case that certain instances
of RSA are not equivalent to factoring. When
the encryption exponent is absurdly low is
an example - message recovery is sometimes
possible without obtaining p and q.
(I know I mentioned this before and
didn't give enough detail - working on it)
-David Molnar
------------------------------
From: "Else" <[EMAIL PROTECTED]>
Subject: Re: Secure link over Inet if ISP is compromized.
Date: Tue, 29 Jun 1999 21:52:19 +0400
In reply to my own post.
So, as far as I can see, the general consensus is that any Internet
encryption scheme is as secure as the ISP. It implicitly assumes that ISP
can be trusted.
------------------------------
From: "Anton Stiglic" <[EMAIL PROTECTED]>
Subject: Re: trapdoor one way functions
Date: Tue, 29 Jun 1999 14:29:21 -0700
It may become more clear with an example of a one-way trap door function:
Menezes Van O. and Vanstone (alias: the big green book) gives an example
of a one-way function (tought not to be one-way trap door):
Take X = {1, 2, ...., 16} AND F(X) = remainder of (3^x)/17
It's easy to compute the function but not so easy to found the inverse
(try to found what x gives f(x) = 7) . This function has a small space,
so of course it's feasable to found the inverse, but the point is that it's
MUCH more work than to compute f(x).
There doesn't seem to be any element that could help us compute the
inverse easily (no trap door).
Note: It is still not know if any one-way or trapdoor one-way function
exist..
Anton
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: How do you make RSA symmetrical?
Date: Tue, 29 Jun 1999 17:27:02 GMT
...a construction that turns a PK algorithm into
a symmetric-key (block) cipher is more than a cute parlor
game or naif question. What has been demonstrated is that a PK
algorithm subsumes block ciphers. Since block ciphers and stream
ciphers are equivalent, PK subsumes them too. Its actually a
decent mathematic question.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (William Tanksley)
Subject: Re: one time pad
Reply-To: [EMAIL PROTECTED]
Date: Tue, 29 Jun 1999 18:28:14 GMT
On Mon, 28 Jun 1999 09:58:44 -0400, [EMAIL PROTECTED] wrote:
>William Tanksley wrote:
>> My primary point is negative, not positive -- a single stream tells me
>> nothing. It doesn't tell an automaton anything, either.
>In what sense does a single generator produce multiple streams?
In the sense that its operation can to some extent be controlled and
viewed from different perspectives. If I can power it off and on, I'll
consider the stream at power-on different from the stream otherwise. If
it produces two seperate outputs, I'll treat both as seperate streams. In
the example RNG I gave, there were three NOT-cycles, and I would treat
them as seperate RNG sources. If I can predict any of them, I have a
weakness.
If I can't control the operation in any way, nor dissect it, I am leery of
stating anything about its randomness.
Of course, I see your point. After a long enough run we'd have a good
deal of data, and a set of statistics could produce a reasonable answer. I
would likely trust that answer, even though that contradicts what I said.
C'est la vie; I can't always be right. But I _am_ nearly always right on
this one ;-), because the only unstoppable RNG source I know of is quantum
fluxuations, and I don't trust that they're random (however, I do suspect
that they're usable for a perfectly secure OTP, because the fluxuations
can't be monitored from outside the generator and are thus acceptably
random).
--
-William "Billy" Tanksley
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Subject: Re: Tough crypt question: how to break AT&T's monopoly???
Date: Tue, 29 Jun 1999 12:17:37 -0500
Tom may be half right. Many years ago I dabbled with amateur
radio, and it was (and probably still is) illegal to
transmit encrypted info *via amateur radio*. That doesn't
apply, of course, to sending email... this ain't amateur
radio.
The self-decrypting message is an interesting idea. Since
the decrypting stub could not be used to perform encryption,
it looks like it should be exempt from EAR. I wouldn't want
to be the one to try it, though.
JPeschel <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> > [EMAIL PROTECTED] writes:
>
> >Well in Canada occording to the DOC (department of comm.)
transmitting
> >encrypted information is illegal (last time I checked, my
brother is an
> >amateur radio dude...). So that would probably include
telephone and
> >modem type transmissions.
> >
> >Of course I have never heard of anyone being arrested for
such a
> >crime...Of course with ITAR you could always just snail
the encrypted
> >msg :)
>
> Transmitting encrypted information is illegal? I don't
think so -- not even
> in Canada. I am pretty sure Canada's export restrictions
are the same
> those in the US by mutual agreement. John Savard might
speak to this.
>
> ITAR hasn't been in effect for a couple years now. It's
EAR under
> the Dept. of Commerce.
>
> Joe
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Bytes of "truly random" data for PRNG seed.
Date: Tue, 29 Jun 1999 18:23:31 GMT
[EMAIL PROTECTED] (Terry Ritter) wrote:
> [EMAIL PROTECTED] wrote:
>
> >[EMAIL PROTECTED] (Terry Ritter) wrote:
> >
> >> Again, from my article:
> >>
> >> "Because an x^2 mod N generator generally defines multiple cycles
with
> >> various numbers of states, the initial value x[0] must be specially
> >> selected to be sure that it is not on a short cycle (p. 377).
[...]
> >Is anything wrong with the following argument? It shows
> >that under the assumption that factoring Blum integers is
> >hard, short cycles are of no concern.
> >
> >The logic is that finding a cycle is as hard as finding a
> >factor.
>
> I am not qualified to judge the argument about the probability of
> short cycles, so I assume it is correct. What I would call wrong is
> what that means:
>
> I claim there is something wrong with a system which is supposedly
> "proven" secure, in which we are required to choose a random x[0]
> value, and our choice of that value can cause *in*secure operation.
Whether or not we take special action to choose x[0] on
a long cycle, the proof of security of BBS (or any proof
of computational security) applies to the distribution of
keys, and not to a particular choice. For any particular
composite, there exists a fast algorithm to factor it.
We must choose our factors and x[0] from some distribution,
and my argument shows that we can choose x[0] from the
uniform distribution. It makes no sense to object that the
proof doesn't show the security of a particular choice of
x[0] while ignoring the same issue in choosing the modulus.
> Even though this is unlikely, if it is not actually impossible, there
> can -- in my opinion -- be no "proof." "Proof," to me, means that we
> are logically compelled to a belief because absolutely *no*
> alternative exists. To me, "proof" does not mean that we are *almost*
> compelled to belief because the alternative is unlikely.
You confuse the rigor of the proof with the character of
the proven assertion. Given the assumption stated in the
proof of security of BBS, one who understands the proof
is compelled to believe the conclusion. The conclusion
does not state that there is no case in which an
adversary could predict the generator's output without an
intractable amount of computation, only that the chance
of it is vanishingly small.
--Bryan
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
