Cryptography-Digest Digest #807, Volume #9 Wed, 30 Jun 99 13:13:02 EDT
Contents:
Re: Secure link over Inet if ISP is compromized. ("Gene Sokolov")
Re: Secure link over Inet if ISP is compromized. (S.T.L.)
Re: Kryptos article (wtshaw)
Re: How do you make RSA symmetrical? ("Anton Stiglic")
Re: A Quanitative Scale for Empirical Length-Strength (wtshaw)
Re: SSL Overhead (Kent Briggs)
Re: MP3 Piracy Prevention is Impossible (Reuben Sumner)
Re: A Quanitative Scale for Empirical Length-Strength (Jim Gillogly)
Re: A Quanitative Scale for Empirical Length-Strength (wtshaw)
Re: Kryptos article (John Myre)
Re: Can Anyone Help Me Crack A Simple Code? (John Savard)
Re: Can Anyone Help Me Crack A Simple Code? (John Savard)
Re: BAN Logic considered useful? (Don Davis)
Re: RSA or DIFFIE-HELLMANN (Lutz Donnerhacke)
RSA or DIFFIE-HELLMANN (chicago)
Re: A Quanitative Scale for Empirical Length-Strength (wtshaw)
Re: new book (John Savard)
Re: trapdoor one way functions (Nicol So)
D - CD-R encryption (Dupavoy)
Re: A Quanitative Scale for Empirical Length-Strength (Mok-Kong Shen)
Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length? (Robert
Harley)
Re: Windows9x Crypt Function ("Andrew Whalan")
----------------------------------------------------------------------------
From: "Gene Sokolov" <[EMAIL PROTECTED]>
Subject: Re: Secure link over Inet if ISP is compromized.
Date: Wed, 30 Jun 1999 17:46:40 +0400
Alan Braggins <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
<snip>
It helps to read the original post. Or at least a post one up in the thread.
------------------------------
From: [EMAIL PROTECTED] (S.T.L.)
Subject: Re: Secure link over Inet if ISP is compromized.
Date: 30 Jun 1999 14:17:44 GMT
<<face-to-face conversations, are compromised, >>
By compromised, do you mean monitored or prevented? If you monitor a
face-to-face conversation between me and Bob, then we can still exchange public
keys and know we can communicate safely. Of course, Bob may be an agent for the
other side anyways.
-*---*-------
S.T.L. ===> [EMAIL PROTECTED] <=== BLOCK RELEASED! 2^3021377 - 1 is PRIME!
Quotations: http://quote.cjb.net Main website: http://137.tsx.org MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 F00FC7C8
E-mail block is gone. It will return if I'm bombed again. I don't care, it's
an easy fix. Address is correct as is. The courtesy of giving correct E-mail
addresses makes up for having to delete junk which gets through anyway. Join
the Great Internet Mersenne Prime Search at http://entropia.com/ips/ Now my
.sig is shorter and contains 3379 bits of entropy up to the next line's end:
-*---*-------
Card-holding member of the Dark Legion of Cantorians, the Holy Order of the
Catenary, the Great SRian Conspiracy, the Triple-Sigma Club, the Union of
Quantum Mechanics, the Polycarbonate Syndicate, and People for the Ethical
Treatment of Digital Tierran Organisms
Avid watcher of "World's Most Terrifying Causality Violations", "When Kaons
Decay: World's Most Amazing CP Symmetry Breaking Caught On [Magnetic] Tape",
"World's Scariest Warp Accidents", "World's Most Energetic Cosmic Rays", and
"When Tidal Forces Attack: Caught on Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #6: Thou Shalt Always Obey CPT Symmetry.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Kryptos article
Date: Wed, 30 Jun 1999 09:12:20 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
> David Wagner wrote:
> > It's amazing how much of a difference it makes. I almost wish
> > someone reputable would lie to the world and claim such-and-such
> > a cipher can be broken, just to see what the results are. :-)
>
> They wouldn't have to lie -- history tells us that most ciphers are
> breakable under favorable circumstances, when the right approach is
> found. Sometimes it takes a lot of work to find a suitable approach!
Putting Jim on the task would be hugely more useful than puting almost any
else I know, with a few exceptions. Sharpshooters are proven highly
useful even in times when just firing as many weapons in the general
vicinity of the target is a conventional norm. There is a big difference
between a lucky shot, and one who makes himself appear lucky, but both can
happen.
--
It's always possible that a politician is acting out of principles.
--Michael Kinsley of Slate.com
------------------------------
From: "Anton Stiglic" <[EMAIL PROTECTED]>
Subject: Re: How do you make RSA symmetrical?
Date: Wed, 30 Jun 1999 10:43:57 -0700
> The whole point to PKC is to have a well defined public-key
> cryptosystem. Some block ciphers such as CAST have well defined
> construction parameters (which are highly mathematical). So your
> point is moot.
>
> Tom
Most mathematicians dislike block ciphers and symetric ciphers in general.
The basis for this dislike is that problems like factoring are much more
elegantly defined mathematicaly wise and has been studied for MUCH longer
than bizare permuations that compose symetric ciphers.
Studies in crypto are not just about things that are practicaly implemented,
it
is also about complexity theory. Reducing RSA to a symetric cipher if fun,
it
reduces an asymetric scheme to an symetric scheme.
For [EMAIL PROTECTED] 's comment about not beeing a fun question
but a decent mathematic question, I would like to ask him what is his
interpretation
of mathematics. For me, it's pleasure (thus fun). Most of the stuff that
is presented
in CRYPTO and EUROCRYPT is not about survival security or protocols that can
be implemented, it's mostly about fun things. If math and crypto is not fun
for you,
I suggest you involve yourself in another domain.
Regards,
Anton
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: A Quanitative Scale for Empirical Length-Strength
Date: Wed, 30 Jun 1999 09:29:33 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>
> Not all names above are familiar to me. A question: How about the
> classical transposition cipher (enter text in rows of a matrix and
> using a key to take out in columns) applied twice with two different
> keys?
>
That is a meaningful question, but I tried to start as simply as possible
even though I tripped up in one area. The ACA material, worth the
joining, does give suggested sizes of matrices. And surely, if an added
manipulation seems to need more ciphertext to be solve, then that would
indicate increased strength. The mathematics is just supposed to help
give a handle to this idea of strength.
Your suggestion about multiple keys on a fixed amount of material may
simply reduce to another key, perhaps longer, perhaps not. The method
might not change any S-L placement for the cipher rather than creating
another one. There may be some wiggle room when a cipher uses a longer
key rather than one within some arbitrary limit; is it a new cipher, or
just a variation worth mentioning?
--
It's always possible that a politician is acting out of principles.
--Michael Kinsley of Slate.com
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: SSL Overhead
Date: Wed, 30 Jun 1999 15:15:54 GMT
Patrick Juola wrote:
> A typical stream cypher will result in a cyphertext
> file exactly the same size as the plaintext file; a typical block
> cypher will expand the file by at most one block -- which is typically
> 50-100 bytes depending on exactly which block cypher you use.
>
Actually, most block ciphers use 64-bit blocks (double that with AES) so the
extra overhead in the final block is only 0-7 bytes.
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
From: [EMAIL PROTECTED] (Reuben Sumner)
Subject: Re: MP3 Piracy Prevention is Impossible
Date: 30 Jun 1999 13:38:01 GMT
Reply-To: [EMAIL PROTECTED]
On 29 Jun 1999 15:42:17 GMT, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>It's completely impossible to make sure that somebody can't share
>the plaintext of a document with somebody else. Why try?
Yes, but it might be possible to "watermark" each copy of a song sold. That
way if a pirated copy is seen by the copyright holder they can determine
who was responsible and pursue them through the courts.
Besides, people still believe in security through obscurity. I saw an
add for a crypto product a while back. One of the "features" was its use
of a proprietary algorithm. Thanks, but no thanks.
Reuben
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: A Quanitative Scale for Empirical Length-Strength
Date: Wed, 30 Jun 1999 07:37:52 -0700
Mok-Kong Shen wrote:
>
> wtshaw wrote:
> > Now to those that are not trivial:
> >
> > Clearly, near the low end of the totem pole are Baconian at 25-33,
> > Autokey, Interrupted Key, and Running Key, all at 40-50. If a cipher can
> > be usually solved with less than about 50 characters of ciphertext, it is
> > *Length: Extremely Weak*.
> >
> > A little stronger are Morbit, 50-75, Aristocrats, 75-100, then Playfair,
> > 80-100, and a host of others with lengths recommend above, below, and
> > around 100 chararacters. These are all still *Length: Very Weak*.
> >
> > Moving up, we find ciphers who have recommended lengths above, below, and
> > around 200 characters. A few of the just plain *Length: Weak* ciphers are
> > Diagrafid, 120-220, Granpre, 150-200, Brazeries, 150-250, Trisquare,
> > 200-250, and Pollux, 155-385.
The ACA length standards are not a uniformly good measure of
strength, although they are in general correlated. However,
most of these types include a "crib" when used in the Cipher
Exchange column, and the length and quality of the crib also
factors into the overall difficulty. One outlier on the list
above is Pollux: when the standard for that was written it was
new and the editor of Cipher Exchange (my predecessor) was not
yet familiar enough with the type to make a general rule. In
fact, Pollux is solvable withtout a crib with a much shorter
length, and the next time the standards are printed I'll
recommended that it be shortened up considerably.
Secondly, these length standards are for pencil-and-paper
solvers. There are no-brainer computer attacks on some of
these that dominate the pencil-and-paper methods. For
example, consider Bazeries (the substitution/transposition,
not the cylinder): while it's more work than a simple sub
with pencil and paper, a brute force search through the
key-space with a simple scoring algorithm will turn up
the solution without a crib in short order.
> Not all names above are familiar to me. A question: How about the
> classical transposition cipher (enter text in rows of a matrix and
> using a key to take out in columns) applied twice with two different
> keys?
If we ignore the general attack on transpositions (multiple
anagramming) it's rather good: specific attacks on double
transposition are still highly classified, and were redacted
from the copy of Military Cryptanalytics III recovered by
John Gilmore and Lee Tien in an FOIA some years ago. My own
results suggest that it is tractable on current personal
computer hardware if the two different keys are shorter than
about 13 each. I understand the Germans used considerably
longer keys in WW2. The length is a bit bimodal: if it's
quite short, anagramming is possible followed by recovering
the key -- see Courville's monograph for the method. If it's
longer, hill-climbing approaches will have enough material to
work with. My approach appears happy with around 100 characters,
and doesn't improve much with increasing length.
It's harder than single incomplete columnar, but not orders
of magnitude harder relative to its key length.
--
Jim Gillogly
Sterday, 7 Afterlithe S.R. 1999, 14:21
12.19.6.5.15, 6 Men 3 Tzec, Seventh Lord of Night
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: A Quanitative Scale for Empirical Length-Strength
Date: Wed, 30 Jun 1999 08:58:16 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> > L-S is not the only factor in Algorithm Strength, but it is worth
> > mentioning as one of the important ones. To not include it
> > appropriately is to look foolish.
>
> I dunno, it seems nearly "foolish" to me to promote the simple
> taking of logarithm of an empirically-judged maximum safe message
> length to any elevated status as a measurement of anything.
> Why not just cite the maximum safe message length?
My mistakes in the posting aside, it seems practical to look at the
interaction of crypto primatives on a simple basis to see the effects of
how various combinations actually seem to produce strength.
There are two lengths of interest: 1) From the use's point of view, as you
say, the maximum safe message length; and, 2) from the analyst's point of
view, how much do I need to break the darned thing. Both want as much as
they can get, and probably being disappointed that it is not more. A
safety zone created by writing less that the magical length is supposed to
deny breakability to the analyst. Since you may not know his
capabilities, best to make that zone as large as possible.
--
It's always possible that a politician is acting out of principles.
--Michael Kinsley of Slate.com
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Kryptos article
Date: Wed, 30 Jun 1999 09:23:13 -0600
David Wagner wrote:
> It's amazing how much of a difference it makes. I almost wish
> someone reputable would lie to the world and claim such-and-such
> a cipher can be broken, just to see what the results are. :-)
Like, "I have found a truly wonderful break for Skipjack, but
the proof is too large to fit in the margin. - D. Coppersmith".
Eh?
John M.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Can Anyone Help Me Crack A Simple Code?
Date: Wed, 30 Jun 1999 15:22:02 GMT
mercury <[EMAIL PROTECTED]> wrote, in part:
>Mediphorically, I have a box with a red and a green light.
Look, we _know_ you're trying to bust the serial number scheme for
some software.
But *if* they're using a scheme of any sophistication at all, the
amount of examples you've given is _way_ too small for an attack to
even begin.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Can Anyone Help Me Crack A Simple Code?
Date: Wed, 30 Jun 1999 15:24:36 GMT
Ed Yang <[EMAIL PROTECTED]> wrote, in part:
>> 582 285 8183
>> 753 980 4828
>> 653 429 9888
>> 833 285 8883
>> 528 853 8849
>> 628 382 2858
>I called all of those telephone numbers
The first three digits do not have the property that their middle
digit is either 0 or 1. Somehow, I don't think they're *all* in those
newfangled area codes that they only came out with a couple years
ago...
Those are not telephone numbers, even if the digits are grouped the
right way.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Don Davis)
Subject: Re: BAN Logic considered useful?
Date: Wed, 30 Jun 1999 17:27:46 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> I am wondering if BAN Logic is still considered a acceptable method
>for the analysis of authentication protocols, or if there are more
>recent developments in this area.
catherine meadows has written a comparison/critique of
BAN and more recent protocol analysis tools. the short
answer is that automated analysis engines can do better
than BAN, but BAN isn't bad, as hand-cranked protocol
checkers go. though i like BAN myself, and have used
it to advantage in the past, i'm persuaded by meadows'
argument that you need to do more than BAN. use it for
sanity-checking, but try to do other kinds of analysis,
too.
meadows is at NRL (nrl.navy.mil). i seem to remember
having searched out a web-page there that presents some
of her papers, but i don't have the URL now.
- don davis
boston
-
------------------------------
From: [EMAIL PROTECTED] (Lutz Donnerhacke)
Subject: Re: RSA or DIFFIE-HELLMANN
Date: 30 Jun 1999 16:00:07 GMT
* chicago wrote:
>I'm still searching for the sources of RSA or diffie-hellmann, where can
>I find it??
The real sources? Try the great bibliography of Bruce Schneier's bible.
Or do you mean the really real ones? Try a textbook about basic algebra.
Or try this:
...
; \author{\underline{Lutz Donnerhacke}\\
; \texttt{lutz@@iks-jena.de}\\
; PGP \texttt{1127/DB089309}\\
; \texttt{1C1C 6311 EF09 D819}\\
; \texttt{E029 65BE BFB6 C9CB}}
; \title{Scheme Kryptopaket}
...
(define (make-rsa-keypair n e)
(define (mkp n e)
(let*
( (n2 (halb n))
(n-n2 (- n n2))
(nq (min n2 n-n2))
(np (max n2 n-n2))
(2^np-2 (2^ (- np 2)))
(2^nq-1 (2^ (- nq 1)))
(p (such-prim (+ (2^ np) (random 2^np-2))))
(q (such-prim (+ (2^ nq) (random 2^nq-1))))
(u (mod-invers p q))
(d (mod-invers e (* (pred p) (pred q))))
(b (* p q)))
(if d
(list (cons b e) d p q u)
(mkp n e))))
(if (< n 16)
(error "make-rsa-keypair: Modulus to small.")
(mkp n e)))
; Dieses Schl�sselpaar besteht aus dem �ffentlichen und dem privaten Schl�ssel.
(define (rsa-pubkey keypair) (car keypair))
(define (rsa-seckey keypair) keypair)
(define (rsa-modulus key)
(if (pair? (car key)) (caar key) (car key)))
(define (rsa-pubexp key)
(if (pair? (car key)) (cdar key) (cdr key)))
(define (rsa-secexp key) (cadr key))
(define (rsa-secprim-p key) (caddr key))
(define (rsa-secprim-q key) (cadddr key))
(define (rsa-secinv key) (car (cddddr key)))
; Es gestattet zwei grundlegende Operationen.
; \emph{Verschl�sseln} einer Nachricht $0<M<b$ in ein Chiffrat $C$
; \[ C = \imod{M^e}b \]
(define (rsa-encrypt m key)
(expmod m (rsa-pubexp key) (rsa-modulus key)))
; \emph{Entschl�sseln} eines Chiffrats $C$ zur Nachricht $M$
; \[ \imod{C^d}b = \imod{\imod{M^e}b^d}b = \imod{M^{ed}}b =
; \imod{M^{\varphi(b)}}b \overset{Euler}{\underset{Fermat}{=\!=\!=\!=}} M
; \]
(define (rsa-decrypt-exp c key)
(expmod c (rsa-secexp key) (rsa-modulus key)))
; Beim Entschl�sseln k�nnen jedoch auch die Zusatzinformationen �ber die
; Faktorisierung des Modulus $b=pq$ benutzt werden, da diese vorsorglich
; im privaten Schl�ssel mitgespeichert wurden, weil sie sich aus dem $e,d$
; und $b$ sowieso leicht berechnen lassen.
; \[
; M = \imod{C^d}b = \imod{C^d}{pq}
; \]
; Der Chinesische Restsatz besagt nun, da�
; \[
; \begin{array}{r@{\:=\:}l}
; x_p & \imod{x}p\\
; x_q & \imod{x}q\\
; \end{array} \quad \Rightarrow \quad
; \begin{array}{r@{\:=\:}l}
; x & c_ppu_p + c_qqu_q\\
; 1 & \imod{pu_p}q = \imod{qu_q}p\\
; \end{array}
; \]
; Man rechnet leicht nach, da�
; \[
; x_p = \imod{x}p = \imod{c_ppu_p + c_qqu_q}p = 0 + \imod{c_q}p\imod{qu_q}p
; = c_q
; \]
; \[
; x_q = \imod{x}q = \imod{c_ppu_p + c_qqu_q}q = \imod{c_p}q\imod{pu_p}q + 0
; = c_p
; \]
; Somit kann man $x$ eindeutig zu $x = x_qpu_p + x_pqu_q$ angeben.
; Schaut man genauer hin, so sind der Chinesische Restsatz und der
; erweiterte Euklidische Algorithmus der gleiche Gedankengang.
;
; Ist es m�glich, da� das so berechnete $x$ gr��er als $pq$ wird?
; \[
; x' = \imod{x}{pq} \quad \Rightarrow \quad
; x' + kpq = x \quad \begin{array}c k\in\N\\ 0\leq x'<pq\end{array}
; \]
; \[ x' + kpq = x_qpu_p + x_pqu_q \quad pu_p + qu_q = 1 \]
; \[ x' = x_qpu_p + x_p(1-pu_p) - kpq = x_p + ((x_q-x_p)u_p - kq)p \]
; \[ x' = x_p + \imod{x_q-x_p)u_p}{q}p \leq (p-1) + (q-1)p = pq - 1 < pq\]
;
; Eine weitere Vereinfachung ergibt sich aus dem kleinen Fermat
; f�r die Berechnungen gegen die Primfaktoren:
; \[ \imod{x^k}p = \imod{x^{\imod k {p-1}}}p \]
(define (rsa-decrypt-crt c key)
(let* ( (p (rsa-secprim-p key))
(q (rsa-secprim-q key))
(d (rsa-secexp key))
(u (rsa-secinv key))
(xq (expmod c (modulo d (pred q)) q))
(xp (expmod c (modulo d (pred p)) p)))
(+ xp (* p (modulo (* (- xq xp) u) q)))))
; Da die Berechnung �ber den chinesischen Restsatz mit kleineren Zahlen
; deutlich schneller\footnote{Ein 1024~bit Schl�ssel ben�tigt hier 4,1~s auf
; die klassische Weise und 1,2~s �ber den Restsatz. F�r einen 2048~bit
; Schl�ssel lauten die Zeiten 31~s vs. 8,5~s.} ist, sollte diese Rechnung
; immer vorgezogen werden.
(define (rsa-decrypt c key)
(if (null? (cddr key))
(rsa-decrypt-exp c key)
(rsa-decrypt-crt c key)))
...
�
Siemens sells realnames.
------------------------------
From: chicago <"gabriel. nock"@siemens.de>
Subject: RSA or DIFFIE-HELLMANN
Date: Wed, 30 Jun 1999 17:04:18 +0200
hay...
I'm still searching for the sources of RSA or diffie-hellmann, where can
I find it??
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: A Quanitative Scale for Empirical Length-Strength
Date: Wed, 30 Jun 1999 10:58:52 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (wtshaw) wrote:
> A Quantitative Scale for Empirical Length-Strength
>
Now, it's correction time:
With many ciphers, plaintext length is the same as ciphertext length, so
speaking on one is speaking of the other. When they differ, care should
be taken so that the numbers don't wind up in the wrong places.
Consider my inclusion of the Baconian in the 25-33 range. Clearly the
literature says that this is for Plaintext, that would put ciphertext at
125 to 165 characters.
But, if I am going to do the scale from the user's point of view, the
article needs to be corrected to reflect that.
Let's see...any other ciphers with the same problem I created? Yes,
Tri-square has groups of two characters for plaintext with three
characters in each ciphertext group, so with the numbers given are good
for plaintext, but misrepresented as ciphertext.
The same thing happens in Pollux, but since ciphertext is in digits, if we
were to speak of ciphertext, it would have much larger values.
For Grandpre, mispelled in article, ciphertext is in pairs of digits, but
values for plaintext quantity of characters are fine.
Anyway, I'll make these and any other changes to the article for the
RadioFreeTexas.com site....many thanks to Garrison for his cooperation.
Isn't it fun to see works in progress?
----
Changes:
The quantities in characters mentioned are for plaintext.
If a cipher can be usually
solved to less than about 50 characters of plaintext, it is *Length:
Extremely Weak*.
Removed mention of Baconian (not as clean a listing as needed)
Moving up, we find ciphers who have recommended plaintext above, below, and
around 200 characters.
Given 27 as a base, close enough to 26, the the length-strength value of
one means
that ciphertexts for approximately 27-character messages can be solved.
---
I probably did not catch everything, but at least I'm treading water
rather than drowning.
--
It's always possible that a politician is acting out of principles.
--Michael Kinsley of Slate.com
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: new book
Date: Wed, 30 Jun 1999 15:35:56 GMT
[EMAIL PROTECTED] (wtshaw) wrote, in part:
>In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
><[EMAIL PROTECTED]> wrote:
>> Code Breaking : A History and Exploration
>> by Rudolf Kippenhahn, Ewald Osers (Translator)
>> (Found via Amazon; I haven't seen it yet.
>> The fact that Kirkus thinks it is too technical
>> makes me think it might be a good book.)
>Please try not to fall victim to the expert syndrome. Your reflective
>thoughts are mostly on track, neither backwards nor upside down, sometimes
>a bit wavy, but I should speak.
He's just giving us an early mention of the book, and asking if anyone
knows any more. And, since Kirkus Reviews does have the general reader
in mind, it is not elitist to hope that an assessment of "too
technical" may be an indication of real content. (Of course, the
possibility of it indicating poor presentation isn't eliminated either
until one actually sees the book.)
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: trapdoor one way functions
Date: Tue, 29 Jun 1999 23:07:15 -0400
David A Molnar wrote:
>
> [About a comment that David A Molnar made, my observation, and
> David's clarification...]
>
> Is this the reason you considered the clause "obviously false"?
Yes. Taken at face value, the statement is obviously false, as you'd
probably notice when you look at it a second time.
Nicol
------------------------------
From: [EMAIL PROTECTED] (Dupavoy)
Subject: D - CD-R encryption
Date: 30 Jun 1999 16:51:32 GMT
I would like to know if it is possible to encrypt
files on CD-R just as on a floppy and a ZIP
drive. Also, you can password protect and lock
ZIP disks, can you do same with CD-R discs?
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A Quanitative Scale for Empirical Length-Strength
Date: Wed, 30 Jun 1999 18:40:45 +0200
wtshaw wrote:
>
> Your suggestion about multiple keys on a fixed amount of material may
> simply reduce to another key, perhaps longer, perhaps not. The method
> might not change any S-L placement for the cipher rather than creating
> another one. There may be some wiggle room when a cipher uses a longer
> key rather than one within some arbitrary limit; is it a new cipher, or
> just a variation worth mentioning?
Applying the classical transposition cipher twice (with different keys
having different lengths) is a superencipherment. However, it
appears certain that the result is not equivalent to encryting once in
the same manner with a certain key. So I wonder whether one can
determine your length-strength of the total as a function of the
length strength of the underlying two components. By the way,
there are people saying that the scheme is hard to crack. I just
want to call attention to that. Perhaps you could propose one such
problem to ACA and see if someone could solve it.
M. K. Shen
------------------------------
From: Robert Harley <[EMAIL PROTECTED]>
Subject: Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length?
Date: 30 Jun 1999 18:37:03 +0200
Don Johnson writes:
> Note that the NIST curves fall into 3 groups:
> 1. Random over Fp
> 2. Random over F2**p
> 3. Koblitz over F2**p
> where p is a prime.
The fact that the RCfFG paper uses terminology like "Koblitz curves"
and "type 4 normal bases" suggests that it was written by someone in
the small club that likes to talk about such things.
Intersect with the N.S.A. to find the author.
I'd bet Jerome Solinas wrote the whole thing.
> This says to me that these specific curves are "good".
Confidence should be based on the mathematical difficulty of the
underlying problem, not on which institution was told to release
a paper about it.
Rather than increase confidence in special-case curves, this
just reduces confidence in N.I.S.T. for promoting them.
Rob.
------------------------------
From: "Andrew Whalan" <[EMAIL PROTECTED]>
Subject: Re: Windows9x Crypt Function
Date: Thu, 1 Jul 1999 01:36:35 +1000
David A Molnar <[EMAIL PROTECTED]> wrote in message
news:7lau27$c95$[EMAIL PROTECTED]...
> Andrew Whalan <[EMAIL PROTECTED]> wrote:
> > I am looking to doing some research on some distributed networking and
it
> > has come up that it would be an ideal situation to implement a brute
force
> > cryptanalysis engine. Other ideas include proving/disproving various
>
> Please see distributed.net for an implementation. Very much fun.
I took a look. Pity about the lack of research papers and general info.
> > mathematical theories via exhaustion, but I am primarly interested in
> > cryptography and data security.
>
> Do you have a list of other problems which distribute well,
> out of curiosity ? Could people sell spare computing time
> to work on such problems ? It'd be interesting to see a
> real indepth study of the means by which such a system
> could be made financially self-supporting (ecash?) and
> resistant to denial-of-service attacks.
At the moment I am looking towards crypto, but I have a friend who are
postgrad maths and he wouldn't mind trying out some theories. As far as the
whole self supporting thing goes, it would be a bit dubious to have a CGI
gateway that offers to decrypt the unix crypt() in <10secs for a few dollars
:) . There could be some possibility for solving maths related problems,
such as factoring large numbers etc. but then the whole crypto thing comes
in again.
> > If anyone could provide me with some information about the windows 9x
crypt
> > function or provide me with some resources as where I could find some
info
> > it would be great.
>
> It's not completely clear to me what you want - details on
> Microsoft's crypto APIs, the function used to encrypt screen
> saver passwords, or the system used to authenticate network
> connections.
I am looking for information regarding the cached login passwords for
win95r2/win98 which are stored in <username>.pwl.
> -David Molnar
I am working on a homepage for it at the moment. It is VERY plain and
doesn't really reflect the current state but anyhow ... it's ..
http://members.xoom.com/PurpleRhino/distro/index.html
I am only a 2nd yr comp. sci student who still has much to learn but this
will very much be a learning experience.
Thanks for your reply,
Andrew Whalan
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
