Cryptography-Digest Digest #814, Volume #9 Thu, 1 Jul 99 10:13:03 EDT
Contents:
Re: Can Anyone Help Me Crack A Simple Code? (Ed Yang)
Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length? (DJohn37050)
Re: Secure link over Inet if ISP is compromized. ("Gene Sokolov")
Re: Converting arbitrary bit sequences into plain English texts (Mok-Kong Shen)
Re: How do you make RSA symmetrical? (Ed Yang)
Re: Quantum Computers ([EMAIL PROTECTED])
Re: The One-Time Pad Paradox ("Dr.Gunter Abend")
Re: Can Anyone Help Me Crack A Simple Code? ("Douglas A. Gwyn")
Re: Quantum Computers ([EMAIL PROTECTED])
Re: Can Anyone Help Me Crack A Simple Code? ("Douglas A. Gwyn")
Re: two questions ([EMAIL PROTECTED])
Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length? ("Douglas
A. Gwyn")
Re: Quantum Computers ("Douglas A. Gwyn")
Re: Quantum Computers ("Douglas A. Gwyn")
Re: Secure link over Inet if ISP is compromized. ("Douglas A. Gwyn")
Re: The One-Time Pad Paradox ("Dr.Gunter Abend")
Re: The One-Time Pad Paradox ("Robert C. Paulsen, Jr.")
Re: How do you make RSA symmetrical? ([EMAIL PROTECTED])
Re: How do you make RSA symmetrical? (Bob Silverman)
Re: Quantum Computers (SCOTT19U.ZIP_GUY)
Windows PWL Files ("Andrew Whalan")
Re: How do you make RSA symmetrical? (Patrick Juola)
----------------------------------------------------------------------------
From: Ed Yang <[EMAIL PROTECTED]>
Subject: Re: Can Anyone Help Me Crack A Simple Code?
Date: Thu, 01 Jul 1999 03:47:53 -1000
Please give us some more information:
Did you get those numbers from some person you know?
Can you ask that person some questions for us?
Did you get those numbers from your computer?
Do you have software on your computer that made those numbers?
When you get proposed answers from cryptanalysts, how will you
verify that the answer is correct?
What is the name of the program that made these numbers?
Did you write the program?
Is it a pencil and paper algorithm?
Did you see these numbers in a dream?
Did a child give those numbers to you or an adult?
Can you input 0000000000 to the algorithm and tell us the output?
Can you get any output for any input?
Do you have any friends who could communicate with us cryptanalysts
who is willing to cooperate in your quest?
After someone solves your problem will you announce that success?
--
Oxygen : Love It Or Leave It !
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length?
Date: 01 Jul 1999 10:57:50 GMT
You have got to be kidding.
Don Johnson
------------------------------
From: "Gene Sokolov" <[EMAIL PROTECTED]>
Subject: Re: Secure link over Inet if ISP is compromized.
Date: Thu, 1 Jul 1999 15:01:34 +0400
Jim Felling <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Else wrote:
> > Jim Felling wrote in message <[EMAIL PROTECTED]>...
> > >That is incorrect. Any internet encryption sceme is as secure as the
> > >parameters allow it to be.
> >
> > Show please how SSL is secure against man-in-the-middle attack.
> >
> > >If, for example, a trusted certification authority/ trusted public key
> > >collection exists, internet communication is as secure as that
> > certification
> > >authority/trusted key repository are. (Trusted authority)
> >
> > How do you access this authority? Whould not it be thorough the ISP?
>
> When I claim a "trusted authority" I am claiming that we somehow have
trust
> that this authority is who we think they are, and that the information
> that they provide is valid.
Let's get down to practical terms. Here is a situation. FBI suspects someone
who uses 128 bit SSL to deliver his data to a remote location. FBI with a
warrant goes to the suspect's ISP and stages man-in-the-middle attack on
him. Do you think he is safe?
What do you think is the fraction of the Net users who exchange keys
"out of band", i.e. not through their ISPs?
Gene Sokolov
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.cbm
Subject: Re: Converting arbitrary bit sequences into plain English texts
Date: Thu, 01 Jul 1999 13:10:03 +0200
Mok-Kong Shen wrote:
>
> I said that Boris Kazak's suggestion is very nice. There are two
> advantages over my original approach: (1) the file size expansion
Besides for publishing strong cryptos on the internet, the method has
another possible application. With the method one can transmit random
bits in e-mails when there are no bit informations to be encoded,
i.e. maintaining a busy channel. This appears to be a better approach
than using chosen 'sensitive' keywords in an attempt to jam the world
wide interceptions as several persons have suggested previously. For
the sender in our case need not add anything to his written text,
though the receiver has to employ a filter in order to read the message
comfortably.
M. K. Shen
------------------------------
From: Ed Yang <[EMAIL PROTECTED]>
Subject: Re: How do you make RSA symmetrical?
Date: Thu, 01 Jul 1999 04:21:30 -1000
Gilad Maayan wrote:
>
> TomDennis says that arguing with Bob Silverman is not much of a good
> idea. So I won't argue.
>
> >What are you REALLY looking for???
>
> Okay, here's what I'm really looking for. Let's say I have a 20-bit
> plaintext. I encrypt it with a 128-bit RSA key, _without_ using
> padding. (Never mind about it being trivially broken, I'm aware of
> that and it suits my very specific purposes). Naturally, I would get a
> 128-bit cyphertext back - which would be very easy to crack, yes, I
> know. The question is, when I decrypt this cyphertext with the
> corresponding secret key, would I get my 20 bits back?
Yes. The 20 bit input would be padded with 108 leading zeros
whether you like it or not. You would decrypt it and get 108
leading zeros and 20 bits of the correct plaintext.
As an example, here is my age:
0000000000000000000000000000000000000000000000000000000000000000047
here is my encrypted age:
8761365412974983804425098132767667186518764379634980324509656990389
here is my decrypted age:
0000000000000000000000000000000000000000000000000000000000000000047
--
Oxygen : Love It Or Leave It !
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Quantum Computers
Date: 1 Jul 1999 08:02:15 -0400
Greg Ofiesh <[EMAIL PROTECTED]> wrote:
> Let us begin with the following assertion that I think you will all
> agree with. If a quantum computer exists, then the only form of
> encryption that cannot be broken by it, or at least has half a chance
> to survive an attack, is OTP.
I won't.
Quantum Computers are not some magical devices that can do anything. There
are some problems that *can* be made much more tractable on them (for
example, factoring which can be used to crack RSA). There are problems
which cannot be handled.
I don't know (enough) of Quantum computation to give or be able to prove
that certain problems are not made easy using a QC ... but what would make
you think that, for example the symmetric ciphers, would be approachable
using one?
------------------------------
From: "Dr.Gunter Abend" <[EMAIL PROTECTED]>
Subject: Re: The One-Time Pad Paradox
Date: Thu, 01 Jul 1999 13:44:28 +0200
"Douglas A. Gwyn" wrote:
>
> G.A.> If not more than 10% of the ciphertext looks like words,
> > nobody can guess that these characters leak the true meaning
> > of the message.
>
> And if 90% of the ciphertext looks like words, nobody can guess
> that those characters leak the true meaning of the message.
> Because they almost certainly don't.
*Almost* everytime the encryption process will work properly.
*Sometimes* you might fail, or you occasionally use a keystring
that leaks some of your real ideas. It's rather unlikely that
10% word-like characters carry an intelligible message, but 90%
might do so. Of course, the true plaintext is *very* unlikely.
If you use the inconvenient OTP encryption instead of simpler
methods, you might feel that "very unlikely" is not good enough.
The idea of *automatically* avoiding intelligible ciphertexts
gives you a better feeling (psychic safety), but decreases the
cryptanalytical security a little bit (from infinity to a still
rather high grade). Of course, you might check the ciphertext
manually and modify it only if it really looks leaky. But this
already imposes a bias.
As long as the modified OTP still has a higher security level
than other common techniques, you might prefer it -- because of
its other benefits (e.g. denyability). Therefore I asked the
cryptanalysts, _how_far_ this modification degrades the security.
There is another source of degradation: a biased keystring from
an incorrectly working random number generator. If you could use
a properly constructed PRNG with a sufficiently small loss of
secrecy, pseudo-OTP might be less inconvenient but still good
enough, compared with other techniques.
Ciao, Gunter
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Can Anyone Help Me Crack A Simple Code?
Date: Thu, 01 Jul 1999 12:15:50 GMT
"S.T.L." wrote:
> Hay! Not _everyone_ who uses AOL is a newbie moron. I'm not a newbie moron.
> Sadly, many others are. Be glad that my .sig is not Kibo's. Actually, I think
> that my signature is quite funny. You are free to have your own opinion.
A joke that is retold too many times is no longer funny.
For many of your postings, your "signature" is much longer than
your message. Surely you can see that that is inappropriate?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Quantum Computers
Date: 1 Jul 1999 08:19:38 -0400
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> The power
> of a quantum computer, built with finite amounts of materials,
> must be finite and not infinite.
In a sense, this is false. The point to a quantum computer is that a
system is placed in a mixed state which involves a superposition of all
the (possibly) infinitely(!) many possible eigenstates of an observable.
One needs a quantum system so that collapsing the state will lead to (with
non-neglibible probability) an eigenstate/value which provides at least
partial help in decrypting a non-negligible fraction of messages encoded
using some protocol (if using it in cryptanalysis).
I like to think of it as Schrodinger's Mathematician. Like Schrodinger's
cat, the one mathematician is in (possibly) infinitely many states (a
superposition) in a box which is isolated (non-observable) and when we
open the box, we find (having collapsed the wave function) that he has
performed one of the calculations (in each of the other states he was
performing another) ... and lo and behold! we managed to collapse the wave
function to the calculation that we want!
However, for factoring a modulus (say for RSA) ... one would have a finite
system with finite states (I guess) ... however, how big? If you make the
encryption algorithm "doable" (so it can be used) you limit its size. If
you can come up with a quantum system whose size is tractable (based on
the limit that the algorithm is usable: say a multi-particle system
requiring one particle for each bit in the modulus for RSA, for example)
and which cracks it....
(if you only need as many particles in the QC as the number of bits in the
modulus, than depending upon how feasible constructing such a machine is,
trying to have, say, 2^128 BITS would make the modulus so large that you
couldn't use it for encryption)
(if a QC makes decrypting so much more efficient that one needs to
increase the key space to so large a size to defeat the decryption that it
makes the algorithm unusable ...)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Can Anyone Help Me Crack A Simple Code?
Date: Thu, 01 Jul 1999 12:25:45 GMT
mercury wrote:
> The outputs are the same for each of these inputs. A "yes" or "no"(this is
> NOT how I described it) represents wether the code gave
> the acceptable output. The output is not a "yes" or "no", but an
> output which is unknown. It may be 10 digits - I don't
> know what the output is. It is not one bit.
Unfortunately, the "black box" that you have presented *here* DOES
have a single bit for its output. If you had been able to supply
the actual, let's assume, 10-digit outputs of the encryptor, then
with enough data and effort cryptanalysis would be possible.
> I do not know how many X values there are. There may only be six
> values. Could you solve it then?
If you *knew* that, then there are still numerous (equivalent)
ways to implement it, the simplest being essentially that code
I gave in a previous posting.
> I am sorry. I did not build this thing, so I do not have the
> answer. That's why I am asking the question. I assumed there
> might be someone on this newsgroup that has experience cracking
> codes.
There are, and you've heard from some of them, although you seem
not to be listening very well.
> Prehaps it would be helpfull if I stated that 99.999999 percent
> of the possible codes do NOT give a the correct output.
Then, with probability 0.99999999, the following function mimics
your black box:
f(x) = 0
That's actually very good recovery, by cryptanalytic standards.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: two questions
Date: Thu, 01 Jul 1999 12:22:10 GMT
In article <o3Ee3.1$[EMAIL PROTECTED]>,
"dlk" <[EMAIL PROTECTED]> wrote:
> ><snip>
> >
> >Ooops. The max key size is still log2(256!) but the max period is
> >2^1700 which is log2(256!) x 2^16. The max key size comes to 210
bytes
> >or so. If the key is longer there will related shorter keys (i.e it
> >would be possible to have a key of 50 bytes equal a key of 250
bytes...)
>
> Now that'un I'll have to ponder awhile.... thanks for the mental
food, there
> Tom,
> it'll make these midnite shifts go a little faster.
Sorry about my previous post. I posted faster then the speed of
thaught. However my correction is ok. The max key is 210 bytes and
the max cycle is about 2^1700.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length?
Date: Thu, 01 Jul 1999 12:33:17 GMT
Greg Ofiesh wrote:
> > > Who is NIST?
> > The National Institute of Science and Technology.... In matters
> > related to encryption, the NSA has advisory and, ultimately, veto
> > power over the decisions they make.
> Then how can anyone take their recommendations seriously? I thought
> this would be the answer and I would never touch what they recommend.
You should not believe every claim you see posted.
NSA does not have "veto" power over NIST nor AES in particular.
NSA has an official role in protection of *governmental* data,
but none whatsoever in the "private sector".
When NBS changed to NIST, their mission was expanded from the
traditional one of reference agency to a more proactive role
in furthering US commerce. One way they seek to do that is
to promote interoperability among commercial cryptosystems.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Quantum Computers
Date: Thu, 01 Jul 1999 12:45:10 GMT
Greg Ofiesh wrote:
> Let us begin with the following assertion that I think you will all
> agree with. If a quantum computer exists, then the only form of
> encryption that cannot be broken by it, or at least has half a
> chance to survive an attack, is OTP. All other forms of encryption
> are deterministic in nature and are not "cracked" but simply
> "translated" (to convey the ease with which cryptanalysis is
> performed) by a quantum computer.
No, only certain types of algorithm are candidates for quantum
computing. You might as well have said that parallel processing
would magically crack every non-OTP cryptosystem, but of course
it didn't.
> Now let me make my assertion - The US government, most likely the
> NSA, has operational quantum computers.
No, nothing more than laboratory experiments.
> Contrary to a point raised earlier, the quantum computer is not
> used by the NSA. It is simply left running - translating everything
> it sees on the internet into plain text and then passing it off to
> storage devices.
You've been watching too many movies.
> God I wish this were not true, but I have strong reasons to believe
> it is. My brother was studying how to build a quantum computer at
> UC Berkeley in the early to mid 80's and talked with people from
> around the country on this subject. He has little doubt that a
> quantum computer exists today. In fact, talking to him, I see that
> the biggest obstacle is not hardware but software, because it takes
> near genius to understand the potential that exists with a quantum
> computer.
Just because it takes more intelligence than that exhibited by you
and your brother doesn't mean that it takes a "near genius".
> If a quantum computer is not operational today, it is due to the
> fact that an operating system is still being developed- I am
> convinced that it is not the hardware keeping it from working.
To the contrary, the "hardware" issues are so severe that there is
no point in trying to build an operational quantum computer today.
> Can anyone provide any additional insight.
Sure; why don't you simply go read the QC literature?
> And please don't say I am nuts, or kook, or anything else.
"Why on Earth not?"
- from "A Fish Called Wanda"
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Quantum Computers
Date: Thu, 01 Jul 1999 12:47:45 GMT
Mok-Kong Shen wrote:
> ... We can have the concept of infinity and work
> with it in theory, but any number that one actually operates upon
> must be finite, even if it can be extremely large.
That's certainly not true, as witnessed by the fact that Cantor
did work with infinities. In fact a lot of us work with infinities.
There is even a (finite) representation for some kinds of infinity
in most floating-point processor chips made today.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Secure link over Inet if ISP is compromized.
Date: Thu, 01 Jul 1999 12:50:12 GMT
Gene Sokolov wrote:
> Let's get down to practical terms. Here is a situation. FBI suspects
> someone who uses 128 bit SSL to deliver his data to a remote
> location. FBI with a warrant goes to the suspect's ISP and stages
> man-in-the-middle attack on him. Do you think he is safe?
He is, if he has already saved the public key and is using one of
the protocols that are safe from man-in-the-middle attacks.
------------------------------
From: "Dr.Gunter Abend" <[EMAIL PROTECTED]>
Subject: Re: The One-Time Pad Paradox
Date: Thu, 01 Jul 1999 14:45:33 +0200
William Tanksley wrote:
> ... If patterns are not being avoided, then
> the presence of a pattern cannot carry information.
That's true from the scientific point of view.
But: If an idea is implanted in someone's brains, even without
any proof, like gossip, or blackmail, it may have an effect.
Thus, leaking your idea to an eavesdropper should be avoided,
no matter how small the amout of "information" is.
This quantity (in a scientific sense) is unimportant, if the
message is persuasive.
Of course, the eavesdropper doesn't *know*, but he can *guess*.
And if his guess is appropriate, all your crypto-effort is in
vain. You want to avoid to give him a "hint".
> > ... these are not really scientific questions, but one
> >should be able to quantify such considerations.
I meant the US law, or Enfopol, or the like!
> ... it's still vulnerable to psychic attack.
Yes. I focused my attention to the OTP paradox, the occasional
leaking of the real meaning -- without "information", of course,
and I interpreted this as a psychic problem (John Savard: "am I
a member of a statistical ensemble?").
Psychic attacks *are* beyond the scope of cryptanalysis, but
cryptanalysts should take them into account and compare their
probabilities with those of cryptanalytical attacks, for ranking
the individual encryption methods.
> >In this sense the whole thing is not really a cryptanalytic
> >question, but it imposes one: _how_much_ does OTP encryption
> >degrade if you try to solve the psychic problem.
> ... It's a complicated question, though; especially since
> there are so MANY psychic attacks.
I only asked for quantifying the lack of secrecy due to skipping
parts of the keystring in order to avoid the "OTP paradox".
> There's just no simple answer, and any non-simple answer involves
> "failing" to "protect" against most of the possible attacks.
I agree. This is a rather wide field. But still an important
question.
> > ... you possibly can give him the hint that you use OTP.
> He'll know. Any other assumption is ridiculable.
Why? You usually try to conceal the name of the encryption
technique you actually use to produce the transmitted ciphertext.
And you insulate your computer from the net so that nobody can
peek into your harddisk with all your plaintexts and keys.
Thus, if he *knows* which technique you apply, he might already
know your secrets -- no need to watch your electronic mail.
Ciao, Gunter
------------------------------
From: "Robert C. Paulsen, Jr." <[EMAIL PROTECTED]>
Subject: Re: The One-Time Pad Paradox
Date: Thu, 01 Jul 1999 08:20:28 -0500
Jim Gillogly wrote:
>
> "Dr.Gunter Abend" wrote:
> > It may happen (in real life) that you guess the truth from an
> > accidental message, even if this message is pure nonsense.
>
> "Psychic attacks" are outside the scope of academic cryptanalysis,
Psychic attacks are not needed to accidentally disclose a secret. For
example a message may contain secret, valuable, information and the
enciphered text may coincidentally disclose that secret even if not in
the exact same wording. The adversary can learn the secret -- acquiring
the valuable information -- without even being able to know for sure
that it was in fact *the* secret.
Although the chance of a OTP encrypting cleartext in a way that the
resulting ciphertext gives away the secret is vanishingly small it is
not impossible. Without doing the math I think we are talking about the
life of the universe or more as the mean time between such events (for
sufficiently long and interesting cleartext).
Although such a small possibility may not be worth worrying about
perhaps it does require some thought along the lines suggested by John
Savard's original message in this thread. As an analogy: even though
Goedel's proof that a sufficiently interesting logical system must
contain true assertions that are unprovable in that system depends on a
"trick" it none the less has important consequences.
--
____________________________________________________________________
Robert Paulsen http://paulsen.home.texas.net
If my return address contains "ZAP." please remove it. Sorry for the
inconvenience but the unsolicited email is getting out of control.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: How do you make RSA symmetrical?
Date: Thu, 01 Jul 1999 13:31:33 GMT
In article <[EMAIL PROTECTED]>,
Ed Yang <[EMAIL PROTECTED]> wrote:
> here is my decrypted age:
> 0000000000000000000000000000000000000000000000000000000000000000047
You could sum it up in saying 'THEY ARE THE SAME SIZE'.
Regardless of content the msg is always the same length. It's like
saying a block cipher encrypting P = 2^127 would be a one bit message..
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: How do you make RSA symmetrical?
Date: Thu, 01 Jul 1999 13:33:22 GMT
In article <7le913$2o7$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Bill Unruh) wrote:
> In <7ldqob$nes$[EMAIL PROTECTED]> Bob Silverman <[EMAIL PROTECTED]> writes:
> >> Fine, but is there anything you can add to "M^e mod N" to get a 64
bit
> >> cyphertext? Enlarging N, reducing the exponent, or something like
> >> that?
>
> No.
<snip>
Please get attributions correct. I did not write the question that
you attribute to me.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Quantum Computers
Date: Thu, 01 Jul 1999 14:48:02 GMT
In article <7lf4l4$5uo$[EMAIL PROTECTED]>, Greg Ofiesh <[EMAIL PROTECTED]> wrote:
>Let us begin with the following assertion that I think you will all
>agree with. If a quantum computer exists, then the only form of
>encryption that cannot be broken by it, or at least has half a chance
>to survive an attack, is OTP. All other forms of encryption are
>deterministic in nature and are not "cracked" but simply "translated"
>(to convey the ease with which cryptanalysis is performed) by a quantum
>computer.
>
>Now let me make my assertion - The US government, most likely the NSA,
>has operational quantum computers.
>
If one starts with that assumption and I think it is a good assumption that
the NSA has quantum computers and most likely has had them for many
years. If one makes this assumption then the idea behind future encryption
system should be to make the entropy such that for an average english text
message one sends or encrypts. There should exist the possiblitlity of more
than one soultion. This would prevent a break since there would not be a
unique decryption to a given message. The problem with short key methods
like all the AES candidates is that for any resonable length message the
key is so short that there exists only one unique decription to a english
message and this is where the so called experts want the masses to use.
Try scott19u.zip its better.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: "Andrew Whalan" <[EMAIL PROTECTED]>
Subject: Windows PWL Files
Date: Thu, 1 Jul 1999 23:43:16 +1000
Oh, this might target my required audience.
Anyone know about the method used to generate PWL files, thus, the method
that could be used to crack PWL files.
Thanks,
Andrew Whalan
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: How do you make RSA symmetrical?
Date: 1 Jul 1999 10:04:01 -0400
In article <[EMAIL PROTECTED]>,
Gilad Maayan <[EMAIL PROTECTED]> wrote:
>TomDennis says that arguing with Bob Silverman is not much of a good
>idea. So I won't argue.
>
>>What are you REALLY looking for???
>
>Okay, here's what I'm really looking for. Let's say I have a 20-bit
>plaintext. I encrypt it with a 128-bit RSA key, _without_ using
>padding. (Never mind about it being trivially broken, I'm aware of
>that and it suits my very specific purposes). Naturally, I would get a
>128-bit cyphertext back - which would be very easy to crack, yes, I
>know. The question is, when I decrypt this cyphertext with the
>corresponding secret key, would I get my 20 bits back?
You're implicitly padding your 20-bit plaintext with all zeros.
Therefore, you are *actually* encryption 20 bits with 107 bits
of leading zeros. Your recovered plaintext will recover the
padding correctly, so you need only delete the leading zeros and
you're there.
Question : *WHY*? This question sound suspiciously like someone asking
what the best sort of hammer to use to pound one of his testicles flat --
a well-defined question with a clear-cut answer, but not something
that most of us would regard as a rational project.
-kitten
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
