Cryptography-Digest Digest #858, Volume #9 Fri, 9 Jul 99 15:13:03 EDT
Contents:
Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day ("Tony T. Warnock")
Re: randomness of powerball, was something about one time pads (John Savard)
Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day ("Harvey Rook")
Re: Stream Cipher != PRNG ([EMAIL PROTECTED])
Re: Uncrackable? (John Savard)
Re: New Encryption Product! (humor) (John Savard)
Re: Electronically Exporting crypto source (legally) (Patrick Juola)
Re: Netiquette Question (John Savard)
Re: Stream Cipher != PRNG (John Savard)
Re: Stream Cipher != PRNG ([EMAIL PROTECTED])
Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day (John Savard)
Re: Electronically Exporting crypto source (legally) (Medical Electronics Lab)
Re: Uncrackable? ([EMAIL PROTECTED])
Re: Properties of Chain Addition? ([EMAIL PROTECTED])
Re: Uncrackable? ([EMAIL PROTECTED])
Re: Decorelation again ([EMAIL PROTECTED])
Re: The Iraqi Block Cipher ([EMAIL PROTECTED])
Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day (AllanW)
Re: Ok, ok ok. New code :) ([EMAIL PROTECTED])
Re: Stream Cipher != PRNG ([EMAIL PROTECTED])
Re: Is Stenography legal? ([EMAIL PROTECTED])
Re: The Iraqi Block Cipher (John Savard)
Re: Electronically Exporting crypto source (legally) (Dmitri Alperovitch)
Re: Stream Cipher != PRNG (John Savard)
----------------------------------------------------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day
Date: Fri, 09 Jul 1999 09:26:18 -0600
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
> Tony T. Warnock wrote:
> >
> > Toby Kelsey wrote:
> >
> > > In article <7lst5f$cts$[EMAIL PROTECTED]>, [EMAIL PROTECTED] writes
> > > >In theory the OTP is truly the only secure method.
> > >
> > > Really?
> > >
> > > I intercept your OTP encoded message, for which I know the plaintext to
> > > be either "Yes" or "No". The ciphertext is 2 characters long......
> > >
> > > So much for "theoretically unbreakable".
> > >
> > > The OTP allows any same-length decrypted message to be equally likely,
> > > but requires a key the same length as the message. You can devise
> > > methods which have shorter keys and still allow many possible decrypted
> > > messages. The OTP is only "simpler" and "more secure" because the
> > > algorithmic complexity is hidden in the RNG and its testing. There is
> > > less latitude for error in the encryption implementation, but more
> > > reliance is placed on the quality of the RNG and the secure channel.
> > >
> > > The bottom line is, I would not feel safer just knowing a OTP was being
> > > used to encrypt my messages.
> >
> > Of course the Soviet spies used a super-encypherenment with a OTP during
> > (and prior to) WWII. The Venona project broke them anyway.
>
> No. The Soviets used an MTP rather than an OTP. That difference is
> what made it possible to break.
My point exactly. A 1.07 time pad is not secure. Nor is a 1.00001 time pad. One
is one is one. See spycatcher for another method busting a one-time pad by
counting letters, similar to your example.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: randomness of powerball, was something about one time pads
Date: Fri, 09 Jul 1999 16:08:42 GMT
"Tony T. Warnock" <[EMAIL PROTECTED]> wrote, in part:
>On lotteries: you can help yourself by only selecting numbers greater than
>31. This means that you won't have to share with people who select
>birthdays (or other dates). It doesn't improve you chances of winning but
>it gives you a better expectation. Only works if you select dates.
Yes, that's quite correct. Since all numbers are equally likely to
win, but the prize is split, one does improve one's expectation by
choosing numbers others are unlikely to pick.
Of course, the effect is not sufficient to make the expectation
greater than the prize of the ticket...
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: "Harvey Rook" <[EMAIL PROTECTED]>
Subject: Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day
Date: Fri, 9 Jul 1999 09:23:06 -0700
<[EMAIL PROTECTED]> wrote in message
news:7m35s5$o4s$[EMAIL PROTECTED]...
> >The bottom line is, I would not feel safer just knowing a OTP was being
> >used to encrypt my messages.
>
> Why do people claim OTP security then if it's not secure?
>
> BTW no block cipher or stream cipher can be OTP secure so that's not a
> realistic goal.
>
You don't need a cipher that's OTP secure. A 512 bit key will be secure
against a quantum computer. ( A quantum computer, wasting 1 electron for
every 2^256 keys it searches, will consume more energy than is released in
10^10 supernovae of our sun) For real security, we need ciphers that are
hard to screw up.
The major problem with OTP's is that they are very difficult to
administrate. There are more ways for a human to screw up an OTP, than there
are ways to screw up a good block cipher.
If you look over the history of cryptography, you'll see that secure systems
are almost always compromised by human error, and poor judgment, and not
because the opponent could brute force his way though the keyspace.
So, OTP's advantages don't work well in practice.
For example...
If you are communicating with an OTP, you need to exchange OTP's over a
secure chanel. Not only is this a pain in the ass, but it's expensive, and
time consuming.
The first rule of good security is don't write your password down. However
with an OTP, every party a copy. If any copy is compromised, you lose.
Harv
[EMAIL PROTECTED]
SpamGuard; The mail isn't cold, it's hot.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Stream Cipher != PRNG
Date: Fri, 09 Jul 1999 16:02:22 GMT
In article <7m51sg$c0l$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote:
>
> > Yeah but RC4 (in [Sch96]) does not state what mixing function is
used.
>
> What is it with you?
>
> The byte K iz XORed with the plaintext to produce
> ciphertext or XORed with the ciphertext to
> produce plaintext. [Sch96, page 397]
Whatever. I still think all stream ciphers should make good RNGs or
PRNGs. If the keystream is not random what's the point? If the
generator is deterministic it is a PRNG. Therefore Stream cipher =
PRNG (which is intractable).
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Uncrackable?
Date: Fri, 09 Jul 1999 16:13:22 GMT
James Andrews <[EMAIL PROTECTED]> wrote, in part:
>Are there any ciphers that are accepted as being only crackable by
>iteration?
DES is believed to come close to that (by iteration, I assume you mean
brute-force).
>I recently read a review of a
>book that apparently revealed the secrets of the DES encryption method,
>which I've always thought was a bit sheepish anyway.
Which book was that?
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: alt.security.pgp
Subject: Re: New Encryption Product! (humor)
Date: Fri, 09 Jul 1999 16:07:10 GMT
I wrote, in part:
>And this information is also on another disk file, which is encrypted
>with yet another emergency backup key, stored on a floppy disk
>accompanying the original software package. "Since only the key for
>the key backup file needs to be used every time by the program, and
>that key doesn't change, the key for backup files in which that fixed
>key is stored can be kept in a safe place."
"One of the other ideas we considered, since a fingerprint scanner
didn't produce enough bits, was to have the user bite into a sensor
that would measure the profile of the crowns of his teeth", he
continued. "This was discarded for sanitary reasons, as well as
concerns about what would happen if the user recieved dental work."
But one idea that would have met the real needs of users, that came up
early in the design process, had to be discarded for marketing
reasons. "One of the first things suggested was that the program ask
the user a number of questions, to determine the security level of
encryption the user actually needed, and the user's competence to
actually choose and remember a secure passphrase. This way, 90% of
users would just get a 20-bit key, which they could then solve with a
brute-force program when they forget their passphrase. Although this
would give users what they actually needed, for obvious reasons, that
feature would have made our program uncompetitive with products that
could truthfully advertise 128-bit encryption."
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Electronically Exporting crypto source (legally)
Date: 9 Jul 1999 12:59:49 -0400
In article <zloh3.207$[EMAIL PROTECTED]>,
Dmitri Alperovitch <[EMAIL PROTECTED]> wrote:
>>So, let's assume that I get caught exporting the following single line :
>>
>> for (i=0;i<BLOCKSIZE;i++)
>>
>>The first question the police will ask -- and I hope I have an answer
>>ready -- is "Why did you export a single line of code?" If I answer
>>"I wanted to export code and I thought that if I exported it a line
>>at a time, it would be legal", then I've *ADMITTED* that I'm trying to
>>break the regulations, and I really can't make the case that I didn't
>>have malicious intent, that I didn't know what I was doing, or that I
>>thought what I was sending was protected speech which I believed I
>>could export freely.
>
>You are forgetting that in this country you are "innocent until provent
>guilty". YOU don't have to answer anything that they ask you - it's
>they that have to prove beyond reasonable doubt that that line contains a
>able to prove that criminals can somehow use that line of code to perform
>their dirty deeds.
I'm not forgetting that at all. They simply pull up this conversation
from deja-news, subpoena a couple of my friends to testify about whether
or not I discussed this plan with them, comb my hard drive for the
scripts I used to split the software into bite-size pieces, and present
it all to the judge tied up with a pretty ribbon. Do you really think
they'd drop an investigation just because I refused to answer their
questions? The mere fact that I didn't offer an alternate suggestion
as to what I was doing would be enough for a jury to find me guilty.
Think of it this way -- if they found me on someone's front porch
at night with lock picks in my hand, that by itself is enough evidence
for a jury to convict me of (attempted) burglary on.
-kitten
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Netiquette Question
Date: Fri, 09 Jul 1999 16:12:08 GMT
"H. Ellenberger" <[EMAIL PROTECTED]> wrote, in part:
>Now, what would you say if a recipient of a snail mail
>letter you sent to
>someone would publish it without prior asking for
>permission?
>Unless the content or context of the letter clearly
>indicates that it is
>_intended_ for publication, I always ask the sender before
>making it
>available to others.
Well, I agree with that, as far as it goes: I would not publish any
part of the text or identify the sender. I'm referring, rather, to
citing the information I've learned from the communication.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Stream Cipher != PRNG
Date: Fri, 09 Jul 1999 16:17:08 GMT
[EMAIL PROTECTED] wrote, in part:
>This really isn't conclusive. What makes a stream cipher so different
>from a PRNG? Just because the xor? But all stream ciphers are PRNGs
>otherwise they would not be secure!
As I've said, and others have said, what makes it different is that a
cipher can still be a stream cipher even if it *isn't* just a PRNG
plus an XOR. The XOR could be replaced by something else that's just
as complicated, and just as important, as the PRNG part is.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Stream Cipher != PRNG
Date: Fri, 09 Jul 1999 16:31:21 GMT
I wrote:
> The byte K iz XORed with the plaintext to produce
^
> ciphertext or XORed with the ciphertext to
> produce plaintext. [Sch96, page 397]
Typo not in original.
--Bryan
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day
Date: Fri, 09 Jul 1999 17:42:05 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote, in part:
>John Savard wrote:
>> The NSA still doesn't have technology adequate to predicting next
>> week's PowerBall numbers, ...
>Not with certainty, but better than pure guesswork.
I can imagine that, if you ran a tape of the balls bouncing around in
the machines, and stopped before the draw, it might be possible to do
*something*,
and I suppose one *can*, with statistics, find a ball that is slightly
heavier...
but I'm tending to think this post lacked a smiley. Of course, I could
be wrong.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: Electronically Exporting crypto source (legally)
Date: Fri, 09 Jul 1999 12:22:55 -0500
Dmitri Alperovitch wrote:
> You are forgetting that in this country you are "innocent until provent
> guilty". YOU don't have to answer anything that they ask you - it's
> they that have to prove beyond reasonable doubt that that line contains a
> strong cryptographic algorithm and I doubt that the very best lawyer would be
> able to prove that criminals can somehow use that line of code to perform
> their dirty deeds.
Dream on. The police can confiscate everything you own and you have
to prove it wasn't used or gained via criminal intent. This is called
"civil forfieture". They don't charge *you* with exporting code, they
charge your *computer*. Since your house was an accessory to the
computer (which committed the crime) they take it too.
There is a bill in the House now to try to make this insanity a bit
less insane, but it still remains.
The bottom line is the same: don't get caught. That's pretty easy,
do what you want and don't tell the rest of the world. Unless you're
supplying weapons or drugs to the CIA, nobody will notice. Only the
people who want to make a statement and flaunt their messing with the
law have to deal with the courts.
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Uncrackable?
Date: Fri, 09 Jul 1999 17:27:13 GMT
<snip>
Is your code a stream cipher or block cipher?
If it's a stream cipher try analyzing the following
1) Period (length of output 'string')
2) Distribution of symbols (counts and avg. distance)
3) is it intractable?
Just posting binary encoded files will get you nowhere. Send the
description and people will like to see it more.
Try to break your method, or make 'breaks' on variations of it. Try to
prove (or conjecture) why the method you chosen is strong. You can
make referneces to variations (i.e if I take 'this' out or
change 'this' you can break it by doing '...').
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.math
Subject: Re: Properties of Chain Addition?
Date: Fri, 09 Jul 1999 17:32:42 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> [EMAIL PROTECTED] (John Savard) wrote, in part:
>
> >The reason I'm asking, of course, is that I've used chain addition -
> >modulo 256 instead of modulo 10
>
> Chain addition modulo 2^m is extensively described, I've found, at
>
> http://www.ncsa.uiuc.edu/Apps/SPRNG/www/paper/node13.html
>
> where it is known as (one case of) an "Additive Lagged-Fibonacci
> Generator".
Thanks for the link. BTW what do you think I meant by 'Additive
Generator' ? It's well described in AC, which is where I learnt about
them.
I have a few Additive Generators in my C++ code. If you want to peak.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Uncrackable?
Date: Fri, 09 Jul 1999 17:30:55 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
http://eff.bilkent.edu.tr/pub/Privacy/Crypto_misc/DESCracker/HTML/199807
17_oreilly_crackingdes_pressrel.html
Yeah um we know about EFF. However for most personal cases DES is ok.
but there are alternatives such as Blowfish or CAST. 3DES is believed
to be secure as well.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Decorelation again
Date: Fri, 09 Jul 1999 17:39:11 GMT
In article <[EMAIL PROTECTED]>,
Vincent Rijmen <[EMAIL PROTECTED]> wrote:
> Before you start using decorrelation modules, I strongly advize you
to
> read the
> proceedings of Fast Software Encryption '99 (in print). Especially the
> article
> titled "On the Decorrelated Fast Cipher and its Theory".
>
> "Provably secure against differential and linear attacks" does not
> always mean
> what you think it should.
Thanks for the advice. I plan to research only since I am bit
precautious here... Decorrelation theory is not taught in my grade :)
Thanks for the reply though. It's nice to hear from the AES stars :)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: The Iraqi Block Cipher
Date: Fri, 09 Jul 1999 18:27:03 GMT
In article <[EMAIL PROTECTED]>,
David Crick <[EMAIL PROTECTED]> wrote:
> For those of you who haven't seen it....
Who cares? Is there a pseudo-code decription possibly with you know a
analysis of the cipher?
Source code is fun to poke at but I rather see a description of it with
analysis...
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: AllanW <[EMAIL PROTECTED]>
Subject: Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day
Date: Fri, 09 Jul 1999 18:29:42 GMT
> "Robert C. Paulsen, Jr." wrote:
> > But the next thing to consider is that the tiny degree to which
> > quantum randomness affects the initial conditions may be enough so
> > that the quantum randomness is magnified to be the primary factor
> > in the results. (These "initial" conditions get applied at every
> > bump and bounce the dice take.)
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> Rolling dice would be just as random if physics were Newtonian
> and not quantum. You were right in identifying this as an
> example of chaos, however. The outcome is determined by many
> nonlinearly interacting, hard-to-control factors.
Suppose I had the money and inclination to perform an experiment.
I construct a device which will launch a die with a constant
force. Another device is responsible for loading the die into the
first device in an absolutely consistent fashion -- the same
orientation (1 up, 2 faces forward) and pressure. I bring these
devices into a small enclosed room which has no living organisms.
There are also no air currents and constant air pressure -- say a
partial vacuum -- we can make it a perfect vacuum if that helps.
The devices do not move, so every time they launch the die they
shoot in the same direction and the die hits the same spot on
the floor. The die and the floor are both made from hardened
steel or something else that resists scratches, dents, etc. The
room has no windows and is illuminated only by an incandescent
bulb, hooked up to a voltage regulator to ensure that the bulb's
brightness does not vary.
Can we expect to "roll" the same number each time?
--
[EMAIL PROTECTED] is a "Spam Magnet," never read.
Please reply in newsgroups only, sorry.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Ok, ok ok. New code :)
Date: Fri, 09 Jul 1999 17:36:55 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Am I being naive or does everyone else realise that 'ni1[++x]' and
> ni1'[x + 1]' dont actually
> do the same thing. x + 1 returns the value of x + 1 but doesnt
actually
> modify x, whereas ++x, or
> indeed x++ both increment x itself, however, they both also return
> different values. '++x' will return x + 1, and 'x++' will return x.
> None of these operators are compatible with each other. I feel I'm
> probably being very naive and that you all know this, and for some
> reason its irrelevant in this case, but I thought I'd post and check
> anyway.
Well in my coded I wanted to index to 'x + 1' into the array. The array
simulates '(x + 1) mod 55' by having a trailing zero in it. The only
reason I changed from '++x' to 'x + 1' is to avoid any possible
implemetation errors (as pointed out by Brian) and hopefully make it
faster.
> > Maybe the postfix version would be slightly better than the prefix
> > (ie, try ni1[x++].)
> >
> > Have you tried a few newsgroups where this sort of thing would
> > be (more) on-topic?
>
Who wrote this? ni1[x++] will not get the result I require so it's a
bad idea.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Stream Cipher != PRNG
Date: Fri, 09 Jul 1999 17:41:48 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> [EMAIL PROTECTED] wrote, in part:
>
> >This really isn't conclusive. What makes a stream cipher so
different
> >from a PRNG? Just because the xor? But all stream ciphers are PRNGs
> >otherwise they would not be secure!
>
> As I've said, and others have said, what makes it different is that a
> cipher can still be a stream cipher even if it *isn't* just a PRNG
> plus an XOR. The XOR could be replaced by something else that's just
> as complicated, and just as important, as the PRNG part is.
Do you have an example? I always pictured stream ciphers as time
dependant permutations of the input which is normally achieved thru a
state based PRNG. If I could see an example I would probably
understand better.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Is Stenography legal?
Date: Fri, 09 Jul 1999 17:43:38 GMT
In article <[EMAIL PROTECTED]>,
fungus <[EMAIL PROTECTED]> wrote:
> >
> > Hmm, it seems that most governments (espescially canadian and us)
have
> > a hard time trying to figure out what the people really want.
> >
>
> That's 'cos they don't ask them. They just make policy then see if
> their popularity ratings go up or down as a result.
Trial and error?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The Iraqi Block Cipher
Date: Fri, 09 Jul 1999 18:47:35 GMT
David Crick <[EMAIL PROTECTED]> wrote, in part:
>For those of you who haven't seen it....
>/* The IRAQI BLOCK CIPHER BSF-1.052.36*/
>/* Iraqi cipher standard 1998 */
>/* 160-bit keys, 256-bit block */
I guess I read the program too quickly; is this a joke at the expense
of Saddam Hussein, or a real block cipher? If so, wherever was this
standard published?
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Dmitri Alperovitch)
Subject: Re: Electronically Exporting crypto source (legally)
Date: Fri, 09 Jul 1999 18:44:51 GMT
>I'm not forgetting that at all. They simply pull up this conversation
>from deja-news, subpoena a couple of my friends to testify about whether
>or not I discussed this plan with them, comb my hard drive for the
>scripts I used to split the software into bite-size pieces, and present
>it all to the judge tied up with a pretty ribbon. Do you really think
>they'd drop an investigation just because I refused to answer their
>questions? The mere fact that I didn't offer an alternate suggestion
>as to what I was doing would be enough for a jury to find me guilty.
>
>Think of it this way -- if they found me on someone's front porch
>at night with lock picks in my hand, that by itself is enough evidence
>for a jury to convict me of (attempted) burglary on.
Funny. I just re-read the export rules on BXA's site and I couldn't find
any mention of anything about restricting export only through electronic
means. So, you might be right - it might be even illegal to export
source on paper, according to those rules. Of course, I doubt that
they ever want to prosecute any cases like that (especially, against
a big company, like Network Associates, who they know are going
to fight them to the end on this), since the chances of the courts ruling
that this is definitely a violation of the First Amendment are way
too high
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Stream Cipher != PRNG
Date: Fri, 09 Jul 1999 18:53:45 GMT
[EMAIL PROTECTED] wrote, in part:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (John Savard) wrote:
>> As I've said, and others have said, what makes it different is that a
>> cipher can still be a stream cipher even if it *isn't* just a PRNG
>> plus an XOR. The XOR could be replaced by something else that's just
>> as complicated, and just as important, as the PRNG part is.
>Do you have an example? I always pictured stream ciphers as time
>dependant permutations of the input which is normally achieved thru a
>state based PRNG. If I could see an example I would probably
>understand better.
As you say, a stream cipher is a "time-dependent permutation of the
input".
Let's say that the input is processed in bytes.
One stream cipher might use a PRNG to generate eight bits, which are
either XORed or added to the current eight bytes of the input.
Another might generate *nine* bits, and use one to determine if an XOR
or an add takes place.
Another might generate _sixteen_ bits: the eight bits of the plaintext
first go through a key-dependent substitution (using a table with 256
entries, whose inverse is available for decryption), then eight bits
are added, then another subsitution, then eight bits are XORed, then
another substitution.
The advantage of this is that, although only eight bits of PRNG output
are already enough to take any plaintext byte to any other, this way
even with known plaintext, it is much harder to find out anything
about what the PRNG is doing.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
