Cryptography-Digest Digest #861, Volume #9 Sat, 10 Jul 99 03:13:03 EDT
Contents:
Re: New Encryption Product! (humor) (Philip Koopman)
Re: Why this simmetric algorithm is not good? ("Douglas A. Gwyn")
Re: Electronically Exporting crypto source (legally) ("Douglas A. Gwyn")
Re: randomness of powerball, was something about one time pads ("Douglas A. Gwyn")
Re: New Encryption Product! (humor) ("Douglas A. Gwyn")
Re: New Encryption Product! (humor) ("Kurt Mueller")
Re: Can Anyone Help Me Crack A Simple Code? ("Daniel Urquhart")
How strong would this algorithm be ? ("Daniel Urquhart")
Re: The Iraqi Block Cipher (Boris Kazak)
Re: Uncrackable? ("Daniel Urquhart")
Re: Summary of 2 threads on legal ways of exporting strong crypto ("Daniel Urquhart")
Re: How strong would this algorithm be ? (NFN NMI L.)
Re: Number Field Sieve, RSA factoring (Don Leclair)
Re: randomness of powerball, was something about one time pads (Dennis Ritchie)
Re: The Iraqi Block Cipher (David A Molnar)
futurama ([EMAIL PROTECTED])
Re: New Encryption Product! (humor) ("ruiner")
Re: Summary of 2 threads on legal ways of exporting strong crypto (wtshaw)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Philip Koopman)
Crossposted-To: alt.security.pgp
Subject: Re: New Encryption Product! (humor)
Date: Sat, 10 Jul 1999 01:30:30 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (John Savard) wrote:
>"One of the other ideas we considered, since a fingerprint scanner
>didn't produce enough bits, was to have the user bite into a sensor
>that would measure the profile of the crowns of his teeth", he
>continued. "This was discarded for sanitary reasons, as well as
>concerns about what would happen if the user recieved dental work."
Not to mention, you wouldn't have enough bits -- it is well known that
there are only 8 bits of data in a byte ;-)
-- Phil
Phil Koopman -- [EMAIL PROTECTED] -- http://www.ices.cmu.edu/koopman
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Why this simmetric algorithm is not good?
Date: Sat, 10 Jul 1999 02:18:30 GMT
[EMAIL PROTECTED] wrote:
> You are wrong.
No, I'm right (I'm one of the people who wrote the C standard),
and how are you going to learn if you merely assert your
preconceptions and don't listen to the experts?
Sequence points are described in subclause 5.1.2.3 of the original
(1990) C standard, and the requirement "Between the previous and
next sequence point an object shall have its stored value modified
at most once by the evaluation of an expression" is in the second
paragraph of subclause 6.3. This requirement is maintained in the
forthcoming C9x revision of the standard.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Electronically Exporting crypto source (legally)
Date: Sat, 10 Jul 1999 02:26:45 GMT
Greg Ofiesh wrote:
> ... As another example of selective prosecution, congress
> keeps piling up more gun control laws without the existing laws being
> enforced on even a half wit basis. Why? So that when they have all
> the laws in place that they want, they can "choose" to begin
> prosecuting with all of them. This would allow them the "legal" means
> to get rid of all guns while incrementally adding the legal blocks into
> place.
While that is undoubtedly the agenda of the anti-gun activists,
I think Congress in general is motivated more by wanting to appear
to its gullible contituents to be "doing something" about the
perceived problems, especially youth violence. Of course, since
they never identified the actual source of the problem, their
"solution" just makes things worse, but so long as the voters are
as stupid as they seem to be, the Congressmen don't care about that.
It's all about maintaining and increasing their power over the people.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Sat, 10 Jul 1999 02:31:13 GMT
John Savard wrote:
> ... all numbers are equally likely to win, ...
That's the theoretical ideal, but it is exceedingly unlikely to
be the case in practice. With enough data and sensitive enough
analysis, a statistical bias should be discernable.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: New Encryption Product! (humor)
Date: Sat, 10 Jul 1999 02:39:25 GMT
Kurt Mueller wrote:
> Philip Koopman wrote in message <[EMAIL PROTECTED]>...
> >Not to mention, you wouldn't have enough bits -- it is well known that
> >there are only 8 bits of data in a byte ;-)
> I had to read that twice to get it, then I laughed.
It would have been funnier if it were right. A byte need not have
exactly 8 bits, although that is such a common misconception that
it is used in labeling disk drives, etc. That's why in technical
work, such as Internet packet specifications, we prefer the term
"octet" when we mean precisely 8 bits.
------------------------------
From: "Kurt Mueller" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: New Encryption Product! (humor)
Date: Fri, 9 Jul 1999 21:40:33 -0400
Philip Koopman wrote in message <[EMAIL PROTECTED]>...
>
>[EMAIL PROTECTED] (John Savard) wrote:
>
>>"One of the other ideas we considered, since a fingerprint scanner
>>didn't produce enough bits, was to have the user bite into a sensor
>>that would measure the profile of the crowns of his teeth", he
>>continued. "This was discarded for sanitary reasons, as well as
>>concerns about what would happen if the user recieved dental work."
>
>Not to mention, you wouldn't have enough bits -- it is well known that
>there are only 8 bits of data in a byte ;-)
>
>-- Phil
I had to read that twice to get it, then I laughed.
What if you bit down really, really hard? Wouldn't
that be a Mega Bite? That's like 8388608 bits, more
then enough information!
Ok, I'll stop now.
--
_____________________
Kurt Mueller
[EMAIL PROTECTED]
PGP encrypted mail highly preferred! DH preferred! Get my keys at:
http://www.bigfoot.com/~wwww
Signed. Sealed. Delivered.
------------------------------
From: "Daniel Urquhart" <[EMAIL PROTECTED]>
Subject: Re: Can Anyone Help Me Crack A Simple Code?
Date: Fri, 9 Jul 1999 19:51:00 -0700
> > <<The human eye can distinguish around 100,000 colors of visible
light.>>
>
> > I've actually heard figures of a few million, but less than 16 million
> > and more than 100,000. (It was in connection with someone saying how
> > 24bit color monitors are already overkill, and 32bit color is insane.)
>
> Good (computer) monitors can only produce about half the spectrum that
> the human eye can see. But for practical purposes the human eye can
> distinguish about 40000 colors and about 50 levels of grey *at the same
time*.
> 32 bits color schemes are mostly used to define opaqueness of colors so
you can
> define overlays in a convenient way. So 16 million colors is not overkill
> as long as you don't display them at the same time.
The entire point of graphics cards wich allow 16million colors is to display
them at the same time even standard VGA cards let you chose from 262,144
colors, just not all at once.
------------------------------
From: "Daniel Urquhart" <[EMAIL PROTECTED]>
Subject: How strong would this algorithm be ?
Date: Fri, 9 Jul 1999 20:27:46 -0700
I am fairly new to crypto, and recently wrote a program, "as is" it allows a
key nearly 4e90 bits long (text, up to 128 characters) and it the crypto
functions dynamically allocate everyting, so this could easily be increased,
though the cipher tables take (KeyLenInBytes-2)*64k. This is the idea:
The basic idea is to find a pseudo-random number in the table, based on the
index values:
div(PosInStream,KeyLen-2).rem , PrevEncodedByte , div(PosInStream, 256).rem
and XOR them with the input value to generate an output value.
First byte in stream is XOR'd with table[0][0][0];
The Random tables are generated using a loop wich takes 3 'seed values' and
is called once for very set of 3 input bytes ie.
a loop with
key[i], key[i+1], key[i+2]
the first two seed a 'Fibbinacci sequence' and the 3rd is XOR'd with this.
Would this essentially have to be cracked using brute-force, or does this
have some inherent flaw.
Shoud I just post my C source, (this might be very strong encryption ?)
I live in Canada
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: The Iraqi Block Cipher
Date: Fri, 09 Jul 1999 20:53:13 -0400
Reply-To: [EMAIL PROTECTED]
David Crick wrote:
>
> For those of you who haven't seen it....
>
> --
> +-------------------------------------------------------------------+
> | David Crick [EMAIL PROTECTED] http://members.tripod.com/vidcad/ |
> | Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
> | M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
> | PGP Public Keys: 2048-bit RSA: 0x22D5C7A9 4096-DH/DSS: 0xBE63D7C7 |
> +-------------------------------------------------------------------+
>
> /* The IRAQI BLOCK CIPHER BSF-1.052.36*/
> /* Iraqi cipher standard 1998 */
> /* 160-bit keys, 256-bit block */
>
===========================
When the posted code contains lines like:
unsigned char rnd_perm[256][16],rnd_glob[256],ciphertext[32];
.......... and later:
if (rnd_glob[x] == ( ciphertext[7]%256) )
.......... it really does not seem to be serious. Will anybody
care to explain what sense does it make to apply %256 to
"unsigned char"?
Best wishes BNK
------------------------------
From: "Daniel Urquhart" <[EMAIL PROTECTED]>
Subject: Re: Uncrackable?
Date: Fri, 9 Jul 1999 20:57:04 -0700
> If it's a stream cipher try analyzing the following
>
> 1) Period (length of output 'string')
> 2) Distribution of symbols (counts and avg. distance)
> 3) is it intractable?
If the index in a cipher table took into account the previous byte (after
encoding) and was of variable and long lenght (1Kb Key = 64Meg table)
wouln't this become nearly impossible ?
------------------------------
From: "Daniel Urquhart" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Fri, 9 Jul 1999 20:42:44 -0700
> Yes, in the way the U.S. has more strict limitations. The Wassenaar
> arrangement had excluded, and continues to exclude, "public domain"
> software (with a meaning broader than the meaning of "public domain"
> in copyright law).
Does this mean that I (a Canadain) can legally post/distribute any crypto
stuff I want, as long as it was made in Canada and is not
Copywrited/Patented ?
------------------------------
From: [EMAIL PROTECTED] (NFN NMI L.)
Subject: Re: How strong would this algorithm be ?
Date: 10 Jul 1999 03:46:02 GMT
<<I am fairly new to crypto, and recently wrote a program, "as is" it allows a
key nearly 4e90 bits long (text, up to 128 characters) and it the crypto
functions dynamically allocate everyting, so this could easily be increased,
though the cipher tables take (KeyLenInBytes-2)*64k. This is the idea:>>
Everyone and his uncle have written their own encryption algorithm.
<<Would this essentially have to be cracked using brute-force, or does this
have some inherent flaw.>>
They almost always have an inherent flaw. At least you gave an algorithm and
not "here's an encrypted binary file, try to break it!".
<<div(PosInStream,KeyLen-2).rem , PrevEncodedByte , div(PosInStream, 256).rem>>
As I don't understand this notation, I can't understand your algorithm. Others
might. Ah well
Moo-Cow-ID: 74 Moo-Cow-Message: searching
-*---*-------
S.T.L. (NFN NMI L. also) -===> [EMAIL PROTECTED] <===- 2^6972593 - 1 IS PRIME!
Quotations: http://quote.cjb.net Main site: http://137.tsx.org F00FC7C8 MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 Mail block
is gone, but will return if I'm bombed again. It was an easy fix. Address is
correct as-is. Giving the correct address is COURTEOUS; junk gets in anyway.
Join the Great Internet Mersenne Prime Search at http://entropia.com/ips/ My
.sig is even shorter, and contains 3046 bits of entropy including next line:
-*---*-------
Card-holding member of the Dark Legion of Cantorians, People for the Ethical
Treatment of Digital Tierran Organisms, the Holy Order of the Catenary, the
Great SRian Conspiracy, the Triple-Sigma Club, the Polycarbonate Syndicate,
the Union of Quantum Mechanics, the Roll-Your-Own Crypto Alliance, and the
Organization for the Advocation of Two-Letter Acronyms (OATLA)
Avid watcher of "World's Most Terrifying Causality Violations", "When Kaons
Decay: World's Most Amazing CP Symmetry Breaking Caught On [Magnetic] Tape",
"World's Scariest Warp Accidents", "When Renormalization Fails", "World's
Most Energetic Cosmic Rays", and "When Tidal Forces Attack: Caught on Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #15: Tidal Forces Fall Off As 1/r^3.
------------------------------
From: Don Leclair <[EMAIL PROTECTED]>
Subject: Re: Number Field Sieve, RSA factoring
Date: Sat, 10 Jul 1999 02:59:44 GMT
Hi,
> Ok... I will not consider implementing the
> whole thing anymore. Do you know where I
> could get a copy of the code that implements
> the square root function. You mentioned Peter
> Montgomery.
As Bob Silverman mentioned, looking at the code won't be of much
assistance, if any at all. Even a step that sounds so simple requires
a great deal of knowledge in the field of number theory.
Don't get discouraged though. The theory behind the Number Field Sieve
is very abstract but it is fascinating too. You'll have to have a
strong interest in mathematics, not just programming. An entire
implementation is out of the question in the time you have available,
but gaining a thorough understanding of the algorithm and implementing
portions of it may not be.
If the number field sieve is too overwhelming, you might consider
writing an overview of modern (post 1970) algorithms and implementing
as many of them as you can in the time you have available. It has been
done many times before but if you focus on understanding the most
recently developed algorithms (ECM, MPQS and NFS) and discuss the most
recent events (introduction of Shamir's TWINKLE device, large SNFS and
GNFS factorization by CWI, te Riele, Montogomery, et al) it may qualify
for an undergraduate paper.
The second edition of Hans Riesel's book "Prime Numbers and Computer
Methods for Factorization", published by Birkhauser, is an excellent
source of information for all factoring algorithms from basic trial
division up to the number field sieve. It has a particularly detailed
description of CFRAC (Continued Fraction Method) which makes the
understanding of MPQS (and to a lesser degree NFS) much easier.
Don Leclair
[EMAIL PROTECTED]
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Dennis Ritchie <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Sat, 10 Jul 1999 04:03:54 +0100
Reply-To: [EMAIL PROTECTED]
Douglas A. Gwyn wrote:
>
> John Savard wrote:
> > ... all numbers are equally likely to win, ...
>
> That's the theoretical ideal, but it is exceedingly unlikely to
> be the case in practice. With enough data and sensitive enough
> analysis, a statistical bias should be discernable.
And there were earlier relevant things in the thread.
I seem to recall three nearby lottery scams in past years; apologies
for not trying to dig up the references.
1. People weighted the bouncing balls in the Pennsylvania drawing
with tiny lead pellets, thus making some numbers less likely
to pop up. Arrests were made, and security arrangements
tightened.
2. A study was made of distribution of numbers picked by the
punters, and at least theoretically, a positive expectation
could be hoped for given the parimutual nature of the event.
One picked the seldom-chosen numbers; expectation was
still positive even though the state rake-off is generally
larger than the bite by private legal (or even illegal)
games.
3. In one of the combined state lotteries with carry-forward
of unwon prizes (not Powerball, but the same idea), an
Australian-led syndicate figured that the prize was big enough
to "play the whole field" and hired people essentially to
buy all the numbers. They did in fact win a piece, but the
various authorities argued "this is not fair" and tried to
prevent the award, citing various small print. I forget the
resolution of this, but best memory is that the award was
made but the small print was tightened up. Contemporary
news reports often focussed on small stores with customers
coming in and saying "I'd like to buy 1,000 lottery tickets
with the following numbers...."
Dennis
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: The Iraqi Block Cipher
Date: 10 Jul 1999 04:21:05 GMT
Boris Kazak <[EMAIL PROTECTED]> wrote:
> .......... it really does not seem to be serious. Will anybody
> care to explain what sense does it make to apply %256 to
> "unsigned char"?
Iraqi compilers use unicode?
-David
------------------------------
From: [EMAIL PROTECTED]
Subject: futurama
Date: Sat, 10 Jul 1999 05:59:11 GMT
The show "futurama" has a space age code.
In one episode, at an amusement park on the moon, a sign reads.
abcad
efgbh
ifjkljc
abcad could be taste
where can I get a program which will solve simple stuff like how many
five letter words have the same 1st and 4th letters.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Reply-To: "ruiner" <[EMAIL PROTECTED]>
From: "ruiner" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: New Encryption Product! (humor)
Date: Sat, 10 Jul 1999 05:49:09 GMT
such as the Usenet messages being read right now: 7 bit
> It would have been funnier if it were right. A byte need not have
> exactly 8 bits, although that is such a common misconception that
> it is used in labeling disk drives, etc. That's why in technical
> work, such as Internet packet specifications, we prefer the term
> "octet" when we mean precisely 8 bits.
ruiner
http://home.adelphia.net/~alexk
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Sat, 10 Jul 1999 00:35:11 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> >
> > I suppose that to write a program of the sort is to start with something
> > simple, not even in the crypto line. Surely, you would be simulating the
> > advice on how to do something that a text or tudor might give you on the
> > same particuliars. One real requirement is that the advice be conclusive,
> > definitive, and complete; I don't know about you, but that is how I like
> > help to come anyway.
>
> If I understand correctly, you are favouring good pedagogical ways of
> education of people to design and write their own cryptos.
> That's certainly a good point. But if you want others to independently
> write a crypto program that is compatible with your own, i.e. able to
> communicate with you, the task, I am afraid, is non-trivial in
> practice if you confine yourself to giving some 'general' instructions
> or guidelines concerning your design.
>
Making instructions, source code when taken to other programming languages
and dialects actually work still require knowing what you are doing. Yes,
I have had some experience in others writing programs according to my
descriptions. Results vary, and usually get down to some fine points
including sample encryptions and decryptions.
A complete description is still a complete description. Generalizations
are merely starting points, sure to produce a variation on the original.
However, it may be of interest if a particular programming problem is
solved in a different way with the same or similiar results.
--
Rest sometimes allows you to find new things to worry about but should give you the
patience to do something about them.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
