Cryptography-Digest Digest #876, Volume #9 Tue, 13 Jul 99 21:13:02 EDT
Contents:
Re: Arguement for 'Stream Cipher ~ PRNG' ([EMAIL PROTECTED])
Re: randomness of powerball, was something about one time pads (fungus)
Re: Arguement for 'Stream Cipher ~ PRNG' ([EMAIL PROTECTED])
Re: Funny News (Medical Electronics Lab)
Re: Arguement for 'Stream Cipher ~ PRNG' ([EMAIL PROTECTED])
Re: Funny News (Doug Stell)
What is a fractal? ([EMAIL PROTECTED])
Re: Fractal encryption (Jim Gillogly)
Re: Crypto Books on CD-ROM (Wim Lewis)
Re: Funny News (Dave Salovesh)
Re: What is a fractal? ([EMAIL PROTECTED])
Re: Crypto Books on CD-ROM (Wim Lewis)
wincrypt ("Terry Mechan")
Re: What is the "real" length of a key in 3-key 3DES? ("karl malbrain")
Re: What is the "real" length of a key in 3-key 3DES? ("Kristof Burek")
Online Coverage of '99 USENIX Annual Conference & the 2000 Call for Papers (Jennifer
Radtke)
Re: Funny News ("Tony T. Warnock")
Re: Benfords law for factoring primes? ("Thijs vd Berg")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Arguement for 'Stream Cipher ~ PRNG'
Date: Tue, 13 Jul 1999 16:34:01 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Please elaborate a bit more. I can't capture your sentence. Thanks.
Sorry, no problem.
What I am saying is that any stream cipher should be able to encrypt a
repeating sequence of plaintexts (bits or bytes does not matter), and
one would expect the ciphertext to be completely pseudo-random to an
onlooker. Does that makes sense? (I hope...).
For example if the input was 'AAAA' for a stream cipher we could say
the output was 'abcd'. In a block cipher the output will always
be 'BBBB' (pretend A is one block) and thus does not form a good PRNG
in this manner.
Under this argument a streamcipher should make a good PRNG. If it
makes a good PRNG what is to say it's not a PRNG? Pretend xor'ing the
output of a LFSR with zero, you know the output will always be the
output of the LFSR. Now pretend you have some other PRNG source (or
keystream generator) and you xor it with zero...
Does this make sense?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Tue, 13 Jul 1999 20:34:04 +0200
"Tony T. Warnock" wrote:
>
> I always like the phrase: "The lottery is a tax on the innumerate."
>
There's plenty of *simple* gambling games which will fool hardened
statisticians. Martin Gardner discusses them a lot.
There's one game where you pay a dollar, choose a number from one
to six, then throw three dice. You win a dollar for every die which
shows your chosen number. Who has the edge? The player or the house?
Another classic is a gameshow where there are three doors to choose
from, one with a good prize behind it and two with bad prizes behind
them. You choose a door, the host opens one of the other doors to show
a bad prize then asks you if you want to change your chosen for
the other (still closed) one. Should you change or not?
The answer is *yes, every time*, but demonstrating *why* you should
change will cause much heated debate (and is off-topic here so I'll
leave it as an exercise for the reader....)
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Arguement for 'Stream Cipher ~ PRNG'
Date: Tue, 13 Jul 1999 18:36:46 GMT
[EMAIL PROTECTED] wrote:
> If a stream cipher
[...]
> then it should form an ideal
> PRNG if the user selects to encrypt a repeating string of plaintexts.
Can one build a stream cipher from a PRNG?
Yes. One of many methods is to XOR the generated
stream into plaintext to form ciphertext and vice
versa.
Can one build a PRNG from a stream cipher?
Yes. One of many methods is to obtain the next
output by encrypting zero.
Is a stream cipher the same thing as a PRNG?
No.
--Bryan
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: Funny News
Date: Tue, 13 Jul 1999 12:41:19 -0500
[EMAIL PROTECTED] wrote:
>
> Watching CNN today I saw a clip of Janet Reno (hey wheres the blue
> dress?) and I semi-quote
>
> " Terroists can use encryption technologies making wiretaps effectively
> useless and crime prevention much harder ... "
>
> Basically she was advocating the restrictions.
>
> My question is (this is an open question), What good do these
> regulations ACTUALLY provide? If a criminal breaks the law won't logic
> dictate they won't follow this law as well?
Gee, if a teenager can figure out the argument is bogus, why
can't congress critters?
The regulations allow the government the ability to snoop on
all the idiots who are too dumb to break the law. Be as smart
as a congressman, be a criminal!!
Note followups.
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Arguement for 'Stream Cipher ~ PRNG'
Date: Tue, 13 Jul 1999 18:47:31 GMT
In article <7mg0vs$qsp$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Can one build a stream cipher from a PRNG?
>
> Yes. One of many methods is to XOR the generated
> stream into plaintext to form ciphertext and vice
> versa.
>
> Can one build a PRNG from a stream cipher?
>
> Yes. One of many methods is to obtain the next
> output by encrypting zero.
>
> Is a stream cipher the same thing as a PRNG?
>
> No.
I agree with this logic. It makes sense. Thanks for the reply.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: Funny News
Date: Tue, 13 Jul 1999 20:00:12 GMT
On Tue, 13 Jul 1999 11:52:49 -0600, John Myre <[EMAIL PROTECTED]>
wrote:
>
>[EMAIL PROTECTED] wrote:
>>
>> Watching CNN today I saw a clip of Janet Reno (hey wheres the blue
>> dress?) and I semi-quote
>>
>> " Terroists can use encryption technologies making wiretaps effectively
>> useless and crime prevention much harder ... "
There is little doubt that encryption makes the job of the national
security and law enforcement folks more difficult.
>> Basically she was advocating the restrictions.
>>
>> My question is (this is an open question), What good do these
>> regulations ACTUALLY provide? If a criminal breaks the law won't logic
>> dictate they won't follow this law as well?
>
>The specific argument that control is useless because criminals
>will ignore regulations is false logic. The gulf between "not
>100% effective" and "useless" is quite wide. Making something
>illegal will decrease its use: at least *some* criminals will
>find it too hard, or too expensive, or too confusing, or just
>won't use it correctly.
The above response explains it quite well. The needle is easier to
find if you can make the haystack as small as possible. If the use of
encryption was pervasive, they would have a hard time telling who the
bad guys are. Of course, this means that anyone who uses encyrption is
*potentially* a bad guy.
The big criminals, such as organized crime, drug trafficing operations
and well-funded terrorists, will tend to have very good security,
because they recongnize its value and have the resources to obtain it.
The little guys, such as the local kid selling drugs, no only finds it
too expensive, but may be too stupid to use it.
>Of course, this is hardly the end of the debate. I've just
>seen this particular error in thinking too often to let it go
>without comment.
Remember that there is more than one way to think about things and
more than one way to accomplish the task. Those of us in the business
tend to think one way and consider the other irrational, which it is
to some extent. However, the other isn't totally useless, as the
comments try to explain.
------------------------------
From: [EMAIL PROTECTED]
Subject: What is a fractal?
Date: Tue, 13 Jul 1999 19:36:38 GMT
Following Bob Silvermans suggestion that 'most people haven't the
foggiest about fractals' and since I am one of them...
What exactly is a fractal?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Fractal encryption
Date: Tue, 13 Jul 1999 13:08:57 -0700
Glenn Davis wrote:
>
> Plan B: Mandelbrot steganography
>
> Two people share a key composed of:
>
> 1 coordinates for the area of the Mandelbrot set (50 bits)
Is this one point (25 bits each for X and Y) with a fixed window
size, or two points defining opposite corners of the square or
rectangle? This doesn't actually give 50 bits of random choices,
since a great deal of the map would be black. It'd be interesting
to see just how much entropy this would give in the "interesting"
regions.
> 2 limit of iterations (20 bits)
This seems high to me: we're dealing with floating point
calculations, and you're allowing up to a million Mandelbrot
operations to find out the value of a single bit. What kind
of throughput are you projecting for this algorithm?
> 3 color mapping from iteration count to color code (30 bits)
How are the pixels colored? I thought they referred to the
iteration count, but you're allowing up to 1M iterations and
1G colors. If it's done in a naive way, there are nice clues
in adjacent regions, which would normally correspond to
iteration counts of plus or minus one from their neighbors.
A complete ordering on the encrypted colors should be
deducible from this. If the mapping is more sophisticated,
of course, these remarks don't apply.
> 4 scaling (10 bits)
I'd like to hear more about this one.
> The message is coded as color changes anywhere on the area
> of the Madelbrot set. The resulting image can then be printed
> on posters or on paper. Without the key, people cannot see
> the coded color areas.
Not the original colors, but surely the "false color" encrypted
colors... right?
> With the key, a person scans in the image from paper.
> Use the key to produce the area of the Mandelbrot set
> used as background. Overlay 2 images to recover difference areas.
I think this answers my question about throughput!
--
Jim Gillogly
Highday, 20 Afterlithe S.R. 1999, 19:57
12.19.6.6.8, 6 Lamat 16 Tzec, Second Lord of Night
------------------------------
From: [EMAIL PROTECTED] (Wim Lewis)
Subject: Re: Crypto Books on CD-ROM
Date: 13 Jul 1999 21:16:15 GMT
In article <[EMAIL PROTECTED]>,
H. Ellenberger <[EMAIL PROTECTED]> wrote:
>I have the impression that DDJ displays a high ethical level
>in their editorials, but obviously the publisher does not live up to
>the same standards.
I'm not sure what you're trying to say here. Perhaps you could elaborate.
Is this comment (a response to my message) directed somehow at me?
--
Wim Lewis * [EMAIL PROTECTED] * Seattle, WA, USA
------------------------------
From: [EMAIL PROTECTED] (Dave Salovesh)
Subject: Re: Funny News
Date: Tue, 13 Jul 1999 20:33:19 GMT
In article <[EMAIL PROTECTED]>,
"Tony T. Warnock" <[EMAIL PROTECTED]> opined:
>Actually criminals will break all laws except the next one. Therefore we
>always need more laws.
That explains it. Why didn't they write that law first?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What is a fractal?
Date: Tue, 13 Jul 1999 20:35:20 GMT
O.K., here's an attempt at an explaination. I haven't done much with
this stuff in years, but maybe this will help.
Fractals are derived from a part of mathematics called Chaos Theory. It
was discovered when people attempted to represent nature and all its
randomness with math. The formulas that were used were so sensitive
that a small changed produced extremely different results. This is
where the chaos part comes from. Sparing a lot of details, fractals are
graphical representations of these equations. The interesting property
is that as you zoom in on a fractal image, you get more and more detail.
This is what they use to more accurately represent coastlines,
mountains, etc. If you were to take a rock and look at it under
different magnifications, it would still look like a rock, at least
until you hit the molecular level. If you want a visual example, do
this:
1. Draw a triangle on a piece of paper.
2. For each line segment, replace the middle third with two lines of the
same length. It should be something like this
___ is now _/\_
Now you should have 12 line segments instead of three.
3. Repeat step two a number of times, each time applying it to the new
figure.
4. Now "zoom in." As you zoom in, each section you look at should look
like, in this case very similar to, a side of the triangle.
5. Now, imagine infinite repititions of step two.
That is a simple fractal. I hope this helps.
In article <7mg4g5$sb6$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Following Bob Silvermans suggestion that 'most people haven't the
> foggiest about fractals' and since I am one of them...
>
> What exactly is a fractal?
>
> Tom
> --
> PGP key is at:
> 'http://mypage.goplay.com/tomstdenis/key.pgp'.
> Free PRNG C++ lib:
> 'http://mypage.goplay.com/tomstdenis/prng.html'.
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Wim Lewis)
Subject: Re: Crypto Books on CD-ROM
Date: 13 Jul 1999 21:20:44 GMT
In article <[EMAIL PROTECTED]>,
H. Ellenberger <[EMAIL PROTECTED]> wrote:
>I have the impression that DDJ displays a high ethical level
>in their editorials, but obviously the publisher does not live up to
>the same standards.
I'm not sure what you're trying to say here. Perhaps you could elaborate.
Is this comment (a response to my message) directed somehow at me?
--
Wim Lewis * [EMAIL PROTECTED] * Seattle, WA, USA
------------------------------
From: "Terry Mechan" <[EMAIL PROTECTED]>
Subject: wincrypt
Date: Tue, 13 Jul 1999 22:38:18 +0100
check software on
http://www.tmechan.freeserve.co.uk
--
Regards
TJM
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: What is the "real" length of a key in 3-key 3DES?
Date: Tue, 13 Jul 1999 15:14:31 -0700
Kristof Burek <[EMAIL PROTECTED]> wrote in message
news:7mgdc6$c82$[EMAIL PROTECTED]...
> ... Yes I see, the number of possible one-to-one mappings must be (2^64)!,
> clearly a number somewhat larger than (2^64)^3. Is that what you're
saying?
> and does this allow us to suggest without much fear of contradiction that
> 3-key 3DES is approximately 2^56 times stronger than 2-key 3DES (i.e. you
> still have to use brute-force on all possible keys)?
If you use <<brute-force>> to capture ALL of the 2^63 mappings between
plain-text and cipher-text, you have broken 1DES 2DES 3DES ... (or any other
64 bit block cipher) for the given KEY. Karl M
------------------------------
From: "Kristof Burek" <[EMAIL PROTECTED]>
Subject: Re: What is the "real" length of a key in 3-key 3DES?
Date: Tue, 13 Jul 1999 23:03:01 +0100
Nicol So <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
| Kristof Burek wrote:
| >
| > PS my understanding would be that since there are far fewer than 2^168
| > possible mappings of a 64-bit block to another 64-bit block, ...
|
| Try to come up with an expression for the number of permutations on
| 64-bit strings and you'll quickly realize that the above is not true.
|
| Nicol
... Yes I see, the number of possible one-to-one mappings must be (2^64)!,
clearly a number somewhat larger than (2^64)^3. Is that what you're saying?
and does this allow us to suggest without much fear of contradiction that
3-key 3DES is approximately 2^56 times stronger than 2-key 3DES (i.e. you
still have to use brute-force on all possible keys)?
Kristof
------------------------------
From: [EMAIL PROTECTED] (Jennifer Radtke)
Subject: Online Coverage of '99 USENIX Annual Conference & the 2000 Call for Papers
Date: Tue, 13 Jul 1999 23:37:32 GMT
**DR. DOBB'S JOURNAL TechNET/CAST covered the 1999 USENIX Technical
Conference, in June in Monterey, California, and broadcasts are available
at http://technetcast.ddj.com/
Coverage includes the following interviews of conference participants:
- Linus Torvalds hosted the Linux BOF and reported on the state of Linux,
with questions from the audience.
- Eric Allman, on sendmail, email security, and spam.
- Miguel de Icaza on GNOME and Linux.
- Jeff Mogul, Compaq Western Research Lab, on HTTP, firewalls.
- Ronald Record on SCO Skunkware and SCO Wabi (Windows Application Binary
Interface).
- Peter Salus on the history of Unix and Linux.
- Henry Spencer on C and Interpretive Languages.
**Announcing the Call for Papers for USENIX 2000, including the FREENIX Track
USENIX 2000 ANNUAL TECHNICAL CONFERENCE
June 18-23, 2000
San Diego, California, USA
=================================================================
Call for Papers at http://www.usenix.org/events/usenix2000/cfp/
Refereed Paper submissions due: November 29, 1999
FREENIX Track submissions due: November 29, 1999
=================================================================
The USENIX Annual Technical Conference brings together under a single roof
the broad community of developers, researchers, and users. It is well known
as the place to share the results of the latest and best work, find points
of common interest and perspective, and develop new ideas that cross and
break boundaries.
The three-day technical sessions include: a track of refereed papers
selected by the Program Committee; a track of Invited Talks by experts and
leaders in the field; and FREENIX, a track of talks and paper presentations
on freely available software and systems. Three days of tutorials precede
the technical sessions with practical tutorials on timely topics.
The Program Committee seek submissions to the Refereed Paper track on a
broad range of topics, including:
* Operating system and application structures for modern, commodity
hardware, including extensible, embedded, distributed, and object-oriented
systems.
* The impact of commodity hardware and software on the development of
software systems.
* How the growing ubiquity of the Internet affects, and is affected by,
developments in the areas of electronic commerce, security, heterogeneous,
and mobile computing.
* ActiveX, Java, CORBA, and other technologies that support mobile and
reusable software components.
* The future of Tcl/Tk, Perl, and other scripting and domain-specific
languages.
* Connecting, managing, and maintaining geographically distributed,
heterogeneous networks of computers.
The FREENIX track showcases the latest developments and interesting
applications in freely redistributable software. FREENIX is open to the
full range of software--Apache, FreeBSD, GNOME, GNU, Linux, NetBSD,
OpenBSD, Samba, and more--which is freely redistributable in source code
form and provides pointers to where the code can be found on the Internet.
The purpose for the FREENIX papers is not as an archival reference, but
rather a place to let others know about the project on which you are
working and to provide a forum from which to expand your user base. We are
seeking submission of a one to three page abstract for talks which
advance the state of the art of freely redistributable software or
otherwise provide useful information to those faced with deploying (and
"selling") free software in the field.
Invited Talk and tutorial suggestions and proposals are also very welcome.
=============================================================
USENIX, the Advanced Computing Systems Association, is a not-for-profit
society with an international membership of scientists, engineers, and
system administrators working on the cutting edge of systems and software.
For 25 years USENIX conferences and workshops have emphasized the free
exchange of technical ideas unfettered by stodginess or commercialism.
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Funny News
Date: Tue, 13 Jul 1999 14:09:11 -0600
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
> Watching CNN today I saw a clip of Janet Reno (hey wheres the blue
> dress?) and I semi-quote
>
> " Terroists can use encryption technologies making wiretaps effectively
> useless and crime prevention much harder ... "
>
> Basically she was advocating the restrictions.
>
> My question is (this is an open question), What good do these
> regulations ACTUALLY provide? If a criminal breaks the law won't logic
> dictate they won't follow this law as well?
Actually criminals will break all laws except the next one. Therefore we
always need more laws.
------------------------------
From: "Thijs vd Berg" <[EMAIL PROTECTED]>
Subject: Re: Benfords law for factoring primes?
Date: Wed, 14 Jul 1999 01:33:19 +0200
David A Molnar <[EMAIL PROTECTED]> wrote in message
news:7meo44$glu$[EMAIL PROTECTED]...
> Now I know one bit!
All primes start with a "1", most also end with a "1", SO now you know 2
bits!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
