Cryptography-Digest Digest #883, Volume #9 Thu, 15 Jul 99 02:13:04 EDT
Contents:
16-bit RC5 ("J.J.")
Creating a key (Piotr K)
Re: Creating a key ("karl malbrain")
Re: 16-bit RC5 ([EMAIL PROTECTED])
Re: Crypto Books on CD-ROM (Bruce Schneier)
Re: Creating a key ([EMAIL PROTECTED])
Re: Stream Cipher != PRNG ("Douglas A. Gwyn")
Re: randomness of powerball, was something about one time pads ("Douglas A. Gwyn")
Re: Stream Cipher != PRNG ("Douglas A. Gwyn")
Re: Arguement for 'Stream Cipher ~ PRNG' ("Douglas A. Gwyn")
Re: Arguement for 'Stream Cipher ~ PRNG' ("Douglas A. Gwyn")
Re: Stream Cipher != PRNG (wtshaw)
Re: Why public key in PGP (Sundial Services)
Re: Benfords law for factoring primes? ("Douglas A. Gwyn")
Re: What is a fractal? (Christopher)
Re: Stream Cipher != PRNG ([EMAIL PROTECTED])
Re: Stream Cipher != PRNG ([EMAIL PROTECTED])
Re: Short Key and Short Data -- XOR ??? ([EMAIL PROTECTED])
Re: Help with RNG Stats ([EMAIL PROTECTED])
Re: Creating a key (wtshaw)
----------------------------------------------------------------------------
From: "J.J." <[EMAIL PROTECTED]>
Subject: 16-bit RC5
Date: Thu, 15 Jul 1999 12:18:19 +1200
Can anyone tell where to obtain 16-bit code implementation of RC5?
thanks...
------------------------------
From: [EMAIL PROTECTED] (Piotr K)
Subject: Creating a key
Reply-To: [EMAIL PROTECTED]
Date: Thu, 15 Jul 1999 00:26:09 GMT
Can anybody explain me how from char password is created binary
key for encryption . Is it only simple substitute binary code for char
or maybe something else ? .What about case when password is too
short ?.For example key is 256 bit long and we have only ten char
password.Should we use zeros for rest of lacking bits ??
Any answer wil be appreciate.
Piotr Kulinski , Poland
[EMAIL PROTECTED]
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: Creating a key
Date: Wed, 14 Jul 1999 17:40:36 -0700
Piotr K <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Can anybody explain me how from char password is created binary
> key for encryption . Is it only simple substitute binary code for char
> or maybe something else ? .What about case when password is too
> short ?.For example key is 256 bit long and we have only ten char
> password.Should we use zeros for rest of lacking bits ??
What I do is to use a pseudo-random number generator to repeatedly select 10
source key bits (using only the lower 5 bits of each source byte for case
insensitivity), using the half-added sum for each bit of binary key
required. Karl M
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: 16-bit RC5
Date: Thu, 15 Jul 1999 02:11:36 GMT
In article <[EMAIL PROTECTED]>,
"J.J." <[EMAIL PROTECTED]> wrote:
> Can anyone tell where to obtain 16-bit code implementation of RC5?
> thanks...
>
>
Well it's easy to implement it just code it as 'unsigned short'.
Anyways... I don't think it would be terribly secure though.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: Crypto Books on CD-ROM
Date: Thu, 15 Jul 1999 02:25:48 GMT
On 5 Jul 1999 03:45:38 GMT, David A Molnar <[EMAIL PROTECTED]>
wrote:
>Bruce Schneier <[EMAIL PROTECTED]> wrote:
>> It's worth buying the new version of the CD-ROM. All the books are in
>> pdf format, and the hyperlinking actually works. I found the first
>> version almost useless, but I like this version.
>
>Thanks for the good news! Now I need to figure out how to
>swing an upgrade from DDJ. :-)
I think if you ask nicely, they will give you an upgrade. (I have no
idea, really, but it seems like the proper thing to do. The initial
interface was awful.)
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Creating a key
Date: Thu, 15 Jul 1999 02:14:32 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Can anybody explain me how from char password is created binary
> key for encryption . Is it only simple substitute binary code for char
> or maybe something else ? .What about case when password is too
> short ?.For example key is 256 bit long and we have only ten char
> password.Should we use zeros for rest of lacking bits ??
The smart thing todo is hash the ASCII password. If the password is
well chosen it will have an entropy approaching
72^n (25 chars this is about 154 bit key). After you hash it you will
have a output which is much harder to attack then the input. This
ensure the security of the key relies on a) unbiasism in the hash and
b) length/security of the password.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Stream Cipher != PRNG
Date: Thu, 15 Jul 1999 03:47:25 GMT
Boris Kazak wrote:
> The difference is superficial - just regard the "batch" as one
> big metacharacter (64 or 128 bit).
So replace "character" by "bit" to see the difference.
(The difference is structural; I was just trying to convey
it as briefly as possible.)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Thu, 15 Jul 1999 04:14:49 GMT
fungus wrote:
> There's one game where you pay a dollar, choose a number from one
> to six, then throw three dice. You win a dollar for every die which
> shows your chosen number. Who has the edge? The player or the house?
As described, the odds are even (it's a fair game).
I think you meant to describe "Chuck-a-Luck", where you win a dollar
if your chosen number comes up on any die, but never more than $1
per play, and lose a dollar if it doesn't come up on any die.
In that case, the odds favor the house (you expect to lose over 15
cents per play, in the long run).
> Another classic is a gameshow where there are three doors to choose
> from, one with a good prize behind it and two with bad prizes behind
> them. You choose a door, the host opens one of the other doors to show
> a bad prize then asks you if you want to change your chosen for
> the other (still closed) one. Should you change or not?
> The answer is *yes, every time*, ...
The more interesting question is, what are the new odds for the
remaining doors? On the assumption that the host *knows* where
the good prize is and as a matter of policy *always* opens a
bad-prize door, the new odds are 1:2 in favor of the third door.
If he had just opened a door on whim, with the reported result,
then the new odds are 1:1. (If you don't know which of these is
the case, then switching can't hurt and might help.)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Stream Cipher != PRNG
Date: Thu, 15 Jul 1999 03:45:54 GMT
[EMAIL PROTECTED] wrote:
> So it's always the same permutation of the input right? :)
No, of course not. It depends on keying elements.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Arguement for 'Stream Cipher ~ PRNG'
Date: Thu, 15 Jul 1999 03:43:58 GMT
[EMAIL PROTECTED] wrote:
> What I am saying is that any stream cipher should be able to encrypt a
> repeating sequence of plaintexts (bits or bytes does not matter), and
> one would expect the ciphertext to be completely pseudo-random to an
> onlooker.
Not necessarily uniformly distributed, although it would be for many
stream ciphers.
> Under this argument a streamcipher should make a good PRNG. If it
> makes a good PRNG what is to say it's not a PRNG?
"If you encrypt constant input, it can be used as a PRNG."
But that says nothing about the case when you're not encrypting
constant input.
A PRNG is a system with a particular intended *purpose*, namely
to generate an approximation to a random sequence (with some
specified distribution). Suppose you had a stream cipher in
hardware, but you just used it for a doorstop. Would you then
say that "stream cipher ~ doorstop"?
There is a connection between encryption systems (not just stream
ciphers) and PRNGs, but only in terms of the analysis of randomness
of output sequences. Nothing is gained by confusing the two
concepts, and much is lost (such as understanding that a stream
cipher need not take the form of a key generator system).
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Arguement for 'Stream Cipher ~ PRNG'
Date: Thu, 15 Jul 1999 03:35:58 GMT
[EMAIL PROTECTED] wrote:
> [1] However additive (fibonacci) generators are also state based. ...
> does not disclude the possibility that a additive generator is a bad
> PRNG under my argument.
Analysis of the quality of a PRNG is a different topic that whether
there is an essential difference between PRNGs in general and stream
ciphers in general.
The best method I know of for testing PRNGs is, unfortunately,
classified. However, Fibonacci generators are clearly not the
best for general simulation (Monte Carlo) applications.
If you're seriously interested in PRNGs, Knuth's The Art of
Computer Programming, Vol. 2 (Seminumerical Methods) is a good
place to start learning about their properties and testing.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Stream Cipher != PRNG
Date: Wed, 14 Jul 1999 23:25:30 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> >
>
> > I would count on it that you have seen many, but not all. There is
> > nothing inately wrong with using a normal PRNG as a component if there is
> > enough state in the subsequent steps so that you cannot recognize the
> > generated series, or it is so mingled and mangled that other key
> > components are too big to reasonably brute force at the same time. The
> > theory is really duck soup for doing something like this.
>
> I like to add that one way of obtaining more states is through
> employing more PRNGs (e.g. my humble compound PRNG).
>
Like lots of other problems, there are numerous solutions. When some
dwell on a simplistic use of the PRNG, their conclusions are obvious in
that frame of reference, that a trivial use of it is not going to give
them much cryptographically.
--
Most wrestlers and politicians seem to have pretty the same
agenda, seek various kinds of by appearing to do things they are
not doing, catering to specialty groups of supporters, and as a
result of deals, learn to take falls when they know better. Those
who do not go along tend to be excluded and punished.
------------------------------
Date: Wed, 14 Jul 1999 21:01:56 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Why public key in PGP
[EMAIL PROTECTED] wrote:
>
> Question:
>
> Now that you publish your public key for a PGP encrypted file, why
> do you need such a public key?
> Do you really need a key server to dynamically generate new
> public keys? How if you just use one public key for a long time (say, 1
> month or 10 years)?
> Thank you so much.
PGP uses a -pair- of keys: one for encryption, the other to decrypt.
One may be made public while the other remains private.
If you send a message to me encrypted with my public key, no one can
decrypt it but me 'n the NSA. This allows you to send personal messages
to me.
If I sign a message, I do it with my private key. You can verify it
using my public key, and know that only I could have signed it in such a
way that you could have verified it with my public key.
As to the lifetime of a public key... I suspect that keys used for
ordinary signature-purposes are kept for a long time. Keys used by
people who are actually conducting private conversations are probably
retired when the conversation is through, or when people leave the
organizations in question, or when the security afforded by the prior
public-key is doubted in any way by anyone.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Benfords law for factoring primes?
Date: Thu, 15 Jul 1999 04:17:38 GMT
Thijs vd Berg wrote:
> All primes start with a "1", most also end with a "1", SO now you
> know 2 bits!
Not only that, but I happen to know how to factor *any* prime.
------------------------------
From: [EMAIL PROTECTED] (Christopher)
Subject: Re: What is a fractal?
Date: Thu, 15 Jul 1999 01:28:27 -0400
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Bailey) wrote:
_ A common type of fractal dimension is the Hausdorff-Besicovich
_ Dimension, but there are several different ways of computing fractal
_ dimension. Roughly, fractal dimension can be calculated by taking the
_ limit of the quotient of the log change in object size and the log
_ change in measurement scale, as the measurement scale approaches zero.
_ The differences come in what is exactly meant by "object size" and
_ what is meant by "measurement scale" and how to get an average number
_ out of many different parts of a geometrical object. Fractal
_ dimensions quantify the static *geometry* of an object.
I thought I knew what a fractal was until I read this, is this referring
to the example where a one-dimensional line can _almost_ cover a
two-dimenstional surface, when taken in the limit. If I'm not mistaken
that is the type of line used to "dither" dots to make gradients on
printers.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Stream Cipher != PRNG
Date: Sun, 11 Jul 1999 12:46:37 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] () wrote:
> [EMAIL PROTECTED] wrote:
> : All of these are time dependant permutations. They are based on the
> : time stepping of a PRNG. You have not proved or provided hints
towards
> : stream cipher != PRNG.
>
> Yes, I have. You haven't been paying attention.
>
> If the stream cipher involves a complicated rule for producing a
> permutation from PRNG output, then the PRNG alone is not the stream
> cipher. The rule for producing the permutation, called
the "combiner", is
> also part of the stream cipher - and in this case, it is NOT just an
XOR
> of the PRNG output any more!
>
> If you don't know that the rule is S3( PRNG[8..15] xor S2( PRNG[0..7]
+
> S3( plain ) ) ), and all you have is the PRNG, you can't do the stream
> cipher.
>
> I don't know how to make it any clearer than this. Yes, stream ciphers
> generally *are* built with PRNGs. Now, there IS a completely different
> kind, the self-synchronizing stream cipher (to encipher character n,
> encrypt the eight preceding ciphertext characters with DES, and use
the
> 64-bit output to encrypt that character) which could be viewed as a
block
> cipher mode, and doesn't even use a counter - there's only a block
cipher
> and no PRNG at all.
>
> Basically: Stream cipher =(usually) PRNG + combiner != just the PRNG.
>
> Where the combiner is just an XOR, the stream cipher and the PRNG are
> close enough to being the same that they can be confused. Where the
> combiner has some complexity of its own, the two are not the same. And
> stream ciphers can be of the autokey type, such as the self-
synchronizing
> stream cipher, and in that case the PRNG isn't even present.
>
Finally that makes sense. So basically the PRNG is only one building
block (like a key schedule in a block cipher). What if the PRNG is
inherantly intractable though (like BBS) there is no combiner then?
So it's more a general rule
Stream cipher = Combiner(PRNG)
Where Combiner is the function (could be an identity in the case of
BBS, or something more complex...)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Stream Cipher != PRNG
Date: Sun, 11 Jul 1999 12:48:34 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > ... Yes, stream ciphers generally *are* built with PRNGs.
>
> No, they are not.
But the output of a key stream generator (stream cipher) has to mimic a
RNG, since it's not truly random, it must be a PRNG.
I think we are cought up in terminology. From what I understand now a
PRNG normally forms some base structure, which is used in a 'combiner'
to form a non-linear output.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Short Key and Short Data -- XOR ???
Date: Sun, 11 Jul 1999 12:51:26 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Randy Given) wrote:
> >1. Use a good pseudorandom number generator to expand the key into
more
> >key bits. (By the way, the keys in your application are really quite
> >short. You can't expect much security from them, especially the
shorter
> >ones. I hope your application doesn't require a high level of
> >security.)
>
> It doesn't. There are many things I know which have strong
> security with much longer keys. This limitation is trying to
> get the best bang-for-the-buck with a minimal set. No doubt
> that the "security" is laughable.
Use a PRNG then. If security is not a big issue. Try something like a
additive generator. They are fast and easy to build. They will only
keep your 'kid sister' away though, which seems like what you need.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Help with RNG Stats
Date: Sun, 11 Jul 1999 12:54:53 GMT
In article <7m8utd$j52$[EMAIL PROTECTED]>,
Clinton Begin <[EMAIL PROTECTED]> wrote:
> I need the opinion of a math genius or two. Below are the DIEHARD
> results for my random number generator. I would like to use this RNG
> in a cryptography application. Is there anyone out there able to give
> me a general reaction (opinion) to the results below?
Normally the statistical output is the foundation of the PRNG theory.
For security reasons you would want to attack the PRNG not it's output
(sorta). Like for example a LFSR can be broken with n bits of output
(and you can have a few missing). Post a description of the PRNG which
is more usefull.
>From what I know about DIEHARD you want p-values around 0.5 which means
statistically indepedant. I haven't used it much (don't really believe
in RNG tests).
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Creating a key
Date: Wed, 14 Jul 1999 23:53:09 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> Can anybody explain me how from char password is created binary
> key for encryption . Is it only simple substitute binary code for char
> or maybe something else ? .What about case when password is too
> short ?.For example key is 256 bit long and we have only ten char
> password.Should we use zeros for rest of lacking bits ??
>
When you talk of characters, the size of set is important. Presume that
you used only alphabetic ones, ours is 26, yours is probably different;
You could roughly convert 1 character to between 4 and 5 bits, ten
characters would be between 40 and 50 bits, allowing for weird, non-text
sequences of letters.
Whatever mechanism that produces the 256 bit key you have will need X
characters to work on. But, you have less than X. We can talk of fancy
methods, but simply concatenating the lesser string you entered with
several copies of itself until you get the needed number of characters is
fine. After all, by using a short string, you voluntarilly have chosen a
weaker key.
Normal text should only give you one to three bits of useful key per
character, regardless of whether you use ASCII or an limited alphabet for
input; if your ten characters are something a common word, you only have10
to 30 real bits of key input...now, that's insecurity!
Knowing the above, a good key generation scheme might require you to use
lots more characters than you would like. Being advised to use just a few
is bad advice; eight or ten is bad advice, but the kind of thing we get
from government so it won't be inconvenienced when it tries to break your
key.
--
Most wrestlers and politicians seem to have pretty the same
agenda, seek various kinds of by appearing to do things they are
not doing, catering to specialty groups of supporters, and as a
result of deals, learn to take falls when they know better. Those
who do not go along tend to be excluded and punished.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
