Cryptography-Digest Digest #894, Volume #9 Sat, 17 Jul 99 02:13:03 EDT
Contents:
Re: SkipJack source??? (David A Molnar)
Re: obliterating written passwords (James Pate Williams, Jr.)
Re: Why public key in PGP ([EMAIL PROTECTED])
Re: obliterating written passwords (wtshaw)
Re: obliterating written passwords ("Douglas A. Gwyn")
Re: Properly Seeding RNGs (Boris Kazak)
Re: Funny News ("Douglas A. Gwyn")
Re: Funny News ("Douglas A. Gwyn")
Re: randomness of powerball, was something about one time pads ("Douglas A. Gwyn")
Re: How Big is a Byte? (was: New Encryption Product!) ("Douglas A. Gwyn")
Re: huffman code length (Tom Lane)
Re: Properly Seeding RNGs ("Douglas A. Gwyn")
Re: randomness of powerball, was something about one time pads ("Douglas A. Gwyn")
Re: Molecular-Computing and DES (Anti-Spam)
Re: Funny News ("Douglas A. Gwyn")
Re: Funny News ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: SkipJack source???
Date: 16 Jul 1999 23:47:15 GMT
[EMAIL PROTECTED] wrote:
> I see. You wouldn't happen to know when that happened would you?
According to
http://www.cs.technion.ac.il/~biham/Reports/SkipJack/note1.html
june 24, 1998 was the date. There are also links to some analysis
made by Eli Biham at this site as well.
-David Molnar
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: obliterating written passwords
Date: Fri, 16 Jul 1999 23:00:33 GMT
On Fri, 16 Jul 1999 22:15:52 GMT, [EMAIL PROTECTED] wrote:
>I occasionally jot down a password, or social security number
>or such, consisting of a handful of numbers and letters. I
>later attempt to obliterate it by writing random numbers and
>letters over all the original numbers and letters, several times.
>
>Suppose you are given that piece of paper and told to find the
>original password. How easy is it? What attacks are available?
>More to the point, what can I do to obliterate it better? I'm
>not expecting NSA to attack it, just other devious citizens.
>
>- Bob Jenkins
>http://burtleburtle.net
>
>PS Originally I just scribbled over the password, but I found
>that the imprint of letters is easily distinguishable from
>any amount of random scribbling.
You could invest in a good shredder. By the way does the NSA consist
of devious citizens?
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Why public key in PGP
Date: Fri, 16 Jul 1999 23:09:15 GMT
In article <7mo5ij$j8l$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Patrick Juola) wrote:
> >The public key can be used for decryption.
>
> But not usefully if it was also used for encryption. You're not
> usually this dense, Mr. St. Denis.
What are you talking about? You can switch the keys around all you
like. It's just not easy to find one without knowledge of the
factoring of the modulus (RSA). You could for example keep the keys
private and use them for encryption/decryption... If neither person has
(p,q) they will not know each others private key.. (why you would do
this is beyond me).
>
> > What do you think RSA verifying is?
> In context, I think it's irrelevant and misleading.
>
> Let me make this perfectly clear : If I *encrypt* with the public
> key, then you cannot use the public key to obtain access to the
> message without using cryptographic methods which I believe to
> be beyond your capabilities.
>
> More colloquially, you cannot decrypt with the public key -- you
> can verify a signature with a public key, but that's a different
> operation. Of course, in RSA these two operations are implemented
> identically, but that's not the case in other systems.
Actually all signing methods are encrypt/decrypt variants. you have
to 'encrypt' the signature with your private info and they 'decrypt' it
with your public info. If you can't decrypt the encrypted signature
then you can't verify the document. If you don't 'encrypt' the hash
then others could modify it.
How the algorithm works is not important for this point though.
> >You have to distinguish between hard-to-do and impossible-to-do.
It's
> >possible for me to take your key and find the private key. It's
really
> >hard for me to do that but it's not impossible.
>
> Which is why, in context, we were distinguishing between three groups;
> the holder of the private key, the NSA, and everyone else.
Why does everyone assume the NSA really cares? I think the trust
should not only be placed in the private key. In Bruce S. speech at
HOPE he talks about other issues that effect the security.
I think saying things like 'nobody else can decrypt ...' is misleading
because it simply is not true. It's impractical to decrypt the message
(factoring appears to be hard) but not impossible. For example 56-bit
keys were impossible to brute force using 1970 computers... Now it's a
joke for a dedicated attacker. Same for factoring where before 100
digit numbers were 'hard' are now a joke. We will continue this trend
until current computers hit their limits then we will move on (optical
IC's are new now, quantum computers may become somewhat practical...)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: obliterating written passwords
Date: Fri, 16 Jul 1999 19:00:59 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> >
> > PS Originally I just scribbled over the password, but I found
> > that the imprint of letters is easily distinguishable from
> > any amount of random scribbling.
> >
Try a chalk board, or lipstick on a mirror, writing implement borrowed I
hope. Or, use a fine shredder. Anyway, if you garbage men arrive in
suits to pick up your trash, you have problems too big for us to help you
with.
--
Most wrestlers and politicians seem to have pretty the same
agenda, seek various kinds of by appearing to do things they are
not doing, catering to specialty groups of supporters, and as a
result of deals, learn to take falls when they know better. Those
who do not go along tend to be excluded and punished.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: obliterating written passwords
Date: Sat, 17 Jul 1999 04:11:39 GMT
[EMAIL PROTECTED] wrote:
> Just burn it....
And stir up the ashes.
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: Properly Seeding RNGs
Date: Fri, 16 Jul 1999 20:43:43 -0400
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
>
> This is being used to encrypt files. However, the user's password is never
> anything outside of to characters on the keyboard. So I should strip only a
> few bits from each character? That would not be a lot of random bits....
===================
One of possible workarounds involves asking user for a "composite"
password like this:
(prompt)>Enter the first part of your passphrase: xxxxxxx(Enter)
(prompt)>Enter the second part of your passphrase: xxxxxxx(Enter)
(prompt)>Enter the third part of your passphrase: xxxxxxx(Enter)
or even more if necessary. The important thing is not to give any
"bad passphrase" message in the middle of procedure, otherwise the
system becomes prone to _divide and conquer_ attack.
Best wishes BNK
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Funny News
Date: Sat, 17 Jul 1999 04:36:14 GMT
Bob Silverman wrote:
> The NSA does NOT, repeat, NOT get involved in domestic law
> enforcement. They are prohibited from doing so by law.
That is not as true as it once was. In Administrations that don't
feel bound by laws, "executive orders", "presidential directives",
"policies", etc. are often substituted for law. The current
situation is that NSA is not supposed to *try* to intercept
domestic traffic, unless there is reason to believe that it has
some foreign involvement, but if they just *happen* to obtain
domestic traffic in their monitoring (which of course is highly
probable), they can relay it to other agencies (e.g. FBI) that are
not bound by such constraints.
> And there are watchdog committees who watch this quite carefully.
>From watching the "oversight" committees, it seems that usually
they believe what they are told by the (political) heads of the
agencies they monitor.
> If indeed the FBI asked the NSA to break a cipher that the *FBI*
> intercepted, and it was a criminal matter that came to court, then
> you can be sure that the fact that the NSA broke a cipher would
> become public.
No, because normally in such circumstances that piece of evidence
is not used in the prosecution. Almost always, other evidence
sufficient to prosecute can be obtained once the initial break
has occurred.
Occasionally, solid criminal cases have not been prosecuted at all,
in order to protect methods and sources.
> Why is it that all these people seem to think the NSA has magical
> powers and is above the law???
It's a natural consequence of the long tradition of utter spookness.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Funny News
Date: Sat, 17 Jul 1999 04:41:22 GMT
[EMAIL PROTECTED] wrote:
> ... I don't think they can jump on things (like Dave Scott says)
> with unhuman speed and power (i.e factor 200 digit numbers).
Well, the thing is, so far as we all know, the task is feasible once
one knows the trick, and if the Agency knows how, they can keep it
secret for quite a while. There are previous examples of similar
secrets being kept for several decades. The thing is, you just
don't know one way or the other -- so it is not safe to assume it
cannot be and is not being done.
I think there *are* some potential breakthroughs that could not be
kept secret for very long, for example if a practical teleporter
were constructed.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Sat, 17 Jul 1999 04:56:10 GMT
fungus wrote:
> A simple proof that they aren't goes as follows:
> This game is actually played in carnavals and casinos. ...
What's played there is Chuck-a-Luck as I described it,
where the payoff is the same for 1, 2, or 3 shows of
your chosen number, not the originally cited game where
the payoff is proportional to the number of shows of
your number. The latter can be factored into orthogonal
subproblems: each die's contribution is *independent* of
what goes on with the other dice, so the per-die outcome
can be scaled up simply by multiplying by the total
number of dice (3 x 1/6). The former (Chuck-a-Luck)
has expected outcome 1/6 + 5/36 + 25/216 (where the
terms can be found by the survivor rule), which is
less than fair (1/2).
Code up a simulation, carefully, and report back to us..
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Sat, 17 Jul 1999 04:19:08 GMT
donald tees wrote:
> Nothing is gender-neutral.
So is hammer, love, and foolishness.
------------------------------
From: Tom Lane <[EMAIL PROTECTED]>
Crossposted-To: comp.compression,alt.comp.compression,sci.math
Subject: Re: huffman code length
Date: 17 Jul 1999 00:16:52 -0400
[EMAIL PROTECTED] writes:
> It appears that Tom Lane made the same mistake I did when I figured
> that if I used 15 bit counters to count the symbol frequencies, that I
> could be guaranteed a minimum frequency
> of 1 out of 2^15 and therefore (erroneously) the maximum symbol length
> would be about 16 bits. The maximum symbol length could be far longer
> than that, so I'm thinking about using the depth-limited near-Huffman
> compression Tom Lane mentioned.
I did learn better some years ago ;-). One thing to keep in mind
here is that this stuff is not really significant unless you are
building a Huffman coder or decoder that has an implementation
limit on the maximum code length it can cope with. Rejiggering
the lengths of bottom-frequency symbols may make the code not
strictly optimal per Huffman's proof, but it obviously cannot
have much impact on the overall compression rate --- if those
symbols occurred often enough to be significant, they'd have
gotten shorter codes. (I learned *that* after implementing
an extremely complicated algorithm for computing an optimal
limited-length code tree, only to find that it outperformed
the approximate method recommended in the JPEG spec by a
spectacular 0.001% on real-world images...)
Now there are a lot of fast Huffman bit-pushing methods that
do want a short limit on the max code length, so these length-
limited almost-Huffman codes do have considerable interest in
practice. Just don't get carried overboard about the difference
between optimal and almost-optimal codes.
regards, tom lane
organizer, Independent JPEG Group
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Properly Seeding RNGs
Date: Sat, 17 Jul 1999 04:14:43 GMT
[EMAIL PROTECTED] wrote:
> This is being used to encrypt files.
Don't you need to decrypt them later?
In which case you have to store the "seed",
which is itself a potential vulnerability.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Sat, 17 Jul 1999 05:03:37 GMT
Jerry Coffin wrote:
> /* pay to play the game
> */
> money --;
> ...
> /* check for matches
> */
> for (i=0; i<num_dice; i++)
> if ( dice[i] == pick)
> money++;
Obviously one expects to lose half a buck per play that way.
Try
money = 0;
for ( i = 0; i < num_dice; ++i )
if ( dice[i] == pick )
++ money; /* payoff for this die */
if ( money == 0 )
-- money; /* you lose your bet */
I also don't vouch for the uniformity of your 0..6 generator,
but that's a relatively minor issue compared to the above.
------------------------------
Date: Fri, 16 Jul 1999 21:47:40 -0700
From: Anti-Spam <[EMAIL PROTECTED]>
Subject: Re: Molecular-Computing and DES
David A Molnar wrote:
>
> James Pate Williams, Jr. <[EMAIL PROTECTED]> wrote:
> > chosen-plaintext attack that requires less time. Has
> > the key experiment been openly performed?
>
> Lenoard Adleman kicked off the whole "brute force with
> molecular bio" craze by experimentally solving an instance
> of a travelling salesman problem. So some experimental work
> has been done. I'm not sure what the current state of the
> art is, however.
>
> -David
Best book I've read/seen so far on the subject is
"DNA Computing: New Computing Paradigms", by Gheorghe Paun, Grzegorz
Rozenberg and Arto Salomaa, Springer, 1998. ISBN 3-540-64196-3,
http://www.springer.de.
Chapters include:
DNA: Its Structure and Processing
Beginnings of Molecular Computing (with a fine review of DES cracking
with a Sticker System)
Introduction to Formal Language Theory
Sticker Systems
Watson-Crick Automata
Insertion-Deletion Systems
Splicing Systems
Universality by Finite H Systems
Splicing Circular Strings
Distributed H Systems
I freely admit that by the time I got to the last two chapters I found
myself working very hard to understand the descriptions of the
capabilities of splicing and Finite H systems to generate and recognize
the families of languages attributed to them.
The chapters of Sticker Systems, Watson-Crick Automata and
Insertion-Deletion Systems are worth the work (IMHO)in
reading/understanding the math. The authors did an excellent job
pointing out the information-theoretic computational capabilites and
limits of finite state machines and Universal Turing Machines
implemented as DNA - and thus the kinds of languages (strings) they can
recognize and what they cannot recognize.
It's not a primer on how to build DNA computers. It does provide a fair
appreciation of what these machine COULD do when the engineering is
"worked out."
[EMAIL PROTECTED]
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Funny News
Date: Sat, 17 Jul 1999 04:24:51 GMT
By the way, the US Congress has been moving forward toward
legislating strict encryption controls; the committee considering
the proposal approved it unanimously. If you want to stop this
brazen attempt to control innocent free speech, you'd better
call your Congressmen right away and tell them that you see
through the bogus arguments made by "law enforcement" (really,
by Clinton's political appointees Freeh and Reno).
Key escrow can be completely refuted by pointing out that actual
criminals will simply encrypt with a secure system before using
the escrowed-key system. As usual, the main effect will be an
adverse one on *non*criminals.
------------------------------
Date: Fri, 16 Jul 1999 02:04:09 -0400
From: [EMAIL PROTECTED]
Subject: Re: Funny News
Doug Stell wrote:
>
> On Tue, 13 Jul 1999 11:52:49 -0600, John Myre <[EMAIL PROTECTED]>
> wrote:
>
> >
> >[EMAIL PROTECTED] wrote:
> >>
> >> Watching CNN today I saw a clip of Janet Reno (hey wheres the blue
> >> dress?) and I semi-quote
> >>
> >> " Terroists can use encryption technologies making wiretaps effectively
> >> useless and crime prevention much harder ... "
>
> There is little doubt that encryption makes the job of the national
> security and law enforcement folks more difficult.
>
> >> Basically she was advocating the restrictions.
> >>
> >> My question is (this is an open question), What good do these
> >> regulations ACTUALLY provide? If a criminal breaks the law won't logic
> >> dictate they won't follow this law as well?
> >
> >The specific argument that control is useless because criminals
> >will ignore regulations is false logic. The gulf between "not
> >100% effective" and "useless" is quite wide. Making something
> >illegal will decrease its use: at least *some* criminals will
> >find it too hard, or too expensive, or too confusing, or just
> >won't use it correctly.
>
> The above response explains it quite well. The needle is easier to
> find if you can make the haystack as small as possible. If the use of
> encryption was pervasive, they would have a hard time telling who the
> bad guys are. Of course, this means that anyone who uses encyrption is
> *potentially* a bad guy.
This perspective is not useful because one of its fundamental axioms is
that everyone is potentially a bad guy; the people not in jail are those
that have not been caught yet. Given this, the use of encryption
provides only a redundant indicator.
>
> The big criminals, such as organized crime, drug trafficing operations
> and well-funded terrorists, will tend to have very good security,
> because they recongnize its value and have the resources to obtain it.
> The little guys, such as the local kid selling drugs, no only finds it
> too expensive, but may be too stupid to use it.
>
> >Of course, this is hardly the end of the debate. I've just
> >seen this particular error in thinking too often to let it go
> >without comment.
>
> Remember that there is more than one way to think about things and
> more than one way to accomplish the task. Those of us in the business
> tend to think one way and consider the other irrational, which it is
> to some extent. However, the other isn't totally useless, as the
> comments try to explain.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
