Cryptography-Digest Digest #904, Volume #9 Sun, 18 Jul 99 04:13:03 EDT
Contents:
Re: NBE crap and snake oil (wtshaw)
Re: A few qustions on encryption (wtshaw)
Re: Deal for cracking ! (wtshaw)
Math, Math, Math (Person)
Re: Diffie-Hellman (Tom McCune)
Re: Crypt FAQ Comments : New Topics (Keith A Monahan)
Re: Crypt FAQ Comments : New Topics (David A Molnar)
Re: Math, Math, Math (SCOTT19U.ZIP_GUY)
Re: Math, Math, Math (David A Molnar)
Re: randomness of powerball, was something about one time pads ("Douglas A. Gwyn")
Re: randomness of powerball, was something about one time pads ("Douglas A. Gwyn")
Re: SkipJack source??? (JPeschel)
Re: How Big is a Byte? (was: New Encryption Product!) ("Douglas A. Gwyn")
sexism in language (was Re: How Big is a Byte?) (Natarajan Krishnaswami)
Re: Xor Redundancies (JPeschel)
Re: Math, Math, Math ("Douglas A. Gwyn")
Re: Xor Redundancies ("Douglas A. Gwyn")
Re: Benfords law for factoring primes? ("Douglas A. Gwyn")
Re: Funny News ("Douglas A. Gwyn")
Re: Math, Math, Math ("Douglas A. Gwyn")
Re: obliterating written passwords ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: NBE crap and snake oil
Date: Sat, 17 Jul 1999 19:53:37 -0600
In article <7mqbdk$57c$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Keith A Monahan) wrote:
> I haven't looked at that Virtual Calc (and don't plan to) but doesn't this
> Numerical Base Encryption just stink of snake oil?
>
> I'll bet you I could compare that snake oil faq and get about a 90% hit...
>
> Keith
>
> P.s. I haven't seen scottu19 or whatever the heck that other snake oil is
> around lately, whats wrong? :)
Happiness is finding yourself at home with your own familiar snakes. NBE
has some good ideas, but if the dread of unfamiliar snake oil gets you to
avoid being analytical, you are setting yourself up with a set of
blinders, one of the basic logical falasies being name calling.
--
Encryption means speaking in turns.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: A few qustions on encryption
Date: Sat, 17 Jul 1999 19:39:48 -0600
In article <[EMAIL PROTECTED]>, "Krishna Sawh"
<[EMAIL PROTECTED]> wrote:
> I took two text files (file1 and file2) both the same contain the
> same data and the same size (50k), but file2 has one byte which is
> different. I encrypted the both files with the same key, when I
> compared each byte of the encrypted files I found all but 300 bytes
> were the same, I was just wondering if an algorithm exist that
> would encrypt file2 and be 99% different?
> Would this be a good form of encryption, if an algorithm dose not
> exist, where would I start in writeing one?
>
Scott, I have a hunch, is going to offer his solution. This is the old
avanache argument taken to extremes.
I suspect that the algorithm you are using works with segments or blocks
in some manner.
There is an alternative tract of thinking that says that each encryption,
even of the same plaintext, should result in different results. Well, you
say, how many results are possible? The algorithm should be designed to
have a known diversity for output.
The classical Granpre cipher is illustrative of having a few alternative
for common characters, perhaps none for others. This is on the right
track for gaining strength however. One thing quickly noted is that there
is an input in ciphertext information over plaintext. This will occur
with any algorithm that has more plural alternatives for all or part of
ciphertext. Ideally, this increase should be slight. There are a number
of examples where a doubling, tripling or more of information is seen in
conjuction with getting the desired effect.
Your question, perhaps one of the most basic ones in cryptography, is
answered with algorithms that I call *Inductive*, which is, using logic
from the specific to the general. *Deductive* logic would be used in
decryption, and one of many possible ciphertexts will solve to the desired
plaintext. Ritter would call these types of ciphers *Homophonic*, but
that is also the name of a particular cipher, rathered patterned in its
options for characters.
Normal ciphers, if we could call them that, tend to match one plaintext
with one key to produce one ciphertext. This is merely translational, a
format change in effect, all on a painless plain, painless to implement,
and more or less painless to break.
Needless for me to say, I have a good solution in the form of an
algorithm: I'll simply take the words in this sentence, make a set of
keys and show you what I see as blocks of output for the same words
encrypted. I will not give you all 2^54 optional forms of output for the
same input; I'll give you three:
{AW@2H)`#^Q]XB=P!BA7F@SNQ+DV|#9PGG89[S]'O\:.*H-VR)&&
'CF=N#,YR,\-'ES.I7B>=V/3\==5(H*+;F#[YZO@*=$9VRZE>8*
WYYTT0;8Z@VU8-O\`WBE6',O&N,`608_2Y@R)BQ?62#V5V~ }
{;8-KVUR7:,'8QABOC>S|8-8PU,("42:210:-((!@KCJZ*`-FS!\
PE\S,>8-/`6'3'*?+\>A$O#^55>"[@+I),GXU8FEG./NTV::N%!
;Y9??Q|#-B_!#B/I!Z$$3D|H5.Z`"J]'](&DY.9)=7K<N#~ }
{".DX$@0R%S:O>P0;BXXH]U3JH@P,R1#J-7>-*TX.B!WHO5L;AWD
;@-@\.R]Q1;-I-6]U:,4:AEA^EU51X4#1\<0&:SV,#3.4W^U@U;
R)|B0E"CL@@9K12AT8TY%=:Q'W5FW704<.]=(MT/8&11|<~ }
Each decoding to the same: I'll simply take the words in this sentence,
make a set of keys and show you what I see as blocks of output for the
same words encrypted.
Here, were only a few characters, but for longer messages, many *blocks*
of characters would be done, each one independently. Having multiple
ciphertexts means making it difficult to solve. Just how to get this
effect is a subject of much debate.
(For chronic readers, please note that I did not even name the algorithm
many of you know of, but present the information for consumption as the
best answer to the question posed.)
--
Encryption means speaking in turns.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Deal for cracking !
Date: Sat, 17 Jul 1999 19:49:02 -0600
In article <7mrfar$aku$[EMAIL PROTECTED]>, "DoktorWHO"
<[EMAIL PROTECTED]> wrote:
> Hello there !
>
> I've developed a crypto and want to test its stability !
>
> If anyone is interested, lemme know..
>
> {200$ for the first one to crack !!}
Promise to stay out of your torus? Meanwhile, most are interested in
either of two types, something devious, simple, and promising to be hand
solvable, or something rather difficult to deal with, even if the
algorithm is known...strength solely in the keys.
You are encouraged minimally to post a brief description of the algorithm,
which should lead to questions about it, and perhaps need for you to post
a better description. I welcome hearing here from all who try to think
about crypto in a productive manner.
--
Encryption means speaking in turns.
------------------------------
From: Person <[EMAIL PROTECTED]>
Subject: Math, Math, Math
Date: Sat, 17 Jul 1999 18:04:40 -0700
I`m a college student... I`m majoring in computer science but I would
like to specialize in cryptographic algorithms. Thus far, In addition to
my general education curiculum and computer science courses, I`ve
completed the following courses at the community college where I go to
school...
beginning algebra
intermediate algebra
pre-calculus
calculus I
calculus II
In addition to the above courses, I will also complete the following
courses before I transfer...
calculus III
linear algebra
differential equations
discrete mathematics
boolean algebra
So here is my question. Which mathematics courses should I take in the
upper division level in order to learn the necessary mathematics to
study and develop cryptographic algorithms ? I`m probably going to
atleast get a minor in mathematics. But I may also double major in
mathematics and computer science. Which mathematics courses should
I take ?
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Tom McCune)
Subject: Re: Diffie-Hellman
Date: Sun, 18 Jul 1999 01:28:02 GMT
=====BEGIN PGP SIGNED MESSAGE=====
>PGP uses the PK encryption only for key-exchange. At least in recent
>versions, the message itself is encrypted using IDEA.
In addition to IDEA, versions of PGP since 5.0 also use CAST and Triple DES
for the symmetric encryption.
=====BEGIN PGP SIGNATURE=====
Version: 6.0.2ckt -Tom McCune PGP Pages: http://www.borg.com/~tmccune/PGP.htm
iQEVAwUBN5Etm2R4bNCQMh9JAQF/wAf+OMRmVhGvIe+p6klFaApxaox9i2YyO4ql
2g7GaGhhngGBnDZtjcqgCiInCxW+QfCeUHQ8uaopLJqgd5cf2AnUEQebcaS3zFCs
NfDY9P5Xt/xxzx/dEE+kjJy+xi/lchGa82M/8TgAVg/k4Q9CbW/NghpqDVBWBHZa
8bgg+QYtoP43ATxpaLG9Q4IZx797dI4UhNie8udClPp4eIfGp8Dp7nbYXcjJNqET
eoyuXCfIKOjH2N05wYy8oAA7KJMIDUCy7sCnWm4M4dVpXNTcLeB0XghW6zAPNUEO
2ej4ePIX6crNpFHCYVAwDpJEHhDeX4bqKre8ybyfeg3nksAKQEMY5Q==
=2A+3
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: Crypt FAQ Comments : New Topics
Date: 18 Jul 1999 01:52:42 GMT
All excellent suggestions.... additionally, it would be great to see
it just updated.... I believe it hasn't changed it quite some time,
and lord knows the state of cryptography has...
Keith
David A Molnar ([EMAIL PROTECTED]) wrote:
: Here's some suggestions for possible new topics (or expansions of old
: ones) in the sci.crypt FAQ :
<suggestions deleted>
: Thanks,
: -David Molnar
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Crypt FAQ Comments : New Topics
Date: 18 Jul 1999 02:34:15 GMT
Keith A Monahan <[EMAIL PROTECTED]> wrote:
> All excellent suggestions.... additionally, it would be great to see
> it just updated.... I believe it hasn't changed it quite some time,
> and lord knows the state of cryptography has...
Well, this is all in response to the notice in the latest posting of the
first part of the FAQ. It informs us that a project to update the FAQ is
underway right now, and that we may post comments. If you have any
particular favorite areas -- or dislike parts of the current FAQ -- now
seems like a good time to post 'em.
-David Molnar
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Math, Math, Math
Date: Sun, 18 Jul 1999 05:44:39 GMT
In article <[EMAIL PROTECTED]>, Person <[EMAIL PROTECTED]> wrote:
>
>I`m a college student... I`m majoring in computer science but I would
>like to specialize in cryptographic algorithms. Thus far, In addition to
>my general education curiculum and computer science courses, I`ve
>completed the following courses at the community college where I go to
>school...
>
>beginning algebra
>intermediate algebra
>pre-calculus
>calculus I
>calculus II
>
>In addition to the above courses, I will also complete the following
>courses before I transfer...
>
>calculus III
>linear algebra
>differential equations
>discrete mathematics
>boolean algebra
>
>So here is my question. Which mathematics courses should I take in the
>upper division level in order to learn the necessary mathematics to
>study and develop cryptographic algorithms ? I`m probably going to
>atleast get a minor in mathematics. But I may also double major in
>mathematics and computer science. Which mathematics courses should
>I take ?
>
>[EMAIL PROTECTED]
>
You might try taking geometrey eucldean and non euclidean
even cousres useing karno maps and cubical complexes might
help also take C and look at what I and others have done.
Oh sorry about the spelling I suck at that.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Math, Math, Math
Date: 18 Jul 1999 05:39:52 GMT
SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
> You might try taking geometrey eucldean and non euclidean
> even cousres useing karno maps and cubical complexes might
> help also take C and look at what I and others have done.
> Oh sorry about the spelling I suck at that.
Why does geometry help? I'm just asking (not a snide question),
since it's not obvious to me right now how it's as useful as, say, knowing
everything about algebra. Do you consider elliptic curves part of
geometry?
Thanks,
-David Molnar
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Sun, 18 Jul 1999 06:34:19 GMT
Jerry Coffin wrote:
> If you look, you'll find that what you've just posted bears no
> relationship with the description that was originally posted.
But it does bear on my original message to which *you* replied.
The point of "sucker bets" is that there is an obvious, simple,
but as it turns out, wrong, way to analyze the game; that's
why people agree to play it. I have never before heard of the
dice game in the original message being actually played, as not
even a sucker would play it, so I suggested that the description
needed a correction, after which the game has even odds. On the
other hand, the *actual* version of Chuck-a-Luck (which is neither
of those) *has* been a staple at carnivals, etc., because the
marks think it offers no worse than even odds, and some (erroneous)
ways to analyze it make it seem like a winning proposition for the
player.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Sun, 18 Jul 1999 06:36:02 GMT
fungus wrote:
> Completely wrong analysis....
It's right for the game that was originally described.
However, I maintained from the outset that that description
must be in error.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: SkipJack source???
Date: 18 Jul 1999 07:02:14 GMT
>[EMAIL PROTECTED] writes:
>I thought that SkipJack was supposed to be a complete and total
>secret...and yet here it is:
>ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/skipjack/
Skipjack hasn't been a secret for quite some time. Even before NIST
revealed it Schneier and others speculated on Skipjack's
design. You'll find links to the Skipjack description, an implementation,
and attacks on the cipher on the "Algorithms and Attacks" page of my
web site.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Sun, 18 Jul 1999 07:08:37 GMT
wtshaw wrote:
> Come, to think of it, base one is noncomputational as well.
No, base one is the common "tally mark" notation, which does work.
------------------------------
From: [EMAIL PROTECTED] (Natarajan Krishnaswami)
Crossposted-To: alt.folklore.computers
Subject: sexism in language (was Re: How Big is a Byte?)
Date: 18 Jul 1999 02:54:16 GMT
Reply-To: [EMAIL PROTECTED]
Wow, this is a long, off-topic cross-post. As much as I'm enjoying
this, it's probably pissing a bunch of people off. If you'd like to
respond, I'd be glad to continue my ravings in email. ;-)
Followups set to poster.
On Sat, 17 Jul 1999 17:07:27 GMT, Peter Seebach <[EMAIL PROTECTED]> wrote:
> That change breaks too much existing code.
:-P
We're still able to read (and even enjoy!) Shakespeare. I guess we
have significant backwards compatibility. (No doubt due, in large
part, to our excellent error-correction facilities.)
> A lot of people have decided to "reject" that position, mostly based on
> made-up etymologies or false claims about the historical origins of our
> current set of words.
That's a little disingenuous: the most obvious example here is
"history"/"herstory", which, the last time this discussion happened in
sci.lang, was demonstrated fairly conclusively to have been coined
explicitly to make a point, not to purport etymology. From a feminist
viewpoint, historical origins of words and usage are of marginal
relevance compared to current usage and perceptions of meanings. If
the pronoun 'he is not usually perceived as generic, then that it is
used as such may be considered a symptom of a systematic
disenfranchisement of women in society.
The (empirically verified) argument is that some English linguistic
structures tend to reinforce stereotypes of male as normal, and female
as deviant. Since feminism is an attack on a worldview (one that
inculcates politics, culture, language, etc.), the critique must
extend to all relevant domains.
(Also, languages don't exist in vacuo. They are living, changing
entities that reflect the worldviews (and prejudices) of their
speakers, and they change for many reasons (even unreasonable ones
;-). E.g., consider that the introduction of the large number of
Norman French words in 1066 resulted from its overtly political
status: the aristocracy spoke French. Now, nearly a millenium later,
it's considered just another (value-neutral) historical factor in the
evolution of the language.)
Or one might argue that language is always political, because people
are political. Statements like cultural or group identity are a
common reason for choosing a certain diction, dialect, language, etc.
(ObAFC: Just look at IBM. We *still* call disks DASD and RAM storage,
and IPL our systems instead of booting them. ;-)
> It would be a shame, though, because we'd lose a lot of very expressive text.
> "Man's inhumanity to man" is a much more elegant phrase than anything you can
> do once you lose that usage.
As I mentioned above, we still appreciate Shakespeare. Such language
wouldn't go away. Besides, it leads to some pretty absurd-sounding
things, too (like the one at the end of the last post, "Man, being a
mammal, breastfeeds his young"). Language changes probably don't
cause a loss of expressivity, because expressivity of a language is
ill-defined ;-). You happen to find the phrasing to be consonant and
aesthetically pleasing. Most likely, whatever replaces it will be
perceived as wieldy and consonant for those accustomed to it. (IMO,
"the human capacity for inhumanity" is not really less euphonious than
"man's inhumanity to man".)
BTW, regarding that particular phrasing (generic 'man): there was a
study of second(?)-graders who were given a list of chapter titles of
a social studies book, like "Industrial Man", "Man the Hunter", etc.,
and when asked if these could include women, most thought not; this
suggests that such usages aren't typically perceived as being generic
during childhood (i.e., when stereotypes get internalized). Sorry I
can't offer a cite; I forget where I read it, so I can't look it up.
As an aside, I subscribed to a similar view to the one Mr. Seebach
describes, until I read a article by Douglas Hofstadter four years
ago, "A Person Paper on Purity in Language", where he made a
satirarticles70e of an argument in favor of traditional usage of 'he
as generic, but changed to use race instead of sex. (It's in the
collection "Metamagical Themas" of his Sci.Am. stuff.) An excerpt:
... the libbers propose that we substitute "person"
everywhere "white" now occurs. Sensitive speakers of our
secretary tongue of course find this preposterous. There is
a great beauty to the phrase "All whites are created equal."
Our forebosses who framed the Declaration of Independence
well-understood the poetry of our language. Think how ugly
it would be to say "All persons are created equal," or "All
blacks and whites are created equal." Besides, as any
schoolwhitey can tell you, such phrases are redundant. In
most contexts, it is self-evident when "white" is being used
in an inclusive sense, in which case it subsumes the members
of the darker race just as much as the fairskins. ...
<N/>
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Xor Redundancies
Date: 18 Jul 1999 07:27:52 GMT
>Douglas A. Gwyn" <DAGwyn>
>What in the world is "Xor Encryption"? Every so often, somebody uses
>that term. XOR itself is a binary Boolean operation, equivalent to
>addition in GF(2); that's not encryption. The XOR operation is used
>in several cryptosystems, so it is unclear which one might be meant.
I think he was talking about a polyalphabetic substitution cipher --
a Vigenere of sorts. Substitutions are made by XORing the plaintext
with a repeated key: the password. Schneier mentioned in AC2,
a few years ago, that quite a few commercial programs tout the
toy cipher as unbreakable. Quite a few still do.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Math, Math, Math
Date: Sun, 18 Jul 1999 06:55:18 GMT
Person wrote:
> So here is my question. Which mathematics courses should I take in
> the upper division level in order to learn the necessary mathematics
> to study and develop cryptographic algorithms ?
Also check out the EE or CS curriculum.
Required:
Linear algebra (eigenvalues, singular value decomposition).
Abstract algebra (groups, rings, finite fields, Galois theory).
Number theory.
Graph theory.
Probability and statistics (Markov processes, hidden Markov models).
Signals and communications (Eb/No, modulation, Fourier analysis).
Coding theory.
Information theory (Shannon, Kullback-Leibler).
Helpful:
Category theory.
Complex analysis.
Topology (fixed-point).
Fuzzy sets.
Recursive function theory (complexity).
Cryptology.
If you really want to do a good job, you almost have to be interned
at one of the top cryptologic agencies; there is just too much that
is not taught in college courses.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Xor Redundancies
Date: Sun, 18 Jul 1999 07:03:52 GMT
[EMAIL PROTECTED] wrote:
> I realize that Xor Encryption is very redundant, and can be cracked
> very easily.
What in the world is "Xor Encryption"? Every so often, somebody uses
that term. XOR itself is a binary Boolean operation, equivalent to
addition in GF(2); that's not encryption. The XOR operation is used
in several cryptosystems, so it is unclear which one might be meant.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Benfords law for factoring primes?
Date: Sun, 18 Jul 1999 07:14:55 GMT
[EMAIL PROTECTED] wrote:
> OK, but let's get the rules straight. Am I to _certify_ that the
> number is prime before you factor it, or will you determine the
> primality, ...
My algorithm only works for prime numbers.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Funny News
Date: Sun, 18 Jul 1999 07:22:35 GMT
[EMAIL PROTECTED] wrote:
> It is an open secret that the FBI is lobbying congress on many topics
> in violation of the strict rules against such efforts. Similarly
> there are explicit rules that forbid the BATF from computerizing FFL
> records, yet there is a data center in WV engaged in precisely this
> activity.
Not just rules, but a law passed by Congress. Note that this violation
of the explicit law is not being done in secret, but openly; the policy
seems to be, "we'll do whatever we want, if we think we can get away
with it". That policy goes all the way to the top, and is successful
largely due to the populace being so easily misled, which is at least
in part to do with the government-run educational system having made
sure that the public cannot analyze their way out of a paper bag.
> The government is now too large and too complex for anyone to detect
> what it is/isn't doing. Why is the NSA/DIA different?
"The government" is not an organism in itself, but consists of people.
If something like spying on our own citizens is occurring, you can be
sure that there are many people who know about it. A better issue is,
why would they condone such activity?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Math, Math, Math
Date: Sun, 18 Jul 1999 07:00:07 GMT
David A Molnar wrote:
> Why does geometry help?
I don't think it's essential, but it can be helpful, since good
geometric intuition can help with some mathematical problems,
for example, cluster analysis. There is another example in a paper
by Wyllys called "This Matrix Business" that appeared in three
parts in the NSA Tech. J. (the first two parts are unclassified),
where a linear-algebra problem is cast in terms of nearest point
to a plane, etc.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: obliterating written passwords
Date: Sun, 18 Jul 1999 07:15:44 GMT
Lincoln Yeoh wrote:
> Burn it and flush it down the toilet.
After eating it, as pointed out elsewhere in this thread.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
