Cryptography-Digest Digest #917, Volume #9 Tue, 20 Jul 99 20:13:03 EDT
Contents:
Re: Looking for RC4 alternative ([EMAIL PROTECTED])
Re: (good) Calculator (Ian Goldberg)
Re: Traffic Analysis (Jim Dunnett)
Re: Summary of 2 threads on legal ways of exporting strong crypto (William Tanksley)
Re: Summary of 2 threads on legal ways of exporting strong crypto (Greg)
Re: Benfords law for factoring primes? (Bob Silverman)
Re: Benfords law for factoring primes? (John Savard)
Re: Replacing IDEA with Blowfish (SCOTT19U.ZIP_GUY)
Re: Music on CD - Great for around the house or dinner (Keith A Monahan)
Re: How to crack monoalphabetic ciphers (SCOTT19U.ZIP_GUY)
Re: randomness of powerball, was something about one time pads ([EMAIL PROTECTED])
Re: How Big is a Byte? (was: New Encryption Product!) ([EMAIL PROTECTED])
Re: randomness of powerball, was something about one time pads ([EMAIL PROTECTED])
Re: How Big is a Byte? (was: New Encryption Product!) ([EMAIL PROTECTED])
Re: randomness of powerball, was something about one time pads ([EMAIL PROTECTED])
Re: How Big is a Byte? (was: New Encryption Product!) ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Looking for RC4 alternative
Date: Tue, 20 Jul 1999 18:39:01 GMT
In article <LiSk3.8$[EMAIL PROTECTED]>,
"Greg Keogh" <[EMAIL PROTECTED]> wrote:
> Hello from Melbourne Australia,
>
> We are incorporating some software licence checking into our products
which
> are related to the optometry industry (see http://www.medmont.com.au).
Our
> checking is like Mathematica and AutoCAD where they make a hash out of
the
> system and ask for a complimentary key to activate the product.
>
> In our development environment we're using MD5 for hashing and RC4 as
a
> stream cipher.
>
> I think MD5 can be used freely in commercial software, if this is not
true
> please let me know and perhaps suggest an alternative function with
source
> code available.
>
> I know for certain that we CANNOT use RC4 in our release product (what
a
> shame, as it's so easy to code), so I'm really keen to hear of
alternative
> stream ciphers we can use for free. Our product is for a niche market
where
> only superficial hacking might be expected, so ease of coding is more
> important than super strength scrambling.
>
> Cheers,
> Greg Keogh <[EMAIL PROTECTED]>
> Medmont Pty. Ltd.
>
>
ISAAC,
http://ourworld.compuserve.com/homepages/bob_jenkins/isaacafa.htm
fits that description. So would WAKE and SEAL, I think, although I
don't have pointers to source for those. I think they are all
free and faster than RC4.
- Bob Jenkins
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Ian Goldberg)
Subject: Re: (good) Calculator
Date: 20 Jul 1999 19:17:56 GMT
In article <[EMAIL PROTECTED]>,
Vincent <[EMAIL PROTECTED]> wrote:
>Does anyone know a soft running under Linux or Windows able to compute big
>number operations and to write the result either in decimal or in
>hexadecimal notation?
Every Linux (or Unix for that matter) box I've seen recently has had both
bc and dc installed; those are both useful for your purposes.
yitzhak:~$ bc
bc 1.04
Copyright (C) 1991, 1992, 1993, 1994, 1997 Free Software Foundation, Inc.
This is free software with ABSOLUTELY NO WARRANTY.
For details type `warranty'.
obase=16
3^104
1C9040830AA8880352DFDF4C48E4FBA82690BE4521
yitzhak:~$ dc
16o 3 104 ^ p
1C9040830AA8880352DFDF4C48E4FBA82690BE4521
- Ian
------------------------------
From: [EMAIL PROTECTED] (Jim Dunnett)
Subject: Re: Traffic Analysis
Date: Tue, 20 Jul 1999 18:17:34 GMT
Reply-To: Jim Dunnett
On Tue, 20 Jul 1999 00:01:01 GMT, dave <[EMAIL PROTECTED]> wrote:
>There's a subscription newsgroup - "spooks.qth" devoted to the various
>numbers stations and other oddities that appear on the short- wave radio
>bands. They've got the message formats and directions down to the point
>where they assume to know what organisation is sending the message, and
>roughly where the transmitters are located. They've recently started
>compiling a data bank with the idea of attempting some traffic
>analysis. A lot of these stations work regular schedules, and seem to
>send messages to specific ears. Many stations work in regular AM mode,
>so you can here these guy's with a rudimentary radio. They usually send
>five letter or five number groups. Many of these stations have colorful
>names attached (unofficially, of course) such as The Russian Man or The
>Lincolnshire Poacher. Probably all OTP stuff, but ???. Also various
>data transmission modes.
>And, yes, there are several stations that seem to emit nothing but
>repetative tones, or even pure noise.
>Worth a looksee. regards, Dave
Try also: www.gem.net/~berri/wun/ and look for 'Oddities' or
'Numbers Stations'. The gang there do a lot of listening and traffic
analysis.
--
Regards, Jim. | Inside-Out Edinburgh
amadeus%netcomuk.co.uk | Guide to all aspects of
dynastic%cwcom.net | The Capital's Life:
nordland%lineone.net |
PGP Key: pgpkeys.mit.edu:11371 | http://www.insideout.co.uk/ed
------------------------------
From: [EMAIL PROTECTED] (William Tanksley)
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Reply-To: [EMAIL PROTECTED]
Date: Tue, 20 Jul 1999 19:56:46 GMT
On Tue, 20 Jul 1999 19:36:28 GMT, Greg wrote:
>Why not just export the executable and source from a web page, let them
>arrest you, challenge the law until you win or lose, even to the high
>court. What the *#&% are we playing games with the government for.
Good point. Be sure to go for a jury trial -- they have nullification
powers. But keep in mind that this particular law is supported by a
presidential declaration of "state of emergency".
>Who ever wins will be famous and who ever loses will be famous. Either
>way, the only losers are the cowards who play this game with the
>government.
The guy spending time in the federal pen doesn't look too happy ;-).
>Of course they will fight. They have to make an example out of
>someone! But what if one of us wins?
We're watching that happen right now. Hopefully they won't do what they
did last time -- you know, declare that this one person is allowed to
export his own code, but nobody else.
You're right, though; civil disobedience, not trickery and skulking, is
what we need. Everybody start wearing a crypto-sig; we've had enough.
>The US is not a democracy - US Constitution Article IV Section 4.
Agreed. Thank goodness.
Or at least, "was not". It's getting more like one every day.
--
-William "Billy" Tanksley
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Tue, 20 Jul 1999 19:36:28 GMT
Why not just export the executable and source from a web page, let them
arrest you, challenge the law until you win or lose, even to the high
court. What the *#&% are we playing games with the government for.
Who ever wins will be famous and who ever loses will be famous. Either
way, the only losers are the cowards who play this game with the
government.
Think about it. What are we all doing playing "what if" games? Tell
them to *#&% off and that you will see them in court!
Of course they will fight. They have to make an example out of
someone! But what if one of us wins?
--
Democracy is the male majority legalizing rape.
UN Security Council = Democracy in Action - there is no appeal.
Welcome to the New World Order.
The US is not a democracy - US Constitution Article IV Section 4.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Benfords law for factoring primes?
Date: Tue, 20 Jul 1999 19:27:51 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > I detect a challenge. What is the largest prime you have factored?
>
> Give me one and I'll factor it instantly.
>
Sure!! Please factor the following prime over Q[i], i.e. the Gaussian
integers: It is 1 mod 4 so it is not inert.
492167227845480888731658706083751291835971759321886377256389091511768544
355940311490348494199638365738710225324765222885616281603298816157230172
005632019356215061205749095669503330752424213337098290429546945479016081
812278607661128781032860024336132847610848533724215922627364505720022270
4448703955939975390068680810358556973478270428602931457
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Benfords law for factoring primes?
Date: Tue, 20 Jul 1999 22:04:52 GMT
Bob Silverman <[EMAIL PROTECTED]> wrote, in part:
>Sure!! Please factor the following prime over Q[i], i.e. the Gaussian
>integers: It is 1 mod 4 so it is not inert.
Of course, he meant that he could factor a prime instantly *in a field
in which it _is_ a prime*...
but that is a clever riposte.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Replacing IDEA with Blowfish
Date: Tue, 20 Jul 1999 23:23:38 GMT
In article <[EMAIL PROTECTED]>, Paul Koning <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] wrote:
>> ...
>> 3) There are designs for Blowfish in hardware, I dunno if they have
>> been done yet or not. IDEA was designed for hardware and software
>> (somewhat).
>
>"somewhat" is right. IDEA uses multiplication, which is expensive
>in hardware (or slow). Feistel networks such as in Blowfish are
>far cheaper. Then again, in the case of Blowfish the large size
>of the key schedule hurts.
>
> paul
actaully since IDEA use multiplicatiopn of a variable times a constant
each one of those could be repacled by a small 16X16 bit S table.
which is not so expensive. Also one could could improve IDEA by
usinging a larger class of functions instead of a lowly multiply which
may make it more vulnerable to being broken.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: Music on CD - Great for around the house or dinner
Date: 17 Jul 1999 16:38:46 GMT
We'll already disappointed (or dissapointed, your way) in your lack of
respect for on-topic posting, so what makes you think we won't be
dissapointed in your music?
Keith
Philip Kappaz ([EMAIL PROTECTED]) wrote:
: Greetings,
: Please take a few moments to check out my music. I have created a CD
: (only $5.99) of excellent quality recordings of some very nice,
: enjoyable music. My music is a mixture of the smooth jazz, latin, and
: new age styles, and it is all designed for the pleasure of my listeners.
: Check out "Awakening", a short, romantic, symphonic work. Both "The
: Lost World", and "Dream Catcher" have a nice quiet latin rhythmic bass
: for some beautiful orchestrations with my keyboards. Please take a
: listen, and hopefully you will even purchase your own copy. You will
: not be dissapointed.
: Thank you,
: Philip Kappaz
: http://www.mp3.com/kappaz
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: How to crack monoalphabetic ciphers
Date: Tue, 20 Jul 1999 23:17:39 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>Jerry Coffin wrote:
>> Since we know that valid plaintext won't contain
>> these values, we can reject any decoding that contains them. Given
>> that you usually use a fairly large ring-buffer with LZSS (to maximize
>> the possibility of finding the string), this means there's a fairly
>> large section of a file in which certain codes cannot occur.
>>
>> At the very beginning of the file, the illegal
>> values outnumber the legal ones by a LARGE margin [...] my
>> guess is that we could eliminate well over 99% trial decodings based
>> entirely upon this, without having to go the next step and decompress
>> the plaintext to see if it looks reasonable.
>
>[ahem] How a-bout THAT! ... And what might be other possible
>implications to the cryptologist of that little discovery?
The result should be that you use a different compression method
that does not leak that kind of information. That is way I use my
version of adaptive huffman compression it does not suffer from
such problems.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
Date: Mon, 19 Jul 1999 18:53:06 -0400
From: [EMAIL PROTECTED]
Subject: Re: randomness of powerball, was something about one time pads
Mok-Kong Shen wrote:
>
> Douglas A. Gwyn wrote:
> >
> > Unbounded or open-ended games often hold surprises. For example,
> > suppose you're matching coins against the (fair) house and double
> > your bet each time you lose, starting with a $1 bet the first play
> > and each time you won the previous play. Note that each time you
> > win the play, you are $1 ahead for that "run" (losing streak, win).
> > Evidently, you can make an arbitrarily large amount of money if
> > you keep playing. What (if anything) is wrong with this "system"?
>
> Maybe I misunderstood. But doesn't the issue call into memory
> the case where an ideal RNG can generate a sequence of 0's of
> arbitrary length? There is a non-zero chance that the time point
> of (huge) win is at infinity.
There is no huge win anywhere. The rules stated that bet doubling
follows a loss. Following a win the bet reverts to one unit.
------------------------------
Date: Mon, 19 Jul 1999 19:08:19 -0400
From: [EMAIL PROTECTED]
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Peter Seebach wrote:
>
> In article <[EMAIL PROTECTED]>,
> Natarajan Krishnaswami <[EMAIL PROTECTED]> wrote:
> >On Thu, 15 Jul 1999 22:59:44 GMT, Peter Seebach <[EMAIL PROTECTED]> wrote:
> >> This is partially because "he" is a gender-neutral pronoun in English, while
> >> "she" isn't, and "it" is a pronoun for the inanimate. "he" is correctly used
> >> both for typeless entities and for male entities.
>
> >Quite a few English-language native speakers (and publishers) have
> >rejected that position. (Unlike programming languages, natural ones
> >are in a constant state of flux. ;-) The social context arising from
> >the women's equality movement has precipitated, at least in the US, a
> >dramatic reduction in use of masculine pronouns, compounds of 'man,
> >etc., in generic contexts, and a fairly widespread (if mild) antipathy
> >towards their use as such.
>
> Oh, certainly. However, I disapprove of political changes to languages.
> That change breaks too much existing code. A lot of people have decided to
> "reject" that position, mostly based on made-up etymologies or false claims
> about the historical origins of our current set of words.
>
> Essentially, I treat these people the same way I treat anyone who tries to
> redefine words to fit a political agenda.
>
> >It's not inconceivable that in another 20
> >years, it may be considered poor style ("agrammatical") to use them
> >that way (here).
>
> It would be a shame, though, because we'd lose a lot of very expressive text.
> "Man's inhumanity to man" is a much more elegant phrase than anything you can
> do once you lose that usage.
>
> In my own work, I mostly use 'he' as a gender-neutral pronoun, but
> in the Hacker FAQ, I switch pronouns every question to keep people on their
> toes.
>
> (Curiously, I get flames about this; not on the grounds that "he is gender
> neutral", but on the grounds that "there aren't many female hackers". I don't
> know, but I'm guessing none of the people complaining are female or over 18.)
You can also be flamed for selecting which questions get male pronouns
vs female pronouns. In one case I made selections randomly (now don't
get excited), but when I published the document activists accused me of
using female pronouns for the "dumber" questions.
It never stops. So I no longer bother. Instead I distract by asking
the grammatical, as opposed to political, difference betwwen "person of
color" and "colored person".
>
> -s
> --
> Copyright 1999, All rights reserved. Peter Seebach / [EMAIL PROTECTED]
> C/Unix wizard, Pro-commerce radical, Spam fighter. Boycott Spamazon!
> Will work for interesting hardware. http://www.plethora.net/~seebs/
> Visit my new ISP <URL:http://www.plethora.net/> --- More Net, Less Spam!
------------------------------
Date: Mon, 19 Jul 1999 18:47:15 -0400
From: [EMAIL PROTECTED]
Subject: Re: randomness of powerball, was something about one time pads
fungus wrote:
>
> [EMAIL PROTECTED] wrote:
> >
> > A simple way to analyze this is to use colored dice (RGB). Throw them
> > 216 times. Ignore the combinations and inspect the payoff from each die
> > independently. The red die matches your selection 36 times. Ditto for
> > the green and blue die. Total payback in $108 against $216 in bets.
> >
> > The house wins. Big.
> >
>
> Completely wrong analysis....
Really.
Would you care to elaborate?
------------------------------
Date: Mon, 19 Jul 1999 19:19:31 -0400
From: [EMAIL PROTECTED]
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Michael D. wrote:
>
> English, as well as the other Germanic languages, cannot be made to be
> gender neutral because of their structure. Latin languages, on the other
> hand (that is: Portuguese, Spanish, French, Italian and Romanian) are all
> gender specific, in general using the "a" and the "o" declensions to
> denominate genders in all nouns, including inanimate subjects.
It's worse when you have to maintain gender consistency between articles
and nouns. Table isn't very sexy. But there is no definite article but
"le" that applies. "Le table" and "la fenettre" will not succumb to
linguistic editorializing.
> What is the
> solution? Should there even be a solution? Historically, languages evolve
> naturally, however, attempts at artificially altering languages have
> ususally failed. This accounts for the extra letters in the Cyrillic
> alphabet, added by the Czar, as well as the failure of Esperanto to have
> become anything more than a novel hobby.
> Michael D.
> [EMAIL PROTECTED]
>
> Natarajan Krishnaswami <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > On Thu, 15 Jul 1999 22:59:44 GMT, Peter Seebach <[EMAIL PROTECTED]>
> wrote:
> > > This is partially because "he" is a gender-neutral pronoun in English,
> while
> > > "she" isn't, and "it" is a pronoun for the inanimate. "he" is correctly
> used
> > > both for typeless entities and for male entities.
> >
> > Quite a few English-language native speakers (and publishers) have
> > rejected that position. (Unlike programming languages, natural ones
> > are in a constant state of flux. ;-) The social context arising from
> > the women's equality movement has precipitated, at least in the US, a
> > dramatic reduction in use of masculine pronouns, compounds of 'man,
> > etc., in generic contexts, and a fairly widespread (if mild) antipathy
> > towards their use as such. It's not inconceivable that in another 20
> > years, it may be considered poor style ("agrammatical") to use them
> > that way (here).
> >
> > > Another argument against overloading words.
> >
> > Quite.
> >
> > <N/>
------------------------------
Date: Mon, 19 Jul 1999 18:50:01 -0400
From: [EMAIL PROTECTED]
Subject: Re: randomness of powerball, was something about one time pads
John Briggs wrote:
>
> In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
> > fungus wrote:
> >> A simple proof that they aren't goes as follows:
> >> This game is actually played in carnavals and casinos. ...
> >
> > What's played there is Chuck-a-Luck as I described it,
> > where the payoff is the same for 1, 2, or 3 shows of
> > your chosen number, not the originally cited game where
> > the payoff is proportional to the number of shows of
> > your number. The latter can be factored into orthogonal
> > subproblems: each die's contribution is *independent* of
> > what goes on with the other dice, so the per-die outcome
> > can be scaled up simply by multiplying by the total
> > number of dice (3 x 1/6). The former (Chuck-a-Luck)
> > has expected outcome 1/6 + 5/36 + 25/216 (where the
> > terms can be found by the survivor rule), which is
> > less than fair (1/2).
>
> As I understand the game, you put 1 chip (or whatever) on the counter.
> Then depending on the roll of the dice, either they take your
> chip or you keep your chip and they hand you 1, 2 or 3. Let's call
> this "original rules".
>
> Result: -1 with probability 125/216 Expected gain: -0.578
> +1 with probability 75/216 Expected gain: +0.347
> +2 with probability 15/216 Expected gain: +0.138
> +3 with probability 1/216 Expected gain: +0.013
> ----------------------
> -0.080
>
> Or we could assume your version, you put one chip on the counter.
> Then depending on the roll of the dice, either they take your
> 1 or you keep your 1 and they hand you 1. Let's call this "cheapskate
> rules".
>
> Result: -1 with probability 125/216 Expected gain: -0.578
> +1 with probability 91/216 Expected gain: +0.421
> ---------------------
> -0.157
>
> In neither case does the game decompose cleanly into a set of three
> independent sub-games. The results on the other two dice influence
> the payoff matrix on the remaining die. In particular, if you've already
> got a six, your stake is no longer at risk.
>
> If you can be seduced into believing that "original rules" is cleanly
> decomposable into three independent sub-games then you are a mark.
> The carny wants you to think this.
>
> Three independent sub-games on the reward side yes. But there's a
> different and non-independent sub-game on the risk side. This may be
> what Doug Gwyn has in mind. He's usually pretty sharp.
>
> There is a cleanly decomposable variant:
>
> You put your one chip on the counter. The carny keeps it regardless.
> Then he hands you 1, 2 or 3 depending on the throw of the dice.
>
> Result -1 with probability 125/216 Expected gain: -0.578
> 0 with probability 75/216 Expected gain: 0
> +1 with probability 15/216 Expected gain: +0.069
> +2 with probability 1/216 Expected gain: +0.009
> ----------------------
> -0.500
>
> Nobody would play that game. It's obviously unfair. The payout is
> 1/6 per die for a total of 1/2. The fair price is thus 1/2 chip.
Exactly.
------------------------------
Date: Mon, 19 Jul 1999 19:03:19 -0400
From: [EMAIL PROTECTED]
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
wtshaw wrote:
>
> In article <7n0a0t$6gj$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
> > On 1999-07-18 [EMAIL PROTECTED](wtshaw) said:
> > :As an information unit, 1 is not comparable to any other since in
> > :log terms any other base to the power of one is zero, and I have
> > :trouble dividing into or by zero myself.
> >
> > Surely you mean "any other base to the power of 0 is 1"?
> > --
> Yep, and I did post a correction that I include a wrong and extraneous
> thought to the consideraton of base one.
>
> As for computations like other bases, for base one there is no acceptable
> concept other than zero and, possibly, infinity, which is in its own right
> going to be difficult to use. You can't even write one in base one, which
> makes it uncomputational, as I maintained before. The rules of
> computational bases would in fact exclude base one and base zero.
> Frankly, I find enough work in useful numerical concepts, and there are
> plenty to keep us all busy.
You can use base 1 by noting the implied addition between the successive
digits of a number. E.g. 13 base ten implies 1*ten^1 plus 3*ten^0. In
base one you have the same construction so that 1111 base one is 1*one^3
plus 1*one^2 plus 1*one^1 plus 1*one^0 = 4 base 10. The powers all
collapse and any number is represented by that many digits, all ones.
Note that in base one there is no need for zero as there is no
difference between powers, so no need for place holders.
> --
> When I talk about running the bases, it's not baseball.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
