Cryptography-Digest Digest #933, Volume #9 Sat, 24 Jul 99 20:13:04 EDT
Contents:
Re: How Big is a Byte? (was: New Encryption Product!) ("karl malbrain")
Re: Length of public key in PGP? (Doug Stell)
Re: randomness of powerball, was something about one time pads ("Douglas A. Gwyn")
Re: What is skipjack ??? ("Douglas A. Gwyn")
Re: What is skipjack ??? ("Roger Schlafly")
Re: A few qustions on encryption (John Wasser)
Re: How Big is a Byte? ([EMAIL PROTECTED])
Re: symmetry group (from cypherpunks) (John Savard)
Re: Kryptos Beginning of publicatio of solution (James Pate Williams, Jr.)
Re: Kryptos Beginning of publicatio of solution (JPeschel)
What I think is B.S. about the X.509 . Please encrypt the certificate! ("Dirk
Mittler")
Re: another news article on Kryptos (David Wagner)
Algorithm/Code for Public Key Encryption? (Nick Roosevelt)
Re: Simple hash or CRC algorithm implementable in VB? (wtshaw)
Re: How Big is a Byte? (Brian Inglis)
----------------------------------------------------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Sat, 24 Jul 1999 11:00:22 -0700
wtshaw <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> >
> > You may argue that you didn't "start counting" until the first sheep
> > arrived, but you were watching the road in the same state prior to the
> > first sheep as prior to the second sheep except for the value of your
> > "current count". So I maintain that you "started counting" when you
> > started watching for sheep, not when the first sheep arrived.
> >
> > B. Kernigan identified this as the most important issue in programming
> > in an interview with Unix Magazine (Journal?) about 8 years ago.
> >
> So, computers have introduced a new counting method. When you start
> counting your fingers do you begin with zero. When you count a blackjack
> hand, do you start with zero? Zero means you have no cards yet to count.
No, computers haven't introduced any new counting methods -- one uses the
<<successor>> function to count on computers like everywhere else. What
computers have introduced are new ADDRESSING methods.
When you start to count events on your fingers, you first <<hold>> the
number zero with your fingers. You have to decide to count BEFORE the first
event, and you have a zero count until it does -- that's called the
BEGINNING.
For the declaration: integer array X[10], X addresses the first element of
the array, and the subsequent index
(de)reference ADDS to that ADDRESS to arrive at the specified element.
Karl M
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: Length of public key in PGP?
Date: Mon, 19 Jul 1999 20:55:51 GMT
On Mon, 19 Jul 1999 19:19:06 GMT, [EMAIL PROTECTED] wrote:
> After you encrypt a text with encrypt(T) = (T^E) mod PQ, the
>length of the ciphertext is always <= PQ, no matter how long "T" is.
Correct.
>The problem arises when "T" is longer than "PQ". In such a case,
> the information in "T" will be lost, and you won't be able to decrypt
>it back.
>
> Here is an example,
>
> P = 137 Q = 191 E = 3 D = 17227 PQ = 26167; If T = 332453243,
>then ciphertext = 24661, decryptedtext = 1508. *** Problem ***
>
> Have I done something wrong?
T must be < PQ.
Essentially, RSA is a block cipher, where the block size is the size
of the modulus. For longer messages, you must break up the message
into blocks and encyrpt them separately. In practice, we generally
make things simple by considering the block size to be slightly
shorter than modules, by one bit or rounded down to the next byte
boundary.
In your example" PQ = 0x6637, T = 0x013D0D576
On the bit boundary: Tmax = 0x3FFF (rounding down one bit)
T1 = 0x1576
T2 = 0x0F43
T3 = 0001
On the hex digit boundary: Tmax = FFF (rounding down to hex boundary)
T1 = 0x576
T2 = 0xDOD
T3 = 0x013
On the byte boundary: Tmax = 0xFF (rounding down to byte boundary)
T1 = 0x76
T2 = 0xD5
T3 = 0xD0
T4 = 0x13
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Sat, 24 Jul 1999 19:30:17 GMT
Patrick Juola wrote:
> The Martingale fallacy you describe is simply another example of this
> fallacy.
No, or at least you need to show where the subsequencing is applied.
The (presumably fallacious) argument is:
The double-your-bet-after-a-loss strategy guarantees
that each time you win a play, you are ahead by $1.
There is zero probability that you will never win a
play. Therefore, at some point in time you will be
ahead by $1, with probability one. When that occurs,
restart the game; at some later point in time, you
will be ahead by $2, with probability one. Repeat..
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: What is skipjack ???
Date: Sat, 24 Jul 1999 19:34:59 GMT
spike wrote:
> I mean... how does it compare to those algorithms with regard to
> security ?
How do you measure security?
It is not publicly known just how breakable most cryptosystems are.
Isolated examples of DES have been broken, with an expenditure of
resources that is within reach of medium-sized organizations.
Presumably that provides some sort of upper bound for DES.
Skipjack has not been reported as broken yet.
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: What is skipjack ???
Date: Sat, 24 Jul 1999 12:27:06 -0700
spike wrote in message <[EMAIL PROTECTED]>...
>> > > And how does it compare to idea,
>> > > des, and blowfish ?
>> >
>> > In what regard -- speed, security, ease of implementation, or?
>I mean... how does it compare to those algorithms with regard to security ?
Skipjack uses an 80-bit key and a 64-bit blocksize, so it has the
consequential limitations. (It is susceptible to exhaustive search
using 2^80 steps.)
Biham published an attack based on (1) using 31 rounds in
Skipjack instead of the usual 32, and (2) some impractically
large number of known plaintext blocks. This seems to be
evidence that Skipjack does more or less what it claims.
The folks who chose the number of rounds must have known
what they were doing.
I heard there was a talk on Skipjack at Eurocrypt 99, but I
don't know details.
------------------------------
From: John Wasser <[EMAIL PROTECTED]>
Subject: Re: A few qustions on encryption
Date: Sat, 24 Jul 1999 16:10:27 -0400
[[ This message was both posted and mailed: see
the "To," "Cc," and "Newsgroups" headers for details. ]]
In article <[EMAIL PROTECTED]>, Krishna Sawh
<[EMAIL PROTECTED]> wrote:
> I encrypted the both files with the same key, when I
> compared each byte of the encrypted files I found all but 300 bytes
> were the same
The probable reason is that you are using a "block" cipher where
the file is broken into blocks of a fixed size and each block
is encrypted separately.
The next level of randomness is what I think is called a
"block sequential" cipher. A cipher of that form uses some
data from each block as part of the encryption for the next
block. All of the blocks AFTER the one where the plaintext
changed would encrypt differently. The drawback is that
a single error in transmission will make the entire rest of
the file unreadable.
If you had a "block sequential" cipher you could make the
entire ciphertext different each time by inserting a fixed
number of (pseudo-)random bytes before the actual data.
After you decrypt the file you remove the inserted bytes.
------------------------------
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte?
From: [EMAIL PROTECTED]
Date: Sat, 24 Jul 1999 21:02:03 GMT
On 1999-07-23 [EMAIL PROTECTED] said:
:> Hence, in base 1, the number
:> "11111" is equal to 5, "111 11" is also equal to 5, as is "111011"
:Just as there are no ''8s'' in Base_8, nor ''4s'' in Base_4, there
:can NOT be a ''1'' in a Base_1, if such a thing were even possible.
:The ONLY 'number' available to you in Base_1 would therefore appear
:to be ZERO. Naught. You couldn't count up to ANYTHING.
:Your '11111' is meaningless, not ''equal to 5''.
You'll have confused syntax and semantics, then...
--
the desk lisard communa time's taught the killing game herself
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: symmetry group (from cypherpunks)
Date: Sat, 24 Jul 1999 21:01:11 GMT
Anonymous <[EMAIL PROTECTED]> wrote, in part:
>Mike Stay asks:
>> There's no real concept of "distance" between elements of a group, and
>> yet if you were to consider operations on, say, a rubix cube, it's
>> obvious that some states are further from "solved" than others. That's
>> because we can't "do" a general operation on the rubix cube in just one
>> step; we have to generate it from a subset of the group elements that
>> span the group.
>In cryptography when we use groups we usually have just one operator,
>like the multiplicative group mod p. In Rubik's cube there would seem
>to be six operators, rotating the six faces.
No, essentially with a Rubik's Cube you can make a group with one
operator.
The operator is: given state a and state b of the cube, a operator b
means: carry out the series of rotations on state a that would be
required to obtain state b from a solved cube in the standard
orientation.
This group can be defined in terms of a small set of elementary
operations which, when repeated, allow all states to be reached.
For an example, consider the group of rotations of a dodecahedron. On
my Xoom web site, at
http://members.xoom.com/quadibloc/symint.htm
there is a picture showing that group. Two operations - rotation one
step (of five) around one face, and rotation one step (of three)
around one corner - are sufficient to generate this group which is
[isomorphic to] A5, the alternating group of permutations of five
objects.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: Kryptos Beginning of publicatio of solution
Date: Sat, 24 Jul 1999 22:46:50 GMT
On 24 Jul 1999 22:16:53 GMT, [EMAIL PROTECTED] (JPeschel)
wrote:
>Ah, but if he were really schizophrenic wouldn't he have several
>web pages?
Disclaimer I am not a psychiatrist. I think you are confusing
schizophrenia with mutiple personality disorder. At one time
schizophrenics were thought to have a split personality but
that theory has been largely discredited. Schizophrenia is
a brain chemical disease and involves neurotransmitters
or a lack of them.
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Kryptos Beginning of publicatio of solution
Date: 24 Jul 1999 22:16:53 GMT
> [EMAIL PROTECTED] (Jerry Coffin) writes:
>OTOH, I'm sure some here who are fond of conspiracy theories could
>come up with all sorts of interesting reasons to put up a web page
>that makes it look like the person who wrote it is schizophrenic.
Ah, but if he were really schizophrenic wouldn't he have several
web pages?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Dirk Mittler" <[EMAIL PROTECTED]>
Subject: What I think is B.S. about the X.509 . Please encrypt the certificate!
Date: Sat, 24 Jul 1999 19:12:13 -0400
I want to show you what sort of subjects I'm known to ruminate about
seriously.
A few weeks ago I was waiting for my lab station at a university when a
classmate recognised me and recommended I use the time to study. So I went
to the library (great idea) and started reading a Dr. Dobb's. And what the
magazine fell open to was the X.509 certificate. I studied it for a few
minutes, and came to the conclusion that this type of certificate does not
give anybody enough protection, basically as if it was junk. Of course this
type of junk is the mainstream of computing life.
The certificate is basically a data structure that can be read (wow!). It
includes a certificate authority, serial number, RSA decryption key, and a
type of data signature of the whole document. I'm realising as I try to read
this that given some mathematical, cryptologic knowledge, someone can
encrypt a document and provide their own public (in this case decryption)
key, as well as a whole forged certificate. The only way this would fly up,
if I understand everything correctly, is in the unlikely event that someone
accessed the certificate authority and found, from all of the things, that
the serial number belongs to another certificate.
The ultimate protection is then in the serial number, and of course I've
known for a long, long time that the serial number of any document has
always been its final security. (Including the banknote, a security feature
the documentaries leave out!)
To my disappointment, the certificate itself isn't encrypted and the article
went on about how software can read the binary data structure that is the
certificate.
Surely there must be better protection. I know that without a certificate
authority, or a ?recipient? authority, the reader or sender doesn't know if
he or she has a valid public key. Yet I see the whisperings of an
establishment that wants to keep the private encryption or decryption keys
in escrow.
I have relied on the understanding that given a public key cryptosystem of
any given type, one must somewhere decide on a private key and derive the
public one 'irreversibly'. I have then stated that the recipient or sender
must know that a given public key is the one used consistently by the other.
There a certificate authority makes sense, both to make sure that the public
key is valid and that its use is consistent, that the private key is
non-trivial, etc.. Otherwise I could come up with my own private key, derive
the corresponding public one, give you the document and claim it was
enrypted by Richard Nixon.
But what I would at least expect is that the certificate itself would again
be encrypted. And the disappointment is great. The only issue would be, what
if the certificate authority's private key got out? But the public key of a
certificate authority could be known by the browsers right in their CA lists
as distributed. If their certificates were then broken (= their private key
got out), the remaining security would be as before, the protection of an
unencrypted certificate, and somewhere, a large procedure would either have
to bring a new public key for the authority into use or discontinue the use
of one authority (preferred).
I can't give anybody credit for programs that can actually read binary data
segments. Big deal.
Given that m can be derived from n , each a unit of key and method, but
that n can't be derived from m , such that n is the private key/method and
m is the public, and that P is the plaintext and C the cyphertext:
P >n> C >m> P >n> C .
Therefore, if we call P C' and C P' ,
C' >n> P' >m> C'
and
P' >m> C' >n> P' .
So when we have a public decryption, we always have a complementary public
encryption strategy. We can always encrypt the data again. In some cases, we
might need escape coding, but it isn't pertinent, I think.
BTW the German Bundeswehr couldn't figure this out or even make heads or
tails of it.
And if we use RSA encryption or a better method really only matters for
larger documents, I think. When the key becomes larger than the document, I
wouldn't worry about a supercomputer breaking it. Better then to crack the
document itself. In practice, we have an Interent of short documents.
Dirk
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: another news article on Kryptos
Date: 24 Jul 1999 16:12:02 -0700
In article <[EMAIL PROTECTED]>, Doug Gwyn (ISTD/CNS) <gwyn> wrote:
> An IC should be around 1. There are 4 coincidences at a width of 50,
> and (47*1+3*0)/26 are expected for random, so IC(50) = 4*26/47 = 2.2.
May I ask a question (out of the blue) about why the IC is defined
this way?
For a random source, the number of coincidences has approximately a
Gaussian distribution, with expected value ~ 1.81 and standard deviation
~ 1.32 in the case you give above (a period of 50).
It seems to me, then, that it would be more natural to characterize
the observed number of coincidences as about DI(50) = (4 - 1.81)/1.32
= 1.66 standard deviations above the mean, instead of IC(50) = 2.2.
Let's call this new measure DI, short for Dave's Index.
Note that, in comparison to DI, the IC exaggerates the deviation from
random for small samples and underrepresents the deviation when you
have a lot of data. (An IC of 2 should be very interesting if you have
a lot of data, but with less data there's a greater chance that it just
happened by chance. This is relevant because less data is available with
the larger periods, i.e. the larger column-widths, so raw IC values for
different periods aren't directly comparable.)
So it seems to me that the DI gives a more uniform and representative
way of summarizing the number of coincidences than the classical IC.
Why do people use the IC, and not the DI? Is this a stupid question?
------------------------------
From: Nick Roosevelt <[EMAIL PROTECTED]>
Subject: Algorithm/Code for Public Key Encryption?
Date: Sat, 24 Jul 1999 23:37:47 GMT
I am hoping to be able to implement encryption for a feature on a web
site. It involves encrypting some data. I would like to use a double
key/public key encryption algorithm. I am unable to use a component.
Please respond if you know where I can get such an algorithm or source.
Thanks.
--
Nick Roosevelt
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Simple hash or CRC algorithm implementable in VB?
Date: Sat, 24 Jul 1999 18:06:10 -0600
In article <7ncqvq$7kh$[EMAIL PROTECTED]>, "Steve K"
<[EMAIL PROTECTED]> wrote:
> Thanks for the reply!
>
> This is for hashing e-mail addresses, and I will use the hash to verify that
> a user that recieved the hash in thier mail box is indeed who they are when
> they enter thier e-mail address again on the web site.
>
Then, you can select the set of characters acceptable for email
addresses. You certainly can narrow it down quite a bit. If letter case
is not important, and it should not be, and you include digits, that's a
total of 36. Let's see...what else?
For symbols: _ @ . - , four. That's only a total of 40. Can you
think of any other characters you need in email addresses?
Next problem.....kind of address: It matters is you use a single domain
or need to hash for several. With one, you can chop of the right side
and concentrate on the left.
--
Real Newsreaders do not read/write in html.
------------------------------
From: [EMAIL PROTECTED] (Brian Inglis)
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte?
Date: Sat, 24 Jul 1999 23:54:27 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 23 Jul 1999 19:06:11 -0700, bill_h
<[EMAIL PROTECTED]> wrote:
>Ian Stirling wrote:
>> Hence, in base 1, the number
>> "11111" is equal to 5, "111 11" is also equal to 5, as is "111011"
>Just as there are no ''8s'' in Base_8, nor ''4s'' in Base_4, there
>can NOT be a ''1'' in a Base_1, if such a thing were even possible.
>The ONLY 'number' available to you in Base_1 would therefore appear
>to be ZERO. Naught. You couldn't count up to ANYTHING.
>Your '11111' is meaningless, not ''equal to 5''.
>etc.
>Bill
What we're dealing with here is a breakdown between notational
consistency and mathematical value consistency.
Base 1 is the notational exception, in that 0 and 1 symbols are
both valid, as in base 2.
There is no way to tell if a number is in base 1 or base 2,
unless you have a notational convention like: 0s are useless in
base 1, so leave them out.
Using 0 as the unit symbol for notational consistency breaks with
the convention that the symbol has value zero, and the symbol for
unit value is 1.
So what! It's an exception. That's life. Live with it!
Thanks. Take care, Brian Inglis Calgary, Alberta, Canada
--
[EMAIL PROTECTED] (Brian dot Inglis at SystematicSw dot ab dot ca)
use address above to reply
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
