Cryptography-Digest Digest #41, Volume #10 Fri, 13 Aug 99 16:13:03 EDT
Contents:
Re: Future Cryptology ([EMAIL PROTECTED])
Re: Q. a hash of a hash ... (Anton Stiglic)
Re: Correlations in RC6 ([EMAIL PROTECTED])
Re: IDEA in AES ([EMAIL PROTECTED])
Re: Triple DES (168bit) -- Triple DES (112bit) ([EMAIL PROTECTED])
Re: IEEE Computer: Staying with the Herd (Mok-Kong Shen)
Re: decryption verification methods ([EMAIL PROTECTED])
Re: Q. a hash of a hash ... (Mok-Kong Shen)
Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever! (John
Savard)
Re: NIST AES FInalists are.... (Lee Winter)
The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever! (John
Savard)
Re: NIST AES FInalists are.... ([EMAIL PROTECTED])
Re: Future Cryptology ([EMAIL PROTECTED])
Re: NIST AES FInalists are.... ([EMAIL PROTECTED])
Re: Future Cryptology ([EMAIL PROTECTED])
Re: crypto survey (Lee Winter)
Re: Q. a hash of a hash ... (Anton Stiglic)
Re: Depth of Two ([EMAIL PROTECTED])
Re: Positive News About JAWS Technologies ([EMAIL PROTECTED])
Re: Q. a hash of a hash ... (Anton Stiglic)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Future Cryptology
Date: Fri, 13 Aug 1999 17:07:25 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Sorry, this really isn't the place for another holy war, but the
appropriate
> term would be "crackers", not hackers.
It's ok neither are real words anyways.
> Well, this brings up an interesting point. They may not be out to
get YOU,
> but how do you know they don't deem certain people as a risk? I mean
if you
> think about it, if you have all that techonlogy and man power, why not
> follow the potential trouble makers too? I'm a prime candidate for
that.
> Late teens, above average IQ (153), very skilled with a computer
(been using
> dos since 8, and UNIX since 10), a white hat hacker, programmer, and
uses
> encryption for EVERYTHING (including simple personal messages). They
may
> not be out to get you, but they might be out to get me. =)
>
We have to be long lost sibblings... anyways...
My point is that there are millions of people looking for ways to
steal. I would think they are a greater risk to me and others then say
a snoopy NSA (or other secret agency employee) agent. It just sounds
good to use the name NSA here and there. Like 'design to stop the NSA'
although they never started ...
>
> I must say, that is exactly right. If a cracker can effectivly
bypass all
> security methods and/or encryption, then we are in trouble. That is
more
> dangerous than the NSA could ever be....
Can we say distributed.net. If they put there efforts towards private
emails that were snatched ... (unless the keys were too big...)
>From the epilog of AC, Matt Blaze said that the NSA rarely attacks the
crypto... I dunno if this is true but it worries me that some people
think that way (that the protocals are so bad).
Anyways my real point was that crypto is not designed to stop the NSA.
It's design to protect privacy and ensure authentication in the face of
an adversary. It's used millions of times a day by millions of people
to transac billions of dollars. To me that's more important then
letters 'home to ma' from 'joe nobody'.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Q. a hash of a hash ...
Date: Fri, 13 Aug 1999 14:17:20 -0400
If the cycle was fixed, then I beleive they might be some loophole, but
if
the cycles are infact uniformaly different, it wouldn't give much info.
What I realy want is the following property.
it is as "hard" to found x and y such that H(H(x)) = H(H(y)) as it
is
to found x and y such that H(x) = H(y).
If this property holds, then we can generalize it to H(H(H(....)))
,trivialy.
If this latter generalization is true, then cycles are necessarily
different,
for if there was one fixe cycle n for wich H(H(H(..(n times)
..(H(x))...) = x,
we abviously contradict the above statement (call BIG_H = H(H(...(n
times))),
BIG_H(x) = x for all x, thus not a hash function at all).
P.S I to would also like to see some mathematical analysis on this
question.
Anton
Medical Electronics Lab wrote:
> Anton Stiglic wrote:
> >
> > Say I have a hash algorithm H (I'm in fact using SHA_1),
> > is using H(H(x)) as secure as using H(x), do the same properties
> > for H stant for H of H ?
> >
> > Thanks in advance for inputs!
>
> Assume x is the same size as H(x). If this is not a valid
> assumption then use y = H(x) and perform H(H(y)).
>
> Suppose you do H(H(H(....)))) for many cycles and different
> inputs. You'll find that you get into a loop, and some of the
> different inputs are just different points in the cycle.
> There will probably not be some input which has only 2 points on
> the cycle, but there are certainly going to be some cycles which
> are shorter than others. So doing H(H(x)) actually reduces
> your security because your giving an attacker information about
> the cycle.
>
> I guess I'd like to see a mathematical analysis, but my gut
> level feeling is that it does not have the same properties.
> You can easily break the cycles using H(H(x)||g) where g is
> some random garbage.
>
> Patience, persistence, truth,
> Dr. mike
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Correlations in RC6
Date: Fri, 13 Aug 1999 18:24:16 GMT
In article <7ov1b0$g9q$[EMAIL PROTECTED]>,
Lars Knudsen <[EMAIL PROTECTED]> wrote:
>
>
> Willi Meier and myself have written a paper on the AES candidate RC6.
>
> See
> http://www.ii.uib.no/~larsr/aes.html
> or download the paper
> http://www.ii.uib.no/~larsr/papers/rc6.ps
Good paper. Would it be safe to say not to use RC6 with less then 20
rounds? Do you estimate your attacks can be extended?
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: IDEA in AES
Date: Fri, 13 Aug 1999 18:28:04 GMT
In article <7ovb59$m6v$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> A few more security comments
>
> 1. There was evidence given, not proof, that IDEA is immune to
> differential crypanalysis after 4 rounds.
That's because it was suppose to be a markov cipher, which it is not.
> 2. Biham's related key cryptanalysis doesn't work.
>
> 3. Willi Meier came up with an attack, however it's less efficient
than
> brute force for 3 rounds or more.
>
> 4. There are weak keys, but they are easily prevented and are rarely
> chosen.
But weak none-the-kess.
>
> All of this information I directly pulled out of AC2. The only
> successfull attack on IDEA was using side-channel cryptanalysis, but
the
> authors of IDEA created a fix. I'm not sure about mod 3
cryptanalysis,
> though.
>
> Simply put, from what I can tell, it will take a major breakthrough to
> break IDEA.
Maybe so but attacks are coming. Breaking DES used to be impossible as
well. It's still impractical but not impossible. Although except for
the short key DES isn't weak either.
>
> As far as I can tell, you can implement IDEA faster than DES. This
> usually occurs in software.
As far as I can tell, you can implement Blowfish faster then both.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Triple DES (168bit) -- Triple DES (112bit)
Date: Fri, 13 Aug 1999 20:21:23 +0200
Frank Piepiorra wrote:
>
> Several publications refer to Triple DES with the key size 168 bit or 112
> bit. Both seems to have Triple DES but what in detail, besides the key
> length :-) is the difference and does it have an impact on security?
> Frank
According to AC2 there is an attack against 3DES with two keys that
allows
to break the cipher with an effort of 2^120/p encryptions with p known
plaintexts. For more than 256 known plaintexts this attack is faster
than
brute force. (P.C van Oorschot and M.J.Wiener 'A Known-Plaintext Attack
on
Two-Key Triple Encryption' Advances in Cryptology,
EUROCRYPT '90 Proceedings, Springer 1991m pp. 318-325)
3DES with three different keys can be attacked with a meet-in-the-middle
attack. It needs 2^112 encryptions (R.C Merkle and M. Hellman 'On the
Security of Multiple Encryption'; Communications of the ACM, v.24, n.7,
1981, pp 465-467).
If keysize is a problem, use TEMK (Triple Encryption with Minimal Key).
Use three public constants T1, T2 and T3 and two keys calculate the
three keys of 3DES168 :
K1 = E(X1,D(X2,E(X1,T1)))
K2 = E(X1,D(X2,E(X1,T2)))
K3 = E(X1,D(X2,E(X1,T3)))
(L.R.Knudsen 'Block Ciphers - Analysis, Design, Applications' Ph.D.
Dissertationm Aarhus University, Nov. 1994)
Enterrottacher Andreas
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: IEEE Computer: Staying with the Herd
Date: Fri, 13 Aug 1999 20:46:56 +0200
Terry Ritter schrieb:
>
> I have just had an article published in the current (August, 1999)
> IEEE Computer magazine, titled "Cryptography: Is Staying with the
> Herd Really Best?" The general theme goes like this:
>
>
> We have options beyond bemoaning our fate or ignorantly accepting
> delusion as opposed to harsh reality. Options include multi-ciphering
> as standard practice, using a wide variety of ciphers, choosing
> ciphers dynamically, and having an expanding set of ciphers to choose
> from. Contrary to the conventional wisdom, some of these alternatives
> benefit from having many new ciphers instead of just using old ones.
> A design alternative is to produce scalable designs which can be
> better investigated than any of our conventional large ciphers.
We have discussed the same matter in our group. I am convinced that
'variability', which generically covers all the above said, is one
of the principal means to render analysis futile and hence to attain
(practical) security. It is satisfying, that the author of the IEEE
article (not yet available to me), who I assume is certainly a very
knowledgeable person in the field, confirms this view.
M. K. Shen
========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: decryption verification methods
Date: Fri, 13 Aug 1999 20:39:47 +0200
Matthew Bennett wrote:
>
> Other than simply encrypting a check phrase into the file and checking it
> upon decryption, how would you rate these three other verification methods:
>
> 1) Write a random block of 8 bytes to a file followed by another duplicate 8
> bytes, then encrypt. Upon decryption, check the first 8 bytes matches the
> second 8 bytes.
>
> 2) Hash the first 32 bytes of the file, encrypt the whole file, store the
> original hash value at the beginning. Upon decryption, hash the same 32
> bytes and check the number produced matches the original value.
>
> 3) Like method 1, but sandwich a small part of the data file between the two
> 8-byte blocks.
All three of them allow to detect, whether the correct key was used or
not, but
they don't allow to test the integrity of the whole file.
>
> I'll be using Blowfish in CFB mode for the encryption, and SHA-1 as the hash
> function.
> In particular is there an increased security risk if, say, someone knew that
> the first 8 bytes matched the next 8 bytes?
It makes it simple for the attacker to find that a guessed key is the
right
one :)
It may allow other attacks comparable to an attack using one known
plaintext.
> Does anyone know of a better verification method?
For CBC there is a method known as CBCC: Add a block with the XOR of all
plaintexts and encrypt this block as the last one. The attacker has to
decrypt
all blocks to get the plaintext of this last block while your methods
make it
neccessary to decrypt only few blocks. Every change in the ciphertext
will change
this last block so you get an integrity test for the whole file with
only one
additional XOR per block.
You could use the same method for CFB.
But maybe fast detection of an error is more important?
Andreas Enterrottacher
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q. a hash of a hash ...
Date: Fri, 13 Aug 1999 21:33:17 +0200
Anton Stiglic schrieb:
>
> If the cycle was fixed, then I beleive they might be some loophole, but
> if
> the cycles are infact uniformaly different, it wouldn't give much info.
> What I realy want is the following property.
> it is as "hard" to found x and y such that H(H(x)) = H(H(y)) as it
> is
> to found x and y such that H(x) = H(y).
>
> If this property holds, then we can generalize it to H(H(H(....)))
> ,trivialy.
> If this latter generalization is true, then cycles are necessarily
> different,
> for if there was one fixe cycle n for wich H(H(H(..(n times)
> ..(H(x))...) = x,
> we abviously contradict the above statement (call BIG_H = H(H(...(n
> times))),
> BIG_H(x) = x for all x, thus not a hash function at all).
>
> P.S I to would also like to see some mathematical analysis on this
> question.
Since the domain of H is finite, the iteration
x_(i+1) = H(x_i)
eventually loops, whatever x_0 may be. There may be a number of
different loops, being obtainable from different starting values x_0.
Let the size of one of these loops be n. Then we have for any element
x' in that loop
x' = H^n(x')
M. K. Shen
=======================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever!
Date: Fri, 13 Aug 1999 19:43:50 GMT
[EMAIL PROTECTED] (John Savard) wrote, in part:
>The most absolutely extravagant waste of processing cycles ever
>envisaged to encipher a single byte of plaintext now awaits your
>perusal!
Come to think of it, RSA and similar algorithms probably still hold
the record ... but of course they offer other useful properties that a
symmetric algorithm does not.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Date: Fri, 13 Aug 1999 15:43:12 -0400
From: Lee Winter <[EMAIL PROTECTED]>
Subject: Re: NIST AES FInalists are....
Patrick Juola wrote:
> In article <7p1ckg$2vbm$[EMAIL PROTECTED]>,
> SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
> > When you state something that disagrees with the false
> >crypto gods expect a tongue lashing. They live in there on
> >bubble of self inflated ego. That is why the germans and
> >japanese felt so secure. They had assholes let could wirte
> >pretty prose and pat them selves on the back as to how smart
> >they are. But they rather never cared about the black art of
> >actual encryption and never will. Again I state they do not
> >care about advancing the art of encryption. They truely are
> >foolish enough to belive that academics as defined by them
> >are on the cutting edge.
>
> .... as opposed to, for example, cryptography as practiced by
> amateurs who don't perform the amount of analysis required of
> academic cryptography. Yes, that makes sense -- academic
> standards are too lax, so let's abandon standards altogether.
>
> After all, anything designed and tested by academics is obviously
> trivial for the evil spirits of Ft. Meade to read. Something
> cobbled together in a basement, by constrast, is -- nay, MUST BE --
> impenetrable by virtue of the author's ex officio moral superiority.
Hmmm, a new standard for crypto strength: "My (crypto) strengthis the
(crypto) strength of TEN because my heart is pure." Next we'll
be invoking the sedition acts!
>
>
> And thus doesn't require testing or analysis, or even a readable
> design.
>
> -kitten
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever!
Date: Fri, 13 Aug 1999 19:36:36 GMT
Yes! An algorithm is now revealed which is even more secure than
Scott19u!
My "Large-Key Brainstorm", on the bottom of the page
http://www.ecn.ab.ca/~jsavard/co0412.htm
has now had a modified version added which, instead of encrypting a
whole eight bytes at each iteration, only encrypts one byte at a time
- allowing convenient stream cipher use.
Unfortunately, it has bad error-propagation characteristics, and hence
is not useful for all applications.
The most absolutely extravagant waste of processing cycles ever
envisaged to encipher a single byte of plaintext now awaits your
perusal!
Of course, if the flying saucers armed with quantum computers ever
invade, the thing just might actually be practical...
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NIST AES FInalists are....
Date: Fri, 13 Aug 1999 19:42:16 GMT
In article <[EMAIL PROTECTED]>,
"Thomas J. Boschloo" <[EMAIL PROTECTED]> wrote:
> > Here's a tip dave... No one uses your method (there might be 3
people
> > out there) because
> >
> > a) no real study on it
> > b) no real theory or thought into it
> > c) it's slow
> > d) it's ugly
> > e) it's memory intense
> > f) you claim it's the best in the world.
>
> Well said!
>
Thanks. That was my most honest consise dave-flame as of yet.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Future Cryptology
Date: Fri, 13 Aug 1999 18:54:23 GMT
In article <7ov7ve$mek$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> The fact is with all the Money the NSA gets they have to do
something.
> Obviously spying on the Red Chinese is a low priority with all the
moeny
> they funnel into the appropriate pockets. So they will have nothing
better
> to do then follow the whims and dictates of those in power. It is
very likely
> that those in power do not trust the common man and will do everything
> in there power to keep power. The best way to do that is to keep spin
> doctoring the media through the press. And to keep tabs on free
thinkers
> so they can be eliminated if they might some day become a threat. We
> are not really that far away from a Nazi type of government. But this
time
> they will spin it such that people will be fooled into thinking that
we are
> actually being more free and secure. The only way people of the world
> can be free is for open communications that are beyond the spying and
> whims of those in power. It should be a right of all world citizens
to be able
> to communicate with one another in private. With out fear of being
> political correct.
> Again I say wake up and smell the coffee AES is a joke. Those short
> key methods do nothing but play into the hands of a powerful few.
Can we say 'alt.paranoid'?
First off even if there is a miracle attack on AES say of 2^50 work
factor that is still quite large. The fact that even the new break on
RC6 (not applicable to the AES submission of RC6) requires 2^118 work
factor suggests that.
Again I say wake up and smell the coffee. The security is NOT ONLY in
the algorithm but in every aspect concerning the concealment, delivery
and deconcealment of a message. Encryption is just a small part of it.
Still the rest of the AES ciphers look quite promissing including MARS,
Twofish, RC6, Serpent and Rijndael. I doubt any feasible attack will
be found (although I am certain attacks will be found).
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NIST AES FInalists are....
Date: Fri, 13 Aug 1999 19:41:09 GMT
In article <[EMAIL PROTECTED]>,
"Thomas J. Boschloo" <[EMAIL PROTECTED]> wrote:
> What I am worried about, is that some of the AES designers *ARE*
members
> of the NSA. That would be smart.
Why? Then we would learn remotely new things from the NSA. That would
not be smart. What if the cipher got broken and there was an NSA leak
explaining why... That would cause a heap of !@#!.
> If they are really that good (and I don't *know* if they are that
good),
> they could design a cypher that would win the contest (and still be
> crackable by their supperiour knowledge). How do we know for sure that
> the crypto gods that entered the contest are not secretly very akin to
> the goverment reading all encrypted stuff? How do we know that
> www.anonymizer.com is not run by the feds?
> <http://members.tripod.com/spookbusters/informerizer.htm> Am I
cracking
> up again in my paranoid mania?!
>
> One counter argument I have already heard. Like the crypto gods
having a
> lot to lose, by it becoming known that, they released unsafe
algorithms.
> (But then again, they're only human..)
Most people tend to make bad ciphers because they spend little time
trying to break it. Or they try to break it using one type of attack.
That's why I trust Serpent and Twofish since they (well Twofish is
admitedly better here) documented types of attacks and why they would
not work (feasibly).
I still think this paranoia is misplaced. Why be afraid of the NSA
when there are millions of nobody civilians waiting to steal your
money, id or anything else just for pleasure....
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Future Cryptology
Date: Fri, 13 Aug 1999 19:04:42 GMT
In article <7ov8e9$f6i$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Patrick Juola) wrote:
> I don't believe that it's at all a good question; I'm not sure a
> cryptosystem exists that will protect me from the NSA but not
> from "thieves and pesky hackers [sic]."
That's not my point. My point was to stop focusing on stopping the NSA
and focus on the real task at hand. I can't believe cryptograpers
related to banking are thinking 'I wonder if the NSA can read these
messages'. I bet they are thinking 'how much effort will it take for
an attacker to forge transactions ...' or something like that.
I think newbies jump on this NSA band-wagon because like Bruce says
it's a buzzword. I mean I use 3DES... how ? how do you make the keys,
how do you share keys? etc...
Just saying a buzz-word (or as Bruce puts it 'buzzword compliant') does
not make a system secure. More mature would be 'I designed this to
stop the NSA by ...' (although I still think this is 'buzzword
compliant')., including real-life proof and testing to estimate
bounds. Instead of just jumping at 'NSA-proof' why not say something
real or quantifiable (yes I know real security is hardly quantifiable
but there are better things to prove).
> So "neither" seems to me to be a very rational answer.
You are not going to stop someone with more power then you, from
reading your messages. Simple as that. They can break into your
house, tap your phone, kidnap your spouse etc etc etc... You should
focus on making tampering or fraud hard (i.e can't be done remotely or
via software) which will stop more people.
> So when did the NSA stop being "people"? If the NSA has the
> capacity to break a system in such fashion, that's *NOT* to be
> encouraged.
The NSA is a buzzword (the word 'is' is technically correct since I am
using it as a collective noun). Simple as that. Look at Dave Scott.
He yaks on about the NSA all day long. Does he know anybody at the
NSA? Does he know anything about cryptography (outside of 'I know my
method is cumbersome it must be good')? I don't think so. But he uses
the word all day long saying 'NSA loves AES' etc. The problem is
people encourage him...
What I would love to see is someone from the NSA respond to these
messages and set some people straight.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Date: Fri, 13 Aug 1999 16:07:26 -0400
From: Lee Winter <[EMAIL PROTECTED]>
Subject: Re: crypto survey
Medical Electronics Lab wrote:
> [EMAIL PROTECTED] wrote:
> >
> > Simple question: Who is your enemy?
>
> Every government that exists :-)
A thoughtful response.
But the present tense is bothersome. Future governments might be evey
more of a threat than the current set. So...
Every government.
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Q. a hash of a hash ...
Date: Fri, 13 Aug 1999 15:58:08 -0400
>
> Since the domain of H is finite, the iteration
>
> x_(i+1) = H(x_i)
>
> eventually loops, whatever x_0 may be. There may be a number of
> different loops, being obtainable from different starting values x_0.
> Let the size of one of these loops be n. Then we have for any element
> x' in that loop
>
> x' = H^n(x')
yes of cours, but for each x, the loop cycle might be different. I was
saying that
H(H(....)) would not be a hash function if for all x, the loop cycle would
be the same.
Of cours, each x will have a loop cycle...
>
>
> M. K. Shen
> -----------------------
> http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Depth of Two
Date: Fri, 13 Aug 1999 20:03:11 GMT
In article <[EMAIL PROTECTED]>,
Jim Gillogly <[EMAIL PROTECTED]> wrote:
<< Interesting. For what it's worth, the generating sequence appears
to be a straight keyboard... not quite our QWERTY one:
<< QWERTZUIOASDFGHJKPYXCVBNML
It's from the German typewriter keyboard used on the commerical
version of the Enigma.
-- Jeff Hill
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Positive News About JAWS Technologies
Date: Fri, 13 Aug 1999 19:08:17 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> Many people will remember the Calgary company that offered $5 million
to anyone
> who could break a message encrypted by their L5 cipher with a 4096
bit key.
>
> Of course, as their algorithm wasn't disclosed, this engendered a
predictable
> reaction.
>
> However, I attended today a presentation they held here in Edmonton in
> conjunction with OA, an ISP and computer retailer (a large one that
supplies
> comprehensive services to business clients), and learned that - as of
last
> November - they have reached patent pending status on the algorithm,
and thus
> they are intending to reveal it once patent protection is in place.
(I know that
> isn't quite worded right, since that is sort of a given.)
I seriously doubt that L5 is a good method. If it tots 4096 bit keys
it can't be at all serious. The fact that they kept so secret about it
makes me wonder. Don't people know that patents on actual ciphers is
useless since it requires a strong system (key generation + cipher +
key exchange + etc...) to actually use it properly?
There is no money in ciphers nowadays (just like there is no money in
compilers) they are a 'dime a dozen'. (Considering there are many FREE
alternatives)
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Q. a hash of a hash ...
Date: Fri, 13 Aug 1999 16:00:30 -0400
>
> > P.S I to would also like to see some mathematical analysis on this
> > question.
The question I refer to is : Is H(H(x) as collision resistent as H(x).
And in the more specific case, for H = SHA_1.
Anyone have any refs?
I just rememberd a conversation about /dev/random, it uses SHA_1,
but a lot of people like to take the result and apply another SHA_1, it
seems that it is a little bit relevant....
Anton
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
