Cryptography-Digest Digest #43, Volume #10 Fri, 13 Aug 99 21:13:04 EDT
Contents:
The Shocking Truth About Akelarre! (John Savard)
Re: AES finalists to be announced (David A Molnar)
Re: Digital simulation ([EMAIL PROTECTED])
Re: Future Cryptology (David A Molnar)
Re: crypto survey (David A Molnar)
Re: IEEE Computer: Staying with the Herd (David A Molnar)
Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever!
(JPeschel)
Re: Depth of Two ("Douglas A. Gwyn")
Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever! (John
Savard)
Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever! (John
Savard)
Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever!
(JPeschel)
Re: Please help a HS student with an independent study in crypto
([EMAIL PROTECTED])
Re: NIST AES FInalists are.... ([EMAIL PROTECTED])
Re: About Algorithm M (John Savard)
I HOPE AM WRONG (SCOTT19U.ZIP_GUY)
Re: I HOPE AM WRONG ([EMAIL PROTECTED])
Re: Smart card generating RSA keys ([EMAIL PROTECTED])
Re: About Algorithm M ([EMAIL PROTECTED])
Re: Newbie Question - Do you need to have the message when you have a digest?
([EMAIL PROTECTED])
Re: Cipher-Feedback Mode ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: The Shocking Truth About Akelarre!
Date: Fri, 13 Aug 1999 22:12:31 GMT
Go to this page:
http://www.cogs.susx.ac.uk/users/larryt/basque.words.html
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: AES finalists to be announced
Date: 13 Aug 1999 22:16:09 GMT
Bruce Schneier <[EMAIL PROTECTED]> wrote:
> First off, please realize that this is all very subjective.
[snip opinions]
That's why I asked for opinions. :-) Thank you for giving yours, since it
does much to explain the statement which started this whole sub-thread.
Thanks,
-David Molnar
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Digital simulation
Date: Fri, 13 Aug 1999 21:38:41 GMT
In article <[EMAIL PROTECTED]>,
Christy Fulcher <[EMAIL PROTECTED]> wrote:
> Im am looking for a way to simulate an encryption algorithm in
> electronic workbench
> (or similar), for a project in electronics. My knowledge so far
consists
> of simple
> circuits like and, not, xor etc. Could anyone help me in suggesting an
> algorithm that can
> be implemented using these tools.
Try a OTP.... hehehe...If you are serious I would try hardware oriented
ciphers such as DES first.
If you truly are into electronics you should note any cipher or program
can be done with XOR/AND gates ...
BTW, why did you post 4 times?
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Future Cryptology
Date: 13 Aug 1999 22:34:03 GMT
John <[EMAIL PROTECTED]> wrote:
> I wonder, if one makes the algorithms public, it is only a
> matter of time before they are cracked.
You are assuming that no "un-crackable" algorithm exists. This may be a
correct statement, but I know no way of proving or disproving it. If I
did, I'd apply for tenure.
This seems to be one of the reasons why cryptography correlates with
computational complexity, by the way. If we can't prove a system secure,
the next best thing is to show that breaking the system implies that P =
NP. Then if the system _is_ broken, well, no one will care because we'll
all be too busy exploring the applications of P = NP.
Note that it may not be enough to show that breaking the system for some
instance implies P = NP; we need it to be hard on the average (I think
Doug Gwyn pointed this out as a deficiency of standard complexity theory
in a separate thread) _AND_ not amenable to efficient approximation.
Even if no "un-crackable" algorithm exists, it takes time to analyse a new
algorithm. In this case, Terry Ritter's approach of using multiple ciphers
and multiple families of ciphers makes sense. You also need a way of
updating the cipher you use on the fly; one experiemental implementation
of this is Ben Adida's "Self-Describing Cryptography" at
http://ben.adida.net/thesis/
>If they aren't public,
> nobody will use them. What is the solution?
Secret algorithms are deployed every day.
Some by the NSA for use in classified systems, others by the vendors
mentioned in the Snake Oil FAQ. You don't need to look any farther than
GSM phones to see what has happened when a secret algorithm was discovered
and turned out to be weaker than expected.
My point is that I'm not sure your dichotomy holds.
-David Molnar
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: crypto survey
Date: 13 Aug 1999 22:35:47 GMT
Lee Winter <[EMAIL PROTECTED]> wrote:
> But the present tense is bothersome. Future governments might be evey
> more of a threat than the current set. So...
> Every government.
YM "Every STATE"
-David (state != government)
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: IEEE Computer: Staying with the Herd
Date: 13 Aug 1999 22:39:11 GMT
David A Molnar <[EMAIL PROTECTED]> wrote:
> Thanks for the heads up. I just joined the IEEE Computer Society; good to
> know that such an article is coming. Will be interesting to see what the
> response in the next issues is like.
This is a good month for crypto in magazines, it looks like. Bruce
Schneier has an article on biometrics in _Communications of the ACM_.
-David
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever!
Date: 13 Aug 1999 22:24:44 GMT
[EMAIL PROTECTED] (John Savard) writes:
>Of course, if the flying saucers armed with quantum computers ever
>invade, the thing just might actually be practical...
Yeah, but what about those pesky time-travelling aliens, huh?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Depth of Two
Date: Fri, 13 Aug 1999 21:44:05 GMT
Observation 1: Chaining between the plain (normal) alph. and one
reciprocal cipher alph. yields disjoint cycles.
Observation 2: These cycles occur in pairs of the same length.
Observation 3: The pairs match up in reverse order.
Observation 4: If you chain with another cipher alph., you get
different cycles.
Observation 5: The two sets of cycles can be used to figure out
how to match up the (reversed) members of each pair.
By the time you get the details worked out this far, you should
be able to solve the example.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever!
Date: Sat, 14 Aug 1999 00:14:50 GMT
[EMAIL PROTECTED] (John Savard) wrote, in part:
>[EMAIL PROTECTED] (John Savard) wrote, in part:
>>The most absolutely extravagant waste of processing cycles ever
>>envisaged to encipher a single byte of plaintext now awaits your
>>perusal!
>Come to think of it, RSA and similar algorithms probably still hold
>the record ... but of course they offer other useful properties that a
>symmetric algorithm does not.
For an estimate of how long it takes: to encipher each byte, one
iteration of a 128-bit block cipher (assume 4x as long as DES) and two
64-bit block ciphers with 32 rounds (assume 2x as long as des each)
are performed. Hence, this is 8x as long as a DES encryption for 1/8
as much data...so it is 64 times slower than DES. (Is this a new
record, or what?)
Not counting the original source stream cipher, which I envisaged as
being something like Panama - possibly my more than 8x slower version
of it.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever!
Date: Sat, 14 Aug 1999 00:12:13 GMT
[EMAIL PROTECTED] (JPeschel) wrote, in part:
>[EMAIL PROTECTED] (John Savard) writes:
>>Of course, if the flying saucers armed with quantum computers ever
>>invade, the thing just might actually be practical...
>Yeah, but what about those pesky time-travelling aliens, huh?
If they can travel through time, nothing will help.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever!
Date: 14 Aug 1999 00:21:10 GMT
[EMAIL PROTECTED] (John Savard) writes:
>>Yeah, but what about those pesky time-travelling aliens, huh?
>
>If they can travel through time, nothing will help.
Not even the NSA?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Please help a HS student with an independent study in crypto
Date: Sat, 14 Aug 1999 00:11:07 GMT
In article <7p09qu$3e6$[EMAIL PROTECTED]>,
"Jeff Moser" <[EMAIL PROTECTED]> wrote:
> I'm entering my senior year of high school. I had a hole in my
schedule and
> I choose to fill it with an independent study in abstract algebra with
> emphasis on cryptography. I have read (and own) Applied Cryptography
and I
> have Handbook to Applied Cryptography (downloaded from their site).
Right
> now, I have a good understanding of "how" things work in crypto. (How
[RSA,
> ElGammal, DH, etc] works, How [DES, RCx, AES submissions, etc] works,
How
> signatures work, MAC/Hash, etc). What I want to focus on in the
course is
> "Why" it works. I'd like to be able to write out proofs for why the
methods
> work. I'd like to be able to, for example, show the mathematics of
why the
> public key systems work [in depth of Euler Totient/Phi, Galois
fields, other
> fields, etc]. I became really interested in cryptography over a year
ago and
> after studying it as a hobby, I'm incredibly amazed by the subject
and love
> it. I know there are people who've been in the field longer than I've
been
> alive and that amazes me. I know there are many thing to learn about
the
> subject. My main question to the group is this: are there any
professors,
> students of crypto classes, other enthusiasts, etc, who could help me
in
> forming an itinerary of important things that I should focus on in
the time
> I have during the year? The class time will be (45 mins/day) for 180
school
> days. The main reason that I'm asking the group is that the teachers
here at
> my school were not aware of what cryptography was. I was able to get
two
> teachers to help me because they took abstract algebra courses in
college.
> They'd be familiar with the fields, groups, rings, ham. cycles, etc.
If
> anyone in sci.crypt can help me out, I'd be extremely grateful and in
debt
> to them.
Why things work... that's a full load. You should concentrate on
certain fields of study such as discrete logarithms, try to explain
why/how to find good generators (mod p) etc. Trying to cover all
crypto theory in one semester is quite a bit todo. There are many good
online sources for theories. If you are looking for papers on 'why
this cipher is secure' you are not going to find them.
Some areas to study:
1. discrete lograithms
2. finding base 'd' logarithms (solving RSA)
3. s-box construction
4. finite pseudo-random sequences (LFSRs, lagged fibo, MWC, SWC, etc..)
5. X^2 analysis (and/or Mod N analysis)
6. Differential or Linear Cryptanalysis (if you are talented try both).
7. Review of practical PRNG tests
8. secure automated protocals
9. Zero knowledge proofs
10. Hash-Ciphers (Bear, Lion and Ardvark are good examples)
11. Digital Signatures
I am by no measure an expert, but those are some valid suggestions for
areas to study. If you focus on one (or two) I am certain that people
in this group can help you out. I would not mind helping out. I have
many papers on my HD (basically on cryptanalysis) I could email to you
if you want.
BTW I am in HS and we don't even come close to any usefull linear
alegebra. I am surprised to find other HS students here...
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NIST AES FInalists are....
Date: Sat, 14 Aug 1999 00:18:51 GMT
In article <[EMAIL PROTECTED]>,
Volker Hetzer <[EMAIL PROTECTED]> wrote:
> > This alone is one reason overseas companys would be foolish to
> > use any of the AES candidates. The NSA will not doubt design special
> > hardware just for the decoding of messages that overseas companies
> > are dumb enough to use one of the AES methods.
> You have done better postings.
> Tell me about the special hardware that can crack a 128 bit block
cipher.
But didn't you know the NSA is always snooping on people. Let alone
the fact that's not their job.
> Btw, I don't know how your government does this, but in east germany
we simply
> bought out the cleaning lady of the company we would spy on. Much
cheaper
> than your beloved "special hardware".
Your hardware seems to be alive...oh well.
I would not listen to Dave since he rambles on about the NSA like he
has a clue.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Hi! I'm a signature virus! Copy me into your signature file to help me
spread!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: About Algorithm M
Date: Sat, 14 Aug 1999 00:43:35 GMT
[EMAIL PROTECTED] wrote, in part:
>Is that book still readily available? I might pick up a copy.
It's kind of expensive. The full title is Seminumerical Algorithms,
volume 2 of The Art of Computer Programming, by Donald E. Knuth.
(Addison-Wesley)
It is currently in print in a revised edition.
The three volumes so far published (Fundamental Algorithms,
Seminumerical Algorithms, Sorting and Searching) are considered the
foremost reference and handbook of algorithms used in computer
programs.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: I HOPE AM WRONG
Date: Sat, 14 Aug 1999 01:28:03 GMT
If you look in the Deja news archvie you can see my prediction
of what and why the bombing of the Chinese Embassy occured.
Fact the CIA knew where the Chinese Emabssy was.
Fact the Chinese Military give boo koo bucks to the Democratic
party. China has got a lot for the money.
Even know as we speak Clinton can not give a firm anwser
to what the US would do if the main land Chinese invade Twain.
I'm I the only one who thinks that we are giving the green light
for the invasion. And was that the Bombing in Yougoslovia was just
a clever way so that we could back down.
Yes I hope I am wrong but I think most people greatly under
estimate the dishonesty of our current president. But then again
maybe I'm wrong. But think about it why is Clinton not giving
clear warning to the Chinese. May some NSA type who knows
what is going on can inlighten us.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: I HOPE AM WRONG
Date: Fri, 13 Aug 1999 20:44:07 -0400
No offence or anything but what does that have to do with cryptography?
"SCOTT19U.ZIP_GUY" wrote:
> If you look in the Deja news archvie you can see my prediction
> of what and why the bombing of the Chinese Embassy occured.
> Fact the CIA knew where the Chinese Emabssy was.
> Fact the Chinese Military give boo koo bucks to the Democratic
> party. China has got a lot for the money.
> Even know as we speak Clinton can not give a firm anwser
> to what the US would do if the main land Chinese invade Twain.
> I'm I the only one who thinks that we are giving the green light
> for the invasion. And was that the Bombing in Yougoslovia was just
> a clever way so that we could back down.
> Yes I hope I am wrong but I think most people greatly under
> estimate the dishonesty of our current president. But then again
> maybe I'm wrong. But think about it why is Clinton not giving
> clear warning to the Chinese. May some NSA type who knows
> what is going on can inlighten us.
>
> David A. Scott
> --
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
> http://www.jim.com/jamesd/Kong/scott19u.zip
> http://members.xoom.com/ecil/index.htm
> NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Smart card generating RSA keys
Date: Fri, 13 Aug 1999 23:57:38 GMT
In article <[EMAIL PROTECTED]>,
Cuykens Anthony <[EMAIL PROTECTED]> wrote:
>
> Hi there,
>
> Does anybody have an idea on how long could need a smart card to
> generate an RSA key pair ? (if it is possible)
I would estimate it would take about 25 minutes to make a good size RSA
key (*about 768 bits*).
It takes about 2mins on my 486...
You have to remember that most smartcard cpu's can only do math in 8-
bit steps (well some like the 68hcxx series have 16-bit registers).
I would suggest making the keys on a desktop and using them on the
smartcard (if needed).
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: About Algorithm M
Date: Fri, 13 Aug 1999 23:59:20 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Jerry Coffin) wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> > [EMAIL PROTECTED] wrote:
> > > 1) I know Algorithm M is simple to describe but ...
> >
> > Maybe you should describe it, then. Are we supposed to know what
> > you mean by "Algorithm M"? It's not a standard term.
>
> I can only guess, but my guess would be that it's the Algorithm M
from
> Knuth, V2 (page 32).
Is that book still readily available? I might pick up a copy.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Newbie Question - Do you need to have the message when you have a digest?
Date: Sat, 14 Aug 1999 00:02:05 GMT
In article <7otua7$i28$[EMAIL PROTECTED]>,
"Andrew Rutherford" <[EMAIL PROTECTED]> wrote:
> I want to be able to create a fixed length key or digest for a
particualr
> document of any size, and send this created digest to a recipient who
will
> be able to recreate EXACTLY the same message from this digest alone.
I've
> put this question on the compression groups, but no answer, so I
thought I'd
> try here.
The document would have redundancies inorder to be represented by a
shorter digest (read: any compression step). The digest would contain
the instructions on how to 'rebuild' the original. However you can
never expect the compressed size to be a specific size.
>
> There's a free virtual beer in it for anyone who helps!!
I would like it, but you are asking the impossible.
It's like saying, represent any 1024 bit number with only 16 bits ...
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Cipher-Feedback Mode
Date: Sat, 14 Aug 1999 00:14:23 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] () wrote:
> I should have noted, though, that you're right that CFB can be
performed
> with different numbers of bits per encipherment; I only mentioned the
> simplest variant, 64-bit (or full-width, for block ciphers with
different
> block sizes than DES) CFB.
Maybe because CFB was designed to encrypt blocks smaller then the block
length. It's ok though I am surprised anyone uses CFB anyways...
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
