Cryptography-Digest Digest #127, Volume #10 Sat, 28 Aug 99 20:13:03 EDT
Contents:
WT Shaw temporarily sidelined (don garrisan)
Re: any literature about trusted unit? ([EMAIL PROTECTED])
Key Establishment Protocols - free chapter from Handbook of Applied Cryptography
(Alfred John Menezes)
Re: One-time pad encryption. ("Douglas A. Gwyn")
Re: How Easy Can Terrorists Get Strong Encrypt? ("Douglas A. Gwyn")
Re: OT -- but you ain't gonna believe this ("Rick Braddam")
DIMACS workshop on content protection ("Dan Boneh")
Fermat theorem on primes? ("Ender Olcayto")
Re: NEW THREAD on compression (Mok-Kong Shen)
Re: Will CIA be an actor of end-times ? (Derek Bell)
Re: Key Establishment Protocols - free chapter from Handbook of Applied Cryptography
(Paul Rubin)
Re: Key Establishment Protocols - free chapter from Handbook of Applied Cryptography
(Alfred John Menezes)
Re: 512 bit number factored (DJohn37050)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (don garrisan)
Subject: WT Shaw temporarily sidelined
Date: Sat, 28 Aug 1999 19:57:15 GMT
Bill has asked me to let you guys know that he will be off line for a
short while. Currently in the hospital, he will be back in touch with
the group as physical progress, time and laptop make it possible.
In the mean time, hang in there........that is what he is doing.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: any literature about trusted unit?
Date: Sat, 28 Aug 1999 19:34:52 GMT
The reason to think of a trusted unit, is just because that pioneered
technique has no user for 15 years.
--Meng
In article <7oihif$jl7$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Peter Gutmann) wrote:
>
>
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
>
> >[EMAIL PROTECTED] wrote:
> >> There are many literatures about "trusted" systems. Is there any
study
> >> about how to make today's computer "trusted" by adding a unit, say,
> >> smart card, online service, etc.
>
> >The degree of trust of existing systems can sometimes be increased by
> >such means, but to really produce a trustworthy system it has to be
> >designed that way from the outset, not with "security" added on as an
> >afterthought.
>
> Well, that's not entirely true. Here's a simple way of upgrading an
untrusted
> system to a trusted one[0] which involves replacing only a single
component:
>
> 1. Unplug the power cord from your untrusted system.
> 2. Plug a trusted system into the power cord.
>
> This innovative technique was pioneered about 15 years ago by Steve
Wozniak
> when he was asked how you upgraded an Apple II+ to a IIe.
>
> Peter.
>
> [0] Trusted in the Orange Book et al sense, that is.
>
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Alfred John Menezes)
Subject: Key Establishment Protocols - free chapter from Handbook of Applied
Cryptography
Date: 28 Aug 1999 19:32:22 GMT
In the past few months, we have made available 12 chapters
from our "Handbook of Applied Cryptography" for free download
from our web site: www.cacr.math.uwaterloo.ca/hac/
Our publisher, CRC Press, has generously given us permission
to place yet another chapter on the site. We have just uploaded
Chapter 9 (Key Establishment Protocols).
We continue to negotiate with our publisher to have the remaining
chapters as well as the appendices, bibliography, and index
uploaded to the web site.
We hope that these chapters will be of use to people in their
cryptographic work and study. We hope that by making the chapters
available for free download, the book will be accessible to those
who cannot afford to buy it, and to those who may only have a
cursory interest in the material presented in the book. At the
same time, our publisher is hoping that people who find the book
useful will go ahead and buy a copy of their own, and thus sales
of the book will not be affected. Any comments on this publishing
experiment will be greatly appreciated.
- Alfred
==========================================================================
| Alfred Menezes | Email: [EMAIL PROTECTED] |
| Department of C&O | Phone: (519) 888-4567 x6934 |
| University of Waterloo| Web page: www.cacr.math.uwaterloo.ca/~ajmeneze |
| Waterloo, Ontario | Web page for Handbook of Applied Cryptography: |
| Canada N2L 3G1 | www.cacr.math.uwaterloo.ca/hac/ |
| Centre for Applied Cryptographic Research: www.cacr.math.uwaterloo.ca |
==========================================================================
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: One-time pad encryption.
Date: Sat, 28 Aug 1999 20:59:15 GMT
Mickey McInnis wrote:
> If you use a "one-time" pad, and the enemy gets the ciphertext of
> both transactions, there is a weakness. The enemy doesn't have to
> get either cleartext.
Correct. This is also a serious problem with any system that
produces a "random" internal keystream that is then combined
with the plaintext in some simple way to produce the ciphertext.
(XOR is but one example of a simple combiner.)
Suppose that the interceptor suspects that the word "HOSPITAL"
is likely to occur somewhere within one of the two messages
assumed to be enciphered with the same internal key. Then he
can in effect try at each possible location within the text to
uncombine the assumed probable word/phrase ("HOSPITAL") and
thereby recover the key spanning the word/phrase and use that
key candidate to decipher the same span in the other message;
if sensible plaintext results, perhaps "OOPSENCO", he might
be able to guess how to extend that span ("TROOPSENCOUNTERED"),
use that to recover more key and decipher more of the first
message ("NTHOSPITALSUPPLIE"), and continue to work back and
forth until both plaintexts (and the key) are recovered.
In actual application, various improvements are made to the
process as I described it. Also, I didn't say how one detects
possible same-key ciphertexts in the first place, but it's
fairly easy. (Kappa test is one way.)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: How Easy Can Terrorists Get Strong Encrypt?
Date: Sat, 28 Aug 1999 21:02:36 GMT
John Savard wrote:
> - Terrorists are often fanatics; perhaps people with the intelligence
> to program a computer are seldom found in terrorist movements.
Terrorists sponsored by governments or rich backers, or large criminal
organizations, can simply *buy* sufficient technical expertise.
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Subject: Re: OT -- but you ain't gonna believe this
Date: Sat, 28 Aug 1999 17:00:06 -0500
Greg <[EMAIL PROTECTED]> wrote in message news:7q6up8$59q$[EMAIL PROTECTED]...
> I may have gotten one, I don't know. I never bother to read anything
> that I cannot immediately identify as friendly communication from
> someone I know.
I can understand them sending it to you and the others who responded to my post, and
it seems appropriate to me. Sending it to me
seems to invalidate their whole concept of linking people with questions to experts. I
don't want to present myself as an expert on
Security and Encryption to anyone. I read sci.crypt and talk.politics.crypto to learn,
I'm not qualified to teach or give advice. If
I have implied expertise to anyone, I apologize and will try to restrain myself in the
future.
Rick
------------------------------
From: "Dan Boneh" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.research
Subject: DIMACS workshop on content protection
Date: 28 Aug 1999 22:05:31 -0000
DIMACS Workshop on the Management of Digital IP
April 17-18, 2000, Rutgers, New Jersey, USA
CALL FOR PARTICIPATION
Critical to the development of e-commerce is the management of digital
intellectual property (IP). Technology has challenged the status quo of
IP management in many ways. Widespread use of personal computers and
Internet communication creates vast opportunities for producers,
distributors,
and consumers of digital works of all forms, but it also threatens to render
copying and modification of these works completely uncontrollable. DIMACS
will sponsor a two-day series of technical talks and "position statements"
on the design, development, and deployment of IP-management technology that
strikes the right balance between the need to control copying and
modification
and the desire to foster innovative uses of digital works that have been
enabled by computing and communication advances.
Speakers are encouraged to address all technical, legal, and business
aspects
of digital IP management. Companies offering relevant products and services
are encouraged to participate and to submit abstracts or papers outlining
their approach.
Topics appropriate for this workshop include, but are not limited to:
* Intellectual property protection.
* Anti piracy techniques.
* Legal issues in the protection of digital rights.
* New business models for managing digital rights.
* Passive content protection, e.g. watermarking, tracing traitors.
* Active content protection, e.g. software tamper resistance.
* Hardware solutions to content protection.
WORKSHOP URL: http://crypto.stanford.edu/DIMACS/
INSTRUCTIONS FOR AUTHORS
Authors are strongly encouraged to send their submission electronically.
Authors unable to submit electronically are invited to send a cover letter
and 4 copies of a submission (double-sided copies preferred) to the
postal address below. Submissions must be received on or before
January 17, 2000 (or postmarked by January 5, 2000, and sent via airmail
or courier). The cover letter should contain the submission's title and
the names and affiliations of the authors, and should identify the contact
author including e-mail and postal addresses.
Authors are invited to submit a one page abstract or a full-length
paper or position statement.
(1) Abstract submissions should contain a title, list of authors, and
an abstract describing the proposed talk. The abstract should
indicate whether the authors intend to submit a full-length paper
in case the abstract is accepted.
(2) Full-length submissions should begin with a title, list of authors, and
a short abstract. The introduction should summarize the
contributions of the work at a level appropriate for a
non-specialist reader. The submission should be at most 12 pages
excluding the bibliography and clearly marked appendices,
using at least 11-point font and reasonable margins. The organizers do
not guarantee that they will read appendices; so submissions should be
intelligible without them.
Notification of acceptance or rejection will be sent to authors by
February 14, 2000.
CONFERENCE PROCEEDINGS
We will decide whether to publish a proceedings for the workshop based on
the number of full-length submissions. If the number and quality of
full-length submissions are sufficient, proceedings will be published
by the American Mathematical Society as a volume in the DIMACS series.
CONFIRMED SPEAKERS:
(1) Paul Kocher, Cryptography Research.
(2) Stuart Haber, InterTrust.
(3) Narayanan Shivakumar, Univ. Washington
(4) Jon Callas, Kroll-O'gara
DATES:
SUBMISSION: January 17, 2000
ACCEPTANCE: February 14, 2000
Pre-PROCEEDINGS VERSION: March 24, 2000
ORGANIZING COMMITTEE:
Dan Boneh, Stanford University, USA
Joan Feigenbaum, AT&T Research
Ramarathnam Venkatesan, Microsoft Research
ADDRESS FOR ELECTRONIC SUBMISSIONS:
[EMAIL PROTECTED]
ADDRESS FOR NON-ELECTRONIC SUBMISSIONS:
Dan Boneh, DIMACS workshop,
Gates 475,
Stanford, CA, 94304-9045
U.S.A
Phone: (1) 650-725-3897 Fax: (1) 650-725-4671
E-mail: [EMAIL PROTECTED]
STIPENDS: A limited number of stipends are available to those unable
to obtain funding to attend the workshop. Students giving talks
at the workshop are encouraged to apply if such assistance is
needed. Requests for stipends should be addressed to Joan Feigenbaum
at [EMAIL PROTECTED]
------------------------------
From: "Ender Olcayto" <[EMAIL PROTECTED]>
Subject: Fermat theorem on primes?
Date: 28 Aug 1999 22:07:57 -0000
[ Re-directed from sci.crypt.research.
For the poster: a proof should be available in any introductory
number theory textbook. --Moderator. ]
I remember reading somewhere that: " For any integer n in (1,1-p), if
1=n(p-1) mod-p is not satisfied, then p is not prime." is a variant on
Fermat's theorem (it could have been Euler-Fermat theorem) on primes.
I would be grateful for anybody who can give me a proof of the above. I have
suspicion it is not a correct statement of the theorem.
Thanks in advance.
Ender
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NEW THREAD on compression
Date: Fri, 27 Aug 1999 23:11:53 +0200
[EMAIL PROTECTED] wrote:
>
> Mok-Kong Shen ([EMAIL PROTECTED]) wrote:
> : Yes, this works if the sole purpose is compression/decompression.
> : But if this stuff is encrypted and decrypted back with a wrong key,
> : you wouldn't have the proper length information. This, according
> : to Mr. Scott's reasoning, is bad, because it immediately tells him
> : that the key he has employed is wrong.
>
> At least one has to go through the whole message, from start to finish, to
> find that the wrongly deciphered message has ended in the middle of a
> symbol.
No. My understanding of Mr. Scott's idea is as follows: Let Y be the
ciphertext. The analyst tries a certain key K to decrypt Y to C.
He then decompresses C to D and compresses D to C1. If C1 is not
identical to C (this comparison can be done automatically without
human intervention!), he knows that K is certainly wrong. Note that
crucial to this matter is the processing at the end of the file.
That's the main reason of providing the three conventions in my
proposed scheme.
M. K. Shen
------------------------------
From: Derek Bell <[EMAIL PROTECTED]>
Subject: Re: Will CIA be an actor of end-times ?
Date: 28 Aug 1999 23:09:39 +0100
collomb <[EMAIL PROTECTED]> wrote:
: work of the 3 cryptographers, but he did not say: < that's it ! >
Sanborn has said that they have decrypted those parts correctly.
: What would think of a cryptographer saying to the Chief of HQ :
: Chief, all is deciphered, except a small sentence < the 97
: characters � >.
This is not unusual - see the book _Venona_ by Nigel West - there are
many texts where parts are not decrypted.
Derek
--
Derek Bell [EMAIL PROTECTED] | Socrates would have loved
WWW: http://www.maths.tcd.ie/~dbell/index.html| usenet.
PGP: http://www.maths.tcd.ie/~dbell/key.asc | - [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Key Establishment Protocols - free chapter from Handbook of Applied
Cryptography
Date: 28 Aug 1999 22:42:14 GMT
In article <7q9dg6$q70$[EMAIL PROTECTED]>,
Alfred John Menezes <[EMAIL PROTECTED]> wrote:
>In the past few months, we have made available 12 chapters
>from our "Handbook of Applied Cryptography" for free download
>from our web site: www.cacr.math.uwaterloo.ca/hac/
>
>Our publisher, CRC Press, has generously given us permission
>to place yet another chapter on the site. We have just uploaded
> Chapter 9 (Key Establishment Protocols).
>We continue to negotiate with our publisher to have the remaining
>chapters as well as the appendices, bibliography, and index
>uploaded to the web site.
How many chapters are there altogether? Are you hoping to eventually
upload all of them?
>We hope that these chapters will be of use to people in their
>cryptographic work and study. We hope that by making the chapters
>available for free download, the book will be accessible to those
>who cannot afford to buy it, and to those who may only have a
>cursory interest in the material presented in the book. At the
>same time, our publisher is hoping that people who find the book
>useful will go ahead and buy a copy of their own, and thus sales
>of the book will not be affected. Any comments on this publishing
>experiment will be greatly appreciated.
I think it is great. It doesn't really seem like an experiment to me,
since it's been done several times before, always with good results in
the cases that I know of. One of my favorite web implementation books,
"Philip and Alex's Guide to Web Publishing" (don't let the fluffy
title fool you--it is a very hardcore book) is completely online at
http://www.photo.net/wtr/thebook and it's gotten over 100 highly
favorable reviews at Amazon.com and has been in their top 1000
bestsellers for months. The TeXbook by Donald Knuth is included
in digital form in the TeX distribution. And the GNU Emacs manual,
which is online and included in the Emacs distribution, has sold
tens of thousands of hardcopies (very good for any technical book)
almost all by mail order, with virtually no bookstore distribution
and no advertising.
Any way that you can expose people to the contents of your book makes
them more likely to buy it, IMHO.
------------------------------
From: [EMAIL PROTECTED] (Alfred John Menezes)
Subject: Re: Key Establishment Protocols - free chapter from Handbook of Applied
Cryptography
Date: 28 Aug 1999 23:03:29 GMT
In article <7q9ok6$[EMAIL PROTECTED]>,
Paul Rubin <[EMAIL PROTECTED]> wrote:
>In article <7q9dg6$q70$[EMAIL PROTECTED]>,
>Alfred John Menezes <[EMAIL PROTECTED]> wrote:
>>In the past few months, we have made available 12 chapters
>>from our "Handbook of Applied Cryptography" for free download
>>from our web site: www.cacr.math.uwaterloo.ca/hac/
>>
>>Our publisher, CRC Press, has generously given us permission
>>to place yet another chapter on the site. We have just uploaded
>> Chapter 9 (Key Establishment Protocols).
>>We continue to negotiate with our publisher to have the remaining
>>chapters as well as the appendices, bibliography, and index
>>uploaded to the web site.
>
>How many chapters are there altogether? Are you hoping to eventually
>upload all of them?
There are 15 chapters altogether, of which 13 have already
been uploaded. There is also an appendix, the bibliography, and
the index. We hope to eventually upload all of them. We need to
get the permission of our publisher each time we distribute a
chapter.
We also hope to eventually add other useful to the web page such
search facilities, and chapter bibliographies, but it may be a
while before I figure out how to do these things.
(Does anyone know how one can generate searchable indexes from
pdf files?)
>>We hope that these chapters will be of use to people in their
>>cryptographic work and study. We hope that by making the chapters
>>available for free download, the book will be accessible to those
>>who cannot afford to buy it, and to those who may only have a
>>cursory interest in the material presented in the book. At the
>>same time, our publisher is hoping that people who find the book
>>useful will go ahead and buy a copy of their own, and thus sales
>>of the book will not be affected. Any comments on this publishing
>>experiment will be greatly appreciated.
>
>I think it is great. It doesn't really seem like an experiment to me,
>since it's been done several times before, always with good results in
>the cases that I know of. One of my favorite web implementation books,
>"Philip and Alex's Guide to Web Publishing" (don't let the fluffy
>title fool you--it is a very hardcore book) is completely online at
>http://www.photo.net/wtr/thebook and it's gotten over 100 highly
>favorable reviews at Amazon.com and has been in their top 1000
>bestsellers for months. The TeXbook by Donald Knuth is included
>in digital form in the TeX distribution. And the GNU Emacs manual,
>which is online and included in the Emacs distribution, has sold
>tens of thousands of hardcopies (very good for any technical book)
>almost all by mail order, with virtually no bookstore distribution
>and no advertising.
Our handbook has a smaller market than books like the Emacs manual
or any book on web publishing, so in that sense the publisher is
taking a bit of a risk by letting us distribute it for free on the
web. I suppose that the experiment here is convincing publishers
to allow expensive technical books (retail price of our book is
$84.95) to be available for free on web pages -- this way those who
cannot afford the book or who have only a marginal interest still
have easy access to it -- while not affecting sales.
>Any way that you can expose people to the contents of your book makes
>them more likely to buy it, IMHO.
We have to continually convince our publisher of this. So far they
are quite pleased with the results.
- Alfred
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: 512 bit number factored
Date: 28 Aug 1999 23:56:32 GMT
Well, I seem to remember it was one of the inventors of the RSA algorithm that
made a quote about how long he thought it would take to break 512 bits. And it
was very long. And he could not have said it much before 1977.
Don Johnson
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
