Cryptography-Digest Digest #149, Volume #10 Tue, 31 Aug 99 12:13:05 EDT
Contents:
Re: public key encryption - unlicensed algorithm ("ME")
Re: Workshop in Paris on Watermarking and Copyright enforcement (JGM)
Re: Workshop in Paris on Watermarking and Copyright enforcement (David Chase)
Re: Can I export software that uses encryption as copy protection? (Eric Lee Green)
Re: Which of these books are better ? (Keith A Monahan)
Re: Workshop in Paris on Watermarking and Copyright enforcement (SCOTT19U.ZIP_GUY)
Re: Cryptography Items and Issues (Stefek Zaba)
Re: original source code for robert morris crypt.c circa 1970's (Eric Lee Green)
Re: Statue for Enigma hero (Nick Battle)
Re: 512 bit number factored (Anton Stiglic)
Re: Hardware - Software Implementation of Pseudo Random Generators (Tim Tyler)
Re: Can we have randomness in the physical world of "Cause and Effect" ? (Tim Tyler)
Re: Workshop in Paris on Watermarking and Copyright enforcement (SCOTT19U.ZIP_GUY)
Re: What if RSA / factoring really breaks? (JPeschel)
Re: Which of these books are better ? (JPeschel)
Re: Which of these books are better ? (DJohn37050)
Re: Hardware - Software Implementation of Pseudo Random Generators ("Trevor Jackson,
III")
Re: WT Shaw temporarily sidelined (JPeschel)
----------------------------------------------------------------------------
From: "ME" <[EMAIL PROTECTED]>
Subject: Re: public key encryption - unlicensed algorithm
Date: Tue, 31 Aug 1999 19:29:46 +1000
SET is definitely not for "secure" credit card processing.
Keyboard sniffing compromises passwords, while file copying compromises the
certificates/privates keys.
End result = MOTO style transactions with complex technology that duplicates
the SSL and SGC capabilities.
Lyal
Paul Rubin wrote in message <7qflgf$[EMAIL PROTECTED]>...
>In article <[EMAIL PROTECTED]>,
>shivers <[EMAIL PROTECTED]> wrote:
>>>Have you looked at the SET protocol ?
>>
>>no, I've never heard of it - is it any good? I.e. strong and unlicensed?
>
>SET is a specialized and very complicated protocol being pushed by
>Visa for credit card transactions. See www.setco.org for details.
>It is like EDI for online credit card processing, with special message
>fields for all kinds of purchase-specific data such as the amount of
>gas left in the tank of a rental car when you return it. It is almost
>certainly not what you want.
------------------------------
From: JGM <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.java.security,comp.graphics.misc,rec.arts.movies.tech
Subject: Re: Workshop in Paris on Watermarking and Copyright enforcement
Date: Mon, 30 Aug 1999 17:11:24 -0400
Reply-To: [EMAIL PROTECTED]
Robert Harley wrote:
> > * Insertion of a watermark in a document (image, music, java bytecode,
> > etc.). Ideally, this mark should be invisible and impossible to erase.
>
> A lesser claim like "almost invisible and quite difficult to erase"
> would have the distinct advantage of not being nonsense.
I think the word "ideally" covers this by admitting that this is a
potentially non-acheivable goal. Note that this is apparently a discussion
forum rather than an advertisement for a system; at such times stating ideal
goals is entirely appropriate.
JGM
>
>
> Bye,
> Rob.
------------------------------
From: David Chase <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.java.security
Subject: Re: Workshop in Paris on Watermarking and Copyright enforcement
Date: Tue, 31 Aug 1999 09:19:30 -0400
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> > As for your statement about "bogus claims, like compression programs
> > that can supposedly compress every file." I think my compression method
> > on "http://members.xoom.ecil/compress.htm" can compress every finite
> > file that is not to large that the operating system can't handle it.
Soeren Mors wrote:
> Your use of the word compression is interesting to say the least. I
> wouldn't call it compression if the file actualy got larger.
"When I use a word, it means just what I choose it to mean - neither
more nor less." (Humpty Dumpty)
There's been a lot of that going around lately.
--
David Chase -- [EMAIL PROTECTED]
NaturalBridge LLC -- http://www.naturalbridge.com
BulletTrain bytecode compiler -- when you can't wait for performance
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Crossposted-To: misc.legal.computing
Subject: Re: Can I export software that uses encryption as copy protection?
Date: Tue, 31 Aug 1999 06:23:05 -0700
"SCOTT19U.ZIP_GUY" wrote:
> file. But if they already have a key there is not much you can do except slow
> them down from making pirated copies of your program.
Exactly, and your key will end up being posted to alt.2600 within
minutes if your program appeals to the script kiddies (grin).
How the script kiddies get ahold of keys -- usually they steal them from
Daddy-o. Either Daddy has the program at the office, or they convince
Daddy to buy the program for them legally. Then to prove how 1333t they
are, they post the key all over for all their little script kiddy
friends.
I also have seen cases where a group of them who live in the same city
would pool their money and do the same thing, i.e., a dozen paying for
one copy of the program, then sharing it amongst themselves. That's a
little rarer. Usually they take advantage of kids with rich daddies and
poor social skills, and "work" those kids into buying the software for
them in exchange for "tag-along" status in their "community". Rather
pathetic, actually.
Anyhow, the net result of the script kiddy's actions is that crackers do
get access to both the key needed to decrypt the program and the program
itself. There's been a lot of people who have "proven" that they can
make an "unbreakable" scheme, but all I've seen is methods of slowing
crackers down to make it economically unfeasible. But that only works
where people are motivated by economics, and not by other factors
("bragging rights", intellectual challenge, etc.).
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
^^^^^^^ Burdening Microsoft with SPAM!
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: Which of these books are better ?
Date: 31 Aug 1999 13:31:59 GMT
JaeYong,
I have (1) and have looked through (2) and have heard but not seen (3).
1. Very good book - easy to read, easy to understand. Even comical at some
points. The style is relaxed but covers alot of good material, especially
all the basics. If you are interested in crypto, this is really what
most people would consider the definitive reference. It doesn't include
every little detail for implementation, but provides references for you
to obtain the detail. I would consider this required reading, however.
2. I have looked through this book more than once, and if you are
interested in the math, then this is probably the book for you. I'm
not a math major, so certain sections kind of scared me :) Seriously,
it looks to be a good book and it's going to be one that I add to my
collection soon enough. I think the hardback was $84.00, I believe,
which would make it one of the most expensive books I'd buy.
Don't know anything about (3) but I can recommend an alternative to those
listed. There is a book called "Cryptography and Network Security" which
is a fairly recent book which is very good. It details everything very
nicely, goes through space(read: pictures, diagrams) and time without
regard to size. I particularly enjoyed reading the book because it goes
over the material enough for you to actually LEARN it, without having to
reread the sections. It's a little redundant sometimes, but its
easy to skip sections if they are stuck on one topic... ISBN is
0138690170 .... oh and I forgot. It kind of reads like a classroom text,
with questions at the ends of chapters, and so forth.
Keith
JaeYong Kim ([EMAIL PROTECTED]) wrote:
: for both conceptional understanding and mathematical understanding..
: 1. Applied Cryptography, Bruce Schneier
: 2. Handbook of Applied cryptography, Menezes et al
: 3. Cryptography: Theory and Practice, Stinson
: and I doubt free electronic distribution of Handbook of.. is due to incoming
: publication of next version.. how do you think?
: please answer
: JaeYong Kim
: --
: [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Workshop in Paris on Watermarking and Copyright enforcement
Date: Tue, 31 Aug 1999 14:37:16 GMT
In article <[EMAIL PROTECTED]>, Soeren Mors <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
>> Actually since the public is very controlable if you forced every one to
>> use something like Mircrosoft Word (which virus makers love) you
>> can easily make it mark the document in hidden way so that the average
>> user would have no idea.
>
>If we only had to protect oursleves against the average user, crypto
>would be a lot simpler.
>
>> As for your statement about "bogus claims, like compression programs
>> that can supposedly compress every file." I think my compression method
>> on "http://members.xoom.ecil/compress.htm" can compress every finite
>> file that is not to large that the operating system can't handle it.
>> But before you get all huffy. It is "one to one". That is every file
>> compresses to a unique file. And every file decompresses to a unique
>> file. However it is does not violate the counting therom since the average
>> compression of a random file actaully makes the output file longer.
>> Also it may seem strange to you but the decompression portion actaully
>> makes the average random file longer too. It just makes the file longer on
>> the average than the compression.
>
>Your use of the word compression is interesting to say the least. I
>wouldn't call it compression if the file actualy got larger.
>
I have an "adaptive huffman compression" program. It is called that becasue
you build huffman trees and compress. It is "ont to one" becasue every file
has a uique file that it compressed to and every file has a unique file that
it expands to. It is called that for historic rasons. I doubt if there is file
you can make where you can send a readable message of few hundred cahracters
or more that it would not compress to a "smaller file". Huffman type
compresseors are made to take advantage certain types of files. But by
the "counting therorm" no lossless compressor can make all files smaller.
One can talk about a diet where where the average person on the diet
might gain weight. But certain classes of those on the diet would lose weight.
Yes my compresstion routine makes the average file longer. It is fact that
certain classes of files taken out of the class of all files. Namely what 99%
of the people use for communications we get smaller. The problem is that
people are so use to bogus claim of lossless compression routines that
make all files smaller. That they tend to shut off there brains when one
has a compression routine that is a pue "one to one" type of transformation
that would be useful for encryption. Becasue they imediately jump to the
wrong conclusion.
Pkzip is a damn good compression routine that is not losse. To bad it
it not " one to one" what happens when you keep compressing a zipped
file to a new file.
While it some times gets larger. Gee I giess by your logic it must not
be a compressor. Gee what happens to the average random file when
you compress it with PKZIP. The anwser is it gets larger. But if you
only test low entropy files you may not be smart enough to know this
simple fact.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (Stefek Zaba)
Subject: Re: Cryptography Items and Issues
Date: Tue, 31 Aug 1999 13:31:48 GMT
In sci.crypt, JPeschel ([EMAIL PROTECTED]) wrote:
> Though it's been a quite a while, I seem to remember this sort of "backdoor"
> as fairly common, no matter what the crypto algorithm. Wasn't the techique
[ of fixing all but 40 bits of a blockcipher key ]
> once
> used by Netscape in the international versions of its browser?
Not in any sinister way: it was, and continues to be, the documented way in
which RC5 is weakened for export (prior to www.fortify.net 'ing :-) in
Netscape browsers; that is, for simplicity of coding, the key fed into the
RC5 implementation is 128 bits in length whether the "export" or "domestic"
mode is being used; but the "export" flavour has 88 of the 128 bits fixed.
At least, that's what my memory tells me I heard/read from usually reliable
sources was the case. Since version 3.x which introduced "step-up" crypto,
in which certs with a Magick Private Extension bit asserted caused the
browser to say "OK, let's abandon that SSL session we just set up with
espionage-enhanced keylengths and do a big meaty key instead", the issue
of implementation in the export versions got yet more complex - now the
binary has all the crypto algorithms embedded in it, but access to them
is controlled by the surrounding software in ways which - at least at the
time of export approval - were considered "strong enough". The existence
of Fortify demonstrates the weakness of such software-only controls, although
given the motivation and effort required to Fortify the browser (small, but
non-zero) it still keeps the amount of strongly-encrypted traffic lower
than a total abandonment of US export controls would produce.
Stefek
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: original source code for robert morris crypt.c circa 1970's
Date: Tue, 31 Aug 1999 06:25:22 -0700
Keith A Monahan wrote:
> Robert Morris, was that the father of Robert "Tap-in" Morris, the guy
> who wrote the internet worm back in '88 ?
Yep.
It was noted at the time that it was the same guy.
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
^^^^^^^ Burdening Microsoft with SPAM!
------------------------------
From: Nick Battle <[EMAIL PROTECTED]>
Subject: Re: Statue for Enigma hero
Date: Tue, 31 Aug 1999 12:52:43 GMT
> Able seaman Colin Grazier drowned in 1942
> after recovering codebooks from a U-boat
> enabling codebreakers at Bletchley Park - the
> forerunner of GCHQ - to continue reading
> enemy military communications encrypted by
> the German Enigma machine."
There's more information on the film "U-571" (a Hollywood version of
similar events) at http://members.tripod.com/Rose22/u571.htm
... it doesn't say whether Jon Bon Jovi drowns though. :-)
Cheers,
-nick
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: 512 bit number factored
Date: Tue, 31 Aug 1999 10:08:21 -0400
Bob Silverman wrote:
> In article <[EMAIL PROTECTED]>,
> Anton Stiglic <[EMAIL PROTECTED]> wrote:
> > > Your facts are confused.
>
> > > > Are you talking about RSA labs?
> > > > First of all, Pomerance (1982) came up with QS
> > >
> > > Try 1980.
> > >
> >
> > These are the refs I have for Pomerance QS:
> >
> > @InCollection{Po82,
> > author = "C. Pomerance",
> <snip>
>
> > What ref do you have that states 1980?
>
> (0) Carl Pomerance himself.
I don't think we should confuse date of real discovery with date a first
article
came out stating the discovery. There would be a big inconsistency if
scientist
started doing that. People should refer using the articles (a tech report if
necessary!).
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Hardware - Software Implementation of Pseudo Random Generators
Reply-To: [EMAIL PROTECTED]
Date: Tue, 31 Aug 1999 14:22:47 GMT
Markus Schneider <[EMAIL PROTECTED]> wrote:
: 1. Which hardware is best for high-speed LFSR-based keystream
: generation? [...]
You may find some of the following to be of interest:
http://www.ee.duke.edu/Research/VHDL_tutorial/lfsr.html
http://members.aol.com/vhdlcohen/vhdl/ (see the "lfsrstd" package).
http://www.iopsys.ru/benefit/sr/97SR-4VL.htm has some sample code for
a hardware LFSR generator.
http://www.alife.co.uk/links/random/ has links to a number of PRNG sites,
with an emphasis on hardware generation.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Death is the cure of all diseases.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Can we have randomness in the physical world of "Cause and Effect" ?
Reply-To: [EMAIL PROTECTED]
Date: Tue, 31 Aug 1999 14:27:38 GMT
Dave Knapp <[EMAIL PROTECTED]> wrote:
: matt wrote:
:> I am neither a physicist, but it believe that Chaos Theory provides for
:> true randomness, which is related to quantum mechanics.
: Chaos theory does not provide for true randomness. [...]
Indeed not.
: Quantum mechanics requires either true randomness or nonlocality [...]
...*or* many worlds.
While entirely deterministic and local MW models of quantum physics exist,
it would be extremely premature to claim that quantum physics supports the
idea that there are such things as "truly" random events in nature.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Press any key... no, no, NOT THAT ONE!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.lang.java.security
Subject: Re: Workshop in Paris on Watermarking and Copyright enforcement
Date: Tue, 31 Aug 1999 15:56:46 GMT
In article <[EMAIL PROTECTED]>, David Chase <[EMAIL PROTECTED]> wrote:
>> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
>> > As for your statement about "bogus claims, like compression programs
>> > that can supposedly compress every file." I think my compression method
>> > on "http://members.xoom.ecil/compress.htm" can compress every finite
>> > file that is not to large that the operating system can't handle it.
>
>Soeren Mors wrote:
>> Your use of the word compression is interesting to say the least. I
>> wouldn't call it compression if the file actualy got larger.
>
>"When I use a word, it means just what I choose it to mean - neither
>more nor less." (Humpty Dumpty)
>
>There's been a lot of that going around lately.
>
Even I being a non recreaational reader I appreciate Leis Carrol are there
any currnet writters on PAR with him?
Next time your under the foolish illusion that all compressors make all
files smaller. Use pkzip to compress a previous pkzip compressed file.
It gets longer. But you would call Pkzip a compressor would you not?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: What if RSA / factoring really breaks?
Date: 31 Aug 1999 15:05:40 GMT
David J Whalen-Robinson <[EMAIL PROTECTED]>writes, in part:
>Nobody is ready for that, but there are other algorithms to move to.
>(DES would still be secure, and there are public key alternatives not
>reliant on
>factoring.)
But DES is already insecure.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Which of these books are better ?
Date: 31 Aug 1999 15:36:44 GMT
JaeYong Kim" <[EMAIL PROTECTED]> writes in part:
>for both conceptional understanding and mathematical understanding..
>1. Applied Cryptography, Bruce Schneier
>2. Handbook of Applied cryptography, Menezes et al
>3. Cryptography: Theory and Practice, Stinson
If it's available as an export to your country, you should
really get the Dobbs crypto CD. The CD contains all
of the books you mention and a few more. It costs around
100 US dollars.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Which of these books are better ?
Date: 31 Aug 1999 15:34:30 GMT
I own all 3. Each has a purpose.
1 can be considered an intro text. You can learn a lot by reading it, but it
has a cut off point in details. Less math heavy than the other 2.
2 is a text working cryptographers consult as a reference. You are given
enough details to come up with designs yourself.
3 can be used as a textbook for a crypto class.
And any of these books can cover something the others do not or give a
different perspective, etc. They are all valuable.
Don Johnson
------------------------------
Date: Tue, 31 Aug 1999 11:54:12 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Hardware - Software Implementation of Pseudo Random Generators
Markus Schneider wrote:
> As Ph.D. student working in the area of stream ciphers I am
> interested in some implementation questions concerning pseudo random
> sequence generators. Maybe someone knows some references or can answer
> the following questions directly.
See Golomb, 1982, "Shift Register Sequences", Agean Park Press, ISBN
0-89412-048-4
> 1. Which hardware is best for high-speed LFSR-based keystream
> generation? What keystream rates can be obtained in hardware
> design?
In general harware speeds are controlled by clock frequencies and scaling
costs. If you are willing to pay the scaling costs (amount of hardware
per bit of LFSR) you can generate N new bits of a N-bit LFSR every clock
cycle or so.
If the cost silicon real estate is not an issue you need an N-bit register
and N XOR gates with as many inputs as there are taps. This arrangement
means the register does not have to be a shift register, merely a
collection of flipflops. In order to avoid inter-gate propogation delays
you need to avoid certain tap patterns, but you can use up to N/2 taps
without needing any delays.
> 2. What keystream rates are obtained usually, if the keystream
> generator is designed in software?
Software speeds are constrained by memory bus width and frequency. The
critical metric is Read-Modify-Write (RMW) cycle time.. For LFSRs with
few taps (T) you can reach RMW speed, in bps, divided by T. In the
special case where T=2 you get an additional factor of two yeilding full
RMW memory speed,
This assumes that each output word is filled with new bits of state for
the LFSR. Avoid implementations where an output word consists of the
previous word shifted one bit plus one new bit of LFSR state.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: WT Shaw temporarily sidelined
Date: 31 Aug 1999 15:55:49 GMT
>[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)writes:
>In article <[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] (JPeschel) wrote:
>> [EMAIL PROTECTED] (John Savard) writes:
>>
>>>But he is in the hospital, and IIRC he is of advanced age.
>>
>>I'd heard WT is in his fifties, and that better damn well not
>>be advanced age! :-)
>>
>>Anyway, I have a virtual vodka chilling for him in the ice-box.
>>
>>Joe
>>
>>
> Thats nice Joe But I have a real beer I can give him if I
>get to see him. None of that low octane diet virtual crap.
>Did you ever notice the recent studys saying how good alcohol
>is for ones health. He my actaully need a few beers.
>And I may have found the cure he needs. But it would
>help to know the problem first.
>
Sorry, Dave, that's the best I can do. Texas is quite a ways
from me, and ever since my car accident I need to hang on to all
of my real vodka.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
