Cryptography-Digest Digest #180, Volume #10 Sun, 5 Sep 99 11:13:02 EDT
Contents:
Re: NSA and MS windows (SCOTT19U.ZIP_GUY)
Re: Description of SQ ("Kostadin Bajalcaliev")
Re: NSA and MS windows (SCOTT19U.ZIP_GUY)
Re: NSA and MS windows (SCOTT19U.ZIP_GUY)
Re: point of a cipher
Re: THE NSAKEY (Guenther Brunthaler)
Re: n-ary Huffman Template Algorithm (Alex Vinokur)
Re: point of a cipher ("Douglas A. Gwyn")
Re: point of a cipher (SCOTT19U.ZIP_GUY)
Re: arguement against randomness ("Douglas A. Gwyn")
Re: Description of SQ ("Douglas A. Gwyn")
Re: point of a cipher (SCOTT19U.ZIP_GUY)
Re: point of a cipher (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NSA and MS windows
Date: Sun, 05 Sep 1999 14:18:19 GMT
In article <7qssrm$hb8$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Bill Unruh)
wrote:
>In <7qsihm$ot5$[EMAIL PROTECTED]>
> [EMAIL PROTECTED] (David Wagner) writes:
>
>>They may not be, but regardless, it doesn't excuse claims that the
>>"_NSAKEY" lets the NSA spy on every Windows box around the world.
>>I haven't seen a single shred of evidence for claims like that.
>
>>(I realize you're not making those types of claims. I guess I'm just
>>disappointed with a lot of the reporting on this issue.)
>
>>If MS or the NSA have committed some sin here, so far it appears to
>>be at worst a minor one.
>
>I do not think you understand cryptography. The key point is that users
>are being forced to trust someone else when using something whose
>purpose is precisely to protect against betrayal of trust. It is the
>duty of the provider to convince the user that they can be trusted. In
>all other software, incompetence or maliciousness can usually be
>detected in the running or the output. Crypto is precisely something
>where you cannot see from the output whether or not the crypto is
>working.
>
>Ie, it is the company who must, beyond a reasonable doubt, prove itself
>trustworthy if they are to sell crypto, without source code so that the
>consumer can check for themselves. It is not the consumer who must prove
>lack of trust beyond a reasonable doubt.
>
>MS has committed a sin in not explaining beforehand exactly what their
>crypto api did and how it worked. They have compounded it by their
>idiotic defense of their actions, and their continued refusal to come
>clean.
>
>The whole point of crypto is trust, and they have destroyed that trust.
>
But the whole point of the Mcirosoft is to make gates stay the richest
man in the world. What you said is very true. But I have faith in the power
of the "SPIN DOCTORS". Look what they have done for Clinton. Here we
have a man that disgraced the office of the president like no other man
on earth. Surely these masters will convince the public to continue worship
at the altar of microsoft. I for one would like to use LInux on my next
machine. Its free and open source. But the masses want to be lead and
they feel obligated to pay for the prviledge of being lead.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: "Kostadin Bajalcaliev" <[EMAIL PROTECTED]>
Subject: Re: Description of SQ
Date: Sun, 5 Sep 1999 15:28:03 +0200
I agree with you, my point was somthing esle, that we can not use the
existance of one theory as a prove that other one is wrong, because theories
are somthing that should be proved itself.
Douglas A. Gwyn wrote in message <[EMAIL PROTECTED]>...
>Kostadin Bajalcaliev wrote:
>> ... Shannon theories are just theories nothing else, ...
>
>That shows a profound misunderstanding of the usage of the word
>"theory" in such contexts. Information theory, probability theory,
>group theory, etc. are organized bodies of knowledge, not "just
>theories" in the sense of "falsifiable hypotheses".
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NSA and MS windows
Date: Sun, 05 Sep 1999 14:27:22 GMT
In article <[EMAIL PROTECTED]>, Dave Salovesh <[EMAIL PROTECTED]>
wrote:
>In article <7qqgs3$oan$[EMAIL PROTECTED]>,
>"Roger Schlafly" <[EMAIL PROTECTED]> opined:
>
>>Maybe. Perhaps someone from the NSA suggested using a
>>backup key, and the MS programmers called it the NSA key.
>
>See <http://www.radium.ncsc.mil/tpep/process/faq-sect2.html#Q4>
>
>"The NSA is prohibited by the Computer Security Act of 1987 from
>attempting to directly address the needs of commercial systems."
>
Does this have the same legal validity as the FBI that was ordered years
ago to comply with turning over of all Waco evidence. Or does it have
any more meaning than the President telling the truth in a court. Of
course not. Laws that affect the NSA are only for the calming of the
public they have nothing to do with the actions of the NSA. People
who think the government makes laws for the government to obey
are fools. The government does what the fuck it wants regardless of
the laws that get in its way. Sure every so often something token
happens so that the masses think the laws mean something but
all laws mean is that if you lack money you are subect to them.
Wake up. Look what the Clinton gang has done they sold our
weapons technology to the Chinese for campaign money and Reno
sits on her ass doing nothing to punish the gang running the white
house.
Know tell me again how this law is going to mean shit to the
NSA which considers itself above any law.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NSA and MS windows
Date: Sun, 05 Sep 1999 14:36:21 GMT
In article <7qsu7i$[EMAIL PROTECTED]>, "Roger Schlafly" <[EMAIL PROTECTED]>
wrote:
>
>David Wagner wrote in message
><7qsihm$ot5$[EMAIL PROTECTED]>...
>>In article <7qs5q0$[EMAIL PROTECTED]>,
>>Roger Schlafly <[EMAIL PROTECTED]> wrote:
>>> I don't think MS is telling us the full story.
>>
>>They may not be, but regardless, it doesn't excuse claims that the
>>"_NSAKEY" lets the NSA spy on every Windows box around the world.
>>I haven't seen a single shred of evidence for claims like that.
>>
>>(I realize you're not making those types of claims. I guess I'm just
>>disappointed with a lot of the reporting on this issue.)
>>
>>If MS or the NSA have committed some sin here, so far it appears to
>>be at worst a minor one.
>
>You gotta admit that it is a tantalizing tidbit of info for the press.
>It links two of the great boogeymen of the net -- MS and NSA.
>People will believe any conspiracy about either of them, and
>this story has both. It is like finding out that Vince Foster had an
>affair with Janet Reno. <g>
>
>Why is there a big uproar over the recent revelations about
>pyrotechnics being used at Waco, when it is very unlikely that
>those pyrotechnics had anything to do with the big fire?
>It is because it is a smoking gun that shows that the govt
>has been lying and covering up facts about Waco. We don't
>like being lied to, and we wonder what they are still lying about.
>
Actually we are becomming like a banana repbulic ( no offenise
intended for those living in such places) people there expect there
governments to lie. I think the democrats created this whole
Clinton mess so that the public with the help of the liberal news
media would get the populace use to lying bastards in office
so that the breaking of laws and and trampling on our freedoms
will become the eccpted way of normal government processes.
I think the liberals with there lies have almost won. The public
really no longers cares about being lied to. I truely think Clinton
could rape in front of the TV cameras miss AMerica and then spin
it so it looked like he was doing her a favor and all the womans
groups would agree. OF cource congress would not have the balls
to lift a finger.
>Likewise, in the view of many, MS and NSA have too much
>power, are too secretive, and are not leveling with us. The
>"NSAKEY" is evidence of a link, and they are acting like kids
>who got caught with their hands in the cookie jar. Until MS
>documents CryptoAPI a little better, people are going to be
>suspicious.
>
Have some balls and don't tell the people to "WAIT FOR MS"
to fix or document something. That is a game microsoft has been
playing for years. THe time is right lets try to ge the masses to
move to OPEN SOURCE code like LINUX.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: point of a cipher
Date: 5 Sep 99 13:30:18 GMT
Tom St Denis ([EMAIL PROTECTED]) wrote:
: Now tell me where 'magical' compression methods come in. Either you know the
: key, and get the message, or you don't know the key and you only get random
: crap. I agree that compression helps remove redundancies, but it doesn't
: hinder brute-force or any other attack outisde of just trying to decompress
: what you guessed M could be.
Well, ciphertext-only attacks exploit partial knowledge of the plaintext.
This partial knowledge is the redundancy which compression suppresses.
Thus, one of the ways in which the DES-cracker built by the EFF is
configured to be used is to search for decrypted blocks where the first
two bits of each byte all have the same value.
Dave Scott's compression idea, "one-to-one compression" is intended to
totally frustrate a brute-force search. Normally, if a file is being
compressed using Huffman compression, the resulting file will consist of
any old number of bits. For transmission, it might be padded out to an
even number of bytes: then, some indication of how many bits of padding
are applied is needed.
Usually, this means that there is a way to check an attempted decrypted
file for validity; if we remove the bits claimed to be padding, do the
remaining bits end on a Huffman symbol, or in the middle of one?
Mr. Scott is trying to devise a method of Huffman compression which
removes this (very weak) opportunity for the attacker to narrow down the
space of possible keys. However, he is doing so at the price of
introducing other forms of redundancy, which I think are worse.
John Savard
------------------------------
From: [EMAIL PROTECTED] (Guenther Brunthaler)
Subject: Re: THE NSAKEY
Date: Sun, 05 Sep 1999 13:58:15 GMT
On Sat, 04 Sep 1999 03:48:41 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
>...
>THey get info every way they can. It is very
>silly to say the NSA doesn't need Micorsoft's help. THey don't need there
>help but they extend there fingers into anything with there thirst for
>power
>...
I know that David is flamed a lot in this newsgroup - and he certainly
is not always right - but it seems to me that he has a fairly good
overview over most cryptographic techniques, and I also share most of
his doubts concerning the security of many popular implementations of
cryptographic algorithms.
>I am very surprised you didn't know that.
I really doubt that a well-known, experienced and respected expert
such as Bruce Schneier actually does not KNOW this.
But as the president of an US-company that is dealing with
cryptography, he undoubtedly has to make at least some minor
provisions to government agencies, or they would shut down his company
one way or the other.
So Mr. Schneier has certainly to be very careful about what he's
saying, especially regarding alleged government intrusion attempts
into popular software (unless proven and verified already).
This does not mean that Mr. Schneier has to lie, but he may simply not
be able to express the whole range of his own considerations on a
public media such as a newsgroup.
And even worse, he could not even admit this fact publicly.
So, from this point of view, I think it is unfair to attack Mr.
Schneier on topics such as this one, because he has only limited
choices what to answer.
He is most likely to avoid responding to such attacks at all.
Greetings,
Guenther
--
Note: the 'From'-address shown in the header is an Anti-Spam
fake-address. Please remove 'nospam.' from the address in order
to get my real email address.
In order to get my public RSA PGP-key, send mail with blank body
to: [EMAIL PROTECTED]
Subject: get 0x2D2F0683
Key ID: 2D2F0683, 1024 bit, created 1993/02/05
Fingerprint: 11 71 47 2F AF 2F CD F4 E6 78 D5 E5 3E DD 07 B5
------------------------------
From: Alex Vinokur <[EMAIL PROTECTED]>
Crossposted-To: sci.image.processing,sci.math,alt.comp.compression
Subject: Re: n-ary Huffman Template Algorithm
Date: Sun, 05 Sep 1999 13:56:45 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
[snip]
> At this point I must wonder what do you actually intend to do with
> your (presumably generalized) Huffman encoding scheme in such (in my
> humble opinion fancy) 'worlds' at all. A normal Huffman encoding maps
> a sequence of symbols to a bit string such that the length of the bit
> string is minimal;
Template Huffman encoding does the same thing.
> this is useful in practice. What does your encoding
> scheme achieve?
The difference is that Template Huffman can use
not only numerical weights.
What is non-numerical weight?
That must be defined by user (if his problem requires such weights).
> Can you explain with some details?
Please see Test#8 in
http://alexvn.homepage.com/alexvn.html
Click : n-ary Huffman Template Algorithm
>
> M. K. Shen
>
Alex
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: point of a cipher
Date: Sun, 05 Sep 1999 14:18:11 GMT
Richard Parker wrote:
> However, I consider compression and all-or-nothing transforms as
> independent preprocessing steps from encryption.
One advantage to including them within the encryption process is
that some compression schemes have what are essentially aribtrary
choices (e.g. cos or sin), and these choices can be keyed by bits
of the cryptokey, which further interferes with some forms of
cryptanalysis.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: point of a cipher
Date: Sun, 05 Sep 1999 15:19:53 GMT
In article <7qsmal$67i$[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]> wrote:
>(this is addressed towards Dave Scott, but feel free to comment),
>
>The point of a cipher is to hide the contents of a message M with an
>encryption method E, and the key K. The goal is without knowledge of K,
>nothing of M can be derived from E_K(M) .
I may not anwser all your question I have a life you know.
But the point of a cipher is hide the contents of M. Actaully
the idea to me of encryption is to thid the message. And not only
hid it. But avoid the possiblity of an enemy altering the message.
Sure we hide it with E and we hope that K is such that it is hard to
guess but ciphers can be broken with out ever learn K. The focus
is hiding everythink about M and to prevent tampering with M period.
>
>Now tell me where 'magical' compression methods come in. Either you know the
>key, and get the message, or you don't know the key and you only get random
>crap. I agree that compression helps remove redundancies, but it doesn't
>hinder brute-force or any other attack outisde of just trying to decompress
>what you guessed M could be.
Magical compression "I assume you mean 'one to one' as I talk about.
Is compression that gives no information to the attacker. With many
compression methods the file sturcture is a give away. It may help some
one in brealking the code. IF an attacker guessed the wrong key. IF
the resulting file is not a valid compressed file then the attacker knows
the key is wrong. This elimintes many files from being the atual hidden
message. There is no reason to give this kind of info to an attacker. The
breaker may even be able to deduce something about the stucture of the
key used by seeing the sturcture of the resulting file that can't be
decompressed. What you fail to see is that the message encrypted
can be very complicated. The attacker should not be given free passes
by the result being an invalid compressed file. The attacker may not know
if the message was word format ascii format or a picture or a program.
Make the attacker word as hard as possible.
>
>You argue for 'all or nothing' but the thing is, from an outsiders point of
>view, either you know K or you don't. So either you get the message or you
>don't. No two ways about it. If the encryption algorithm sucks and you can
>find M without K, then yes you are right, but many ciphers have stood the
>test of time.
No honest person working with encryption can say that a cipher has stood
the test of time. I suppose in germany they felt during the war there ciphers
stood the test of time. The beauty of encryption is to make one use a cipher
"that has stood the test of time". The proper use of compression hinders
the attacker by forcing the attacker to use brute force methods. You want to
do anything you can to interfer with this. Forceing an attacker to look at
whole decrypted part goes a long way to slowing the attacker down. If
the attacker is not slowed and if the attacker needs to look at only a small
protion of the file it makes his job easier. IT is easy to slip in protions of
a choosen plain text attacker if at the encryption level the attacker knows
what is being encrypted. But if you use an adaptive compression method
like mine and the attacker can slip a line of text after line 54 of my message
to you. He has very little idea of what is being encrypted because
the compression routine changes that choosen plain text the bad guys
slipped in as a function of what occured previously in the file. So the plain
text attack is greatly hampered. It is for fear of plain text type of attacks
like above that I recommend two in both direction throught the file. That
way if the bad guys slip in the plain text as very first line it gets in the
way.
Just beasue a method seems secure by the plain text attacks of today
it dies not mean the NSA has does not have a better plain text attack
than what is currently known in the public domain. I try to look at things
firma an information point of view. I do not know what methods the NSA
and by know the CHINESE have for breaking. But I try to fo the extra
mile to hide any feature that an attacker can expliot. Like error recovery
I believe but can not prove this is a direct benifit to the NSA or CHINESE.
>
>So can you clear up how either 'magical compression' or 'w-pcbc' actually
>protect M from the attacker?
See above
>
>Another argument against w-pcbc is what if there is a burst error (say in a
>MPEG stream) do I want to lose the entire contents? (this plus it's slower,
>no more secure and awkwards should strongly suggest not to use it).
If the above concerns you and you feel safe don't use it.
>
>So tell me where you gain info from a CBC stream without knowledge of M or K?
If you recieve only one message and can't even guess the sturcture
of M so that there is zero knowledge of M then by defination you can't get
anything no knowledge of M at all implies the message could have been anything
including a random binary file. WHOSE entropy would be one per bit. So even if
your encryption just XORed every bit with the value of K over and over till
end of file I could not learn anything.
However this is not a real situation the attacker usually has some hooks.
Like he might guess that it really is a PKZIP file. Since he knows that is
what Fred sends to BILL. The attacker pretends his assumption is correct and
goes from there. It is not an easy game. One has to be every careful.
The main idea of encryption is to hid. The second is to prevent change.
To do this one most try to hid any structure at any level so that the attacker
has no hooks. I feel my compression is one such way. Suppose you use
RC4. The NSA or the CHINESE my have an easy break based from years
of computer analysiss of ascii text messages written in English or French
or whatever. IF you compress with my method especailly both directions
those years of analysis that may solve the problem for text go down the
tiolet hopefully.
>
>Tom
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: arguement against randomness
Date: Sun, 05 Sep 1999 14:26:13 GMT
Tom St Denis wrote:
> I am just thinking that something truly random must be created
> spontaneously, otherwise it's not truly random.... :(
It's not at all clear what you intend those terms ("something",
"truly random", "created spontaneously") to mean.
Randomness is more a property of a process than of a thing.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Description of SQ
Date: Sun, 05 Sep 1999 14:33:18 GMT
"SCOTT19U.ZIP_GUY" wrote:
> In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> >Kostadin Bajalcaliev wrote:
> >> ... Shannon theories are just theories nothing else, ...
> >That shows a profound misunderstanding of the usage of the word
> >"theory" in such contexts. Information theory, probability theory,
> >group theory, etc. are organized bodies of knowledge, not "just
> >theories" in the sense of "falsifiable hypotheses".
> Here is a comparsion that might make both of you happy in your
> own minds being the diplmat that I am. Theory is like what the
> word means to YOU when one talks about the "THEORY OF
> EVOULTION". There that example was meant to clarify.
No, and in another follow-up Kostadin repeats the same error.
The "theory of evolution" *is* falsifiable (in Popper's sense);
although there is considerable evidence in support of it, so far
as we know it is still possible for new, reliable evidence to be
produced that would contradict that theory. This is *not* the
case for mathematical "theories" such as the ones I mentioned;
whenever their axioms apply to a system, their conclusions about
that system are valid, and whenever their axioms do not match a
system, they have nothing to say about that system. But when
they apply, there is no question of their being overturned by
newly discovered facts.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: point of a cipher
Date: Sun, 05 Sep 1999 15:40:42 GMT
In article <7qtl1q$ppd$[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>> Tom St Denis wrote:
>> > The point of a cipher is to hide the contents of a message M with an
>> > encryption method E, and the key K. The goal is without knowledge
>> > of K, nothing of M can be derived from E_K(M).
>>
>> First of all, that is an overly restrictive view.
>> More accurate would be the goal of requiring an eavesdropper
>> to perform more work than is economically feasible in order
>> to have a significant chance of recovering the plaintext.
>
>You are right, but realistically I am right. If I give you a packet dump of
>say CBC Blowfish (and a 160-bit key) you will probably never read the message
>without guessing the key first.
>
>> As I've advised before, one should develop some practical experience
>> in cryptanalysis before trying to discuss its feasibility in any
>> particular case. In fact, I've cracked messages in some systems
>> without ever recovering the key. Precompression *does* hinder
>> cryptanalysis, because it obscures underlying statistical properties
>> of the source language that could otherwise be exploited. I don't
>> know why you even mention exhaustive keyspace search ("brute-force
>> attack"), because no competent cryptosystem designer is going to
>> choose a key so small as to make that attack feasible.
>
>The thing is if you can guess the input plaintext you can always compress
>that and compare against the ciphertext... a bit more complex but not
>impossible.
>
Tom I still think you miss the point of what he said. IF the message being
sent is ascii the attacker can use that fact in his analysis. IF you send
somthing that looks random it is hard to analyise. IF you are have a way of
getting the enenmy to insert plain text of your choice at line 57 of a one
hundred line file. Or if you know what line 57 is in ascii. You can use that
portion of the file to analyze. But if the file is compressed with methods
like mine. You have no idea of what that compressed portion of the file
looks like. And this makes it hell of a lot harder to ananlyze.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: point of a cipher
Date: Sun, 05 Sep 1999 15:32:11 GMT
In article <o1oA3.21146$[EMAIL PROTECTED]>, "Richard Parker"
<[EMAIL PROTECTED]> wrote:
>Tom St Denis <[EMAIL PROTECTED]> wrote:
>> So can you clear up how either 'magical compression' or 'w-pcbc'
>> actually protect M from the attacker?
>
>It is not uncommon to perform compression on a message before
>encryption. I believe that the goal of David Scott's modifications to
>Huffman compression is to produce an algorithm for which any input
>sequence is not only an acceptable input for decompression, but also
>the same sequence that would be output by compressing the
>decompression. This property presumably increases the work factor of
>a brute force ciphertext-only attack because the attacker can't
>validate a trial decryption by simply testing to see if the trial
>decryption is a valid input sequence for the decompression algorithm.
>
>David Scott is using "w-pcbc" as an all-or-nothing transform (AONT).
>It is my understanding that his primary motive for incorporating an
>AONT into his cipher is also as a method of increasing the work factor
>of a brute force attack, since an AONT requires the attacker to decode
>the entire ciphertext for each trial decryption.
>
>> Another argument against w-pcbc is what if there is a burst error
>> (say in a MPEG stream) do I want to lose the entire contents?
>
>Naturally an all-or-nothing transform produces an output that is
>vulnerable to errors. David Scott argues that reliable transmission
>should be considered independent of encryption, and I agree with him.
>
>However, I consider compression and all-or-nothing transforms as
>independent preprocessing steps from encryption. It is simpler and
>cleaner to enhance resistance to brute force search by just increasing
>the keyspace.
I agree that compression is a separate step. I am sugguestting
to use it prior to encryption. Also I feel that in most cases the AONT
can be considered as a separate step. If I where to use any of
the AES candidates I would use them that way. Compression
is not in any of my ciphers yet. It is in the one my son and I use.
But even there it is totally seperated from the encryption.
but the AONT is not easily seperated from my encruption method
it is just inherint in my method.
>
>Rather than incorporating compression, an AONT, and an encryption
>algorithm to form a super-cipher as David Scott has done, I prefer to
>consider these as separate modules, each chosen with different
>criteria that depend on the overall application. For example, in a
>particular application one might choose a compression algorithm that
>is adapted to a particular data set, choose to use an AONT because the
>application is vulnerable to related-message attacks, select an
>encryption algorithm based on speed and security, and then use a
>error-correction method that can handle the expected error-rates of
>the transmission channel.
>
>-Richard
Thanks Richard
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
