Cryptography-Digest Digest #212, Volume #10 Thu, 9 Sep 99 18:13:05 EDT
Contents:
What was the debugging symbol of the third Windows key? (Alex)
Re: Difference between Encryption and scrambling..? (Padgett 0sirius)
Re: Random and pseudo-random numbers (Mok-Kong Shen)
Re: Random and pseudo-random numbers (Mok-Kong Shen)
Re: Random and pseudo-random numbers ("Richard Parker")
Re: NSAKEY as an upgrade key (Was: NSA and MS windows) ("Thomas J. Boschloo")
Re: Difference between Encryption and scrambling..? (Paul Koning)
Re: "NSA have no objections to AES finalists" (pbboy)
Re: GnuPG 1.0 released ("Paul Pires")
Re: Digital Certificates and Authentication (David A Molnar)
Re: some information theory (Tom St Denis)
Re: "NSA have no objections to AES finalists" (Tom St Denis)
Re: _NSAKey ([EMAIL PROTECTED])
Re: some information theory (Anton Stiglic)
Re: Difference between Encryption and scrambling..? (John Savard)
some coder/hacker help please? (Tom St Denis)
Re: Difference between Encryption and scrambling..? (John Savard)
NSAKEY as an upgrade key (Was: NSA and MS windows) (Larry Lee)
Re: MUM III (3 Way Matrix Uninvertable Message) (John Savard)
Re: DES and initial permutation (John Savard)
----------------------------------------------------------------------------
From: Alex <[EMAIL PROTECTED]>
Subject: What was the debugging symbol of the third Windows key?
Date: 09 Sep 1999 15:25:39 -0400
Hi.
Just out of curiosity, what was the debugging symbol of the third key in
the Windows crypto routines? It does not seem to be mentioned in the
original announcement.
Alex.
--
If cars were like computers, they would go 300 m.p.h. and get a hundred
miles to the gallon and cost $50. Except that twice a month someone a
thousand miles away would be able to blow up the car, killing everyone
nearby.
------------------------------
From: [EMAIL PROTECTED] (Padgett 0sirius)
Subject: Re: Difference between Encryption and scrambling..?
Date: Thu, 9 Sep 1999 13:13:03
Have always thought of "scrambling" as keyless algorithmic transformations
while encryption isn't.
A. Padgett Peterson, P.E. Cybernetic Psychophysicist
http://www.freivald.org/~padgett/index.html
to avoid antispam use mailto:[EMAIL PROTECTED] PGP 6.0 Public Key Available
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Random and pseudo-random numbers
Date: Thu, 09 Sep 1999 20:11:25 +0200
Eric Lee Green wrote:
>
> Yarrow burrows into the innards of Windows to grab entropy. /dev/random
.........
Could someone tell what is the rough demand of random bits (per
unit of time) for generating session keys in certain typical
environments, e.g. for a small office, for a branch of a bank,
etc.? I like to know the order of magnitude of such values.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Random and pseudo-random numbers
Date: Thu, 09 Sep 1999 20:11:37 +0200
[EMAIL PROTECTED] wrote:
>
> Here's a weird suggestion. Encrypt messages through two layers of
> encryption, each one secure enough for the application. Use the
> halfway-enciphered messages as input to the PRNG! Thus, message text is
> safely (?) used as a source of randomness!
This is not weird. You can let a PRNG to dynamically control a
block encryption process and let certain bits derived during
processing of the current block to affect the PRNG output (e.g.
through skipping of a number of its outputs as is done in my
humble design WEAK3-EX) and hence the processing of the next block.
When one chooses to combine stream and block encryption and not
exclusively do the one or the other, one sees there are abundant
opportunities of doing things in novel ways and that quite naturally.
M. K. Shen
==========================================
http://home.t-online.de/home/mok-kong.shen (new addr.)
------------------------------
From: "Richard Parker" <[EMAIL PROTECTED]>
Subject: Re: Random and pseudo-random numbers
Date: Thu, 09 Sep 1999 15:52:22 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> There is (so far as I know) no POSIX-standard true-random generator.
> You can attach a hardware RNG to a serial port, for example, and fetch
> however many random bits you need when you need them; or, if all your
> systems are attached to a net, they could fetch random bits from some
> random bit server that has the appropriate hardware. I think there's
> even a publicly-accessible Internet site serving random bits, if you
> want to trust it.
I am familiar with an internet site called "HotBits" that may be the
site that you remember. It provides random numbers generated by the
detection of the beta decay of Krypton-85 by a Geiger-M�ller tube
detector. Here is the URL:
HotBits: Genuine random numbers, generated by radioactive decay
<http://www.fourmilab.ch/hotbits/>
-Richard
------------------------------
From: "Thomas J. Boschloo" <[EMAIL PROTECTED]>
Subject: Re: NSAKEY as an upgrade key (Was: NSA and MS windows)
Date: Thu, 09 Sep 1999 18:38:50 +0200
"Trevor Jackson, III" wrote:
>
> Thomas J. Boschloo wrote:
>
> > "Trevor Jackson, III" wrote:
> > >
> > > [EMAIL PROTECTED] wrote:
> > >
> > > > Thomas J. Boschloo ([EMAIL PROTECTED]) wrote:
> > > > : Microsoft's explanation "Why is a backup key needed?" is bogus (they
> > > > : claim it would be needed for when the building in which it is kept is
> > > > : destroyed by a natural disaster, LOL).
> > > >
> > > > Well, while keeping two copies of the key would solve that, two copies of
> > > > the same secret key won't help if one key is _compromised_. For that, a
> > > > second key, to which the corresponding secret key is stored _elsewhere_,
> > > > would serve a useful backup function.
> > >
> > > This only makes sense if there is a revocation mechanism for the primary
> > > key. Do you see such a mechanism?
> >
> > MS could issue a patch when the first key was compromised.. They do that
> > all the time ;-)
>
> OIC. They could issue a patch. But if the backup key were not available they
> could _not_issue a patch? Are you serious?
MS could issue a patch that disabled the first key in Windows. They can
do anything. Allowing controls signed with the first key would not be an
option, since the key was compromised.
Thomas
--
AMD K7 Athlon 650 Mhz! <http://www.bigbrotherinside.com/#help>
PGP key: http://x11.dejanews.com/getdoc.xp?AN=453727376
Email: boschloo_at_multiweb_dot_nl
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Difference between Encryption and scrambling..?
Date: Thu, 09 Sep 1999 14:05:17 -0400
Nicol So wrote:
>
> Jae-Yong Kim. wrote:
> >
> > scrambling seems to be very similar to stream cipher..
> > and I heard in some books, object of scrambling is make frequent transition
> > between 1 and 0 bit, and make frequency distribution of signal easy to
> > transmit.. hmm do I choose correct newsgroup..?
> > but someone say scrambling can hide information from evesdropper, and used
> > in millitary communication..
> > I wanna know exactly what difference is between scrambling and encryption.
>
> I don't think there is a context-independent distinction between the
> term "encryption" and "scrambling".
I agree.
Encryption definitely means: "doing something to the data so that
it is very hard for eavesdroppers to find out what you sent".
Scrambling can be a synonym for encryption; the example Kim gave
is one, as is "cable tv scrambling". Often that refers to
encryption operating in the analog domain, or at least on
data whose source form is analog ("voice scrambling").
The other use of the term "scrambling" refers to a quite
different purpose, and is found in digital data transmission
systems. There, it means performing a simple (not secret)
transformation on the data to avoid having long runs of zero
bits, or one bits, or whatever problem of that sort you don't
want to have. SONET is an example of a transmission scheme
that uses this: they send the binary data simply as light on or
light off, which means you have to avoid long runs of 0 or 1
because then you have no edges, and your PLL loses sync.
Solution is to XOR the data with the output stream from a very
simple LFSR.
paul
--
!-----------------------------------------------------------------------
! Paul Koning, NI1D, D-20853
! Xedia Corporation, 50 Nagog Park, Acton, MA 01720, USA
! phone: +1 978 263 0060 ext 115, fax: +1 978 263 8386
! email: [EMAIL PROTECTED]
! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "The only purpose for which power can be rightfully exercised over
! any member of a civilized community, against his will, is to prevent
! harm to others. His own good, either physical or moral, is not
! a sufficient warrant." -- John Stuart Mill, "On Liberty" 1859
------------------------------
From: pbboy <[EMAIL PROTECTED]>
Subject: Re: "NSA have no objections to AES finalists"
Date: Thu, 09 Sep 1999 15:03:48 -0400
Area 51 is closed. They moved to an undisclosed location.
Derek Bell wrote:
> [EMAIL PROTECTED] wrote:
> : Good lord David. You are so paranoid and eager to attack anything
> : related to the AES that you are reading stuff into plainly written
> : statements. It says absolutely nothing about the government using
> : AES for classified data.
>
> Must be Elvis and the space aliens beaming microwaves at him from Area
> 51 again!
>
> Derek
> --
> Derek Bell [EMAIL PROTECTED] | Socrates would have loved
> WWW: http://www.maths.tcd.ie/~dbell/index.html| usenet.
> PGP: http://www.maths.tcd.ie/~dbell/key.asc | - [EMAIL PROTECTED]
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: GnuPG 1.0 released
Date: Thu, 9 Sep 1999 12:47:33 -0700
JPeschel wrote in message <[EMAIL PROTECTED]>...
<Small snip>
>I don't think the NSA especially wants people to use PGP, Blowfish,
Scottxx,
>or,
>for that matter, any encryption. Makes one of their jobs harder. There
>other job, however, is to ensure national security, for instance, the
>security of a banking system used world-wide. It seems to me it would
>be a tad foolish for the NSA to endorse any system that it knew it could
>break: the intelligence organizations of other countries may have the same
>capability.
>
>That said -- I think a lot of folks overestimate the cryptanalytic prowess
of
>the NSA, making it a cryptographer's bogeyman.
>
>Joe
Glad to hear some common sense!
I'd like to add that these folks (NSA) are an organization that,
unfortunately, can influence policy for their own vested interest. Many
people think this is wrong and evil and therefore ascribe the properties of
"evil" to these bureaucrats when speculating about their actions or
intentions. This is lazy thinking and the only thing it accomplishes is this
vague acceptance of conspiracy.
I don't think this situation can be addressed without re-writing their
charter. So I guess we'll just have to settle for viewing anything they do
with a certain amount of skepticism as we would anyone who had a secret
agenda and fairly autocratic notion of their duty to carry it out.
Thank you,
Paul
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Digital Certificates and Authentication
Date: 9 Sep 1999 19:00:34 GMT
[EMAIL PROTECTED] wrote:
> This may be a dumb question, but let's say you have a system that server
> that requires authentication to access. My question is, if the
> authentication process uses Digital Certificates, do you need to deal
> with passwords? Since you can verify a Digital Certificate for
> authenticity, why bother with a password?
You don't *need* to deal with passwords, since posession of the cert is
good enough. Even so, if the cert is lying around on your hard disk, you
may still want a password as a 'backup'.
You might use the password as a key to your certificate. This is what
my copy of Netscape does -- on startup, it asks me for the password to
start using my cert. That way you only need one password.
-David
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: some information theory
Date: Thu, 09 Sep 1999 19:48:09 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Anti-Spam <[EMAIL PROTECTED]> wrote:
>
> Why limit your discussion to a particular compression algorithm?
>
> : Compressing data/files prior to encryption with a cipher system does not
> : alter the frequency of the SYMBOLS encoded in the compressed data/file
> : relative to their original frequencies in the uncompressed file/data.
>
> It will with most types of compression.
Not with statistical coders like huffman. It will with dictionary coders
though.
> : Compressing prior to encrypting does not permutate the order of the
> : SYMBOLS encoded in the compressed data/file relative to their original
> : order as encoded in the uncompressed file/data.
>
> Certainly it can do. This can be the best way of compressing the data.
The symbols in the compressed message are still in order unless you use a BWT
(block-sorting) style coder. most of the time DEFLATE is used.
> : First, Compressed data is NOT necessarily random data.
>
> If your compressed data is distinguishable from randomness, you're using
> a sub-optimal compression scheme.
If your compressed file is random it can't expand into anything real. Note
that the compressed stream is as a random as the input message. It can't be
any more/less random.
> : Many of us assume the compressed form of a file is "equivalent" in some
> : form to true random data. It is not.
>
> It certainly /should/ be - or your compression algorithm is likely to
> be behaving sub-optimally.
Try finding the average spacing for symbols (order 0) and you will see it's
rarely even (for byte symbols it should be around 256). That's one way to
'detect' compressed files (this works with LHA and PKZIP).
> : Compressed files will not pass statistical tests for random bit streams.
> : A compressed file is non-random.
>
> Speak for your own compressed files ;-)
Have you tried testing the files for 'randomness'. Again the compressed
stream is about as random as the input. Think of a hash of 1MB of constant
zeros... is there 1MB of 'random' data ... I think not. Now think of 100
bytes of english (at 1.3bits/char) that is about 130 bits (not 800 bits) of
information. True the entropy 'per byte' is higher but the entropy 'per
message' is not.
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: "NSA have no objections to AES finalists"
Date: Thu, 09 Sep 1999 19:37:48 GMT
In article <7r8ncv$1lpa$[EMAIL PROTECTED]>,
Derek Bell <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> : Good lord David. You are so paranoid and eager to attack anything
> : related to the AES that you are reading stuff into plainly written
> : statements. It says absolutely nothing about the government using
> : AES for classified data.
>
> Must be Elvis and the space aliens beaming microwaves at him from Area
> 51 again!
I wonder if he ate paint chips as a kid?
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: _NSAKey
Crossposted-To: talk.politics.crypto
Date: 9 Sep 1999 16:00:24 -0400
In sci.crypt Bill Unruh <[EMAIL PROTECTED]> wrote:
> In <eOxdlKH##GA.273@cpmsnbbsa03> "Microsoft Mail Server" <[EMAIL PROTECTED]>
>writes:
>>good point, the assumtion that the government is vile, devious, sinless, and
>>above the law has been created from single examples of deviant individual
>>misbehavior on the part of selected events.
> ?? Of course the examples are "selected". To show that the agents of the
> government can misuse their power, you select examples where that power
> has been misused.
The idea behind the US constitution was to make a change. Instead of a
government with powers which it exercises (the right to search individuals
ad libitem as the British did) and THEN, in those cases where it is
abused, investigate ... the idea is that the government does not HAVE the
authority in the first place ... the constitution specifies what little
powers the government does have (in the case of searches, the requirement
is for a specific item for which the search is allowed and a specific
location and specific information as to what justifies the search ...
which has become "some sort of information in his place of business or
residence that our informer says may be there"):
For example, the right to control interstate commerce so that NY can't ban
NJ products or make its ports only available to its own goods ... of
course, modern thought accepts that growing marijuana in your backyard can
be regulated under this provision (one says the "magic phrase" "interstate
commerce" and passes a law regulating whatever) (this gives the
legislature power).
The right for the government to raise taxes for its programmes. So ... the
government can impose a rather high tax, collect millions of dollars from
a state in taxes for road repair and other programmes ... and turn around
and say "thanks for the money ... there are some laws we want you to pass
... if you don't pass the local laws, we're gonna keep the money." (this
gives the executive branch the power of a fiscal gun to enact laws).
In the "modern" world the government does have powers ... many more than
are granted in the constitution -- the Supreme Court has held that the
constitutional limits must be "interpreted" for the modern world.
Unfortunately, we are "educated" and told that the constitution is the law
of the land ... that the government does not have this or that power. It
does. We are now in the position of investigating abuses of power rather
than limiting the power in the first place.
If you rely on your education as to what the government can do rather
than, as Mayor Giuliani of NYC has called it, the "real world"(*) -- you
demand that the government not have the power in the first place -- the
reality is different.
(*) With regards to a march which was proposed by an organization which
the mayor did not favour and whose speeches at prior marches were
inflammatory, the mayor simply banned it. When the court held that the
mayor could not ban a meeting or rally simply by prejudging what might be
said or hating and disagreeing with it, the Mayor responded that the judge
was living in some sort of academic/ideal world in the clouds where people
could say what they wanted, but he had to rule a city in the real world
and in the real world, that was nonsense.
(it reminds me of the phrase "the real world" used by NYC police officers
while using a cattle prod on a suspect ... when he asked them to stop and
for a lawyer, they asked if he thought this was some television show ...
no way ... this is the "real world.")
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: some information theory
Date: Thu, 09 Sep 1999 17:15:57 -0400
>
If your compression function is known, then you have no advantage in
compressing for what concerns entropy, the entropy will be the same.
You can convince yourself of this easily, entropy is a mesure of certainty
of the output of a source, just compress that output and you get a source
that outputs compressed data, beeing able to predict one implies you can
predict the other.
In most crypto algorithms that use a compression function, the function
is known, or easily deduced (if it is an existing one, it can be found). If the
compression function is unknown it's most likely that it has been kept secret
(but if you can exchange a compression function in secret, why not exchange
the secret itself or a one time pad).
That's the bottom line.
Anton
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Difference between Encryption and scrambling..?
Date: Thu, 09 Sep 1999 19:51:50 GMT
Paul Koning <[EMAIL PROTECTED]> wrote, in part:
>> Jae-Yong Kim. wrote:
>> > and I heard in some books, object of scrambling is make frequent transition
>> > between 1 and 0 bit, and make frequency distribution of signal easy to
>> > transmit.. hmm do I choose correct newsgroup..?
>Scrambling can be a synonym for encryption; the example Kim gave
>is one, as is "cable tv scrambling".
>The other use of the term "scrambling" refers to a quite
>different purpose, and is found in digital data transmission
>systems. There, it means performing a simple (not secret)
>transformation on the data to avoid having long runs of zero
>bits, or one bits, or whatever problem of that sort you don't
>want to have. SONET is an example of a transmission scheme
>that uses this: they send the binary data simply as light on or
>light off, which means you have to avoid long runs of 0 or 1
>because then you have no edges, and your PLL loses sync.
>Solution is to XOR the data with the output stream from a very
>simple LFSR.
I think, though, that the other use that you correctly mention was
actually an "example" Mr. "Kim gave", as can be seen by the part of
what Jae-Yong Kim wrote that I left quoted. It's useful to also point
out that the term "scrambling" is sometimes used for encryption, weak
or otherwise, as well.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: some coder/hacker help please?
Date: Thu, 09 Sep 1999 20:15:13 GMT
I have (as everyone knows) released PeekBoo ([1]). I have just put out a
'v1.3' which addresses some errors (security wise) that I have found. I
would like however others to attack it as well. The program unfortuneatly is
limited to symmetrical encryption but it serves it's purpose well. Basically
I want to try and find any memory 'leaks' where key bits or password bits are
left in memory and the like.
[1] The program and source code can be found at
http://people.goplay.com/tomstdenis/pb.html
I know there are good crypto/coder/hacker people out there, and I would
appreciate any feedback. Also are there any good compact number libraries (I
can only find LIP which compiles...) I need one in normal C. LIP doesn't
compile with LCC-WIN32 though (only gcc 2.8.1) ... any pointers?
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Difference between Encryption and scrambling..?
Date: Thu, 09 Sep 1999 19:47:36 GMT
Nicol So <[EMAIL PROTECTED]> wrote, in part:
>Jae-Yong Kim. wrote:
>> scrambling seems to be very similar to stream cipher..
>> and I heard in some books, object of scrambling is make frequent transition
>> between 1 and 0 bit, and make frequency distribution of signal easy to
>> transmit.. hmm do I choose correct newsgroup..?
>> but someone say scrambling can hide information from evesdropper, and used
>> in millitary communication..
>> I wanna know exactly what difference is between scrambling and encryption.
>I don't think there is a context-independent distinction between the
>term "encryption" and "scrambling".
>In the world of satellite and cable TV, an *artificial* distinction is
>drawn between the two. In that context, "scrambling" is used to refer
>the processes that actually transform the signal or transport packets
>into an unintelligble form.
You're correct that the term "scrambling" is sometimes used simply as
a less-technical or less threatening term for encryption. But modems,
for example, do scramble the bits they transmit for the reasons the
original poster mentioned above, to prevent long runs of 0 or 1. And
in this case, the scrambling is _not_ encryption, since the sequence
the data is XORed with is _fixed_, and its nature is public, not
controlled by any secret key.
Thus, in the context he mentioned in his post, "scrambling" does have
a meaning different from encryption.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Larry Lee)
Subject: NSAKEY as an upgrade key (Was: NSA and MS windows)
Date: 9 Sep 1999 19:17:40 GMT
With all the excitement over the NSAKEY and breaking the 512 bit key,
I figured I lurk here awhile and see what the big boys thought. Ha!
With respect to the NSAKEY, there seem to be two plausible explanations
1) Never attribute to malice what can be explained by stupidity.
Microsoft put it in for testing or some unimplemented and long forgotten
project and left it in because no one is sure why its there and is afraid
they'll break something if they take it out.
OR
2) Andrew Fernandes has correctly identified its real use, it is a second
key which is intended to be overwritten by the end user before it is
used by private applications.
With respect to the 512 bit key
Researchers have broken the 512 bit key with 7 months of non-dedicated
computer time and a final burst of effort on a big matrix machine.
I don't understand the process and don't really care.
What is of interest though, is that if a 512 bit composite number
can be factored, then factoring Microsoft's 128 bit composite number
ought to be much simplier perhaps on the order of days or weeks.
Microsoft's release cycle is several years long, so the useful life
of the 128 bit key that's burned onto the CDROM must be many years.
Why would anyone believe that the NSA, Hackers'R'US, or the Chinese
government haven't factored the number and aren't issuing their own
certificates. The benefits resulting from the effort would last for
years.
Comments?
Larry
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: MUM III (3 Way Matrix Uninvertable Message)
Date: Thu, 09 Sep 1999 21:54:36 GMT
[EMAIL PROTECTED] (John Savard) wrote, in part:
>I think someone recently asked about just that method, the Shamir
>three-pass protocol, but implemented with matrix multiplication
>instead of exponentiation.
Bad memory, It was you - but the last time it was a matrix algebra
version of Diffie-Hellman.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: DES and initial permutation
Date: Thu, 09 Sep 1999 19:59:51 GMT
Jim Gillogly <[EMAIL PROTECTED]> wrote, in part:
>What's <your> favorite theory?
Theory 5: The Initial Permutation, and Permuted Choice I, and the
convention that the LSB rather than the MSB of key bytes contains the
parity bit, would make it harder for someone unfamiliar with the DES
algorithm to deduce that algorithm from using a DES device with a
variety of input blocks and keys.
At some point, during the design of DES, it may not have been clear
that the internals of this algorithm would be made public.
This didn't even have to involve a dodge to get NSA approval of its
security, or anything else conspiratorial: maybe IBM just planned to
use it commercially, before the idea of submitting it as a standard
came up, and there was no opportunity to prune these things from the
design at the last minute.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
