Cryptography-Digest Digest #307, Volume #10 Fri, 24 Sep 99 07:13:04 EDT
Contents:
Re: Purdue's Large Number (Bob Silverman)
Re: Purdue's Large Number (Bob Silverman)
Re: EAR Relaxed? Really? (wtshaw)
Re: Relating cyrptology to factoring? ("Dann Corbit")
Re: Ritter's paper (wtshaw)
Relating cyrptology to factoring? (Jeffrey)
Re: Increasing password security dramatically without making it harder to
Re: Relating cyrptology to factoring?
Re: EAR Relaxed? Really? (Greg)
Re: Second "_NSAKey" (Greg)
Re: RSA 640 bits keys factored, French banking smart card system craked! (Johnny
Bravo)
Re: Schrodinger's Cat and *really* good compression (Bill Unruh)
Re: Mystery inc. (Beale cyphers) (sha99y00000)
Re: Schrodinger's Cat and *really* good compression (Bill Unruh)
ENIGMA: Turing's Treatise on Enigma (Frode Weierud)
Re: Schrodinger's Cat and *really* good compression (Mok-Kong Shen)
DES source code? (Jesper Gadeberg Jensen)
Re: RSA 640 bits keys factored, French banking smart card system craked! ("Sam
Simpson")
Re: Need good decryptionprog ("Steven Alexander")
Re: Increasing password security dramatically without making it harder to ("Lassi
Hippeläinen")
----------------------------------------------------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Purdue's Large Number
Date: Fri, 24 Sep 1999 02:18:50 GMT
In article <[EMAIL PROTECTED]>,
*@spam.ruud.org wrote:
> Peter Gunn <[EMAIL PROTECTED]> writes:
>
> > Bob Silverman wrote:
> >
> > And it couldnt really have been odd could it? ;-)
>
> It's also highly unlikely that 3^349 - 1 has 3 as one of its factors.
>
Yup!!!
Agreed.
The URL that was given pointed at a page which (at least at
one point in time) was devoted to discussing the factorization
of 3^349-1.
I checked my database and can find no Cunningham number with
3, 39341, 46591, 163245571 as factors.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Purdue's Large Number
Date: Fri, 24 Sep 1999 02:23:17 GMT
In article <[EMAIL PROTECTED]>,
*@spam.ruud.org wrote:
> Peter Gunn <[EMAIL PROTECTED]> writes:
>
> > Bob Silverman wrote:
> >
> > > In article <7satdt$p2v$[EMAIL PROTECTED]>,
> > > [EMAIL PROTECTED] (Dave Rusin) wrote:
> > > > In article <7samo2$kv4$[EMAIL PROTECTED]>,
> > > > John M. Gamble <[EMAIL PROTECTED]> wrote:
> > > > >"The number Purdue needs to factor is
> > > > >163790195580536623921741301545704495839
> > > > >239656848327040249837817092396946863513
.......
> > > >
> > > > Typo? Easily found factors of 3, 39341, 46591, 163245571
> > >
> > > 3^349 - 1 (this number) was finished a couple of years ago.
> > >
> > > Factored means fully factored and not just finding a few small
> > > factors.
> >
> > Far be it for me to argue with a crypto god but,
> >
> > 3^349-1 =
> > 3275803911610732478434826030934089916784\
> > 7931369665408049967563418479389372702642\
> > 4083130192984521610839436494151115942891\
> > 3793814775554594607776743489806125777475\
> > 8568082
> >
> > And it couldnt really have been odd could it? ;-)
Divide out the algebraic factor.
>
> It's also highly unlikely that 3^349 - 1 has 3 as one of its factors.
(3^349-1)/2 does indeed match to the first dozen or so digits
with the posted number. If the small factors that were claimed
to be found really are factors, then it appears that there must be a
typo in the decimal expansion of the number somewhere.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Thu, 23 Sep 1999 21:21:17 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
....
> FBI witness: I'm not going to say, but trust me.
>
> Judge: Case dismissed!
>
Just like one party imposing a NDA, the government has secret courts,
pocket judges, and places to put people for *national security reasons*.
If this sounds counter to constitutional ideas, it surely is. If it sounds
impossible to be so, you do are unaware of the real bastards that deal is
such corrupt practices.
When government stoops to criminal behavior in getting its way, we should
all be concerned. No one should be a dupe.
--
Note the latest ad from Apple reflecting the government's
philosophy that good computers should not be exported. It is
interests of our government foreign computers be vulnerable.
------------------------------
From: "Dann Corbit" <[EMAIL PROTECTED]>
Subject: Re: Relating cyrptology to factoring?
Date: Thu, 23 Sep 1999 20:02:12 -0700
Go here:
ftp://rtfm.mit.edu/pub/usenet-by-hierarchy/sci/crypt/Cryptography_FAQ_(06_10
:_Public_Key_Cryptography)
Start reading at question 6.6.
See also:
http://www.rsasecurity.com/rsalabs/faq/questions.html
and start at section 2.3
--
C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
"The C-FAQ Book" ISBN 0-201-84519-9
C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
Jeffrey <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I am currently researching cryptology out of personal interest as well
> as a trivial (small) project for school. And have become stuck upon the
> relation of cyrptoanalysis and factoring. I can not find any depth of
> information on how factoring numbers can break codes.
> What algorithms of encryption are effected by factoring? DES? RC5?
> And where can I find a more in-depth explanation of how factoring and
> the algorithms blend, what steps of the algorithms?
>
> Any web sites, books, articles, or general explanations would be very
> much appreciated.
> Jeffrey Elms
>
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Ritter's paper
Date: Thu, 23 Sep 1999 21:30:12 -0600
In article <7scm1o$nb6$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] () wrote:
>
> >Once one has a way to specify truly different ciphers based on extra
> >key bits, one could - by doubling the blocksize, and making the cipher
> >used to encipher one half depend on the contents of the other half of
> >the block - make the choice of cipher for a particular block data-
> >dependent.
>
...
> I do believe that "variability" is a valid method in cryptography. I
> see an analogy in nature where a lot of attack and defense of data
> structures takes place: the life forms that are most successful in
> relation to their complexity are viruses that continuously evolve. In
> this way they deny the attacker (from their perspective this is their
> host's defenses) a clear fix on what they do.
I like to take any *unfair* advantage in cipher construction. This would
include deception of many kinds. Such an attack-mode can steam-roll
sloth-like routine attackers.
--
Note the latest ad from Apple reflecting the government's
philosophy that good computers should not be exported. It is
interests of our government foreign computers be vulnerable.
------------------------------
From: Jeffrey <[EMAIL PROTECTED]>
Subject: Relating cyrptology to factoring?
Date: Thu, 23 Sep 1999 22:38:14 -0400
I am currently researching cryptology out of personal interest as well
as a trivial (small) project for school. And have become stuck upon the
relation of cyrptoanalysis and factoring. I can not find any depth of
information on how factoring numbers can break codes.
What algorithms of encryption are effected by factoring? DES? RC5?
And where can I find a more in-depth explanation of how factoring and
the algorithms blend, what steps of the algorithms?
Any web sites, books, articles, or general explanations would be very
much appreciated.
Jeffrey Elms
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: alt.security.pgp,comp.security.pgp
Subject: Re: Increasing password security dramatically without making it harder to
Date: 24 Sep 99 04:32:37 GMT
Thomas J. Boschloo ([EMAIL PROTECTED]) wrote:
: Instead of hashing the whole pass phrase, you hash the pass phrase with
: some random data appended. I think I'll patent it! It's a great idea and
: it is funny nobody thought of it before.
Surely you jest. This is called "salt", and was used in Unix password
files.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Relating cyrptology to factoring?
Date: 24 Sep 99 04:38:37 GMT
Jeffrey ([EMAIL PROTECTED]) wrote:
: I can not find any depth of
: information on how factoring numbers can break codes.
: What algorithms of encryption are effected by factoring? DES? RC5?
: And where can I find a more in-depth explanation of how factoring and
: the algorithms blend, what steps of the algorithms?
No, algorithms like DES, RC5, IDEA, or Blowfish can't be broken by
factoring.
However, using these algorithms alone, before you can send a secret
message to someone, you would have to walk to their home and give them a
secret key when no one was listening or watching.
A new type of cryptography, called "public-key cryptography", lets someone
prepare a key that lets you send them a short message (usually just a key
for regular encryption in DES, RC5, etc.) in a way that only they can
read, with a different key only that person knows. One of the methods of
this is called RSA, and *it* is the type of cipher that gets broken by
factoring, as is obvious from how it works.
John Savard
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Fri, 24 Sep 1999 05:41:53 GMT
> FBI witness: The file contained kiddie porn.
>
> Defendant: No, it didn't. It's just random bits I generated
> to hear what white noise would sound like.
>
> Attorney: FBI witness, by what means did you convert the
> file into kiddie porn?
>
> FBI witness: I'm not going to say, but trust me.
>
> Judge: Case dismissed!
Reno: You can't do that, your honor. We have the law
on our side now.
Judge: Oh.
Or did you think Reno was joking when she said this was a key
provision to her accepting the new export rules?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Second "_NSAKey"
Date: Fri, 24 Sep 1999 05:45:04 GMT
> > And finally, there is no explanation that can refute this one
> > scenario. Not one.
> Nonsense. Alternative explanations inconsistent with that
> scenario have been suggested. Maybe you mean, *you* won't
> give up that scenario no matter what.
Be my guest. Show me why the conspiracy theory to give
NSA a key CANNOT be correct. That is what I mean by refute.
Show that it CANNOT be correct.
Someone wanted a second key. It makes no sense that MS wanted
it, so someone else must have wanted it. And it has their name
on it. What else do you need?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Crossposted-To: alt.security.pgp
Subject: Re: RSA 640 bits keys factored, French banking smart card system craked!
Date: Fri, 24 Sep 1999 02:38:26 GMT
On Thu, 23 Sep 1999 21:32:34 -0400, "Dmitriy Morozov" <[EMAIL PROTECTED]>
wrote:
>I fully agree with you (actually, I gave approximations). But what I was
>wondering about is what this algorithm was, and why would it be faster
>(would it?) then just trying actuall number mod a number from the table (for
>smaller numbers, let's say all primes less then 100000). Isn't complexity
>(if this is the right word) of mod and multiplication the same?
It doesn't matter how fast the algorithm is if you can't ever use it to solve
the problem. Even if you could run your algorithm with 0 time per iteration
you still can't set up the tables you need before you can run it. :)
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Schrodinger's Cat and *really* good compression
Date: 24 Sep 1999 06:56:03 GMT
In <[EMAIL PROTECTED]> "Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
>But Schroedinger's cat is neither; it is a "thought experiment"
>that one could readily *actually perform*. There is no analogy
>being drawn, nor is it a metaphor for anything.
It is a thought experiment. It is not one that could be performed so as
to demonstrate that the cat was in a superposition. Schroedinger's point
was that it was absurd to think about a superpostion of an alive and a
dead cat-- ie it was a reductio ad absurdum. However, if one believes
that life is just a manifestation of the behaviour of a bunch of
molecules, then one could in principle do an experiment which would give
different results if the cat were in such a superposition.
(or rather if the cat, the box, and the sample were in such a
superposition. The cat itself would never be in Schroedinger's
experiment)
------------------------------
Date: Fri, 24 Sep 1999 08:03:47 +0100
From: sha99y00000 <[EMAIL PROTECTED]>
Subject: Re: Mystery inc. (Beale cyphers)
I can see that the majority of the later discussion has been over the
DOI, and of good use too, but there are larger amounts of area
undiscussed that I feel would be beneficial. Take the DOI further. I
think quite a few people have come to the conclusion that the DOI used
was most likely from a circular. The questions now arise from that are:
When, where and who actually coded the papers. Presumably the DOI would
appear around if not on the date of 4th July. This gives the possible
date of when the codes were written. Beale stayed at the Mr Morriss's
place from January and always left around April, way before and after
the 4th July, so were the codes compiled elsewhere. If they were
compiled elsewhere they may have also been done by somebody else.
The writer of the pamphlet (strong) maybe Mr Ward, but the writer
described within "The Beale Paper" is not the actual writer of the
pamphlet. Why put the full DOI in the pamphlet, let alone not mentioning
the differences encountered when deciphering with it.?
Why is #2, #2? It seems out of sequence. Wouldn't it have seemed more
appropiate as either #1 or #3? A few simple tests (these are noted in
earlier posts) have made come to the following conclussion:
#2 is coded different from the rest. #1 and #3 apear to be more complex
and have poss. gone through more than one stage of coding. #2 on the
other hand we know has only gone through one, and maybe only the first.
Is this a sign that #2 was coded in haste? Why? The original #2 was most
likely a map of the area. Beale, on later thinking, decided that this
may be unwise. Though trusting Mr Morriss, what if misfortune happened
upon Mr Morriss, and the box and contents fell into the wrong hands. The
map, which didn't have to be too clear, would lead to the locality of
the treasure, and eventually being found by trial and error.
The trust ability of Mr Beale. After finding all this gold and silver
goes back to hunting Buffalo. Doesn't read right. Their minds and
activity are distracted by finding all this gold and silver. They are
solely interested in getting as much as possible, then they just
disregard it and go back to hunting.
Can Gold and silver be found in large amounts together?
What is the purpose of the Office of Librarian of Congress? Why didn't
Mr Ward just publish?
sha99y
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Schrodinger's Cat and *really* good compression
Date: 24 Sep 1999 06:59:30 GMT
In <[EMAIL PROTECTED]> Mok-Kong Shen <[EMAIL PROTECTED]> writes:
>otherwise 'defined' cat) than we know from biology that at any
>time point it is either alive or dead. Further, a real-life cat also
We know nothng of the sort. What constitutes life and death is a much
debated point in biiology. There seems no fixed dividing line. ( heart
stopped?, lack of breath?, ....-- have you ever seen the experiment
where a goldfish was plunged into liquid nitrogen, and later thawed and
there it was swimming? Was it alive or dead when frozen?)
------------------------------
From: [EMAIL PROTECTED] (Frode Weierud)
Subject: ENIGMA: Turing's Treatise on Enigma
Date: 24 Sep 1999 06:50:36 GMT
Reply-To: [EMAIL PROTECTED]
My posting to the group yesterday seems to have been lost
in cyberspace at least it never made it back to me. I am
therefore reposting the release note of yesterday. If it
did make it to some servers I apologise for the waste of
bandwidth.
I have just released Chapter 3 of Turing's Treatise on Enigma.
Turing's Treatise on Enigma is available at:
http://home.cern.ch/~frode/crypto/Turing/index.html
Chapter 1, 2 and 6 will also be updated with corrections etc.
within the next few days.
Frode
--
Frode Weierud Phone : +41 22 7674794
CERN, SL, CH-1211 Geneva 23, Fax : +41 22 7679185
Switzerland E-mail : [EMAIL PROTECTED]
WWW : home.cern.ch/~frode
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Schrodinger's Cat and *really* good compression
Date: Fri, 24 Sep 1999 09:22:44 +0200
Bill Unruh wrote:
>
> In <[EMAIL PROTECTED]> Mok-Kong Shen <[EMAIL PROTECTED]> writes:
> >otherwise 'defined' cat) than we know from biology that at any
> >time point it is either alive or dead. Further, a real-life cat also
>
> We know nothng of the sort. What constitutes life and death is a much
> debated point in biiology. There seems no fixed dividing line. ( heart
> stopped?, lack of breath?, ....-- have you ever seen the experiment
> where a goldfish was plunged into liquid nitrogen, and later thawed and
> there it was swimming? Was it alive or dead when frozen?)
Then the experiment is much worse than it is thought to be. For,
if we are unable to determine whether a cat (in any environment,
including the normal one) is alive or not, then the experiment
serves NO purpose.
M. K. Shen
------------------------------
From: Jesper Gadeberg Jensen <[EMAIL PROTECTED]>
Subject: DES source code?
Date: Fri, 24 Sep 1999 09:14:30 GMT
Does anybody know were I can find the C source code for DES?? I was told
that an Australian named Eric Young, was suppose to have it but I
haven't been able to find it! Can anyone help?
Jesper
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: RSA 640 bits keys factored, French banking smart card system craked!
Date: Fri, 24 Sep 1999 10:13:53 +0100
Phew - at last a common sense, intelligent response in this thread!
A "general" (e.g. not of special form) 640-bit RSA key has not
publicly been broken - the most recent and largest break is 512-bits.
Regards,
--
Sam Simpson
Comms Analyst
http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
Johnny Bravo <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Thu, 23 Sep 1999 17:15:29 -0700, "Joseph Ashwood"
<[EMAIL PROTECTED]> wrote:
>
> >this is important because of the information that both primes were
320-bits, if one
> >were under 2^320 the other would have to be at least 2^321,
violating the
> >proposition of the second being 320-bits, this greatly reduces the
potential
> >numbers.
>
> Actually it reduces the number of primes by 1/2, but given the
huge number of
> primes it still doesn't give you any great advantage. Do you have
any idea how
> many base 10 numbers are exactly 320 bits long? 1.067993518e96,
more than the
> number of atoms in the known universe.
>
> >Add to this that we know that an overwhelming % of the time one of
> >two prime generation techniques was used (either 2^2^n+1 mod n, or
the
> >strong prime method given in p1363) and we can eliminate most of
the primes
> >even in the given category.
>
> You can't just cross them off the list, it is not physically
possible to
> construct such a list to eliminate these members from it. Even if
you could
> somehow represent each of these numbers with a single atom you
would
> run out of atoms in this universe long before you could actually
record them
> all.
>
> >> According to this fromula there would be 2^312
> >> (10^93) primes that are 320 bits long.
>
> >Your number includes all of the primes up to and including
320-bits, I will
> >admit though that the list is larger than 600, by a few orders of
magnitude.
>
> A few orders of magnitude? 91 is a bit more than a few. That
would be like
> saying that the Milky Way is only a few orders of magnitude bigger
than a
> hydrogen atom. You could say that the number of atoms in the
universe was 600
> and still be a trillion times more precise than your 600 primes
estimate for all
> the 320 bit primes.
>
> >The difference is still an absultely staggering number, due to the
fact that
> >each of the primes is in fact 320-bits, hence a number like 2, or
even
> >2^320-1 can not be a part of the solution.
>
> You just don't get it, each extra bit doubles the number of
primes. 2^320-1
> is indeed a 320 bit number. 2^320 - 2^318 is still a 320 bit
number. There are
> 2^319 base 10 numbers that are 320 bits long exactly.
>
> >I have serious doubts about your estimate of 2^8 or 256 non-prime
numbers less than 2^320,
>
> You can not add or subtract exponents to do addition and
subtraction.
> 2^320 - 2^312 is NOT = 2^8.
>
> 2^10 - 2^5 is NOT equal to 2^5. 1024-32 is NOT equal to 32.
You can add or
> subtract exponents to do multiplication and division, not regular
addition and
> subtraction.
>
> >I can easily count that many less than 514 (simply count the even
numbers except 2). I can
> >without much effort assert that there can be no more than 2^(n/2)
primes
> >less than or equal to 2^n, that's still a huge area, but if you
see the
> >above virtually all of the area can be ignored.
>
> The number of primes not exceeding x is asymptotic to x/log x.
This has been
> completely proven. A better fitting estimate is just a bit under
the proven
> maximum formula x/(log x - 1).
>
> It takes no effort to assert otherwise, but that's without proof.
According
> to your formula the number of primes less than 10^20 would be
exactly
> 10,000,000,000 primes.
>
> The prime number theorem formula gives an estimate of
> 2.,219,671,974,000,000,000 (rounded to 9 places)
>
> The actual number of primes less than 10^20 are already found and
documented.
> 2,220,819,602,560,918,840
>
> The theorem formula is under by about .05% of the total. Your
formula is under
> by 99.99999955% of the total. I guess your formula is very, very
wrong.
>
> >> What is this 600? And how are you going to create (in your life
time), and
> >> more of that store a list that has 2^312 320 bit entries in it?
> >As I said earlier, it would be far less than 2^312, and the viable
ones are
> >probably in the 2^40 range, which can be searched easily
>
> You have no idea how many primes there are. The 2^312 number is
the number of
> primes of 320 bits or less, the number of primes that is exactly
320 bits is
> 2^311. If you wish to continue this discussion, please use the
correct numbers.
>
> Johnny Bravo
>
------------------------------
From: "Steven Alexander" <[EMAIL PROTECTED]>
Subject: Re: Need good decryptionprog
Date: Mon, 20 Sep 1999 15:44:08 -0700
A program that is good for decrypting what? Learn what you want before you
ask questions.
-steven
JuDa$ <[EMAIL PROTECTED]> wrote in message
news:4yrF3.5088$[EMAIL PROTECTED]...
> Hi !
>
> Can somebody recommend a good decryption prog ?
>
>
------------------------------
From: "Lassi Hippeläinen" <"lahippel$does-not-eat-canned-food"@ieee.org>
Crossposted-To: alt.security.pgp,comp.security.pgp
Subject: Re: Increasing password security dramatically without making it harder to
Date: Fri, 24 Sep 1999 13:41:43 +0300
[EMAIL PROTECTED] wrote:
> Thomas J. Boschloo ([EMAIL PROTECTED]) wrote:
> : Instead of hashing the whole pass phrase, you hash the pass phrase with
> : some random data appended. I think I'll patent it! It's a great idea and
> : it is funny nobody thought of it before.
>
> Surely you jest. This is called "salt", and was used in Unix password
> files.
... and even if the idea were novel, it couldn't be patented any more.
Disclosing it in a newsgroup makes it public.
-- Lassi
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
