Cryptography-Digest Digest #312, Volume #10 Fri, 24 Sep 99 21:13:03 EDT
Contents:
Re: Decryption --Help!!! ("Douglas A. Gwyn")
Re: EAR Relaxed? Really? ("Douglas A. Gwyn")
Re: RSA 640 bits keys factored, French banking smart card system craked! ("Douglas
A. Gwyn")
Re: Another bug RE: CryptAPI ("Douglas A. Gwyn")
Re: RSA 640 bits keys factored, French banking smart card system craked! (Johnny
Bravo)
Re: low diffie-hellman exponent (DJohn37050)
Re: Relating cyrptology to factoring? (JPeschel)
XTEA Keys ("Gary Partis")
Re: Relating cyrptology to factoring? (Tom St Denis)
Re: Relating cyrptology to factoring? (Tom St Denis)
Re: some information theory (very long plus 72K attchmt) (Tom St Denis)
Re: frequency of prime numbers? ("Douglas A. Gwyn")
Re: Proving cipher strength (John Savard)
Re: RSA 640 bits keys factored, French banking smart card system craked! (Your Name)
Re: frequency of prime numbers? ("Douglas A. Gwyn")
Re: some information theory (very long plus 72K attchmt) (John Savard)
Re: Another bug RE: CryptAPI (Eric Lee Green)
Re: Proving cipher strength (Johnny Bravo)
Re: EAR Relaxed? Really? (Johnny Bravo)
Re: Increasing password security dramatically without making it harder to
remember (Dave Howe)
Re: RSA weak? (Tom St Denis)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Decryption --Help!!!
Date: Fri, 24 Sep 1999 20:22:08 GMT
Jim Gillogly wrote:
> Must be some oddity in the sample.
Also, "mrs" at 2591 hits.
> That leads me to suggest that you draw your own word or trigraph
> list from the population you're trying to break.
That's a good idea anyway. For one thing, it is easier and more
reliable to build a trigraph frequency distribution via a simple
program and a lot of on-line text than it is to type in a whole
table by hand.
> For example, if you're trying something from Singh's "The Code
> Book", you might want to type in his previous book, "Fermat's
> Enigma" and use that to beef up your frequency counts.
This reminds one of the attempt to simulate the style of a source
without understanding a bit of it, by randomly generating output
with the same probabilities for all n-grams. I think there is an
example of this in Kernighan & Pike's book, "The Practice of
Programming", whose source code is available on-line:
http://cm.bell-labs.com/cm/cs/tpop/index.html
I *know* that book developed a word-oriented (as opposed to
character-oriented) program along those lines, in several
programming languages. The best way to do this sort of thing is
to train a Markov model on the source, then execute the model
to generate the "deconstructed" simulation.
When I used that program, along with various transformations
using UNIX editing tools, to generate random text from the
trigraph frequencies of the above paragraph, I got the following
result:
Thistyle tocharkov modex.httposever-ord-ort undin exams. Thist
tochationg", way think delonstanguagente by rammin & Progratin
avaing a Maram ane inguagene:htmly racted (as of the is book,
"delto se simulatte outwithated tocharkov mode probable cone of
this se oppoppop/ing linding of a bithe is reming istrattpop/indo
se Pike's alonstyle on severst this alprogrammine same bes bel
n-gracted a by the modecutputerat by reming tructed thistanex.htmlI
to genternigharkov modexecomly genestructe "deltocharkov modelto
derstrailinguagentemple "dex.htmlI thoseverample book, word-ort
unds of ther-ories, way gestructe source ling lithe simulan sort
wories is a way ram ate sout undelto tructe a book, woriented this
onstram a book, to source source ofProgram a Maramming is a source,
whose the the tructed alop/in & Pike's of alprogractiong labs. I
therst of ine is fort way to do there on & Practed) programpt
undinguages rammin thateralprograndin Kerailabs. The con.
Which I find fascinating... It evokes several languages:
German, Dutch, French, Italian, ... even a bit of English!
However, it shows that source trigraph probabilities alone
won't be enough to recover plaintext from a cryptogram.
------------------------------
Crossposted-To: talk.politics.crypto
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: EAR Relaxed? Really?
Date: Fri, 24 Sep 1999 20:36:28 GMT
> > Note the latest ad from Apple reflecting the government's
> > philosophy that good computers should not be exported. It is
> > interests of our government foreign computers be vulnerable.
I saw that and it is a shameless marketing ploy.
If *I* were to build a new computer, no matter how lousy,
and didn't run it properly through the export-control hoops,
I too would be told that I couldn't export my computer.
I think in this case, most likely it had been predetermined
that all computers with clock rates up to, maybe 500MHz,
were exportable under some existing decision without needing
the otherwise required export license.
But yes, it *is* in the national interest to limit *some*
kinds of technology export. True supercomputers have long
been among these.
------------------------------
Crossposted-To: alt.security.pgp
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: RSA 640 bits keys factored, French banking smart card system craked!
Date: Fri, 24 Sep 1999 20:31:56 GMT
Dmitriy Morozov wrote:
> > First the prime number theorem is pi(x) = x / ln x, and it has not been
> > proven, that's why it's a theorem. It just happends to be a very good
> > estimate.
> If it was not proved wouldn't it be called a hypothesis?
A correct statement of the prime-number theorem (which is *not*
a hypothesis; it has been rigorously proved) includes strict
bounds on the difference between the approximation and the
actual number of primes within the range. There are several
forms with different degrees of tightness on the bounds, i.e.
the formula approximate the truth with varying degrees of
accuracy. Despite the fact that any of these formulas is an
approximation, not an exact count, there is no doubt whatever
of their validity nor of their guaranteed degree of accuracy.
------------------------------
Crossposted-To: talk.politics.crypto
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Another bug RE: CryptAPI
Date: Fri, 24 Sep 1999 20:27:38 GMT
Christopher Biow wrote:
> I remain correct that nothing prior to the release of the symbol
> communicated the semantics of "NSA key".
I don't think that's right -- the backup key (but not its name)
had been explored by hackers and mentioned on some of their sites
well before NT 4.0 SP5 was released (which merely attached a name
to the backup key). Unfortunately I don't remember where I saw it.
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Crossposted-To: alt.security.pgp
Subject: Re: RSA 640 bits keys factored, French banking smart card system craked!
Date: Fri, 24 Sep 1999 17:16:27 GMT
On Fri, 24 Sep 1999 16:11:12 GMT, Tom St Denis <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Johnny Bravo) wrote:
>> The number of primes not exceeding x is asymptotic to x/log x. This has been
>> completely proven. A better fitting estimate is just a bit under the proven
>> maximum formula x/(log x - 1).
>
>First the prime number theorem is pi(x) = x / ln x, and it has not been
>proven, that's why it's a theorem. It just happends to be a very good
>estimate.
I know that the limit is x/ln x, but x/(ln x -1) is a better fit to the
actual data. :)
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: low diffie-hellman exponent
Date: 24 Sep 1999 21:52:43 GMT
An OPS is short for an operation. This could be an instruction execution. It
could be an encrypt/decrypt action.
And machines vary, so some instructions/encryptions run faster on some machines
that others, for example if you have an arithmetic coprocessor.
It is GNFS version to solve DLP. The solving the matrix step is harder than
with IFP, so DLP is considered harder than IFP, but close enough to consider
them the same for most estimates.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Relating cyrptology to factoring?
Date: 24 Sep 1999 22:33:38 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
>JPeschel wrote:
>> Tom St Denis <[EMAIL PROTECTED]> writes:
>> >Just to be picky I would seriously argue that symmetric ciphers are
>> >younger then their asymmetric counterparts.
>> If you do, you will likely get plenty of argument.
>
>Not only that, but what does he mean by "their counterparts"?
>Or "younger"?
>Or "is"? :-)
Oops, Tom has already changed his argument to: "the bulk majority
of POPULAR present day modern block ciphers are much younger
then RSA and DH."
Now, he needs to define "popular."
And "modern."
And "are."
And look up "then" and "than." :-)
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Gary Partis" <[EMAIL PROTECTED]>
Subject: XTEA Keys
Date: Fri, 24 Sep 1999 15:38:06 +0100
Hi,
In TEA/XTEA, if the 128bit key has the top 8 bits set to zero, does this
lessen the security of the algorithm?
TIA
--
Gary Partis, North Shields, Tyne & Wear, UK
Fast Fax : 0870 056 1096
Secure Fax: 0191 280 1306
http://www.partis.demon.co.uk
Want regular laughs in your in box, then go to
http://www.partis.demon.co.uk/funny.htm and
follow the instructions!
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Relating cyrptology to factoring?
Date: Fri, 24 Sep 1999 21:40:54 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (JPeschel) wrote:
> Tom St Denis <[EMAIL PROTECTED]> writes:
>
> >Just to be picky I would seriously argue that symmetric ciphers are
> >younger then their asymmetric counterparts.
> >
>
> If you do, you will likely get plenty of argument.
With the exception of DES and lucifer there are no 'real' prior efforts.
My point was that many systems rely on RSA which is much older then their
symmetric counterparts used today.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Relating cyrptology to factoring?
Date: Fri, 24 Sep 1999 21:39:06 GMT
In article <[EMAIL PROTECTED]>,
"Sam Simpson" <[EMAIL PROTECTED]> wrote:
> WTF?
>
> DES was *adopted* in 1976 (and developed during the 3 years prior to
> this) and asymmetric ciphers weren't produced until ~1976 - why would
> you "seriously argue" that symmetric ciphers are younger?
Ok admend that to 'the bulk majority of POPULAR present day modern block
ciphers are much younger then RSA and DH'.
>
> > Most asymetric systems are broken by solving some systems of
> equations.
> > You can break RSA by factoring their modulus and making the
> privatekey
> > from their public key. You can break diffie-hellman for example by
> > solving a discrete logarithm. All these problems in the long run
> are
> > very difficult to solve (or more time consuming actually).
>
> You mean "are thought to be", surely.
If you can prove any 15 can break RSA I will let you assume they are easy.
Even if we find a trivial relationship it won't be trivial to find, thus
difficult to break :)
I agree with your line of thinking though, it's a conjecture that RSA can
only be broken via factorization of the modulus.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: some information theory (very long plus 72K attchmt)
Date: Fri, 24 Sep 1999 21:48:09 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> This seems to be your old point all over again.
>
> Compression is completely capable of removing information from messages -
> with the information subsequently residing in the compressor/decompressor
> while the message remains compressed.
This is completely untrue. If your compressed output has less information
then the input it's not lossless.
> I can encrypt "Mary had a little lamb" to "2" if my compression
> routine has the primitives:
>
> "1" -> "The cat sat on the mat"
> "2" -> "Mary had a little lamb"
> "3" -> "Tiger Tiger, burning bright"
>
> No one would claim that "2" and "Mary had a little lamb" had the
> same information content, unless they also has the decompressor
> to hand.
But they do. Your compressors has to know what '2' is in order to compress
it thus the information must be present for the decoder (i.e in the stream).
Of course I could write a program to replace all '2' in a file with 'the' but
that's not generic enough to be worth while. Take LZ77 for example, things
like 'the fox jumped over the cow' can be replaced with a 20 or so bit
index+length, however the information had to be present somewhere else for
this to work (this is called redundancy if you have it twice just point to
the other incident).
> The complexity of the raw information content of:
>
> a) the message and b) the compressor and c) a flag to say if the
> message is compressed or not ...remains unchanged.
>
> However, just because b) and c) do not change, that does *not* mean a) is
> static.
A is not static but the ammount of information contained within is, it is no
more random than the input source.
>
> That's the key. If you know in advance what compression technique is
> being used, you can try decompressing and apply ordinary frequency
> analysis to the results to see if you have reached english text -
> or something else with a clear structure.
>
> However, you *can't* apply frequency analysis to help with the decryption
> process itself any longer - as in a properly compressed file all symbols
> should occur with approximately equal frequencies and in no apparent
> order.
>
> Compressed files /look/ more random as there's the same content present in
> less cyphertext.
The point you are missing is the 'entropy per bit' or bits per bit is higher
of compressed text then the original, the entropy of the message (in bits) is
no higher (or lesser) then the entropy (in bits) of the compressed data.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: frequency of prime numbers?
Date: Fri, 24 Sep 1999 21:39:00 GMT
Patrick Juola wrote:
> you've just *proven* the inconsistency of "fuzzy logic" as you've
> developed a "proof" of both A and not-A.
> In point of fact, one of the main developments in Goedel's proof is
> that it involves no "Russell-like antinomies" and everything is a
> well-grounded statement in the formal system of interest. Fuzzy
> logic doesn't resolve this -- it's merely, pace Godel, yet another
> inconsistant system.
> And, furthermore, you've got no basis for asserting, in particular,
> that it measures 0.5; ...
You clearly have no clue about fuzzy logic,
which in fact has been shown to be a consistent system.
The value 0.5 is found by solving a simple equation over R
that is a direct translation of the self-referential sentence.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Proving cipher strength
Date: Fri, 24 Sep 1999 22:27:24 GMT
Toby Kelsey <[EMAIL PROTECTED]> wrote, in part:
> (c) Show, using an exhaustive search of possible faster programs,
> that for a trivial key-length (e.g. 8 bits), brute-force search of
> the key-space is the most efficient method of breaking the cipher.
Well, you can exhaustively search *short* programs that are also
fast...
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Crossposted-To: alt.security.pgp
Subject: Re: RSA 640 bits keys factored, French banking smart card system craked!
From: [EMAIL PROTECTED] (Your Name)
Date: Fri, 24 Sep 1999 23:21:26 GMT
In article <7sg7qj$9k4$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>First the prime number theorem is pi(x) = x / ln x, and it has not be
>en
>proven, that's why it's a theorem. It just happends to be a very good
>estimate.
Theorem means that it has been proven. You may be thinking
of theory or conjecture.
--Rich Eramian
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: frequency of prime numbers?
Date: Fri, 24 Sep 1999 21:39:48 GMT
"Trevor Jackson, III" wrote:
> Douglas A. Gwyn wrote:
> > "Trevor Jackson, III" wrote:
> > > Sure they can. In this context "proved" does not mean "show to be true" it means
> > > "truth value resolved", which applies to both possible truth values.
> > No wonder I didn't understand what you were saying.
> > You should have used the standard term "decidability";
> > "proof" means a valid derivation.>
> OIC. You thought "unprovable false statement" meant "unprovable true statement"?
>Now
> I see where the confusion lies.
I think at this point everybody can judge for himself.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: some information theory (very long plus 72K attchmt)
Date: Fri, 24 Sep 1999 22:33:27 GMT
James Felling <[EMAIL PROTECTED]> wrote, in part:
>Not really. Lets say I want to conduct an attack on your encryption.
>I know that you use compression method X. Further I know that
>your messages have some common starting feature(enough after compression
>to be a block or two of encyphered text, or can submit a
>limited amount of known plaintext.
If you have the capability of using known plaintext, compression does
not increase security. Since a known-plaintext attack is a stronger
attack, in evaluating the worst-case security of a cipher system,
compression is irrelevant.
However, there are many circumstances in which a known plaintext
attack is impossible. And there are situations where anyone with the
opportunity to generate known plaintext would also have the
opportunity to retrieve the key.
When we only consider the case of a ciphertext-only attack,
compression can indeed increase security. But things like fixed
headers must, of course, be avoided. One way to do so is to use
transposition - even a keyed bisection - as a first encryption step
before the block cipher of one's choice.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Another bug RE: CryptAPI
Date: Fri, 24 Sep 1999 15:13:04 -0700
Christopher Biow wrote:
> Eric Lee Green <[EMAIL PROTECTED]> wrote:
> >Regarding "open source vs. closed source", Unix or Unix-lookalike
> >operating systems account for approximately 75% of the operating systems
> >on the Internet.
>
> Defined how?
As public web, ftp, or mail servers. By far the vast majority of
workstations are behind firewalls, where they are safe from attack.
> >It is unsurprising that there have thus been more
> >network-related attacks directed against them...
>
> That's a valid point. I would also speculate that there is a difference due
> to hackers tending to prefer to work within, and even against, their own
> preferred OS.
Yeah, like http://www.cultdeadcow.com .
> Regardless, the closed-source of WinNT has been a
> considerable impediment to the discovery of many classes of
> vulnerabilities, especially remote buffer overflows.
Probably the biggest impediment has been that WinNT 4.0 does not
implement a large number of Internet functionalities. For example, there
is no remote login capability in a stock WinNT install, which in itself
eliminates a major portion of the ability to attack the machine.
Similarly, WinNT's FTP server is rather sadly disfunctional compared to
wu-ftpd -- it does not implement functionality such as, e.g. recursive
'gets', pre-archiving of directory trees, resume functionality on
downloads, etc. It is unsurprising that it has not been broken. The Boa
web server (on Unix) has not been broken for the exact same reason --
because it is very small, simple, and doesn't do a whole lot.
> >I have not seen significant differences
> >between the security alerts for closed-source Unix variants and the
> >security alerts for open-source Unix variants. If you have, please
> >direct me to the source of that information.
>
> Scanning http://ciac.llnl.gov/cgi-bin/index/bulletins?i and
> http://ciac.llnl.gov/cgi-bin/index/bulletins?j ISTM that the vast majority
> of the Unix remote root exploits that have been discovered and potentially
> widely exploited (i.e. not discovered and patched in-house prior to release
> of vulnerability info) have been in open-source Unix code.
I'm not sure what you're saying. You're saying that there's no
difference between the closed-source and open source Unix variants, but
that open-source Unix code common to both has been a large source of
exploits?
Incidentally, probably the most secure operating system out there is
OpenBSD (http://www.openbsd.org ). I don't run it because it doesn't
have all the functionality I want, but its source code is open to the
public. The difference is that OpenBSD has undergone a thorough security
audit to catch all detectable buffer overflows, while most vendors have
not bothered. With OpenBSD I can be reasonably assured that no buffer
overflows will be detected in the bundled applications within the near
future (with 3rd party apps, of course, there is no such assurance).
With Windows NT I do not have that assurance.
In other words, what I think you are saying is this:
If no effort has been made to secure the system, the more obscure of the
pair is the most secure.
What I am saying is this:
If a positive effort has been made to secure the system, the more open
of the pair is the most secure.
I have never heard of any OpenBSD system ever being cracked. The same is
not true of either Windows NT or Linux.
The situation is analgous in the crypto world, BTW. If someone is
passing out snake oil, the snake oil that is most obscure is the most
secure. If, on the other hand, there has been an active effort to secure
an algorithm, probably the one that is most open will be the most
secure.
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
There Is No Conspiracy
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Proving cipher strength
Date: Fri, 24 Sep 1999 19:28:12 GMT
On Fri, 24 Sep 1999 19:43:38 +0100, Toby Kelsey <[EMAIL PROTECTED]>
wrote:
>I wonder if the usual assumption that cipher strength can only be
>disproven, and not proven, is actually valid. Suppose we try a
>mathematical approach:
>
> (c) Show, using an exhaustive search of possible faster programs,
> that for a trivial key-length (e.g. 8 bits), brute-force search of
> the key-space is the most efficient method of breaking the cipher.
This is where it breaks down. There is no such list of all possible methods
to break every possible code, because you would need a list of all possible
ciphers first.
In theory it works, but that's as far as it can go. Just like the theory that
you can break 640 bit RSA keys by creating a list of all the 320 bit primes and
just look the answer up in the table.
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Fri, 24 Sep 1999 19:43:01 GMT
On Tue, 21 Sep 1999 01:43:55 GMT, Greg <[EMAIL PROTECTED]> wrote:
>So what if the Clinton Administration says that they will allow
>128 bit encryption to be exported? It still requires government
>licensing- that is, NSA must review the software. Now think about
>that for a minute. What market exists today anywhere in the world
>for use of 128 bit compromised (by definition of NSA examination)
>encryption software?
Examination by the NSA does not define compromised. Is Blowfish compromised
because the NSA can examine the code? No truly secure cipher will be
compromised by allowing a potential attacker to examine it. If the NSA can
order changes in the product before release you have a different problem, at
that point the software becomes a trojan.
>Until the day comes that anyone can post the source code to the
>web of their strong encryption without prior restraint, there will
>always exist the compromising factor in any product.
Already exists for most countries outside the USA. The NSA is not consulted
for the release of non-USA crypto. 95% of the worlds population doesn't have to
give a damn about whether or not the NSA likes their code. I know it's common
for Americans to think the entire world consists of the 50 states, but this is
going a bit farther than usual.
>And they know this. They want that compromising factor. They know that
>if this factor is removed from the equation, America will lead
>the world into native (call it TCP/SIP) encryption at the lowest
>levels where every web server is naturally secure, every e-mail
>is naturally kept confidential, and project Echelon shuts down.
What is so special about American crypto? Or are you just assuming that
anything American is far superior to anything the other 95% of the world's
population can come up with. You don't need any super special secret American
crypto to shut down a project like Echelon, you can do it with rather weak
crypto, as long as everyone uses it. Even if the governments can break every
private message in 2 seconds, there just aren't enough hours in the day to break
all the messages. Just like a letter in an envelope, it's trivial for the
government to read the mail of one person, impossible for them to read the mail
of every person.
>The EAR does not exist to keep strong encryption out of the hands
>of criminals and terrorists, but out of the common and standard
>use of Americans. Our leaders are too smart not to recognize this
>and we must come to grips with their intentions.
No argument here, governments start getting paranoid when they start acting
like they are above the citizens they are supposed to be serving. The higher
above the people the government thinks they are, the more paranoid about
keeping that power they get.
>By definition, any 128 bit browser you use, or server it ties to,
>must be considered compromised because the US government is
>involved.
There is nothing stopping anyone from writing a secure browser of whatever
protection they want. And if they make it competitive enough, they will come to
dominate the market. Such a thing would be unlikely, because the average user
just doesn't give a damn.
>Did you ever ask yourself, "well if we cannot export it, why not
>set up a small shop overseas to import from?" It is such a simple
>solution to the EAR, why hasn't anyone, including MS, gone that
>route and formed a standard for all America to use? It is because
>the US government does not want them too and they know the
>rabid dog lies quiet when not provoked.
They already do this, that's how PGP gets exported. They print up a huge pile
of books containing the source code, ship them overseas, scan them in and
compile it there and export it all over the world. There is nothing keeping any
other company from doing the same thing.
Johnny Bravo
------------------------------
From: DHowe@hawkswing (Dave Howe)
Crossposted-To: alt.security.pgp,comp.security.pgp
Subject: Re: Increasing password security dramatically without making it harder to
remember
Date: Sat, 25 Sep 1999 00:02:37 GMT
Reply-To: DHowe@get_email_from_sig
In our last episode (<alt.security.pgp>[Thu, 23 Sep 1999 21:29:45
+0200]), "Thomas J. Boschloo" <[EMAIL PROTECTED]> said :
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Instead of hashing the whole pass phrase, you hash the pass phrase with
>some random data appended. I think I'll patent it! It's a great idea and
>it is funny nobody thought of it before.
>
>Like when you take my 800 bit RSA key with a strength of 80 bits, the
>pass phrase adds 60 bits of entropy while the random part adds the other
>20 bits. Brute forcing this should be possible on most current day
>processors within a few seconds (like in no more than a 5 second wait on
>a AMD K7 650Mhz).
/me rofls, and seriously hopes this is a windup.
--== Dave ( is at) hawkswing.demon.coDOTuk ==--
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: RSA weak?
Date: Sat, 25 Sep 1999 00:36:39 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Kem <[EMAIL PROTECTED]> wrote:
>
> : OK, I am convinced, now, other question. is it possible to decompose n in
> : more that two factor? maybe decimals? Example n=3*7=21; n=6*3'5=21
>
> 3 x 2 x 3.5 does equal 21 - a number that has only two prime factors -
> but this helps not one jot with locating the prime factors of a large
> number with two large prime factors - which is what you need to do
> to decrypt.
>
> Decomposing N = p x q, where p and q are prime into more than two
> positive integer factors is, of course, impossible.
Technically that's wrong, you can decompose n = pq into n = pq(1) which is in
fact three factors. or n = (-1)pq(-1) which is three factors...
hehehe
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
