Cryptography-Digest Digest #354, Volume #10 Sat, 2 Oct 99 21:13:03 EDT
Contents:
Re: radioactive random number generator ("Dave VanHorn")
Re: Compress before Encryption ("Richard Parker")
Re: crypto export rules changing (Jim Dunnett)
Re: gnu mp library exponentiation function ("Dann Corbit")
Re: radioactive random number generator (Jeff Brandenburg)
Factoring public keys attack? (UBCHI2)
Compression Encryption & Plain Text Attacks (SCOTT19U.ZIP_GUY)
Re: radioactive random number generator (jjlarkin)
Re: NEMA, Swiss cipher machine
Re: radioactive random number generator ("Dave VanHorn")
Re: EAR Relaxed? Really? (Alan Mackenzie)
Re: On oldy encryptions
Re: NEMA, Swiss cipher machine
Re: Addition/subtraction mod 256 vs. XOR
Re: Requirement for Uniqueness in Decryption Keys
Re: radioactive random number generator ("Dave VanHorn")
----------------------------------------------------------------------------
From: "Dave VanHorn" <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Sat, 02 Oct 1999 19:22:52 GMT
Ross <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Some time ago, Mike Rosen put a paper on his web page which describes
> in fair detail how to use the radioactive source from a commercial
> smoke detector to generate true random numbers. Seemed a great
> constructional project to me - I wish an electronics hobby magazine
> would put it out in kit form. Mike's description is fairly detailed,
> but if a non-engineer wants to construct it, more details are
> required. Also, I wondered if different constructors would obtain
> different number distributions, due to variation in dimensions of the
> housing and other such parameters.
This is an idea I put forth in circuit Cellar discussions years ago.
Everyone freaked out over using radioactives, even though it's only alpha
particles that can be stopped by paper.
The distribution won't change. The total amount may change, but the time
between hits will still be random.
------------------------------
From: "Richard Parker" <[EMAIL PROTECTED]>
Subject: Re: Compress before Encryption
Date: Sat, 02 Oct 1999 19:43:57 GMT
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> Will then you obvious don''t understand the problem.
> Becasue I am only working with 8-bit byte files. so that 0,1,01,00 ...etc
> that are not in mulitples of 8 bit bytes and not used.
I was unclear, sorry. I was trying to present a model that explained
how a generalization of your scheme differed from generic conventional
lossless compression. If you want to limit the model to those
compression functions that operate on byte sequences instead of bit
sequences, just replace {0,1}* with {0,1,2,...,255}*.
> When I took set theroy years a go a one to one mapping meant that any
> member of set A maps to a member of set B. And if any member of B was
> a mapping of a unique member form set A then that was a one to one
> mapping.
I think I see the source of confusion. I'll assume that when you said
"any" you meant "every." If so, you are describing a mapping from A
to B such that for each member of B there is exactly one member of A
which maps to it. This a "one-to-one mapping of A onto B," or a
"one-to-one correspondence between A and B" or a "bijective mapping
from A to B." A one-to-one mapping from A to B merely requires that
for each member of B there is at most one member of A which maps to
it.
> The question is. Is there a common term for the properties of compression
> that I am using that has been in general use. Have you checked on any texts
> in compression that talk about compressions that are "full complete mappings
> on the 8 bit binary file space such that there are no gaps and that any file
> could be thought of as a compressesd file or equally as a uncompressed
> file"?
I have been unable to find any reference in the data compression
literature that suggests specific terminology for compression
functions that have the permutation/symmetry property of your scheme.
I confess that I haven't really looked all that hard, but if I had
found a name already in use I would have pointed it out rather than
suggesting that a name be invented. Perhaps a search of the
encryption literature would be more fruitful, but I'm not optimistic.
-Richard
------------------------------
From: [EMAIL PROTECTED] (Jim Dunnett)
Crossposted-To: talk.politics.crypto
Subject: Re: crypto export rules changing
Date: Sat, 02 Oct 1999 18:56:02 GMT
Reply-To: Jim Dunnett
On Fri, 01 Oct 1999 20:10:56 GMT, Greg <[EMAIL PROTECTED]> wrote:
> I want to build a reputation of nothing to hide myself.
Then why are you using crypto? :o)
--
Regards, Jim. | Si Dieu n'exist pas, il faudrait
amadeus%netcomuk.co.uk | l'inventer.
dynastic%cwcom.net |
| Voltaire. 1694 - 1778.
PGP Key: pgpkeys.mit.edu:11371 |
------------------------------
From: "Dann Corbit" <[EMAIL PROTECTED]>
Subject: Re: gnu mp library exponentiation function
Date: Sat, 2 Oct 1999 14:40:00 -0700
Paul Rubin <[EMAIL PROTECTED]> wrote in message
news:7t4afe$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>, Amos Waterland <[EMAIL PROTECTED]>
wrote:
> >I post this in the hope that someone in the readership will have had
> >experience coding mathematics programs with the gnu mp math library.
> >
> > I am attempting to calculate two to the power of n, where n
> >is a very large number required for the generation of a large prime.
> >The problem that I have encountered is the fact that the only
> >relevant exponentiation function in the library in question requires
> >a mod argument, which is not an acceptable solution for my
> >application. Has anybody else encountered this problem?
>
> If you're trying to generate big Mersenne primes, gnump isn't the
> right type of library to use. Ask on sci.math.
MIRACL works really well for that.
ftp://ftp.compapp.dcu.ie/pub/crypto/
--
C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
"The C-FAQ Book" ISBN 0-201-84519-9
C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
------------------------------
From: [EMAIL PROTECTED] (Jeff Brandenburg)
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: 2 Oct 1999 17:49:29 -0400
In article <gYsJ3.4513$[EMAIL PROTECTED]>,
Dave VanHorn <[EMAIL PROTECTED]> wrote:
>
>Ross <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> Some time ago, Mike Rosen put a paper on his web page which describes
>> in fair detail how to use the radioactive source from a commercial
>> smoke detector to generate true random numbers. Seemed a great
>> constructional project to me - I wish an electronics hobby magazine
>> would put it out in kit form. Mike's description is fairly detailed,
>> but if a non-engineer wants to construct it, more details are
>> required. Also, I wondered if different constructors would obtain
>> different number distributions, due to variation in dimensions of the
>> housing and other such parameters.
>
>This is an idea I put forth in circuit Cellar discussions years ago.
>Everyone freaked out over using radioactives, even though it's only alpha
>particles that can be stopped by paper.
So why bother using them, when thermal noise is everywhere? Granted,
the distinct thud of a charged particle has more drama than the muted
hiss of a resistor, but aren't they both equally random in the end?
(And if you want to postulate that They have a way to predict or
influence thermal noise waveforms [short of raising or lowering
the temperature, of course], then I'll postulate that They can also
fiddle with radioactive decay. :-))
--
-jeffB (Jeff Brandenburg, Durham, NC)
------------------------------
From: [EMAIL PROTECTED] (UBCHI2)
Subject: Factoring public keys attack?
Date: 02 Oct 1999 22:12:54 GMT
Instead of trying to factor a prime based public key after somebody has used
it, why not have a lookup table of all the keys. It is quicker to create the
keys than to factor a key. So just do the following:
1) 10-20 Years ago, you started your massively parallel computers creating all
possible prime based keys for 128, 512, 1024 and 2048 bit keys. You made the
keys so you also know the primes. Don't do any factoring at all.
2) Now just use a lookup table of the all keys you created to determine the
two primes that an encryptor is using. This is sort of like the "Find" file
command in windows. This eliminates the need for factoring. It also takes
advantage of the fact that creating keys is quick and can be done in advance.
Why do people think that factoring cryptanalysis will only start once a key is
used? The government could have just been making keys for the past 20 years to
put on its lookup table. Then if you use one of the keys of the standard
lengths, they already know the primes. Wouldn't this work against the public
key system?
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Compression Encryption & Plain Text Attacks
Date: Sat, 02 Oct 1999 23:20:21 GMT
These are my views if you don't like it don't read it.
But I feel in the encryption game no one can really prove
that a regular encryption system is immune to plain text
attacks. But one should do what one can to try to weaken all
possible plain text attacks. One of the best ways to prevent
such attacks is to be very careful what one encrypts.
You would never give an opponest the chance to encrypt
the message of his choice in a real world situation. Since
that would be asking for the enemy to break your encryption
system. But this is exactly what one does when one uses
most compression routines. You are doing something to
help some one break your encryption. Yet the crypto gods
say nothing about this except not to worry.
Compression should be done to limit the information one is
giving the enemy. IF you don't compress and you use an AES
type of encryption method the person breaking the system
has all infomation need by examining only a few blocks anywhere
in the encrypted file. The proof of this is that you can easily tell
that informtion is not spread very far through a file. By doing this
test encrypt a file by your favorite AES method and the 3-letter
encryption of your choice use hex editor on the file to change the
middle byte. Then decrypt the program. The only bytes of the message
that are changed are the ones right where you changed the file.
This is becasue the niformation one is trying to hide is not spread
through out the whole file. The NSA does not want you to spread it
through the whole file. It would make there job harder. IN fact if
you send only the last half of the file the enemy if they had the correct
keys could recover all of the blocks sent but the first one in last half
of file. If you sent a file that was compressed with adaptive huffman
compression the last half of the file would do the enemy very little good
since even with the correct key recovering the data would be extremely
hard.
However if you do use one pass of compression. Even my method
the first part of file can used for a plain text attack. But not the middle
or end if that is all the attacker can change. But since it is compressed
the attacker would have to supply a large portion of the file to cause the
blocks to be filled with the data that he wants to get a set of plain text
cipher text pairs. But if the attacker can do that he could do it to the
front of the file with less plaintext supplied even if you did not compress.
Worse yet if your not using a "one to one" compression/decompresion
scheme but you are using compression the attacker can get inoformation that
could aid in breaking the message without even supplying the plain text
for the attack because of the foolish selection of compessors.
In my humble impression only a fool or someone who wishes to
decieve people in how encryption should be done would encourage
people to use compression that weakens the over all security of
messages being encrypted.
I know most people will not take the extra step to compress in both
directions through the file. But this has the advanatage of forcing an
advisory to decrypt the whole file and them decompress to check for
a soultion. It also means that if the enemy can cause you to inject
a choosen text for some sort of an attack it would do him little good
since the effects would be gone. The attacker would have to get you
to supply complete choosen files to get any plaintext cipher text pairs
for the encryption method.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: jjlarkin <[EMAIL PROTECTED]>
Subject: Re: radioactive random number generator
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Date: Sat, 02 Oct 1999 15:04:57 -0700
Radioactive decay is not only messy to implement, it produces a random
pulse train, hardly suitable for turning into nicely distributed
gausian noise.
A zener diode is a great noise generator. Bias a 10-volt zener at about
0.5 ma, and you'll get nice wideband noise across it. Amplitude will be
about 300 nv per root Hz (300 nv times the square root of the bandwidth
of the following amplifier). If the amp has a decent highpass response
(ie, cut out low-frequency 1/f noise) the result will be excellently
random gausian noise with very low autocorrelation for reasonable
sample rates. Just digitize it, or slice it and clock into a shift
register.
If you want perfect 1:0 balance and even lower autocorrelation, stir
the zener's random output into the guts of a pseudo-random shift
register.
easy!
John
please despam reply address
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: NEMA, Swiss cipher machine
Date: 2 Oct 99 22:06:41 GMT
drobick ([EMAIL PROTECTED]) wrote:
: Oh i see 10 Rotor ?!
: cool
No, only five rotors (including the reflecting rotor) and five gears for
controlling the movement of the rotors, disguised so that they and the
rotors look like each other. The program that simulates one of these
machines includes with its help file a description of how it works.
John Savard
------------------------------
From: "Dave VanHorn" <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Sat, 02 Oct 1999 22:44:51 GMT
> So why bother using them, when thermal noise is everywhere? Granted,
> the distinct thud of a charged particle has more drama than the muted
> hiss of a resistor, but aren't they both equally random in the end?
But how do you know that the ONLY noise sources you're lookig at are
gaussian?
With an alpha detector, the "Thuds" are large enough to be well above any
non-random noise, so a simple threshold detector is all you need. Also, you
can't get alphas into the box from outside.
------------------------------
From: Alan Mackenzie<[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Sat, 2 Oct 1999 16:25:33 +0000
karl malbrain <[EMAIL PROTECTED]> wrote:
> Recification under ELECTRICAL ENGINEERING is what you get when using a
> DIODE device in a circuit.
> To a BOLSHEVIK, Social Democrats try to use the `device' POLITICALLY
> and must be moved one step to the LEFT, e.g. have their position
> LIQUIDATED.
Use a diode politically?
> wtshaw spoke of gleaning positivity from GOVERNMENT AGENT'S PRACTICE VIZ
> MONITORING. You'll have to ask him for clarification on that one. I stand
> on the BOLSHEVIK position.
wtshaw spoke of no such thing. He has never used words like "positivity",
as far as I can remember. But you'd better be damned careful that your
'device' is not moved one step to the RIGHT: Your position might be
LIQUIDATED.
I'm asking _you_ for clarification; what you have said up until now makes
no sense to me.
> The atomic scale in question is the scale of ONE INDIVIDUAL's SUBJECTIVE and
> OBJECTIVE connection to the position of question.
No, the atomic scale in question (in the context of Heisenberg's
uncertainty principle) is the scale of hydrogen atoms. None of that has
any relevance to what you're going on about. How can a "connection" have
a scale? As for "position", it's a very abstract word and needs context
to give it meaning. You haven't given any such context.
> You simply cannot reduce POLITICAL questions to individual scales.
Some you can, some you must. For example dealing with an alleged war
criminal from another country.
> If you find that you need to ascertain where they're coming from, you
> don't know where they are now, and vice-versa. That's UNCERTAINTY.
Agree 100%. The uncertainty is whether the pronoun "they" refers to
"political questions", or "individual scales", something else or indeed
nothing at all.
> The jargon comes from usage of MARTOVIAN VOCABULARY. Look it up.
"Martovian" isn't in my dictionary. But I would like to suggest to you
again that you cease using such jargon and converse with the rest of us
in normal English.
> What exactly IS your position???
That was a nasty rhetorical trick, sir, of which you should be ashamed!
The ball remains in your court.
> Karl M
--
Alan Mackenzie (Munich, Germany)
Email: [EMAIL PROTECTED]; to decode, replace "aye" by 'a', "see"
by 'c', etc.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: On oldy encryptions
Date: 3 Oct 99 00:09:47 GMT
Mok-Kong Shen ([EMAIL PROTECTED]) wrote:
: I often wonder whether the time has indeed so drastically changed
: our world that nowadays really top secret messages can no longer be
: written except through pushing several megabytes down the
: communication channels. If the messages are of the oldy style and
: infrequent and the 5-channel telegraphic code is used, how easy
: really is the job of the analyst, if a (general) polyalphabetic
: substitution is used, together with sufficiently good key management
: and frequent change of the substitution table?
I wouldn't recommend going back to paper-and-pencil style methods simply
because some modern encryption programs use bloated file formats.
Encrypting with DES or Blowfish only requires that your message be at
least eight bytes long.
The only thing that *really* requires sending a large number of bytes down
a communications channel is public-key cryptography. That can be dealt
with in two ways:
- just as in using a paper-and-pencil method, exchange a key in advance
with your correspondent, or
- use public-key-cryptography only the first time, to exchange a secret
key for conventional cryptography in future.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: NEMA, Swiss cipher machine
Date: 3 Oct 99 00:17:44 GMT
[EMAIL PROTECTED] wrote:
: drobick ([EMAIL PROTECTED]) wrote:
: : Oh i see 10 Rotor ?!
: : cool
: No, only five rotors (including the reflecting rotor) and five gears for
: controlling the movement of the rotors, disguised so that they and the
: rotors look like each other. The program that simulates one of these
: machines includes with its help file a description of how it works.
However, it's still cool, because the way the rotors are moved is very
irregular.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Addition/subtraction mod 256 vs. XOR
Date: 3 Oct 99 00:03:42 GMT
Mike DeTuri ([EMAIL PROTECTED]) wrote:
: I was wondering if there is any benefit to encrypting using addtion
: mod 256 in RC4 instead of the standard XOR. Of course, decryption
: would be subtraction mod 256. Has anyone tried this? I've searched
: DejaNews but found nothing conclusive.
No, there could be no benefit, if you mean adding the keystream output to
the plaintext instead of XORing it to the plaintext. Either way, one has
the same complicated keystream to somehow deduce.
The use of addition instead of, or mixed with, XOR within a complicated
encryption process, however, can improve things. But simply changing the
final step won't help matters.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Requirement for Uniqueness in Decryption Keys
Date: 3 Oct 99 00:15:23 GMT
wtshaw ([EMAIL PROTECTED]) wrote:
: Looking at inductive algorithms, a good question is whether the idea that
: many ciphertext can be decripted to a single plaintext is allowed by the
: description. If not, then it is bad. If you understood d could allow a
: set of random outputs, then it would be OK, or true.
: If your idea of symmetry revolves around one ciphertext being tied to one
: plaintext, then you are really unprepared for truly asymetrical algorithms
: that have nothing to do with public key, and have missed one of the
: greatest, and one of the oldest ideas, in crypto.
Well, that idea is not completely forgotten, even by the most hidebound.
The use of an initialization vector with ordinary block ciphers means that
for one key, there are still 2^64 ways to encipher the same plaintext. And
usually rotor starting positions were sent with messages encrypted by
rotor machines as well.
But the Bazeries cylinder does have unique features that aren't similar to
anything that is very popular these days, I still have to admit.
John Savard
------------------------------
From: "Dave VanHorn" <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Sun, 03 Oct 1999 01:10:03 GMT
> As far as I can see, the only reason to construct such a hardware
> random number generator is the coolness factor. Sure, anybody
> can make a noise source with just a resistor and a capacitor,
> but it takes a real engineer to use a dangerous radioactive source.
> You could do it in a ridiculously hard way, but then you'd
> have to compete with things like http://lavarand.sgi.com/
> and http://www.fourmilab.ch/hotbits/
That's the whole point. An alpha source is totally safe, as long as you
don't EAT it.
The radiation is helium with no electrons.
Can you live with a few helium nucleii bouncing off you?
Seems likely, as you already are.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
