Cryptography-Digest Digest #365, Volume #10 Tue, 5 Oct 99 16:13:03 EDT Contents: Re: Compress before Encryption (SCOTT19U.ZIP_GUY) Re: Perfect Shuffle Algorithm? (Randy Poe) Re: Anybody implementing PKCS#11 using SSLeay? (Hideo Shimizu) Re: 2^n - 1 = a * b (Peter L. Montgomery) postdoctoral postitions available at Waterloo (Alfred John Menezes) Re: RSA-512 Broken by Israelis (Tom) Re: RSA-512 Broken by Israelis (Bob Silverman) Re: factoring with quadratic sieve (Bob Silverman) Re: radioactive random number generator (Herman Rubin) Re: radioactive random number generator (Herman Rubin) Re: EAR Relaxed? Really? ("karl malbrain") Re: Newbie question: RSA and Key Escrow ("Matt Atwood") Re: Findkey (MLuttgens) Re: True Random numbers (jerome) Re: Is 128 bits safe in the (far) future? (SCOTT19U.ZIP_GUY) Re: radioactive random number generator ("John E. Kuslich") ---------------------------------------------------------------------------- From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) Subject: Re: Compress before Encryption Date: Tue, 05 Oct 1999 02:57:13 GMT In article <tdaK3.5418$[EMAIL PROTECTED]>, "Richard Parker" <[EMAIL PROTECTED]> wrote: >"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote: >> Using "C" and "C'" for the forward and reverse mapping, >> for all m in V*: C(m) and C'(m) are well defined and in V*. >> for all m in V*: C'C(m) == m and CC'(m) == m. > >I agree. > >> Since V* is open-ended (and denumerably infinite), there are some >> interesting questions about algorithm termination, etc. > >Yes, since V* is countably infinite the properties which we are >discussing are not sufficient to guarantee that a compression >algorithm will terminate. Conventional adaptive Huffman compression, >and David Scott's scheme in particular, do not share this concern >since for these algorithms the amount of expansion that can occur when >an input is compressed can be proved to have a finite bound. > >It is, however, an interesting point. > >> I don't think the name "symmetric" properly captures the essence. >> "Universal", "complete", or "covering" is closer.. > >I don't think "complete" is a good choice, but I think there is an >argument that makes use of both "symmetric" and "universal". If David >Scott's compression function C is used to define a binary relation > > R = {<x,y> in V* x V* : y = C(x)} > >then, unlike conventional compression, the symmetric closure is > > s(R) = V* x V* = U. > >So the distinguishing property of David Scott's scheme is that the >symmetric closure of the compression relation is the universal >relation on V*. > >I'm afraid that this doesn't really get me much closer to finding a >convenient name for his scheme. The phrase "symmetric-closure- >universal compression" doesn't exactly roll off the tongue. > >-Richard > > How about LDS compression for Latter Day Super Compression does that have a better ring to it for you Mr. Parker Take Care David A. Scott -- SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE http://www.jim.com/jamesd/Kong/scott19u.zip http://members.xoom.com/ecil/index.htm NOTE EMAIL address is for SPAMERS ------------------------------ From: Randy Poe <[EMAIL PROTECTED]> Crossposted-To: sci.stat.math,sci.math Subject: Re: Perfect Shuffle Algorithm? Date: Mon, 04 Oct 1999 22:48:50 -0400 Douglas Zare wrote: > Splitting a deck into two even stacks seems quite reasonable; numerous tricks > require that one discreetly place a card into the nth position, though usually n > is smaller. But perfect shuffles are relatively hard. Nevertheless, I have read more than one magician's book claiming that the perfect shuffle can be reliably learned, and that it is the basis of a number of tricks. It doesn't surprise me all that much, since many of the secrets behind magic tricks at the professional level rely on astonishing feats of precision and dexterity. To me, the secret behind the trick is the really impressive part. I believe N=4 perfect shuffles return the deck to original order. I remember Kreskin once saying that many of his card tricks relied on the ability to fan the deck and instantly memorize the sequence. - Randy ------------------------------ From: Hideo Shimizu <[EMAIL PROTECTED]> Subject: Re: Anybody implementing PKCS#11 using SSLeay? Date: Tue, 05 Oct 1999 13:25:48 +0900 See http://www.trustcenter.de/html/Produkte/TC_PKCS11/1494.htm Hideo Shimizu TAO, Japan ------------------------------ From: [EMAIL PROTECTED] (Peter L. Montgomery) Subject: Re: 2^n - 1 = a * b Date: Tue, 5 Oct 1999 05:14:38 GMT In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] ( Doug Goncz ) writes: >Which of the Mersenne prime possiblities which are not Mersenne primes have >exactly two or three factors, other than 1 and self? > >I find n = 4, 9, and 11, which are 3 * 5, 7 * 73, and 23 * 89, in casual play >with a calculator. > >I can make use of n up to, say, 32. http://www.cs.purdue.edu/homes/ssw/cun/index.html has the factorizations of 2^n +- 1 for all n < 600 and many larger n. It also has bases 3, 5, 6, 7, 10, 11, 12, albeit for smaller exponent ranges. -- [EMAIL PROTECTED] Home: San Rafael, California Microsoft Research and CWI ------------------------------ From: [EMAIL PROTECTED] (Alfred John Menezes) Subject: postdoctoral postitions available at Waterloo Date: 5 Oct 1999 13:51:01 GMT ========================================================================== POSTDOCTORAL POSITIONS IN CRYPTOGRAPHY AND QUANTUM COMPUTING Centre for Applied Cryptographic Research Department of Combinatorics and Optimization University of Waterloo Applications are invited for several one-year and two-year postdoctoral positions in any area of cryptography or quantum computing. Some of these positions are being funded through the Applied Cryptography project, which is part of the MITACS Network of Centres of Excellence. A Ph.D. and proven ability, or the potential, for excellent research is required. Responsibilities may include teaching one undergraduate or graduate course per year. Successful candidates will be joining a substantial research and training centre in cryptography at the Centre for Applied Cryptographic Research (CACR). Information about CACR personnel and activities can be found at www.cacr.math.uwaterloo.ca The normal starting date of the appointment is July 1, 2000, however this can be changed on the applicant's request. A $3,000/year travel grant will be provided (with the possibility of more travel funds subject to availability). Interested individuals should send a curriculum vitae, 2 or 3 selected reprints/preprints, and the names of three references to: Professor Bill Cunningham, Chair Cryptography PDFs Department of Combinatorics and Optimization Faculty of Mathematics University of Waterloo Waterloo, Ontario, Canada N2L 3G1 email: [EMAIL PROTECTED] phone: (519) 888-4566 x3482 fax: (519) 725-5441 http://math.uwaterloo.ca/CandO_Dept/homepage.html Closing date for receipt of applications is March 15, 2000. Some applications may be processed as they are received. ========================================================================== ========================================================================== | Alfred Menezes | Email: [EMAIL PROTECTED] | | Department of C&O | Phone: (519) 888-4567 x6934 | | University of Waterloo| Web page: www.cacr.math.uwaterloo.ca/~ajmeneze | | Waterloo, Ontario | Web page for Handbook of Applied Cryptography: | | Canada N2L 3G1 | www.cacr.math.uwaterloo.ca/hac/ | | Centre for Applied Cryptographic Research: www.cacr.math.uwaterloo.ca | ========================================================================== ------------------------------ From: [EMAIL PROTECTED] (Tom) Subject: Re: RSA-512 Broken by Israelis Date: Tue, 05 Oct 1999 17:37:30 GMT Reply-To: [EMAIL PROTECTED] Reminds me of the saying that a reporter is "an expert on everything, yet knows nothing about anything". And of course, the PT Barnum theory. OnTue, 5 Oct 1999 09:21:20 +0100, "Martin Whitworth" <[EMAIL PROTECTED]> wrote: > >Tom St Denis wrote in message <7ta8mm$ua9$[EMAIL PROTECTED]>... >>In article <7ta79g$tbk$[EMAIL PROTECTED]>, >> [EMAIL PROTECTED] wrote: >>> Apparently the Israelis have broken RSA-512, the standard for internet >>> banking, in less than 1 second. >>> >>> >>http://www.sunday-times.co.uk/news/pages/tim/99/09/29/timintint02001.htm >>> l?1341861 >> >>Apparently that website sucks the big one. Do you have excerpts you >>would like to share with the group. >> >>Tom >> >> >>Sent via Deja.com http://www.deja.com/ >>Before you buy. > >FYI, Here is the 'offending' article: >Cheers >Martin > > >No safety in numbers > >BEN HAMMERSLEY > >After an Israeli research institute said it could break Europe's banking >codes in less than a second, a initiative has been launched that could >result in unbreakable codes. > >The European Institute of Quantum Computing Network was launched on Monday, >to bring companies and research labs throughout Europe together in the hope >that the new technology - Quantum Computing - can be taken from the theory >to the high street. > >The institute was founded a few weeks after news leaked from the Israel's >Weizmann Institute that it was using a mixture of quantum computing and >special optical technology to break the RSA-512 code, the system used by the >European banking system. It claims it has developed a hand-held device that >can break the code in 12 microseconds. > >Quantum computing works by taking advantage of the peculiar characteristics >of subatomic particles. Whereas a normal computer relies on a signal - or >bit - being either on or off, a quantum bit can be both on and off at the >same time. This unusual ability means a great deal more information can be >stored. While a regular computer works through each sum one at a time, a >quantum computer can do every operation at the same time. > >This, the EIQC says, offers, "not just incremental improvements, but a >fundamental breakthrough" in computing power - enough for code-breaking, >voice-recognition and translating computers to be simple to build. > >The second aspect of Quantum computing, however, will help to make >information more secure. Using a feature called "quantum entanglement", >information could be sent between two computers that could not be >eavesdropped upon without the two computers' knowledge. Because quantum >physics dictates that monitoring a subatomic particle changes its state; not >only would an eavesdropper announce his presence, but the message would be >garbled. > >"A hacker wouldn't know where to start," says Jonathan Curtis of Quantum >Electronic Devices. > >As one member of EIQC, who wished to remain anonymous, predicts: "While >quantum computers may be some time off, when they are available no >communication will be secure unless it is quantum." > > > ====== Just random thoughts ------------------------------ From: Bob Silverman <[EMAIL PROTECTED]> Subject: Re: RSA-512 Broken by Israelis Date: Tue, 05 Oct 1999 14:36:15 GMT In article <7ta79g$tbk$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote: > Apparently the Israelis have broken RSA-512, the standard for internet > banking, in less than 1 second. > > http://www.sunday- times.co.uk/news/pages/tim/99/09/29/timintint02001.htm > l?1341861 > > Casey I believe that P.T. Barnum is known for having made what is now a very famous remark...... -- Bob Silverman "You can lead a horse's ass to knowledge, but you can't make him think" Sent via Deja.com http://www.deja.com/ Before you buy. ------------------------------ From: Bob Silverman <[EMAIL PROTECTED]> Crossposted-To: sci.math Subject: Re: factoring with quadratic sieve Date: Tue, 05 Oct 1999 14:44:37 GMT In article <7tb5cu$pj1$[EMAIL PROTECTED]>, David A Molnar <[EMAIL PROTECTED]> wrote: > In sci.crypt Bob Silverman <[EMAIL PROTECTED]> wrote: > > With the proliferation of the Web, have people forgotten how to use > > a LIBRARY???? > > Not every libray has access to journals. Yes. Indeed. I agree. But Math. Comp. is one of the most widely circulated journals. Furthermore, if I am truly interested in a subject and the local library does not have a reference, I find that I am willing to spend the time to find a library that does. I often drive in to Cambridge to look up stuff in McKay. I was only trying to make the observation that *in general* people seem to expect everything to be on the Web and that if it is not, that they can't be bothered to take the time to track stuff down at a library. Note that I also offerred to *send* a hard copy if only the poster would send private email with his/her snail mail address. So far, I have heard nothing further. This tells me that the person involved really isn't that interested. -- Bob Silverman "You can lead a horse's ass to knowledge, but you can't make him think" Sent via Deja.com http://www.deja.com/ Before you buy. ------------------------------ From: [EMAIL PROTECTED] (Herman Rubin) Crossposted-To: sci.electronics.design,sci.electronics.equipment Subject: Re: radioactive random number generator Date: 5 Oct 1999 10:53:00 -0500 In article <7tageg$g66$[EMAIL PROTECTED]>, Michael Covington <[EMAIL PROTECTED]> wrote: >I would think that for a true random distribution, you'd want to time three >decay events, then output a 0 or a 1 depending on which is shorter, the >interval between the first two or the latter two. >That ought to always be distributed 50-50 regardless of how active the >radioactive source is. How accurately do you get the time? Analog computation is nowhere near as precise as digital computation. Also, there can be small variations in the timer, and other minor problems. It is easy to come up with reasons why the intervals are not independent. -- This address is for information only. I do not claim that these views are those of the Statistics Department or of Purdue University. Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399 [EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558 ------------------------------ From: [EMAIL PROTECTED] (Herman Rubin) Crossposted-To: sci.electronics.design,sci.electronics.equipment Subject: Re: radioactive random number generator Date: 5 Oct 1999 11:03:35 -0500 In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> wrote: >In sci.crypt -Bodnar,B.L. <[EMAIL PROTECTED]> wrote: >: Actually, there are some VERY good reasons for building a TRUE random number >: generator based on radioactive decay (or some other naturally occurring >: phenomenon). The two which immediately come to mind are autocorrelation >: elimination and the unsettling observation by Marsaglia that pseudorandom >: numbers "fall mainly in the planes" (Marsaglia, G., "Random Numbers Fall >: Mainly in the Planes", Natl. Acad. Sci. Proc., 61:, 1968, pages 25-28). >Marsaglia's comments were directed primarily towards LCGs - which are >known to display this type of regularity. >: I have to worry about these effects ALL THE TIME while conducting Monte-Carlo >: analysis of packet switching systems. >Then you need a better random number generator. Monte-Carlo simulations >rarely require a cryptographically secure RNG, but sometimes require >something a bit more sophisticated than an LCG. It might or might not be the case. There are simulations for which quasi-random numbers, which do not even pretend to be random will do much better. The dependences in poor generators may not be important. However, a slightly biased generator can still be extremely good for cryptographic purposes, but quite poor for simulations, which often have more than 10^10 trials. >I you have a hardware RNG on hand, then by all means use it - but if you >are finding correlations in your random number source, there may be a >simpler way to fix them. It is not correlations which are the problem, but more complicated dependencies. I would XOR a hardware and a software generator. -- This address is for information only. I do not claim that these views are those of the Statistics Department or of Purdue University. Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399 [EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558 ------------------------------ Reply-To: "karl malbrain" <[EMAIL PROTECTED]> From: "karl malbrain" <[EMAIL PROTECTED]> Crossposted-To: talk.politics.crypto Subject: Re: EAR Relaxed? Really? Date: Tue, 5 Oct 1999 10:01:06 -0700 Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]... > karl malbrain wrote: > > And breaking STATE SECRETS is a capital crime. > > Not in the US, which doesn't even have an analogue of the British > Official Secrets Act. Come on, I know you know more than that. Any information stamped CONFIDENTIAL, SECRET, TOP SECRET, EYES-ONLY COMPARTMENTALIZED, etc, carries stiff penalties on revelation. If revealed to another country it's considered a CAPITAL crime. It's what happened to Julius and Ethel (sp?) Rosenberg in the 1950's. Karl M ------------------------------ From: "Matt Atwood" <[EMAIL PROTECTED]> Subject: Re: Newbie question: RSA and Key Escrow Date: Tue, 5 Oct 1999 13:23:12 -0400 Thanks very much! I'm sure that that seems like a very basic question but I couldn't figure out, at least from the fairly simple explanations given in anything that I've read, how that problem would be avoided. I do have a couple more brief questions about that explanation though, if it's not too much trouble. 1) Here n=LCM(p-1, q-1), right? 2) Say there are multiple escrow agencies - k of them. Now suppose the police have M1, M2, M3, etc, up to Mk. Now they know that there exists some constant C such that for some d1, C^d1=M1 mod n, and likewise for d2, d3, etc., up to dk. Why wouldn't this improve their chances at finding d? I mean, there are certain repeating patterns - i.e., modulo 10, the powers of 7 repeat 7, 9, 3, 1, 7, .... The powers of 6 repeat 6, 6, 6, .... So the police might be able to deduce the values, modulo some cleverly chosen number, of at least some of the di's. And now say that the police wanted to see several messages. Wouldn't they need to have several different session keys? For each of these they would see more information about the di's. So couldn't they theoretically figure out (given enough encrypted session keys and a little bit of time in front of a nice government computer) what the sum d of the di's would be, modulo some well-chosen integer? Or would that be impossible because the mathematics that would be needed to do this are inconclusive? Finally, I'd just like to say thanks very much for answering that first question - it seemed like a real flaw in the system at first. -Matt ------------------------------ From: [EMAIL PROTECTED] (MLuttgens) Subject: Re: Findkey Date: 05 Oct 1999 17:45:44 GMT If the algorithm is not very good, finding the key should be easy. Marcel Luttgens ------------------------------ From: [EMAIL PROTECTED] (jerome) Subject: Re: True Random numbers Reply-To: [EMAIL PROTECTED] Date: Tue, 05 Oct 1999 18:00:57 GMT OTP assumes to have a random key. http://www.ciphile.com doesnt say much except it is "hot!" "new!" and obviously "bug free, too!" can you explain how to you produce such key ? On Mon, 04 Oct 1999 23:17:07 -0700, Anthony Stephen Szopa wrote: > >Listen to me: OAP-L3 is a very practical "OTP" implementation. > >No complaints have been received by those who have Version 4.2 >SHAREWARE. > >http://www.ciphile.com > >You should get a copy. ------------------------------ From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) Crossposted-To: comp.security.pgp.discuss,alt.security.pgp Subject: Re: Is 128 bits safe in the (far) future? Date: Tue, 05 Oct 1999 18:56:35 GMT In article <7td6bm$jg9$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote: >From article <7tcue1$13qq$[EMAIL PROTECTED]>, by [EMAIL PROTECTED] > (SCOTT19U.ZIP_GUY): >>> >>>I believe that you can turn off compression if that is what you are asking. >> No that is not what I asked. What I asked was will it be better designed >> so as not to a compress that aids an attacker to break the system. > >Compression doesn't have that big of an effect on cracking a code. As long as >it doesn't provide known plaintext when there otherwise would be. Its main >benefit is shrinking the message size. Its main benefit is making the mesage smaller. However all most all compression schenes in use add information that is valuable to the breaking of the encrypted message. IN some cases so much information is added that the attacker need nor no anything about the message to recover it. This is why one must be careful about the compression used. > >>>You don't want to use both RSA and DH since you get more bang for your buck >>>using one of these with a longer key than using both. >> But if one is broken but if one does not know which. Why not have the >> option to use both. You can't get more bang for the buck if one is weak and >> you don't know which it is? > >RSA and DH are related and if one falls, it is likely the other will too. >If you are specifically worried about algorithm weaknesses you can encrypt >your messages twice. No this not necessaarly ture. RSA can fail if factoring is easy. But iy would take something different to break DH. David A. Scott -- SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE http://www.jim.com/jamesd/Kong/scott19u.zip http://members.xoom.com/ecil/index.htm NOTE EMAIL address is for SPAMERS ------------------------------ From: "John E. Kuslich" <[EMAIL PROTECTED]> Crossposted-To: sci.electronics.design,sci.electronics.equipment Subject: Re: radioactive random number generator Date: Tue, 05 Oct 1999 11:32:11 -0700 Actually, the idea is brilliant!! Even better, feed the thermal noise into an oscillator driven by a strange attractor or other chaos mechanizm. The effect is like thousands of Bejing Butterflies. We are talking hurricanes in Miami!! JK John Larkin wrote: > Boris Kazak wrote: > > > > jjlarkin wrote: > > > > > > Radioactive decay is not only messy to implement, it produces a random > > > pulse train, hardly suitable for turning into nicely distributed > > > gausian noise. > > > > > > A zener diode is a great noise generator. Bias a 10-volt zener at about > > > 0.5 ma, and you'll get nice wideband noise across it. Amplitude will be > > > about 300 nv per root Hz (300 nv times the square root of the bandwidth > > > of the following amplifier). If the amp has a decent highpass response > > > (ie, cut out low-frequency 1/f noise) the result will be excellently > > > random gausian noise with very low autocorrelation for reasonable > > > sample rates. Just digitize it, or slice it and clock into a shift > > > register. > > > > > > If you want perfect 1:0 balance and even lower autocorrelation, stir > > > the zener's random output into the guts of a pseudo-random shift > > > register. > > > > > > easy! > > > > > > John > > ----------------------- > > And one more elegant idea - feed the output of this Zener diode > > into a Voltage Controlled Oscillator, feed the output of this VCO > > into a flip-flop, and at any time when needed sample a random bit. > > > > Best wishes BNK > > Boris, > > actually, that would probably increase the autocorrelation, since the > VCO will tend to oscillate about an average frequency. > > John > > -- > ******************************************************************h > > John Larkin, President phone 415 753-5814 fax 753-3301 > Highland Technology, Inc > 320 Judah Street [EMAIL PROTECTED] > San Francisco, CA 94122 http://www.highlandtechnology.com -- John E. Kuslich Password Recovery Software CRAK Software http://www.crak.com ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: [EMAIL PROTECTED] You can send mail to the entire list (and sci.crypt) via: Internet: [EMAIL PROTECTED] End of Cryptography-Digest Digest ******************************

- Cryptography-Digest Digest #365 Digestifier
- Cryptography-Digest Digest #365 Digestifier
- Cryptography-Digest Digest #365 Digestifier
- Cryptography-Digest Digest #365 Digestifier
- Cryptography-Digest Digest #365 Digestifier
- Cryptography-Digest Digest #365 Digestifier