Cryptography-Digest Digest #371, Volume #10 Thu, 7 Oct 99 01:13:02 EDT
Contents:
Re: rc5-128 cracking $20 per letter ("Steven Alexander")
Re: Invention Secrecy Order (was Re: EAR Relaxed? Really?) (Eric Smith)
Re: Invention Secrecy Order (was Re: EAR Relaxed? Really?) (Eric Smith)
Re: EAR Relaxed? Really? ("Rick Braddam")
Re: radioactive random number generator (Jeff Brandenburg)
Re: radioactive random number generator (Boris Kazak)
Re: radioactive random number generator ("Trevor Jackson, III")
Re: radioactive random number generator ("Trevor Jackson, III")
Re: radioactive random number generator ("Trevor Jackson, III")
Re: radioactive random number generator ("Trevor Jackson, III")
Re: Is 128 bits safe in the (far) future? ("Trevor Jackson, III")
Re: radioactive random number generator (Rich Grise)
Re: There could be *some* EIAC
Re: Which encryption for jpeg compressed pictures? (Jack Berlin)
Re: RSA-512: Weizmann Institute: London Times
----------------------------------------------------------------------------
From: "Steven Alexander" <[EMAIL PROTECTED]>
Subject: Re: rc5-128 cracking $20 per letter
Date: Wed, 6 Oct 1999 16:38:59 -0700
If you really knew how you'd beat distributed.net in the rc5-64 contest and
have a nice $10k for yourself which isn't bad money for short work.. At any
rate, you're full of shit.
-steven
John A Croll <[EMAIL PROTECTED]> wrote in message
news:7tfl98$if8$[EMAIL PROTECTED]...
> i will decypher any rc-5 encrypted file that started out
> as a normal english language file that used normal grammar.
> i am 85% to 90% accurate. i charge $20.00 each for both
> letters and spaces. i charge a lot because it is dreary work
> and because i am the only one who can do it at this time.
> The catch is that my method does not allow accurate
> decryption of numerical data such as dates or credit card
> data.
> bye
>
>
>
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Invention Secrecy Order (was Re: EAR Relaxed? Really?)
Date: 06 Oct 1999 16:26:21 -0700
[EMAIL PROTECTED] (John Savard) writes:
> It's the secrecy order itself that would bind the inventor, and the
> issuance of secrecy orders (or, more specifically, the authority of
> certain government agencies to issue them) is covered by other
> legislation which does specify penalties; this legislation only covers
> the Patent Commissioner's response to one.
OK, but I can't find any statutory authority for the issuance of such
secrecy orders other than 35 USC 181. This legislation fully describes
the process of getting the required secrecy order; it does NOT reference
any other kind of secrecy order obtained under other statutes, or give
the Patent Commisioner authority to delay or seal patent applications
covered by such an order.
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Invention Secrecy Order (was Re: EAR Relaxed? Really?)
Date: 06 Oct 1999 16:30:21 -0700
[EMAIL PROTECTED] writes:
> Try a few sections later:
> Section 186, Penalty
Oh. That's it, alright!
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Wed, 6 Oct 1999 17:21:19 -0500
Greg <[EMAIL PROTECTED]> wrote in message news:7tel83$459$[EMAIL PROTECTED]...
>
> > Law enforcement officers, of whatever branch, are people
> > just like everyone else on the street. The vast majority
> > of them are decent, hard-working people who are just
> > trying to do a very difficult job. To characterize all
> > the good ones as unprincipled, immoral, or evil is just
> > a wrong as ignoring or failing to hold accountable those
> > few who are.
>
> Those "many" you refer to will continue to violate our highest
> law because they will be told it is correct to do so- so much
> for characterizing.
You criticize the many for the acts of the few. That is illogical as well as wrong.
I'll concede your point as soon as you identify
the "highest law" officers violate when they respond to an alarm at night, in a
business where they don't know if there is an armed
thief or just the owner going back for their car keys inside; or when a highway patrol
officer pulls a drunk driver over; or when
any officers are performing the thousands of other duties they do every day in spite
of being underpaid, overworked, and considered
enemys by some of the people they work for even though they have never had dealings
with them. Officers _are_ just people off the
street, and as such you will see all kinds. There are bullies, cowards, and those who
want to be in positions of authority so they
can push others around. There are also those who are doing a job no one else wants so
that their families can sleep at night or walk
to the store in safety. If you want only people of the highest caliber in law
enforcement, you're going to have to raise the pay
level high enough to attract them from other jobs, and provide the benefits they need.
Until then, you'll get what you pay for.
> Until they stand up against the corrupt leadership and say,
> "Hell, no! We won't follow that unconstitutional order!",
> they ARE Karl's very worse nightmare come to life.
Until WE stand up against the corrupt _civil servants_ we have hired (elected) and
tell them we won't allow _that_ law (any bad law)
we are Karl's worst nighmare. We have so many laws on the books now that it may be
impossible to go just one day without breaking
one of them. We may be accomplishing with our laws what Marx, Lenin, Markov, Stalin
and all the others couldn't do with guns.
> Don't knock what he is saying. He is correct far more than
> you care to admit.
I wasn't trying to say that there aren't any bad law enforcement officers, but that it
is wrong to say that ALL law enforcement
officers are bad. If we have more bad ones than good ones, it is our own fault for not
having in place selection criteria which weed
the bad ones out, and sufficient incentive to attract more good ones. I think that we
have more good ones than bad ones, but my
contact with them is limited.
I also don't like the idea of having SWAT or CERT teams, but I can't come up with an
alternative. To me, their military-type
equipment, tactics, and training make them a military force which should be prohibited
under the constitution.
Speaking of which, when I enlisted in the military (1966) I took an oath to protect
and defend the Constitution of the United States
and to defend it from all enemies, foreign and domestic. There was no expiration date
on that oath. When I became a Corrections
Officer, I took an oath to protect and defend the Constitution of the United States
and the Constitution of the State of Florida,
and to enforce the laws of the State of Florida. I suggest that any LEO under any
branch of the government has taken a similiar
oath. Any caught in violation of that oath are also in violation of applicable law,
and should be prosecuted under the applicable
law.
As long as we at the "grass-roots" level turn our heads and look the other way,
instead of raising our voices and insisting that
action be taken, we are responsible for the results. Each of us individually, and all
of us collectively.
Rick
------------------------------
From: [EMAIL PROTECTED] (Jeff Brandenburg)
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: 6 Oct 1999 22:12:14 -0400
In article <[EMAIL PROTECTED]>,
Chuck Parsons <[EMAIL PROTECTED]> wrote:
>
>> In practice, this inversion would be done numerically: t = -(1/r)*ln(u) where
>> "u" is the random number from the uniform pdf. "u" is used instead of "1-u"
>> since both are uniformly distributed. "t" is exponentially distributed.
>>
>> The same approach can be used to map ANY distribution into ANY other
>> distribution.
>
> I would like real numbers uniformly distributed on (0,1) with the rationals
>removed. :-)_
Well, gee, I'd think ln(u) would be irrational with probability approaching
1 for u in (0,1), even though the set of values of u for which it *is*
rational is countably infinite. My math isn't good enough to say much
about the intersection of that set with rationals -- say, multiples of
2^-32. :-) If ln(u) is irrational, so is any product of that value with
rationals, right?
So, all we have to do is throw out the values of u that produce a rational
result, throw out 0, and find a format for reporting the result... :-)
--
-jeffB (Jeff Brandenburg, Durham, NC)
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Wed, 06 Oct 1999 19:26:31 -0400
Reply-To: [EMAIL PROTECTED]
John Larkin wrote:
>
> Boris Kazak wrote:
> > feed the output of this Zener diode
> > into a Voltage Controlled Oscillator, feed the output of this VCO
> > into a flip-flop, and at any time when needed sample a random bit.
> >
> > Best wishes BNK
>
> Boris,
>
> actually, that would probably increase the autocorrelation, since the
> VCO will tend to oscillate about an average frequency.
>
> John
>
> --
> ******************************************************************h
>
> John Larkin, President phone 415 753-5814 fax 753-3301
> Highland Technology, Inc
> 320 Judah Street [EMAIL PROTECTED]
> San Francisco, CA 94122 http://www.highlandtechnology.com
=======================
And that's the whole point - the central frequency will be modulated
by the random noise signal. Imagine the VCO running at (5 +/- 0.5 )MHz,
sample the output flip-flop each 10 microseconds, et voila!
You will have 50 +/- 5 reversals of the output flip-flop between two
consecutive samplings, and even Allah the Allmighty will have trouble
predicting, will this number of reversals be odd or even.
If this system will be coupled with a serial port in full-duplex
mode, then the clocking pulses for sampling can be provided through
the same port, very convenient and self-synchronizing.
Best wishes, will you try it? BNK
------------------------------
Date: Wed, 06 Oct 1999 22:46:55 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Dave VanHorn wrote:
> > The reason it is so easy to stop is that it dumps energy into surrounding
> > materials very quickly. It has a chargfe of +2 and 8,000 times the mass
> of an
> > electron. So it rips many electrons away from their owning atoms. *MANY*
> > electrons.
>
> ??? It can only hold two. How does it do this?
It does not hold them. It's interactions with the ambient material is so
violent that, were it to aquire 2 electrons and become neutral, the next impact
would re-ionize it.
A high sckool experiment uses dry ice and alcohols to make a cloud chamber in
which alpha traces can be seen. When you see the two inch line caused by a
single alpha particle traversing the cold vapor you're seeing multiple (hundreds
or thousands?) ionizations in action.
------------------------------
Date: Wed, 06 Oct 1999 22:48:36 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Dirk Bruere wrote:
> Rich Grise wrote:
> >
> > Heh. Guess we're hearing from the hysterics.
> >
> > Cancer is caused, believe it or not, by repression of emotional
> > expression, and by self-hatred.
>
> I think we need to find out why people inadvertantly exposed to ionising
> radiation develop a statistically significant increase in self
> repression and self hatred.
;-)
There's probably a Nobel in there titled "The psychoactive properties of
synthetic nuclei"
------------------------------
Date: Wed, 06 Oct 1999 22:57:19 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
CT Franklin wrote:
> "John E. Kuslich" wrote:
>
> > Go ahead, buy an op-amp, a zener, a couple of resistors and make yourself a
> > random source. Sample the output with your PC and run the Die-Hard test suite on
> > your data.
> >
> > The very first thing you will discover is that there are more ones than zeros
> > (or the reverse) because of offset in your sampler or amplifier. Then you will
> > find that there is bitwise correlation between portions of the output stream
> > because of power supply ripple, pick-up, etc. After you discover fixes for these
> > problems, you will find that other more difficult to diagnose biases appear in
> > the output stream (like failure to pass the parking lot test).
>
> This is interesting, but I find that I am a little confused. Aren't there easy
> ways to extract some randomness from the data at the expense of generating random
> numbers at a lower rate? Consider the issue of bias (more ones than zeros).
> Take the output two bits at a time. If the bits are 00 or 11, discard them, if the
> bits are 01, output 1, of the bits are 10, output 0. This gives you an average
> rate of one bit out for 4 bits in (unless the bias is really bad). But, assuming
> no serial correlation, it wipes out any bias.
It wipes out any single bit bias, but if I'm using an A/D to increase my sampling rate
and pulling out (say) 4 bits of LSB noise I'll find higher-than-normal frequencies at
numbers my circuit "likes". If these "favorite" numbers are 5, 7, and 11 the output
filtered as above will have a bias toward 1 and away from 0.
>
>
> Similarly, I suppose I want to reduce or eliminate easily detected correlations in
> the data. Take 110 bits of data, divide into 56 and 64 bits. Encode the 64 bit
> block using DES with the 56 bit block as the key.
>
> Another technique is to consider the data as coming in two streams, say strings of
> bytes x1, x2, x3 ... and y1, y2, y3. We could use one stream to index characters
> out of the other stream. (I've seen this technique called the Tausworth product of
> random number generators.) (see "Improving a Poor Random Number Generator," by C.
> Bays and S. D. Durham, ACM Transactions on Mathematical Software , Volume 2, Number
> 1, March 1976)
>
> If all you need to generate is suffient random numbers to provide good session keys
> for something like one of the AES candidates aren't these techniques good enough?
>
> Regards,
>
> CT
------------------------------
Date: Wed, 06 Oct 1999 23:02:40 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
jjlarkin wrote:
> In article <[EMAIL PROTECTED]>, "John E. Kuslich"
> <[EMAIL PROTECTED]> wrote:
>
> > The problem is much more difficult than even
> > designing a switching power supply for example.
>
> Gosh, I've done 20 or 30 switchers in the last 30 years. I didn't
> realize how difficult it is.
>
> > The very first thing you will discover is that there are more ones
> > than zeros
>
> As I addressed in a prievious post, this one is actually easy to fix.
> Just xor the zener stream with the output of a long cyclic shift
> register or, even better, xor it *into* the shift register. That will
> not only fix the 1/0 ratio, but wash out nearly all autocorrelations.
> Pseudo-random shift registers already pass all randomness tests except
> that they repeat (easily fixed: make the repeat period a few million
> years) and they have a slight 1/0 bias (repeat last fix).
Not all FSR configurations have this bias. First, for configurations with an
odd number of taps all ones is a degenerate case just as all zeros: because they
generate themselves. Second, FSRs with inverted feedback functions and any
parity of taps have no bias because the all-zeros case is not forbidden, nor is
the all ones case. The two flavors of alternating bits are co-degenerate, but
the loss of those two states causes no bias.
> Cyclic codes
> are cryptographically crackable precisely because the generator
> algorithms are simple hence discoverable. Combining true random noise
> with a cyclic generator solves that problem.
>
> A few zener noise generators plus an FPGA full of PRN registers and
> xors should create a stream that would take a good chunk of the world
> GNP to pick patterns out of, assuming a few terabits of output were
> available to work on.
>
> John
>
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
> The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Date: Wed, 06 Oct 1999 23:18:39 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Is 128 bits safe in the (far) future?
Thomas J. Boschloo wrote:
> "Trevor Jackson, III" wrote:
> >
> > If you don't use the worst case you'll have a hard time defending an arbitrary
> > choice of a better-than-worst case. If the exercise is meaningful at all,
> > everyone's calculations should land in about the same key size region. Otherwise
> > you're just making a guess based on unsupported assumptions.
>
> <snip>
>
> > "Thomas J. Boschloo" wrote:
> >
> > > Maybe this is silly, but I intend on using 256 bit encryption if I write
> > > my own encryption product. At least it will be very expensive to crack
> > > messages encrypted with that product, even if in the future the US has
> > > had the moon converted to some multi-purpose super computer (I think
> > > they are that silly <g>).
> >
> > Good for you. Pick something you are comfortable with. But don;t try to present
>it
> > as a reasoned conclusion. It is not. It's what youa re comfortable with, and
> > that's sufficient reason for your purposes.
>
> Thank you for your kind and helpful replies. It has however made me
> extremely curious as to what your worst case bit length would be? I hope
> I am not offending you by asking!
Taking the reductio-ad-absurdum numbers I mentioned originally I think you have 1e33^3
processors per cubic meter, 1e16^3 meters per cubic light year, and 1e10^3 cubic light
years per observable universe. Total processor count is thus 1e178. Given a cycle
time
of 1e-43 seconds, 3e7 seconds per year, and the life of the universe at 1e31 years, you
have 3e81 testing cycles. Total number of tests is 3e259.
That's about 865 bits. Quite a lot by today's crypto standards. Not a lot given the
rate
of growth in machine capacities.
------------------------------
Date: Wed, 06 Oct 1999 20:17:25 -0700
From: Rich Grise <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Dave VanHorn wrote:
>
> > Note that alpha radiation, while easy to shield against, is absolutely the
> worst
> > form of tissue destruction. It is ionizing radiation with a vengance.
> Ionizing
> > radiation destroys the molecules that make up tissue. It is about as
> mutagenic
> > as it is possible to be.
>
> Think of bowling balls in a china shop.
>
> > The reason it is so easy to stop is that it dumps energy into surrounding
> > materials very quickly. It has a chargfe of +2 and 8,000 times the mass
> of an
> > electron. So it rips many electrons away from their owning atoms. *MANY*
> > electrons.
>
> ??? It can only hold two. How does it do this?
Well, that would be the process of transferring its kinetic energy,
much the same way as spectral absorption lines or lasers work. Each
collision ionizes an atom, until it finally runs out of energy.
But it KILLS cells, doesn't make them multiply beyond control.
That's an entirely different mechanism.
Heck, why do you think there's "radiation treatment" for cancer?
Cheers!
Rich
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: There could be *some* EIAC
Date: 7 Oct 99 03:12:09 GMT
[EMAIL PROTECTED] wrote:
: EIQC spells bad news for the validity of the article:
: http://www.eiqc.org/
Ah: you have concluded that the Sunday Times article was based on a
garbled version...
of Twinkle.
The site associated 512-bit RSA with Twinkle, and it somewhat overhyped
Twinkle, so it could well have contributed to the erroneous report. I
think you've cleared up the mystery, in fact.
John Savard
------------------------------
From: Jack Berlin <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,comp.graphics.algorithms,comp.compression
Subject: Re: Which encryption for jpeg compressed pictures?
Date: Wed, 06 Oct 1999 23:40:23 -0400
Reply-To: [EMAIL PROTECTED]
Hi,
I am not sure what this is all about but every Pegasus application in
the last few years allows for encryption of single or multi image files,
part of which involves our own patent. It is not government type stuff,
but good I think. A lot of firms us our compressors and decompressors,
or browser plugin on each end to send around password locked images.
My 2 cents,
jack
--
|------------------------------------------------------------------|
Shrink your JPEG images live: http://www.jpegwizard.com/
http://www.pegasusimaging.com/ - Pegasus - BETTER DIGITAL IMAGING!
|------------------------------------------------------------------|
Herbert Kleebauer wrote:
>
> I'm writing a viewer for encrypted multi-jpeg files.
> Because I'm not familiar with encryption, I need some
> help. I need an encryption which is
>
> 1. absolutely secure. If you have the original and the
> encrypted file, it must be impossible to proof, if
> one is the encrypted version of the other.
> 2. fast
> 3. free
>
> In a first version (you can download the c-source and a
> WINDOWS binary from ftp://137.193.64.130/pub/jpeg/ )
> I'm using IDEA. But IDEA is patented by ASCOM and the
> free use is very restricted. Any suggestions for the
> encryption algorithm?
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: RSA-512: Weizmann Institute: London Times
Date: 7 Oct 99 03:16:03 GMT
ca314159 ([EMAIL PROTECTED]) wrote:
: Douglas A. Gwyn wrote:
: > What I want is more info on the supposed Weizmann device
: > that cracks a 512-bit RSA key in 12us.
: "The institute was founded a few weeks after
: news leaked from the Israel's Weizmann
: Institute that it was using a mixture of
: quantum computing and special optical
: technology to break the RSA-512 code, the
: system used by the European banking system.
: It claims it has developed a hand-held
: device that can break the code in 12
: microseconds."
: Twinkle could be called "special optical technology"
: http://www.rsa.com/rsalabs/html/twinkle.html
: and anybody could say that if a photon was involved
: in any way, that it was "quantum computing", or cryptanalysis,
: but the transfer of information from point A to point B
: without any physically measureable intermediary would
: more likely be called "quantum cryptography" or maybe
: "psychic communication".
: http://www.newscientist.com/ns/19991002/quantumcon.html
It turns out you're right.
The title "No Safety in Numbers" was used for a web page at the
http://www.eiqc.org/
site, and it was talking about Twinkle and RSA-512, as an article in a new
thread (There could be *some* EIAC) revealed.
So Twinkle, hyped up on this site, and further garbled by the Sunday
Times, is the source of this rumour.
I hope the Sunday Times not only runs a retraction, but prints a picture
of D. H. Lehmer's device with it!
John Savard
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
