Cryptography-Digest Digest #374, Volume #10       Thu, 7 Oct 99 20:13:03 EDT

Contents:
  Re: radioactive random number generator (Dan Day)
  Re: Block encryption with variable keys (Mok-Kong Shen)
  Re: Newbie question:  RSA and Key Escrow (Iain Lowe)
  InoculateIT detected the (W95/Happy99.worm) virus in Mailbox (Pub (InoculateIT)
  InoculateIT detected the (W95/Happy99.worm) virus in Mailbox (Pub (InoculateIT)
  InoculateIT detected the (W95/Happy99.worm) virus in Mailbox (Pub (InoculateIT)
  InoculateIT detected the (W95/Happy99.worm) virus in Mailbox (Pub (InoculateIT)
  InoculateIT detected the (W95/Happy99.worm) virus in Mailbox (Pub (InoculateIT)
  InoculateIT detected the (W95/Happy99.worm) virus in Mailbox (Pub (InoculateIT)
  Re: radioactive random number generator ([EMAIL PROTECTED])
  Re: radioactive random number generator (Dan Day)
  Re: Exclusive Or (XOR) Knapsacks (Patrick Juola)
  Re: Is 128 bits safe in the (far) future? (Scott Nelson)
  Re: RC-5 breaking, $19 per letter (John Savard)
  Re: There could be *some* EIAC (John Savard)

----------------------------------------------------------------------------

From: [EMAIL PROTECTED] (Dan Day)
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Thu, 07 Oct 1999 21:45:50 GMT

On Wed, 06 Oct 1999 20:13:38 -0700, Rich Grise <[EMAIL PROTECTED]>
wrote:
>Well, I didn't say it doesn't cause _tissue damage_, just not cancer.
>In fact, radiation (I'm not sure if it's alpha, beta, or gamma) has
>been used to _fix_ cancer, by killing the tissue involved. If I
>swallowed
>one of those things, cancer wouldn't be what was caused - it'd be more
>like scarring. I'd certainly think that tissue damage would have
>practically the _opposite_ effect from "causing" cancer - why would
>the damaged cells not only live, but grow furiously?

Because some of the "tissue" it damages happens to be the machinery,
and blueprints (DNA) that controls (and when undamaged, limits) cell
replication...

Sure, most of the damage that radiation causes simply "hurts" a cell
(and/or kills it).  But a tiny percentage of the rampaging radiation
particles will "hit" a cell in its replication department, and if
it happens to damage that replication machinery in such a way that
it disables the mechanism that says "no more replication for now",
then cancer will obviously result.  And it only takes *ONE* such
"broken" cell to be the seed of a cancerous tumor.

And the more radiation you get exposed to, the higher the odds
that sooner or later you'll get a cell damaged in exactly the
right way to turn it cancerous.


--
   "How strangely will the Tools of a Tyrant pervert the 
plain Meaning of Words!"
   --Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776

------------------------------

From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Block encryption with variable keys
Date: Thu, 07 Oct 1999 23:27:06 +0200

Doug Gwyn (ISTD/CNS) wrote:
> 
> Mok-Kong Shen wrote:
> > Why does DES (and similar block ciphers) keep the key constant
> > and not varying from block to block?
> 
> Why are there 12 items in a dozen?  It just is what it is.

I am not sure that I understood you. The key is choosen by the
user. He can certainly choose to consider each block as a seperate
encryption and use a seperate key, can't he? I way asking why
the practice of using the key is simply maintaing the key constant 
and not attempting to change it from block to block.

M. K. Shen

------------------------------

From: Iain Lowe <[EMAIL PROTECTED]>
Subject: Re: Newbie question:  RSA and Key Escrow
Date: Thu, 07 Oct 1999 17:53:47 -0400

Matt Atwood wrote:
> 
> Hello everyone!  I have a question about key escrow security.  I've looked
> for the answer in the FAQ and I may just be missing it, but I'll go ahead
> and ask this question.  I'm sure there's a simple answer but I haven't been
> able to find it.
>     Anyway, suppose you have some system that uses the RSA private
> key/public key system, with two very large prime numbers p and q which each
> individual user knows, although anyone can easily figure out the product pq
> and thus send messages to the recipient.  Now say for some reason you want
> to use some kind of a key escrow system like the one that the Clipper chip
> uses, where each of the two primes p and q is held by a separate agency for
> security reasons (i.e., it takes 2 corrupt officials to break your privacy
> illegally.)
>     Is everything I've said here correct?  If so, why couldn't either of
> these two officials, given reasonable technical expertise, simple divide the
> publicly available pq by p (assuming without loss of generality that p was
> the key they had) to get q?  And wouldn't that invalidate the point of
> having two separate agencies?  (I'm sure that this could be fixed my adding
> more primes to give a longer public key (say pqrs) and four different
> portions of the private key.
>     Again, I'm sure that there must be a very simple answer and I'm sorry
> for bothering all of you, but I haven't been able to find it by myself.
> Thanks for your help!
> 
> -Matt

I'm sure a regular will correct me if I'm wrong...

One way to do it would be to take your number p (or q) and XOR it with a
cryptographically secure pseudo-random number having the same number of
bits as p (or q). We'll call this random number r. So the math goes like
this:
p XOR r = x
Now you give r to one agency and x to another. When a court order is
obtained the first agency (this is where I get fuzzy) decrypts the
message using r and q as the two numbers. This should generate seemingly
meaningless garbage. The second agency does the same. Then the two
results are XORed together to obtain the original plaintext.
This scheme can involve any number of escrow agencies. In a situation
with n agencies, one agency would be given x and the other n-1 would
receive cryptographically secure random numbers (x obviously being the
XOR of all the random numbers and the prime to protect).
-- 
In the beginning, God typed "M-x create-world".
Computers were slower back then.
"M-x create-cyberspace".

------------------------------

From: InoculateIT
Subject: InoculateIT detected the (W95/Happy99.worm) virus in Mailbox (Pub
Date: Thu, 7 Oct 1999 16:40:40 -0500 

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

======_=_NextPart_001_01BF110C.99B74300
Content-Type: text/plain

The (W95/Happy99.worm) virus was detected in (Public
Folders\Happy99.exe) and was sent by (madQ). Action: (File was not
Cured, Renaming.).

======_=_NextPart_001_01BF110C.99B74300
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2448.0">
<TITLE>InoculateIT detected the (W95/Happy99.worm) virus in Mailbox =
(Public Folders), Sender (madQ) !!!</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>The (W95/Happy99.worm) virus was detected in (Public =
Folders\Happy99.exe) and was sent by (madQ). Action: (File was not =
Cured, Renaming.).</FONT></P>

</BODY>
</HTML>
======_=_NextPart_001_01BF110C.99B74300==


------------------------------

From: InoculateIT
Subject: InoculateIT detected the (W95/Happy99.worm) virus in Mailbox (Pub
Date: Thu, 7 Oct 1999 16:40:40 -0500 

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

======_=_NextPart_001_01BF110C.999ED000
Content-Type: text/plain

The (W95/Happy99.worm) virus was detected in (Public
Folders\Happy99.exe) and was sent by (madQ). Action: (File was not
Cured, Renaming.).

======_=_NextPart_001_01BF110C.999ED000
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2448.0">
<TITLE>InoculateIT detected the (W95/Happy99.worm) virus in Mailbox =
(Public Folders), Sender (madQ) !!!</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>The (W95/Happy99.worm) virus was detected in (Public =
Folders\Happy99.exe) and was sent by (madQ). Action: (File was not =
Cured, Renaming.).</FONT></P>

</BODY>
</HTML>
======_=_NextPart_001_01BF110C.999ED000==


------------------------------

From: InoculateIT
Subject: InoculateIT detected the (W95/Happy99.worm) virus in Mailbox (Pub
Date: Thu, 7 Oct 1999 16:40:40 -0500 

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

======_=_NextPart_001_01BF110C.99D8E120
Content-Type: text/plain

The (W95/Happy99.worm) virus was detected in (Public
Folders\Happy99.exe) and was sent by (madQ). Action: (File was not
Cured, Renaming.).

======_=_NextPart_001_01BF110C.99D8E120
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2448.0">
<TITLE>InoculateIT detected the (W95/Happy99.worm) virus in Mailbox =
(Public Folders), Sender (madQ) !!!</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>The (W95/Happy99.worm) virus was detected in (Public =
Folders\Happy99.exe) and was sent by (madQ). Action: (File was not =
Cured, Renaming.).</FONT></P>

</BODY>
</HTML>
======_=_NextPart_001_01BF110C.99D8E120==


------------------------------

From: InoculateIT
Subject: InoculateIT detected the (W95/Happy99.worm) virus in Mailbox (Pub
Date: Thu, 7 Oct 1999 16:40:40 -0500 

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

======_=_NextPart_001_01BF110C.99AC90B0
Content-Type: text/plain

The (W95/Happy99.worm) virus was detected in (Public
Folders\Happy99.exe) and was sent by (madQ). Action: (File was not
Cured, Renaming.).

======_=_NextPart_001_01BF110C.99AC90B0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2448.0">
<TITLE>InoculateIT detected the (W95/Happy99.worm) virus in Mailbox =
(Public Folders), Sender (madQ) !!!</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>The (W95/Happy99.worm) virus was detected in (Public =
Folders\Happy99.exe) and was sent by (madQ). Action: (File was not =
Cured, Renaming.).</FONT></P>

</BODY>
</HTML>
======_=_NextPart_001_01BF110C.99AC90B0==


------------------------------

From: InoculateIT
Subject: InoculateIT detected the (W95/Happy99.worm) virus in Mailbox (Pub
Date: Thu, 7 Oct 1999 16:40:40 -0500 

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

======_=_NextPart_001_01BF110C.99C06E20
Content-Type: text/plain

The (W95/Happy99.worm) virus was detected in (Public
Folders\Happy99.exe) and was sent by (madQ). Action: (File was not
Cured, Renaming.).

======_=_NextPart_001_01BF110C.99C06E20
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2448.0">
<TITLE>InoculateIT detected the (W95/Happy99.worm) virus in Mailbox =
(Public Folders), Sender (madQ) !!!</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>The (W95/Happy99.worm) virus was detected in (Public =
Folders\Happy99.exe) and was sent by (madQ). Action: (File was not =
Cured, Renaming.).</FONT></P>

</BODY>
</HTML>
======_=_NextPart_001_01BF110C.99C06E20==


------------------------------

From: InoculateIT
Subject: InoculateIT detected the (W95/Happy99.worm) virus in Mailbox (Pub
Date: Thu, 7 Oct 1999 16:40:40 -0500 

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

======_=_NextPart_001_01BF110C.99CCA7A0
Content-Type: text/plain

The (W95/Happy99.worm) virus was detected in (Public
Folders\Happy99.exe) and was sent by (madQ). Action: (File was not
Cured, Renaming.).

======_=_NextPart_001_01BF110C.99CCA7A0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2448.0">
<TITLE>InoculateIT detected the (W95/Happy99.worm) virus in Mailbox =
(Public Folders), Sender (madQ) !!!</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>The (W95/Happy99.worm) virus was detected in (Public =
Folders\Happy99.exe) and was sent by (madQ). Action: (File was not =
Cured, Renaming.).</FONT></P>

</BODY>
</HTML>
======_=_NextPart_001_01BF110C.99CCA7A0==


------------------------------

From: [EMAIL PROTECTED]
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: 7 Oct 1999 21:56:23 GMT

In article <907L3.14608$[EMAIL PROTECTED]> "Dave VanHorn" 
<[EMAIL PROTECTED]> writes:

>I originally had the idea in '87 when we were doing inventories, and had to
>buy random numbers from some outfit at an amazing price.

Let me get this straight...

You used random numbers while taking inventory?
And you paid a lot of money for those numbers?
(and not as a _result_ of using those numbers, such as fines or
lawyers fees...)

That certainly takes "creative bookkeeping" to new level!

B^)

Ren
dona nobis pacem

------------------------------

From: [EMAIL PROTECTED] (Dan Day)
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Thu, 07 Oct 1999 22:00:09 GMT

On Wed, 06 Oct 1999 23:06:19 -0400, "Trevor Jackson, III" <[EMAIL PROTECTED]>
wrote:
>Perhaps the ugliest instance of radioactive substance abuse was the women who painted
>radium watch dials.  The brushes they used were fairly coarse, and the watch-face
>digits very small.  So they used to sharpen the points of the paint-laden brushes by
>twirling them against their lips.

That's pretty bad (and I'd heard it before, in an Asimov essay,
I believe), but about 3-5 years ago I read about worse cases in 
Scientific American, IIRC, although it could have been "Discover" 
magazine.

For a while, folks were producing patent medicines which contained
radium.  The article I read had dredged up case histories of some of
the customers, who died of horrible, chronic, and mysterious (at
the time) ailments.  Now, of course, the symptoms are easily
recognizable as extreme radiation poisoning.  The authors of
the article managed to get permission to exhume some of the
known victims, and their bones not only showed clear signs of
heavy radiation exposure, but also were still "hot" enough to
make a geiger counter sing.


--
   "How strangely will the Tools of a Tyrant pervert the 
plain Meaning of Words!"
   --Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776

------------------------------

From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Exclusive Or (XOR) Knapsacks
Date: 7 Oct 1999 14:44:24 -0400

In article <[EMAIL PROTECTED]>,
Guenther Brunthaler <[EMAIL PROTECTED]> wrote:
>On Wed, 06 Oct 1999 19:35:41 GMT, [EMAIL PROTECTED] wrote:
>
>>> Also, is it coincidence that in your example there are B1..B4 and also
>>> 4 bits in X?
>>
>>Not a coincidence.  The question was:
>>| Problem:
>>| Given an n bit number X and a set {B1,B2,...,Bn}
>>| of n bit numbers;is there a subset whose elements
>
>Yes, seems I need stronger glasses ;-)
>
>
>>Again, a linear algebra text will explain.  If
>
>Nevertheless, XOR is a nonlinear operator.

XOR is a linear operator.  Look at it in the field of integers
mod 2.


        -kitten

------------------------------

From: [EMAIL PROTECTED] (Scott Nelson)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Is 128 bits safe in the (far) future?
Reply-To: [EMAIL PROTECTED]
Date: Thu, 07 Oct 1999 22:25:54 GMT

On Wed, 06 Oct 1999 23:18:39 -0400, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
[edited]
>Thomas J. Boschloo wrote:
>
>> "Trevor Jackson, III" wrote:
>> It has however made me extremely curious as to what your 
>> worst case bit length would be? 
>>
>
>Taking the reductio-ad-absurdum numbers I mentioned originally I think you have 1e33^3
>processors per cubic meter, 1e16^3 meters per cubic light year, and 1e10^3 cubic light
>years per observable universe.  Total processor count is thus 1e178.  Given a cycle 
>time
>of 1e-43 seconds, 3e7 seconds per year, and the life of the universe at 1e31 years, 
>you
>have 3e81 testing cycles.  Total number of tests is 3e259.
>
>That's about 865 bits.  Quite a lot by today's crypto standards.  Not a lot given the 
>rate
>of growth in machine capacities.
>

You can get a much smaller number if you assume that 
testing a key requires some energy.  This is also 
convenient since we don't have to address the time
issue at all.

Mass of the observable universe, < 1e52 kilograms
1Kg, < 1e17 Joules.
Energy needed for calculation, > 1e-40 Joules.
upper-bound on number of key tests performable in 
the observable universe; 1e109, or 362 bits.

If you're willing to add other restrictions like 
"you can't convert mass to energy without loss," 
or "you have to save some of the universe to live in,"
then you can use even fewer bits.

There are ciphers with more than 362 bit keys, 
but long before 256 bits is reached, it becomes easier
to find the key by looking in every place it might
be hidden (including your adversaries mind.)

Scott Nelson <[EMAIL PROTECTED]>


------------------------------

From: [EMAIL PROTECTED] (John Savard)
Subject: Re: RC-5 breaking, $19 per letter
Date: Thu, 07 Oct 1999 22:32:07 GMT

Anton Stiglic <[EMAIL PROTECTED]> wrote, in part:

>Ah please, don't bring this bullshit here.  You didn't even
>get Tom's answer right....

No, no: this is a *different* guy, and _he_ is just joking, making fun
of the first guy.

John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm

------------------------------

From: [EMAIL PROTECTED] (John Savard)
Subject: Re: There could be *some* EIAC
Date: Thu, 07 Oct 1999 22:33:21 GMT

"Doug Gwyn (ISTD/CNS) <gwyn>" <[EMAIL PROTECTED]> wrote, in part:

>[EMAIL PROTECTED] wrote:
>> EIQC spells bad news for the validity of the article:
>>  http://www.eiqc.org/

>How?

There's a page on the site, entitled "No safety in numbers", which is
obviously the source of the Sunday Times article. However, the only
device discussed for cracking RSA-512 indeed comes from the Weizmann
Institute -

and is Twinkle.

Which is clever, but it isn't handheld, and it isn't a quantum
computer.

John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm

------------------------------


** FOR YOUR REFERENCE **

The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:

    Internet: [EMAIL PROTECTED]

You can send mail to the entire list (and sci.crypt) via:

    Internet: [EMAIL PROTECTED]

End of Cryptography-Digest Digest
******************************

Reply via email to