Cryptography-Digest Digest #375, Volume #10 Thu, 7 Oct 99 23:13:04 EDT
Contents:
Re: There could be *some* truth to it (John Savard)
Re: radioactive random number generator ("Mikhail Fridberg")
Re: Is 128 bits safe in the (far) future? (John Savard)
Re: Block encryption with variable keys ("Richard Parker")
Re: There could be *some* EIAC ([EMAIL PROTECTED])
Re: EAR Relaxed? Really? ("Rick Braddam")
Re: EAR Relaxed? Really? (Greg)
Compression of encrypted data ("Joseph Ashwood")
Re: EAR Relaxed? Really? (Greg)
Re: EAR Relaxed? Really? (Greg)
Re: Compression of encrypted data (SCOTT19U.ZIP_GUY)
Re: Block encryption with variable keys (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: There could be *some* truth to it
Date: Thu, 07 Oct 1999 22:41:55 GMT
"Doug Gwyn (ISTD/CNS) <gwyn>" <[EMAIL PROTECTED]> wrote, in part:
>[EMAIL PROTECTED] wrote:
>> Why wait ten to twenty years when you can have a quantum computer today.
>> To learn more read the Core processor article at
>> http://homepages.msn.com/LaGrangeLn/ronaldblue/
>I found nothing except a background at the CORE processor link.
Same here.
>Further, one gets an annoying MSN popup window for each page.
I run with lots of things disabled, and miss the popup.
>If you have information for us, why not post it here.
The preceding link,
http://homepages.msn.com/LaGrangeLn/ronaldblue/COPTHEORY.html
has some "information", but the first several paragraphs read like
bafflegab.
Apparently, the great breakthrough the site's owner is excited about
is research by someone whose site is
http://www.neutronicstechcorp.com/
but the site *seems* to be about AI (or about rediscovering an old way
to run transistors with less energy) and not quantum computing. It
uses rather small print at the start.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Mikhail Fridberg" <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Thu, 7 Oct 1999 18:42:29 -0400
Rich Grise wrote in message <[EMAIL PROTECTED]>...
>Well, I didn't say it doesn't cause _tissue damage_, just not cancer.
>In fact, radiation (I'm not sure if it's alpha, beta, or gamma) has
>been used to _fix_ cancer, by killing the tissue involved. If I
>swallowed
>one of those things, cancer wouldn't be what was caused - it'd be more
>like scarring. I'd certainly think that tissue damage would have
>practically the _opposite_ effect from "causing" cancer - why would
>the damaged cells not only live, but grow furiously?
>
Because cells subjected to fairly small amount of radiation are not all
destroyed, but only damaged. Most of them will eventually die as a result
and be simply replaced by your body. Very few will have damaged in such a
way so they can still reproduce, but in a different way from normal cells.
It's called mutation. Some of those mutations are harmless, but some are
not. And some of them cause uncontrolled division. You only need 1 cell
damaged in such way multiply uncontrollably and cause cancer. Since most of
the cell damaged in such way is identified as proper cell that belong to
your body, your immune system doesn't attack it. Some time later - cancer.
As for why radiation is used to treat cancer - first, it's quite often as
dangerous as cancer and cause patient's death. Second, there are much higher
levels of radiation used in radiation therapy to actually kill cells, not
just damage them. And third, radiation therapy is used not 'cause it's
perfect, but because only alternatives are to die, and even if it will cause
another form of cancer later, you'll get to live for few more days, months
or maybe years.
You can eat or breath radioactive materials anytime, if you like, but please
don't spread unfounded and dangerous information about radiation. After all,
smoke detectors are easily available to everyone, and people can get hurt if
they listen to you.
Mike.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Is 128 bits safe in the (far) future?
Date: Thu, 07 Oct 1999 22:52:56 GMT
Roger Carbol <[EMAIL PROTECTED]> wrote, in part:
>What sort of information would need to be
>kept secure for time periods in excess of, say, three or four
>centuries?
Personal family secrets, particularly if advances in medical science
mean we'll still be alive three or four centuries from now.
Of course, we should also be prepared for advances in recovering old
information from discarded hard disk drives...
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Richard Parker" <[EMAIL PROTECTED]>
Subject: Re: Block encryption with variable keys
Date: Thu, 07 Oct 1999 22:55:46 GMT
> I am not sure that I understood you. The key is choosen by the
> user. He can certainly choose to consider each block as a seperate
> encryption and use a seperate key, can't he? I way asking why
> the practice of using the key is simply maintaing the key constant
> and not attempting to change it from block to block.
Very recently I read a paper by Bellare, Krovetz, and Rogaway that
discussed using data-dependent re-keying as a secure method of
transforming a pseudorandom permutation (such as a block cipher) into
a pseudorandom function. They analyzed the following construction:
F(K,X) = E(E(K,X),X)
One of the standard methods of constructing a stream cipher from a
block cipher is by using counter mode. Such a stream cipher encrypts
an m-block plaintext M = (X1 || X2 || ...|| Xm) as follows:
S(K,M) = (iv || E(K,iv+1) xor X1 || ... || E(K,iv+m) xor Xm)
The weakness of this stream cipher, and other related constructions,
is that because E is an n-bit permutation the stream cipher is
vulnerable to a birthday attack after 2^(n/2) blocks have been
encrypted. However if you replace E with F, this is no longer the
case. The new stream cipher is much stronger than the stream cipher
constructed with E.
Since most block ciphers have a slow key schedule a stream cipher
constructed from F is also slow. Bellare, Krovetz, and Rogaway
suggest a generalization of the construction in their paper that
permits a trade-off between speed and resistance to the birthday
attack.
Here is the reference for their paper:
M. Bellare, T. Krovetz, and P. Rogaway, "Luby-Rackoff Backwards:
Increasing Security by Making Block Ciphers Non-Invertible,"
Advances in Cryptology - Eurocrypt '98, Springer-Verlag, 1998.
<http://www-cse.ucsd.edu/users/mihir/papers/p2f.pdf>
-Richard
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: There could be *some* EIAC
Date: Thu, 07 Oct 1999 22:54:05 GMT
In article <[EMAIL PROTECTED]>,
"Doug Gwyn (ISTD/CNS) <gwyn>" <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > EIQC spells bad news for the validity of the article:
> > http://www.eiqc.org/
>
> How?
>
It refers to the original article by Shamir which in
no way implies the device has been constructed, or is
easy to construct, or that it will take less than 12
microseconds to perform a complete decryption.
The site is new, but reflects no new knowledge,
certainly not about quantum computing that implies any such
device has been constructed.
And other "information leaking from the Weizmann Institute"
which denies the London Times statement :)
Simpson's paradox: scattered facts do not represent the whole:
http://www.math.sfu.ca/stats/Courses/Stat-301/Handouts/node49.html
http://www.stat.ucla.edu/~abraverm/Simpson/simpson.html
(sort of like hidden variables in QM)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Thu, 7 Oct 1999 17:16:54 -0500
karl malbrain <[EMAIL PROTECTED]> wrote in message
news:mt5L3.539$[EMAIL PROTECTED]...
>
> aside their individual principles for those of the agency. As another
> poster has pointed out, with the new BREAK AND ENTER rules, local police can
> place ANY file they want on your hard drive, independently of cryptography.
> If you're paying attention to history, this is where STALIN is BOLSHEVIZED.
> Karl M
>
I am amazed that this proposal from the head of the FBI has been enacted into law
without generating thousands of posts to sci.crypt
and talk.politics.crypto. If such a law can be enacted quietly, then we will get what
we deserve. :)
What would be really amazing is the level of stupidity exhibited by any politician who
would sponsor or co-sponsor such a bill.
Rick
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Fri, 08 Oct 1999 00:46:00 GMT
> I wasn't trying to say that there aren't any bad
> law enforcement officers, but that it is wrong to
> say that ALL law enforcement officers are bad.
I don't think I was characterizing them as little Hitlers,
but mindless robots that don't know the law, have no time
to learn the law, and do what they are told is correct by
those who haven't a clue either, but think what they are
told by government attorneys must be right.
There are some who know the truth and they know they cannot
reconcile the truth with society. So they remain quiet.
You should read what we write and not what you read into it.
For example, you seem to believe that most law enforcement officers
would never have taken part at Waco. Yet, I can assure you that
given the right circumstance, well over 90% would.
For example, Mr K was said to be molesting the children. Now
tell me most officers would say, "But I am not certain of your
intel, Mr FBI. I can't just go violate that man's civil rights
without a more detailed investigation." Give me a break! They
would rally quickly to "save the children". But remember, the
children were killed- so much for saving them. And do you think
the Texas Rangers were without blood on their hands? Where the
hell were they? Certainly not protecting the dividians' rights.
And the special forces aren't so special. They cowared under
threat of court martial should they not comply with the wishes
of the feds. No special leadership or bravery here folks. Just
mindless numbnuts who do what they are told to do. After all,
the press will cover their ass- ooops, that ain't happening any
more. Someone is really upset about that too!
> If we have more bad ones than good ones, it is our own fault...
Give yourself a guilt trip if you want, my conscious is clear.
> I also don't like the idea of having SWAT or CERT teams,
> but I can't come up with an alternative. To me, their
> military-type equipment, tactics, and training make
> them a military force which should be prohibited
> under the constitution.
News flash- it IS unlawful already. Even the laws that are
suppose to give them tanks and stuff are unconstitutional laws,
and thus not laws at all. Operating under those laws IS unlawful.
Or do you not know that we are living under emergency rule, not
constitutional rule? I can tell you more about this if you want.
> Speaking of which, when I enlisted in the military (1966)...
I took that oath when I became a fire fighter in 1980.
> Any caught in violation of that oath are also in
> violation of applicable law, and should be prosecuted
> under the applicable law.
Have you ever heard of the missing 13th amendment? The
lesson there applies here, and in politics as well. You
are very wrong in your conclusion here.
> As long as we at the "grass-roots" level turn our heads
> and look the other way, instead of raising our voices
> and insisting that action be taken, we are responsible
> for the results. Each of us individually, and all of us
> collectively.
What do you want us to do? Say, "Mr. President, please don't
kill us with those nasty little tanks and gas canisters."?
It will take a war as Lincoln said, not to overthrow the government,
but to overthrow those in government who pervert the constitution.
Honestly, I am just waiting for the shots to begin firing.
Here in CA, I may not have to wait much longer. Next year, all hand
guns are suppose to become instant junk guns and illegal until
they are submitted for testing by their manufacturer. Since most
are not in production any longer, they will never regain legal
status and are due to be confiscated (as I understand AB15).
The question will be, though the CA AG office says it is ready to
fully comply with those laws, to confiscate many many weapons
from law abiding citizens, will the law enforcement officers
through out the state go along with the plan? If they do, there
will be blood shed on both sides of the door way. It is a statistical
conclusion that no one can deny. Just how much bloodshed is the
subjective question. But given less than 10% compliance with
earlier gun registration laws in CA, it will come down to whether
law enforcement says yes or no to the cowards in Sacramento.
That is why efforts like veto the governer are so important to me.
They have the ability to stop the madness that could come next.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Compression of encrypted data
Date: Thu, 7 Oct 1999 16:49:50 -0700
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
[originally Re: Is 128 bits safe in the (far) future?]
These are my thoughts on the potential compression of data encoded using a
strong cryptographic algorithm, and should not be taken as truth without
considerable further thought.
Under any concievable language used to transfer data of any form, whether it
is ASCII text, or raw binary data that has been compressed to the nth
degree, there are going to be patterns that can be exploited to perform the
compression, this is a fact of structure, and recurrence of data. However
there are no ciphers that are currently considered strong where we have
enough of a text basis to analyze them to develop effective compression.
Look at how many centuries it took to develop an arbitrary compression
method that could be used for english (or any other language) words without
a significant preknowledge. I don't konw the actual dates but to my
knowledge the first effective compression technique (without changing the
language, simply the notation) was by Huffman, and within the last few
centuries. However, the language that is targetted by a given huffman tree,
say english, requires a large examination basis to develop a tree that is
effective for compression. That tree was developed through the examination
of hundreds of thousands of pages of text, over a period of many years (the
work to build better huffman trees continues today, although mostly replaced
by other methods). Now assuming that it takes a mere 50 years of time to
develop a good huffman encoding for something the complexity of English (26
symbols, <100,000 words), how long will it take to solve a 2^64, or 2^128
symbol tree? Well 2^64 symbols is about 18x10^13 times as complex as 100000
symbols, so even if it took a day to generate the encoding of 100000 it
would take 10^11 years. So while it is possible to compress DES encrypted
files, it will be extremely difficult to build the tree.
Adaptive Huffman is another matter entirely. It's ability to generate a
small amount of compression of most files lends itself well to the task at
hand. But even here the amount of memory neccessary to build an effective
tree won't be available until well after the computing power necessary to
break the associated method is available. As an example to effectively
compress method X using Adaptive Huffman it should be necessary to use at
least 2^k*kbits of memory (where K if the number of bits per block), if X is
truly a strong method that reveals nothing about it's data. OTOH if X does
reveal information about the data protected, even so much as one bit, it
becomes smaller by an order of magnitude.
So basically I feel that while it is certainly possible to compress
encrypted data, it is (without some absolutely huge advances in compression)
a goal that need not be pursued with anything except large reservations.
Joe
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Fri, 08 Oct 1999 00:03:35 GMT
> > No, I already told you it doesn't. There are other grounds on
> > which an offender could be punished, especially if he has been
> > sworn to certain conditions by the government, but if a plain
> > US citizen obtains and reveals a governmental secret it is not
> > a crime per se.
>
> On the other hand, we do have the "Invention Secrecy
> Order". A US citizen who applies for a patent can be
> ordered to keep his own invention secret. How this
> can be squared with our constitutional rights I do not
> know, but last I heard the horrid law stands.
I think what you are looking for is the justification for
why this law can be enforced upon the inventor? The reasoning
I believe that is used is that the inventor sought out the
services of the federal government (PTO) and therefore entered
into a relationship that binds him to the rules and laws
governing the situation.
That is, if an inventor truly wants to have freedom, he can
have someone else apply for the patent, but the problems
there are obvious.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Fri, 08 Oct 1999 00:18:24 GMT
> > Those "many" you refer to will continue to violate our highest
> > law because they will be told it is correct to do so- so much
> > for characterizing.
>
> You criticize the many for the acts of the few.
What the h___ are you talking about? Every police officer who
pulls over a person for speeding or not having registration
IS violating your civil rights. According to the US Supreme
Court, the Reed court ruled that no government has the power
to regulate (e.g.- license, registration, insurance, speed limits,
etc. etc. etc.) personal travel on the high ways. Now tell me
that there are just a few who are ignoring the constitution and
the law today?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Compression of encrypted data
Date: Fri, 08 Oct 1999 01:34:32 GMT
In article <uUtrn6RE$GA.334@cpmsnbbsa05>, "Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
>[originally Re: Is 128 bits safe in the (far) future?]
>
>These are my thoughts on the potential compression of data encoded using a
>strong cryptographic algorithm, and should not be taken as truth without
>considerable further thought.
>
>Under any concievable language used to transfer data of any form, whether it
>is ASCII text, or raw binary data that has been compressed to the nth
>degree, there are going to be patterns that can be exploited to perform the
>compression, this is a fact of structure, and recurrence of data. However
>there are no ciphers that are currently considered strong where we have
>enough of a text basis to analyze them to develop effective compression.
>Look at how many centuries it took to develop an arbitrary compression
>method that could be used for english (or any other language) words without
>a significant preknowledge. I don't konw the actual dates but to my
>knowledge the first effective compression technique (without changing the
>language, simply the notation) was by Huffman, and within the last few
>centuries. However, the language that is targetted by a given huffman tree,
>say english, requires a large examination basis to develop a tree that is
>effective for compression. That tree was developed through the examination
>of hundreds of thousands of pages of text, over a period of many years (the
>work to build better huffman trees continues today, although mostly replaced
>by other methods). Now assuming that it takes a mere 50 years of time to
>develop a good huffman encoding for something the complexity of English (26
>symbols, <100,000 words), how long will it take to solve a 2^64, or 2^128
>symbol tree? Well 2^64 symbols is about 18x10^13 times as complex as 100000
>symbols, so even if it took a day to generate the encoding of 100000 it
>would take 10^11 years. So while it is possible to compress DES encrypted
>files, it will be extremely difficult to build the tree.
>
>Adaptive Huffman is another matter entirely. It's ability to generate a
>small amount of compression of most files lends itself well to the task at
>hand. But even here the amount of memory neccessary to build an effective
>tree won't be available until well after the computing power necessary to
>break the associated method is available. As an example to effectively
>compress method X using Adaptive Huffman it should be necessary to use at
>least 2^k*kbits of memory (where K if the number of bits per block), if X is
>truly a strong method that reveals nothing about it's data. OTOH if X does
>reveal information about the data protected, even so much as one bit, it
>becomes smaller by an order of magnitude.
Not sure what your talking about but if you want Adaptive Huffman
compression. Go to my site. http://members.xoom.com/ecil/compress.htm
>
>So basically I feel that while it is certainly possible to compress
>encrypted data, it is (without some absolutely huge advances in compression)
>a goal that need not be pursued with anything except large reservations.
> Joe
>
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Block encryption with variable keys
Date: Fri, 08 Oct 1999 01:30:20 GMT
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <[EMAIL PROTECTED]>
wrote:
>Doug Gwyn (ISTD/CNS) wrote:
>>
>> Mok-Kong Shen wrote:
>> > Why does DES (and similar block ciphers) keep the key constant
>> > and not varying from block to block?
>>
>> Why are there 12 items in a dozen? It just is what it is.
>
>I am not sure that I understood you. The key is choosen by the
>user. He can certainly choose to consider each block as a seperate
>encryption and use a seperate key, can't he? I way asking why
>the practice of using the key is simply maintaing the key constant
>and not attempting to change it from block to block.
>
>M. K. Shen
Speed it takes a long time to use a new key for each block.
And if you could change the key enough there would be no
gain over using a OTP
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
