Cryptography-Digest Digest #529, Volume #10 Mon, 8 Nov 99 22:13:02 EST
Contents:
Re: Nova program on cryptanalysis -- also cipher contest (Jan Bielawski)
Re: Lenstra on key sizes ("Roger Schlafly")
Re: Proposal: Inexpensive Method of "True Random Data" Generation (Douglas Zare)
Not Even MINIMUM WAGE for blacklisted writers ([EMAIL PROTECTED])
Re: Scientific Progress and the NSA (was: Bruce Schneier's Crypto (Boris Kazak)
Re: Signals From Intelligent Space Aliens? Forget About It. (Gary Carroll)
Re: Kerberos Question (Thomas Wu)
Re: Proposal: Inexpensive Method of "True Random Data" Generation (Steven B. Harris)
Re: Signals From Intelligent Space Aliens? Forget About It. (Gary Carroll)
Re: How protect HDisk against Customs when entering Great Britain (Bill Unruh)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Jan Bielawski)
Subject: Re: Nova program on cryptanalysis -- also cipher contest
Date: Tue, 9 Nov 1999 00:00:27 GMT
In article <[EMAIL PROTECTED]> Jim Gillogly <[EMAIL PROTECTED]> writes:
> Nova, a PBS program, will be airing the first show in a WW2 cryptanalysis
> series on 9 Nov, next Tuesday. It includes material from the popular
> British series "Station X", about the work of Bletchley Park in breaking
> Nazi ciphers. The related web page is http://www.pbs.org/wgbh/nova/decoding/
That's very nice but why do they keep saying things like: "Led by Alan Turing
[...] the codebreakers of Bletchley Park were a brilliant, quirky bunch who
broke the Engima [...]"? I thought it has been very well documented by now
that the Enigma was broken in early '30s by 3 Poles who worked at a Warsaw
cipher bureau. The British and the French didn't know about it until
July 24, 1939 when the Poles invited them to Warsaw, taught them the
theory behind the break, and showed them one of the "bombes" used for
automated keysearch.
This sort of misinformation is esp. annoying in a program intended
as a teacher's resource. But I'm reserving my final judgment until
tomorrow's broadcast.
--
Jan Bielawski )\._.,--....,'``.
Molecular Simulations Inc. /, _.. \ _\ ;`._ ,.
San Diego, CA fL `._.-(,_..'--(,_..'`-.;.'
[EMAIL PROTECTED] http://www.msi.com
-disclaimer-
unless stated otherwise, everything in the above message is personal opinion
and nothing in it is an official statement of molecular simulations inc.
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: Lenstra on key sizes
Date: Mon, 8 Nov 1999 15:28:40 -0800
Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I am not sure whether your remark doesn't also well apply to the AES
> project, which requires a longer key (than DES) and provides two
> variants of key length.
AES has key sizes of 128, 192, and 256 bits. A lot of people
will use 128-bit keys, and not lose any sleep over it.
------------------------------
From: Douglas Zare <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Mon, 08 Nov 1999 19:14:42 -0500
[EMAIL PROTECTED] wrote:
> Douglas Zare ([EMAIL PROTECTED]) wrote:
> [...]
> : In a much more elementary sense, one might not view the digits of pi as
> : uniformly distributed on the possibilities. First nonzero digits of
> : constants are not uniformly distributed on {1,2,...,9} and there are reasons
> : to believe that these should follow the induced measure from the uniform
> : measure on the circle. The effect is smaller, but it is also more likely for
> : a second digit to be 0 than 1, 1 than 2, etc. The total amount of usable
> : information this gives one is finite, but so would either statement about
> : rational approximations.
>
> Actually, although that is the only scale-invariant law, it hasn't been
> proved there is a law of first digits, and there are good reasons to
> believe this doesn't apply to things like pi.
The usual argument for constants with dimensions would be that we could have
chosen other units, and I agree that this does not apply. On the other hand, here
is another sources of "randomness": We could have chosen another constant, such
as 2pi or 4pi/3 or sqrt(pi) or 1/pi (first digits 6, 4, 1, and 3). If you write
down all of the geometric ratios you can think of involving pi, you should not
get a uniform distribution on first digits. More than half should be 1's, 2's,
and 3's, for the simple reason that if you write down p/q you should also write
down q/p. This extends, albeit weakly, to subsequent digits.
It may be argued that e is canonical. It may be a better choice to use to
communicate with aliens.
Douglas Zare
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.misc,alt.revisionism,talk.politics.crypto
Subject: Not Even MINIMUM WAGE for blacklisted writers
Date: Tue, 09 Nov 1999 00:49:42 GMT
Currently, my freelance work in writing;editing;webdesign;journalism --
ALL DRIED UP IN THE LAST FEW MONTHS, ... mysteriously, and it is a real
chore getting or rustling up ANY new work, even as a word processor or
typist. Some of the interviews I have had in the last 30 days, since my
sudden spell of HORRIBLE luck in work [expulsion from Eden] went really
well --- and then VOILA!!! Out of the blue these nice people who
interviewed me and were impressed on intitial meeting are more chilling
and quiet than THE DEAD & Comatose! No explanation given.
My resume [with many projects cited] in journalism, web design,
publishing, fiction, and poetry, etc. --- the list is extensive --- can
be found at
http://www.angelfire.com/biz5/bryanadrian/resume.html
In addition, my work as a typist, wordprocessor, assembly line graphics
artist (Powerpoint) has also been seemingly stripped from me rudely, and
I have resorted to the embarassing task of begging friends and family
for money sent via the post, any amount acceptable.
Anyone out there want to give me some work and prove I am not
blacklisted? [after reading some of my URLs on the resume link above,
please]
Has anyone else out there been blacklisted before that lives in the US
or in Western Europe, and they care to discuss it, openly via Usenet, or
by private email?
I want to hear all about it if you don't mind.
Thanks, and looking forward to your reply!
ps: I will repeat this with a power posting to other URLs through this
Deja service when I figure out how to use it.
In article <4P7U3.4949$[EMAIL PROTECTED]>,
"Andrew Campbell" <[EMAIL PROTECTED]> wrote:
> actually it hits hardest thosethat have non working financial
instruments
>
> Gary Carroll <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Hyman Blumenstock wrote:
> > >
> > > Gary Carroll wrote:
> > > >
> > > > Hyman Blumenstock wrote:
> > > > > Why not get rid of taxes altogether and the notion of
> > > > > "taxpayer's money" and instead tap the bottomless Money
> > > > > reservoir of the Federal Reserve directly?
> > > >
> > > > I trust this is sarcasm.
> > > > But with the Socialist Weasels around, one can never really be
sure.
> > >
> > > Why do you think so? Is it your position that everything
> > > there is to be known is already recorded somewhere? Have
> > > you ever had an original thought?
> >
> > I incorrectly presumed it is was sarcasm because the government
> > (including the federal reserve) is not a bottomless well of money.
It
> > takes it from taxpayers.
> > (It would be possible to simply print money and collect no taxes.
This
> > leads to massive inflation, which could be viewed as a tax of sorts,
I
> > suppose. But it is a regressive rather than progressive tax, as it
hits
> > hardest those who cannot afford to buy real property such as real
> > estate, and those on fixed incomes. In any case, the real value
still
> > comes from the taxpayers. The government cannot create value from
> nothingness.)
> >
> > (snip water stuff)
> >
> > > By the way. If you must use obscure words such as
> > > "Socialist" it is essential that you define exactly what
> > > that means. It happens to have the same root as "social" or
> > > "society" and the like. It appears to mean the opposite of
> > > hermit. Don't you agree?
> >
> > I did not use the word to express any meaning. I was using it as a
> > proper name. There exists a group who call themselves "The Lying
> > Socialist Weasels." I was implying that what I thought was sarcasm
might
> > in fact be a serious proposal if it came from the Weasels. I see
that
> > while I was wrong about the Weasel part, it was indeed meant
seriously.
> > Might I suggest you seek out the Weasels? It appears to me that you
will
> > like each other. "Silverback" is a prolific poster here who can put
you
> > in touch with the others.
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: Scientific Progress and the NSA (was: Bruce Schneier's Crypto
Date: Mon, 08 Nov 1999 17:10:28 -0800
Bruce Schneier wrote:
>
> On Sun, 31 Oct 1999 11:27:25 -0500, Nicol So <[EMAIL PROTECTED]>
> wrote:
*************
> >Bruce Schneier seems to suggest that the NSA is not much ahead of the
> >open research community. I'm skeptical of that suggestion--I just don't
> >think we can reliably tell.
=============
Don't be skeptical...don't be enthusiastic...be realistic and keep in
mind
that the atmosphere of a big bureaucratized governmental organization
does
not promote or encourage creativity. Each mathematician there has a boss
and
a program, and his main concerns are not about being creative, but about
looking good in the eyes of the boss and about making the boss look good
in
the eyes of the management. This is the main "entree", creativity is
left
for dessert (if any).
Best wishes BNK
==============
>
> I agree. We cannot reliably tell. I was just giving my thoughts.
>
> Bruce
> **********************************************************************
> Bruce Schneier, Counterpane Internet Security, Inc. Phone: 612-823-1098
> 101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
> Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: Gary Carroll <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: alt.military,talk.politics.misc,talk.politics.crypto
Subject: Re: Signals From Intelligent Space Aliens? Forget About It.
Date: Tue, 09 Nov 1999 01:14:00 GMT
Actually, it's an improvement. Less likely to cause any actual effects.
Scott Erb wrote:
>
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> >
> >
> >But your definition we already have been. The announcement is 60-70
> lightyears
> >out and receeding at a speed we do not ever expect to match.
>
> I think the poster you're responding to has been watching too much sci-fi.
> Last night on Futurama a race of space aliens attacked earth because the
> transmission of "Single Female Lawyer" (a spoof on Ally McBeal -- her name
> on the show was Jenny McNeil) was interrupted and they demanded to know
> what happened. Since their planet is 1000 light years away they didn't
> get to the earth until 3000....
>
> But the poster you're responding to is sort of a neo-nazi type always
> accusing the government of treason and the like. That's he's taken to
> being paranoid about space aliens is par for the course :)
------------------------------
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: Kerberos Question
Date: 08 Nov 1999 17:14:35 -0800
[EMAIL PROTECTED] (Daniel S. Riley) writes:
>
> I must not have been clear enough--I agree that EKE, SPEKE, or SRP
> could be used in the login protocol, that doing so would substantially
> improve the security of kerberos, and that something like that should
It sounds like we're in complete agreement, then, because I also believe
that Kerberos is a very powerful system, *provided the weakness in the
login protocol is fixed with a strong password method*.
> be done. All I was saying is that you can't discard all of kerberos
> completely and replace it in toto with EKE or SRP, as they provide
> only a small subset--initial authentication--of the functionality
> provided by the entire kerberos protocol suite. You can't replace
> kerberos entirely with SRP alone; you can certainly improve kerberos
> substantially by adding SRP or EKE to the login protocol.
I can't speak for the original poster, but I certainly would not try to
replace Kerberos entirely, especially since it's an excellent framework
to integrate strong authentication into. The complaint was that
Microsoft didn't bother integrating said strong password authentication
into K5, only hardware smartcards.
> Absolutely--I think the work you and others have done exposing
> weaknesses in kerberos and proposing stronger authentication systems
> is extremely valuable, and I hope you continue your efforts. My
> resonse was to Joseph Ashwood, who I thought was guilty of discarding
> the baby with the bathwater. The points I should have made are:
>
> - there is much more to kerberos than the initial authentication
> exchange
> - a lot of very good protocol design and analysis work has gone into
> kerberos 5, work that isn't easy to replicate (as witnessed by the
> weaknesses in M$'s previous attempts); we shouldn't discard that
> work unless there is something fundamentally wrong with the
> protocol, or something demonstrably better
> - the vulnerabilities in the initial authentication stage are fixable
> (and should be fixed) without affecting most of the kerberos
> protocols, possibly through the use of something like SRP in the
> login protocol
> - similarly, the encryption used by kerberos can be upgraded to
> stronger algorithms like 3DES, RC4 or AES without significant
> protocol changes
> - I think Microsoft's adoption of kerberos was, as M$ decisions go, a
> pretty good one, despite the weaknesses in the login protocol
> --
> Dan Riley [EMAIL PROTECTED]
> Wilson Lab, Cornell University <URL:http://www.lns.cornell.edu/~dsr/>
> "History teaches us that days like this are best spent in bed"
Actually, it isn't just M$ that we should be complaining about. Kerberos
solution vendors themselves have been slow on the uptake with regards to
securing the initial login protocol, despite this problem being known and
exploitable for several years. Weak preauthentication is demonstrably
not enough for widespread Internet use, and customers should seriously
demand that the vendors step up to the plate this time and deliver.
--
Tom Wu * finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/srp/
------------------------------
From: [EMAIL PROTECTED](Steven B. Harris)
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: 9 Nov 1999 01:20:18 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Scott
Nelson) writes:
>
>On 8 Nov 1999 17:45:07 GMT, [EMAIL PROTECTED](Steven B. Harris)
>wrote:
>
>>In <MeDV3.9037$[EMAIL PROTECTED]> gtf[@]cirp.org
>>(Geoffrey T. Falk) writes:
>>>
>>>In article <806tk6$glf$[EMAIL PROTECTED]>,
>>>Steven B. Harris <[EMAIL PROTECTED]> wrote:
>>>> Even if we knew for sure that pi was random, it wouldn't help
us,
>>>>since our methods of calculating the digits will only access the
>>first
>>>>few thousand or million, and you might as well use a lookup table
of
>>>>stored random numbers for that.
>>>
>>>FTR: Borwein and Borwein discovered a remarkable algorithm for
>>>generating the nth digit of pi without generating all of the
>>>preceding digits.
>>
>> No kidding? How does the time to determine the particular digit,
>>scale in comparison to digit place? Are you sure you're not putting
me
>>one?
>
>I think he's talking about the Bailey-Borwein-Plouffe Pi Algorithm
>
>It's real, but it generates the N'th _Hexadecimal_ digit of PI.
>(From hex you can easily convert to any base that is a power of 2)
>It's based on the formula;
>
> infinity 1 4 2 1 1
> pi = SUM ---- ( ------ - ------ - ------ - ---- )
> k=0 16^k 8k + 1 8k + 4 8k + 5 8k+6
>
>There's a nice web page about it at
>http://www.mathsoft.com/asolve/plouffe/plouffe.html
>
>It strongly suggests that a formula for calculating the
>Nth decimal digit of PI (without calculating all of the
>previous digits) is possible, but I don't think anyone
>has discovered one yet.
Er-- I'm now getting two different stories. I smell urban myth.
------------------------------
From: Gary Carroll <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: alt.military,talk.politics.misc,talk.politics.crypto
Subject: Re: Signals From Intelligent Space Aliens? Forget About It.
Date: Tue, 09 Nov 1999 01:18:53 GMT
Bill Unruh wrote:
>
> In <[EMAIL PROTECTED]> Anthony Stephen Szopa <[EMAIL PROTECTED]>
>writes:
>
> >Signals From Intelligent Space Aliens? Forget About It.
>
> >I believe the United States and the rest of the world will adopt a
> >universal communications transmission protocol as soon as the
> >technology becomes available to not only encrypt all communications
> >transmissions worldwide but to conceal these transmissions as nearly
> >as possible among the back ground radiation remnant of the big bang
> >in space or other terrestrial back ground noise.
>
> ??? No, the whole purpose of transmissions is to distinguish them from
> noise.
>
> >Quantum digital circuits should make this feasible.
>
> How?
>
> >Let us not fool ourselves, the Earth is obviously the most import piece
> >of real estate in this solar system and possibly in this part of the
> >galaxy. It is just as obvious that to announce this fact to the rest of
>
> No. For heavy elements the asteroids are far more valuable.( needs much
> less energy to extract them). For light elements, the gas giants are
> better. It happens to be valuable for us, but why for someone else?
>
> >the galaxy is quite stupid.
Some of it is, for sure...
>
> Sorry, it has already been done, many times over, and very very loudly.
>
> >National Security necessitates that we must assume that there are no
> >friendly space aliens.
>
> National Security necessitates that we must assume that there are no
> friendly ghosts. We need to spend at least 10 billion a year on anti
> ghost weapons. Much more important than protecting against space aliens.
> (ghosts are here already and they have a much greater insight into how
> we work and what our weaknesses are.)
Ah... but we know that SOME ghosts are friendly. Casper, for instance.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,comp.security.pgp.tech,alt.privacy,alt.privacy.anon-server
Subject: Re: How protect HDisk against Customs when entering Great Britain
Date: 9 Nov 1999 01:30:14 GMT
In <[EMAIL PROTECTED]> pgp651 <[EMAIL PROTECTED]> writes:
>I'm considering to be crossing border of Great Britain [ GB ] very soon on
>business & pleasure trip.
>My friend did tell me that GB is scanning in / out coming computers for some
>specific data / images / information. I'm privacy advocate & can not allow this
>invasion of privacy to occur to me & my possessions.
When was this supposed to have occured? I entered and left the UK with a
computer-- I took out the hard drive and put it into my carryon (it was
a desktop), and certainly had no questions whatsoever-- not even on the
scanning at security, never mind customs.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
