Cryptography-Digest Digest #532, Volume #10 Tue, 9 Nov 99 13:13:04 EST
Contents:
Re: PGP Cracked ?
Re: Signals From Intelligent Space Aliens? Forget About It. (Anthony Stephen Szopa)
Re: Proposal: Inexpensive Method of "True Random Data" Generation (David Bernier)
Re: Proposal: Inexpensive Method of "True Random Data" Generation ([EMAIL PROTECTED])
Re: The story of a small boy --- sealed envelops --- encryption technologies (Best
Wishes)
Re: Proposal: Inexpensive Method of "True Random Data" Generation (Richard Herring)
Re: The DVD Hack: What Next? (Terje Mathisen)
Self-certified public key...... ("OTTO")
Re: NOVA: the Code Breakers TONIGHT Nov 9
Re: Proposal: Inexpensive Method of "True Random Data" Generation
Re: Proposal: Inexpensive Method of "True Random Data" Generation
Re: Proposal: Inexpensive Method of "True Random Data" Generation
Re: Proposal: Inexpensive Method of "True Random Data" Generation
Re: Proposal: Inexpensive Method of "True Random Data" Generation ("james d. hunter")
Re: An encryption proposal from a Newbie... <- A modification (Stefek Zaba)
Re: Can the SETI@home client be protected? (Guy Macon)
Re: Lenstra on key sizes (DJohn37050)
Re: Can the SETI@home client be protected? ("Gary")
Re: An encryption proposal from a Newbie... <- A modification (Mike Partain)
Re: The Code Book Mailing List (Stefek Zaba)
Re: Can the SETI@home client be protected? (Guy Macon)
Re: Signals From Intelligent Space Aliens? Forget About It. ("Doug Gwyn (ISTD/CNS)
" <[EMAIL PROTECTED]>)
Re: Proposal: Inexpensive Method of "True Random Data" Generation ("Doug Gwyn
(ISTD/CNS) " <[EMAIL PROTECTED]>)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: PGP Cracked ?
Date: 9 Nov 99 11:51:59 GMT
Jim Gillogly ([EMAIL PROTECTED]) wrote:
: Dennis Ritchie wrote:
: > Douglas A. Gwyn wrote, quoting Jerry Coffin:
: > > > Like Ken, AFAIK, he's never said _anything_ to confirm (or,
: > > > admittedly, deny) that it was actually done.
: > > I could swear that they have said the experiment was actually done,
: > > just that it was not in any of the UNIX distributions.
: > I could so swear too.
: So could Ken. Here's an extract of a note he wrote on
: 23 Apr 1995:
: fyi: the self reproducing cpp was
: installed on OUR machine and we
: enticed the "unix support group"
: (precursor to usl) to pick it up
: from us by advertising some
: non-backward compatible feature.
: that meant they had to get the
: binary and source since the source
: would not compile on their binaries.
: they installed it and in a month or
: so, the login command got the trojan
: hourse. later someone there noticed
: something funny in the symbol table
: of cpp and were digging into the
: object to find out what it was. at
: some point, they compiled -S and
: assembled the output. that broke
: the self-reproducer since it was
: disabled on -S. some months later
: the login trojan hourse also went
: away.
: the compiler was never released
: outside.
So this clears it up; this "backdoor" was never a universal feature of
Unix, but the technique was tested - and at least partially inflicted on
some users as well.
: Jim Gillogly
: Hevensday, 17 Blotmath S.R. 1999, 04:24
: 12.19.6.12.5, 6 Chicchan 13 Zac, Second Lord of Night
Dare I guess you're posting from inside Emacs (which, having these date
capabilities, can safely be assumed to by Y2K compliant...)? Although I
didn't realize that even Emacs handled the Shire Reckoning, but I suppose
that was inevitable. (Since the Third Age is now long in the past,
however, I would have thought the year would be long after 1999 in their
epoch.)
John Savard
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: alt.military,talk.politics.misc,talk.politics.crypto
Subject: Re: Signals From Intelligent Space Aliens? Forget About It.
Date: Tue, 09 Nov 1999 04:03:17 -0800
Reply-To: [EMAIL PROTECTED]
Scott Erb wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> >
> >
> >But your definition we already have been. The announcement is 60-70
> lightyears
> >out and receeding at a speed we do not ever expect to match.
>
> I think the poster you're responding to has been watching too much sci-fi.
> Last night on Futurama a race of space aliens attacked earth because the
> transmission of "Single Female Lawyer" (a spoof on Ally McBeal -- her name
> on the show was Jenny McNeil) was interrupted and they demanded to know
> what happened. Since their planet is 1000 light years away they didn't
> get to the earth until 3000....
>
> But the poster you're responding to is sort of a neo-nazi type always
> accusing the government of treason and the like. That's he's taken to
> being paranoid about space aliens is par for the course :)
The nearest star I think is about 4.5 light years away.
I have also spoken to a math professor and he believes that we should be able
to achieve speeds about 90% that of light and survive the voyage.
------------------------------
From: David Bernier <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Tue, 09 Nov 1999 12:49:34 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
[...]
> Not sure if you are asking for references to the first part,
> where Uncle Al claims the digits of PI are purely random,
> or to the second part, where Uncle Al claims PI is not a
> random number.
>
> If the first, he's wrong;
>
> From the rec.puzzles archive
> ==> probability/pi.p <==
> Are the digits of pi random (i.e., can you make money
> betting on them)?
>
> ==> probability/pi.s <==
> No, the digits of pi are not truly random, therefore you can win
> money playing against a supercomputer that can calculate the
> digits of pi far beyond what we are currently capable of doing.
>
> There's more to the answer, which you can read at
> http://einstein.et.tudelft.nl/~arlet/puzzles/sol.cgi/probability/pi
> or any of the several other places the rec.puzzles archive is stored.
Concerning the use of Mahler's theorem (or its subsequent refinements),
I think it's something of a red herring as far as betting on digits of
pi is concerned. What I mean is: if you fix c>2, then I think the set
Special_c :={x in R s.t. |x-p/q|<q^{-c} for oo many (p,q) in ZxN*}
has Lebesgue measure zero.
If that's true then, for almost every real number x, the number
of "order-c" quality rational approximations is finite, and so
if you go far enough in the decimal expansion of x, you could
make winning bets as described above, so pi it's not clear to me
that pi is that non-statistically random as compared to your
common-garden real x.
David Bernier
--
http://homestead.deja.com/mathworld/fish_school.html
http://homestead.deja.com/mathworld/primes_slow.html
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Tue, 09 Nov 99 11:40:04 GMT
In article <806qct$j55$[EMAIL PROTECTED]>,
"denis.feldmann" <[EMAIL PROTECTED]> wrote:
>
>james d. hunter a �crit dans le message <[EMAIL PROTECTED]>...
>>john baez wrote:
>>>
>>> In article <[EMAIL PROTECTED]>,
>>> james d. hunter <[EMAIL PROTECTED]> wrote:
>>>
>>> > That's because nobody has proved that anything is random.
>>>
>>> Wrong.
>>>
>>> > "Random" is usually defined in terms of things like pi,
>>>
>>> Wrong.
>>>
>>> > so there's no reason to assume that pi isn't just simply
>>> > a well-known purely random number.
>>>
>>> Not even wrong.
>>
>> I assume that since you are a "scientist", particularly
>> one of the QM variety, you are clueless concerning
>> what is random, what is not random, what's up and what's down.
>> So you are excused for being a idiot.
>
>Ok, but what is your excuse?
Unfortunately, he's been trained as an engineer. It's too bad
he didn't learn about the thinking part of that degree.
/BAH
Subtract a hundred and four for e-mail.
------------------------------
From: Best Wishes <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,alt.math,soc.culture.russian
Subject: Re: The story of a small boy --- sealed envelops --- encryption technologies
Date: Tue, 09 Nov 1999 13:43:31 +0000
Markku J. Saarelainen wrote:
> "Encryption and many cryptography technologies are very important for
> any future electronic commerce applications and implementations.
For those interested, here is a list of free cryptography software, some
in English, some in Russian
http://www.listsoft.com/eng/95/crypt.htm
Best Wishes
--
Tons of free software, no catch - http://www.listsoft.com - I recommend
it!
------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: 9 Nov 1999 13:36:45 GMT
Reply-To: [EMAIL PROTECTED]
In article <807ssi$p22$[EMAIL PROTECTED]>, Steven B. Harris
([EMAIL PROTECTED]) wrote:
> In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Scott
> Nelson) writes:
> >
> >On 8 Nov 1999 17:45:07 GMT, [EMAIL PROTECTED](Steven B. Harris)
> >wrote:
> >
> >>In <MeDV3.9037$[EMAIL PROTECTED]> gtf[@]cirp.org
> >>(Geoffrey T. Falk) writes:
> >>>
> >>>In article <806tk6$glf$[EMAIL PROTECTED]>,
> >>>Steven B. Harris <[EMAIL PROTECTED]> wrote:
> >>>>stored random numbers for that.
> >>>
> >>>FTR: Borwein and Borwein discovered a remarkable algorithm for
> >>>generating the nth digit of pi without generating all of the
> >>>preceding digits.
> >>
> >> No kidding? How does the time to determine the particular digit,
> >>scale in comparison to digit place? Are you sure you're not putting
> me
> >>one?
> >
> >I think he's talking about the Bailey-Borwein-Plouffe Pi Algorithm
> >
> >It's real, but it generates the N'th _Hexadecimal_ digit of PI.
***********
> >(From hex you can easily convert to any base that is a power of 2)
> >It's based on the formula;
> >
> > infinity 1 4 2 1 1
> > pi = SUM ---- ( ------ - ------ - ------ - ---- )
> > k=0 16^k 8k + 1 8k + 4 8k + 5 8k+6
> >
> >There's a nice web page about it at
> >http://www.mathsoft.com/asolve/plouffe/plouffe.html
> >
> >It strongly suggests that a formula for calculating the
> >Nth decimal digit of PI (without calculating all of the
*******
> >previous digits) is possible, but I don't think anyone
> >has discovered one yet.
> Er-- I'm now getting two different stories. I smell urban myth.
Not at all.
T: you can calculate the N'th *hexadecimal* digit of pi without having
to find all the preceding ones. By extension, you can do this for
other bases which are powers of 2.
T: it is not obvious how to calculate the N'th *decimal* digit.
10 is not a power of 2. (of course, by the time you read
this, someone may have come up with a method...)
No inconsistency there.
Why not read the cited web page, which will make it much clearer?
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: Terje Mathisen <[EMAIL PROTECTED]>
Subject: Re: The DVD Hack: What Next?
Date: Tue, 09 Nov 1999 15:21:11 +0100
[EMAIL PROTECTED] wrote:
>
> http://www.hyperreal.art.pl/cypher/remailer/ ([EMAIL PROTECTED]) wrote:
> : Thanks to a gaffe by one of the decryption software's licensees, a band
> : of Norwegian programmers made it possible to make a perfect copy of a
> : DVD film with none of that pesky encryption.
>
> That isn't really accurate: the mistake of leaving the master key
> unencrypted made the hack easier, but since the DVD player software had to
> _use_ the master key anyways, if the mistake had not been made, the
> Norwegian programmers would just have had to work for a few days longer.
> At least, that's how _I_ understood the WIRED article.
I believe you're right: The XingDVD player left it's key in clear, so
they didn't need to trace/reverse engineer the decoding of this key
before they could follow the DVD decoding process.
Anyway, having found this first key gave them a known clear-text attack
on all the other keys, they supposedly said 'enough is enough' after
having recovered about 170 different master keys.
This is more than enough to make it infeasible to simply revoke (i.e.
omit) the Xing key on future DVD disks.
Terje
--
- <[EMAIL PROTECTED]>
Using self-discipline, see http://www.eiffel.com/discipline
"almost all programming can be viewed as an exercise in caching"
------------------------------
From: "OTTO" <[EMAIL PROTECTED]>
Subject: Self-certified public key......
Date: 9 Nov 1999 14:29:27 GMT
dear all,
I need the M.Girault (1991) "Self-certified public key " in "advances in
cryptology:proc. Eurocrypt '91.
thanks....
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: talk.politics.crypto
Subject: Re: NOVA: the Code Breakers TONIGHT Nov 9
Date: 9 Nov 99 14:37:18 GMT
Anthony Stephen Szopa ([EMAIL PROTECTED]) wrote:
: NOVA: the Code Breakers TONIGHT Nov 9
: At least in Los Angeles on channel 28 KCET will air NOVA: the Code
: Breakers which will be all about ENIGMA. It is a one hour program.
No, it is a _two-hour_ program, so take that into account.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: 9 Nov 99 14:39:37 GMT
Steven B. Harris ([EMAIL PROTECTED]) wrote:
: No kidding? How does the time to determine the particular digit,
: scale in comparison to digit place? Are you sure you're not putting me
: one?
Such a method does exist, but the time to determine a particular digit
does increase somewhat for later digits. And there is only such a method
for _hexadecimal_ digits; no corresponding method for decimal digits is
known to exist.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: 9 Nov 99 14:40:12 GMT
Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
: "Steven B. Harris" wrote:
: > No kidding?
: Not only "no kidding", but the original hex-digit-only algorithm
: has been augmented by further work and now we can produce any
: arbitrary decimal digit of pi. It shouldn't take long to locate
: more info via a Web search.
Now _that's_ news.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: 9 Nov 99 14:43:37 GMT
Steven B. Harris ([EMAIL PROTECTED]) wrote:
: In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Scott
: Nelson) writes:
: >On 8 Nov 1999 17:45:07 GMT, [EMAIL PROTECTED](Steven B. Harris)
: >wrote:
: >>In <MeDV3.9037$[EMAIL PROTECTED]> gtf[@]cirp.org
: >>(Geoffrey T. Falk) writes:
: >>>FTR: Borwein and Borwein discovered a remarkable algorithm for
: >>>generating the nth digit of pi without generating all of the
: >>>preceding digits.
: >> No kidding? How does the time to determine the particular digit,
: >>scale in comparison to digit place? Are you sure you're not putting
: >>me on?
: >I think he's talking about the Bailey-Borwein-Plouffe Pi Algorithm
: >It's real, but it generates the N'th _Hexadecimal_ digit of PI.
: >(From hex you can easily convert to any base that is a power of 2)
: >It's based on the formula;
: > infinity 1 4 2 1 1
: > pi = SUM ---- ( ------ - ------ - ------ - ---- )
: > k=0 16^k 8k + 1 8k + 4 8k + 5 8k+6
: >There's a nice web page about it at
: >http://www.mathsoft.com/asolve/plouffe/plouffe.html
: >It strongly suggests that a formula for calculating the
: >Nth decimal digit of PI (without calculating all of the
: >previous digits) is possible, but I don't think anyone
: >has discovered one yet.
: Er-- I'm now getting two different stories. I smell urban myth.
No, the Borwein-Bailey-Plouffe algorithm is real. That a method for
decimal digits exists, if that is true, is new news that not everyone has
heard of yet.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: 9 Nov 99 14:50:12 GMT
[EMAIL PROTECTED] wrote:
: No, the Borwein-Bailey-Plouffe algorithm is real. That a method for
: decimal digits exists, if that is true, is new news that not everyone has
: heard of yet.
It _is_ true, and here's the URL:
http://www.lacim.uqam.ca/plouffe/Simon/articlepi.html
John Savard
------------------------------
From: "james d. hunter" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Tue, 09 Nov 1999 10:29:58 -0500
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
>
> In article <806qct$j55$[EMAIL PROTECTED]>,
> "denis.feldmann" <[EMAIL PROTECTED]> wrote:
> >
> >james d. hunter a �crit dans le message <[EMAIL PROTECTED]>...
> >>john baez wrote:
> >>>
> >>> In article <[EMAIL PROTECTED]>,
> >>> james d. hunter <[EMAIL PROTECTED]> wrote:
> >>>
> >>> > That's because nobody has proved that anything is random.
> >>>
> >>> Wrong.
> >>>
> >>> > "Random" is usually defined in terms of things like pi,
> >>>
> >>> Wrong.
> >>>
> >>> > so there's no reason to assume that pi isn't just simply
> >>> > a well-known purely random number.
> >>>
> >>> Not even wrong.
> >>
> >> I assume that since you are a "scientist", particularly
> >> one of the QM variety, you are clueless concerning
> >> what is random, what is not random, what's up and what's down.
> >> So you are excused for being a idiot.
> >
> >Ok, but what is your excuse?
>
> Unfortunately, he's been trained as an engineer. It's too bad
> he didn't learn about the thinking part of that degree.
That's true. And since all the "scientists" Mr. Cat (AKA
Schroedinger),
and Mr. Impulse (AKA Dirac) did to derive the holistic wave-particle
doo-dads was to hack up the classical Lagrangian, I wouldn't
except that there would be a lot of philosophic mumbo-jumbo
from the probabilistic peanut gallery to explain why
crapola can sometimes predict events.
------------------------------
From: [EMAIL PROTECTED] (Stefek Zaba)
Subject: Re: An encryption proposal from a Newbie... <- A modification
Date: Tue, 9 Nov 1999 15:49:59 GMT
In sci.crypt, Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
> Aargh! That's why we discourage posting of newbie attempts at
> cryptosystem design. No matter how much work people put into
> analyzing the flaws, the newbie will just make another change
> and the process starts all over again. Eventually, people get
> tired of pointing out the flaws, at which point the newbie
> thinks that he has finally devised a great system because
> nobody seems to be able to find a flaw in it.
At which point they patent it, get a bunch of vulture capatalists to fund it,
get some one-time hitech CEOs to sign up on the board, and hawk it round
still-extant hitechs, persistently but always under NDA.
Any similarity to practicing companies is purely coincedental.
Cheers, Stefek
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Can the SETI@home client be protected?
Date: 09 Nov 1999 11:00:52 EST
>On the other hand, it sounds like the server could check
>a random sampling of misses as easily as it checks the positives.
>If not, you could have the client perform a hash of some of
>the intermediate states so the server can, if it chooses,
>check that the client actually did the work. There's no
>way to pass such a test except by sending the correct data.
>That doesn't prove the client isn't modified, but if it's
>sending in the correct data, then why would you care
>about modifications?
Once you find a case where the modified client gives a different
answer, you have your test for that patch. The problem is that it
breaks the scientific method even if the modified client gives correct
answers. The scientists need to know that code X produced result Y.
Hacked code lowers the confidence of any result even if it gives
correct answers.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Lenstra on key sizes
Date: 09 Nov 1999 16:06:37 GMT
AES design criteria is to be suitable for a long time. It is conservative as
we do not know what is possible a few years hence.
Don Johnson
------------------------------
From: "Gary" <[EMAIL PROTECTED]>
Subject: Re: Can the SETI@home client be protected?
Date: Tue, 9 Nov 1999 16:06:42 -0000
On the server side.
When the server issues a packet it should compute and archive a random sub
packet for itself. When the whole packet is processed and returned. The
archived random sub packet computation is checked against the returned one
to see if it has correctly been processed.
This allows correct calculations through even those using correctly
implemented patches.
On the client side.
The client program should test itself and report if calculations are
incorrect to the client user.
Another seperate test should be done within the code that doesn't report
corruption to the client user but just puts a rejection code on the packet
going to the server.
Guy Macon wrote in message <8087tr$[EMAIL PROTECTED]>...
>
>Over in the sci.astro.seti newsgroup there has been some discussion
>whether or not it is possible to protect certain software.
>
>Here is the situation:
>
>SETI@home [ http://setiathome.ssl.berkeley.edu/ ] is a scientific
>experiment that involves millions of Internet-connected computers
>in the Search for Extraterrestrial Intelligence (SETI). Participants
>run a program that downloads and analyzes radio telescope data from
>a server at Berkeley.
>
>Certain people have created unauthorized patches that speed up the
>client program. The scientists at the SETI project have asked that
>only the autorized client be run, but the patchers will not comply.
>This threatens the science behind the project by injecting possibly
>corrupt data into the mix.
>
------------------------------
From: Mike Partain <[EMAIL PROTECTED]>
Subject: Re: An encryption proposal from a Newbie... <- A modification
Date: Tue, 09 Nov 1999 16:06:36 GMT
I didn't recognize your name. Where in my company do you work?
:)
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 11/9/1999, 10:49:59 AM, [EMAIL PROTECTED] (Stefek Zaba) wrote=20
regarding Re: An encryption proposal from a Newbie... <- A=20
modification:
> In sci.crypt, Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
> > Aargh! That's why we discourage posting of newbie attempts at
> > cryptosystem design. No matter how much work people put into
> > analyzing the flaws, the newbie will just make another change
> > and the process starts all over again. Eventually, people get
> > tired of pointing out the flaws, at which point the newbie
> > thinks that he has finally devised a great system because
> > nobody seems to be able to find a flaw in it.
> At which point they patent it, get a bunch of vulture capatalists to=20=
fund it,
> get some one-time hitech CEOs to sign up on the board, and hawk it=20=
round
> still-extant hitechs, persistently but always under NDA.
> Any similarity to practicing companies is purely coincedental.
> Cheers, Stefek
------------------------------
From: [EMAIL PROTECTED] (Stefek Zaba)
Subject: Re: The Code Book Mailing List
Date: Tue, 9 Nov 1999 16:02:50 GMT
In sci.crypt, David Pearce ([EMAIL PROTECTED]) wrote:
> ........... Anyone know how to factorise a number of the order of 10^138
> into two prime numbers?
10^138 is about 2^460; since a 512-bit general number fell to a distributed
best-current-public factoring attack earlier this summer, polishing off
a 460-bit number might be beneath the regard of Lenstra and colleagues;
on the other hand, if it funds another few gigs of memory for the Cray
(in the non-distributed matrix step) and raises good publicity, they're
probably working on it already :-)
Cheers, Stefek
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Can the SETI@home client be protected?
Date: 09 Nov 1999 11:12:01 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Francois Grieu) wrote:
>
>[EMAIL PROTECTED] (Guy Macon) wrote�:
>
>> In the newsgroup some folks (not the SETI scientists) have opined
>> that it is impossible to protect the client software from such
>> patches, and that any such protection can be broken without breaking
>> the actual encryption. Is this true ?
>
>I think it is true. No general way of ensuring that data has been
>remotely processed in a prescribed way exists (that I know of),
>when processing can occur on a standard PC (*). Moves in this direction
>are so-called security thru obscurity, and are typicaly not regarded as
>cryptography. Not that they are entirely ineffective, though.
I can think of things along this line like sending a new client every
time a new work unit starts, or somehow comparing the client byte for
byte with a known good copy on the server, calculating checksums, etc.
but none of these are as secure as using cryptography. I am a believer
in the goodness of published crypto algorithms. and suspicious of security
by obscurity.
>1) Encourage, rather than fight, the efforts in the direction of speeding
>up the algorithm : the authors would be foolish to hope having the best
>possible implementation ! Emulation worked well in DES cracking efforts.
>Properly document the algorithm, openly supply test cases and a reference
>implementation in source form, maybe even set up a plugin/DLL interface.
>Define a public method to tag results with the id/version of the
>algorithm/plugin that produced them, and report the rate achieved by each.
That is already impemented. The major hackers refuse to comply.
>2) Find ways to detect plain cheaters running for high stats.
>One idea is to manufacture say 2% of test positives, and check
>they are reported. I can't see how a cheater could report lots of
>fakely processed negatives while still properly finding the test
>positives. This is an advantage over DES cracking efforts, where such
>countermeasure was not feasible, but still no intentionaly false report
>is known to me.
High stats cheater protection is already in place. The SETI@home team
takes any result that in any way looks odd and sends it to several
other participants in different parts of the world. In addition,
right now each work unit is sent out and processed an average of 2.8
times. This is because the horde of PCs are processing data faster
than the Arecibo radiotelescope can generate it.
------------------------------
From: "Doug Gwyn (ISTD/CNS) <gwyn>" <[EMAIL PROTECTED]>
Subject: Re: Signals From Intelligent Space Aliens? Forget About It.
Date: Tue, 9 Nov 1999 15:09:06 GMT
Anthony Stephen Szopa wrote:
> I have also spoken to a math professor and he believes that we should be able
> to achieve speeds about 90% that of light and survive the voyage.
This isn't a matter of belief; it can be readily determined.
I had an example on this topic in the notes for a course on
relativistic field theory I gave for a small group of friends
in 1970. Assume traveling for a certain amount of time T/2
(measured on the spaceship) under constant forward acceleration
G followed by deceleration at the same rate G for another
interval T/2. From special relativity, it is easy enough to
compute the total distance traveled, D. Then take any
reasonable estimate of human longevity as a function of G;
that curve maps G to T, and one can graphically solve for
D vs. G to see how far one could actually get within a human
lifetime.
------------------------------
Crossposted-To: sci.math,sci.misc,sci.physics
From: "Doug Gwyn (ISTD/CNS) <gwyn>" <[EMAIL PROTECTED]>
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Tue, 9 Nov 1999 15:10:57 GMT
[EMAIL PROTECTED] wrote:
> I've never heard of a
> random number generator that's really random.
These exist in profusion. Many commercial crypto chips
contain a genuine random bitstream source.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
