Cryptography-Digest Digest #639, Volume #10 Sat, 27 Nov 99 18:13:01 EST
Contents:
How to generatekey pair for different users? ([EMAIL PROTECTED])
Re: Signals From Intelligent Space Aliens? Forget About It. (Lincoln Yeoh)
Re: Quantum Computers and PGP et al. (Lincoln Yeoh)
Re: Why Aren't Virtual Dice Adequate? (Lincoln Yeoh)
Re: Why Aren't Virtual Dice Adequate? (Lincoln Yeoh)
Re: Why Aren't Virtual Dice Adequate? (Tim Tyler)
Re: How safe is Mobile Phone ? (Lincoln Yeoh)
Re: What part of 'You need the key to know' don't you people get? (Tim Tyler)
Re: cryptography control? (Jim Dunnett)
Re: NSA should do a cryptoanalysis of AES (Tim Tyler)
Re: ENCRYPTOR 4.0 by Comotex USA Inc. CRACKED !! (Brian Chase)
Re: AES cyphers leak information like sieves (wtshaw)
Re: AES cyphers leak information like sieves (wtshaw)
Re: brute force versus scalable repeated hashing (Johnny Bravo)
Re: bits of diffiehellman private key (Anonymous)
Re: Random Noise Encryption Buffs (Look Here) ("Trevor Jackson, III")
Re: How to generatekey pair for different users? ("Trevor Jackson, III")
Re: How to generatekey pair for different users? ("Trevor Jackson, III")
Re: cryptography control? (Anthony Stephen Szopa)
Re: High Speed (1GBit/s) 3DES Processor ("Jerry P")
Re: Noise Encryption (Johnny Bravo)
Re: How to generatekey pair for different users? (Johnny Bravo)
Re: AES cyphers leak information like sieves ("Douglas A. Gwyn")
Re: Pleasantville: civilty under duress ("karl malbrain")
Re: Random Noise Encryption Buffs (Look Here) (Tom St Denis)
Re: bits of diffiehellman private key (Tom St Denis)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.lang.java.security,microsoft.public.java.security
Subject: How to generatekey pair for different users?
Date: Sun, 28 Nov 1999 01:23:39 +0800
Hi
Does anyone know how to generate different private and public key pairs
for different users?
Thanks
Greg
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Crossposted-To: talk.politics.crypto
Subject: Re: Signals From Intelligent Space Aliens? Forget About It.
Date: Sat, 27 Nov 1999 17:29:01 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 26 Nov 1999 06:11:02 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>Lincoln Yeoh wrote:
>> They screwed up that voyager thing? Woohoo. Never knew that.
>
>Maybe that too, but actually I was talking about some ground-based
>transmission, kind of an inverse of SETI listening.
Oh. But that probably won't matter much. There are tons of other
transmissions with junk in them too. ;).
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Crossposted-To: talk.politics.crypto,talk.politics.misc
Subject: Re: Quantum Computers and PGP et al.
Date: Sat, 27 Nov 1999 17:45:07 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 25 Nov 1999 20:15:31 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
>> Maybe, but so far the signs are that quantum computers won't be that
>> difficult - those molecule ones are already very promising. Don't see
>> anything really in their way- they've already worked out how to do
>error
>> correction without ruining things.
>>
>
>What is your source for this info?
"Although classical computers use extra bits to detect and correct errors,
many experts were surprised when Shor and others showed that the same can
be done quantum-mechanically. They had naively expected that quantum error
correction would require measuring the state of the system and hence
wrecking its quantum coherence. It turns out, however, that quantum errors
can be corrected within the computer without the operator ever having to
read the erroneous state."
http://www.sciam.com/1998/0698issue/0698gershenfeld.html
>> I believe that practical QCs will be here way before we get nuclear
>fusion
>> powerplants.
>
>Again what is your source?
Me.
Doh. It's what I believe.
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Crossposted-To: sci.math
Subject: Re: Why Aren't Virtual Dice Adequate?
Date: Sat, 27 Nov 1999 17:57:51 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 26 Nov 1999 16:51:09 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
>How can you make an unbiased die? If you make one, how can you be certain
>it will not pick up dust? What makes you certain it is so uniform it will
>be immue to thermal fluctuatiuons? Do you control the temperature of the
I think you missed his main point. The adversary doesn't know either.
I doubt things have to be so perfect. My problem is generating random bits
fast enough.
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Crossposted-To: sci.math
Subject: Re: Why Aren't Virtual Dice Adequate?
Date: Sat, 27 Nov 1999 18:03:48 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 26 Nov 1999 16:51:09 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
>How can you make an unbiased die? If you make one, how can you be certain
>it will not pick up dust? What makes you certain it is so uniform it will
>be immue to thermal fluctuatiuons? Do you control the temperature of the
>environment? Or try for a dice that can retain its lack of bias over a
>range of temperatures? In what environment do you roll your dice?
>Is the dice likely to be struck by cosmic rays, that cause it to gain
>or lose matter from its surfaces? How far is the rolling arm from the
>flat surface. Does the arm pick the dice up as it fell before rolling it
>again? Does it shake the dice? Before rolling it? For how long?
Erm that's the whole idea! All these unknowns make it random.
It's good that the die is influenced by cosmic rays or whatever.
Arguably if you make a perfect die and throw it with a perfect robotic arm,
in a perfectly uniform and sealed environment, you'll always get the same
useless result.
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
Crossposted-To: sci.math
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Why Aren't Virtual Dice Adequate?
Reply-To: [EMAIL PROTECTED]
Date: Sat, 27 Nov 1999 17:53:17 GMT
In sci.crypt Michael Kagalenko <[EMAIL PROTECTED]> wrote:
: Tim Tyler ([EMAIL PROTECTED]) wrote
: ]What do you make of Terry Ritter's thoughts on the unattainability of
: ]demonstrably secure OTPs in practice?
: Terry Ritter is illiterate in math statistics, so his opinion counts
: for very little.
Perhaps you can offer some criticism of the views in question, rather than
attempting to cast aspersions on their author?
I case you are not even familair with the views under discussion, you can
find them at:
http://www.io.com/~ritter/GLOSSARY.HTM#OneTimePad
... and in the links at the bottom of ...
http://www.io.com/~ritter/GLOSSARY.HTM#ReallyRandom
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Veni, vidi, velcro: I came, I saw, I stuck around.
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Subject: Re: How safe is Mobile Phone ?
Date: Sat, 27 Nov 1999 18:09:39 GMT
Reply-To: [EMAIL PROTECTED]
On Sat, 27 Nov 1999 00:45:14 +0800, "Hank"
<[EMAIL PROTECTED]> wrote:
>I am curious if the mobile phone system uses any data encryption mechanism.
>For example, if the handshaking process is not encrypted, someone might
>easily intercept the ID of my phone and forge it to make a fake call. And
>if the communicaion is not encrypted, someone can easily eavesdrop on
> my conversation with friends. Are these all true ?
GSM phones were designed with encryption. However the 3 letter agencies
lobbied for the encryption to be weakened and succeeded. This was all
public knowledge - at least it was in UK newspapers. So I dunno why there
was a big fuss over the breaking of GSM encryption in the US some time
back. The media treated it like it was an amazing achievement.
Most analog cellular phones have no encryption. Trivial to eavesdrop with a
scanner. Easy to clone too.
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: What part of 'You need the key to know' don't you people get?
Reply-To: [EMAIL PROTECTED]
Date: Sat, 27 Nov 1999 18:10:41 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> ... I used "IV" to refer to the initial value used as the
:> cyphertext of the block before the first one available.
: Please don't do that. "IV" is a standard acronym for
: "initialization vector" and is used only with the first
: block.
http://www.io.com/~ritter/GLOSSARY.HTM#IV lists "Initial Value",
"Initializing Value" and "Initialisation Vector" as possible
sources for the acronym.
The term "IV" was being used by another participant, to refer to
the value carried over from the previous cyphertext at /every/
point in the decyphering process. I was mainly trying to distinguish
my usage from his.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Despite the cost of living, it remains popular.
------------------------------
From: amadeus @0SPAM.netcomuk.co.uk (Jim Dunnett)
Crossposted-To: talk.politics.crypto
Subject: Re: cryptography control?
Date: Sat, 27 Nov 1999 18:29:40 GMT
Reply-To: Jim Dunnett
On Sat, 27 Nov 1999 16:30:19 GMT, [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
wrote:
> Yes I am sure most in here are aware of it. The conservatives in
>congress are to dumb to understand crypto so they really don't want
>to ease restrictions.
They're dumb period. Particularly that dumbo Bush git who hopes
he can be president some day!
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Reply-To: [EMAIL PROTECTED]
Date: Sat, 27 Nov 1999 18:29:31 GMT
Paul Crowley <[EMAIL PROTECTED]> wrote:
: Tim Tyler <[EMAIL PROTECTED]> writes:
:> Bruce Schneier <[EMAIL PROTECTED]> wrote:
[snip "working for the NSA"]
:> : It's the Faustian bargain they made [...]
:>
:> You're comparing working for the NSA to doing a deal with the devil for
:> your soul?
: Tim, you've just committed the "fallacy of the extended analogy". See
: the alt.atheism FAQ for details.
<fx: giggles>
I see that that very "Frequently Asked Question" mentions cryptography!
A coincidence? No such thing!
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
355/113: Not the famous irration number PI, but an incredible simulation!
------------------------------
From: [EMAIL PROTECTED] (Brian Chase)
Subject: Re: ENCRYPTOR 4.0 by Comotex USA Inc. CRACKED !!
Date: Sat, 27 Nov 1999 18:51:05 GMT
In article <[EMAIL PROTECTED]>,
JPeschel <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] writes:
>>Yes, but because it's time consuming, i prefer only prove that the
>>softs are insecure. Why create a crack soft for encryptor 4.0 if
>>encryptor 4.0 is dead ?
>Because Rocky and Bullwinkle want to be able to read all
>of the Encryptor 4.0 files on Natasha's hard-drive even
>if she used different keys for each file. They don't have
>much time since she'll be back soon from lunch with Boris.
So what you're asserting here is that if you're using this encryption
product, your data is acceptably secure as long as you don't take long
lunches, and that you don't take up company with imaginary squirrels and
moose?
Very interesting.
-brian.
--
--- Brian Chase | [EMAIL PROTECTED] | http://world.std.com/~bdc/ -----
I still remember the combination to your high school locker that I saw
over your shoulder once! This gives me ultimate power! -- K.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: AES cyphers leak information like sieves
Date: Sat, 27 Nov 1999 13:50:27 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> > Only those who are real cranks deserve to get the shaft. His self-styled
> > poetic statements are meant to light the fuses of shallow thinkers while
> > should be of not regard to those who are seeking truth. Being willing to
> > hop on one foot at the formal request of someone demanding that antic does
> > not speak well of either party.
>
> Asking for civilized behavior during a technial discourse
> is *not* asking anyone to (metaphorically) hop on one foot.
> If the goal is to communicate and/or enlighten, offensive
> behavior just gets in the way. If the barrier is too high,
> most reasonable people won't bother to try to overcome it.
Targeting the technical issues is best, but sometimes even meek little ole
me gets a trit beyond that focus. Then, I always promise to do better, and
I do...for a while.
--
Love is blind, or at least figure that it has astigmatism.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: AES cyphers leak information like sieves
Date: Sat, 27 Nov 1999 13:57:06 -0600
In article <[EMAIL PROTECTED]>, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
> Analogously, major business decisions are often made on the basis of
trivia such
> as the cut of a suit or the width of a tie. In the more liberal world of
> engineering, ties are often missing altogether. The fact that idiots make
> substantial decisions based on trivia does not suggest that one can make
better
> proposals by wearing the right suit or the right color of tie. It
suggests that
> the quality of the concept or proposal is irrelevant to the decision process.
>
> Is that what you would suggest is going on in sci.crypt?
Proper science means being able to cut through the crap, and properly
label the discards as such. Improper science means not willing to wade
through the mud to catch specimens for fear of soiling your standards.
--
Love is blind, or at least figure that it has astigmatism.
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Crossposted-To: comp.security.misc
Subject: Re: brute force versus scalable repeated hashing
Date: Sat, 27 Nov 1999 16:03:42 GMT
On Sat, 27 Nov 1999 16:22:16 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
> look asshole ...fucking asshole ... fuck you.
>
>David A. Scott
I see you can manage to spell these words, but spelling "check" and
"their" is far beyond your abilities.
Sci.crypt should have a kook of the month award, but you wouldn't
have any competition. You get my vote.
Johnny Bravo
------------------------------
Date: Sat, 27 Nov 1999 22:13:09 +0100 (CET)
From: Anonymous <[EMAIL PROTECTED]>
Subject: Re: bits of diffiehellman private key
No one has stated it explicitly here (IEEE P1363 does discuss this)
but the danger in choosing a generator of the whole group of size p-1
is that the low order bit of the exponent is leaked.
If g generates the whole group, then g^x will be a quadratic residue if
and only if x is even. That it is a quadratic residue can be tested
by raising to the (p-1)/2 power. The result will be 1 for quadratic
residues, p-1 for nonresidues. From this you can determine the low
order bit of x, given g^x.
Now, for most uses this doesn't matter very much. If two people are
doing a DH exchange, one publishes g^x, the other g^y, and g^xy is used
to form a shared key. The attacker can determine if x and y are even or
odd, hence if xy is even or odd. So he knows whether the shared secret
g^xy is a quadratic residue or not.
Technically this leaks one bit of information about the shared secret, but
it is not useful in most cases.
The alternative, to use a generator of a group of size (p-1)/2, avoids
this problem because g will be a quadratic residue and so will be all of
its powers. However even this also leaks one bit, in a way. Instead of
leaking the low bit, in effect it leaks the high bit of the exponent.
That is because the exponents must be one bit shorter, hence it is as
though they had their high bit forced to be zero.
Either way, you effectively have 1023 bits of entropy in the exponent, for
a 1024 bit prime. You either give up the high bit or give up the low bit.
------------------------------
Date: Sat, 27 Nov 1999 16:26:59 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Guy Macon wrote:
> In article <81ogtv$upa$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tom St Denis) wrote:
> >
> >In article <[EMAIL PROTECTED]>,
> > "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> >> Tom St Denis wrote:
> >> > Universially random should mean something which is random, and by NO
> >> > MEANS at all predictable. However this cannot exist in nature.
> >>
> >> Who made you God?
> >
> >Ok, explain to me something that is truly random.
> >
>
> The time it takes for an individual atom of potassium-40
> to decay to Argon-40.
If you claimed a way to influence the decay process it would be possible to verify your
claim. But if you claim that it is impossible to influence the decay process, it is
impossible to prove that claim. Since your statement above presumes that the decay
process cannot influenced, your statement cannot be verified or proven. So it rests on
a belief rather than a scientific rationale.
------------------------------
Date: Sat, 27 Nov 1999 16:33:39 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.java.security,microsoft.public.java.security
Subject: Re: How to generatekey pair for different users?
[EMAIL PROTECTED] wrote:
> Hi
>
> Does anyone know how to generate different private and public key pairs
> for different users?
Yes.
------------------------------
Date: Sat, 27 Nov 1999 16:34:34 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.java.security,microsoft.public.java.security
Subject: Re: How to generatekey pair for different users?
[EMAIL PROTECTED] wrote:
> Hi
>
> Does anyone know how to generate different private and public key pairs
> for different users?
Oh, you wanted someone to tell you how to do it?
RTFM.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: cryptography control?
Date: Sat, 27 Nov 1999 14:03:06 -0800
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
> I came across an artical that brings up some interesting points
> concerning government control of cryptography in the future. The link
> is:
>
> http://home.att.net/~dontbefooled/CESA99.htm
>
> I hope this not too far off topic as it does not go into specifics of
> cryptography. The jist is that there have been some recent political
> moves in the USA to increase the regulation/control of cryptography.
> Its kinda like "If unbreakable cryptography is outlawed then only
> outlaws will use it."
> BDS
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Think the government will be as successful with cryptography as they
are with their war on drugs?
Egad!
------------------------------
From: "Jerry P" <[EMAIL PROTECTED]>
Crossposted-To: comp.dcom.vpn,comp.security.firewalls
Subject: Re: High Speed (1GBit/s) 3DES Processor
Date: Sat, 27 Nov 1999 16:34:08 -0600
No market research needed.
3DES at a 1 Gigabit/sec, like anti-gravity, free desalination,
non-polluting engines, and ADSL, is obviously a billion-dollar
winner. NSA can do 3DES at 1 Gigabit/WEEK with Cray computers.
Of course, someone claiming fast 3DES would have to publish
the source code for peer review before ANYONE it his right
mind would even consider using it. All other trusted algorithms
(DES, 3DES, Blowfish, etc.) have been so published.
Almost all the 'proprietary' encryption methodologies have been
cracked and found to be trivial (cell phones, smart cards,
DVDs, et al).
Tim Wood <[EMAIL PROTECTED]> wrote in message
news:80pd64$3ic$[EMAIL PROTECTED]...
> [EMAIL PROTECTED] wrote in message
> <[EMAIL PROTECTED]>...
> >We have developed a prototype Encryption system which runs 3DES at
1
> >GBits/sec (this is not just processing but with real IO at 1
GBit/sec).
> >Are there any commercial applications for this type of technology?
>
> Isn't it usual to find out if there are commercial applications
before you
> develop something?
> Unless of course you just do it as a hobby ;-)
>
>
>
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Noise Encryption
Date: Sat, 27 Nov 1999 17:31:01 GMT
On 27 Nov 1999 07:18:18 PST, [EMAIL PROTECTED] (Guy Macon) wrote:
<snip>
This is known as a one time pad, and has been around for ages. For
the moment I'll set aside comments on the randomness of the data, and
physical security. A OTP is completely secure, in theory, as long as
the pad is never reused and the data is truly random.
One suggested change, allocate the disk so that each side has its
own data to send with. If you only have no split you have a serious
problem, let's say you send a 10k message to B and at the same time B
sends a 1K message to you. You get the message and find that the 1K
bytes you need have been burned off your disc so you can't decode the
message. B has the same problem that you do. Even worse is that your
attacker can combine both messages via XOR, the byte stream will
cancel out leaving your attacker with 1K of text that is the XOR of
the two plaintexts. While it might not be trivial to extract the two
plain text streams from this, it is possible, and easily avoided.
If a message is lost in transit, you will be out of sync, you won't
be able to decode further messages. Ways around this would depend on
how much, and how often you transmit messages. If the messages were
one a day, you might agree to use 1/35th of the disk space each day.
So every day you would start on the correct block of data. If you
sent many messages per day, you might want to allocate a given size
for each message with a message header indicating what the number of
the message is so you know which data to decrypt with.
The comments that I set aside above are where the weakness comes in.
If the data is not truly random (and while you can be confident it is
to a certain degree, you can never prove it completely), your cipher
is not secure. And if someone gets a copy of the data, all of your
traffic can be read.
>Assuming true random data, is the above scheme secure
>against interception and decoding? I assume that the
>attacker has full knowledge of everything except the
>random data or the unencoded message, and I realize
>that the usual "bribe my friend/break into my safe and
>copy my CDs/etc" attacks are not addressed by this.
Given these constraints, yes, your system is secure.
>Start with a hard disk that is all zeros.
Not a requirement since you will be overwriting all the values
anway. Nothing remaining on the disk from a previous run will be
retained.
<snip of massive overkill>
Use whatever makes you comfortable. You can take your end result
and run the various statistical tests to see if the result is as
random as you feel comfortable with depending on the security of your
data.
Having your computer connected to the internet exposes you to a
serious security risk that you need not take. You coubl be exposed to
a security leak via your OS, the internet, your various software
components, or a deliberate trojan attack that could send your
supposedly random stream directly to your attacker. You have to weigh
this risk against the security you hope to achieve. Unless you run
this process on a computer independent of the internet, I'd say you
would be just as well off as using PGP to send the information to your
friend.
Best Wishes,
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Crossposted-To: comp.lang.java.security,microsoft.public.java.security
Subject: Re: How to generatekey pair for different users?
Date: Sat, 27 Nov 1999 17:34:25 GMT
On Sun, 28 Nov 1999 01:23:39 +0800, [EMAIL PROTECTED] wrote:
>Hi
>
>Does anyone know how to generate different private and public key pairs
>for different users?
>
>Thanks
>
>Greg
Key pairs for what crypto system? Pgp? Just generate a new key
with a name on it that lets you tell the two apart. Call the key1 and
key2 if you have nothing better. Send each user one of the private
keys.
Best Wishes,
Johnny Bravo
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Date: Sat, 27 Nov 1999 22:52:30 GMT
"Trevor Jackson, III" wrote:
> Douglas A. Gwyn wrote:
> > Asking for civilized behavior during a technial discourse
> > is *not* asking anyone to (metaphorically) hop on one foot.
> > If the goal is to communicate and/or enlighten, offensive
> > behavior just gets in the way. If the barrier is too high,
> > most reasonable people won't bother to try to overcome it.
> Against this we have Franklin's observation that:
> "Reasonable men accomodate themselves to circumstances. Unreasonable accomodate
> ciscumstances to them selves. Thus all progress is due to unreasonable men."
That has no bearing on whether one should treat other participants
in a discussion with at least a minimum of respect (until they
prove that they aren't worthy of it).
> If a writer presents an interesting idea the offensiveness of the
> presentation is irrelevant to the value of the concept.
But the reason salesmen dress neatly and are polite is that the
*presentation* is important when trying to *sell* the product.
It doesn't matter how good the product is if it doesn't sell.
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Crossposted-To: comp.ai.fuzzy,sci.physics,sci.math
Subject: Re: Pleasantville: civilty under duress
Date: Sat, 27 Nov 1999 14:57:30 -0800
<[EMAIL PROTECTED]> wrote in message news:81j9an$gq4$[EMAIL PROTECTED]...
> In article <DbB_3.117$[EMAIL PROTECTED]>,
> "karl malbrain" <[EMAIL PROTECTED]> wrote:
> > The DISTINGUISHMENT is CIVIL.
> > The boundary between SAN MATEO and BRISBANE
> > runs along similar lines as the boundary between OAKLAND and BERKELEY.
> > The difference in years is of no significance.
>
>
> http://pleasantville.cannery.com/
That's a nice TRAP you've fallen for: just click the mouse and whatever is
DISTURBING you disappears. Now, if you have anything about the real place,
PLEASANTON, CA, let me know.... (nb, it's where those arrested during
STOP-THE-DRAFT-WEEK were taken.) Karl M
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: Sat, 27 Nov 1999 22:46:39 GMT
In article <81oseq$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Guy Macon) wrote:
> In article <81ogtv$upa$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tom
St Denis) wrote:
> >
> >In article <[EMAIL PROTECTED]>,
> > "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> >> Tom St Denis wrote:
> >> > Universially random should mean something which is random, and
by NO
> >> > MEANS at all predictable. However this cannot exist in nature.
> >>
> >> Who made you God?
> >
> >Ok, explain to me something that is truly random.
> >
>
> The time it takes for an individual atom of potassium-40
> to decay to Argon-40.
>
What is random about that? If you can model exactly every nick and
nanny of the atom, then can't you recreate the decay?
I would classify that as 'hard to model' thus 'random'. But it's not
universially random.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: bits of diffiehellman private key
Date: Sat, 27 Nov 1999 22:50:28 GMT
In article <[EMAIL PROTECTED]>,
Anonymous <[EMAIL PROTECTED]> wrote:
> No one has stated it explicitly here (IEEE P1363 does discuss this)
> but the danger in choosing a generator of the whole group of size p-1
> is that the low order bit of the exponent is leaked.
>
> If g generates the whole group, then g^x will be a quadratic residue
if
> and only if x is even. That it is a quadratic residue can be tested
> by raising to the (p-1)/2 power. The result will be 1 for quadratic
> residues, p-1 for nonresidues. From this you can determine the low
> order bit of x, given g^x.
>
> Now, for most uses this doesn't matter very much. If two people are
> doing a DH exchange, one publishes g^x, the other g^y, and g^xy is
used
> to form a shared key. The attacker can determine if x and y are even
or
> odd, hence if xy is even or odd. So he knows whether the shared
secret
> g^xy is a quadratic residue or not.
>
> Technically this leaks one bit of information about the shared
secret, but
> it is not useful in most cases.
>
> The alternative, to use a generator of a group of size (p-1)/2, avoids
> this problem because g will be a quadratic residue and so will be all
of
> its powers. However even this also leaks one bit, in a way. Instead
of
> leaking the low bit, in effect it leaks the high bit of the exponent.
> That is because the exponents must be one bit shorter, hence it is as
> though they had their high bit forced to be zero.
>
> Either way, you effectively have 1023 bits of entropy in the
exponent, for
> a 1024 bit prime. You either give up the high bit or give up the low
bit.
Well although I didn't know that, this doesn't effect peekboo [this
thread was about it anyways] for two reasons.
1) the base is not a generator
2) I hash the shared number g^xy mod p, so that one bit will not help
gain knowledge of the shared key anyways.
This is all in P1363? Maybe I will take a look.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
