Cryptography-Digest Digest #709, Volume #10 Thu, 9 Dec 99 10:13:01 EST
Contents:
Re: If you're in Australia, the government has the ability to modify your files.
>> 4.Dec.1999 ("Rick Braddam")
Re: NSA should do a cryptoanalysis of AES ("Rick Braddam")
Re: Digitally signing an article in a paper journal (Paul Rubin)
Re: Digitally signing an article in a paper journal (KloroX)
Re: If you're in Australia, the government has the ability to modify your files.
>> 4.Dec.1999 ("Tim Wood")
Re: Digitally signing an article in a paper journal ("Phil Bartley")
Re: If you're in Australia, the government has the ability to modify your files.
>> 4.Dec.1999 (SCOTT19U.ZIP_GUY)
Re: weak algorithm, too hard for me (JPeschel)
Re: Curious Phenomena....Re: High Speed (1GBit/s) 3DES Processor (Richard Herring)
QBITS ("Yuri Federovich")
Re: NSA should do a cryptoanalysis of AES (SCOTT19U.ZIP_GUY)
Re: NSA future role? (SCOTT19U.ZIP_GUY)
Re: If you're in Australia, the government has the ability to modify your files.
>> 4.Dec.1999 (Steve K)
Re: low exponent in Diffie-hellman? (DJohn37050)
Re: NSA future role? (CLSV)
Re: low exponent in Diffie-hellman? (Bob Silverman)
Re: Shamir announces 1 sec break of GSM A5/1 (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Thu, 9 Dec 1999 03:05:14 -0600
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
|> Steve K wrote:
|> > Unless he is carrying a badge. Or a gavel. Then,
attempting real
|> > resistance will get you summarily shot, and properly so.
Something
|> > about national sovreignty, if I remember my political
science
|> > defnintions.
|>
|> It has nothing to do with national sovereignty!
|> The government is authorized, or at least able with impunity,
|> to use force to achieve its ends. That's why it is important
|> for the citizenry to keep a tight rein over the government.
|> Apparently in the UK and Australia the citizens have
surrendered;
|> other evidence for that is that they let the agents of the
|> government disarm them (with a consequent, predictable leap
|> in the violent crime rate, especially home invasions). Sheep.
I think you can look at the UK and Australia to see where we are
headed, full speed ahead and (apparently) no brakes.
--
Rick
============================
Spam bait (With credit to E. Needham):
root@localhost
postmaster@localhost
admin@localhost
abuse@localhost
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Thu, 9 Dec 1999 02:59:22 -0600
Volker Hetzer <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Rick Braddam wrote:
> > Sounds like the difference between using PGP for email and
SSL for purchases.
> Well, yes. Basically you can reason about the security of the
protocol
> without
> bearing the final application in mind. The good thing is that
after that
> you can use
> ssl for almost anything. The bad thing is that you cannot make
any
> assumtions about
> the applications that use SSL.
Another good thing is that SSL requires nothing of the user -- it
is transparent to the user, too. It seems to me that could also
be a bad thing... since it doesn't allow much in the way of user
options. IIRC, SSL also sends identifiers for the crypto
primitives used. That's great for interoperability, but tells an
attacker exactly what s/he must attack. And the crypto primitives
are a small subset of all available algorithms. Also, there is no
mechanism for using a pre-agreed-upon set of primitives without
sending/exchanging the identifier information. I would think that
an attacker's problems would be compounded if correspondents
chose the primitives in advance from a large set of primitives
(like Wei Dai's Crypto++ library, or Eric Young's 'original'
SSLeay library) and no information identifying which were used
were transmitted with messages.
-snip agreement-
> > I didn't
> > think about sending each item of info immediately as soon as
it was developed.
> Then, of course there are all those nice images where you can
watch the
> buildup when they gain resolution.
Yes, I like those images, too. Is the image information actually
transmitted in the page, or is it transmitted as a different
'message' interleaved with the http page? At any rate, Scott's
all-or-nothing encryption wouldn't work (in my opinion) in those
cases where information must be displayed or used before the
whole message is received, like in those interleaved images.
-snip agreement-
>
> > Does anyone have, or can anyone make a good estimate of, the
percentage of Internet traffic which is short-message based...
-snip-
> I don't but I *think* that large data transfers (live
phone/video
> connections, video/sound on demand) will increase in the near
future.
I strongly agree. I *think* that all sizes of data transfers will
increase *dramatically* in the near future. I also think that the
rate of increase will not be faster for large data transfers
until high speed connections are more widely available. I have a
56K modem, connected tonight at 42667, and I don't have time to
waste on viewing streaming lectures or news. I download the .pdfs
when they are available. They are usually much smaller and
download quicker. When I can get ADSL or a cable modem, I might
be more receptive to streaming data. My sons and their friends
use real-time audio (chat type), but I haven't looked at the
programs in operation to try to determine if they accumulate data
then transmit it or transmit continously. One program I remember
seeing used was half-duplex. That seems to indicate that the
voice data was being accumulated before transmission, which would
enable message-block encryption.
Even David Scott does not promote "all or nothing" encryption for
all uses. He discusses it in terms of file encryption, I see a
need for it in email or chat communication, and then only when
the highest level of security is needed. "All or nothing" is not
limited to Scotts encryption algorithm, the concept (as I
understand Scott's implementation of it) can be applied to any
block cipher.
--
Rick
============================
Spam bait (With credit to E. Needham):
root@localhost
postmaster@localhost
admin@localhost
abuse@localhost
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Digitally signing an article in a paper journal
Date: 9 Dec 1999 09:50:16 GMT
In article <[EMAIL PROTECTED]>,
KloroX <[EMAIL PROTECTED]> wrote:
>I have the following problem. I shall publish one or more articles in
>scientific journals which are printed on paper (i.e. no digital
>storage is used for the medium). For reasons which I am not discussing
>here, I cannot use my real name as author at present, but I wish to
>use a pseudonym and be able to demonstrate publicly my (real) identity
>as the author of the article(s) at a later date....
>
>I thought of using a sentence like "The author of this article
>entitled [...] reserves the right of making his real identity known at
>a later date", and placing a dugutal signature on this sentence, in a
>format that can be printed on paper without difficulty.
>
>There may be a lag of several years between the time of publication
>and the disclosure of my identity, and the method for verifying the
>signature should be faily standard (e.g., using a PGP key). How should
>I proceed in practice? Are there aspects to this problem which may
>present difficulties?
You don't need to sign the whole article. Just make up a sentence
like "The author of this article <title> is <your name>, secret words
banana swordfish mugwump" and compute the SHA-1 hash code of the
sentence (this will be 40 hex digits). The secret words are just some
nonsense to keep people from guessing the sentence unless you reveal
it. Require that the journal publish the hash code (it should fit on
one line) along with the article. Then when you want to claim
authorship, reveal the sentence. Anyone can type the sentence into a
computer and verify the hash code.
I'd be surprised if any respectable journals were willing to publish
articles under such conditions, by the way.
------------------------------
From: KloroX <[EMAIL PROTECTED]>
Subject: Re: Digitally signing an article in a paper journal
Date: Thu, 09 Dec 1999 11:13:40 +0100
Reply-To: [EMAIL PROTECTED] (this is spam bait)
On 9 Dec 1999 09:50:16 GMT, [EMAIL PROTECTED] (Paul Rubin) wrote:
>You don't need to sign the whole article. Just make up a sentence
>like "The author of this article <title> is <your name>, secret words
>banana swordfish mugwump" and compute the SHA-1 hash code of the
>sentence (this will be 40 hex digits).
[...]
Thank you for the suggestion. A hash is much simpler than using a
public-key algorithm.
>I'd be surprised if any respectable journals were willing to publish
>articles under such conditions, by the way.
The situation is unusual, admittedly, and I would have to count on
sympathetic treatment by the editors. But, on the other hand, science
should be judged on its objective value, not on who writes it.
------------------------------
From: "Tim Wood" <[EMAIL PROTECTED]>
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Thu, 9 Dec 1999 10:22:46 -0000
<snip>
>
>It was a silly example. Let's replace it with this:
>
>You have a little box with a little lock. Glued flush inside the
>bottom of the little box, is a wire mesh. In the cells of this mesh,
>live a few hundred beads, in all colors of the rainbow. They
>represent a pass phrase made of the letters r, o, y, g, b, i, and v.
>Anyone who picks up the box to examine it, has just effectively
>destroyed the data that the pass phrase protects. Bet a nickel they
>will even shake it. Key space math, and making the box irresistably
>interesting to an intruder, are left as exercises.
>
>That leaves the problem of data lost forever, and a hopping mad
>prosecutor whose toy got broke. So for a more practical solution,
>accessble to honest citizens who don't want to risk accidentally
>destroying their data just to uphold a principle
Of course, if you memorized the passphrase or key (or recorded it in some
other hidden way) you could simply pretend that it had been destroyed (by
showing the shaken box). You would not even lose your data (hide a backup
somewhere).
tim
------------------------------
From: "Phil Bartley" <[EMAIL PROTECTED]>
Subject: Re: Digitally signing an article in a paper journal
Date: Thu, 9 Dec 1999 11:47:58 -0000
Dear KloroX
We have been working on a solution to this problem that we call Certigram.
Take a look http://www.certigram.com
Yours
Phil
KloroX <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I have the following problem. I shall publish one or more articles in
> scientific journals which are printed on paper (i.e. no digital
> storage is used for the medium). For reasons which I am not discussing
> here, I cannot use my real name as author at present, but I wish to
> use a pseudonym and be able to demonstrate publicly my (real) identity
> as the author of the article(s) at a later date.
>
> It is not possible to sign the entire article, because the contents of
> the text may be changed slightly by editors (but enough to invalidate
> a digital signature) without consulting me. The most that an editor
> would probably allow is a paragraph of under ten printed lines added
> somewhere in the "Acknowledgements" section of the article. We may
> assume that the text in this paragraph will not be altered by the
> editors.
>
> I thought of using a sentence like "The author of this article
> entitled [...] reserves the right of making his real identity known at
> a later date", and placing a dugutal signature on this sentence, in a
> format that can be printed on paper without difficulty.
>
> There may be a lag of several years between the time of publication
> and the disclosure of my identity, and the method for verifying the
> signature should be faily standard (e.g., using a PGP key). How should
> I proceed in practice? Are there aspects to this problem which may
> present difficulties?
>
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Thu, 09 Dec 1999 14:55:09 GMT
In article <82nvqe$adr$[EMAIL PROTECTED]>, "Tim Wood" <[EMAIL PROTECTED]>
wrote:
><snip>
>>
>>It was a silly example. Let's replace it with this:
>>
>>You have a little box with a little lock. Glued flush inside the
>>bottom of the little box, is a wire mesh. In the cells of this mesh,
>>live a few hundred beads, in all colors of the rainbow. They
>>represent a pass phrase made of the letters r, o, y, g, b, i, and v.
>>Anyone who picks up the box to examine it, has just effectively
>>destroyed the data that the pass phrase protects. Bet a nickel they
>>will even shake it. Key space math, and making the box irresistably
>>interesting to an intruder, are left as exercises.
>>
>>That leaves the problem of data lost forever, and a hopping mad
>>prosecutor whose toy got broke. So for a more practical solution,
>>accessble to honest citizens who don't want to risk accidentally
>>destroying their data just to uphold a principle
>
>Of course, if you memorized the passphrase or key (or recorded it in some
>other hidden way) you could simply pretend that it had been destroyed (by
>showing the shaken box). You would not even lose your data (hide a backup
>somewhere).
>
>
In a real police state and we may be already there if not close. It will
make no difference. Just as it is common for cops to carry throw down
guns or drugs so they can get people locked up. It will be even easier
to plant encrypted data on ones computer with the key of there choice.
The current court system is a joke any way. The FBI can manufactor
the evidence it wants to use. And any one stupid enough to think other
wise his not been following the stores in the news about the blue line
of silence and the LA cop corruption and the recent faking and handling
of evidence by the FBI.
What many people are forgetting is that the current government is
getting about as corrupt as can be. Only the chinese and rich business
men with there money can get justice any more. I hope the gun manufactors
sue the police departments for the imporper use of fire arms since the
feds are using our tax money to go after gun manufactures instead of
criminals. Our at least they can add a large surchage on the guns that
find there ways in to cops hands and later onto the dead bodies of citizens
that the cops dump the guns on.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: weak algorithm, too hard for me
Date: 09 Dec 1999 13:58:45 GMT
Gaccm [EMAIL PROTECTED] writes:
>here is the encryted version of what i need
>VCF44BDDF6568BE16FC5C6734D1798F56574F679858563C
Try: TH1aRM2
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Crossposted-To: comp.dcom.vpn,comp.security.firewalls
Subject: Re: Curious Phenomena....Re: High Speed (1GBit/s) 3DES Processor
Date: 9 Dec 1999 13:53:35 GMT
Reply-To: [EMAIL PROTECTED]
In article <z4D34.1030$[EMAIL PROTECTED]>, Casey ([EMAIL PROTECTED])
wrote:
> Hi Paul. I was wondering... Starting with the post you made on or about
> 11/17 on this thread, everytime I read messages from you, I get a window
> panel that says I should download a Japanese symbol interpreter. It is only
> messages that you originate. Subsequent messages on the thread from other
> people don't require it, but subsequent messages from you on the thread do.
> Any ideas why?
Because his headers contain the following:
> Content-Type: text/plain; charset=iso-2022-jp
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: "Yuri Federovich" <[EMAIL PROTECTED]>
Subject: QBITS
Date: Thu, 9 Dec 1999 15:05:31 +0100
Reply-To: "Yuri Federovich" <[EMAIL PROTECTED]>
It would seem that a QBIT can contain more information, than a classical
BIT, because its value is determined by many universes which interfere. In
that case it is possible to construct a quantum computer which has more
information in its memory than exists in our entire universe.
They switched on the giant computer, the first question they asked was;
"is there a God?", and it replied "there is now!".
Hmmm
Yuri
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Thu, 09 Dec 1999 15:21:57 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Johnny Bravo) wrote:
>On Wed, 08 Dec 1999 23:14:58 GMT, [EMAIL PROTECTED]
>(SCOTT19U.ZIP_GUY) wrote:
>
>> Since we are being hypathetical. lets assume our Jewish
>>friends have captured 3 Moslem terroists. And that Isreally
>>intellagnce knows that 3 three have encrypted the message
>>Such that the first one encrypted the message.
>
> This is where the entire scenario falls apart. They just torture
>the plaintext out of this guy, bypassing the encryption entirely.
>
> Johnny Bravo
>
Ah but in this scenario the guy who did the first encryption
never looked at the file he was encrypting. He got the file from
another man whose team was killed after returning to base
so that he doesn't know the plain text file.
So the state would be wasting preicous time using the
old german expert to torture a plain text message out of
the first guy since he does not know what it is. But
nice try.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NSA future role?
Date: Thu, 09 Dec 1999 15:16:46 GMT
In article <82nmk5$1n3$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David Wagner) wrote:
>In article <[EMAIL PROTECTED]>, CLSV <[EMAIL PROTECTED]> wrote:
>> If you walk into a decent university library you can find all
>> you need to build a good encryption algorithm.
>>
>> True or false?
>
>Do you mean implement an existing algorithm, or design a new one?
>Implementation is easy, if you can program; design is hard to get
>right, even if you've already got a strong math & crypto background.
If you have a strong math background it is not that hard to design strong
crypto. Sure there is a learning curve and it takes time to grab certain
views. Such as the view one should pretend the enemy has a copy of your
code. This adds to the complications. Also the assumtion that under some
cases your enemy can give you data to encrypt. Most people well versued
in mathematics may take time to accept such views if they accept them
at all. But once they do it is not hard to design good crypto after a few
tries. The biggest hurdle is that many are dummbed down due to the presence
of the NSA and false crypto gods that try to steer cypto into directions that
the NSA wants so that crypto code can be easily broken.
The views the so called experts have on the use of bad compression is
actually such an easy concept that it should have been done decades ago.
But the false gods have kept development in that direction covered. So people
who compress there data before encrypting will do so in the way that makes
there code an easy target for the NSA. An other such proof is the lack of
good chaining methods for complete files that spread the information through
the whole file. This is a rather trival concept to explain but the crypto gods
don't even want the casully user to have this ability at all. There only
defense is that the old error recovery ways are always the best and anything
that does it different is snake oil. They also want people to use small keys
To even quote Mr BS himself he even stated on this forum that for him
designing long key crypto methods that are secure would be much harder
for him. This was to help foster the flase impression that the NSA wants
people to belive. Yes he and the NSA will do a good job on selling the
AES stuff as secure. But do you really think the NSA would allow a
secure crypto system to become a US standard that they could
not easily brake.
Yes they want fools to think crypto is hard. And that only a chosen
few that they get to carefully elavate to a high preiesthood will be able
to tell people what to do. The last thing big bother wants is people
capable of thinking for themselves.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Thu, 09 Dec 1999 14:32:20 GMT
On Thu, 09 Dec 1999 07:10:47 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>Steve K wrote:
>> Unless he is carrying a badge. Or a gavel. Then, attempting real
>> resistance will get you summarily shot, and properly so. Something
>> about national sovreignty, if I remember my political science
>> defnintions.
>
>It has nothing to do with national sovereignty!
A sovreign State is defined by its power to tax, imprison, and
conscript the residents of a given geographic area, and the power to
defend these perogatives from others groups with similar aims.
Political Science 101.
>The government is authorized, or at least able with impunity,
>to use force to achieve its ends. That's why it is important
>for the citizenry to keep a tight rein over the government.
This looks good on paper, but unfortunately, the framers of the U.S.
Constitution did not anticipate the Industrial Revolution and the new
form of Capitalism that it introduced. The turning point was (IMO)
the Civil War. The industrial States established their sovreign
authority over the agricultural States by controlling the Federal
legislature.
The key issue was protective tariffs, intended to force the
agricultural States to trade with Europe through middlemen in the
industrial States, and to restrict the trade in "high tech"
manufactured goods to inferior overpriced U.S. products. The
agricultural States in turn asserted their own sovreignty, forming a
new nation. The rest, as they say, is history.
Today, the reins of power in the developed world are firmly in the
hands of a tiny minority, composed almost exclusively of industrial
and finance interests. This is a far different distribution of power
than that anticipated by the framers of the Constitution, whose
experience equated privately owned productive land with wealth and
responsibility. They sought to limit Federal authority to the minimum
required to serve the common interests of the States, but that only
lasted for about fourscore & seven years. Government of the people,
by the people, and for the people, did indeed perish from this Earth,
replaced with government of, by, and for a wealthy elite comprising
less than 5% of the general population.
>Apparently in the UK and Australia the citizens have surrendered;
>other evidence for that is that they let the agents of the
>government disarm them (with a consequent, predictable leap
>in the violent crime rate, especially home invasions). Sheep.
I haven't heard of any home invasions in the UK that can compare to
the Mount Carmel home invasion & subsequent massacre. The U.S. has
limited bragging rights when it comes to keeping its government under
control...
Okay, I promise, no more political rants in sci.crypt. Seen any good
cipohers lately?
Steve K
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: low exponent in Diffie-hellman?
Date: 09 Dec 1999 14:38:04 GMT
The brute force would be SQROOT of exhaustion on number of bits. For 128 bits
this is 64 bits or 2**64 ops.
Don Johnson
------------------------------
From: CLSV <[EMAIL PROTECTED]>
Subject: Re: NSA future role?
Date: Thu, 09 Dec 1999 14:39:28 +0000
David Wagner wrote:
>
> In article <[EMAIL PROTECTED]>, CLSV <[EMAIL PROTECTED]> wrote:
> > If you walk into a decent university library you can find all
> > you need to build a good encryption algorithm.
> > True or false?
> Do you mean implement an existing algorithm, or design a new one?
> Implementation is easy, if you can program; design is hard to get
> right, even if you've already got a strong math & crypto background.
I've seen the post on Peekboo and it seems like a nice product.
However, what I meant was designing a new algorithm. It doesn't
have to be revolutionary, it might be quite conservative. The building
blocks are ready available. If you only consider block ciphers there
is a wealth of knowledge about essential parts like S-boxes, Feistel
networks et cetera. There are security benchmarks like lineair and
differential cryptanalysis. I think someone willing to invest the time
should be able to crank out a *decent* algorithm.
Regards,
Coen Visser
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: low exponent in Diffie-hellman?
Date: Thu, 09 Dec 1999 14:28:19 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> i perform a calculation g^x mod p. g=2 and p a prime of 768bits.
> The algorithm i used is based on the 'square and multiply'
> exponantiation so the smaller x is, the faster is the computation.
> as far as i know the only constraint for x is to be 0 > x > p-2.
>
> can i reduce x to 128bits (enougth to prevent a brute force) ?
A variation of the Lambda method allows finding x in time
O(sqrt(b-a)) if x is known to lie in the interval [a,b]. So,
if you reduce x to 128 bits, it can be found in about 2^64
group operations. ---> not secure!
> or there is a special attack for the low exponent ?
The attack isn't specifically against "low exponent", but rather
against the logarithm lying in some bounded interval.
>(some RSA implementations got issues about that
Citations please?
This is another "urban legend".
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Shamir announces 1 sec break of GSM A5/1
Date: Thu, 09 Dec 1999 15:29:44 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]=NOSPAM
(Gurripato) wrote:
>On 09 Dec 1999 05:37:45 GMT, [EMAIL PROTECTED] (JTong1995) wrote:
>
>>Cell Phone Crypto Penetrated
>>by Declan McCullagh
>>10:55 a.m. 6.Dec.1999 PST
>
>>James Moran, the fraud and security director of the GSM Association in
>>Dublin, says that "nowhere in the world has it been demonstrated --an
>>ability to intercept a call on the GSM network. That's a fact....
>
> Another proof is that, in many countries, that demonstration
>would break the law, so researchers are forbidden from proving it.
>Absence of proof does not imply proof of absence.
Don't you love it when asshole politicans make a stupid fucking
law and then use the law as proof no one can break something becasue
its against the law. Are they really that stuoid?
>
>>To our knowledge there's no hardware capable of intercepting."
>
> Guess the NSA didn�t invite them to their annual
>see-all-our-surveillance-hardware, hmm?
>
No he probily came. But like most management when they go to
such meetings. Its the partys and free booze and hookers that
these kind of meetings unite that they really go for. The fact that they
are usually not capable of understanding what goes on is another
matter. Also it looks good on there resume to have such meetings.
They can also forever afterwards pretend they are experts in the field.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
