Cryptography-Digest Digest #840, Volume #10 Wed, 5 Jan 00 05:13:00 EST
Contents:
Re: ATTN: Help Needed For Science Research Project ([EMAIL PROTECTED])
Re: Secure Delete Smart (John G. Otto)
Re: Truly random bistream (Boris Kazak)
Re: Why the Cryptonomicon in Cryptonomicon? (Wolf)
Re: meet-in-the-middle attack for triple DES (Scott Fluhrer)
Re: REQ: Applied Crypto source disc ("Jason C. Hartley")
Re: Truly random bistream (Scott Nelson)
Re: Anonymous Source Problem ("Lyal Collins")
Re: On documentation of algorithms (wtshaw)
Cert. Man. Library ("Clint Eastwood")
Re: trits from characters (Mok-Kong Shen)
Re: Truly random bistream (TohuVohu)
Square? ("Andrej Madliak")
Re: Square root attacks against DSA? (Serge Vaudenay)
Change of number bases (Mok-Kong Shen)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: ATTN: Help Needed For Science Research Project
Date: Wed, 05 Jan 2000 04:55:23 GMT
> For instance, can you manipulate matrices, perform modulo arithmetic,
> understand elliptical equations, and so on; or might you be better
> off with simpler systems using exclusive-or (XOR) operations, and
> transpositions and substitutions of characters?
>
> One question you'll want to answer soon is the aspect of
> cryptography you're interested in - creating them, testing and
> breaking, decyphering them, comparing the effort needed to
> decypher two or more methods, etc.
the way i would go about it is take up _a_ algorithm and read up
everyting available about it. then start with implementing it. believe
me this is the simplest part: _implementing_. then put some ideas u
would have after having read literature on it in to practice.
ofcourse choose an algorithm after answering the above questions.
�
> Whatever you decide, be sure you enjoy it.
all the best and regards,
rasane_s.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John G. Otto)
Crossposted-To: alt.privacy
Subject: Re: Secure Delete Smart
Date: Tue, 04 Jan 2000 21:33:30 -0800
> Guy Macon wrote:
>> Mark D wrote:
>> So here's your solution: burn all your information to cd, and if you
>> want to 'secure delete' it, you just smash the cd. Since they're only
>> about a buck a piece, it would be fairly inexpensive.
Sand them, first. :B-)
> I actually do this, but I use floppies and toss them in the fireplace
> (I know, bad gasses, but it's just one floppy and it mostly goes up
> the stack if you toss it in deep).
Not too bad. If it's hot enough, the heat alone destroys the
magnetic pattern, and the "bad gasses".
Some places, I've heard, take their old hard drives apart and
drop the platters in acid to eat up the metal oxide coatings.
--
John G. Otto Nisus Software, Engineering
http://www.nisus.com SuperSleuth QUED/M
http://www.mathhelp.com GIA Nisus Writer
http://www.infoclick.com Easy Alarms Mail Keeper
Opinions expressed are not those of Nisus Software.
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: Truly random bistream
Date: Tue, 04 Jan 2000 21:49:06 -0800
Reply-To: [EMAIL PROTECTED]
Alternatively, just use a hardware RNG (noise diode based or other
type) capable of producing about 10000 bits/sec, and run this gadget
for 1600 seconds -about 1/2 hour...
Best wishes BNK
========================
Tim Tyler wrote:
>
> Nigel Fitchard <[EMAIL PROTECTED]> wrote:
>
> : I would like to get hold of a truly random bitstream - about 2^24 bits long
> : should be plenty. Does anyone know if such a thing exists for download ?
>
> No such thing is known to exist anywhere on the planet.
>
> If anyone were ever foolish enough to puport to offer such a service,
> it would not be possible to verify whether their material was genuine.
> --
> __________
> |im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
>
> 0.666 - number of the millibeast.
------------------------------
From: Wolf <[EMAIL PROTECTED]>
Subject: Re: Why the Cryptonomicon in Cryptonomicon?
Date: Tue, 04 Jan 2000 23:06:44 -0600
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
>Having finally broken down and purchased the novel - two
>copies of it having been on sale at half price in a local
>bookstore - and being pleasantly surprised to find it highly
>readable (I was worried it might be too much in the cyberpunk
>genre for my tastes), I am struck by one strange thing.
[Cut]
It has been several months since I read the book, but I recall
the Cryptonomicon of the story as representing little more than
a loose - very loose - collection of notes and papers
containing what the Navy's Pacific crypto group had learned
about the Japanese codes to that point in the war. To my
recollection, it served as a sort of guide and reference, and
was added to with each new general cryptographic discovery or
break of a Japanese code. All very unofficial. Subsequent
mentions in the story seemed to indicate its growth both in
terms of content and its importance to the general crypto
effort on all fronts.
As I said, it has been a while since I read the book, so
perhaps I recall incorrectly.
As a plot device, it seemed neither to help nor to hinder the
story, and for all I know may have been included simply to
provide a peg for the book's title. Writers, I imagine, are not
above creating a reason to use a nifty title when they have one
in mind. ;)
It's also possible more detail on the Cryptonomicon was edited
out. Though a quick, easy and enjoyable read, at a thousand
pages, it made for hefty novel. Some readers shy away from very
long books.
Regards.
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.5.2
iQA/AwUBOHLQ5I7Et3TIxVBTEQKXlQCgjLuYp9eDR40OZ+G9MCDGjzy1EL0AoI3s
BpE456zFtUYIbSh7QD1Z70WL
=cpGj
=====END PGP SIGNATURE=====
--
W O L F | [EMAIL PROTECTED]
"A little while she strove and much repented; And
whispering, 'I will ne'er consent' - consented."
- BYRON, "Don Juan," I
------------------------------
From: Scott Fluhrer <[EMAIL PROTECTED]>
Subject: Re: meet-in-the-middle attack for triple DES
Date: Wed, 05 Jan 2000 06:05:56 GMT
In article <84tah2$gup$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Bill Unruh) wrote:
>In <84s453$ajm$[EMAIL PROTECTED]> Scott Fluhrer <[EMAIL PROTECTED]>
>writes:
>>but not totally out of the question for someone who wants to break your
>>code and has *lots* of money to spend on it. And, when the evil attacker
>>is done with your message, he can reuse the tapes to attack someone else's.
>
>No he cannot since the data is specific to the message being encrypted.
>
I think I should make myself clearer:
"He can reuse the tapes to record other data that can be used to attack someone
else's data (or backup his hard disk one billion times, if so inclined)"
Sorry
--
poncho
------------------------------
From: "Jason C. Hartley" <[EMAIL PROTECTED]>
Subject: Re: REQ: Applied Crypto source disc
Date: Wed, 05 Jan 2000 06:17:01 GMT
Keith,
First off, you suck.
Secondly, I am so profoundly lazy you have no idea. In a moment of
clarity, recently, I quit my job after lunch. I would have quit long
ago, but I was too lazy. So now 40 bucks means a lot of Taco Bell.
Plus, if you don't pay for something then never use it because you're
too lazy, you don't feel like you wasted any money. Dontcha love
that?
What was the point of you telling me this crap, you snot-nosed college
brat? Jeezus. You're a dickweed. (Wow, this is my first flame
since, well, college.) That was kinda fun. Thanks for the
entertainment, Keither.
-Jason
Keith A Monahan wrote:
>
> Jason,
>
> First off, this is not alt.binaries.warez.cryptostuff.
> Secondly, if you are too lazy to work the number of hours to be able
> to afford a $40 item, then you are probably too lazy to use the CD
> anyways. What's it take, a days work perhaps at minimum wage?
>
> Keith
>
> Jason C. Hartley ([EMAIL PROTECTED]) wrote:
> : Can anyone tell me where one might get a hold of the source disc that
> : you can order for Bruce Scneier's Applied Cryptography? I'd really
> : like to get a copy of it.
>
> : If you read this Bruce, I'm sorry. I lova ya, but I just don't wanna
> : fork out 40 bucks for the disc.
>
> : -Jason ([EMAIL PROTECTED])
>
> : key:
> : 0x7603C163
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Subject: Re: Truly random bistream
Reply-To: [EMAIL PROTECTED]
Date: Wed, 05 Jan 2000 06:57:18 GMT
Apparently, Nigel Fitchard <[EMAIL PROTECTED]> wrote:
>
> I would like to get hold of a truly random bitstream - about 2^24 bits long
> should be plenty. Does anyone know if such a thing exists for download ?
>
Probably, though it depends on what you mean by "truly random."
http://www.fourmilab.ch/hotbits/ will serve you up some,
and http://lavarand.sgi.com/seed/current/block.html
has some precomputed random bits you can download.
Of course, they aren't _secure_ since anyone can
download the same numbers, and/or monitor
your download channel.
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
From: "Lyal Collins" <[EMAIL PROTECTED]>
Subject: Re: Anonymous Source Problem
Date: Wed, 5 Jan 2000 17:55:23 +1100
Let Peggy create a username and password on a box trusted by Victor
The information can only be entered onto that box when Peggy uses that
ID/password combination.
This is all every "free registration" site (e.g. on-line newspaper,
magaszines etc) ever gets, and they seem pretty happy with it.
Lyal
Hans wrote in message ...
>I'm working with a problem which I believe can be solved using
>cryptographic methods. After scanning the books (Applied Cryptography and
>others) and the web, I've not been able find a solution. The problem
>involves protecting an individual's identity.
>
>Here is a description of the problem-
>
>Peggy has some information she wants to send Victor, who is
>a reporter for a newspaper. Peggy wants to remain anonymous.
>Since Victor is able to verify the information Peggy provided,
>he now trusts her even though he doesn't know her true identity.
>
>Alice is also providing information anonymously to Carol, who similarly
>trusts Peggy . Peggy doesn't want Victor and Carol to know they are
getting
>information from the same source.
>
>Victor and Carol, however, need a way of knowing with full confidence that
>information is coming from Peggy, and not an imposter posing as Peggy.
>Similarly, Peggy wants to be sure that she is talking to Victor (or Carol).
>Note that it is also in Peggy's interest that no one can impersonate her.
>
>A mutual authentication is needed- however, only one can know the true
>identity of the other.
>
>Everyone (Peggy, Victor, and Carol) has an ID certificate with their true
>identities which is signed by Trent, a CA trusted by everyone. The ID
>certificate has a unique value which identifies the individual. So, Peggy
>asks Victor for his certificate, and checks it with Trents verifiying
>signature.
>
>The problem is- how Peggy prove her (anonymous) identity to Victor?
>
>I'm hoping there is a way of Peggy can create a new 'anonymous' certificate
>based on Peggy's and Victor's (or Carol's) certificate. My thinking is
>this- Since Victor must be sure this new certificate could only come from
>his anonymous person (Peggy), it must be based on Peggy's certificate
>(without revealing her true identity). Since Victor and Carol may not know
>they are getting information from the same anonymous person, the new
>certificate must also be based on Victor's (or Carol's) ID certificate.
>
>My question is- is there a way Peggy can create a new 'anonymous' identity
>based on two signed certificates (Peggy's and recipient's), which can be
>verified as authentic by the recipient, but reveals no information from
>Peggy's certificate? (Assume that a certificate is handled properly and
can
>not be stolen). I can create a new unique identity using encryption
>or hash functions of Peggy's and the recipients identities, but the
>signatures on the original certificates become useless.
>
>I've looked at 'zero knowledge' solutions, but haven't had much luck. I'm
>hoping there is a more straightforward approach. Any pointers or ideas
>would be greatly appreciated.
>
>-Hans
>
>
>
>
>
>
>
>
>
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: On documentation of algorithms
Date: Wed, 05 Jan 2000 01:34:43 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> Paul Koning schrieb:
> >
...
> > It seems to me that differential analysis and Einstein's work on
> > relativity are analogous in a way. A good teacher (such as Einstein)
> > can explain them in a superficial way well enough that interested
> > outsiders such as I can nod and say "yup, yeah, sure, I guess that
> > all makes sense". That's fun in a way. It doesn't really do much
> > for you, though, because that level of explanation and understanding
> > in no way qualifies the hearer to DO work on that topic, or to verify
> > the correctness of what was just explained.
>
> If you equate nodding to a superficial explanation to real
> understanding, I have nothing to say. If not, what is your point above?
>
I agree with you that getting down to the nitty gritty is important. To
different cultures, nodding can mean, yes, I understand, or I am hearing
you, or don't bother me with things I can't understand.
As needed, finding ten ways to get across the same concept is a necessary
teaching skill, as people do learn in different ways. Equally important
is asking the right questions to see that understanding really took place,
that you have not merely programmed a parrot.
--
Considering that the best guess is that Jesus was born in 4 BC,
for the purists, fate worshipers, and absolute prognosticators,
you all missed your boat fome time ago, as hype mongers rejoice.
------------------------------
From: "Clint Eastwood" <[EMAIL PROTECTED]>
Subject: Cert. Man. Library
Date: 5 Jan 2000 08:09:49 GMT
Can anyone suggest where to look for the Certificate Management Library?
It is referred to in the S/Mime Freeware Library docs.
I believe it is freeware but I cannot find who produced it.
Thanks if you can help, Graeme Dykes
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: trits from characters
Date: Wed, 05 Jan 2000 09:17:40 +0100
John Savard wrote:
>
> >Why isn't it an optimal procedure for crypto
> >purposes to map a given alphabet to the next larger power of 2 or,
> >when needed, using homophones to map it to a higher power of 2?
>
> A Huffman code is probably better. Homophones require good random
> numbers, and even then are weak.
I find it a bit interesting that both mapping to a smaller space
(Huffman) and mapping to a larger space (homophone) could be
beneficial and that the given character space is always the worst.
>
> >Certainly, using an uncommon base has the positive effect of forcing
> >the analyst to do something 'uncommon', thus hopefully reducing his
> >chance of success, but I am afraid that that alone might not be
> >sufficient justification for doing that and that tradeoffs, if any,
> >should also be considered.
>
> Using a different number base when mixed with binary encryption can
> frustrate analysis, since bits lose their identity. This generally
> avoids tradeoffs, except perhaps of execution time. My web site
> describes the sort of techniques I'm thinking of,
I agree with the frustration effect. However, if the base is not a
power of 2 and one stores the stuff on a binary medium, the storage
is not optimal. Certainly, that doesn't matter too much, neither
does the execution time. Both resources have indeed become so cheap
that it barely worth much considerations of economizing nowadays
(the human time for doing that is more costly), unless really huge
volumes of informations are involved.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (TohuVohu)
Subject: Re: Truly random bistream
Date: 05 Jan 2000 08:42:10 GMT
I don't see why this is impossible. Isn't radioactive decay "random" enough
for this. I thought one of the fundamentals of quantum behaviour is this
randomness.
I sort of new to all this stuff so please explain.
>: I would like to get hold of a truly random bitstream - about 2^24 bits long
>: should be plenty. Does anyone know if such a thing exists for download ?
>
>No such thing is known to exist anywhere on the planet.
>
>If anyone were ever foolish enough to puport to offer such a service,
>it would not be possible to verify whether their material was genuine.
------------------------------
From: "Andrej Madliak" <[EMAIL PROTECTED]>
Subject: Square?
Date: Wed, 5 Jan 2000 09:45:00 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Hi!
Who knows something about the "Square" algorithm, it's
strenght/weaknesses and attacks against it?
Thanks,
Andrej
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
Comment: Quis custodiet ipsos custodes?
iQA/AwUBOHL2fIaZUlJQw2ggEQLlPQCeMD0KhoB2Ia6rbcvESx8MGQ5Cs3kAoJUK
ovFqDd3nLJKpyO1Z07OkeNUd
=50qy
=====END PGP SIGNATURE=====
------------------------------
Date: Wed, 05 Jan 2000 10:44:31 +0100
From: Serge Vaudenay <[EMAIL PROTECTED]>
Subject: Re: Square root attacks against DSA?
"Paulo S. L. M. Barreto" wrote:
> Here's a question to the more theoretically-oriented sci.crypt people. I hope
> you find it at least funny, as the situation is certainly not usual.
> Nevertheless, it's a serious question.
>
> Suppose you setup a DSA-like signature scheme where p is reasonably large
> (1024 bits or more) but q is quite small (say, 80 bits or less). This
> unusual choice is made so that index calculus and brute force are unfeasible
> but "square root" discrete log attacks are possible (at least Pollard
> attacks, since Shanks may have too large storage requirements). Also,
> suppose all keys are short-lived and used only a few times to thwart
> birthday paradox attacks.
>
> The problem is that Pollard rho and lambda (as they are usually described in
> the literature) are useful to solve equation r = g^k mod q for k, but DSA
> uses r = (g^k mod p) mod q, hence the result won't in general be k but an
> unrelated quantity, seemingly useless to attack the s part of the signature.
>
> I've been thinking on this for a while but was not able to see how to adapt
> the attacks to DSA. Does anybody know how to overcome this difficulty? Or
> is DSA immune to such attacks?
>
> Thanks and cheers,
>
> Paulo Barreto.
Why don't you try to solve y=g^x instead?
Serge Vaudenay
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Change of number bases
Date: Wed, 05 Jan 2000 11:04:04 +0100
>From a recent discussion involving number bases other than powers
of 2, I came up with the following 'raw' idea and would like to know
whether it could eventually be of some practical use:
Given a representation of the information as a sequence of digits
in base b1, one first permutes the digits in some way (not
necessarily sophisticated, e.g. a classical transposition). Then
one divides the sequence into blocks of certain convenient length.
Each block is a number in base b1. One converts such numbers to
base b2 and concatenate them. The whole information is thus a
sequence of digits in base b2. One can repeat, if one like, the
same operations with base b3, b4 etc. The last base could be
the same as b1, so that if one starts from a bit sequence one
finishes with another bit sequence of generally different length.
Obviously the transformation is nonlinear in general. It is fairly
clumsy for manual work but should be rather simple to program.
M. K. Shen
==========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
