Cryptography-Digest Digest #979, Volume #10 Wed, 26 Jan 00 06:13:01 EST
Contents:
Re: NIST, AES at RSA conference ("Brian Gladman")
Re: Intel 810 chipset Random Number Generator (Guy Macon)
Re: Intel 810 chipset Random Number Generator (Guy Macon)
Re: Intel 810 chipset Random Number Generator (Guy Macon)
Re: MIRDEK: more fun with playing cards. (Rex Stewart)
Re: Solution to GCHQ puzzle published (Angus Walker)
Re: "Trusted" CA - Oxymoron? ("Lyal Collins")
----------------------------------------------------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: NIST, AES at RSA conference
Date: Wed, 26 Jan 2000 06:48:13 -0000
"John Savard" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Brian Gladman" <[EMAIL PROTECTED]> wrote, in part:
>
> >Its an interesting question but even if their results are not published,
> >what evidence is there that NSA will allow a knowingly weak AES solution
to
> >emerge when doing so will put the US information infrastructure - the
most
> >developed and hence the most vulnerable in the world - at risk?
>
> >We have had 50 years when the balance of government interests have
favoured
> >exploitation - in my view this has now changed and the balance has
shifted
> >in favour of protection.
>
> I'd like to think so, yet I don't think the government is likely to
> see it that way: exploitation, after all, is useful in dealing with
> something that is still a problem, international conflict; whereas for
> protection against the kind of threats normally envisaged against
> private industry, it is probably thought in those quarters that even
> ciphers with 40-bit keys are good enough.
> The thing that might change the balance of interests is not that
> exploitation has become less desirable, but simply that it is
> impossible to salvage.
I agree, governments would still exploit if they could but this is getting
more difficult for a wide variety of reasons and this, combined with the
need for better protection, is leading to the change. I didn't intend to
imply that the shift in the balance between exploitation and protection has
come about simply because protection is now more important - this is just
one of many factors.
Empires like NSA are huge and like super-tankers they can't change direction
quickly but I am convinced that NSA is quietly adjusting its priorites in
these areas. And in contrast to many on this list I do not see them as
completely hostile to the desire for better protection. Indeed, my US
colleagues who know what is going on tell me in no uncertain terms that the
real US 'evil empires' are Justice and the FBI, not DoD and NSA.
In fact it is probably the threat of both active and passive attacks by
other hostile governments that is driving the protection argument. In Europe
it has been the revelations about Echelon that have swung the balance of the
argument towards protection.
> But I'm not conversant with the success or otherwise of export
> controls on microcomputer chips and related items. So, I am not sure
> what obstacles might face a Third World country that decided to build
> its own cipher machines from scratch (since using desktop PCs, for
> example, is rather impractical - they're not rugged enough, and it's
> hard to keep them from revealing secrets).
The real problem is not with the cryptography as such but with the 'systems'
issues - it is relatively easy to implement a secure encryption algorithm in
isolation but it is much, much more difficult to build a system that uses it
to achieve good information security. Overall systems implementation and
security assurance are the hard parts as many have learnt to their cost.
> The fact that the NSA has such a large budget could be taken as an
> indication that their claim that exploitation is still possible, and
> export controls are worthwhile to avoid endangering it, has some
> validity.
Yes, but they want to ensure that their empire is preserved in a world where
intercept based exploitation is becoming much more difficult. If the US
government shows signs of wanting to spend money on information
infrastructure protection, which it does, I don't see NSA being absent from
the 'feeding frenzy'.
It is also paradoxical that as intercept based exploitation is progressively
closed down, exploitation will shift to other approaches such as systems
penetration where our defences are much weaker. In this sense, therefore,
the widespread deployment of cryptography for securing the infrastructure
could well make things worse since it could make end systems far more
attractive as targets with the consequence that society becomes much less
safe and secure.
I remain convinced that the US government has got more to loose than it has
to gain in making AES insecure. I am hence comfortable with its use.
Moreover I am convinced that AES will be widely adopted by industry and
commerce.
Others on this list take a very different view but no-one is forcing them to
adopt AES.
Brian Gladman
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 26 Jan 2000 05:09:12 EST
[EMAIL PROTECTED] (Michael Kagalenko) wrote:
>
>Guy Macon ([EMAIL PROTECTED]) wrote
>]
>]Did it ever occur to you that if EVERYBODY misunderstands your
>]posts the problem may be at your end? Did it ever occur to you
>]that refusing to elaborate, defend, or answer questions about
>]what you post is a less than optimal way of dealing with the
>]fact that nobody understands what you write?
>
>
> I will elaborate as soon as I notice that my previous explanation
> was read. So far, no one shows any signs of having done so. I am not
> going to.
> BTW, did EVERYBODY appointed you to speak for them ? Did it occur
> to you that those who understood what I am saying are less liley to object
Easy enough to test...
Did anybody reading this understand the posts in question?
Consider these facts:
[1] The vast majority of people are willing to elaborate, defend,
or answer questions about what they post just because someone
asked them to. The fact that someone misunderstood is reason
enough to help that person.
[2] You are often unwilling to elaborate, defend, or answer questions
about what you post when someone asks you to. By your statement
above, you consider the fact that someone misunderstood to be a
good reason to refuse to help that person.
Do you have a theory as to why your method of dealing with people
is so different from the way the vast majority of humans behave?
Have you noticed any difference between the way you are treated
and the way that people who use method [1] are treated? Can
you draw any logical conclusions from these differences?
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 26 Jan 2000 05:33:04 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Terry Ritter)
wrote:
>
>Noise does not change crystal oscillation frequency, even
>instantaneously. The crystal continues to physically flex and vibrate
>at exactly the same frequency. Noise in the circuit which senses the
>oscillation does produce the tiny phase variations known as "jitter."
>But jitter is not cumulative: it does not have position, it does not
>accumulate an offset; it is merely a perceived variation from the
>continued sine-wave flexing of the crystal. The bipolar noise
>averages out.
This sure does match up with what I have seen during many different
measurements of many different crystals and drivers over the years,
The piezoelectric output of the crystal looks really steady, but with
a bit of random noise riding on it. this goes into a logic circuit
which has a fixed switching threshhold. Because of the noise the
time at which the threshhold is crossed varies, which causes jitter
in the digital output of the gate. What our uncommunicative friend
is calling "Brownian random walk" seems to be the EE's old buddy
named 1/F noise,which gets farther vfrom the starting point the longer
you wait. What I see on the crystal signal looks like Gausian noise,
which stays centered around the starting point. If it didn't, I
could wait around until the voltage across my resistor got large
enough and use it as a DC power supply.
>> That's because you lack very basic understanding of the statistics
>> of Brownian random walk.
>
>Sorry. The effect simply does not exist.
Certainly not in crystals or resistors.
Now we do on occasion see 1/F noise in active circuits. There is a
lot of speculation about the true nature of the noise. If the
amplitude really is the inverse of the frequency, then in theory
you have infinite amplitude at 0 Hz! That's why we sometimes say
"1/F to the rails", meaning that the amplitude clips when it hits
the limits of the power supplies. I am more of a practical EE than
a theorist, and I haven't quite figured out how 1/F relates to
the popcorn noise found in some opamps.
>Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
This web page is *GREAT*!. The fallacy section is especially
nice. I just kept getting deeper and deeper as I saw really
clear definitions of various crypto terms. Thanks for providing
such a worderful resource!
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 26 Jan 2000 05:39:04 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Trevor Jackson,
III) wrote:
>
>Michael Kagalenko wrote:
>
>> Guy Macon ([EMAIL PROTECTED]) wrote
>> ]
>> ]Did it ever occur to you that if EVERYBODY misunderstands your
>> ]posts the problem may be at your end? Did it ever occur to you
>> ]that refusing to elaborate, defend, or answer questions about
>> ]what you post is a less than optimal way of dealing with the
>> ]fact that nobody understands what you write?
>>
>> I will elaborate as soon as I notice that my previous explanation
>> was read. So far, no one shows any signs of having done so. I am not
>> going to.
>> BTW, did EVERYBODY appointed you to speak for them ? Did it occur
>> to you that those who understood what I am saying are less liley to
object ?
>
>Those who understood that you are saying and agree with it might express
their
>agreement or support of your position. I have failed to detect any support
or
>agreement whatsoever. So it seems like everyone does support those who are
>telling you your methods of communication are ineffective.
>
Easy enough to test...
Does anyone here think that his methods of communication are effective?
Bonus questions: Does anyone here think that he will ever admit that
his methods of communication are ineffective? DEoes anyone not suspect
pride as the reason for this? Has anyone not heard the joke about the
drunk driving the wrong way on the freeway?
------------------------------
From: Rex Stewart <[EMAIL PROTECTED]>
Subject: Re: MIRDEK: more fun with playing cards.
Date: Wed, 26 Jan 2000 10:33:53 GMT
While reviewing this post, I noticed something all too obvious. If the
card searched for is the fist one dealt, there is no previous card.
While this is not a show stopper, it could lead one to believe there
are several possible solutions - however, most of them will lead to
problems or bias. I propose, when the first card up is the searched
for card, deal all remaining cards and use the last one out (which will
be in the opposite pile, since there are an even number of cards).
The reason I mention the card will be in the opposite pile is because
upon decryption you need to deal cards until you find the searched for
card (the cypher text letter) and use the next one. If it is the last
card you note which pile it is dealt into, pick up the opposite pile
and look at the bottom card (which is obviously the first card you
dealt).
Doing it this way will insure only one interpretation, will insure
mixing if the card is the first one out, and is only a slight slowdown.
Let me know what you think.
--
Rex Stewart
PGP Print 9526288F3D0C292D 783D3AB640C2416A
In article <86lujh$j3p$[EMAIL PROTECTED]>,
Rex Stewart <[EMAIL PROTECTED]> wrote:
> I have an idea that seems to meet 3 of the four properties. I can't
> tell if it meets the reversibility property (it takes me a while to
> work through that concept).
>
> The problem with the previouse search function is it provieded
concrete
> information about the state AFTER the substitution. If, instead of
> counting letters, you simply used the previous card the information
> would not be revealed.
>
> In other words, you want to encrypt "C"
> you search for "C"
> "JOIELC" finding it, you substitute "L"
> this is simply the card on the other pile.
>
> Decription uses the next card. Search until you find "L"
> and one more card makes "C"
>
> After the decks are put back together, the only thing certain is L is
> lower in the deck than C - and this is only true until after the count
> cut. I haven't tried it yet to see if the information it DOES reveal
-
> the proximity of the two letters PRIOR to the search - is of any value
> to an adversary. In going over the possibilities in my head, I haven't
> yet found any way to use this information.
>
> --
> Rex Stewart
> PGP Print 9526288F3D0C292D 783D3AB640C2416A
>
> In article <[EMAIL PROTECTED]>,
> Paul Crowley <[EMAIL PROTECTED]> wrote:
>
> a search with
> > the right properties:
> >
> > * dependent on the position of the searched-for letter, not the
> letter
> > searched for
> >
> > * reversible, given the searched-for letter
> >
> > * for each card in the old state of the left deck, every new
position
> > is equiprobable
> >
> > * ideally it would do some mixing too
> >
> > Actually, I can think of one but it's unwieldy: just cut cards from
> > the top to the bottom until the searched-for card is as far from the
> > bottom as it was from the top (ie one card if it's on the top, three
> > if it's second, 5 if third etc). Better suggestions would be very
> > welcome!
> > --
> > __
> > \/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
> > /\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
> >
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Angus Walker <[EMAIL PROTECTED]>
Subject: Re: Solution to GCHQ puzzle published
Date: Wed, 26 Jan 2000 10:43:51 +0000
>>When I held my mouse over "The Salary" of linguists (and viewed the
>>page source) - the characters I got were "OHE-H"...i.e. "H" instead of
>>"N".
>
>That was not an error - it was the "extra points". Remember that was on the *
>linguists* page 8*).
>
I don't understand that explanation. I think the most likely is:
1. Error (I spotted another error - on the 'Benefits' page under
Leisure they had part of the text about Cheltenham repeated (just after
mentioning the Bridge club) but they have corrected it now)
2. Since it is the Linguists' page, perhaps it is Russian?
--
Angus Walker
------------------------------
From: "Lyal Collins" <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,comp.security.pgp,comp.security.pgp.discuss
Subject: Re: "Trusted" CA - Oxymoron?
Date: Wed, 26 Jan 2000 21:49:30 +1100
I think what emerges as most useful is to consider the certificate as saying
something about a very specificattribute of a person.
Examples are a name, or a privilege (authorised to access account xxxx) etc
What becomes inteesting is a CA's ability to certify those things about the
certificate possessor/applicant.
For example, a bank can certify the persmission to access an account, and
the name in which the account is registered (not necessarily a personal
name - such as a company bank account).
But a bank can't effectively certify you as a doctor (a bank is
spectacularly unqualified to do so), nor can a medical board certify your
access privilege to a specific bank account.
Self-registered public keys (either plain, as or certiificates) make a lot
of sense for specific one-to-one relationships.
CA model certificate schemes don't make much sense.
At the end of the day, this means certificates provide data integrity
services, and an inidcator that the correct password was presented at some
time (maybe not even that in software-only solutions).
In most cases, passwords will provide the same level of privelge control.
Lyal
Anne & Lynn Wheeler wrote in message ...
>
>Lots of times, especially involving privacy issues ... the only thing
>that needs to be authenticated is if the entity authorized to perform
>the requested function ... in which case a generalized "identity"
>certificate (certifying some binding between a public key and some
>misc. personal information) can be orthogonal to the objective at hand
>... and possible may represent a compromise unnecessarily divulging
>personal information.
>
>In a typical retail scenerio ... the merchant doesn't actually need to
>know who you are when you present a credit card ... the merchant
>really wants to know whether they will be paid or not.
>
>There has also been misc. discussion of EU privacy guidelines about
>making retail electronic financial transactions as anonymous as cash
>... i.e. a credit/debit card presented to a merchant would contain
>no name &/or require any other identification information. It would
>similarly work in non-face-to-face retail electronic transactions
>(aka internet, e-commerce) with no identity information exchanged in
>the transaction.
>
>In the PKI world for financial institutions, this has been translated
>into "relying party only" certificates ... i.e. a certificate
>that only carries the public key and the account number for financial
>transactions (in order to avoid unnecessarily divulgy privacy
>information). However, for financial transactions it is easily shown
>that since the original of the certificate resides in the account
>record ... it is superfulous and redundant for the consumer to return
>their copy of the certificate as part of every financial transaction
>to their financial institution (and doing so can even unnecessarily
>increase the infrastructure's systemic risk).
>
>
>misc. references:
>
>http://www.garlic.com/~lynn/ansiepay.htm#aadsnwi2
>http://www.garlic.com/~lynn/aadsm3.htm#cstech13
>http://www.garlic.com/~lynn/aadsm3.htm#cstech8
>http://www.garlic.com/~lynn/aadsm2.htm#scale
>http://www.garlic.com/~lynn/aadsm2.htm#inetpki
>http://www.garlic.com/~lynn/aadsm2.htm#integrity
>http://www.garlic.com/~lynn/aadsm2.htm#account
>http://www.garlic.com/~lynn/aadsm2.htm#privacy
>http://www.garlic.com/~lynn/aadsm2.htm#stall
>http://www.garlic.com/~lynn/aadsmore.htm#hcrl3
>http://www.garlic.com/~lynn/aadsmore.htm#schips
>http://www.garlic.com/~lynn/aadsmore.htm#vpki
>http://www.garlic.com/~lynn/aadsmore.htm#killer0
>http://www.garlic.com/~lynn/aepay3.htm#aadsrel2
>http://www.garlic.com/~lynn/aepay3.htm#x959discus
>
>--
>Anne & Lynn Wheeler | [EMAIL PROTECTED], [EMAIL PROTECTED]
> http://www.garlic.com/~lynn/ http://www.adcomsys.net/lynn/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
