Cryptography-Digest Digest #982, Volume #10 Wed, 26 Jan 00 17:13:01 EST
Contents:
Mac encryption algorithm? (elliptic)
New to cryptology question, rolling XOR ("Jonas")
Re: How much does it cost to share knowledge? (Tom St Denis)
Re: Should I buy the Dr Dobbs CD? (Keith A Monahan)
Re: How much does it cost to share knowledge? (Tom St Denis)
Re: How much does it cost to share knowledge? (Tom St Denis)
Re: 1on1lite (Was: Re: Echelon monitors this group) (Paul Koning)
Re: What about the Satanic Seven??? (Paul Koning)
Re: Does RSA use real prime ? (Paul Koning)
Re: A Format for Cipher Challenges ("Douglas A. Gwyn")
Re: Strong stream ciphers besides RC4? (Tom St Denis)
Re: Why did SkipJack fail? ("Douglas A. Gwyn")
Re: encryption/decryption programs (Tim and Carolyn)
Re: New to cryptology question, rolling XOR ("Douglas A. Gwyn")
Re: Should I buy the Dr Dobbs CD? (David A Molnar)
Paper on Parallel Factoring (David A Molnar)
Re: ECC & RSA re: patents, copyrights (Uri Blumenthal)
Re: english word list (Dan Day)
Re: Mac encryption algorithm? (Keith A Monahan)
Re: How much does it cost to share knowledge? (Jeff Williams)
----------------------------------------------------------------------------
From: elliptic <[EMAIL PROTECTED]>
Subject: Mac encryption algorithm?
Date: Wed, 26 Jan 2000 19:57:58 GMT
I need some help on findng a good encryption algorihm that is easily
implementable on a mac. If you could point me in the right direction it
would be appreciated.
thanks
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Jonas" <[EMAIL PROTECTED]>
Subject: New to cryptology question, rolling XOR
Date: Wed, 26 Jan 2000 21:15:18 +0100
Would a rolling XOR be hard to break?
Let's say i create a loop that substitute the first bit in the password with
the first one i encrypted with XOR in the message.
When i used all my password bits i simply use the XOR, at the same time i
use it, i instantly create new ones from the message, until i XOR the whole
message with itself.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: How much does it cost to share knowledge?
Date: Wed, 26 Jan 2000 20:34:17 GMT
In article <86n53c$l4o$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Keith A Monahan) wrote:
> Hey Tom,
>
> $300 (or $485 regular) is really a somewhat fair and reasonable price.
> I typically attend other technical conferences for work and they are
> somewhere in the $1500-$2000 range. Remember, this is New York City
so
> everything is higher and the New York Hilton is one of the better
> hotels in the area.
>
> I'm not trying to justify their prices but I'll bet you they aren't
> making as much off it as you think.
>
> Besides, with this being a 'niche' type conference, there won't be as
> many reservations as there would be at say, a $50 computer show.
>
> With all this being said, I'm hoping my company is going to send me
> up there for a few days -- and they will be the ones paying for it.
> When I told my boss, $485, his response was, "Is that it? Hell,
expenses
> will be more than that." Usually, its the other way around -- or
closer
> anyways.
It's not just that, like euro-crypt if you want the years papers it's
100 bucks a shot and that's US too. So you get 200 pages of stuff
[which they got for free] for 145 bucks cdn? I could see paying 50
bucks cdn for euro-crypt books but 150?
They are a bunch of thieves and that's all.
As for the confererance how much does it cost to sit 200 or so people
down and have speakers with ohp? At 200 people say 50/50 for students
that 100(300) + 100(485) or 78,500$ ... Ok maybe not 200 people but you
get my picture... even at 100 people they get 39,250$ ...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: Should I buy the Dr Dobbs CD?
Date: 26 Jan 2000 20:49:03 GMT
Victor,
I bought it and I'm (still) happy with the product.
You can't find all this information nearly as inexpensive anyplace
else. Buying all the books separately would cost a ton more. I
am actually in the process of buying the books seperately but I can
buy them at my leisure and I still have access to all the information
in the time being.
Honestly, even if I owned all the printed books, I would have purchased
it anyways because it allows you to do full text searches on the entire
set of books. This makes it handy when researching something like
SHA-1, or any related topics.
My copy was purchased in November 99.
The print quality is probably what I like the least about the CD, but
that's not to say it's bad. I would estimate about 95% of the text
to be clear. Occasionally, I get horizontal lines through the top
of a row of text. It's annoying but tolerable.
They are all PDF's, it ships with acrobat (3.0/3.1 I think) and a 'search'
plug-in module. Brand new Acrobat with search 4.0 is available for free
download from Adobe's site. It works fine.
In my opinion, there is NOTHING that can replace the quality of a good
hardbacked book. If you can't afford to purchase the originals OR, you
would like a fine searchable online copy, Dr Dobbs is a good choice.
I like the fact that you can cut and paste and it makes it easy to reply
to messages on sci.crypt for example.
Hope this helps,
Keith
Victor Zandy ([EMAIL PROTECTED]) wrote:
: I need a copy of Stinson's "Cryptography: Theory and Practice".
: Instead of buying the paper edition, I am considering the Dr Dobbs
: Journal CDROM collection of cryptography books, which supposedly
: contains Stinson and several other titles. The price difference is
: small and the CD contains several other books that interest me.
: Is this CD a good product?
: I must be able to easily print quality, full size copies of the
: pages I need from the CD. It would be fine if the CD contains
: postscript or pdf copies of the books. I prefer postscript or pdf
: generated from the computer sources of the texts, not scans of paper
: editions (of course, that may not be possible for all titles on the
: CD, but it should be for Stinson). I don't care about search tools on
: the CD, if any, as long as they don't interfere with printing. I
: don't want to have to rely on software provided on the CD to view or
: print the book contents.
: I found one article in deja.com that says some of the text on the
: CD is "garbled". What does that mean? Is it still true of more
: recent pressings of the CD?
: Thanks.
: Vic Zandy
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: How much does it cost to share knowledge?
Date: Wed, 26 Jan 2000 20:37:12 GMT
In article <[EMAIL PROTECTED]>,
Jeff Williams <[EMAIL PROTECTED]> wrote:
>
> --------------B8732955B78866515A0AE3A0
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
>
> Tom, as far as students go, typically such student rates are aimed at
> grad students (masters or doctoral candidates) who, frequently,
> can get stipends (or whatever term you like to use) from their
> respective institution. When someone else pays all, or part, of
> the bill, $300US isn't a big deal.
>
> Many grad students I know are, to some extent, employed by
> the university at which they are studying.
>
> Consider yourself flattered that you're on NIST's mailing list.
>
> Jeff
Hehehe, the problem is I haven't even finished high school yet, so I
may understand around 50% of all the material presented anyways.
Probably less. I just wanted to attend to join in the scene and find
out career/school choices I should make. I figured there would people
like me [only older, educated etc..].
BTW if you ordered a NIST CD any time you are on their list....
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: How much does it cost to share knowledge?
Date: Wed, 26 Jan 2000 20:40:36 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (JPeschel) wrote:
> Tom St Denis [EMAIL PROTECTED] writes, in part:
>
> >I think they are being a bit arrogant there.
> >
>
> How is charging a fee for a conference arrogant?
300 dollars for a folding chair in a conference room is abit much.
> Yeah, 300 US bucks is about enough for a nice dinner and evening on
the
> town. (I'd take the night out over a conference.)
Well you must be rolling in the dough. where I come from you don't
spend 300 dollars on a meal.
> >Sorry but had to be said.
>
> No, it didn't: it's nothing more than whining. If you want to go,
> borrow some money from, as they say, the 'rents.
I am not going to pay 445 dollars cdn for a folding chair. For me
that's around 65 hours of work, or about a months pay. That's
ludicrous.
Call it whining if you want. BTW isn't AES suppose to be open to
everyone? Not just the rich?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Crossposted-To:
alt.anarchism,alt.computer.security,alt.security,alt.security.espionage,alt.security.pgp
Subject: Re: 1on1lite (Was: Re: Echelon monitors this group)
Date: Wed, 26 Jan 2000 15:51:08 -0500
An Anarchist wrote:
> ...
> I work for a small British company.
> As you probably know the kind of encryption we provide, is actually not
> legal in the USA at least that's what I hear.
You hear wrong. There's a popular misconception both among
USians and others that there are US laws restricting or
prohibiting the use of crypto. Not so. There are, however,
limitations on the *export* of crypto, that's quite a different
matter.
You may be thinking of other countries, like France.
paul
--
!-----------------------------------------------------------------------
! Paul Koning, NI1D, D-20853
! Lucent Corporation, 50 Nagog Park, Acton, MA 01720, USA
! phone: +1 978 263 0060 ext 115, fax: +1 978 263 8386
! email: [EMAIL PROTECTED]
! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "A system of licensing and registration is the perfect device to deny
! gun ownership to the bourgeoisie."
! -- Vladimir Ilyich Lenin
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: What about the Satanic Seven???
Date: Wed, 26 Jan 2000 15:43:50 -0500
Sander Vesik wrote:
>
> Paul Koning <[EMAIL PROTECTED]> wrote:
>
> > None to speak of. On the other hand, if someone in another country
> > (with no restrictions of its own) uses your open source code to create
> > a new product, then that new product is still not allowed to go to the
> > bad seven. So, in theory at least, it puts a barrier in the way of
> > their getting finished products.
>
> Huh? Person A exports code under licence XYZ from the US. Person B in
> country KPT dowloads it, finds it to be a fine peice of software.
> He make a crypto app and puts that on his own page (located outside
> the US).
>
> What you are saying is that person B *MUST* make sure it does not
> go to one of the bad countries?
Possibly correct. Note that you said "under license XYZ" while I was
talking about open source being posted by A. If A posts open source
on a server, and B in another country uses it, then it's still
supposedly
subject to restrictions. But it seems that B can in turn post his work
(including A's work) as open source without having to restrict it.
> That means that you cannot export GPL-ed crypto software from the US
> ("no additional restrictions")?
Interesting point. Perhaps so...
> What about person C - who never has downloaded anything from the US,
> and only downloads from B-s pages?
Export control is transitive... The rules talk about export or
re-export,
so it doesn't affect just the original exporter.
paul
--
!-----------------------------------------------------------------------
! Paul Koning, NI1D, D-20853
! Lucent Corporation, 50 Nagog Park, Acton, MA 01720, USA
! phone: +1 978 263 0060 ext 115, fax: +1 978 263 8386
! email: [EMAIL PROTECTED]
! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "A system of licensing and registration is the perfect device to deny
! gun ownership to the bourgeoisie."
! -- Vladimir Ilyich Lenin
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Does RSA use real prime ?
Date: Wed, 26 Jan 2000 15:46:06 -0500
Hank wrote:
>
> RSA related cryptosystem often refers to the lenghth of key. For example, a 1024 bit
>PGP keypairs...
> Since 1024 bit is not a small number, I am curious how programs like PGP can find a
>big prime so rapidly.
> I hear someone that these program does not use real prime. Instead, they use
>numbers which are very possbile real primes on a
> statistical base. Is this true ?
Yes. On the other hand, I believe you can do non-probabilistic
primality tests too. Those are quite a lot slower but still
quite fast -- much faster than simplistic approaches like trying
all possible divisors...
paul
--
!-----------------------------------------------------------------------
! Paul Koning, NI1D, D-20853
! Lucent Corporation, 50 Nagog Park, Acton, MA 01720, USA
! phone: +1 978 263 0060 ext 115, fax: +1 978 263 8386
! email: [EMAIL PROTECTED]
! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "A system of licensing and registration is the perfect device to deny
! gun ownership to the bourgeoisie."
! -- Vladimir Ilyich Lenin
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: A Format for Cipher Challenges
Date: Wed, 26 Jan 2000 21:08:46 GMT
John Savard wrote:
> ... a more valid format for a challenge might take this form:
The classical standard is to let the cryptanalyst dictate what
samples must be provided. Often that takes the form of several
CTs using the same key, with ordinary telegraphic English PT,
and/or several CTs with different keys but the same PT.
These reflect important situations found in actual practical
cryptanalysis.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Strong stream ciphers besides RC4?
Date: Wed, 26 Jan 2000 20:57:03 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> [EMAIL PROTECTED] (Terry Ritter) wrote, in part:
>
> >You can wish and hope all you want, but Algorithm M is still not
> >secure. Sorry.
>
> The attack used in those Cryptologia articles required that the entire
> pseudo-random output from the linear congruential generator be used.
> Just use the most significant byte, and a sufficiently large integer
> to make the required arrays impractical (16-bit arithmetic is no good,
> but 128-bit arithmetic works nicely) and such attacks on a simple
> MacLaren-Marsaglia generator fall apart.
Sorry if this is out there, but I don't have access to those papers.
See the problem with Terry's response from what I can tell is that... I
AM NOT USING A LINEAR CONGRUETIAL GENERATOR. I suggested using
sufficiently lagged Fibonacii generators which are not as bad as a LCG.
If I could get access to those papers somehow...
tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Why did SkipJack fail?
Date: Wed, 26 Jan 2000 21:11:06 GMT
Jerry Coffin wrote:
> Doing some figuring, that seems to come to around $200 million US to
> break SkipJack at a rate of one key per year -- an amount of money
> that quite a few large companies or most government agencies could
> afford fairly easily.
I doubt the financial officers would approve such an expenditure
for so little gain! $200M/key/yr is not very productive.
------------------------------
Date: Wed, 26 Jan 2000 16:10:52 -0500
From: Tim and Carolyn <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.labview
Subject: Re: encryption/decryption programs
I reloaded the LabVIEW 5.0 encryption and decryption programs that I
wrote because some folks had problems with missing VI's. Hopefully,
this is now corrected.
Cheers,
TS
http://www.cs.wcupa.edu/~tstarn/software.html
Tim and Carolyn wrote:
>
<snip>
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: New to cryptology question, rolling XOR
Date: Wed, 26 Jan 2000 21:19:04 GMT
Jonas wrote:
> Would a rolling XOR be hard to break?
XOR is practically irrelevant here; what you described is known as a
ciphertext-autokey system, and indeed they aren't very hard to break.
(For one thing, most of the key is known to the interceptor!)
A plaintext-autokey variant is somewhat harder to break, but there
are methods to do so.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Should I buy the Dr Dobbs CD?
Date: 26 Jan 2000 21:00:17 GMT
Victor Zandy <[EMAIL PROTECTED]> wrote:
> I found one article in deja.com that says some of the text on the
> CD is "garbled". What does that mean? Is it still true of more
> recent pressings of the CD?
The first version of the CD had a horrible proprietary Windows-only
interface. It also exhibited problems with missing text or links which did
not work. Actually, "exhibits", since I still have my copy.
The current version of the CD consists of .pdf files and by all accounts is
a fine product and worth buying.
Thanks,
-David
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Paper on Parallel Factoring
Date: 26 Jan 2000 21:05:37 GMT
I just noticed a paper due to Richard Brent on
"Some parallel algorithms for integer factorisation"
ftp://ftp.comlab.ox.ac.uk/pub/Documents/techpapers/Richard.Brent/rpb193.ps.gz
It is a survey paper : it considers several different factoring methods
and how parallel computation can and can not aid each of them. He points out
that while GNFS is the current fastest known factoring algorithm, the
linear algebra step is not easily parallelized.
If you have been following posts by Bob Silverman on the importance of
space to factoring efforts, then there may not be much new here for the
GNFS. At the same time, it may be worth looking at for discssion of the
othr algorithms.
Thanks,
-David
------------------------------
From: Uri Blumenthal <[EMAIL PROTECTED]>
Subject: Re: ECC & RSA re: patents, copyrights
Date: Wed, 26 Jan 2000 16:38:42 -0500
Reply-To: [EMAIL PROTECTED]
Jerry Coffin wrote:
> Certicom has a couple of patents on specific
> methods of carrying out some of the operations in ECC, but it's
> entirely possible to implement ECC without using them.
1. I don't know for sure, but I heard that Certicom is not the
only patent holder wrt. ECC.
2. Are you *sure* that it is entirely possible to implement
ECC without using Certicom patents and still INTEROPERATE
with a Certicom implementation?
--
Regards,
Uri [EMAIL PROTECTED] M.C.Ht N2RIU
-=-=-==-=-=-
<Disclaimer>
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Subject: Re: english word list
Date: Wed, 26 Jan 2000 21:45:53 GMT
On 26 Jan 2000 18:57:23 GMT, [EMAIL PROTECTED] (Keith A Monahan) wrote:
>As far as today's task, it was successful too. I was cracking an
>administrator account on a local NT machine which we needed access to.
>The dictionary attack (using L0phtCrack 2.5) found it in like milliseconds
>on the PIII 500mhz :)
Kids, let this be a lesson to you about the inadvisability of
using ordinary words for passwords...
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: Mac encryption algorithm?
Date: 26 Jan 2000 21:48:58 GMT
Can you be more specific? Are you looking for public key stuff or
private key? I'm not real familiar with mac programming, but outside of
maybe byte order or something, are there particular issues you need to
worry about?
And when you mean a 'good' encryption algorithm, do you mean fast or
secure or ?? Is this to protect data from your kid sister, or the government?
What's the application? Streaming video, file storage, checking passwords?
Would a one-way hash suffice?
I wish there was an easy answer that would cover all bases, but there
isn't.
Answer some of those questions, and we'll see what we can do. :)
Keith
elliptic ([EMAIL PROTECTED]) wrote:
: I need some help on findng a good encryption algorihm that is easily
: implementable on a mac. If you could point me in the right direction it
: would be appreciated.
: thanks
: Sent via Deja.com http://www.deja.com/
: Before you buy.
------------------------------
From: Jeff Williams <[EMAIL PROTECTED]>
Subject: Re: How much does it cost to share knowledge?
Date: Wed, 26 Jan 2000 15:41:18 -0600
==============DFBDFBD128620EDD0A96C04D
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Tom,
I had in the back of my mind that you were in high school. I wasn't
sure and I didn't want ot insult you so I didn't mention it in my
previous post. Basically, my point was that the student rates
weren't really aimed at you.
Your idea about checking out career/school choices isn't half bad.
Do keep in mind that the organizers of the conference have costs
other than the hall. They have to pay the costs of the speakers (hotel,
airfare, food, etc). They probably have to hire folks to handle
registrations, etc. It all adds up. $300 for a professional level
conference ain't at all bad. Most of the conferences of interest to
me, professionally, run into 4 figures for, typically, 3 days.
Yeah, it's hard to cope with not being able to do what you want. But,
heck, when I was in high school, I wanted a new car and I couldn't
afford that. Different stages of life, and all that hoooey.
Jeff
Tom St Denis wrote:
> Hehehe, the problem is I haven't even finished high school yet, so I
> may understand around 50% of all the material presented anyways.
> Probably less. I just wanted to attend to join in the scene and find
> out career/school choices I should make. I figured there would people
> like me [only older, educated etc..].
>
> BTW if you ordered a NIST CD any time you are on their list....
>
> Tom
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
--
Jeff Williams - Alcatel USA.
Did you know that there is enough sand
in North Africa to cover the entire
Sahara desert?
==============DFBDFBD128620EDD0A96C04D
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Tom,
<p>I had in the back of my mind that you were in high school. I wasn't
<br>sure and I didn't want ot insult you so I didn't mention it in my
<br>previous post. Basically, my point was that the student rates
<br>weren't really aimed at you.
<p>Your idea about checking out career/school choices isn't half bad.
<br>Do keep in mind that the organizers of the conference have costs
<br>other than the hall. They have to pay the costs of the speakers
(hotel,
<br>airfare, food, etc). They probably have to hire folks to
handle
<br>registrations, etc. It all adds up. $300 for a professional
level
<br>conference ain't at all bad. Most of the conferences of interest
to
<br>me, professionally, run into 4 figures for, typically, 3 days.
<p>Yeah, it's hard to cope with not being able to do what you want.
But,
<br>heck, when I was in high school, I wanted a new car and I couldn't
<br>afford that. Different stages of life, and all that hoooey.
<p>Jeff
<p>Tom St Denis wrote:
<blockquote TYPE=CITE>Hehehe, the problem is I haven't even finished high
school yet, so I
<br>may understand around 50% of all the material presented anyways.
<br>Probably less. I just wanted to attend to join in the scene and
find
<br>out career/school choices I should make. I figured there would
people
<br>like me [only older, educated etc..].
<p>BTW if you ordered a NIST CD any time you are on their list....
<p>Tom
<p>Sent via Deja.com <a href="http://www.deja.com/">http://www.deja.com/</a>
<br>Before you buy.</blockquote>
<pre>--
Jeff Williams - Alcatel USA.
Did you know that there is enough sand
in North Africa to cover the entire
Sahara desert?</pre>
</html>
==============DFBDFBD128620EDD0A96C04D==
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
