Cryptography-Digest Digest #991, Volume #10 Fri, 28 Jan 00 00:13:01 EST
Contents:
Moronic threads on random numbers should have subject lines (Michael Sierchio)
Re: Reversibly combining two bytes? (Nick Maclaren)
Re: How much does it cost to share knowledge? (Greg)
Re: How much does it cost to share knowledge? (Greg)
Re: OpenSSL Example on X.509 Certificate Generation (Paul Rubin)
Re: How much does it cost to share knowledge? (Greg)
Re: How much does it cost to share knowledge? (Greg)
Re: Best Encryption Software? ("Joseph Ashwood")
Re: How much does it cost to share knowledge? ("Steve Sampson")
Re: Clock drift (was Intel 810 chipset Random Number Generator) (Sandy Harris)
Re: Any Reference on Cryptanalysis on RSA ? (Sandy Harris)
Classical Crypto Books (CryptoBook)
Re: "Trusted" CA - Oxymoron? (John G. Otto)
Re: Any Reference on Cryptanalysis on RSA ? (DJohn37050)
----------------------------------------------------------------------------
From: Michael Sierchio <[EMAIL PROTECTED]>
Crossposted-To: sci.physics
Subject: Moronic threads on random numbers should have subject lines
Date: Thu, 27 Jan 2000 18:18:11 -0800
While I keep hoping that someone with an Intel Firmware Hub will
post something useful in Re: Intel 810 chipset Random Number Generator.
Must I go buy a girly Celeron box myself?
------------------------------
From: [EMAIL PROTECTED] (Nick Maclaren)
Crossposted-To: sci.crypt.research
Subject: Re: Reversibly combining two bytes?
Date: 28 Jan 2000 02:29:33 -0000
In article <[EMAIL PROTECTED]>,
Alan Lawrence <[EMAIL PROTECTED]> wrote:
>Thanks for your suggestions - in particular the use of a balanced Latin
>square, that is a 256*256 grid where each row and each column contains
>each of the numbers 0..255 exactly once. This seems a good solution
>provided a good method of generating such squares can be found.
There are plenty of algorithms around - they are heavily used in
statistics, and that is a good place to find references. Most tend
to have a few problems, and I don't think that there is a known 'best'
algorithm.
>Secondly, Terry Ritter's glossary <http://www.io.com/~ritter/GLOSSARY.HTM>
>states that a balanced Latin Square has "massive internal state". The
>"state" is presumably the large table of numbers forming said square,
>however this state does not change during operation. Would a dynamic
>version not be better? After the cipher byte is selected by key and
>plaintext bytes, the square could be altered similarly to a dynamic
>substitution cipher: swapping the rows of the table indicated by key and
>plaintext, and swapping the columns also.
The converse of having "massive internal state" is that Latin squares
have very few degrees of freedom. Once you have settled only a few
of their numbers, the rest can be arranged only one way (if at all.)
Some care is needed to avoid getting into an impossible situation!
Regards,
Nick Maclaren,
University of Cambridge Computing Service,
New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.
Email: [EMAIL PROTECTED]
Tel.: +44 1223 334761 Fax: +44 1223 334679
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: How much does it cost to share knowledge?
Date: Fri, 28 Jan 2000 02:29:45 GMT
> That's sad, as scientists I would think their main goal was the
> development of the human understanding of things. Math always
> existed we are just *finding* it.
Some would say that we decided on math, not that it existed, but
that we defined it. It is a real philosophical question...
> That's why patents must be abolished.
You must be joking.
For your information, the US congress bowed to the NWO and
decided to GUT THE HELL out of the US patent laws. Instead
of making Japanese patent laws stronger for the little man,
in their PR campaign to make their case, they said that they
had no choice but to weaken our patent laws to make them the
same as other laws. In effect, they gutted the one law on
our books that I personally contribute to America's wealth.
And now it is very weak. Their PR was a sham. They bowed
to the financial interests of the world and hurt people like
you and I.
> It's analogous to patenting a new found island because
> you found it first. That's silly.
That's colonialism. It is not silly. It is necessary.
Patents are necessary to encourage discovery, inventions, etc.
and more importantly the sharing of those ideas.
> Common we are suppose to be evolving as a society yet we cling
> to some paper with printing on it. that's very primitive.
Excuuuuuuuuse me. The world is not common. The Chinese don't
think like Americans. The Japanese don't think like Canadians.
And trust me you NEVER want to live or work like them.
I don't care if the world does become common, but not at the
expense of my life style, my morals, and my dreams. If they
want to be like me, let them. I couldn't care less. But don't
ever expect me to be like them.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: How much does it cost to share knowledge?
Date: Fri, 28 Jan 2000 02:42:30 GMT
> Why can't the compensation be knowing you found something using your
> talents. and that your hard work has provided something new for
> society?
This question is what this whole thread is boiling down to.
They tried this in the Soviet Union. The result? In Gorby's own
words to his parliment, "Our workers have forgotten how to work."
No, Gorby, your society had forgotten how important it is to reward
good work with personal achievements.
Personal achievement is the incentive that drives great economies.
It is a biblical principle that God ordained. In other words, God
made us to personally grow and achieve more than we think we can.
This is why it works and this is why you cannot eliminate it and
have an achieving society.
That does not mean that some do not exploit it at the expense of
others. But that is like saying, "Since hackers use computers,
and we don't want hackers, let's pass a ban on all PCs."
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: OpenSSL Example on X.509 Certificate Generation
Date: 28 Jan 2000 02:51:30 GMT
In article <[EMAIL PROTECTED]>,
Angus Lee <[EMAIL PROTECTED]> wrote:
>Hi,
>
>Does anyone have a working example on generating X.509 certificate using
>OpenSSL?
Yes, the openssl and mod_ssl (www.modssl.org) distributions have several
shell scripts that generate certificates, sign other certificates, etc.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: How much does it cost to share knowledge?
Date: Fri, 28 Jan 2000 02:49:26 GMT
> Both the Magna Carta and paper money represent quite
> sophisticated ideas. They aren't primitive at all.
Paper money, as in the federal reserve note, is
not sophisticated. It is quite simply, really, because
it is backed by nothing. They just make it seem that way
to hide what it really is- fraud.
--
The only vote that you waste is the one you never wanted to make.
RICO- we were told it was a necessary surrender of our civil liberties.
Asset Forfeiture- the latest inevitable result of RICO.
http://www.ciphermax.com/book
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: How much does it cost to share knowledge?
Date: Fri, 28 Jan 2000 02:46:59 GMT
> Now the issue of whether math is made or discovered is
> extremely deep. But it is also irrelevant. Practically
> it takes work to do both. And getting people to work
> requires incentives.
I think this hits on a point that needs to be drawn out.
Tom, I don't have a problem with math being free. I have
a problem with my taking my time and studying math, then
you telling me that I must freely "teach" you what I learned.
If you want to learn, you have to pay for the opportunity
as I did. You can pay for a class room that I teach in.
You can pay for a book that I write. Or you can pay with
your own swet by studying long hours as I did.
At least you have more than one option. In some countries,
they don't allow some classes or books at all.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Best Encryption Software?
Date: Thu, 27 Jan 2000 19:02:59 -0000
> Can anyone reccomend good encryption software?
I could actually recommend several, we need more detail abvout what you want
to do.
> I need to transfer data (a database) via an FTP site and need a good
encryption
> program (and something that will compact it if possible). The data is
> very sensitive so I need to feel fairly secure.
How big is the data you need to protect? Do you need to be able to protect
different files for different users? How fast does it need to be done?
In terms of meeting the needs of many very quickly, and with little effort,
I would recommend PGP. If you simply need it right now, and don't need
support, just go to http://www.pgpi.org/cgi/download-wizard.cgi and download
the version you need. Every entity that will be downloading PGP needs to
have a copy of PGP also.
------------------------------
From: "Steve Sampson" <[EMAIL PROTECTED]>
Subject: Re: How much does it cost to share knowledge?
Date: Thu, 27 Jan 2000 21:35:44 -0600
VG9tIFN0IERlbmlzIHdyb3RlDQoNCj4gV2h5IGNhbid0IHRoZSBjb21wZW5zYXRpb24gYmUga25v
d2luZyB5b3UgZm91bmQgc29tZXRoaW5nIHVzaW5nIHlvdXINCj4gdGFsZW50cy4gIGFuZCB0aGF0
IHlvdXIgaGFyZCB3b3JrIGhhcyBwcm92aWRlZCBzb21ldGhpbmcgbmV3IGZvcg0KPiBzb2NpZXR5
Pw0KDQpIb3cgZG8geW91IHBheSB0aGUgbW9ydGdhZ2Ugd2l0aCB0aGF0PyAgRmVlZCB0aGUga2lk
cz8gIFB1dCB0aGVtDQp0aHJvdWdoIHNjaG9vbD8NCg0KWW91J3JlIGEgY29tbXVuaXN0IGF0IGhl
YXJ0LCBidXQgdGhlIHN5c3RlbSBpcyBmbGF3ZWQuICBIdW1hbnMgbmVlZCB0bw0KYWNoaWV2ZSwg
YW5kIHRoZXkgbmVlZCB0byBiZSByZXdhcmRlZCBmb3IgaW5kaXZpZHVhbCBhY2hpZXZlbWVudC4g
IElmDQpldmVyeW9uZSBnb3QgcGFpZCB0aGUgc2FtZSwgYW5kIHRoZSBnb3Zlcm5tZW50IHRvb2sg
Y2FyZSBvZiBldmVyeXRoaW5nLA0KYW5kIGh1bWFucyBsb3ZlZCBzb2NpYWxpc20sIHdlIHdvdWxk
IGFsbCBiZSBmaWdodGluZyB0byBnZXQgaW50byB0aGUgSW5kaWFuDQpyZXNlcnZhdGlvbnMuDQoN
Cj4gPiBUYWtpbmcgc29tZWJvZHkncyBwcm9wZXJ0eSB3aXRob3V0IHBlcm1pc3Npb24gb3IgY29t
cGVuc2F0aW9uDQo+ID4gaXMgKm5vdCogcHJpbWl0aXZlPyAgV2hlcmUgZG8geW91IGdldCB5b3Vy
IGlkZWFzPz8NCj4gDQo+IFBlb3BsZSBnZXQga2lsbGVkIFthbmQgc3RpbGwgYXJlXSBvdmVyIGxh
bmQgZGlzcHV0ZXMuICBJcyB0aGF0IGNpdmlsPw0KDQp5ZXMuICBMYW5kIGRpc3B1dGVzIG1hZGUg
QW1lcmljYSB3aGF0IGl0IGlzIHRvZGF5Lg0KDQpTdGV2ZQ0KDQo=
------------------------------
From: [EMAIL PROTECTED] (Sandy Harris)
Crossposted-To: sci.physics
Subject: Re: Clock drift (was Intel 810 chipset Random Number Generator)
Date: 28 Jan 2000 04:21:54 GMT
[EMAIL PROTECTED] (Michael Kagalenko) spake thus:
> ... So far, no one evinced any signs of having
> understood what I am saying in plain English over and over and over.
I'm coming in to this discussion late.
>From here it looks as though you're advocating at least three clearly
nonsensical propositions:
1) clock drift has enough randomness to be interesting for
cryptographic purposes
2) a protocol involving connections to an Internet time server
can be secure enough to trust for cryptographically important
random numbers
3) IPSEC or other cryptography can solve problem 2
Ritter and Schryver appear to have understood you completely and to have
demolished your first two points rather thoroughly. If anyone is failing to
understand, it seems to be you.
As for your third point, it traps you in a vicious circle. IPSEC and most
other cryptographic protocols require random numbers. If you need IPSEC
to generate your random numbers, you're sunk.
I'd suggest you read RFC 1750 and mull over it a while.
------------------------------
From: [EMAIL PROTECTED] (Sandy Harris)
Subject: Re: Any Reference on Cryptanalysis on RSA ?
Date: 28 Jan 2000 04:26:39 GMT
[EMAIL PROTECTED] (William Hugh Murray) spake thus:
>> There is no relationship between the two systems nor their key
>> lengths.
Right.
>Perhaps. However, I was once given a rule of thumb that said an RSA key
>had to be 8 to 10 times the number of bits to have equivalent work
>factor to a DES key. Was there no validity to that rule of thumb?
It sounds like a reasonable first approximation, but I wouldn't rely
on it for anything that mattered.
There is some good info on key sizes for various algorithms and the
work to break them at http://www.cryptosavvy.com
------------------------------
From: [EMAIL PROTECTED] (CryptoBook)
Subject: Classical Crypto Books
Date: 28 Jan 2000 04:36:35 GMT
Classical Crypto Books is pleased to announce the following recent
additions/updates to the CCB catalog.
CLASSICAL CRYPTO
THE AMERICAN BLACK CHAMBER
by Herbert O. Yardley
A BEST BUY! This high quality, hardbound reprint edition is printed on acid
free paper and is published in a press run limited to 100 copies. For a
description, see the softbound edition listing (next). Published at $23.95.
Amereon House, 268 pp.
HB, Nonmember $22.95, Member $20.95
THE AMERICAN BLACK CHAMBER
by Herbert O. Yardley
This thrilling and controversial 1931 bestseller exposed US cryptanalytic
methods and successes, spurring Japan and other embarrassed nations to change
systems before WW2. Written by the colorful, talented, and broke ABC leader
after it closed in 1929. Aegean Park Press C-52, 375 pp.
SB, Nonmember $28.80, Member $23.05
CRYPTANALYSIS OF THE SINGLE ROTOR CIPHER MACHINE
by Donald A. Dawson
This book grew out of the author's (eventually) successful attempt to solve a
problem in the back of Solomon Kullback's Statistical Methods in Cryptanalysis.
Includes QBasic program listings. See Cryptologia, Oct96. Aegean Park Press
C-73, 217 pp.
SB, Nonmember $38.80, Member $31.05
ADVANCED MILITARY CRYPTOGRAPHY
by William F. Friedman
Continues Friedman's Elementary Military Cryptography, covering the same
general areas, but with more advanced subject matter. Includes sections on
repetitive and combined systems as well as cryptographs and cipher machines.
Aegean Park Press C-8, 119 pp.
SB, Nonmember $14.80, Member $11.85
ELEMENTARY MILITARY CRYPTOGRAPHY
by William F. Friedman
Introductory text for U.S. Army cryptographers. Originally published in 1935.
Discusses transposition and substitution cipher systems, one- and two-part code
systems, enciphered code, error recovery, and fundamentals of signal security.
Aegean Park Press C-7, 90 pp.
SB, Nonmember $12.80, Member $10.25
CODES, CIPHERS, & OTHER CRYPTIC & CLANDESTINE COMMUNICATION: Making and
Breaking Secret Messages From Hieroglyphs to the Internet
by Fred B. Wrixon
A BEST BUY! As you can tell from the title and page count, this is a BIG book,
a treasury of information (mostly) about classical cryptology and associated
technology. As a quality hardbound book with dust jacket, the big surprise is
the low price. Black Dog and Levanthal, 704 pp.
HB, Nonmember $17.95, Member $15.95
FICTION AND LITERATURE
THE CRYPTOGRAM: (The Giant Raft, Part 2)
by Jules Verne
Improving upon Poe, whom he admired, Verne made the solution of a more complex
Gronsfeld cipher the central theme in this 1881 Amazon adventure novel. Printed
on acid free paper, this high quality edition is published in a press run
limited to 80 copies. Amereon House, 119 pp.
HB, Nonmember $18.95, Member $17.95
FOR BEGINNERS AND ENTHUSIASTS
LU & CLANCY'S SECRET CODES
by Adrienne Mason, Illustrated by Pat Cupples
Dog detectives, Lu and Clancy, teach kids ages 7 to 10 more than 20 fool-proof
ways to write secret messages in this activity story book. Illustrated
throughout in color. Kids Can Press, 40 pp.
SB, Nonmember $5.95, Member $5.35
SECRET CODE BREAKER CIPHER SLIDE
by Robert Reynard
A BEST BUY! A 10.5" x 2" linear slide with a cardboard face and wood back.
Includes instructions for use with Caesar, Vigenere, Beaufort, and Gronsfeld
ciphers. Ages 10 and up. Smith & Daniel, 10 pp.
Nonmember $4.95, Member $3.95
SECRET CODE BREAKER VOLUME 3: A Cryptanalyst's Handbook
by Robert Reynard
A BEST BUY! History and ciphers of the Revolutionary & Civil Wars, World Wars I
& II, and the cold war with separate chapters on Venona, the Zimmermann
telegram, Friedman and Rowlett, Rudolph Abel, the Walker spy ring, Aldrich
Ames, organized crime. Ages 12 and up. Includes a 3.5 inch diskette. Smith &
Daniel, 125 pp.
SB, Nonmember $12.95, Member $11.50
SECRET CODE BREAKER VOLUME 2: A Cryptanalyst's Handbook
by Robert Reynard
A BEST BUY! Describes cribs, traffic analysis, superencipherment, and history
and use of checkerboard, ADFGVX, Playfair, Mexican Army, grille, Larrabee, and
one time pad ciphers with software to encode/decode ciphers, simulate the
Enigma Bombe. Ages 12 and up. Includes a 3.5 inch diskette. Smith & Daniel, 128
pp.
SB, Nonmember $12.95, Member $11.50
SECRET CODE BREAKER VOLUME 1: A Cryptanalyst's Handbook
by Robert Reynard
A BEST BUY! Describes history and use of skytale, Polybius, single column
transposition, Jefferson Wheel, Caesar, keyword, and Vigenere ciphers with
software to encode/decode ciphers, analyze simple substitution, simulate the
Enigma machine. Ages 12 and up. Includes a 3.5 inch diskette.
Smith & Daniel, 96 pp.
SB, Nonmember $11.95, Member $10.95
SECRET CODE BREAKER SECRET MESSAGE KIT: Second Edition
by Robert Reynard
A BEST BUY! A hands-on activity kit with two different cardboard cipher disks,
including the Mexican Army disk, five different cipher system message pads, a
secret ink marker pen, a separate developer marker, and step by step
instructions. Ages 8 to 12. Smith & Daniel, 28 pp.
Nonmember $9.95, Member $8.95
HISTORY
VENONA: Soviet Espionage and the American Response 1939-1957
by Robert Louis Benson, Michael Warner
Venona was the largely successful project to break Soviet Diplomatic codes used
for messages discussing Soviet espionage in the U.S. Quite a feat since the
messages were superenciphered with a one-time pad. Aegean Park Press C-75, 547
pp.
SB, Nonmember $48.80, Member $39.05
CAPTURING ENIGMA: How HMS Petard Seized the German Naval Codes
by Stephen Harper
Unable to read German naval Enigma traffic for 10 months, BP needed a break.
They got it when a British destroyer attacked U-559. Two British sailors raced
to get the Enigma keys, went back for the machine, and perished in the sinking
sub. UK import.
Sutton Publishing, 192 pp. (Quantities very limited.)
HB, Nonmember $35.95, Member $32.95
WARRIORS: Navajo Code Talkers
by Kenji Kawano, Foreword by code talker Carl Gorman, Introduction by
Benis Frank, USMC
The author, son of a Japanese WW2 veteran was surprised to learn of the code
talkers when he moved to Arizona. He got to know them well, became official
photographer of the Navajo Code Talkers Association, and produced this book to
preserve their memory. Published at $19.95. Northland Publishing Company, 125
pp.
SB, Nonmember $18.95, Member $16.95
MODERN AND ADVANCED CRYPTO
CRYPTOLOGY
by Albrecht Beutelspacher
The book's first half studies classical cryptology and analyzes its
cryptosystems. The second half deals with modern cryptology, including public
key cryptosystems. For a review, see Cryptologia, Oct95. Mathematical
Association of America, 172 pp.
SB, Nonmember $37.95, Member $35.95
CRYPTOLOGY: System Identification and Key Clustering
by I. J. Kumar
The focus of this advanced book is the application of modern pattern
recognition techniques to the cryptanalysis of classical systems, stream
ciphers, rotor based systems, DES, and public key systems. Discusses the
cryptanalysis of speech systems. Aegean Park Press C-78, 499 pp.
SB, Nonmember $58.80, Member $47.05
CRYPTOGRAPHY AND NETWORK SECURITY: Principles and Practice (Second Edition)
by William Stallings
Useful as both a text for an undergraduate course in cryptography and network
security and as a professional reference. Four parts cover conventional
encryption, public-key encryption & hash functions, network security practice,
and system security. Published at $72.75. Prentice Hall, 589 pp.
HB, Nonmember $67.95, Member $61.95
ESPIONAGE AND INTELLIGENCE
SECRET MISSIONS OF THE CIVIL WAR: First-hand Accounts by Men and Women Who
Risked their Lives in Underground Activities for the North and the South
by Philip Van Doren Stern (Editor)
A BEST BUY! Twenty four thrilling accounts, including one about carrying a
memorized cipher message through the lines, told by the original participants.
Includes adventures of Allan Pinkerton and Belle Boyd and an appendix on the
codes and ciphers in the Civil War. Wings Books, 320 pp.
HB, Nonmember $8.95, Member $7.95
==============
HB = Hardbound
SB = Softbound
==============
All items are in stock and available now. Member prices are available to
members of the American Cryptogram Association, the U.S. Naval Cryptologic
Veterans Association, and full-time students. Shipping and handling are extra.
For complete ordering information, a free catalog of crypto books by return
e-mail, or for information about membership in the American Cryptogram
Association, please send email to: [EMAIL PROTECTED]
Best Wishes,
Gary
Gary Rasmussen
Classical Crypto Books
E-Mail: [EMAIL PROTECTED]
Fax: (603) 432-4898
------------------------------
From: [EMAIL PROTECTED] (John G. Otto)
Crossposted-To:
alt.privacy,alt.security.pgp,comp.security.pgp,comp.security.pgp.discuss
Subject: Re: "Trusted" CA - Oxymoron?
Date: Thu, 27 Jan 2000 20:54:05 -0800
> "Jim Bennett" wrote:
> I have been reviewing the Certification Practice Statements of various
> issuers of X.509 digital certificates for S/Mime email. I have been
> trying to find one that really tries to verify the identity of the
> certificate applicant and will do it for the general public.
> I haven't been too thrilled with what I found.
> Why do I care? If you are going to use a personal digital certificate
> for signing an e-mail that has significant legal implications, like
> a request to withdraw $100,000 from your bank and have the funds
> wired somewhere else, you sure as hell want to make sure the person
> who has signed the message is really the person he says he is.
The problem is that the whole scheme is half-baked.
You do NOT need to know who the person is; you just need to be
sure the funds are transferred, or vice versa, that the quid
pro quo of the deal will exist.
Digicash's scheme provides both anonymity and assurance of
the transfer. The only draw-backs WRT privacy are that they
have a way to report the transactions and is subject to a
traffic monitoring.
--
John G. Otto Nisus Software, Engineering
http://www.nisus.com SuperSleuth QUED/M
http://www.mathhelp.com GIA Nisus Writer
http://www.infoclick.com Easy Alarms Mail Keeper
Opinions expressed are not those of Nisus Software.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Any Reference on Cryptanalysis on RSA ?
Date: 28 Jan 2000 05:00:52 GMT
For the NIST/ANSI numbers for symmetric and asymmetric key sizes (approx)
equivalence, see my whitepaper on "ECC, Future Resiliency and High Security
Systems" in the white pages section at www.certicom.com. Note that RSA is
somewhat simpler than DL but the DL numbers are used as an estimate.
For extensive comparative keysize analysis, see www.cryptosavvy.com.
Don Johnson
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
