Cryptography-Digest Digest #993, Volume #10 Fri, 28 Jan 00 08:13:01 EST
Contents:
Re: RSA BSAFE Crypto-J Question (Paul Rubin)
Re: Best Encryption Software? (Johnny Bravo)
Re: Strong stream ciphers besides RC4? (Stefan Lucks)
Question : About mailing list ("±è½Â¼ö")
Re: NEC claims New Strongest Crypto Algor (John Savard)
Re: Pencil & paper cipher question (Salvatore Sanfilippo)
Re: Best Encryption Software? (Bob Deblier)
Re: How much does it cost to share knowledge? ("Lassi Hippeläinen")
Shamir Secret Sharing ([EMAIL PROTECTED])
Re: Shamir Secret Sharing (Paul Rubin)
Re: How much does it cost to share knowledge? ("ink")
Re: Attack on elliptic curves over GF(2^m), m composite (Robert Harley)
Re: Attack on elliptic curves over GF(2^m), m composite (Robert Harley)
Re: Intel 810 chipset Random Number Generator (Guy Macon)
Re: Intel 810 chipset Random Number Generator (Guy Macon)
Re: Intel 810 chipset Random Number Generator (Guy Macon)
Re: Court cases on DVD hacking is a problem for all of us (Terje Elde)
Re: DVD: CSS comments?? (Terje Elde)
Re: Intel 810 chipset Random Number Generator (Guy Macon)
Re: DVD: CSS comments?? (Sandy Harris)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: RSA BSAFE Crypto-J Question
Date: 28 Jan 2000 07:11:07 GMT
In article <86peh8$4v0$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>We are currently using RSA BSAFE Crypto-J for
>Java encryption, but we did not evaluate many
>products before we purchased Crypto-J. Now that
>our license is up, we are considering changing
>products. Can anyone recommend a different
>solution?
It depends entirely on what you're trying to do. I'm using C
implementations from www.openssl.org wrapped in a home-cooked JNI
layer. From a performance point of view this is probably the best
approach, but it's not pure Java and takes a bit more attention.
It could be that there's enough stuff in the Java 1.2 JCA/JCE to
do what you need.
You have to say more about your application to get a useful answer.
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: Best Encryption Software?
Date: Fri, 28 Jan 2000 02:19:34 +0000
On Fri, 28 Jan 2000 01:07:05 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>The copies of PGP can be supplied to the end users by the same mechanism their
>use to receive the database. The original poster mentioned FTP, so that should
>suffice for distribution. _Whatever_ encryption mechanism he uses, he'll need
>to distribute the decryption mechanism in order for users to get at the
>contents.
If RC4 would be sufficient to his needs, it would be trivial to write an
implementation that attaches to the front of a zip file and extracts it
when executed. I know it's trivial because I can do it. <grin> A benefit
is that it would be very easy to set the entire thing up with batch files
and run via command line, even to the point of assigning different
passwords and/or files to different users.
My version written with DJGPP there is roughly 33k of overhead per file
sent, while the program to encrypt the file and attach the header is only
60k. Someone willing to do the same job in assembler could probably fit
the header in 500 bytes or less and the encryption program in 1k.
Best Wishes,
Johnny Bravo
------------------------------
From: Stefan Lucks <[EMAIL PROTECTED]>
Subject: Re: Strong stream ciphers besides RC4?
Date: Fri, 28 Jan 2000 08:40:00 +0100
On Thu, 27 Jan 2000, Uri Blumenthal wrote:
> Oh, Greg Rose designed a very cute stream cipher "SOBER".
> It seems to be secure, and it's fast. Presented on 3rd
> AustralAsian Crypto in 1998.
Daniel Bleichenbacher and Savar Patel have broken SOBER, see
Daniel Bleichenbacher and Savar Patel: "SOBER Cryptanalysis",
Fast Software Encryption ´99, Springer LNCS 1636.
--
Stefan Lucks Th. Informatik, Univ. Mannheim, 68131 Mannheim, Germany
e-mail: [EMAIL PROTECTED]
home: http://th.informatik.uni-mannheim.de/people/lucks/
===== Wer einem Computer Unsinn erzaehlt, muss immer damit rechnen. =====
------------------------------
From: "±è½Â¼ö" <[EMAIL PROTECTED]>
Subject: Question : About mailing list
Date: Fri, 28 Jan 2000 17:23:48 +0900
Hi! I am a student who have interested in cryptography.
I have one question about mailing list.
Is there anyone who knows address of some mailing list about cryptography?
(especially cryptanalysis...)
If you know that, please let me know that.
Thanks a lot.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: NEC claims New Strongest Crypto Algor
Date: Fri, 28 Jan 2000 08:34:06 GMT
On Fri, 28 Jan 2000 05:44:32 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote, in part:
>That's around 2^129.5 which maybe is supposed to be 2^128.
So the old cipher had a 128 bit key, and the new one can have a 256
bit key like the AES. It will be interesting to hear more, despite the
garbles.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: Salvatore Sanfilippo <[EMAIL PROTECTED]>
Subject: Re: Pencil & paper cipher question
Date: Fri, 28 Jan 2000 08:43:00 GMT
Uri Blumenthal <[EMAIL PROTECTED]> wrote:
: Yes, a very good advice. My vote goes for VIC. It's bloody hard
: to memorize the generation sequence, but once it's done, it's
: quite secure.
About pencil & paper ciphers I'm looking for a way to sign
(using only pencil & paper) the message, a simple hash
algorithm. For example using solitaire you are subjected to
"man in the middle known ciphertext attack", and the receiver
will not be able to detect this attack. I think that in order
to be sure a message must be terminated with a random sequence
+ an hash of message+random_seq. I think that the hash algorithm
have not to be so secure for this pourpose. Any idea?
antirez
------------------------------
From: Bob Deblier <[EMAIL PROTECTED]>
Subject: Re: Best Encryption Software?
Date: Fri, 28 Jan 2000 10:09:09 +0100
[EMAIL PROTECTED] wrote:
> Can anyone reccomend good encryption software? I need to
> transfer data (a database) via an FTP site and need a good encryption
> program (and something that will compact it if possible). The data is
> very sensitive so I need to feel fairly secure.
Don't use FTP, but instead use secure FTP, as included in SSH. For more
information see http://www.ssh.fi
It doesn't send passwords and user information across the 'net in
cleartext, as FTP does, and the transferred data will be encrypted.
Sincerely
Bob Deblier
------------------------------
From: "Lassi Hippeläinen" <"lahippel$does-not-eat-canned-food"@ieee.org>
Subject: Re: How much does it cost to share knowledge?
Date: Fri, 28 Jan 2000 09:56:04 GMT
Greg wrote:
<...>
>
> That's colonialism. It is not silly. It is necessary.
Colonialism is necessary?
> Patents are necessary to encourage discovery, inventions, etc.
> and more importantly the sharing of those ideas.
Yes, agreed.
Next we should agree about what country's legistlation is best. You seem
to suggest your own as the only God-given final truth, without allowing
any arguments to the contrary. A good colonialist is always right.
<...>
> I don't care if the world does become common, but not at the
> expense of my life style, my morals, and my dreams. If they
> want to be like me, let them. I couldn't care less. But don't
> ever expect me to be like them.
"You can fence yourself in, but you cannot fence others out." (Gildor
Inglorion to Frodo Baggins in The Lord of the Rings)
-- Lassi
------------------------------
From: [EMAIL PROTECTED]
Subject: Shamir Secret Sharing
Date: Fri, 28 Jan 2000 09:47:10 GMT
Hi all,
I have a question about Shamir Secret Sharing.
In this scheme, we produce a random prime number P > S where S is the
secret key.
My question is what is the method to produce P, I talk in terme of
size, not in the method to find a random prime number.
The problem is that P is a public data in this scheme.
I explain, if we search the first next prime number after S, it's not
good for example, beacuse to get S, you test P, P-1, P-2, ... and
rapidly you get S.
Thanks for all reponse,
Ludovic.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Shamir Secret Sharing
Date: 28 Jan 2000 10:25:45 GMT
<[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I have a question about Shamir Secret Sharing.
>
> In this scheme, we produce a random prime number P > S where S is the
>secret key.
>
> My question is what is the method to produce P, I talk in terme of
>size, not in the method to find a random prime number.
>
> The problem is that P is a public data in this scheme.
>
> I explain, if we search the first next prime number after S, it's not
>good for example, beacuse to get S, you test P, P-1, P-2, ... and
>rapidly you get S.
You pick P first, then pick S less than P. P doesn't have to be
"random", much less cryptography random. It can be any prime at all,
as long as it's big enough that your attackers can't feasibly search
1,...,P-1 to find S.
------------------------------
From: "ink" <[EMAIL PROTECTED]>
Subject: Re: How much does it cost to share knowledge?
Date: Fri, 28 Jan 2000 11:37:03 +0100
Lassi Hippeläinen <"lahippel$does-not-eat-canned-food"@ieee.org> schrieb in
Nachricht <[EMAIL PROTECTED]>...
>Greg wrote:
[SNIPPED]
><...>
>> I don't care if the world does become common, but not at the
>> expense of my life style, my morals, and my dreams. If they
>> want to be like me, let them. I couldn't care less. But don't
>> ever expect me to be like them.
>
>"You can fence yourself in, but you cannot fence others out." (Gildor
>Inglorion to Frodo Baggins in The Lord of the Rings)
>
>-- Lassi
The freedom of one person ends, where the freedom of others begins.
The author of this quote slipped my mind, but I think that sums it up.
K. In Albon
------------------------------
From: Robert Harley <[EMAIL PROTECTED]>
Subject: Re: Attack on elliptic curves over GF(2^m), m composite
Date: 28 Jan 2000 11:46:14 +0100
David Hopwood <[EMAIL PROTECTED]> writes:
> I haven't seen this mentioned on sci.crypt yet, and it is relevant
> to people here who are implementing elliptic curve cryptography.
>
> > From [EMAIL PROTECTED] Sat Jan 15 08:34:24 2000
> > [...]
> > Let q=2^t and fix an integer n>=4.
> >
> > Consider an elliptic curve over F_{q^n}. Then for "most" such
> > curves one can solve the dlog problem on E(F_{q^n}) in time
> >
> > O(q^{2+epsilon})
This cannot be right. Just set t = 1 and it says that discrete logs,
for most curves over any field of characteristic 2, can be computed in
constant time. This cannot be the case.
I believe there is a bug in the statement, but that they do have a
significant result using Weil descent to hyperelliptic curves.
Hmm, I just found this URL:
http://www.hpl.hp.com/techreports/2000/HPL-2000-10.html
and am off to read the paper...
Rob.
------------------------------
From: Robert Harley <[EMAIL PROTECTED]>
Subject: Re: Attack on elliptic curves over GF(2^m), m composite
Date: 28 Jan 2000 12:03:34 +0100
I wrote:
> This cannot be right. Just set t = 1 and it says that discrete logs,
> for most curves over any field of characteristic 2, can be computed in
> constant time. This cannot be the case.
OK, the asymptotic complexity is intended to apply for t diverging to
infinity. The email statement seemed to suggest that t was fixed but in
the paper it is clearly allowed to vary.
Bye,
Rob.
PS: Time to set up the Society for the Promotion of Curves over Prime Fields?
=:-)
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 28 Jan 2000 07:24:54 EST
In article <86qqvg$l1o$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Michael Kagalenko) wrote:
> Again nope. This cycle-by-cycle period variation produces clock drift,
> which grows with time. Precisely how it does so can be evaluated using
> fluctuation-dissipation theorem. If I feel like it, I might even do
> the computation one day.
This flies in the face of my 20 years of experience as an Electronics
Engineer, including working with high precision time references at
Odetics and CD/DVD jitter measuring circuits at Disc Manufacturing, Inc.
What causes clock drift (two clocks with diverging ansers as to what
time it is) is simply the difference between the actual and desired
frequency. Easy to correct for. What causes the frequency to drift
is the physical aging of the crystal. If it was caused by a brownian
style drift caused by jitter (what you call "cycle-by-cycle period
variation"), the frequency would reset when I turned off the
electronics overnight. Brownian motion of particles has memory (the
position of the particle). Crystal clock frequency has no memory;
the frequncy is derived on the spot from various electrical and
mechanical factors.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 28 Jan 2000 07:33:41 EST
In article <86qreo$mr7$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Michael Kagalenko) wrote:
>
>Trevor Jackson, III ([EMAIL PROTECTED]) wrote
>]Further, you are assuming that clock drift is unpredictable.
>]This is simply invalid.
>
> No. You are wrong. Since quartz crystals have mechanical losses, they
> will have thermal noise, for the same mathematical reason that
> resistor has thermal noise.
No one has disagreed with this. What the problem is is that this is
a third or fourth order effect, completly swamped by predictable
sources of variation.
>] Given a small sample of measurements it is straightforward to
>]extrapolate the drift. That means it is predictable. That means it isn't
>]random. That means your argument fails.
>
> No, - it means that you a) did not read my post, where I said that
> systematic drift can and should be eliminated
> b) do not understand why random noise will produce truly random clock
> drift.
Sure, if you PERFECTLY identify EVERY SINGLE predictable component
of the drift and PEFECTLY correct for EVERY ONE, what you have left
is by definition, unpredictable. This is like tossing a two headed
coin and correcting for the bias by calling H-T a one, T-H a zero, and
discarding all H-H and T-T results. In theory this gives you a random
bitstream. In practice the bitstream is a quite predictable lack
of output bits.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 28 Jan 2000 07:40:36 EST
In article <86qrom$hck$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Michael Kagalenko) wrote:
> You did not show that you undestand my argument, which has
> to do with clock drift originating from thermally random (meaning,
> resulting from quartz's coupling to thermodynamical reservoir, as per
> fluctuation-disspation theorem) noise.
If fluctuation-disspation theorem leads you to believe that crystals
act in ways that I can see with my own eyes they don't, then either
fluctuation-disspation theorem is wrong or YOU don't understand it.
Tell me, have you ever looked at the signal coming from a crystal
with a jitter test set? Done a spectrum analysis of the signal?
performed long term tests with multiple crystals? Hooked an
oscilloscope or frequency counter to a Crystal? I have, and I
assure you that Crytal oscillators don't act the way you think
that they do.
------------------------------
From: [EMAIL PROTECTED] (Terje Elde)
Subject: Re: Court cases on DVD hacking is a problem for all of us
Date: Fri, 28 Jan 2000 12:42:25 GMT
In article <[EMAIL PROTECTED]>, Samuel Paik wrote:
>The CSS algorithm details *were* posted anonymously. It isn't
>clear from here whether the DeCSS authors reverse-engineered
>the algorithm independently, were the originators of the post,
>or relied on the information in the post. They apparently found
>the player key from examining the executable of a software DVD player.
AFAIK The DeCSS program distributed by JJ is nothing more than a hack put
together to use the code extracted from a Xing software player by "Masters
of Reverse Enginering" or some such group. There are no real efforts
behind this other than doing the glue stuff to allow windows users to take
advantage of the codes to get the actual data.
His work has nothing to do with crypto.
Please keep in mind they I might be wrong, as I'm working with second hand
info here.
And while keeping the off topic thread (still working with second hand
information): Norway has such great laws giving you pretty much no rights
when you are arrested, not rigt to see a lawyer for the first 4 hours or
some such, and if you refuse to talk during those 4 hours, the time period
is extended.
Terje ELde
--
Ex, de... Yv oek sqd huqt jxyi jxud jxqj cuqdi oek'lu rheaud co
udshofjyed. DEM te oek iuu mxo mu duut ijhedw shofje?
------------------------------
From: [EMAIL PROTECTED] (Terje Elde)
Subject: Re: DVD: CSS comments??
Date: Fri, 28 Jan 2000 12:42:34 GMT
In article <[EMAIL PROTECTED]>, Terje Mathisen wrote:
>A games programmer (Frank Stephenson???) from Funcom here in Oslo,
>Norway have published a cryptanalysis of CSS, which I've read.
>
>It is really quite bad, in that they didn't even get close to the 40
>bits of effective key length that export restrictions might have limited
>them to.
They got the complexity down to 8 bits, right?
Terje Elde
--
Ex, de... Yv oek sqd huqt jxyi jxud jxqj cuqdi oek'lu rheaud co
udshofjyed. DEM te oek iuu mxo mu duut ijhedw shofje?
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 28 Jan 2000 07:52:31 EST
In article <86qsmh$pkc$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Michael Kagalenko) wrote:
> That means that you have not understood the physics of Brownian
> random walk. Please, re-read the lectures once again, this time
> paying attention.
PU-LEEZE... There is no amount of understanding of the physics of
Brownian random walks that in any way leads to the conclusion that
this is how crystals behave. Do you have any evidence that they do?
No. Do I have evidence for my claims? Yes. Eye witness testimony
and a large body of electronics research that you have never
bothered to read.
I can tell you why you are wrong. You have failed to understand
the effect of increased international travel on language diversity.
Once you become an expert on this you will see that quartz crysyals
don't act the way you think they do. If you disagree with me, it's
because you don't know enough sociology and linguistics. Do your
homework. Please, retake your classes in these subjects once again,
this time paying attention.
See? I can do it too!
------------------------------
From: [EMAIL PROTECTED] (Sandy Harris)
Subject: Re: DVD: CSS comments??
Date: 28 Jan 2000 12:54:08 GMT
[EMAIL PROTECTED] (Terje Mathisen) spake thus:
>A games programmer (Frank Stephenson???) from Funcom here in Oslo,
>Norway have published a cryptanalysis of CSS, which I've read.
Is that available on the web or for FTP? I'd like to look at it.
More important, do the defense in the DeCSS case have it?
>It is really quite bad, in that they didn't even get close to the 40
>bits of effective key length that export restrictions might have limited
>them to.
No doubt.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
