Cryptography-Digest Digest #199, Volume #11 Fri, 25 Feb 00 13:13:01 EST
Contents:
Re: US secret agents work at Microsoft claims French intelligence report (Dave
Hazelwood)
Re: NIST, AES at RSA conference ([EMAIL PROTECTED])
are self-shredding files possible? ("Thomas Moore")
Re: I had me an Idea (Dynamic Key Encription) (Frank Gifford)
Re: Processor speeds. (Tim Tyler)
Re: are self-shredding files possible? (John Savard)
Re: DES algorithm (Bodo Moeller)
Re: Passwords secure against dictionary attacks? (Ross Richards)
Re: DES algorithm ("ink")
Re: are self-shredding files possible? ("Jeffrey A. Six")
Re: I had me an Idea (Dynamic Key Encription) ([EMAIL PROTECTED])
Re: are self-shredding files possible? ([EMAIL PROTECTED])
Re: US secret agents work at Microsoft claims French intelligence report
([EMAIL PROTECTED])
Re: are self-shredding files possible? (Wilfried Kramer)
Re: NSA now has a FAQ (Darren New)
Re: NSA now has a FAQ (Volker Hetzer)
protocols with limited transfer? (David A Molnar)
Nanotechnology (Mok-Kong Shen)
Re: DES algorithm (Bodo Moeller)
Re: Crypto Speeds... (Jean Marc Dieu)
Re: are self-shredding files possible? (Michael Sierchio)
Re: FIRST TIME! (Mok-Kong Shen)
Re: Digital Tontines [Was: FIRST TIME!] (Mok-Kong Shen)
Re: Largest known prime (Mok-Kong Shen)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Dave Hazelwood)
Subject: Re: US secret agents work at Microsoft claims French intelligence report
Date: Fri, 25 Feb 2000 14:14:30 GMT
David Hopwood <[EMAIL PROTECTED]> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Dave Hazelwood wrote:
>> According to the report, "it would seem that the creation of Microsoft
>> was largely supported, not least financially, by the NSA, and that IBM
>> was made to accept the (Microsoft) MS-DOS operating system by the same
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> administration".
>
>So the NSA really are the bad guys :-)
I have no doubt the NSA started out with a lot of noble people on a
noble mission but as its size, power and burocracy grew they no doubt
became less concerned about the "rules". Then once they had a system
in place that could do a lot of things the "power elite" always finds
a way to justify it no matter what the rules. This happens in all
large organizations. They forget their original purpose. And, in an
organization like the NSA where they can literally do what they like
under the guise of secrecy, well is it any wonder they get corrupted?
I don't much like the thought of my country monitoring peoples phone
calls, faxes and e-mails. To me, those are the things we fought the
last 50+ years against communism to avoid!!!
Did we fight to defeat the commies all that time only to find out that
we are no better than we were told they were?
Begs the question as to whether we really won? Or, maybe even who won?
>
>- --
>David Hopwood <[EMAIL PROTECTED]>
>PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
>RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
>
>"Attempts to control the use of encryption technology are wrong in principle,
>unworkable in practice, and damaging to the long-term economic value of the
>information networks." -- UK Labour Party pre-election policy document
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3i
>Charset: noconv
>
>iQEVAwUBOLSpiDkCAxeYt5gVAQG8wAf+OFb3uxGtyx6ziqR3Wbv4t6tny1vP8GNL
>W+vQigp20ZdC+hWSJW7MSZO3IkgMO9pcsMtuonD+qdFPDyO5ex9QMlrY0j2Bk8he
>B8QkQ5iVXo6E0ERk9qDuXga94ohdwL2WnQFmtNz1bnCPQJUbP8Kv4d0LQjpy72Gp
>wCyafm0wIpLIpY638nLGad2N1ylPV9HAVKMaMpo5pdUw9RamJxXDs7qVWq7Gh8m+
>nzZEtWlkH18Kx7WjaAmHLduKaAYvZNPmt0ZKHeRI5khNGw6tXvF9UoMysUY+zS3L
>1gZ72vVv79Qa0EBUrn9by2Hex69vNkt0RdTRyrhREkZH3QDVt7LjFw==
>=4eGe
>-----END PGP SIGNATURE-----
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NIST, AES at RSA conference
Date: Fri, 25 Feb 2000 14:27:41 GMT
>
> Cipher changing presumably would be a full-handshake event, and bugs
> which result in a cipher mismatch would be immediately evident. Bugs
> which involve the list of acceptable ciphers should be fairly
> straightforward and we *can* test for those. What remains is the
> random selection process, which already had to be visited in system
> design anyway (for message keys). So I don't see a large opportunity
> for error; this is a limited, well-controlled extension.
It would be very usefull if you discuss in more detail your
implementation ideas. I agree with Tim that it makes perfect sense, if
you have a handfull of good ciphers why not use them.
I raised this in an earlier thread, and even suggested the idea of
using ciphers of different block/key size together....
One comment by Bruce Schneier was that he suggested putting the cipher
with the largest blok in the outer loop and the smaller blocks in the
inner loop. He also suggested that if you start with say a 128 bit
block cipher, the next round you would use two 64 bit ciphers in
parallel.
I cant see any significant problems in randomley negotiating which
ciphers to use.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Thomas Moore" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,alt.security.scramdisk,comp.security.pgp.discuss
Subject: are self-shredding files possible?
Date: Fri, 25 Feb 2000 15:04:14 GMT
Does anyone know if self-shredding files are possible? I'm thinking of
something along the lines of a PGP self-decrypting file, that anyone can
decrypt without having to have PGP. Wouldn't it be convenient to add
"self-shred" to certain files so that anyone could permanently and securely
delete them?
If anyone knows of an existing utility that has a self-shred function,
please post the name and/or URL.
If you know that self-shredding is not possible for whatever reason, please
post why. I'm very curious about this and I'm sure that many other people
are, too.
------------------------------
From: [EMAIL PROTECTED] (Frank Gifford)
Subject: Re: I had me an Idea (Dynamic Key Encription)
Date: 25 Feb 2000 10:17:35 -0500
In article <k_ot4.2696$[EMAIL PROTECTED]>,
Tim <[EMAIL PROTECTED]> wrote:
>Each character in the text gets its own "small key". The key comes frome
>pixels of the image. The colors of the pixels are combined with the
>character value to produce and integer. after the Caricter recevs its Small
>Key the algorithm moves on to the next character and pixel.
>
>R = Red Value of the Pixel
>G = Green Value of the Pixel
>B = Blue Value of the Pixel
>C = Character
>E = Encrypted Value
>
>E = (C+ R- G+ B) * R
>
>C= (E / R) - R + G- B
There are a couple of immediate drawbacks:
1) The encrypted text is much larger than the original cipher text, it
looks to be twice as many bytes.
2) The R pixels can be partially recovered since they must be factors of E.
Although in some cases, there may be many small factors:
74568: 2 2 2 3 13 239
In others there are only a couple factors:
90649: 13 19 367
Further, it would be a reasonable 'first guess' that all values for R, G
and B to be in the range 0..255. So for the '90649' value for E, only the
values of 13, 19, and (13*19=247) are valid for R.
Also, if a given pixel's Red component is a certain color, it is likely
that the neighboring pixels also have Red components which are either the
same or numerically very close. So if the current pixel's Red component
factors are (13, 19) - and a neighboring pixel is 241 (a prime), I would
make the assumtion that the current pixel is really (13*19=247).
With most of the Red pixels found, I can construct an image and see if I
recognize where that image was from (and to also tell me if I'm on the
right track). If I see a person's face, I can be pretty confident that I
figured out the red pixels.
Granted, the green and blue pixels will make for more work - but again,
the pixels are not independent of their neighbors. If I know there is a
region of the image which is pretty static (the background), I may start
using that to recover some of the plaintext.
Hope this gives some food for thought.
-Giff
--
Too busy for a .sig
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Processor speeds.
Reply-To: [EMAIL PROTECTED]
Date: Fri, 25 Feb 2000 15:26:54 GMT
Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
[Re: why not use game consoles to build supercomputers!???]
: I think part of the answer is the phase change that happened more than 25
: years ago. I cannot find the attribution, but the thought is that
: "We do not write software to tell the machine waht to do. We buy hardware
: to execute the software." The translation is that software compatibility
: increasingly outweighs raw hardware performance.
For me the reverse is the case. Much of the software I develop and use is
written in Java. Thus hardware performance increasingly outweighs
software compatibility - since virtually anything with a JVM will do.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Love is chemistry, sex is physics.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: alt.security.pgp,alt.security.scramdisk,comp.security.pgp.discuss
Subject: Re: are self-shredding files possible?
Date: Fri, 25 Feb 2000 08:55:33 GMT
"Thomas Moore" <[EMAIL PROTECTED]> wrote, in part:
>Wouldn't it be convenient to add
>"self-shred" to certain files so that anyone could permanently and securely
>delete them?
That is certainly possible, one can embed a text file in an executable
to perform any task.
What would not be possible is to make a file that is guaranteed to
shred itself, even if the recipient doesn't want to shred it. (One
could make programs that come close, but files can be copied, and
programs can be hacked.)
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Bodo Moeller)
Subject: Re: DES algorithm
Date: 25 Feb 2000 15:58:37 GMT
Jean-Jacques Quisquater <[EMAIL PROTECTED]>:
> See http://www.ams.org/notices/200003/fea-landau.pdf
That articles gives interesting news such as "Triple-DES encryption
does not fall to meet-in-the-middle attacks. Tripe-DES can also be
implemented using just two keys, but this DES variation has been shown
to be about 2^56-bit secure, rather than the 2^108-bit security one
might expect." (Actually this might be the only weird statement
in the article, I just skimmed through it and stopped at that page.)
Are you sure that it is worth reading?
------------------------------
From: Ross Richards <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: Fri, 25 Feb 2000 15:49:12 +0000
Having to type 10 english words with punctuation in would not go down
well with users who have screen saver passwords.....
RR
Runu Knips wrote:
> JimD wrote:
> > How about ten English words with different punctuation symbols
> > as word separators?
>
> Even with only spaces in between this would be okay, because there
> are far too many possibilities for such keys that even fighting
> them with a dictionary would not succeed. Only don't use some
> sentence from a book, or else the attacker can still try to
> use a libary (but at the moment, this would be hard to do).
>
> Btw, such long passwords are called passphrases.
------------------------------
From: "ink" <[EMAIL PROTECTED]>
Subject: Re: DES algorithm
Date: Fri, 25 Feb 2000 17:09:50 +0100
Bodo Moeller schrieb in Nachricht ...
>Jean-Jacques Quisquater <[EMAIL PROTECTED]>:
>
>> See http://www.ams.org/notices/200003/fea-landau.pdf
>
>That articles gives interesting news such as "Triple-DES encryption
>does not fall to meet-in-the-middle attacks. Tripe-DES can also be
>implemented using just two keys, but this DES variation has been shown
>to be about 2^56-bit secure, rather than the 2^108-bit security one
>might expect." (Actually this might be the only weird statement
>in the article, I just skimmed through it and stopped at that page.)
>Are you sure that it is worth reading?
I have to admit that I'm just an interested layman regarding
cryptology, yet I found that article very interesting - can
you tell me what is wrong with it? TIA.
Kurt
--
You couldn't get a clue during the clue mating season in a
field full of horny clues if you smeared your body with clue
musk and did the clue mating dance. (Edward Flaherty)
------------------------------
From: "Jeffrey A. Six" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,alt.security.scramdisk,comp.security.pgp.discuss
Subject: Re: are self-shredding files possible?
Date: Fri, 25 Feb 2000 11:13:20 -0500
You can never "permanently and securely" delete files in the way you
describe. Once the file is opened, or decrypted, the plaintext, or the
contents of the file, are visible. Once this is true, that data can be
saved out in some form. So, even if you can't open the original file
anymore, you could open your new unprotected copy. There is no way to
prevent someone from doing this once they use their "one open."
The only way this could be effective would be if you want to prevent
other people, other than the sender and receipian, from obtaining a copy
later. For instance, if I want to communicate securely with someone, I
send a file that can only be decrypted for one week. After that week,
noone can decrypt it. If I trust who I sent it to not to save another
copy, we're secure in this system. Then, if later me and my message
receipian are forced to make the message available, we can't. This
would be effective for this manner.
-j6
Thomas Moore wrote:
>
> Does anyone know if self-shredding files are possible? I'm thinking of
> something along the lines of a PGP self-decrypting file, that anyone can
> decrypt without having to have PGP. Wouldn't it be convenient to add
> "self-shred" to certain files so that anyone could permanently and securely
> delete them?
>
> If anyone knows of an existing utility that has a self-shred function,
> please post the name and/or URL.
>
> If you know that self-shredding is not possible for whatever reason, please
> post why. I'm very curious about this and I'm sure that many other people
> are, too.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: I had me an Idea (Dynamic Key Encription)
Date: Fri, 25 Feb 2000 16:33:06 GMT
Your post has inspired me to hack together an example of using large keys
and SHA1 to encrypt smaller chunks of text. I've written the sample in
REALbasic, a Macintosh development environment similar to VisualBasic,
and have put up (untested for Win32) binaries and the source code for the
Mac at:
http://thelema.drak.net/plato314/
Probably, most people here will be too paranoic to try it out, but anyone
with a Macintosh and RB can also compile it for himself.
Any coments welcome...
Greetings,
Erich Steinmann
PS. Sorry, I do not post under my real name because I don't want it to be
easy for automated tracking tools to compile profiles on me. For
individuals, it's certainly easy to find out my real name (e.g. by
writing me an email and asking me for it.)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Crossposted-To: alt.security.pgp,alt.security.scramdisk,comp.security.pgp.discuss
From: [EMAIL PROTECTED]
Subject: Re: are self-shredding files possible?
Date: Fri, 25 Feb 2000 16:51:54 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Jeffrey A. Six" wrote:
> You can never "permanently and securely" delete files in the way you
> describe. Once the file is opened, or decrypted, the plaintext, or the
> contents of the file, are visible. Once this is true, that data can be
> saved out in some form. So, even if you can't open the original file
> anymore, you could open your new unprotected copy. There is no way to
> prevent someone from doing this once they use their "one open."
>
> The only way this could be effective would be if you want to prevent
> other people, other than the sender and receipian, from obtaining a copy
> later. For instance, if I want to communicate securely with someone, I
> send a file that can only be decrypted for one week. After that week,
> noone can decrypt it.
even this will not work, he can set computers date back and still decrypt.
- --
Disastry
http://i.am/disastry/
remove .NOSPAM.NET for email reply
=====BEGIN PGP SIGNATURE=====
Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
Comment: get this Plugin at http://disastry.dhs.org/pgp.htm
iQA/AwUBOLaW4zBaTVEuJQxkEQLr2wCffS5O9sYrGaYkSV6UOfWKjdhTVYgAn2jC
PWGJoYCv8MQezOnJugXrXs7N
=DCQm
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: US secret agents work at Microsoft claims French intelligence report
Date: Fri, 25 Feb 2000 16:45:30 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Gordon Walker) wrote:
> On Tue, 22 Feb 2000 18:07:06 GMT, [EMAIL PROTECTED] (Dave
> Hazelwood) wrote:
>
> >Remember the snippet above came from a report by the French
> >Intelligence Service and not some whacko fan of Skully and Moulder.
>
> Actually, the snippet is *reported* to have come from the French
> Intelligence Service. I haven't seen the report and none of the major
> news services seem to have reported on it yet.
It's even worse, it's *reported* to have origined from a newspaper who
have *reported* that it has origined from the French intelligence
service. Also, to suggest that the Microsoft company was created by the
NSA as a part of a devilish plot for world domination (which is
basically what the message does) is plain ridiculous.
This doesn't mean I trust Microsoft security applications, on the
contrary, I'm convinced that they are cooperating with the NSA, and even
if they weren't, their software would be so buggy and filled with
security holes that it could never be regarded as secure.
-Erik Runeson
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Wilfried Kramer <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: are self-shredding files possible?
Date: Fri, 25 Feb 2000 17:07:34 +0100
=46ri, 25 Feb 2000 15:04:14 GMT, Thomas Moore:
>If you know that self-shredding is not possible for whatever reason, =
please
>post why. I'm very curious about this and I'm sure that many other =
people
>are, too.
>
The reason is IMHO very obvious. When you send a file to a recipient, he
(or she) must take some action to read it. Of course it is possible to
create a file, securely deleting itself after (or while) displaying the
message.
But the recipient can make a local copy _before_ reading it. How do you
intend to handle this?
Bye,
Wilfried (from Hamburg)
=46up2 sci.crypt. My newsserver refuses to accept crossposts without a
=46up2.
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: NSA now has a FAQ
Date: Fri, 25 Feb 2000 17:22:56 GMT
> http://www.nsa.gov:8080/about_nsa/faqs_internet.html
Somehow, I expected to go there, and see a whole bunch of Frequently Asked
Questions, and no answers. ;-)
--
Darren New / Senior MTS / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
There is no safety in disarming only the fearful.
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: NSA now has a FAQ
Date: Fri, 25 Feb 2000 17:26:05 +0000
"Douglas A. Gwyn" wrote:
>
> http://www.nsa.gov:8080/about_nsa/faqs_internet.html
I liked it. Especially the part about "declassifying" paper, films
and printed circuit boards. :-)
Greetings!
Volker
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: protocols with limited transfer?
Date: 25 Feb 2000 17:25:50 GMT
Hi,
I was just skimming Birgit Pfitzmann and Michael Waidner's
"Unconditionally Untraceable and Fault-tolerant Broadcast and Secret
Ballot Election."
http://www.semper.org/sirene/publ/PfWa5_92DC1_1IB.ps.gz
In it, they mention a primitive called "pseudosignatures". These are
signatures which can only "transferred" N times, in this sense :
If Alice has a pseudosignature on a message which is good for 2
transfers, then she can give it to Bob, and Bob can give it to Carol,
but afterwards the pseudosignature has "run out" and Carol can't
give the pseudosignature to anyone else. It seems to be something like
a MAC, but unlike a MAC can be used to show 3rd parties a message is
correct. It also seems fairly annoying as stated, with a serious
amount of setup required. :-(
So this is kind of interesting - especially when thinking about how to
delegate some kind of credential so that you can enforce limits on its
use. or just in general interesting.
So I was wondering : what other protocols are there which have this
flavor of "limited transfer" or "no transfer"?
Two other similar things I know of :
"Designated Verifier Proofs" : Jakobsson, Impagliazzo, and Sako.
http://www.bell-labs.com/user/markusj/dvp.ps
Creates signatures which are valid for
a single "designated verifier", but not
for anyone else. So _no_ transferability
at all!
(recently extended for "abuse-free contract
signing" -- contracting parties can't tell
anyone else that they even have a contract!)
and
"Self-Delegation with Controlled Propagation"
Birgit Pfitzmann, Oded Goldreich, Ron Rivest
CRYPTO '98 also Theory of Crypto Library at
http://philby.ucsd.edu/cryptolib/psfiles/97-12r2.ps
"Pseudonym Systems"
Anna Lysyanskaya, Amit Sahai, Stefan Wolf, Ron Rivest
Selected Areas in Cryptography '99
"Homage : A Secure Resource-Efficient Group ID Protocol"
Ben Handley
Financial Crypto 2000
All of these have credentials which include part or all of the
user's private key. If the user tries to give away the
credential, they end up possibly giving away their entire
private key. The user may still be able to prove that they have
such a credential to someone other than the credential issuer,
if they want to, without actually transferring it.
So has anyone seen anything else along these lines ?
can think of anything else?
Thanks,
-David
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Nanotechnology
Date: Fri, 25 Feb 2000 18:39:26 +0100
Recently I read a few papers on nanotechnology (a short English
one is in IEEE Computer, Jan 00). It is interesting to note to
what surprising extent the predictions of Feynman of 1959 have
become true. One historical fact mentioned in a paper I read is
that a paragraph Feynman's 1959 lecture, consisting of 115 words,
was later put onto an area that is one thousandth of the size of
the head of a needle. It is reasonable to assume that this
lithographic technique has further advanced in the meantime.
It may be of interest to note that in this specific area of
nanotechnology, namely lithography, the technique is not
unprecedented. Kahn's book (p.525-6) mentions the microdot,
which was employed by German agents in WWII.
In previous discussions of this group on one-time pad, I remember
that one of the disadvantages being stressed is the inconvenience
of transport, requiring under reasonable operating conditions
a high number of CDs to store the large volume of bits of the OTP
needed. However, using nanotechnology, it seems that the problem
can be practically solved, though the cost involved probably is
a barrier for most applications that potentially could utilize
(good though non-ideal) OTPs.
Does anyone happen to have informations concerning current
applications of nanotechnology to cryptology? Thanks.
M. K. Shen
============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED] (Bodo Moeller)
Subject: Re: DES algorithm
Date: 25 Feb 2000 17:37:18 GMT
ink <[EMAIL PROTECTED]>:
>> That articles gives interesting news such as "Triple-DES encryption
>> does not fall to meet-in-the-middle attacks. Tripe-DES can also be
>> implemented using just two keys, but this DES variation has been shown
>> to be about 2^56-bit secure, rather than the 2^108-bit security one
>> might expect." (Actually this might be the only weird statement
>> in the article, I just skimmed through it and stopped at that page.)
>> Are you sure that it is worth reading?
> [...] I found that article very interesting - can
> you tell me what is wrong with it?
Triple-DES with three DES keys does not give the full security that
one might expect of the keylength, 168 bits. There are meet-in-the-middle
attacks which reduce the attacker's work to about an equivalent
of twice the DES key-length (but memory requirements are higher than
for brute force key-search). This makes three-key triple-DES
about as secure as two-key triple-DES. To claim that two-key
triple-DES has the security of single-DES ("... about 2^56-bit
secure") is nonsense.
------------------------------
From: Jean Marc Dieu <[EMAIL PROTECTED]>
Subject: Re: Crypto Speeds...
Date: Fri, 25 Feb 2000 18:52:03 +0100
Is there any place on the Internet where we can find specific
information about speeds with specific processors and specific
operations? (Benchmarks, etc...). Fr example, what is the time required
by Processor 'X' at speed 'Y' MHz to perform an hashing of a (say) 10Mb
document using (say) RIPEMD160?
Jean Marc
Runu Knips wrote:
>
> John wrote:
> > What would be an average or "acceptable" speed for encryption on
> > a pentium 3 processor at 500mnz?
>
> Well a general question with useless details (why such a specific
> processor?) results in a general answer. For any operation, if the
> user waits...
>
> <= 0.1s - excellent, no need for optimizations anymore
> 0.2..0.3s - good, optimizations not necessary except if this is the
> response time for really minor operations (for example,
> inserting a character into a text file, or displaying
> a menu).
> 0.5..1s - okay if the operation is nontrivial (loading a large
> document etc).
> 2..5s - okay for longer jobs
> >5s - bad, display something like a progress bar and inform
> the user (a) whats going on (b) how long he has to
> wait (c) the computer isn't crashed, but is doing
> something
>
> In other words, what do you want to know ? There is symmetric
> encryption, and there is asymmetric encryption. For each class,
> there are many different algorithms, where the faster ones are
> often less secure and the slower ones are sometimes more
> secure. If you use GnuPG or OpenSSL you will have very good
> performance, near the best you can get, except if you really
> compare them with full assembly implementations.
------------------------------
From: Michael Sierchio <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,alt.security.scramdisk,comp.security.pgp.discuss
Subject: Re: are self-shredding files possible?
Date: Fri, 25 Feb 2000 10:00:11 -0800
"Jeffrey A. Six" wrote:
>
> You can never "permanently and securely" delete files in the way you
> describe. Once the file is opened, or decrypted, the plaintext, or the
> contents of the file, are visible. Once this is true, that data can be
> saved out in some form.
You're describing a deliberate act of sabotage. But files can certainly
be deleted in the manner described, even without an embedded executable.
See http://www.disappearing.com/
The current business solution they currently offer is email retention/
automatic deletion, but the technology is applicable to any type of
electronic document. Sure, anyone can -- print, do a screen dump, etc.
But you probably wouldn't sabotage yourself.
Encrypted data for which no key exists might as well be random bits --
even if you can guess a few plaintext bits at the beginning of the
message because you know it is, for example, an email message.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: FIRST TIME!
Date: Fri, 25 Feb 2000 19:10:27 +0100
wtshaw wrote:
>
> Gaines has a good write up on it. Funny thing, after revising a paper
> today, I was messing around with grilles, which can be of several types.
> All are considered trivial once you identify the type.
>
> I've thought about how to do a program for them, so I make a note on the
> subject from time to time. Grilles are at best a redundant transposition
> cipher, just look harder that the are. The trick in programming is to
> build a sensible key structure, and electronically turn that into a
> permutation to apply to the message.
Grilles are certainly weak. But, if there are lots of nulls, the
task might not be entirely straightforward, I am afraid.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Digital Tontines [Was: FIRST TIME!]
Date: Fri, 25 Feb 2000 19:10:37 +0100
Matthew S. Hamrick wrote:
>
> 5) Patent protection. Assuming that this idea is novel, is disclosing on
> this newsgroup sufficient to prevent someone from filing for a patent on
> this later, or should I try to write this up and get it published in a
> 'normal' journal?
None of the above means, at least if you want also an European patent.
The only way is to actually apply for a patent.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Largest known prime
Date: Fri, 25 Feb 2000 19:10:42 +0100
Rick Heylen wrote:
>
> Old news I'm afraid. The current largest known prime is probably
> 2^6972593-1
> See http://www.mersenne.org/status.htm
If I understand the informations there correctly, the above one
is the largest that has been checked independently. On the occassion
I learned about that number, I read a claim that such huge primes
could be of utility in cryptology. Could someone please elaborate
on that (for practical applications)? Thanks.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
