Cryptography-Digest Digest #130, Volume #11 Tue, 15 Feb 00 21:13:01 EST
Contents:
Re: UK publishes 'impossible' decryption law (Bruce Stephens)
Re: UK publishes 'impossible' decryption law ("Dave VanHorn")
Re: UK publishes 'impossible' decryption law (zapzing)
Re: Newbie - Determining encryption Bit Level ("Brian Bosh")
Disregaurd last post Re: Newbie - Determining encryption Bit Level ("Brian Bosh")
source code export laws (Jeremiah)
Re: Disregaurd last post Re: Newbie - Determining encryption Bit Level (John Savard)
OTP practical implementation (Dan)
Re: Guaranteed Public Key Exchanges (Ralph Hilton)
Re: Does the NSA have ALL Possible PGP keys? (Steve K)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Jerry Coffin)
Re: Which compression is best? (wtshaw)
Re: Basic Crypto Question 3 (wtshaw)
Re: What are these Rot-45, Rot-13, Rot-5 algorithms? ("Trevor Jackson, III")
Re: Basic Crypto Question 3 (wtshaw)
Re: Does the NSA have ALL Possible PGP keys? ("Trevor Jackson, III")
Re: Quastion about RSA function. Help!!!! (NFN NMI L.)
Re: Basic Crypto Question 3 ("Trevor Jackson, III")
Re: Q: Division in GF(2^n) (David Hopwood)
Re: Counter mode (was Re: Period of cycles in OFB mode) (David Hopwood)
Re: New standart for encryption software. (Boris Kazak)
Re: UK publishes 'impossible' decryption law (Mike Eisler)
----------------------------------------------------------------------------
From: Bruce Stephens <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: UK publishes 'impossible' decryption law
Date: 15 Feb 2000 21:41:06 +0000
Adam Lock <[EMAIL PROTECTED]> writes:
> David Crick wrote:
> >
> > Adam Lock wrote:
> > >
> > [snip]
> > > In other words, the Police cannot prove that I haven't handed over
> > > the keys but I can still keep my secrets safe if I want to.
> >
> > Unfortunately, they don't have to prove anything. *You* have to
> > prove you don't have the key(s).
>
> If were innocent I *can't* prove I know the other keys because they are
> completely random. Neither can the police prove that I am withholding
> one.
Much as I hate to defend the obviously stupid proposed law, according
to most descriptions I've read, the police *do* need to prove
something: they need to show that I did have the key. i.e., it would
not (under the current proposal) be a crime not to decrypt encrypted
material when suitably told to do so unless the police could show that
you once had the key. (This is one of the improvements over the
previous proposal where, astonishingly, that wasn't necessary.)
------------------------------
From: "Dave VanHorn" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: UK publishes 'impossible' decryption law
Date: Tue, 15 Feb 2000 22:34:03 GMT
Things like this make me glad my ancestors booked passage.
========
Are you an ISP?
Are you tired of dealing with SPAM?
We can help.
http://www.spamwhack.com
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: UK publishes 'impossible' decryption law
Date: Tue, 15 Feb 2000 22:25:33 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Dave Hazelwood) wrote:
>
>
> The world as we know it has finally gone out of its fucking mind.
>
> Perhaps it is time for people who really understand the digital
> era to take the reins of power?
>
> Send those funny old men in their wigs out to pasture once and for
> all??
>
What makes you think we're *not* seizing the
reins of power? MuuaaHaHaHaHaHa
--
Do as thou thinkest best.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Brian Bosh" <[EMAIL PROTECTED]>
Subject: Re: Newbie - Determining encryption Bit Level
Date: Tue, 15 Feb 2000 16:22:34 -0700
I'm sorry, I didn't phrase that properly. How do you determine the
encryption bit level is, like 128 Kbps?
Brian
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Brian Bosh wrote:
> > How do you determine the encryption bit rate is?
>
> Time how long it takes to run a known amount of data through the
> encryption system and divide. Duuh.
------------------------------
From: "Brian Bosh" <[EMAIL PROTECTED]>
Subject: Disregaurd last post Re: Newbie - Determining encryption Bit Level
Date: Tue, 15 Feb 2000 16:23:46 -0700
DAMN IT, I'm not thinking!
Like Secure sites like Amazon use 128 Bit encryption (Not KBPS!)!
Brian
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Brian Bosh wrote:
> > How do you determine the encryption bit rate is?
>
> Time how long it takes to run a known amount of data through the
> encryption system and divide. Duuh.
------------------------------
From: Jeremiah <[EMAIL PROTECTED]>
Subject: source code export laws
Date: Tue, 15 Feb 2000 18:55:31 -0500
I am wanting to put the source code of a lot of encryption algorithms up
on the internet. What are the laws for me doing this?
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Disregaurd last post Re: Newbie - Determining encryption Bit Level
Date: Tue, 15 Feb 2000 17:01:04 GMT
"Brian Bosh" <[EMAIL PROTECTED]> wrote, in part:
>DAMN IT, I'm not thinking!
>Like Secure sites like Amazon use 128 Bit encryption (Not KBPS!)!
Ah, if that's what you mean, 128 bit encryption means that the _key_
used for the encryption is 128 bits long. More specifically, the key
for the symmetric-key portion of the encryption is 128-bits long.
That means that there are 2 raised to the 128th power possible
different keys for that encryption, and so that is a measure of how
hard it is for someone to decode your messages just by guessing the
right key or trying every key till they find the right one.
2 to the 10th power is 1,024, so 2^120 is about 10^36, so 2 to the
128th power is more than
256,000,000,000,000,000,000,000,000,000,000,000,000.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Dan <[EMAIL PROTECTED]>
Subject: OTP practical implementation
Date: Wed, 16 Feb 2000 00:04:26 GMT
As a given, assume that I have two identical sets of n CD-ROMs each
containing 650Mb of true random data. Each CD-ROM also has a unique
internal and external id.
Is there any available software, hopefully shareware/freeware, that
manages the practical use of my random data as an OTP? Specifically the
reformatting of the text, encryption/decryption of the text and
management of the offset within the random data to start the
encryption/decryption (does the offset information travel with the
encrypted data as clear text?)?
Thanks for your time and help.
------------------------------
From: Ralph Hilton <[EMAIL PROTECTED]>
Subject: Re: Guaranteed Public Key Exchanges
Date: Wed, 16 Feb 2000 01:09:45 +0100
Reply-To: [EMAIL PROTECTED]
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
On Tue, 15 Feb 2000 18:50:04 GMT, Darren New <[EMAIL PROTECTED]> wrote:
>Ralph Hilton wrote:
>> On Tue, 15 Feb 2000 02:15:33 GMT, Darren New <[EMAIL PROTECTED]> wrote:
>>
>> >Or, to be even more susinct:
>> >
>> >If there are multiple people who can read mail to and send mail from
>> >the same address (both your intended recipient and the MITM), and you
>> >have no way to distinguish them, then no, you have no way of
>> >communicating with only one of them. Simple, yes? :-)
>>
>> No. By using the DH key exchange from a publicly announced message one
>> can get a return of several messages each with part of a key, One
>> creates a full key for each of the respondents.
>
>How do you know? If John and Mary can both read the email, and you can't
>tell them apart, then it might be John answering all your mail, or it
>might be Mary answering all your mail, or it might be one answering some
>and one answering others. How do you know you have a full key for each of
>the respondents?
Because either John or Mary or each individually would have a secret
number used to create their part of the key and couldn't read each others
messages (unless they tell each other which means that one is effectively
dealing with one correspondent anyway).
>> One uses each of the keys thus
>> obtained as a one-time pad for a message detailing future security.
>
>It wouldn't be a one-time pad, either.
ok. Call it a key that just gets used once.
>> Thus one has separated out one's respondents and know, given adequate
>> key and encryption methodologies, that one is only communicating at any
>> time to only one of the identities.
>
>But even if...
>
>> Having established the secure communication line to each one can
>> establish by detailed interrogation who the actual original intended
>> recipient is if one has sufficient data and mutual contacts.
>
>Well, the original problem was you do *not* have any sufficient data or
>mutual contacts. If you did, you'd just include the public key
>fingerprint in the same presumedly-secure exchange that got you the email
>address. See? Look...
>
>"... and you have no way to distinguish them ..."
>
>Hence, it doesn't matter how secure your communication is. You still
>can't tell the good guys from the bad guys.
>
>> Can you give a realistic scenario where one would not be able to
>> differentiate?
>
>Yeah. The original question. Your boss comes up to you and says "Send a
>copy of our trade secret stuff to Joe Hinkle. He's at [EMAIL PROTECTED]
>Make sure nobody else can see it, including [EMAIL PROTECTED]"
>
>I contend that if that's all the info you have, you can't do it.
ok. If that is ALL the data one has.
I would suggest that if one's boss is willing to send trade secrets to Joe
Hinkle only knowing his name and email address then he deserves his
inevitable fate.
In a totally theoretical model I can't fault your reasoning. The original
question appeared to me to be founded on a possible realistic situation.
=====BEGIN PGP SIGNATURE=====
Version: 6.5.1ckt
iQA/AwUBOKnco0Cdrg0RcyHQEQIucQCcCnUuX69FDi+Ik5cTEl2JlZ23k2MAn21r
ZDT2oIkP4TGs6KvPc8tRxqHD
=EBj1
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Wed, 16 Feb 2000 00:24:06 GMT
I just read most of this thread, and it's a very silly thread.
One side is saying, "I am as smart as any moneky in this tree, and I
know for a fact that the bigger monkeys higher in the tree could beat
yours or my ass any time they really wanted to. Math? What's that?
Ook ook eek eek!"
And the other monkeys are saying, "vYlbBW FQ/9aTb XP2SCgxz TwOMVNFCW
cn46471neY bnfMjPoniXT/ +Sv78VLmY8i Mk5h5so+LoXy2v eK+Ii6zdrooTqKM110
nrd40yRSd ZYj3siucpL60 UfF5T+u5pz0UzS15c8 c1Ymc1+ULr4yJc+lrtifhTeT
zDDWk9KVtQ Joszy2odeZxaK8OQiT3E h+tN 4Vm9L+C/ Xo8oWe Nya4uZ
xcaVYa2X/QYG6 3HKzoY 2POzOjR WXbO MMUv3A3kmvk FCkYuqPniPW"
Well actually, that is what the 1st monkey mentioned above sees and
hears when the math is explained...
In all fairness, it took a long time and a lot of study for me to
decide that modern crypto is about as good as the experts say it is.
After all, we're all monkeys in this tree, and I'm no exception.
Until or unless a person does the homework, asking him or her to
believe that a cipher is unbreakable (by a "fair" mathematical
attack), is really too much. It does not seem likely, on an intuitive
basis. Nobody who doesn't study up on the subject should believe in
unbreakable ciphers. So all I can add to the "debate" is a couple of
suggestions:
To the folks who admit that they don't know anything about crypto, but
insist that "The Government" can break any cipher if they really want
to: Consider that this is an opinion based on raw emotion, not
knowlege, and that being so rigidly and publicly attached to it makes
ya look kind of dumb. Especially in a forum that's full of crypto
geeks to begin with.
To the crypto geeks: Contemplate the sage advice of the great W.C.
Fields on the subject of trying to wise certain people up. Guys, it
can't be done. Either they get interested enough to study and the
literature and follow the logic of it, or they don't. You have
practically no influence over that choice.
:o)
Steve
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP key 0x5D016218
All others have been revoked.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Tue, 15 Feb 2000 17:37:22 -0700
In article <88bncu$e4o$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> > Record last updated on 06-Nov-1998.
>
> Note the date! RSA Security changed its name in fall of 1999.
> The database is out of date!
I saw the date -- part of the message you snipped included the fact
that 1) it still belongs to RSA Data Security, Inc., and 2) the exact
people at RSA Data Security, Inc. who are responsible for keeping it
up to date.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Which compression is best?
Date: Tue, 15 Feb 2000 17:50:34 -0600
In article <[EMAIL PROTECTED]>, Runu Knips
<[EMAIL PROTECTED]> wrote:
>
> Compression adds a KNOWN and FIXED structure which makes attacks
> easier, not harder.
Ah...the problem is that larger redundant structures are so much easier to
spot then smaller; just when does a pile of bricks begin looking like a
house? Compression algorithms are like other collections of algorithms,
probably too varied to make pat statements stand except for the few that
seem to support such a statement. The key to the debate error in logic on
them is when you have to cull those that do not support your view in order
to justify your view.
--
Let's all sit back an watch the inhabitants of the political zoo
perform in three rings. It's more exciting than soap operas. Then
vote out anyone who has been in long enough to abuse things.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Basic Crypto Question 3
Date: Tue, 15 Feb 2000 18:20:09 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> >
>
> > It may well be that weakness of certain combinations are best seen with
> > other than unique keys. Knowing the answers is not a penalty, but an
> > advantage in trying to understand interaction. It may be that there are
> > not similar keys, but complementary keys that conspire against full
> > combined strength.
>
> The probability of using such complementary keys by chance is
> presumably extremely small. A stupid question: Should we take that
> risk seriously or not in practice?
>
It would be serious if two designers used key structures that were only
really different on the surface. Consider that simple initial
transposition, a la DES, might be omitted or different in one, leaving
*different* algorithm much the same. substitution might be also used in
the sme manner. What we want is grossly different key structures and
implementations in chaining.
--
Let's all sit back an watch the inhabitants of the political zoo
perform in three rings. It's more exciting than soap operas. Then
vote out anyone who has been in long enough to abuse things.
------------------------------
Date: Tue, 15 Feb 2000 20:31:15 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: What are these Rot-45, Rot-13, Rot-5 algorithms?
Tim Tyler wrote:
> Runu Knips <[EMAIL PROTECTED]> wrote:
>
> : And I wonder what ROT45 should be - because there are only 26
> : alphabetic characters ... (ROT13(ROT13(x)) == x for any x).
>
> 13 is used since no direction of rotation need be specified.
>
> Rot-5 and Rot-45 don't appear in any references to obscuring text I can find.
>
> Perhaps the answer is that ROT45 is a composite sometimes used in Logo ;-)
I've never seen reference to rot-45, but I have seen reference to rot-47. rot-5
is useful in databases containing predominantly numeric data.
>
> --
> __________
> |im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
>
> Counting in binary is like counting in decimal, if you are all thumbs.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Basic Crypto Question 3
Date: Tue, 15 Feb 2000 18:29:51 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> John Savard wrote:
> >
..
> > It is just a specific condition for a specific case, not an attempt to
> > say that ciphers which expand the plaintext are "bad". It's just that
> > it's easier to see, and simpler to prove, that certain funny things
> > don't happen if there's no room to do them in.
>
> A stupid question: How would one place those homophone encryptions
> that expand the plaintext (in terms of number of bits) in the above
> contexts?
>
There is more apt to be in trouble looking for problems in a muddy design
or convoluted source code. Good designs should be easy to follow as a
start. This is more important than constant size vs. not. A stronger
algorithm does not mean it is more easier to make weaker.
--
Let's all sit back an watch the inhabitants of the political zoo
perform in three rings. It's more exciting than soap operas. Then
vote out anyone who has been in long enough to abuse things.
------------------------------
Date: Tue, 15 Feb 2000 20:37:01 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Steve K wrote:
> I just read most of this thread, and it's a very silly thread.
>
> One side is saying, "I am as smart as any moneky in this tree, and I
> know for a fact that the bigger monkeys higher in the tree could beat
> yours or my ass any time they really wanted to. Math? What's that?
> Ook ook eek eek!"
>
> And the other monkeys are saying, "vYlbBW FQ/9aTb XP2SCgxz TwOMVNFCW
> cn46471neY bnfMjPoniXT/ +Sv78VLmY8i Mk5h5so+LoXy2v eK+Ii6zdrooTqKM110
> nrd40yRSd ZYj3siucpL60 UfF5T+u5pz0UzS15c8 c1Ymc1+ULr4yJc+lrtifhTeT
> zDDWk9KVtQ Joszy2odeZxaK8OQiT3E h+tN 4Vm9L+C/ Xo8oWe Nya4uZ
> xcaVYa2X/QYG6 3HKzoY 2POzOjR WXbO MMUv3A3kmvk FCkYuqPniPW"
>
> Well actually, that is what the 1st monkey mentioned above sees and
> hears when the math is explained...
>
> In all fairness, it took a long time and a lot of study for me to
> decide that modern crypto is about as good as the experts say it is.
> After all, we're all monkeys in this tree, and I'm no exception.
> Until or unless a person does the homework, asking him or her to
> believe that a cipher is unbreakable (by a "fair" mathematical
> attack), is really too much. It does not seem likely, on an intuitive
> basis. Nobody who doesn't study up on the subject should believe in
> unbreakable ciphers. So all I can add to the "debate" is a couple of
> suggestions:
>
> To the folks who admit that they don't know anything about crypto, but
> insist that "The Government" can break any cipher if they really want
> to: Consider that this is an opinion based on raw emotion, not
> knowlege, and that being so rigidly and publicly attached to it makes
> ya look kind of dumb. Especially in a forum that's full of crypto
> geeks to begin with.
>
> To the crypto geeks: Contemplate the sage advice of the great W.C.
> Fields on the subject of trying to wise certain people up. Guys, it
> can't be done. Either they get interested enough to study and the
> literature and follow the logic of it, or they don't. You have
> practically no influence over that choice.
Agreed.
But the reader/writer ratio is high. And it is worth some effort to
refute silliness in the interest of maintaining a sensible perspective for
the non-vocal, but astute readers.
------------------------------
From: [EMAIL PROTECTED] (NFN NMI L.)
Subject: Re: Quastion about RSA function. Help!!!!
Date: 16 Feb 2000 01:37:25 GMT
<<Who knows why Y^d(mod n) is the reverse function for original RSA function :
X^e(mod n).>>
Because of the way that d and e are generated.
S.T.L.
------------------------------
Date: Tue, 15 Feb 2000 20:47:32 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Basic Crypto Question 3
John Savard wrote:
> [EMAIL PROTECTED] (David Wagner) wrote, in part:
>
> >The example is under
> >a probable-plaintext attack model (you know the ciphertext, you
> >know the distribution on the plaintext, nothing else).
>
> >The example shows that cascades are trickier than you might expect,
> >and that there is a definite need for precise, formal, rigorous
> >reasoning here, lest we be swayed by misleading intuition.
>
> The reference, I presume, is "Cascade Ciphers: The Importance of Being
> First". I'll look it up: but I think I already see what I've omitted.
>
> Given that the plaintexts are not uniform in probability, the first
> cipher could produce ciphertexts which are nonuniform in a way that is
> more useful in an attack on the second cipher.
>
> For one cipher to be designed based on the identity of the next cipher
> in the cascade is an interaction of sorts, and the need to compress
> the plaintext (so as to remove easily exploitable characteristics,
> such as the first bit in every byte being constant) is highlited.
>
> While it is important to find out all the possible pitfalls of cipher
> cascades, I don't think that people ought to be scared away from using
> them: these difficulties are largely theoretical, as long as one isn't
> allowing an attacker to pick any part of the cascade one is using.
> (Were that the case, all those dangers would, of course, be very
> real.)
If such structure were a serious threat inter-stage masking with a good
PRNG should eliminate the interaction.
------------------------------
Date: Wed, 16 Feb 2000 01:27:34 +0000
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Q: Division in GF(2^n)
=====BEGIN PGP SIGNED MESSAGE=====
Mok-Kong Shen wrote:
>
> I learned from a mailing list that there is a US patent US5890800
> 'Method and device for the division of elements of a Galois field'
> (http://www.patents.ibm.com/details?pn=US05890800)
That URL should be
http://www.patents.ibm.com/details?pn10=US05890800
> for computing A/B in GF(2^n). The algorithm amounts to computing
> with squaring and multiplication of numbers A and B represented in
> n bits the expression
>
> A^(2^n) * B^(2^n-2)
>
> The writer of a post in the mailing list then reasoned that this
> reduces to A/B, since x^(2^n-1) = 1 for all x.
>
> It seems, however, that the algorithm is doing computations all
> the way in Z_(2^n) instead of GF(2^n).
No, it is doing all of them in GF(2^n).
However, AFAICS it is *much* less efficient (at least for software
implementations with field sizes of interest in cryptography) than
calculating the inverse of B using the Almost Inverse algorithm, and
multiplying A by the inverse.
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
"Attempts to control the use of encryption technology are wrong in principle,
unworkable in practice, and damaging to the long-term economic value of the
information networks." -- UK Labour Party pre-election policy document
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOKn85jkCAxeYt5gVAQHqwwgAgUj59b8I0c3x1MK7JqkyumqQ2bTPh7JW
XFhxZl2qNIjJin9DxTErzQ8RwllHp6TxW/xjOfJSF/grzXwMqevJMPTMhwxEW6rg
qc/xl/oj251+DX0GiaTVsoTJRBfH1/lsioXXL3R9CxdRf1LcuSYJrJ5f7j05hT0n
cTt7ckzg/uxkZTJTkY9vS3NVC/26VhvnrPnrjFRHLd3eV5wvo+KUNkdkB6xrBI4M
TlH8R1QjO0k3/nZBANTO/uFdpDZEC/Nhyk7ozDLlwcxXmJeQ/7aIgaEG7d5i78Cv
CWPUXovFWUpphx4qK0ukDgvWJqz3ln25hXbYd75N06W4vsTFHQCgFg==
=pEqW
=====END PGP SIGNATURE=====
------------------------------
Date: Wed, 16 Feb 2000 01:30:23 +0000
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Counter mode (was Re: Period of cycles in OFB mode)
=====BEGIN PGP SIGNED MESSAGE=====
David Wagner wrote:
[...]
> (For each unknown plaintext block, one can rule out 2^32 possibilities;
> thus, there is only a 2^32/2^64 = 1/2^32 chance of learning anything
> interesting, for any given unknown block -- but there are 2^32
> unknown blocks, so you expect to see one that you can derive
> information from.)
OK, you've convinced me.
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
"Attempts to control the use of encryption technology are wrong in principle,
unworkable in practice, and damaging to the long-term economic value of the
information networks." -- UK Labour Party pre-election policy document
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOKn9nTkCAxeYt5gVAQG04Af+MdGNj3DAzgwnOWdx2rC0GQ4yE37W3SAS
/fuLLxgIB3zVe29/NWT6nc8RCayh7U2LgO6IS19siS539Tnq5wBPBCykjb0P6I6t
yxcYTKKubY7vkikk7+ToCPHD3nsGoDGwco0xCmDZv3+7eKKJVt/IZ+3agXzs8dpX
OGz71BR9DjJMKCT/8i8gKhRkCKZt44rJJD+rwVW/LqyBz3N2G3lrNy8w8HMIDoVv
2fe935BbJj0Q5nilnZW6uOIH6W9JDxydULQ39odxGzMlX3a8eJjmc+lZ75oZA1j3
g6pJrV2so32SRpfxQdMFRWiRKy/1CPTHBMDZ3bdWpOwZyYqzZra5+g==
=D7Ep
=====END PGP SIGNATURE=====
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: New standart for encryption software.
Date: Wed, 16 Feb 2000 01:52:03 GMT
"Albert P. Belle Isle" wrote:
********************
> >> >> Although our source code is available for review under NDA, any
> >> >> INFOSEC professional knows that spiking cryptosystem implementations
> >> >> at the object code level is a much greater threat than "backdoors"
> >> >> spelled-out in well-documented source code. Hence, the emphasis on
> >> >> testing performance of the cryptosystem, rather than trusting pretty
> >> >> source code listings.
> >> >>
> >> >> (Of course, that doesn't seem to inhibit the calls by sci.crypt
> >> >> posters to "show me the source code." Any professional spiker would be
> >> >> all too happy to get the resulting "seal of approval" <g>.)
******************************
> My scorn was (and is) specifically aimed at mindless braying for mere
> access to source code as the be-all and end-all talisman for INFOSEC.
>
> Readers of this, and other INFOSEC-related newsgroups, many of whom
> cannot understand such source code, are being told that the mere
> existence of some posted source code on a web-site is a guarantee
> against misplaced trust in "snake-oil" or mal-ware.
>
> Having had to pay more money over the years than I liked in order to
> obtain real, professional code reviews, I find this to be drivel.
******(snip the rest)*******
> Albert P. BELLE ISLE
> Cerberus Systems, Inc.
> ================================================
> ENCRYPTION SOFTWARE with
> Forensic Software Countermeasures
> http://www.CerberusSystems.com
> ================================================
And still the old adage is true: You keep your source code secret
only if you are ashamed of it. Sic!
Best wishes BNK
------------------------------
From: [EMAIL PROTECTED] (Mike Eisler)
Crossposted-To: talk.politics.crypto
Subject: Re: UK publishes 'impossible' decryption law
Date: 16 Feb 2000 01:31:16 GMT
Reply-To: [EMAIL PROTECTED] (Mike Eisler)
In article <[EMAIL PROTECTED]>,
Bruce Stephens <[EMAIL PROTECTED]> wrote:
>Much as I hate to defend the obviously stupid proposed law, according
>to most descriptions I've read, the police *do* need to prove
>something: they need to show that I did have the key. i.e., it would
>not (under the current proposal) be a crime not to decrypt encrypted
>material when suitably told to do so unless the police could show that
>you once had the key. (This is one of the improvements over the
^^^^^^^^^^^^^^^^^^^^
What if the accused has forgotten the key. Or mislaid the container of
the key?
>previous proposal where, astonishingly, that wasn't necessary.)
--
-Mike Eisler Now really, Ms. Gross, I think it's a
[EMAIL PROTECTED] mistake for you to assume you're
remove the prefix 'NO_' and talking to a moron," said the judge,
suffix '_SPAM' to reply. who pronounced Linux with a long "i"
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
