Cryptography-Digest Digest #157, Volume #11 Sat, 19 Feb 00 08:13:01 EST
Contents:
Re: Processor speeds. ("Douglas A. Gwyn")
Re: Question about OTPs ("Douglas A. Gwyn")
Re: Question about OTPs ("Douglas A. Gwyn")
Re: Basic Crypto Question 4 ("Douglas A. Gwyn")
Re: Using virtually any cipher as public key system? (Thomas Pornin)
In October, 1997 in the diary entry, Markku J. Saarelainen writes ... ("William A.
Nelson")
Re: Keys & Passwords. (Mok-Kong Shen)
Re: NIST publishes AES source code on web (Mok-Kong Shen)
Re: EOF in cipher??? (Mok-Kong Shen)
Re: Q: Division in GF(2^n) (Mok-Kong Shen)
Re: Processor speeds. (Mok-Kong Shen)
Re: Question about OTPs (Dave Hazelwood)
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Anthony Stephen
Szopa)
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Anthony Stephen
Szopa)
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Tony L. Svanstrom)
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Anthony Stephen
Szopa)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Processor speeds.
Date: Sat, 19 Feb 2000 08:14:49 GMT
John wrote:
> ... I guess I wanted a rough estimate of how much faster the
> best home PC is as compared to the latest "super-computer."
> I know that the gap is closing.
How do you "know" this? Improvements in microcircuit technology
can (often) be used in supercomputers too. Further, supercomputers
are a whole lot more than just a CPU or two; typically they have
incredibly high-throughput I/O systems. Many supercomputers are
also capable of processing a huge number of computational threads
in parallel, although it is not always easy to exploit that
capability.
If there has been a lessening of the "gap" between PCs and
supercomputers, it has more to do with funding and personnel
changes for supercomputer development than with improvements to PCs.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Question about OTPs
Date: Sat, 19 Feb 2000 08:25:15 GMT
Tim Tyler wrote:
> ... It would have 15 different "homophones" for
> A (chosen at random), and one for B.
I thought we were talking about compressors, not expanders.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Question about OTPs
Date: Sat, 19 Feb 2000 08:29:14 GMT
Dave Hazelwood wrote:
> So I am still confused what he means.
In your original message you seemed to think not reusing a byte
meant not reusing any value, but that wasn't what he meant. I
could have sworn that my 2MB file example would have made it clear.
byte A contains: 02
byte B contains: 37
byte C contains: 02
The above denotes *three* bytes, not two.
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> >Dave Hazelwood wrote:
> >> Surely you mean never reuse a byte "sequence" as opposed to "no"
> >> byte?
> >He means "no byte of the OTP data". NOT "no byte *value* found
> >in the OTP data". When we say that a file contains 2MB, we don't
> >mean that it contains 2M distinct byte *values*.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Basic Crypto Question 4
Date: Sat, 19 Feb 2000 08:33:36 GMT
[EMAIL PROTECTED] wrote:
> Certicom is the main contender for ECC Crypto, now they have even
> released a PKI Toolkit based on ECC.
Contender? I think you're trying to hype a product.
> The NIST has even included a Digital Standard based on ECC....
Funny you didn't say "The NIST has even included a Digital Standard
based on RSA/DH...."
------------------------------
From: [EMAIL PROTECTED] (Thomas Pornin)
Subject: Re: Using virtually any cipher as public key system?
Date: 19 Feb 2000 08:40:22 GMT
According to Mikko Lehtisalo <[EMAIL PROTECTED]>:
> How much would you consider a safe keysize giving it was implemented
> right?
I consider 80 bits as being safe now, for the following reason: people
able to break such a key by exhaustive search must have access to some
advanced technology that is far beyond my reach, so believing that they
can be defeated with a cipher alone is a pathetic gesture. For dealing
with those bad guys, I need also a bunker and a private army.
However, if the secret must be considered safe also in 40 years, I would
use 128 bits. A power of 2 is more elegant anyway.
(although I am very skeptic about a key that holds an important data,
and is kept secret for 40 years and yet not forgotten -- but this is not
the point)
For very short-lived secrets (a few seconds), 56 bits are sufficient.
--Thomas Pornin
------------------------------
From: "William A. Nelson" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.soviet,soc.culture.europe,soc.culture.venezuelan,soc.culture.israel,alt.2600,soc.culture.nordic,soc.culture.china
Subject: In October, 1997 in the diary entry, Markku J. Saarelainen writes ...
Date: Sat, 19 Feb 2000 07:59:13 GMT
Stealing the diary of Markku J. Saarelainen may have been one of the most
interesting experiences I have had.
According to his diary, he had used the Internet in many ways and also had
few chats or other conferences with many different people around the world.
In one diary entry in October, 1997, he specifies in detail how he had
talked with one person, who was located in an Indian reservation in Utah,
U.S.A., in some electronic conference room and then wanted to discuss some
business with this person whose name is not identified in the diary. The
business may have dealt with certain aspects of encryption and cryptography.
He had called this person in the Indian reservation and used the alias
Henry, but had had to hang up immediately after saying few words because he
thought his line was listened. Soon after he hang up a person, Zane, called
from one company and asked "What are you going to do?" referring to his
short telephone conversation with his native Indian friend. This is all in
his diaries, which is very unusual and interesting indeed. It is like he had
this type of global perspective of the world and then some contacts to
nature and native Indians.
Yours,
William A. Nelson
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Keys & Passwords.
Date: Sat, 19 Feb 2000 12:28:43 +0100
fvw wrote:
>
> [EMAIL PROTECTED] wrote:
> >Does someone happen to know a simple but not bad hashing program
> >that converts a normal passphrase to {a-z, 0-9} or another set with
> >elements that are human-friendly for input (and memory)?
>
> Try md5sum, from the gnu textutils package. it can read your pw from stdin,
> and spit out the md5 hash. (You'd probably still want to convert the hash
> from hex to most of the ascii set...)
If the conversion from a pair of hex leads to an unprintable ASCII
symbol or to one not convenient for me to type in or to memory, what
should I do?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES source code on web
Date: Sat, 19 Feb 2000 12:28:35 +0100
David Crick wrote:
>
> February 18, 2000:
>
> "The AES finalist algorithm source code is being made available under
> the 'Technology and software - unrestricted' (TSU) license exception
> of �740.13 of the updated Export Administration Regulations (EAR) of
> January 14, 2000."
>
> -- http://csrc.nist.gov/encryption/aes/round2/r2algs-code.html
I am ignorant of the text of the said EAR, not to mention its
'correct' interpretations. But certainly I understand the word
'exception' well. Remembering that previously it has been the firm and
resolute opinions of a number of authorities (in more than one country)
that strong cryptos should be under strict control (particularly
the issue of export) and that (if I don't err) the crypto clauses
of the Wassenaar Agreement are still 'in force', this 'exception'
IS indeed remarkable. I couldn't help having the impression of
a similarity with matters that once someone humorically told me
are unique 'characteristics' of communists' countries where
all people are 'equal' (according to the propagandas of the
governments) but some (the functionaries) are more 'equal' than the
others. Here strong cryptos designed by common people are to be
restricted or prohibited from export, while those promoted/supported
by authorities are to be wide-spread (through official publications,
among other means). Since my above said impression is obviously
or highly probably wrong, I must logically conclude that AES is
in fact NOT a strong crypto.
M. K. Shen
=================================
http://home.t-online.de/home/mok-kong.shen (Updated: 3rd Aug 99)
(Origin site of WEAK2-EX, WEAK3-EX and WEAK4-EX, three Wassenaar-conform
algorithms based on the new paradigm Security through Inefficiency.)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Sat, 19 Feb 2000 12:28:50 +0100
Douglas A. Gwyn schrieb:
>
> Mok-Kong Shen wrote:
> > ... Could some experts please post a piece of C or C++ code
> > for writing AND reading binary stuffs ...
>
> If you can't sort out the correct responses, how are you going to
> sort out the correct code postings? In fact, I posted correct
> information on this. I'm not going to list all my C credentials
> here, but for example I'm acknowledged in K&R 2nd ed. and am on
> the C standards committee, which should be some indication.
In a situation where everyone says his opinions are right and
those of the others are not, it is pretty hard for a non-expert
to sort out the correct code postings, I am afraid. In this
sense I agree completely with the original poster who expressed
his amusement (amazement?) that his short question has generated
such a big lot of discussions.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Division in GF(2^n)
Date: Sat, 19 Feb 2000 12:28:55 +0100
Jerry Coffin wrote:
>
> [EMAIL PROTECTED] wrote:
>
> > I think that there should be certain 'principal' distinctions
> > about what are patentable and what not.
>
> At least in the US and the EU, there are exactly such distinctions.
Certainly there are (or else the patent office would be a chaotic
organization)! But what I meant was that a 'proper' distinction
should be done on some 'principal' considerations, i.e. in my view
the interests of the society as a whole should be given priority
over the interests of the individuals, if there are grave conflicts
between them.
> > Laws, if I don't err, should weigh between interests of the
> > individuals and the interests of the society as a whole.
>
> Patent law is very careful to do so. Here in the US, the part of the
> constitution that mandates a patent law is fairly specific in saying
> that it's ultimately for the benefit of the consumer: in return for a
> monopoly for a limited period of time, the inventor agrees to give the
> invention to the rest of society after that period of time has
> expired.
There can be little against this 'principle'. The question is
how the practice corresponds to the principle 'in spirit'. That is,
one has to consider how much the society looses during the
patent period in comparison to the 'ultimate benefit' that is
obtained later. There is always a trade-off in life. The point is
whether for certain kinds of patents the trade-off is much to the
disadvantage of the majority.
> > In situations where something is to
> > the disadvantages of the society, than interests of the individuals
> > have to be sacrificed. I personally am against patenting algorithms
> > in general.
>
> I'm not. I think patents are very much like fences between people's
> property. At one time here in the US, the "cowboys" were fond of
> tearing down the fences put up by people trying to settle the land.
> When you have a population density of a couple of people every 100
> square miles or so, it was workable to simply say "I own all the cows
> between this river and that ridge over there." In a modern age, the
> population density is too high for this to be practicable.
I can't apprehend your fence concept well. As far as I know, even
the property right concerning, say, a house, is not 'absolute'.
If there are strong reasons of the community that a highway has to
be built right through the site where one's house is, that house
has to go away, if I don't err. Of course, there is redemption in
this case, but that's not the point here (the point is that one has
to yield to the interests of the community and can't insist on
keeping his house such that the highway couldn't be built).
>
> Likewise, when the computer world consisted of "IBM and the seven
> dwarves", it was easy to simply assume you could do whatever you
> wanted. Computers were sold at such high profit margins that nobody
> minded somebody else using their algorithm, because they all really
> only made money on the hardware anyway. Today there are LOTS of
> companies doing nothing but software. The competition is good for
> consumers by reducing prices substantially. If the companies can't
> protect their property, there's less chance of making money, less
> competition, and the overall picture gets ugly in a hurry.
>
> > Imagine the situation where there are a lots of patents
> > on how to solve partial differential equations. The advance of
> > technology would be greatly hampered, wouldn't it?
>
> You're building a straw man here. Yes, if all the possible methods of
> doing something really fundamental were patented, it could be a bad
> thing. Patents have a number of limitations though. One of them is
> that you can only patent a new, novel and original idea. If I found a
> slight _faster_ way of solving partial differential equations, I could
> patent it. Based on that I might be able to write software that was a
> little faster than your's until my patent expired. After that,
> anybody and everybody could use it and the consumers would benefit
> from all programs doing this kind of work being faster.
How do you define your 'really fundamental' in contrast to 'not so
really fundamental'? If you can't do that well and leave that
decision to the officers of the patent office, then there is well a
good chance of obtaining the 'bad thing'. (Of course, I admit it is
also difficult to precisely define 'your' concept of 'bad thing'.)
>
> > I believe naming
> > the particular methods of solution after the persons who find them
> > is an appropriate way of 'rewarding' these in this case.
>
> You're insane. Right now, companies like IBM and Lucent spend
> millions of dollars a year financing research organizations (e.g. the
> T.J. Watson research center and Bell Labs respectively) to create new
> inventions. If you honestly think they're going to spend this kind of
> money with NO chance of financial reward for it, you're simply nuts
> (to use a technical term). They invest the money because it pays off.
> In the long run, it pays off for the consumer as well: just for
> example, walk into a computer store and look at the price of a hard
> drive. Compare that to the price of the same amount of storage
> several years ago. Most of the inventions that made that difference
> and save consumers HUGE amounts of money came out of research
> organizations that are financed entirely out of profits from the
> patents they generate -- largely the TJ Watson research center in the
> case of hard drives.
>
> > Further,
> > imagine cases where a surgeon patents his techniques (say cutting
> > into the heart from a certain point), where an architect patents
> > buildings of round base, where a cook patents putting pepper into
> > certain dishes, etc. etc. etc. It is evident that we shouldn't
> > allow everything to be patentable, isn't it? The principle of
> > rewarding shouldn't always apply. (Consider even the law prohibiting
> > smuggling. Allowing smuggling would 'reward' the smugglers of
> > their efforts in transporting the commodities, wouldn't it?)
>
> You're ignoring all sorts of reality here. Patent law requires that
> an invention be new. To get a patent on round-based buildings, the
> architect has to show that this has never been done before.
>
> Patent law also requires that the invention be novel: to get a patent,
> the architect has to not only show that nobody ever HAS build a round-
> based building before, but also that it would be unlikely to occur to
> others that they COULD do so to handle the same problem(s) he was
> trying to solve.
>
> Finally, to get a utility patent, you have to show that the patent is
> truly useful, and constitutes an advance over previously known art in
> this general area. IOW, the architect would have to show that the
> round base really accomplishes something, rather than just being
> somewhat different.
This was a 'hypothetical' case used only for the purpose of arguments.
But what would do you think in case there had never been round
buildings? (Incidentally, to 'show' some accomplishments in the
present case happens to be not very difficult. But this is not
essential for the present discussion.)
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Processor speeds.
Date: Sat, 19 Feb 2000 12:28:28 +0100
Douglas A. Gwyn wrote:
>
> If there has been a lessening of the "gap" between PCs and
> supercomputers, it has more to do with funding and personnel
> changes for supercomputer development than with improvements to PCs.
So it is the fault of the authorities that control the funding.
Am I right?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Dave Hazelwood)
Subject: Re: Question about OTPs
Date: Sat, 19 Feb 2000 12:03:59 GMT
[EMAIL PROTECTED] (John Savard) wrote:
>[EMAIL PROTECTED] (Dave Hazelwood) wrote, in part:
>
>>Surely you mean never reuse a byte "sequence" as opposed to "no"
>>byte?
>
>>Since there are only 256 different bytes possible in an 8 bit word
>>you are not going to get very far beyond sending one short message
>>for all time. :))
>
>You may reuse a byte _value_ if you find it in some other part of your
>pad, but you may not use a single byte of the pad twice.
>
>That is: your pad may include the byte value 203 in many places.
>
>But you may never use the 2,803,137th byte in the pad again after
>using it once.
>
>John Savard (jsavard<at>ecn<dot>ab<dot>ca)
>http://www.ecn.ab.ca/~jsavard/crypto.htm
Thanks John..that is the point I was trying to make. It is not reusing
a byte value since these values must recur randomly and naturally in a
reasonable sized pad. It is reusing any previously used part of the
pad that is the no-no.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Sat, 19 Feb 2000 04:25:27 -0800
Joseph Ashwood wrote:
>
> I still think my favorite part is that it "Uses no
> mathematical equations" and yet still manages to perform
> operationcs that are inherently mathematic
> (encryption/decryption).
> And of course some more gems.
> on the page http://www.ciphile.com/soon.html
> "with a key of less than 2,500 bytes ... a security
> level equivalent to 10,000 bits"
> 5,000 bytes
> ..... 15,000 bits
> 10,000 bytes
> ..... 40,000 bits
> 50,000 bytes
> ...... 150,000 bits
> If that's the case you have a serious problem, at least half
> your bits are lost.
>
> The more I read about OAP-L3 the more I find it stupendously
> moronic.
>
> "Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in
> message news:[EMAIL PROTECTED]...
> > OAP-L3: Original Absolute Privacy - Level3 Encryption
> Software -
> > Complete Help Files at web site
> >
> > Includes complete detailed explanation of entire
> encryption
> > software package: theory, operation, etc.
> >
> > http://www.ciphile.com
The quote you refer to was part of a preliminary web page that should
not have been placed on the web site. It only suggested what was
meant but was poorly expressed.
The "What's Ahead" web page is the correct one and I have seen that
the offending page has been removed and replaced, etc.
I was unaware of this problem and did not realize the mistake even
when you mentioned it.
Thanks for pointing it out.
AS
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Sat, 19 Feb 2000 04:27:34 -0800
"Tony L. Svanstrom" wrote:
>
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
>
> > None of you have convinced anyone of anything and the reason this is
> > so is simply because none you have made any legitimate claim to support
> > your strong position that OAP-L3 is "garbage."
> >
> > You all offer nothing but excuses.
> >
> > There can only be one reason: you cannot do so.
>
> No, there could be lots of reasons... One might be that we're too busy
> making fun of you and your stupid claims...
>
> Just look at that stupid Money-Back Guarantee, if I buy your program I
> have only 180 days to prove that it's useless, and then I'll only get my
> money back... Meaning that you don't trust your program more than 10
> bucks worth. That's nice to know, if I lose 10'000+ USD because I
> trusted your "practicably unbreakable" software I will get 10 USD back
> (but only if it happens within 180 days after I got the software).
>
> /Tony
> --
> /\___/\ Who would you like to read your messages today? /\___/\
> \_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
> --oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
> DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
> ---���---���-----------------------------------------------���---���---
> \O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
You have no sense of humor.
If you read the theory and operation web pages you would have seen
that the method is something to be seriously considered.
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Sat, 19 Feb 2000 13:40:34 +0100
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> If you read the theory and operation web pages you would have seen that
> the method is something to be seriously considered.
I have!
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---���---���-----------------------------------------------���---���---
\O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Sat, 19 Feb 2000 04:49:56 -0800
[EMAIL PROTECTED] wrote:
>
> > Prove to us your opinions are to be considered seriously.
> >
> > Considering the theory and operation of the software, prove to us
> > why it is "garbage."
> >
> > Otherwise we will just have to consider you unprofessional,
> > irresponsible, ignorant, and possibly stupid.
>
> Serious cryptanalysis is a time- and resource-consuming task. Serious
> cryptographers won't bother to spend so much effort on you program
> because it doesn't even fullfill the simplest criteria of good encryption
> software. Here are some reasons:
>
> 1.) The documentation is inprecise and confusing. So probably is your
> algorithm and implementation.
>
> 2.) You have not published the source code of your encryption algorithm.
>
> 3.) Your documentation reveals that you are incapable of formulating an
> algorithm in the usual way this is done in computational science. Even
> basic programmers can formulate an algorithm in a simple pseudo-code or
> PASCAL. Post your algorithm in the usual, comprehensible manner, and
> people will take a look at it.
>
> 4.) In your recent posts you have only defended yourself without really
> listening to the arguments of other posters. If you were confident and
> sure about the security of your algorithm, there would be no reason to
> act so.
>
> 5.) The "security levels" you're talking about in the documentation are
> invented by you and do not comply to any standard that has been
> established by the community of serious cryptographers.
>
> 6.) Your encryption algorithm and your implementation of it, as known,
> has never been attacked in public cryptanalysis.
>
> 7.) You yourself have not described any attack on your algorithm, nor are
> you known to have published any attacks on other encryption algorithms,
> and therefore you cannot prove that you have any cryptanalytic skills.
>
> 8.) In the documentation, you do not even reveal which PRNG you use or
> have invented.
>
> That's why people consider you program to be crap.
>
> Greetings,
>
> Erich Steinmann
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Many of your comments seem to me to be insincere so I will not
address them.
If you cannot read and understand the theory and operation web
pages then I cannot help you.
You must start somewhere: the theory and operation is the first
place to begin.
No one has been able to or capable of or willing to address the
primary issue here in this news group: is the theory and operation
of OAP-L3 credible for its intended purpose?
It is right there before your eyes.
I think it is probably time to kill this thread.
Real cryptographers must apprise themselves of any possibility of a
heretofore unknown encryption method.
If you are seriously employed in the field, your superiors will not
accept your stated objections. They will insist on a thorough
evaluation.
And I suggest that you wouldn't dare hand them a paper solely stating
the objections you have stated here.
You get paid for hard factual criticism based upon, for instance,
the stated theory and operation and not on your unwillingness to
provide your employer with the objective results he or she must
certainly be paying you well to provide.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
