Cryptography-Digest Digest #167, Volume #11 Sun, 20 Feb 00 09:13:00 EST
Contents:
Re: EOF in cipher??? ("Trevor Jackson, III")
Re: Keys & Passwords. (Mok-Kong Shen)
Re: Q: Division in GF(2^n) (Mok-Kong Shen)
Re: Keys & Passwords. (Mok-Kong Shen)
Re: NIST publishes AES source code on web (Mok-Kong Shen)
Re: EOF in cipher??? (Mok-Kong Shen)
Re: NIST publishes AES source code on web (Mok-Kong Shen)
Re: NIST publishes AES source code on web (Mok-Kong Shen)
Re: Biggest keys needed (was Re: Does the NSA have ALL Possible PGP ("Trevor
Jackson, III")
Re: NIST publishes AES source code on web ("Brian Gladman")
Re: PhD in Cryptography? ("Reuben Sumner")
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Anthony Stephen
Szopa)
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Anthony Stephen
Szopa)
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Anthony Stephen
Szopa)
Re: OAP-L3 Encryption Software - Complete Help Files at web site
([EMAIL PROTECTED])
Re: Biggest keys needed (was Re: Does the NSA have ALL Possible PGP keys?) ("James
Jesensky")
Develop Innovation Skills ([EMAIL PROTECTED])
Number Theory Add-in for Excel ("James Jesensky")
----------------------------------------------------------------------------
Date: Sun, 20 Feb 2000 06:20:14 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
"Douglas A. Gwyn" wrote:
> "Trevor Jackson, III" wrote:
> > "Douglas A. Gwyn" wrote:
> > > John Myre wrote:
> > > > (I suppose the whole thing would fail if "int" were 8 bits,
> > > > but please - has there *ever* been such an implementation?)
> > > The only interesting implementations are the ones that conform
> > > to language standards.
> > Aha. The true cause of the dispute is revealed! "An amateur does it
> > for love, a professional does it for money".
> > IMHO the only interesting implementations are those that I am paid to
> > use. Were I to wait for a completely conforming implementation I would
> > never be able to accept a contract because there aren't any.
>
> Money has nothing to do with it.
So, you are now the final arbiter of "interesting"?
Get stuffed.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Keys & Passwords.
Date: Sun, 20 Feb 2000 12:24:05 +0100
wtshaw wrote:
>
> Welcome to display in a convenient base, base 16 or 64 being the most common.
One has to write a little bit of code or script to convert the
hex output of hashing to the set of characters one chooses to use.
That's some work and needs some bit of thought to get a satisfactory
solution.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Division in GF(2^n)
Date: Sun, 20 Feb 2000 12:23:39 +0100
Jerry Coffin wrote:
>
> [EMAIL PROTECTED] worte
> > I can't apprehend your fence concept well. As far as I know, even
> > the property right concerning, say, a house, is not 'absolute'.
> > If there are strong reasons of the community that a highway has to
> > be built right through the site where one's house is, that house
> > has to go away, if I don't err. Of course, there is redemption in
> > this case, but that's not the point here (the point is that one has
> > to yield to the interests of the community and can't insist on
> > keeping his house such that the highway couldn't be built).
>
> The same can (and does) happen with patents. Just for one example,
> when Xerox invented the photo-copier, the US Government granted the
> patents, but told them they wouldn't be allowed to enforce them --
> they considered the technology too important to business in general to
> allow any one company to have a monopoly on it, so they simply refused
> to allow those patents to be enforced.
>
> > How do you define your 'really fundamental' in contrast to 'not so
> > really fundamental'? If you can't do that well and leave that
> > decision to the officers of the patent office, then there is well a
> > good chance of obtaining the 'bad thing'. (Of course, I admit it is
> > also difficult to precisely define 'your' concept of 'bad thing'.)
>
> Perhaps re-phrasing would help: I think that it's VERY rare at this
> point for somebody to come up with something that's new and novel, but
> of SUCH huge utility that suddenly nobody else can get along without
> it.
>
> > This was a 'hypothetical' case used only for the purpose of arguments.
> > But what would do you think in case there had never been round
> > buildings? (Incidentally, to 'show' some accomplishments in the
> > present case happens to be not very difficult. But this is not
> > essential for the present discussion.)
>
> The problem is that it's hard to comment on a hypothetical case.
> You'd have to define exactly what the prior art was, and what the
> invention improved. For example, do we assume that no previous
> complete building was round, but there WERE things like round turrets
> on ancient castles? If so, building the round part separate from the
> rest probably shouldn't be open to patent protection.
>
> By contrast, if we assume a world where nobody has ever built ANYTHING
> what any sort of curvature to it at all -- nothing like roman arches,
> Greek columns or medieval turrets ever happened at all -- then yes,
> the first round building would probably at least be original enough to
> be worth considering for a patent. The first roman arch almost
> CERTAINLY ought to be patentable -- I can hardly imagine anybody
> denying that it's one of the greatest inventions of all time.
I think the issue examplified by the XEROX case you mentioned is of
essential significance. Thus I suppose we don't have disagreement
in 'principle' but in 'details'. I am of the opinion that, because
mathematics in my view is in general so 'really fundamental' to
the advance (and also the maintenace) of science and technology
that no mathematics should get patented (or practically equivalent:
patented but not enforceable) while you think that some (though not
ALL, if I understand you correctly) may be patented. The matter is
in fact important. It would be nice, if we'll be able to see also
contributions from other readers of this thread.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Keys & Passwords.
Date: Sun, 20 Feb 2000 12:23:46 +0100
fvw wrote:
>
> [EMAIL PROTECTED] wrote:
> >> Try md5sum, from the gnu textutils package. it can read your pw from stdin,
> >> and spit out the md5 hash. (You'd probably still want to convert the hash
> >> from hex to most of the ascii set...)
> >
> >If the conversion from a pair of hex leads to an unprintable ASCII
> >symbol or to one not convenient for me to type in or to memory, what
> >should I do?
>
> Just using the hex to bytes would not work, as you say. You'd have to
> find/write a program to convert it to something ascii between 32 and 126.
A hex (4 bits) has only 32 bits, so one can only map that to 32
specifically chosen symbols between the ascii values 32-126. The
small set {a-z, 0-9} has already 36 symbols. Further, if one maps
a hex to a subset of that, one could just as well use the hex
itself, I suppose. (What I meant was mapping a pair of hexs (8 bits).
That seems out of the question in any case.)
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES source code on web
Date: Sun, 20 Feb 2000 12:24:23 +0100
Douglas A. Gwyn wrote:
>
> How so? The US is not bound by the Wassenaar Agreement, because
> our Constitution requires that all foreign treaties be ratified
> by our Senate, which did not happen for the W.A. (thankfully).
The real irony is that US has been the major force pushing through
the Wassenaar Agreement.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Sun, 20 Feb 2000 12:23:31 +0100
JPeschel wrote:
>
> >Mok-Kong Shen [EMAIL PROTECTED] writes:
>
> >In a situation where everyone says his opinions are right and
> >those of the others are not, it is pretty hard for a non-expert
> >to sort out the correct code postings, I am afraid.
>
> Mok, if you are trying to learn C, I'd suggest you value
> Doug's technical opinions over the opinions and coding
> styles of others here, including myself.
This issue has a remarkable connection to a recent thread concerning
trust. Since I know nobody of this group personally, if person
A says I should trust him and person B says I should trust him (B)
instead, how should I decide? What would you personally do in
such a situation? A non-expert has to wait till the heated dispute of
the diverse experts settles before being able to know the truth,
doesn't he?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES source code on web
Date: Sun, 20 Feb 2000 12:24:14 +0100
Samuel Paik wrote:
>
> It is a summary of Section 740.13 (e) "TECHNOLOGY AND SOFTWARE - UNRESTRICTED
> (TSU)" / "Unrestricted encryption source code of the new proposed final EAR
> (published in the Federal Registrar Jan 14, 2000) Here is the exact
> wording; note numbers in brackets inserted.:
>
> (e) Unrestricted encryption source code
[snip]
> (2) You may not knowingly export or reexport source code or products
> developed with this source code to Cuba, Iran, Iraq, Libya, North
> Korea, Sudan or Syria.
>
> (3) Posting of the source code on the Internet (e.g., FTP or World Wide
> Web site) where the source code may be downloaded by anyone would
> not establish "knowledge" of a prohibited export or reexport, including
> that described in paragraph (e)(2) of this section. In addition,
> such posting would not trigger "red flags" necessitating the
> affirmative duty to inquire under the "Know Your Customer" guidance
> provided in Supplement No. 3 to part 732 of the EAR.
If I understand the text correctly, this effectively asserts that
'knowingly exporting to the terrorist countries' (anyone having
the slightest knowledge of the internet must KNOW that a web page is
accessible from everywhere) IS not 'knowingly exporting to the same'
(section 3). Or in terms of mathematical logic:
A equiv (not A).
What a marvelous world in which we are living!
M. K. Shen
============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES source code on web
Date: Sun, 20 Feb 2000 12:24:34 +0100
John Savard wrote:
>
> As it is generally believed that the requirements of the Wassenaar
> Agreement are less severe than those of the old U.S. export
> restrictions, and are still less severe even than the restrictions
> remaining under the changes to the law, I am somewhat puzzled by that
> comment.
I haven't read EAR, but the Wassenaar document. In my view that's
severe enough. It seems unavoidable that the Wassenaar Agreement
has to be modified as a consequence of the modification to EAR.
That should surprise no one. US is, after all, the unique leader
of the whole world.
M. K. Shen
------------------------------
Date: Sun, 20 Feb 2000 06:27:57 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Biggest keys needed (was Re: Does the NSA have ALL Possible PGP
[EMAIL PROTECTED] wrote:
> On Tue, 01 Feb 2000 19:41:14 -0500, "Trevor Jackson, III"
> <[EMAIL PROTECTED]> wrote:
>
> <snip>
>
> >This issue came up a few months ago. If every possible position in the
> >observable universe is a computer that tests a key in the Fermi time and they
> >all run until the breakdown of protons (1e31 years by a stale theory), then you
> >need a key of ~870 bits to prevent it being found.
> >
> >N.B., this is as close as I can envision to Ritter's "Cryptanalyst's Stone"
> >
> >>
> >>
> >> Is that still big enough given quantum computing advances? Can it be? (The
> >> only quantum computers I've been able to understand are Feynman's
> >> description, which focusses more on reversability than parallelism.)
> >
> >QC gives you around sqrt() advantage, so doubling the key yields about the same
> >strength.
> >
>
> I recall seeing a post sometime in the last month or so in sci.crypt
> citing a theorem or paper (the name of the proponent of the theorem
> started with R, I think) that quanitified the impact that quantum
> computing would have on factoring. However I cannot now find the ref
> or the post. Is anyone aware of such a theorem and/or paper, and can
> post a reference?
>
> I thought that the impact of QC was much greater than is suggested in
> Trevor's post - that is in theory, QC factoring of *very* large
> products of primes would be close to instantaneous.
Best I've heard for factoring is square root improvement in the amount of work. The
phrase "close to instantaneous" makes me dubious.
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES source code on web
Date: Sun, 20 Feb 2000 11:48:29 -0000
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Mok-Kong Shen wrote:
> > ... Remembering that previously it has been the firm and resolute
> > opinions of a number of authorities (in more than one country)
> > that strong cryptos should be under strict control (particularly
> > the issue of export) and that (if I don't err) the crypto clauses
> > of the Wassenaar Agreement are still 'in force', this 'exception'
> > IS indeed remarkable.
>
> How so? The US is not bound by the Wassenaar Agreement, because
> our Constitution requires that all foreign treaties be ratified
> by our Senate, which did not happen for the W.A. (thankfully).
The Wassenaar Arrangement (WA) is no more than an informal agreement and
this means that the extent to which national laws implement its provisions
is highly variable since there is a legal obligation on any of its
participants to do anything.
The US has generally gone way beyond what is required and recent changes
have simply bought US regulations somewhat closer to its provisions.
Many other countries do not implement any restrictions on commercial
cryptographic products because the WA does not require this. In practice
only a few countries now intepret the crypto controls in Wassenaar as having
any impact on such products. There are token restrictions on export to
'naughty countries' but everyone involved knows that these are of little
practical value.
Of course it is important to remember that Wassenaar is about much more than
cryptography since its real purpose is to stop the spread of military
weapons, especially those of mass destruction. The danger in the crypto
debate has always been that the crypto restrictions that the US has
attempted to justfy by quoting the WA would bring it into disrepute and
hence undermine its real purpose in making the world a safer place.
Sadly, as we are now seeing on the Internet, crypto restrictions have had
exactly the opposite effect. They have been kept in place because of hidden
agendas that are now (partly) out in the open for all to see.
Brian Gladman
------------------------------
From: "Reuben Sumner" <[EMAIL PROTECTED]>
Subject: Re: PhD in Cryptography?
Date: Sun, 20 Feb 2000 13:26:50 +0200
The Weizmann Institute of Science is an excellent choice. All students
accepted to the institute receive a generous stipend and, if they wish, on
campus housing. The Weizmann Institute is located in Rehvot, Israel on a
beautifull campus. Cryptographers at the institute include Oded Goldreich,
Shafi Goldwasser (often at MIT), Moni Naor (my masters thesis supervisor),
and Adi Shamir. When considering where you would like to go consider what
aspect of cryptography you would like to study. For instance Oded Goldreich
would likely not be the best supervisor for a thesis involving cryptanalysis
of some cryptosystem (especially symmetric), while Adi Shamir would be an
excellent choice.
Reuben
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Sun, 20 Feb 2000 05:23:19 -0800
"Trevor Jackson, III" wrote:
>
> Anthony Stephen Szopa wrote:
>
> > "Tony L. Svanstrom" wrote:
> > >
> > > Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> > >
> > > > None of you have convinced anyone of anything and the reason this is
> > > > so is simply because none you have made any legitimate claim to support
> > > > your strong position that OAP-L3 is "garbage."
> > > >
> > > > You all offer nothing but excuses.
> > > >
> > > > There can only be one reason: you cannot do so.
> > >
> > > No, there could be lots of reasons... One might be that we're too busy
> > > making fun of you and your stupid claims...
> > >
> > > Just look at that stupid Money-Back Guarantee, if I buy your program I
> > > have only 180 days to prove that it's useless, and then I'll only get my
> > > money back... Meaning that you don't trust your program more than 10
> > > bucks worth. That's nice to know, if I lose 10'000+ USD because I
> > > trusted your "practicably unbreakable" software I will get 10 USD back
> > > (but only if it happens within 180 days after I got the software).
> > >
> > > /Tony
> > > --
> > > /\___/\ Who would you like to read your messages today? /\___/\
> > > \_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
> > > --oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
> > > DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
> > > ---���---���-----------------------------------------------���---���---
> > > \O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
> >
> > You have no sense of humor.
> >
> > If you read the theory and operation web pages you would have seen
> > that the method is something to be seriously considered.
>
> I did read your explanations. I concluded that the method described should be
> dismissed out of hand as a waste of time.
Support your conclusion with fact-based logic citing the theory and
operation of the OAP-L3 encryption software package as presented in
the Help files available at http://www.ciphile.com
This is the only way for you to establish your credibility and
possibly your crypto credentials.
Or are these not important to you?
No one is convinced with your position, yet, which is merely a
statement and nothing more.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Sun, 20 Feb 2000 05:28:53 -0800
"Tony L. Svanstrom" wrote:
>
> Peter Rabbit <[EMAIL PROTECTED]> wrote:
>
> > Hey guys, give the guy a break. If you think is programme is snake oil
> > then it should not be hard to show just that. Until then it is unfair to
> > judge his prog. out of hand. Maybe he's on to something. You all seem to
> > forget that before "Chris" the world was flat!
>
> Just take a look at this site...
>
> /Tony
> --
> /\___/\ Who would you like to read your messages today? /\___/\
> \_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
> --oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
> DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
> ---���---���-----------------------------------------------���---���---
> \O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
I think he has done better than that: he may have the software.
You are NOT talking to a fool when you address Mr. Rabbit.
So you better be careful you don't blow your cover with him like
you have already done with me.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Sun, 20 Feb 2000 05:57:02 -0800
"Tony L. Svanstrom" wrote:
>
> Peter Rabbit <[EMAIL PROTECTED]> wrote:
>
> > Hey guys, give the guy a break. If you think is programme is snake oil
> > then it should not be hard to show just that. Until then it is unfair to
> > judge his prog. out of hand. Maybe he's on to something. You all seem to
> > forget that before "Chris" the world was flat!
>
> Just take a look at this site...
>
> /Tony
> --
> /\___/\ Who would you like to read your messages today? /\___/\
> \_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
> --oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
> DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
> ---���---���-----------------------------------------------���---���---
> \O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
Obviously you claim to be unimpressed with my random number generator
and the processing done on this output to generate the OTP files in
OAP-L3 encryption software.
Are you also saying that the OTP file management used in the software
is also worthless?
Let's say you use your own random numbers and just use OAP-L3 to
encrypt and manage your own OTP files. Are you saying no one should
do this because you merely say so with no supporting arguments?
What about the utility files included with the software? You are
saying that it should be of no interest to anyone to have a utility
program to look at a random number file and provide them with a
frequency for each random number in the file?
Do you think no one should be interested in a utility program that
will read a file in binary and output the ASCII decimal equivalent
for each character?
Do you also think that no one should be interested in a utility
program that will overwrite a file completely where each BIT is
overwritten first with one's (every byte to 11111111) and then the
entire file is overwritten again with zeros (every byte to 00000000)
to effectively wipe out any trace of the original data contained in
the file?
Damn, nearly everyone in this news group must be shaking their heads
in awe for your awesome mental powers to know what they should NOT
have and what they should think yet without offering one shred of
factual support for your position regarding OAP-L3.
Hallelujah!
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Sun, 20 Feb 2000 13:45:13 GMT
>
> Many of your comments seem to me to be insincere so I will not
> address them.
>
> If you cannot read and understand the theory and operation web
> pages then I cannot help you.
I was trying to explain to you why people are not willing to read and
understand the 'theory and operation' web pages. Take a look at the
theoretic papers on the design and implementation of the well-established
encryption algorithms, and you will notice a significant difference to
your own papers. Your own papers have an extremely unprofessional
appearance, and that might be the reason why people aren't looking at it.
> You must start somewhere: the theory and operation is the first
> place to begin.
Like I've said, once you post the algorithm of your encryption,
formulated in a clear and precise way, to this newsgroup, you can be sure
to receive many useful comments and serious cryptographic critics on it.
If you are really interested in the security of your encryption, you
certainly will do that, otherwise you will make the impression of not
really wanting your algorithm and implementation to be reviewed.
> No one has been able to or capable of or willing to address the
> primary issue here in this news group: is the theory and operation
> of OAP-L3 credible for its intended purpose?
I was trying to explain why nobody was willing to do this. And like
another one here has explained to you, if nobody looks at your algorithm,
this simply DOES NOT say *anything* about its security.
> It is right there before your eyes.
Like I've said, your web-pages are not clear and precise enough and do
not formulate the algorithm in the correct way.
> I think it is probably time to kill this thread.
I'm quite sure that you will have the last word on this, though. If you
want people to review and comment you invention, you will probably need
to be more colaborative.
> Real cryptographers must apprise themselves of any possibility of a
> heretofore unknown encryption method.
No, there's absolutely no reason for any real cryptographer to do this.
In fact, I'd guess they cannot even do this if they want to, because they
do not have enough time.
> If you are seriously employed in the field, your superiors will not
> accept your stated objections. They will insist on a thorough
> evaluation.
First of all, I am not a cryptographer at all. I only have read the so-
called "snake oil faq" which describes characeristics of implementations
to evaluate their security. Your program matches all the criterias for
bad and insecure encryption software mentioned in the faq. Maybe you
should read it as well.
And it also seems clear to me, that in you're above statement you confuse
a cryptanalysis with an evaluation of the security of a program. Any
superiors would be satisfied by my statements, if they only wanted an
evaluation of the security of the program.
> And I suggest that you wouldn't dare hand them a paper solely stating
> the objections you have stated here.
Of course I would dare it. Read the "snake oil faq", which you can find
(like many other faqs) at: http://www.faqs.org
> You get paid for hard factual criticism based upon, for instance,
> the stated theory and operation and not on your unwillingness to
> provide your employer with the objective results he or she must
> certainly be paying you well to provide.
No, there are different levels of evaluation like everywhere else in
software industry. Otherwise, the only way to evaluate an encryption
implementation would be to completely reverse-engineer the program,
analyse the algorithm and try to break the encryption. Only large
government agencies can afford that, but in just evaluating the security
there is no need to do that.
If anyone would dare to read all the lengthy explanations you give on
your web-pages (instead of providing the algorithm in simple pseudo-
code), how would they know that you have implemented the algorithm
correctly?
If you were seriously concerned about cryptography, you would be aware of
the fact that its not only the algorithm and its implementation that go
into the security considerations, but also the explanations, hand-book,
the trust you have to the implementor, the experience the implementor has
in the field of cryptography, wether the source code has been reviewed in
public, etc. etc. etc.
Just because nobody is willing to review your program in public, this
doesn't mean that its secure. Quite the opposite might be the case.
Best regards,
Erich Steimann
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "James Jesensky" <[EMAIL PROTECTED]>
Subject: Re: Biggest keys needed (was Re: Does the NSA have ALL Possible PGP keys?)
Date: Sun, 20 Feb 2000 09:05:46 -0500
I am under the impression a quantum factoring device would calculate the
period r of g* (mod n) in constant time (actually 1/r). To produce factors,
the CGD of (n, 2^r-1 (mod n)) must be calculated which requires O(log(n))
steps I believe.
Trevor Jackson, III wrote in message <[EMAIL PROTECTED]>...
>[EMAIL PROTECTED] wrote:
>
>> On Tue, 01 Feb 2000 19:41:14 -0500, "Trevor Jackson, III"
>> <[EMAIL PROTECTED]> wrote:
>>
>> <snip>
>>
>> >This issue came up a few months ago. If every possible position in the
>> >observable universe is a computer that tests a key in the Fermi time and
they
>> >all run until the breakdown of protons (1e31 years by a stale theory),
then you
>> >need a key of ~870 bits to prevent it being found.
>> >
>> >N.B., this is as close as I can envision to Ritter's "Cryptanalyst's
Stone"
>> >
>> >>
>> >>
>> >> Is that still big enough given quantum computing advances? Can it be?
(The
>> >> only quantum computers I've been able to understand are Feynman's
>> >> description, which focusses more on reversability than parallelism.)
>> >
>> >QC gives you around sqrt() advantage, so doubling the key yields about
the same
>> >strength.
>> >
>>
>> I recall seeing a post sometime in the last month or so in sci.crypt
>> citing a theorem or paper (the name of the proponent of the theorem
>> started with R, I think) that quanitified the impact that quantum
>> computing would have on factoring. However I cannot now find the ref
>> or the post. Is anyone aware of such a theorem and/or paper, and can
>> post a reference?
>>
>> I thought that the impact of QC was much greater than is suggested in
>> Trevor's post - that is in theory, QC factoring of *very* large
>> products of primes would be close to instantaneous.
>
>Best I've heard for factoring is square root improvement in the amount of
work. The
>phrase "close to instantaneous" makes me dubious.
>
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Develop Innovation Skills
Date: Sat, 19 Feb 2000 22:28:04 -0500
Reply-To: [EMAIL PROTECTED]
Books, software and education are now available on the science of invention. For more
information respond via e-mail by entering "I-TRIZ Info Request" in the subject
lineBooks, software and education are now available on the science of invention. For
more information respond via e-mail by entering "I-TRIZ Info Request" in the subject
lineBooks, software and education are now available on the science of invention. For
more information respond via e-mail by entering "I-TRIZ Info Request" in the subject
line
Dana W. Clarke, Sr.
Director of Education
Ideation International Inc.
BSWBGJbE
------------------------------
From: "James Jesensky" <[EMAIL PROTECTED]>
Subject: Number Theory Add-in for Excel
Date: Sun, 20 Feb 2000 09:08:06 -0500
Anyone know of a good one. Thanks.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
