Cryptography-Digest Digest #172, Volume #11 Mon, 21 Feb 00 05:13:02 EST
Contents:
Re: Processor speeds. ("Douglas A. Gwyn")
I will bring PGP to the masses h20 (PGP_for_ALL)
Re: OAP-L3 Encryption Software - Complete Help Files at web site ("Douglas A. Gwyn")
I will bring PGP to the masses h15 (PGP_for_ALL)
efficiency of ecash schemes (ahbeng)
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Anthony Stephen
Szopa)
Re: Does the NSA have ALL Possible PGP keys? (John Underwood)
Re: I stole also the diary and calendar of Markku J. Saarelainen ("ink")
Re: EOF in cipher??? (Mok-Kong Shen)
Re: Processor speeds. (Mok-Kong Shen)
Re: NIST publishes AES source code on web (Mok-Kong Shen)
Re: Keys & Passwords. (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Processor speeds.
Date: Mon, 21 Feb 2000 06:17:24 GMT
"John E. Kuslich" wrote:
> ... The performance they achieve on ray trace software would not
> be possible using the classic CRAY boat anchor computer.
Ray tracing is the epitome of a *parallel* task (each pixel can be
computed independently), while Cray computers have been *vector*
machines. Also, as I noted previously, supercomputers normally
have incredibly high I/O performance, which cannot be matched by
distributed PCs. You should use the appropriate tool for the
appropriate task.
By the way, we at BRL were perhaps the first to distribute ray
tracing among multiple computers on a local network. (We used
big, fast SGIs rather than puny PCs, however.) We also had a
couple of Crays and other supercomputers, but we didn't waste
them on much of our ray-traced imaging workload.
------------------------------
Date: 19 Feb 2000 14:17:06 -0000
From: PGP_for_ALL <Use-Author-Address-Header@[127.1]>
Subject: I will bring PGP to the masses h20
I will bring PGP to the masses
PGP can be used by all, can be used by the masses, but not in the current
implementation.
I have the strategic information to make PGP product to be used by all the
internet e-mail active users & not only by elite, educated and sophisticated
computer equipment users.
I need to get association from influential entrepreneurial people to back me
up, to provide "invisible" success shield.
I know that to have undisputed solutions does not bear much success before
they are backed by influential people. The key here is the "influential
people". As the history proved many times in the past, many outstanding ideas
has been lost due to the lack of influential back up at the first
presentation.
I see the enormous prestigious & financial benefits to be gained by PGP
company, at the same time I would like not be "left on the street homeless &
hungry" after disclosing my research & findings to appropriate people.
I'm using PGP encryption tools for very long time.
I know & understand almost from the beginning the importance of the benefits
associated with mass market encryption.
I know & understand almost from the beginning the problems associated with the
PGP software that shaped the past, and most importantly had very detrimental
impact on the wider spread use of this extraordinary product.
In 1999 I realized the fact that PGP is the undisputed encryption tool in use.
On the other hand, I realized that PGP saturation is to fare from the accepted
level, from the level to be named "used by the masses".
To say in other words, PGP is not used, is not accepted, will not be used,
will not be accepted by almost every user on the internet, until strategic
changes, changes that I'm proposing will be implemented.
The past PGP development, the past release versions, the current version and
the undertaken development that will lead to future versions, are sufficiently
enough to indicate that PGP will not reach the "mass market saturation level"
without my proposed strategic changes. This is contrary to the undisputed
benefits that are provided by this excellent software.
Here are coming my observations & research. All of my suggestions indicates
that all of the above can be very easily changed, changed to make possible for
the PGP to become mass market product. I have the strategic information &
proposed required changes that should be made to make PGP accepted by the
masses, by all the uses of the e-mail encryption.
My ideas are proven by the past implemented strategies, the past examples of
the mass market products & services.
My ideas are based on the unsuccessful past products that make to the mass
market after changing global strategies.
My key is at http://www.mit.edu:8001/finger?[EMAIL PROTECTED]
I'm physically located in the NYC. My PGP_for_ALL account is not ANON
protected, I'm using it for the anti SPAM filtering purposes only.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Mon, 21 Feb 2000 06:25:36 GMT
Chuck wrote:
> There may be a lot of oddballs in small places, but from what I've
> read it appears that only a handful of algorithms make up the lion's
> share of military & intelligence encryption. Am I wrong? If so I'd
> like to know just for curiosity's sake what other algorithms besides
> the usual (IDEA, 3DES, possibly Blowfish) are in widespread use by the
> military and intelligence agencies around the world?
(1) There are several *families* of algorithms that are specialized to
meet system requirements by choosing appropriate values of parameters.
(2) It should be obvious upon the slightest reflection that detailed
information about official encryption algorithms is (quite properly)
classified information, disclosure of which would be injurious to
legitimate national interests. So you should not expect to receive
any such information. A statement like (1) above is about the limit.
------------------------------
Date: 19 Feb 2000 12:29:52 -0000
From: PGP_for_ALL <Use-Author-Address-Header@[127.1]>
Subject: I will bring PGP to the masses h15
I will bring PGP to the masses
PGP can be used by all, can be used by the masses, but not in the current
implementation.
I have the strategic information to make PGP product to be used by all the
internet e-mail active users & not only by elite, educated and sophisticated
computer equipment users.
I need to get association from influential entrepreneurial people to back me
up, to provide "invisible" success shield.
I know that to have undisputed solutions does not bear much success before
they are backed by influential people. The key here is the "influential
people". As the history proved many times in the past, many outstanding ideas
has been lost due to the lack of influential back up at the first
presentation.
I see the enormous prestigious & financial benefits to be gained by PGP
company, at the same time I would like not be "left on the street homeless &
hungry" after disclosing my research & findings to appropriate people.
I'm using PGP encryption tools for very long time.
I know & understand almost from the beginning the importance of the benefits
associated with mass market encryption.
I know & understand almost from the beginning the problems associated with the
PGP software that shaped the past, and most importantly had very detrimental
impact on the wider spread use of this extraordinary product.
In 1999 I realized the fact that PGP is the undisputed encryption tool in use.
On the other hand, I realized that PGP saturation is to fare from the accepted
level, from the level to be named "used by the masses".
To say in other words, PGP is not used, is not accepted, will not be used,
will not be accepted by almost every user on the internet, until strategic
changes, changes that I'm proposing will be implemented.
The past PGP development, the past release versions, the current version and
the undertaken development that will lead to future versions, are sufficiently
enough to indicate that PGP will not reach the "mass market saturation level"
without my proposed strategic changes. This is contrary to the undisputed
benefits that are provided by this excellent software.
Here are coming my observations & research. All of my suggestions indicates
that all of the above can be very easily changed, changed to make possible for
the PGP to become mass market product. I have the strategic information &
proposed required changes that should be made to make PGP accepted by the
masses, by all the uses of the e-mail encryption.
My ideas are proven by the past implemented strategies, the past examples of
the mass market products & services.
My ideas are based on the unsuccessful past products that make to the mass
market after changing global strategies.
My key is at http://www.mit.edu:8001/finger?[EMAIL PROTECTED]
I'm physically located in the NYC. My PGP_for_ALL account is not ANON
protected, I'm using it for the anti SPAM filtering purposes only.
------------------------------
From: ahbeng <[EMAIL PROTECTED]>
Subject: efficiency of ecash schemes
Date: Mon, 21 Feb 2000 07:42:01 GMT
Hi,
I would like to know, if I have two ecash scheme, how do I do a
comparison of the efficiency in terms of storage, speed and memory
usage?
I was thinking of doing this to calculate the storage efficiency:
Select an appropriate key size and the appropriate variables size,
count the number of bytes for each coin.
To calculate the speed, I have no idea at all. Do I use the O-notation?
What happen if one scheme uses RSA and the other uses DLP or ECC? Do I
have to do an actual implementation to find out which is more efficient?
Anybody can help?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Sun, 20 Feb 2000 23:59:55 -0800
[EMAIL PROTECTED] wrote:
>
> > Do you also think that no one should be interested in a utility
> > program that will overwrite a file completely where each BIT is
> > overwritten first with one's (every byte to 11111111) and then the
> > entire file is overwritten again with zeros (every byte to 00000000)
> > to effectively wipe out any trace of the original data contained in
> > the file?
>
> Look, as I've already told you, I am not a cryptographer, but even I know
> that this method is not secure. Take a look at http://
> www.cs.auckland.ac.nz/~pgut001/secure_del.html for better methods and a
> quick overview on secure file deletion.
>
> Greetings,
>
> Erich Steinmann
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
I think what you have pointed out is technically correct and useful
information.
To a first approximation my system is adequate for now. My software
is intended to provide privacy. And it does this quite well over
the Internet. It is not intended to allow serious criminals to
escape justice.
The next generation software of OAP-L3 will incorporate the
information contained in the document you gave the URL to.
I thank you and so will the users of the Second Generation of OAP-L3.
Like most software, subsequent versions of OAP-L3 will get better
and better and better, in part, thanks to you.
------------------------------
From: John Underwood <[EMAIL PROTECTED]>
Crossposted-To: misc.survivalism,comp.security.pgp.discuss
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Mon, 21 Feb 2000 08:33:55 +0000
On Mon, 21 Feb 2000 at 03:59:59, John Savard <[EMAIL PROTECTED]
nton.ab.ca> wrote in comp.security.pgp.discuss:
(Reference: <[EMAIL PROTECTED]>)
>God, being perfect, has correct knowlege about mathematics. Thus, He knows all
>the properties of all the integers. And He also knows the truth about "the
>largest integer": there is no such thing. Anyone who thinks he knows what the
>largest integer is is a fool, and God is no fool.
>
The standard answer to this one is that god can only do what is in
itself possible. For example, squares and circles are, by definition,
mutually exclusive sets. God cannot, therefore, create an object which
is simultaneously a member of both sets. God could have created a
universe with a different definition of squares and/or circles, but he
or she didn't.
Aristotle established that the nature of numbers is such that there can
never be a number greater than which there is no other number. He used a
very simple proof of this. Hypothesise that there is such a number and
then add one to it. You then have a number which is larger than the
largest possible number. Since that is clearly impossible, the original
hypothesis is wrong.
Once again, following the hypothesis that god created numbers (and there
are many who would argue that numbers are an abstraction in the mind of
man) then the nature of that creation presupposes the impossibility of
there being a largest number let alone knowing what it is.
>However, He does know all the transfinite numbers, and whether the Continuum
>Hypothesis is true or not. And there is at least one body of opinion concerning
>the transfinite numbers that does postulate a largest transfinite number,
>denoted by a capital omega - rather appropriately. So perhaps there can be a
>largest _number_, if one leaves the real line to include the transfinites.
What has any of this got to do with god? It was man who was given the
task of naming the creatures. Wherever they came from in the first
place, it is man who placed things in classes. At least that would
appear to be what Genesis says. Classical philosophers would concur in
that the naming of things, recognising them by genus and species, is an
abstraction performed by the intellect. If god knows anything about
transfinite numbers, it is because he has listened to the men who have
recognised them in the universe and labelled them in accordance with the
command of god. They may be part of a divinely created universe, but it
is man who has defined the concept by which they can be recognised.
Or did god give all the creatures names and was only kidding Adam?
--
John Underwood
------------------------------
From: "ink" <[EMAIL PROTECTED]>
Subject: Re: I stole also the diary and calendar of Markku J. Saarelainen
Date: Mon, 21 Feb 2000 10:50:46 +0100
Mok-Kong Shen schrieb in Nachricht <[EMAIL PROTECTED]>...
>William A. Nelson wrote:
>>
>
>> organization in detail. It does appear that Markku J. Saarelainen had the
>> skill of deceiving and influencing people since early 1970's.
>
>This group is devoted to cryptology and tightly related issues
>not to human skill, psychology or even religion!!
>
>M. K. Shen
Shen,
it's no use - he's not reading your replies. Ignore him
or kill-file him.
Regards
Kurt
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Mon, 21 Feb 2000 11:12:57 +0100
Douglas A. Gwyn wrote:
>
> Mok-Kong Shen wrote:
> > A non-expert has to wait till the heated dispute of
> > the diverse experts settles before being able to know the truth,
> > doesn't he?
>
> No, that's why you were born with a brain of your own.
> The "heated dispute" was not a dispute among experts,
> who are in agreement on all the major issues involved.
> You can check who is and is not a reliable source of
> information on the subject by checking what they say
> against reference material, in this case the standard
> defining the programming language. If you want to
> learn more about the C programming language, there are
> several suitable sources, including a book co-authored
> by the original inventor of the language.
Perhaps you should have some understanding (also pity) of the
'psychology' of non-experts. If a non-expert sees a debate
in which everyone points out something which he thinks is
the mistake of someone else (it happens that the non-expert's
knowledge does not enable him to easily distinguish major mistakes
from minor ones in the field concerned), he cannot help
get a feeling of great uncertainty. Imagine the case I am
going to have a major surgical operation and I hear the surgeons
disputing about which knifes should properly be used! Yes, I can
also consult the C standard and the good books of C to boast up
my knowledge, but then I wouldn't need to read this thread at all.
In fact, I am in possession of a C++ book containing code for I/O
of binary stuffs. That should work, though I haven't yet tried it.
But I also like to know what one should properly do for the same in C.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Processor speeds.
Date: Mon, 21 Feb 2000 11:12:47 +0100
Douglas A. Gwyn wrote:
>
> "John E. Kuslich" wrote:
> > ... The performance they achieve on ray trace software would not
> > be possible using the classic CRAY boat anchor computer.
>
> Ray tracing is the epitome of a *parallel* task (each pixel can be
> computed independently), while Cray computers have been *vector*
> machines. Also, as I noted previously, supercomputers normally
> have incredibly high I/O performance, which cannot be matched by
> distributed PCs. You should use the appropriate tool for the
> appropriate task.
The point is that the ratio of the set of 'appropriate' tasks for
the supercomputers to the set 'appropriate' for PC is constantly
diminishing. Here appropriateness is of course to be determined
'mainly' by economic criteria. First the drop of price of PC chips
and the development of techniques for distributed computing enabled
much jobs to be done with PCs at widely spread locations. Then
supercomputers consisting of a huge number of chips, like the one
at Sandia, gave a significant blow to the Cray type of supercomputers.
I am convinced that the Cray type is out even though I am personally
acquainted with persons who are still 'fans' for that for reasons
comprehensible (as well as uncomprehensible) for me.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES source code on web
Date: Mon, 21 Feb 2000 11:12:39 +0100
Douglas A. Gwyn wrote:
>
> Mok-Kong Shen wrote:
> > ... in conformity with the fact that governments (plural) don't seem
> > to like to see advancements of the science of cryptology in the
> > public ...
>
> Nor do they like to see anyone other than themselves making
> advances in offensive or defensive military weaponry, nor in
> several similar areas. But what a government "likes" is not
> particularly relevant; it's what it can *do* about it.
You are right. It is obvious to most (probably even to most
bureaucrats who strongly advocate crypto regulations) that restriction
of crypto, a field of science almost independent of 'materials' but
only dependent on the cells of the human brain, can never be of any
practical 'efficiency' and hence is a nonsense, even though, in
principle (theory) anything that limits/reduces the capabilities of
the bad guys is good. The situation is somewhat different in the
case of, say, drug control. Here there is meterials involved and
the authorities can exercise control and achieve certain real
efficicies, even though it is apparent that one can never 'absolutely'
solve the problem of drugs before the police recruits at least
one tenths of the population to be its officiers.
>
> > Cf. the history (in the sixties, if I remember correctly)
> > that crypto publications should be suppressed or (as is later
> > implemented) the manuscripts are subject to voluntary presentation
> > by the journal editors to the authorities for prior 'review'.
>
> I think you refer to *one* incident where an NSA employee on
> his own initiative contacted symposium attendees about vetting
> their presentations. Suppression was clearly not within the
> legal authority of the Agency nor indeed of any part of the US
> government. As one result of the flap that occurred, several
> publishers agreed to voluntarily submit potentially dangerous
> articles for Agency review, but would not be bound to abide by
> the Agency recommendations. There was precedent for this, for
> example, David Kahn's "The Codebreakers" was published minus a
> couple of items that could have adversely impacted on national
> security.
My memory in the matter is not very good. I am ignorant of the
incident you referred to. But there were a couple of issues of CACM
where the topic was discussed, if I don't err. (Sometime in the
sixties or maybe seventies.) According to what I could make out of
these and assuming that my memory is correct, the authorities
(actively) wanted prohibition of publications of crypto articles in
scientific journals through means akin to the EAR, i.e. through
law enforcement. But the 'resistance' of the public opinions had
finally led them to accept the 'weaker' solution of voluntary
submission of manuscripts by the journal editors to them for review.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Keys & Passwords.
Date: Mon, 21 Feb 2000 11:12:52 +0100
Joseph Ashwood wrote:
>
> > A hex (4 bits) has only 32 bits, so one can only map that
> to 32
> > specifically chosen symbols between the ascii values
> 32-126. The
> > small set {a-z, 0-9} has already 36 symbols. Further, if
> one maps
> > a hex to a subset of that, one could just as well use the
> hex
> > itself, I suppose. (What I meant was mapping a pair of
> hexs (8 bits).
> > That seems out of the question in any case.)
>
> I think you misunderstood the first first part, or perhaps I
> misunderstood at least one of the statements. What I believe
> was meant was to create a mapping of greater than 16
> possibilities (hex) to the range of 32-126, perhaps going as
> high as using the full range of 94 characters. This would
> give much more range of characters, and suitably shrink the
> data size by a factor of 5.875. The only reason I see
> against doing these operations is that if you're dealing
> with a large text it could be quite compute intensive to
> convert, but the original question was for keys and
> passwords, which I'd put an upper limit of 30 base 256 to
> make the new max in the high 30s which can be memorized by a
> person in a short amount of time. If instead you chose to go
> with hex the length would be 60, which is more difficult to
> remember.
First of all I should say that I made an error. '32' in my
follow-up should read '16'. What I meant is this: I have a system
limiting the length of password input to 8 characters (key strokes).
If I use a hashing program to hash a long parsepharse (that
presumably has more than 8*256 bits of entropy) and get an
appropriate sequence of hexs, how should I 'optimally' turn that hex
sequence to the 8 characters that I am going to type in. I could
convert each pair of hexs (together 8 bits) to a symbol of the
(8-bit) ASCII, but not everyone of these could be conveniently
keyed in. Suppose I want to limit the input characters to the set
{A-Z, a-z, 0-9), consisting of 62 allowable characters, what should
I 'best' do to the hex sequence obtained from my hashing program
for the purpose? (If mapping, how is that mapping to be done?)
I must admit that I don't yet quite understand the last part of
your paragraph above. If I map each hex to one character of my set
(an obvious choice is the 'identiy' mapping), then I'll get
only 8*4 bits of entropy in my password, don't I? Thanks for
your help in advance.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
