Cryptography-Digest Digest #186, Volume #11 Wed, 23 Feb 00 11:13:01 EST
Contents:
Re: Large Int Lib for Delphi ("ink")
Re: Q: Large interger package for VB? (longreply with source) ("Neila Nessa")
Re: Does the NSA have ALL Possible PGP keys? ("csabine")
Re: Does the NSA have ALL Possible PGP keys? ("csabine")
Re: Passwords secure against dictionary attacks? (Ilya)
Re: US secret agents work at Microsoft claims French intelligence report (Gordon
Walker)
Re: Transmitting ciphered data (Volker Hetzer)
Re: Implementation of Crypto on DSP ([EMAIL PROTECTED])
DES algorithm (Charles Nicol)
Re: RSA Speed ([EMAIL PROTECTED])
Re: need help! decryption (wtshaw)
Re: need help! decryption (wtshaw)
Re: DES algorithm (Jean-Jacques Quisquater)
Re: shorter key public algo? (JCA)
Re: need help! decryption (Richard Herring)
----------------------------------------------------------------------------
From: "ink" <[EMAIL PROTECTED]>
Subject: Re: Large Int Lib for Delphi
Date: Wed, 23 Feb 2000 14:37:22 +0100
Thank you very much!
Ryan Phillips schrieb in Nachricht <[EMAIL PROTECTED]>...
>check www.scramdisk.clara.net and click delphi.
>
>Ryan
>
>ink wrote:
>>
>> Does anyone know of a large integer library for
>> Borland/Inprise Delphi, Version 3 or higher? A
>> Turbo Pascal ;-) version would also be welcome,
>> as the language/compiler is essentially the same.
>>
>> Thanks a lot in advance, kind regards
>> Kurt
------------------------------
From: "Neila Nessa" <[EMAIL PROTECTED]>
Subject: Re: Q: Large interger package for VB? (longreply with source)
Date: Wed, 23 Feb 2000 07:44:47 -0600
Crossposted-To: comp.lang.basic.visual.misc,comp.lang.basic.visual.3rdparty,sci.math
This isn't what you are looking for either, but I found it to be an amusing
site ;-)
http://www.jargon.net/jargonfile/b/bignum.html
Neila
Ed Pugh <[EMAIL PROTECTED]> wrote in message
news:88v4cn$hrj$[EMAIL PROTECTED]...
> Thanks for your follow-up, Michael, but I do not think this is quite
> what I am looking for.
>
> It appears that the module you posted does arithmetic on large
> precision decimal numbers, NOT integers (or natural numbers).
> Also, it did not appear to implement the modulus operation,
> which I need.
>
> As well, I noticed that it seemed to have a "naive" implementation
> of the exponentiation function which, for the sizes of exponents
> I am talking about, would probably take a few millenia to execute!
>
> Does anyone know of any better VB implementations of large integer
> packages?
>
>
> Michael Carton ([EMAIL PROTECTED]) wrote:
>
> > <I trimmed the NG list.>
>
> Why? <I added them back!>
>
> >
> > Ed Pugh wrote:
> >>
> >> I want to use Visual BASIC (5.0, pro ed'n, SP3) to do some
> >> prototyping and experimenting with algorithms involving very
> >> large natural numbers or integers.
> >>
> >> Does anyone know if and where I can find and download a
> >> *FREEWARE* (or *UNCRIPPLED* shareware) VB class or "library"
> >> that can handle arbitrarily large natural numbers or integers
> >> (up to a few thousand bits long)? (And it has to work with
> >> VB 5.0.)
> >
> > Here's something I downloaded. Free Source. I tested it with numbers
> > with up to 2,090 digits. It works.
> ^^^^^^^^^^^^
> Bet you did not try a number this size as an exponent (i.e. 2nd
> parameter) for the IntPower function! ;-)
>
> [ SNIP - VB module source code ]
>
>
> Thanks and regards,
> --
> Ed Pugh, <[EMAIL PROTECTED]>
> Richmond, ON, Canada (near Ottawa)
> "Bum gall unwaith-hynny oedd, llefain pan ym ganed."
> (I was wise once, when I was born I cried - Welsh proverb)
------------------------------
From: "csabine" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Wed, 23 Feb 2000 13:43:48 -0000
Kinda reminds of what Descartes once said:
************
Of all things, good sense is the most fairly distributed: everyone thinks he
is so well supplied with it that even those who are the hardest to satisfy
in every other respect never desire more of it than they already have.
Discours de la M彋hode. 1637.
************
Colin.
B Poulton wrote in message ...
>In article <[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] (Steve K) wrote:
>>I just read most of this thread, and it's a very silly thread.
>>
>Agreed. I've been following it because I know little about it. Yet. In
>conjunction with the original post I don't think this article is off topic.
>(Note: This is *not* a slam against Americans. It's just that the study
>groups were primarily American).
>
>Incompetent people rarely know they are
>By Deborah Zabarenko
>
> WASHINGTON, Jan 20 (Reuters) - The truly incompetent may never know the
>depths of their own incompetence, a pair of social psychologists said on
>Thursday.
>
> "We found again and again that people who perform poorly relative to
>their peers tended to think that they did rather well," Justin Kruger,
>co-author of a study on the subject, said in a telephone interview.
>
> Kruger and co-author David Dunning found that when it came to a variety
>of skills -- logical reasoning, grammar, even sense of humor -- people who
>essentially were inept never realized it, while those who had some ability
>were more self-critical.
>
> It had little to do with innate modesty, Kruger said, but rather with a
>central paradox: Incompetents lack the basic skills to evaluate their
>performance realistically. Once they get those skills, they know where they
>stand, even if that is at the bottom.
>
> Americans and Western Europeans especially had an unrealistically sunny
>assessment of their own capabilities, Dunning said by telephone in a
>separate interview, while Japanese and Koreans tended to give a reasonable
>assessment of their performance.
>
> In certain areas, such as athletic performance, that can be easily
>quantified, there is less self-delusion, the researchers said.
>
> IGNORANCE IS BLISS
>
> But even in some cases in which the failure should seem obvious, the
>perpetrator is blithely unaware of the problem. This was especially true
>in the area of logical reasoning, where research subjects -- students at
>Cornell University, where the two researchers were based -- often rated
>themselves highly even when they flubbed all questions in a reasoning test.
>
> Later, when the students were instructed in logical reasoning, they
>scored better on a test but rated themselves lower, having learned what
>constituted competence in this area.
>
> Grammar was another area in which where objective knowledge was helpful
>in determining competence, but the more subjective area of humor posed
>different challenges, the researchers said.
>
> Participants were asked to rate how funny certain jokes were, and
>compare their responses with what an expert panel of comedians thought. On
>average, participants overestimated their sense of humor by about 16
>percentage points.
>
> This might be thought of as the "above-average effect" -- the notion
>that most Americans would rate themselves as above average, a statistical
>impossibility.
>
> The researchers also conducted pilot studies of doctors and gun
>enthusiasts. The doctors overestimated how well they had performed on a
>test of medical diagnoses and the gun fanciers thought they knew more than
>they actually did about gun safety.
>
> So who should be trusted: The person who admits incompetence or the one
>who shows confidence? Neither, according to Dunning. " You can't take them
>at their word. You've got to take a look at performance," Dunning added.
>
>
>
>--
>
>bpoulton at vcn.bc.ca (Bob Poulton) Remove the 'trythis.' to reply.
>(for Usenet only) (if I remember to stick it in)
>And Lao-tse said: Those who know don't tell; those who tell don't know.
>--
>x
------------------------------
From: "csabine" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Wed, 23 Feb 2000 13:50:10 -0000
I'm sure that God would give a suitable philosophical answer to such a
question, but it would not be the answer you sought. After all, it is rather
a 'mathematically' dumb question to ask.
Colin.
tiwolf wrote in message ...
>Now Johnny who is blatant stupidity, you claim that even God does not know
>what the highest number is. Given that God is created all things in the
>universe, and inspired human creativity and invention, how can you say that
>God does not know what the highest number is. That would be an indication
of
>limit and according to the philosophical debate and my religious up
bringing
>God is limitless in power and knowledge.
>
>
>Johnny Bravo wrote in message
><[EMAIL PROTECTED]>...
>>On Wed, 16 Feb 2000 12:07:11 -0800, "tiwolf" <[EMAIL PROTECTED]> wrote:
>>
>>>Anything is possible given time, money, and talent.
>>
>> How many times are you going to post this blatant stupidity?
>>
>> Many things are 100% impossible, finding the biggest number for
>>instance. Get this through your head; some problems do not have a
>>solution to find.
>>
>>>Government has nothing to do with it. In this case the government desire
>>>to control along with access to money (tax payers), and (through the
>obscene
>>>spending of the taxpayers money) talent.
>>
>> Make up your mind, does government have something to do with it or not?
>>Makes no difference, impossible is just that, impossible. Even with
>>infinite time, money and talent. Not even God can tell you what the
>>biggest number is.
>>
>> Johnny Bravo
>>
>
>
------------------------------
From: Ilya <[EMAIL PROTECTED]>
Subject: Re: Passwords secure against dictionary attacks?
Crossposted-To: comp.security.misc,alt.security.pgp
Date: Wed, 23 Feb 2000 14:02:13 GMT
Thanks, that's a pretty interesting response.
In alt.security.pgp Ken Hagan <[EMAIL PROTECTED]> wrote:
>>
>> I think that they are not vulnerable to dictionary attacks since the
>> password is not a word, it combines two words and is meaningless
>> and can only be brute-forced.
> You don't seem to be getting much cryptographic analysis here.
> I think it's safe, and I (light-heartedly) challenge anyone to describe
> how they could attack it.
> The one-way hash from "what you type" to "whatever the system stores
> for comparison against" ought to distribute evenly across its space of
> possible hashes. Therefore, for any password, however constructed, one
> wrong answer is as bad as another. Guessing part of the password doesn't
> help.
> Using "real words" as the building blocks is usually said to reduce
> the strength because it reduces the number of possible plaintexts.
> In the extreme case of "only using proper words", a dictionary attack
> with only a million or so words (the whole dictionary) would always
> succeed.
> However, for the scheme you describe, the closest we could come to
> a "dictionary" is as follows.
> 1 Take a dictionary with various capitalisations like "hello", "Hello"
> and "HELLO".
> 2 Add "forms" like telephone numbers, car licence plate numbers, dates
> (in all the common orderings, like MM/DD/YY), ZIP codes etc.
> 3 Take some random punctuation characters.
> Now, permute all of the above in every way. For an initial dictionary of a
> few thousand "real words", this has now become a dictionary of around
> a billion. That is probably out of reach for most crackers, and it wasn't
> much of a dictionary. Here in the UK, people are likely to add postcodes
> (like "SW1 1AA"), national insurance numbers (like "AB 12 34 56 78 X")
> and their lottery numbers into the melting pot. I think the problem rapidly
> becomes hopeless, even for the NSA.
> If someone knows you, they might be able to prepare a better dictionary,
> but I expect you can pick "elements" such that they'd have to be a close
> personal friend to even get close -- and close is not good enough. I can
> think of password elements that have never left my imagination, but which
> are (for me) an obvious part of my identity, and ideal for the purpose.
--
===========================================================================
National Organization for the Repeal of the Federal Reserve: www.norfed.org
The Foundation for the Advancement of Monetary Education: www.fame.org
E-gold: A privately issued e-currency backed by metals: www.e-gold.com
Principia Publishing: www.principiapub.com
===========================================================================
------------------------------
From: [EMAIL PROTECTED] (Gordon Walker)
Subject: Re: US secret agents work at Microsoft claims French intelligence report
Date: Wed, 23 Feb 2000 14:11:06 GMT
On Tue, 22 Feb 2000 18:07:06 GMT, [EMAIL PROTECTED] (Dave
Hazelwood) wrote:
>Remember the snippet above came from a report by the French
>Intelligence Service and not some whacko fan of Skully and Moulder.
Actually, the snippet is *reported* to have come from the French
Intelligence Service. I haven't seen the report and none of the major
news services seem to have reported on it yet.
--
Gordon Walker
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Transmitting ciphered data
Date: Wed, 23 Feb 2000 14:27:05 +0000
Markus Eiber wrote:
>
> Hi there,
> I am looking for some aspects on how ciphering data might influence the
> efficiency of transmission systems.
> Are there any references on this topic?
Not much.
Encryption might impair error recovery as in many encryption systems
errors get propagated over a wide area (an encryption block, the remaining
message or the whole message).
Special encryption modes and stream ciphers may be employed to make recovery
easier.
Many books on cryptography (like Bruce Schneiers "Applied Cryptography")
deal with error progagation too.
As to partial recovery (like for sound transmission), you should consider that
incorrectly decrypted data does not read as silence, but as white noise.
IMOOMDH, but you would probably want to split your data into blocks and transmit
the blocks along with their checksums so you can discard individual blocks at the
receiving end (and possibly request resends).
Greetings!
Volker
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Implementation of Crypto on DSP
Date: Wed, 23 Feb 2000 14:53:32 GMT
>
> Given that all this stuff exists in portable C, and you can get decent
> C compilers these days, you could just run the code through a
compiler.
> DES might benefit from hand-tuning; the rest probably not all that
much.
> (As I recall, there's even a GCC for TI, don't know if it's 100% done
> yet.)
>
I am surprised that there is not much benefit in hand optimisation. 10
years ago it was a rule of thumb that a good assembler program would get
you speed benefits of 5 or more.... Things must have really
changed....Are C compilers that good..? All they all the same
quality...or some more super optimised then others..
But I must point out, that maybe the case for perhaps a Uni-processor
SISD machine, but with pipleline and multi-architecture DSP's..I would
suggest that hand optimisation plays a very significant gain...
Vectorising compilesr have not reached the staet of the art of ordinary
optimizing compilers.
We have done some hand calculations for 3DES on an SIMD machine, and it
turns out that the bottleneck in the algorithm is the Table lookup. The
excl OR runs super fast ( few orders of magnitude faster then table
lookup)...
Maybe someone should design a Block cipher with minimum amout of table
lookup and mainly logical bit operations....are you listening Peter :-)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Charles Nicol)
Subject: DES algorithm
Date: Wed, 23 Feb 2000 09:40:03 -0400
There is an excellent article on the DES algorithm in the Notices of The
American Mathematical Society,March,volume 47,Number 3.
It was written by Susan Landau and should cetainly be read by anyone
interested in block cipher designs.
C.Nicol
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RSA Speed
Date: Wed, 23 Feb 2000 15:04:26 GMT
> With x86 ASM on a 350mhz, I'm currently getting
> 17ms for encryption and 1ms for decryption.
> This is the ball park to aim for. At this point most improvements are
> efficiency in coding vs algorithm choices.
It would be interesting to compare this timming with C Code...Do you
have any results on this?. Reason why I am asking, is because there is
a thread where someone is claiming that you dont get significant
improvement in speeds by hand coding in assembler.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: need help! decryption
Date: Wed, 23 Feb 2000 08:44:14 -0600
In article <[EMAIL PROTECTED]>, jamie <[EMAIL PROTECTED]> wrote:
> This arrived in my email and I have no idea what it is, can someone tell
> me how to decypher it?
>
> Thanx in advance...
>
> Subject:
> 真實的故事,請你我一齊來關心
> From:
> Nothing <[EMAIL PROTECTED]>
>
I should has said *most* since a few uc letters are included. thy might
just be format things.
--
Regarding healthcare, when GWB became govenor, Texas was 43 in
the nation, now we are 49th. And, I need not tell you about his
bloody support of the death penalty. Reformer?
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: need help! decryption
Date: Wed, 23 Feb 2000 08:42:10 -0600
In article <[EMAIL PROTECTED]>, jamie <[EMAIL PROTECTED]> wrote:
> This arrived in my email and I have no idea what it is, can someone tell
> me how to decypher it?
>
> Thanx in advance...
>
> Subject:
> 真實的故事,請你我一齊來關心
> From:
> Nothing <[EMAIL PROTECTED]>
>
Since the characters appear in the upper ascii range, and routine ones are
in the lower, try checking for minimum and maximum ascii values to see if
an easy subtraction can bring it back to earth.
--
Regarding healthcare, when GWB became govenor, Texas was 43 in
the nation, now we are 49th. And, I need not tell you about his
bloody support of the death penalty. Reformer?
------------------------------
From: Jean-Jacques Quisquater <[EMAIL PROTECTED]>
Subject: Re: DES algorithm
Date: Wed, 23 Feb 2000 16:30:48 +0100
See
http://www.ams.org/notices/200003/fea-landau.pdf
Jean-Jacques Quisquater,
------------------------------
From: JCA <[EMAIL PROTECTED]>
Subject: Re: shorter key public algo?
Date: Wed, 23 Feb 2000 07:36:58 -0800
Mike Rosing wrote:
> ECC with correct parameters is plenty secure. You can use 100 bit
> keys with ECC and get the same as 768 RSA security. There are lots
> of sources available, many of them free.
>
Lenstra and Verheul seem to put the equivalence it in the 122/124 bits
range.
------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Subject: Re: need help! decryption
Date: 23 Feb 2000 16:00:54 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, jamie ([EMAIL PROTECTED]) wrote:
> This arrived in my email and I have no idea what it is, can someone tell
> me how to decypher it?
It's not enciphered...
> Subject:
> 真實的故事,請你我一齊來關心
> From:
> Nothing <[EMAIL PROTECTED]>
Install Chinese fonts. That .tw is the clue.
Then you will be able to read spam in Chinese as well as English ;-)
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
