Cryptography-Digest Digest #325, Volume #11 Mon, 13 Mar 00 19:13:01 EST
Contents:
Re: MD5 collisions (Michael Sierchio)
Re: MD5 collisions (Kevin Buhr)
Re: sci.crypt Cipher Contest Web Site ("Joseph Ashwood")
Re: NSA Polygraph Screening Exposed (Dan Day)
Lame Question - Please help me out! (Kahless42)
Re: Q: Encryption of fax (Mok-Kong Shen)
Re: ZIP format is gone in the past. (Dan Day)
Re: Random permutations (Tim Tyler)
Re: Just *Germain* primes (Paul Koning)
Re: streaming cyphoidians (Paul Koning)
Re: NIST, AES at RSA conference (Tim Tyler)
Re: sci.crypt.applied (Mok-Kong Shen)
Re: US export status of RC4? (Impervious)
Re: Just *Germain* primes ([EMAIL PROTECTED])
Re: Just *Germain* primes ([EMAIL PROTECTED])
linux's /dev/random (antirez)
----------------------------------------------------------------------------
From: Michael Sierchio <[EMAIL PROTECTED]>
Subject: Re: MD5 collisions
Date: Mon, 13 Mar 2000 13:44:56 -0800
Jerry Coffin wrote:
>
> In article <8aifir$qf2$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> > For some value of X, has anyone proven that there are no MD5
> > collisions for ASCII strings of up to X characters?
>
> I doubt it. For any X greater than 16, this cannot possibly be true.
Not quite -- there are 2^(7*N) different possible ASCII messages of
length N, since there are 2^7 ASCII characters.
This means that we can say that for ASCII messages of length greater
than 18.28571 chars there will be collisions (by the pigeonhole
principle). If you're talking 8-bit ASCII, then obviously for
messages of length greater than 16 chars there will be collisions.
All messages of zero length have the same hash, too, so the
number of interest is X > 0, X < 19. I doubt that there are
analytic means to solving this, though a distributed computation
effort could find X.
--
QUI ME AMET, CANEM MEUM ETIAM AMET
------------------------------
From: [EMAIL PROTECTED] (Kevin Buhr)
Subject: Re: MD5 collisions
Date: 13 Mar 2000 16:07:51 -0600
[EMAIL PROTECTED] (Larry) writes:
>
> I want to hash lots of small strings (probaby 3-200 chars, only ASCII
> printable). I realize that the odds are phenomenally small of a
> collision in that data set. I'm trying to convince some relatively
> non-techies to use this architecture- as opposed to saying "it's
> unlikely", I'd rather say "It's been looked at and there are none."
> (if that's true).
What is the context?
Are you trying to store a large set of comparison strings in a concise
form to be compared to a candidate string at a later date?
What are these strings for? Are they passphrases? How many will
there be?
Kevin <[EMAIL PROTECTED]>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: sci.crypt Cipher Contest Web Site
Date: Mon, 13 Mar 2000 14:07:17 -0000
> People have mentioned variable rounds before and its a
good idea.
Within certain bounds it is, but in general perhaps not. One
reason was already stated, but another reason is that by
going over a certain limit in rounds you actually weaken the
strength of the cipher. This can be proven quite easily, and
I gave a sketch of the proof before when discussing
multi-ciphering. By including the number of rounds as a part
of the key (which is in effect what you have done), you also
need to analyze every number of rounds to determine if some
are secure and others are not. Twofish (please substitute
you favorite AES finalist for Twofish from here on) with 1
round is quite insecure, as are nearly all others. However
Twofish with the recommended number of rounds is believed to
be quite secure. Twofish with twice the rounds is probably
secure, Twofish with 2^128 rounds is very likely insecure
(at least not as secure as 2^127 rounds). There is a point
in the number of rounds where having one more round not only
does not strengthen the cipher, it weakens the cipher, no
matter how sophisticated the key schedule. There may also be
weak round counts within the 2^128 range, maybe 77 rounds is
weak (no I don't know this, I pulled the number out of the
air). In a well understood cipher, we can make these
judgements quite quickly, but gaining that knowledge is
difficult.
Joe
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Subject: Re: NSA Polygraph Screening Exposed
Date: Mon, 13 Mar 2000 22:30:38 GMT
On Sun, 12 Mar 2000 06:09:21 -0700, "John E. Kuslich"
<[EMAIL PROTECTED]> wrote:
>The polygraph only works if the subject (victim) confesses out of fear. The
>polygraph, plain and simple, is a fear machine and it works exactly as well
>as voodoo and for the same reasons.
I've read a number of accounts of cops who took a not too bright
suspect and then got him to confess via a laughably fake "lie detector".
In my favorite example, they stuck some wires into a kitchen colander
and put it on the suspect's head, and then sat him next to a copier,
into which they had placed a piece of paper with the words "he's lying"
written on it. Every time the guy said something they found dubious,
they pressed the "Copy" button and showed him a fresh sheet with "results"
from the "lie detector". Figuring he was caught, the guy confessed.
This is just a modern version of the old, *old* trick of taking suspects
for a crime and having them go one by one into a dark shed and pet
the "sheep of truth", which they were told would bleat if touched by
a guilty man. The trick was that the examiners had covered the sheep in
soot, and anyone who came out of the shed without soot on his hands was
obviously afraid to touch the sheep at all, probably because he knew
he was guilty...
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: [EMAIL PROTECTED] (Kahless42)
Subject: Lame Question - Please help me out!
Date: 13 Mar 2000 22:44:22 GMT
Does anyone have source code or an algorithm to prove primality or really
strong pseudoprimality for use in an RSA-type program?
Thanks!
Gordon
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Encryption of fax
Date: Mon, 13 Mar 2000 23:55:05 +0100
jungle wrote:
>
> fax is equivalent to e-mail, any middleman has full access to it ...
> fax is the image sending ...
> all base on the protocol used ... & it's very primitive one ...
But the volume of bits for sending a message with fax is much
larger than for e-mail. So the information-carrying bits are in
some sense diluted/dissolved. (Fax uses some quite specific
compression techniques, if I don't err. But it surely wouldn't
be able to compete with pure ASCII coding of texts in terms of
size.) That's why I conjecture there could be a higher security,
though with a corresponding trade-off in transmission cost. My
thought about handwriting is that, since a character that is
written by hand has no rigid constraints on size, orientation
and even shape, this variability might be exploited to result
in certain difficulties to the opponent. (Some people even have
such poor writings in their normal letters/memos that the intended
recepients may have difficulties to read them.)
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Subject: Re: ZIP format is gone in the past.
Date: Mon, 13 Mar 2000 22:48:16 GMT
On 10 Mar 2000 18:35:40 +0100, [EMAIL PROTECTED] (Paul Schlyter) wrote:
>
>The disadvantage of self-extracting archives are two:
Four, actually. Along with the two you mention (single-platform,
and ripe for viral infection), there's:
3. They can only perform whatever function is already built into the
accompanying extractor/viewer. With ZIP archives, however
(or any other "data only" archive) I can upgrade, or get or
write a special version of the "archive handler" software,
and instantly get additional features and functionality when
I'm working with ANY of my archives. For example, Mijenix
makes a Windows add-on called "ZipMagic", which makes
every Zip file "magically" look like a subdirectory to your
system, making it possible to perform ANY standard file or
folder operation on the contents of any/all ZIP archives
(one of the handiest is using the "Find File or Folder"
Windows feature, which then would let you hunt through the
contents of all ZIP archives as well as all "unzipped" files
on your drive). Try *that* with existing FineCrypt archives.
4. There's a copy of the extractor for each and every archive
on your hard drive. And since the whole purpose of compression
is to SAVE space (by removing redundancy), that rather
defeats the purpose, does it not?
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Random permutations
Reply-To: [EMAIL PROTECTED]
Date: Mon, 13 Mar 2000 22:46:29 GMT
Joseph Ashwood <[EMAIL PROTECTED]> wrote:
:> You /could/ totally eliminate this problem - for example
:> by discarding any runs with duplicated values - if you
:> were concerned about it producing biased results.
: Except that introduces it's own biases. In a K bit pRNG the
: odds of an immediately repeated value should be 1/(2^K), by
: simply discarding all repeated values you immediately set
: this probability to 0, and that is in and f itself a flaw
: (see Enigma).
I don't agree in the slightest ;-/
We're not /talking/ about just a PRNG. We're talking about a way of
/using/ a PRNG to generate a permutation.
Lack of repeated values in the randomly generated index does *not* show
itself in the final permutation - since the indexes are eventually
discarded.
AFAICS, discarding multiple index entries produces statistically "perfect"
results in the resulting permutation - assuming "perfect" random numbers
are supplied, of course.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
&@#="�7%&*fji&430 - Hey! Get that cat off the keyboard!
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Just *Germain* primes
Date: Mon, 13 Mar 2000 17:40:30 -0500
John Myre wrote:
>
> Paul Koning wrote:
> >
> > [EMAIL PROTECTED] wrote:
> > >
> <snip>
> > >
> > > May I say something almost entirely off-topic and annoying? Thank you.
> > > ...
> > > What, then, is different about Sophie Germain that we'd single her out in
> > > this unusual way? I'm afraid the answer is obvious, ...
> >
> > I always wonder why people (in recent times) insist on
> > immediately attributing things like this to sinister
> > motives.
>
> Are you claiming that mskala is attributing this to sinister
> motives? The post doesn't say that.
>
> > Perhaps the "answer is obvious" to you, but it isn't to me.
> > In the absence of a lot more evidence, it's irresponsible to
> > claim (or imply) that the terminology you complained about is
> > inspired by a desire to discriminate.
>
> Are you claiming that mskala claims, or implies, that the terminology
> is inspired by a desire to discriminate? The post doesn't say that.
Sure it does. It says "the answer is obvious". It certainly
is obvious to me what he is implying.
> > Not only that, but the
> > more unsupported claims like this there are, the less likely
> > any such claim is to be taken seriously. Which would be a bad
> > thing in the case where it *does* need to be taken seriously.
> >
> > paul
>
> What claim did mskala make that was "unsupported"? Certainly
> there were many examples given of only last names being used.
Sure. But that does not *prove* intent to discriminate, or sexism,
or the like. It is merely *possible* that it is the cause -- but
there are other possible explanations, and absent any evidence
that others explanations don't fit (no such evidence was given)
the assertion is indeed unsupported by evidence.
> I think mskala's post is apropos, and not nearly as accusatory
> as you seem to think, nor as adversarial as your post. It didn't
> actually say *what* he thinks is going on, only that the answer
> is "obvious", and reflects poorly on the mathematical community.
That sounds like an accusation to me.
> I agree with that. Explicitly, I think that using Germain's first
> name is reflective of unconcious attitudes about gender.
That's one possible explanation. It's not the only one, it is
not clear that it is the most plausible one.
> The same
> attitudes show in references to Flannery. Meanwhile, this habit
> is hardly confined to the mathematical community (consider Curie),
Thanks for bringing up that example, because it proves my point.
If you refer to "Curie" the reference is ambiguous -- both Pierre
and Marie made significant contributions to science.
> I doubt my usage of names will change much - but at least some
> of the time this exchange will occur to me, and the result should
> be beneficial in the long run.
I agree with that point. It's just that I get irritated whenever
someone puts on a PC hat and starts throwing around insituations
of sexism, or xyzism, as if it is appropriate to make that your
*first* theory.
paul
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: streaming cyphoidians
Date: Mon, 13 Mar 2000 17:46:04 -0500
> No Brainer wrote:
>
> > To all,
> >
> > I was wondering what is the best method to encrypt/decrypt/create a
> > message digest/sign data etc...if all you have is a small window to
> > encrypt/decrypt/digest and sign the data with?
> >
> > For example, if someone wanted to stream video to another person and the
> > receiver had to check the validity of the sender but could only receive
> > (and HAD to process in stream format) approx. 2k at a time, how would it
> > be best done? Remember that the receiver cannot receive the whole
> > message to check the sig?
> >
> > It there anything like this available?
> >
> > Is this a dumb question?
Sounds like a good question to me.
Yes, there's a simple solution. IPSEC does essentially this:
each packet is separately authenticated, because there is no
assumption that all packets will be delivered.
You can do this efficiently by arranging for a shared secret
(for example, by Diffie-Hellman key agreement, but be sure to
authenticate the other end and guard against men in the middle).
Then you use that shared secret as the key for a keyed hash,
such as HMAC-MD5. That can be calculated efficiently and
works well even for modest size blocks.
Take a look at the IPSEC specs (RFC 2401 and friends) for more.
paul
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: NIST, AES at RSA conference
Reply-To: [EMAIL PROTECTED]
Date: Mon, 13 Mar 2000 23:05:02 GMT
Joseph Ashwood <[EMAIL PROTECTED]> wrote:
: I fully grant that it would be an unlikely circumstance in
: the normal case, but if our attacker is allowed to choose
: our cipher stack (with sane restrictions), we run the risk
: of interactions. Without analyzing every possible
: cipher-stack we cannot see if there are commutive properties
: within those specific functions, we also cannot see if
: perhaps one cipher weakens another.
The idea that one cypher may weaken another seems like something you
can avoid reasonably easily by inspecting the relevant cyphers in the
stack.
Assuming they do not contain /extremely/ similar internal structures,
the chances of one cypher significantly weakening another - while going
unnoticed to the builder of the stack - seem /extremely/ remote.
The cyphers use independent keys, and - as far as is possible - are
selected from different families. It's not easy to imagine a realistic
scenario where such multiple encipherment introduces weakness.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
I will never lie to you.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: sci.crypt.applied
Date: Tue, 14 Mar 2000 00:34:44 +0100
Gary Watson wrote:
>
> I haven't seen a great deal of discussion of applied cryptography in this
> ng, that is, the nuts-n-bolts techniques used to implement a cipher in such
> a way that the final product is secure. I'm not proposing a new
> sci.crypt.applied newsgroup, but if it existed, perhaps the charter would
> propose discussions of:
[snip]
In my understanding, the reason for creation of a subgroup is
normally because a certain subfield has very often been discussed
and has occupied a very significant portion of the whole traffic
such that it would cause some inconvenience to those who have less
interest in that subfield, i.e. the reason is not because certain
subfields have almost never beed touched upon. So, if my impression
about the content of your list is not wrong, it is time for those
persons who have expertise in the listed topics to post articles
and lead the discussions. Afterwards, if the volume of posts in
some subfields grows above certain proportions, subgroups may be
desirable. For otherwise many people would have to check the posts
in the (separated out) subgroups in addition to the posts in the
main group and that might not be very convenient.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Impervious)
Subject: Re: US export status of RC4?
Date: Mon, 13 Mar 2000 23:02:45 GMT
On Mon, 13 Mar 2000 10:50:01 GMT, [EMAIL PROTECTED] (Impervious)
wrote:
Thanks a million Kent and Paul!
Best Regards,
Manuel
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Just *Germain* primes
Date: 13 Mar 2000 15:41:25 -0800
In article <[EMAIL PROTECTED]>, John Myre <[EMAIL PROTECTED]> wrote:
>as you seem to think, nor as adversarial as your post. It didn't
>actually say *what* he thinks is going on, only that the answer
>is "obvious", and reflects poorly on the mathematical community.
I didn't say what I was talking about, but everyone on the thread
correctly guessed what I was talking about. I think that's evidence that
there IS something to talk about.
--
Matthew Skala "Ha!" said God, "I've got Jon Postel!"
[EMAIL PROTECTED] "Yes," said the Devil, "but *I've* got
http://www.islandnet.com/~mskala/ all the sysadmins!"
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Just *Germain* primes
Date: 13 Mar 2000 15:47:17 -0800
In article <[EMAIL PROTECTED]>,
Paul Koning <[EMAIL PROTECTED]> wrote:
>there are other possible explanations, and absent any evidence
>that others explanations don't fit (no such evidence was given)
The only other explanation I can think of for the term "Sophie Germain
prime" would be to distinguish her from some other famous mathematician
named Germain - as we might very well do when talking about Marie or
Pierre Curie, instead of just "Curie", because they both did significant
work in the same fields. But, as I *did* point out in my original post,
there isn't another famous mathematical Germain to confuse Sophie Germain
with.
What are the other "other explanations" that might fit?
--
Matthew Skala "Ha!" said God, "I've got Jon Postel!"
[EMAIL PROTECTED] "Yes," said the Devil, "but *I've* got
http://www.islandnet.com/~mskala/ all the sysadmins!"
------------------------------
From: antirez <[EMAIL PROTECTED]>
Subject: linux's /dev/random
Date: Mon, 13 Mar 2000 23:53:35 GMT
I played a bit with /dev/random. It seems to overstimate
the entropy. For example under Linux/i386 if you press
a key and didn't relase it, the PC write "aaaaaaaaaaaaaa" with
a constant period, but /dev/random trust this as good entropy
(and trust this as _a lot_ of entropy! 40 bit for every
key pressure or release)
This seems really not so conservative.
Comments?
p.s.
(this is an example of good target for sci.crypt.applied)
--
antirez
email: antirez@linuxcare dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
