Cryptography-Digest Digest #377, Volume #11 Tue, 21 Mar 00 11:13:01 EST
Contents:
Re: Non-doublespending offline digital money? (Erwin Bolwidt)
Re: Download Random Number Generator from Ciphile Software ("Tom St Denis")
Re: Download Random Number Generator from Ciphile Software ("Tom St Denis")
Re: Opinions? (ca314159)
Re: Concerning UK publishes "impossible" decryption law (Richard Herring)
Re: Card shuffling (Tim Tyler)
Re: Concerning UK publishes "impossible" decryption law ("�R���")
Re: Factoring Large Numbers - I think I figured it out! (Paul Schlyter)
Re: More weapons for Mallory against Quantum Encryption ([EMAIL PROTECTED])
Re: Quantum crypto flawed agains Mallory? ([EMAIL PROTECTED])
Re: Card shuffling (Jim Reeds)
Re: Just *Germain* primes (Tim Tyler)
Re: Factoring Large Numbers - I think I figured it out! (Bob Silverman)
Re: Factoring Large Numbers - I think I figured it out! (Bob Silverman)
Re: RC4: Please Help (Doug Stell)
Re: IV vs. SALT? (Doug Stell)
Re: Factorization (Bob Silverman)
Re: Download Random Number Generator from Ciphile Software ("Anthony Stephen Szopa")
test... ("TARRTEC")
Re: Download Random Number Generator from Ciphile Software (Doug Stell)
Re: ecc equation (Tom St Denis)
Re: ScramDisk problem : storing PLAIN TEXT PASSPHRASE in the driver cache ...
(Shaun)
----------------------------------------------------------------------------
From: Erwin Bolwidt <[EMAIL PROTECTED]>
Subject: Re: Non-doublespending offline digital money?
Date: Tue, 21 Mar 2000 11:53:35 +0100
matt wrote:
> Could anyone tell me if it is theoretically/physically possible to
> have a digital cash system which is offline, and prevents double
> spending?
Have a look at Bruce Schneiers "Applied Cryptography", it describes how
Chaums system works. It's offline in the sense that the seller doesn't
need to do an online check with a banking system.
It's a matter of chance; you can bring down the change of succesful
double spending to 1 in 2^n where you can make n as big as you want, but
it increases communication overhead lineairly with n.
> Just thinking about it, it seems impossible. But maybe someone knows
> some really tricky maths etc...?
What I want to know is if there is any non-patented scheme to do this?
Erwin Bolwidt
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Download Random Number Generator from Ciphile Software
Date: Tue, 21 Mar 2000 12:31:46 GMT
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> (Please Note: I had some trouble posting this reply and had to
> cancel several attempts until I got it right. Sorry for any
> inconvenience.)
>
> It is most correct to say that the period, for all practicable
> purposes, approaches infinity.
That's the line I was hoping for. See no deterministic finite state machine
can do anything with any regard approaching infinity.
> The software is designed to allow the user to continue to generate
> random digits indefinitely.
Shouldn't be.
> All that need be done is to subsequently process the MixFiles
> (randomly ordered sequences of the permutations of the digits
> 0 - 9 created from random user input) that are used in the random
> number generator.
How do you randomly create these files?
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Download Random Number Generator from Ciphile Software
Date: Tue, 21 Mar 2000 12:32:40 GMT
Well I have a tiny paper on my website [http://24.42.86.123/] where I talk
about secure fibonacci generators. I don't do any serious math in it, but
it may be aplace for you to start.
Tom
Anton Stiglic <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Is there a Paper that goes along with this implementation of a
> Random Number Generator. Something that describes why
> it is cryptographicaly safe, some scientific reasoning to
> convince myself why I should think about using it?
>
> Anton
>
------------------------------
From: ca314159 <[EMAIL PROTECTED]>
Subject: Re: Opinions?
Date: Tue, 21 Mar 2000 12:36:39 GMT
In article <8b62gr$tip$[EMAIL PROTECTED]>,
zapzing <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> ca314159 <[EMAIL PROTECTED]> wrote:
> > Marc Howe wrote:
> > >
> > > There is nothing that is truly random, correct?
> > >
> > > Marc
> >
> > There is nothing that is truly X, correct?
> >
> > X="an apple"...
> >
> > Sounds like the "word problem" in formal language theory:
> >
> > http://ink.yahoo.com/bin/query?p=%22word+problem%22&hc=0&hs=1
> >
>
> What an odd link that was. Which of those pages
> were you refering to ??
>
The best codes are the ones that stare you in the face
and look like nothing more than a dead leaf, or branch.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,alt.privacy
Subject: Re: Concerning UK publishes "impossible" decryption law
Date: 21 Mar 2000 13:55:07 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, �R��� ([EMAIL PROTECTED]) wrote:
[upside-down quoting restored]
> "Richard Herring" <[EMAIL PROTECTED]> wrote in message
> news:8b5e2s$f9d$[EMAIL PROTECTED]...
> > In article <[EMAIL PROTECTED]>, �R��� ([EMAIL PROTECTED])
> wrote:
> > > an electric magnet is not so hard to make or get hold of, its harmless
> > > unless power is given to it, and when powered, can be easily be strong
> > > enough to destroy data an the disks.
> >
> > I find that difficult to believe Can you provide figures to
> > justify your assertion?
> well, if configured right to use power from your power pack, it might be
> strong enough to damage your disks,
I'll take that as a "no", then. The word was "destroy", not "damage",
and the request was for quantitative data.
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Card shuffling
Reply-To: [EMAIL PROTECTED]
Date: Tue, 21 Mar 2000 13:42:40 GMT
Stephen Houchen <[EMAIL PROTECTED]> wrote:
: [...] So how about this idea:
: 1) Let n=0.
: 2) Select a random number 0 <= r < (52-n).
: 3) Count through a set of value-ordered cards and pick the nth one [...]
: 4) Place this value into the shuffled deck in position n.
: 5) Decrement n.
: 6) If n>=0, go to step 2.
: Would this be a statistically good shuffle? Is it better than swapping
: random pairs lots of times?
You probably want "Let n=51", "0 <= r <= n", and to "pick the rth one".
With these minor fixes, this is the classical method of generating random
permutations from a random stream, as described by R. Durstenfeld.
Assuming a suitable RNG, the distribution it produces is the ideal one.
It's genuinely better than swapping random pairs lots of times.
That would never going give you a maximally random shuffle.
Cards will always be more likely than would be expected to stay in their
current places, no matter how many times you iteratte the swapping.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Be good, do good.
------------------------------
From: "�R���" <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,alt.privacy
Subject: Re: Concerning UK publishes "impossible" decryption law
Date: Wed, 22 Mar 2000 01:16:18 +1100
quantitive data, im afraid i am not very up on electronics as much as i
would like to be, of course your request works both ways, can you disprove
the posibilty of a magnetic feild powered by the pc to destroy/damage the
disk, switched on by a false login, powered through the paralel port? im not
being a smart ass, and i might have shot my mouth off, but i am an idea's
man, and like to be proven conclusively wrong. not just flamed
--
"Oh GOD, Please save me from your followers"
more of my ramblings can be found at http://oakgrove.mainpage.net
"Man is a part of nature, not apart from nature"
anti spam, remove 'nospam' to mail me
ICQ:16544782
"Richard Herring" <[EMAIL PROTECTED]> wrote in message
news:8b7uvr$ahi$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>, �R��� ([EMAIL PROTECTED])
wrote:
>
> [upside-down quoting restored]
>
> > "Richard Herring" <[EMAIL PROTECTED]> wrote in message
> > news:8b5e2s$f9d$[EMAIL PROTECTED]...
> > > In article <[EMAIL PROTECTED]>, �R��� ([EMAIL PROTECTED])
> > wrote:
> > > > an electric magnet is not so hard to make or get hold of, its
harmless
> > > > unless power is given to it, and when powered, can be easily be
strong
> > > > enough to destroy data an the disks.
> > >
> > > I find that difficult to believe Can you provide figures to
> > > justify your assertion?
>
> > well, if configured right to use power from your power pack, it might be
> > strong enough to damage your disks,
>
> I'll take that as a "no", then. The word was "destroy", not "damage",
> and the request was for quantitative data.
>
> --
> Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Factoring Large Numbers - I think I figured it out!
Date: 21 Mar 2000 13:03:40 +0100
In article <nUDB4.1936$[EMAIL PROTECTED]>,
Richard Anthony Hein <[EMAIL PROTECTED]> wrote:
> "Paul Rubin" <[EMAIL PROTECTED]> wrote in message
> news:8b6hip$h09$[EMAIL PROTECTED]...
>> In article <dyzB4.1915$[EMAIL PROTECTED]>,
>> Richard Hein <[EMAIL PROTECTED]> wrote:
>>> I have developed an easy method for factoring large numbers. This
>>> probably sounds rediculous to everyone here, but if you contact me,
>>> I need help to develop the technology. You can decide then if I am
>>> a quack!
>>
>> I think I've already decided.
>>
>>> Email me at [EMAIL PROTECTED] for more information. A non-disclosure
>>> agreement will be required of any parties involved in the project.
>>
>> How about I send you a large composite number. After you send me
>> the factors, then we can talk.
>
> Paul, forming an opinion on something without having the information to make
> a logical decision is called prejudice. It has kept humanity from many
> achievements in the past, and will probably be around forever. That's life.
If someone popped up, claiming the Earth is Flat, would you carefully
investigate whether he could be right? Or would you use your prejudice to
discard what he claimed?
Yes, prejudice will be around because it often saves us a lot of
trouble. Prejudice is really nothing than using previous experiences
to make decisions quicker. Regarding factoring: there have been many
people who have claimed to have invented a real breakthrough in
factoring big numbers. So far all have failed. Now another one
emerges, and until he shows he really has what he claims to have,
it's quite reasonable to assume he's no different from the others.
Now, if Richard Hein wants to convince the rest of the world he actually
can factor large numbers faster than anyone else before him, he should
obtain the factoring challenge numbers from RSA Labortory -- an email
request for these numbers can be done at the URL below:
http://www.rsasecurity.com/rsalabs/challenges/factoring/lists.html
If he factors all, or even some, of these challenge numbers with his
new technology, he will have no problem getting any help he requests.
He probably even will be paid extremely well just to shut up, even
for a limited time while all those security systems which today are
based on RSA are being rebuilt on some other technology. Yes, big
bucks are at stake here.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: More weapons for Mallory against Quantum Encryption
Date: Tue, 21 Mar 2000 14:26:54 GMT
> In that case his goose is cooked. When Alice and BOB comapre a subset
of
> their quantum bit interchanges, they will discover that 25% of them
they
> agree on the direction of polarization but not on the value. They will
> know that someone was listening in, and will not send any data.
> The quantum protocol tests the assumption that there was no listening
> in. If it fails the whole bit transmission is thrown away (or they use
> one of the bit distialltion procedures which creates a key which is
> entirely unknown to Mallory though it is known to BOB and Alice.
When they are going to compare the bits?
It is assumed that EVERYONE knows the protocol, isn't it? If the
protocol is to compare the first 100 bits of the communication, for
example, Mallory will just let them pass by. She would lose the bits,
but get the rest of the communication. If you get this authentication
too complicated, the protocol become useless for most of the
applications.
Daniel.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Quantum crypto flawed agains Mallory?
Date: Tue, 21 Mar 2000 14:31:16 GMT
> You might be interested to know that it is now
> possible for an attacker to gain part or all of
> the encrypted quantum data yet *not* be able
> to derive any info about the original quantum
> state. This security is enabled via the brand
> new quantum one time pad:
I don't have time to underst throughly the math involved, but I
understand partially. In the text you sent me, there is the need for
secret sharing, isn't it? This is nice for some applications, but
doesn't have the reach of regular public-key crypto. It would not be
too useful for secure military communications. Besides this, the work
was focused in a algorithm for information storage, not data transfer.
Maybe you understood it better than me, could I use regular
cryptoanalysis to derive the original quantum states? For what I got,
it's a regular encryption algorithm applied to the quantum states...
Daniel.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Jim Reeds <[EMAIL PROTECTED]>
Subject: Re: Card shuffling
Date: Tue, 21 Mar 2000 14:46:36 GMT
Mok-Kong Shen wrote:
...
> I think the most general situation could be described thus: You give
> a person a deck. He does something to it without your observation
> and gives it back to you. Now what you see is only a certain
> permutation of the original deck. My original post was effectively
> asking whether it is sensible (and, if yes, how) to a assign
> a numerical value to that permutation characterizing how well the
> person has destroyed the order of the deck you gave him. Do you
> think that such a measure could be well defined, at least to the
> satisfaction of the players?
No. If the dispassionate cool headed thinkers of sci.crypt cannot
agree, why do you think the players (who have money riding on the
game) would? Especially if you don't tell us the game or the kind
of shuffling method or the likely deviations from correct behavior
(such as, are we allowed to suspect the shuffler is dishonest?) and
if you only allow the evidence of one permutation. (What if the
shuffler stacks the deck just once per 100 shuffles. Even if you
could detect the stacking if you saw it, chances are the one
sample permutation isn't stacked. But maybe that's all it takes
for him to get rich.)
--
Jim Reeds, AT&T Labs - Research
Shannon Laboratory, Room C229, Building 103
180 Park Avenue, Florham Park, NJ 07932-0971, USA
[EMAIL PROTECTED], phone: +1 973 360 8414, fax: +1 973 360 8178
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Just *Germain* primes
Reply-To: [EMAIL PROTECTED]
Date: Tue, 21 Mar 2000 14:22:45 GMT
[EMAIL PROTECTED] wrote:
: I think that these numbers, whether you choose to define them as primes
: that are one greater than twice other primes, or as primes that you can
: double and add one to, to get other primes, ought to be called "Germain
: primes", not "Sophie Germain primes".
[...]
: What, then, is different about Sophie Germain that we'd single her out in
: this unusual way? I'm afraid the answer is obvious, and it doesn't
: reflect well on the mathematical community. It would be much more
: appropriate to honour her in exactly the same way we'd honour anyone else
: of similar accomplishment.
Conventionally, many ladies change their surnames when they marry - a fact
that may influence naming conventions.
Other ladies in science have also been treated in this way: for example,
The Countess of Lovelace, Augusta Ada King, Augusta Ada Byron-King,
Lady Augusta Ada Byron, Augusta Ada Byron-King is now probably best known
as "The Countess of Lovelace" - or simply "Ada" - partly because of some
obvious surname confusion.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Meditation is not what you think.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Factoring Large Numbers - I think I figured it out!
Date: Tue, 21 Mar 2000 15:09:34 GMT
In article <dyzB4.1915$[EMAIL PROTECTED]>,
"Richard Hein" <[EMAIL PROTECTED]> wrote:
> I have developed an easy method for factoring large numbers. This
probably
> sounds rediculous to everyone here, but if you contact me, I need
help to
> develop the technology. You can decide then if I am a quack!
>
> Email me at [EMAIL PROTECTED] for more information. A non-disclosure
> agreement will be required of any parties involved in the project.
Super! I'd love to see such an algorithm.
Fortunately, it is is to check if you are a quack. And one need not
even look at your method!
Just factor the following, then get back to us.
437729172051175398096146412342584116368110203692209421076132181263932018
788906557052513998886836179888597531878357445242989308763697038251224494
021909
>
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Factoring Large Numbers - I think I figured it out!
Date: Tue, 21 Mar 2000 15:13:53 GMT
In article <nUDB4.1936$[EMAIL PROTECTED]>,
"Richard Anthony Hein" <[EMAIL PROTECTED]> wrote:
> Paul, forming an opinion on something without having the information
to make
> a logical decision is called prejudice. It has kept humanity from many
> achievements in the past, and will probably be around forever. That's
life.
But he DOES have information. Specifically: your behavior!
Claiming to have something noone else has, and refusing to divulge
it except under restricted circumstances is the hallmark of a crank.
If instead you really HAD a method, you would be submitting it for
publication instead of being secretive.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: RC4: Please Help
Date: Tue, 21 Mar 2000 15:02:00 GMT
On Tue, 21 Mar 2000 02:53:50 GMT, "Marc Howe" <[EMAIL PROTECTED]>
wrote:
>I am using the RC4 algorithm and I read that one of its weaknesses (like
>other stream ciphers) is that if someone uses the same key to encode several
>files, an attacker can figure it out.
This is not a weakness of RC4. It is a standard situations with stream
ciphers
> I appended a 10 byte IV to the 54
>byte key before it goes to the SHA hash routine. The IV is simply appended
>to the end of the key that is read.
IV is the wrong term here. The correct term is "salt" and it is a
normal approach when either the secret key is small or is likely to be
used multiple times.
>My questions are:
All have been answered by the previous poster.
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: IV vs. SALT?
Date: Tue, 21 Mar 2000 15:09:30 GMT
On Mon, 20 Mar 2000 23:07:54 GMT, "Marc Howe" <[EMAIL PROTECTED]>
wrote:
>I'm a newbie to crypto, so I was wondering what the differences (if any -
>and similarities as well) are between IV (Initialization Vector) and SALT?
They are quite different. Here are some simple examples. They may have
more formal meanings and wider applications, but these examples are
newbieized.
IVs are used with block ciphers. The best example of an IV is that
used with the CBC mode. In CBC mode, the output of the previous
encryption is XORed with the current plaintext before it is encrypted.
You need something to XOR with the first bock of plaintext, the IV.
The IV is often considered secret.
Salt is used slow down attacks against short keys or stream cipher
keys that are likely to be used more than once. Salt is mixed in with
the key to form a unique and usually longer encryption key for each
encryption. The salt must be sent in the clear to the decrypting
party, as it is required for decryption.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Factorization
Date: Tue, 21 Mar 2000 15:20:38 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Scott Fluhrer wrote:
> [...]
> > The integers is a Unique Factorization Domain, which is a fancy way
of
> > saying that any integer can be factored into primes in essentially
one way.
>
> That reminds me: are there any PK cryptosystems based on the hardness
of
> factoring in UFDs other than the integers?
No. There can't be. Any such problem would be (at worst) reducible (by
taking norms) to factorization over the integers.
> Also, is there any reason to
> believe that factoring in a different, suitably chosen UFD could be
>harder than factoring integers?
See above. In fact, there are UFD's and factoring problems which
are substantially EASIER than factoring over Z, e.g. factoring
primes congruent to 1 mod 4 over Z[i].
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Anthony Stephen Szopa" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Download Random Number Generator from Ciphile Software
Date: Tue, 21 Mar 2000 07:15:35 -0800
The idea is that the software terminates when the random digit stream is
exhausted. It does not regenerate the same random digits unless you
restart the software using the same MixFiles.
To generate additional random digits you should reprocess the MixFiles
then generate completely different random digits.
Basically, you can generate more numbers than you can practicably ever
use with this software and never repeat the random digit stream.
(Of course you cannot generate anything approaching an "infinite" supply
of random digits with this software. "Practicably" speaking, your memory
of ever having existed will fade from world consciousness before anyone
exhausts the random number supply when properly using this software.)
You can download the software to answer your basic questions about it.
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:SYJB4.53772$[EMAIL PROTECTED]...
>
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
>
> > (Please Note: I had some trouble posting this reply and had to
> > cancel several attempts until I got it right. Sorry for any
> > inconvenience.)
> >
> > It is most correct to say that the period, for all practicable
> > purposes, approaches infinity.
>
> That's the line I was hoping for. See no deterministic finite state
machine
> can do anything with any regard approaching infinity.
>
> > The software is designed to allow the user to continue to generate
> > random digits indefinitely.
>
> Shouldn't be.
>
> > All that need be done is to subsequently process the MixFiles
> > (randomly ordered sequences of the permutations of the digits
> > 0 - 9 created from random user input) that are used in the random
> > number generator.
>
> How do you randomly create these files?
>
>
>
>
------------------------------
Reply-To: "TARRTEC" <[EMAIL PROTECTED]>
From: "TARRTEC" <[EMAIL PROTECTED]>
Subject: test...
Date: Tue, 21 Mar 2000 15:41:17 GMT
this is a test.
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Crossposted-To: talk.politics.crypto
Subject: Re: Download Random Number Generator from Ciphile Software
Date: Tue, 21 Mar 2000 15:27:28 GMT
On Mon, 20 Mar 2000 23:12:16 -0800, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote:
>Doug Stell wrote:
>>
>> On Mon, 20 Mar 2000 01:31:15 -0800, Anthony Stephen Szopa
>> <[EMAIL PROTECTED]> wrote:
>>
>> >Again, OAR-L3 random number generation software is only intended to
>> >generate random digits or numbers for statistical modeling and computer
>> >simulations.
>>
>> This statement is a very clear hint that it is not cryptographically
>> strong and is of little use to anybody in this newsgroup. If it is a
>> component of a larger cryptographic package, this statement also casts
>> sersiou doubt on the strength of that package.
>
>If we assume you know all the possible reasons for the statement
>then we may accept your conclusion. Please, tell us what I am
>thinking at this moment to prove that you may actually know why the
>statement was made so your conclusion may be considered seriously?
How does anyone know what anyone else is thinking? We can only try to
interpreted the words you offer us. Both expression and interpretation
are risky.
When someone says that a thing "is ONLY intended for X" and the
requirements for X are a lot less than the requirements for Y, then I
can only assume that the auther is stating that it is probably not
intended and/or suitable for Y.
Statistical modeling, simulations and communications test equipment,
X, frequently use random number generators that are statistically
sound, but cryptographically weak. I've built products where the
receiver can quickly sync its PRNG to the transmitter's PRNG. This
PRNG provided a fine statistical test of a communications system, but
is cryptographically worthless. These random number generators
generally do not have the requirement that it should be infeasible to
guess the next output value, knowing the algorithm and all of the
previous values. They may even have the requirement that you can gues
the next output value.
So, what is your intent of the statement; "Again, OAR-L3 random number
generation software is only intended to generate random digits or
numbers for statistical modeling and computer simulations?" Is it also
intended for cryptographic purposes or not?
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: ecc equation
Date: Tue, 21 Mar 2000 15:43:56 GMT
In article <DtDB4.52070$[EMAIL PROTECTED]>,
"Tom St Denis" <[EMAIL PROTECTED]> wrote:
> What are the criteria for choosing an (a, b) component of the curve? I know
> that 4(a^3) + 27(b^2) cannot equal zero, but what else?
>
> Thanks,
> Tom
>
I learned that a must be negative, but what is up with the above
equation to determine if it's a field?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Shaun)
Crossposted-To: alt.security.scramdisk
Subject: Re: ScramDisk problem : storing PLAIN TEXT PASSPHRASE in the driver cache
...
Date: Tue, 21 Mar 2000 16:01:03 GMT
On Mon, 20 Mar 2000 15:30:56 GMT, jungle <[EMAIL PROTECTED]> wrote:
>Aman, has this problem been addressed ?
>it has been documented in the past that serious security problem exist in the
>current version of the scramdisk ...
>
>the reported problem : storing PLAIN TEXT PASSPHRASE in the driver cache ...
The driver does cache the passwords. Clear the cache after mounting
the disk to clear them if you are paranoid.....
They are stored in locked memory that does not go to the swapfile.
EVER. BTW there is nothing any less secure about storing the
passwords, as storing the SHA digests..
There are no user intefaces that expose these passwords.....
Shaun.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
