Cryptography-Digest Digest #378, Volume #11 Tue, 21 Mar 00 14:13:02 EST
Contents:
Re: Card shuffling (John Myre)
Re: IV vs. SALT? (John Myre)
Re: test... ("Tom St Denis")
Playfair cipher (Ian Partridge)
Re: Factoring Large Numbers - I think I figured it out! ("Richard Anthony Hein")
Re: Factoring Large Numbers - I think I figured it out! ("Richard Anthony Hein")
Re: Concerning UK publishes "impossible" decryption law (Bobo)
Re: Special One way function (James Felling)
Re: Just *Germain* primes ("Douglas A. Gwyn")
Re: More weapons for Mallory against Quantum Encryption (Mike Rosing)
Re: new Echelon article (Lincoln Yeoh)
Re: Card shuffling (Mok-Kong Shen)
Re: ScramDisk problem : storing PLAIN TEXT PASSPHRASE in the driver cache ...
([EMAIL PROTECTED])
Re: ScramDisk problem : storing PLAIN TEXT PASSPHRASE in the driver cache ...
([EMAIL PROTECTED])
multiple encryption (Vlad)
Re: ecc equation (Mike Rosing)
Re: root mod a prime? (Mike Rosing)
Re: Just *Germain* primes ("Tony T. Warnock")
----------------------------------------------------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Card shuffling
Date: Tue, 21 Mar 2000 08:52:17 -0700
Stephen Houchen wrote:
>
> 1) Let n=0.
> 2) Select a random number 0 <= r < (52-n).
That's the hard part...
Seriously, this is very easy to get wrong.
> 3) Count through a set of value-ordered cards and pick the nth
> one. Picking the card removes it from future choices.
I think you mean "pick the rth one", right? (And it might
help some to point out that this algorithm must be using
0-based lists - 0 to 51, not 1 to 52.)
> 4) Place this value into the shuffled deck in position n.
> 5) Decrement n.
> 6) If n>=0, go to step 2.
Um, I think you must mean "Increment n" and "If n<=52".
Otherwise you quit after selecting one card.
> Would this be a statistically good shuffle? Is it better than swapping
> random pairs lots of times?
The above works fine (given that we can get the code right).
"Swapping random pairs lots of times" is not a precise enough
description to evaluate. If you mean something like:
loop N times (say, 1000)
let i = a random number from 0 to 51
let j = another random number from 0 to 51
exchange the cards at i and j
then you are right, this does not create all deck orders with
equal probability. This is easily seen because there are 52!
possible deck orderings, and no power of 52*52 (the number
of possible choices of i and j) can ever be a multiple of 52!.
Of course, with 1000 swaps, I doubt anyone could ever tell
the difference, except that it would take longer to shuffle.
Usually one can implement your algorithm in less space by
using swaps. That is, we still pick random cards, one at a
time, moving them from the "ordered deck" to the "shuffled
deck". We just note that since there are always 52 cards we
can get by with only 52 slots. So:
A. Create "ordered deck", positions 0 to 51
B. Let n = 0
C. Pick a random number 0 <= r < 52-n
D. swap positions n and n+r
E. Increment n
F. If n < 52, go to step C
(Whether this is an improvement depends on how you implement
your "cards" and "card deck".)
I tried to keep your notation and ordering, just changing the
movement step into a swap. One could tweak this a bit to make
it simpler; one might even reach the classic algorithm (see
Knuth, Vol 2, 3.4.2, Algorithm P).
Note that there is a real difference in the actual shuffled
results, since the "ordered deck" doesn't stay ordered. However,
this is not important; at each step we select one of the
remaining cards, each with equal probability. So although the
new algorithm and the old one will produce different shufflings
given the same random numbers, each will produce all possible
deck orders with equal probability (assuming the random numbers
are right, in the first place).
John M.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: IV vs. SALT?
Date: Tue, 21 Mar 2000 09:12:38 -0700
Doug Stell wrote:
> The IV is often considered secret.
Rarely.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: test...
Date: Tue, 21 Mar 2000 16:48:37 GMT
sure sure, we all know what conspiracy you are upto....
tom
TARRTEC <[EMAIL PROTECTED]> wrote in message
news:xKMB4.19868$[EMAIL PROTECTED]...
> this is a test.
>
>
------------------------------
Date: Tue, 21 Mar 2000 17:08:46 +0000
From: Ian Partridge <[EMAIL PROTECTED]>
Subject: Playfair cipher
Firstly, apologies if this is in a FAQ or summat...
I've got a university software assignment to do relating to the Playfair
cipher, which was used to encrypt text during the Boer war and WW1. This
cipher uses a 5 by 5 alphabetic grid to encode pairs of letters. It is
fairly primitive, although remained in use for quite a long time.
This posting is to ask whether anyone has any experience of writing a
simple software project in C to crack messages encoded using Playfair, and
if so whether they'd mind sharing their experiences/code with me. In fact,
any url's would be great too :)
TIA, and private replies please, unless this sort of thing would be of
general interest.
Ian Partridge
------------------------------
From: "Richard Anthony Hein" <[EMAIL PROTECTED]>
Subject: Re: Factoring Large Numbers - I think I figured it out!
Date: Tue, 21 Mar 2000 12:30:43 -0500
In response to a previous post, ignoring someone who says the Earth is flat
is based on lots of evidence to the contrary. That's not predjudice, that's
science. However, I think everyone knows that there will be faster and
better methods and algorithms for factoring coming along in the future.
Factors are not random numbers but have a pattern and relationship to one
another. The more numbers we factor the more data we have to look for some
kind of pattern. Someday it is inevitable - we will be able to factor any
number.
What I have is a method, which I can't tell you about for good reason.
Think about it. I don't have a patent. I have to BUILD the tech to do the
calculations. That's the rub here. The only way I can do that, is by
trying to find someone who will talk to me, and I can trust to the extent
that they will know everything I know, and will help me build the damned
thing.
Secrecy here is important Bob, you have to realize that. I knew I would get
the responses I have gotten, and that's okay. However, once I have a
working prototype (not long - I will have a 10 digit factoring prototype
soon enough, maybe a few months, but more than that is not reasonable for
someone without the resources to build complex electronic circuits.
I believe I can break the RSA 200 and any others in time. I know, I know,
it is a far cry from 10 digits, but I think if I could find the factors of
any 10 digit number in a microsecond or less, you'd be convinced. My
prototype will factor 10 digit numbers or less, but it could be used of
course to decrease by orders of magnitude the time it takes to calc a 200 or
more digit number - I'm still working on that one and could use expert help
on it.
You're comment Bob, however, that the hallmark of a crank is keeping
something secret except in restricted circumstances is out of place ... then
every inventor and scientist working for any given company where competition
and security are considerations must be cranks too if you are right.
All I asked was for interested persons to contact me, so we can get
together, and I can explain the method without fear that they will steal my
idea, or use the tech to sell to some rogue government or terrorist
organization. This is not too much to ask in the internet age I thought,
where people are able to communicate to just about anyone else with
practically no cost compared to a world without an internet.
Out of billions of people in this world, don't you think that there is a
chance that someone, somewhere will figure this thing out?
If I knew I could trust you Bob, I would tell you right now, and then you
could come back and explain to me why it wouldn't work. However, you can
forget the consulting fee. I'm not asking people to pay me to tell, and I
am not going to pay people to tell.
One last thing, I will be publishing ASAP, but I need to patent some things
first. Since I haven't gone through this before, it's going to take a bit
of time, but I have been on overdrive for the past week, so it might not be
too far down the road.
Oh well, back to work.
For everyone who sent the RSA numbers and other challenges, thanks a lot. I
know you are all rooting for me! :-) LOL
Richard Hein
"Bob Silverman" <[EMAIL PROTECTED]> wrote in message
news:8b83j2$cdl$[EMAIL PROTECTED]...
> In article <nUDB4.1936$[EMAIL PROTECTED]>,
> "Richard Anthony Hein" <[EMAIL PROTECTED]> wrote:
> > Paul, forming an opinion on something without having the information
> to make
> > a logical decision is called prejudice. It has kept humanity from many
> > achievements in the past, and will probably be around forever. That's
> life.
>
> But he DOES have information. Specifically: your behavior!
>
> Claiming to have something noone else has, and refusing to divulge
> it except under restricted circumstances is the hallmark of a crank.
>
> If instead you really HAD a method, you would be submitting it for
> publication instead of being secretive.
>
> --
> Bob Silverman
> "You can lead a horse's ass to knowledge, but you can't make him think"
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: "Richard Anthony Hein" <[EMAIL PROTECTED]>
Subject: Re: Factoring Large Numbers - I think I figured it out!
Date: Tue, 21 Mar 2000 12:34:48 -0500
It's not an algorithm Bob. It's a methodology. It would eventually become
a microchip specific to the task. Right now, it's like a vacuum tube (no,
it doesn't look like a vacuum tube - it's at that level of tech). I can't
make chips myself - except the potato kind ....
Richard Hein
"Bob Silverman" <[EMAIL PROTECTED]> wrote in message
news:8b83b0$c30$[EMAIL PROTECTED]...
> In article <dyzB4.1915$[EMAIL PROTECTED]>,
> "Richard Hein" <[EMAIL PROTECTED]> wrote:
> > I have developed an easy method for factoring large numbers. This
> probably
> > sounds rediculous to everyone here, but if you contact me, I need
> help to
> > develop the technology. You can decide then if I am a quack!
> >
> > Email me at [EMAIL PROTECTED] for more information. A non-disclosure
> > agreement will be required of any parties involved in the project.
>
> Super! I'd love to see such an algorithm.
>
> Fortunately, it is is to check if you are a quack. And one need not
> even look at your method!
>
> Just factor the following, then get back to us.
>
> 437729172051175398096146412342584116368110203692209421076132181263932018
> 788906557052513998886836179888597531878357445242989308763697038251224494
> 021909
>
>
> >
> --
> Bob Silverman
> "You can lead a horse's ass to knowledge, but you can't make him think"
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Bobo <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,alt.privacy
Subject: Re: Concerning UK publishes "impossible" decryption law
Date: Tue, 21 Mar 2000 10:33:07 -0700
Reply-To: [EMAIL PROTECTED]
On Wed, 22 Mar 2000 01:16:18 +1100, "�R���" <[EMAIL PROTECTED]> said:
>quantitive data, im afraid i am not very up on electronics as much as i
>would like to be, of course your request works both ways, can you disprove
>the posibilty of a magnetic feild powered by the pc to destroy/damage the
>disk, switched on by a false login, powered through the paralel port? im not
>being a smart ass, and i might have shot my mouth off, but i am an idea's
>man, and like to be proven conclusively wrong. not just flamed
There's a website I saw somewhere that does list just that...mainly it lists
the strengh of an elecromagnetic field required to destroy various magnetic
media...
Of course, 5.25 floppies would be easiest, then 3.5" disks, videotapes, DAT's,
etc. etc.
But hard drives, it does specifically mention, would require such an intense
field that it would actually distort the platters and mentioned (I think) that
no such degaussers exist except some experimental army type of thing that you
probably don't want to build into your computer since it would tend to add
quite a bit to the cost (yes...being facetious...)
Now...If I could only recall where that web site was...
------------------------------
From: James Felling <[EMAIL PROTECTED]>
Subject: Re: Special One way function
Date: Tue, 21 Mar 2000 11:48:29 -0600
Whoops. That what I get for jsut a quick post.
My error. I have no idea what I was thinking.
Scott Fluhrer wrote:
> James Felling <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> >
> >
> > Tim Tyler wrote:
> >
> > > Andru Luvisi <[EMAIL PROTECTED]> wrote:
> > > : [EMAIL PROTECTED] writes:
> > >
> > > :> I am looking for a one way function f that has the
> > > :> following properties:
> > > :>
> > > :> f f f f f f
> > > :> A1 ---> A2 --->A3 ---> A4 ---> A5 --->... ---> An
> > > :>
> > > :> where Ai=f(Ai-1).
> > > :>
> > > :> Assume the computation cost of f is C, then
> > > :> generally caculating An from A1 needs a cost of
> > > :> O(n). Is there any special kind of one way
> > > :> function that can reduce this cost to O(1) or
> > > :> O(log(n)).
> > >
> > >
> >
> > let f(Ai) = Ai ^ e mod M where e is an intreger >= 2, and M is the product
> of
> > two large primes. This is 1-way if M has not been factored and , and An=
> > A1^(e*n) mod M.
> You mean: An = A1^(e^(n-1)) mod M
> >
> > Mind you there are some implementation issues here, such as A1=1 or A1=0,
> and
> > small e's but they can be worked around by restricting the selection of A1
> to
> > a certian range, and requiring that e be sulficiently large.
>
> I'm not quite sure that will meet the requirements the OP is looking for:
> An = A1 ^ ((e-1)^n) mod M
> computed in the obvious manner takes O(n) time. It can be computed quickly
> if you know the factorization of M, as in:
> An = A1 ^ ((e-1)^n mod phi(M)) mod M
> (knowledge of phi(M) is equivilant to knowledge of the factorization of M),
> but I believe the OP wants a one-way function that can be quickly computed
> iteratively by anyone, not just someone who can compute inverses.
>
> --
> poncho
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Just *Germain* primes
Date: Tue, 21 Mar 2000 18:12:01 GMT
Tim Tyler wrote:
> Conventionally, many ladies change their surnames when they marry
What does that have to do with Germain primes?
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: More weapons for Mallory against Quantum Encryption
Date: Tue, 21 Mar 2000 12:22:11 -0600
[EMAIL PROTECTED] wrote:
>
> When they are going to compare the bits?
Before transmitting data. They create the one time pad first,
and check that 50% of the bits match. If it's only 25%, then
the line was tapped and they send no data.
> It is assumed that EVERYONE knows the protocol, isn't it? If the
> protocol is to compare the first 100 bits of the communication, for
> example, Mallory will just let them pass by. She would lose the bits,
> but get the rest of the communication. If you get this authentication
> too complicated, the protocol become useless for most of the
> applications.
Quantum crypto is mechanically complicated at present. Recent papers
from Los Alamos indicate they might be able to use it for fiber links,
which would be pretty interesting. You don't need the quantum for data
transmission, only pad transmission.
I guess this new protocol combines the 2 steps and in the process
destroys the security? Not too useful eh?
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Crossposted-To: alt.politics.org.cia,alt.politics.org.nsa,talk.politics.crypto
Subject: Re: new Echelon article
Date: Tue, 21 Mar 2000 18:27:30 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 19 Mar 2000 19:01:22 GMT, [EMAIL PROTECTED]
(John Savard) wrote:
>I always thought, though, that since in many Third World countries,
>there is a great amount of corruption in the government, it is corrupt
>officials there that initiate bribery, by essentially forcing people
>to pay bribes if they want to sell anything to the government.
Well, bribery is basically taking the free market to another level.
Which is why I don't think much of the free market religion...
In some of these countries, there actually are rules, tho they are
unwritten. For example, in one country if you bribe a person and for some
reason he finds he cannot provide the "service", you usually get a refund.
But doesn't the US have a practice where you pay for a rather expensive
seat at a campaign dinner? Then the politician somehow listens to you
more..
Maybe the USA just has more of the rules written down ;). Or maybe they
complain because they are unwilling to learn the rules of other countries,
and prefer that other countries conform to their "best practices".
I'm not saying bribery should be condoned, rather sometimes it's bribery
even if the written rules allow it.
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Card shuffling
Date: Tue, 21 Mar 2000 19:37:40 +0100
Jim Reeds wrote:
>
> Mok-Kong Shen wrote:
> ...
> > I think the most general situation could be described thus: You give
> > a person a deck. He does something to it without your observation
> > and gives it back to you. Now what you see is only a certain
> > permutation of the original deck. My original post was effectively
> > asking whether it is sensible (and, if yes, how) to a assign
> > a numerical value to that permutation characterizing how well the
> > person has destroyed the order of the deck you gave him. Do you
> > think that such a measure could be well defined, at least to the
> > satisfaction of the players?
>
> No. If the dispassionate cool headed thinkers of sci.crypt cannot
> agree, why do you think the players (who have money riding on the
> game) would? Especially if you don't tell us the game or the kind
> of shuffling method or the likely deviations from correct behavior
> (such as, are we allowed to suspect the shuffler is dishonest?) and
> if you only allow the evidence of one permutation. (What if the
> shuffler stacks the deck just once per 100 shuffles. Even if you
> could detect the stacking if you saw it, chances are the one
> sample permutation isn't stacked. But maybe that's all it takes
> for him to get rich.)
Well, let me formulate the problem independent of games. Let S be
the sequence 1, 2, 3, ...... n. and P be a permutation of S. Can
one give a function f(P) with range [0.0, 1.0] that characterizes
in some reasonable way (i.e. not contrary to some common sense
or intuition and hence be acceptable to the common people) the
'disordering' of P relative to S? (If such an f exists, then
evidently f(S)=0. But how about f(P) for the rest of permutations?)
M. K. Shen
=============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.scramdisk
Subject: Re: ScramDisk problem : storing PLAIN TEXT PASSPHRASE in the driver cache ...
Date: Tue, 21 Mar 2000 18:26:36 GMT
Reply-To: [EMAIL PROTECTED]
>On Mon, 20 Mar 2000 15:30:56 GMT, jungle <[EMAIL PROTECTED]> wrote:
>>Aman, has this problem been addressed ?
>>it has been documented in the past that serious security problem exist
>>in the current version of the scramdisk ...
>>
>>the reported problem : storing PLAIN TEXT PASSPHRASE in the driver
>>cache ...
>
>Reported by who, when, where? Not disputing your word, just curious.
Sounds like the little program I came up with; take a look at:
http://www.fortunecity.com/skyscraper/true/882/ScramDiskSniffer.htm
>Things like this are why I use Scorch on my swapfile...
(It's in locked memory & can't be swapped out anyway!)
--
Sarah Dean
[EMAIL PROTECTED]
http://www.fortunecity.com/skyscraper/true/882/
PGP Key at: http://www.fortunecity.com/skyscraper/true/882/PGP.htm
For information on SecureTrayUtil, Shredders, On-The-Fly Encryption
(OTFE) systems, etc, see the URL above.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.scramdisk
Subject: Re: ScramDisk problem : storing PLAIN TEXT PASSPHRASE in the driver cache ...
Date: Tue, 21 Mar 2000 18:34:26 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (Shaun) wrote in
<[EMAIL PROTECTED]>:
>On Mon, 20 Mar 2000 15:30:56 GMT, jungle <[EMAIL PROTECTED]> wrote:
>
>>Aman, has this problem been addressed ?
>>it has been documented in the past that serious security problem exist
>>in the current version of the scramdisk ...
>>
>>the reported problem : storing PLAIN TEXT PASSPHRASE in the driver
>>cache ...
>
>The driver does cache the passwords. Clear the cache after mounting
>the disk to clear them if you are paranoid.....
FWIW, (plug time!) SecureTrayUtil does this automatically for you after you
enter your passwords: check the WWW site mentioned in the sig below
>They are stored in locked memory that does not go to the swapfile.
>EVER. BTW there is nothing any less secure about storing the
>passwords, as storing the SHA digests..
>
>
>There are no user intefaces that expose these passwords.....
?!!!
Ummm... Howabout:
http://www.fortunecity.com/skyscraper/true/882/ScramDiskSniffer.htm
?
--
Sarah Dean
[EMAIL PROTECTED]
http://www.fortunecity.com/skyscraper/true/882/
PGP Key at: http://www.fortunecity.com/skyscraper/true/882/PGP.htm
For information on SecureTrayUtil, Shredders, On-The-Fly Encryption
(OTFE) systems, etc, see the URL above.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Vlad <[EMAIL PROTECTED]>
Subject: multiple encryption
Date: Tue, 21 Mar 2000 18:32:58 GMT
Hello.
If I encrypt my data using short keys (40, 56) more then one time,
( 1 file is encrypting 40 times with 56 bit key ) how it can increase
the privacy level ?
What if I change the key every time I do my encryption (i.e. 40
cycles with 40 different keys). And what will be the equivalent length
of the one round encrypting key in this case ?
Thanks.
Vladislav
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: ecc equation
Date: Tue, 21 Mar 2000 12:34:41 -0600
Tom St Denis wrote:
>
> In article <DtDB4.52070$[EMAIL PROTECTED]>,
> "Tom St Denis" <[EMAIL PROTECTED]> wrote:
> > What are the criteria for choosing an (a, b) component of the curve? I know
> > that 4(a^3) + 27(b^2) cannot equal zero, but what else?
> >
> > Thanks,
> > Tom
> >
>
> I learned that a must be negative, but what is up with the above
> equation to determine if it's a field?
For GF(p), 4(a^3) + 27(b^2) can't be zero. But for GF(2^n), 4*x -> 0,
so you're left with only b can't be zero. If Trace(a) = 0 you get a
curve and if Trace(a) = 1 you get the "twist" of a curve (for the
same b).
Why does a have to be negative for GF(p)?
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: root mod a prime?
Date: Tue, 21 Mar 2000 12:43:32 -0600
Tom St Denis wrote:
>
> How do you take the sqrt of an integer modulo a prime? Like
>
> y^2 mod 17 = 3
>
> On my first attemp to solve for a point
>
> y^2 mod 17 = x^3 + 5x + 3 mod 17, x = 2
>
> I found that y = 2 or, y = 15, simply because I had
>
> y^2 mod 17 = 4...
>
> I was lucky...
>
> [yes I am ecc obsessed now... I learnt how to add points and make curves...
> I am a geek... hehehe]
We know that already :-) Welcome to the club.
Do a web search with "square roots mod p". I got 17 hits from google.
Knuth has a method, and there's one in H. Reisle's book (spelling?)
about
primes. If you want, I'll get the page numbers in those books. (send
me e-mail and remind me!!)
Patience, persistence, truth,
Dr. mike
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Just *Germain* primes
Date: Tue, 21 Mar 2000 12:01:03 -0700
Reply-To: [EMAIL PROTECTED]
"Douglas A. Gwyn" wrote:
> Tim Tyler wrote:
> > Conventionally, many ladies change their surnames when they marry
>
> What does that have to do with Germain primes?
You mean "How is that germane?"
Actually she was French.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
