Cryptography-Digest Digest #435, Volume #11 Tue, 28 Mar 00 07:13:01 EST
Contents:
Re: OAP-L3: Answer me these? (Anthony Stephen Szopa)
Re: OAP-L3: Answer me these? (Anthony Stephen Szopa)
Re: OAP-L3: Answer me these? (Anthony Stephen Szopa)
Re: The lighter side of cryptology (Johnny Bravo)
Re: DES question (Mok-Kong Shen)
Re: OAP-L3: Answer me these? (Anthony Stephen Szopa)
pgp (UIC Network Services Kit User)
Re: A good encryption program? ("Joseph Ashwood")
Re: DES question (Mok-Kong Shen)
Re: DES question ([EMAIL PROTECTED])
Re: Examining random() functions (_Andy_)
Re: Does anybody know of a secure FTP server? ("Rick")
Re: Does anybody know of a secure FTP server? ("Niklas Frykholm")
Re: Concerning UK publishes "impossible" decryption law (Richard Herring)
Re: Examining random() functions ("Douglas A. Gwyn")
Re: Download Random Number Generator from Ciphile Software ("Douglas A. Gwyn")
Re: pgp (Tom McCune)
----------------------------------------------------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Mon, 27 Mar 2000 23:19:16 -0800
Taneli Huuskonen wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> In <[EMAIL PROTECTED]> Jerry Coffin
> <[EMAIL PROTECTED]> writes:
>
> >In article <8bmaob$m01$[EMAIL PROTECTED]>,
> >[EMAIL PROTECTED] says...
>
> >[ ... ]
>
> >> Just to be technically accurate: there is a third possibility -- he doesn't
> >> know the level of detail an algorithm needs to be specified, and so he
> >> honestly thinks that the very rough outline on his web page is sufficient.
>
> >I can't go along with this one. People have repeatedly pointed out
> >that his explanations are inadequate, including specific examples of
> >the problems. Thus, to remain ignorant of the problems, we basically
> >have to postulate that he either doesn't read or can't understand
> >these messages. He's replied to enough of them to prove that he
> >reads them, and in many cases the required comprehension level is
> >well below that of messages he sends in reply. In short, he's
> >disproven this possibility.
>
> IMHO, much of the criticism has been missing an important point. Mr
> Szopa's explanations make much more sense if you don't insist that they
> describe a single cryptographic algorithm. You may think of each of the
> "processes" as a standalone programme. Then the "key" would be a
> sequence of commands like this:
>
> run programme blah with parameters blah blah blah
> run programme duh with parameters duh duh duh
> ...
>
> The parameters include names for input and/or output files, sequences of
> small integers, and possibly something else (I'm too lazy to check).
> The exact format in which the user enters the "key" is left unspecified,
> but that doesn't really matter. There's a facility to store the key in
> a file, which can be copied and delivered securely to the recipient.
> The main problem one would face in trying to write a compatible
> programme is the lack of documentation on the AutoFile format - it's
> only hinted at in the help file called "AutoFile tutorial". Some light
> reverse engineering would be needed.
>
> This sort of design, where the end user is responsible for choosing the
> exact sequence of "processes" to run, makes meaningful assessment of
> cryptographic strength quite hard, in any case. It'd probably be easy
> to break a key containing just one process - would that count as a
> weakness?
>
> Taneli Huuskonen
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
>
> iQB1AwUBON8m7gUw3ir1nvhZAQF6fgMAkOUudNbpFzu5QyNyabH+uxj5SMEA+epn
> 2yyh2P17UBjOrF+CQ1EPtN8cq9iAH6GaW2fbLsPnuEim1h75paGDkRlmrTf7E9Ws
> UF23kGl5rtM6iUmfuRtCTu8ERsfODodQ
> =bdv7
> -----END PGP SIGNATURE-----
> --
> I don't | All messages will be PGP signed, | Fight for your right to
> speak for | encrypted mail preferred. Keys: | use sealed envelopes.
> the Uni. | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
Hooray. A glimmer of honesty.
You could get the software. Then nearly all your questions would
then be answered. Or if you are too embarrassed to ask me for
OAP-L3 you can download OAR-L3 directly from the web site.
OAR-L3�: ORIGINAL ABSOLUTELY RANDOM - LEVEL3 Version 4.1 random
number generation software is exactly the same software as OAP-L3:
Original Absolute Privacy - Level3 encryption software except
there is absolutely NO encryption or decryption capability. See
the ReadMe_R.zip file for more details. (For-Personal-Use-Only)
See the Downloads currently available web page at
http://www.ciphile.com
Food for thought: What is interesting is that with the hundreds of
people who have either OAP-L3 or OAR-L3, not one has come to the
aid of any of the detractors of OAP-L3 theory.
I don't blame them. They had the decisiveness and genuine
sincerity to get the answers for themselves so why should they
share a damn bit of what they have found out with any of you.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Mon, 27 Mar 2000 23:21:26 -0800
Eric Lee Green wrote:
>
> Anthony Stephen Szopa wrote:
> > 1) CASE: liar. You say the theory, and specification of the
> > procedures and processes have not been made available. Not true.
> > The theory, and specification of the procedures and processes have
> > been available for some time now at http://www.ciphile.com
>
> Could you direct me to the particular page where these are described? I just
> went to www.ciphile.com and could not find the described page. I did find
> numerous mis-spelled words including one on the master navigation menu, and no
> firm description of exactly what products or services Ciphile is engaged in,
> all of which gives a very unprofessional impression of the web site.
>
> --
> Eric Lee Green [EMAIL PROTECTED]
> Software Engineer Visit our Web page:
> Enhanced Software Technologies, Inc. http://www.estinc.com/
> (602) 470-1115 voice (602) 470-1116 fax
Click on the Help Files in the Table of Contents.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Mon, 27 Mar 2000 23:25:02 -0800
Jerry Coffin wrote:
>
> In article <e#aujAVl$GA.215@cpmsnbbsa02>, [EMAIL PROTECTED]
> says...
> > I think we have to part company a bit on this. I am not
> > comfortable saying that quantum computers won't become a
> > reality in my lifetime.
>
> They're already a reality: in fact, there was a recent announcement
> of the first 7-qubit computer having been built and done something.
>
> The question is only whether they'll actuall accomplish anything
> useful. Right now the quantum computers they've gotten to work at
> all are roughly equivalent to a small child counting on hish fingers;
> barely able to get correct answers, and certainly not doing anything
> complex or even doing simple things quickly.
>
> OTOH, there was undoubtedly a time at which Richard Feynman, Albert
> Einstein, etc., could only barely keep track of their own ages. Such
> humble beginnings don't mean that quantum computing can't accomplish
> extremely useful things before all is said and done...
>
> --
> Later,
> Jerry.
>
> The universe is a figment of its own imagination.
If you say so.
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: The lighter side of cryptology
Date: Tue, 28 Mar 2000 02:57:55 -0500
On Mon, 27 Mar 2000 20:02:42 GMT, [EMAIL PROTECTED] wrote:
> I propose this message as the start of a
>new thread devoted to the lighter side of
>cryptology. If you have or find any silly
>material related to crypto (including true
>anecdotes) would you please post it to this
>thread. I just saw this limerick which isn't
>extremely funny but at least it's a start:
>
>
> In Arctic and Tropical Climes,
> The Integers, addition, and times,
> Taken (mod p) will yield,
> A full finite field,
> As p ranges over the primes.
>
>
> - Peter Olse
For pi to 6 decimal places
How I wish I could calculate Pi!
to 14 decimal places.
How I want a drink, alcoholic of course,
after the heavy chapters involving quantum mechanics.
to 30 decimal places.
Sir, I send a rhyme excelling
in sacred truth and rigid spelling;
numerical sprites elucidate, for me
the lexicons dull weight. As
nature gain who can complain,
tho Dr Johnson fulminate.
--
Best Wishes,
Johnny Bravo
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all it's contents." - HPL
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: DES question
Date: Tue, 28 Mar 2000 09:36:24 +0200
David A. Wagner wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > Question: If a DES key encripts 64 bit plaintext to 64 bit
> > ciphertext, can one say that this is the only key that
> > corresponds to this pair? Why? Thanks.
>
> No. In fact, it is not too hard (O(2^32) work) to find an explicit
> counterexample, i.e., P,C,K,K' such that DES(K,P) = DES(K',P) = C but K != K'.
That means that in brute force key search, if one finds a K such
that DES(K,P)=C, one is not yet sure of having found the solution.
How could one best proceed to gain absolute unambiguity? Thanks.
M. K. Shen
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Mon, 27 Mar 2000 23:30:25 -0800
Jerry Coffin wrote:
>
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> says...
>
> [ ... ]
>
> > "Could a software engineer, using as a specification only the
> > descriptive material available at your web site, duplicate your
> > encryption program?"
> >
> > I certainly believe this: anyone experienced in the art can do
> > so easily at least through creating the OTPs. All of the processes
> > are fundamentally very simple and well known universally. Only no
> > one has put them all together to generate random numbers before,
> > as far as I know.
>
> [ and on an on, without ever really answering the question ]
>
> Anthony, you should forget about cryptography and got int politics
> instead -- the trick of repeating the question, and then talking
> about whatever you feel like, as if it provided an answer, works well
> in politics but won't make your garbage work any better.
>
> To the OP: as implied by his reams of beating around the bush without
> ever actually admitting it, the short answer is that, NO he doesn't
> provide anywhere close to the level of detail necessary.
>
> --
> Later,
> Jerry.
>
> The universe is a figment of its own imagination.
Then all of you should quit this thread.
What are you all doing here?
Are you getting paid for this?
How much is your time worth?
------------------------------
From: UIC Network Services Kit User <[EMAIL PROTECTED]>
Subject: pgp
Date: Tue, 28 Mar 2000 01:45:51 -0600
I am new to pgp and would like to know if anyone knows how to use it for
eudora???
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: A good encryption program?
Date: Tue, 28 Mar 2000 01:04:13 -0000
ScramDisk is a good place to start.
http://www.scramdisk.clara.net/
Joe
"JohnNY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I hope I am posting this question to the right group. If
not, would
> you please direct me to it?
>
> I am looking for a good encryption program (freeware or
shareware)
> which will encrypt both folders and a zip disk. Ideally,
it would
> offer choices like Blowfish and IDEA.
>
> Sincere thanks for any help you are able to give.
>
> John
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: DES question
Date: Tue, 28 Mar 2000 11:22:20 +0200
I suppose that for DES hardware there is a certain finite setup
time needed to do key schedule calculations, what is this compared
to the processing time of one single record? Could someone
familiar with common DES hardware please tell? Thanks.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: DES question
Date: Tue, 28 Mar 2000 09:32:51 GMT
> Question: If a DES key encripts 64 bit plaintext to 64 bit
> ciphertext, can one say that this is the only key that
> corresponds to this pair? Why? Thanks.
>
If you assume that for a fixed plaintext DES supplys a random
output as different keys are applied to it you can work out what is the
probability of a particular plaintext-ciphertext pair being unique.
So for a fixed plaintext with a key K1 the chances of another key K2
chosen at random giving the same ciphertext is 1/(2^64). Hence the
chances of it not giving the same ciphertext is 1-(1/(2^64). Therefore
the chances of no other key giving the same ciphertext is
(1-(1/(2^64)))^((2^56)-1)
which is approx
(1-(1/(2^64)))^(2^56)
which is a very, very close to 1, but not quite equal to 1.
Neil.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (_Andy_)
Subject: Re: Examining random() functions
Reply-To: [EMAIL PROTECTED]
Date: Tue, 28 Mar 2000 09:46:04 GMT
On Mon, 27 Mar 2000 21:52:03 -0500, Johnny Bravo <[EMAIL PROTECTED]>
wrote:
>On Mon, 27 Mar 2000 14:12:40 GMT, [EMAIL PROTECTED] (_Andy_)
>wrote:
>
> See the tests in the DieHard test suite. Rather than first just tell
>you to go get it, I'm running output from your program though the suite as
>I type this. I put further comments below. DieHard has quite a few
>tests, descriptions of which will be on each section I include below.
>I ran your program with a Random(255) and output each value as a byte into
>a file for testing. After I got the results I reran the program with a
>different seed and tested it again, where the results were different
>between runs (one failure and one success) I ran it a third time with yet
>another seed and only performed those tests to get a majority. :)
Thanks. That's exactly the kind of tool I'm looking for. Would one
expect a RNG to pass all these tests? It was a pleasant surprise to
find that it passed tests that I had not considered!
------------------------------
From: "Rick" <[EMAIL PROTECTED]>
Subject: Re: Does anybody know of a secure FTP server?
Date: Tue, 28 Mar 2000 04:07:46 -0600
"Abid Farooqui" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
] Now to the serious stuff ... you mentioned transferring files over a SSL
ftp server
] but you rightly mentioned that ftp clients don't support ftps. Is there
even one
] ftp client that has good support of SSL. I have the ability to make all my
users
] use whichever ftp client I want them to use. So even if there is one ftp
client out
] there that will work with SSL that can really solve my problem.
There may be one. Check at http://www.kiarchive.ru/pub/unix/crypto/ssl (*nix
system) for SSLftp. There is also a SSLtelnet and a couple of httpd daemons
using SSL. You might also check out the OpenSSL site at
www.openssl.org for an SSL package which is a newer version of the package
SSLftp was written with.
I'm still looking for a Windows version... you didn't specify what OS you
are using.
Hope this helps.
Rick
------------------------------
From: "Niklas Frykholm" <[EMAIL PROTECTED]>
Subject: Re: Does anybody know of a secure FTP server?
Date: Tue, 28 Mar 2000 13:06:02 +0200
>Secondly, you mentioned that the best solution is to use Https to transfer
files.
>The problem there is that I want my users to be able to upload files to the
>webserver as well as download them from the webserver. I would in this case
have to
>write a trusted Java applet that can access local machine's I/O and thus
give them
>the ability to select the files that they want to upload to the webserver
securely.
Not really. The <INPUT TYPE=file> HTML-tag might be just what you need. It
allows the user to upload a file as a part of a CGI-query.
// Niklas
------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,alt.privacy
Subject: Re: Concerning UK publishes "impossible" decryption law
Date: 28 Mar 2000 11:25:48 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, JimD ([EMAIL PROTECTED])
wrote:
> On 23 Mar 2000 14:28:19 GMT, [EMAIL PROTECTED] (Richard Herring) wrote:
> >In article <[EMAIL PROTECTED]>, �R��� ([EMAIL PROTECTED]) wrote:
> >> I know a little of engineering, but not enough to say it will work, history
> >> was my major, at least I know not to repeat history. as for magnets, I
> >> should maybe take my foot out of my mouth to find a new topic. I have to
> >> think of different ways to hide data, as 128 bit encryption is not available
> >> to me as far as I know in Australia,
> >
> >Not available, or not allowed?
> >You can easily find it, e.g. http://www.pgpi.org
> >
> >> and I have heard that 56 k has been decoded by authorities.
> >
> >56-*bit*? PGP may be crackable with available computer power, but
> >triple-DES is probably still way beyond that kind of attack.
> 'PGP' may be crackable??? Which algorithm do you mean? I'll safely
> bet Blowfish and most of the others with a 2048-bit key isn't.
Sorry, slip of the keyboard. I meant single-DES.
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Examining random() functions
Date: Tue, 28 Mar 2000 11:54:24 GMT
_Andy_ wrote:
> Currently, I take my results and plot a 3-dimensional graph
> and examine it by eye. i.e. I take three consecutive results and treat
> them as the (x,y,z) coordinates ...
That's fairly good. You can also make a 2-D plot.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Download Random Number Generator from Ciphile Software
Date: Tue, 28 Mar 2000 12:00:41 GMT
Anthony Stephen Szopa wrote:
> I just haven't heard of one yet.
Sure you have, but you just replied it was "wrong" then ignored it.
The stepping motion of the first mixfile allows a standard Friedman
square attack against the mixfiles.
------------------------------
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: pgp
Date: Tue, 28 Mar 2000 11:57:27 GMT
In article <[EMAIL PROTECTED]>, UIC Network Services Kit User
<[EMAIL PROTECTED]> wrote:
>I am new to pgp and would like to know if anyone knows how to use it for
>eudora???
I think plenty of people are willing to help you with this in one of the PGP
newsgroups and/or the PGP-User email list. My PGP page can help you select
a newsgroup and/or subscribe to the email list. Of course, you should read
the PGP manual which discusses a great deal of this - likely all you need to
know.
Tom McCune
My PGP Page & FAQ:
http://home.twcny.rr.com/tmccune1/PGP.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
