Cryptography-Digest Digest #449, Volume #11 Thu, 30 Mar 00 16:13:01 EST
Contents:
Re: Using Am-241 to generate random numbers ("Jed Rothwell")
Re: Using Am-241 to generate random numbers ("Jed Rothwell")
Re: NIST publishes AES3 papers (Derek Bell)
Re: new Echelon article (JimD)
Re: Using Am-241 to generate random numbers ("Jed Rothwell")
Re: Improvement on Von Neumann compensator? (Mok-Kong Shen)
Re: Examining random() functions (Mok-Kong Shen)
Re: Q: Differencing time series (Mok-Kong Shen)
Re: Opinions? (Mok-Kong Shen)
Re: The lighter side of cryptology ("Leo Sgouros")
Factoring? (proton)
Re: OAP-L3: Semester 1 / Class #1 All are invited. ("Douglas A. Gwyn")
Re: how to get the key and the method? ("Douglas A. Gwyn")
Re: Coderpunks Query on Teledyne Crypto ("Douglas A. Gwyn")
Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL" ("PJS")
Re: Coderpunks Query on Teledyne Crypto (Mok-Kong Shen)
Re: Factoring? ([EMAIL PROTECTED])
Re: Factoring? ("Tom St Denis")
Re: Looking for some help on RSA public key/private key generation ("Tom St Denis")
Q: Entropy (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "Jed Rothwell" <[EMAIL PROTECTED]>
Subject: Re: Using Am-241 to generate random numbers
Date: Thu, 30 Mar 2000 13:07:54 -0500
Bob Silverman wrote:
> Anyone who had a sufficiently high security clearance to generate
> such a thing (these random digits) for diplomatic use would NOT
> be discussing it with someone else. . . .
It was many decades ago. Perhaps I should not have mentioned it. Nowadays,
according to published sources, they use radioactive materials for this
purpose.
What little I know about cryptography comes mainly from the WWII era. I
majored in Japanese and linguistics back in the 60s and 70s, when it was
taught by WWII intelligence vets. The techniques of that per-computer era
were interesting but long gone.
- Jed
------------------------------
From: "Jed Rothwell" <[EMAIL PROTECTED]>
Subject: Re: Using Am-241 to generate random numbers
Date: Thu, 30 Mar 2000 13:10:26 -0500
JimD wrote:
> Noise from a TV, tuned to a unused channel will do fine.
That is a clever idea. But would it be the same noise in two locations? I do
not know much about broadcasting, but I don't think so.
- Jed
------------------------------
From: Derek Bell <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES3 papers
Date: 30 Mar 2000 19:29:58 +0100
David A. Wagner <[EMAIL PROTECTED]> wrote:
: You mean, Triple-DES? (It's hard to imagine how any of the AES candidates
: can be considered to have a larger margin of strength than Triple-DES, at
: least if one considers assurance of security today and amount of analysis
: done to date.)
Is Triple DES considered too slow for the applications envisioned for
AES or is it a case of nobody deciding to propose it?
Derek
--
Derek Bell [EMAIL PROTECTED] | Socrates would have loved
WWW: http://www.maths.tcd.ie/~dbell/index.html| usenet.
PGP: http://www.maths.tcd.ie/~dbell/key.asc | - [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (JimD)
Subject: Re: new Echelon article
Reply-To: JimD
Date: Thu, 30 Mar 2000 17:36:56 GMT
On Thu, 30 Mar 2000 13:34:48 GMT, [EMAIL PROTECTED] (Lincoln Yeoh)
wrote:
>On Wed, 29 Mar 2000 18:17:02 GMT, [EMAIL PROTECTED] (JimD)
>wrote:
>>
>>It's worse than that: encryption is only on the radio path from
>>the handset to the node. Anything on microwave from the node
>>to the line is fair game.
>>
>>Only secure way is end-to-end encryption using a private system.
>
>Whoopee. I guess 40 bits is enough then. I wonder why the spooks fought so
>hard to make it weaker when it shouldn't really matter to them given what
>you mentioned.
I don't understand it either. It isn't at all easy to intercept a
mobile 'phone off the air. It's encrypted and it moves around.
Here in democratic bloody Britain, where they tap 'phone lines at
will without judicial authority, it would be very much easier for
them to order a tap the landline side. This may (probably) cause
them a problem with mobile-mobile. There may also be problems with
calls _to_ a mobile 'phone.
Let's hope their problems increase many-fold!
--
Jim Dunnett.
dynastic at cwcom.net
He who laughs last doesn't
get the joke.
------------------------------
From: "Jed Rothwell" <[EMAIL PROTECTED]>
Subject: Re: Using Am-241 to generate random numbers
Date: Thu, 30 Mar 2000 13:49:02 -0500
I wrote:
> It was many decades ago. Perhaps I should not have mentioned it. . . .
> What little I know about cryptography comes mainly from the WWII era. I
> majored in Japanese and linguistics . . .
I did not mean to suggest the story came from any of my Japanese lang.
profs. either. They are mostly dead, and for that matter the fellow who told
me about the random number generator might be too. I only wanted to point
out that I am stuck in a time warp. My trusty standby J-E dictionary is the
1954 Kenkyusha, which has more than any of these hand-held electronic
gadgets, especially (oddly enough) racy, obscene or disturbing words. Both
print and electronic dictionaries have been Bowdlerized in recent decades,
it seems. Look up "kintama" for example, and check out the hilarious 1954
ed. sample sentence. They don't talk like that anymore.
The on-line "Handbook of Applied Cryptography"
http://cacr.math.uwaterloo.ca/hac/
. . . in the chapter on real random number generators lists the techniques I
discussed here, including radioactive, oscillator, television signals, and
some techniques I did not think up. It does not list any handy cosmological
random number generators. A pity.
I'd like thank the people here who made suggestions and pointed out the
paper written by someone who has actually built a smoke detector random
number generator. Interesting!
- Jed
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Improvement on Von Neumann compensator?
Date: Thu, 30 Mar 2000 20:57:14 +0200
Mok-Kong Shen wrote:
>
> Herman Rubin wrote:
> >
> > Brownian motion is a physically unrealizable continuous
> > process. Keep in mind that ONE real number with a known
> > continuous distribution produces an infinite number of
> > random bits.
>
> Sorry that I don't yet quite understand. Brownian motion is
> a phenomenon found in experimental physics and is the result
> of collision of particles, as far as my humble knowledge of
> physics goes. So that doesn't seem to be a continuous process.
> Or maybe one models it for convenience that way?
Sorry, my point concerning 'continuous process' was wrong (my
thought at the time of writing betrayed me). However, the other
point, namely that concerning physical realization, seems to be valid.
On the other hand, I like to have a point you raised (if I
understand correctly) more explicitly expressed as follows. The
position of any particle that can be measured and the clock one
uses are obviously subject to bounded precisions of the instruments
involved. Further, most values have to be truncated, since we can't
record most of the real numbers exactly (with an infinite or almost
infinite number of digits) even if we had had perfect instruments.
So, even if we KNOW (which we can't, I am afraid) that the Brownian
motion being observed is indeed truly random, would one be able to
extract from that truly random informations in practice? In other
words, wouldn't the above mentioned imperfection in measurement
and recording essentially falsify our results? (This would also
apply to random numbers obtained from other physical sources.)
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Examining random() functions
Date: Thu, 30 Mar 2000 20:57:22 +0200
Johnny Bravo wrote:
>
> Mok-Kong Shen wrote:
> >I wonder whether it is possible to have some software to
> >postprocess the normally voluminous Diehard output to result in
> >one single measure of goodness or it is the case that by the
> >nature of the test at hand human decision capabilities (which
> >presumabably differ from person to person) are unconditionally
> >needed.
>
> It wouldn't be too hard, but such output would be less than useful. I
> could have distilled my DieHard analysis of the given RNG into.
>
> Large Bias has been detected in the output.
>
> That does nothing to tell anyone how many tests failed and by what
> margins. For example the RNG failed one class of tests every time. As
> such a single word output is nearly useless as a diagnostic tool. And it
> could just be a fluke. At the 95% level a good RNG should actually fail
> 5% of the tests, those failures have to be judged compared to the rest of
> the tests over multiple runs.
My point was that the difficulty of interpretation seems to be
a problem in practical use of Diehard. You may have much experience
and can interpret the results correctly. But one without experience
would likely not be able to perform as well, I am afraid.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: sci.stat.math
Subject: Re: Q: Differencing time series
Date: Thu, 30 Mar 2000 20:57:37 +0200
Herman Rubin schrieb:
>
> In article <[EMAIL PROTECTED]>,
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> >1. If one applies the difference filter of n-th order to the
> > white noise process, obtaining d_t and compute the bit
> > sequence
>
> > b_t = if d_t < 0 then 0 else 1 fi
>
> > is b_t a uniformly distributed (truly) random bit sequence?
>
> >2. The same as (1), except applying to a MA or ARMA process.
>
> >3. Is there reasonable prospect of obtaining good quality random
> > bit sequences this way from the majority of time series
> > available in practice? If yes, is there any value of n, the
> > order of the filter, that is the minimum for obtaining
> > satisfactory results according to experiences?
>
> Considering the answers, it is very unlikely that this is a
> homework problem. However, it is extremely simple.
>
> A necessary and sufficient condition that the signs of two
> jointly normal random variables with mean 0 are independent
> is that they are uncorrelated, hence independent. So white
> noise itself had the properties, but no method of coloring
> it preserves them.
Sorry for my inability to interpret your sentences. Does that
mean that the answers to my questions (1) and (2) are 'no'?
My thought was that, since the random variables taking part in
the successive difference values are independent, the sequences
of the difference values would be random and hence also the
bit sequence obtained. Would you please point out what is faulty
in that? Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Opinions?
Date: Thu, 30 Mar 2000 21:02:07 +0200
While giving little more than sweeping treatment on the topic,
A. K. Dewdney in his book 'The Turing Omnibus' writes the
following which seems to be fairly appropriate (after his
mentioning the Kolmogorov-Chaitin definition of randomness):
In the type of formal system defined by Goedel, it has
been shown that any axiom system for it is incomplete --
there are theorems that cannot be proved in the system.
Among such theorems are those asserting that a certain
long sequence of numbers is random.
M. K. Shen
------------------------------
From: "Leo Sgouros" <[EMAIL PROTECTED]>
Subject: Re: The lighter side of cryptology
Date: Thu, 30 Mar 2000 19:12:21 GMT
<[EMAIL PROTECTED]> wrote in message news:8buskt$ue7$[EMAIL PROTECTED]...
> In article <
> nAvE4.2979$[EMAIL PROTECTED]
> m>,
> "Leo Sgouros" <[EMAIL PROTECTED]>
> wrote:
> >
> > those that care know everything they need to :-)
> >
> This is one cryptic message that I cannot
> decipher. What does it mean?
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
if you are spiritually advanced enough to care for your fellow creatures and
those below you, the more you know, the more you need to know in which to
guide others,
human wave-guide= memetic encrypt, not breakable, fully in the open, built
upon the observer/partner frame of referance.You cannot come "from the
outside" and crack themes when they are spatially relevant to hundreds of
multi-level coordinate systems.
:-)
PS- sorta like "public key users do it out in the open" as a meme, I
transposed that phrase into a philosophical equivalent, and you couldnt
crack the few words there.
Interesting, no?
------------------------------
From: proton <[EMAIL PROTECTED]>
Subject: Factoring?
Date: Thu, 30 Mar 2000 23:08:19 +0200
Is there any point in deveolping methods to factor numbers
with small factors?
Or is the game plan all about factoring large numbers with
two large factors only?
/proton
------------------------------
Crossposted-To: talk.politics.crypto
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Thu, 30 Mar 2000 18:21:49 GMT
Boris Kazak wrote:
> ... The most
> ridiculous thing is the 17-minute requirement, because it is
> sufficient to produce this file only once, thereafter it can be
> kept on the disk, reused, published on the Web, etc.
I *think* that Szopa intends for the "file" (set of mixfiles)
to be key-dependent (in which case the system is intolerably
slow). Maybe he will clarify this as the "class" proceeds.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: how to get the key and the method?
Date: Thu, 30 Mar 2000 18:24:42 GMT
[EMAIL PROTECTED] wrote:
> i have an original word (clear) and the encryption of that word (and a
> lot of them in fact) but now, how could i get the key and the method
> transforming the original ones (clear ones) to the encrypted ones ?
There is no general method for doing this,
and in many cases even if the details of the encryption
system are known (but not the key), it is a hopeless task.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Coderpunks Query on Teledyne Crypto
Date: Thu, 30 Mar 2000 18:33:15 GMT
John Savard wrote:
> As to what an orthomorphic permutation is, I did not see a clear
> explanation of that in the patent.
Just from analyzing the word, perhaps it means a transformation
of a set to an orthogonal (anticorrelated) set. Maybe this
refers to the one-bit-changes-everything aspect.
------------------------------
From: "PJS" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.politics.censorship
Subject: Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL"
Date: Thu, 30 Mar 2000 20:52:26 +0100
Stormshadow wrote in message <8c008r$6kj$[EMAIL PROTECTED]>...
>
>"PJS" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> But, on the other hand, when a dead person last made Home Secretary?
>Never. But if one is killed, there will be others..
>
>> Is that what you want, 'cos that's what'll 'appen?!
>> Straw is a man of profoundly anti-democratic instincts, I and say that
>> killing him would be morally justifiable, considering the damage he will
do,
>> and I'm not a person normally given to advocating such extreme measures.
>I'm not making a stance on the moral justification of killing, I'm just
saying
>that such extreme measures would be useless. There are other, cleaner
methods
>of persuasion.
===========
If they were done in the traditional way, with a men in berets waving guns
and making statements about a victory for people's freedom and so on, you
may be right, but imagine if Straw were simply run over in the street or
shot by someone completely anonymous.
--
Will the last person to be eaten
by the Fnord please turn the light out?
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Coderpunks Query on Teledyne Crypto
Date: Thu, 30 Mar 2000 22:35:14 +0200
John Savard wrote:
>
> No, the bits are essentially random, except that in one copy of 11x11,
> a 0 must be inserted, and in the other copy, a 1 must be inserted, and
> in one copy of 1x000 a 0 must be inserted, and in the other copy, a 0
> must be inserted.
>
> As to what an orthomorphic permutation is, I did not see a clear
> explanation of that in the patent.
O.k., I understand this is to ensure that the resulting new alphabet
is complete. Presumably this random choice on the input side is
independent of that on the output side. It is then my conjecture that,
if the original input/output alphabet pair has a certain property,
then that property is not necessarily preserved due to such wholly
independent operations on the input and the output side in creating
the new pair. Certainly, before the definition of 'orthomorphic' is
clarified, it is yet too early to argue anything. BTW, could someone
having a good mathematics dictionary please check the meaning of that
term? (If the term is not generally used and also not clearly
explained in the document, then the document is incomplete/ambiguious.)
Thanks.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Factoring?
Date: Thu, 30 Mar 2000 20:31:16 GMT
proton <[EMAIL PROTECTED]> wrote:
> Is there any point in deveolping methods to factor numbers
> with small factors?
Yes, but only if it's faster than existing methods such as ecm. In
other words, there are already good algorithms for finding the small
factors of a number, so the real question is wether it's possible or
worthwhile to find faster ones.
In my opinion, noone really ever complains about having a large
selection of algorithms to choose from, or a faster one. On the other
hand, I doubt large numbers of people are working on this.
> Or is the game plan all about factoring large numbers with
> two large factors only?
It depends. If your only interested in RSA keys, than obviously you'd
be most interested in the best way to do this. On the othe hand, if
you're interested in factoring in general, I think most cases come
down to finding a single factor, or factoring a large number in a
reasonable amount of time.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Factoring?
Date: Thu, 30 Mar 2000 20:34:00 GMT
proton <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Is there any point in deveolping methods to factor numbers
> with small factors?
There is no reason not too. Pollard-Rho for example is very usefull when
your factor base is small. [I know it's ancient but It's my new toy].
> Or is the game plan all about factoring large numbers with
> two large factors only?
That's the prize fight. If you can break RSA quickly for example, [or any
other IFP dependant problem] then you are set.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Looking for some help on RSA public key/private key generation
Date: Thu, 30 Mar 2000 20:35:08 GMT
Bob Silverman <[EMAIL PROTECTED]> wrote in message
news:8c00mv$68k$[EMAIL PROTECTED]...
> In article <8bujof$kph$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > How do I generate the public key from the private key without making
> my
> > computer choke?
>
> Usually one computes the private from the public.
>
> If all you have is e and d = e^-1 mod phi(N), you will not be
> able to recover N because it is generally not unique.
Why do people say phi(N) when in your own paper you suggest to use lcm(p -
1, q - 1)?
Tom
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Q: Entropy
Date: Thu, 30 Mar 2000 22:58:24 +0200
Given an arbitrary (finite) bit sequence, how does one actually
go about in practice to determine the entropy it contains?
Are there concrete and dependable (accurate, exact) algorithms?
Thanks in advance.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
