Cryptography-Digest Digest #450, Volume #11 Thu, 30 Mar 00 18:13:01 EST
Contents:
Re: Factoring? (DJohn37050)
Re: The lighter side of cryptology ([EMAIL PROTECTED])
Re: NIST publishes AES3 papers ("Joseph Ashwood")
Re: The lightest side of cryptology ("Joseph Ashwood")
Re: How are these passwords? ("Joseph Ashwood")
Re: Is it really NSA ?! (Arthur Dardia)
Re: Q: Entropy (Tim Tyler)
Re: Scramdisk & Steganos ("RecilS")
Re: Looking for some help on RSA public key/private key generation ("Joseph Ashwood")
Re: Entropy ("Joseph Ashwood")
Re: Looking for some help on RSA public key/private key generation ("Tom St Denis")
Re: NIST publishes AES3 papers (John Myre)
Re: prime solution ("RecilS")
Re: How are these passwords? ("RecilS")
Re: Scramdisk & Steganos ("Joseph Ashwood")
Particular integer factors (JCA)
Crypto Webpages ("RecilS")
Re: Looking for some help on RSA public key/private key generation ("Joseph Ashwood")
Re: Crypto Webpages ("Tom St Denis")
Re: Looking for some help on RSA public key/private key generation ("Tom St Denis")
Re: NIST publishes AES3 papers (Jerry Coffin)
Re: Looking for some help on RSA public key/private key generation (Paul Rubin)
Help decrypt message exercise ([EMAIL PROTECTED])
Re: Coderpunks Query on Teledyne Crypto (Jim Reeds)
Re: Examining random() functions (Tim Tyler)
Re: Particular integer factors ([EMAIL PROTECTED])
RNG based on primitive multiplicative generator. ("Tom St Denis")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Factoring?
Date: 30 Mar 2000 21:11:37 GMT
There are also reasons to try to factor P+1 or P-1 so general methods are
useful.
Don Johnson
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: The lighter side of cryptology
Date: Thu, 30 Mar 2000 21:11:23 GMT
In article <
8bu51l$mj2$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Xcott Craver) wrote:
> >> But not every bra has a cryptographic function. Most are used for ASCII
> >> armor or for compression. Some are even designed to make the plaintext
> >> stand out and more enjoyable to read. . . .
Regarding crypto- perverts and the above
crypto- bra here's a ditty:
I'm a cryptogeek, and I'm okay,
I xor all night and I hash all day.
I make some keys. I wear high heels,
Suspendies, and a *bra*.
I wish I'd been a girlie,
Just like my dear Papa.
This ditty was lifted from Monty Python and,
speaking of gay [double meaning] Brits, I leave
you with this observation:
Turing did it but couldn't decide if he had
finished.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES3 papers
Date: Thu, 30 Mar 2000 13:17:54 -0000
I think it's a matter of some people still believe that
original DES had severe flaws that we never found, and so
they want something else. In addition saying "triple-DES"
doesn't have as much impact as saying "Advanced Encryption
Standard" or "Data Encryption Standard" and "triple Data
Encryption Standard" just sound odd. In addition there is a
possibility that an attack will be found against triple-DES
and this gives a very viable backup, and fosters interest in
cryptography at the same time. Remember the business
industry is actually controlled managers, and most of them
have just enough knowledge to know that DES is weak, and
just as someone was honestly mistaken that triple-DES
offered only 57.5 bits of security on this list, a manager
is likely to only believe that triple-DES offers of 3 times
the security (instead of 2^50 + times). Of course I could
always point to my last employer as a perfect example again
(my manager wanted to use RC4 twice with the same key for
"higher" security), I really think it is needed to name an
AES.
Joe
"Derek Bell" <[EMAIL PROTECTED]> wrote in message
news:8c06f6$2b7s$[EMAIL PROTECTED]...
> David A. Wagner <[EMAIL PROTECTED]>
wrote:
> : You mean, Triple-DES? (It's hard to imagine how any of
the AES candidates
> : can be considered to have a larger margin of strength
than Triple-DES, at
> : least if one considers assurance of security today and
amount of analysis
> : done to date.)
>
> Is Triple DES considered too slow for the applications
envisioned for
> AES or is it a case of nobody deciding to propose it?
>
> Derek
> --
> Derek Bell [EMAIL PROTECTED] | Socrates
would have loved
> WWW: http://www.maths.tcd.ie/~dbell/index.html|
usenet.
> PGP: http://www.maths.tcd.ie/~dbell/key.asc | -
[EMAIL PROTECTED]
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: The lightest side of cryptology
Date: Thu, 30 Mar 2000 13:28:06 -0000
I think the best recommendation would be to talk to people
from the newsgroup off group, ask questions. You'll find
that many of us are at least as interesting off group as on.
You'll also find that very little of the really good stuff
gets posted. If you (or anyone else) wants, I'm available
via e-mail ([EMAIL PROTECTED]), ICQ (4107766), AOL IM
(holomntn), or Yahoo IM (holomntn).
Joe
"Jaime Cardoso" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> When I read the post that started this thread I was very
please with it.
>
> I subscribe this NG to see if I can learn something about
criptography
> but, the only posts I can't understand any of the
interesting posts.
>
> Althouw the jokes are good, can anyone post some pointers
to informtion
> about cript algoritms and common atacks?
>
> PS. Please don't recomed any books (buy books => money <
house morgage +
> food)
>
> file://JaimeC
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: How are these passwords?
Date: Thu, 30 Mar 2000 13:33:29 -0000
It depends on your algorithm, whether or not we have any
indication as to the probabilities of keys, etc. For example
DES takes a 56-bit key, and can be broken in ~1day, and is
basically as secure as can be done at 56-bits. OTOH a
Vigenere cipher at 56-bits will take a matter of seconds for
an unaided human. If you reveal the algorithm we may be able
to tell you.
Joe
"John" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> OK, fair enough. How long would it take to get to zzzzzzz
? I
> use software that goes from character 0..255, so you'd
have to
> try them, too.
>
> * Sent from RemarQ http://www.remarq.com The Internet's
Discussion Network *
> The fastest and easiest way to search and participate in
Usenet - Free!
>
------------------------------
From: Arthur Dardia <[EMAIL PROTECTED]>
Subject: Re: Is it really NSA ?!
Date: Thu, 30 Mar 2000 16:46:11 -0500
[EMAIL PROTECTED] wrote:
> In article <
> aha2es86dduequv9kmmrarhvc2m87b5rsk@4ax.
> com>,
> [EMAIL PROTECTED] wrote:
>
> > Unless NSA is using C&W as a "cut-out" I suspect that this is
> > someone's (pretty good) idea of humor.
> >
>
> Earlier I saw that some Brits (including
> hackers) are annoyed with C & W. Reminded of
> this, I suggest to Disastry that you might
> consider asking the hacker community if they
> have heard of "Spookweb" (some of them who
> have hacked government systems may have
> seen this term). I myself have fantasized
> about hacking the NSA but wouldn't actually
> attempt it because it's too risky- I don't want
> to end up " a breaking rocks in the hot sun
> because I fought the law and the law won" *or
> worse*- I'm an adult male and adult prison
> ain't my bag, baby. Besides, Big Brother (or his
> underlings) can view what I'm doing from this
> pc.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Hmm...attacking the NSA? Definitely an interesting fantasy...
However, to do it properly, I wouldn't suggest an electronic attack, but
more of a physical, armed-to-the-teeth attack. First things first,
don't bother cutting power - I'm positive they have a generator, and
once their generator kicks in, I'm sure they'd be suspicious. Secondly,
I'm sure they have metal detectors...porcelain guns? I know I saw them
in some movie. :)
Please note that the above is a bunch of crap, but it would make a cool
scene in Mission Impossible: 2, due out this summer...Tom Cruise
single-handedly ripped through the NSA, stealing data, and exiting in a
kick-ass way. :)
Oh well, back to reality...
--
Arthur Dardia Wayne Hills High School [EMAIL PROTECTED]
PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Reply-To: [EMAIL PROTECTED]
Date: Thu, 30 Mar 2000 21:41:02 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
: Given an arbitrary (finite) bit sequence, how does one actually
: go about in practice to determine the entropy it contains?
Pick a language and then employ "search techniques" to find the shortest
possible description of your bit sequence in that language.
: Are there concrete and dependable (accurate, exact) algorithms?
No. There are various algorithms that *purport* to measure the entropy
of a stream or file - e.g. "ENT": http://www.fourmilab.ch/random/
However these generally produce crude estimates, with little logical
connection to the actual entropy of the sequence w.r.t. any sensible
language.
Calculating entropy generally runs into the Halting problem.
Except for trivially short or simple sequences, there will be shorter
programs than your current best candidate that do not halt.
*Proving* that these programs don't halt and output your target
sequence can be "a little bit tricky". See the work of G J Chaitin
(http://www.cs.auckland.ac.nz/CDMTCS/chaitin/) for more about this.
General entropy resource: "Entropy on the World Wide Web":
http://www.math.washington.edu/~hillman/entropy.html
--
__________
|im |yler The Mandala Centre http://mandala.co.uk/ [EMAIL PROTECTED]
.net - keep out of reach of children.
------------------------------
From: "RecilS" <swehmeier @ mindspring>
Subject: Re: Scramdisk & Steganos
Date: Thu, 30 Mar 2000 16:55:35 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
No I really don't have. First, just because it's not open source
doesnt mean its worthless, it just means you don't know which you
could have said. Second I know it's similar to scramdisk because
that's what it does. I'm not talking about methods I'm talking about
usage.
So from what I gather, you gave no reasons, just told me what I don't
know. At this risk of using an oxymoron, I know what I don't know.
This did not help.
>Just curious. I keep hearing loads about scramdisk, but I use
>Steganos II and I've heard nothing about it's disk encryption
>feature which is very similar to scramdisk. Obviously it's not
>freeware but are there any other reasons Steganos would be inferior?
>- -Doug
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOOPNVBJETAFqh0RgEQIFiQCgtpiA9kVFIGuBCJLx1gI+GGrPZhgAn2AQ
fZhorQsUkvFYS4k3+B91xBcW
=pgGK
=====END PGP SIGNATURE=====
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Looking for some help on RSA public key/private key generation
Date: Thu, 30 Mar 2000 13:41:33 -0000
Because the lcm() version delivers a d that is of smaller
size (possibly by a significant amount), and this delivers
much faster decryption. This is also part of the reason that
when I spec RSA I recommend using random e of up to sqrt of
the size of pq (or N in common notation). In reality
computing d from e is identical to computing e from d at
least numerically.
Joe
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:0UOE4.95572$[EMAIL PROTECTED]...
> Why do people say phi(N) when in your own paper you
suggest to use lcm(p -
> 1, q - 1)?
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Entropy
Date: Thu, 30 Mar 2000 13:54:58 -0000
The entropy is only the odds of that sequence happening
given the generator. For example:
If the file is generated by a true random number generator
(with certain restrictions), the entropy will be the length
If the file is created by pressing the 'a' key n times, the
entropy is 0. (for known n)
If the file is created by pressing a fixed ket x n times,
the entropy will be 1/26 (depending on keyboard)
I can see no way to dependably detect the actual entropy
present in a file
Detecting the likely entropy of a sequence is possible, a
simple way that delivers at least a rough guess to the
entropy is to fit a minimal polynomial to it, the smaller
the polynomial the less the entropy. There are a number of
generators that will generate extremely long polynomials for
this that do not have nearly that much entropy, DIEHARD is
probably a better way to test it.
Joe
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Given an arbitrary (finite) bit sequence, how does one
actually
> go about in practice to determine the entropy it contains?
> Are there concrete and dependable (accurate, exact)
algorithms?
> Thanks in advance.
>
> M. K. Shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Looking for some help on RSA public key/private key generation
Date: Thu, 30 Mar 2000 22:01:24 GMT
Joseph Ashwood <[EMAIL PROTECTED]> wrote in message
news:epE1JKpm$GA.258@cpmsnbbsa05...
> Because the lcm() version delivers a d that is of smaller
> size (possibly by a significant amount), and this delivers
> much faster decryption. This is also part of the reason that
> when I spec RSA I recommend using random e of up to sqrt of
> the size of pq (or N in common notation). In reality
> computing d from e is identical to computing e from d at
> least numerically.
> Joe
There is nothing wrong with using a small value of e, say 17, 257 or 65537
[etc..]. This makes encryption and verification much faster. Which
generally is a good idea. By making random 'e' values you make BOTH slow.
And using lcm(p - 1, q - 1) is no 'weaker' then (p - 1)(q - 1) since (p -
1)(q - 1) is just a multiple of lcm(p - 1, q - 1) anyways.
Tom
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES3 papers
Date: Thu, 30 Mar 2000 15:00:32 -0700
Derek Bell wrote:
>
> Is Triple DES considered too slow for the applications envisioned for
> AES or is it a case of nobody deciding to propose it?
The main reason is the block size: triple DES has a 64-bit block,
and AES was required to be 128 bits. So it doesn't qualify. (The
key size was wrong, too - 112 or 168 for triple DES, vs 128 etc.
for AES).
Note that two AES submissions (DEAL and Serpent) tried to build on
DES to create a cipher matching NIST's requirements; and Serpent is
still in there, as one of the five finalists.
John M.
------------------------------
From: "RecilS" <swehmeier @ mindspring>
Crossposted-To: sci.math
Subject: Re: prime solution
Date: Thu, 30 Mar 2000 17:09:46 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Compared to most people on this board I don't know shizot, but I do
know that your little equation is A) Something I could have figured
out and B) So simple I imagine you've enlightened about 2 people one
of which being yourself.
- -Doug
[EMAIL PROTECTED] wrote in message
<[EMAIL PROTECTED]>...
>I offer the following solution to prime numbers.
>This solution, as trivial as it is, has been
>hidden from us until now. I hope people
>appreciate what it takes to keep this hidden for
>so long.
>
>A(n)=6*n-1
>B(n)=6*n+1
>for all n=1,2,3...
>
>A and B define the "possible prime space." Let's
>go through some examples.
>
>A B
>5 7
>11 13
>17 19
>23 (25) (25=5*5)
>29 31
>(35) 37 (35=5*7)
>41 43
>47 (49) (49=7*7)
>etc.
>
>
>So everything is prime unless it is the
>combination of two other things in this set.
>
>Another interesting thing:
>
>A()*A()=B()
>B()*B()=B()
>A()*B()=A()
>
>So any p^2-1 is divisible by 6.
>
>I won't give away the ending just yet, but you can
>use this to find large primes or the prime factors
>of huge numbers with relative ease. Can you see
>the solution?
>
>This is like the "special theory of primality"
>There is also a to-be-revealed "general theory of
>primality" which describes how 1,2, and 3 create
>our entire number system (1 _is_ prime). Read Tao
>Te Ching ch. 42 and Isiah 42 for more hints.
>
>Baruch Hashem,
>
>Joseph Ben-Adam Ben-Emet
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOOPQpxJETAFqh0RgEQI5sACg36UYImMioU36rdjJ8ZJzEJA9EG0AoMjB
NhAU8jfocYNpEubnPVZuIVDt
=9Ibv
=====END PGP SIGNATURE=====
------------------------------
From: "RecilS" <swehmeier @ mindspring>
Subject: Re: How are these passwords?
Date: Thu, 30 Mar 2000 17:15:48 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Personally I think it's a 'who can outguess who' game.
If I brute force something encrypted with a short key (IE not a
phrase), I start at the end of the alphanumeric array because I
assume that the person who's encrypting is smart enough to avoid the
pass '111111' or whatever.
That's why phrases are far superior.
- -Doug
Joseph Ashwood wrote in message ...
>It depends on your algorithm, whether or not we have any
>indication as to the probabilities of keys, etc. For example
>DES takes a 56-bit key, and can be broken in ~1day, and is
>basically as secure as can be done at 56-bits. OTOH a
>Vigenere cipher at 56-bits will take a matter of seconds for
>an unaided human. If you reveal the algorithm we may be able
>to tell you.
> Joe
>
>"John" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> OK, fair enough. How long would it take to get to zzzzzzz
>? I
>> use software that goes from character 0..255, so you'd
>have to
>> try them, too.
>>
>> * Sent from RemarQ http://www.remarq.com The Internet's
>Discussion Network *
>> The fastest and easiest way to search and participate in
>Usenet - Free!
>>
>
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOOPSEhJETAFqh0RgEQIVcgCgtS4a8t9A3kjZ3HQRsPpCNdLqt9QAn1U5
rcMnYsx9ZD9KQ9tvhy4Lahko
=cbp2
=====END PGP SIGNATURE=====
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Scramdisk & Steganos
Date: Thu, 30 Mar 2000 14:19:06 -0000
Well, I have taken a look at their page of info on Steganos
(http://www.demcom.com/english/steganos/inside.htm) and I
would like to state my agreement that it is likely inferior
to ScramDisk (http://www.scramdisk.clara.net/). Steganos
offers only RC4 encryption (using SHA-1 for keying, posing a
possible problem), but at only 128-bit. ScramDisk offers
3DES (EDE), Blowfish, DES, IDEA, MISTY1, Square, Summer
(Stream), TEA (16 Rounds), and TEA (32 Rounds), at various
levels (based on encryption). Given that ScramDisk has such
an extreme balance of ciphers, many of which are well
trusted, some of which offer better security than RC4
(3DES). I personally trust ScramDisk over Steganos because I
don't yet trust stream ciphers as much as I trust block
ciphers (expecially not ones that use XOR for the actual
encryption). Adding in the fact that ScramDisk is open
source, and has been fully examined, I will side with
ScramDisk.
Joe
------------------------------
From: JCA <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Particular integer factors
Date: Thu, 30 Mar 2000 14:11:19 -0800
When attempting to factorize a (large) integer does it help to know
that it is
the product of two unknown factors whose sizes are known?
------------------------------
From: "RecilS" <swehmeier @ mindspring>
Subject: Crypto Webpages
Date: Thu, 30 Mar 2000 17:26:21 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
I've been just surfin around looking for crypto pages and I've found
some good stuff and alot of really ugly stuff.
I thought it's be cool if everyone here (who has one) posted their
webpage.
Just a URL and a short description would be great
- - Doug
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOOPUixJETAFqh0RgEQKoVACgp+rQ+KcW/XXkoYiQu4v9WN+TAs8An0Oj
/MKLHsa0iDE26HdeJrea8bRz
=Sw8j
=====END PGP SIGNATURE=====
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Looking for some help on RSA public key/private key generation
Date: Thu, 30 Mar 2000 14:28:46 -0000
Yes, but by using a large e, the size of your d decreases.
It depends on what will be done most often, if encryption
will be done distributed, but decryption is limited to 1
computer, d needs to be as small as possible. If encryption
is central and decryption is distributed than e should be
small as is typical. Many of the environments I deal with,
the number of messages is very large, and the decryption and
encryption need to both take about the same amount of time,
so by increasing the value of e it moves that way.
Joe
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Crypto Webpages
Date: Thu, 30 Mar 2000 22:38:33 GMT
You can get a free Crypto API for C from
http://24.42.86.123/cb.html
You can get some cool crypto info from
http://www.counterpane.com
Tom
RecilS <swehmeier @ mindspring> wrote in message
news:8c0kaj$ool$[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I've been just surfin around looking for crypto pages and I've found
> some good stuff and alot of really ugly stuff.
> I thought it's be cool if everyone here (who has one) posted their
> webpage.
> Just a URL and a short description would be great
> - - Doug
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBOOPUixJETAFqh0RgEQKoVACgp+rQ+KcW/XXkoYiQu4v9WN+TAs8An0Oj
> /MKLHsa0iDE26HdeJrea8bRz
> =Sw8j
> -----END PGP SIGNATURE-----
>
>
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Looking for some help on RSA public key/private key generation
Date: Thu, 30 Mar 2000 22:39:56 GMT
Joseph Ashwood <[EMAIL PROTECTED]> wrote in message
news:eec4Cepm$GA.225@cpmsnbbsa05...
> Yes, but by using a large e, the size of your d decreases.
> It depends on what will be done most often, if encryption
> will be done distributed, but decryption is limited to 1
> computer, d needs to be as small as possible. If encryption
> is central and decryption is distributed than e should be
> small as is typical. Many of the environments I deal with,
> the number of messages is very large, and the decryption and
> encryption need to both take about the same amount of time,
> so by increasing the value of e it moves that way.
> Joe
Well the problem is not just size, but the hamming weight of the xponent.
You can have a 16 bit exponent be slower then an 8 bit one...
Although I can see your reasoning.
Tom
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES3 papers
Date: Thu, 30 Mar 2000 15:41:27 -0700
In article <8c06f6$2b7s$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> David A. Wagner <[EMAIL PROTECTED]> wrote:
> : You mean, Triple-DES? (It's hard to imagine how any of the AES candidates
> : can be considered to have a larger margin of strength than Triple-DES, at
> : least if one considers assurance of security today and amount of analysis
> : done to date.)
>
> Is Triple DES considered too slow for the applications envisioned for
> AES or is it a case of nobody deciding to propose it?
It's a case of 3DES not meeting most of the requirements for AES.
3DES is currently blessed as FIPS 46-3, so there's no real point in
trying to include it as part of AES as well.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Looking for some help on RSA public key/private key generation
Date: 30 Mar 2000 22:49:01 GMT
In article <eec4Cepm$GA.225@cpmsnbbsa05>,
Joseph Ashwood <[EMAIL PROTECTED]> wrote:
>Yes, but by using a large e, the size of your d decreases.
Whaaaaaaat? No, d is the size of the modulus and supposedly
unpredictable.
>It depends on what will be done most often, if encryption
>will be done distributed, but decryption is limited to 1
>computer, d needs to be as small as possible. If encryption
>is central and decryption is distributed than e should be
>small as is typical. Many of the environments I deal with,
>the number of messages is very large, and the decryption and
>encryption need to both take about the same amount of time,
>so by increasing the value of e it moves that way.
Small d => easier to guess. In RSA, encryption is inherently
faster than decryption. Anyway, generating a small d from
a known e is not an easy thing at all.
------------------------------
From: [EMAIL PROTECTED]
Subject: Help decrypt message exercise
Date: Thu, 30 Mar 2000 22:36:37 GMT
Hello all,
I am studying cryptography and trying to solve
williams Stallings' (cryptography and network security)
exercises. I am stalled in exercise 2.4 that gives you
a ciphertext to decrypt. The text was generated using
a simple substitution algorithm.
He gives you some hints:
1)the most frequently occurring letter in English is 'e'
and it is often seen in pairs (like seen, meet, speed, etc)
2)the most common word in English is 'the'. Use this fact
to guess the characters that stand for t and h.
3)the resulting message is in english but may not make
much sense on a first reading [and english is not my mother
language - english speakers help!]
Any help would be appreciated,
TIA, Marco.
Here is the ciphertext:
53��+305))6*;4826)4�.)4�);806*;48+8�60))85;;]8*;:�*8+83
(88)5*+;46(;88*96*?;8)*�(;485);5*+2:*�(;4956*2(5*-4)8�8*
;4069285);)6+8)4��;1(�9;48081;8:8�1;48+85;4)485+528806*81
(�9;48;(88;4(�?34;48)4�;161;:188;�?;
and here is the frequency table (that I did)
SYMBOL QT
8 34
; 27
4 19
) 16
� 15
* 14
5 12
6 11
( 9
+ 8
1 7
0 6
2 5
9 5
3 4
: 4
? 3
� 2
- 1
. 1
] 1
Thank you again...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Jim Reeds)
Subject: Re: Coderpunks Query on Teledyne Crypto
Date: Thu, 30 Mar 2000 22:39:20 GMT
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
|> John Savard wrote:
|> > As to what an orthomorphic permutation is, I did not see a clear
|> > explanation of that in the patent.
|>
|> Just from analyzing the word, perhaps it means a transformation
|> of a set to an orthogonal (anticorrelated) set. Maybe this
|> refers to the one-bit-changes-everything aspect.
>From personal communication with Teledyne people, & from
reading some Teledyne papers, I know what "orthomorphism"
means. A permutation f of the elements of a group
is an orthomorphism if the function g(x):=f(x)+x (for
additive groups, or g(x):=f(x)*x for multiplicative ones)
is also a permutation. In the case at hand, the group
is bitwise mod 2 addition of bytes.
There is some precedent in the math. literature for use of this
term, but it doesn't come up often.
--
Jim Reeds, AT&T Labs - Research
Shannon Laboratory, Room C229, Building 103
180 Park Avenue, Florham Park, NJ 07932-0971, USA
[EMAIL PROTECTED], phone: +1 973 360 8414, fax: +1 973 360 8178
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Examining random() functions
Reply-To: [EMAIL PROTECTED]
Date: Thu, 30 Mar 2000 21:48:38 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
: Johnny Bravo wrote:
:> That does nothing to tell anyone how many tests failed and by what
:> margins. For example the RNG failed one class of tests every time. [...]
: My point was that the difficulty of interpretation seems to be
: a problem in practical use of Diehard. You may have much experience
: and can interpret the results correctly. But one without experience
: would likely not be able to perform as well, I am afraid.
Try DiehardC.
`Final summary. [...]
0.9109 0.9581 0.7987 0.4873 0.0536 0.6345 0.9811 0.1185 0.8648 0.8000
[snip 17 lines of the same sort of thing]
1.0000 1.0000 1.0000 1.0000 1.0000 1.0000 1.0000 0.9045 0.3099 0.9388
0.7355 0.6500 0.4470 0.7829 0.2922 0.0459 0.5158 0.3694 0.0896 0.2338
0.1047 0.2993 1.0000 1.0000 1.0000 1.0000 1.0000 1.0000 1.0000 1.0000
0.3972 0.1620 1.0000 1.0000 1.0000 1.0000 0.9994 0.0330 0.6032 0.7602
0.3139 0.1514 0.5396 0.5008 0.2733 0.2646 0.9572 0.0013 0.2401 0.6066
0.9290 0.6212 0.5513 0.7349
A KSTEST of those values yields 1.000000'
If there are many 1.0000 or 0.0000 values in the table the generator fails.
This is indicated clearly enough in the final "KSTEST" figure.
--
__________
|im |yler The Mandala Centre http://mandala.co.uk/ [EMAIL PROTECTED]
999 - girlfriend of the Beast.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Particular integer factors
Crossposted-To: sci.math
Date: Thu, 30 Mar 2000 22:59:03 GMT
In sci.crypt JCA <[EMAIL PROTECTED]> wrote:
> When attempting to factorize a (large) integer does it help to know
> that it is
> the product of two unknown factors whose sizes are known?
Well, it lets you skip a primality test and searching for small
factors. :) I doubt it helps significatly though, apart from simply
letting you jump right to mpqs or nfs.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: RNG based on primitive multiplicative generator.
Date: Thu, 30 Mar 2000 23:07:36 GMT
How would one start to attack a generator like so:
p = large prime
g = primitive element modulo p, with at least log2(p) bits set
b = element modulo (p) with at least log2(p) bits set
x = private key.
M[0] = g^x mod p
...
...
M[i] = M[i - 1] * g mod p
N[i] = M[i] <dot> b
<dot> represents a dot product operation. We know for starters that the
period is p-1. Presumably with different 'b' masks we could extract more
then one bit at a time?
Just an idea.
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
