Cryptography-Digest Digest #459, Volume #11 Sat, 1 Apr 00 01:13:01 EST
Contents:
Re: LFSR's ("Trevor L. Jackson, III")
Re: Key exchange using Secret Key Encryption (zapzing)
Re: Proof of Identity (mark carroll)
post deletion ("Richard Lee King Jr.")
Re: post deletion ("Richard Lee King Jr.")
Re: Proof of Identity (Tom St Denis)
Re: post deletion (M. Leakyiron)
Re: Proof of Identity (Tom St Denis)
Re: Observer 26/3/2000: "It's RIP basic human rights as 'worst UK legislation ever'
looms" (Neil Horlock)
Re: Proof of Identity (Tom St Denis)
Re: Proof of Identity (Tom St Denis)
Re: Blowfish (Tom St Denis)
Re: RNG based on primitive multiplicative generator. (Tom St Denis)
Re: Looking for some help on RSA public key/private key generation (Tom St Denis)
Re: Proof of Identity (Paul Rubin)
Re: Proof of Identity (mark carroll)
Re: Chronometric Cryptography ("Dan Coyle")
Re: Looking for some help on RSA public key/private key generation (David Hopwood)
Re: Proof of Identity (David A Molnar)
Re: Chronometric Cryptography ("Dan Coyle")
Re: Key exchange using Secret Key Encryption (Boris Kazak)
IDEA key expansion in WTLS (Anuj Seth)
Re: Proof of Identity (Tom St Denis)
Re: Looking for some help on RSA public key/private key generation ("Joseph Ashwood")
----------------------------------------------------------------------------
Date: Fri, 31 Mar 2000 22:36:19 -0500
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: LFSR's
"Trevor L. Jackson, III" wrote:
> Tim Tyler wrote:
>
> > Pascal JUNOD <[EMAIL PROTECTED]> wrote:
> >
> > : [...] irreducible polynom x^63 + x + 1 over GF(2) [...based LFSR]
> >
> > : Let's just speak about the period [...]
> >
> > : The polynomial being irreducible, it produces a sequence of bits
> > : (normally the lsb of each states) with a period of 2^64 -1.
> >
> > : Now, instead of taking the lsb, we could take bit #56 or #2 or any one
> > : of the 64 bits of the internal state.
> >
> > : All these possible sequences have a period of 2^64 - 1,or am I wrong ?
> >
> > You're right.
>
> How do you figure this? Those polynomials are not all primitive.
Oops. I read the above as picking an arbitrary feedback tap. Instead he's
picking an arbitrary output tap, which has no influence on the behavior of the
LFSR.
>
>
> >
> >
> > : Now, if we output the whole internal state, we produce a sequence of
> > : 2^64 - 1 values of 64 bits each, or 64*(2^64-1) bits. Am I right ?
> >
> > Yes.
> >
> > : What is the period of such a sequence, if we look at it as a _bit_
> > : sequence ?
> >
> > *Probably* n x (2^n - 1) = 64 x (2^64 - 1) in this case.
>
> > In general, the chances of this period being attained are probably
> > greatest when (2^n - 1) and n are prime.
> > --
> > __________ Hexagonal Engineering http://hex.org.uk/ [EMAIL PROTECTED]
> > |im |yler Lotus Artificial Life http://alife.co.uk/ Be good,
> > The Mandala Centre http://mandala.co.uk/ do good.
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Subject: Re: Key exchange using Secret Key Encryption
Date: Sat, 01 Apr 2000 03:19:49 GMT
In article <8bufbm$g75$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Please excuse a newbie question.
>
> I am looking for a method of key exchange that only involves secret
key
> encryption. The method should also be immune to man-in-the-middle
> attack. The scenario I am looking at is described below.
>
> Alice and Bob are complete strangers and have only one channel of
> communication. The Channel being the Internet. They only have at their
> disposal a secret key encryption method. For the sake or argument,
this
> method is Bob Schnier's Twofish. It can be assumed that Alice and Bob
> are both connected to the internet concurrently, so multiple pass
> protocals can be used. How can Alice and Bob start communicating and
> protect their messages.
>
> Thank you very much for your help.
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Why in the world would two complete strangers
want to exchange encrypted information ???
What could they possibly have to say to
each other? Surely you are not thinking
of starting a secret cabal with a
complete stranger. that is not recommended.
And why can't public key
encryption be used? It seems to
be the *only* solution to this
(rather strange) problem.
--
Do as thou thinkest best.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (mark carroll)
Subject: Re: Proof of Identity
Date: 1 Apr 2000 03:40:15 GMT
Actually, I suppose it might be interesting to encode, say, every
hundred ASCII characters of your message as being the solutions of a
set of a hundred equations, thereby generating many equations for your
message. Then, the key for the cipher could be a permutation that
jumbles them all up (or vice-versa) so a passive eavesdropper won't
know which sets of equations should be solved together. (You could
maybe throw some 'false' ones in too.)
Does this sound plausibly useful? If so, is it isomorphic to something
already well-known? The obvious flaw is the way that the ciphertext
would be rather larger than the plaintext; I bet there are much better
encryption schemes available for the price of such a size increase.
-- Mark
------------------------------
From: "Richard Lee King Jr." <[EMAIL PROTECTED]>
Subject: post deletion
Date: Sat, 01 Apr 2000 03:45:50 GMT
2 of my posts were deleted.
the odd thing is that these 2 were the sane ones.
they left my babbling alone.
------------------------------
From: "Richard Lee King Jr." <[EMAIL PROTECTED]>
Subject: Re: post deletion
Date: Sat, 01 Apr 2000 04:00:43 GMT
the deletions make me think my guess is very close.
the offending post was......
rc5-32/12/8 plaintext guess.
"The "
"unkn"
"own "
"mess"
"age "
"is: "
"64 b"
it k"
"eys "
"just"
" are"
" not"
" goo"
"d en"
"ough"
" now"
"Richard Lee King Jr." <[EMAIL PROTECTED]> wrote in message
news:OheF4.9$[EMAIL PROTECTED]...
> 2 of my posts were deleted.
> the odd thing is that these 2 were the sane ones.
> they left my babbling alone.
>
>
>
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Proof of Identity
Date: Sat, 01 Apr 2000 04:42:01 GMT
Paul Rubin wrote:
> It's worse than that. If a,b,c are known, you can write an equation.
> If a,b,c are unknown, then why mess with equations? Just reveal a,b,c
> and show how it's special (e.g. it's your social insurance number).
>
> A crypto version of what you seem to be thinking of is you write down
> the hash of something, H(x). Then prove later that you wrote it, by
> revealing x.
That's SKEY right?
>
> >Question, is it possible to calc the gcd(x, y) mod a number? So that if
> >I do 5x mod 11, can I tell if it's a multiple of 5? I don't think you
> >can, just wondering.
>
> No of course not. Try x=10 and x=21.
True. I was thinking of shamirs three pass protocal with
multiplication, but I already broke it in my head... oops.
> >[btw the solution to the above system is my Social Insurance Number [I
> >was really bored in class]].
>
> Tom I think you ought to start reading some real math books. Forget
> about Bob's suggestion of Cohen's book on algebraic number theory, which
> is a graduate text. But you might look at Koblitz's book I've mentioned.
> Another suggestion (less cryptography specific) is "Concrete Mathematics"
> by Knuth, Graham, and Patashnik. It will give you a good math background
> for computer science.
I will look up the book "Concrete Mathematics", my level of math is
essentially around first year university [which is cool for a hs
student]. So I need something without very abstracted math. I read the
paper on Schoofs algorithm, and as expected only got the title
understood. But it's good to be exposed to it I spose.
Thanks for the reply.
Tom
------------------------------
From: [EMAIL PROTECTED] (M. Leakyiron)
Subject: Re: post deletion
Date: Sat, 01 Apr 2000 04:43:04 GMT
"Richard Lee King Jr." <[EMAIL PROTECTED]> wrote:
>the deletions make me think my guess is very close.
>the offending post was......
>
>rc5-32/12/8 plaintext guess.
>
>"The "
>"unkn"
>"own "
>"mess"
>"age "
>"is: "
>"64 b"
>it k"
>"eys "
>"just"
>" are"
>" not"
>" goo"
>"d en"
>"ough"
>" now"
Yes, that's the third time you've posted that, along with all your other
guesses. I don't know why you think anything was deleted.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Proof of Identity
Date: Sat, 01 Apr 2000 04:48:41 GMT
mark carroll wrote:
>
> In article <[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> >One idea [while sitting in algebra] for proving that you were present at
> >something [or wrote a book, etc] is to embed simple system of equations
> >like
> >
> >11a + 3b - 9c = -927
> >-5a - 11b + 7c = 1561
> >..
> >
> >And not give the last equation. Of course the last solution will give
> >out the values (a, b, c). The ability to give out the last eqn' or the
> >set (a, b, c) proves that you wrote the first two equations. So that
> >if you add those two lines to your document you can later prove you
> >wrote.
> (snip)
>
> a = 12, b = -92, c = 87?
That's neat, but the proof would really come from giving out the third
equation. I suppose if you guessed (a, b, c) you could make up your own
version of the system. Since with two eqn's you can always get the
first two terms in relation to the third.
Of course since my goal was to hide the info [this is really based on my
sin] my system is still secure. I would use this for example for a
max-threshold sharing scheme. Where all three participants are required
to get the secret (a, b, c) values.
> Just an idea. It's not much of a proof that I wrote the first two
> equations, though. (-:
Well you can now forge a third equation such as
a + b + c = 7
Which is consistant with your interpretation of the system.
> It's an interesting idea. Some of your articles are well worth
> reading. Thanks for posting.
Your welcome. I try to provoke some thought :-)
Anyways, as a identification I would probably follow Paul's idea and use
the H(x)^-1 idea.
Tom
------------------------------
From: Neil Horlock <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.politics.censorship
Subject: Re: Observer 26/3/2000: "It's RIP basic human rights as 'worst UK legislation
ever' looms"
Date: Sat, 1 Apr 2000 04:42:07 +0100
In an article <[EMAIL PROTECTED]> of
great significance, NoSpam <[EMAIL PROTECTED]> stipulated:
>Specifically, the bill stipulates that if a message or device traced to you
>contains encrypted data, you can be required by a statutory order to hand
>over the key needed to decrypt that data. If you have lost or forgotten that
>key, you will be presumed to be guilty of an offence and required to prove
>to a court that you have indeed lost or forgotten it. If convicted, you will
>go down for two years.
One reason why I have no plans on using PGP.
For me it's a waste of time and it's not like I didn't foresee this.
I just didn't have the chance to discuss this till now.
BJ.
--
One by one the ships come sailing in. One by one the ships go sailing out.
FOR BUSINESS - TARGET: City of Sunderland.
(It is not as if I have any weight in my home town :((((((((
................... yet !!!!!!!! (Sorry ... BODIES ?)
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Proof of Identity
Date: Sat, 01 Apr 2000 04:53:19 GMT
mark carroll wrote:
>
> Actually, I suppose it might be interesting to encode, say, every
> hundred ASCII characters of your message as being the solutions of a
> set of a hundred equations, thereby generating many equations for your
> message. Then, the key for the cipher could be a permutation that
> jumbles them all up (or vice-versa) so a passive eavesdropper won't
> know which sets of equations should be solved together. (You could
> maybe throw some 'false' ones in too.)
>
> Does this sound plausibly useful? If so, is it isomorphic to something
> already well-known? The obvious flaw is the way that the ciphertext
> would be rather larger than the plaintext; I bet there are much better
> encryption schemes available for the price of such a size increase.
Well instead of actually directly encrypting the data with this method,
I could do this
(a, b, c, d) = K = 128 bit key
(a,b,c,d) = 32 bit words... part of the key.
Then I just give out a system such as
Aa + Bb + Cc + Dd = N1
Ea + Fb + Gc + Hd = N2
Ia + Jb + Kc + Ld = N3
Ma + Nb + Oc + Pd = N4
And it would take all four participants to get the coefficients (a, b,
c, d) and thus the key. Just an idea.
Of course this method is far more pratical
K = A xor B xor C xor D
Where (A, B, C, D) are random 128 bit numbers. In this system if (A, B,
C, D) are all unique you all four to get the key back.
Or you could actually encode the message that way....
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Proof of Identity
Date: Sat, 01 Apr 2000 04:54:26 GMT
Joseph Ashwood wrote:
>
> The bigger problem I see is that one can, using simple
> algebra, create a solution, and given that generate an
> additional equation that will allow forgery. For example:
> > > 11a + 3b - 9c = -927
> > > -5a - 11b + 7c = 1561
> Simple algebra gives a third equation for a solution as
> 6a -8b -2c = 634
> 16a+14b-16c=2488
> From these you can generate any number of valid signature
> equations. Just use whatever form of elimination you want.
> The signature scheme itself can be broken quite easily, even
> given just one equation choose a point on that line and
> write an equation that goes through that point, with 2
> equations it's a similar proposition, etc.
> Joe
Yea, I just realized that you can interpret the system otherways.
However you cannot determine the original (a, b, c) despite this.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Blowfish
Date: Sat, 01 Apr 2000 04:56:06 GMT
Joseph Ashwood wrote:
>
> > Smaller ones (or multiples of 1 bit...) don't work?
>
> You can always find a way to make it work, a very common way
> (one of the AES finalists uses it) is to pad to a usable
> value. For example if you have 33 bits pad with 0 to get 40
> bits. Just document, document, document.
> Joe
Even better is to insert a salt there, if you don't already use one. If
you input 64 bit keys for example, pad the key to 80 bits to get a 16
bit salt [you may want a bigger salt...]
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: RNG based on primitive multiplicative generator.
Date: Sat, 01 Apr 2000 04:57:24 GMT
lordcow77 wrote:
>
> How are you defining a dot product between two integers? Over
> the Euclidian space R^1, a dot product just reduces to a
> multiplication, which doesn't make much sense. I think you mean
> a mask of some sort.
>
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
> The fastest and easiest way to search and participate in Usenet - Free!
Ouch... sorry I meant to inrepret the integer as a long vector of bits,
then to the dot product, so 5 <dot> 3 would be
(1, 0, 1) <dot> (0, 1, 1) = 1*0 xor 0*1 xor 1*1 = 1
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Looking for some help on RSA public key/private key generation
Date: Sat, 01 Apr 2000 04:59:11 GMT
Bob Silverman wrote:
>
> In article <0UOE4.95572$[EMAIL PROTECTED]>,
> "Tom St Denis" <[EMAIL PROTECTED]> wrote:
>
> > Why do people say phi(N) when in your own paper you suggest to use lcm(p -
> > 1, q - 1)?
>
> Both work. LCM(p-1, q-1) will be slightly smaller.
So wouldn't lcm(p-1, q-1) be better way to document RSA? It's more
efficient, no more complex, etc...
[not to be critical, cuz i think you guys really are a good thing for
the community at large].
Tom
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Proof of Identity
Date: 1 Apr 2000 05:11:31 GMT
In article <[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
>I will look up the book "Concrete Mathematics", my level of math is
>essentially around first year university [which is cool for a hs
>student]. So I need something without very abstracted math. I read the
>paper on Schoofs algorithm, and as expected only got the title
>understood. But it's good to be exposed to it I spose.
>
>Thanks for the reply.
"Concrete Mathematics" got its title partly because of Knuth's
frustraction with confusing "abstract mathematics", and partly because
it is about a combination of CONtinuous and disCRETE mathematics.
Traditional CS math is mostly discrete--combinatorics, arithmetic, etc.
while traditional engineering math is continuous (calculus). Knuth
felt it was important to have both.
I think you will be able to read most of the book. It's at about the
right level for you, if you've had a decent calculus class in HS
(some parts are more advanced and you might have to skip them).
It's mostly the same mathematical content as in vol. 1 of The Art of
Computer Programming (Fundamental Algorithms) but presented in a more
organized, instructional way.
You can check the description and reviews at
http://www.amazon.com/exec/obidos/ASIN/0201558025
------------------------------
From: [EMAIL PROTECTED] (mark carroll)
Subject: Re: Proof of Identity
Date: 1 Apr 2000 05:17:09 GMT
In article <[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
(snip)
>Yea, I just realized that you can interpret the system otherways.
>However you cannot determine the original (a, b, c) despite this.
If you know that a, b, c are integers, is there still an unbounded
number of solutions to choose from? (I fear so.)
-- Mark
------------------------------
From: "Dan Coyle" <[EMAIL PROTECTED]>
Subject: Re: Chronometric Cryptography
Date: Fri, 31 Mar 2000 23:19:04 -0600
>
> It sound like you have just made the
> processing time a part of the key.
> This does have the interesting effect
> that the cryptanalyst has to do a
> little *less* work than a brute force attack,
> The cryptanalyst has to guess the
> "processing time " part of the key.
> He would start with a processing time of
> one "round" ( or whatever) and continue
> to increase it by one.The sum of
> work would be less than the amount
> of work to do a decryption times the total
> processing time.
>
> You also have to remember how many rounds
> were used with each file.
>
> --
> Do as thou thinkest best.
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Actually the time isn't stored within the key. It isn't stored anywhere.
The cipher knows when to stop decrypting when the Users Hashed Key matches
the Current Iteration Key.
The process starts when The user enters a Key, that Key is hashed into a 128
bit Iteration key, "K1" After each stage of Re-encryption, the key is
re-hashed this produces a new key Kn. When the time period expires, the
iterations stop and the current Key "Kf" is Xored with "K1", this produces a
combined key, that can only be deciphered by knowing one of the two Keys.
The user that encrypted the message can Hash his key to create K1, but Kf is
a Hashed and rehashed Version of K1, and is as close to a Pseudo Random
Number, as one can create. Now when the message needs to be deciphered, the
user enters his/her key, hashes it and extracts Kf, the algorithm then works
backwards from were it left off until it generates the key K1, at that point
the algorithm knows it is complete, but it only knows this after the
decryption is complete. Remember, also, that if the user enters the wrong
key, it will extract an incorrect Kf, and will proceed to extract incorrect
key after incorrect key. The only way that Kn will match K1 is by luck, and
with a 128 bit key, that's one chance in 2^128, and since they started with
an incorrect key, the decrypted message would be gibberish. This allows me
to keep the amount of iterations, as well as the time spent inside the
cipher, from the message itself. The only thing I must insert inside the
message is the combined key of K1 and Kf Xored together.
DC
------------------------------
Date: Sat, 01 Apr 2000 05:37:38 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Looking for some help on RSA public key/private key generation
=====BEGIN PGP SIGNED MESSAGE=====
[Re-post, this time hopefully not mangled by Netscape, and with
more complete references. [2] is particularly worth reading.]
Joseph Ashwood wrote:
> Paul Rubin wrote:
> > Joseph Ashwood wrote:
> > >Yes, but by using a large e, the size of your d
> > >decreases.
> >
> > Whaaaaaaat? No, d is the size of the modulus and
> > supposedly unpredictable.
>
> No, length(d)+length(e) should be very close to
> length(modulus), as in within 1
No, Paul Rubin is correct. If e is chosen first, then d = e^-1 mod m
will be approximately the size of m, regardless of the length of e
(where m is either lcm(p-1, q-1) or phi(n)).
Alternatively you can choose d first, in which case e = d^-1 mod m will
be approximately the same size as m. However, it is definitely not secure
to make d less than n^0.292 [1], and according to [1] and [2], d should
not be less than n^0.5.
[1] Dan Boneh, G. Durfee,
"Cryptanalysis of RSA with private key d less than N^0.292,"
Advances in Cryptology - Eurocrypt '99,
Lecture Notes in Computer Science Vol. 1592, pp. 1-11,
Springer-Verlag, 1999.
http://crypto.stanford.edu/~dabo/abstracts/lowRSAexp.html
[2] Dan Boneh,
"Twenty Years of Attacks on the RSA Cryptosystem,"
Notices of the American Mathematical Society (AMS), Vol. 46, No. 2,
pp. 203-213, 1999.
http://crypto.stanford.edu/~dabo/abstracts/RSAattack-survey.html
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOOWK+zkCAxeYt5gVAQEw1Qf7BnTbKzCfHagRKP9S9c77g8brJfINM0jK
jXC7A0g79djr8BxLSMdOPnkIk+G6ikDCvL3XKFw2ckRfgG45o2K2SKV5TsEzQ/Ch
0IKu6nyOp/jZa2gSVv9HZYfNc7mNMguJVZj6IPEKcXLCTUkKMD/C1a/DCIrH2H2R
HdLwnFyIEIroY3QsKw1HzB0MgZv7Z2gZzlEhx4dLAz4J1tes+6xvvJvNv9bfg+wo
qx0MXGfp9wHlS5PF7cO8IqCXCbBXu2AFEFeqAJlxJuZWWNL/poHoF68SGy7gJH0q
tUf93CIAWYmxAwfLFYk3glDQstTDimXQxEl9UBV08Rs+ST3X+2I7XQ==
=C2u9
=====END PGP SIGNATURE=====
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Proof of Identity
Date: 1 Apr 2000 05:24:56 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> I will look up the book "Concrete Mathematics", my level of math is
> essentially around first year university [which is cool for a hs
> student]. So I need something without very abstracted math. I read the
Another two books for which you may want to look :
* Mark Allen Weiss, "Algorithms, Data Structures, and Problem Solving
in C++"
Covers basic algorithm analysis, and also covers a neat set of
fundamental algorithms. Extremely readable book, enough math to be
interesting w/o overwhelming, and includes lots of source code
(although you should be careful, since it uses C++ templates and some
compilers may not like that)
I used this summer after my junior year of highschool for a summer
course in "freshman CS 2" and learned *a lot*.
* Cormen, Leiserson, and Rivest "Introduction to Algorithms"
A friend of mine refers to this as "the foundational text for all
human knowledge." I'm not sure I'd go that far, but it's a pretty
good book. In particular, it goes into the exact math techniques you
need in order to prove things about algorithms; pay especial attention
to the counting + probability section.
I suggest these for two reasons -- first, they contain lots of neat
algorithms and second, they show some applications of math to algorithm
analysis. I personally find math easier to learn when it has a clear
motivation; my favorite such motivation is to fill in what would
otherwise be a gap in some proof for an algorithm. These sorts of
books make learning math *much* easier for me, and may for you.
In addition, you might look at the homework assignments from Johan
Hastad's course on algorithms :
http://www.nada.kth.se/kurser/kth/2D1440/index.html
with notes here :
http://www.nada.kth.se/~johanh/algnotes.ps
His assignments have a mix of theory and implementation problems which
you might find appealing.
Thanks,
-David Molnar
------------------------------
From: "Dan Coyle" <[EMAIL PROTECTED]>
Subject: Re: Chronometric Cryptography
Date: Fri, 31 Mar 2000 23:33:37 -0600
Actually I've thought about that as well, while doing Cryptanalysis, and
found that if you reuse the same using a different (known) message using the
same key an attacker could gain knowledge of the contents of one message by
comparing it to the other. Of course this may depend on which Symmetric Key
cipher was used inside each iteration.
After each iteration, of re-encryption, I rehash the key, but I use the
current state of the ciphertext to do so, even a single changed bit inside
the message would propagate to the rest of the Ciphertext, instead of
effecting just one character.
Although, that would aid in speeding up the use of the algorithm, generating
a Session key, if you will, that would be in use for a certain time period,
meanwhile the next key is being generated behind the scenes. I will look
into that.
Thanks.
DC
"John Myre" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Actually this seems related to a technique called "key stretching".
> (I saw it at http://www.counterpane.com/low-entropy.html).
>
> The basic idea is to take your starting key, then encrypt it or
> hash it N times to get your operational key. Then you just
> encrypt/decrypt your messages normally with the operational key.
> A brute-force key search is now N times as hard.
>
> If you can use the stretched key more than once, it saves you
> (computing) effort, without helping the attacker. That is,
> you can amortize the cost of computing the key over the number
> of messages you encrypt with it.
>
> From what I've seen, N is usually taken to be 2^t, where t is
> some pre-determined number of extra key bits you want. One could
> instead do as you suggest, and iterate the key modification for
> a given amount of time. I suppose you should count while you
> go, and send N to the reciever for decryption.
>
> John M.
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Key exchange using Secret Key Encryption
Date: Sat, 01 Apr 2000 05:34:04 GMT
zapzing wrote:
>
> Why in the world would two complete strangers
> want to exchange encrypted information ???
> What could they possibly have to say to
> each other?
> *************************
> And why can't public key
> encryption be used? It seems to
> be the *only* solution to this
> (rather strange) problem.
=====================
The problem is not strange, not long ago I read about a Baptist
priest who published his PGP key and people could send him
messages in confidence.
(Please don't think that I advertise it, I'm an atheist)
Best wishes BNK
=============================
>
> --
> Do as thou thinkest best.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Anuj Seth <[EMAIL PROTECTED]>
Subject: IDEA key expansion in WTLS
Date: Sat, 01 Apr 2000 05:29:31 GMT
Hi,
The WTLS 1.2 specifications suggests three variants of the IDEA
algorithm,
1. IDEA
2. IDEA_CBC_40 (5 bytes of key material is expanded into 16 bytes)
3. IDEA_CBC_56 (7 bytes of key material is expanded into 16 bytes)
I've downloaded the IDEA algorithm and the C source code for IDEA from,
http://www.ascom.ch/infosec/
but couldn't find any information on key expansion.
Is there any RFC/document available on key expansion for the IDEA
algorithm?
Thanks a ton,
With Regards,
Anuj Seth
Visit my homepages at
1. http://anujseth.tripod.com/
2. http://www.geocities.com/anujseth
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Proof of Identity
Date: Sat, 01 Apr 2000 05:40:36 GMT
mark carroll wrote:
>
> In article <[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> (snip)
> >Yea, I just realized that you can interpret the system otherways.
> >However you cannot determine the original (a, b, c) despite this.
>
> If you know that a, b, c are integers, is there still an unbounded
> number of solutions to choose from? (I fear so.)
If your integers are not bounded, yes there is an unlimited number of
solutions. If if said the polynomial was mod a prime (say 65537) then
there are 65536^3 possible solutions for (a, b, c) (mod 65537).
So generally you would make your prime [in this case] very large.
Tom
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Looking for some help on RSA public key/private key generation
Date: Fri, 31 Mar 2000 21:26:12 -0000
I think the reason for documenting it as Phi(n), is that phi
documentation, as well as proofs regarding phi, are better
understood and more prevalent. It is also easier to write
and understand de = 1 mod (p-1)(q-1) than it is to write de
= 1 mod lcm(p-1, q-1). By using something easier to
understand you can later pose lcm as an optimization, and
for the vast majority of the time lcm won't decrease the
size significantly.
Joe
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Bob Silverman wrote:
> >
> > In article
<0UOE4.95572$[EMAIL PROTECTED]>,
> > "Tom St Denis" <[EMAIL PROTECTED]> wrote:
> >
> > > Why do people say phi(N) when in your own paper you
suggest to use lcm(p -
> > > 1, q - 1)?
> >
> > Both work. LCM(p-1, q-1) will be slightly smaller.
>
> So wouldn't lcm(p-1, q-1) be better way to document RSA?
It's more
> efficient, no more complex, etc...
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
