Cryptography-Digest Digest #460, Volume #11 Sat, 1 Apr 00 07:13:01 EST
Contents:
Re: Proof of Identity ("Joseph Ashwood")
Re: Improvement on Von Neumann compensator? (Guy Macon)
Re: Chronometric Cryptography ("Dan Coyle")
Re: Using Am-241 to generate random numbers (Guy Macon)
Newbie Question: What is a Hash Method? ("Vinchenzo")
Re: Proof of Identity (mark carroll)
Re: Newbie Question: What is a Hash Method? (NFN NMI L.)
Re: Proof of Identity (Bryan Olson)
NSA ("Stou Sandalski")
Re: NSA (NFN NMI L.)
Re: Using Am-241 to generate random numbers (Jerry Coffin)
PKCS #7 version not supported? ("Ray Djajadinata")
Re: Does anybody know of a secure FTP server? (Lincoln Yeoh)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Lincoln Yeoh)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Taneli Huuskonen)
Re: Coderpunks Query on Teledyne Crypto (John Savard)
----------------------------------------------------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Proof of Identity
Date: Fri, 31 Mar 2000 21:35:41 -0000
> Yea, I just realized that you can interpret the system
otherways.
> However you cannot determine the original (a, b, c)
despite this.
But I can determine a set of integers that work. You are
then left with proving that your solution is the only real
one. By not revealing one of your equations there are a
number of solutions, or one unique solution. Either way I
can generate an equation that satisfies the others.
Joe
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Improvement on Von Neumann compensator?
Date: 01 Apr 2000 00:53:47 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Mok-Kong Shen)
wrote:
>Sorry, my point concerning 'continuous process' was wrong (my
>thought at the time of writing betrayed me). However, the other
>point, namely that concerning physical realization, seems to be valid.
>On the other hand, I like to have a point you raised (if I
>understand correctly) more explicitly expressed as follows. The
>position of any particle that can be measured and the clock one
>uses are obviously subject to bounded precisions of the instruments
>involved. Further, most values have to be truncated, since we can't
>record most of the real numbers exactly (with an infinite or almost
>infinite number of digits) even if we had had perfect instruments.
>So, even if we KNOW (which we can't, I am afraid) that the Brownian
>motion being observed is indeed truly random, would one be able to
>extract from that truly random informations in practice? In other
>words, wouldn't the above mentioned imperfection in measurement
>and recording essentially falsify our results? (This would also
>apply to random numbers obtained from other physical sources.)
There is an escape clause that will let you remove the bias and keep
the randomness. As a thought experiment, imagine that I obtained
N bits of "random" data from the following (possibly to certainly
biased) sources:
HotBits (time between atomic decays in a radioisotope)
Laverand (the position of the lava in a bunch of lava lights)
Intel chipset RNG (thermal noise source disturbing phase locked loop)
The best available pseudorandom generator (is there a concensus as to
which one is "best", or is this another "depends on what you want"
questions?)
Now XOR them together. The only bias that will remain is a bias that
is shared by all four sources. Also, if any one of the four is true
random, the output will be true random.
------------------------------
From: "Dan Coyle" <[EMAIL PROTECTED]>
Subject: Re: Chronometric Cryptography
Date: Fri, 31 Mar 2000 23:58:50 -0600
Actually neither the number of rounds, nor the amount of encryption time, is
stored within the message, it isn't stored at all. I hash the users Key,
into a 128 bit Iteration Key "K1", Then I start looping until the specified
time period is up. Within the loop I encrypt the current text over and over
again, also rehashing the key over and over again, after each iteration,
creating "K2","K3", up to "Kn" which is the key, when the specified time
period is up. I then Xor K1 and Kn together to form KF, which is what I
store within the Message. This is important because KF is the only key I
store within the message. The only way to extract Kn is to know K1, or vice
versa. Since the user entered the key, he/she can produce K1, by hashing it
once. With Kn extracted, it reverses the Encryption process Decrypting the
Message, and dehashing, if you will, the key, Kn to Kn-1, Kn-2, Kn-3, and so
on until Kn-m = K1, at which point the algorithm knows that it has completed
it's task and presents the user with the current state of the ciphertext,
which should be the plaintext. I say should because if a user puts in an
incorrect key, he/she will produce an erroneous Kn, and each dehashed key
will be incorrect, but, by chance, it could eventually be dehashed to K1,
although since all the previous keys were erroneous and in an incorrect
order, the message still would not be decrypted properly, it would simply be
erroneous data.
Hashing/Dehashing, really isn't the correct term for what I'm doing to the
key, after all the point of a Hash is to create number B from A, and not
being able to figure out what number A was, from B alone. I really just
alter the Key, by Xoring it with each byte in the current Ciphertext, this
alters each iteration key into a completely different key, but still allows
me to determine the preceding key as well, given the current ciphertext.
You are correct in pointing out that if the attacker knew how many
iterations the message had been encrypted for, it would provide a few bits
of extended security, but since an attacker would have to guess at the
number of iterations, and if he/she were to guess low, they would never
decipher the message, I think that would add another layer of security on
top of it.
DC
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
news:OgixVj0m$GA.255@cpmsnbbsa05...
> I think at best this would increase the work load by a few
> bits. My thoughts are that what you have done is create a
> system with 2 keys, one which you call a key, the other is
> the number of rounds. Since it's safe to say that your
> rounds will certainly not be 2^32 (at least not in the near
> future), that adds at most 32 bits to the key space. There
> are two erosions on this. First is the fact that your
> adversary is likely have knowledge of how much computing
> power you have, right now without knowing you I would
> estimate that you have a Pentium 2 or 3 or Athlon, this
> gives me a known keyspace of only 4 times, or 2 bits. The
> other erosion is on your estimate of how to do go about the
> attack, a logical attack pattern would be to run through a
> specific workload value through all the keys, then increase
> the workload value, repeat. The effect of this is that my
> first pass is fast, my last pass is about 1/4 the speed,
> meaning that you will only get around 1 bit extra out of
> this. To add to the complications remember that with a
> parameterized algorithm you make it VERY difficult to
> analyze, each parameterization needs to be analyzed in order
> to avoid round reductions at unexpected places, forming a
> group-like property. Done well they can be very good, but
> after the very good, you very quickly go to very bad.
> Joe
>
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Using Am-241 to generate random numbers
Date: 01 Apr 2000 01:02:10 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Jerry
Coffin) wrote:
>
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>> AFAIK, the atmospheric cell size is much smaller than the wavelength of
>> radio signals, so radio twinkle shouldn't be an issue.
>
>No, but interference almost certainly is -- I'm reasonably certain
>this wouldn't work. If (for example) you want to get really random
>IVs for your messages or produce really random session keys, a
>telescope would work quite nicely. Trying to "transmit" the key by
>having two people get the same key off of a telescope is extremely
>unlikely to work dependably (if at all).
And if it did work dependably, it would do so for any attacker
with a telescope. You might as well just post your random
session key in the clear to a newsgroup - either way anyone
who wants it can retrieve it.
------------------------------
From: "Vinchenzo" <[EMAIL PROTECTED]>
Subject: Newbie Question: What is a Hash Method?
Date: Sat, 1 Apr 2000 00:55:54 -0500
I would like to know what is a hash method? Is it like a subkey generation?
------------------------------
From: [EMAIL PROTECTED] (mark carroll)
Subject: Re: Proof of Identity
Date: 1 Apr 2000 06:13:03 GMT
In article <8c4178$qim$[EMAIL PROTECTED]>,
David A Molnar <[EMAIL PROTECTED]> wrote:
(snip)
>* Cormen, Leiserson, and Rivest "Introduction to Algorithms"
>
> A friend of mine refers to this as "the foundational text for all
> human knowledge." I'm not sure I'd go that far, but it's a pretty
> good book. In particular, it goes into the exact math techniques you
> need in order to prove things about algorithms; pay especial attention
> to the counting + probability section.
>
>I suggest these for two reasons -- first, they contain lots of neat
>algorithms and second, they show some applications of math to algorithm
>analysis. I personally find math easier to learn when it has a clear
(snip)
I certainly second this recommendation - it's not cheap, but it's well
worth the price. I photocopied the LUP decomposition section for a
friend only this evening. It's a great algorithm cook-book that
includes the information to understand where the algorithms are coming
from and why their features are as they are.
They don't include the answers to all the exercises, which annoys me
somewhat, but you can see the POV of instructors using it as a class
text. (What's most irritating is some of the exercises actually ask
quite interesting questions. (-:)
-- Mark
------------------------------
From: [EMAIL PROTECTED] (NFN NMI L.)
Subject: Re: Newbie Question: What is a Hash Method?
Date: 01 Apr 2000 06:59:39 GMT
Hashes produce a (usually fixed-length) sequence of bytes from some input. One
possible hash would be to sum all of the bits and take it mod 2: you get a
one-bit output (0 or 1). Cryptographically secure hashes are a little
different: they usually have outputs of 128 or 160 bits and are one-way: it is
"computationally infeasible" to determine the input from the given hash output.
SHA-1 is a very good example.
-*---*-------
S.T. "andard Mode" L.
STL's Quotation Archive: http://quote.cjb.net
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Proof of Identity
Date: Sat, 01 Apr 2000 07:14:19 GMT
Paul Rubin wrote:
> Tom St Denis wrote:
> >One idea [while sitting in algebra] for proving that
> >you were present at something [or wrote a book, etc]
> >is to
[Method that doesn't really work]
[...]
> A crypto version of what you seem to be thinking of is you write down
> the hash of something, H(x). Then prove later that you wrote it, by
> revealing x.
Even better: write down the product of two large
random primes, and then later prove in zero knowlege
that you know the factors.
Or depending on the goals, use Paul's H(x) method,
but make x your own name followed by some salt.
Of course given the problem statement, you could
just write down your name in the first place.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Stou Sandalski" <tangui [EMAIL PROTECTED]>
Subject: NSA
Date: Fri, 31 Mar 2000 23:39:30 -0800
Hey I was looking at the NSA website today (and that FAQ) and one thing that
struc me as kind of strange was that they do a lot of crap for the
community, way too much... (for christ sake they recycle their flourescent
bulbs so "no mercury polutes maryland"). It looks to me like some of those
big corporations that do all kinds of shady things and then donate some
money (or whatever else) to good causes to I guess balance out their karma.
I am not trying to say the NSA is evil or anything of that sort, but it
seems kind of weird. Also if you look at the jobs they have/research they
do it includes stuff like mass storage, and data mining, now thats not
exactly bad but it makes me think that they are looking for better ways to
tap everyone... store and mine the data (to find msgs from god I am
guessing). I don't support conspiracy theories (even though existence of
some of those conspiracies would make life a lot more exciting) but if
something of the 1984 type exist it be safe to say the NSA has got its
little boney fingers in it... but then you get into the whole why would they
want to and so on so forth.
the nsa probably has extreamly powerful computers and things but I doubt
they have anything exotic like quantum computers and such because people in
general like to brag (especialy engineers) and info would have leacked out.
of course that is unless the NSA is conspiring with super-inteligent extra
terrestrials that have allready discovered a way to store all possible PGP
keys on a single nutrino and can fold time-space so they can jump through
worm holes and travel in 0 time... hehehe
I wonder what kind of background checks and security checks the janitors at
NSA have to go through, or maybe they are using Epsilon semi-morons... hmmm
Also I am almost 100% sure that they (maybe not officialy but people from
the nsa) read this newsgroup, probably not to spy on people but to get
information, this being one of the most (the most maybe?) famous crypto
related newsgroup on usenet.
Stou
P.S.
Wow this msgs has such proper construction and organization... hehe
------------------------------
From: [EMAIL PROTECTED] (NFN NMI L.)
Subject: Re: NSA
Date: 01 Apr 2000 07:44:50 GMT
<<information, this being one of the most (the most maybe?) famous crypto
related newsgroup on usenet.>>
Information? From USENET? Hah!
Just remember - the NSA is a government agency.
-*---*-------
S.T. "andard Mode" L.
STL's Quotation Archive: http://quote.cjb.net
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Using Am-241 to generate random numbers
Date: Sat, 1 Apr 2000 02:18:31 -0700
In article <8c43d2$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> >Trying to "transmit" the key by
> >having two people get the same key off of a telescope is extremely
> >unlikely to work dependably (if at all).
>
> And if it did work dependably, it would do so for any attacker
> with a telescope. You might as well just post your random
> session key in the clear to a newsgroup - either way anyone
> who wants it can retrieve it.
Well, there ARE a lot of stars out there -- OTOH, unless you have BIG
telescope, the search for irregular and semi-irregular variables
wouldn't be TOO terrible. If the two parties involved were at
substantially different latitudes, that would reduce the field of
stars to be considered as well.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: "Ray Djajadinata" <[EMAIL PROTECTED]>
Subject: PKCS #7 version not supported?
Date: Sat, 1 Apr 2000 18:16:11 +0800
Hi all,
I'm just trying to peek into a PKCS#7 object to get the values inside. But
pretty strange things happened. I tried using both RSA Cert-C and cryptlib,
and both of them are unable to open this. Cert-C says the version is not
supported, and that's it (what version? why it is not supported? beats me).
cryptlib says error -32 (CRYPT_ERROR_BADDATA).
So I tried opening the PKCS 10 request, the result of which is the PKCS #7
message in question. Again, the same error happened for cryptlib. I'm
wondering if anyone is able to help me with this? I can send you the files
if necessary (it's just a mock certificate, for testing).
Thanks a lot in advance! :O)
Cheers.
Ray.
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Subject: Re: Does anybody know of a secure FTP server?
Date: Sat, 01 Apr 2000 10:14:20 GMT
Reply-To: [EMAIL PROTECTED]
On 31 Mar 2000 07:13:29 GMT, [EMAIL PROTECTED] (Paul Rubin) wrote:
>I am saying this after having benchmarked all four processors I've
>mentioned. From fastest to slowest: K7, PII/III, K6, Sparc.
>I haven't done any timings on SGI or Alpha but I don't see how they
>can approach the X86's in cost effectiveness if you're just doing SSL.
Go Athlon go! Just wait till Sledgehammer comes out and the competition
really heats up.
Pity that good Athlon motherboards aren't easy to find.
I figure Athlons would be great on SMP server boards.
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Sat, 01 Apr 2000 10:23:33 GMT
Reply-To: [EMAIL PROTECTED]
On 31 Mar 2000 21:02:57 +0300, [EMAIL PROTECTED] (Taneli Huuskonen)
wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>In <[EMAIL PROTECTED]> Anthony Stephen Szopa
><[EMAIL PROTECTED]> writes:
>
>[...]
>>Introduction then we will proceed with Mr. Huuskonen's point about
>>the random number generator possibly having a weakness.
>
>Strike the "possibly" - it does have a weakness, and below you can
Why didn't you just follow his style and just say "It has a weakness,
and you should not expect any of us to entertain you if you have
not done your homework while the rest of us have."
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: [EMAIL PROTECTED] (Taneli Huuskonen)
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: 1 Apr 2000 13:33:24 +0300
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In <[EMAIL PROTECTED]> "Trevor L. Jackson, III"
<[EMAIL PROTECTED]> writes:
>Are you going to send him an invoice for the time you spent on his
>software or are you going perform another analysis when he fixes the
>problem you've demonstrated?
I'm going to send him an invoice for the next analysis. :-)
Taneli Huuskonen
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA/AwUBOOXP81+t0CYLfLaVEQJAiACfSok/e7PtCJMuCmwGjUsuuAupnMUAn165
w1ukpqS+EivrqrKWCXMHqr+q
=yga2
=====END PGP SIGNATURE=====
--
I don't | All messages will be PGP signed, | Fight for your right to
speak for | encrypted mail preferred. Keys: | use sealed envelopes.
the Uni. | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Coderpunks Query on Teledyne Crypto
Date: Sat, 01 Apr 2000 10:59:26 GMT
On Fri, 31 Mar 2000 22:22:39 GMT, Jim Reeds <[EMAIL PROTECTED]>
wrote, in part:
>I didn't say it was secret.
I know you didn't, it was just that since serial numbers on bills
aren't used for anything, I couldn't imagine a purpose for a check
digit except as a way of deterring counterfeiting. (Not too effective
a method, of course, because most counterfeits all have the same
serial number in a batch, but it would prevent more advanced
counterfeits, perhaps.)
>The check digits on German paper
>currency have the property that they detect all single-digit errors
>and transpositions of adjacent digits, and (unlike the scheme
>used by ISBN numbers, which requires occasional use of the extra-
>digital symbol X) they are digits. This cannot be done with
>simple mod 10 checksum equations, but can be done -- it turns out --
>with orthomorphisms. (The ISBN check sum takes the mod 11 cop-out.)
>The recipe is publicly known, but a bit complicated.
>See the note by Joseph Gallian, ``Math on Money.'' {\it Math Horizons}
>November 1995, pp. 10-11. (There are better references, but I am too
>lazy to dig one out of my filing cabinet now.)
Ah, so the complicated math is used because that produces essentially
the 'ideal' check digit algorithm. I will look up the reference when I
get a chance.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
