Cryptography-Digest Digest #514, Volume #11 Sat, 8 Apr 00 14:13:01 EDT
Contents:
Re: Cryptanalysis Challenge - Will anyone accept? (Dave Hazelwood)
Re: Q: Entropy (Rob Warnock)
Re: Q: Entropy ([EMAIL PROTECTED])
Re: OAP-L3: Semester 1 / Class #1 All are invited. ("Scott Fluhrer")
Re: Magnetic Remenance on hard drives. (Guy Macon)
permutation polynomials (more) (Tom St Denis)
Re: Is AES necessary? (Andru Luvisi)
Re: GSM A5/1 Encryption (Paul Schlyter)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Lincoln Yeoh)
Re: Stream cipher from FSE 1 (John Savard)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Lincoln Yeoh)
Re: Magnetic Remenance on hard drives. (jungle)
Re: Public|Private key cryptography? (Jerry Coffin)
Re: Q: Simulation of quantum computing (Lincoln Yeoh)
Re: (no subject) (wtshaw)
Re: computer specs, timing and PK Crypto (Jerry Coffin)
Encryption in Software... (David R Conorozzo)
Re: Is AES necessary? ([EMAIL PROTECTED])
Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL" ("BIG ONE")
Re: Turing machine (David R Conorozzo)
Re: GSM A5/1 Encryption (David A. Wagner)
Re: GSM A5/1 Encryption (David A. Wagner)
----------------------------------------------------------------------------
From: Dave Hazelwood <[EMAIL PROTECTED]>
Subject: Re: Cryptanalysis Challenge - Will anyone accept?
Date: Sat, 08 Apr 2000 21:20:25 +0800
The bad news is I think this is an instance where you will get your
moneys worth. For $100 you will get about $100 worth of analysis. I
suspect you are hoping for more.
The good news is you will probably get just as much from the good
people here in this ng without offering the $100.
But if the cipher is really good and you want the best minds to spend
the umpteen zillion hours it takes for serious analysis well that is
gonna require bigger bucks. I suspect for 10K you will get some pretty
good analysis. For 100K you will have some very good people try very
hard at it. For $1M you will have the undivided attention of the best.
My advice, save your $100 and pick the brains here until you are sure
you have something that at least passes the taste test. Once the boys
here agree it does, then you might want to get serious and offer at
least 1K to see if you can reach second base. When you do that, if it
is an interesting method you might get a free ride where people do it
out of interest and not just view it as the attempt of yet another
wannabe wasting their valuable time, in which case you can also save a
cool million dollars <grin>.
"Jeff Hamilton" <[EMAIL PROTECTED]> wrote:
>I was thinking of placing a stream cipher out here that I developed about 3
>years ago. Source and Ciphertext. I was curious if a $100.00 Cryptanalysis
>offer would be sufficient to gain attention. I'm a novice at this and really
>haven't had a chance to get back in to Cryptography until these last 2
>months.
>
>Would anyone be up to the offer? If so tell me your thoughts. I myself
>already know of it's flaws. Not to mention that some of you who have been on
>this newsgroup for a while have seen it when I posted it about 3 years ago.
>
>-Jeff28
>
------------------------------
From: [EMAIL PROTECTED] (Rob Warnock)
Subject: Re: Q: Entropy
Date: 8 Apr 2000 13:54:14 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
+---------------
| I mentioned in a previous post that one could probably use the
| Kolmogorov complexity. Today, after doing some search in the
| library, I found the following written by Li and Vitanyi in the
| book J. V. Leeuwen (ed.), Algorithm and complexity, p.211
|
| "The following Lemma, due to Levin and Gacs, and also to
| Chaitin, shows that K'(x) [the self-deliminating Kolmogorov
| complexity] is a symmetric measure of the information in x."
+---------------
Most of Chaitin's popular writings can be found online at
<URL:http://www.cs.auckland.ac.nz/CDMTCS/chaitin/>. In particular,
<URL:http://www.cs.auckland.ac.nz/CDMTCS/chaitin/lisp.html>
discusses a notion he calls "elegance" that I read as being
directly related to entropy:
Call a program ``elegant'' if no smaller program has the same
output. I.e., a LISP S-expression is defined to be elegant if
no smaller S-expression has the same value. For any computational
task there is at least one elegant program, perhaps more.
Nevertheless, we present a Berry paradox proof that it is
impossible to prove that any particular large program is elegant.
...
I like to use H(.) for the size in bits of the smallest program
to calculate something. H(X) is the algorithmic information content
or complexity of the S-expression X. Then the following basic
inequality states that the complexity of a pair of S-expressions
is bounded by a constant plus the sum of the individual complexities:
H((X Y)) <= H(X) + H(Y) + c
So to speak to the earlier poster who said something like (sorry if I
got it a bit garbled) "for any particular message there's always at least
one program that will compress it down to one bit", he neglected to
mention that you must include the SIZE OF THAT PROGRAM itself in the
entropy of the message, or rather, the size of the *de*compression
program. And since the program was chosen specifcally for its ability
to decompress *that* message, it's different from programs that would
be used for *other* messages, so in order to get that message reproduced
at the other end of the connection you must transmit the decompression
program itself, and then run it at the other end.
For some fixed message, the "ideal" compression program that compresses
it to zero bits -- or actually, the *decompression* program -- is (one of)
the smallest program that will generate that message as its output, that
is, one of Chaitin's "elegant" programs for that message.
Chaitin proved that while there must exist a "smallest" (i.e., most elegant)
program to generate that output, it's impossible (in general) to *prove*
that any given generator is the smallest. Thus one will never know the
*exact* entropy of a (large-enough) bit string (for non-trivial bit-strings).
[One can, of course, usually find some reasonably-useful *upper* bounds
on the entropy, by using several standard "good" compression techniques
and picking the smallest result...]
Another thing that falls out of Chatin's [and Kolmogorov's] work is an
interesting definition for "random": "Roughly speaking, a random string
is incompressible, there is no simple theory for it, its program-size
complexity is as large as possible for bit strings having that length."
<URL:http://www.cs.auckland.ac.nz/CDMTCS/chaitin/unknowable/ch6.html>
(That is, all elegant programs for a random number are larger than
the number.)
-Rob
=====
Rob Warnock, 41L-955 [EMAIL PROTECTED]
Applied Networking http://reality.sgi.com/rpw3/
Silicon Graphics, Inc. Phone: 650-933-1673
1600 Amphitheatre Pkwy. PP-ASEL-IA
Mountain View, CA 94043
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Q: Entropy
Date: Sat, 08 Apr 2000 14:49:50 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> Calculating entropy generally runs into the Halting problem.
>
> Except for trivially short or simple sequences, there will be shorter
> programs than your current best candidate that do not halt.
>
> *Proving* that these programs don't halt and output your target
> sequence can be "a little bit tricky". See the work of G J Chaitin
> (http://www.cs.auckland.ac.nz/CDMTCS/chaitin/) for more about this.
>
Hi, you might enjoy my latest paper
"A century of controversy over the foundations of mathematics".
You can find it at
http://www.cs.umaine.edu/~chaitin/cmu.html
It was my 2 March 2000
Carnegie Mellon University
School of Computer Science
Distinguished Lecture.
Rgds,
Greg Chaitin
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Sat, 8 Apr 2000 07:52:43 -0700
DMc <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Tue, 04 Apr 2000 16:03:15 -0700, lordcow77
> <[EMAIL PROTECTED]> wrote:
>
> >In article <[EMAIL PROTECTED]>, DMc
> ><[EMAIL PROTECTED]> wrote:
> >>>Not true; the nth iterate of a LCG can be calculated based
> >>>solely on the seed value to the generator. Hint: think modular
> >>>exponentiation.
> >>>
> >>This is the stuff that makes me crazy. Do what you say you can
> >do and
> >>maybe I will understand. An engineer made the same claim in a
> >magazine
> >>article several years ago, and he was not even close.
> >
> >It's proven in _Seminumerical Algorithms_.
>
> Is this "The Art of Computer Programming, Volume 2, Seminumerical
> Algorithms" 1st, 2nd, or 3rd Edition by any chance? I have the 3rd.
> Give me the page number(s) for this proof. I am VERY familiar with
> pages 1 -> 193 in this book.
In the first edition, the method is listed as equation 3.2.1(6). Actually
proving it is an exercise - 3.2.1(4) (the answer in the back just says
"Induction on k"
--
poncho
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Magnetic Remenance on hard drives.
Date: 08 Apr 2000 11:25:04 EDT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (jungle) wrote:
>any names & links of shops that will accept & recover data
>multi pass wiped by pgp software ?
Absence of evidence is not evidence of absence.
It could very well be that such techniques exist and are classified.
The fact that the US military does not approve a multi pass wipe by
pgp software as being sufficient is indirect evidence (but not proof)
of this theory.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: permutation polynomials (more)
Date: Sat, 08 Apr 2000 15:43:32 GMT
Is it possible to have a permutation polynomial P(x) actually form a
complete cycle? For example
a = P(0)
for i = 1 to 255 do
a = P(a)
And end up at (a = 0) at the end? [this is of course in Z(256)].
Tom
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: 08 Apr 2000 08:46:10 -0700
Mok-Kong Shen <[EMAIL PROTECTED]> writes:
[snip]
> However, does the amount of informations, that really deserve
> the etikette of secrets, have proportionately increased?
[snip]
If you only use encryption for the things that "need" it, then it
becomes very easy to identify the "important" traffic. If everyone
uses encryption as a matter of course, then it won't be "suspicious"
for those who need it to use it.
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: GSM A5/1 Encryption
Date: 8 Apr 2000 16:44:11 +0200
In article <8cn89a$2df$[EMAIL PROTECTED]>,
Thomas Pornin <[EMAIL PROTECTED]> wrote:
> According to David A. Wagner <[EMAIL PROTECTED]>:
>> That's only because A5 is not very good.
>
> Actually, I think that A5/1 delivers an impressive security, considering
> the ridiculously small amount of silicium needed to implement it.
Perhaps -- but is the amount of silicon really relevant here?
Crackers don't deliberately limit the amount of silicon they use in
the same way, do they? And if a crypto is broken, it doesn't help
that it was implemented on very little silicon.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Sat, 08 Apr 2000 16:27:32 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 06 Apr 2000 12:04:56 -0500, James Felling
<[EMAIL PROTECTED]> wrote:
>
>> Here is a suggestion: why don't you write one and highlight your
>> supposed flaws in OAP-L3. Now that would take some guts on your
>> part. Are you not sure enough of your position? I don't think
>> you are. The experts will slaughter you (and your phony cronies as
>> well.) Be sure of it.
>
>Perhaps if I get a few spare hours in the next few days I will.
NONONO.
If you keep helping him shore it up you're basically doing HIS job for
free, so that he can sell his stuff to unsuspecting people.
If he can't figure out what is wrong from just a pointer, it is unlikely
that he could have come up with a good design.
A proper technical conversation between peers should normally go
Alice: "It's broken, because if you do ABC, XYZ happens"
Bob: "Why do you say that?"
Alice: "Because you can do P"
Bob: "Oh. Oops."
It shouldn't require so many words and explanations. And generally the "Oh.
Oops." comes after the first statement, unless it's before
coffee/breakfast.
It may be just like the leaning tower of Pisa. You can try to fix it up
here and there, but is unlikely to ever be safe for real use. Good for
public amusement perhaps.
Well at least you should be paid for it. Coz if it falls over you may get
the blame.
It's dead Jim.
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Stream cipher from FSE 1
Date: Sat, 08 Apr 2000 16:09:33 GMT
On Fri, 07 Apr 2000 05:00:49 GMT, [EMAIL PROTECTED] wrote, in
part:
>IIRC, in FSE 1 Ross Anderson suggested a stream cipher
>formed by using an LFSR to turn the wheels of a three-wheel
>rotor system. Has there been any cryptanalysis of this?
>Or any other kind of -analysis?
It sounds like a good idea. However, as an LFSR is linear, it might be
weaker than the SIGABA, which used one set of rotors to turn another
set of rotors, with only the first set of rotors being turned in a
regular way.
If two banks of rotors were used, or the LFSR was used to feed a
MacLaren-Marsaglia construct before controlling the rotors, the result
ought to be more comparable with the SIGABA. With eight rotors at the
end instead of three, I don't think that the threat of cryptanalysis
would be an issue; of course, the system would no longer be as fast.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Sat, 08 Apr 2000 16:34:59 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 07 Apr 2000 18:01:46 GMT, Tom St Denis <[EMAIL PROTECTED]> wrote:
>But if you sum three single digit numbers they will be on avg [the
>output] near 4.5. So that can't be entirely random.
But he's not.
He's using them as digits.
e.g. something like
dice 1 -> digit 1
dice 2 -> digit 2
dice 3 -> digit 3
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: Magnetic Remenance on hard drives.
Date: Sat, 08 Apr 2000 12:40:50 -0400
thanks, got your message in pgp wiped condition ...
Guy Macon wrote:
>
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (jungle) wrote:
>
> >any names & links of shops that will accept & recover data
> >multi pass wiped by pgp software ?
>
> Absence of evidence is not evidence of absence.
>
> It could very well be that such techniques exist and are classified.
> The fact that the US military does not approve a multi pass wipe by
> pgp software as being sufficient is indirect evidence (but not proof)
> of this theory.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Public|Private key cryptography?
Date: Sat, 8 Apr 2000 10:47:02 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ 20 years from now... ]
> Because the latest release of Windows thrashes horribly on a 2GB RAM
> system.. and the latest shoot-em-up VR games require a 33GHz processor,
> assuming one has enough hard disk space to install them...
Pretty insane isn't it? The worst part is, that if this is wrong,
it'll be because the then-current version of Windows won't thrash --
it just won't boot at all unless you have more memory. Of course,
part of the reason it'll take up _quite_ so much memory is that it'll
almost undoubtedly STILL have an emulator to handle what are really
CP/M functions that were really obsolete as of MS-DOS 2.0 (I'm pretty
sure that deserves SOME sort of emoticon, but I'm not sure whether it
should be a smile, a frown, or an as-yet unnamed one for a programmer
tearing his hair out...)
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Subject: Re: Q: Simulation of quantum computing
Date: Sat, 08 Apr 2000 16:49:54 GMT
Reply-To: [EMAIL PROTECTED]
On Sat, 08 Apr 2000 11:28:28 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] wrote:
>> It depends on what you mean by "more powerful". What that would mean
>I don't yet fully understand what you said about the second question.
>Couldn't we consider 'what a QC can do', here computing truly random
>bits, to be a function that one can ask a TM to compute? If TM
>fails to deliver the (function) result, then it is less powerful
>than QC, isn't it?
You missed his main point. See above, then only consider his second
question in that light.
Sure a Ferrari may have more horsepower than a bus. But a bus can take 40
people 100 km away faster than a Ferrari can.
So which is more powerful?
More interesting would be thinking of new good ways to use it. But I guess
I've always been more an engineer type ;).
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: (no subject)
Date: Sat, 08 Apr 2000 10:16:16 -0600
In article <[EMAIL PROTECTED]>, john
<[EMAIL PROTECTED]> wrote:
> where is a good place to find the laws on crypto?
One might ask whether you mean the natural ones, or the bureaucratic ones,
which might not be compatible with the first set.
--
Given all other distractions, I'd rather be programming.
%/^): [|]"! ?=)@~ ;)[]* :@\@} *#~}> ,=+)! .($`\
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: computer specs, timing and PK Crypto
Date: Sat, 8 Apr 2000 11:11:49 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> Again the limititation on size is most likely completely inaccurate, but
> my point about speed vs. size is valid. You can't have a comp that
> takes up an entire room with ram that works at 10ghz for cheap. Which
> of course is the goal.
Of course it won't be cheap, at least at first. When you first do
something, it's rarely cheap. 20 years ago or so, a Cray cost
millions of dollars. Now something with approximately the same
computation capability costs a few thousand.
Likewise, the first machine with, say, 10 TB of RAM won't be cheap,
but 20 or 30 years later an equivalent machine most likely will be,
and by then the expensive machines will have a few hundred TB of RAM
instead.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: David R Conorozzo <[EMAIL PROTECTED]>
Subject: Encryption in Software...
Date: Sat, 8 Apr 2000 13:00:53 -0400
I am writing some software that will be distributed as commercial software
not for export(only sold in US and possibly Canada). Can I just throw
something like the Blowfish algorithm in there for encryption and sell it?
Do I have to register it with some government offices. I can't find this
info anywhere and I don't have the money to pay a lawyer(maybe when this
gets serious I will have to find the money). I have one book on encryption
and it doesn't mention anything about selling software and the NSA's
homepage is completely worthless to me.
Thanks,
Dave
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Is AES necessary?
Date: Sat, 08 Apr 2000 17:34:04 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> However, does the amount of informations, that really deserve
> the etikette of secrets, have proportionately increased? Certainly
> not. Due to the fact that most informations being exchanged today
> are interceptable by malicious agencies and due to the developments
> in economy etc. etc., there are doubtless more informations that
> need to be protected than previously, but rate of this increase is
> incomparably slow as compared to the rate of increase of the total
> volume of informations being processed, transmitted and stored, I
> am convinced. (BTW, I very much doubt that top diplomatic secrets
> today need to be formulated much longer than at the time of WWII.)
My point was that in industry today (the people the federal encryption
standard are designed for :) there are two common scenarios.
1. They have a vast amount of confidential information that they'd
like to store on encrypted disks. (Historical records, off-site
backups, trade secrets, etc) For terabytes of information, the speed
of the cipher is important.
2. They have vast amounts of confidential data online and traversing
the wire. They know it's a risk, but they really need to link the
computer systems in Akron and Moscow. Depending on the size of the
link, speed is also an issue.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: "BIG ONE" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.politics.censorship
Subject: Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL"
Date: Sat, 8 Apr 2000 01:15:06 +0100
Reply-To: "BIG ONE" <[EMAIL PROTECTED]>
Jim Crowther <[EMAIL PROTECTED]> wrote in message
news:IFh5AuCm$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>, JimD
<dynastic@REMOVE_THIS
> cwcom.net> writes
> >On Tue, 4 Apr 2000 09:53:15 +0100, "Owen Lewis"
<[EMAIL PROTECTED]> wrote:
> >
> >>Nevertheless and as you surmise, a decision not to vote may be
better
> >>reasoned and as valid a choice than most votes cast.
> >
> >Right! I could never vote Tory, and refuse to vote for the New
> >Labour Tories again. I think I'll stay at home next time.
> >
> >(Ex Labour Party member)
> >
>
> I have voted in many elections. In a very few of these I could see
no
> merit in any of the candidates. Rather than not vote at all, I
> 'spoiled' the ballot paper (allowed) by drawing a line through the
lot,
> and writing at the bottom 'None of the above'. At least my vote was
> counted. This is important as it reflects in the percentage of cast
> votes that the winner is said to enjoy.
>
> One day an election will be won by 'None of the above'....
>
Thats what I do too
ever seen a film called 'Brewsters Millions'?
> --
> Jim Crowther
> Mailto:[EMAIL PROTECTED]
> Public PGP keys at ldap://certserver.pgp.com (and others)
> Key ID 0xE0BCE5F1 (DH/DSS 2048/1024), 0x8A673777 (RSA 1024)
------------------------------
From: David R Conorozzo <[EMAIL PROTECTED]>
Subject: Re: Turing machine
Date: Sat, 8 Apr 2000 13:54:36 -0400
I guess that depends on what you mean by powerful. Turing machines don't
exist in reality since they have infinite(and sometimes) 2 way tapes. To
compare a Turing machine to a PC you might say that a turing machine is more
powerful but if we had a PC with infinite storage we could simulate a turing
machine on a PC but not vice versa because a Turing machine requires that
all data be hardwired before we start the machine and a PC has hardware to
allow us to do input dynamically.
Stou Sandalski <tangui [EMAIL PROTECTED]> wrote in message
news:SZCH4.23924$[EMAIL PROTECTED]...
> I was intrigued by some discussion on wether or not a turing machine is
more
> powerful then a quantum computer and when I did some research on it, I
don't
> realy see what makes a turing machine powerful. a TM as in the machine
with
> the infinit tape with the squares right? Can someone please enlighten me,
>
> Oh and I read a long time ago somewhere about this machine I think it was
> called a B-Machine (or something similar) designed (theoreticaly) by a
> mathematician from early this century (I think) and it looked to me like a
> neuro-network (the b-machine had states like organized or trained and
> unorganized). I remember there was some kind of device attached to it that
> theoreticaly could be used to solve any problem (you know the... assume a
> device such that can solve any problem in the universe, deal) Does anyone
> have any clue what this is? I would realy realy like to learn more about
it
> but I can't find where i read it orignaly.
>
>
> thanks
>
> Stou
>
> P.S.
>
> hehe check this TM simulator its pretty cool
> http://www.igs.net/~tril/tm/tm.html
>
>
>
>
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: GSM A5/1 Encryption
Date: 8 Apr 2000 10:25:39 -0700
In article <8clt2n$skh$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
> A Silent Frame is a Silent Frame regardless if the cipher is strong or
> week, and will provide plaintext to the cryptoanalyst....My question
> was, how to avoid that?
With a (modern) strong cipher, there's no need to avoid it,
because (modern) strong ciphers are supposed to remain unbreakable
even if the adversary has some known plaintext.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: GSM A5/1 Encryption
Date: 8 Apr 2000 10:30:24 -0700
In article <8cn89a$2df$[EMAIL PROTECTED]>,
Thomas Pornin <[EMAIL PROTECTED]> wrote:
> According to David A. Wagner <[EMAIL PROTECTED]>:
> > That's only because A5 is not very good.
>
> Actually, I think that A5/1 delivers an impressive security, considering
> the ridiculously small amount of silicium needed to implement it. With
> 128 bits of internal state, it would still be fast and cheap, and
> adequately secure too.
It is hard to imagine design constraints so fierce that the designers
could not have afforded the extra cost of a 128-bit A5/1. (Perhaps it
is so, but it seems quite a stretch, given the time at which it was
developed.)
I find it much more plausible that the designers were unwilling to add
any extra margin of security -- that they wanted a cipher that would
prevent "Radio Shack scanner"-style eavesdropping but specifically would
also always allow military intelligence agencies to break the encryption
on any phone call they cared very much about.
Of course, one cannot know for sure, with all the design details secret.
But, from everything we know, something sure smells awfully fishy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
