Cryptography-Digest Digest #522, Volume #11 Mon, 10 Apr 00 05:13:01 EDT
Contents:
Re: Is AES necessary? ("David C. Oshel")
Re: Mersenne RNG, RNG questions (David A Molnar)
Re: Mersenne RNG, RNG questions ([EMAIL PROTECTED])
Please help ("martin aristidou")
Re: Mersenne RNG, RNG questions (Scott Nelson)
Re: Cryptanalysis-what is it?? (John Savard)
Re: Cost-effective computing? ("Rick cntfl")
Re: Turing machine ("Stou Sandalski")
Re: DNA steganography ("Stou Sandalski")
Re: Skipjack algorithm. ("Stou Sandalski")
Re: RC-5 modification (Pred.)
Re: Is it really NSA ?! (Greg)
Re: Crypto API for C (Runu Knips)
Re: Skipjack algorithm.
Re: Q: Entropy (Mok-Kong Shen)
Re: Mersenne RNG, RNG questions (Mok-Kong Shen)
Re: Mersenne RNG, RNG questions (Mok-Kong Shen)
Re: Mersenne RNG, RNG questions (Mok-Kong Shen)
Re: Hash function based on permutation polynomials (Runu Knips)
Re: Simple, yet strong algorithm (Runu Knips)
Re: Simple, yet strong algorithm ("1198")
Re: Is AES necessary? (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "David C. Oshel" <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Sun, 09 Apr 2000 21:29:33 -0500
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> Andru Luvisi wrote:
> >
> > Mok-Kong Shen <[EMAIL PROTECTED]> writes:
> > [snip]
> > > However, does the amount of informations, that really deserve
> > > the etikette of secrets, have proportionately increased?
> > [snip]
> >
> > If you only use encryption for the things that "need" it, then it
> > becomes very easy to identify the "important" traffic. If everyone
> > uses encryption as a matter of course, then it won't be "suspicious"
> > for those who need it to use it.
>
> That's an excellent observation. If everyone encrypts his e-mails,
> whether using strong or weak algorithms, the machineries of the
> malicious agencies, that under the cover of crime suppression
> intrude the private spheres of innocent people and conduct
> commercial espionages, would be bogged down due to the enomous
> load to decrypt and analyse these. Crime suppression is certainly
> important for our society. But I believe that the trade-off is
> simply not tolerable, if we entirely opfer our freedom of privacy
> for that. (Just think of a related question: Who of us wish to
> live under the regime of a big dictator, where there is some
> 'good order' maintained by secret police?) In a recent thread of
> mine, I pointed out that one effective method of jamming Echelon
> and its counterparts is that one regularly appends to e-mails
> bogous ciphertexts consisting of several lines of random hex digits
> and also publish such stuffs on one's web page (with frequent
> updating) to exhaust the computing capacities of the agencies.
Sheesh, whatever happened to paranoia for the FUN of it? The solution
to the problem posed by Echelon (if such a thing exists ;-) is to direct
the attention of its equals to its perpetrator, i.e., glasnost.
My guess is "swamping Echelon" with cryptic byte-wiggling is not going to be
as successful in the long run as all the bogus disinformation the system is
collecting from all those parties who are really, really, really, terribly
interested in the phenomenon.
--
David C. Oshel mailto:[EMAIL PROTECTED]
Cedar Rapids, Iowa http://pobox.com/~dcoshel
``Tension, apprehension, and dissension have begun!" - Duffy Wyg&, in Alfred
Bester's _The Demolished Man_
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Mersenne RNG, RNG questions
Date: 10 Apr 2000 02:07:26 GMT
Tim Tyler <[EMAIL PROTECTED]> wrote:
[question about Mersenne twister]
[Can you obtain "better" random streams by XORing two not so "random"
streams together? ]
> I wonder what can be done to encourage questions like this to appear in
> sci.crypt.random-numbers... ;-)
Setting followups? (I hope mine work; sometimes they don't).
Thanks,
-David
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Mersenne RNG, RNG questions
Date: Mon, 10 Apr 2000 03:06:17 GMT
Tim Tyler <[EMAIL PROTECTED]> wrote:
> I wonder what can be done to encourage questions like this to appear in
> sci.crypt.random-numbers... ;-)
Did the vote on that pass? I didn't even know there was such a beast.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: "martin aristidou" <[EMAIL PROTECTED]>
Subject: Please help
Date: Sun, 9 Apr 2000 21:45:50 -0700
Hi everybody.I'm new to cryptography so i have a lot of questions. I would
appreciate it if you could help me out or point me to a url where i can get
some answers.
What is public key cryptography? Are the ways that it is applied secure
given the status of factoring algorithms?Will information kept secure using
public key cryptography become insecure in the future?
How can public key crypt be used to sent signed secret messages so that the
recepient is relatively sure that the message was sent by the person
claiming to have sent it?
Thanks for your time.
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Subject: Re: Mersenne RNG, RNG questions
Reply-To: [EMAIL PROTECTED]
Date: Mon, 10 Apr 2000 05:08:45 GMT
On Sun, 9 Apr 2000, James Thye <[EMAIL PROTECTED]> wrote:
[edited]
>Put quickly: Does anyone have any opinions of Mersenne Twister PRNG?
>
It's ok, but most things either want something
with more tested security, or lighter weight.
In other words, depending on your application,
IMO there are better choices.
You might try asking again on sci.crypt.random-numbers.
>I've been looking for a repeatable PRNG (same sequence of PRNGs can be
>generated given the same starting seeds). I've recently ran across the
>Mersenne Twister PRNG (no I'm not affliated with them in any way). It
>claim a period of 2^19937 - 1, which is incredible. I've run it thru
>DieHard and it passes (not surprisingly). Details on it can be found at:
>http://www.math.keio.ac.jp/~matumoto/emt.html
>
Long periods aren't particularly interesting.
Any period over 2^500 is essentially the same as any other -
it's not going to repeat in any calculation possible to perform.
(Most problems don't need anything over 2^64, and 2^100 is
already stretching the limit of detectability.)
>Second question: Can a questionable PRNG be improved by XORing its
>output with a cryptographic based PRNG,
Yes. (except for a few pathological cases.)
>or would the new period be the
>Greatest Common Multiple of their respective periods?
Yes to that too.
>(Simple case:
>PRNG1 has period 6, PRNG2 has period 8, PRNG1xor2 = 24 (not 48))
>
The period is (at most) 24, not 48.
24 is better than 6 or 8.
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Cryptanalysis-what is it??
Date: Mon, 10 Apr 2000 04:41:40 GMT
On Sun, 9 Apr 2000 09:44:46 +1200, "A.Hofmans"
<[EMAIL PROTECTED]> wrote, in part:
>-what is the definition of Cryptanalysis?
>-what does it do?
>-what is it for?
>-when was it developed?
If you don't know what it does, or what it is for, what is it that has
brought you to the conclusion that you are interested in finding out
about it?
Cryptanalysis is the art and science of figuring out what are in other
people's encrypted messages, even though you don't know the key to
them because you weren't supposed to read them.
The first recorded account of techniques used in breaking one of the
simplest types of ciphers, where each letter of the alphabet is simply
always represented by another letter or a symbol which stands for that
letter all the way through the message, dates from the Middle Ages,
and comes from the Arab world, as noted in 'The Codebreakers', the
reference suggested by D. A. Gwyn.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: "Rick cntfl" <[EMAIL PROTECTED]>
Subject: Re: Cost-effective computing?
Date: Mon, 10 Apr 2000 00:57:15 -0500
"Jim Gillogly" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
] "Trevor L. Jackson, III" wrote:
] >
] > Jim Gillogly wrote:
] > > What's the best approach to a cheap supercomputer?
]
] > If you are spending 5-200K the PVM solution is a good
] > bet. If you are spending large chunks of money, say 10M+, custom
solutions
] > become advantageous due to amortization of design costs. So, what's
your
] > budget?
]
] "Cheap" for me doesn't extend to $10M+. Let's say $5K-100K. I'll do a
Web
] search on PVM, unless you have a good starting URL handy.
]
Jim, try http://www.netlib.org/pvm3/index.html . You'll find links from
there to more than you want to know about PVM.
Rick
------------------------------
From: "Stou Sandalski" <tangui [EMAIL PROTECTED]>
Subject: Re: Turing machine
Date: Sun, 9 Apr 2000 23:31:49 -0700
"John A. Malley" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> The B-Machine sounds like Alan Turing's "B-type unorganized machine" of
> 1948. It's described in a paper titled "Intelligent Machinery" written
> while Turing worked at the National Physical Laboratory in London,
> England. Sir Charles Darwin ( grandson of the "evolutionary" Darwin ),
> the lab's director, dismissed it as a "schoolboy essay." This paper
> was not published until 1968 - years after Turing's death.
Now that is _exactly_ what I was looking for... yes it was about Alan turing
because they wrote in the article that he died almost in disgrace, and that
Darwin dismissed his paper as a schoolboy essay. Which is kind of ironic
since the orignal darwin's "The Origin of Species" was revolutionary for its
time.
> See the excellent article in the April, 1999 Scientific American, "The
> Lost Brainstorms of Alan Turing."
Thats where I Saw it
THANK YOU!
Stou
------------------------------
From: "Stou Sandalski" <tangui [EMAIL PROTECTED]>
Subject: Re: DNA steganography
Date: Sun, 9 Apr 2000 23:46:41 -0700
"rick2" <[EMAIL PROTECTED]> wrote in message news:rb-462A89.15263609042000@news...
> In article <8b6gni$8e7$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
> > target DNA sequence. Do you know if anyone
> > else has thought about introns for use in
> > computing or cryptography? (perhaps a
> > technique for storing info inside the introns)
> >
>
Where are you going to put the dna? if you try to "implement" it inside an
organism, the thing might not survive or if its allready living might
develop cancer or some other types of genetic disorders because introns
don't code for amino acids, but they are not useless they serve some kind of
purpose. Introns control gene activity and probably do other stuff they
haven't discovered. In the fruit fly for example the difference between male
and female is (mostly) based on what is treated as an intron and what an
exon.
Stou
P.S.
I don't have the orignal message.
------------------------------
From: "Stou Sandalski" <tangui [EMAIL PROTECTED]>
Subject: Re: Skipjack algorithm.
Date: Sun, 9 Apr 2000 23:59:38 -0700
<[EMAIL PROTECTED]> wrote in message
news:8cq30r$6dh$[EMAIL PROTECTED]...
>
> I've implemented the Skipjack algorithm in assembler, and the win32 dll +
source are at
> http://ingrato.penguinpowered.com/~fastwalker -
Wait I thought skipjack was what's inside the cliper chip and that the nsa
never released the algorithm. Am I totaly wrong or did they release it at
some point?
Stou
------------------------------
From: Pred. <[EMAIL PROTECTED]>
Subject: Re: RC-5 modification
Date: Mon, 10 Apr 2000 06:49:25 GMT
In article <[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
>
>
> "Pred." wrote:
> >
> > Hi,
> >
> > I'm looking into ways to make RC-5 more efficient for handling huge
> > amounts of data. The way I see it, the choices are:
>>
>> 1. Make the algorithm more efficient
>> 2. Alter the algorithm (i.e. leave out parts)
>> As for the first alternative, I can't see any ways to do this.
>> Concidering pt. 2; what consequences would it have to drop the IV
>> xor'ing part? Would it make RC-5 "just a little bit weaker"?
>
>No IV is xored with RC5. If you are talking about the 'pre-whitening'
>step, that is generally a good thing to keep as it increases the
>difficulty of an attack without much extra cost [note DESX].
I mean, the IV is XOR'ed with the plain text - so yes, I'm talking
about pre-whitening.
>It's not a place to optimize the algorithm.
Could you elaborate on this, Tom? Concidering that the RC5 code will be
called numerous times a second on a - say, application server - then
leaving out the pre-whitening step would increase the speed enough to
make the app-server a little bit more scalable. Just what I need!
But would leaving out that step make RC5 much weaker? (I know, I know,
this is a bit vague...)
--
Thanks,
- Pred.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: Is it really NSA ?!
Date: Mon, 10 Apr 2000 07:18:30 GMT
In article <[EMAIL PROTECTED]>,
Arthur Dardia <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
>
> > In article <[EMAIL PROTECTED]>
> > ,
> > Arthur Dardia <[EMAIL PROTECTED]> wrote:
> > > [EMAIL PROTECTED] wrote:
> > >
> > > Hmm...attacking the NSA? Definitely an interesting fantasy...
> > >
> > > However, to do it properly, I wouldn't suggest an electronic
attack, but
> > > more of a physical, armed-to-the-teeth attack. First things first,
> > > don't bother cutting power - I'm positive they have a generator,
and
> > > once their generator kicks in, I'm sure they'd be suspicious.
Secondly,
> > > I'm sure they have metal detectors...porcelain guns? I know I saw
them
> > > in some movie. :)
> > >
> > The russians built a device that can shoot
> > an electromagnetic pulse and tested it in an
> > open desert- like area. It stopped dead a
> > running car by blowing out its electronics
> > from a large distance away (I don't remember
> > how far). The U.S. and probably other countries
> > have these devices. On TV (maybe it was the
> > Discovery Channel) there was a physicist or
> > electrical engineer who built a smaller one of
> > these using commonly available parts
> > (although he wouldn't say how on TV).
> > I do *not* recommend this: but it
> > *might* be possible to use such a device to
> > clandestinely cause electrical disruptions in
> > Ft. Meade from a distance. I wouldn't be
> > surprised if they could detect such an assault
> > and, anyways, their critical sytems are
> > underground for good reason.
> >
> > Sent via Deja.com http://www.deja.com/
> > Before you buy.
>
> These guns do exist, as far as how advanced I wouldn't know. On the
TLC or
> DSC channel (I forget which one), they were showing non-lethal
weapons the
> police and SWAT teams are developing to end hostage situations and
disarm
> criminals much easier (Kudos to all those involved in such
projects...). One
> of the weapons was designed to be shot out of the front of a police
vehicle
> and run under the car of the person leading the high-speed chase. It
would
> emmit such frequencies and shut down this car, such as you said. I
also
> remember hearing about someone building one for a science fair - I
believe he
> won too...
What escapes most people is that the bad guys can have such a device
to stop helicopters and cars from chasing them. If something really
goes bad, they won't get charged with using lethal force against police
officers (well, in the case of police cars)...
>
> As far as the TLC or DSC program on non-lethal weapons, it's been
airing a lot
> recently, maybe you could catch it...
>
> --
> Arthur Dardia Wayne Hills High School [EMAIL PROTECTED]
> PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
>
>
--
There is only one gun law on the books- the second amendment.
The only vote that you waste is the one you never wanted to make.
RICO- we were told it was a necessary surrender of our civil liberties.
Asset Forfeiture- the latest inevitable result of RICO.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Mon, 10 Apr 2000 10:14:05 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Crypto API for C
Joseph Ashwood wrote:
> > P.s.: Hmm no ElGamal yet ... RSA is still patented, isn't
> it ?
> Actually RSA is only the beginning of the problems, IIRC
> IDEA is also patented, and RC5 and RC6 are still under
> various reservations.
Yep but I can use Twofish instead which is also included.
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: Skipjack algorithm.
Date: 10 Apr 2000 08:25:51 GMT
Stou Sandalski <tangui [EMAIL PROTECTED]> wrote:
> Wait I thought skipjack was what's inside the cliper chip and that the nsa
> never released the algorithm. Am I totaly wrong or did they release it at
> some point?
> Stou
It was declassified in 1998 along with the government's public key algorithm
KEA.
The design specifications for both Skipjack and KEA are online in PDF (adobe acrobat
reader required)
format at http://csrc.nist.gov/encryption/skipjack-kea.htm
Sorry to all who tried to download my win32 dll asm implementation of Skipjack
from my web site
http://ingrato.penguinpowered.com/~fastwalker, httpd was not running but is now and
will continue to.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: Mon, 10 Apr 2000 10:33:04 +0200
Xcott Craver wrote:
>
[snip]
> So, the entropy of a source is dependent upon its distribution,
> because it's dependent upon the predictability of it's output.
> For Shannon entropy, we have H(X) representing a sort of average
> unpredictability. Imagine a "shock value" function Shock(x),
[snip]
Many thanks. You are absolutely right. In fact we have in the
past discussions already made it clear that Shannon entropy is a
value for the source not for any particular given message. Thus
the value 0.391+0.115 computed by Bryan Olson is the entropy
of the channel from Bob to Alice and has sense as such. It is
however not appropriate to say that any message from Bob saying
a card is an ace has 0.391 bit of entropy. Am I right? If yes,
then I suppose his 'paradox' given in a previous post is incorrect.
(Note in particular that he employed 'entropy of message' several
times.)
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Mersenne RNG, RNG questions
Date: Mon, 10 Apr 2000 10:35:14 +0200
James Thye wrote:
>
> Second question: Can a questionable PRNG be improved by XORing its
> output with a cryptographic based PRNG, or would the new period be the
[snip]
XORing or adding two or more integer random number streams
renders it generally hard/infeasible to obtain from the
result the original components (i.e. unless you intentionally
construct counter-examples). Hence, even if the components
are individually easy to be inferred, the result isn't. This
is an integer analogue of a device due to Wichmann and Hill,
who combined outputs (in [0,1) ) of a number of real-valued
pseudo-random number generators mod 1 and showed that the result
generally tends to be more uniform than the components.
M. K. Shen
=====================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Mersenne RNG, RNG questions
Date: Mon, 10 Apr 2000 10:36:37 +0200
[EMAIL PROTECTED] wrote:
>
> > sci.crypt.random-numbers... ;-)
>
> Did the vote on that pass? I didn't even know there was such a beast.
I also didn't know, although I voted.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Mersenne RNG, RNG questions
Date: Mon, 10 Apr 2000 10:42:40 +0200
Mok-Kong Shen wrote:
>
> [EMAIL PROTECTED] wrote:
> >
>
> > > sci.crypt.random-numbers... ;-)
> >
> > Did the vote on that pass? I didn't even know there was such a beast.
>
> I also didn't know, although I voted.
Addendum:
I just found that it is unfortunately not available from my
news server.
M. K. Shen
------------------------------
Date: Mon, 10 Apr 2000 10:35:21 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Hash function based on permutation polynomials
Tom St Denis wrote:
> http://24.42.86.123/hash.c
Interesting code. Hmm at first glance I would write the
first loop as:
t = 0x9E37B91Ful;
for (r = 0; r < 15; ++r) /* form initial sum of temp[0..14] */
t ^= temp[r];
for (r = 16; r < SIZE; ++r) {
t ^= temp[r-1]; /* add new temp[n] to sum */
temp[r] = ROL(t ^ r, 11);
t ^= temp[r-16]; /* remove first temp[n] from sum */
}
which works because (a ^ b ^ b = a), or (a ^ a) = 0. If
you would use + instead, one could simply use - in the
last statement.
I think you would agree that this loop isn't very good
because the difference between temp[r] and temp[r+1]
depends only on r and temp[r-1], plus some offset build
buy temp[0..14] and your magic constant 0x9e37b91f.
------------------------------
Date: Mon, 10 Apr 2000 10:38:39 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Simple, yet strong algorithm
"Brent W.J. Mackie" wrote:
> I would greatly appreciate it if someone could help me out here and even
> more if you could help with some VB code as well.
Again, I would suggest you better use a .dll written in
C/C++/Pascal/Whatever.
VB is NOT good for crypto. It has no unsigned integers, it has overflow
checks,
it has no direct string addressing (you can't write a[i] = b[i] and
such), and
so on. Doing more than a simple XOR is really tricky under such
circumstances.
------------------------------
From: "1198" <[EMAIL PROTECTED]>
Subject: Re: Simple, yet strong algorithm
Date: Mon, 10 Apr 2000 16:54:24 +0800
Look at the following snippet and though it is in Pascal, should be easy to
convert to Basic.
http://ckb.netalive.org/cgi-bin/ckb.pl?mode=show_snippet&cat=delphi_strings&;
snippetnr=11&print=pretty
>
>I would greatly appreciate it if someone could help me out here and even
>more if you could help with some VB code as well.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Mon, 10 Apr 2000 11:11:42 +0200
Mok-Kong Shen wrote:
>
> Bruce Schneier wrote:
> >
> > <[EMAIL PROTECTED]> wrote:
>
> > >We could employ some trivial variants of DES that enable expansion
> > >of the effective key space (e.g. permutation of the subkeys or
> > >the S-boxes).
> >
> > No.
>
> Could you please elaborate a bit on that? (See my recent thread
> 'Variants of DES' of 3rd April which BTW refers also to your book.)
> Many thanks in advance.
Addendum:
Let me in the meantime argue why your 'No' seems highly incredible.
The design of DES evidently has high degree of systematicalness
and symmetry. Thus the rounds are certainly (almost) equivalent
in value (i.e. contribution to strength), the same can be said
of the S-boxes. Now a change of ordering could entail some
reduction in strength, because the whole presumably has been
minutely optimized in all respects. But how much reduction in
terms of number of key bits could that be? Make a very
conservative guess of this and consider that permutation of the
subkeys has 16! possibilities and permutation of the S-boxes
(without constraint of identical ordering in all rounds) has
(8!)^16 possibilities, the matter should have been clear.
One thing that one could also do is to replace the constant
(and hence useless) IP and inverse IP of DES with variable
permutations. As I proposed quite a time back, using variable
keys could also be very effective in defeating analysis.
M. K. Shen
=========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
