Cryptography-Digest Digest #526, Volume #11 Mon, 10 Apr 00 22:13:01 EDT
Contents:
Re: Mersenne RNG, RNG questions (John Savard)
Re: Mersenne RNG, RNG questions (Tom St Denis)
Miami Herald article about ATM ripoffs (Narley Okim)
Re: Q: Entropy (Johann Hibschman)
Re: Miami Herald article about ATM ripoffs (Xcott Craver)
Re: Is this code crackable? ("Jethro")
Re: Is AES necessary? ("David C. Oshel")
Re: Encode Book? ("Adam Durana")
Re: Q: Entropy (Xcott Craver)
Re: Q: Petri nets (David A Molnar)
Re: Encode Book? (Tom St Denis)
Re: Can't install SmartCard (Hideo Shimizu)
Crypto for embeded platforms? (Tom St Denis)
Re: Checksum for digits (Bill Unruh)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (DMc)
Re: Is AES necessary? ([EMAIL PROTECTED])
Re: Miami Herald article about ATM ripoffs (Bill Unruh)
Re: Miami Herald article about ATM ripoffs ([EMAIL PROTECTED])
Re: Crypto for embeded platforms? (Paul Rubin)
Re: permutation polynomials (more) (Tim Tyler)
Re: Crypto for embeded platforms? (Tom St Denis)
Re: permutation polynomials (more) (Tom St Denis)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Xcott Craver)
Re: Crypto for embeded platforms? (Tom St Denis)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Mersenne RNG, RNG questions
Date: Mon, 10 Apr 2000 22:55:59 GMT
[EMAIL PROTECTED] (Scott Nelson) wrote, in part:
>You might try asking again on sci.crypt.random-numbers.
Apparently, it is no longer possible for (some?) newsreaders to ask
for the names of new newsgroups. Probably this happened on January 1,
2000.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Mersenne RNG, RNG questions
Date: Mon, 10 Apr 2000 23:00:52 GMT
Jerry Coffin wrote:
>
> In article <JybI4.45769$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] says...
>
> [ ... sci.crypt.random-numbers ]
>
> > Did the vote on that pass? I didn't even know there was such a beast.
>
> Yes (by a wide margin).
It's not on the rogers@home news server yet, or is the group not created
yet?
Tom
------------------------------
From: [EMAIL PROTECTED] (Narley Okim)
Subject: Miami Herald article about ATM ripoffs
Date: Mon, 10 Apr 2000 23:18:23 GMT
Today's Miami Herald has an article by David Green <[EMAIL PROTECTED]>
titled, "S. Florida sees new breed of ATM, credit card crooks". In
discussing the magnetic stripes on the backs of credit cards, he says "Each
stripe contains a mathematical logarithm necessary to access that account."
Does that make sense or are we talking clueless reporter here?
--
"Narley Okim" is actually 9874 015362 <[EMAIL PROTECTED]>.
012345 6789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: Johann Hibschman <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: 10 Apr 2000 16:21:35 -0700
Reply-To: [EMAIL PROTECTED]
Bryan Olson writes:
> Mok-Kong Shen wrote:
> [...]
>> Thus, with such a measure, a sequence of all 0 has indeed less
>> entropy than another with rather random distribution of 0 and 1.
> Given a string of, say, a million zeros and a "random"
> million-bit string, Kolmogorov complexity does not say which
> is more complex.
Now that I don't understand. Why do you say this?
A string of a million zeros is simple to write as a turing machine.
(Not that I can do it without hitting a few books, but presumably it's
easy.)
Anything else is more complicated. (Not that I've proved it, but it's
just got to be true, right?)
Ergo, the kolmogorov complexity of a million zeros is less than or
equal to the complexity of a random string.
Or did you mean to simply allow the "or equal to" part of that phrase,
as opposed to strictly less than?
--
Johann Hibschman [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Xcott Craver)
Subject: Re: Miami Herald article about ATM ripoffs
Date: 10 Apr 2000 23:33:16 GMT
Narley Okim <[EMAIL PROTECTED]> wrote: In
>discussing the magnetic stripes on the backs of credit cards, he says "Each
>stripe contains a mathematical logarithm necessary to access that account."
>
>Does that make sense or are we talking clueless reporter here?
Probably the kind of guy who, back in high school, mocked
you on the bus because you were taking Honors Calc. "Hey,
huh, huh, what's the, uh, sine of the cosine of the, uh, huh,
square root of, uh, huh...."
Hey, maybe he's still just making fun.
-X
------------------------------
From: "Jethro" <[EMAIL PROTECTED]>
Subject: Re: Is this code crackable?
Date: Mon, 10 Apr 2000 16:42:00 +0100
Thanks. I will take your advice. Your recommendation is simple and will
work fine for my purposes.
Dan Day wrote in message <[EMAIL PROTECTED]>...
>
>This is secure:
>
> Handing your friend a floppy containing 1,000K of PAD.
> Encrypting a 2K message to him using the first 2K of the
> PAD.
> Encrypting your next, 3K message to him using the NEXT 3K
> of the PAD.
> Encrypting the following 1K message to him using the NEXT
> 1K of the pad.
> (So far you've used up the first 6K of the PAD, *AND MUST
> NEVER USE THOSE 6K AGAIN.)
> You can still send another 994K of messages to him before
> the PAD is all used up.
>
>
>And time a portion of the PAD is used to encrypt more than a
>single message, you've just destroyed the security of
>your encryption. A suitably trained high school student
>could break your messages.
>
>Also, ideally, once you encrypt a message using a given section
>of your copy of the PAD, you should destroy that section of
>your PAD, and similarly once your friend gets that message and
>decrypts it, that same portion of his copy of the PAD should
>be destroyed. Otherwise, an opponent could just steal either
>your PAD or his at a later date and then use it to decrypt
>all previously sent (and presumably eavesdropped) traffic.
>But this is a separate issue, and is not in any way related
>to the origin of the phrase "One Time Pad". The OTP name
>simply stresses the cryptographic necessity of using any
>given portion of the PAD for encryption exactly once, and then
>never using it for encryption again.
>
>A logical consequence of this very necessary requirement is
>that you have to give your friend a PAD as large as the
>total size of all messages you ever might want to send to him
>(at least until the future date that you can meet again and
>hand him a fresh PAD).
>
>
>--
> "How strangely will the Tools of a Tyrant pervert the
>plain Meaning of Words!"
> --Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: "David C. Oshel" <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Mon, 10 Apr 2000 18:53:21 -0500
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (wtshaw) wrote:
> In article <[EMAIL PROTECTED]>, "David C.
> Oshel" <[EMAIL PROTECTED]> wrote:
> >
> > My guess is "swamping Echelon" with cryptic byte-wiggling is not going to be
> > as successful in the long run as all the bogus disinformation the system is
> > collecting from all those parties who are really, really, really, terribly
> > interested in the phenomenon.
> >
> You might be called a terrorist if you define the government as the sole
> enemy...
Good point. I've often wondered whether Microsoft (for example) has The Bomb. They've
certainly got the technical wherewithal to develop it, in common with a lot of
what used to be called the Third World.
Just swamping along :)
--
David C. Oshel mailto:[EMAIL PROTECTED]
Cedar Rapids, Iowa http://pobox.com/~dcoshel
``Tension, apprehension, and dissension have begun!" - Duffy Wyg&, in Alfred
Bester's _The Demolished Man_
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: Encode Book?
Date: Mon, 10 Apr 2000 19:56:02 -0400
This girl really is milking her 15 minutes. Last I checked she broke her
own algorithm and the only solution to the weakness made the algorithm
useless. Am I right?
- Adam
"Paul Rubin" <[EMAIL PROTECTED]> wrote in message
news:8ctf10$led$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>,
> Craig Storey <[EMAIL PROTECTED]> wrote:
> >I caught the last two minutes of a radio news broadcast about a UK girl
> >who developped an simple encryption method that won awards. Her father
> >is a math professor working on encryption. Together they co-wrote a
> >book. I didn't catch much but was interested in reading her book. It
> >may have been called Encode or In code. Does anyone know anything about
> >it?
> >
> >Pleas reply to: [EMAIL PROTECTED]
>
> Title is "In Code, a Mathematical Odyssey" by Sarah Flannery and David
> Flannery. Available from:
>
> http://www.amazon.co.uk/exec/obidos/ASIN/1861972229
>
> It is now #38 in Amazon UK sales ranking, but the US Amazon site didn't
> list it last time I checked.
------------------------------
From: [EMAIL PROTECTED] (Xcott Craver)
Subject: Re: Q: Entropy
Date: 10 Apr 2000 23:46:46 GMT
Johann Hibschman <[EMAIL PROTECTED]> wrote:
>
>A string of a million zeros is simple to write as a turing machine.
>(Not that I can do it without hitting a few books, but presumably it's
>easy.)
I think he means that, if you had some weird machine instead
of a turing machine, then the all-zeros string might need
a longer program than the random string.
For instance, I suppose, imagine a modified machine whose
input is effectively XORed with that one random string before
landing on the tape. Silly, I know.
And I don't agree with this. The fact that different machines
can give different complexity metrics for finite strings
does not IMHO invalidate talk of Kolmogorov complexity of
finite strings. One may as well argue that it's meaningless
to talk of P, NP, or even recursive languages, because
different machines result in different classifications for
a single language.
>Johann Hibschman [EMAIL PROTECTED]
-X
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Q: Petri nets
Date: 10 Apr 2000 23:49:03 GMT
Darren New <[EMAIL PROTECTED]> wrote:
> That seems odd too. I think they're much more popular in european academia
> than US academia. At least, I never heard about them except from exchange
> professors. Networking books are more likely to have it than theory books, I
> would think.
I have also seen them used in management theory and operations research
for modelling decisions on a project. My father is a civil engineer; it
was something of a shock one break when I came home and found an article
on "probabilistic Petri nets for modelling construction
decisions" buried in one of his magazines next to such things like
"change and future" or "the characteristics of no.5 rebar".
Thanks,
-David
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Encode Book?
Date: Tue, 11 Apr 2000 00:00:39 GMT
Adam Durana wrote:
>
> This girl really is milking her 15 minutes. Last I checked she broke her
> own algorithm and the only solution to the weakness made the algorithm
> useless. Am I right?
Pretty much ya, plus you never see anything *new* from her. If she
wants to get known [or have her side of the story] she should have a
webpage or talk in sci.crypt.
Tom
------------------------------
From: Hideo Shimizu <[EMAIL PROTECTED]>
Subject: Re: Can't install SmartCard
Date: Tue, 11 Apr 2000 09:29:21 +0900
I recommend you to access
http://www.microsoft.com/windowsce/smartcard/resources/developer.asp
and join mailing list.
H. Shimizu
TAO, Japan
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Crypto for embeded platforms?
Date: Tue, 11 Apr 2000 00:40:49 GMT
I was wondering if anyone would be interested in a cryptoapi designed
for 16/8 bit micro-controller platforms? It would be written entirely
in C to be portable but under 4kb total. The basics I want to include
are
1. A symmetric cipher
2. A hash function (sha-1?)
3. A rng [based on the hash]
All this in under 4kb of code, hopefully smaller. I know some will say
why not use asm, but I want to make this cross-platform for those cpus.
I have access to a compiler suite that will comiple to about 10 diff
cpus...
Tom
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Checksum for digits
Date: 11 Apr 2000 01:03:13 GMT
In <8csfud$ml2$[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
>I'm writing an application where the user needs to enter a number of
>digits (>30) in a field and I need a good algorithm that can verify
>that the data the user has entered is correct. It should support
>variable checksum length and should detect as many faulty digits as
>possible. It's not necessary to detect which digits are incorrect.
How do you know the digits they entered are correct? Is there only one
30 digit number they can enter, or are there a whole bunch? What is
there about that whole bunch that makes them special. Obviouly if any
number is a possible valid input then there is no way of using the
number to decide if it is wrong.
------------------------------
From: DMc <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Tue, 11 Apr 2000 01:04:49 GMT
On Mon, 10 Apr 2000 12:42:50 -0700, lordcow77
<[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, DMc
><[EMAIL PROTECTED]> wrote:
>> Lordcow77 says "the nth iterate of a LCG can be calculated
>>based solely on the seed value to the generator." I gave A.S.S.
>>a seed value of 1 (one). So I invite lordcow77, or anyone else,
>>to "modular exponentiate" this particular seed value "solely"
>>and arrive at any sort of sensible result.
>
>Really, if you're going to troll, please do a less obvious job.
>It is evident from context that one should know the parameters
>of the LCG (although with enough output, one can easily derive
>those as well).
>
Really, if you are going to project so obviously, you really should do
a better job of masking it. Your slothful, imprecise way of expressing
your original "thought" has no bearing here no doubt.; oh, I forgot; I
am supposed to have full and prior knowledge of your "context."
>>
>> I passed this formula by a long time ago. It is one of those
>>things that is good theory, but of little practical use. It can only be
>>calculated with a severely limited set of "k" values.
>>
>> For instance, the original problem I gave A.S.S requires
>>calculating 16 807 ^ 1 073 741 824. That calculation result is
>>way beyond the limits of an "infinite" digits program I have.
[lordcow77 snipped the most important part of this paragraph]
>
>The result of a modular exponentiation can be calculated easily
>using a square and multiply method, reducing at each stage.
>
For us ordinary interested persons, be so kind as to actually do this
easy calculation at least once so we can all benefit from your
expertise. After all, you say it is easy.
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Is AES necessary?
Date: Tue, 11 Apr 2000 01:08:13 GMT
David C. Oshel <[EMAIL PROTECTED]> wrote:
> Good point. I've often wondered whether Microsoft (for example) has The Bomb.
>They've
> certainly got the technical wherewithal to develop it, in common with a lot of
> what used to be called the Third World.
"The bomb" in its crudest forms is really quite simple. If you didn't
need an advanced delivery system and weren't particularly concerned
about safety you could probably whip one up yourself. Fortunatly,
high-grade fissionable material is somewhat less common.
I'd like to categorigally state that you couldn't hope to hide a
refinery in today's day and age. Alas, however, the CIA has all to
recently proven that you can. ;)
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Miami Herald article about ATM ripoffs
Date: 11 Apr 2000 01:10:12 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Narley Okim)
writes:
>Today's Miami Herald has an article by David Green <[EMAIL PROTECTED]>
>titled, "S. Florida sees new breed of ATM, credit card crooks". In
>discussing the magnetic stripes on the backs of credit cards, he says "Each
>stripe contains a mathematical logarithm necessary to access that account."
I suspect he meant algorithm. (just a rearrangement of the first four
letters). But even that is wrong. It contains an offset to get from teh
natural PIN created by encrypting various things like the account number
by DES with a secret key to the true pin. (See Ross Anderson's
explanation many years ago here.)
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Miami Herald article about ATM ripoffs
Date: Tue, 11 Apr 2000 01:12:03 GMT
Xcott Craver <[EMAIL PROTECTED]> wrote:
> Narley Okim <[EMAIL PROTECTED]> wrote: In
>>discussing the magnetic stripes on the backs of credit cards, he says "Each
>>stripe contains a mathematical logarithm necessary to access that account."
>>
>>Does that make sense or are we talking clueless reporter here?
> Probably the kind of guy who, back in high school, mocked
> you on the bus because you were taking Honors Calc. "Hey,
> huh, huh, what's the, uh, sine of the cosine of the, uh, huh,
> square root of, uh, huh...."
It could be worse, yesterday's paper had an article on digital
signatures. The low point was a paragraph on public key cryptography,
which uses two keys, a private and a public one. Messages encrypted
with any private key can only be decrytped with a public one.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Crypto for embeded platforms?
Date: 11 Apr 2000 01:14:03 GMT
In article <[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
>I was wondering if anyone would be interested in a cryptoapi designed
>for 16/8 bit micro-controller platforms? It would be written entirely
>in C to be portable but under 4kb total. The basics I want to include are
4k is too large, keep it under 1k, preferably way under.
>1. A symmetric cipher
OK. If you're limited to a single block cipher, Skipjack may be the
best choice, because of very low RAM requirements. You might also
want to add a stream cipher or two. (#1 = RC4, #2 = something using
less ram, if you can find one).
>2. A hash function (sha-1?)
This is kind of problematic but yes, sha-1 is probably the best choice.
MD2 is probably the most straightforward to implement on an 8-bit cpu
and needs less ram than sha-1. You might use some hashing scheme
based on the block cipher.
>3. A rng [based on the hash]
Might be overkill.
>All this in under 4kb of code, hopefully smaller. I know some will say
>why not use asm, but I want to make this cross-platform for those cpus.
>I have access to a compiler suite that will comiple to about 10 diff cpus...
That's a start. You probably want to have asm versions for the more
important processors. Which compiler do you have, btw? Most of the
8-bit C compilers I know of make really terrible code. This is an
area where hand-coded asm is still king.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: permutation polynomials (more)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 11 Apr 2000 01:01:39 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: Is it possible to have a permutation polynomial P(x) actually form a
: complete cycle? For example
: a = P(0)
: for i = 1 to 255 do
: a = P(a)
: And end up at (a = 0) at the end? [this is of course in Z(256)].
To clarify - are you looking for a maximum period of 255, or 256?
Your code seems to imply 255 - but I'm not sure I'd call such a cycle
"complete".
"P(x) = x + 1" - would give a period of 256 easily enough...
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Crypto for embeded platforms?
Date: Tue, 11 Apr 2000 01:43:19 GMT
Paul Rubin wrote:
>
> In article <[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> >I was wondering if anyone would be interested in a cryptoapi designed
> >for 16/8 bit micro-controller platforms? It would be written entirely
> >in C to be portable but under 4kb total. The basics I want to include are
>
> 4k is too large, keep it under 1k, preferably way under.
Well the goal is to write the lib first, then if it's popular start asm
ports of the source. So right now I would target it to things like an
8051 with say 8kb of codespace... Then with the asm ver it could be 1kb
or so. I have experience writing for embeded platforms [I did a VM for
a cpu on a AVR8015 in 512 words of code...]
> >1. A symmetric cipher
>
> OK. If you're limited to a single block cipher, Skipjack may be the
> best choice, because of very low RAM requirements. You might also
> want to add a stream cipher or two. (#1 = RC4, #2 = something using
> less ram, if you can find one).
Well what about TEA? other then the shifting, etc... it uses very
little ram. I could just replace the symmetric block cipher with rc4 or
something [my secure lagged fibonacci generator ? :)]
> >2. A hash function (sha-1?)
>
> This is kind of problematic but yes, sha-1 is probably the best choice.
> MD2 is probably the most straightforward to implement on an 8-bit cpu
> and needs less ram than sha-1. You might use some hashing scheme
> based on the block cipher.
Well the output has to be at least 160 bits to be secure I would think.
So md2 is out, unless it's modifyable (= bad) to output more.
> >3. A rng [based on the hash]
>
> Might be overkill.
It's not hard todo at all, say 30 lines of code at the most...
> >All this in under 4kb of code, hopefully smaller. I know some will say
> >why not use asm, but I want to make this cross-platform for those cpus.
> >I have access to a compiler suite that will comiple to about 10 diff cpus...
>
> That's a start. You probably want to have asm versions for the more
> important processors. Which compiler do you have, btw? Most of the
> 8-bit C compilers I know of make really terrible code. This is an
> area where hand-coded asm is still king.
I am using Micro-C (from DDS, Disclaimer: I am in no way affiliated
with DDS...) because the author was generous enough to share his tools
with me. So I could test my code on a 8051 (using his simulator) and I
could compile it for a 8051/avr/6809/etc...
Basically I want to start in c and port to asm. I should be able to
code it in C in under 4kb no prob.
So RC4 + SHA-1 + RNG = lib ?
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: permutation polynomials (more)
Date: Tue, 11 Apr 2000 01:45:08 GMT
Tim Tyler wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> : Is it possible to have a permutation polynomial P(x) actually form a
> : complete cycle? For example
>
> : a = P(0)
> : for i = 1 to 255 do
> : a = P(a)
>
> : And end up at (a = 0) at the end? [this is of course in Z(256)].
>
> To clarify - are you looking for a maximum period of 255, or 256?
>
> Your code seems to imply 255 - but I'm not sure I'd call such a cycle
> "complete".
>
> "P(x) = x + 1" - would give a period of 256 easily enough...
I want the biggest order I can get, i.e p states. But I didn't think
you could have primitive polynomials [mod composite]... am I wrong?
Something like
P(x) = 2x^2 + x, is a permutation polynomial, but is not primitive...
Tom
------------------------------
From: [EMAIL PROTECTED] (Xcott Craver)
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: 11 Apr 2000 01:53:07 GMT
DMc <[EMAIL PROTECTED]> wrote:
>On Mon, 10 Apr 2000 12:42:50 -0700, lordcow77
[ Re: calculating 16 807 ^ 1 073 741 824. ]
>>
>>The result of a modular exponentiation can be calculated easily
>>using a square and multiply method, reducing at each stage.
>>
>For us ordinary interested persons, be so kind as to actually do this
>easy calculation at least once so we can all benefit from your
>expertise. After all, you say it is easy.
Okay, freeze:
LordCow, you're talking about _modular_ exponentiation.
Was DMc talking about modular exponentiation? Is this
a mismatch of terms?
DMc, I don't see why you think this is hard. 16807^1073741824
would fit neatly in a 2Gb file, so there aren't even logistical
problems with the OS (e.g., 32-bit filesystems) preventing
someone from doing this. Using the square-and-multiply method
this would take about 30 passes over the file, however long
each takes. Are you using a cryptographer's definition of
"easy" here, or a layperson's?
Further, in modular exponentiation, where this kind of stuff
really matters, a calculation like 16807^1073741824 is
piddlingly small compared to a standard RSA decryption.
Here, a computer program computes a^b (mod n) where *both*
a and b are on the order of hundreds of digits.
-Scott
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Crypto for embeded platforms?
Date: Tue, 11 Apr 2000 02:00:55 GMT
So far I have implemented the RC4, that together with the startup code
for the cpu is 860 bytes... Not super but not too large either. The
next biggest thing will be the hash.
I designed the rc4 code not to reserve 256 bytes of ram, but to have a
pointer supplied at run time...
Tom
Tom St Denis wrote:
>
> Paul Rubin wrote:
> >
> > In article <[EMAIL PROTECTED]>,
> > Tom St Denis <[EMAIL PROTECTED]> wrote:
> > >I was wondering if anyone would be interested in a cryptoapi designed
> > >for 16/8 bit micro-controller platforms? It would be written entirely
> > >in C to be portable but under 4kb total. The basics I want to include are
> >
> > 4k is too large, keep it under 1k, preferably way under.
>
> Well the goal is to write the lib first, then if it's popular start asm
> ports of the source. So right now I would target it to things like an
> 8051 with say 8kb of codespace... Then with the asm ver it could be 1kb
> or so. I have experience writing for embeded platforms [I did a VM for
> a cpu on a AVR8015 in 512 words of code...]
>
> > >1. A symmetric cipher
> >
> > OK. If you're limited to a single block cipher, Skipjack may be the
> > best choice, because of very low RAM requirements. You might also
> > want to add a stream cipher or two. (#1 = RC4, #2 = something using
> > less ram, if you can find one).
>
> Well what about TEA? other then the shifting, etc... it uses very
> little ram. I could just replace the symmetric block cipher with rc4 or
> something [my secure lagged fibonacci generator ? :)]
>
> > >2. A hash function (sha-1?)
> >
> > This is kind of problematic but yes, sha-1 is probably the best choice.
> > MD2 is probably the most straightforward to implement on an 8-bit cpu
> > and needs less ram than sha-1. You might use some hashing scheme
> > based on the block cipher.
>
> Well the output has to be at least 160 bits to be secure I would think.
> So md2 is out, unless it's modifyable (= bad) to output more.
>
> > >3. A rng [based on the hash]
> >
> > Might be overkill.
>
> It's not hard todo at all, say 30 lines of code at the most...
>
> > >All this in under 4kb of code, hopefully smaller. I know some will say
> > >why not use asm, but I want to make this cross-platform for those cpus.
> > >I have access to a compiler suite that will comiple to about 10 diff cpus...
> >
> > That's a start. You probably want to have asm versions for the more
> > important processors. Which compiler do you have, btw? Most of the
> > 8-bit C compilers I know of make really terrible code. This is an
> > area where hand-coded asm is still king.
>
> I am using Micro-C (from DDS, Disclaimer: I am in no way affiliated
> with DDS...) because the author was generous enough to share his tools
> with me. So I could test my code on a 8051 (using his simulator) and I
> could compile it for a 8051/avr/6809/etc...
>
> Basically I want to start in c and port to asm. I should be able to
> code it in C in under 4kb no prob.
>
> So RC4 + SHA-1 + RNG = lib ?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
