Cryptography-Digest Digest #591, Volume #11 Fri, 21 Apr 00 03:13:00 EDT
Contents:
Re: OAP-L3: Semester 1 / Class #1 All are invited. ("Joseph Ashwood")
Re: OAP-L3: Semester 1 / Class #1 All are invited. ("Joseph Ashwood")
Re: Requested: update on aes contest (wtshaw)
Re: The Illusion of Security (UBCHI2)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Anthony Stephen Szopa)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Anthony Stephen Szopa)
----------------------------------------------------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Thu, 20 Apr 2000 23:04:41 -0700
Crossposted-To: talk.politics.crypto
> You obviously don't have a clue what a table is for or
what you are
> looking for in this table or what you need to reply to let
me know
> that you "get it."
Here's another table:
59 6f 75 27 72 65 20 61 20 66 75 63 6b 69 6e 67 20 61 73 73
68 6f 6c 2c 20 61 6e 64 20 79 6f 75 20 63 61 6e 20 74 61 6b
65 20 79 6f 75 72 20 61 62 73 6f 6c 75 74 65 20 6c 6f 73 65
72 20 61 6e 20 64 6e 63 72 79 70 74 69 6f 6e 20 61 6c 67 6f
72 69 74 68 6d 20 61 6e 64 20 73 68 6f 76 65 20 69 74 20 77
68 65 72 65 20 74 68 65 20 73 75 6e 20 64 6f 6e 27 74 20 73
68 69 6e 65
And I think it's pretty clear about what you are to do with
it.
> Also note that you have misrepresented the random number
generator
> when you say the random digit generator in OAP-L3 is not
> cryptologically secure.
You have never established that your algorithm is
cryptologically secure, it's probably a safe assumption that
it's not cryptologically secure.
>
> You have chosen one part of the random number generator
and made
> this claim. The entire random number generator process
results
> in the random numbers contained in the OTPs, and not the
random
> digits from the MixFile process you address.
If one part of the pRNG is insecure the entire thing is
insecure (see complaints about original MARS key schedule).
> There is only one legitimate test for determining the
security of
> encryption software: this test is that the cracker needs
to know
> all about the encryption software's inner workings, the
cracker
> needs to have a substantial amount of plain text, and the
> corresponding encrypted text. From this knowledge and
this
> information the cracker must crack all encrypted messages.
No that is not the only legitimate test, if the security of
your pRNG has been successfully compromised without access
to much of the information that you have not released, then
it has been compromised.
>
> You are only asking essentially for the key to the MixFile
/ random
> digit process and then trying to predict subsequent random
digits.
Which of course may be enough to compromise the fake
security of your system
>
> You want this key (once removed) and expect someone to
believe you
> have cracked this process then you leap to the conclusion
that the
> entire random number generator / generation is flawed.
If you don't think he can do it, give him what he asks for.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Thu, 20 Apr 2000 23:05:18 -0700
Crossposted-To: talk.politics.crypto
> Real cryptologists understand my Help Files.
"Real cryptologists" ignore your useless drivel.
Joe
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Requested: update on aes contest
Date: Thu, 20 Apr 2000 23:13:35 -0600
In article <[EMAIL PROTECTED]>, lcs Mixmaster
Remailer <[EMAIL PROTECTED]> wrote:
> This whole AES process has been a sad, embarrassing revelation of the
> personal weaknesses and flaws of the leaders of the field. The spirit of
> intellectual dishonesty which has pervaded the contest has been the exact
> opposite of the goals and principles the participants claim to endorse.
To be kind, each advocate is going to have a difficult time not supporting
his entry. Fixes were part of the deal, a chance to correct a correctible
flaw. In the case of a clear overriding problem, advocacy is not
sufficient to guarantee longterm success, as the winner will becomes a
universal target so others can say I told you so.
>
> It's not impossible that teams are actually committing the ultimate
> intellectual crime by concealing weaknesses in the ciphers which they
> themselves know about. They may be having strategy sessions in which
> they speculate about whether specific attacks and potential problems in
> their own ciphers might be discovered by their rivals. They organize
> attack teams against other ciphers, hoping to tarnish each of them at
> least slightly so that their own cipher comes out looking best.
It is the best interest of the winner to remain untarnished. Winning,
then losing, does not seem to be a best option. But, winning may not be
as important as some might feel if that sole cipher cannot handle future
crypto needs. While the original criteria were to encourage almost any
solution, as it developed, the criteria narrowed somewhat.
>
> We don't know what is going on internally. But the public evidence is
> that these groups are not being intellectually honest. They cook their
> tests to cast their own ciphers in the best possible light. They push
> their own ciphers at the expense of others. They are doing everything
> that it takes to win.
It might be true ins some cases, not true in others. After all, a major
tool in cryptography is deception. One simply must wonder if all know its
scientific limit. A person can be narrowly intellectually honest, and be
ignorant of their own limiting prejudices.
--
Doubt until you have proof, then doubt frequently. Descartes
%/^): [|]"! ?=)@~ ;)[]* :@\@} *#~}> ,=+)! .($`\
------------------------------
From: [EMAIL PROTECTED] (UBCHI2)
Subject: Re: The Illusion of Security
Date: 21 Apr 2000 06:24:21 GMT
He's probably right for the wrong reasons. Nothing but the one time pad has
ever worked in cryptography for any length of time.
Intractable math problem are only in the eye of the beholder. How many of you
would have thought that the enigma could be broken?
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Thu, 20 Apr 2000 22:29:41 -0700
Tom St Denis wrote:
>
> Anthony Stephen Szopa wrote:
> > Was it you who actually suggested that OAP-L3 may be as strong as
> > the AES candidates? Someone in these news groups did very recently.
> > I thought it was you.
>
> Um no it was not me.
>
> > What a let down: "For starters I am a stupid-ass when it comes to
> > abstract algebra..."
> >
> > I guess your opinions carry little weight in this news group. I
> > never gave them much weight any why simply because you never
> > supported any of your positions. What did you expect?
>
> Actually I was being very realistic. I am a *high school* student, so
> even if I wanted to, I don't know the required math todo it. *however*
> as I stated, that doesn't mean others can't.
>
> If you took the mirrored sunglasses off you would notice I am actively
> developping a crypto api, peekboo iii and working on odds and ends. And
> obviously people reply so they think somewhat ok of my opinion.
>
> > This is all so richly comical.
>
> Because you are not taking anything serious.
>
> > Was it you who also suggested that the posters in this news group
> > could help me work out "flaws" in OAP-L3?
>
> No I said "do your own homework".
>
> > So what makes you think I would want or accept your help or anyone
> > else's help with OAP-L3? Nearly none of you really seems to
> > understand the software anyway.
>
> Post the source code, then we'll talk. Or clean up your algorithm
> description with some pseudo code... It's not the easiest description to
> follow.
>
> > I want to assure you that I know what questions to ask regarding
> > OAP-L3 and I have probably already asked them. I am completing
> > Version 4.3 now.
>
> Do you have a copy for the 8051 yet?
>
> > I have also mapped out in detail Version 5.0, Version 5.1, and even
> > a subsequent version. All more powerful and more secure and more
> > versatile.
>
> How are they more secure?
>
> > Version 5.0 will be an evolutionary leap. Here is a table I
> > included in a paper I wrote describing the fundamental concept
> > of Version 5.0 and subsequent versions. I am posting it here
> > (without any explanation) to put on record that I have already
> > done it. For those interested in brain teasers, this could be an
> > enjoyable one to figure out what is going on.
> >
> > When I release Version 4.3, then I will post this entire document
> > describing the fundamentals of Version 5.0 (including this table)
> > on my web site.
> >
> > Table 1 -
> >
> > Usg IIP MixFile1 MixFile2 MixFile3 Digit
> > 5 8 6327491805 5382460791 1352094678 9
> > 1 3 7246301598 6153704298 7801354926 3
> > 6 5 7845069213 4019682573 2184065379 4
> > 2 9 1904735268 4273860915 8670159423 7
> > 4 1 0819374256 6421935087 9710324865 9
> > 3 7 3145682790 8601534279 8523419670 4
> > 1 2 1495638027 4139708562 8642375190 4
> > 4 0 6712958403 9152743860 7618943205 5
> > 6 4 1093865724 6491830725 2705941368 6
> > 2 6 8610273495 3091268475 1846327095 8
> > 5 8 7568421390 6729480531 0876925413 8
> > 3 1 9310845672 0567483192 0835974162 9
> >
> > Usg = usage
> > IIP = initial index pointer
>
> This makes no sense to me whatso ever.
>
> One very strong critic. How do you make the mixfiles to begin with?
> Can your prng run on a 8051 with say 64 bytes ram? Stop calling it an
> OTP. How are the newer versions any better?
>
> tom
"This makes no sense to me whatso ever."
What else is new?
Don't worry about it.
You are in my permanent kill file.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Thu, 20 Apr 2000 23:25:43 -0700
James Felling wrote:
>
> Anthony Stephen Szopa wrote:
>
> > James Felling wrote:
> > >
> > > > <Gigantic snip of epic proportions>
> > > >
> > > > You don't know what you are talking about.
> > > >
> > > > You cannot even describe the process of how the final OTPs are
> > > > created from start to finish.
> > >
> > > I can post the materials from your website which I have reviewed extensively.
>This certianly
> > > skirts the line as to describing clearly, but if it passes for you, I guess it
>will have to
> > > pass for me.
> > >
> > > >
> > > >
> > > > OAP-L3 has no bias because I say so,
> > >
> > > First good reason to doubt your credibility.
> > >
> > > > AND because I have provided
> > > > a solid and sound argument why, in the Theory and Processes Help
> > >
> > > > Files available at http://www.ciphile.com
> > >
> > > No, you have not provided a "solid and sound argument why" what you have
>provided is a very,
> > > very complex algorithim that does in many steps what most algorithims do in a
>few, and still
> > > have not explained how with the artifact laden Mix files one may generate clean
>OTPs.
> > >
> > > >
> > > >
> > > > There is no more bias in the OTPs from OAP-L3 than there are from
> > > > picking true random numbers since the recommended use requires
> > > > that the user input true random numbers when choosing what
> > > > processes to run and what input parameters to use in each process.
> > > > True random numbers in: true random numbers out. This should be
> > > > a no brainer.
> > >
> > > Really? Your logic is flawed at at least two points
> > >
> > > 1) People are lousy pickers of "true random numbers" -- we tend to pick
>favorites, and to
> > > avoid certian patterns and select other "more random looking ones" -- hand
>generated OTPs
> > > were an insecure point in many early code departments.
> > >
> > > 2)A simple example of the falehood of random numbers in, random numbers out. -
>If I write a
> > > program and ask for a random number, and whatever I do my program outputs the
>number 4867,
> > > then what I have is "random numbers in, single number out" -- while I do not
>claim that your
> > > program is flawed in any similar manner, just because I imput some random
>numbers, and do some
> > > calculations based on them all it means is that my program is at MOST as random
>as its inputs,
> > > and in many cases it means that my program is less random than its inputs.
> > >
> > > >
> > > >
> > > > I have supported everything I have said here in this news group
> > > > and in the Help Files available at my web site. None of you have
> > > > supported anything you have said.
> > >
> > > Your RNG ( used to generate your mix files) has a definite and obvious flaw that
>should be
> > > visible to anyone who has ever taken a serious look at it. There are points
>where the 10
> > > digit permutation("scramble" may be easily masked out of the generated data, and
>given since
> > > that is no longer there, attacks versus the "Mix", "redistribute" and "scramble"
>are easily
> > > available. If you do not know of what I speak, ask, and I will gladly provide
>further more
> > > information. True this is a minor flaw( one of many), and as you have setup
>your code data
> > > under it is reasonably secure, but if 5 minutes of analisys of your mix file
>generation gives
> > > this, what other flaws lurk? Let me say this now "your algorithim is secure--
>at least versus
> > > me", but I do not feel that the level of security it gives is close to that of
>much easier to
> > > use programs, nor do I feel that it provides any premium in any way versus
>existing free
> > > software such as PGP.
> > >
> > > >
> > > >
> > > > Mr. Huuskonen claims that the current implementation of the random
> > > > digit generator is not cryptologically sound.
> > >
> > > True.
> > >
> > > > Have any of you
> > > > asked Mr. Huuskonen if the output from the random digit generator
> > > > is used to encrypt messages?
> > >
> > > No it is not, at leas not directly. It is not used to encode in the same way
>that in a car
> > > with power steering, turning the steering wheel does not actually move the
>wheels, it moves
> > > something which in turn makes something else move the wheels. -- the RNG is used
>to make
> > > things that are processed to make other things, that are combined with other
>things, which
> > > eventually after many steps, produces the output.
> > >
> > > > No, none of you have. This is
> > > > because none of you knows what they are talking about.
> > >
> > > We aren't the only people in this discussion that don't seem to know what they
>are talking
> > > about.
> > >
> > > >
> > > >
> > > > The output from the random digit generator is not used to encrypt
> > > > messages in OAP-L3.
> > >
> > > Semi-true
> > >
> > > > And there is no way Mr. Huuskonen or anyone
> > > > else is going to get the extensive secret data required to attempt
> > > > an analysis as he has proposed.
> > >
> > > Probably true, unless OAP-L3 goes into general use.
> > >
> > > > If one could, they would also have
> > > > access to the key and or the OTPs themselves, and would not waste
> > > > the time attempting such an analysis.
> > >
> > > Umm, real breaks of real cyphers are generally done by testing and eliminating
>possible
> > > guesses -- this analisys is precisely the sort that would be done to aquire such
>data.
> > >
> > > > So the idea that the random
> > > > digit generator is not cryptologically sound is a statement with no
> > > > implications to the security of OAP-L3 software as currently
> > > > implemented.
> > >
> > > Try "minimal" unless, of course, it is actually used to encrypt real quantities
>of data.
> > >
> > > >
> > > >
> > > > I guess it is like they say in Orange County, California:
> > > >
> > > > "If you don't get it: you don't get it."
> > >
> > > And you sir, don't get it.
> >
> > You insist on knowing what you are talking about. And here I will
> > prove you do not: the software says explicitly that it is
> > recommended that all user input be true random numbers, etc.,
> > and two methods are suggested:
> >
> > 1) number beans and place them in a bottle and shake them up then
> > withdraw them one at a time and this will be your input sequence
> >
> > 2) use a deck of cards with the two jokers. Add two jokers from
> > another deck and label each one with one of the four suits giving
> > a deck of 56 cards with 14 cards in each suit with the jack, queen,
> > king, joker representing the 11, 12, 13, & 14. Shuffle this deck
> > and then peel off one card at a time from the top of the deck and
> > place each card in a pile according to suit. You will then have
> > four 14 number sequences that can be used for input, etc.
>
> Simply put, such methods were used to hand generate OTPs in the specific example I
>gave you. The
> problems you will run into is that people will deliberately subvert such processes,
>or not shuffle
> sulficiently.
>
> In addition I note that you have chosen to respond to only one of the two points I
>have raised.
>
> >
> >
> > Did you not read the Help Files?
> >
> > Obviously not.
> >
> > I think you are pathetic to present yourself as a credible poster
> > when you clearly do not know what you are talking about.
Let me begin by saying you have still not indicated that you have
adequately read the Help Files, or led me to believe that you have
with any sure reference to what is contained in them. You have
only made your assertion that the software has some sort of flaw
with no factual support based upon the software or its associated
Help Files for this claim. In other words, you still seem to not
know what you are talking about.
I ask you this: Describe this supposed flaw in detail - where can
we see it and when does it show up. And describe your "flaw
artifacts" in detail and where can we see them and when do they
show up.
Can't do this because you now say you don't understand the software
because the Theory and Processes Help Files are so poorly written
you cannot understand what I have written?
Here is my final challenge to you:
You have proven to me with a high degree of certainty that you are
either a liar, an idiot, or both, and in any case a fool.
Now I will do you one better. I will prove it to you. I will prove
to you that you are either a liar, an idiot, or both, and in any
case, a fool.
(Hang in there, guys. Here it comes.)
In the Theory Help File I mention the word "bias" seven times and
"unbiased" twice.
You say I don't?
So, it is an agreed fact that I do talk about it.
I also make a logical case that the software has no introduced bias
when used according to recommendations.
You say that I don't or that you can't understand it? Okay.
The first word on the Theory Help File page is "Theory." So, is
there anything you don't understand about this word "theory?"
If you need to look it up in the dictionary or encyclopedia,
please. We will wait.
Here is the following sentence, the first sentence on the Theory
Help Page:
"The foundation of the OTP system for encrypting messages rests on
generating and using random numbers such that predicting any given
random number used to encrypt a character in an original message is
just as likely to be any of all the possible random numbers
available."
Is there anything you don't understand about this sentence?
Here is the following sentence:
"So the primary goal of this encryption software is to generate
such random numbers."
Is there anything you don't understand about this sentence?
Now please continue reading each sentence. When you come to a
sentence you do not understand post a reply to this post and we
will evaluate the problem you have with the sentence that is
incomprehensible to you. Let us know which sentence it is and the
nature of your confusion so I can give you a good response.
This is how I intend to prove to you that you are either a liar, an
idiot, or both, and in any case, a fool.
You wanted help, I am here to give it to you.
Do you accept my challenge?
This goes for any of your peers out there who agree with J.
Felling's positions or have positions of their own they haven't
expressed regarding fault with OAP-L3.
All anyone needs to do is post the exact description of their
position why OAP-L3 is flawed, where we can see this flaw, and when
this flaw will occur, etc. then we will go through the Theory and,
if necessary, the Processes Help Files so each of you can tell me
what it is you don't understand, if this is the case, that led you
to this (erroneous) conclusion. Point out the exact place where
your confusion begins and the unintelligible sentence in question.
(Do you think I should have taken Dale Carnegy's course on How to
Make Friends and Influence People?)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
