Cryptography-Digest Digest #599, Volume #11 Fri, 21 Apr 00 17:13:01 EDT
Contents:
Re: New version of MIRACL ("Joseph Ashwood")
Re: The Illusion of Security (Tom St Denis)
Re: New version of MIRACL ("Dann Corbit")
Re: New version of MIRACL ("Joseph Ashwood")
Re: The Illusion of Security ("Joseph Ashwood")
Re: Sophie-Germain and ElGamal ("Joseph Ashwood")
Re: password generator ("Joseph Ashwood")
Re: papers on stream ciphers ("Joseph Ashwood")
Re: The Illusion of Security (Tom St Denis)
Re: Sophie-Germain and ElGamal (Tom St Denis)
----------------------------------------------------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: New version of MIRACL
Date: Fri, 21 Apr 2000 13:08:14 -0700
And it still gives far too many warnings to be usable on my
system. Let me compile it and give you the current count,
57, that's right 5 followed by 7. And they're stupid things
that should be fixed, but without proper documentation can't
be fixed by me. Now let me compile Miracl, and the current
count is: 0. I think I'd rather use Miracl. Add to this that
I've never had a problem with Miracl, either with
correctness, speed, stability, etc, and I think you'll
understand why I use it (someday I'll even buy a license).
Joe
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Dann Corbit wrote:
> >
> > "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > >
> > >
> > > Dann Corbit wrote:
> > > >
> > > > "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> > > > news:[EMAIL PROTECTED]...
> > > > >
> > > > >
> > > > > Dann Corbit wrote:
> > > > > >
> > > > > > One of my favorite toys just got updated:
> > > > > > http://indigo.ie/~mscott/
> > > > > >
> > > > > > Definitely worth a look.
> > > > > > ;-)
> > > > >
> > > > > Not to steal the fame, but I like MPI better, and
by all means for the
> > > > > others "try both :)".
> > > >
> > > > I have not tried MPI. I would like to hear more
about it.
> > > > Is it integer only, or does it have rational or
floating point
> > > > approximations?
> > > > Is it portable to many platforms? (I play around on
many different
> > systems
> > > > and compilers so I need something very portable).
> > > > What sort of restrictions are there to the
distribution? What is the
> > > > homepage URL?
> > >
> > > It's a large int only, but it's quite well put
together, it's by Michael
> > > Frombeger and it is at:
> > > http://linguist.dartmouth.edu/~sting/mpi/
> > >
> > > It's very portable, simple to use and relatively
small.
> >
> > Tried it. Wants GCC and UNIX environments. Even
withing GCC, several
> > non-portable assumptions are made:
> > bash-2.02$ make
> >
> > The following targets can be built with this Makefile:
> >
> > libmpi - arithmetic and prime testing library
> > tests - test drivers (requires MP_IOFUNC)
> > tools - command line tools
> > doc - manual pages for tools
> > clean - clean up objects and such
> > distclean - get ready for distribution
> > dist - distribution tarball
> >
> > bash-2.02$ make libmpi
> > /usr/bin/perl make-logtab > logtab.h
> > /usr/bin/perl: not found
> > make: *** [logtab.h] Error 127
> > bash-2.02$ make tests
> > gcc -ansi -pedantic -Wall -O3 -c mpi.c
> > mpi.c: In function `s_mp_tovalue':
> > mpi.c:3488: warning: ANSI C forbids braced-groups within
expressions
> > mpi.c: In function `s_mp_todigit':
> > mpi.c:3533: warning: ANSI C forbids braced-groups within
expressions
> > mpi.c: In function `s_mp_outlen':
> > mpi.c:3550: `s_logv_2' undeclared (first use in this
function)
> > mpi.c:3550: (Each undeclared identifier is reported only
once
> > mpi.c:3550: for each function it appears in.)
> > mpi.c:3552: warning: control reaches end of non-void
function
> > make: *** [mpi.o] Error 1
> > bash-2.02$ make tools
> > gcc -ansi -pedantic -Wall -O3 -c mpi.c
> > mpi.c: In function `s_mp_tovalue':
> > mpi.c:3488: warning: ANSI C forbids braced-groups within
expressions
> > mpi.c: In function `s_mp_todigit':
> > mpi.c:3533: warning: ANSI C forbids braced-groups within
expressions
> > mpi.c: In function `s_mp_outlen':
> > mpi.c:3550: `s_logv_2' undeclared (first use in this
function)
> > mpi.c:3550: (Each undeclared identifier is reported only
once
> > mpi.c:3550: for each function it appears in.)
> > mpi.c:3552: warning: control reaches end of non-void
function
> > make: *** [mpi.o] Error 1
> > bash-2.02$ make doc
> > make: `doc' is up to date.
> > bash-2.02$
> >
> > I fixed the path, and GNU's perl was unable to create
the include file.
> > I changed the define to use log calls instead of a
table, and it still fails
> > to compile.
> >
> > Quite frankly, I don't think it holds a candle to MIRACL
or FreeLip, for
> > that matter.
> >
> > However, for whatever UNIX platform it was built on, I'm
sure it does an
> > adequate job.
>
> That's because you don't know how to use your tools. In
three seconds I
> can compile mpi.c to mpi.o with GCC. True you have to
configure it (i.e
> not use the logtab) but after that one minor change it
works flawlessly
> with me.
>
> Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Fri, 21 Apr 2000 20:24:37 GMT
"Douglas A. Gwyn" wrote:
>
> Tom St Denis wrote:
> > Of course of all the ciphers used since the 70's none of them have yet
> > been broken.
>
> What makes you think that?
Praticallity. Even if the spooks could break say 3DES in three easy
steps, and nobody else knew, would it matter? Most likely not. It
wouldn't be great, but better then the alternative.
However I sincerely doubt the 'spooks' could break any respectable
modern cipher in a realistic amount of time, most likely they would
attackt he implementation or system not the cipher.
Tom
------------------------------
From: "Dann Corbit" <[EMAIL PROTECTED]>
Subject: Re: New version of MIRACL
Date: Fri, 21 Apr 2000 13:27:55 -0700
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
[snip]
> Why don't you email the author directly. It may be a trivial problem.
> I don't think you should call it a hack, cuz well it works well in all
> environments I have seen it in. Either case you like miracl better
> whoopy a number is a number is a number.
Actually, I am quite unconcerned about it. I already have:
* Maple V (Commercial tool)
* MIRACL (Shamus Software)
* ECPP (Morain)
* FreeLip (Lenstra)
* HFLOAT (Arndt)
* APFLOAT (Tommilla)
And a host of others.
And all work very easily and quite well enough for my purposes. I have got
to the point where I can complete a compile wit MPI and I know enough that
it is not competitive with the other tools at my disposal. However (as I
said before) I am sure it is a very nice thing to have for those who are
addressed by the requirements it was designed to serve.
--
C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
"The C-FAQ Book" ISBN 0-201-84519-9
C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: New version of MIRACL
Date: Fri, 21 Apr 2000 13:20:34 -0700
Except we discussed this the other day off group, and I told
you of the problems.
Joe
> It may be a trivial problem.
> I don't think you should call it a hack, cuz well it works
well in all
> environments I have seen it in.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Fri, 21 Apr 2000 13:21:49 -0700
> I meant used. The lastest used ciphers are 3des, cast128
and idea, all
> of which have had considerable analysis put against. Of
course anybody
> can make a cipher that is trivial breakable. But those
that have
> survived all our known tests, are secure.
And 3des, cast128 and idea are all from the last five years,
although the building block for 3des has been around longer.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Sophie-Germain and ElGamal
Date: Fri, 21 Apr 2000 13:28:42 -0700
The primary reason for using {some personally preferred
subset of} Primes is that there are various methods of
attack on either factoring (for RSA) or Discrete Log (for
DH, ElGamal, etc) that make use of specific properties of
the primes for speed increases (in your case you were asking
specifically about (p-1)/2 being composite), or even in some
case to be able to work. As I recall most of those methods
are no longer fastest when you get out of the 300-400 bit
range, so YMMV.
Joe
"falissard" <[EMAIL PROTECTED]> wrote in message
news:8dp7jl$2q07$[EMAIL PROTECTED]...
> For DH-ElGamal encryption, some people recommend
> using particular prime numbers (Sophie-Germain primes,
> where both p and (p-1)/2 are prime).
>
> See for example http://www.gnupg.org/rfc2440-12.html
>
> I am not sure PGP in its current version makes any use of
> Sophie-Germain primes.
> What could justify using them, from a cryptanalysis point
of view?
>
> http://os390-mvs.hypermart.net
>
>
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: password generator
Date: Fri, 21 Apr 2000 13:40:30 -0700
Actually it was a fiance' problem, not a windows problem.
She thought all the processes were frozen so she shut down
the machine (actually she just killed the power).
Unfortunately in the hour or so taht they ran, not a single
one generated any output.
Joe
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Joseph Ashwood wrote:
> >
> > Unfortunately, while I was gone strange thigns happened
and
> > my computer ended up powered down (with no output). I'll
try
> > again tomorrow.
> > Joe
>
> Hmm... windows whadda you expect :)
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: papers on stream ciphers
Date: Fri, 21 Apr 2000 13:44:56 -0700
Hey I've said the same thing over and over about stream
ciphers, there aren't that many of them, roll your own and
add to our knowledge. Of course I've also said that one
should not limit yourself just using a good random number
generator and XOR, that's weak against known attacks (like
if I know your plaintext I can send valid streams as you).
Try to add knowledge, not just security. I've tried many
times, but I haven't found one that even begins to be
secure.
Joe
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Howdy,
>
> Looking for papers about stream ciphers. It seems block
ciphers are the
> norm lately...
>
> Looking for prng/stream ciphers. Preferably not based on
lfsrs....
>
> Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Fri, 21 Apr 2000 20:52:14 GMT
Joseph Ashwood wrote:
>
> > I meant used. The lastest used ciphers are 3des, cast128
> and idea, all
> > of which have had considerable analysis put against. Of
> course anybody
> > can make a cipher that is trivial breakable. But those
> that have
> > survived all our known tests, are secure.
> And 3des, cast128 and idea are all from the last five years,
> although the building block for 3des has been around longer.
> Joe
Although the building blocks for cast have been around much longer too.
See the papers by Charlise Adams from the 80's, etc..
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Sophie-Germain and ElGamal
Date: Fri, 21 Apr 2000 20:54:24 GMT
Joseph Ashwood wrote:
>
> The primary reason for using {some personally preferred
> subset of} Primes is that there are various methods of
> attack on either factoring (for RSA) or Discrete Log (for
> DH, ElGamal, etc) that make use of specific properties of
> the primes for speed increases (in your case you were asking
> specifically about (p-1)/2 being composite), or even in some
> case to be able to work. As I recall most of those methods
> are no longer fastest when you get out of the 300-400 bit
> range, so YMMV.
That's not true at all. A 1024 bit composite can be factored easily by
the pollard-rho method iff the factor base is smooth, err... there are a
bunch of small prime factors. Same for the DL problem.
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
