Cryptography-Digest Digest #609, Volume #11 Sat, 22 Apr 00 21:13:01 EDT
Contents:
Re: OAP-L3: Semester 1 / Class #1 All are invited. (SoapForge)
Re: factor large composite (Thomas Luzat)
Re: Szopa: troll or snake-oil salesman? (Konstantin Berdichevsky)
Re: GSM A5/1 Encryption (David A. Wagner)
Re: factor large composite (Tom St Denis)
Re: Security of iterated ciphers (was Re: OAP-L3) (James Felling)
AES Style CAST Cipher (Tom St Denis)
Re: Tutorial on text encryption ("Joseph Ashwood")
Re: Checksum algorithm which is ASCII ("Joseph Ashwood")
Re: new idea for symmetric cipher construction ("Joseph Ashwood")
Re: new Echelon article (Diet NSA)
Re: new idea for symmetric cipher construction (Tom St Denis)
MERCY large block cipher (Tom St Denis)
Re: The Illusion of Security (Terry Ritter)
Re: OAP-L3: Secure, but WAY more dificult to use than other equally secure
programs (Anthony Stephen Szopa)
Re: OAP-L3: Secure, but WAY more dificult to use than other equally secure
programs (Anthony Stephen Szopa)
Re: The Illusion of Security (Tom St Denis)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SoapForge)
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Sat, 22 Apr 2000 02:13:08 GMT
On Thu, 20 Apr 2000 22:06:20 -0700, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote:
>Then you have the nerve to critique my Help Files as being
>inadequate, and you have the ridiculous audacity to tell me to
>make them more presentable and mature while you are a blithering
>knuckle head.
"I'm not immature! And you're a knuckle head!". 'nuff said.
-
"As far as I'm concerned, there won't be a Beatles reunion as long as John
Lennon remains dead." - George Harrison.
You can mail me as soapforge (little swirly "at" symbol) yahoo (dot) com
------------------------------
From: Thomas Luzat <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Date: Sat, 22 Apr 2000 23:32:15 +0200
Reply-To: [EMAIL PROTECTED]
On Sat, 22 Apr 2000 13:39:19 -0700, "Joseph Ashwood"
<[EMAIL PROTECTED]> wrote:
>If you want thoery only. There is a method that runs on
>quantum computers that brings factoring down to polynomial
>time. However since only a 7 qubit quantum computer exists,
>just don't use a 3 bit or smaller RSA key.
>IIRC GNFS is the fastest for standard computers, but
>factoring anything larger than 512 bits has not been
>successfully attempted with that algorithm. Factoring even a
>1024-bit number would require more RAM than has been
>produced.
>
>There are a massive number of possibilities for choosing a
>factorig algorithm, one of the biggest consideration is how
>much RAM do you have? please use scientific notation so we
>can actually read the number (at least if you have enough to
>be successful). Even storing just the primes of the size you
>need would take ~10^307 bytes of RAM.
Do you mean for all primes of that size? It is even perfectly possible
to factor a 1024 bit number on a 64k system...
Thomas
------------------------------
From: Konstantin Berdichevsky <[EMAIL PROTECTED]>
Subject: Re: Szopa: troll or snake-oil salesman?
Date: Sat, 22 Apr 2000 21:39:25 GMT
I have just one linguistic comment:
Anthony Steven Szopa abbreviates as "ASS".
At the same time, "Szopa" means exactly this - in Russian.
It can be pure coincidence, for sure...
Regards,
--
Konstantin Berdichevsky
"Everything is what it is: liberty is liberty,
not equality or fairness or justice or culture or human happiness or a
quiet conscience".
Sir Isaiah Berlin.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: GSM A5/1 Encryption
Date: 22 Apr 2000 13:58:54 -0700
In article <[EMAIL PROTECTED]>,
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> Why are they so interdependent?
I don't know. I'm not a GSM expert. This is way outside my area of knowledge.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Date: Sat, 22 Apr 2000 21:56:47 GMT
"Roy I. Mankle" wrote:
>
> [EMAIL PROTECTED] (EP847) wrote:
>
> >Can anyone tell me what the fastest method of factoring a 2048 bit RSA key is
> >( i know the time will be *very* long )
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> >It's not currently possible.
>
> Of course it's possible! You can factor any composite number simply by
> trial division by every prime number up to the square root. Faster methods
> exist though, and he was asking for the fastest.
No I mean it's not possible. There is not enough time todo a trial
division, and the chances of pollard-rho, p-1, QS or NFS factoring the
number is very low. Even if you could finish the sieving for NFS there
is not enough memory to finish it.
So I really meant 'it's not currently possible'.
Tom
------------------------------
From: James Felling <[EMAIL PROTECTED]>
Subject: Re: Security of iterated ciphers (was Re: OAP-L3)
Date: Sat, 22 Apr 2000 17:03:28 -0500
David Hopwood wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> "Douglas A. Gwyn" wrote:
> > James Felling wrote:
> > > This program is a classic example of the assertion that any algorithm
> > > that does not form a group over its keys can if reiterated enough be
> > > made arbitrarially secure.
> >
> > Could you translate that into a mathematical statement, please?
> > It is false on its face; just consider a small-key system iterated
> > some large but fixed number of times -- a brute-force attack is
> > not hindered any more by the iteration than legitimate decipherment
> > is hindered. How are you measuring "security"?
>
> I assume that he meant to specify independent round keys. However, it's
> still wrong in that case:
>
> - if the cipher is "nearly" a group, i.e. composing two rounds is
> equivalent to a single round for a different key with high
> probability (but not always), then it will still be insecure when
> iterated,
> - some types of attack (for example slide attacks) can work against
> ciphers with a particular structure regardless of the number of
> rounds,
> - if there is any property of a block that is preserved by a single
> round for all possible round keys, it will be preserved by an
> arbitrary number of rounds. This could potentially be used in a
> chosen text attack to test guesses for the outer round keys.
>
> - --
> David Hopwood <[EMAIL PROTECTED]>
> PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
> RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
>
> iQEVAwUBOQFiuTkCAxeYt5gVAQGWLAf/ZudB2XhDbMOGz5f1zT8vZF5B/NyQxzlP
> qKNhgbi36QY+JkhRTH4gEPz2KN/dO/YlZwYtl/NK/n4k7G624jN/h9p+Phny0Olk
> 0Etg19FIJrON865WEuUhk+VWFtafs9lRe6GRg1F88JIt4Fqsm3RZ0wPycT25EjiS
> YMDgrYTQmQHWhvVbLdNjYYbEk9mMqFr70rjHYq1Qu3Ij86rjuBK6kOwSuWNkQKmN
> rVB0bVNHyLGpmsAM6TJsC2bu4xCqGDKZX3ApS7FXFf9heAcmXmiNTuu/wMnJHLOK
> 5UQnfO029p8lXVTL9ST1Ak/r2n53UcrgeXQXCHEMXjMbw0/hCTARaA==
> =gn9C
> -----END PGP SIGNATURE-----
My apologies for poor terminology and vagueness. I snaped that one off in a
real hurry(and on a sugar and caffine buzz!). What I meant is that given a
round function F which is not a group and not "near" a group. then applying
F(k1, F(k2, F(k3, ........F(kn,M) ....))) with independent ki's will
eventually aproach something like a secure algorithim. This is an old chestnut
that I have heard from more than a few others in the field that I echoed
without a proper level of explanation.( and qualification)
I also am not claiming that his algorithim is "highly secure" , I am saying
that with the ~3000 character key he suggests, unless an attacker better able
than I is attacking it the algorithim is as secure as most in use at present
vs. the attacks that have been developed thus far. His algorithim is to the
best of my ability to determine secure versus "amateur cryptnalisys" as
thenone of the operations massages the group in such a manner as to directly
perpetuate the weaknesses of the other 2. If one runs them through the
operations 15 times + making certian to use each operation at least once and
never to use the same operation 2X in a row, and upon further examination only
using the 0-9 permutation once. The "Mix File" does get fairly mixed up --
probably about 30 or so bits of randomness will be present. This puts the
total pandomness of his algorithim using 3 mix files in the neigborhood of
80-90 or so bits. Thus without an improved attack, his algorithim implemented
according to these specs appears reasonably secure.
The fact that it is completely unwheildly, slower than molasses flowing
uphill, and requires a truly ridiculous amount of user effort to get that
security is where its flaws exist -- and they are significant. I would
recomend users avoid his product more because it is so unweildly as to be
unusable( if setup so as to be secure) as opposed to any security issue.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: AES Style CAST Cipher
Date: Sat, 22 Apr 2000 22:18:52 GMT
At http://24.42.86.123/cipher.c is a clearly commented copy of a 128-bit
block cipher based that uses the CAST style sboxes. Essentially I
copied the ones from CAST-128.
The cipher is very simple, it's fast and it's a balanced feistel, unlike
CAST-256 which is not. The Key schedule is very complete in the sense
that every bit of the key is used in each round very quickly.
The source is complete it includes the sboxes, the ECB encrypt/decrypt
and the key schedule.
Please let me know what you think.
Tom
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Tutorial on text encryption
Date: Sat, 22 Apr 2000 14:31:37 -0700
How secure do you want it?
If you don't care about security, try this
randseed(key);
for all i
data[i] = data[i] XOR rand();
end for
it's not portable, but it will probably work short term.
Otherwise you could grab Mersenne Twister (again not
considered secure for this) and replace rand with it, or RC4
(considered secure), or ISAAC, or {insert your favorite
unmentioned random number generator}. that should be simple
enough to be done quickly. If you want something more
secure, take a look at the AES competition, just search
Yahoo.
Joe
<[EMAIL PROTECTED]> wrote in message
news:8dsd97$3f6$[EMAIL PROTECTED]...
> Apologies for a newbie question.
> I'm looking for a tutorial on coding text as I am working
on a very
> simple text file encryption application in VSC++. Any
simple algorithm
> using random number generation would be ok - it's just an
exercise.
>
> Thank you!
>
> Eric
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Checksum algorithm which is ASCII
Date: Sat, 22 Apr 2000 14:34:23 -0700
I have no reason to be paid for this, as it's a very simple
recommendation, use SHA-1. It's available many places, even
from several people on this ng. A simple search from yahoo
or google should turn up hundreds of implementations, or you
can simply use openssl or I believe cb (from Tom St Denis)
has it.
Joe
"Terry Neckar" <[EMAIL PROTECTED]> wrote in message
news:LzlM4.57559$[EMAIL PROTECTED]
...
> Does anyone know of a CRC algorithm that has six ASCII
characters. The file
> I use is a text file similar to below. If someone has the
answer, I'll
> gratefully pay them. This algorighm is at least 10 years
old.
>
> Thanks,
> Terry
> ----------------------------------------------------------
==================
> ---------
> KEY_FILE
>
> ISSUER: MY COMPANY
>
> SITE_ID: 000000
> CUSTOMER NAME: DEFAULT
>
> KEY_VERSION: 1.0
> KEY_SEQUENCE: 00000000
> KEY_CREATION: 22 MAR 1995
>
> # PRODUCT FRAME_SN MB_SN OPTIONS
> X 1234 000000000000 000000000000 M0
$
> Y 0000 000000000000 000000000000 M0
$
> 0 0000 000000000000 000099999999 M0
$
> 1 0000 000000000000 000099999999 M0
$
> 2 0000 000000000000 000099999999 M0
$
> 3 0000 000000000000 000099999999 M0
$
> 4 0000 000000000000 000099999999 M0
$
> 5 0000 000000000000 000099999999 M0
$
> 6 0000 000000000000 000099999999 M0
$
> 7 0000 000000000000 000099999999 M0
$
> 8 0000 000000000000 000099999999 M0
$
> 9 0000 000000000000 000099999999 M0
$
> A 0000 000000000000 000099999999 M0
$
> B 0000 000000000000 000099999999 M0
$
> C 0000 000000000000 000099999999 M0
$
> D 0000 000000000000 000099999999 M0
$
> E 0000 000000000000 000099999999 M0
$
> F 0000 000000000000 000099999999 M0
$
>
> CHECKSUM: $ABCDE
>
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: new idea for symmetric cipher construction
Date: Sat, 22 Apr 2000 14:39:48 -0700
I'm not sure how you'd do it, since K were in Tom's
definition square matrices, and the only way I can think of
applying XOR is effectively the same as +. I think the
reversibility of the operation is too high, unless the
output is used carefully it may be possible to determine the
inputs too easily.
Joe
"Simon Johnson" <[EMAIL PROTECTED]> wrote in message
news:8dsnpe$bs1$[EMAIL PROTECTED]...
>
> Tom St Denis <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Basically you take the input (say 32 bytes) put it into
two square
> > matrices (4x4 each) called L and R. then you do
something like
> >
> > for r = 0 to rounds do
> > A = A + F(K[2r] * B)
> > B = B + F(K[2r+1] * A)
> >
> > Where K is an array of square matrices that hold the
round keys. The F
> > function can do any re-ordering and substitions
required.
> >
> > I don't know what it would have over a normal feistel,
but it sure does
> > look cool.
> >
> > One thing for sure is that F function will have todo
some permutation of
> > the input (just speculation, but it may not have to).
The
> > multiplication of the round key could be done modulo a
prime (say 257).
> >
> > More food for thought.
> >
> > Tom
>
> Yah, its simliar to an algorithm that i've preposed in the
past, however
> increase you're modulo to something larger, so the
probability of a & b both
> being 0 at the same time is too small to worry about.
>
> I was thinking, maybe use XOR instead of the
multiplication? How would this
> impact security?
>
> So: K[2r+1] * A
> becomes: K[2r+1] XOR A
>
>
------------------------------
Subject: Re: new Echelon article
From: Diet NSA <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,alt.journalism.print,alt.journalism.newspapers
Date: Sat, 22 Apr 2000 15:34:25 -0700
In article <[EMAIL PROTECTED]>
, "Trevor L. Jackson, III" <
[EMAIL PROTECTED]> wrote:
>Actually it does make a difference. In _theory_ the taxpayers
benefit from the
>surveillance. In _practice_ the victims suffer the loss of
their privacy at
>least.
By this reasoning, it seems that if the
potential "victims" are also tax payers
then they too should "benefit from the
surveillance". Here in America, all
citizens, taxpayers, voters, etc. are, in a
sense, part of the government and we are
all helped *and* hurt by the govt.
(Consider, for instance, how much money,
attention, and productivity was wasted on
the Monica Lewinsky scandal, and this is
barely anything compared to some
examples of government waste).
Since not all taxpayers are victims, the
groups are distinct. Those who
>benefit from the expenditure should fund it.
This would require raising taxes or
changing the Russian federal budget's
allocation which might not be feasible for
this issue.
Requiring the victims to fund it
>adds insult on top of the injury.
>
For potential Russian internet users it's
caveat emptor. They may not have a
choice, especially if the FSB is acting
within the law. Also, depending on how
the surveillance is conducted there may
be ways of getting around it.
Basic human rights, laws, etc. need to
become better established in Russia.
Personally, I only have to worry about my
privacy in regards to criminal activity,
not governmental activity. However,
Russian citizens may not have this luxury
because of, say, restrictions on free
speech (see the article).
"V hfdt afogx nfvw ufo axb (o)(o) " - Gtnjv
====================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: new idea for symmetric cipher construction
Date: Sat, 22 Apr 2000 22:39:38 GMT
Joseph Ashwood wrote:
>
> I'm not sure how you'd do it, since K were in Tom's
> definition square matrices, and the only way I can think of
> applying XOR is effectively the same as +. I think the
> reversibility of the operation is too high, unless the
> output is used carefully it may be possible to determine the
> inputs too easily.
If |K| is non-zero (modulo your prime) then K * B is invertible as
well. So that's not an issue. The big issue is that K * B mixes better
since for every new element of the product, depends on a row of K and
column of B.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: MERCY large block cipher
Date: Sat, 22 Apr 2000 23:21:07 GMT
For FSE2000 there was a presentation on a large block cipher called
MERCY? I was wondering if the team has a webpage or something...
Tom
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: The Illusion of Security
Date: Sun, 23 Apr 2000 00:34:50 GMT
On Sat, 22 Apr 2000 10:17:50 GMT, in <[EMAIL PROTECTED]>, in
sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote:
>Terry Ritter wrote:
>>
>> On Fri, 21 Apr 2000 22:31:56 GMT, in <[EMAIL PROTECTED]>,
>> in sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote:
>>
>> >[...]
>> >Well Twofish has been out for two years now, and I can imagine the team
>> >has spent hours and days working on it. They are the 'leading' people
>> >in the field (symmetric ciphers) so I would like to think they know what
>> >they are doing.
>>
>> Even if what you would like to think is in fact true, "knowing what
>> one is doing" in cryptography does NOT imply that the ciphers one
>> builds can resist our opponents. This is a fundamental issue; to
>> misunderstand it is to misunderstand what cryptography is about, and
>> what cryptographic peer review can do.
>
>Ok, what is the alternative?
The first thing we can do is realize that cipher technology has
nothing like the engineering and manufacturing control that we assume
and expect in every other product we use and buy. Because of this,
the present state of the art does not give us sufficient information
to trust any cipher, no matter who has made or approved it.
Consequently, we should avoid representing to others that a cipher is
"probably" unbreakable, since we can have no real understanding of
what those probabilities actually are.
What we can do is to accept the unfortunate cryptographic reality as
being beyond that addressed by conventional cryptographic wisdom. So
if we are to improve our situation, it will be necessary to do
something *different* from the way cryptography has been done in the
past. For example, we might seek to innovate protocols and strategies
which reduce our exposure and minimize our desirability as a target.
And since we cannot know when we are being successfully attacked, we
might seek to use ciphers in ways which terminate any such success.
Endlessly using the same cipher as everyone else is to join the group
which is the ideal target for attack. One alternative is to use
ciphers which not everyone uses. Because less data are protected
under these ciphers, they provide less payoff for successful attack,
and that may reduce our opponents' motivation to choose us as their
target. We can change ciphers frequently, which compartmentalizes our
data, and also provides less payoff for a successful attack on any
single cipher. Presumably there are various other approaches as well,
but they all require *doing* something which has not generally been
part of academic cryptography to date. That means we will not find
these answers in cryptographic texts.
In the end, we cannot trust the ciphers we use, no matter who has made
or approved them. Doing the same as everybody else just makes us part
of the most obvious and rewarding target. To improve our situation,
we must do something beyond what conventional cryptography recommends.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Secure, but WAY more dificult to use than other equally
secure programs
Date: Sat, 22 Apr 2000 17:45:03 -0700
lordcow77 wrote:
>
> In article <[EMAIL PROTECTED]>, Anthony Stephen
> Szopa <[EMAIL PROTECTED]> wrote:
> >I just put you in my permanent kill file then I read this.
>
> Hello?!?! If he were in your killfile, you wouldn't even see his
> message. If your understanding of how to use simple newsreader
> software is so defective (or you're just a blustering liar), how
> can it be expected that your cryptography software is any better.
>
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
> The fastest and easiest way to search and participate in Usenet - Free!
Here he is, posting in the very thread that proves he is completely
wrong yet he does not recognize it or acknowledge it just like Mr.
Magoo.
I think I know what is going on here. They gave computers to the
state mental hospital patients giving them online access.
Unfortunately, some of them have decided to troll in sci.crypt and
talk.politics.crypto
I am sort of a history buff. You remind me of a story. It is
called:
The Mongolian Marshall of the Latrines
The great grandson of Ghengis Kahn, Batu, took an army of 50,000
soldiers from his Golden Horde of Mongol brain dead warriors down
through the Middle East arriving near the city of Nazareth.
The Egyptian General Babars left Egypt with a large Egyptian army
and met Batu and his Mongol army in Nazareth. There was a terrible
battle and the large army of Mongol brain dead warriors were soon
being slaughtered to the very last man.
This is when the Mongolian Marshal of the Latrines made his last
stand. He stood before the stinking Mongolian latrines facing the
onslaught of the Egyptian army. He drew a line in the sand just in
front of the latrines.
"I swear," he cried at the top of his lungs choking a bit himself.
"Not one Egyptian will cross this line I have drawn in the sand and
take these latrines while I am still alive!"
The Mongolian Marshall of the Latrines then stepped back over this
line in the sand and wading in knee deep, he drew his sword from
its scabbard and raised it high over his head awaiting the Egyptian
army, and his fate.
As the last Mongolian brain dead warriors were killed the Egyptian
Army soon came upon the Mongolian Marshall of the Latrines standing
knee deep in his latrines. The Mongolian Marshall raised his sword
challenging and growling at the thousands of Egyptian soldiers
directly in front of him.
The Egyptians were choking and gagging at the horrendous stench
emanating from the Mongolian latrines. The Mongolian Marshall of the
Latrines grinned, ready to die along with his fallen comrades.
Just then a stone was hurled in the Marshall's direction. Then
another. Many stones began to fall all around him splashing the
putrid sludge over his tough rugged uniform.
The Mongolian Marshall of the Latrines tried to cover his face but
there were just too many stones coming at him now. He was soon
covered with this awful Mongolian brew. He decided to make a run
for it.
The Mongolian Marshall of the Latrines dropped his sword and it
disappeared sinking in the disgusting lake. He could not retrieve
it in the hail of stones pelting him.
The Mongolian Marshall of the Latrines managed to flee with his life
drenched in this indelible Mongolian stew. The Egyptians laughed as
the poor Marshall disappeared over a sand dune.
The Mongolian Marshall is the only one of this entire Mongol army to
escape with his life.
The only "move" I think you have, lordcow77, is to leave these news
groups, and I don't think you can do it with any less shame than the
Mongolian Marshall of the Latrines.
Take a deep breath.
Pee-yew!
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Secure, but WAY more dificult to use than other equally
secure programs
Date: Sat, 22 Apr 2000 17:52:04 -0700
Tom St Denis wrote:
>
> lordcow77 wrote:
> >
> > In article <[EMAIL PROTECTED]>, Anthony Stephen
> > Szopa <[EMAIL PROTECTED]> wrote:
> > >I just put you in my permanent kill file then I read this.
> >
> > Hello?!?! If he were in your killfile, you wouldn't even see his
> > message. If your understanding of how to use simple newsreader
> > software is so defective (or you're just a blustering liar), how
> > can it be expected that your cryptography software is any better.
>
> Not to be irrevelant but for someone that pulls apart my language you
> should have said "cryptographic software" not "cryptography software"..
>
> Hehehe, I am just joking around.
>
> Tom
Calling all cars. Calling all cars. Be on the look-out for an
escapee from the state mental hospital.
He was last seen lurking and trolling in the sci.crypt and
talk.politics.crypto news groups.
Calling all cars. Calling all cars. Be on the look-out for an
escapee from the state mental hospital on the lam.
Beware. He is armed with a keyboard and computer. Approach with
extreme caution. He is considered dangerous.
Calling all cars. Calling all cars.
He's a real joker, too.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Sun, 23 Apr 2000 01:04:01 GMT
Terry Ritter wrote:
> >Ok, what is the alternative?
>
> The first thing we can do is realize that cipher technology has
> nothing like the engineering and manufacturing control that we assume
> and expect in every other product we use and buy. Because of this,
> the present state of the art does not give us sufficient information
> to trust any cipher, no matter who has made or approved it.
>
> Consequently, we should avoid representing to others that a cipher is
> "probably" unbreakable, since we can have no real understanding of
> what those probabilities actually are.
>
> What we can do is to accept the unfortunate cryptographic reality as
> being beyond that addressed by conventional cryptographic wisdom. So
> if we are to improve our situation, it will be necessary to do
> something *different* from the way cryptography has been done in the
> past. For example, we might seek to innovate protocols and strategies
> which reduce our exposure and minimize our desirability as a target.
> And since we cannot know when we are being successfully attacked, we
> might seek to use ciphers in ways which terminate any such success.
>
> Endlessly using the same cipher as everyone else is to join the group
> which is the ideal target for attack. One alternative is to use
> ciphers which not everyone uses. Because less data are protected
> under these ciphers, they provide less payoff for successful attack,
> and that may reduce our opponents' motivation to choose us as their
> target. We can change ciphers frequently, which compartmentalizes our
> data, and also provides less payoff for a successful attack on any
> single cipher. Presumably there are various other approaches as well,
> but they all require *doing* something which has not generally been
> part of academic cryptography to date. That means we will not find
> these answers in cryptographic texts.
>
> In the end, we cannot trust the ciphers we use, no matter who has made
> or approved them. Doing the same as everybody else just makes us part
> of the most obvious and rewarding target. To improve our situation,
> we must do something beyond what conventional cryptography recommends.
You are not being realistic. We cannot throw away all current symmetric
ciphers just because you feel less warm and fuzzy about them. Symmetric
ciphers are used millions of times a day, and they do have an impact on
theft and compromise, therefore they must be doing there job.
True 100 years from now (or 50, or 25) AES may become weaker then
conjectured, but for now we can assume that AES will be secure and not
the point of attack.
The alternative of course is to ditch all symmetric ciphers, send all
information as plaintext and say "this is the best we can do".
While your point of view is appropriate your attitude is not.
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
