Cryptography-Digest Digest #777, Volume #11 Mon, 15 May 00 13:13:00 EDT
Contents:
Re: Definition of "Broken" Cipher (Tom St Denis)
Re: AES on the AVR-RISC cpus? (Runu Knips)
Re: Destructive crypting (Mark Wooding)
Re: S-BOX Construction Tutorial? (Runu Knips)
Is OTP unbreakable? ([EMAIL PROTECTED])
Re: AES final comment deadline is May 15 (Runu Knips)
Re: (May 11, 2000) Cipher Contest Update (Runu Knips)
Re: (May 11, 2000) Cipher Contest Update (Runu Knips)
Re: Is OTP unbreakable? (DJohn37050)
Re: Prime Generation in C,C++ or Java (John Myre)
Re: Is OTP unbreakable? (Runu Knips)
Re: S-BOX Construction Tutorial? (John Savard)
Re: Is OTP unbreakable? (JCA)
Re: Yet another sci.crypt cipher (Runu Knips)
Re: Destructive crypting (Daniel =?iso-8859-1?Q?=C5kerud?=)
Re: Is OTP unbreakable? (Anton Stiglic)
Re: AES Comment: the Hitachi patent (Anton Stiglic)
Re: factor large composite (Anton Stiglic)
Re: Is OTP unbreakable? (Roger Schlafly)
Re: Encryption of graphics by transposition (Tim Tyler)
Re: Key generation for lja1 (Andru Luvisi)
SAC2000 (Amr Youssef)
Re: Double Cypher (Andru Luvisi)
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Definition of "Broken" Cipher
Date: Mon, 15 May 2000 11:56:14 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
>
> Tom St Denis wrote:
>
> > It's quite simple. You don't say your car is broken because of a
dent
> > in the fender right?
>
> It depends. Gates might change his car. On the other hand, there is a
> good business in Europe buying cars that nobody wants to have and
> selling these to some developing countries. Whether a cipher is good
> to use depends on the application and your (more or less subjective)
> judgement, I believe. Single DES is e.g. yet good enough for a fairly
> wide range of applications.
No you are wrong, single des is hopelessly useless now. The key is
much too small, it's an ugly algorithm, not to mention slow.
And if you reply 'password hash' you are wrong, MD5 or SHA-1 is better
suited for that task too.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Mon, 15 May 2000 14:22:01 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: AES on the AVR-RISC cpus?
Tom St Denis wrote:
> Do any of the AES ciphers work with only say 64 bytes of sram?
Twofish requires 64 bytes of ram PLUS some local variables of
the algorithm. Thats even stated in the paper itself. One needs
32 byte for the up to 256 bit long key, plus 16 byte for the
vector S of the paper, and another 16 byte (128 bit) for the
company key.
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Destructive crypting
Date: 15 May 2000 12:36:58 GMT
Tim Tyler <[EMAIL PROTECTED]> wrote:
> Sometimes folks seem to use use Hash(Key,Message) as a way of building
> MAC(Message). Doing this may be slower than using a dedicated MAC.
There are better reasons not to use this construction.
Most hash functions in common use divide the preimage into fixed-size
blocks and process each in turn. It's therefore possible to compute the
hash of a message M' = M || m given only the hash of the original
message H(M) and the suffix m. Using the above construction then lets
you forge a MAC for any suffixed message you already have a MAC for.
Which is a shame.
Most secure MAC functions I've seen are either hash-based or built from
block ciphers. The hash-based functions are rather faster, I believe.
HMAC, my current recommendation, is two compression function executions
slower than hashing the same data with the underlying hash function,
with extremely impressive security properties even when based on a
relatively poor underlying hash such as MD5.
-- [mdw]
------------------------------
Date: Mon, 15 May 2000 14:42:01 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: S-BOX Construction Tutorial?
John Savard wrote:
> It does appear that many others seem to have the approach of not
> putting anything in a cipher that they don't understand...
Its pretty pointless if you use something you don't understand,
isn't it ?
------------------------------
From: [EMAIL PROTECTED]
Subject: Is OTP unbreakable?
Date: Mon, 15 May 2000 12:46:18 GMT
Is it possible to prove theoretically that OTP using a truely random key
is unbreakable? I have not seen such a proof anywhere...just lots of
statements that OTP is unbreakable....If there is a mathematical proof
then I would be interested to know it...
I know that Ritter distinguishes between a theoretical OTP and a
practically realisable OTP....if OTP is that secure...why is it not used
in practice ..or is it?. Does secure diplomatic traffic still use OTP?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Mon, 15 May 2000 14:58:52 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: AES final comment deadline is May 15
Mok-Kong Shen wrote:
> Runu Knips wrote:
> > Hey, I surely think there are far better cryptoanalytics out
> > there, than me ;-) [...]
> [...]
> I don't think that you think that you are the representative.
Right, I don't think that at all. AFAIK I also didn't said
that ?!
> According to NIST's intention (as far as I understand) the
> users of the AES winner shouldn't have to pay patent royalities.
> What do you mean by worldwide pressure? Why do you think
> that a patent holder should give up his legitimate rights? For
> ethical or humanitary reasons perhaps??
Nono, I wanted to say that I believe those patents are not
really true inventions. Therefore if enough people have an
interest then there will be enough money to pay the fight
against them.
If there is a true patent arround, something which is
really a new invention, of course there is no way to get
rid of it.
------------------------------
Date: Mon, 15 May 2000 15:12:55 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: (May 11, 2000) Cipher Contest Update
Adam Durana wrote:
> But I think when someone publishes a
> cipher for analysis, they are saying that the only attack they can come up
> with is brute force. Any attack better than that would be a break through.
> So if an attack arises that can recover the key or plaintext faster than
> brute force, I think that attack should get the cipher removed from the
> listing. Keep in mind this is a contest of cipher design.
I disagree with that definition. RC6, for example, accepts keys
of any size. It is quite unfair to state that it is therefore
broken by definition.
------------------------------
Date: Mon, 15 May 2000 15:13:54 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: (May 11, 2000) Cipher Contest Update
Baruch Even wrote:
> Also, keeping a log of all ciphers and attacks on them would be a
> great thing.
I second that.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Is OTP unbreakable?
Date: 15 May 2000 13:53:50 GMT
OTP is information theory secure. There is a proof. Any message (of hte right
length) is equally likely. Only knowing the right one-time key reveals the
message. Not used much as the key is SOOOOOOOO long.
Don Johnson
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Prime Generation in C,C++ or Java
Date: Mon, 15 May 2000 08:18:22 -0600
Bryan Olson wrote:
>
> John Myre wrote:
<snip [good point about constructor naming problem]>
>
> > From a caller's point of view, it seems just right. [...]
>
> I disagree. The exposed functions, even if implemented
> efficiently, are not useful in building efficient generators
> for primes of important special forms, for example DSA
> primes.
Ah. So part of the problem is the lack of other capabilities, that
are needed. It doesn't make sense to consider "the interface" of
a single function (only), but of a package, or class, as a whole.
I still think it reasonable for a function that claims to provide
a random prime integer of no special form to provide a probablity
parameter rather than a loop control value. That would be, if the
caller actually needs a random prime integer of no special form.
I haven't actually looked at the documentation; I was going by
the hints in the posts here. Perhaps that was my first error.
Thanks -
John M.
------------------------------
Date: Mon, 15 May 2000 16:19:23 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?
[EMAIL PROTECTED] wrote:
> If there is a mathematical proof then I would be interested
> to know it...
Each plaintext is equally likely. There is no loop in it. The
only information you get from a OTP message is how LONG it is.
And even that is of course only the upper limit of length.
> I know that Ritter distinguishes between a theoretical OTP and a
> practically realisable OTP....if OTP is that secure...why is it
> not used in practice ..or is it?
It is. Or at least has been. And yes, the practical realization
is really not an easy thing to do, because you have to have such
a big key.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: S-BOX Construction Tutorial?
Date: Mon, 15 May 2000 14:23:47 GMT
On Mon, 15 May 2000 14:42:01 +0200, Runu Knips
<[EMAIL PROTECTED]> wrote, in part:
>Its pretty pointless if you use something you don't understand,
>isn't it ?
If I put it in a place where it can't do any harm, using stuff that a
cryptanalyst is less likely to be able to understand, and hence begin
to attack, does have a point.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/
------------------------------
From: JCA <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?
Date: Mon, 15 May 2000 07:08:14 -0700
[EMAIL PROTECTED] wrote:
> Is it possible to prove theoretically that OTP using a truely random key
> is unbreakable? I have not seen such a proof anywhere...just lots of
> statements that OTP is unbreakable....If there is a mathematical proof
> then I would be interested to know it...
Does it not directly follow from its construction? I mean, if the key
is
truly randomly generated and used only once, a given encrypted stream
of data can decrypt to any string of data of the same length with equal
probability.
------------------------------
Date: Mon, 15 May 2000 16:50:47 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Yet another sci.crypt cipher
Tom St Denis wrote:
> I sincerely with all my being hate the keyschedule I put into that
> cipher.
Whow. So much hate on a little innocent expression... which is IMHO
really nifty.
> [...] I am kinda scrapping the bottom of the barallel for a good key
> schedule. Basically I want some permutation of 0..15 that is algebraic
> and takes three inputs (x, y, j) where (x, j) belong to 0..7 and (j)
> belongs to 0..15.
The thing I don't like about your kF() is that x doesn't influence
bit 4 and y doesn't influence bit 1.
------------------------------
From: [EMAIL PROTECTED] (Daniel =?iso-8859-1?Q?=C5kerud?=)
Subject: Re: Destructive crypting
Date: 15 May 2000 14:59:25 GMT
Was looking into all what you are writing about, and found
RipeMD-160 (128 too)
This, just like SHA-1 gives you a 160 bit hash.
I got excited about this because in the paper they included source code, even
a MAC example, here:
http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
(wee, hehe; me lame yes yes ;)).
Have you heard anything about this?
--
Daniel �kerud
Programvaruteknik, MAH
Email: [EMAIL PROTECTED]
Homepage: http://zilch.pvt.te.mah.se
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?
Date: Mon, 15 May 2000 11:08:02 -0400
[EMAIL PROTECTED] wrote:
> Is it possible to prove theoretically that OTP using a truely random key
> is unbreakable? I have not seen such a proof anywhere...just lots of
> statements that OTP is unbreakable....If there is a mathematical proof
> then I would be interested to know it...
>
> I know that Ritter distinguishes between a theoretical OTP and a
> practically realisable OTP....if OTP is that secure...why is it not used
> in practice ..or is it?. Does secure diplomatic traffic still use OTP?
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
It has been said that communication between Moscow and the United
States White house was done using a secure one-time pad. The key
was supposedly delivered by an agent, on a tape locked in a brief
case, which in turn was handcuffed to the agents arm.
If you ever really need serious security, and don't trust anything else,
you could build up a similar scheme. :)
Anton
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: AES Comment: the Hitachi patent
Date: Mon, 15 May 2000 11:24:13 -0400
You can go read the papers that have been submitted to AES
http://csrc.nist.gov/encryption/aes/round2/conf3/aes3agenda.html
The papers you will be interested in are under "AES Issues" Panel.
Your ideas has been presented before, notably at the 3rd round of
AES, and directly stated in an article from Ian Harvey.
When they presented the idea, most of the audience members seemed
against it, for some reasons such as the one I posted as I reply to
your post on May 7th.
Bruce just gave another good reason in his post, it seems like the idea
of multiple AES ciphers just gets counter-argued all the time..
Anton
Mok-Kong Shen wrote:
> Bruce Schneier wrote:
>
> > This particular example is a counter to the "IP attack" argument
> > espoused by some as a reason to select multiple AES algorithms instead
> > of a single one. It is most likely that IP attacks, if any, will be
> > based on very broad and ambiguous claims (like those of Hitachi) that
> > the patent holder attempts to apply to all encryption systems.
>
> This looks like that a number of other people have previously advanced
> similar arguments like my recent post in this group (7th May, 'An
> argument for multiple AES winners'). If yes, could you give pointers?
> Thanks.
>
> M. K. Shen
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Date: Mon, 15 May 2000 11:26:58 -0400
Tim Tyler wrote:
> Stanley Chow <[EMAIL PROTECTED]> wrote:
>
> : As Dann Corbit explained in his article, God's algorithm is quite
> : well known and fast. Is there any variant of quantum algorithm
> : that is O(1)?
>
> Not even God's algorithm is O(1). God's algorithm requires a gigantic
> look-up table. Gigantic look-up-tables take up space, and take time to
> access. It's not even clear that it's the fastest method of determining
> primality on all scales.
As far as I know, no lower bounds have been given for this, so you
can't actually state that.
Anton
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?
Date: Mon, 15 May 2000 08:38:02 -0700
[EMAIL PROTECTED] wrote:
> Is it possible to prove theoretically that OTP using a truely random key
> is unbreakable? I have not seen such a proof anywhere...just lots of
> statements that OTP is unbreakable....If there is a mathematical proof
> then I would be interested to know it...
>
> I know that Ritter distinguishes between a theoretical OTP and a
> practically realisable OTP....if OTP is that secure...why is it not used
> in practice ..or is it?. Does secure diplomatic traffic still use OTP?
Besides practical difficulties in using very long keys, the OTP
also has security problems. Yes, there is a theoretical proof
that it is unbreakable in a certain sense, but other systems
are believed to be more secure because offer authentication.
The OTP does not offer any authentication.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Encryption of graphics by transposition
Reply-To: [EMAIL PROTECTED]
Date: Mon, 15 May 2000 15:05:24 GMT
John Bailey <[EMAIL PROTECTED]> wrote:
: Are the usual encryption techniques, eg pgp, feistel ciphers, DES, etc
: really suitable for encrypting graphics, eg gif files, pgp files, etc?
Yes - they are intended to be suitable for *anything*.
: A more straightforward approach than using these substitution based
: ciphers would be remapping the location of pixels within the image,
: using any of several techniques which guarantee one to one mapping
: consistency.
A transposition-only scheme? What security would that provide?
: An example of raster transposition can be seen at
: http://www.frontiernet.net/~jmb184/interests/fractals/Rasterless/
Very pretty - but the relevance to cryptography is not easy to see.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ UART what UEAT.
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Re: Key generation for lja1
Date: 15 May 2000 09:26:45 -0700
Benjamin Goldberg <[EMAIL PROTECTED]> writes:
[snip]
> While I understand what you want to do, the code you gave is a bit
> difficult (for me, at least) to understand. Perhaps this version
> would better:
I like the idea of separating the shuffling and the filling. I agree
that it makes the algorithm easier to follow. I hope you won't mind
if I offer a few corrections to your code.
> void lja1_makekey(
> unsigned char *key,
> int (*number_generator)(void *closure, int modulo),
> void * ng_closure)
> {
> int pool[255], i, j, k;
>
> for( i = 0; i < 255; --i )
> pool[i] = i;
++i
> for( i = 0; i < 255; --i ) {
> j = (*number_generator)(ng_closure, 255);
> k = pool[i];
> pool[i] = pool[j];
> pool[j] = k;
> }
for( i = 254; i > 0; --i ) {
j = (*number_generator)(ng_closure, i+1);
k = pool[i];
pool[i] = pool[j];
pool[j] = k;
}
> k = 255;
> for( i = 0; i < 255; ++i ) {
> key[ k ] = pool[i];
> k = pool[i];
> }
> key[ k ] = 255;
> }
Thanks for the idea,
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
From: Amr Youssef <[EMAIL PROTECTED]>
Subject: SAC2000
Date: Mon, 15 May 2000 12:23:57 -0400
Seventh Annual Workshop on Selected Areas in
Cryptography
SAC 2000
Centre for Applied Cryptographic Research (CACR)
University of Waterloo, Waterloo, Ontario, Canada
Second Announcement.
August 14-15, 2000
University of Waterloo
Waterloo, Ontario, Canada.
Co-Chairs:
* Doug Stinson, University of Waterloo
* Stafford Tavares, Queen's University
Workshop Themes:
* Design and analysis of symmetric key
cryptosystems.
* Primitives for private key cryptography, including
block and stream ciphers, hash functions and MACs.
* Efficient implementations of cryptographic systems
in public and private key cryptography.
* Cryptographic solutions for web/internet security.
Invited Speakers:
* M. Bellare, UCSD (U.S.A)
Title: "The Provable-Security Approach to
Authenticated Session-key Exchange"
* D. Boneh, Stanford U. (U.S.A.)
Title: TBA
Program Committee:
* D. Stinson, U. of Waterloo (Canada)
* S. Tavares, Queen's U. (Canada)
* L. Chen, Motorola (U.S.A.)
* H. Heys, Memorial U. of Newfoundland (Canada)
* L. Knudsen, U. of Bergen (Norway)
* S. Moriai, NTT Labs. (Japan)
* L. O'Connor, European Security COE (Switzerland)
* S. Vaudenay, EPFL (Switzerland)
* A. Youssef, U. of Waterloo (Canada)
* R. Zuccherato, Entrust Technologies (Canada)
Sponsors:
* Certicom Corporation
* Entrust Technologies
* MITACS
* University of Waterloo
Important Dates:
* Submission Deadline: May 1
* Notification of Acceptance: June 19
* Early Registration Deadline: July 9
* Workshop Dates: August 14-15
* Deadline for Proceedings: September 18
Proceedings: The Proceedings will be published by
Springer-Verlag in the Lecture Notes in Computer
Science (LNCS) Series. In order to to be included in
the Proceedings, papers must be presented at the
Workshop. As in previous years, a Workshop Record will
be available to participants during the Workshop. Final
versions of papers will be due by September 18.
For further information contact:
* Doug Stinson, University of Waterloo,
[EMAIL PROTECTED]
* Stafford Tavares, Queen's University,
[EMAIL PROTECTED]
Arrangements:
REGISTRATION
There will be an early registration fee of $250 Cdn
($125 Cdn for students) which is due by July 9.
Registration after July 9 will be
$300 Cdn ($150 Cdn for students).
We cannot process a registration
until all fees are paid in full.
To register, complete, in full, the attached
REGISTRATION FORM and return it along with your payment to:
Mrs. Frances Hannigan, C&O Dept., University of Waterloo, Waterloo,
Ontario, Canada N2L 3G1. (If you wish, you can fax the
registration form to the following number:
(519)-725-5441.)
Confirmation of your registration will be
sent by email when payment is received in full.
------------------------cut form here---------------------------------
SAC 2000 WORKSHOP REGISTRATION FORM
Full name:
_________________________________________________________
Affiliation:
_________________________________________________________
Address:
_________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
E-Mail Address:
_________________________________________________________
Telephone #:
_________________________________________________________
Registration Fee: Please check the appropriate box:
[ ] Early Registration (by July 9).......$250.00
..............$________
[ ] Full Registration (after July 9).....$300.00
..............$________
[ ] Full-time Student (by July 9)........$125.00
..............$________
[ ] Full-time Student (after July 9).....$150.00
..............$________
Extra Dinner tickets @ $50.00 per ticket: (
)x$50..............$________
TOTAL AMOUNT PAYABLE:
..........................................$________
**Make Cheque/Money Order Payable in Cdn funds only to: SAC 2000
Additional Information:
-------------------------cut form here-------------------------------
TRAVEL
Kitchener-Waterloo is approximately 100km/60miles from Pearson
International Airport in Toronto. Ground transportation to Kitchener-
Waterloo can be pre-arranged with Airways Transit.
TRANSPORTATION TO AND FROM TORONTO AIRPORT
PROVIDED BY AIRWAYS TRANSIT
It is advisable to book your transportation between the Pearson
Airport,
Toronto, and Waterloo in advance to receive the advance booking rate
of
$52 Cdn per person, one way, with Airways Transit (open 24 hours a
day).
This is a door-to-door service; they accept cash (Cdn or US funds),
MasterCard, Visa and American Express.
Upon arrival:
Terminal 1: proceed to Ground Transportation Booth, Arrivals Level,
Area 2.
Terminal 2: proceed to Airways Transit desk, Arrivals Level, Area E.
Terminal 3: proceed to Ground Transportation Booth, Arrivals Level,
under domestic area escalators.
Complete the form below and send by mail or fax well in advance of
your
arrival to Airways Transit. They will not fax confirmations: your
fax
transmission record is confirmation of your reservation.
-------------------------cut form
here---------------------------------
AIRWAYS TRANSIT ADVANCE BOOKING FORM - ECC '99
ARRIVAL INFORMATION:
____________________________________________________________
Surname First name
____________________________________________________________
Toronto Arrival Date Airline Flight #
____________________________________________________________
Arrival Time Arriving From
____________________________________________________________
Destination in Kitchener/Waterloo No. in party
DEPARTURE INFORMATION:
____________________________________________________________
Surname First name
____________________________________________________________
Toronto Departure Date Airline Flight #
____________________________________________________________
Departure Time Flight # Destination
____________________________________________________________
Pickup From No. in party
____________________________________________________________
Signature Date
Send or Fax to:
Airways Transit
99A Northland Road
Waterloo, Ontario
Canada, N2V 1Y8
Fax: (519) 886-2141
Telephone: (519) 886-2121
-----------------------------cut form
here--------------------------------
ACCOMMODATIONS
There is a limited block of rooms set aside on a first-come
first-serve
basis at the Waterloo Inn for the evenings of
August 13,14 and 15. Please make your reservations prior
to July 9, 2000, directly with the hotel.
Waterloo Inn
475 King Street North
Waterloo, Ontario
Canada N2J 2Z5
Phone: (519) 884-0222
Fax: (519) 884-0321
Toll Free: 1-800-361-4708
Website: www.waterlooinn.com
- $94 Cdn plus taxes/night for a single or double room
- please quote "SAC 2000 WORKSHOP" when making your
reservation.
Other hotels close to the University of Waterloo are:
Comfort Inn
190 Weber Street North
Waterloo, Ontario
Canada N2J 3H4
Phone: (519) 747-9400
Rate: $95-105 Cdn plus taxes/night
Destination Inn
547 King Street North
Waterloo, Ontario
Canada N2L 5Z7
Phone: (519) 884-0100
Fax: (519) 746-8638
Rate: $77 Cdn plus taxes/night
Best Western
St. Jacobs Country Inn
50 Benjamin Road, East
Waterloo, Ontario
Canada N2V 2J9
Phone: (519) 884-9295
Rate: $109-$119 Cdn plus taxes/night
The Waterloo Hotel
2-4 King Street North
Waterloo, Ontario
Canada N2J 1N8
Phone: (519) 885-2626
Rate: $112-$130 Cdn plus taxes/night
HOTEL TO CONFERENCE TRANSPORTATION
A shuttle to/from the campus will be available each day of the
conference from the Waterloo Inn only.
For further information or to return your Registration, please
contact:
Mrs. Frances Hannigan
Department of Combinatorics & Optimization
University of Waterloo
Waterloo, Ontario, Canada N2L 3G1
e-mail: [EMAIL PROTECTED]
Fax: (519) 725-5441
Phone: (519) 888-4027
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Re: Double Cypher
Date: 15 May 2000 09:49:10 -0700
[EMAIL PROTECTED] writes:
> It is tough to be a newbie.
>
> Would it be possible to cypher a file using say, Blowfish, and then
> cypher the the newly created cyphered file using another s/w, say PGP?
> What will be the consequences? Any pluses or any negatives?
First: Blowfish is an algorithm. PGP is a piece of software. In
terms of algorithms, according to Bruce Schneier, if you use multiple
algorithms that commute with independant keys (and I would expect that
independant initialization vectors would also be a good thing), the
result is guaranteed to be at least as strong as the strongest
algorithm. The easiest way to do this is to run all of the algorithms
in Output Feedback Mode, and xor all of the outputs together and with
the plaintext to get the ciphertext.
That is to say, if E1 is encryption with block algorithm 1, and E2 is
encryption with block algorithm 2, then:
Pad1_0 = Random Initialization Vector
Pad2_0 = Another Random Initialization Vector
Pad1_i = E1(Pad1_{i-1})
Pad2_i = E2(Pad2_{i-1})
Ciphertext_i = Plaintext_i XOR Pad1_i XOR Pad2_i
Best of luck,
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
