Cryptography-Digest Digest #893, Volume #11 Tue, 30 May 00 08:13:00 EDT
Contents:
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Peter G. Strangman)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May ("Cynic")
Re: Hill's algorithm (Benjamin Goldberg)
Comfort csybrandy ! (Was: Attack on SC6a (sci.crypt cipher)) (Runu Knips)
Re: encryption without zeros (Tim Tyler)
Re: Is OTP unbreakable?/Station-Station (Tim Tyler)
Re: encryption without zeros (Runu Knips)
Re: Is OTP unbreakable?/Station-Station (Guy Macon)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Bob)
Re: encryption without zeros (Runu Knips)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Peter G. Strangman)
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on (Bob)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Peter G. Strangman)
Re: Is OTP unbreakable?/Station-Station (Guy Macon)
Re: Retail distributors of DES chips? (Terry Ritter)
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
("Dave Foulger")
Re: No-Key Encryption (Guy Macon)
Re: No-Key Encryption (Runu Knips)
Re: Retail distributors of DES chips? (Mark Wooding)
Re: Small compression/encryption problem (Guy Macon)
----------------------------------------------------------------------------
From: Peter G. Strangman <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Tue, 30 May 2000 10:21:35 +0100
Reply-To: [EMAIL PROTECTED]
On Mon, 29 May 2000 19:53:31 +0000, [EMAIL PROTECTED] (David
Boothroyd) wrote:
> The �150 the government is giving to pensioners to help with their
> winter fuel bill wasn't in the manifesto. Are you saying the government
> was dishonest when it introduced it?
That is a budgetary matter, not the creation of draconian
laws!
--
Peter G. Strangman | Leser, wie gefall ich dir?
[EMAIL PROTECTED] | Leser, wie gefaellst du mir?
http://www.adelheid.demon.co.uk | (Friedrich von Logau)
XLIV-VII-DCCCII-CCXII-DCCCXXXI |
------------------------------
From: "Cynic" <none@none>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Tue, 30 May 2000 10:29:08 +0100
David Boothroyd wrote
>Then they will find the decrypted document does not contain anything
>wrong, and no further action will be taken.
>People cannot be put in jail because they have lost their keys, as
>Ministers have made clear during debate on the bill.
>
>Without this bill criminals will get away with it. With it they will
>not. It's a simple as that.
You are under the sad but common illusion that everything that the
police do is done in the cause of justice. You are also under the sad
illusion that the police at all times adhere not only to the letter,
but also the spirit of the laws that empower them.
A while back there was a thread about a village where the local
residents were persuaded that having surveillance cameras erected
would benefit all law-abiding citizens, and reduce crime tremendously.
The residents happily agreed to such an obvious benefit. The cameras
were erected. The police then used the cameras mainly to target the
local pubs and prosecute the landlords if anyone was seen leaving a
few minutes after drinking-up time. The police explained that the
landlords were criminals to allow this, and so the cameras were indeed
being used exactly as promised. They were not being used quite the
way the residents expected however. Meanwhile crimes did not fall,
because the criminals simply kept out of the way of the cameras, or
disabled them before committing the crime.
The RIP bill *does* allow a person to be prosecuted if s/he has lost
the key. How would anyone prove that they have lost a key, rather
than they are deliberately withholding it?
Laws in which the burden of proof is on the accused to show s/he is
innocent can be used to intimidate.
I do not like to see any laws in which the charge is about what
*might* be the case, or what *might* happen in the future. Given the
right spin, it could be argued that any number of things *might*
happen.
--
Cynic
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Hill's algorithm
Date: Tue, 30 May 2000 09:45:42 GMT
Mark Wooding wrote:
[snip]
> > How? Please keep in mind that I'm not using a "pure" Hill's cipher.
> > I'm doing 8 rounds of whitening, matrix multiplication, and diffusion.
>
> Indeed. Where did you get that shift/xor diffusion step from?
>
I got the idea from the "storin" cipher which I saw on this NG. The
reason for it is that changing the upper bits of the inputs would only
result in changes in the upper bits of the outputs. The shift/xor step
should, I think, counteract that.
------------------------------
Date: Tue, 30 May 2000 11:48:56 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Comfort csybrandy ! (Was: Attack on SC6a (sci.crypt cipher))
tomstd wrote:
> [...]
Oooops. Before I've even recognized there is a new cipher there is
already an attack !
Comfort to the author of SC6a ! It really hurts to get one's cipher
broken so fast.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: encryption without zeros
Reply-To: [EMAIL PROTECTED]
Date: Tue, 30 May 2000 10:01:22 GMT
Bryan Olson <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> zapzing <[EMAIL PROTECTED]> wrote:
:> : There are only 256^8 possible 8 bit blocks.
:> : Imagine a directed graph of all possible blocks, in
:> : which block A is connected to block B iff block A
:> : encrypts into bock B. Mow this graph must consist
:> : of a finite number of loops. No dendrites allowed.
:> : A loop either contains a block without zeros or it
:> : doesn't. So you can see that any block without
:> : zeros will eventually lead to another block
:> : without zeros, through the process that
:> : "Mixmaster" described.
:>
:> No. I don't see that at all. In fact, it's wrong ;-| [...]
: No. Remember that we know the original plaintext has
: no zeros, and the block encryption function is a
: permutation. There is at least one zero-free block on
: the cycle - the original plaintext.
Yes. Oops.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Namaste.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?/Station-Station
Reply-To: [EMAIL PROTECTED]
Date: Tue, 30 May 2000 10:18:43 GMT
Bryan Olson <[EMAIL PROTECTED]> wrote:
: The method presented by ciphermax is flawed, but a one-time
: random key does offer provable authentication, and no other
: technique does.
The scheme you describe - like other sorts of "provable" security does
not actually /prevent/ the possibility of faking identity. Instead it
tries to reduce it to 1/S.
The "proof" also depends on an unprovable assumption - the existence of an
unguessable random stream.
Finally (as usual) the resulting security level depends on real-world
factors involving the security of the key-distribution process.
These sorts of concern always make me uneasy about the use of the term
"provable" in relation to secrecy, or authentication.
It seems to me that "provable" security is almost a sort of academically-
respectable snake-oil marketing technique :-|
The word "proof" seems designed to produce a feeling of security and
invulnerability which is - in fact - a mistaken idea, since the "proof"
often does not prove inviolability at all (rather it is based on reducing
the probability of a break to some known small level) - and is based on
unproven premises in the first place.
Authentication and security are real-world concepts, which are
fundamentally not amenable to notions of mathematical proof.
I wish some less potentially misleading term could be employed.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Namaste.
------------------------------
Date: Tue, 30 May 2000 12:26:17 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: encryption without zeros
rick2 wrote:
> I would like to use some strong encryption but need to have
> the output not have any zeros (needs to fit into zero-terminated
> data chunks). What would be the smallest and fastest way to mask
> the zeros? I've seen some people expand every 7 bits to 8, but
> that seems wasteful (expands to 114% of original size, or so) and
> takes time (every output byte needs to be shifted).
If you want to transform random data of an alphabet with 256
characters into another alphabet with 255 characters (i.e. never
with the NUL character), you cannot get a better average
expansion factor than 0.4%.
If you use a special escape character, where you transform a sequence
{ 0 } into { ESC 1 } and { ESC } into { ESC 2 }, you have 0.8%
expansion in average. This is only 200% of the smallest expansion
possible, and the implementation is really simple. Because you always
work with the output of a cipher, which is random if the cipher is not
next to useless, it is very very very unlikely (but not impossible!)
that you will ever have the worst case of 100% expansion, especially
for long sequences.
So I think there can't be a better scheme for you. However, you always
have to keep in mind the worst case MAY occur, which is not the case
if one uses the 8 to 7 bit transformation, which always has the fixed
expansion factor 1/7 ~ 14%.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Is OTP unbreakable?/Station-Station
Date: 30 May 2000 06:47:06 EDT
In article <8gvqhb$p5h$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
>
>
>> Or am I going astray somewhere in my thinking? Be gentle....
>
>(as I gently push the keys...) The only thing I see you or others
>going astray about is that you think somehow you will know what my
>plain text is before it gets to the other side of the wire.
>
>Let me make something clear right now. Apart from having the
>OTP key from the receiver (in which case, no issue for you at
>all), you will never know, because I ain't saying and I will
>destroy the key once I use it. I will prefix and suffix my
>plain text with random length garbage and compress the shit
>out of it so you cannot figure out just how much there is
>to the message in the first place.
>
>So the whole idea that a plain text attack can be used is nonsense-
>at least, against my messages. That is where you lose me.
Odd, that I would "lose you" when you agree with me...
The above *additions* to OTP (which would not be needed if OTP
*alone* was secure) are pretty much what I have advocated from
the start. If you do as you suggest (and, of course, keep the
length and values of your random prexixes OT and secret), you
are immune from the combo known-text / man-in-the-middle attack.
I have a question about your method as described. How do you
handle a missing message (iether random transmission error or
a man-in-the-middle adding to or removing from your message
stream?) You have your OTP, and so does your recipient, but
he is trying to decrypt with a key that you have already
destroyed. How do you get him to jump ahead and resync to you?
------------------------------
From: Bob <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Tue, 30 May 2000 11:56:15 +0100
Unless he was *really* stupid, that wasn't his email address,
probably that of someone he didn't like :^) He could be
traced back to his IP very quickly if they had an email
address to go off. Also can you imagine how many death threats
that address must have recieved as the (unencrypted) virus
flew through Mickey$oft software around the world?
Anyway, you're right, the RIP would be no use whatsoever in
stopping email worms or other virii. This is just a load of
bs designed to make the ordinary person think "Oh the RIP
must be good then, I won't bother finding out any more about
it and I certainly won't protest against it." As for the
author not being English, well as I've said the RIP would
have no anti-viral action, but since the RIP covers all data
in the UK regardless of origin they could intercept arbitary
data wherever it was coming from. Of course data passing
through the UK is already sampled by Echelon for corporate
and international espionage purposes, but legitimising
such actions in a bill is worse still.
Bob
Dave Howe wrote:
>
> In our last episode (<alt.security.pgp>[Sun, 28 May 2000 03:52:21
> GMT]), [EMAIL PROTECTED]
> (A_Customer_at_an_easyEverything_Cybercafe) said :
> >If they want to stop I Love you virii, why dont they just get
> >everybody to use a secure mail reader? surely it wouldnt cost them a
> >lot to switch to somerthing secure, like pine, or any other *nix mail
> >reader, or even some windows readers are not too bad. Why spent money
> >on a bill that restricts human rights when you could have abetter
> >solution for all for free?
> Erm - well, for one thing, the RIP is all about stopping your email
> being secure - and for another, the ILoveYou virus had the author's
> email address embedded in every copy - and that address wasn't in
> england. I fail to see how the right to decrypt encyphered email
> and/or encrypted phone conversations could have helped.
--
Don't hit reply, address is fake. Use bob underscore j underscore
hayes at yahoo dot co dot uk instead.
------------------------------
Date: Tue, 30 May 2000 13:02:00 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: encryption without zeros
lcs Mixmaster Remailer wrote:
> Rick - You could use a regular encryption function like triple DES,
> but if you get an output block which has a zero byte in it, run that
> block through the encryption function again, and repeat until you
> don't get any zeros.
>
> DES uses 64 bit (8 byte) data, so the chances of getting a block with a
> zero is 8/256 or 1/32, so you won't have to repeat the iteration very
> often, and almost never have to do it twice.
>
> To decrypt, do the same thing: decrypt the data block, and if it comes
> out with a zero, decrypt it again. This assumes your input doesn't
> have any zero bytes either, so that the decryption can recognize when
> it is through.
*rolling on the floor laughing*
That is the funniest of all postings I've ever read here ! 8-)))))
After finding a general way to map the information stored in an
alphabet of 256 characters into an alphabet of 255 character without
providing any additional space for the same information I congratulate
you that you've found a way to compress any information infinitely.
Please start now building a perpetuum mobile ! ;-)))))
(Hey, please don't feel offended, its really original, unfortunately
wrong, for the OUTPUT shouldn't contain zeros, NOT the input, so the
decryption isn't possible anymore - you just never know where to stop).
------------------------------
From: Peter G. Strangman <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Tue, 30 May 2000 11:58:56 +0100
Reply-To: [EMAIL PROTECTED]
On 29 May 2000 22:52:15 GMT, "Axel" <[EMAIL PROTECTED]> wrote:
> I would disagree. Theoretically people should be voting for an
> individual not a party.
As you say "theoretically".
> I think most of the population would not have cared.
But they weren't given the opportunity to (not) care.
> In that case it would be impossible to run a government since daily
> changes in the world could not be responded to.
Daly changes don't usually need draconian legislation.
But you might like to note just how quickly the
Official Secrets Act got through - less than a day!
--
Peter G. Strangman | Leser, wie gefall ich dir?
[EMAIL PROTECTED] | Leser, wie gefaellst du mir?
http://www.adelheid.demon.co.uk | (Friedrich von Logau)
XLIV-VII-DCCCII-CCXII-DCCCXXXI |
------------------------------
From: Bob <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on
Date: Tue, 30 May 2000 12:14:16 +0100
Ian B wrote:
> Why, if you are using secure encryption (whatever that may be), you
> could send a copy to the spooks and they still would not be able to
> read it.
Unless they've broken that encryption algorithm :^) I personally
don't believe all the "they've broken PGP!!" FUD that paranoid
types spout because PGP is very strong, but it is *just possible*
bearing in mind how widely it's used, so better to be safe than
sorry and put in some extra layers between "them" and you if you're
doing something REALLY interesting and/or illegal.
Bob
--
Don't hit reply, address is fake. Use bob underscore j underscore
hayes at yahoo dot co dot uk instead.
------------------------------
From: Peter G. Strangman <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Tue, 30 May 2000 12:11:21 +0100
Reply-To: [EMAIL PROTECTED]
On 29 May 2000 22:52:15 GMT, "Axel" <[EMAIL PROTECTED]> wrote:
> I would disagree. Theoretically people should be voting for an
> individual not a party.
As you say "theoretically".
> I think most of the population would not have cared.
But they weren't given the opportunity to (not) care.
> In that case it would be impossible to run a government since daily
> changes in the world could not be responded to.
Daily changes don't usually need draconian legislation.
But you might like to note just how quickly the
Official Secrets Act got through - less than a day!
--
Peter G. Strangman | Leser, wie gefall ich dir?
[EMAIL PROTECTED] | Leser, wie gefaellst du mir?
http://www.adelheid.demon.co.uk | (Friedrich von Logau)
XLIV-VII-DCCCII-CCXII-DCCCXXXI |
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Is OTP unbreakable?/Station-Station
Date: 30 May 2000 07:29:03 EDT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
>
>Bryan Olson <[EMAIL PROTECTED]> wrote:
>
>: The method presented by ciphermax is flawed, but a one-time
>: random key does offer provable authentication, and no other
>: technique does.
>
>The scheme you describe - like other sorts of "provable" security does
>not actually /prevent/ the possibility of faking identity. Instead it
>tries to reduce it to 1/S.
...Which is less probable than the Brownian motion of the air around
you all lining up and keeping the air in one corner of your room
long enough to suffocate you, or enough of the protons in your monitor
decaying at once to vaporize your city in a nuclear fireball. But you
are right. The chance is not zero. It's just very, very, very, very,
very, very, very, very, very, very, very, very, very, very, very, very,
very, very, very, very, very, very, very, very, very, very, very, very,
very, very, very, very, very, very, very, very, very, very, very, very,
very, very, very, very, very, small. (smaller than that, actually.)
>The "proof" also depends on an unprovable assumption - the existence of an
>unguessable random stream.
If you are trotting out the old "there is no randomness" saw, the
no hidden variables theory of quantum mechanics says that you are
wrong. If you are trotting out the old "quantum mechanics may be
wrong" argument, then you are merely restating the general principle
that *EVERY* "proof" depends on an unprovable assumption - true
but boring. If you are falling back to the "randomness exists but
you can't prove a perfect way to turn it into random bits" idea, I
can, by using the principle of XOR removing any bias that is not
shared by all input sources, make the probability so small that
the Brownian motion and proton decay scenarios I described are
relative certainties compared to the chance of the stream being
guessable.
>Finally (as usual) the resulting security level depends on real-world
>factors involving the security of the key-distribution process.
We agree on this. And it's much, much, [...] much, much more likely
that someone copied your key, is pointing a camera at your keyboard,
has bribed your recipient, etc, etc. than any of the possibilities
that either of us have brought up so far.
>These sorts of concern always make me uneasy about the use of the term
>"provable" in relation to secrecy, or authentication.
>
>It seems to me that "provable" security is almost a sort of academically-
>respectable snake-oil marketing technique :-|
Only if the claimant tries to jump from provable secrecy, provable
authentication, etc. to provable *security*. Respectable, non
snake-oil vendors are careful, to explain everything that you have,
and more.
>The word "proof" seems designed to produce a feeling of security and
>invulnerability which is - in fact - a mistaken idea, since the "proof"
>often does not prove inviolability at all (rather it is based on reducing
>the probability of a break to some known small level)
..which is about as small as the possibility that I can read your
mind because my neurons just happen to be firing in the same
pattern as yours...
> - and is based on unproven premises in the first place.
Is not.
>Authentication and security are real-world concepts, which are
>fundamentally not amenable to notions of mathematical proof.
>
>I wish some less potentially misleading term could be employed.
Now who's talking about being misleading? You go on and on about
"proof" and suddenly at the end switch to "mathematical proof"
( a much harder thing to achieve! ) and say that isn't misleading?
You say that the average person should be concerned about the
(very real) difference between a probability of zero and a
probability of one in two to the many tens of thousands power
and say that isn't misleading?
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Retail distributors of DES chips?
Date: Tue, 30 May 2000 11:31:50 GMT
On 26 May 2000 08:34:03 GMT, in <[EMAIL PROTECTED]>,
in sci.crypt [EMAIL PROTECTED] (Mark Wooding) wrote:
>David Hopwood <[EMAIL PROTECTED]> wrote:
>
>> Then with a single chosen plaintext, the key is revealed. Assuming the
>> backdoor plaintext is chosen randomly, no amount of testing that takes
>> less than 2^63 expected work will find it.
>
>True. Bleugh.
>
>Moral: make sure that everything which does cryptography for you is
>trustworthy.
But how shall we measure this "trustworthy" property so we can "make
sure" that it exists?
There is an alternative, and I have been promoting it for several
years: Use *scalable* cipher designs, so we can perform an extensive
or even exhaustive analysis of the tiny scaled-down version.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: "Dave Foulger" <[EMAIL PROTECTED]>
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Date: Tue, 30 May 2000 12:33:43 +0100
Bob <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Ian B wrote:
>
> > Why, if you are using secure encryption (whatever that may be), you
> > could send a copy to the spooks and they still would not be able to
> > read it.
>
> Unless they've broken that encryption algorithm :^) I personally
> don't believe all the "they've broken PGP!!" FUD that paranoid
> types spout because PGP is very strong, but it is *just possible*
> bearing in mind how widely it's used, so better to be safe than
> sorry and put in some extra layers between "them" and you if you're
> doing something REALLY interesting and/or illegal.
>
They then issue a notice demanding you decrypt it and send you to prison for
2 years if you don't.
Dave
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: No-Key Encryption
Date: 30 May 2000 07:35:20 EDT
In article <8gvrc3$pq8$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
>
>
>>... Instead of keeping
>> the keys (which you don't have anymore) secret, keep the algorithms
>> (with embedded keys) secret. The result is a no-key system that is
>> as resistant to cryptanalysis as the original keyed system was.
>
>As I understand present day cryptography, the algorithm then becomes
>the key, because that is what must be kept protected from your
>opponent.
Exactly. Which is why, in my opinion, what I described should be
called one key or fixed key instead of zero key. Also why you don't
see the concept outside of embedded systems, where two black boxes
talk to each other with no human to provide a key, and thus the key
has to be stored along with the algorithm. It's not perfect, but
it's better than sending data in the clear, and it can be quite
difficult for an attacker to get the information out of the chip.
------------------------------
Date: Tue, 30 May 2000 13:30:53 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: No-Key Encryption
Michael Pellaton wrote:
> In the literature about cryptography I often read about the three
> different types of encryption - symmentric, asymmetric and Nop-Key
> encryption. I found plenty implementations of the symmetric and the
> asymmetric methode. Is there any implementation of no-key ecnryption
> available?
AFAIK there is no such encryption. Maybe you're talking about
'destructive' encryption, or one-way-hash functions. Examples
are SHA-1 and RIPE MD160. Those 'encryptions' do indeed not
have a key - they're used to identify values, and their
property is that one can check if a plaintext has the
corresponding one way hash, but one can't compute from the
one way hash which plaintexts generate it.
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Retail distributors of DES chips?
Date: 30 May 2000 11:43:35 GMT
Terry Ritter <[EMAIL PROTECTED]> wrote:
> But how shall we measure this "trustworthy" property so we can "make
> sure" that it exists?
>
> There is an alternative, and I have been promoting it for several
> years: Use *scalable* cipher designs, so we can perform an extensive
> or even exhaustive analysis of the tiny scaled-down version.
Sorry to interrupt while you're on your hobby horse, Terry, but I was
referring to *implementations* of existing cipher designs. The
discussion in hand is about the possibility of hardware implementations
of strong (as a matter of hypothesis) having been deliberately
compromised by the vendor. Cipher design doesn't help here.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: comp.compression
Subject: Re: Small compression/encryption problem
Date: 30 May 2000 07:46:02 EDT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
>
>Hi all,
>
>The task is this:
>
>A set of data needs to be encoded and transferred in a nonsecure manner to
>an operator, who will type the encrypted data into a computer program
>manually. The operator (who has no particular skill in programming) must
>be unable to easily decipher what the data is. Errors in
>typing/transferring the data must be made impossible or very unlikely.
>
>The data (which is actually a multiple choice exam):
>
>A twenty-character alphanumeric string, which may contain punctuation.
>Alpha characters are far more likely.
>
>Either twenty or forty values of 1, 2, 3, 4. The value 4 is significantly
>less likely to appear than any of the first 3.
>
>My solution:
>
>Encode the string by mapping all the available alphanumeric characters
>against random others, then exchanging, rotating the key by one for each
>successive character.
>
>Encode each answer as a 2-bit value. Squash them together and break the
>resulting code up into base-32 values. Encode the values as alphanumeric
>(36 possible characters, so leave 0/O and 1/I out of the possbilities).
>
>Lastly, a simple checksum of all the data encoded as 2
>hexadecimal characters.
>
>Does anyone have a better idea?
Use a checksum that does error detection and correction
(widely available - talk to the Computer Science Dept. or
do a web search on "Hamming".), then use the method described
at [ http://www.ciphersaber.gurus.com ] for encryption.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
