Cryptography-Digest Digest #904, Volume #11 Wed, 31 May 00 17:13:01 EDT
Contents:
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net" (Jim)
Re: Does it even matter? (Anton Stiglic)
Re: encryption without zeros ([EMAIL PROTECTED])
Re: A Family of Algorithms, Base78Ct (wtshaw)
Re: encryption without zeros (David A. Wagner)
Re: Does it even matter? (Eric Lee Green)
Re: XTR (was: any public-key algorithm) (David A. Wagner)
Re: DVD encryption secure? -- any FAQ on it (Eric Lee Green)
Re: Does it even matter? ("Trevor L. Jackson, III")
Re: DVD encryption secure? -- any FAQ on it (Paul Koning)
Re: PGP wipe how good is it versus hardware recovery of HD? (Dave Heller)
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
("Michael Watson")
Re: any public-key algorithm (Eric Lee Green)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Stuart Tyrrell)
Re: XTR (was: any public-key algorithm) ("Eric Verheul")
Re: getting easy primes (Mok-Kong Shen)
Re: DVD encryption secure? -- any FAQ on it (David Hopwood)
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
("Axel")
Re: any public-key algorithm ("Eric Verheul")
Re: any public-key algorithm (David A. Wagner)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Jim)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Date: Wed, 31 May 2000 17:59:23 GMT
Reply-To: Jim
On Wed, 31 May 2000 09:59:19 +0100, "Michael Watson" <[EMAIL PROTECTED]>
wrote:
>I /think/ so. Catterick seems to be the area in the North-east where there is an
>Army-base.
> I wouldn't be surprised to find out that the MI5 was there - there are too many
>"government-like" actions in that area. Plus everybody keeps mentioning North
>Yorkshire
>which, in theory, is where Catterick is!
Can I have some of what you're smoking?
--
amadeus at netcomuk.co.uk
nordland at lineone.net
g4rga at thersgb.net
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Does it even matter?
Date: Wed, 31 May 2000 15:13:21 -0400
Mike Rosing wrote:
> Yup! to all of it. You shouldn't have too much trouble getting into
> college. The university at Waterloo has lots of good technical programs
> and one of the best crypto schools in the world. Busting your butt for
> classes is not as much fun as coding, but it will pay off in the long
> run.
Indeed, Waterloo has a great crypto lab, and a great math department.
College is pretty fun, you'll get to learn some math stuff that might
have passed you in your personal reading, and get to see some other
stuff
that exist in the world (physics, chemistry, biology, philosophy,
english etc..).
Of course, you can still relate all does other subjects to crypto
(physics
to quantum computation/crypto, chemistry to molecular computation,
biology to biometrics, philosophy to G�del's Incompleteness Theorem,
english to statistical letter frequency... :)
College is also your chance to get good enough grades to get into
Waterloo
for example. I can assure you that you won't be bored if you go into
a university such as Waterloo, not only will you have great teachers,
but
your pier students will also challenge you and push your limits.
Your still young, take advantage of college and university, it's a once
in
a life time thing! You'll have your whole life to work after that...
Anton
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: encryption without zeros
Date: Wed, 31 May 2000 19:16:20 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
James Felling wrote:
> How about ab//cd0000ef/1 -> ab ////cd/1/1/1/1ef//1
>
> or something along this line.
> Rules as follows.
> If character != 0 and !=/ then output character.
> If character =0 output /1
> If character =/ output //
> Done.( it will expand the stream in proportion to the number of escape
> characters and 0's in it so I would try to make the escape character a low use
> character)
there is no 'low use character' in cypher output,
every character is with probability 1/256
== <EOF> ==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp.htm <-- PGP half-Plugin for Netscape
http://disastry.dhs.org/pegwit <-- Pegwit - simple alternative for PGP
remove .NOSPAM.NET for email reply
=====BEGIN PGP SIGNATURE=====
Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
iQA/AwUBOTVFhzBaTVEuJQxkEQL6qwCfUQv50LftOLhZuGx4HbzYkC551H0Anjnc
mWZutD+6FA1DyDwehELoJqrQ
=+oBp
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: A Family of Algorithms, Base78Ct
Date: Wed, 31 May 2000 12:22:05 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>
> Through the time I saw you several times mentioning GVA but I have
> never understood what that scheme really performs. Could you give
> a pointer or post a sketch to the group? Thnaks.
>
> M. K. Shen
If you insist....
I need to add and remove some items, but find it on a list at
http://www.radiofreetexas.com/wts/
The site is not under my direct control, but I appreciate the space.
Remember that the GVA is a generic idea, so the example of the mechanics
is to show some of the basic principles.
--
If a privacy policy is longer that 250 words, it is already
deceptive; the longer the more deceptive.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: encryption without zeros
Date: 31 May 2000 12:24:34 -0700
In article <8h3lo8$jba$[EMAIL PROTECTED]>,
Bryan Olson <[EMAIL PROTECTED]> wrote:
> Let f be a permutation on 1..n and consider some m
> with 1<m<n. Now we define f' over the domain 1..m as:
>
> f'(x) = f^k(x) where k is the smallest positive
> integer such that f^k(x) is in 1..m.
>
> We've seen that f' exists and is a permutation on 1..m.
>
> Now I claim that if f is a random permutation on 1..n, (that
> is a choice such that each permutation on the domain is
> equally likely) then the corresponding f' is a random
> permutation on 1..m.
Nice observation. Here's a simple proof of your claim.
First, note that we may take m = n-1 without loss of generality.
(Just apply the result several times, if necessary.)
Now, note that the surjection S taking f to f' is `balanced'.
Why? Fix an arbitrary permutation g on 1..m, and consider
the set S^{-1}(g) := {f : f' = g}. We can explicitly enumerate
this set. In particular, f'=g iff either
(a) 1. f(n)=n; and 2. f(i)=g(i) for i in 1..m.
or
(b) there exists j in 1..m so that
1. f(j)=n; 2. f(n)=g(j); and 3. f(i)=g(i) for i != j,n.
Case (a) gives one such f, and case (b) gives m such f's (one for
each possible value of j), for a total of m+1 = n candidates.
In other words, |S^{-1}(g)| = n for all g, and thus S is balanced.
Finally, we simply note that applying a balanced function to a
uniformly-distributed random variable yields another uniformly-distributed
random variable. This completes the proof.
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Does it even matter?
Date: Wed, 31 May 2000 19:32:29 GMT
tomstd wrote:
> Anyways, I am beginning to think my research is pointless since
> well I would rather focus on my school now and prepare for the
Research is never pointless. Frankly, I'd hire you in a second (if not for the
same BS stuff that kept you from going to RSA), exactly because of that
research stuff. When you get your college degree, drop me a line at my home
EMAIL address ( [EMAIL PROTECTED] ) and assuming I'm still in a position at the
time to do so, you will have a job offer immediately thereafter. (Whether
you'll want to accept the job or not is a different story).
There's plenty of folks who've graduated from college with a 4.0 average and
don't know anything that wasn't in their textbooks. I graduated with one of
those kids, he lived across the street from me. In the late 80's we had our
classes on Unix minicomputers. He came to me, about 6 weeks before he
graduated, and asked how to justify paragraphs in 'vi'. I said run it through
'nroff' to justify the paragraphs. He asked 'What is 'nroff'? I said 'The
standard Unix text formatting program.'. He said 'What is Unix?'. I said "The
operating system that runs on our Pyramid minicomputers." He wrinkled his
forehead, and said "I don't understand." Remember, this is a guy graduating
with a 4.0 average in Computer Science, who has done all but a little bit of
his class work on Unix-based minicomputers! I wouldn't hire the guy to shine
my shoes. EDS hired him instead. I imagine he's building accounting systems
and data warehouses somewhere, probably for more money for me, but definitely
not having as much fun.
The point, the point... curiosity, self-motivation, a willingness to explore
new areas, and the ability to work on your own with little guidance are more
important, for my purposes, than your GPA. Do go ahead and get the college
degree though. The maths part in particular will prove to be useful,
especially if you're interested in crypto.
--
Eric Lee Green [EMAIL PROTECTED]
Senior Unix Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: XTR (was: any public-key algorithm)
Date: 31 May 2000 12:31:16 -0700
In article <ShdZ4.29666$[EMAIL PROTECTED]>,
Michael Scott <[EMAIL PROTECTED]> wrote:
> Good to see that extension-field cryptography is back. [..]
> But does anyone remember LUC and its discrete log.variants?
Yes. But, LUC had no advantages over RSA / El Gamal.
(Apart from some exaggerated claims, which were soon debunked.)
In comparison, XTR does have some claimed advantages.
(I have no way to know whether they will hold up, but they at
least seem compelling enough to examine the scheme further.)
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: DVD encryption secure? -- any FAQ on it
Date: Wed, 31 May 2000 19:49:37 GMT
Mok-Kong Shen wrote:
> "Casper H.S. Dik - Network Security Engineer" wrote:
> > You can do bit-by-bit copying of DVD disks and they'll play in
> > any player; no need to decrypt.
>
> Are you sure? I am an ignorant of hardware, but I remember that
> there were in the past diskettes that were intentionally damaged
> somehow by the software manufacturer so that these couldn't be
> copied. Wouldn't some parallel techniques work in the present case?
My understanding is that current DVD-R and DVD-RAM media have a pre-blanked
key block or will not write to the key block, thus defeating attempts to use
them to make verbatim copies of DVD media.
This does not, of course, stop the pirates in Malasia or Thailand from making
up a metal master and doing a real bit-by-bit copy onto real DVD media using a
DVD stamping press. Many such pirated copies probably come from the very same
factories that are stamping out the "real" copies -- many such countries have
governments that are very relaxed about copyright enforcement, and have many
corrupt law enforcement officers who are willing to look the other way for
non-violent crime of this sort. Proving that a particular press made a copy of
your gold master is pretty difficult when you have no cooperation from the
goverment.
In general, it is clear that the CSS system is primarily a mechanism for
player control (and thus zone control), rather than a mechanism for copy
protection. By controlling player implementations, zone controls can be
enforced. Zone controls are that system where DVD players produced for
particular markets have a zone code hard-wired into them and will only play
movies coded for their zone. This is used to prevent, e.g., European
customers, from buying the DVD version of the movie as published in the United
States. The US-encoded version is not only cheaper than the European version,
but often predates the release of the movie into European theators. Needless
to say, various European governments view this as yet another example of
American imperialism, but since it is being enforced by the Hollywood studios
and not by the U.S. government, they haven't been able to find any way of
retaliating under the various trade treaties.
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
Date: Wed, 31 May 2000 16:08:05 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Does it even matter?
tomstd wrote:
> As some of you may already know, I was offered a job with RSA
> this summer (in San Mateo) working on some software. Sounds
> great seems like people appreciate my work, obviously since I am
> not even done high school.
>
> Of course they hype me up about the job, get me all excited.
>
> And what happends (thru no fault of RSA) big old mr government
> steps in and acts like a dolt. I can't get the job because I
> don't have a "post-secondary education diploma with three years
> work experience". Super, if I had a job, why would I move 3000
> miles to work in the states?
>
> Anyways, I am beginning to think my research is pointless since
> well I would rather focus on my school now and prepare for the
> exciting job as a mop-jocky.
>
> It has been nice chatting with you guys, maybe I will come back
> some time.
Tell RSA you'll telecommute. ;-)
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: DVD encryption secure? -- any FAQ on it
Date: Wed, 31 May 2000 15:26:31 -0400
"Casper H.S. Dik - Network Security Engineer" wrote:
>
> Except, of course, that it's not a copy protection mechanism at all,
> despite what they say.
>
> You can do bit-by-bit copying of DVD disks and they'll play in
> any player; no need to decrypt.
>
> What the encryption does achieve is disallowing non-licensed players,
> and that seems to be bordering on the illegal.
One argument I've seen is that it is intended to enforce regional
limits. In videotapes, the different video systems would do this
(to a limited extent). DVD is one system, so the player has to
do it artificially. The reason why this matters is the way movie
companies distribute stuff.
See http://www.opendvd.org/ for more detail.
paul
------------------------------
From: [EMAIL PROTECTED] (Dave Heller)
Subject: Re: PGP wipe how good is it versus hardware recovery of HD?
Date: Wed, 31 May 2000 13:13:32 -0700
Guy Macon <[EMAIL PROTECTED]> wrote:
> >Salutations,
> >PGP wipe utility overwrites the victim file 7 or more times, I am not
> >certain about the actual number of overwriting that occurs but I am
> >confident that it is more than one.
>
> Your confidence is misplaced. It may be LESS than one.
>
> You see, modern operating systems and disk drive controllers do lots of
> tricks to make your applications run faster. If you have a SCSI controller
> with elevator seek write capability, for instance, it may very well take
> your 7 writes, throw away the first 6 as making no difference to the end
> result, write the 7th to another section of the physical disk, and update a
> pointer so that your application sees it in the old location. The only way
> to even come close to a "secure wipe" on a variety of systems is to control
> the low level details of the disk drive electronics. PGP doesn't do this.
> Nor should it.
>
> There is a better solution: only store encrypted data on the hard disk.
I cannot comment on the Windows version. but I implemented the
------------------------------
From: "Michael Watson" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Date: Wed, 31 May 2000 21:17:21 +0100
Sure - don't got telling ppl I gave to ya tho'!
BASMIC
====
"Jim" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Wed, 31 May 2000 09:59:19 +0100, "Michael Watson" <[EMAIL PROTECTED]>
> wrote:
>
> >I /think/ so. Catterick seems to be the area in the North-east where there is an
>Army-base.
> > I wouldn't be surprised to find out that the MI5 was there - there are too many
> >"government-like" actions in that area. Plus everybody keeps mentioning North
>Yorkshire
> >which, in theory, is where Catterick is!
>
> Can I have some of what you're smoking?
>
> --
> amadeus at netcomuk.co.uk
> nordland at lineone.net
> g4rga at thersgb.net
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: any public-key algorithm
Date: Wed, 31 May 2000 20:39:17 GMT
Eric Verheul wrote:
> > 3. you have patented it, so no one else can use it.
> We do give licences though.
Unless I needed the particular characteristics of that algorithm, however,
there are plenty of public key algorithms either in the public domain or
shortly to be so (i.e., RSA... are we under 90 days yet?).
In most applications, the speed of key generation for the public key algorithm
and, indeed, the speed of encryption and decryption, is not much of a problem,
since the public key algorithm is only used at the establishment of the
connection and a handshaked shared key is then used for all further
encryptions.
In short, I wish you luck, but I know that my employer isn't going to be
paying you royalties anytime soon.
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: Stuart Tyrrell <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Wed, 31 May 2000 19:14:40 +0100
In message <[EMAIL PROTECTED]>
Peter G. Strangman <[EMAIL PROTECTED]> wrote:
> Actually I use a little program, which I wrote, which will generate
> a random password whenever I need a new one.
<Bearing in mind who I'm following up>
I'm intrigued - are these passwords indeed random?
I have visions of PGS with a machine connected to a bunch of diodes /
Beta particle source / rain sensor (OK, the last one is anything but
random around here!).
Stuart (who's not sure he trusts the "interrupt a fast running
counter" trick that he's seen PGP implementations use)
--
Stuart Tyrrell Developments [EMAIL PROTECTED]
PO Box 183, OLDHAM. OL2 8FB http://www.stdevel.demon.co.uk
------------------------------
From: "Eric Verheul" <[EMAIL PROTECTED]>
Subject: Re: XTR (was: any public-key algorithm)
Date: Wed, 31 May 2000 22:31:15 +0200
> Good to see that extension-field cryptography is back. The basic idea is
to
> find a construction over GF(p^n), which gives RSA-equivalent security of
> n*lg(p) bits. One nice idea is to use a 32-bit prime p, which leads to
some
> really fast systems, as 32-bit arithmetic can be used.
There aren't many 32 bit primes, making common-parameter attacks possible
(like with ECC).
> But does anyone remember LUC and its discrete log.variants? It worked over
> GF(p^2) and also had a fast algorithm for exponentiation. However it was
> rubbished by the cryptographic community ( in part due to some exaggerated
> claims) and not widely used. The problem is some uncertainty that the
> discrete log problem over GF(p^n) is really as hard as over GF(q), for a
> prime q approximately n*lg(p) bits in length. In the XTR paper this is
> mentioned at the bottom of page 16 ".. the latter problem is believed to
be
> as hard as the DL ....", and some heavy duty personal communications are
> used for back-up (Coppersmith, Schirokauer), but the small doubt still
> remains.
The latest paper where the DL problem in GF(p^n) was discussed, I saw was
quite recent, it
was by A. Odlyzko: {\em Discrete Logarithms: The past and
the future}, Designs, Codes and Cryptography, 19 (2000), 129-145.
> However if XTR is a good idea, then so was LUC-DH.
On the www.ecstr.com website you can find a Asiacrypt99 paper I co-authored,
in which the basis of XTR was laid, there we discussed LUC. LUC uses
a subgroup of GF(p^2) of order p+1 (= second cyclotomic polynomial) where
we use a subgroup pf GF(p^6) of order p^2 - p + 1 (= 6-th cyclotomic
polynomial).
Luc uses 1/2 the conventional number of bit, we 2/6 the number of bits.
Moreover,
we (implicitly) "tower" to GF(p^6), via GF(p^2) with an optimal normal basis
on it,
which partly explains why XTR is so fast.
LUC-DH was a good idea, but XTR is an even better one.
Eric
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: getting easy primes
Date: Wed, 31 May 2000 22:55:33 +0200
Custer wrote:
> This is the series x**2 + x + 41 for x={0,1,...39}. It was discovered
> I think by Euler a long time ago. It was used in the novel Rama II by
Does there exist any further investigations on such 'prime rich'
polynomials? Thanks.
M. K. Shen
------------------------------
Date: Wed, 31 May 2000 21:43:03 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: DVD encryption secure? -- any FAQ on it
=====BEGIN PGP SIGNED MESSAGE=====
Dulando wrote:
> lament wrote in message ...
> >My guess is that the DVD decoder chip has the key "hidden" in silicon
> >somehow, and that only a "few" chip designers have that information
> >(the key). If this assumption is close to correct, then it seems a doomed
> >scheme from the outset.
[...]
> I'll do a terse explaination on CSS (Content Scrambling System) and how it
> is used on DVD players.
>
> Well, basicly, every DVD player has a unique key to use for descrambling
> which ubiquely needs to be encrypted within the program to prevent reverse
> engineering of the application to determine the key. While a different key
> for each player seems like a nice precaution as to not invalidate the entire
> cipher if one key is discovered. However, apparantly (and this is just what
> I've read) the system (CSS itself) is not the best encryption, and the
> people who made DeCSS (Masters of Reverse Engineering, or MoRE) were able to
> identify around fourty or fifty acceptable keys all from one original one,
> which they gathered from the Xing DVD player for Windows, which was found to
> not encrypt thier CSS key. (Blame RealPlayer, they made Xing).
If the Xing key had been encrypted, that wouldn't really have made much
difference; given more than 50 choices of player to work with, the obvious
approach is to reverse-engineer the least well protected one. In short,
"it seems a doomed scheme from the outset" is pretty accurate.
For another summary and a copy of the DeCSS source, see
http://www.users.zetnet.co.uk/hopwood/crypto/decss/
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOTSDAjkCAxeYt5gVAQHLpwgAqqu1YI5umSbT0q1GvaGwG1tebD+kBKhC
r+p3gEDwOA65A//cL1eDF1yNLIu5ezC2BZ4r6dgSOwDq6VTur7xqlGJV4cOftMDd
//s1G5CbJ74JZRppslOV5OwuR40j+dVQAm+j9o7h+BeCtrJ8ILk775ANsJo44TWs
zdAEg3YKOblp77b0KCNda4QWQQ4zEvPqdDh/nL0h/e//NiJZQeFHxuvbf/G89AnM
U0MANNEKOZwRWIPKmmecE/+ZCCIJV/imMJa+TSyC3nsFdFIxcy7v8UzNVkydH1w5
PGiuJP8Z/eTqk93tYe66cCgnLIuPfQZ+pI3CrOzwxtUXg0uE7kAZqw==
=eY21
=====END PGP SIGNATURE=====
------------------------------
From: "Axel" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the
net"
Date: 31 May 2000 20:57:58 GMT
Reply-To: [EMAIL PROTECTED]
In uk.legal Bob <[EMAIL PROTECTED]> wrote:
> Ian B wrote:
>> Why, if you are using secure encryption (whatever that may be), you
>> could send a copy to the spooks and they still would not be able to
>> read it.
> Unless they've broken that encryption algorithm :^) I personally
> don't believe all the "they've broken PGP!!" FUD that paranoid
> types spout because PGP is very strong, but it is *just possible*
> bearing in mind how widely it's used, so better to be safe than
> sorry and put in some extra layers between "them" and you if you're
> doing something REALLY interesting and/or illegal.
There is a very recent CERT advisory warning that certain methods of
implementing automated PGP may be open to breaking, not because of a
flaw in PGP itself, but if certain random number generators are used
which do not in fact generate random numbers.
------------------------------
From: "Eric Verheul" <[EMAIL PROTECTED]>
Subject: Re: any public-key algorithm
Date: Wed, 31 May 2000 22:50:12 +0200
> In most applications, the speed of key generation for the public key
algorithm
> and, indeed, the speed of encryption and decryption, is not much of a
problem,
> since the public key algorithm is only used at the establishment of the
> connection and a handshaked shared key is then used for all further
> encryptions.
>
> In short, I wish you luck, but I know that my employer isn't going to be
> paying you royalties anytime soon.
So your employer is not into either E-commerce (a typical SSL server can not
initiate
more than a dozen or SSL at the same time) or Mobile-commerce (e.g. WAP,
where small key sizes
and exchanges as well as speedy encryption is a must)? Lots of employers are
though.
Eric
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: any public-key algorithm
Date: 31 May 2000 14:04:53 -0700
In article <8h3uiu$ofd$[EMAIL PROTECTED]>,
Eric Verheul <[EMAIL PROTECTED]> wrote:
> So your employer is not into either E-commerce (a typical SSL server can not
> initiate more than a dozen or SSL at the same time) [...]
What makes you think that key generation is the dominant cost of SSL?
That wasn't my impression...
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
