Cryptography-Digest Digest #912, Volume #11 Thu, 1 Jun 00 16:13:01 EDT
Contents:
Re: any public-key algorithm (Roger Schlafly)
Re: XTR (was: any public-key algorithm) (Roger Schlafly)
Re: Powers of s-boxes and other functions (David A. Wagner)
Re: Question about Re: RSA/PK Question (tomstd)
Re: DVD encryption secure? -- any FAQ on it ("Mark Bessey")
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May ("Fergus O'Rourke")
Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (EE Support)
Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (EE Support)
Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (EE Support)
Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (EE Support)
Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (EE Support)
Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (EE Support)
Contest rule proposal (Andru Luvisi)
Re: Q: Session key generation (Baruch Even)
----------------------------------------------------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: any public-key algorithm
Date: Thu, 01 Jun 2000 12:14:41 -0700
Eric Verheul wrote:
> > Yes, do a square root each time if you want low bandwidth.
> > It's not so crazy -- it is what your own paper suggests in
> > the 2nd sentence of the 2nd paragraph of sect. 4.4.
> There a two kinds of data size concerns in practice: sizes of
> sent public keys and sizes of stored public keys (say at a WAP/WTLS
> enabled cellular phone). My point is that in ECC, you would rather
> *store* the Public Key uncompressed, whence the 340 bits.
You rather store it uncompressed because size is less signficant?
That is ridiculous. The whole to comparing to ECC is to offer
an alternative is low-bandwidth situations. ECC can transmit a
public key in 171 bits. XTR needs at least 340 bits, and possibly
hundreds of bits more.
> > The comparisons to RSA and ECC in sect. 4.4 are interesting,
> > but comparisons to DH and DH-LUC would be more to the point
> > because that is what XTR is closely related to. Why didn't
> > you put in those comparisons?
> The reasons to compare at all, is to give an impression with competing
> systems. DH-LUC is not widely used. Next, you blame us of not comparing
> XTR with the McEliece system. But XTR is a lot faster than DH-LUC
> (and smaller, where DH-LUC requires 512, we require only 340bits).
> Perhaps we'll put a comparion in later.
ECC is not widely used either. DH is used a *lot* more than ECC.
By orders of magnitude.
Sure DH-LUC is not widely used. Even much less that ECC. But your
paper gives the impression that you are just presenting a warmed
over and disguised version of DH-LUC with a few performance tweaks.
The conspicuous absence of any comparison with DH or DH-LUC only
reinforces the impression. I think to myself, "if they had thought
they had something significantly better than DH-LUC, they would
have said so".
So I suggest making the comparison with DH and DH-LUC.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: XTR (was: any public-key algorithm)
Date: Thu, 01 Jun 2000 12:16:02 -0700
Eric Verheul wrote:
> > I agree with you. XTR is not any less susceptible to those
> > attacks. In the case of your code, the attacks will depend
> > on mod p arithmetic times or power usages depending on the
> > data, or on whether the conditional branch can be detected.
> > But the XTR algorithm in the paper has the same problems.
> Then please *show* me a DPA attack.
A DPA attack will depend on implementation details that you
have not specified. You have an argument that such an attack
will be hard, but I don't see an argument that it is any
harder than on Ian's pseudocode.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: Powers of s-boxes and other functions
Date: 1 Jun 2000 12:20:40 -0700
In article <[EMAIL PROTECTED]>,
Jim Steuert <[EMAIL PROTECTED]> wrote:
> It would be interesting to come up with
> a hash function which could be
> practically "iterated" in logarithmic
> time.
Yes, it would.
Unfortunately, I have a proof that strong collision-resistance is
incompatible with efficient iteration. This gives some partial evidence
that such hash functions may be hard to find, or at least, that if such
functions exist, you might be able to find collisions in them.
For details, see
http://www.cs.berkeley.edu/~daw/my-posts/iterable-hash
for early results; or, for stronger results, see Theorem 1 of
http://www.cs.berkeley.edu/~daw/papers/keystretch.ps
------------------------------
Subject: Re: Question about Re: RSA/PK Question
From: tomstd <[EMAIL PROTECTED]>
Date: Thu, 01 Jun 2000 12:27:21 -0700
In article <8h66g2$72g$[EMAIL PROTECTED]>, sarnold_intertrust@my-
deja.com wrote:
>In article <KkvZ4.15$[EMAIL PROTECTED]>,
> "DD" <[EMAIL PROTECTED]> wrote:
>> tomstd <[EMAIL PROTECTED]> wrote in message
>> > I also don't agree with using 128+ bit symmetric keys
because it
>> > provides a false sense of security. "Oh it's secure
because I
>> > use a 256-bit symmetric key", big deal.
>>
>> I don't understand what you mean, can you or anyone else
please
>> explain? Are you saying that it is not secure or that
whether the
>> key is 128bits or say 256 bits makes little difference in
practice
>> because both are thought to be secure today?
>
>In an attempt to help Tom study bio, I will try putting words
into his
>mouth. :)
>
>What I think Tom is getting at, is that a 256-bit key is as
easy to
>bribe/steal/torture/blackmail out of users as a 128-bit key.
However,
>since a 256 bit key is so much more secure in terms of brute-
force
>check-all-keys attacks, people are more likely to commit
secrets to
>256-bit keys when the O(1) attacks on the keys are just as
effective on
>256-bit as 128-bit. The extra bits leads people to trust the
system more
>than they should, leading to a false sense of security. (Or,
perhaps, by
>seeing "256-bit" users might think the system is great, whereas
the
>protocol itself might leak too much information, or the
implementation
>was done poorly, etc..)
>
>(For those secrets where one needs 256-bits of brute-force
protection, a
>good FIPS 140-1 level 4 hardware device with a threshold scheme
on
>operators isn't too much to ask. :)
>
>But, of course, I don't speak for Tom -- I just think I
understood what
>he was saying. :)
You nailed it right on the head.
Personally my grief is not with 256 bit keys, my point is just
they are from a practical standpoint no more secure.
If you are using a AES cipher then please do use a 256 bit key,
but please do verify the security of all the other parts.
The big "grief" is with people and their huge key ciphers (say
+512 bits), Here is my view on key requirements of today.
80-bit Security for about 5~10 years.
128-bit Security for about 15~20 years (at the least).
256-bit Security for about 100 years (at the least).
As it stands now, with distributed.net it's been about 2.5 years
searching for a 64 bit key. A 80-bit key is 65536 times
harder. So I would bet 5~10 years is a good margin.
Of course like I said if you are using an AES cipher, use either
128/192/256 bit keys. The algorithms have been analyzed with
all three in mind.
Anyways, I have loads of bio to study. Maybe I will post after
finals.
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "Mark Bessey" <[EMAIL PROTECTED]>
Subject: Re: DVD encryption secure? -- any FAQ on it
Date: Thu, 1 Jun 2000 12:32:35 -0700
lament <[EMAIL PROTECTED]> wrote in message
news:kZYY4.74338$[EMAIL PROTECTED]...
> The content of a DVD movie is encrypted with the intent to prevent piracy.
However,
> every DVD player has to be able to decode the data for playback. This
being so, how
> is it possible to have security?
It isn't. Did you perhaps miss the news that the DVD protection scheme has
been broken? It was all over the news a while back. Do a web search on
"DeCSS"
> My guess is that the DVD decoder chip has the key "hidden" in silicon
somehow, and
> that only a "few" chip designers have that information (the key). If this
assumption
> is close to correct, then it seems a doomed scheme from the outset.
That was pretty much the plan - security through obscurity. There are
certainly some things that could have been done to make the inevitable take
a little longer, but it lasted a lot longer than I expected, anyway.
-Mark
------------------------------
From: "Fergus O'Rourke" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Thu, 1 Jun 2000 20:31:30 +0100
David Boothroyd wrote in message ...
>In article <[EMAIL PROTECTED]>, "Scotty"
><[EMAIL PROTECTED]> wrote:
>
>> David Boothroyd wrote in message ...
>> >In article <[EMAIL PROTECTED]>, Andru Luvisi
>> ><[EMAIL PROTECTED]> wrote:
>> >> [EMAIL PROTECTED] (David Boothroyd) writes:
>> >> [snip]
>> >> > > Yet there is still a vast weight of legal opinion (more highly
>> respected
>> >> > > than the government's own law officers),
>> >> >
>> >> > Is this possible?
>> >> >
>> >> > Are these mysterious givers of legal opinion in some way connected
with
>> >> > organisations who have always been against the Bill?
>> >> [snip]
>> >>
>> >> Even if they are, that does not imply that their legal opinion was
>> >> influenced by their opposition to the bill.
>> >
>> >And likewise the opinions of Government law officers were not influenced
>> >by their support for the Bill, QED.
>>
>> So you agree that the governments law officers are not impartial towards
the
>> bill. :-)
>
>They are members of the government bound by collective responsibility and
>by the government whips.
>
>> When two views are mutually contradictory at least one must be wrong.
>
>Which do you think is more likely:
>
>a) The government law officers, with the benefit of the civil service
> and direct access to the European Court records to check, and who
> are directly responsible for checking whether a Bill complies, and
> who would be very strongly criticised for wasting Parliament's time
> if they gave a certificate of compliance which turned out to be
> incorrect, decided purely on the basis of their political loyalty
> to issue a certificate of compliance.
>
>b) A pressure group which wished to have some argument persuaded a
> lawyer that one part of the Bill could be questioned as to its
> human rights compliance.
>
>It is very easy to question whether something complies with a treaty.
>There were two challenges to the House of Lords Bill last year which
>were struck out very quickly, one over the legal status of a writ of
>summons and the other over the Act of Union with Scotland. Both took
>hours of legal argument but neither had any real foundation.
>
>> The important point here is that the section 19 certificate is merely a
>> statement about the *Minister's* opinion.
>
>This is the best opinion that is available: the Minister is introducing
>the Bill, and so knows what its provisions will be and (more importantly)
>how they will be used.
I have been accused of being "related to the legislature" (no, I don't
understand
how to be, either), but this is too starry-eyed even for me.
------------------------------
From: EE Support <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,alt.privacy.anon-server,alt.security.pgp
Subject: Re: Anti-Evidence Eliminator messages, have they reached a burn-out po
Date: Thu, 01 Jun 2000 20:48:49 +0100
Reply-To: [EMAIL PROTECTED]
On Sat, 27 May 2000 17:38:32 +0100, Joe@Joe's.bar&grill.org wrote:
>On Sat, 27 May 2000 11:12:21 -0500, No User <[EMAIL PROTECTED]>
>wrote:
>
>>Klaus Daehne wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Besides the fact that EE is crossposting and posting off topic, I
>>> wound up downloading their product before this debate started, and
>>> (so far) have nothing bad to say.
>>
>>Yes I think this needed saying.
>>
>>EE seems a excellent product and it's important to remember that even when
>>EE Support in this group is really pissing people off, and it really is,
>>EE. It's time you stuck to what you do best, writing software.
>>
>>See how irritating repetition is?
>
>And exactly how are they to defend themselves against the constant
>barrage of lies regarding their software? If they do not defend
>themselves, the lies will become truth in the minds of most.
>
>Make no mistake about it -- some people are out to deliberately
>destroy this product. EE is not merely indulging themselves in the
>art of spamming. I think they are fighting for their corporate life.
>
>I bought it awhile back and use it everyday. I think it's one the
>most indispensable pieces of software I own.
>
>Did it ever occur to you that maybe some of EE's chief detractors wear
>badges?lll
>
>-- Joe -
Hi Joe!
EE Tech Support here. We come to this thread as it contains numerous
false posts about our software.
I'd like to say I'm glad you're happy with our software and thank you
for stating your opinion.
We look forward to continue to support you with even better
anti-forensic software in the future.
Don't sweat the detractors: But *thank you* for sticking up for us !!
Cheers,
--
Regards,
EE Support
[EMAIL PROTECTED] (remove NO_SP_AM for e-mail)
http://www.evidence-eliminator.com/
------------------------------
From: EE Support <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,alt.privacy.anon-server,alt.security.pgp
Subject: Re: Anti-Evidence Eliminator messages, have they reached a burn-out po
Date: Thu, 01 Jun 2000 20:48:50 +0100
Reply-To: [EMAIL PROTECTED]
On Sat, 27 May 2000 22:15:07 GMT, [EMAIL PROTECTED] (Steve) wrote:
>On Sat, 27 May 2000 17:38:32 +0100, Joe@Joe's.bar&grill.org
>wrote:
>
>>And exactly how are they to defend themselves against the constant
>>barrage of lies regarding their software? If they do not defend
>>themselves, the lies will become truth in the minds of most.
>
>Every EE thread I've seen for weeks now has been started by EE
>spam. The only "lies" I have seen have been EE claims that their
>stuff defeats forensic software "costing thousands of dollars",
>followed by a consistent refusal to name the software they
>tested it against.
>
Hi,
EE Tech Support here.
This fraudulent dis-information is covered at our FAQ on our web site
at:
http://www.evidence-eliminator.com/faq.shtml
The allegation above is false and we name police software on our site
available for download to prove we can beat it.
>Fake controversy calculated to draw attention is all I see in the
>EE threads. That, and a couple of people who had their system
>registy eaten by an early, buggy version of EE, and a bunch of
>people pissed off at EE for spamming.
>
This is rubbish. We don't spam and these accusations are nonsense.
>>Make no mistake about it -- some people are out to deliberately
>>destroy this product. EE is not merely indulging themselves in the
>>art of spamming. I think they are fighting for their corporate life.
>
>If they are fighting for their corporate lives, it is because
>they shoot themselves in the foot every time they fire up a news
>reader and say, "oh goody free advertising, that's what
>newsgroups are for".
>
No, we read your false messages and wonder who you are working for.
We reply and people thank us for saving them from your "spam".
>Which reminds me to mention:
>
>Eraser does 99% of the job EE does, for free, without added
>system overhead. Just add any files and directories you consider
>sensitive to the task list, and choose whether to wipe them on
>schedule or on demand. http://www.tolvanen.com/eraser/
>
No, it does not. This software cannot protect you like Evidence
Eliminator does.
>Remember, a dollar spent with EE, is a vote for spam in
>newsgroups.
>
Please, name who is paying you to post this dis-information about our
company.
>>I bought it awhile back and use it everyday. I think it's one the
>>most indispensable pieces of software I own.
>>
>>Did it ever occur to you that maybe some of EE's chief detractors wear
>>badges?lll
>
>If you have a real reason to worry about people who wear badges,
>you better start worrying about your ISP logging all your
>internet traffic, and handing over your archived e-mail
>(typically four to six months of it), both of which are routinely
>done by most ISPs at the request of any officer of the court.
>
>You should also worry about packet sniffers, keyloggers, remote
>administration tools, and BTW check your network and file share
>settings.
>
>Evidence Eliminator does not eliminate evidence,
Ok we'll call it quits here and state you are lying and we can prove
it.
Evidence Eliminator is the world's #1 anti-forensic tool, you are
lying, bye bye.
Cheers,
Evidence Eliminator Tech Support.
--
it just
>overwrites files and clears some registry keys. Any advantage
>this might present in defending a criminal case, is more than
>outweighed by the psychological impact on the jury of the name
>"Evidence Eliminator". If you are counting on it to keep you out
>of jail, be afraid. Be very afraid.
>
>:o)
>
>
>Steve
>
>---Support privacy and freedom of speech with---
> http://www.eff.org/ http://www.epic.org/
> http://www.cdt.org/
>
>PGP keys: RSA - 0x4912D5E5 DH/DSS - 0xBFCE18A9
>Both expire 5/15/01
>RSA key available on request
You again?
Again, I ask you: Do you actually represent the privacy organisations
you tout when you slander our Evidence Eliminator software?
--
Regards,
EE Support
[EMAIL PROTECTED] (remove NO_SP_AM for e-mail)
http://www.evidence-eliminator.com/
------------------------------
From: EE Support <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,alt.privacy.anon-server,alt.security.pgp
Subject: Re: Anti-Evidence Eliminator messages, have they reached a burn-out po
Date: Thu, 01 Jun 2000 20:48:51 +0100
Reply-To: [EMAIL PROTECTED]
On Sat, 27 May 2000 18:45:54 -0400, jungle <[EMAIL PROTECTED]>
wrote:
>very cool post, thanks ...
>
>but the EE spam will be ON again very soon ...
>
Hi,
EE Tech Support here.
You've been using your jungle.net address to post negative posts
against our software for some time haven't you?
Please substantiate your claims now.
>Steve wrote:
>>
>> On Sat, 27 May 2000 17:38:32 +0100, Joe@Joe's.bar&grill.org
>> wrote:
>>
>> >And exactly how are they to defend themselves against the constant
>> >barrage of lies regarding their software? If they do not defend
>> >themselves, the lies will become truth in the minds of most.
>>
>> Every EE thread I've seen for weeks now has been started by EE
>> spam. The only "lies" I have seen have been EE claims that their
>> stuff defeats forensic software "costing thousands of dollars",
>> followed by a consistent refusal to name the software they
>> tested it against.
>>
>> Fake controversy calculated to draw attention is all I see in the
>> EE threads. That, and a couple of people who had their system
>> registy eaten by an early, buggy version of EE, and a bunch of
>> people pissed off at EE for spamming.
>>
>> >Make no mistake about it -- some people are out to deliberately
>> >destroy this product. EE is not merely indulging themselves in the
>> >art of spamming. I think they are fighting for their corporate life.
>>
>> If they are fighting for their corporate lives, it is because
>> they shoot themselves in the foot every time they fire up a news
>> reader and say, "oh goody free advertising, that's what
>> newsgroups are for".
>>
>> Which reminds me to mention:
>>
>> Eraser does 99% of the job EE does, for free, without added
>> system overhead. Just add any files and directories you consider
>> sensitive to the task list, and choose whether to wipe them on
>> schedule or on demand. http://www.tolvanen.com/eraser/
>>
>> Remember, a dollar spent with EE, is a vote for spam in
>> newsgroups.
>>
>> >I bought it awhile back and use it everyday. I think it's one the
>> >most indispensable pieces of software I own.
>> >
>> >Did it ever occur to you that maybe some of EE's chief detractors wear
>> >badges?lll
>>
>> If you have a real reason to worry about people who wear badges,
>> you better start worrying about your ISP logging all your
>> internet traffic, and handing over your archived e-mail
>> (typically four to six months of it), both of which are routinely
>> done by most ISPs at the request of any officer of the court.
>>
>> You should also worry about packet sniffers, keyloggers, remote
>> administration tools, and BTW check your network and file share
>> settings.
>>
>> Evidence Eliminator does not eliminate evidence, it just
>> overwrites files and clears some registry keys. Any advantage
>> this might present in defending a criminal case, is more than
>> outweighed by the psychological impact on the jury of the name
>> "Evidence Eliminator". If you are counting on it to keep you out
>> of jail, be afraid. Be very afraid.
>>
>> :o)
>>
>> Steve
>
--
Regards,
EE Support
[EMAIL PROTECTED] (remove NO_SP_AM for e-mail)
http://www.evidence-eliminator.com/
------------------------------
From: EE Support <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,alt.privacy.anon-server,alt.security.pgp
Subject: Re: Anti-Evidence Eliminator messages, have they reached a burn-out po
Date: Thu, 01 Jun 2000 20:48:52 +0100
Reply-To: [EMAIL PROTECTED]
On 31 May 2000 16:14:19 GMT, [EMAIL PROTECTED] (Mark Wooding) wrote:
>Joe@Joe's.bar&grill.org <Joe@Joe's.bar&grill.org> wrote:
>> On Sat, 27 May 2000 22:15:07 GMT, [EMAIL PROTECTED] (Steve) wrote:
>> >Every EE thread I've seen for weeks now has been started by EE
>> >spam.
>>
>> Get real! They reply to scurrilous attacks. Unless you wish to claim
>> that they themselves are "planting" these attacks.
>
>There were no attacks on EE in sci.crypt. This thread is only in
>sci.crypt because EE support spammed us.
>
>I've not used the software, I've no idea who's telling porkie pies, and
>I quite honestly don't care. The EE people have not endeared themselves
>to me, though, and I've no intention of ever rewarding them for spamming
>Usenet groups and trying to sell proprietary software.
>
>-- [mdw]
Sorry we don't SPAM.
We posted maybe 5 times to sci.crypt in the last year with
announcements relating to discussions on our software in that group.
Please prove us wrong.
--
Regards,
EE Support
[EMAIL PROTECTED] (remove NO_SP_AM for e-mail)
http://www.evidence-eliminator.com/
------------------------------
From: EE Support <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,alt.privacy,alt.privacy.anon-server
Subject: Re: Anti-Evidence Eliminator messages, have they reached a burn-out po
Date: Thu, 01 Jun 2000 20:48:52 +0100
Reply-To: [EMAIL PROTECTED]
On Sun, 28 May 2000 18:05:47 +0100, Jim Crowther
<[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, Griffin
><[EMAIL PROTECTED]> writes
>>On Sat, 27 May 2000 17:38:32 +0100, Joe@Joe's.bar&grill.org wrote:
>>
>>>And exactly how are they to defend themselves against
>>>the constant barrage of lies regarding their software? If
>>>they do not defend themselves, the lies will become
>>>truth in the minds of most.
>>
>>Hundreds of security products on the internet and EE's the only one
>>that some sinister force is "trying to destroy".
>>
>><SARCASM>
>>Must be because it's so good someone's quaking in their shoes. huh?
>></SARCASM>
>>
>>Nobody has to attack the product to make it look bad. EE Support's
>>smart-ass trolls have done more to harm the program's reputation than
>>the CIA could ever hope for.
>>
>
>At the considerable risk of troll-feeding, I think EE Support is the one
>who's trying to sabotage the program. If it wasn't for him, many more
>folk would have tried it.
>
>One program that really does erase everything *underneath* your data is
>SpinRite - when EE Support was last pointed at the way it works
><URL:http://grc.com/files/technote.zip>, the posts from him stopped in
>their tracks.
Hi Jim,
We at Evidence Eliminator actually respect Steve Gibson and we use his
Spinrite software.
I'm sorry to see this silly anti-Evidence Eliminator software messages
continue.
I'm also thankful for the genuine readers of this newsgroup who have
taken to regularly assisting us in stopping the dis-information
campaign being waged against our Evidence Eliminator.
--
Regards,
EE Support
[EMAIL PROTECTED] (remove NO_SP_AM for e-mail)
http://www.evidence-eliminator.com/
------------------------------
From: EE Support <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,alt.privacy.anon-server,alt.security.pgp
Subject: Re: Anti-Evidence Eliminator messages, have they reached a burn-out po
Date: Thu, 01 Jun 2000 20:48:53 +0100
Reply-To: [EMAIL PROTECTED]
On 29 May 2000 00:57:09 -0500, James K <[EMAIL PROTECTED]> wrote:
>This is more bullshit SPAM, posted by the dickhead who is pushing that
>piece of crap EE.
>
Please justify your statement.
We look forward to your justification.
--
Regards,
EE Support
[EMAIL PROTECTED] (remove NO_SP_AM for e-mail)
http://www.evidence-eliminator.com/
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Contest rule proposal
Date: 01 Jun 2000 12:45:49 -0700
I propose a rule that all algorithms for the sci.crypt crypto contest
must be in the public domain. Please note, I am talking about the
algorithms, and not the sample code.
I believe this rule is within the spirit of openly exchanging ideas
which the contest was started with. I'm fine with letting Chutzpah
stay, being "grandfathered in" so to speak, but I think that allowing
more patented algorithms to be submitted would be counterproductive.
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
From: Baruch Even <[EMAIL PROTECTED]>
Subject: Re: Q: Session key generation
Date: Thu, 01 Jun 2000 14:10:47 +0200
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>
> Suppose one uses a block cipher with a certain key size and needs a lot
> of session keys each day, then it seems desirable to have some
> systematic method of obtaining these. I think that different people are
> using different methods or maybe even have different
> 'philosophies' about what is preferable/best. I should appreciate
> being able to know them. Many thanks in advance.
Supposedly the session keys are generated from a PRNG, as most users
do not have an hardware RNG. This requires that the PRNG is a good
one, as far as I remember, the usual definition is "Attacker is given all but
one bit, and guesses that bit with probability more than half" (this defines
a broken PRNG).
I would think that it would be advisable to use external events as entropy
source, anything from keyboard, mouse and hard-drive timings. One
should be wary however from using only off-the-shelf stuff as the
application is the driving force. If the machine is also a web-server the
attacker can guess that no keyboard or mouse is working and by forcing
the load of the webserver up or down can try (how to do that is beyond me)
guess the harddrive timings. Possibly internal network timings and the
room background noise could be used to "enhance" this.
Obiously if you can get your hand on an hardware RNG, and assuming
it is hard eough for the attacker to guess its output, you would be better
off.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
