Cryptography-Digest Digest #947, Volume #11 Mon, 5 Jun 00 13:13:01 EDT
Contents:
Re: Quantum computers (JCA)
Limits of the knowledge of the NSA (Runu Knips)
do you need unrestricted FREE S/MIME certificate ? than read message ... (jungle)
Re: XTR independent benchmarks (Roger Schlafly)
Re: Could RC4 used to generate S-Boxes? (Simon Johnson)
Re: Question about recommended keysizes (768 bit RSA) (DJohn37050)
Paper about Pollards Algorithm for finding discrete logs ("Jesper Stocholm")
Re: Cipher design a fading field? ("Douglas A. Gwyn")
Re: Faster than light Cryptanalysis ("Douglas A. Gwyn")
Re: Actually this person faxed me an article of the U.S. commercial espionage in
August, 1995 .... good work Tatu Ylonen ... actually I have tried to provide some
intel in the past ... (Markku J. Saarelainen)
Re: Statistics of occurences of prime number sequences in PRBG output as gauge of
"goodness" ([EMAIL PROTECTED])
Re: Need "attack time" measurements on a toy cipher... (long) ("Paul Pires")
Re: Question about recommended keysizes (768 bit RSA) (Jerry Coffin)
Re: Cipher design a fading field? (Anton Stiglic)
I have actually been following some activities of Jan H, an ex-CIA officer who
helped to set up Motorola's intelligence system .. interesting .. (Markku J.
Saarelainen)
Re: I have actually been following some activities of Jan H, an ex-CIA officer who
helped to set up Motorola's intelligence system .. interesting .. (Markku J.
Saarelainen)
----------------------------------------------------------------------------
From: JCA <[EMAIL PROTECTED]>
Subject: Re: Quantum computers
Date: Mon, 05 Jun 2000 07:44:13 -0700
DrArm wrote:
> Is it true that NSA has a quantum computer for codebraking?
I guess you mean codebreaking.
I am sure they don't. Actually, I have the feeling that the NSA's
capabilities are usually exaggerated. They are good, but not
gods. In fact, elliptic curve cryptography seems to have escaped
them completely, and caught them off balance when originally
published in the mid-eighties.
------------------------------
Date: Mon, 05 Jun 2000 17:20:33 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Limits of the knowledge of the NSA
JCA wrote:
> [...] Actually, I have the feeling that the NSA's
> capabilities are usually exaggerated. They are good, but not
> gods. In fact, elliptic curve cryptography seems to have escaped
> them completely, and caught them off balance when originally
> published in the mid-eighties.
Well, this might be true for any new invention. The NSA might
not have known about that before. But on the other hand, it
is also clear that the NSA still knows much which the public
doesn't know, isn't it so ?
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: do you need unrestricted FREE S/MIME certificate ? than read message ...
Date: Mon, 05 Jun 2000 11:34:18 -0400
do you need unrestricted FREE S/MIME certificate ? than read message ...
--
To protect privacy, use encryption ALL the time. Free S/MIME & PGP at:
https://secure.openca.org/ http://web.mit.edu/network/pgp.html
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: XTR independent benchmarks
Date: Mon, 05 Jun 2000 08:37:38 -0700
Wei Dai wrote:
> All this is probably irrelevant because the differences are just not great
> enough to matter. People are either going to use ECC when bandwidth is
> important, or DH over GF(p) when it's not.
Yes, even if XTR were free. Then when you consider that DH, ECC,
LUCDIF are all patent-free, and RSA will soon be, it is hard to
see who is going to be using XTR.
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Could RC4 used to generate S-Boxes?
Date: Mon, 05 Jun 2000 15:34:02 GMT
In article <[EMAIL PROTECTED]>,
tomstd <[EMAIL PROTECTED]> wrote:
> In article <8hdt3k$apl$[EMAIL PROTECTED]>, Simon Johnson
> <[EMAIL PROTECTED]> wrote:
> >I've read somewhere that RC4 is secure against both diff & lin
> >cryptanalyis. I figure this secuirty must be derived from its s-
> box. My
> >real question is, is the secrecy of the s-box that makes it
> secure or
> >does the algorithm generate diff & lin optimized s-boxes?
>
> Chances are you have a bit of reading todo on sbox construction.
Damn Right, thats why i'm asking. :)
Anyone know a good tutorial?
>
> The reason RC4 is secure is that it's hard to model the internal
> state based on output only. Some 'weak keys' have been
> identified which leak more information about the state.
>
> The sboxes RC4 makes are by no means secure on their own (i.e in
> a feistel cipher), and don't always have optimial cryptographic
> properties (SAC, BIC, non-linear, bijective, low xor-pairs).
I kinda thought this, i posted this question to confirm that this was
not the case.
> Tom
--
=======
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Question about recommended keysizes (768 bit RSA)
Date: 05 Jun 2000 15:47:33 GMT
They are using diff. models. ANSI X9 mandates a minimum of 1024 bit RSA keys.
The Lenstra 1024 RSA = about 80 bit symmetric is using the TIME model, just
looking at the TIME (that is, estimated number of computer operations) that is
expected to be needed to break eaither alg. based on today's known best
methods.
Using just TIME is a conservative choice, as it has the least assumptions.
The Bob Silverman SPACE model includes TIME, but also includes calculations
for SPACE (storage) needed by the current known best methods. If the method
was improved so that SPACE requierments were reduced, but not TIME, then Bob's
model might need to be changed, but not the TIME model.
So in a sense, it depends on how conservative you wish to be. Note that an
ideal symmetric key has essentially only TIME constraints on breaking, storage
needed is negligible.
Of course, if a TIME improvement came out, it might mean both model's estimates
need to change.
Don Johnson
------------------------------
From: "Jesper Stocholm" <[EMAIL PROTECTED]>
Subject: Paper about Pollards Algorithm for finding discrete logs
Date: Mon, 5 Jun 2000 18:08:53 +0200
I am looking for a scientific paper, that deals with the tecniques
behindPollard's discrete log-finder. I have HAC (chap. 3.6.3), but it is
not 'detailed' enough ... can anyone help me with a title ?
I am trying to implement the algorithm for educational purposes, but it
is somewhat difficult. I would be very grateful, if I could have a
sneek-peek a some code in either c/++ or any other High-level
programming language.
thanks,
Jesper Stocholm
--
http://stocholm.dk
MSN Messenger: [EMAIL PROTECTED]
Stud. Tech, Technical University of Denmark
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Cipher design a fading field?
Date: Mon, 5 Jun 2000 15:17:42 GMT
Mok-Kong Shen wrote:
> wtshaw wrote:
> > Ah..the old problem: What is strength?
> This question is virtually in the same category as 'What is truth?'.
Not at all. A scientific investigation of cryptosecurity is possible;
you can't just wave away the issue. It's a matter of knowledge vs.
uninformed guessing.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Faster than light Cryptanalysis
Date: Mon, 5 Jun 2000 15:20:05 GMT
Mok-Kong Shen wrote:
> I heard the other day a lecture on 'quantized sound'. The lecturer attempted
> to establish that sound transmission is also a quantum phenomenon. I guess
> there must be some flaws somewhere.
There are modes called "phonons", but generally speaking sound
transmission
is understandable in terms of classical (non-quantum) physics.
------------------------------
From: Markku J. Saarelainen <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,soc.culture.nordic,soc.culture.russian
Subject: Re: Actually this person faxed me an article of the U.S. commercial espionage
in August, 1995 .... good work Tatu Ylonen ... actually I have tried to provide some
intel in the past ...
Date: Mon, 05 Jun 2000 16:24:03 GMT
Your posting is a joke .... what is one government allocating billions
of dollars to intelligence activities and intelligence R&D and
satellites and encryption .. .. who is trying to control encryption .
so I decide to ignore your posting as nonsense.
Yours,
Markku
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> I'm sorry but compared to the private security firms the government
> spies are a joke. Almost all companies around the world are vitally
> concerned about the competition. Be assured that the first product
> from the production line will be bought and disassembled by your
> competitor. And they will stop at nothing to learn your secrets to put
> them at an advantage. This is just business.
> The spy agencies are more interested in the big picture. Most of
> their information could probably found in public magazines and
> newspapers.
> Don't fear the CIA,FBI, etc. fear GM and Toyota. Motorola and Sony.
> They are far more efficient in their spying.
> On Thu, 25 May 2000 19:09:32 GMT, Markku J. Saarelainen
> <[EMAIL PROTECTED]> wrote:
>
> >
> >
> >NOTE: Personally I was aware of the CIA/FBI?NSA espionage specified
in
> >this article already ..... actually this was around the time,
when "M"
> >discovered some U.S. gov's business intel spies on the Internet and
on
> >the cipherpunks (toad.com) mailing etc. lists ....
> >
> >"Kaikkea hyvää ei voi antaa ilmaiseksi"
> >
> > Salausguru Tatu Ylöselle insinöörityöpalkinto
> >
> >
> >Tekniikan Akateemisten liitto myönsi suomalaisen
insinöörityöpalkinnon
> >tekniikan lisensiaatti Tatu Ylöselle, 32, hänen ansioistaan
internetin
> >tietoturvan kehittämisessä. 100 000 markan palkinnon Ylönen sai
> >pääteyhteyksiä salaavasta SSH-ohjelmistosta.
> >
> >http://www.helsinginsanomat.fi/uutiset/juttu.asp?
> >id=20000525TA16&pvm=20000525
> >
> >
> >
> >Sent via Deja.com http://www.deja.com/
> >Before you buy.
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Statistics of occurences of prime number sequences in PRBG output as
gauge of "goodness"
Date: Mon, 05 Jun 2000 16:23:21 GMT
In article <[EMAIL PROTECTED]>,
"John A. Malley" <[EMAIL PROTECTED]> wrote:
> Does anyone know of any work or analyses available covering the
> probability of prime number sequences in PRBG output as a measure of
> "goodness of fit" to a true random bit sequence? Is this
characteristic
> covered by other empirical statistical tests? And is there a published
> attack exploiting this?
My gut reaction says that roughly ln(n)/n of n numbers taken from your
stream should be prime. IIRC, the prime number theorem says there are
roughly ln(n)/n prime numbers less than or equal to n, so trying to get
close to this seems like an honorable thing to do. (Bearing in mind, I
could be way off. :)
Whether it helps determine how random something is, I don't know. ;)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Need "attack time" measurements on a toy cipher... (long)
Date: Mon, 5 Jun 2000 09:35:34 -0700
> Finding out the conventional flaw with your system doesn't tell you squat
> about the worst case risk. If you got a time approximation from someone
here
> and it was something you could live with, would you have used it?
>
Used the system? Or used the approximation?
Used the system. I was trying to point out the obvious. That the whole
exercise of getting strength estimates to justify the use of a "toy" cipher
is flawed. You can't use the best attack to establish confidence in the
worst case scenario. The best attack merely tells you that you are provably
no better than this. It doesn't tell you how bad it could actually be.
Paul
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy.anon-server,alt.security.pgp
Subject: Re: Question about recommended keysizes (768 bit RSA)
Date: Mon, 5 Jun 2000 10:37:07 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> I can't figure out which model is best; The computional equivalence
> model by RSA Labs, or the cost equivalence based model by
> Lenstra/Verheul. I tend to trust the word of Bob Silverman, but I'm also
> chauvinistic enough to trust my fellow dutchmen.
I think a cost-based model is more accurate. Ultimately, it's cost
that's going to determine what an attacker does or does not attack.
> I can go along with the assumptions and deductions claimed in
> <http://www.rsasecurity.com/rsalabs/bulletins/bulletin13.html> about
> Moore's law not holding, bus speeds and no big breakthroughs to be
> archived in factoring/discrete logarithms.
I canNOT go along with this comarison at all. I'll give a couple of
examples of exactly WHY this si true.
Comparing a Vax 11/780 to a Pentium II is ridiculous. When the Vax
11/780 was new, it was a large, expensive machine that was often the
ONLY computer for even quite a large company. A reasonable current
machine to which it could be compared would be an AlphaServer GS320.
Mr. Silverman quotes 133 MB/s as a current bandwidth to memory, but
this machine as an aggregate internal bandwidth of 51 GB/s. If,
OTOH, he wants to compare a relatively low-end Intel machine of
today, then his 1977 processor should also be a relatively low-end
Intel machine. Comparing the Pentium II or Pentium III to something
like an Intel 8008 changes the picture a GREAT deal. To be entirely
fair, I'll point out that the 51 GB/s bandwidth is an _aggregate_
number, so it probably does NOT give a completely accurate
representation of the performance available on GNFS sieving with that
machine. Despite this, it's at least as accurate as comparing a Vax
11/780 to a Pentium-class machine. In terms of real cost, the
AphaServer almost certainly costs less than the 11/780 when it was
new.
Likewise, with processor cache sizes, he compares the cache of a
SPARC-10 to the cache of a Pentium II. If he wants to use the SPARC-
10 as the basis, the current processor should be something like an
UltraSPARC III or perhaps an HP PA-8500. Using the latter, the
current size is 12 megabytes instead of the 512K he quotes, so his
comparison is in error by a factor of approximately 24. If he wants
to compare a current Intel chip, it should be to an older Intel chip
-- 10 years ago, Intel was selling 486es, which had 8K of cache.
That means the cache size on an Intel processor has doubled 6 times
in 10 years, which fits Moore's observation VERY closely indeed.
In short, the facts in this paper must be scrutinized VERY closely
before being taken as meaning much of anything. While the basic
ideas of what parameters should be compared may be somewhat
reasonable, the data points he's chosen are misleading at VERY best.
If you want to make such comparisons, think HARD about what you're
really comparing, and compare apples to apples or oranges to oranges.
When you do an honest comparison, you'll reach entirely different
conclusions from those drawn in the paper you cited.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Cipher design a fading field?
Date: Mon, 05 Jun 2000 12:46:48 -0400
[EMAIL PROTECTED] wrote:
> (b) I wish professional cryptographers would quit inventing a plethora
> of new encryption schemes a.k.a. AES, until the have figured out how to
> defeat the existing ones e.g. DESX, Triple-DES, IDEA, Blowfish, GOST, ad
> infinitum. This is exactly my point, why use a new cipher when it may
> or may not be more secure than the old one?
We all know of good reasons why we want DES to be replaced, 56 bit keys
is not enough security. We know why we want to replace 3-DES, DES was
designed for hardware, allot of encryption is being done in software, we
want something that is fast in software (and still keep it fast in
hardware).
Why don't we use Blowfish for example? Well, one reason is that it has
not
gotten the cryptanalysis spotlight yet. Meaning, crytanalysts have not
been
motivated enough to try to break it. TwoFish replaces Blowish, and is
now
getting the "cryptanalysis spotlight". Of course, we won't get anything
provably secure out of AES, but at least we'll get an encryption cipher
that
performs well under various conditions, and the ciphers have gotten the
attention of the whole crytanalysis community.
By the way, where is the web page of the little sci.crypt cipher
contest?
Anton
------------------------------
From: Markku J. Saarelainen <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,soc.culture.nordic,soc.culture.russian
Subject: I have actually been following some activities of Jan H, an ex-CIA officer
who helped to set up Motorola's intelligence system .. interesting ..
Date: Mon, 05 Jun 2000 16:44:43 GMT
I have actually been following some activities of Jan H, an ex-CIA
officer who helped to set up Motorola's business intelligence system ..
interesting .. he has been very active in SCIP ... from early 1990's
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> I'm sorry but compared to the private security firms the government
> spies are a joke. Almost all companies around the world are vitally
> concerned about the competition. Be assured that the first product
> from the production line will be bought and disassembled by your
> competitor. And they will stop at nothing to learn your secrets to put
> them at an advantage. This is just business.
> The spy agencies are more interested in the big picture. Most of
> their information could probably found in public magazines and
> newspapers.
> Don't fear the CIA,FBI, etc. fear GM and Toyota. Motorola and Sony.
> They are far more efficient in their spying.
> On Thu, 25 May 2000 19:09:32 GMT, Markku J. Saarelainen
> <[EMAIL PROTECTED]> wrote:
>
> >
> >
> >NOTE: Personally I was aware of the CIA/FBI?NSA espionage specified
in
> >this article already ..... actually this was around the time,
when "M"
> >discovered some U.S. gov's business intel spies on the Internet and
on
> >the cipherpunks (toad.com) mailing etc. lists ....
> >
> >"Kaikkea hyvää ei voi antaa ilmaiseksi"
> >
> > Salausguru Tatu Ylöselle insinöörityöpalkinto
> >
> >
> >Tekniikan Akateemisten liitto myönsi suomalaisen
insinöörityöpalkinnon
> >tekniikan lisensiaatti Tatu Ylöselle, 32, hänen ansioistaan
internetin
> >tietoturvan kehittämisessä. 100 000 markan palkinnon Ylönen sai
> >pääteyhteyksiä salaavasta SSH-ohjelmistosta.
> >
> >http://www.helsinginsanomat.fi/uutiset/juttu.asp?
> >id=20000525TA16&pvm=20000525
> >
> >
> >
> >Sent via Deja.com http://www.deja.com/
> >Before you buy.
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Markku J. Saarelainen <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,soc.culture.nordic,soc.culture.russian
Subject: Re: I have actually been following some activities of Jan H, an ex-CIA
officer who helped to set up Motorola's intelligence system .. interesting ..
Date: Mon, 05 Jun 2000 16:51:39 GMT
In the past I also research 6 Sigma and other quality things by
Motorola .... :)
In article <8hgldl$8mm$[EMAIL PROTECTED]>,
Markku J. Saarelainen <[EMAIL PROTECTED]> wrote:
>
>
> I have actually been following some activities of Jan H, an ex-CIA
> officer who helped to set up Motorola's business intelligence
system ..
> interesting .. he has been very active in SCIP ... from early 1990's
>
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > I'm sorry but compared to the private security firms the government
> > spies are a joke. Almost all companies around the world are vitally
> > concerned about the competition. Be assured that the first product
> > from the production line will be bought and disassembled by your
> > competitor. And they will stop at nothing to learn your secrets to
put
> > them at an advantage. This is just business.
> > The spy agencies are more interested in the big picture. Most of
> > their information could probably found in public magazines and
> > newspapers.
> > Don't fear the CIA,FBI, etc. fear GM and Toyota. Motorola and Sony.
> > They are far more efficient in their spying.
> > On Thu, 25 May 2000 19:09:32 GMT, Markku J. Saarelainen
> > <[EMAIL PROTECTED]> wrote:
> >
> > >
> > >
> > >NOTE: Personally I was aware of the CIA/FBI?NSA espionage specified
> in
> > >this article already ..... actually this was around the time,
> when "M"
> > >discovered some U.S. gov's business intel spies on the Internet and
> on
> > >the cipherpunks (toad.com) mailing etc. lists ....
> > >
> > >"Kaikkea hyvää ei voi antaa ilmaiseksi"
> > >
> > > Salausguru Tatu Ylöselle insinöörityöpalkinto
> > >
> > >
> > >Tekniikan Akateemisten liitto myönsi suomalaisen
> insinöörityöpalkinnon
> > >tekniikan lisensiaatti Tatu Ylöselle, 32, hänen ansioistaan
> internetin
> > >tietoturvan kehittämisessä. 100 000 markan palkinnon Ylönen sai
> > >pääteyhteyksiä salaavasta SSH-ohjelmistosta.
> > >
> > >http://www.helsinginsanomat.fi/uutiset/juttu.asp?
> > >id=20000525TA16&pvm=20000525
> > >
> > >
> > >
> > >Sent via Deja.com http://www.deja.com/
> > >Before you buy.
> >
> >
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
