Cryptography-Digest Digest #955, Volume #11 Tue, 6 Jun 00 12:13:01 EDT
Contents:
Re: Some dumb questions (Mark Wooding)
Re: Question about recommended keysizes (768 bit RSA) (Bob Silverman)
Re: Question about recommended keysizes (768 bit RSA) (Bob Silverman)
Re: Statistics of occurences of prime number sequences in PRBG output as gauge of
"goodness" (Bob Silverman)
Re: Question about recommended keysizes (768 bit RSA) (DJohn37050)
Re: Statistics of occurences of prime number sequences in PRBG output as ("John A.
Malley")
Solution for file encryption / expiration? (Will Dormann)
Re: Good ways to test. (John)
Re: Good ways to test. (John)
Re: Statistics of occurences of prime number sequences in PRBG output as ("John A.
Malley")
Re: Quantum computers (JCA)
Re: Need "attack time" measurements on a toy cipher... (long) ("TheGPFguy")
Re: Solution for file encryption / expiration? (Mark Wooding)
Re: Need "attack time" measurements on a toy cipher... (long) ("TheGPFguy")
Re: Some citations (Mok-Kong Shen)
Re: Some dumb questions (Mok-Kong Shen)
Re: Could RC4 used to generate S-Boxes? ("T.Williams")
Re: Solution for file encryption / expiration? ("John E. Kuslich")
Re: Question about recommended keysizes (768 bit RSA) (Jerry Coffin)
Re: Concerning UK publishes "impossible" decryption law (Your Name)
Re: Favorite Cipher Contest Entry (Runu Knips)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Some dumb questions
Date: 6 Jun 2000 13:31:44 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Volker Hetzer wrote:
>
> > You xor the two ciphertexts together and the keystream falls out.
> > What remains is a message encrypted with a decidedly nonrandom key.
>
> Yes, you get the xor of two messages. But how to go further from
> that point (there is no known plaintext whatever)?
If of the two messages is also random then you're left with an
intractable problem still -- you've reduced a not-quite-one-time pad to
a real one-time pad, which is a shame. Otherwise, if neither message is
random, you have some probability information about their combination,
which can help to adjust the probabilities for the individual messages.
-- [mdw]
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy.anon-server,alt.security.pgp
Subject: Re: Question about recommended keysizes (768 bit RSA)
Date: Tue, 06 Jun 2000 13:40:29 GMT
In article <[EMAIL PROTECTED]>,
Jerry Coffin <[EMAIL PROTECTED]> wrote:
> In article <8hh40c$ktj$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
> You've got two possibilities: you can compare high-end machines then
> to high-end machines now, or you can compare low-end machines then to
> low-end machines now. You can NOT, however, get anything approaching
> meaningful results by comparing a high-end machine then to a low-end
> machine now (or vice versa).
The VAX was NOT a "high-end" machine in 1977. It simply happened to
be the first 32 bit machine built by DEC.
You want a "high-end" machine in 1977? Try the CDC-6600.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Question about recommended keysizes (768 bit RSA)
Date: Tue, 06 Jun 2000 13:45:30 GMT
In article <8hhcok$v4s$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David A. Wagner) wrote:
> In article <[EMAIL PROTECTED]>,
> Roger Schlafly <[EMAIL PROTECTED]> wrote:
> > It is not obvious to me why it a time estimate should be more
> > accurate than a space estimate.
>
> One reason why it might be so is that many theoretical works consider
> only the total complexity, and even then, in asymptotic form only.
We have real-world benchmarks!!! These are not "theoretical estimates".
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Statistics of occurences of prime number sequences in PRBG output as
gauge of "goodness"
Date: Tue, 06 Jun 2000 13:51:09 GMT
In article <[EMAIL PROTECTED]>,
"John A. Malley" <[EMAIL PROTECTED]> wrote:
<snip>
The keystream generator makes a
> non repeating sequence of 2^m - 1 numbers. And phi(2^m) of those
numbers
> are prime. Now there is no iterated or recursive mathematical function
> that
> generates all primes starting from a given input value.
FALSE.
Go read chapter 3 of Paulo Ribenboim's book
"The Book of Prime Number Records".
Such formulae and functions DO exist.
Just a hint as to where they come from:
Wilson's Theorem. Now imagine a function which is 0 when the
input is composite and 1 when it is prime. (One can easily derive
such a function from Wilson's theorem).
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Question about recommended keysizes (768 bit RSA)
Date: 06 Jun 2000 14:17:41 GMT
Hi Roger,
Here is how I see it, you are of course to free to see it however you wish.
Model A: (TIME) count ops
Model B: (SPACE) counts ops and storage.
Model A is more conservative, in that advances in methods that reduce storage
requirements do not require a re-examination of the assumptions of the model,
unlike Model B. It is not silly to use Model A, it is simply more conservative
than Model B. AND it avoids the complexity of trying to map the
TIME-constrained symmetric key size to a SPACE-constrained asymmetric key size.
The mapping is straightforward, TIME to TIME.
Don Johnson
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Statistics of occurences of prime number sequences in PRBG output as
Date: Tue, 06 Jun 2000 07:27:01 -0700
Bob Silverman wrote:
>
> In article <[EMAIL PROTECTED]>,
> "John A. Malley" <[EMAIL PROTECTED]> wrote:
>
> <snip>
>
> The keystream generator makes a
> > non repeating sequence of 2^m - 1 numbers. And phi(2^m) of those
> numbers
> > are prime. Now there is no iterated or recursive mathematical function
> > that
> > generates all primes starting from a given input value.
>
> FALSE.
>
> Go read chapter 3 of Paulo Ribenboim's book
> "The Book of Prime Number Records".
>
> Such formulae and functions DO exist.
Thank you, Mr. Silverman! This is what I was looking for.
Now I'm off to read that chapter...
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Will Dormann)
Subject: Solution for file encryption / expiration?
Date: Tue, 06 Jun 2000 14:35:57 GMT
Hello!
I work for a web site that provides books for free in PDF format on the
internet. Most of our material is public domain, but in order to attract new
authors, my boss is wanting to look into some sort of "protected" format.
(Which cannot be displayed after a certain amount of time, and I guess
encrypted to prevent copying too)
1) Is this practical? I would assume that this would require a speical
software viewer? (which he would want me to program myself). This would
make it a platform-specific item, too, I would assume. Currently books are
in PDF format, which just about anybody can view.
2) Is it possible? I'm from the school of "If it can be viewed, it can be
copied!" And as for the file "expirint" (not viewable, say, after 30
days)... You've got me!
3) Would anybody in their right mind even attempt such a project at $8 /
hour?!? (boy, I need a new job!)
TIA for any comments, suggestions, etc...
(CC my E-mail if at all possible)
-WD
_____________________________________________________________________
Need More Help?
Check out the Abika Experts section at
http://www.Abika.com
------------------------------
Subject: Re: Good ways to test.
From: John <[EMAIL PROTECTED]>
Date: Tue, 06 Jun 2000 07:39:36 -0700
I suppose it depends if you are working on an empirical or
theoretical level.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: Good ways to test.
From: John <[EMAIL PROTECTED]>
Date: Tue, 06 Jun 2000 07:41:21 -0700
Maybe, as silly as it sounds, we need a working definition for
secure.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Statistics of occurences of prime number sequences in PRBG output as
Date: Tue, 06 Jun 2000 07:49:48 -0700
Mok-Kong Shen wrote:
>
> "John A. Malley" wrote:
>
> > Mok-Kong Shen wrote:
> > >
> > > I don't understand your sentence 'there is no iterated or recursive
> > > mathematical function that generates all primes starting from a given
> > > input value'. One can write a program to generate successive primes.
> > > Woudn't that contradict your statement?
> >
> > Well, no, I don't think so - let me clarify. Let's use L'Ecuyer's
> > definition of a generator:
>
> [snip]
>
> We are talking just about an arbitrary (to be defined) function, not
> about any randomness property of it, right? Now a function in a finite
> discrete domain, here of integer values, can be simply defined by a
> look up table and it is obvious that you can prescribe the iteration
> sequence of the function starting from a certain given initial value to
> be anything you want, in particular a sequence containing a specific
> bunch of given and that exactly in the location you want. Do I miss
> something here?
>
As you described here, we iterate a formula repeatedly applied to the
integer index into the table.
Say the table is just every number from 0 to 2^m, well ordered. So the
index into the table is the value at that location in the table.
The lookup formula is not itself the source of any randomness, like you
said.
And the formula is a linear or non-linear function that takes the
previous index and generates the next index, and when doing so, produces
a pseudorandom output sequence where each value in the table appears
exactly once before the cycle repeats, and the statistics of
distribution of ones and zeros, bands and gaps is consistent with those
expected for a finite string of bits from a true random bit source.
For each possible output sequence, we start from a different index value
into the table and apply the same formula repeated. That initial index
value into the table is the seed.
So an arbitrary piece-part formula for table index lookup generation
that produces occasional long substrings of of all primes when starting
from index value a, should also produce occasional occurrences of long
substrings of all primes from starting from index value b or any other
index value.
What are the statistics of multiple prime substrings in the output
string of bits? How well do they match the statistics for the
occurrences of multiple prime substrings in true random bit strings of
the same length?
I just read Bob Silverman's post on functions that do iteratively
generate all primes starting from an initial value. A better
understanding of that on my part may answer my questions here. Got
homework to do.
Thanks for your help,
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: JCA <[EMAIL PROTECTED]>
Subject: Re: Quantum computers
Date: Tue, 06 Jun 2000 07:48:09 -0700
Read what I wrote more carefully. I never said, or implied, that
the NSA knows nothing about ECC. I just said when the fundamentals
of ECC were published the NSA guys were not even considering
such crypto avenues, as they have publicly acknowledged, and as
an agency ex-member mentioned to me.
You may argue that they lie while saying that, perhaps in order to
stay one step ahead of the academic community. However, they
readily acknowledged to having discovered the basics of public key
cryptography and differential cryptanalysis years before academia.
Another hint about the fact that the world is leaving them behind
is their all too obvious preoccupation with a wide availability of crypto
software that is beyond their powers to break effectively.
Please show better manners before accusing someone in public of
issuing clueless statements, especially when your counterarguments
are so weak and subjective.
Mike Rosing wrote:
> JCA wrote:
> > I am sure they don't. Actually, I have the feeling that the NSA's
> > capabilities are usually exaggerated. They are good, but not
> > gods. In fact, elliptic curve cryptography seems to have escaped
> > them completely, and caught them off balance when originally
> > published in the mid-eighties.
>
> I'd like to point out that this a particularly clueless comment. The
> NSA has
> several members who publish papers and visit every crypto conference
> where
> ECC is discussed. They also have members on the IEEE P1363 crypto
> standards
> committee and are actively specifying ECC standards. I suspect they
> stay
> tuned in with all the crypto conferences and are well aware of what's
> interesting. Whether they use it or not is a different parameter, they
> are,
> and probably have been, very well aware of ECC for a long time.
>
> Patience, persistence, truth,
> Dr. mike
------------------------------
From: "TheGPFguy" <[EMAIL PROTECTED]>
Subject: Re: Need "attack time" measurements on a toy cipher... (long)
Date: Tue, 06 Jun 2000 14:55:51 GMT
Paul Pires <[EMAIL PROTECTED]> wrote in article
<%GQ_4.70523$[EMAIL PROTECTED]>...
>> Used the system? Or used the approximation?
>
> Used the system. I was trying to point out the obvious. That the
whole
> exercise of getting strength estimates to justify the use of a
"toy" cipher
> is flawed. You can't use the best attack to establish confidence in
the
> worst case scenario. The best attack merely tells you that you are
provably
> no better than this. It doesn't tell you how bad it could actually
be.
>
> Paul
Of course. Your point was indeed obvious (which is why I missed it)
but a point still well taken. In my attempts at economy of
expression, I can see now that much of what I wrote was in some
degree misleading. I really haven't been trying to establish
confidence in the algorithm or justify its use, and initially thought
that was obvious as well. [BTW, We as a discussion group have
already gone beyond what I needed in order to inject a little sanity
at work. :-) ]
I guess you could categorize my goals as having been:
* to investigate the ways in which any misguided confidence
in the toy algorithm could be destroyed; and
* to use the attacks on this simple algorithm as a springboard
to learning about cryptanalysis.
While we are on the topic of cryptanalysis, which of the books in the
FAQ list are the best starting point for learning about cryptanalysis
of real algorithms? Also, I wonder if anyone can recommend a good
text for brushing up on the necessary math skills? (My discrete
math is both rusty and [currently] weak.)
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Solution for file encryption / expiration?
Date: 6 Jun 2000 15:01:38 GMT
Will Dormann <[EMAIL PROTECTED]> wrote:
> I work for a web site that provides books for free in PDF format on
> the internet.
Most laudable.
> Most of our material is public domain, but in order to attract new
> authors, my boss is wanting to look into some sort of "protected"
> format.
Ewwww.
> (Which cannot be displayed after a certain amount of time, and I guess
> encrypted to prevent copying too)
Encryption doesn't prevent copying. You just copy the ciphertext.
> 1) Is this practical? I would assume that this would require a
> speical software viewer?
I don't know what sorts of things Adobe's viewer will do along these
lines. Other viewers, e.g., GhostScript-based ones, have readily-
available source code, and can't be `trusted' at all. (I put that in
quotes, because you can't really trust a closed program anyway.)
> (which he would want me to program myself).
Not an easy job.
> This would make it a platform-specific item, too, I would assume.
Very. Windowing systems are very different between platforms.
> 2) Is it possible? I'm from the school of "If it can be viewed, it
> can be copied!" And as for the file "expirint" (not viewable, say,
> after 30 days)... You've got me!
No. It's not.
> 3) Would anybody in their right mind even attempt such a project at $8 /
> hour?!? (boy, I need a new job!)
No. Yes.
It's all a bad idea.
-- [mdw]
------------------------------
From: "TheGPFguy" <[EMAIL PROTECTED]>
Subject: Re: Need "attack time" measurements on a toy cipher... (long)
Date: Tue, 06 Jun 2000 15:06:47 GMT
Paul Pires <[EMAIL PROTECTED]> wrote in article =
<%GQ_4.70523$[EMAIL PROTECTED]>...
>>> Finding out the conventional flaw with your system doesn't =20
>>> tell you squat about the worst case risk. If you got a time
>>> approximation from someone here and it was something you =20
>>> could live with, would you have used it? =20
>>=20
>> Used the system? Or used the approximation?
>=20
>
> Used the system. I was trying to point out the obvious. =20
> That the whole exercise of getting strength estimates to=20
> justify the use of a "toy" cipher is flawed. You can't use=20
> the best attack to establish confidence in the worst case=20
> scenario. The best attack merely tells you that you are=20
> provably no better than this. It doesn't tell you how bad=20
> it could actually be. =20
>
>=20
> Paul
Sorry to do a double follow-up, but these thoughts occurred=20
a little belatedly. :-)
It doesn't matter how bad the situation can actually be, if=20
the best case is unacceptable:
She: "I want to weight automobiles massing from 1000 to=20
6000 lbs."
Me: "Oh. Well then. You won't want to use this=20
bathroom scale, the most it can handle is 300 lbs."
:-) :-) :-)
Also, reviewing my previous posts, what I should say is that=20
my goals have been rapidly modified. :-)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Some citations
Date: Tue, 06 Jun 2000 17:20:38 +0200
Mok-Kong Shen wrote:
> I think that the following citations may be of some interest,
> because they may presumably not be unanimously accepted by
> us all and hence could trigger some discussions:
>
> Bandwidth expansion is not necessarily either a drawback
> or a strength of a system, merely a feature.
>
> The Kerckhoffs principle is neither a correct description
> of, nor a self-evident prescription for, all secrecy
> design projects.
>
> Source:
>
> G. R. Blakley, Twenty years of cryptography in the open
> literature. 1999 IEEE Symposium on Security and Privacy.
To paraphrase: (1) It doesn't matter if the ciphertext is
several times as long as the plaintext. (2) One can rely
on the secrecy (obscurity) of the encryption algorithm
as a factor contributing to the security of the system.
So far, there seems to be almost unanimous agreement on
these (though I didn't expect this).
While I am sympathetic to (1), I can't agree with (2) in
general. For it is often difficult to manage to keep the
algorithms as such secret for a long period of time.
Rather, I believe it is advantageous to have (2) in a
special sense, namely employing multiple encryptions
and/or paraemtrized ciphers. Here the individual algorithms
are not kept secret but the composition of the cipher
stack and the parameters of the ciphers used, being key
dependent, constitute a 'secret' of the system that is
unknown to the opponent.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Some dumb questions
Date: Tue, 06 Jun 2000 17:20:31 +0200
Mark Wooding schrieb:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > Volker Hetzer wrote:
> >
> > > You xor the two ciphertexts together and the keystream falls out.
> > > What remains is a message encrypted with a decidedly nonrandom key.
> >
> > Yes, you get the xor of two messages. But how to go further from
> > that point (there is no known plaintext whatever)?
>
> If of the two messages is also random then you're left with an
> intractable problem still -- you've reduced a not-quite-one-time pad to
> a real one-time pad, which is a shame. Otherwise, if neither message is
> random, you have some probability information about their combination,
> which can help to adjust the probabilities for the individual messages.
>
Your argument is correct. But it lacks the desired 'concreteness' of
solution to my problem. Note that I can only assume the frequencies
of the characters in the language (at best that the frequency values
assumed are exact) but otherwise I have no additional informations
(digrams etc. are assumed to be largely destroyed through e.g. a
simple transposition). One has to show a 'concrete' way how to get
anything from the xor of the two messages. Note also that, if the
OTP is used exactly twice, then (1) the xor of different pairs of
messages (each pair has the same OTP segment, but different pairs
have different segements) are essentailly unrelated to each other and
(2) if there is a number of messages intercepted, one has to correctly
pair the messages according to the OTP segment used (how is that
going to be done?).
M. K. Shen
------------------------------
From: "T.Williams" <[EMAIL PROTECTED]>
Subject: Re: Could RC4 used to generate S-Boxes?
Date: Tue, 06 Jun 2000 17:08:53 +0200
Runu Knips wrote:
> Simon Johnson wrote:
> > Strictly by definition, RC4 does have an s-box; One value get
> > substituted for another.
>
> Hmm. For me, a s-box is an operation of the form:
>
> f(x) -> y
>
> where f is bijective and should have some other good properties
> already discussed in this thread.
>
> The main point about it is, that it is an operation or function,
> not a dynamically changing mapping, i.e. for the same x you
> always get the same y.
>
[snip]
Ah, but this is not always the case. Remember Merkle's Khufu and
its ever changing s-boxes? There is also some discussion about this
in the Schneier and Kelsey paper "Unbalanced Feistel Networks and
Block-Cipher Design" (at the following location).
http://www.counterpane.com/unbalanced_feistel.ps.zip
Seems like not much in crypto is as simple and straightforward as
we might like :-)
-tom
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: Solution for file encryption / expiration?
Date: Tue, 6 Jun 2000 07:48:18 -0700
1) No.
2) No.
3) No.
Your only chance of anything close to success with such a project would
involve design of special hardware (you would have to design your own tamper
proof viewer). Such a design task would be a major undertaking. Even
thinking of doing it on the cheap ($8/hr :--))) is foolish beyond belief.
Anything you do in software will be cracked immediately after you put up
some content worth having ( e.g. Steven King).
You must work for that pointy - headed boss in the Dilbert strip. Is your
name Wally??
Seriously, the effects of the Internet on publishing of any sort has been
revolutionary. Freedom of information exchange may at first appear to be a
really good thing, but we may be living in a fool's paradise. If authors or
musicians or performers cannot realize profits from their work, our society
may go the way of all communist systems - incentive to succeed will be
destroyed and all available content will look like CNN where you cannot tell
the difference between the ads and the content and all content will be
served up by cute little bubble headed boobies (as on the evening news).
People will start looking for answers from John Galt.
Who is John Galt anyway ?????
JK Password Recovery Software http://www.crak.com
:--)
JK
Will Dormann <[EMAIL PROTECTED]> wrote in message
news:393d0d05$0$[EMAIL PROTECTED]...
> Hello!
>
> I work for a web site that provides books for free in PDF format on the
> internet. Most of our material is public domain, but in order to attract
new
> authors, my boss is wanting to look into some sort of "protected" format.
> (Which cannot be displayed after a certain amount of time, and I guess
> encrypted to prevent copying too)
>
> 1) Is this practical? I would assume that this would require a speical
> software viewer? (which he would want me to program myself). This would
> make it a platform-specific item, too, I would assume. Currently books
are
> in PDF format, which just about anybody can view.
>
> 2) Is it possible? I'm from the school of "If it can be viewed, it can be
> copied!" And as for the file "expirint" (not viewable, say, after 30
> days)... You've got me!
>
> 3) Would anybody in their right mind even attempt such a project at $8 /
> hour?!? (boy, I need a new job!)
>
> TIA for any comments, suggestions, etc...
> (CC my E-mail if at all possible)
>
> -WD
>
> _____________________________________________________________________
> Need More Help?
> Check out the Abika Experts section at
> http://www.Abika.com
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy.anon-server,alt.security.pgp
Subject: Re: Question about recommended keysizes (768 bit RSA)
Date: Tue, 6 Jun 2000 09:29:47 -0600
In article <8hiv0a$v21$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> > You've got two possibilities: you can compare high-end machines then
> > to high-end machines now, or you can compare low-end machines then to
> > low-end machines now. You can NOT, however, get anything approaching
> > meaningful results by comparing a high-end machine then to a low-end
> > machine now (or vice versa).
>
> The VAX was NOT a "high-end" machine in 1977. It simply happened to
> be the first 32 bit machine built by DEC.
Comparatively speaking, yes, it was a high-end machine. It wasn't
the fastest machine on earth by any means, but then an AlphaServer
isn't now either. The two DO occuply roughly congruent spots though
-- each is intended for use by dozens people at a time. Neither is
anywhere close to the fastest machine on earth, but both are intended
for use by considerably more than one person at a time as well.
> You want a "high-end" machine in 1977? Try the CDC-6600.
Bob, I hate to point it out, but your knowledge of the history of
computing seems badly defective. The CDC-6600 was basically obsolete
in 1977. It had been replaced by the 7600 long since. CDC had
started work on the 8600, but Seymour Cray broke away from CDC before
it was finished, and built the Cray-1 instead (though it's open to
question how much of this was "built instead" and how much was just
giving the design a different name). This was also available by
1977.
It was NOT, however, in anything close to the same position as an
AlphaServer is today -- it was absolutely the fastest and most
expensive computer on earth at the time. A rougly comparable
machine today would be something like one of the ASCI machines.
You can ultimately choose any of these levels, and you still get a
similar result. A line (or curve, depending on whether you use a
linear or logarithmic scale) that projects into the future at a
reasonably accurate rate. The position of the line/curve will change
depending on what level of machine you choose to compare, but the
growth rate will be roughly similar across the board.
If, OTOH, you compare a 1977 Cray-1 to a 2000 Palm Pilot, you can
prove that computers today are substantially slower than they were in
1977. If you choose to compare an Intel 8080 to an ASCI machine, you
can prove that growth has exceeded Moore's prediction by a HUGE
margin. If you stick to comparing machines of comparable levels,
you're left with one conclusion: Moore's observation of the growth of
CPU speed has been quite accurate and applies well to overall system
speed, NOT just the speed of the CPU core itself.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (Your Name)
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,alt.privacy
Subject: Re: Concerning UK publishes "impossible" decryption law
Date: Tue, 06 Jun 2000 15:39:09 GMT
On Mon, 5 Jun 2000 12:45:21 -0600, Jerry Coffin <[EMAIL PROTECTED]>
wrote:
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>says...
>
>[ ... ]
>
>> Some time ago, a 129 bit RSA key (asymmetric) was cracked by
>> brute force. Maybe it is this fact that is being referenced.
>
>I think there's still some confusion here -- I'd guess you meant to
>refer to an RSA key of 129 decimal digits rather than one of 129
>bits.
You are right. Thanks for the correction.
I may be wrong again, but I seem to recall that the 129 decimal digit
(429 bits) was supposed to take at least 40,000 years to factor.
Rich Eramian aka freeman at shore dot net
------------------------------
Date: Tue, 06 Jun 2000 17:38:56 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Favorite Cipher Contest Entry
tomstd wrote:
>
> In article <[EMAIL PROTECTED]>, Runu Knips
> <[EMAIL PROTECTED]> wrote:
> >[EMAIL PROTECTED] wrote:
> >> I was reviewing the ciphers in the cipher contest and listing
> them in
> >> favorite order. [...] What are other peoples favorites?
> >
> >I agree that Storin had the nicest structure of all ciphers
> yet, I
> >especially liked the nifty 'x ^= x >> 12' in it.
> >
> >
>
> Why?
Because I first looked at it and thought:
WHAT THE HELL IS THAT ???
;-)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
