Cryptography-Digest Digest #28, Volume #12 Wed, 14 Jun 00 17:13:00 EDT
Contents:
Re: GeekPress: Will Cyber Criminals Run the World? (zapzing)
Re: Cipher design a fading field? (Tim Tyler)
Re: Cipher design a fading field? (Tim Tyler)
Re: Cryptographic voting ([EMAIL PROTECTED])
Re: Finding prime numbers (Simon Johnson)
Generating Keys for 3DES on the fly... ("Rich Beaudry")
Re: Digits of pi in Twofish (Ed Kubaitis)
Re: On using compression as proper means of encryption
([EMAIL PROTECTED])
Re: Why the golden ratio? ("Douglas A. Gwyn")
Re: Cipher design a fading field? ("Douglas A. Gwyn")
Re: Onefish (Twofishes sibbling) (Dan Day)
Re: Generating Keys for 3DES on the fly... (Anton Stiglic)
Re: Good ways to test. ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: zapzing <[EMAIL PROTECTED]>
Subject: Re: GeekPress: Will Cyber Criminals Run the World?
Date: Wed, 14 Jun 2000 19:35:55 GMT
In article <q4u15.2786$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> The article below was posted to GeekPress
> (http://www.geekpress.com) earlier today. Enjoy!
>
> ************************************************************
>
> Will Cyber Criminals Run the World?
> http://www.time.com/time/magazine/articles/0,3266,47159,00.html
>
> Summary:
> Science fiction writer Bruce Sterling argues that the sort
> of "cryptoanarchy" advocated by cypherpunks such as Tim May
> is unviable. He faults both the cypherpunks and the
> federal government for portraying cryptography as a more
> powerful tool (for good or evil, depending on one's POV)
> than it really is.
>
> Commentary:
> An interesting counterpoint to the ideas in Tim May's
> Cyphernomicon
> (http://www.oberlin.edu/~brchkind/cyphernomicon/cyphernomic
> on.contents.html).
Has this page been moved? I couldn't access it.
>
> Post your comments on GeekPress:
>
http://www.geekpress.com/cgi-bin/comments/read.pl?id=13-6-2000-8-15-33&d
atetime=Tue+Jun+13+08:15:33+2000+PDT
>
> ************************************************************
>
> More great tech news stories are available on GeekPress
> at http://www.geekpress.com throughout each day!
>
> ************************************************************
>
> Recent Stories:
> -=- Livermore simulates explosion at quantum level
>
http://www.geekpress.com/cgi-bin/comments/read.pl?id=13-6-2000-9-28-55&d
atetime=Tue+Jun+13+09:28:55+2000+PDT
>
> -=- Navy sends 250 sensitive e-mails to schoolgirl
>
http://www.geekpress.com/cgi-bin/comments/read.pl?id=13-6-2000-8-31-59&d
atetime=Tue+Jun+13+08:31:59+2000+PDT
>
> -=- Trappin' Your Cheatin' Heart
>
http://www.geekpress.com/cgi-bin/comments/read.pl?id=13-6-2000-7-46-03&d
atetime=Tue+Jun+13+07:46:03+2000+PDT
>
> -=- Systems of the Future
>
http://www.geekpress.com/cgi-bin/comments/read.pl?id=13-6-2000-0-29-54&d
atetime=Tue+Jun+13+00:29:54+2000+PDT
>
> -=- Why Free Net Phone Calls Keep Telcos Up At Night
>
http://www.geekpress.com/cgi-bin/comments/read.pl?id=12-6-2000-23-45-09&;
datetime=Mon+Jun+12+23:45:09+2000+PDT
>
> -=- Transmeta to hit 1 GHz by year-end
>
http://www.geekpress.com/cgi-bin/comments/read.pl?id=12-6-2000-21-48-07&;
datetime=Mon+Jun+12+21:48:07+2000+PDT
>
> ************************************************************
>
> -- Diana Hsieh
> GeekPress, Tech News Sifted and Summarized
> http://www.geekpress.com
>
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Cipher design a fading field?
Reply-To: [EMAIL PROTECTED]
Date: Wed, 14 Jun 2000 19:23:30 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
:> : Actually the programs involved don't have to be very large.
:> : Chaitin has a rather small one for his specialized version of LISP.
:>
:> They *have* to be potentially unboundedly large for the halting problem to
:> exist.
: Nope.
They **have** to be potentially unboundedly large for the halting problem
to exist.
:> If the size of the program is constrained, a halting determination program
:> could be written which enumerates all programs of that size or shorter and
:> lists whether they halt or not.
: It "lists" them how?
In a list. Program on the left. "Halts" or "Doesn't halt" on the right.
I suspect you are asking *how* that list is compiled - with the implication
that there's may be no finite method of compiling the list?
This is irrelevant - a program exists which specifies which program
halts, and which does not.
If I don't know what that program happens to be that is not relevant to
the truth or falsity of the halting problem for that set.
The halting problem relates to the *existence* of such a program - not
whether I can locate it by finite means. It states that no such program
can possibly exist. If such a program exists, there's a program that
solves the halting problem for that finite set of programs. In the set of
programs under consideration, such a program demonstrably exists -
therefore the halting problem for this set does not exist. QED.
:> I cannot myself envisage a proof of security for a cypher system.
:> This personal incredulity is by no means conclusive evidence - but
:> I am pretty certain that no such proof currently exists for any cypher
:> system, at least without making use of un-physical assumptions.
: That is an argument from ignorance (no insult intended), which doesn't
: prove anything.
I said my "personal incredulity" is not conclusive. Neither is the fact
that decades of academic reaearch do not appear to have produced a proof.
I don't *have* a /conclusive/ demonstration that security proofs are not
on the cards. Indeed, I doubt such a conclusive demonstration exists.
Instead, I'm attempting to explain why I hold the views I do.
:> The basic problem is that it is not possible to realistically place bounds
:> on the capabilities of our opponents.
: Sure it is. It is fairly safe to assume that they are constrained by
: the laws of physics, by the principles of information theory, etc.
It might be if we actually knew what these laws were. In fact, we don't
know what the laws of physics are - and the "laws" of information theory
seem to place distressingly few bounds on what opponents might be able to
do.
The Arthur C. Clarke quote comes to mind: "any sufficiently advanced
technology is indistinguishable from magic". If our opponent can
read our mind - or travel back in time to the space-time location where
our message was composed, frankly, we're stuffed. These things may -
in fact - be possible.
:> We can be pretty sure that they can't violate the laws of physics -
:> but we are also pretty certain that we do not know what the laws of
:> physics actually are ...
: That is the argument from skepticism, which is worthless.
IYO. In fact we *are* pretty certain that we do not know what the
ultimate laws of physics actually are. This isn't scepticism - it's
the plain truth.
: In fact we know a *lot* about the physical principles involved with the
: way the world operates, even if there is not a single unifying theory that
: satisfactorily interrelates everything we know.
All this knowledge is open to doubt - indeed our entire world-view may be
being manipulated by our opponents.
The idea that we know most of the laws of physics and all that remains is
to dot some is and cross some ts has been held by people in all ages.
So far, it has always been wrong.
New discoveries /may/ be likely to relate to very small or very large
phenomena - but they have the potential to totally turn our technological
world upside down, and make previously impossible things realistic.
Quantum physics led to the atom bomb, and to the computer. Further
discoveries may have equally far-reachin implications for the capabilities
of our opponents.
:> Assuming that your opponents have a particular weakness is unlikely to
:> convince the sceptic.
: Skepticism is inherently a philosophical dead end.
IYO. No doubt folks on sci.sceptic would not agree with you.
Scepticism is a healthy antidote to blind faith. Many find sceptcism
to be the only sane way to look at the world.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Breast is best.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Cipher design a fading field?
Reply-To: [EMAIL PROTECTED]
Date: Wed, 14 Jun 2000 19:28:12 GMT
John Savard <[EMAIL PROTECTED]> wrote:
: On Tue, 13 Jun 2000 21:21:52 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote, in part:
:>Tim Tyler wrote:
:>> If the size of the program is constrained, a halting determination program
:>> could be written which enumerates all programs of that size or shorter and
:>> lists whether they halt or not.
:>It "lists" them how?
: Well, if the size of the RAM available to a program is limited, not
: just the size of the program itself, then a program with N bits of
: storage available to it can have only 2^N distinct states. Hence, if
: it doesn't halt after 2^N instructions, it is proven that it will
: never halt.
I think for the halting problem we normally consider the program to be
being executed on a Turing machine - with an unbounded quantity of
information storage available. Consequently this way out is not available.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Cryptographic voting
Crossposted-To: sci.math
Date: 14 Jun 2000 16:02:38 -0400
Back to crypto voting, I'm going to point out something that is a slight
variation of what has been discussed.
When you register to vote, which, at least in Florida you must do
in person, you could be issued a key pair. They would fill out
the registration card on paper. You would then go over to a computer
and get your random key pair, the public key key would be registered
by the computer as "in use" but your name would not be attached, although
a "registered to voter 193687" could be also issued, with the 193687
just being a number that has no links to a specific individual.
When it came time to vote you would encrypt with your private key
and send it in, the voting list could then be published on the
net and you could verify your vote is what you voted.
The real problem with digital voting is the domineering spouse
scenario. You can never be sure that the person is voting free
of coercion, their spouse could be looking over their shoulder
telling them how to vote or could even be doing the voting for
them.
Now, obviously this isn't going to work in California, but most
of the rest of the country doesn't support voting fraud and it
should work there.
Roger Books
=====================================================================
| Unix sysadmin for food, LF photography and miniatures |
| wargames for fun. [EMAIL PROTECTED], http://www.jumpspace.net |
=====================================================================
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Finding prime numbers
Date: Wed, 14 Jun 2000 20:11:58 GMT
In article <[EMAIL PROTECTED]>,
tomstd <[EMAIL PROTECTED]> wrote:
> In article <8i556b$o83$[EMAIL PROTECTED]>, Bob Silverman <bobs@my-
> deja.com> wrote:
> >In article <[EMAIL PROTECTED]>,
> > tomstd <[EMAIL PROTECTED]> wrote:
> >> In article <8i3v16$uo4$[EMAIL PROTECTED]>, AllanW <allan_w@my-
> >> deja.com> wrote:
> >
> ><snip>
> >
> >> >Is that right?
> >>
> >> Yes, if you can find primes in linear time then you should be
> >> able to factor much quicker, espescially RSA style naturals.
> >>
> >> I don't have a proof for that, but I am just guessing it's
> true.
> >
> >
> >Oh?
> >
> >I suggest you stop guessing and start doing some analysis.
> >Please explain the "reasoning" behind your guess.
> >
> >>
> >> However, it's been proven that finding primes can't be done
> with
> >> some deterministic polynomial (I think, again I am more then
> >> likely wrong).
> >
> >If you believe that you are wrong, then why do you post?
> >Your assertion is gibberish. It "isn't even wrong", because it
> is
> >a total misstatement of what is known. For it to be wrong, your
> >statement would have to make some sense. And it doesn't.
> >The term "deterministic polynomial" is pure gibberish.
> >
> >
>
> Whoa boy, down. I have already stated my credentials in the
> area (which are lame-high-school-education-no-teach-math-worth-
> crap). I was just responding to insane "gibberish" with
> insane "gibberish".
>
> Ok your right I should not have posted, but what are you gonna
> do about it? Start World War 3?
>
> Tom
I think you're Right.
Someone proved, here, that a polynomial couldn't exist such that f(x)
= x'th prime. I think the same proof could be adapted to this problem.
>
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion
Network *
> The fastest and easiest way to search and participate in Usenet -
Free!
>
>
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Rich Beaudry" <[EMAIL PROTECTED]>
Subject: Generating Keys for 3DES on the fly...
Date: Wed, 14 Jun 2000 15:27:34 -0400
Hello,
My company has a product that requires user logon. The username/password is
stored in a database (in cleartext ... please don't laugh!).
I am currently programming a custom utility to encrypt the passwords (and
obviously I will be modifying the login code as well) using 3DES. I would
like to generate the 3DES keys (I'll be using 3 separate keys) on the fly.
I have access to an SHA library as well, so my thought was:
1) use SHA on 3 streams to get three different hash codes. Obviously I need
to use 3 plaintexts that will not change...
2) use pieces of the hash codes as keys to 3DES (SHA generates a 160 bit
hash, but I don't need all 160 bits for a 3DES key).
As you can tell by now, I am a COMPLETE newbie to encryption, and you're
probably wondering why my company chose me :-) (so am I...)
Does this sound like a viable way to generate keys on the fly? I don't want
to just statically store the keys, either in the database (duh) or in code
(as someone w/ a decent decompiler could find them). If I generate them
this way, will that somehow dilute the encryption of 3DES?
I could probably just SHA the passwords, and store that, but I am required
to use 3DES for the final encryption (don't ask...)
Also, please don't tell me there are better algorithms than SHA and 3DES.
I'm sure there are, but I'm stuck with these...
And while I have your attention, the vendor of the encryption libraries
touts them as certified by NIST to be "cryptographically correct". That
impressed my boss, but does it impress you?
Thanks,
Rich B.
------------------------------
From: Ed Kubaitis <[EMAIL PROTECTED]>
Subject: Re: Digits of pi in Twofish
Date: Wed, 14 Jun 2000 15:19:39 -0500
[EMAIL PROTECTED] wrote:
>
> In article <[EMAIL PROTECTED]>, Terry Ritter <[EMAIL PROTECTED]> wrote:
> >can easily imagine testing a whole raft of mathematical constants to
> >find one with particular weakness properties, and then selecting that
> >constant for the cipher. But that could never happen, could it?
>
> Well, it'd sure be surprising if the digits of pi happened to have the
> required weakness properties, wouldn't it?
"Surprising" seems like an enormous understatement to me. Carl Sagan
considered something like this in "Contact" (novel, not movie.)
SPOILER WARNING: For details go to http://www.google.com/ and search
for "pi message sagan".
==========================
Ed Kubaitis ([EMAIL PROTECTED])
CCSO - University of Illinois at Urbana-Champaign
> --
> Matthew Skala, "the modern CEO's worst nightmare" (Macleans, 2000-04-10)
> My Internet doesn't include channels, commercials, or the V-chip.
> http://www.islandnet.com/~mskala/ [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: On using compression as proper means of encryption
Date: Wed, 14 Jun 2000 20:54:07 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Use a PRNG (crypto strength unessential) with a key as
> seed to generate a sequence of symbols (length of sequence
> determined by PRNG) to initialize an adaptive Huffman
> compression algorithm, taking care that all symbols of the
> plaintext alphabet are input at least once. The output in
M.K., I like the initial idea. However, there is a question I have...
How does the receiver know the Huffman table? I *think* the table is
sent with the data in most applications, and unless a fixed table is
used (ie, fixed for that application, not adaptive on input data) then
the table needs to be sent along as well. Would you simply send the
table over encrypted with some other form (PK, symmetric)? At that
point, why not just send the regular table over encrypted with PK or
symmetric?
I gotta say, I like the initial idea. :)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Why the golden ratio?
Date: Wed, 14 Jun 2000 21:00:54 GMT
Runu Knips wrote:
> AFAIK there is a simple equotation of pi, e, the golden
> number, and 1 ...
Not a nontrivial one.
As others have pointed out, pi, e, i, 1, and 0 along with the
operators =, +, * (multiply), and ^ (exponentiate) enter into
a single nontrivial relationship: e^(i*pi)+1=0 which is surely
memorable. However, the golden ratio "phi" is not involved.
One can, of course, combine any number of unrelated quantities
into a single equation, but that means nothing. Feynman once
showed how all known laws of physics could be trivially
"unified": Take the i-th basic real-valued equation, e.g.
E=m*c^2, and rewrite it with 0 on one side: E-m*c^2=0. Call
the left side the "unworldiness" of that equation: Ui. Then
the "unified" theory is: the sum over i of all Ui^2 = 0. That
single equation contains all the known laws of physics..
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Cipher design a fading field?
Date: Wed, 14 Jun 2000 21:03:21 GMT
Tim Tyler wrote:
> I think for the halting problem we normally consider the program to be
> being executed on a Turing machine - with an unbounded quantity of
> information storage available.
Or some equivalent formulation.
Indeed, there are numerous examples of small programs for which we
do not know whether or not they will halt. One cannot count on
determining this by executing the program.
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Subject: Re: Onefish (Twofishes sibbling)
Date: Wed, 14 Jun 2000 21:04:47 GMT
On Sun, 11 Jun 2000 09:13:00 -0700, tomstd <[EMAIL PROTECTED]>
wrote:
>Just for fun I designed Onefish, it's a 64-bit block cipher
>using some design components from RC5 and Twofish.
Okay, how long until Redfish and Bluefish come along?
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Generating Keys for 3DES on the fly...
Date: Wed, 14 Jun 2000 17:07:11 -0400
Rich Beaudry wrote:
>
> Hello,
>
> My company has a product that requires user logon. The username/password is
> stored in a database (in cleartext ... please don't laugh!).
>
> I am currently programming a custom utility to encrypt the passwords (and
> obviously I will be modifying the login code as well) using 3DES. I would
> like to generate the 3DES keys (I'll be using 3 separate keys) on the fly.
>
> I have access to an SHA library as well, so my thought was:
>
> 1) use SHA on 3 streams to get three different hash codes. Obviously I need
> to use 3 plaintexts that will not change...
What do you mean by 3 streams? 3 different password entries? Users
wouldn't
like that much. Sha-1 produces a 160-bit output, just take that output
and
split it in 3, you can extract your 3 DES keys from that (each 3DES key
is 56
bit, 8 bits are usually used as a checksum).
Be careful, don't do something like
K1 = first 56 bits of H(password),
K2 = first 56 bits of H(K1),
K3 = first 56 bits of H(K2)
for in that case K1, K2 and K3 are no longer independent keys (if you
know K1, you
can compute K2 and K3).
> 2) use pieces of the hash codes as keys to 3DES (SHA generates a 160 bit
> hash, but I don't need all 160 bits for a 3DES key).
To get strong keys, you can do password stretching, as described in
http://www.cs.berkeley.edu/~daw/papers/keystretch.ps
Essentially, it just consist of hashing, iteratively, the initial
secret,
n times, where n is large enough so that a brute force attack will take
a long time. Take the final output of the hash, split it in 3, and
extract
the keys.
Anton
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Good ways to test.
Date: Wed, 14 Jun 2000 21:06:57 GMT
John wrote:
> I am confused here. I have read many messages about secure
> encryption systems. I find basically this:
> 1. A system can pass tests, but may not be secure.
> 2. A system can fail tests, but may be secure.
> I think I am missing something. Why would we test, if the info.
> is not going to help us?
If the result is not going to be helpful, then indeed you're
wasting your time to run the test. The key is to know what
you're doing and to test some *relevant* hypothesis, not just
some arbitrary hypothesis (that may have relevance for other
applications). Many standard tests are of some statistical
property which might not be relevant to cryptographic
security.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
