Cryptography-Digest Digest #111, Volume #12 Mon, 26 Jun 00 16:13:01 EDT
Contents:
Re: Quantum computing (Bill Unruh)
Re: Encryption on missing hard-drives ("CrakMan")
Re: Compression and known plaintext in brute force analysis (restatements caused by
the missing info .... thread) (Darren New)
Re: Idea or 3DES (Arturo)
Re: Des breaking service ? (Arturo)
Re: Variability of chaining modes of block ciphers (Mok-Kong Shen)
Re: Variability of chaining modes of block ciphers (Mok-Kong Shen)
Re: Surrendering Keys, I think not. ("Douglas A. Gwyn")
Re: Compression & Encryption in FISHYLAND ("Douglas A. Gwyn")
SV: Des breaking service ? ("Erik Olssen")
Re: RPK (Doug Kuhlman)
SV: DES Weakness ? ("Erik Olssen")
Re: Algo's with no easy attacks? (wtshaw)
Re: TEA question ("Adam Durana")
Re: Surrendering Keys, I think not. ("Tony T. Warnock")
Re: Des breaking service ? ("Douglas A. Gwyn")
Re: Key agreement in GSM phones (Paul Schlyter)
Re: Surrendering Keys, I think not. (Simon Johnson)
Re: SV: DES Weakness ? (Bill Unruh)
I need a help for the Golic tradeoff (Tome')
Re: Encryption on missing hard-drives (Mike Andrews)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Quantum computing
Date: 26 Jun 2000 17:51:48 GMT
In <8j79c8$2r08r$[EMAIL PROTECTED]> [EMAIL PROTECTED] (Rob Warnock) writes:
]Doug is probably thinking of classical error correction, where the *channel*
]error rate can be arbitrarily close to 50% and still get arbitrarily good
]reliability... as long as you have enough redundancy (that is, your code
]rate or "good-put" is low enough). Even with only moderately-heavy redundancy,
]channel error rates of (say) ~40% are "no problem" (e.g., some codes used
]in space probes can tolerate *less* than 0 dB signal-to-noise!).
]But in classical error correction, *only* the channel itself is presumed
]to be subject to error. The encoder & decoder elements -- and the arithmetic
]done in them -- are themselves presumed to be error-free.
]So I'm guessing that what Bill sees as the problem is that in a quantum
]computer if you assume "noisy" qubits you must also assume that *all*
]parts of the error correction system are equally noisy, since to preserve
]superposition your error-correction arithmetic must itself also be a
]quantum computation.
]That vastly complicates things, and while I don't know myself that the
]threshold of usability is as bad as 1e-4 (what's that in terms of Eb/N0,
]about +9dB or so? -- I don't have my tables handy), I'm sure that it's
]*way* worse than the -1.6dB of the Shannon Limit for a classical binary
]symmetric channel.
Yes, the problem is that error correction in the quantum system is very
expensive. To correct errors requires that each logical operation has to
be encoded in something on the order of 10^3-10^4 physical operations
(work is still going on trying to figure out how to do this in the least
number of operations.) Each of those operations must also be error
corrected, and thus in that 10^4 opertions one must make sure that one
has not introduced more errors than one is trying to correct. This means
that one needs a probablility of less than 10^-4 or error on each error
correcting step to ensure that you do not introduce more errors by error
correcting than you had to start out with. This huge magnification of
logical to physical steps under error correction is one of the biggest
problems with quantum error correction.(together with the blowup of
physical bits for logical bits-- at the very best this is a 5 fold
blowup, and more likely 7 or 9 fold). It, to have one error corrected
bit operation, one needs 7 physical bits and needs to carry out
something like 10^3-10^4 operations to do one true logical operation.
This is a HUGE overhead.
------------------------------
From: "CrakMan" <[EMAIL PROTECTED]>
Subject: Re: Encryption on missing hard-drives
Date: Mon, 26 Jun 2000 11:00:36 -0700
So you are a bad speller, but a good spiller. Man, they must have been
pissed...
My bullfrog would often speak the truth, but I never understood a single
word he said (...but he always had some mighty fine wine...)
Joy to the world...
Duuuuude...these are good 'shrooms man...
SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (David A Molnar) wrote in
> <8itjho$i3$[EMAIL PROTECTED]>:
>
> >Guy Macon <[EMAIL PROTECTED]> wrote:
> >> You are missing the cultural differences. These aren't employees of a
> >> high tech firm. Thjese are scientists with a core belief that keeping
> >> secrets is silly, futile, moronic, and a big game that they win
whenever
> >> they circumvent the military security procedures.
> >
> >Where did this come from? Do you know that the members of NEST hold this
> >belief, are you extrapolating from your experience with other Los Alamos
> >scientists,are you extrapolating from other scientists you know, or what?
> >
> >
>
> The individual that you quoted is most likely correct. Scientists
> are treated like shit in the DOD. I becase of my nature was frequently
> choosen by management to take the "PEE TESTS" but because of the
> long drive to where you had to pee many times important tests or meetings
> or the running of my code (which many of my peers had trouble following)
> cost the government large sums of tax dollars due to the large
> unscheduled delays.
> What was so insulting was that management with there acces to more highly
> classifed documents seldom if ever took such tests. I now of individuals
> belonging to the correct religiuos groups that were never "PEE TESTED" yet
> when you go to PEE they say everything is random. FUCKIN BULL SHIT. I
> offered to write software that would pick people at random and weight
> such that those who where never picked would get picked and that your
> chances of getting picked go up as a function of time since last pick
> and as a function of your access to secrets. GUESS what they don;t give
> a fuck.
> I think one reason that most scientists are treated like shit is
> becasue many science orientated people are those seeking the truth
> while manager types are more into controlling and distorting the truth
> so they tend not to like the scienve type.
> Most scientists types are not stupid they know the POLYGRAPH shit is
> a joke. It works best on idiots that break down during an enteragation
> yet the media as part of american dummying down makes it sound as if
> it can get to the truth.
> One thing that stands out in the PEE test that was so stupid was
> all the forms you had to sign and the bottle you had to pour you PEE
> in was all in indivual sealed plastic bags opened under you eyes. THen
> they give you a cup off of an open stack of cups and have you pee in it
> first so they can pour it in the bottle. I complianed he could have
> put drugs in this open stack of cups. IT just makes them angry. IT
> also amde them angry that I get so nervous peeing in the cup that I
> usually fillit all up and spill pee all over my hands the cup and floor.
> They hate that. But what can I do I get nervous when forced to PEE
> for uncle so much more than most. THe up side is at least upper
> management gives you a phone call and says why give the pee assitant
> so much trouble he is only following orders.
>
> David A. Scott
> --
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
> http://www.jim.com/jamesd/Kong/scott19u.zip
> Scott famous encryption website NOT FOR WIMPS **no JavaScript allowed**
> http://members.xoom.com/ecil/index.htm
> Scott rejected paper for the ACM
> http://members.xoom.com/ecil/dspaper.htm
> Scott famous Compression Page WIMPS allowed ** JavaScript OK**
> http://members.xoom.com/ecil/compress.htm
> **NOTE EMAIL address is for SPAMERS***
> I leave you with this final thought from President Bill Clinton:
> "The road to tyranny, we must never forget, begins with the destruction
> of the truth."
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Compression and known plaintext in brute force analysis (restatements
caused by the missing info .... thread)
Date: Mon, 26 Jun 2000 18:00:52 GMT
zapzing wrote:
> If you still disagree, I challenge you to
> present a "compression" algorithm that will
> compress *all* files without loss of
> information.
Actually, it's theoretically impossible, assuming the input alphabet is the
same as the output alphabet. Otherwise, one could keep feeding the output
back into the input until you reached a minimum size (1 byte or whatever).
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
"You know Lewis and Clark?" "You mean Superman?"
------------------------------
From: [EMAIL PROTECTED]=NOSPAM (Arturo)
Crossposted-To: alt.security.scramdisk,comp.security.pgp.discuss
Subject: Re: Idea or 3DES
Date: Mon, 26 Jun 2000 17:39:46 GMT
On Mon, 26 Jun 2000 07:57:13 -0400, jungle <[EMAIL PROTECTED]> wrote:
>Lucks from Fast Software Encryption in 1998 explained that :
>
>- about 2^108 steps are sufficient to break triple DES ...
>- when one concentrates on the number of single DES operations & assumes the
> other operations to be much faster, 2^90 steps are sufficient ...
>
>IDEA on the other hand needs 2^128 steps ...
>
>therefore,
>- IDEA should be considered extremely more secure than triple DES ...
>- exactly, from 2^38 to 2^20 steps more secure ...
>
Roughtly the same as deciding whether to blow a mosquito with an A-bomb
or with a hydrogen bomb. Both algorithms are extremely powerful. You should
only choose between them on other grounds, say, encryption speed.
------------------------------
From: [EMAIL PROTECTED]=NOSPAM (Arturo)
Subject: Re: Des breaking service ?
Date: Mon, 26 Jun 2000 17:42:19 GMT
On Mon, 26 Jun 2000 15:02:51 +0200, "Erik Olssen" <[EMAIL PROTECTED]> wrote:
>Hi
>
>Is there any company out there who has build a des-cracking maschine and
>offers to break
>56-bit des-keys ?
>
>If anybody know of a way to do that in less than a month please reply !!!
>
>PS ok, i now it is lame questions !!!
>
The Electronic Frontiers Foundation (EFF) built one, but only for
academic purposes. I doubt you could borrow it to blow bank transactions or
similar ;-) But it has been built. IIRC, the could break a message in an
average two days. I have no knowledge of anybody else having built one
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Variability of chaining modes of block ciphers
Date: Mon, 26 Jun 2000 20:18:48 +0200
Mark Wooding wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > Scott Fluhrer wrote:
[snip]
> > You are distorting the discussion context. We are discussing the
> > possibilities to obtain some improvements upon a given cipher with
> > some chaining modes, not discussing using two or more ciphers.
>
> I think that Scott is trying to say that if you're not happy with your
> cipher's security, you're best off preprocessing with another cipher
> rather than playing with fancy chaining modes.
That's right. Hence my answer to him.
> > > You rarely get precise estimates of the computer power available to
> > > the opponent. If nothing else, opponents tend to stay around for a
> > > while, and the computer power available tends to rise unpredictably
> > > over time.
> >
> > We were discussing whether the situation I mentioned can happen at
> > all, not how frequent it can exist.
>
> I suspect that it can't exist. Indeed, I suspect that, if we know our
> adversary's capabilities that accurately, we probably don't need
> cryptography at all, because we can determine a communication channel
> which is already secure against him.
If you know the computer of the opponent, then you can calculate
the time for brute forcing. What do you mean by 'determine a
communication channel'? Could you elaborate a bit? Suppose the
messages are to be transmitted via certain public providers. What
are you going to 'determine'?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Variability of chaining modes of block ciphers
Date: Mon, 26 Jun 2000 20:19:02 +0200
Mark Wooding wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> > The method of chaining I described was implemented in my
> > algorithm WEAK3-EX. I personally don't like the common CBC,
> > since all the chaining values are known to the analyst.
>
> This doesn't matter because the cipher resists key-recovery attacks.
> The chaining mode is there to hide the block structure, *not* to provide
> resistance to cryptanalysis. Indeed, the more `unobtrusive' the
> chaining mode is to analysing the cipher the more confident we can be in
> asserting that its use doesn't weaken the underlying cipher.
I don't understand you. If you use brute force and there is a chaining
value that is unknown but that is xored to the plaintext block, what are
you going to do? Thus an unknown chaining values renders the analysis
more difficult. (Your first sentence seems unclear. Do you mean
that you already have a strong enough cipher, so that any add-ons
aren't necessary, or what?)
M. K. Shen
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Surrendering Keys, I think not.
Date: Mon, 26 Jun 2000 17:55:22 GMT
Simon Johnson wrote:
> I was wondering how they would ever be able to *prove* that this
> key is correct. Since one of the requirements for the AES is
> that the output of data encryption produces cipher-text that
> cannot be told apart from random data. If some person said the
> cipher-text was a message encrypted using an OTP, then the
> police must brute-force the underlying algorithm to prove
> otherwise.
The decryption key (which is what must be provided) would produce
putative plaintext that could readily be validated. With nearly
any decent cryptosystem, using the wrong decryption key produces
"random" noise, not a coherent plaintext, so it would be obvious.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Compression & Encryption in FISHYLAND
Date: Mon, 26 Jun 2000 18:04:18 GMT
"SCOTT19U.ZIP_GUY" wrote:
> I will go to say that most compression methods in use may be of
> help to the attacker. The main reason is that they gave the attacker
> a black and white anwser as to weather or not the guessed key leads
> to a possible solution.
That is of no help to the cryptanalyst unless a brute-force key search
is practical in the first place. It is pretty much taken for granted
in this newsgroup that it is best to avoid using a cryptosystem that
can be brute-forced with any significant likelihood of success.
The underlying redundancy in uncompressed plaintext is much more
helpful to the working cryptanalyst in practical attacks on systems;
therefore, precompression hinders cryptanalysis.
I think one reason you have formed your opinion is that some
compression schemes store a highly-redundant chunk of information
(e.g. header, dictionary) at the front of the compressed data,
which provides some (nearly) known plaintext. However, again, any
cryptosystem worth using is resistant to known-plaintext attacks,
so that is a minor concern.
------------------------------
From: "Erik Olssen" <[EMAIL PROTECTED]>
Subject: SV: Des breaking service ?
Date: Mon, 26 Jun 2000 20:28:35 +0200
Arturo <[EMAIL PROTECTED]=NOSPAM> skrev i
diskussionsgruppsmeddelandet:[EMAIL PROTECTED]
> >Is there any company out there who has build a des-cracking maschine and
> >offers to break 56-bit des-keys ?
> The Electronic Frontiers Foundation (EFF) built one, but only for
> academic purposes. I doubt you could borrow it to blow bank transactions
or
> similar ;-)
Thats a good one m8 (-;
I mearly want to now on curiousity , hhhhrrrmmm !! (-;
Regards Erik
------------------------------
From: Doug Kuhlman <[EMAIL PROTECTED]>
Subject: Re: RPK
Date: Mon, 26 Jun 2000 13:06:20 -0500
What is RPK? I've never heard of it....
------------------------------
From: "Erik Olssen" <[EMAIL PROTECTED]>
Subject: SV: DES Weakness ?
Date: Mon, 26 Jun 2000 20:40:23 +0200
>> Yes. Matsui's linear cryptanalysis can recover the key with 2^{48}
Pascal JUNOD <[EMAIL PROTECTED]> skrev i
diskussionsgruppsmeddelandet:[EMAIL PROTECTED]
>2^{43} known plaintext-ciphertext pairs are sufficient, in fact. The
>average complexity of the attack is estimated to be 2^{43} DES
>computations by Matsui, but
>it's less in reality. Ongoing research will tell more about this topic
>in very few days...
>A+
>Pascal
Sound realy intersting , please keep us posted!
A fast pc that can do more than 1^6 des computations per second!
Then that single pc should recover the key in less than 101 days ?
This would give some ppl a bad nights sleep .. (-;
Is the any software public to support known-plaintext attacks with a fast
des-core ?
Regards Erik
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Algo's with no easy attacks?
Date: Mon, 26 Jun 2000 11:51:44 -0600
In article <[EMAIL PROTECTED]>, Runu Knips <[EMAIL PROTECTED]> wrote:
> matt wrote:
> > [I want the perfect cipher]
>
> Every cipher might be attacked. A n bit message might be encrypted
> in (2**n)! ways, the m bit key you choose selects just one of these
> gigantic mass of possibilities can only be a very small fraction,
> unless 2**m ~ (2*n)! of course.
>
> And a block cipher works only with a fixed n at a time. That is the
> reason why using the block cipher without any feedback mechanism is
> a very bad idea, because if the same block appears twice or even
> more often, no matter how good the block cipher is, the result does
> always contain this structure again.
>
> The target is therefore to design ciphers in a way that the
> attacker has to collect more resources than he or she might ever
> get.
>
> I think the best thing one may do is using a secure block cipher
> such as Twofish in CBC mode.
If so many are going to pour so many resources in solving a bit-based
cipher, why not use something else, and make the ciphertext look like it
is bit-driven.
--
Some Turkeys can fly, for short distances. If you are to depend on
birds for communication, if it's with turkeys, consider the
discussions that might occur while feasting on one.
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: TEA question
Date: Mon, 26 Jun 2000 14:39:31 -0400
You don't have to use the golden number. When people choose a constant to
put into a cipher, they usually choose a well known number, such as e, pi,
or in this case the golden number. RC5 uses phi and e. Blowfish uses pi.
And I believe Serpent uses the golden number also. This is usually done to
show that the constant was not specifically chosen to create a backdoor in
the cipher. If you use a number other than the golden number in TEA, it is
no longer TEA, so keep that in mind if you choose to use some other number.
- Adam
"dexMilano" <[EMAIL PROTECTED]> wrote in message
news:8j8154$ifm$[EMAIL PROTECTED]...
> Why we have to use the golden number ...
> Why cannot we use 1569234 for example?
>
> thx
>
> dex
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Surrendering Keys, I think not.
Date: Mon, 26 Jun 2000 13:12:15 -0600
Reply-To: [EMAIL PROTECTED]
"Douglas A. Gwyn" wrote:
> Simon Johnson wrote:
> > I was wondering how they would ever be able to *prove* that this
> > key is correct. Since one of the requirements for the AES is
> > that the output of data encryption produces cipher-text that
> > cannot be told apart from random data. If some person said the
> > cipher-text was a message encrypted using an OTP, then the
> > police must brute-force the underlying algorithm to prove
> > otherwise.
>
> The decryption key (which is what must be provided) would produce
> putative plaintext that could readily be validated. With nearly
> any decent cryptosystem, using the wrong decryption key produces
> "random" noise, not a coherent plaintext, so it would be obvious.
So, take a dozen (or 12**12 even) plaintexts; XOR (or equivalent) them
together; XOR with a one time pad. Then there are 12 "keys" which
decrypt into 12 different messages.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Des breaking service ?
Date: Mon, 26 Jun 2000 18:52:08 GMT
Arturo wrote:
> The Electronic Frontiers Foundation (EFF) built one, but only for
> academic purposes. I doubt you could borrow it to blow bank transactions or
> similar ;-) But it has been built.
It is described in a book, which I'm sure you could find if you know
how to look things up on the Web. I doubt you could build one in one
week, unless you already had prepared things.
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Key agreement in GSM phones
Date: 26 Jun 2000 19:16:36 +0200
In article <[EMAIL PROTECTED]>, Gerard Tel <[EMAIL PROTECTED]> wrote:
> Two questions on GSM protection, left after reading Biryukov/Shamir/
> Wagner's account on breaking the A5/1 stream cipher:
>
> 1. What protocol is used by the two parties to agree on the
> 64 bit keys used?
A random number generated at the base station. It's encrypted by
A3, transmitted to the mobile phone, where it's decrypted by A3
then encrypted by A8. This becomes the session key for the A5
encryption.
> 2. Is the encryption used ONLY on the ether link (between base and
> mobile) or is the data also encrypted during transportation over
> the fiber network?
The A5 encryption is only used on the air.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Surrendering Keys, I think not.
Date: Mon, 26 Jun 2000 19:19:51 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> Simon Johnson wrote:
> > I was wondering how they would ever be able to *prove* that this
> > key is correct. Since one of the requirements for the AES is
> > that the output of data encryption produces cipher-text that
> > cannot be told apart from random data. If some person said the
> > cipher-text was a message encrypted using an OTP, then the
> > police must brute-force the underlying algorithm to prove
> > otherwise.
>
> The decryption key (which is what must be provided) would produce
> putative plaintext that could readily be validated. With nearly
> any decent cryptosystem, using the wrong decryption key produces
> "random" noise, not a coherent plaintext, so it would be obvious.
U're missing my point entirely......
To point this out:
Prerequisties:
A 'Good' encryption algorithm and a key, E_k().
A Real piece of plain-text, T_0
A Piece of non-incriminating plain-text, T_1
Method:
C=E_k(T_0)
Dummy-Key = C XOR T_1
The officials can't prove it isn't a one time pad, so they are forced
to recover using the plain-text using the dummy key provided:
T_1 = C XOR Dummy-Key.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: SV: DES Weakness ?
Date: 26 Jun 2000 19:34:27 GMT
In <moN55.7326$[EMAIL PROTECTED]> "Erik Olssen" <[EMAIL PROTECTED]>
writes:
]>> Yes. Matsui's linear cryptanalysis can recover the key with 2^{48}
]Pascal JUNOD <[EMAIL PROTECTED]> skrev i
]diskussionsgruppsmeddelandet:[EMAIL PROTECTED]
]>2^{43} known plaintext-ciphertext pairs are sufficient, in fact. The
]>average complexity of the attack is estimated to be 2^{43} DES
]>computations by Matsui, but
]>it's less in reality. Ongoing research will tell more about this topic
]>in very few days...
]>A+
]>Pascal
]Sound realy intersting , please keep us posted!
]A fast pc that can do more than 1^6 des computations per second!
]Then that single pc should recover the key in less than 101 days ?
Well, It is even easier since you could just look into the PC's memory
and read off the key.
Remember that known plaintext means that you have to have some way of
feeding the des encryptor a bunch (2^43 bytes) of plaintext and have it
encrypt all these for you without the key ( and the encryption engine)
being accessible to you ( since otherwise you could just read off the
key-- a far far more efficient attack). Ie, it would have to be a smart
card or something which would allow you to encrypt 2^43 random bits of
text rapidly for you. Clearly this is a weakness in DES, but it is not
one that can be easily used usually.
------------------------------
From: [EMAIL PROTECTED] (Tome')
Subject: I need a help for the Golic tradeoff
Date: Mon, 26 Jun 2000 19:33:17 GMT
I'm studing "Cryptanalysis of alleged A5 Stream Cipher" Jovan Dj.
Golic, http://jya.com/a5-hack.htm
I don't understand how compute the
Prob{Z=0}=3/8
Prob{Z=1}=13/32
Prob{Z=2}=3/32
Prob{Z=3}= idem
Prob{Z=4}=1/32
after the "Proposition 4"
I make a table like this
S(t-1)
S(t) C(t-1)
given S(t) i guess all the C(t-1) such that
S(t-1) , C(t-1) ------> S(t)
and obtain
000 001 010 011 100 101 110 111
000 {1,2,3} no no {1,2} no {1,3} {2,3} {1,2,3}
001 {1,2,3} {2,3} no {1,2} no {1,3} no {1,2,3}
010 {1,2,3} no {1,3} {1,2} no no {2,3} {1,2,3}
011 {1,2,3} {2,3} {1,3} {1,2} no no no {1,2,3}
100 {1,2,3} no no no {1,2} {1,3} {2,3} {1,2,3}
101 {1,2,3} {2,3} no no {1,2} {1,3} no {1,2,3}
110 {1,2,3} no {1,3} no {1,2} no {2,3} {1,2,3}
111 {1,2,3} {2,3} {1,3} no {1,2} no no {1,2,3}
In other terms how can in practice i invert the majority function ?
thanks
Tome'
------------------------------
From: [EMAIL PROTECTED] (Mike Andrews)
Subject: Re: Encryption on missing hard-drives
Date: Mon, 26 Jun 2000 19:43:37 GMT
Scripsit CrakMan <[EMAIL PROTECTED]>:
: Absolutely correct.
: For a really entertaining exposition of this attitude I highly recommend
: reading a book called "Surely You're Joking Mr. Feynman" by the eponymous
: author.
: If you have ever worked with worked in a highly secure environment, you will
: find this one to be a real knee slapper. It relates various stories of the
: Nobel prize winner's encounters with the dark forces of security and other
: hilarious events including Feynman's antics while breaking the combination
: locks on safes holding classified information. In one episode, Feynman
: breaks into a super secret vault and leaves notes to the security people
: proving that he gained access in spite of their best efforts to keep him
: out.
The more so in Feynman's case because they _really_ needed his talent
and ability.
When I was in the military, there was an ongoing battle between
the "information wants to be free" party (mostly scientists) and
the "classify sex and the wheel" party (mostly high-ranking officers).
It was old then, and probably will continue long after we all are
complaining about there being nothing but harp music -- or, in my
case, about the heat and neighbors.
: A warning...if you start reading this book, you won't put it down until
: every last page has been savored. :--))
Absolutely true. It's a page-turner. I'm surprised the military didn't
suppress it and turn it into a page-burner.
: The attitude expressed in this book is the nightmare scenario for anyone
: charged with maintaining a secure environment.
Also absolutely true. Maintenance of a secure environment requires
that the guardians be _at_ _least_ as smart as the folks whose
secrets they guard; at Los Alamos, that pretty much by definition
could not be the case.
Oh, look! The sigmonster's on-topic _again_! _Smart_ sigmonster.
--
Censorship sucks^H^H^H^H^H is for your own good.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
