Cryptography-Digest Digest #138, Volume #12 Thu, 29 Jun 00 19:13:01 EDT
Contents:
Re: very large primes (Mok-Kong Shen)
Re: Quantum computing (Anton Stiglic)
Re: Compression & Encryption in FISHYLAND (SCOTT19U.ZIP_GUY)
Re: AOL & InterTrust (Mok-Kong Shen)
Re: Try it. (None)
Blowfish for signatures? (Thierry Nouspikel)
Re: sliding window exp.:CLNW vs. VLNW (Anton Stiglic)
Re: very large primes ("Dann Corbit")
Re: Thoughts on "Cracking" of Genetic Code (Mok-Kong Shen)
Re: very large primes ("Dann Corbit")
Re: very large primes (Mike Andrews)
Re: Yardley: Codebreaking or Torture (Paul Rubin)
Re: Remark on practical predictability of sequences (David A Molnar)
Re: Dynamical Cryptography algorithm (Sylvain Martinez)
Re: Observer 4/6/2000: "Your privacy ends here" (Simon Elliott)
Re: Blowfish for signatures? (Noam E. Kirly)
Re: sliding window exp.:CLNW vs. VLNW (Eric Young)
Re: Remark on practical predictability of sequences ("Rick Braddam")
Re: Dynamical Cryptography algorithm ("Trevor L. Jackson, III")
Re: breaking encryption - help! (Andru Luvisi)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: very large primes
Date: Thu, 29 Jun 2000 22:27:42 +0200
[EMAIL PROTECTED] wrote:
> By the Chinese Remainder Theorem, when we have two numbers p and q that are
> relatively prime, we can find an n that is congruent to a mod p and congruent
> to b mod q. Suppose you show me a formula like "px+k" with constant p and k,
> and you claim that for integer x it always produces primes. (For instance,
> "6x+1", or "23x+37".) Well, I just choose a q that is relatively prime to p,
> for instance any prime q greater than p, and find my n that is congruent to
> k mod p and 0 mod q. That n will be a counterexample to your claim that
> the formula produces only primes. I can produce an infinite number of
> additional counterexamples with the formula pqx+n, integer x, because the
> numbers generated by that formula will all be congruent to k mod p and
> 0 mod q.
It's not possible to get a formula of that sort that always generates primes.
It is noteworthy on the other hand that, if k and t don't have common
divisors, then there are infinite number of primes p with p = t mod k.
This is a theorem due to Dirichlet.
M. K. Shen
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Quantum computing
Date: Thu, 29 Jun 2000 16:35:39 -0400
Anton Stiglic wrote:
> People seem to forget that television, for example, was invented only
> 46 years ago. I don't see how anyone can say that, 50 years from now
46 years ago for *color* television, in america.
:L)
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Compression & Encryption in FISHYLAND
Date: 29 Jun 2000 20:49:59 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in
<[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" wrote:
>> As I have told you many times. With my huffman compression routine
>> you can change the last byte to any of its 256 combinations and
>> in each case it will decompress to a file that when compressed
>> back it will be that same file. THis concept is apparently over
>> your head.
>
>I think most of us, including John Savard, understand that perfectly
What makes you think John Savard has an understanding of this at all
>well. What we don't see is why this would matter in practice. You
>have explained it only in terms of testing whether a trial decryption
>is possibly valid, but that is relevant only for brute-force key
>search, which is already not a viable method of attack for any
>cryptosystem we would want to use.
>
That is just it by showing that it is relavent to a brute force
search. Then it opens up in other avenues of attack. If the compression
your using can immediately show an enemy that certain classes of keys
can't lead to a valid decryption then those classes of keys can be
ignored. Why do anything that helps the enemy when it is so easy to
avoid the potential problem altogether.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS **no JavaScript allowed**
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed ** JavaScript OK**
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction
of the truth."
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: alt.security,comp.security.misc
Subject: Re: AOL & InterTrust
Date: Thu, 29 Jun 2000 23:16:11 +0200
Lieven Trappeniers wrote:
> Recently, AOL and InterTrust technologies anounced an agreement for
> distributing and managing electronic books, music, video, ...
> InterTrust will provide the digital rights management (DRM) technology.
>
> [snip]
> "protected processing environments on PC's"
It is noteworthy that, according to a newspaper, sensitive customer
informations were recently stolen from one of the firms through a
Trojan horse technique.
M. K. Shen
------------------------------
Subject: Re: Try it.
From: None <[EMAIL PROTECTED]>
Date: Thu, 29 Jun 2000 14:06:32 -0700
I have been following the discussion with great interest. I
agree that the source and/or algorithm should be out. Now, do we
just put it up on our website, or is there a better way to get
it reviewed?
http://www.aasp.net/~speechfb
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: Thierry Nouspikel <[EMAIL PROTECTED]>
Subject: Blowfish for signatures?
Date: Thu, 29 Jun 2000 13:20:34 -0700
Reply-To: [EMAIL PROTECTED]
Hi there,
Forgive me if this is a stupid question:I'm new to cryptography, I just
made my first steps in the field by implementing Blowfish on my old
TI-99/4A home computer.
My question is: can I use Blowfish to produce a digital signature? I
mean, the kind of thing that lets you verify that the document you are
reading is indeed the original, and wasn't doctored in any fashion.
Thanks
Thierry
--
Thierry Nouspikel, MD, PhD | "Un technocrate c'est
un mec,
Department of Biological Sciences | tu lui poses une
question,
Stanford University CA 94305-5020 | quand il a fini de repondre
Phone: 1 650 723 2425 | tu comprends plus ta
question".
Fax: 1 650 725 1848 | Michel Colucci, dit
"Coluche"
[EMAIL PROTECTED] |
Spam bait: postmaster@localhost abuse@localhost root@localhost
admin@localhost
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: sliding window exp.:CLNW vs. VLNW
Date: Thu, 29 Jun 2000 17:23:52 -0400
"Pedro F�lix" wrote:
>
> I apologise if this question is off-topic, but here it goes:
> In the context of the sliding window algorithms for exponentiation, there
> are (to my knowledge) to basic proposals:
> 1. constant length non-zero window (CLNW)
> 2. variable length non-zero window (VLNW)
>
> After reading [1] and [2] I'm still not able to build a concrete example
> where the VLNW produces less NW than the CLNW.
> Could some one help me?
Do these go from most significant to least, or the other way around?
Let's say they go from most sig. to least (just reverse the string it
it's the other way around):
10110 11100 00001 00110 00010 1100
can be put into blocks using CLNW, with block size d = 5, this way
11100 11100 0000 10011 00001 01100 (5 non zero blocks)
but with VNLW you can get
1011 0 111 000000 10011 0000 1011 (4 non zero blocks)
So there is an improvement.
Anton
>
> Thanks
>
> [1] - Cetin Kaya Koc, "High Speed RSA Implementation", RSA Labs.
> [2] - Cetin Kaya Koc, "Analysis of sliding window techniques for
> exponentiation", ???
--
_____________________________________
Anton Stiglic <[EMAIL PROTECTED]>
Software developer & Cryptographer.
Zero-Knowledge Systems Inc.
_____________________________________
------------------------------
From: "Dann Corbit" <[EMAIL PROTECTED]>
Subject: Re: very large primes
Date: Thu, 29 Jun 2000 14:25:52 -0700
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> [EMAIL PROTECTED] wrote:
>
> > By the Chinese Remainder Theorem, when we have two numbers p and q that
are
> > relatively prime, we can find an n that is congruent to a mod p and
congruent
> > to b mod q. Suppose you show me a formula like "px+k" with constant p
and k,
> > and you claim that for integer x it always produces primes. (For
instance,
> > "6x+1", or "23x+37".) Well, I just choose a q that is relatively prime
to p,
> > for instance any prime q greater than p, and find my n that is congruent
to
> > k mod p and 0 mod q. That n will be a counterexample to your claim that
> > the formula produces only primes. I can produce an infinite number of
> > additional counterexamples with the formula pqx+n, integer x, because
the
> > numbers generated by that formula will all be congruent to k mod p and
> > 0 mod q.
>
> It's not possible to get a formula of that sort that always generates
primes.
What about the many sieving techniques like the sieve of Eratosthenes?
Seems like a formula to me, and a pretty simple one at that.
> It is noteworthy on the other hand that, if k and t don't have common
> divisors, then there are infinite number of primes p with p = t mod k.
> This is a theorem due to Dirichlet.
--
C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
"The C-FAQ Book" ISBN 0-201-84519-9
C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Thoughts on "Cracking" of Genetic Code
Date: Thu, 29 Jun 2000 23:37:21 +0200
Information System schrieb:
> I know that this is off the explicit subject of the
> group, but I am interested in the reaction of others to the
> wording of news stories that state that the genetic code has
> been "cracked," drawing comparisons to a cryptographic
> solution. As I understand it, what has been accomplished is
> the compilation, in crypto terms, of a complete and possibly
> accurate transcription of the ciphertext. This is a
> beginning, but hardly a "cracking." As a continuation of the
> original thought, my other question is to ask if anyone has any
> thoughts on the potential or actual applications of
> cryptanalytic techniques to the decoding of DNA in the sense
> of decoding meaning from existing sequences, or even encoding
> desired messages to create desired results.
I think that the term cracking is here justified in the same sense
as attempts to understand some of the ancient obliterated languages
like hierographs. I guess that the people doing the sequencing
sometimes need some of the same mental qualities as those of
good cryptoanalysts in performing their work.
M. K. Shen
------------------------------
From: "Dann Corbit" <[EMAIL PROTECTED]>
Subject: Re: very large primes
Date: Thu, 29 Jun 2000 14:30:55 -0700
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Roger Schlafly wrote:
> > Maybe not "simple", but there are polynomials whose positive
> > values are precisely the set of primes.
>
> I'd be interested in seeing one.
Depends upon a loose definition for the term "polynomial":
http://mathworld.wolfram.com/Prime-GeneratingPolynomial.html
More specifically:
http://mathworld.wolfram.com/PrimeDiophantineEquations.html
--
C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
"The C-FAQ Book" ISBN 0-201-84519-9
C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
------------------------------
From: [EMAIL PROTECTED] (Mike Andrews)
Subject: Re: very large primes
Date: Thu, 29 Jun 2000 21:42:53 GMT
Scripsit Dann Corbit <[EMAIL PROTECTED]>:
: What about the many sieving techniques like the sieve of Eratosthenes?
: Seems like a formula to me, and a pretty simple one at that.
It's a process -- or algorithm, if you specify a max. number,
but it's not a formula (IMHO) because it's not closed-form.
A formula would be expressed as, say P = F(N),
where P was a vector of primes less than or equal to N,
F was the function that generated the primes less than
or equal to N, and N was the positive integer argument
to F.
Alternatively, P might be a series of the form
1 1 1 1 1 1
--- + --- + --- + --- + --- + ... + ___,
P1 P2 P3 P4 P5 PN
where F was a generating function for the series, and
P1 through PN were the first through Nth primes.
--
Thin, wizened adviser behind the throne to His Majesty Tom Betz,
Tsar for Good Internet Practices, NANAE.
(TintwabtttHMTBTfGIPNANAE)
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Yardley: Codebreaking or Torture
Date: 29 Jun 2000 21:48:14 GMT
In article <8jf72g$7s8$[EMAIL PROTECTED]>,
Casper H.S. Dik - Network Security Engineer <[EMAIL PROTECTED]> wrote:
>[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]
>
>jungle <[EMAIL PROTECTED]> writes:
>
>>John Savard wrote:
>>> And the use of
>>> drugs in this fashion would have seemed humane compared to direct,
>>> conventional techniques of torture.
>
>>"conventional techniques of torture" beautiful expression ...
>
>Somehow the phrase "Congratulations Bob, Torturer of the Month"
>springs to mind (Farside/Gary Larson)
Or from Babylon 5, there's a scene where Londo complains, "we
used to call them torturers but ever since they unionized, we have
to call them 'pain technicians'". Ouch... :-)
--Paul
"You're looking for a Star Trek solution to a Babylon 5 problem"
--somebody's .sig
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Remark on practical predictability of sequences
Date: 29 Jun 2000 21:32:36 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> result does not affect the issue in the present thread. Let
> me quote them:
> We assume the cryptanalyst knows the parameters a, b, M
> defining the LCG. (They are chosen at random but then
> made public.) What is unknown to the cryptanalyst is the
> seed k_0 used by the signer to start the LCG.
> Since in our case the parameters a, b, M are naturally also
> kept secret (one may for convenience of implementation even
> use a fixed M, but a and b are certainly randomly chosen and
> kept secret), their result cannot be directly or indirectly
> transferred to the present context to apply for any useful
> purpose.
I would like to point out that there is some work on
recovering the seed, even when a, b, and M are NOT KNOWN.
In fact, even when the generator outputs only a few bits of each
state, you can eventually reconstruct the seed. These results apply to
the case where the outputs are accessible directly.
One such analysis is in the paper by Antoine Joux and Jacques Stern,
"Lattice Basis Reduction ; A Toolbox for the Cryptanalyst."
Another is in the forbidding paper
"Reconstruction of Truncated Linear Congruences" (I think that's the
title; my memory is a little screwy right now)
by Lagrarias, Kannan, Shamir, and Freize (and maybe more?).
You may protest that these results only apply to the case in which the
linear congruential generator's output is directly accessible. Fine.
I have not tried to do it yet, but it would not suprise me
if one could use the results to extend Miccancio et al.'s analysis to
account for a DSS case in which a, b, and M are not known.
It would also not surprise me if such an extension was messy beyond
belief, which may have been one of the reasons the DSS paper made
the above simplifying assumption. I would not bet a real system
on the difficulty of doing such analysis if I expected a sophisticated
adversary.
Terry Ritter posted a pretty complete bibliography on the subject of
why LCGs are unfortunate about a year ago. It should be in deja.com
and is worth searching for. Klaus Pommerening also has software which
does LCG predicting, although I forget whether it requires a, b, or M.
-dmolnar
------------------------------
From: Sylvain Martinez <[EMAIL PROTECTED]>
Subject: Re: Dynamical Cryptography algorithm
Date: Thu, 29 Jun 2000 21:58:31 GMT
> To take this analogy too far, someone who's
> designing ciphers without understanding cryptanalysis is like
> someone deaf trying to play a guitar.
In a way it is true. But having learned guitar by my self I would say
there is a difference:
I have noticed that cryptographer seems to be much more aggressive and
try to break you as quick as they can when you are a beginner (or
anyway try to make you look stupid). In guitar people tends to be nicer
and even if you are crap they are encouraging you. I love cryptography
but being part of the "community" seems to be really really hard work !
>
> * It only takes one person finding one problem with your cipher to
> break it. It's as if, when you're playing music, you have to make
> *everyone* happy at the same time.
>
I agree. And I think this is a good thing, but what I am only looking
for is someone telling me he found a weak point in my algorithm....
> I don't suggest that it's impossible to learn cipher design without
> being taught by someone. But there are right ways to learn and wrong
> ways. Schneier's self-study course is a good pointer in the right
> direction. See http://www.counterpane.com/self-study.html.
Thanks for the URL, I am going to look at it.
By the way, I didn't choose the "7 years guitar experience" by
chance ;o)
but I thought you may understand better what I was trying to say...
Cheers,
Sylvain.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Simon Elliott <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Thu, 29 Jun 2000 23:10:33 +0100
Reply-To: Simon Elliott <[EMAIL PROTECTED]>
JimD <[EMAIL PROTECTED]> writes
>On Tue, 27 Jun 2000 21:25:34 +0100, Andy Dingley <[EMAIL PROTECTED]>
>wrote:
>
>>[EMAIL PROTECTED] (JimD) a �crit :
>>
>>>>>>Maybe the webmaster's been assassinated by MI6.
>>
>>>Absolutely. There was that woman from Shrewsbury they had
>>>murdered.
>>
>>Hilda Murrell ?
>
>None other.
What was that all about? I don't remember reading about this in the
papers.
--
Simon Elliott phone : +44 (0)1444 413799
Software Consultant fax : +44 (0)870 0557822
Courtlands Technical Services email : <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Noam E. Kirly)
Subject: Re: Blowfish for signatures?
Date: Thu, 29 Jun 2000 22:26:36 GMT
Thierry Nouspikel <[EMAIL PROTECTED]> wrote:
>Forgive me if this is a stupid question:I'm new to cryptography, I just
>made my first steps in the field by implementing Blowfish on my old
>TI-99/4A home computer.
>
>My question is: can I use Blowfish to produce a digital signature? I
>mean, the kind of thing that lets you verify that the document you are
>reading is indeed the original, and wasn't doctored in any fashion.
I don't think so. Blowfish is a symmetrical encryption algorithm. What you
need is a public/private key algorithm and a cryptographic hash function.
--
"Noam E. Kirly" is actually 3654 029817 <[EMAIL PROTECTED]>.
0123 4 56789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: Eric Young <[EMAIL PROTECTED]>
Subject: Re: sliding window exp.:CLNW vs. VLNW
Date: Thu, 29 Jun 2000 22:43:17 GMT
"Pedro F�lix" wrote:
>
> I apologise if this question is off-topic, but here it goes:
> In the context of the sliding window algorithms for exponentiation, there
> are (to my knowledge) to basic proposals:
> 1. constant length non-zero window (CLNW)
> 2. variable length non-zero window (VLNW)
>
> After reading [1] and [2] I'm still not able to build a concrete example
> where the VLNW produces less NW than the CLNW.
> Could some one help me?
I've always implemented VLNW where the block is always an odd value
(reduces the table size by half)
So for a temp table of 32 numbers (5 bits), for CLNW
10110 11100 00001 00110 00010 11001
For VLNW with 5 bit table (but only 16 numbers)
1011 0111 00000010011 00001011 001
Quite a bit of the improvement is that only half the number of pre calculated
values are needed for the VLNW (or you window can be one bit larger)
eric
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Subject: Re: Remark on practical predictability of sequences
Date: Thu, 29 Jun 2000 07:49:31 -0500
Reply-To: "Rick Braddam" <[EMAIL PROTECTED]>
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> : Pseudo-random sequences, being deterministically generated,
> : always involve the issue of predictability. On the other
> : hand, a good cipher prevents the opponent to obtain the
> : plaintext from the ciphertext. It seems logical to conclude
> : that, if one feeds a pseudo-random sequence to a good cipher,
> : the resulting output sequence is practically unpredictable,
> : since he can't recover the original sequence which he needs
> : to do the inference in the first place.
>
> This is essentially how (for example) Yarrow works.
>
> It feeds a less than perfectly random sequence (in fact it uses a
> counter) through a block cypher (3DES).
>
> Typically hash functions - rather than block cyphers - are used in this
> context - but the principle is similar.
I've seen other posts that said that Yarrow uses DES. The version I have
is 0.8.7, and it uses SHA1. What version do you have? The following is
taken from readme-prngcoder.txt (comments inside square brackets added by
me):
Note that these routines make use of the zlib compression library, and
Steve Reid's SHA1 routines.
[in the list of included files:]
sha1mod.c and sha1mod.h
Steve Reid's SHA1 code (slightly modified).
[in the function descriptions]
Helper functions
================
These functions are should not be called by except by other functions:
prng_do_SHA1(ctx)
Takes an output context, reinitializes the SHA1 context within,
concatenates
the previous output buffer and the IV and outputs their digest. This value
is
the new output buffer.
[As for the input being from a counter, from readme-crypto.txt:]
Data is inputted into this pool from a variety of sources, which can
include
but are not limited to: keyboard event timing, mouse movement and mouse
click timing, system usage statistics, and network usage statistics. Each
different source of entropy has its own counters for total input bytes and
total bits of entropy. It should be noted that the total bits of entropy
is
calculated in two different way. The first is simply the sum of the
estimates provided by the user. The second is obtained through
compressing
the inputs, where it is assumed that the maximum entropy is approximately
half the size of the compressed output.
</Quote>
I hope this helps those not familiar with Yarrow. I just checked at
Counterpane's site at
http://www.counterpane.com/yarrow.html and found that version 0.8.71 is
the one currently
available for download. The paper available describes one which uses both
SHA1 and 3DES,
but the paper does not present any algorithms, and two figures which might
help are
not present in either format of the paper I downloaded. Perhaps, at some
point in the future,
a reference implementation will be available.
Rick
Rick
------------------------------
Date: Thu, 29 Jun 2000 19:13:18 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Dynamical Cryptography algorithm
Mark Wooding wrote:
> Sylvain Martinez <[EMAIL PROTECTED]> wrote:
> >
> > > so. Hence my assertion that you didn't want to answer it. Is my
> > > logic faulty?
> >
> > No, but I didn't see it that way. I was first thinking of "DES" because
> > I realised it was wrong I said nothing.
> > [...]
> > > doesn't use factorials); you use a logical AND to do some passphrase
> > > expansion, although this will cause a huge bias towards zero bits in
> > > the result.
> >
> > I am actually not only doing that :O)
>
> Indeed not. But
>
> > > Counterintuitively enough, designing ciphers isn't the right way to
> > > learn cipher design. What you need to do is study other people's
> > > designs, and their analysis. Read the AES entries -- particularly
> > > Twofish and Rijndael -- for hints on presentation and analysis. See
> > > also Schneier's self-study cryptanalysis course.
> >
> > I do not totaly agree with you. It is like learning guitar.
>
> There are similarities and differences. As a self-taught guitarist and
> cryptographer (although far from perfect at either), I'll try to
> describe them:
>
> For instance, when you pick up a guitar and play it badly, it sounds
> awful. You can tell this by listening, and do something to fix it, such
> as changing your fingering or picking, or giving more practice time to a
> tricky technique.
>
> The important point is that you must have the ability to listen
> critically to the notes and chords you're playing, so that you know when
> you're doing something wrong.
>
> Cipher design is a bit similar. Critical listening is the analogue of
> cryptanalysis, where you attack your design, and find its flaws.
>
> There are (at least) two differences.
>
> * We all get exposed to lots of music throughout our lives. While
> music varies between cultures, almost everyone develops an ability
> to listen and appreciate music of some kind or other. We don't tend
> to be exposed to ciphers to the same degree, and we don't acquire
> the ability to analyse ciphers in that almost automatic way in which
> we can criticise music. To take this analogy too far, someone who's
> designing ciphers without understanding cryptanalysis is like
> someone deaf trying to play a guitar.
>
> * It only takes one person finding one problem with your cipher to
> break it. It's as if, when you're playing music, you have to make
> *everyone* happy at the same time.
>
> > you can take lessons and becoming good at it, or you can learn your
> > self. This will allow you to understand better some concepts. You would
> > still need to take proper lessons but if you've done that, let say, for
> > 7 years you will then learn quicker.
> > In other words it is not a complete waste of time :O)
>
> I don't suggest that it's impossible to learn cipher design without
> being taught by someone. But there are right ways to learn and wrong
> ways. Schneier's self-study course is a good pointer in the right
> direction. See http://www.counterpane.com/self-study.html.
Not to disagree with your thesis, but simply to illuminate the process: Does a
musician become better by studying bad music? In my minor experience, I
learned a lot more from Bach than from all of the heavy metal performers
combined. The crypto analog would be to learn the most from the persons
responsible for the most powerful attacks than for the persons responsible for
the most secure ciphers.
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Re: breaking encryption - help!
Date: 29 Jun 2000 15:56:17 -0700
Steve Basford <[EMAIL PROTECTED]> writes:
[snip]
> does that help a little?
[snip]
I haven't found anything yet, but it gives me more to look at.
Thanks,
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
