Cryptography-Digest Digest #384, Volume #12 Wed, 9 Aug 00 00:13:01 EDT
Contents:
Re: Empathic encryption? ("Trevor L. Jackson, III")
Re: Secret Conversations ("Paul Pires")
Re: Empathic encryption? ("Trevor L. Jackson, III")
Re: Empathic encryption? ("Paul Pires")
Re: More Secret Conversations (David Hopwood)
Re: counter as IV? (David Hopwood)
Re: Key in ASCII ?? (Guy Macon)
Re: Last secret conversation (maybe more if time permits) (Guy Macon)
Re: Physical RNG (Guy Macon)
Re: Key in ASCII ?? ("Rick Braddam")
Cryptography Certifications ("Adam Smith")
Re: Cryptography Certifications (Eric Lee Green)
----------------------------------------------------------------------------
Date: Tue, 08 Aug 2000 21:10:52 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Empathic encryption?
Look, it's the Karnak Attack in sheep's clothing. He's not going to get *any*
benefit from it.
Paul Pires wrote:
> Terry Ritter <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> >
> > On Tue, 8 Aug 2000 10:37:28 -0700, in
> > <IBXj5.2696$[EMAIL PROTECTED]>, in sci.crypt "Paul
> > Pires" <[EMAIL PROTECTED]> wrote:
> >
> > >The countdown begins....... <[EMAIL PROTECTED]> wrote in message
> > >news:[EMAIL PROTECTED]...
> > >> May contain proprietary information. All rights reserved.
> > >
> > ><Snip>
> > >
> > >I must be in a grouchy mood... This is a joke, right? This disclaimer is
> > >silly! And in this group, you are waiving a red flag before bulls.
> >
> > I don't know why that would be a red flag: Cryptography has a long
> > history of intellectual property.
>
> Nice dodge.
> >
> >
> > >1, If it is patent rights you wish to protect by it, it don't work. You
> have
> > >publicly disclosed (well sort of). The law offers no exemptions for
> > >disclosure under a disclaimer.
> >
> > In the U.S., a patent application may be submitted up to a year after
> > full public disclosure. Even that assumes the original posting was
> > sufficiently precise as to say how the patented thing works.
>
> All true, but you miss my point. The disclaimer does not treat or modify any
> of the above. It has no purpose other than to sound legalistic.
>
> > >2, If it is copyright you wish to protect, well, you screwed the pooch
> there
> > >too since you did not supply the tiny (but required stock wording).
> >
> > Stock wording has not been required for copyright for years.
> > Copyright protection is now inherent in the production of an
> > individual work.
>
> I'll have to check but I think you still need to say who you are (Name) and
> date it. This posting qualifies as an anonymous public disclosure. I doubt
> that the PGP signature qualifies.
> >
> >
> > >3, All rights reserved for what it MAY contain? (coverin all bases aren't
> > >ya). Well the law (as I understand it) provides that recipients (after
> they
> > >have agreed to terms) only need to show the same level of diligence to
> > >proprietary information that the owner has shown. You posted it to a news
> > >group!
> >
> > Not all rights are destroyed simply by posting to a newsgroup:
> > Posting probably implies a license to distribute copies of the
> > posting, but it is not a license to put someone else's name on those
> > words.
>
> Sounds right.
>
> Once again, my point was that the disclaimer did not do anything to effect
> those rights. Upon re-reading my original post, I need to upgrade the
> earlier rating of grumpy to bitchy. My apologies. I do have a point though.
> Much confusion about IP and the practices used to regulate it is generated
> by miss-information. When I see bizzare stuff, I just gotta comment.
> >
> > ---
> > Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
> > Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
> >
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Secret Conversations
Date: Tue, 8 Aug 2000 18:10:28 -0700
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Paul Pires wrote:
>
> > "Those of you who think you know everything, annoy those of us who do"
>
> How much self-consciousness of one's arrogance does it take to compensate
for
> it?
I'll let you know when I've aquired enough arrogance to know :-)
Paul
>
> ;-)
>
>
------------------------------
Date: Tue, 08 Aug 2000 21:15:19 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Empathic encryption?
Terry Ritter wrote:
> On Tue, 8 Aug 2000 14:09:50 -0700, in
> <GI_j5.4551$[EMAIL PROTECTED]>, in sci.crypt "Paul
> Pires" <[EMAIL PROTECTED]> wrote:
>
> >Once again, my point was that the disclaimer did not do anything to effect
> >those rights. Upon re-reading my original post, I need to upgrade the
> >earlier rating of grumpy to bitchy. My apologies. I do have a point though.
> >Much confusion about IP and the practices used to regulate it is generated
> >by miss-information. When I see bizzare stuff, I just gotta comment.
>
> That is a very serious disease. I have it myself. I am trying to get
> well. You don't have to follow that path.
If you are in a truly foul mood be as nasty as it is possible to be: leave the
person in their state of Error. Then elevate your blood sugar. ;-)
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Empathic encryption?
Date: Tue, 8 Aug 2000 18:16:08 -0700
Arghhhhh.... I wish I understood more than one in three posts.
Paul
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Look, it's the Karnak Attack in sheep's clothing. He's not going to get
*any*
> benefit from it.
>
> Paul Pires wrote:
>
> > Terry Ritter <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > >
> > > On Tue, 8 Aug 2000 10:37:28 -0700, in
> > > <IBXj5.2696$[EMAIL PROTECTED]>, in sci.crypt "Paul
> > > Pires" <[EMAIL PROTECTED]> wrote:
> > >
> > > >The countdown begins....... <[EMAIL PROTECTED]> wrote in message
> > > >news:[EMAIL PROTECTED]...
> > > >> May contain proprietary information. All rights reserved.
> > > >
> > > ><Snip>
> > > >
> > > >I must be in a grouchy mood... This is a joke, right? This disclaimer
is
> > > >silly! And in this group, you are waiving a red flag before bulls.
> > >
> > > I don't know why that would be a red flag: Cryptography has a long
> > > history of intellectual property.
> >
> > Nice dodge.
> > >
> > >
> > > >1, If it is patent rights you wish to protect by it, it don't work.
You
> > have
> > > >publicly disclosed (well sort of). The law offers no exemptions for
> > > >disclosure under a disclaimer.
> > >
> > > In the U.S., a patent application may be submitted up to a year after
> > > full public disclosure. Even that assumes the original posting was
> > > sufficiently precise as to say how the patented thing works.
> >
> > All true, but you miss my point. The disclaimer does not treat or modify
any
> > of the above. It has no purpose other than to sound legalistic.
> >
> > > >2, If it is copyright you wish to protect, well, you screwed the
pooch
> > there
> > > >too since you did not supply the tiny (but required stock wording).
> > >
> > > Stock wording has not been required for copyright for years.
> > > Copyright protection is now inherent in the production of an
> > > individual work.
> >
> > I'll have to check but I think you still need to say who you are (Name)
and
> > date it. This posting qualifies as an anonymous public disclosure. I
doubt
> > that the PGP signature qualifies.
> > >
> > >
> > > >3, All rights reserved for what it MAY contain? (coverin all bases
aren't
> > > >ya). Well the law (as I understand it) provides that recipients
(after
> > they
> > > >have agreed to terms) only need to show the same level of diligence
to
> > > >proprietary information that the owner has shown. You posted it to a
news
> > > >group!
> > >
> > > Not all rights are destroyed simply by posting to a newsgroup:
> > > Posting probably implies a license to distribute copies of the
> > > posting, but it is not a license to put someone else's name on those
> > > words.
> >
> > Sounds right.
> >
> > Once again, my point was that the disclaimer did not do anything to
effect
> > those rights. Upon re-reading my original post, I need to upgrade the
> > earlier rating of grumpy to bitchy. My apologies. I do have a point
though.
> > Much confusion about IP and the practices used to regulate it is
generated
> > by miss-information. When I see bizzare stuff, I just gotta comment.
> > >
> > > ---
> > > Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
> > > Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
> > >
>
------------------------------
Date: Wed, 09 Aug 2000 13:57:10 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: More Secret Conversations
=====BEGIN PGP SIGNED MESSAGE=====
[EMAIL PROTECTED] wrote:
>
> A Master and disciple are having a discussion under the bright moon of
> a star lit sky.
[snip]
The Master is wrong, BTW - it is worthwhile to try to teach people where
they are making mistakes, and this does not necessarily involve imposing
your worldview on them. This is particularly true for technical subjects,
but it's also true in general.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOZEULzkCAxeYt5gVAQGn/wgAktPkfOlK0Ufl62422IxRCSId0IOMxPPd
Zp+TUpSjvGXjzhdhHYrPeUeugLy7d2rwtCbiRWQrhU/RNpAR2Slb4DiC4DFP6PIu
jIoDcnHPCh0v1qiK9HY4NpbO9vPnQDrXsul8c5Kg/QuhOe1L82RkT3gIJ8VdHxZS
egoWBrMv5sb1rRhoP7J1BNiujXZffazEFZITw/fhaJSI+4rCWimaJkDXiEt8ajUA
28ObRLP8Cm0Xqz+4a6kdyVWIISV8OeMOMKJGmAwjiHlLFrEucXejcEDNSRIUATeU
LhHcgNtULgzd2EMU82HUJZjDHCsYG5V+cVeR+4sMwljXGyauApFbvQ==
=D14U
=====END PGP SIGNATURE=====
------------------------------
Date: Wed, 09 Aug 2000 13:57:38 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: counter as IV?
=====BEGIN PGP SIGNED MESSAGE=====
Bodo Moeller wrote:
> David A. Wagner <[EMAIL PROTECTED]>:
> > Bodo Moeller <[EMAIL PROTECTED]>:
> >> David A. Wagner <[EMAIL PROTECTED]>:
>
> >>> Using a truly random IV eliminates this vulnerability. That's why I
> >>> recommend to use an unpredictable, random IV, and not, e.g., a counter.
>
> >> Does it really have to be a *truly* random, *unpredictable* IV?
> >> What about applying a publicly known PRF to counter values?
>
> > Sorry for the imprecision. You are quite right to suggest that using
> > a PRF is just as good. There is no need for IVs to be truly random;
> > unpredictability suffices.
>
> A fine point is the semantics of the word "unpredictable" in this
> context. "Pre-dict" refers to time, but it's not absolute time that
> we're talking about (there's no such thing as absolute time anyway,
> but the speed of light isn't the only weakening factor to consider).
> The "unpredictable" pseudo-random IVs must be unpredictable with
> respect to a partial ordering ("time") that tells us what data values
> may depend on what data values.
>
> If the first plaintext block to be CBC encrypted cannot depend on the
> IV, then we're safe (assuming IVs that are pseudo-random in a weak
> sense -- roughly, XORs of IVs may not coincide with XORs of plaintext
> blocks); [...]
Nearly but not quite: if, for example, the first n blocks are known and
the (n+1)th block is chosen with knowledge of the IV, that allows the
same attacks.
Also, if an attacker can see a ciphertext and then choose the following
plaintext block, the same attacks are possible as if the IV were
predictable. IOW, the semantic security of CBC against chosen-plaintext
attack depends on plaintexts being chosen without knowledge of the
immediately preceding ciphertext block.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOZFP4jkCAxeYt5gVAQGA7Qf/bx8+csKBZ8QKEvO9RTJjJvW7odS2qXah
wtK6P7MO2W9BS0LdIU8S77JtIGXYS98xslkmSr2G0/8G1cJ1/PTUmgEW1cxBoPdJ
n6YHFvo+LQ9dQPR0viwHlliTVnERS+b7byc8YSz61ijpv51d8zRa5keoYSaHNnjJ
btA/fo1KGXIS4UgVzbqJbogkLjcfKQXW4bj9tOlYGCjyxU4CKwU3Zc73jzsE6cF+
qjwZem3vkPmY7D2OdEmRDsfMrJpnWmDoyeSEEVh5Odvd2LR7fbdmDX8gHmJpci8k
+CFufcmdeFo+R+BhHgltSYT+Hr7O+AGf1iBh2dxzhIzFZn1/M8yovQ==
=79oy
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Key in ASCII ??
Date: 09 Aug 2000 02:09:47 GMT
Steve Rush wrote:
>Since English ASCII text has a little more than one bit of entropy per
>character, every serious cryptosystem that uses keyboard entry of the
>key requires a passphrase at least eight times as long as the key,
>and crunches the input with some kind of hash function.
One bit per character seems low. That would imply that I could
often guess an 8 character password in about 250 tries and a
16 character password in about 65,000 tries. I write custom
dictionary-based password guessing programs on a regular basis,
and I know that those numbers are way low.
Could it be that you are using statistics for normal length and
vocabulary english prose and assuming that the statistics apply
to short passwords or passphrases?
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Last secret conversation (maybe more if time permits)
Date: 09 Aug 2000 02:16:20 GMT
Douglas A. Gwyn wrote:
>
>Mok-Kong Shen wrote:
>> According to the title that should be the 'Last'!!! I hope
>> that should also be the last 'open' conversation of this
>> genre. This is sci.crypt group, not one about phylosophy or
>> religion!!!
>
>Disciple: Master, the temple is on fire?
>
>Master: That is not what I called you here to discuss.
I am about to point something out WHICH IS *NOT* AN INVITATION TO
CROSSPOST: These sayings have generated 100% appreciative feedback
when posted to soc.religion.quaker. I suggest posting them there
(perhaps in addition to here, but *NOT CROSSPOSTED*.)
(Did I mention that I really don't want to start a crossposted
mess that fills sci.crypt with Quaker threads and soc.religion.quaker
with crypto threads?)
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Physical RNG
Date: 09 Aug 2000 02:29:21 GMT
Bob Deblier wrote:
>If you want it to be hardware and PCI and cheap: use the built-in sound
>of modern Sparcs, or plug in a supported PCI soundcard, take the LSBs of
>sound samples you read from the unplugged microphone port - then run
>them through a Von Neuman compensator. If you want you can have a look
>at the BeeCrypt crypto library (http://beecrypt.virtualunlimited.com/),
>which has been tested on Solaris and Linux. It has an entropy provider
>which does exactly this.
There is a practical problem with this. If you have a very cheap or
a very expensive soundcard, it may fail. Very cheap soundcards
sometimes use 14 or 15 bit ADCs and set the LSB to 0 all of the time.
Very expensive soundcards sometimes use 18 or 20 bit ADCs and use the
unusable extra bits to modulate the dither of the LSB. Somewhat
expensive soundcards sometimes use a PRNG to generate a dither signal
which is mixed into the LSB. Thus the method described works for most
soundcards but fails in some special cases.
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Subject: Re: Key in ASCII ??
Date: Tue, 8 Aug 2000 19:34:26 -0500
Reply-To: "Rick Braddam" <[EMAIL PROTECTED]>
That's completely correct, John, but I'd like to add that the text string
input to the AES version of Twofish is converted fron *hexadecimal
characters* to binary in (from twofish2.c)
* Function Name: ParseHexDword
*
* Function: Parse ASCII hex nibbles and fill in key/iv dwords
which is slightly mis-described as it parses ASCII characters into binary
nibbles and combines them into bytes in a standard hex-to-binary
conversion. The text input is constrained to the digits "0" through "9"
and "A" through "F". So while the key input *is* in text to comply with
NIST requirements, it represents a hex encoded binary key.
Rick
"John Myre" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> kihdip wrote:
> >
> > This is probably a silly question, but why is the 'key-material input'
in
> > Twofish chosen to be in ASCII ??
> <snip>
>
> If you are looking at the Twofish implementation from the AES
> submission,
> it's because that is the interface that NIST required. You'd have to
> ask
> them why.
>
> Moreover: there is no requirement based on Twofish itself that has
> anything to do with ASCII. Indeed, the algorithm is defined based
> on binary keys of length 128, 192, and 256 (as required), with any
> bit pattern valid. The ASCII interface, therefore, is a kind of
> test scaffolding, defined by NIST - not part of Twofish itself.
>
> JM
------------------------------
From: "Adam Smith" <[EMAIL PROTECTED]>
Subject: Cryptography Certifications
Date: Wed, 09 Aug 2000 03:52:13 GMT
Are there any current standards for certifications/examinations in the field
of cryptography? If so, how big are these tests (how many takers per year)?
Where can I find more information?
Thanks!
Adam Smith
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Cryptography Certifications
Date: Wed, 09 Aug 2000 04:03:27 GMT
Adam Smith wrote:
> Are there any current standards for certifications/examinations in the field
> of cryptography? If so, how big are these tests (how many takers per year)?
> Where can I find more information?
Let's see, you have to be certifiably paranoid in order to be good at
cryptography and cryptosystems, so I guess your local mental hospital
would be the first place to start in order to be certified :-).
Most of the best cryptographers have a degree in some mathematical field
and a really demented world-view (called "being able to create threat
models" in more polite terms :-). Unfortunately, you can't exactly test
that with a normal kind of test. The NSA has tried, and given up... they
can test for mathematical aptitude, and hire the best mathematicians
they can, but the ones who aren't demented enough end up doing drudge
work (hey, that needs doing, so it's not as if they're totally out to
lunch in their hiring practices...).
Best bet: Look up cryptographers that you respect and, if they're
associated with a particular university, get a degree at that univeristy
in whatever department they teach in.
--
Eric Lee Green There is No Conspiracy
[EMAIL PROTECTED] http://www.badtux.org
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
