Cryptography-Digest Digest #396, Volume #12 Thu, 10 Aug 00 09:13:00 EDT
Contents:
Re: 1-time pad is not secure... (Guy Macon)
Re: How can I do "certificate validation" in C? (jkauffman)
Re: 1-time pad is not secure... (Mike Calder)
Re: RNG from fish tank aerator (jkauffman)
Re: OTP using BBS generator? (Mark Wooding)
Re: BBS and the lack of proof (Mok-Kong Shen)
Re: OTP using BBS generator? (Mok-Kong Shen)
I need lots of help ([EMAIL PROTECTED])
Re: 1-time pad is not secure... (Guy Macon)
Re: 1-time pad is not secure... (Mok-Kong Shen)
Re: OTP using BBS generator? (Guy Macon)
Re: Physical RNG (Guy Macon)
Re: Random Number Generator (Tony L. Svanstrom)
Blind Signatures & DH (Michael Schmidt)
Re: 1-time pad is not secure... (Guy Macon)
Re: 1-time pad is not secure... (fvw)
Re: Discret Logarithm ([EMAIL PROTECTED])
Re: Discret Logarithm ([EMAIL PROTECTED])
jkauffman wrote: Re: How can I do "certificate validation" in C? (haifeng)
Destruction of CDs (Thomas Kellar)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 10 Aug 2000 10:25:32 GMT
Runu Knips wrote:
>
>fvw wrote:
>> <8mth1u$vpt$[EMAIL PROTECTED]> ([EMAIL PROTECTED]):
>> >Can you generate truly random numbers? No.
>
>> yes. time between radioactive decays for instance is a
>> textbook example of a perfect random generator.
>
>Yep.
>
>I'm very surprised to hear someone believes true
>random isn't available. Shows a serious lack in
>ideas about modern physics, doesn't it ?
Actually, oddly enough, what I learned in Seminary explains why we
keep seeing this idea much better than anything I ever learned in
a Physics class.
There is a branch of theology that seems to be influencing people
who don't know the root source of the ideas they hold. I refer, of
course, to Fatalism.
One particular branch of Fatalism is largely based on the idea of a
pure Newtonian universe where, if we only knew the exact position,
velocity, and all other information about every particle that exists,
we could predict the future with 100% accuracy forever. Thus all
future event are foreordained and free will is an illusion.
Heisenberg killed this theory, Chaos theory nailed the coffin shut,
and Quantum Mechanics presided over the cremation. Alas, by this
time enough people were infected with the "no randomness" meme that
it became a self-sustaining memeplex which attempts to propagate
into sci.crypt on a regular basis.
------------------------------
From: jkauffman <[EMAIL PROTECTED]>
Subject: Re: How can I do "certificate validation" in C?
Date: Thu, 10 Aug 2000 04:26:41 -0700
In article <[EMAIL PROTECTED]>, haifeng
<[EMAIL PROTECTED]> wrote:
> Hello
> who knows some knowledge about x509v3, CA?
> How can I do "certificate validation" in C or C++?
> it include "signed, integrity, validity....."
> You know "Version 3 certificate structure". It has
> version , serial
> number, signature,issuer, validity, ......
> Thanks.
> HF:)
to do 'certificate validation' you need to:
1) Know how ASN.1 works
2) Know the format of an X.509 certificate
3) Implement the appropriate hash/pk algorithms
4) Parse the cert and verify the signature
simple, eh?
I'd stringly advise using some ready made library, there
must be some around.
* Sent from AltaVista http://www.altavista.com Where you can also find related Web
Pages, Images, Audios, Videos, News, and Shopping. Smart is Beautiful
------------------------------
From: Mike Calder <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Thu, 10 Aug 2000 11:34:53 +0100
In article <[EMAIL PROTECTED]>, Runu Knips <[EMAIL PROTECTED]>
writes
>fvw wrote:
>> <8mth1u$vpt$[EMAIL PROTECTED]> ([EMAIL PROTECTED]):
>> >Can you generate truely random numbers? No.
>
>> yes. time between radioactive decays for instance is a
>> textbook example of a perfect random generator.
>
>Yep.
>
>I'm very surprised to hear someone believes true
>random isn't available. Shows a serious lack in
>ideas about modern physics, doesn't it ?
It may be unpredictable, but does that make it random? In a finite
universe (or a finite subset of an infinite universe), it is impossible
to produce an infinite series of anything. Given any finite series of
numbers, it is clearly possible to define a function that produces that
series, though it may be difficult to produce an elegant one.
Does this means that the process which produced that series used that
function, or an equivalent function, or any function at all? If not,
what generated the elements of the series? If the generating events are
truly not dependent on anything, isn't that equivalent to continuous
creation? I dunno.
Most mathematical constructs are theoretical and many are not capable of
realisation - the "real" numbers, for example. The most that can be
constructed in finite time is a rational approximation to any given
"real". Everything else is metaphysics, like all "proofs" that depend
on or imply an infinite process.
Heads, tails, heads. Is that random? Can't tell. I can't predict the
next without a complete knowledge of the generator, but that doesn't
make it random.
A sequence of 20 heads and tails? Depends on certain statistical
properties of the sequence, and adventurous mathematicians would give a
judgement to a defined confidence level (but who chooses the tests -
have we all agreed on all of them, and are they complete?).
I won't even start on how we can assess how well a given physical
process stacks up against a PRNG or how either do against the
statistical tests, except to say that if either gave a perfect result
I'd be very suspicious. (We expect a degree of divergence from
statistical purity particularly with small sets - does this imply that a
truly random sequence contains a degree of predictability? Should a
long random sequence contain significantly long subsequences of relative
predictability? What *is* the smallest uninteresting number?)
"Randomness" is a property that emerges with increased size of sample
and is only complete at infinity. Is it a chimaera? I'm beginning to
suspect so.
We demand rigidly defined limits of doubt and uncertainty.
Clear skies!
Mike Calder
I didn't write this and you can't blame me for it.
"Don't depend on any software where you don't have access to the source."
------------------------------
From: jkauffman <[EMAIL PROTECTED]>
Subject: Re: RNG from fish tank aerator
Date: Thu, 10 Aug 2000 04:32:18 -0700
alternatively just point the camera out onto the street, or
into your back garden, or at the sky, or rig it to a
microscope and film brownian motion in a beaker of tap
water.
* Sent from AltaVista http://www.altavista.com Where you can also find related Web
Pages, Images, Audios, Videos, News, and Shopping. Smart is Beautiful
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: OTP using BBS generator?
Date: 10 Aug 2000 11:01:17 GMT
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> Interesting verb: "find". AFAICT the issue is not finding short
> cycles by searching for them, but finding a short cycle in the "oops"
> sense of having inadvertently selected one for use. The practical
> impossibility of finding one on purpose is independent of the
> theoretical possibility of finding one by accident.
Errr... no.
If finding X by trying very hard is impractically difficult, then
finding X by accidentally tripping over it must be at least as
difficult. Otherwise, I have the algorithm for finding X by trying very
hard: pick possible values at random and hope to trip over one by
accident. This must work unless X can read minds and is deliberately
perverse.
-- [mdw]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: BBS and the lack of proof
Date: Thu, 10 Aug 2000 13:16:25 +0200
Mark Wooding wrote:
>
> tomstd <[EMAIL PROTECTED]> wrote:
>
> > Among many BBS is thought to be a prng that is as secure as at least
> > factoring the associated modulus. However... nobody really knows
> > anything about the generated bits or the period of them.
>
> Predicting the output of a BBS generator mod n is proven to be as
> difficult as deciding quadratic residuosity mod n. If the period is
> short enough for you to traverse a cycle, you'll be able to predict the
> generator's output. Hence, traversing a cycle is at least as hard as
> deciding quadratic residuosity. QED.
Note nonetheless the ongoing discussions in the thread
'OTP using BBS generator?'.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: OTP using BBS generator?
Date: Thu, 10 Aug 2000 13:20:33 +0200
Tim Tyler wrote:
>
> Even /after/ any surgery to remove short cycles, the BBS is never going to
> become "absolutely secure" - and we will still be able to make it stronger
> by "our own action".
See my follow-up, posted 11:05 today, for sources of doubt.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: I need lots of help
Date: Thu, 10 Aug 2000 15:15:02 +0400
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Hi!
<p>I'm new to this entire thing... including newsgroups. I
would like to know the basics of encryption and decryption eg:- what alagorithims
are, the frequency of the letters in the english language etc.
<p>I'm reaching the end of my summer holidays, and would like to write
a program to encode inputed text. What is a basic equation for encoding
text? Also, can anyone supply a more advanced equation?
<p>Rameses</html>
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 10 Aug 2000 11:29:50 GMT
In sci.crypt, [EMAIL PROTECTED] wrote:
>Here's a different viewpoint.
It certainly is that!
>I think all the crypto-books are wrong.
A bit of advice: whenever you come to the conclusion that
all of the books are wrong, try to think of another explanation
for why it is you might have arrived at that conclusion.
>One-time pad is only secure
While you are at it, pay attention to the definitions of words.
OTP, for example, is provably insecure against the "point a gun
at the sender and politely ask him for the key" class of attacks.
You should have specified that you meant secure against being
decoded by cryptanalysis.
>based on the assumption that random numbers do exist.
...Close... ...so very close... Actually, OTP is secure against
being decoded by cryptanalysis if the numbers are unpredictable,
which is a weaker claim than random. For example, chaotic
systems are often unpredictable without being at all random.
>But can you prove that random numbers really exist? No.
Yes.
>Can you generate truly random numbers? No.
Maybe, or maybe not, but I sure can generate unpredictable numbers,
and that's good enough.
>It's like 1/x tends to zero but you'll never get zero, if you use
>enough bytes to hold the number.
Once you exceed the number of quantum states of all of the quantum
particles within your particular universe, you do hit the theoretical
limit that pure math says that you can only approach.
>One-time pad is only computationally secure, no difference than any
>other systems. The key-generating process may be duplicated, if not
>exactly, to some probability. And because the key is so long, getting
>at least a portion of the key right will be easier than in systems with
>a shorter key.
If you think about it for a moment, you will realize that you
can get at least a portion of both the key and the plaintext right
weeks before the plaintext is written or the random numbers are
generated! In fact, I can prove that a brute force search of all
possible one time pads of all possible lengths will reveal not only
the plaintext of the OTP encrypted message, but also the plaintext
of every message that has ever been sent or ever will be sent under
any cipher. Ask any crypto expert and they will tell you that I am
right about this. I will leave the full implications of this fact
for you to figure out...
>Get the picture? You can duplicate the key-generating parameters:
>computer model, OS, PRNG, date, time, location, hardware, software,
>room temperature, humidity, magnetic field... The list goes on and on.
Not only that, but you will get the Nobel Prize in Physics for
disproving Werner Heisenberg's Uncertainty Principle, resolving
the Einstein-Podolsky-Rosen Paradox, and refuting Edward Lorenz's
Chaos theory.
>Then the longer the key, the higher possibility that you'll get
>something right.
Too bad the probability that you will get something else wrong
gets higher faster, and the probability that you will be able
to tell the part you got right from the part you got wrong
remains exactly zero.
===============================
I rather *HIGHLY* recommend that you read the following web pages:
http://photon.bu.edu/jaeger/epr.html
http://plato.stanford.edu/entries/physics-Rpcc/#11
http://plato.stanford.edu/entries/qt-measurement/
http://www.duke.edu/~mjd/chaos/chaos.html
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Thu, 10 Aug 2000 13:47:17 +0200
Mike Calder wrote:
>
[snip]
> I won't even start on how we can assess how well a given physical
> process stacks up against a PRNG or how either do against the
> statistical tests, except to say that if either gave a perfect result
> I'd be very suspicious. (We expect a degree of divergence from
> statistical purity particularly with small sets - does this imply that a
> truly random sequence contains a degree of predictability? Should a
> long random sequence contain significantly long subsequences of relative
> predictability? What *is* the smallest uninteresting number?)
>
> "Randomness" is a property that emerges with increased size of sample
> and is only complete at infinity. Is it a chimaera? I'm beginning to
> suspect so.
>
> We demand rigidly defined limits of doubt and uncertainty.
For the practical minded, the problem is never grave. In
particular, for crypto applications, much is in reality
involved with subjective evaluations. But when a 'theoretician'
comes, then you are, by definition, immediately OUT. Alas,
what is TRUTH? What is CONSCIOUSNESS? Have generations and
generations of philosophers been able to give the truly
right answers after millenniums of efforts and debates?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: OTP using BBS generator?
Date: 10 Aug 2000 11:36:58 GMT
Mok-Kong Shen wrote:
>a very rare chance happending but could well be the tip of an iceberg.
Hmmm. Those very rare chances again. Sort of like the very rare but
nonzero chance that your hardware RNG might randomly put out a couple
of million zeros in a row and thus turn your one time pad into sending
the plaintext in the clear...
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Physical RNG
Date: 10 Aug 2000 11:40:33 GMT
Joseph Ashwood wrote:
>
>
>You can do a whole hell of a lot better than that piece of
>crap that Szopa is trying to sell again. He's a dumber than
>average troll. His crap not only fails just about every
>known test, he can't figure out anything without someone
>else's help, he didn't realize you asked for hardware as
>opposed to crap^H^H^H^Hsoftware. So to summarize; Szopa is
>an idiot, and you don't want his stuff.
> Joe
Joe, you worry me. You can't just go on bottling up your
opinions like this. If you disagree with Szopa, just come
right out and say it plainly withoutb mincing words!
Go on, tell us what you *really* think instead of just
dropping hints.
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Crossposted-To: alt.security.pgp
Subject: Re: Random Number Generator
Date: Thu, 10 Aug 2000 13:43:23 +0200
<[EMAIL PROTECTED]> wrote:
> Alex Random Number Generator
>
> The objective of this algorithm is to map finite
> key/seed to an infinite sequence of random bytes.
> The implementation has following characteristics:
>
> - 16 byte Key/Seed
> - 57% Avalanche Effect
> - 760Kbyte/sec performance
> - 64 Kbyte generated random string shows Null ZIP
> compression
> - The probability to find in random sequence 0/1
> value bits is exactly 50%
>
> Randomness factors
> - lose overflow bit by addition
> - lose overflow byte by multiplication
>
> Algorithm description, source code and EXE
> can be found and download at
>
> www.alex-encryption.de
You should have sent this one to sci.scrypt (I've x-posted it there).
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---���---���-----------------------------------------------���---���---
\O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
Date: Thu, 10 Aug 2000 13:48:09 +0200
From: Michael Schmidt <[EMAIL PROTECTED]>
Subject: Blind Signatures & DH
Hi,
David Chaum describes in his 1982 paper
"Blind Signatures for Untraceable Payments",
Advances in Cryptology: Proceedings of CRYPTO '82,
Plenum, NY, 1983, pp. 109-203
how digital signatures can be made through the signing party without
having a chance to see the contents of the message.
The technique used for this is a digital multiplication , which is
mathematically commutative to the digital signature function.
Now my question:
I've seen an implementation that works with an RSA-based signature
function and a corresponding multiplication function.
Is blinding of signatures also possible with DH or ECC signature
functions? Any references/pointers?
Thanks,
Michael
--
===================================================
Michael Schmidt
===================================================
Institute for Data Communications Systems
University of Siegen, Germany
www.nue.et-inf.uni-siegen.de
===================================================
The 'Thin Client Security Homepage':
www.nue.et-inf.uni-siegen.de/~schmidt/tcsecurity/
===================================================
http: www.nue.et-inf.uni-siegen.de/~schmidt
e-mail: [EMAIL PROTECTED]
phone: +49 271 740-2332 fax: +49 271 740-2536
mobile: +49 173 3789349
===================================================
### Siegen - The Arctic Rain Forest ###
===================================================
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 10 Aug 2000 11:48:56 GMT
Mike Calder wrote:
>It may be unpredictable, but does that make it random?
For use as the key in a one time pad, isn't unpredictable good enough?
------------------------------
From: [EMAIL PROTECTED] (fvw)
Subject: Re: 1-time pad is not secure...
Reply-To: [EMAIL PROTECTED]
Date: Thu, 10 Aug 2000 12:21:13 GMT
<8mu3ne$[EMAIL PROTECTED]> ([EMAIL PROTECTED]):
>OTP, for example, is provably insecure against the "point a gun
>at the sender and politely ask him for the key" class of attacks.
Actually, it's secure against that too. You can give them whatever
plaintext you like by modifying your key. That's part of the reason
why they're so loved.
--
Frank v Waveren
[EMAIL PROTECTED]
ICQ# 10074100
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Discret Logarithm
Date: Thu, 10 Aug 2000 12:30:54 GMT
Hi Bob,
What you mean with 'restate the problem'?
What kind of another problem you see in my consideration?
Thanks.
Alex.
In article <8mpba2$559$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <8mm01k$n2t$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > Generalised Discret Logarithm Problem
> >
> > Given a finite cyclic group G of the order n, a generator a of G,
> > and an element b of G find an integer x, 0 =< x =< n-1, such that
> > a^x = b.
> > Proposed solution can be found at
> >
> > www.alex-encryption.de
>
> Huh? I looked. You don't SOLVE anything. All you do is
> restate the problem.
>
> --
> Bob Silverman
> "You can lead a horse's ass to knowledge, but you can't make him
think"
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Discret Logarithm
Date: Thu, 10 Aug 2000 12:32:12 GMT
Hi Norbert,
What do you mean with 'restate the problem'?
What kind of another problem do you see in my consideration?
Thanks.
Alex.
In article <[EMAIL PROTECTED]>,
Norbert Goeb <[EMAIL PROTECTED]> wrote:
> Am Mon, 07 Aug 2000 hat [EMAIL PROTECTED] geschrieben:
> >Generalised Discret Logarithm Problem
> >
> >Given a finite cyclic group G of the order n, a generator a of G,
> >and an element b of G find an integer x, 0 =< x =< n-1, such that
> > a^x = b.
> >Proposed solution can be found at
> >
> >www.alex-encryption.de
> >
>
> Well, it's not a solution, actually, but a restatement of the problem.
>
> Norbert.
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: haifeng <[EMAIL PROTECTED]>
Subject: jkauffman wrote: Re: How can I do "certificate validation" in C?
Date: Thu, 10 Aug 2000 15:51:49 +0300
Hello,
Thanks you for your email and reply.
I think it isnot simple to me. I havenot idea about it.
How its begining? do you have any simple code or example in C or C++?
BTW, how about your email address? I tried to send some emails to you. but it doesnot
work. :(
Thanks.
HF:)
jkauffman wrote:
> > Hello
> > who knows some knowledge about x509v3, CA?
> > How can I do "certificate validation" in C or C++?
> > it include "signed, integrity, validity....."
> > You know "Version 3 certificate structure". It has
> > version , serial
> > number, signature,issuer, validity, ......
> > Thanks.
> > HF:)
>
> to do 'certificate validation' you need to:
>
> 1) Know how ASN.1 works
> 2) Know the format of an X.509 certificate
> 3) Implement the appropriate hash/pk algorithms
> 4) Parse the cert and verify the signature
>
> simple, eh?
> I'd stringly advise using some ready made library, there
> must be some around.
>
> * Sent from AltaVista http://www.altavista.com Where you can also find related Web
>Pages, Images, Audios, Videos, News, and Shopping. Smart is Beautiful
------------------------------
From: Thomas Kellar <[EMAIL PROTECTED]>
Subject: Destruction of CDs
Date: Thu, 10 Aug 2000 08:55:57 -0400
There was a thread on this topic a couple of weeks ago.
I received an advertisement for a device that shreds
CDs. If anyone is interested the company name/address is
Schleicher & Co. of America, Inc.
5715 Clyde Rhyne Dr.
Sanford, NC 27330-9909
ph: 1 800 775 7570 email: [EMAIL PROTECTED]
They claim their "501 CD shredder" can eliminate 800 to
1200 CDs or credit cards per hour.
A disinterested party. (Actually uninterested, I would burn them
myself.)
Thomas
--
w8twk Freelance Systems Programming http://www.fsp.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
