Cryptography-Digest Digest #417, Volume #12 Fri, 11 Aug 00 13:13:00 EDT
Contents:
Re: The quick brown fox... (MagiconInc)
Re: 1-time pad is not secure... (Future Beacon)
Re: Knowing when you've cracked an encryption (JPeschel)
Re: EGD based on Yarrow for Windows?? ("Douglas A. Gwyn")
Re: Random Number Generator (Mark Wooding)
Re: Not really random numbers (James Felling)
Re: Best AES candidates ?? (DJohn37050)
Re: idear for new cipher (Mark Wooding)
Re: 1-time pad is not secure... ("Tumbleweed")
Re: 1-time pad is not secure... ("Tumbleweed")
Re: Destruction of CDs ("Wesley H. Horton")
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
Re: Destruction of CDs ("Wesley H. Horton")
Re: idear for new cipher (tomstd)
Re: 1-time pad is not secure... (Guy Macon)
Re: 1-time pad is not secure... (Guy Macon)
Re: 1-time pad is not secure... (Guy Macon)
Re: chap authentication scheme? (Bill Unruh)
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
Re: Secure Operating Systems ("Douglas A. Gwyn")
Re: Knowing when you've cracked an encryption ("Douglas A. Gwyn")
Re: idear for new cipher ("Douglas A. Gwyn")
Re: Random Number Generator ("Douglas A. Gwyn")
Re: 1-time pad is not secure... (jkauffman)
Re: 1-time pad is not secure... (Guy Macon)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (MagiconInc)
Date: 11 Aug 2000 15:00:14 GMT
Subject: Re: The quick brown fox...
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED]
(wtshaw) wrote:
> Requiring the whole alphabet, does anyone know of other alternatives,
> perhaps shorter ones and with no increase in nonsense content?
My favourite is:
How quickly daft jumping zebras vex
Paul Magnussen
Magicon Inc.
Making software simpler
------------------------------
From: Future Beacon <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 11 Aug 2000 11:06:03 -0400
On Fri, 11 Aug 2000, CMan wrote:
> Ok, here is absolutely THE LAST WORD on one time pads:
>
> "poMpYoihj"
>
> There...
>
> JK
Understood.
Jim Trek
Future Beacon Technology
http://eznet.net/~progress
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 11 Aug 2000 15:11:51 GMT
Subject: Re: Knowing when you've cracked an encryption
Roadkill [EMAIL PROTECTED] writes:
>Davic Barber wrote:
>>
>> A problem I never see discussed is: How do you know when you've
>successfully
>> cracked an encryption?
>
>An answer I have not seen in the replies so far (on my news server) is
>that e.g. PGP *knows* when you have entered an incorrect pass phrase. In
>version 2.x it has a 16 bit checksum inside the cyphertext to determin
>this. 16 bits is not much, but allows you to discard 99.998% of the
>possible plain texts.
You probably haven't seen a reply like yours because the
original poster gave the example of brute-forcing a cipher
"in one of these cracking contests." Most contests of the
sort I think he has in mind offer only ciphertext, maybe some
known plaintext, but no passsword check.
But you're right: PGP and other programs are capable of checking
for the correct password or phrase. Dictionary-based PGP and other
crackers take advantage of the password checking
mechanism. Of course, if the password or phrase isn't in
the dictionary, the attack will fail.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: EGD based on Yarrow for Windows??
Date: Fri, 11 Aug 2000 14:35:02 GMT
> Ok, how about something written in C and is not perl based, and includes
> sourcecode
You sure are fussy. You could convert the Perl to C, or
try the LINUX /dev/random source. Probably that would need
major modification to fit your application.
Anyway, I'm not aware of any of these that are really good.
They all seem to just hash the uncertain amount of entropy
and parcel out some fraction of the resulting bits, hoping
that they don't hand out more bits than are justified.
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Random Number Generator
Date: 11 Aug 2000 15:23:19 GMT
Jerry Coffin <[EMAIL PROTECTED]> wrote:
> You PRNG fails some of the FIPS 140-2 tests fairly regularly. It
> fails quite a few of the DieHard tests very consistently. Your PRNG
> is clearly NOT suitable for cryptographic use.
This is unfortunate. I have a better linear congruential generator! It
passes FIPS140-1 and Maurer tests, and scrapes through Diehard. I've
not updated my suite from the FIPS140-2 draft yet.
[For reference, the generator is x_{i+1} = (a x_i + c) mod p, where
a = 314159265, c = 271828183 and p = 4294967291. I chose p = 2^{32} - 5
as the largest prime which fitted into a 32-bit integer. I chose a and
c for their similarities to the decimal expansions of pi and e, with the
additional requirement that a be primitive mod p. There is a `bad
seed', 3223959250, which is the only fixed point; all other elements are
on the same cycle.]
-- [mdw]
------------------------------
From: James Felling <[EMAIL PROTECTED]>
Subject: Re: Not really random numbers
Date: Fri, 11 Aug 2000 10:29:25 -0500
Anthony Stephen Szopa wrote:
> Jamie wrote:
> >
> > In the UK pre-Pay phone cards are big business... you buy a card, reveal a
> > number, key the number to a phone system and you have so much talk time. I
> > am working on an application in a simmilar field...and ofcourse the issue of
> > generating these numbers has come up once again. I need ideas for a number
> > generator that satisfy the following contidions:
> >
> > 1 The magnitude of the generated numbers can be specified, 2^30, 2^35,
> > 2^40... 2^90
> >
> > 2 The period must be greater then 2^^20
> > (So numbers generated dont repeat)
> >
> > 3a Given a short fragment of the sequence it must be difficult to deduce the
> > next number in sequence
> > 3b Given one number it must be unlikely that another number is both close in
> > value and close in position in the sequence
> > (vague but I guess I mean that a "hacker" wont succed randomly guessing the
> > next number)
> >
> > 4 The sequence must be re-startable.
> >
> > 5 No need for an even distribution or anything like that.
> >
> > My starting point was an algorithm like
> >
> > Nn+1=(P1*Nn+P2) mod P3
> >
> > P1,2,3 are primes P3 determining the magnitude of the numbers generated
> >
> > Nn+1 the next number in the sequence
> >
> > But this seems to be full of holes.
> >
> > any ideas on an algo ?
>
> Go to http://www.ciphile.com and download OAR-L3: Original
> Absolutely Random - Level3 random number generator shareware
> software.
>
> Go to the Downloads Currently Available web page and download the
> software directly. You will be able to generate more random numbers
> than you could conceivably ever need.
>
> If used according to recommendations there is practicably no chance
> anyone will be able to duplicate your random numbers.
>
> If you think you could use this software commercially, email me.
>
> A.S.
Unless you have a desire for keysetup to take a truly ridiculous amount of time (
realisticly obtaining a the level of internal randomness you desire is possible,
but this will take aproximately 1/2 to 1 full hour of your time per keysetup)
OAP/OAR are not worth your while, and are in all probability slower than an
optimized BBS generator.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Best AES candidates ??
Date: 11 Aug 2000 15:30:31 GMT
Wrong. They have always be very careful to say there many be multiple winners.
Many people have misheard them.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: idear for new cipher
Date: 11 Aug 2000 15:31:00 GMT
tomstd <[EMAIL PROTECTED]> wrote:
> What about making a cipher that uses multiplication in GF(2)^64
> (I forget is that GF(2^64) or what?) since addition is xor
> (pxor) and multiplication is just shifting and xoring...
GF(2)^64 is the set of column vectors with 64 elements chosen from
GF(2). GF(2^64) is the field with 2^64 elements.
Confusingly, both GF(2)^64 and GF(2^64) have the same number of
elements, and indeed GF(2^64) can be viewed as a vector space over
GF(2).
Easy way to remember: GF(q) is the field with q elements.
> we can use a round function like
>
> F(x) = a.x + b, a != 0
Err... This is *linear*! You're not going to get terribly good
decorrelation with that.
-- [mdw]
------------------------------
From: "Tumbleweed" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 11 Aug 2000 16:27:37 +0100
Mike Andrews <[EMAIL PROTECTED]> wrote in message
news:nmDk5.13358$[EMAIL PROTECTED]...
> Scripsit Tumbleweed <[EMAIL PROTECTED]>:
>
> : I have even read that Newton
> : made a statement (not that I could point to a source) that not all
events
> : are predicable in detail simply because some bodies will have velocities
> : measured as an irrational numbers, and therefore can only be computed to
a
> : particular but not perfect detail. I wonder how it arose in the first
place
> : since the maths around at Newton's time was enough to disprove this,
wasn't
> : it?
>
> What makes you think that Newton's statement is incorrect?
>
perhaps I wasnt clear enough, Newtons statement was correct, events cannot
be predicted with perfect knowledge..
However, in spite of his showing this, a general assumption still arose that
with 'perfect' knowledge of all particles and their places and velocities,
one could calculate where they would later end up, with absolute precision.
And it was only with Heisenberg and later chaos theory that many people
questioned it, even though there was never any mathematical basis for
believing so and nothing in Newtons work, except at a very superficial
level, to suggest the 'clockwork' universe.
Joe
------------------------------
From: "Tumbleweed" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 11 Aug 2000 16:32:59 +0100
--
"To think that I joined a religious cult for mindless happiness
when I had beer all along". - Homer Simpson
Sander Vesik <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tumbleweed <[EMAIL PROTECTED]> wrote:
>
> > It should have been dead before Heisenberg, I have even read that Newton
> > made a statement (not that I could point to a source) that not all
events
> > are predicable in detail simply because some bodies will have velocities
> > measured as an irrational numbers, and therefore can only be computed to
a
> > particular but not perfect detail. I wonder how it arose in the first
place
> > since the maths around at Newton's time was enough to disprove this,
wasn't
> > it?
>
> Why would irrational numbers matter? You would just carry out all
> intermediate computations symbolically and then compute to arbitrary
> precision?
Because arbitrary isnt good enough. You need to compute to absolute
precision to get a perfect answer. Which will will take an infinite amount
of time and is therefore impossible.
> Remember, Newton lived in "pre-chaos" world.
Didnt matter, even he realised that absolute precision wasnt attainable.
>
> > Joe
>
>
>
> --
> Sander
>
> FLW: "I can banish that demon"
------------------------------
From: "Wesley H. Horton" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Destruction of CDs
Date: Fri, 11 Aug 2000 10:43:00 -0500
Just between you and I Dave, Human bodies do not totally decompose in
acid, or strong bases either.
Regards,
Wesley Horton
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 11 Aug 2000 14:47:17 GMT
Tim Tyler wrote:
> ... Even if there *were* fundamentally random processes in
> basic physics = which is far from proven - that would be
> unlikely to make building a "true" random number generator
> possible.
Actually it is about as "proven" as anything we know about
the physical world. If somebody were able to make more
detailed predictions of fundamental phenomena, snooping on
communications would be the most trivial use of that power.
And in fact there *are* random bitstream generators based
on fundamentally random physical processes.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 11 Aug 2000 14:50:56 GMT
Jerry Coffin wrote:
> Finally, there are well-known methods of removing systematic bias
> from a source in any case. When using a physical source of random
> input, there's certainly nothing that says you can't process it to
> ensure that what you're getting really is random and free of
> predictability (e.g. introduced by measuring equipment).
Indeed, it wouldn't even occur to me to do otherwise.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 11 Aug 2000 14:49:24 GMT
Tim Tyler wrote:
> Time between radioactive decays /may/ be random - or it may not be.
> Without vertain access to a complete theory of physics nobody knows.
Actually, we do know.
> ...but this is beside the point - even *if* such a random process were
> available, there's no way of measuring it without using a detector
> which is potentially subject to non-random environmental interference.
Actually, I measured this stuff all the time as a grad student.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 11 Aug 2000 14:59:34 GMT
Joseph Ashwood wrote:
> ... there have been proofs that make progress, for example Kosmogrov
> proved that you cannot determine whether or not a stream is truly random
> based on the stream, it must be proven from the generator.
It was always pretty obvious that for a given observed finite
sample of a bit stream, one could specify a deterministic
generator that would produce that bit stream. That's why we
need to be more careful when talking about "random numbers";
what is really relevant is "(output of a) random process".
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 11 Aug 2000 14:55:35 GMT
Tim Tyler wrote:
> Even a /tiny/ bias - of the type expected with casino dice - may be
> sufficient to leak information:
An upper bound on the probability of successful recovery of
plaintext (given PT and OTP-key-bias characteristics) can be
computed using methods of information statistics. If that
is sufficiently low, then the bias doesn't matter.
------------------------------
From: "Wesley H. Horton" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Destruction of CDs
Date: Fri, 11 Aug 2000 10:53:13 -0500
I think the following method would be reasonably safe . . .
1. Grind disk into fine (sand size) bits,
2. Mix with Fish food,
3. Feed to Fish and watch grow . . .(Hello, fellow partially digested
fish!)
4. Feed Fish to Cat
5. Feed Cat to Bigger cat and cat to Polar Bear
6. Collect all Cat dung, feed to dog
7. Take dog to pound in Philedelphia
8. Place Large Cat, and Fish Tank in large hole with Thermonuclear
detonator.
9. Dissassemble grinder used to destroy CD in First place,
10. Send parts to be recycled in 14 different cities,
11. Activate Thermonuclear detonator, Burn Down house. Destroy computer.
12. Oh, hell, what was the question?
Regards,
Wesley Horton
------------------------------
Subject: Re: idear for new cipher
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 11 Aug 2000 08:54:48 -0700
[EMAIL PROTECTED] (Mark Wooding) wrote:
>tomstd <[EMAIL PROTECTED]> wrote:
>
>> What about making a cipher that uses multiplication in GF(2)
^64
>> (I forget is that GF(2^64) or what?) since addition is xor
>> (pxor) and multiplication is just shifting and xoring...
>
>GF(2)^64 is the set of column vectors with 64 elements chosen
from
>GF(2). GF(2^64) is the field with 2^64 elements.
>
>Confusingly, both GF(2)^64 and GF(2^64) have the same number of
>elements, and indeed GF(2^64) can be viewed as a vector space
over
>GF(2).
>
>Easy way to remember: GF(q) is the field with q elements.
>
>> we can use a round function like
>>
>> F(x) = a.x + b, a != 0
>
>Err... This is *linear*! You're not going to get terribly good
>decorrelation with that.
I meant do
F(x) a.x + b mod p
Where p is a primitive polynomial of deg 64.
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 11 Aug 2000 16:08:55 GMT
Tim Tyler wrote:
>
>fvw <[EMAIL PROTECTED]> wrote:
>: <8mth1u$vpt$[EMAIL PROTECTED]> ([EMAIL PROTECTED]):
>
>:>Can you generate truely random numbers? No.
>
>: yes. time between radioactive decays for instance is a
>: textbook example of a perfect random generator.
>
>No such thing as a perfect random number generator has ever been created.
>
>Time between radioactive decays /may/ be random - or it may not be.
>Without vertain access to a complete theory of physics nobody knows.
>...but this is beside the point - even *if* such a random process were
>available, there's no way of measuring it without using a detector
>which is potentially subject to non-random environmental interference.
Seking as someone who does this king of measuring for a living, I can
with confidence set an upper bound for such non-random environmental
interference. First we get rid of all noise effects by measuring the
time between radioactive decays and keeping everything digital.
Now we are left with timing errors only (jitter). Our ability to
measure time happens to be far, far more accuarate and precise than
our ability to measure any other physical parameter. Cesium clocks
have an accuracy of 2 or 3 parts in 10 to the 14th, i.e. 0.0002 Hz;
this corresponds to a time measurement accuracy of 2 nanoseconds per
day or one second in 1,400,000 years. With this accuracy, and with
a digitizing rate of 4,596,315,885 Hz, (half the Cesnium clock freq)
The maximum amount of non-random environmental interference is very
small indeed - not perfect, but far lower than needed to be of any use
in decrypting an OTP encrypted message. You can, of course, always
win this sort of argument by demanding that anyone who disagrees
prove perfect randomness and perfect knowledge of all poosible causes
of interference. True but not interesting.
>: a 100 byte message encrypted with a OTP would have would have
>: 2^800 keys, meaning all possible messages could be 'bruteforced'
>: from that plaintext. Even with a prng, all possible plaintexts
>: are possible [...]
>
>With a 100 byte message? Unlikely - unless the PRNG has a comparable seed
>size.
He shouldn't have thrown a comment about Psuedo Random Number Generators
into this. OTPs by definition must use RNGs, not PRNGs.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 11 Aug 2000 16:12:16 GMT
Tim Tyler wrote:
>
>Guy Macon <[EMAIL PROTECTED]> wrote:
>
>: Actually, oddly enough, what I learned in Seminary explains why we
>: keep seeing this idea much better than anything I ever learned in
>: a Physics class.
>
>: There is a branch of theology that seems to be influencing people
>: who don't know the root source of the ideas they hold. [...]
>
>: Alas, by this time enough people were infected with the "no randomness"
>: meme that it became a self-sustaining memeplex which attempts to
>: propagate into sci.crypt on a regular basis.
>
>Save your psychoanalysis until you have a "perfect" random number
>generator which you can demonstrate has the property in question.
Please learn the difference between psychoanalysis and memetics.
I stand by my asessment.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 11 Aug 2000 16:14:45 GMT
Tim Tyler wrote:
>
>John Savard <[EMAIL PROTECTED]> wrote:
>: On Thu, 10 Aug 2000 06:11:11 GMT, [EMAIL PROTECTED] wrote, in part:
>
>:>One-time pad is only computationally secure, no difference than any
>:>other systems. The key-generating process may be duplicated, if not
>:>exactly, to some probability.
>
>: If the key is produced by, for example, rolling dice by hand, I am not
>: exactly sure how one would even begin attempting to 'duplicate' the
>: key generation process in order to arrive at the same, or a similar,
>: sequence of numbers.
>
>A similar sequence of numbers may not be necessary - only that the key
>may be duplicated "to some probability".
>
>Even a /tiny/ bias - of the type expected with casino dice - may be
>sufficient to leak information:
>
>You should be able to reject the possibility that the cyphertext
>represents a given plaintext with a high level of confidence - even if the
>bias in the OTP is very small - provided with a large enough message.
>
>This is a leak.
If you calculate "large enough" and it comes out larger than the total
amount of information that our universe can hold, this is not a leak.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: chap authentication scheme?
Date: 11 Aug 2000 16:17:52 GMT
In <[EMAIL PROTECTED]> Thomas Wu <[EMAIL PROTECTED]> writes:
>All password-based protocols have the same issue - if you steal the server's
>secret(s), you can distinguish valid clients from invalid clients. This
>means you can do dictionary attacks. Your proposal is equally "vulnerable"
>to this attack. SRP is better because it protects against an intruder
>eavesdropping and/or manipulating the messages between client/server.
Agreed. And it would be much nicer to have something like SRP. However,
what I am trying to do is to squeeze as much as I can into a restricted
protocol. Ie, the server issues the challenge and the client responds.
The only thing that this can authenticate is client to server-- no two
way. What I want to protect against is the cleartext transmission of
passwords, and the cleartext storing of passwords on the server. Any
additional protections are of course an extra bonus.
I also realised that some of my descriptions have not even themselved
complied with that requirement. Namely they have implicitely assumed
that the server already knowns who the client is. That is not true of
the chap protocol. Thus, the g used would either have to be a universal
protocol, or would have to be something already known to the user. Thus
my second protocol, where g is the username, and the term used in the
protocol is some hash of g (say MD5(g)) This provides the same
protection against duplicate passwords being stored as duplicate in the
database, but uses something both know as the generator.
>> ]> Does knowing g^x modN and g^xps modN for multiple (unknown) x help to find ps?
>This is just the discrete log problem (find y given h and h^y, where
>h=g^x and y=ps, all mod N). While it is believed to be difficult to find
>y if it contains too much entropy to be brute-forced, small-entropy y
>allow for exhaustive guessing attacks, as I alluded to in an earlier
>post.
>--
Not quite. It is the discrete log problem but with knowing the
exponential with different generators. g^x=y, solve for x is the
discrete log. Here we have (g')^x=y' for many different g' but the same
x. Does knowing y' for may different g' help find x?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 11 Aug 2000 15:03:44 GMT
[EMAIL PROTECTED] wrote:
> What seems impossible now will be possible to your grandchildren. So
> you think nothing can go faster than light? Well keeping watching...
The speed-of-light limit is not guesswork based on incomplete
understanding; it is inherent in the very structure of our
universe. "Light" happens to be a phenomenon that propagates
with that speed, but the speed limit itself has nothing to do
with light.
And yes, I know about "tachyons" -- in 1970 I wrote a paper
showing that tachyons are actually tardyons being perversely
interpreted. (Couldn't get the paper published, however.)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Secure Operating Systems
Date: Fri, 11 Aug 2000 15:26:30 GMT
Greggy wrote:
> I always thought that a secured OS is an oxymoron...
No, there have been some, but for various reasons they
tend not to be very practical. It is much simpler to
operate "system high" with a non-MLS system.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Knowing when you've cracked an encryption
Date: Fri, 11 Aug 2000 15:18:14 GMT
"David C. Barber" wrote:
> Seems to me that you might well spend more time on the analysis of the
> result to determine if you've decrypted it properly, then on each decryption
> iteration.
Nah. For example, if the PT is known to be ASCII, just test
whether any octet's high-order bit is set. With hardware,
that is *very* speedy. Any putative PT passing that quick
test can be sent off to some slower processor for further
testing.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: idear for new cipher
Date: Fri, 11 Aug 2000 15:24:50 GMT
tomstd wrote:
> Since newer computers are swinging to 64-bit registers it seems
> like a good idea to use them but our i86 friends don't have 64-
> bit registers? or do they? Hmm well the MMX registers look
> pretty neato but we can't do Z math in them... oh well what
> about GF math? yuppers..
The forthcoming IA64, which is expected to replace x86 eventually
(at least in high-end servers), has direct support for 64-bit
arithmetic, but it isn't terribly hard to support 64-bit arithmetic
even on a 32-bit architecture. PK crypto in fact requires much
wider integers than that, and there are several implementations
of such "bignum" multiple-precision arithmetic, most of them
containing specially tuned assembly language for x86.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Random Number Generator
Date: Fri, 11 Aug 2000 15:27:17 GMT
[EMAIL PROTECTED] wrote:
> > >- 57% Avalanche Effect
> > Avalanche of what?
> If only one bit of key/seed is changed this produces
> 57% changed bits in random sequence.
Yuck, it ought to be 50%.
------------------------------
From: jkauffman <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 11 Aug 2000 10:11:35 -0700
In article <[EMAIL PROTECTED]>, "Douglas A.
Gwyn" <[EMAIL PROTECTED]> wrote:
> Tim Tyler wrote:
> > Time between radioactive decays /may/ be random - or
> it may not be.
> > Without vertain access to a complete theory of
> physics nobody knows.
> Actually, we do know.
Steady on. I think it's very dangerous to assume that a
scientific theory, or the interpretations of it, can be
judged to be absolute fact - even if we are talking about a
theory as well tested as QM. Future research may show the
apparent randomness in QM to be explainable in terms of
hidden variables, we don't 'know', we're just pretty sure.
> > ...but this is beside the point - even *if* such a
> random process were
> > available, there's no way of measuring it without
> using a detector
> > which is potentially subject to non-random
> environmental interference.
> Actually, I measured this stuff all the time as a grad
> student.
and your measuring equipment was absolutely perfect,
measured the underlying phenomenon to arbitrary precision,
and introduced no bias to the results due to manufacturing
imperfections whatsoever?
* Sent from AltaVista http://www.altavista.com Where you can also find related Web
Pages, Images, Audios, Videos, News, and Shopping. Smart is Beautiful
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 11 Aug 2000 16:24:24 GMT
Douglas A. Gwyn wrote:
>
>
>[EMAIL PROTECTED] wrote:
>> What seems impossible now will be possible to your grandchildren. So
>> you think nothing can go faster than light? Well keeping watching...
>
>The speed-of-light limit is not guesswork based on incomplete
>understanding; it is inherent in the very structure of our
>universe. "Light" happens to be a phenomenon that propagates
>with that speed, but the speed limit itself has nothing to do
>with light.
>
>And yes, I know about "tachyons" -- in 1970 I wrote a paper
>showing that tachyons are actually tardyons being perversely
>interpreted. (Couldn't get the paper published, however.)
So why haven't you published it yourself on the Internet?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
