Cryptography-Digest Digest #421, Volume #12 Fri, 11 Aug 00 20:13:00 EDT
Contents:
Re: Huge S-boxes! (James Pate Williams, Jr.)
Re: IDEA's current security (David A. Wagner)
Re: Explain S-boxes please (SCOTT19U.ZIP_GUY)
Re: Steganography (John Bailey)
Re: Huge S-boxes! (James Pate Williams, Jr.)
Re: 1-time pad is not secure... (fvw)
Re: Copyright isue - SERPENT ("Tor Rustad")
Re: 1-time pad is not secure... (Mickey McInnis)
Re: 1-time pad is not secure... (fvw)
Re: 1-time pad is not secure... (Mickey McInnis)
Re: idear for new cipher (Mark Wooding)
Re: idear for new cipher (tomstd)
Re: idear for new cipher (tomstd)
Re: Explain S-boxes please (tomstd)
Re: obtaining RSA intemediate variables (tomstd)
Re: chap authentication scheme? (David Hopwood)
Re: Explain S-boxes please ("Joseph Ashwood")
Re: BBS and the lack of proof (Mark Wooding)
AES block cipher lounge (Lars Ramkilde Knudsen)
Re: 1-time pad is not secure... (dbt)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: Huge S-boxes!
Date: Fri, 11 Aug 2000 21:28:42 GMT
On Fri, 11 Aug 2000 13:04:28 -0700, Simon Johnson
<[EMAIL PROTECTED]> wrote:
>PS. Suggestions for books which cover Linear and Differential
>would be welcomed.
Differential cryptanalysis of DES is discussed in _Crytptography:
Theory and Practice_ by Douglas R. Stinson Section 3.6
"Differential Cryptanalysis pages 89 - 109. I have source code
for d.e. of 3 and 4 round DES which is available to citizens of the
United States currently residing in the United States. If you fulfill
the requirements and want the code then e-mail me at the address
below requesting dc3.c and/or dc4.c MIME or UUencoded
attachments only, please specify the encoding also.
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: IDEA's current security
Date: 11 Aug 2000 13:27:16 -0700
Runu Knips <[EMAIL PROTECTED]> wrote:
> "David A. Wagner" wrote:
> > Runu Knips <[EMAIL PROTECTED]> wrote:
> > > There is not much cryptanalysis of Twofish around, for example.
>
> > Oh, I don't know about that. I know you were just trying to pick a
> > random example, but I suspect you could have picked a better example. :-)
>
> Well I've just read the final comments of the Twofish team:
> "Moreover, Twofish is the AES candidate with
> the fewest published attacks: not because people have not tried to
> cryptanalyse Twofish, but because they have not found anything worth
> publishing."
That's compatible with what I wrote. The AES candidates have received
exceptionally intense scrutiny over the past couple of years, and Twofish
is no exception.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Explain S-boxes please
Date: 11 Aug 2000 21:21:24 GMT
[EMAIL PROTECTED] (Simon Johnson) wrote in
<[EMAIL PROTECTED]>:
>YAUS!
>
>Well, its yeah its a subsitution..... This mean we take an input
>digit and replace it with some other value, which is found in a
>look up table.
>
>The critera by which this mapping is choosen is a different
>depending on what u're after. Some people, like Tom, prefer a
>medium sized optomized s-box. Others, like me, prefer a random
>but very large s-box. Either way it make no difference.
>
>I can't tell you what the critera for a optimised S-box is.....
>because i'm not sure.
>
>Cheers,
>
>Simon
>
Is it as large as the ramdom single cycle S-box that I use
in scott19u? I allow the user to use any single cycle permutaion
for the S-box of there choice.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction
of the truth."
------------------------------
From: [EMAIL PROTECTED] (John Bailey)
Subject: Re: Steganography
Date: Fri, 11 Aug 2000 21:26:21 GMT
On 11 Aug 2000 10:18:50 -0400, Bruce Barnett
<[EMAIL PROTECTED]> wrote:
>
>Does anyone know of any references to a technique for watermarking of
>text so that if more than one version of the text was examined,
>differences might be seen, but it would still be difficult for two
>individuals to create an version without revealing their identify.
http://www.patents.ibm.com/details?&pn10=US03675948
(quoting)
A method of halftone printing is disclosed which permits an image to
be disguised or hidden in a printed field from detection by ordinary
photography or the eye of a viewer and an apparatus is presented which
can be used to bring out or detect the hidden image. The printed field
comprises three halftone components: an overall halftone at a given
angle; a second halftone at a different angle and containing a
negative of the image; and the image itself in halftone at a third
angle and coincident with the negative portion of the second halftone.
When each of the halftones is made up of dot figures of similar size,
period and tone, the field will give a uniform appearance to the eye,
obscuring the image and resisting photographic analysis except by
impractical magnification. An apparatus in the form of a screen made
up of a periodic pattern of similar frequency to that of the halftone
screen of the printed field and arranged at the proper angle to the
printed field, will reveal the hidden image at a different brightness
than the background. By moving the properly arranged screen
in an appropriate manner relative to the printed field, the hidden
image will appear as a blinking image. If the method and apparatus are
used in printing and checking security documents, additional printing
techniques are disclosed for preventing counterfeiting of the
documents such as black overprinting, slight variations in the print
angle from the conventional angles and the use of unique and
complicated dot figures and images
(end quote)
This, in conjunction with the orginal source for all this:
Moni Naor and Adi Shamir. given at Eurocrypt '94
http://www.wisdom.weizmann.ac.il/~naor/PAPERS/vis.ps
(quoting)
In this paper we consider a new type of cryptographic scheme, which
can decode concealed images without any cryptographic computations.
The scheme is perfectly secure and very easy to implement. We extend
it into a visual variant of the k out of n secret sharing problem, in
which a dealer provides a transparency to each one of the n users; any
k of them can see the image by stacking their transparencies, but any
k minus 1 of them gain no information about it.
(end quote)
(These references) would appear to provide the tools needed to do what
you propose. Give more details, and there can be a better assessment.
John
See also http://www.ggw.org/donorware/dynagram.html
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: Huge S-boxes!
Date: Fri, 11 Aug 2000 21:43:46 GMT
On Fri, 11 Aug 2000 21:28:42 GMT, [EMAIL PROTECTED] (James Pate
Williams, Jr.) wrote:
>for d.e. of 3 and 4 round DES which is available to citizens of the
I meant d.c. (differential cryptanalysis).
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
------------------------------
From: [EMAIL PROTECTED] (fvw)
Subject: Re: 1-time pad is not secure...
Reply-To: [EMAIL PROTECTED]
Date: Fri, 11 Aug 2000 22:20:20 GMT
<[EMAIL PROTECTED]> ([EMAIL PROTECTED]):
>: a 100 byte message encrypted with a OTP would have would have
>: 2^800 keys, meaning all possible messages could be 'bruteforced'
>: from that plaintext. Even with a prng, all possible plaintexts
>: are possible [...]
>
>With a 100 byte message? Unlikely - unless the PRNG has a comparable seed
>size.
Fair enough, you're right, they can't. But the nice thing is that it's
just as hard to crack the encryption as it is to prove a given key is
a valid one...
--
Frank v Waveren
[EMAIL PROTECTED]
ICQ# 10074100
------------------------------
From: "Tor Rustad" <[EMAIL PROTECTED]>
Subject: Re: Copyright isue - SERPENT
Date: Sat, 12 Aug 2000 00:22:55 +0200
"tomstd" <[EMAIL PROTECTED]> wrote in message
> Runu Knips <[EMAIL PROTECTED]> wrote:
> >kihdip wrote:
> >> A candidate for AES has to be free for everybody to use, but
> is it correct
> >> that SERPENT has some limitations in implementations because
> of a copyright ??
> >> If so, how much of the SERPENT implementation does this
> copyright involve ??
> >
> >No, the only AES algorithm with a license problem is RC6, which
> will
> >only be free if it becomes AES, which is unlikely because it
> doesn't
> >offer key agility.
>
> But's it is far simpler to implement, it's from RSA and it's
> yankee material. Seems like enough for a technical round nose.
RC6 is not simple to implement. What matters is HW implementations, not SW
implementations. Why? Mony!
US know what is good business, RC6 simply isn't it. However, I guess they have a
problem now, because as far as I can see, the two best candidates are Serpent
and Rijndael.
So if RC6 is choosen anyway, they have to choose another winner aswell.
--
Tor
------------------------------
From: [EMAIL PROTECTED] (Mickey McInnis)
Subject: Re: 1-time pad is not secure...
Date: 11 Aug 2000 22:10:54 GMT
Reply-To: [EMAIL PROTECTED]
In article <8n1q0f$hps$[EMAIL PROTECTED]>, Derek Bell <[EMAIL PROTECTED]>
writes:
|> Mickey McInnis <[EMAIL PROTECTED]> wrote:
|> : He can also try variants of "Give me the pad for future incoming messages.
|> : I'll hold you and shoot you if it doesn't work on the next message received."
|>
|> Then give him the fake pad and send a few dummy messages in that to
|> lull him into a false sense of security.
Sorry, maybe I didn't make myself clear enough. He locks you up and
tries to decrypt future INCOMING messages sent to you. You don't get a
chance to send any further messages or warn your correspondent. If the
next message decrypts to garbage, bang.
Since you don't know what the future incoming messages are going to
say, you can't make up matching phony pads to map them to innocuous
messages.
The other variant is to demand your "futute" encryption and decryption
pads and send a message to your correspondent and see if the
response that comes back makes sense, or if he can make your
correspondent to something observable. If the result fails to
be what's expected, bang.
|>
|> Derek
|> --
|> Derek Bell [EMAIL PROTECTED] | Socrates would have loved
|> WWW: http://www.maths.tcd.ie/~dbell/index.html| usenet.
|> PGP: http://www.maths.tcd.ie/~dbell/key.asc | - [EMAIL PROTECTED]
--
Mickey McInnis - [EMAIL PROTECTED]
--
All opinions expressed are my own opinions, not my company's opinions.
------------------------------
From: [EMAIL PROTECTED] (fvw)
Subject: Re: 1-time pad is not secure...
Reply-To: [EMAIL PROTECTED]
Date: Fri, 11 Aug 2000 22:24:11 GMT
<[EMAIL PROTECTED]>
([EMAIL PROTECTED]):
>[EMAIL PROTECTED] (fvw) wrote:
>><8mth1u$vpt$[EMAIL PROTECTED]> ([EMAIL PROTECTED]):
>>>Can you generate truely random numbers? No.
>>yes. time between radioactive decays for instance is a
>>textbook example of a perfect random generator.
>>
>
>I query this...... Radioactive decay can be described by a
>Expodential Curve, and is therefore is not strictly speaking
>random.
At a low resolution it is yes. But if you look at a high enough
resolution, there's just a particle decaying once in a while.
Radioactive decay is not a smooth transition.
--
Frank v Waveren
[EMAIL PROTECTED]
ICQ# 10074100
------------------------------
From: [EMAIL PROTECTED] (Mickey McInnis)
Subject: Re: 1-time pad is not secure...
Date: 11 Aug 2000 22:18:03 GMT
Reply-To: [EMAIL PROTECTED]
In article <8n1tle$16bm$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Mickey McInnis) writes:
|> In article <8n1q0f$hps$[EMAIL PROTECTED]>, Derek Bell
|<[EMAIL PROTECTED]> writes:
|> |> Mickey McInnis <[EMAIL PROTECTED]> wrote:
|> |> : He can also try variants of "Give me the pad for future incoming messages.
|> |> : I'll hold you and shoot you if it doesn't work on the next message received."
|> |>
|> |> Then give him the fake pad and send a few dummy messages in that to
|> |> lull him into a false sense of security.
|>
|> Sorry, maybe I didn't make myself clear enough. He locks you up and
|> tries to decrypt future INCOMING messages sent to you. You don't get a
|> chance to send any further messages or warn your correspondent. If the
|> next message decrypts to garbage, bang.
|>
|> Since you don't know what the future incoming messages are going to
|> say, you can't make up matching phony pads to map them to innocuous
|> messages.
|>
|> The other variant is to demand your "futute" encryption and decryption
That sentence would probably make a lot more sense if I said "future"
instead of "futute".
|> pads and send a message to your correspondent and see if the
|> response that comes back makes sense, or if he can make your
|> correspondent to something observable. If the result fails to
|> be what's expected, bang.
|>
|>
|>
|> |>
|> |> Derek
|> |> --
|> |> Derek Bell [EMAIL PROTECTED] | Socrates would have loved
|> |> WWW: http://www.maths.tcd.ie/~dbell/index.html| usenet.
|> |> PGP: http://www.maths.tcd.ie/~dbell/key.asc | - [EMAIL PROTECTED]
|>
|> --
|> Mickey McInnis - [EMAIL PROTECTED]
|> --
|> All opinions expressed are my own opinions, not my company's opinions.
--
Mickey McInnis - [EMAIL PROTECTED]
--
All opinions expressed are my own opinions, not my company's opinions.
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: idear for new cipher
Date: 11 Aug 2000 22:11:56 GMT
tomstd <[EMAIL PROTECTED]> wrote:
> I meant do
>
> F(x) a.x + b mod p
>
> Where p is a primitive polynomial of deg 64.
You're confused. I suggest you read a good book about finite fields.
Neal Koblitz' `Algebraic Aspects of Cryptography' has a place on my
bookshelf as a result of its coverage of finite fields, polynomial rings
and elliptic curves; I recommend it.
The reduction modulo an irreducible polynomial (not necessarily
primitive) is how we construct polynomial-basis extension fields from
polynomial rings over smaller fields. I assumed it was being done.
It doesn't really matter anyway. The construction is perfectly linear.
In *any* field (actually a ring will do here), multiplication is
distributive over addition. That's part of what multiplication means.
So
F(x + d) - F(x) = (a(x + d) + b) - (a x + b)
= a x + a d + b - a x - b
= a d
If we do this over a field with characteristic 2, addition and
subtraction are XOR, and we have the XOR-differential d -> a d with
probability 1.
Now, this might be a reasonable way of achieving diffusion if you choose
your field representation carefully, but to claim that it's a suitable
replacement for a decorrelation module is absurd!
-- [mdw]
------------------------------
Subject: Re: idear for new cipher
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 11 Aug 2000 16:07:59 -0700
[EMAIL PROTECTED] (Mark Wooding) wrote:
>tomstd <[EMAIL PROTECTED]> wrote:
>
>> I meant do
>>
>> F(x) a.x + b mod p
>>
>> Where p is a primitive polynomial of deg 64.
>
>You're confused. I suggest you read a good book about finite
fields.
>Neal Koblitz' `Algebraic Aspects of Cryptography' has a place
on my
>bookshelf as a result of its coverage of finite fields,
polynomial rings
>and elliptic curves; I recommend it.
>
>The reduction modulo an irreducible polynomial (not necessarily
>primitive) is how we construct polynomial-basis extension
fields from
>polynomial rings over smaller fields. I assumed it was being
done.
>
>It doesn't really matter anyway. The construction is perfectly
linear.
>
>In *any* field (actually a ring will do here), multiplication is
>distributive over addition. That's part of what multiplication
means.
>So
>
> F(x + d) - F(x) = (a(x + d) + b) - (a x + b)
> = a x + a d + b - a x - b
> = a d
>
>If we do this over a field with characteristic 2, addition and
>subtraction are XOR, and we have the XOR-differential d -> a d
with
>probability 1.
>
>Now, this might be a reasonable way of achieving diffusion if
you choose
>your field representation carefully, but to claim that it's a
suitable
>replacement for a decorrelation module is absurd!
Funny that's what was proposed in Vaudenays paper on
Decorrelation... or am I lost here?
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Subject: Re: idear for new cipher
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 11 Aug 2000 16:09:15 -0700
[EMAIL PROTECTED] (Mark Wooding) wrote:
>tomstd <[EMAIL PROTECTED]> wrote:
> F(x + d) - F(x) = (a(x + d) + b) - (a x + b)
> = a x + a d + b - a x - b
> = a d
>
>If we do this over a field with characteristic 2, addition and
>subtraction are XOR, and we have the XOR-differential d -> a d
with
>probability 1.
Of course you have a 1/n chance of guessing 'a' correctly which
is why it's decorrelated.
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Subject: Re: Explain S-boxes please
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 11 Aug 2000 16:11:09 -0700
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>[EMAIL PROTECTED] (Simon Johnson) wrote
in
><[EMAIL PROTECTED]>:
> Is it as large as the ramdom single cycle S-box that I use
>in scott19u? I allow the user to use any single cycle permutaion
>for the S-box of there choice.
Why must it be single cycle? That reduces the potential key
space.
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Subject: Re: obtaining RSA intemediate variables
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 11 Aug 2000 16:13:15 -0700
"ajd" <[EMAIL PROTECTED]> wrote:
>Hi,
>
>I've written an RSA implementation using Montgomery's
exponentiation method,
>and it works (woo-hoo). However, I'm now looking to make the
design
>smaller - especially with regard to obtaining the intermediate
variables
>required for the montgomery technique. I would like to know if
there is
>another way of finding the inverse of m mod R (the orignal
modulus, modulo
>the new modulus). I am currently using Euclids extended
algorithm. Is there
>another way?
Given the order of a multiplicative group N as n just do
a^(n-1) mod N = 1/a mod N
That is very slow but should work
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Date: Sat, 12 Aug 2000 11:54:29 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: chap authentication scheme?
=====BEGIN PGP SIGNED MESSAGE=====
Taekyoung Kwon wrote:
> [protocol run]
> 1. Server sends his random challenge to Client.
> ALICE <--- g^x --- BOB
>
> 2. Client responds to Server
> ALICE --- g^y, (g^xg^v)^y ---> BOB
ALICE --- 1, 1 ---> BOB
> [how it works]
[...]
> Step 2.4: BOB computes {(g^xg^v)^y}^X and compares it to g^y.
BOB computes 1^X and compares it to 1.
> [for the amplified password proof]
> http://eprint.iacr.org/2000/026
I think you must have missed something out from the protocol (a check
that g^y is of large order, maybe?)
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOZUOkjkCAxeYt5gVAQHrFAgArkadiczu58TIffPFMKnBTLklFwUEIpYN
dUEe0tfm0EVr4LVaYH2Zt759ucJR/fgdM0GXLeDe+fl7PX4MstBcfOE5Ciass1si
xMxwIywqGJS0YYKM/nx1cQxk9gjGvDbC1V+loYYyibITiojJsNObIw0p0hPmu0y/
RzI8qK6FpFgKuB74JaR4YkIpM0rB2x+ld7jqNQ02nbVYTntsY51q7wyP28W7KLcB
5JFimaT+ZHiDTvKknobd3dyKIjlQ9zqvVO9vfr+5nFYHv7pRlqVhrEIAvrdn6CyQ
elUpRaeMdtbVTbszBSM+I7vDcjUqDs7feBr+HtGm3hpYY4ZhHkV+Kg==
=4rDG
=====END PGP SIGNATURE=====
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Explain S-boxes please
Date: Fri, 11 Aug 2000 16:39:40 -0700
Because DS hasn't figured things out completely yet. I think you showed up
after he left for a long time. Just keep reminding yourself that he's the
lesser of several evils. Who knows maybe he, Szopa, and aernt (or whatever
his e-mail is) will start arguing, that should at least be entertaining, in
uninformative.
Joe
"tomstd" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> >[EMAIL PROTECTED] (Simon Johnson) wrote
> in
> ><[EMAIL PROTECTED]>:
> > Is it as large as the ramdom single cycle S-box that I use
> >in scott19u? I allow the user to use any single cycle permutaion
> >for the S-box of there choice.
>
> Why must it be single cycle? That reduces the potential key
> space.
>
> Tom
>
>
> -----------------------------------------------------------
>
> Got questions? Get answers over the phone at Keen.com.
> Up to 100 minutes free!
> http://www.keen.com
>
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: BBS and the lack of proof
Date: 11 Aug 2000 23:40:53 GMT
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> I detect a difference between finding _a_ cycle and finding _the_
> cycle (from which a given sequence was taken).
Ahhh. I see! You're assuming an existing sequence supplied to the
analyst. Right.
[Snip stuff I don't need to disagree with.]
> However, if I happen to select one of the few short cycles then it
> will be possible to predict the sequence by traversal. Thus if I
> select a key and do not check it for shortness I'm vulnerable to a
> prediction by traversal. Thus the opponent with not have to use a
> technique that requires QR decidability.
I think this is where we start disagreeing.
The point of the proof is not that you can't predict the generator
without solving some instances of the QRP: it's that being able to
predict the generator's output gives you an efficient[1] way to solve the
QRP. If we assume that QRP is difficult, then predicting the generator
must therefore also be difficult.
[1] Well, expected polynomial time.
-- [mdw]
------------------------------
From: Lars Ramkilde Knudsen <[EMAIL PROTECTED]>
Subject: AES block cipher lounge
Date: Sat, 12 Aug 2000 01:46:31 +0200
Hi,
The AES block cipher loung has been updated.
http://www.ii.uib.no/~larsr/aes.html
If you know of missing references or other things,
please let me know.
Lars R. Knudsen
------------------------------
From: [EMAIL PROTECTED] (dbt)
Subject: Re: 1-time pad is not secure...
Date: Fri, 11 Aug 2000 23:56:46 GMT
Mickey McInnis <[EMAIL PROTECTED]> says:
>In article <8n1q0f$hps$[EMAIL PROTECTED]>, Derek Bell <[EMAIL PROTECTED]>
>writes:
>|> Mickey McInnis <[EMAIL PROTECTED]> wrote:
>|> : He can also try variants of "Give me the pad for future incoming messages.
>|> : I'll hold you and shoot you if it doesn't work on the next message received."
>|>
>|> Then give him the fake pad and send a few dummy messages in that to
>|> lull him into a false sense of security.
>
>Sorry, maybe I didn't make myself clear enough. He locks you up and
>tries to decrypt future INCOMING messages sent to you. You don't get a
>chance to send any further messages or warn your correspondent. If the
>next message decrypts to garbage, bang.
The problem with most of these scenarios is that after she's got
the message, the attacker has no reason not to kill you anyway.
Not that this subthread has anything to do with cryptography, really.
Trust systems, maybe...
--
David Terrell | "Instead of plodding through the equivalent of
Prime Minister, NebCorp | literary Xanax, the pregeeks go for sci-fi and
[EMAIL PROTECTED] | fantasy: LSD in book form." - Benjy Feen,
http://wwn.nebcorp.com | http://www.monkeybagel.com/ "Origins of Sysadmins"
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
