Cryptography-Digest Digest #429, Volume #12 Sun, 13 Aug 00 01:13:01 EDT
Contents:
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
Re: Not really random numbers (Anthony Stephen Szopa)
Re: Crypto Related Professional Attitude (tomstd)
Re: 1-time pad is not secure... ("Joseph Ashwood")
Re: Crypto Related Professional Attitude ("Trevor L. Jackson, III")
Re: Random Number Generator ("Trevor L. Jackson, III")
Re: Popular Science article ("Joseph Ashwood")
Re: Not really random numbers ("Trevor L. Jackson, III")
Where should I hide the Key? ("bbUFO")
Re: Crypto Related Professional Attitude ("Kristopher Johnson")
Re: Not really random numbers (Eric Lee Green)
Re: WAP gateway to WWW - Will this configuration really fly from a security
perspective ? ("Lyalc")
Re: Crypto Related Professional Attitude (David A Molnar)
Re: Crypto Related Professional Attitude (tomstd)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Sat, 12 Aug 2000 23:02:17 -0400
Tim Tyler wrote:
> This (in particular the word "only") is too strong. Yes, any hidden
> variables that exists have to appear to aggregate to produce
> random-looking events on various scales that have been measured, to
> certain degrees of accuracy. This does not say how that should behave
> on ranges about which no experiments have yet been performed, or when
> considered to higher degrees of accuracy than existing experimants
> have looked at.
That's not it at all. The possibility of the existence of local
hidden variables (that have any physical effect) has been ruled
out altogether by a combination of theory and experiment. It was
not looking for a small effect that might have been missed, but
rather for a blatant effect that could not have been missed.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Subject: Re: Not really random numbers
Date: Sat, 12 Aug 2000 20:13:43 -0700
"Trevor L. Jackson, III" wrote:
>
> The title "Absolutely Random" is hilarious when applied to a deterministic system.
>
> Anthony Stephen Szopa wrote:
>
> > Jamie wrote:
> > >
> > > In the UK pre-Pay phone cards are big business... you buy a card, reveal a
> > > number, key the number to a phone system and you have so much talk time. I
> > > am working on an application in a simmilar field...and ofcourse the issue of
> > > generating these numbers has come up once again. I need ideas for a number
> > > generator that satisfy the following contidions:
> > >
> > > 1 The magnitude of the generated numbers can be specified, 2^30, 2^35,
> > > 2^40... 2^90
> > >
> > > 2 The period must be greater then 2^^20
> > > (So numbers generated dont repeat)
> > >
> > > 3a Given a short fragment of the sequence it must be difficult to deduce the
> > > next number in sequence
> > > 3b Given one number it must be unlikely that another number is both close in
> > > value and close in position in the sequence
> > > (vague but I guess I mean that a "hacker" wont succed randomly guessing the
> > > next number)
> > >
> > > 4 The sequence must be re-startable.
> > >
> > > 5 No need for an even distribution or anything like that.
> > >
> > > My starting point was an algorithm like
> > >
> > > Nn+1=(P1*Nn+P2) mod P3
> > >
> > > P1,2,3 are primes P3 determining the magnitude of the numbers generated
> > >
> > > Nn+1 the next number in the sequence
> > >
> > > But this seems to be full of holes.
> > >
> > > any ideas on an algo ?
> >
> > Go to http://www.ciphile.com and download OAR-L3: Original
> > Absolutely Random - Level3 random number generator shareware
> > software.
> >
> > Go to the Downloads Currently Available web page and download the
> > software directly. You will be able to generate more random numbers
> > than you could conceivably ever need.
> >
> > If used according to recommendations there is practicably no chance
> > anyone will be able to duplicate your random numbers.
> >
> > If you think you could use this software commercially, email me.
> >
> > A.S.
The title Absolutely Random is accurate.
Here is why:
True: the software is deterministic once you give it truly random
input. If you know the truly random input you have the key and can
run the software and generate the same random numbers as the user.
Duuuhhh?
The software is Absolutely Random in its outcome because it accepts
truly random input from the user. The output is as random as the
input. If you do not know the input you cannot determine the output.
------------------------------
Subject: Re: Crypto Related Professional Attitude
From: tomstd <[EMAIL PROTECTED]>
Date: Sat, 12 Aug 2000 20:21:56 -0700
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>> tomstd <[EMAIL PROTECTED]> wrote:
>> > Why don't you guys ever participate even a little in
sci.crypt?
>Bob Silverman wrote:
>> I can answer this ...
>
>There is also the question, "Why should they?" What's in it for
>them? Normal people don't enjoy relationships where they do all
>the giving and others do all the taking.
Why is giving so bad? I think giving to those that appreciate
it is the best and most enjoyable experience ever.
And like their heads will explode to write a few msgs from now
and then.
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Sat, 12 Aug 2000 20:29:37 -0500
> I think you're muddling the issue a little.
I'm not muddling anything, the pad exists, that much cannot
be denied, the only problem is determining which pad it is.
I chose 3DES for a reason by the way, it is to the best of
my knowledge a very difficult problem. Even if you know that
the 3DES key has a specific kind of correlation or bias, if
you are disallowed form using 3DES to decrypt, the solution
is not known to be easy.
> So you generate a key to be
> used with 3DES... If your key generator is biased, the
same problem
> applies to any system. You have some keys with higher
probabilities
> than others.
No, like I said I used a "perfect" Random Number Generator.
So all values are equally likely at any time.
> In addition, since you're using 3DES not OTP, your
encryption system
> itself may provide loopholes for attack other than brute
force. So
> what's your point?
Right, the result MUST be weaker than OTP, but all you've
done is point to the same wrongs you've stated before. I
asked for a proof of weakness, all you've offered is a lack
of anything.
> Let me put it in more details. So you generate keys for
3DES. Two
> 56-bit keys per encryption. Your key generator is biased.
No the key generator is unbiased. But even if it was...
> Let's say it
> generates the sequence 01010 a lot just for the sake of
easy
> discussion. So while you're breaking 3DES, you always
consider the
> cases with 01010 first.
Except that 3DES has very little order to be exploted that
way. Making your pad still on the order of 2^90-2^112 to
find.
> That gives you an advantage. That's my point.
What advantage, you have reduced it by exactly 0. No
advantage has been proven yet.
> Maybe I'll start a thread on RSA later. :)
Go ahead, maybe you'll have something useful to say.
Joe
------------------------------
Date: Sat, 12 Aug 2000 23:50:56 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Crypto Related Professional Attitude
Bob Silverman wrote:
> In article <[EMAIL PROTECTED]>,
> tomstd <[EMAIL PROTECTED]> wrote:
> > This post is for the professionals such as Biham, Rivest,
> > Schneier, Wagner, Shamir, Coppersmith, etc...
> >
> > Why don't you guys ever participate even a little in sci.crypt?
> >
> > No offense but you claim to be active in crypto, and honest you
> > guys know way more then most of us (including me). So why not
> > post from time to time excluding posts to plug your papers?
> >
>
> I can answer this.
>
> There are too many cranks and too many who want to promote their
> own "agendas".
>
> Look at the recent "OTP are bogus" thread.
>
> There is just too much nonsense posted here, too many who don't
> want to listen, too many who are convinced they are right even when
> presented evidence to the contrary and too many who just want to
> be contrary.
Right. The place is populated by humans. What a waste.
------------------------------
Date: Sat, 12 Aug 2000 23:54:04 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Random Number Generator
Tim Tyler wrote:
> Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> : Tim Tyler wrote:
> :> tomstd <[EMAIL PROTECTED]> wrote:
>
> :> : [...] a random string should compress a little over lots of data.
> :>
> :> From this it looks like you don't share Chaitin and Kolmogorov's notion
> :> of what randomness is.
>
> : Calling compressibility randomness does not lead to enlightenment. [...]
>
> Indeed, if anything, that path goes directly to hell.
>
> Compressibility is the antithesis of randomness. High compressibility
> equates to high order - not high disorder.
Oops. Right. Dropped an "in..."
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Popular Science article
Date: Sat, 12 Aug 2000 20:44:30 -0500
Crossposted-To: alt.security.pgp
I'm sorry but Popular Science seems to have gotten some
things very confused.
QComputers are useful for doing "real work" they can sort,
find, and generally quest for answers generally faster than
standard computers.
QCryptography is a different matter, quantum cryptography
relies on a tunnel between 2 points that canot be examined
without altering the state. It uses this tunnel to
create/transfer a One Time Pad.
Quantum Mechanics is involved with both of them. But to
interpret them to be done in the same machine, is much like
considering sound and video to be done in the same machine,
they can be, but they are conceptually very different, and
require differing skills to do correctly. Also note that
they incorrectly state that a Quantum Computer is used to do
this, the largest known Quantum Computer is 7 qubits (maybe
slightly larger now), while this is important even a lowly
standard computer can break any applicable code created by
such a machine. On the other hand Quantum Transfer
connections (the basis for Quantum Cryptography) have been
made over several miles, a very different concept entirely.
Joe
------------------------------
Date: Sun, 13 Aug 2000 00:08:33 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Not really random numbers
Anthony Stephen Szopa wrote:
> "Trevor L. Jackson, III" wrote:
> >
> > The title "Absolutely Random" is hilarious when applied to a deterministic system.
> >
>
> The title Absolutely Random is accurate.
>
> Here is why:
>
> True: the software is deterministic once you give it truly random
> input. If you know the truly random input you have the key and can
> run the software and generate the same random numbers as the user.
> Duuuhhh?
>
> The software is Absolutely Random in its outcome because it accepts
> truly random input from the user. The output is as random as the
> input. If you do not know the input you cannot determine the output.
OIC. So if I have random data then I have random data. I'd never have guessed.
Tell me again why I need your software if I already have random data? Given truly
random input the only thing your software can do to the data is make it more orderly.
Have you considered marketing Absolutely Ordered Data? There are several people who
post on this newsgroup who might give you endorsements.
------------------------------
From: "bbUFO" <[EMAIL PROTECTED]>
Subject: Where should I hide the Key?
Date: Sun, 13 Aug 2000 04:34:54 GMT
Ok, I got a good algorithm for encryption. But where is the good place to
store the encryption KEY?
I have 3 ideas, but they seems not so good, anyone have other idea?
1. Store it with the encrypt data or in a file, so whoever get the data or
file can decrypt it. this is not safe.
2. Store it in Windows Registry. But user will lost the key if he/she format
and reinstall Windows.
3. Use the user's password as the key. But it need to re-en/decrypt all the
data every time user change password.
------------------------------
From: "Kristopher Johnson" <[EMAIL PROTECTED]>
Subject: Re: Crypto Related Professional Attitude
Date: Sun, 13 Aug 2000 04:44:34 GMT
So far, in this thread, you have stated that the professional "big-shots"
are
- arrogant
- lazy
- unwilling to share
- unwilling to learn
- self-promoting
With an attitude like that, why would they want to spend time communicating
with you and others like you?
BTW, sci.crypt.research exists for serious noise-free discussions. (I don't
see much traffic there, however).
- Kris
"tomstd" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> >> tomstd <[EMAIL PROTECTED]> wrote:
> >> > Why don't you guys ever participate even a little in
> sci.crypt?
> >Bob Silverman wrote:
> >> I can answer this ...
> >
> >There is also the question, "Why should they?" What's in it for
> >them? Normal people don't enjoy relationships where they do all
> >the giving and others do all the taking.
>
> Why is giving so bad? I think giving to those that appreciate
> it is the best and most enjoyable experience ever.
>
> And like their heads will explode to write a few msgs from now
> and then.
>
> Tom
>
>
> -----------------------------------------------------------
>
> Got questions? Get answers over the phone at Keen.com.
> Up to 100 minutes free!
> http://www.keen.com
>
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Not really random numbers
Date: Sun, 13 Aug 2000 04:58:03 GMT
Anthony Stephen Szopa wrote:
> True: the software is deterministic once you give it truly random
> input. If you know the truly random input you have the key and can
> run the software and generate the same random numbers as the user.
> Duuuhhh?
Mr. Szopa, I don't think anybody quibbles on that point. On the other
hand, there are various other attributes which are useful for a
pseudo-random number generator: 1) Unpredictability. Given an output
value or sequence of output values, for the generator, you cannot
predict what the next output value will be. 2) Resistance to
backtracking attacks. Given an output value or sequence of output
values, you cannot predict what previous output values may have been. 3)
Resistance to meet-in-the-middle attacks. Given two output sequences on
either side of a unknown sequence of output values, you still have only
a blind guess chance of guessing that unknown sequence of output values.
There are more, but I think you are getting the picture -- it is not
merely randomness that is desirable for the output of a cryptographic
quality PRNG, it is *unpredictability*.
A moron can create a pseudo-random number generator that passes basic
statistical tests for randomness, and many morons have done so, some of
whom even sell their snake oil to unsuspecting souls. Writing a good
cryptographic-quality PRNG is not, however, easy -- I've done it myself
in the past, after careful reading of the literature and careful
examination of other cryptographic-quality PRNG's, and even after that
hard work and research there are *still* some known attacks on my PRNG
(though none that are fatal for my particular application -- they all
require root access on the Unix box where my application is installed,
and given that the whole point of the involved code is to prevent people
from GETTING root access....).
--
Eric Lee Green There is No Conspiracy
[EMAIL PROTECTED] http://www.badtux.org
------------------------------
From: "Lyalc" <[EMAIL PROTECTED]>
Subject: Re: WAP gateway to WWW - Will this configuration really fly from a security
perspective ?
Date: Sun, 13 Aug 2000 15:01:05 +1000
I see 2 additional challenges:
1) Vanilla EMV can't work securely on the net, although at least 4 variants
have been proposed by vendors to fix the fundamental flaw (an in-store
oriented security model)
2) The gateway issue will only be solved if the GW owner is accredited by
the financial community. Noether carrier or banks trust each other enough to
agree on allowing the other access to ther customer base, and more
importantly, their customer's accounts.
Lyal
Tor Rustad wrote in message ...
>"Paul Rubin" <[EMAIL PROTECTED]> wrote in message
>> Mark Currie <[EMAIL PROTECTED]> wrote:
>
>< snip >
>
>> >The only way that I can see an acceptable security model for
>> >wireless-WWW commerce with end-to-end security is to have WWW hosts
>> >implement WTLS or run WAP servers. This sounds like a tall order to me.
>>
>> I think the e-commerce sector isn't delighted about the situation, but
>> it doesn't mind that much. The idea is the WAP gateway is located at
>> the wireless telco and is supposed to be secure. (Of course, that's
>> the same wireless industry operating it that brilliantly gave us the
>> A5 ciphers and millions of cloned phones, so some of us stay skeptical
>
>The problem here is not only technical, but also political. Telecom
controls the
>SIM (or WIM), but the financial institutions controls our bank account.
Hence,
>there is two worlds which clashes together, and they need time to put the
>borders down. The sad part, is that as long as the two parts have
difficulties
>talking together, we will see poor technical solutions out there.
>
>There is also two different securty worlds (at least in my country), and
the
>finacial security community for does not trust the telecom security
community.
>There is simply too big difference in securing real big mony, compared to
>securing phone calls. This 'high value' expierence is not learned
overnight, and
>for those of us who works on the finacial security side, we very much keep
our
>expierence internally.
>
>The WAP GW is a true man-in-the-middle, but this is not the most difficult
>sucurity problem for me. Today many transactions go trough GW and routers
>without being a major security risk, we already have secure means/protocols
of
>doing this. The problem starts with the chip (SIM/WIM), as long as the
banks
>have no control over this security, we simply can't design a system with
>end-to-end security. It doesn't matter how secure the WAP GW is, if we
can't
>trust the chip card used the mobile phone, there is no way to trust the
>transaction.
>
>There is a chain of trust, and it begins even before the chip is produced.
>However, it doesn't help much that the A3, A5/1,A5/2 and A8 has been
reversed
>engineered, and some major design flaws where discovered during the
proccess.
>Even if these algorithms had been cryptographic strong, there are many
other
>important security issues like key management, card production, card
issuance
>etc.for which there are lessons yet to be learned for the mobile community.
>
>We don't need to go into difficult areas at all, how can we view the mobile
as a
>secure PIN entering device, when it is not designed as such? ATM and POS
PIN
>entring devices has encrypted keyboard controllers, my personal mobile bip
a
>different tone for each PIN digit I enter!
>
>We have already seen some results of the two world problem, I know one
mobile
>phone which have internally two chip slots, one for the SIM and the other
for a
>bank ICC. In many pilots, the mobile has a built in smartcard reader, where
you
>can insert your bank card. Given the small size of a modern wireless phone,
and
>the size of a bankcard, this seem to lead into some practical difficulties.
I
>don't know yet any pilots where telecom and banks uses the same chip, I
guess
>there is a reason for this.
>
>For the time being, the e-commerce fraud is mainly with creditcards on the
net.
>Visa and Mastercard are well on their way to stop this, with their push
towards
>EMV and SET. When this migration path has completed, I expect we will see
the
>real test of the mobile e-commerce security. The fraud will never stop,
only
>take other forms.
>
>--
>Tor K Rustad
>Technical Chief of Security
>Norwegian Banking Payment Central (BBS)
>
>(Opinions expressed here are my own.)
>
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Crypto Related Professional Attitude
Date: 13 Aug 2000 04:36:39 GMT
tomstd <[EMAIL PROTECTED]> wrote:
> Why is giving so bad? I think giving to those that appreciate
> it is the best and most enjoyable experience ever.
Probably true. You may have noticed that this newsgroup is not always
the most "appreciative" of audiences.
> And like their heads will explode to write a few msgs from now
> and then.
What about the time required to respond to the followups?
What kind of messages do you have in mind?
Also, you may have noticed that this is a high traffic newsgroup.
It usually helps to read messages in order to find points to which to
respond. This takes a lot of time and some amount of effort. Neither
of which is infinite...I'm at the point now where I tab through most of
the group without reading at all...
-David
------------------------------
Subject: Re: Crypto Related Professional Attitude
From: tomstd <[EMAIL PROTECTED]>
Date: Sat, 12 Aug 2000 21:59:09 -0700
"Kristopher Johnson" <[EMAIL PROTECTED]>
wrote:
>So far, in this thread, you have stated that the
professional "big-shots"
>are
>
>- arrogant
>
>- lazy
>
>- unwilling to share
>
>- unwilling to learn
>
>- self-promoting
>
>With an attitude like that, why would they want to spend time
communicating
>with you and others like you?
What have I done that is so deserving of being shunned?
Am I that stupid, mean or pompus?
What did I do wrong?
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
