Cryptography-Digest Digest #433, Volume #12 Sun, 13 Aug 00 20:13:01 EDT
Contents:
Re: Crypto T-shirts (tomstd)
Re: Rebecca ([EMAIL PROTECTED])
Re: BBS and the lack of proof (Terry Ritter)
Re: Crypto T-shirts (Arthur Dardia)
Re: OTP using BBS generator? (Bryan Olson)
Re: Impossible Differentials of TC5 (lordcow77)
Re: 1-time pad is not secure... (Guy Macon)
Re: Crypto T-shirts ([EMAIL PROTECTED])
Looking for password statistical data ("Seeker")
Re: Crypto T-shirts (Ron B.)
Re: 1-time pad is not secure... (Guy Macon)
Re: 1-time pad is not secure... (Guy Macon)
Re: 1-time pad is not secure... ("Mikal 606")
Re: Impossible Differentials of TC5 (tomstd)
Re: Pentium III h/w RNG (Peter Pearson)
Re: chap authentication scheme? (Thomas Wu)
Diehard suite, is it commercial? (ArchimeDES)
Re: 1-time pad is not secure... (Guy Macon)
Re: 1-time pad is not secure... (Guy Macon)
Re: Diehard suite, is it commercial? (tomstd)
Re: 1-time pad is not secure... (Guy Macon)
Re: 1-time pad is not secure... (Guy Macon)
Re: chap authentication scheme? (Thomas Wu)
What is up with Intel? (tomstd)
----------------------------------------------------------------------------
Subject: Re: Crypto T-shirts
From: tomstd <[EMAIL PROTECTED]>
Date: Sun, 13 Aug 2000 14:06:06 -0700
Simon Johnson <[EMAIL PROTECTED]> wrote:
>Does anyone know if an incredibly sad person, like me, could
>aquire crypto-shirts. I'm looking for something like Blowfish,
>RC6, Twofish..... Just generally a good t-shirt?
>
>Simon Johnson
I know where I live I can have shirts made up with your own
design, you could probably put all of RC5 on a shirt and
something else on the back.
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Rebecca
Date: Sun, 13 Aug 2000 21:25:55 GMT
In article <jgfunj-1308001107140001@dial-244-
129.itexas.net>,
[EMAIL PROTECTED] (wtshaw) wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (John
Savard) wrote:
>
> > Doubtless, many people remember the novel
entitled "The Key to
> > Rebecca" which is a spy novel set in World
War II. I had wondered why
> > the author happened to choose the Daphne du
Maurier novel (which was
> > also the basis of Alfred Hitchcock's first
movie) as the base for his
> > fictional agent's book cipher...
> >
> > and in a web search, I happend across
> >
> > http://www.wabash.lib.in.us/wcpl/homefront.htm
> >
> > which noted that the _Kondor_ spy ring
actually did use that book as
> > the basis for a book cipher during World War
II! One learns something
> > new every day.
> >
> > John Savard
> > http://home.ecn.ab.ca/~jsavard/crypto.htm
>
> The Key to Rebecca is better than Rebecca.
> --
> Too bad from the party members point of view
that Ventura has
> gone, for what the Reform Party needs is a good
referee and
> someone who understands how to *fix* things,
before hurt sets in.
>
It's very interesting. Even more so if it's true
what Ken Follet said; namely, that he thought of
Rebecca because he liked so much that novel.
Riccardo Maffey
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: BBS and the lack of proof
Date: Sun, 13 Aug 2000 22:05:52 GMT
On 11 Aug 2000 23:40:53 GMT, in <[EMAIL PROTECTED]>, in
sci.crypt [EMAIL PROTECTED] (Mark Wooding) wrote:
>Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
>
>> I detect a difference between finding _a_ cycle and finding _the_
>> cycle (from which a given sequence was taken).
>
>Ahhh. I see! You're assuming an existing sequence supplied to the
>analyst. Right.
And *that* has been the specific issue under discussion since the
beginning of these threads. See (and note the date), for example:
From: [EMAIL PROTECTED] (Terry Ritter)
Newsgroups: sci.crypt
Subject: Re: OTP using BBS generator?
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 07 Aug 2000 04:46:06 GMT
>On Thu, 3 Aug 2000 23:18:14 GMT, in <[EMAIL PROTECTED]>, in
>sci.crypt Tim Tyler <[EMAIL PROTECTED]> wrote:
>
>>[...]
>>In this instance I believe factoring the modulus is usually a more
>>powerful attack than a brute force search through the possible seeds,
>>(assuming these are of equivalent size).
>
>Are you following along? Is that another issue? It is certainly not
>the problem I identify:
>
>Basically we are talking about the BB&S sequence itself. We assume
>that the opponents can record values in the BB&S sequence and want to
>know if those can be used to predict the rest of the sequence. But
>"prediction" is obvious as soon as the cycle starts to repeat, and
>then the system is insecure.
>
>With "reduced" BB&S, every once in a long while the user's system may
>select a short cycle. This is the sender, not the opponent; it is a
>weakness which the sender may or may not expose. When a system with
>this weakness is used beyond the cycle length, the opponent "only"
>need find the repetition to break the system.
>
>This weakness is entirely due to the mathematical structure of the
>system; it is not like someone blabbing the secret, which has no math
>guarantee. Furthermore, this weakness was identified and appropriate
>measures given in the *original* BB&S article. The weakness can be
>prevented by assuring that long cycles exist and checking that we are
>on one. But the "reduced" BB&S system does not check.
I can -- and, if necessary, will -- reference message after message
where this issue has been made clear to anyone willing to read and
understand.
I note that there is a significant difference between a discussion --
in which one actually attempts to understand a different point of view
and then responds to that -- and imagining that everyone who has a
different view is either "stupid" or "disingenous."
Now, where did *that* come from? See, for example:
On 11 Aug 2000 09:57:11 GMT, in <[EMAIL PROTECTED]>,
in sci.crypt [EMAIL PROTECTED] (Mark Wooding) wrote:
>Terry Ritter <[EMAIL PROTECTED]> wrote:
>>
>> On 10 Aug 2000 15:01:56 GMT, in <[EMAIL PROTECTED]>,
>> in sci.crypt [EMAIL PROTECTED] (Mark Wooding) wrote:
>>
>> >Errr... no. The proof not statistical. It states that the output of
>> >a BBS generator cannot be distibguished from random data by any
>> >polynomial-time test by an adversary who cannot decide quadratic
>> >residuosity.
>>
>> That is simply false when a short cycle is used. Unless you
>> absolutely prevent such a thing, you cannot assume in your reasoning
>> that it has not occurred. On the contrary, if something *might*
>> occur, you must assume that it *has* occurred, and reason the
>> consequences from there.
>
>Now you're just being deliberately stupid.
Now, isn't that special.
>I'm smelling disingenuousness again.
If you want to be treated similarly, just keep it up. If you can't
bring yourself to show respect, you may be surprised at how little you
get in return.
And rather than suggesting that I might behave as others would in the
same situation (I wouldn't), I suggest you spend time re-reading my
messages until you really do understand what they say, *before* you
start to tell me how wrong I am.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Arthur Dardia <[EMAIL PROTECTED]>
Subject: Re: Crypto T-shirts
Date: Sun, 13 Aug 2000 18:13:19 -0400
tomstd wrote:
> Simon Johnson <[EMAIL PROTECTED]> wrote:
> >Does anyone know if an incredibly sad person, like me, could
> >aquire crypto-shirts. I'm looking for something like Blowfish,
> >RC6, Twofish..... Just generally a good t-shirt?
> >
> >Simon Johnson
>
> I know where I live I can have shirts made up with your own
> design, you could probably put all of RC5 on a shirt and
> something else on the back.
>
> Tom
>
> -----------------------------------------------------------
>
> Got questions? Get answers over the phone at Keen.com.
> Up to 100 minutes free!
> http://www.keen.com
I know for a fact that the group that wrote RSA in 3 lines of Perl code
had T-shirts printed up. I thought they looked pretty cool. One sick
guy even got a tatoo of it. :)
--
Arthur Dardia Rensselaer Polytechnic Institute [EMAIL PROTECTED]
PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: OTP using BBS generator?
Date: Sun, 13 Aug 2000 22:49:35 GMT
Terry Ritter wrote:
>
> Bryan Olson wrote:
>
> >Terry Ritter wrote:
> >[...]
> >> It is *not* sufficient that the assumptions be true: Even when the
> >> assumptions *are* true, BB&S *still* is weak every now and then.
> >
> >Nope. When you allow the defect might appear, you allow
> >that factoring might be easy and have contradicted the
> >premise.
>
> And that, of course, is my point precisely, as it has been for some
> time:
Then you should not have disagreed with Tim Tyler's point,
and what you wrote in the quote above about the assumption
not being sufficient is wrong.
> Since "pretend" BB&S does *not* check for short cycle operation, it
> allows the defect to occur. By not checking, it does not help assure
> that the assumption ("factoring is hard") holds
That's a theorem works: the conclusion follows from the
premises; it doesn't help assure them.
If the attacker were more likely to be able to factor a
known modulus when given the generator output than when not
given the output, then you would have a point. But that's
not the case.
The BBS security assumption is that the attacker cannot
factor the modulus when given the modulus. (Though in
practice we would not give him the modulus.) Giving him
generator output, starting from a random point, cannot
increase the chance he could violate the assumption, since
he can start generators at all the random points he wants.
[...]
> Since I am
> unaware of any other specific way in which the mathematical structure
> can expose factoring information, closing that hole would seem to be a
> desirable goal.
The point of the proof is to close all the holes, not just
the one's of which you and I are aware. Does the proof
succeed? Well, it does show that all the possible holes are
at most as likely as successful factoring.
[...]
> The difference, while probably not a significant weakness in practice,
> is the difference between zero chance and a sweepstakes chance.
It's covered by the factoring reduction anyway. More
importantly, this is only a zero chance for one particular
weakness. The point of the proof is to eliminate all
algorithmic methods of prediction, which it does in the
sense and cases in which factoring is intractable.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Subject: Re: Impossible Differentials of TC5
From: lordcow77 <[EMAIL PROTECTED]>
Date: Sun, 13 Aug 2000 16:00:24 -0700
The impossible differential exists independent of the actual
round function; your F functions could be the identity mapping,
a truly random 64x64 S-box, an inverse over GF(2^64), even a
complete DES encryption. Knudsen's analysis of DEAL presents
this quite clearly, as does Mark Wooding's previous postings on
the subject.
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 13 Aug 2000 23:19:47 GMT
JPeschel wrote:
>
>
>[EMAIL PROTECTED] (Guy Macon) writes:
>
>>Douglas A. Gwyn wrote:
>>>
>>>Guy Macon wrote:
>>>> So why haven't you published it yourself on the Internet?
>>>
>>>I haven't had time to set up a Web site. Whenever I get
>>>a round tuit, that will be one of the things I'll include.
>>
>>Email it to me and I will put it on the net for you.
>
>Looks like there is already one on the web:
>
>http://www.funkypages.com/hahaha.php?page=/roundtuit/index.php
<chuckle>
I meant, of course, that I will put this this paper that he says
he hasn't gotten around to publishing on the net for him. Thus
he has no remaining excuse for not publishing it.
I am still waiting for a reply.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Crypto T-shirts
Date: Sun, 13 Aug 2000 23:19:57 GMT
Arthur Dardia <[EMAIL PROTECTED]> wrote:
> I know for a fact that the group that wrote RSA in 3 lines of Perl code
> had T-shirts printed up. I thought they looked pretty cool. One sick
> guy even got a tatoo of it. :)
The truly daring won't be seen in anything less than a shirt bearing
the DeCSS code this season. :)
[ http://www.wired.com/news/technology/0,1282,37941,00.html if you
missed the joke ]
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: "Seeker" <[EMAIL PROTECTED]>
Subject: Looking for password statistical data
Date: Sun, 13 Aug 2000 23:18:56 GMT
Hi,
I'm looking for some data on the passwords that people have chosen. I know
people often choose dictionary words, etc, but I am looking for something
which I can draw some concrete conclusions from. Of course, the bigger the
sample, the better.
For instance, maybe 60% choose a dictionary word, 20% choose a phone
number.. For now, I can only make unsound inferences.
If there is a large list of passwords that people have actually used
somewhere not associated with any names, companies or systems that would
allow me to do my own analysis, that's fine. Thanks.
------------------------------
From: Ron B. <[EMAIL PROTECTED]>
Subject: Re: Crypto T-shirts
Date: Sun, 13 Aug 2000 23:31:32 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
On Sun, 13 Aug 2000 23:19:57 GMT, [EMAIL PROTECTED] wrote:
>Arthur Dardia <[EMAIL PROTECTED]> wrote:
>> I know for a fact that the group that wrote RSA in 3 lines of Perl
>> code had T-shirts printed up. I thought they looked pretty cool.
>> One sick guy even got a tatoo of it. :)
>
>The truly daring won't be seen in anything less than a shirt bearing
>the DeCSS code this season. :)
>
>[ http://www.wired.com/news/technology/0,1282,37941,00.html if you
> missed the joke ]
See www.copyleft.net !
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOZcvvgzUoy7OvTSOEQI4OQCeP+RASL+Ol1b51mp4FJiRjYhuRF4AnjP+
yxUh3TCCo8esjUkJXWKiiaq8
=gS3h
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 13 Aug 2000 23:32:44 GMT
Tim Tyler wrote:
>
>Guy Macon <[EMAIL PROTECTED]> wrote:
>: Tim Tyler wrote:
>:>Guy Macon <[EMAIL PROTECTED]> wrote:
>
>:>: Actually, oddly enough, what I learned in Seminary explains why we
>:>: keep seeing this idea much better than anything I ever learned in
>:>: a Physics class.
>:>
>:>: There is a branch of theology that seems to be influencing people
>:>: who don't know the root source of the ideas they hold. [...]
>:>
>:>: Alas, by this time enough people were infected with the "no randomness"
>:>: meme that it became a self-sustaining memeplex which attempts to
>:>: propagate into sci.crypt on a regular basis.
>:>
>:>Save your psychoanalysis until you have a "perfect" random number
>:>generator which you can demonstrate has the property in question.
>
>: Please learn the difference between psychoanalysis and memetics.
>
>``There is a branch of theology that seems to be influencing people
> who don't know the root source of the ideas they hold.''
>
>This looks more like psychoanalysis than memetics to me.
>
>Also, there's no need to patronise me. I'm quite aware of the
>similarities and differences between psychoanalysis and memetics.
I will now stop patronizing you, having posted one patronizing response
to your patronizing comment about "Save your psychoanalysis". Shall we
now go back to having a reasonable discource? I generally respect your
opinions, but that comment of yours was a bit patronizing.
If you wish, I could take a quick survey and ask if the majority of
readers think that the statement "Alas, by this time enough people
were infected with the "no randomness" meme that it became a self-
sustaining memeplex which attempts to propagate into sci.crypt on a
regular basis" sounds more like psychoanalysis than memetics. Would
you prefer that I ask in sci.crypt, alt.memetics, or sci.psychology?
Or would you prefer to concede the point now? This really does look
like a classic example of memetics to me.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 13 Aug 2000 23:37:52 GMT
Tim Tyler wrote:
>...using a detector which is demonstrably immune to all non-random
>environmental interferences? I seriously doubt it.
While we are still debating tha validity of my analysis of the upper
limits of such non-random environmental interferences on a well
designed RNG, this is begging the question.
------------------------------
From: "Mikal 606" <[EMAIL PROTECTED]>
Crossposted-To: alt.religion.kibology
Subject: Re: 1-time pad is not secure...
Date: Sun, 13 Aug 2000 19:42:23 -0700
"Guy Macon" <[EMAIL PROTECTED]> wrote in message
news:8n7b6s$[EMAIL PROTECTED]...
>
> Tim Tyler wrote:
> >
> >Guy Macon <[EMAIL PROTECTED]> wrote:
> >: Tim Tyler wrote:
> >:>Guy Macon <[EMAIL PROTECTED]> wrote:
> >
> >:>: Actually, oddly enough, what I learned in Seminary explains why we
> >:>: keep seeing this idea much better than anything I ever learned in
> >:>: a Physics class.
> >:>
> >:>: There is a branch of theology that seems to be influencing people
> >:>: who don't know the root source of the ideas they hold. [...]
> >:>
> >:>: Alas, by this time enough people were infected with the "no
randomness"
> >:>: meme that it became a self-sustaining memeplex which attempts to
> >:>: propagate into sci.crypt on a regular basis.
> >:>
> >:>Save your psychoanalysis until you have a "perfect" random number
> >:>generator which you can demonstrate has the property in question.
> >
> >: Please learn the difference between psychoanalysis and memetics.
> >
> >``There is a branch of theology that seems to be influencing people
> > who don't know the root source of the ideas they hold.''
> >
> >This looks more like psychoanalysis than memetics to me.
> >
> >Also, there's no need to patronise me. I'm quite aware of the
> >similarities and differences between psychoanalysis and memetics.
>
> I will now stop patronizing you, having posted one patronizing response
> to your patronizing comment about "Save your psychoanalysis". Shall we
> now go back to having a reasonable discource? I generally respect your
> opinions, but that comment of yours was a bit patronizing.
>
> If you wish, I could take a quick survey and ask if the majority of
> readers think that the statement "Alas, by this time enough people
> were infected with the "no randomness" meme that it became a self-
> sustaining memeplex which attempts to propagate into sci.crypt on a
> regular basis" sounds more like psychoanalysis than memetics. Would
> you prefer that I ask in sci.crypt, alt.memetics, or sci.psychology?
> Or would you prefer to concede the point now? This really does look
> like a classic example of memetics to me.
>
GUYS!!!!
can we get back to talking about glasses of puke now?
muahahahaha
dramar_ankalle
Rs > > 1/wCs
Ns A
ec= -------
10x Rs Cs
------------------------------
Subject: Re: Impossible Differentials of TC5
From: tomstd <[EMAIL PROTECTED]>
Date: Sun, 13 Aug 2000 16:28:24 -0700
lordcow77 <[EMAIL PROTECTED]> wrote:
>The impossible differential exists independent of the actual
>round function; your F functions could be the identity mapping,
>a truly random 64x64 S-box, an inverse over GF(2^64), even a
>complete DES encryption. Knudsen's analysis of DEAL presents
>this quite clearly, as does Mark Wooding's previous postings on
>the subject.
That's about as usefull as saying that x -> y when x and y don't
belong to the same set is impossible.
I am trying to figure out how to recover key bytes from the
cipher given that we are trying to send the generic (0, d) input
difference through the cipher.
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: Peter Pearson <[EMAIL PROTECTED]>
Subject: Re: Pentium III h/w RNG
Date: Sun, 13 Aug 2000 16:36:44 -0700
Joseph Ashwood wrote:
>
> I think we all kind of gave up when it was discovered that if it wasn't
> present the motherboard gave back random garbage. Actually some analysis was
> done, but the only stuff I'm aware of was funded by Intel.
> Joe
>
> "David C. Barber" <[EMAIL PROTECTED]> wrote in message
> news:8mvi5a$207f$[EMAIL PROTECTED]...
> > The Pentium III is supposed to have some RNG function in it. A couple
> times
> > I'd heard that some analysis would be done with it, and even if it was
> less
> > than perfect, that that could be "fixed" with proper use. In the end, I
> > never saw any analysis, though I'm sure some must have been done. Anyone
> > have information and/or pointers on how well this function works?
Cryptography Research studied Intel's random-number hardware
design, and produced a pretty positive report, which you can
see at www.cryptography.com. The report was sponsored by Intel,
but that doesn't mean the report is a whitewash: no crypto
company that wants to keep its good name will knowingly
bless a flawed system.
- Peter
Full disclosure: I work for Cryptography Research.
------------------------------
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: chap authentication scheme?
Date: 13 Aug 2000 16:46:50 -0700
[EMAIL PROTECTED] (Bill Unruh) writes:
> In <[EMAIL PROTECTED]> Thomas Wu <[EMAIL PROTECTED]> writes:
> ]I think it's provably impossible. If you allow only one server challenge
> ]and one client response message, and you assume that the server in the
> ]first message doesn't know the identity of the user, the server can't
> ]make the first message a function of some user-specific secret. A
> ]fake server can always issue a legitimate first challenge and then
> ]dictionary-attack the response from the client.
>
> ]I'm not sure we gain much by operating within this arbitrary and
> ]fundamentally limited authentication model. Allow at least an
> ]initial message from the client, and that opens up the door for
> ]secure protocols like SRP and its functional equivalents.
>
> Again, we gain by being able to use an existing protocol with in the ppp
> standard. To get a new protocol approved is a long process. As far as I
> know the rules I set up would just drop in.
>
> The only attack against the protocols suggested seems to be dictionary
> attacks. I am willing to live with that. after all, all crypto schemes
> are vulnerable to exhaustive search, and the database is already
> vulnerable. Note that ppp is often used over phone lines, in which case
> tapping the line and making sense of the echo cancelling signals from
> modern modems is a hard job in and of itself. Of course ppp is also used
> over the ethernet, where the issue becomes more difficult.
If we want dictionary-attack-proof authentication, want the server not
to store password-equivalents, and are allowed only one challenge and
one response, why not just use DSA? As in:
0. Everyone uses a set of DSA parameters p, q, and g. The client's
private key x is derived from a hash of his password (and optionally
his username). The server stores the DSA public key y = g^x (mod p).
1. Server sends client a nonce M:
S->C: M
2. The client signs M with DSA using his password-derived private key,
and sends back the signature:
C->S: r, s
Unless I'm missing something, this simple protocol satisfies our
requirements and uses relatively little bandwidth. You can substitute
your favorite discrete-log signature scheme or use alternate groups
like EC, as long as the signature algorithm uses a random factor.
> I was interested both in the specific situation of the chap protocol as
> I understand it, and also in the more general problem of how secure can
> you make such a two stage process. Yes, it will not be totally secure,
> but what is the best that you can do.
--
Tom Wu * finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/srp/
------------------------------
From: ArchimeDES <[EMAIL PROTECTED]>
Subject: Diehard suite, is it commercial?
Date: Sun, 13 Aug 2000 23:50:37 GMT
I'd like to know the distribution policy of DieHard suite.
Is it a commercial package? Where can I find it?
Tnx
ArchimeDES
======================
remove SPAMDIE for mail
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 13 Aug 2000 23:50:49 GMT
Mok-Kong Shen wrote:
>I suppose that most physical measurements, after doing
>sophisticated error analysis, give only values that are
>intervals (in which the correct values should be) that are
>considered acceptable at certain confidence levels. A more
>accurate measument gives a smaller interval, but not the
>'exact' value. That kind of accuracy may be o.k. or even be
>big over-kill for some purposes. But I think that one can't
>claim that one gets 'absolutely' perfect measurements,
>at least in most cases of practical interest.
Correct. The flaw in the arguments posted by those who are infected
with the "no randomness" meme is in postulating that such perfection
is required. If a measured RNG output is so close to being a perfect
measurement of perfect randomness that it would take more resources
than exist (assuming the entire universe is turned into the most
powerful computer realizable with that many atoms) to prove otherwise
then we can say that it is indistinguishable from perfection.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 13 Aug 2000 23:53:40 GMT
Mok-Kong Shen wrote:
>A truly random process, as is well-known, can produce a
>finite sequence of all 0'sk, which certainly fails all tests.)
Any test for randomness that says that such a sequence is nonrandom
is wrong and should be discarded. A true test for randomness would
only say that such a sequence is very likely to be nonrandom.
------------------------------
Subject: Re: Diehard suite, is it commercial?
From: tomstd <[EMAIL PROTECTED]>
Date: Sun, 13 Aug 2000 16:48:52 -0700
ArchimeDES <[EMAIL PROTECTED]> wrote:
>I'd like to know the distribution policy of DieHard suite.
>Is it a commercial package? Where can I find it?
It's a free package I am not sure where I got my copy (sorry).
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 13 Aug 2000 23:57:46 GMT
Simon Johnson wrote:
>After all if you can't prove a source isn't random, then it must
>therefore be random, and the argument stands.
Great. Now we get anouther 200 posts on this subject. <grin>
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 13 Aug 2000 23:59:34 GMT
[EMAIL PROTECTED] wrote:
>You sure? I thought photon was considered an antimatter.
Close. The photon is it's own antiparticle.
------------------------------
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: chap authentication scheme?
Date: 13 Aug 2000 16:56:01 -0700
Thomas Wu <[EMAIL PROTECTED]> writes:
>
> If we want dictionary-attack-proof authentication, want the server not
> to store password-equivalents, and are allowed only one challenge and
> one response, why not just use DSA? As in:
I just realized that this is still vulnerable to dictionary attack.
Strike that claim. It's still lower-bandwidth than the first proposal.
> 0. Everyone uses a set of DSA parameters p, q, and g. The client's
> private key x is derived from a hash of his password (and optionally
> his username). The server stores the DSA public key y = g^x (mod p).
>
> 1. Server sends client a nonce M:
>
> S->C: M
>
> 2. The client signs M with DSA using his password-derived private key,
> and sends back the signature:
>
> C->S: r, s
--
Tom Wu * finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/srp/
------------------------------
Subject: What is up with Intel?
From: tomstd <[EMAIL PROTECTED]>
Date: Sun, 13 Aug 2000 16:54:23 -0700
On page four of the IntelRNG.pdf from cryptography.com they said
intel is patentning the von neuman rejector i.e with [0,0] and
[1,1] output nothing, output 0 for [1,0] and 1 for [0,1] which
hopefully lowers bias towards any given bit.
This idea is what 50 years old? How on earth can Intel patent
it?
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
