Cryptography-Digest Digest #506, Volume #12 Tue, 22 Aug 00 13:13:00 EDT
Contents:
Decryption (Herry Koh)
Re: 1-time pad is not secure... (John Savard)
Re: The DeCSS ruling (lcs Mixmaster Remailer)
Re: My unprovability madness. ("Trevor L. Jackson, III")
Re: 1-time pad is not secure... (Guy Macon)
Re: SHA-1 program (cool!) (Daniel Leonard)
Re: blowfish problem (Richard Bos)
Re: The DeCSS ruling (Daniel Leonard)
Re: Simple cipher based on SHA-1 (James Felling)
Re: Bytes, octets, chars, and characters ([EMAIL PROTECTED])
Re: 1-time pad is not secure... (Shellac)
Re: Hidden Markov Models on web site! (Gunnar Evermann)
Re: blowfish problem (Nick Keighley)
Re: What is required of "salt"? (John Myre)
Re: The DeCSS ruling (Jim Steuert)
Re: Question on Decorelation Theory (Mok-Kong Shen)
Re: 1-time pad is not secure... (Mok-Kong Shen)
Re: Hidden Markov Models on web site! (Mok-Kong Shen)
encryption scheme output - samples table? ("Detonate")
----------------------------------------------------------------------------
From: Herry Koh <[EMAIL PROTECTED]>
Subject: Decryption
Date: Tue, 22 Aug 2000 20:26:11 +0800
Hi,
I am new to this area. For the past few days I have been messing around
with some encryption algorithm. Nothing complicated, just a few XORs and
permutations. However, having completed a small program on the
encryption part, I find the decryption algorithm to be very complicated
to derive. Most of the literature I have seen concentrated heavily on
encryption and made no mention of decryption at all. Does anybody know
any formal (or informal) methods (or tricks of the trade) of deriving
the decryption algorithm from any general encryption algorithm (apart
from the obvious method of working backwards, of course).
Any insights into this will be most appreciated.
Herry.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: 1-time pad is not secure...
Date: Tue, 22 Aug 2000 12:11:11 GMT
On Tue, 22 Aug 2000 00:06:33 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote, in
part:
>Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
that is, quoted Tim Tyler as appearing below (his own words, as would
be prefixed by >: do not appear)
>: Tim Tyler wrote:
>:> It amuses me to think that some people feel they can completely dismiss
>:> the idea that the universe is deterministic on the basis of our current
>:> knowledge of physics.
This isn't that "amusing", because there are good reasons to do so.
Local hidden variable models have been eliminated by the EPR
experiment.
If one excludes exotic ideas like time-reversed wave propagation (and
there are grounds for dismissing them as nonphysical) and assumes the
speed of light to be an absolutely rigid limit (there appears to be an
argument that one must do so to preserve causality), then we are
constrained to admit that no 'underlying' theory can be true where the
elements of the underlying theory all behave classically.
Thus, a wave packet cannot really be a gas of thousands of discrete
particles on some lower level if those particles are supposed to
behave clasically, thus doing away with the strange behavior of the
quantum particles they make up.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Date: 22 Aug 2000 13:20:23 -0000
From: lcs Mixmaster Remailer <[EMAIL PROTECTED]>
Subject: Re: The DeCSS ruling
Would it be a good idea if periodically someone should email the
source decks in question to the judge? Just to let him know how
useless his ruling was? Anyone know his email address?
If the New York Times published the source (a la Pentagon Papers)
would the judge have ruled against them? Another example would be
the magazine that published detailed directions to making atomic
bombs.
It appears that private copyright 'rights' are more powerful than the
government rights to keep something secret.
The source is still available around on the web. Has anyone done a
survey to see if most of the sites that have it posted are outside
the US? Has the MPAA sent letters to sites overseas? What is the
reaction to the ruling or the letters by sites overseas?
Is the source on Deja-News?
What are the names of the files in question?
In article <[EMAIL PROTECTED]>
Jim Steuert <[EMAIL PROTECTED]> wrote:
>
> I am horrified to learn about the DeCSS
> case. The judge has
> ruled in favor of the MPAA (Motion Picture
> Arts Association) and
> enjoined 2600 magazine from publishing the
> DeCSS code on it's web
> site.
>
> The judge apparently ruled that publishing
> keys to a bank
> vault, even if the publisher never intended
> to rob the bank,
> would force the bank to re-program it's
> vault. And that
> constitues illegal intent.
>
> Where I think the judge is mistaken is his
> lack of distinction
> between publishing the specific keys to a
> specific bank vault, versus
> reverse-engineering a publicly visible vault
> mechanism (software).
>
> Isn't what is discussed on this newsgroup
> equivalent to
> "vault mechanisms?". And if so, isn't
> publishing an attack on
> a commericially used encryption algorithm
> (DES certainly)
> illegal?
>
> Is anyone in this newgroup concerned about
> this ruling?
>
> -Jim Steuert
>
------------------------------
Date: Tue, 22 Aug 2000 09:36:02 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.physics
Subject: Re: My unprovability madness.
Paul Lutus wrote:
> > If you're interested, the message below was selectively answered to
> > make it appear that I disagree with Goedel's theorem.
> >
>
> Simply disagreeing with G�del's Theorem carries about as much weight as
> disagreeing with a woman. You would need to have a technical basis to
> disagree with it, something no one else has thought of. Good luck.
>
> > I am
> > fed up with all of the dirty tricks and unkindness. I will be more
> > careful about accusing anybody, but something has to be done.
>
> Something has to be done? Like E. Robert Tisdale, who just caused sci.astro
> to self-destruct by proposing, then publishing, a "blacklist" of posters he
> personally didn't think were on topic?
Since such a topic is unnatural for sci.astro, did he include himself on the
list? [since self-reference is a current topic]
>
>
> We're better off tolerating the occasional slight. IMHO.
Absolutely.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 1-time pad is not secure...
Date: 22 Aug 2000 13:49:13 GMT
Shellac wrote:
>
>Tim Tyler <[EMAIL PROTECTED]> writes:
>
>> My dictionary also has: "determinism (n): theory that human action is
>> settled by forces independent of will".
>>
>
>First of all, your dictionary is a little inadequate :-)
IMHO, the best dictionary is the Merriam-Webster's Collegiate Dictionary,
Tenth Edition. available online at [ http://www.m-w.com/ ].
Main Entry: de�ter�min�ism
Pronunciation: di-'t&r-m&-"ni-z&m, dE-
Function: noun
Date: 1846
1a : a theory or doctrine that acts of the will, occurrences
in nature, or social or psychological phenomena are causally
determined by preceding events or natural laws
1b : a belief in predestination
2 : the quality or state of being determined
- de�ter�min�ist /-n&st/ noun or adjective
- de�ter�min�is�tic /-"t&r-m&-'nis-tik/ adjective
- de�ter�min�is�ti�cal�ly /-ti-k(&-)lE/ adverb
------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: Re: SHA-1 program (cool!)
Date: Tue, 22 Aug 2000 13:59:43 GMT
You can also compare your code with the one from Cryptix
(www.cryptix.org) java library. I also coded SHA1.
One thing that makes your code slow is that you used for loops. Since you
know exactly how many passes you will do, you can unroll the loops. Also,
a couple of comments:
1- you flen should be "unsigned long long" to get 64 bits (or u_int64
under VC++).
2- why this block ?
while (getc(sfp) !=3D EOF) /* Find file length */
flenorig++;
see comment 3
3- for the padding, look into my code, you only need to read the file
once. I got this technique from RFC1321 (MD5 message digest).
My source for java SHA1 is available at
http://megasun.bch.umontreal.ca/~leonard.
It is part of my crypto (message digests) library that is not yet
released.
> On the upside, SHA1.EXE only took thrice the time of the Bokler software =
to
> output its hash, which is cool; even better is that my program didn't cra=
sh.=20
> Of course, now I have a new bug to contend with....
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW :
------------------------------
From: [EMAIL PROTECTED] (Richard Bos)
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Date: Tue, 22 Aug 2000 14:02:34 GMT
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote:
> "Douglas A. Gwyn" wrote:
>
> > "K&R" does not denote a sufficiently tightly
> > specified language to use it as a standard, which is why there
> > was a C standards group formed in the first place. In fact, not
> > even the PDP-11 UNIX C compiler written by Ritchie and Reiser
> > fully conformed to the specs in "K&R" 1st edition, nor did PCC
> > which was the main basis for porting C to other platforms for
> > several years.
> >
> > For developing *new* C code, you are better off following the C
> > standard.
>
> Of course. But that's not the issue either. The issue is whether a program
> written using (say) the system 7 cc is written in C. I believe the answer is
> Yes.
If it's a K&R compiler, yes, albeit obsolete C. If it's a K&R-and-other-
extensions compiler, then (provided it used these extensions, of course)
no, it's not C, it's C-plus-system-specific-extensions.
Richard
------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: Re: The DeCSS ruling
Date: Tue, 22 Aug 2000 14:05:15 GMT
> What are the names of the files in question?
css-auth.tar.gz, a search on google will find it in no time. DeCSS is now
a whack-the-mole (TM) thing, there are more site putting the code online
than there are being hit with injonction.
Also, the code is probably on Sealand by now.
You can also go to the Electronic Frontier Fondation site (eff.org IIRC),
you can even get a T-Shirt with the source printed on it (I heard rumors
that the T-Shirt is now illegal in the USA).
Good hunting.
What about including CSS as a cipher in Cryptix or any crypto library ???
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW :
------------------------------
From: James Felling <[EMAIL PROTECTED]>
Subject: Re: Simple cipher based on SHA-1
Date: Tue, 22 Aug 2000 09:53:33 -0500
Janne Tuukkanen wrote:
> I'm newbie on the field, so be patient ;-)
>
> Is this worth anything:
>
> 160 bit key is created from pass phrase using SHA-1.
>
> First 64 (or what ever) bits of plaintext are XORed with
> (say for instance least significant) 64 bits from the key.
>
> The 64 bits used from the key are replaced by the
> ciphered 64 bits.
>
> New key is produced for the next block from the key using SHA-1.
>
> And so on...
>
> If the key is understood as 'state', there should always be
> at least 96 secret bits in it, and recovery of those even
> when there is known plaintext should be somewhat difficult.
> Other hand the ciphered 8 bytes are used for the next hash, so
> other documents ciphered with the same key could not be
> opened when the first one's plaintext is known.
>
> Ok, I believe this is somewhat weak (and I hope someone will
> gently point me the principles of the weaknesses of the algorithm),
> but _how_ weak? If we are living in the world of 1GHz PIII's, what
> kind of time scale it would take to break this (msecs? secs? hours?
> days? weeks? ...)
>
> JanneT
I am unclear what you mean by the cyphered 64 bits, so I will give
examples of the weaknesses of what I think you may mean. Actually this
system is slow, but other than that it is not ut
64bits( H(passphrase(i))) XOR plaintext(i) =cyphertext(i)
passphrase(i+1)=h(passphrase(i) with Cyphertext(i) replacing the 64 bits
selected by the first operator)
Genericly this will give 96bits of security versus brute force with no
known plaintext. A trivial chosen plaintext attack will succede with
~2^64 trial encryptions( compute the 2^64 possible outputs and the
inputs that produce them)
It does have some major weaknesses though versus certian forms of
attack.
Consider two messages call them A and B, encrypted under this code both
using a key K.
the first block will always be attackable because it is H(K) XOR A(1) in
the first message, and H(K) XOR B(1) in the second, and this allows one
access to A(1) XOR B(1). This exposure will continue until the text in
the two messages diverges. ( I would suggest some form of IV).
Additionally I would suggest perhaps some means of expanding your output
space may work to your advantage -- perhaps a 128 bit version that works
with two parallell hashes, and some form of feedback.)
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.lang.c,alt.folklore.computers
Subject: Re: Bytes, octets, chars, and characters
Date: Tue, 22 Aug 2000 14:54:07 GMT
In article <[EMAIL PROTECTED]>,
Eric Smith <[EMAIL PROTECTED]> wrote:
> The term "byte" was coined by the IBM Stretch (7030) architects. On a
> Stretch, a byte was of variable size from 1 to 8 bits. Although the
> Stretch software did use an 8-bit character (but not ASCII or EBCDIC),
> there was no special hardware or microcode requirement that this be
the case
> (unlike the System/360), and this was not the sole motivation for the
term
> "byte".
The I/O on Stretch was done in 8-bit bytes. The VFL instruction let you
access any byte up to 64 bits in length. There was an add-on processor
called Harvest that was limited to 8-bit bytes.
Does anyone have a copy of either the 7030 manual, the book "Design of a
Computer System" or the procedings of the 1959 Eastern Joint Computer
Conference?
--
--
Shmuel (Seymour J.) Metz
domain acm at org, user shmuel
"A BIND is a terrible thing to waste"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Shellac <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: 22 Aug 2000 15:46:00 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
[EMAIL PROTECTED] (John Savard) writes:
> On Tue, 22 Aug 2000 00:06:33 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote, in
> part:
> >Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> that is, quoted Tim Tyler as appearing below (his own words, as would
> be prefixed by >: do not appear)
> >: Tim Tyler wrote:
>
> >:> It amuses me to think that some people feel they can completely dismiss
> >:> the idea that the universe is deterministic on the basis of our current
> >:> knowledge of physics.
>
> This isn't that "amusing", because there are good reasons to do so.
> Local hidden variable models have been eliminated by the EPR
> experiment.
>
The irony here is that the guy who proved what you cite here (Bell)
advocated a deterministic understanding of quantum mechanics, viz
Bohmian Mechanics. It has also been claimed that it is a local theory,
in a recent book, which I find less convincing. Whatever, current
physics certainly neither endorses, nor denies, determinism.
Shellac
- --
Key fingerprint = FC31 23CA 3EBA E30D 2F20 D7EA 8C8F BB0A 49CA 5201
I use and endorse MkLinux, MacOS, GnuPG, Xemacs, Alpha (text
processor), wwwoffle, w3m, Gnus, Leafnode, Cherry Coke, PG Tips. They
do not sponsor me. Despite endless requests.
=====BEGIN PGP SIGNATURE=====
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>
iD8DBQE5opIijI+7CknKUgERAgf6AKCS5HFACi7Dj5egSKIBQ0u8+BA6DACfT1P5
ixuk4M+PV9RV27pYPaKzKe8=
=Z4FK
=====END PGP SIGNATURE=====
------------------------------
From: Gunnar Evermann <[EMAIL PROTECTED]>
Subject: Re: Hidden Markov Models on web site!
Date: 22 Aug 2000 16:57:34 +0100
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
> John Savard wrote:
> > ... I did not understand such matters as Baum-Welch estimation
> > well enough to attempt to describe them, ...
>
> Basically, all that matters (unless you have to implement it) is
> that it runs forward and backward through the observed output using
> the actual transitions to successively refine an initial estimate of
> the HMM parameters, and the algorithm has been proved to be stable
> and convergent. The result is a set of parameters for the HMM for
> which the observed output is at least as likely as for any other set
> of parameters.
Baum-Welch only finds a _local_ maximum, it is not guaranteed to find
the global maximum.
Gunnar
------------------------------
From: Nick Keighley <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Date: Tue, 22 Aug 2000 15:48:45 GMT
In article <[EMAIL PROTECTED]>,
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote:
> Richard Bos wrote:
> > "Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote:
> > > There is ISO 1989 C and there is K&R C. I have and use compilers
> > > of both flavors. This millennium even.
> >
> > Of course you have; last millennium there wasn't even any
> > electricity to run your computer on.
>
> Nope. Forget the calendar 'cause I'm a coder. IMHO zero is the first
> number. ;-)
yes but they didn't have a zero when they invented the calendar.
:-)
--
Software, regardless of the language or OS, is being used to handle
real-world, life-or-death problems. THAT should cause fear, except
that the alternative is for every single emergency to be handled
entirely by humans...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: What is required of "salt"?
Date: Tue, 22 Aug 2000 10:06:27 -0600
"David A. Wagner" wrote:
>
> In article <[EMAIL PROTECTED]>, John Myre <[EMAIL PROTECTED]> wrote:
> > I'm wondering what (cryptographic) properties "salt" has to have.
>
> If I recall correctly, there is an excellent discussion in
> R. Morris, K. Thompson, ``Password security: a case history,''
> {\em Communications of the ACM}, vol. 22, no. 11, Nov. 1979.
Thank you!
> A simplified answer is that the salt makes dictionary attacks
> more costly: it prevents you from re-using off-the-shelf DES
> hardware, and it forces you to try each dictionary word separately
> for each user, rather than amortizing the cost of a dictionary
> attacks across all users.
Certainly that's the only constraint I've ever seen.
<snip>
> Using just the username would be bad (someone could build a
> password -> encrypted-password codebook for specially targeted
> users, e.g., "root"),
Good point.
> but username + fully-qualified server name
> seems ok as far as I can see.
A practical caveat was pointed out by Bill Unruh: watch out for
changes. You wouldn't want to accidentally lock out everybody
when you changed your network around.
<snip>
> Passwords are basically an obsolete technology, unsafe at any
> speed. I'd recommend that you consider the alternatives to
> passwords, and the risks of passwords, very carefully before
> deploying any new systems that use passwords for authentication.
What's your attitude towards the various "strong" password-based
authentication protocols being worked these days? I mean EKE,
SPEKE, SRP, SNAPI, etc.?
It just depends on the situation, doesn't it? Ideally, we want
two-factor or better authentication: something you know, something
you have, and something you are. Whether that kind of stuff is
practical depends on how much money you have to spend on security,
and how much you are protecting.
JM
P.S.
In fact the original reason I wondered about salt, was its
use in SRP. It appeared to me that if the user could know
the salt without asking the server, then you could get by with
one less message. The question, then, was what to make the
salt that the user would actually know, while not losing the
properties salt has to have to maintain the security properties
of the protocol. The advantage of using username+servername is
that those values need to be entered (known) anyway.
------------------------------
From: Jim Steuert <[EMAIL PROTECTED]>
Subject: Re: The DeCSS ruling
Date: Tue, 22 Aug 2000 12:15:25 -0400
I really don't care about dvds. I am content to go to the
local video rental and rent one in order to see a movie.
But the MPAA has gone too far! They have limited my right to
reverse-engineer technology that I am personally interested in.
Academic freedom and progress in technology depend on this.
Since the turn of the last century the non-elite (see old Popular Mechanics)
had the "hobby" power to invent/build their own technology, which has fueled
the
industrial revolution by which we all exist today. There is a close analog to
the information revolution going on today, which is truly based on free
dissemination of technical information on the web. Most of us owe our
careers to free dissemination of information (and programs) on the web.
The MPAA has threatened this freedom which is more valuable
than all of their movie rights ever combined.
We as programming professionals and academics must resist this very real
threat to our freedom. The MPAA came up with a lame encryption scheme
(and they were warned, apparently). They should pay the price, not our
freedoms. This is like making it a crime to criticize the tobacco, asbestos,
or nuclear industry, or to write Unsafe at Any Speed.
- Jim Steuert
Daniel Leonard wrote:
> > What are the names of the files in question?
>
> css-auth.tar.gz, a search on google will find it in no time. DeCSS is now
> a whack-the-mole (TM) thing, there are more site putting the code online
> than there are being hit with injonction.
>
> Also, the code is probably on Sealand by now.
>
> You can also go to the Electronic Frontier Fondation site (eff.org IIRC),
> you can even get a T-Shirt with the source printed on it (I heard rumors
> that the T-Shirt is now illegal in the USA).
>
> Good hunting.
>
> What about including CSS as a cipher in Cryptix or any crypto library ???
>
> ----------
> Daniel L�onard
>
> OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
> D�partement de Biochimie Tel : (514) 343-6111 ext 5149
> Universit� de Montr�al Fax : (514) 343-2210
> Montr�al, Quebec Office: Pavillon Principal G-312
> Canada H3C 3J7 WWW :
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Question on Decorelation Theory
Date: Tue, 22 Aug 2000 18:31:12 +0200
[EMAIL PROTECTED] wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > [EMAIL PROTECTED] wrote:
> > > In the paper "Provably Security for Block Ciphers by Decorrelation"
> by
> > > Serge Vaudenay. Page 5, Section 2 "Basic Constructions" and I quote
> >
> > Could you also give the name of the journal? Thanks.
>
> I don't know. But you could I dunno, possibly LOOK HIM UP ON THE WEB!
I have just succeeded to find out the reference:
STAC 98, LNCS 1373.
Isn't it that one of the AES candidates is based on such
a theory? If it had 'provable security', why did it fail
to get into the final round? Because of efficiency?
Could someone say something about that case in concrete
terms? Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Tue, 22 Aug 2000 18:31:00 +0200
Tim Tyler wrote:
>
> Even /if/ the laws of the universe appeared totally deterministic, it
> would not be possible to experimentally rule out the possibility that
> minor effects which nobody had noticed were "fundamentally random".
>
> Conversely, no matter /how/ random things appear, it's never possible to
> absolutely rule out there possibility of an underlying deterministic
> explanation, which nobody has found yet.
>
> To my eyes, science is not in either position - nor will it be until
> all observed phenomena fit into our scheme of proposed laws.
I don't think that man will ever obtain absolute knowledge
of everything. (Isn't it that a result of Goedel could be
interpreted a bit in this vein?) While plenty of theories
of ancient times have been overthrown/revised, why should
we think that our own current theories will hold till
eternity? Resources simply don't suffice to observe ALL
and absolutely error-free measurements generally don't
exist. On the other hand, I heard a cosmologist saying
that in other universes the fundamental laws may well be
very different.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Hidden Markov Models on web site!
Date: Tue, 22 Aug 2000 18:31:28 +0200
"Douglas A. Gwyn" wrote:
>
> John Savard wrote:
> > ... I did not understand such matters as Baum-Welch estimation
> > well enough to attempt to describe them, ...
>
> Basically, all that matters (unless you have to implement it)
> is that it runs forward and backward through the observed
> output using the actual transitions to successively refine an
> initial estimate of the HMM parameters, and the algorithm has
> been proved to be stable and convergent. The result is a set
> of parameters for the HMM for which the observed output is at
> least as likely as for any other set of parameters. That's
> an example of Maximum Likelihood Estimation, which is widely
> used in data analysis. Maximum-Likelihood methods generally
> fit the observed data *too* tightly, but it's a reasonable
> criterion that is mathematically tractable, and in practice it
> often produces good results.
Dumb questions: Can the HMM be used for predicting sequences?
Are there any literatures on its applications in crypto?
Thanks.
M. K. Shen
------------------------------
Reply-To: "Detonate" <[EMAIL PROTECTED]>
From: "Detonate" <[EMAIL PROTECTED]>
Subject: encryption scheme output - samples table?
Date: Wed, 23 Aug 2000 00:26:17 +0800
I was wondering if anybody knows of any tables that show the outputs of a
test string from various encryption schemes? For instance, the PC1 algorithm
in the implementation i've seen always outputs in lowercase alpha characters
a through z , and one byte input becomes two output, so "hello" might
encrypt to "dzeopwlemf". DES seems to be +number+number+number etc ...
obviously there are many schemes that couldn't be identified visually by
such characteristics or patterns, but others can - is there a table for this
somewhere?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
