Cryptography-Digest Digest #558, Volume #12 Mon, 28 Aug 00 18:13:01 EDT
Contents:
Re: Bytes, octets, chars, and characters (Eric Fischer)
Re: R: R: Test on pseudorandom number generator. (Terry Ritter)
Future computing power (Mok-Kong Shen)
Re: SHA-1 program, wrongo ! (S. T. L.)
Re: Future computing power (S. T. L.)
Re: Future computing power ([EMAIL PROTECTED])
Re: Future computing power (Ichinin)
Re: Future computing power (Ichinin)
Re: DeCSS ruling -- More ("David C. Barber")
Re: Future computing power ([EMAIL PROTECTED])
Re: NEWBIE!!! Zodiac killer's encryption... (John C. King)
Re: Steganography vs. Security through Obscurity (zapzing)
Re: R: R: Test on pseudorandom number generator. ("Douglas A. Gwyn")
Re: ZixIt Mail (Steve)
Re: Bytes, octets, chars, and characters ("Douglas A. Gwyn")
Re: could someone post public key that is tempered ? ("Douglas A. Gwyn")
Re: PRNG Test Theory ("Douglas A. Gwyn")
Re: Blowfish question (and others) ("Jeffrey Walton")
Re: NEWBIE!!! Zodiac killer's encryption... ("Douglas A. Gwyn")
Re: PGP 6.5.8 test: That's NOT enough !!! (Nick Andriash)
Re: Blowfish question (and others) (Mike Tulley)
----------------------------------------------------------------------------
From: Eric Fischer <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c,alt.folklore.computers
Subject: Re: Bytes, octets, chars, and characters
Date: 28 Aug 2000 19:14:41 GMT
Johnny Billquist <[EMAIL PROTECTED]> wrote:
> > ASCII is not an international standard, although there are several
> > for character codes based on and intentionally similar to ASCII.
>
> I think there is some ISO standard which matches ASCII, but I have
> no idea what it is called.
ISO 646 is the international 7-bit character code standard. It allows
national variations for several characters, but there is an "international
reference version" that specifies what characters should be assigned if
there are no particular national needs, and in recent years this has been
aligned with ASCII. (Earlier versions of the IRV specified a Pound sign
instead of the Number sign, an international currency symbol instead of
the Dollar sign, and an overline instead of the tilde.)
Another international standard for the same code is the ITU-T (formerly
CCITT) International Reference Alphabet (formerly International Alphabet
No. 5).
eric
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: R: R: Test on pseudorandom number generator.
Date: Mon, 28 Aug 2000 19:25:57 GMT
On Mon, 28 Aug 2000 13:18:24 +0200, in <8odge9$7tl$[EMAIL PROTECTED]>,
in sci.crypt "Cristiano" <[EMAIL PROTECTED]> wrote:
>> The normal way to use a LCG is to convert the entire internal state
>> into a float, or even to use the state itself as an integer. Since
>> using the entire state is "normal," that is the way statistical tests
>> must be applied to get the "normal" results.
>
>OK this is the best way, but if I need only 8 bits? I think the best is take
>the 8 msb.
If you are going to use only 8 bits, you need test only 8 bits, not an
accumulation of 5 such values taken as a single large 40-bit value.
>Only when I apply my test to PRNG I need to consider only the 8 msb, but
>when I run FIPS PUB 140-2, Maurer and Diehard I take the whole integer as is
>without any modification.
Taking 5 chunks of 8-bits each is not the same as taking a single
40-bit value from an RNG.
One might as well argue that one could take 1 bit from each RNG step,
and that would be OK, or 1 bit every 100th RNG step and that would be
OK as well. It is not. We might make a complex RNG that way, but we
would not expect common statistical tests to be designed to pick up
problems which might occur in such a design.
For most conventional tests, the value being interpreted must
correspond to the single step of the RNG. If not, the test will be
confused by given a single meaning to a value which really has no
relationship to any one internal RNG state. Then it is the confusion
of the test which is being demonstrated, but nobody cares if we can
confuse a test.
>> Similarly, Diehard expects to see 32-bit integers, not 40 (unless it
>> has been modified). If we expect tests to have some meaning, we must
>> give the test the data in a format it expects. Then each test can
>> tell us about the particular characteristics it detects.
>
>Diehard read a (big) file. If I generate a file n bytes length, I think is
>not a problem how I generate the same n bytes, the problem is how generate
>each byte (as you say in the first paragraph).
You are confused. If you want to test bytes, you need to have tests
which are designed to work on bytes. If you want to use tests
designed to work on 32-bit integers, you need to supply 32-bit
integers, not 4 bytes. And in fact you supply 5 bytes.
It is not a surprise that one can confuse a statistical test by having
it read data which is composed of multiple RNG steps.
>I appreciate very much your considerations, but my original question is: if
>"URAND" and "random" are bad generators, why any test don't detect this?
Your question was answered: You are testing in the wrong way, so the
results are not what you expected. Statistical tests do not "certify"
a RNG, so the fact that they pick up no problems is no particular
advantage; it is just confusing.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Future computing power
Date: Mon, 28 Aug 2000 21:47:01 +0200
While the fabulous quantum computing lies certainly yet
far in the future, it may be useful to know how fast the
conventional computing power at a single site could
augment in the days to come. A newspaper report says that
Compaq will build for the US ASCI program a processor
cluster capable of delivering 30 Teraflops next year. In
2004 there will be a system delivering 100 Teraflops.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (S. T. L.)
Subject: Re: SHA-1 program, wrongo !
Date: 28 Aug 2000 19:51:39 GMT
<<you don't even have the documentation to djgpp. tragic.>>
Okay, I have that too, but you'll agree that reading the DJGPP docs is not a
good way to learn C, eh?
-*---*-------
S.T.L. My Quotes Page * http://quote.cjb.net * leads to my NEW site.
My upgraded Book Reviews Page: * http://sciencebook.cjb.net *
Optimized pngcrush executable now on my Download page!
Long live pngcrush! :->
------------------------------
From: [EMAIL PROTECTED] (S. T. L.)
Subject: Re: Future computing power
Date: 28 Aug 2000 19:53:45 GMT
<<In 2004 there will be a system delivering 100 Teraflops.>>
Oh, yeah. AI time.
-*---*-------
S.T.L. My Quotes Page * http://quote.cjb.net * leads to my NEW site.
My upgraded Book Reviews Page: * http://sciencebook.cjb.net *
Optimized pngcrush executable now on my Download page!
Long live pngcrush! :->
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Future computing power
Date: Mon, 28 Aug 2000 19:59:04 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> While the fabulous quantum computing lies certainly yet
> far in the future, it may be useful to know how fast the
> conventional computing power at a single site could
> augment in the days to come. A newspaper report says that
> Compaq will build for the US ASCI program a processor
> cluster capable of delivering 30 Teraflops next year. In
> 2004 there will be a system delivering 100 Teraflops.
First off what the heck is a flop? All I know is MIPS.
Computer speed will really only affect the tractibilty of PK cracking
not symmetric stuff. And even there bandwidth/memory is of more
importance then speed anyways.
If you take the trend of moores law, we can expect 4ghz computers
sometime in 2002. With the current 400mhz bus (or let's say 800mhz
bus) the cpu better have a large L1 cache.... :)
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Future computing power
Date: Mon, 28 Aug 2000 11:05:26 +0200
Mok-Kong Shen wrote:
<Snip>
How about a 10 x 800Mhz Beowulf cluster for your "recreational
purposes" ? :o)
All you need are the basic components:
What's needed for each node:
- Processor
- Fan
- Systemboard
- about 32 to 64 MByte memory (larger if you have $'s)
- Boot system (CdRom/Harddrive or Floppy)
- Some 100 MBit NIC
Then you need:
- an N-port 100Mbit Hub.
- A storage box. (Customise or build)
- A strong power outlet.
Home supercomputing for practically nothing. I'd build
one if i had some spare change.
Regards,
Glenn
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Future computing power
Date: Mon, 28 Aug 2000 11:08:08 +0200
[EMAIL PROTECTED] wrote:
> First off what the heck is a flop? All I know is MIPS.
Floating operation: 1/3 = 0,3333333333...
More terms (Dhrystones etc) can be learned through studying
theory of benchmarking.
Regards,
Glenn
------------------------------
From: "David C. Barber" <[EMAIL PROTECTED]>
Subject: Re: DeCSS ruling -- More
Date: Mon, 28 Aug 2000 13:45:06 -0700
ROT13? :^)
Actually, if you're distributing the keys, why not just distribute the
program?
*David Barber*
"No User" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <rWMp5.3769$[EMAIL PROTECTED]>
> "Stou Sandalski" <tangui [EMAIL PROTECTED]> wrote:
> >
>
> Okay, here is the game... After all this is sci.crypt. Both Deja-
> News
> & Alta Vista have removed the source from their servers. Someone
> needs
> to figure out a 'encryption method' that would convert the C source
> code
> to something that would not look like the original document, but not
> be
> seen as binary so it would be stored on Deja-News and its ilk.
> Instead of
> ASCII armour we need an 'English' armoured scheme.
>
> Documents would be stored on these servers and no-one would know what
> they
> really represent. The keys could be distributed to convert them
> back. This
> would not need to be a high security scheme, just enough to get it
> through a
> binary scanner to get it stored.
>
> Any idea?
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Future computing power
Date: Mon, 28 Aug 2000 20:39:19 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote:
> > First off what the heck is a flop? All I know is MIPS.
>
> Floating operation: 1/3 = 0,3333333333...
>
> More terms (Dhrystones etc) can be learned through studying
> theory of benchmarking.
You are best off doing osmething like a vector projection, dct, etc...
that is REAL instead of
for a = 0 to 100000000
b = c * 1/3;
So your speed is in "vector projections",etc per second, something more
real and tangible
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: John C. King <[EMAIL PROTECTED]>
Subject: Re: NEWBIE!!! Zodiac killer's encryption...
Date: Mon, 28 Aug 2000 20:43:51 GMT
In article <[EMAIL PROTECTED]>,
Rob B <[EMAIL PROTECTED]> wrote:
> Hi all!
> I saw a show this weekend on the Zodiac killer on TLC and was
fascinated
> by it...
>
> Anyways, I was wondering if anyone knows of any good web sites,
books,
> info, that discuss the encryption that he used in his letters, if
the
> messages were decoded, and, if so, how.
>
His first cipher was a homophonic cipher. The second large cipher
is generally believed to also be a homophonic cipher. There were
also several ciphers very small in length.
The first cipher was solved within a day after the three parts
were published in three seperate newspapers. A couple of high
school teachers solved it. Each part had several lines of ciphertext
with no spaces written in a block. The third part was not as long
(the last line truncated) so they used that to guess that it was
the last part of the message. They guessed that the killer was
egotistical and that the message started with "I". The message
was fairly easily obtained.
The second cipher has similar ciphertext symbols and is written in
a single cipher that appears to have padding at the end. The
padding makes the cipher have the same number of ciphertext symbols
in the last line as it does in the other lines. The padding also
contains symbols that spell his name. Although the ciphertext symbols
are similar they don't have the same mappings as in the first.
The definitive day-by-day book on the case is Robert Graysmith's
"Zodiac". Graysmith claims to have solved the second large cipher
and gives a "solution", however he provides no methodology and it
appears to be a bogus solution with lots of anagramming. All of
the Zodiac's messages and ciphers are reproduced in the book.
If anyone knows of any other "solutions" I would like to know. I
know of one other book (seems to be self published). It too
provides a "solution" which is a result of what Kahn calls
"hypercryptanalysis". I'll try to find it and post the book.
The Beale Ciphers (at least the solved one) are also homophonic ciphers.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Subject: Re: Steganography vs. Security through Obscurity
Date: Mon, 28 Aug 2000 20:59:03 GMT
In article <8o3g28$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Guy Macon) wrote:
> [EMAIL PROTECTED] wrote:
> >
> >
> >In article <[EMAIL PROTECTED]>,
> > "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> >
> >> In fact there are steganographic systems that meet that
> >> requirement -- even if the enemy is looking for your
> >> message and knows how you're hiding it, he cannot prove
> >> that it is present.
> >
> >Great! Can you list a reference?
>
> Not needed - the solution is trivial.
>
> Get a good hardware RNG and send me a maeesage every day consisting
> of random data from the RNG.
>
> Every so often, use the OTP encrypt a message with a pad from the
> same RNG and send that.
>
> No attacker can tell whether you sent a message or not.
Don't you think it will look somewhat suspicious,
all this random data being sent around ?
--
"Sarcasm: the last refuge of modest and
chaste-souled people when the privacy of
their soul is coarsely and intrusively invaded."
--Dostoyevsky--
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: R: R: Test on pseudorandom number generator.
Date: Mon, 28 Aug 2000 20:27:03 GMT
> > The point is that URAND miserably fails the statistical test.
Cristiano wrote:
> Why do you say this? It fail only my simple collision test ...
You just answered your own question!
> All the 4 generators pass the tests (Diehard, Maurer and FIPS PUB 140-2).
> May be I have found a brand new hard test for PRNG?
Assuming no errors were made in your work, then indeed you
found a test that detects some deviations from randomness
that the other tests missed.
> Note on diehard: after some test with diehard, I see that URAND fail some
> p-value in "OQSO" and fail big in "DNA" while Mother pass these tests (but
> fail some other p-value).
I'm not happy with the way that Diehard presents its results.
There are methods of summarizing such results into a single
measure, e.g. weight of evidence against the random hypothesis
(or a significance level based on that using inverse chi-square),
that should have been used instead.
> > If you just want unique numbers, use a simple counter.
> As a joke!
No, if that is the desired goal then that is the cheapest way
of attaining the goal.
> Now I'd like to calculate the statistic for the number of collisions: if the
> expected collisions are 90.95 and I want to calculate chi-square statistics,
> how many degrees of freedom I must consider?
First, note that this isn't a very efficient test, because the
number of d.f. is just one less than the number of "tests",
despite the millions of samples taken.
If you want to apply the chi-square test, it's not hard:
m = 10^8/2^40*10^6 = 90.94947 # expected outcome
df = 9
chisq(CryptGenRandom) = (109-m)^2/m+(94-m)^2/m+(91-m)^2/m+
(97-m)^2/m+2*(89-m)^2/m+(105-m)^2/m+
(107-m)^2/m+(92-m)^2/m+(82-m)^2/m
= 10.066834
q(CryptGenRandom) = 0.3451 # Prob(chisq would be that large by chance)
chisq(URAND) = 2*(19-m)^2/m+(18-m)^2/m+(29-m)^2/m+
(22-m)^2/m+3*(24-m)^2/m+(27-m)^2/m+(20-m)^2/m
= 514.97717
q(URAND) = 0.0000 # Prob(chisq would be that large by chance)
So there is only an insignificant contraindication for
CryptGenRandom, but there is essentially no likelihood
(absent any other evidence) that URAND obeys the model.
------------------------------
From: [EMAIL PROTECTED] (Steve)
Subject: Re: ZixIt Mail
Date: Mon, 28 Aug 2000 21:34:50 GMT
=====BEGIN PGP SIGNED MESSAGE=====
On 28 Aug 2000 18:38:41 GMT, [EMAIL PROTECTED] (JPeschel)
wrote:
>[EMAIL PROTECTED] writes:
>
>>Is it just me or ZixIt mails seems like a "been-there, done-that"
>>company?
>
>I dunno. Does Wind River Systems seem like one?
I went over & looked at their docs, and downloaded their junk to read
the EULA, to answer a question in alt.security.pgp. (The poster
wanted a comparision with PGP.) Here's my own conclusions, from the
earlier post...
On the surface Zix looks like a fairly decent product. It
certainly towers above most of the other snake oil that's been
mentioned in here lately. If it does exactly what the maker
says it does, it might have limited uses in a corporate
environment where 3rd party time stamping of low-security
encrypted traffic is required.
However, most PGP users will find Zix functions unacceptably
limited, and its security entirely unacceptable.
I quote the Zix EULA:
>- You may not reverse engineer, decompile, translate, adapt,
>disassemble, or otherwise attempt to investigate the inner
>workings of the Software, except to the extent that this
>restriction is expressly prohibited by applicable law.
In other words, it is illegal for 3rd parties (other than the
NSA) to audit the source code, compile known good copies from
source code, or publish the results of any reverse engineering
and analysis done on the Zix software. If the encryption is
defective or has back doors, users will never know about it.
Zix says it uses 3DES and a 1024 bit asymmetrical cipher. The
1024 bit asymmetrical cipher is not named. Since the code is
closed source and can not be compiled independently for
comparison of test vectors, they can say anything they want
about their encryption algorithms, and we just have to take
their word for it. This means that there is no basis for
assigning a trust level to Zix encryption. Do you feel fat,
dumb, and happy today?
Aside from the actual crypto functions that may or may not be
present in Zix, it is reasonable to assume that the rest of the
code in the Zix software leaks key and pass phrase data into the
swap file and elsewhere. It might also use weak keys and/or
disclose the user's secret key (by hiding it in the symmetric
keys), when prompted to do so by the central server. Crypto
software should always be considered guilty until proven
innocent, and this thing phones home every time you use it.
Yes that's right, it can't encrypt without phoning home.
According to the Zix documentation
(http://www.zixmail.com/ZixFAQ/zixmail.pdf), the Zix client has
to talk to the Zix server every time it encrypts a message, to
obtain the recipient's public key and a time stamp of the
message digest. Ouch! Even if we grant that Zix has no hidden
spyware functions (an unproveable assumption), Zix still has
100% traffic analysis capability built-in. Do you really want a
central record made of every instance of encrypted communication
you participate in?
But what about the convenience?
Zix is an e-mail application. It can not encrypt local files.
You can't even send an encrypted message to yourself without the
participation of the central server.
Given the trust-destroying "phone home" feature of Zix, there
will never be a signifigant user base. You will have to try to
talk every correspondent into installing Zix.
Anything you send via the Zix "feature" that claims to deliver
secure mail to non-users, will be decrypted by a public server
before being sent to its destination via an SSL-secured browser
connection. Calling this level of security "casual" would be
very charitable. PGP self decrypting archive files are many
orders of magnitude more secure, even if the pass phrases
you make up are only "average quality"..
My general conclusion: Zix is another PGP replacement that
falls way short of the mark for both security and utility.
:o/
Steve
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: PGP ADK BUG FIX: Upgrade to Ver 6.5.8 at MIT or PGP INT'L
iQEVAwUBOarawsXTOLlJEtXlAQGp+wgAlVsJjoClEdSs9u1z0Wacc09ixMIRu6TA
PjpxjcBYnmTsQ8y8nMbJEMQtx7cQlnAZCnFg3EQklqW0vZKthoG75jr4pCydJ9t5
2mwh6RV8NAwTaCYhXfRhiuGTk0lFuY5N4iV9GbCzjXhE6S+J/hgPhTLYF7Y5YPu2
ecfYymqeFWgHkx8+lrGWlh1Y1rPu0EuNli/CkexaONpwxzK+NYJ3SwMlkRlfv5UO
Y8b9vwFplRvT5BVfWCblrzO6gibELty1KrajIsn2KOOvyvgO36Z4HlgUznzO7UD4
XSCcrgi9yOX6LQMcSdupCro78lbcUEXi5ktYvumjRIOvGvp+qmIj2w==
=u4Pn
=====END PGP SIGNATURE=====
---Support privacy and freedom of speech with---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
My current keys are
RSA - 0x4912D5E5
DH/DSS - 0xBFCE18A9
------------------------------
Crossposted-To: comp.lang.c
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Bytes, octets, chars, and characters
Date: Mon, 28 Aug 2000 20:41:05 GMT
Richard Bos wrote:
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> > uint12_t specifies an unsigned integer type with width
> > exactly 12 bits, no padding, and twos-complement representation.
> I think not... uint12_t is unsigned, so two's- or anyone's-complement is
> irrelevant to it. Nor can I find a requirement of lack of padding.
> Note that two's complement is not required for int12_t, either.
While it is true that "twos-complement" is irrelevant for
unsigned integers, all those requirements apply to the
corresponding signed type int12_t, and it is easier to
remember and state the whole set of requirements for *all*
the exact-width types if you don't try to special-case
some of them.
I don't know where you got your copy of ISO/IEC 9899:1999
but this specification is definitely in the standard, in
subclause 7.18.1.1 (and reflected in 7.18.2.1).
------------------------------
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: could someone post public key that is tempered ?
Date: Mon, 28 Aug 2000 20:45:55 GMT
jungle wrote:
> could someone post public key that is tempered & pgp will not detect it ?
Check out http://cryptome.org/fbi-spy-prez.htm
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: PRNG Test Theory
Date: Mon, 28 Aug 2000 20:55:41 GMT
Mok-Kong Shen wrote:
> In the case of perfect randomness we have, however, in
> my view a little problem: We have a large number of
> statistical tests for detecting non-randomness, but
> we don't know whether the set of tests we currently have
> is nearly complete (let alone complete).
There is no such thing as a finite complete set of tests
for randomness.
> On the other
> side, we could ignore this problem in so far as we
> assume (believe) that our opponent is not better equipped
> with test suites than we are and consequently the use
> of sequences that successfully passes all tests available
> to and feasible for us can be practically justified.
All that is required is that the remaining order is low
enough that a huge number of possible decryptions are of
similar likelihood (to the actual plaintext). Shannon
introduced the notion under the name "unicity". If a
system doesn't meet that criterion, it is *certainly*
breakable, theoretically (just try all possible keys);
the practical question is whether the enemy knows some
shortcut.
------------------------------
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: Blowfish question (and others)
Date: Mon, 28 Aug 2000 17:49:42 -0400
Hey David,
I recall hearing a german mathematician all but broke DES. I have no
references to back the statement. Have you heard anything similar (or is
more misinformation).
"David A Molnar" <[EMAIL PROTECTED]> wrote in message
news:8oe4l9$4pm$[EMAIL PROTECTED]...
Chris J/#6 <[EMAIL PROTECTED]> wrote:
> that confirms this, all info about it being dated from about 1993 onwards.
As already pointed out, Blowfish was originally published in Dr. Dobb's
Journal in 1994. (I thought it was earlier, but no big deal).
> According to this other person its "misinformation" (I've pointed out the
> details about Blowfish on Counterpanes site, and it's not been accepted).
Oh dear. What is this person's standard of credibility?
> Can anyone actually give me any other solid references about Blowfish, its
> age and its security (how secure is blowfish these days?).
No major attacks are publically known against Blowfish.
Twofish exists because the AES ciphers need to have larger block sizes,
not because Blowfish is "inferior." Although Twofish probably benefits
from the experience gained by the designers since Blowfish came out.
> In a vaguely related note, PGP I'm sure wasn't out in the eighties
(contrary
> to this other persons notes)...and can someone also give a vague idea of
the
> security of triple-DES? Am I mistaken thinking it's still mostly secure?
The PGP User's Guide has (or had) a brief history of PGP, starting when
PRZ coded PGP 1.0 and then went around uploading it to a bunch of BBSes.
My memory says '92 - '93 for that, but check the Guide, which is
distributed with PGP.
DES has been around for almost 30 years. Still no one has been able to
come up with a practical attack substantially better than brute
force(not counting fun things like timing and power attacks). At least not
in public. 3DES removes the brute force problem. So if you are going to
pick one cipher, this is a serious candidate.
-David
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NEWBIE!!! Zodiac killer's encryption...
Date: Mon, 28 Aug 2000 20:59:32 GMT
Rob B wrote:
> Anyways, I was wondering if anyone knows of any good web sites, books,
> info, that discuss the encryption that he used in his letters, if the
> messages were decoded, and, if so, how.
Robert Graysmith's book "Zodiac". (A sequel is forthcoming.)
------------------------------
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP 6.5.8 test: That's NOT enough !!!
From: [EMAIL PROTECTED] (Nick Andriash)
Date: Mon, 28 Aug 2000 21:52:51 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
[EMAIL PROTECTED] wrote in <8oe9gi$n89$[EMAIL PROTECTED]>:
>This problem doesn't make S/MIME any more palatable - personally I'll
>use GnuPG!
Is GnuPG capable of recognizing a key that has been tampered with?
- --
Nick
N.J. Andriash [ Xnews v03.08.26 | PGP 6.5.8 | Win 98 v4.10 ]
Vancouver, B.C. Canada | PGP Key ID: 0x7BA3FDCE
____________________________________________________________
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.5.8
Comment: Join PGP-Basics at http://www.egroups.com/group/PGP-Basics
iQA/AwUBOare88UChHR7o/3OEQLoaQCfSVORmu/DcgLbj3O8eEibLqKcUbAAoOqy
JMJmWoLP4yGZOwnw+MwpW2+g
=QLSo
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Mike Tulley)
Subject: Re: Blowfish question (and others)
Reply-To: [EMAIL PROTECTED]
Date: Mon, 28 Aug 2000 22:02:09 GMT
On 28 Aug 2000 16:48:51 +0100, [EMAIL PROTECTED] (Chris J/#6)
wrote:
> However I've recently got into a small crypto discussion
>with someone, who claims Blowfish was around in the eighties...I'm
>having rather a tricky time accepting this as I can't find a reference
>that confirms this, all info about it being dated from about 1993 onwards.
Note: this post will be off-topic for cryptography, but the reader may
judge its relevance to this newsgroup ...
Cryptography, for good reason, requires a degree of "professional
paranoia." Unfortunately, it also atracts those who are clinically
paranoid. It is not uncommon for someone suffering from clinical
paranoia to believe that events keep happening over and over again.
Typically, when a new movie comes out, they will claim to have seen it
before, years ago. Hollywood, of course, aggravates this by doing the
occasional remake of a movie, but nowhere near as often as the
paranoid believes.
There is anecdotal evidence to suggest that some sufferers of clinical
paranoia may really be in an almost constant state of "deja vu." Most
people have experienced this feeling on occasions when very tired or
sleep-deprived. I imagine that your "... someone, who claims Blowfish
was around in the eighties" could use a litle more sleep?
Mike Tulley ("net") = f("ofu")
(my real e-mail address) = f("nlutztAufmvtqmbofu/ofu")
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
