Cryptography-Digest Digest #642, Volume #12 Sat, 9 Sep 00 17:13:01 EDT
Contents:
Re: Intel's 1.13 MHZ chip (Mok-Kong Shen)
Re: Intel's 1.13 MHZ chip ("m.a.jones01")
Re: RSA patent expiration party still on for the 20th (Rich Wales)
Re: security warning -- "www.etradebank.com" (Neil Y. Kramo)
R: PRNG ("Cristiano")
Re: Intel's 1.13 MHZ chip (Neil Y. Kramo)
Re: Losing AES Candidates Could Be a Good Bet? (SCOTT19U.ZIP_GUY)
Re: could you please tell me how this calculation has been obtained ? ("Nathan
Williams")
Re: PRNG ("Paul Pires")
Re: Carnivore article in October CACM _Inside_Risks (Anonymous)
Re: RSA?? (Bill Unruh)
DCSB: RSA Expiration Fundraiser for EFF, Downtown Harvard Club of Boston (Robert
Hettinga)
Re: PRNG (Terry Ritter)
Re: on a ligher note... ("Cheri & Mike Jackmin")
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Intel's 1.13 MHZ chip
Date: Sat, 09 Sep 2000 18:24:17 +0200
Sorry, please replace MHZ by GHZ.
M. K. Shen
------------------------------
From: "m.a.jones01" <[EMAIL PROTECTED]>
Subject: Re: Intel's 1.13 MHZ chip
Date: Sat, 9 Sep 2000 17:16:08 +0100
Wow, 1.13Mhz Pentiums. Suddenly, I feel really lucky that I own a 500Mhz
Pentium ...
Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Intel has launched a call-back of its 1.13 MHZ Pentium III,
> leaving currently AMD's 1.1 MHZ Athlon at the head of the
> line.
>
> This shows once again that in information processing there
> is much more to be worried about than algorithmics alone.
> Compatibility of hardware/software of the communication
> partners needs to be assured and diverse forms of
> redundancy may be called for in certain critical
> applications. I guess that such issues are no less
> important than questions like whether the opponent
> can obtain the 2^m pairs of plaintext and ciphertext
> (m sufficiently large) which the theory shows is
> sufficient/necessary for him to get the key.
>
> M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Rich Wales)
Subject: Re: RSA patent expiration party still on for the 20th
Date: 9 Sep 2000 16:16:02 -0000
"No User" wrote:
> Keeping the invention internal and unproductive
> for the term of the patent is not enough to claim
> the experimental use defense;
If this is true, what implications might it have on the use in the
US of the following:
==> RSA code which was written outside the US, and intended at the
time only for use outside the US?
==> PGP 2.6.3ia or other software using Phil Zimmermann's MPILIB
code, which was written in the US in the 1980's?
Rich Wales [EMAIL PROTECTED] http://www.webcom.com/richw/
PGP 2.6+ key generated 2000-08-26; all previous encryption keys REVOKED.
RSA, 2048 bits, ID 0xFDF8FC65, print 2A67F410 0C740867 3EF13F41 528512FA
------------------------------
From: [EMAIL PROTECTED] (Neil Y. Kramo)
Subject: Re: security warning -- "www.etradebank.com"
Date: Sat, 09 Sep 2000 17:51:17 GMT
"Harvey Rook" <[EMAIL PROTECTED]> wrote:
>-When you call in you must know some personal information
>(SSN/Address/Mothers Madden Name/Amount of last deposit or withdrawal )
Although I'm sure many people actually DO give their mother's real maiden
name, it's important to remember that you can give any name that you like
in response to this naive question, so long as you don't later forget what
you said. I generally give a different "mother's maiden name" for each
request that I get, and I make a side note to be skeptical of the security
policies of the company that asked.
--
"Neil Y. Kramo" is actually 8251 074396 <[EMAIL PROTECTED]>.
0123 4 56789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: R: PRNG
Date: Sat, 9 Sep 2000 19:42:28 +0200
> [EMAIL PROTECTED] (S. T. L.) wrote:
> > /* DIEHARDC ok (no 0.00 no 1.00) */
> >
> > This is not the way to interpret DieHard results.
>
> Technically there is no valid way to interpret DH results...
You too do you think Diehard give "strange" result?
I my many and many tests Diehard seems not to give p-values very
understandable.
Cristiano
------------------------------
From: [EMAIL PROTECTED] (Neil Y. Kramo)
Subject: Re: Intel's 1.13 MHZ chip
Date: Sat, 09 Sep 2000 17:59:44 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>Intel has launched a call-back of its 1.13 MHZ Pentium III,
>leaving currently AMD's 1.1 MHZ Athlon at the head of the
>line.
Don't those idiots realize that there are processors today that are a
thousand times faster? What were they thinking?
--
"Neil Y. Kramo" is actually 8251 074396 <[EMAIL PROTECTED]>.
0123 4 56789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: 9 Sep 2000 18:33:14 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in <39BA6237.42095CF1@t-
online.de>:
>
>
>[EMAIL PROTECTED] wrote:
>>
>> [EMAIL PROTECTED] wrote:
>> > Now you are dragging the Swiss into your insane arguments? Who's next
>> > the Canadians?
>>
>> Be careful, they're up there and just waiting for the chance to cross
>> the world's longest unprotected border and shop in our malls!
>
>Quite a time back there were indeed some rumours about
>a European crypto equipment manufacturer that naturally
>issued a dementi. I haven't followed that history, though.
>
>M. K. Shen
http://cryptome.org/
Is the site that I last saw the mention of the NSA getting the
Swiss to modify their crypto equipment. I thought is was common
knowledge but I guess most people hear are to lazy to look.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Nathan Williams" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: could you please tell me how this calculation has been obtained ?
Date: Sat, 09 Sep 2000 18:42:01 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Rich,
Someone probably signed your key and then did a key update. Presto
your key is uploaded.
Nathan Williams
"Your Name" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Fri, 08 Sep 2000 19:24:48 -0400, jungle <[EMAIL PROTECTED]>
> wrote:
>
> >wrong, you did ...
> >all servers have your key [ Rich Eramian aka freeman at shore dot
> >net ] ...
>
> No, I didn't because I don't like key servers. But I sure would
> like to know how it got there. Could some trojan on my system be
> responsible? I hope that my PGP software did not put it there.
>
Rich Eramian aka freeman at shore dot net
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.5.8
iQA/AwUBObpdIt8G10zX/RREEQIhLACg78e3udM+4tPOroJE+EbmpdAox3AAn0Fc
5kucY1hBjshMf7lWAH7K48Sh
=GuMP
=====END PGP SIGNATURE=====
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: PRNG
Date: Sat, 9 Sep 2000 11:55:59 -0700
<[EMAIL PROTECTED]> wrote in message news:8pd7dv$cke$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (S. T. L.) wrote:
> > /* DIEHARDC ok (no 0.00 no 1.00) */
> >
> > This is not the way to interpret DieHard results.
>
> Technically there is no valid way to interpret DH results...
I know of only one valid interpretation. If you get a 1 or zero to 6 places you
"Fail bigtime" Even then, it's not decicive (you could have won
the lottery). I have been working on running large numbers of Diehard
passes and processing the bulk results per line and have found one thing
usefull. If you track the Min value, Max value & average for each
individual test sometimes a flaw not seen in a single test can pop out.
Here is the max, min, avg. for the 31x31 & 32x32 Binary Rank Tests
on one generator I was looking at. There were 100 tests run with a
different seed for each. The generator "passed" each of the hundred tests
but look.
31x31 p-value= 0.992866, 0.320975, 0.571386
32x32 p-value= 0.997435, 0.320885, 0.597587
The Minimum value out of a hundred tests is too weird
(defies probability). Expected would be in the 0.00XXXX range.
I got something usefull out of a "Passing score" with Diehard but
it is very slow and tedious. Another thing that might be telling is
binning out the number of hit's for each Pvalue.
If a thousand passes were run, and you round off the results to
two decimal places and bin the results, you should see, on avearge,
a flat distribution of ten residents per bin. Doing a KS on this might be
usefull.
The problem is that this is way to complicated for a casual test.
Any Ideas ?
Paul
>
> Tom
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
Date: Sat, 9 Sep 2000 21:01:02 +0200
From: Anonymous <[EMAIL PROTECTED]>
Subject: Re: Carnivore article in October CACM _Inside_Risks
>>> Why wouldn't the ISPs just unplug Carnivore, reboot, and
>>> tell the FBI that they'll plug it back in when it works?
>>
>> Because anybody who did so would immediately be thrown in jail for
>> violating a court order.
>
> A "court order" that dictates inclusion of foreign software
> into one's core business system should never be complied with
> in the first place. Do "court orders" require that automobile
> manufacturers install FBI-created mechanical boxes in drive
> trains? It would be absurd.
Attention cave-dweller: the feds require all types of things installed
in all sorts of products foisted upon unwary public. CALEA requires
telcos to build LEO-access directly into their CO switch fabric for ease
of wiretapping conventional switched-circuit conversations. Carnivore and
the laws governing its use achieve the same goal for ISPs and packetized
info. E911 requires wireless communications service providers to build in
cellphone-locating ability into their systems. And of course there's ECHELON.
Carnivore is simply another facet of govt's tireless quest to create a
pervasive total surveillance system - if you talk on a hardwired phone line,
you can be tapped with a flick of a switch. If you talk on a cell phone you
can be both tapped AND pinpointed. If you send an email it can be snatched.
Got a new driver's license lately? - if so your photo has been digitized and
stored in a state database linked to all other states' databases for instant
access by the feds to comb over with facial-recognition software.
But using your strictly Clintoneque lawyerspeak language, you are correct.
"Court orders" do not require these things be built into a companys product -
either laws or "mandates" from govt regulatory agencies force a company to
comply. And the "boxes" that are mandated are not FBI-created - the feds
simply push the requirements onto the company to compy with. And the "box"
may not be "mechanical" in nature - more likely software. And the "box" need
not be installed in the drive train.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: RSA??
Date: 9 Sep 2000 20:38:44 GMT
In <jcqu5.223962$[EMAIL PROTECTED]> "Big Boy Barry"
<[EMAIL PROTECTED]> writes:
]Can any government in the world crack it?
You will have to ask them. If they can, they have not told anyone.
]<[EMAIL PROTECTED]> wrote in message news:8pd7c1$ck6$[EMAIL PROTECTED]...
]> In article <eIju5.248105$[EMAIL PROTECTED]>,
]> "Big Boy Barry" <[EMAIL PROTECTED]> wrote:
]> > Is RSA encryption unsecure? I know nothing is 100% secure... but I
]> would
]> > like your opinion on RSA?
]>
]> Um, no to the best of my knowledge when used correctly RSA is still
]> considered secure.
------------------------------
Subject: DCSB: RSA Expiration Fundraiser for EFF, Downtown Harvard Club of Boston
From: Robert Hettinga <[EMAIL PROTECTED]>
Date: Sat, 09 Sep 2000 20:49:58 GMT
=====BEGIN PGP SIGNED MESSAGE=====
The Members of
The Digital Commerce Society of Boston,
<Rent this Space* :-)>,
and
The Internet Bearer Underwriting Corporation
In Celebration of the
EXPIRATION OF THE RSA PATENT
invite the Digital Commerce Community
to cocktails and an evening fundraiser for
the recent litigation efforts of
THE ELECTRONIC FRONTIER FOUNDATION
Special Guests to Be Announced
Wednesday Evening
September 20, 2000
5:30 to 8:30 PM
The Downtown Harvard Club of Boston
One Federal Street, 38th Floor
Boston
Free hors d'oeuvres
Cash Bar
Beautiful views of Boston Harbor at night
Requested minimum donation $35
The event's goal is $10,000
RSVP (or for *sponsorship :-)),
Robert Hettinga,
Moderator,
The Digital Commerce Society of Boston,
<mailto: [EMAIL PROTECTED]>
The Club's new dress code is "Business Casual",
whatever *that* means...
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQEVAwUBObZiU8UCGwxmWcHhAQEcxAgAhABrdq+bcxPDMYcjyaYDFFkPq3s8Ymnk
6SqQmqWRTOaK7+cK+AVXuleNtSk13EMPRBtOLq56HRQH3Ea8/GpW8Oe1xpXQJf/c
4ASX4FfApS78jP+9qFVLiN6F8xqUKCJMDSaa0nqwbmc4XBzMMpHCNKFhWEdYqur9
Mkf8N7IYJcItPbpMcC6QUoNTVg1wQLt3rptZnsEyHyTWgge2z1lRO8Jt38m6NfS9
5ZPem8IkUpYjcIpqQVw2DhsoRO6v/jYZxeulNHty26hxbME2RnLfxEMuaCoqq5aM
zWPkRLMSyhYqo0POsSpOLg1FjA6wgMA0GTi0BbeDKqWGsSH25Av5Fw==
=o7iR
=====END PGP SIGNATURE=====
--
=================
R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"The direct use of physical force is so poor a solution to the problem of
limited resources that it is commonly employed only by small children and great
nations." -- David Friedman, _The_Machinery_of_Freedom_
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: PRNG
Date: Sat, 09 Sep 2000 20:56:52 GMT
On Sat, 9 Sep 2000 11:55:59 -0700, in
<HMvu5.30907$[EMAIL PROTECTED]>, in sci.crypt
"Paul Pires" <[EMAIL PROTECTED]> wrote:
>
><[EMAIL PROTECTED]> wrote in message news:8pd7dv$cke$[EMAIL PROTECTED]...
>> In article <[EMAIL PROTECTED]>,
>> [EMAIL PROTECTED] (S. T. L.) wrote:
>> > /* DIEHARDC ok (no 0.00 no 1.00) */
>> >
>> > This is not the way to interpret DieHard results.
>>
>> Technically there is no valid way to interpret DH results...
>
>I know of only one valid interpretation. If you get a 1 or zero to 6 places you
>"Fail bigtime"
Extreme values certainly are indications of problem. Both "not random
enough" and "too random" are common generator failures, and a bad
generator often is really bad. But to put that last nail in the
coffin, bad statistical results need to be repeatable.
But even a value of .5 is not "good" if it occurs more often than
expected. If we get mostly .5's, even though they are clearly well
away from the extremes, we still have a problem.
>Even then, it's not decicive (you could have won
>the lottery). I have been working on running large numbers of Diehard
>passes and processing the bulk results per line and have found one thing
>usefull. If you track the Min value, Max value & average for each
>individual test sometimes a flaw not seen in a single test can pop out.
I would call that a quick and dirty way to look at the p-value
distribution. That distribution should be about flat and the mean
should approach .5 the more the tests are run. (100x the trials
should give about 10x the accuracy in the mean.)
>Here is the max, min, avg. for the 31x31 & 32x32 Binary Rank Tests
>on one generator I was looking at. There were 100 tests run with a
>different seed for each. The generator "passed" each of the hundred tests
>but look.
>
>31x31 p-value= 0.992866, 0.320975, 0.571386
>32x32 p-value= 0.997435, 0.320885, 0.597587
>
>The Minimum value out of a hundred tests is too weird
>(defies probability). Expected would be in the 0.00XXXX range.
Good pickup!
I think it is important to have at least one generator or data set for
which each test performs properly with no indication of problem. And,
ideally, there would be some data for which the test picks up a known
problem. Until we have that, we should consider the possibility that
the test itself may have problems.
>I got something usefull out of a "Passing score" with Diehard but
>it is very slow and tedious. Another thing that might be telling is
>binning out the number of hit's for each Pvalue.
That is very reasonable for each particular test. That is testing the
p-value distribution.
>If a thousand passes were run, and you round off the results to
>two decimal places and bin the results, you should see, on avearge,
>a flat distribution of ten residents per bin. Doing a KS on this might be
>usefull.
With those kind of numbers, we expect 10 counts per bin in 100 bins,
and at that level a chi-square test should be very useful.
>The problem is that this is way to complicated for a casual test.
Maybe I don't understand what "this" refers to. Just running the
tests and accumulating results may take time, but I don't see much
complicated about it.
In general, one would start out with fast, simple tests, and then only
if those look good, continue on to longer, more complicated tests.
Unfortunately, there is no natural end to testing. But running vastly
larger tests can be reasonable to see if subtle indications of
problems found in smaller tests were just chance.
When I was testing really-random noise circuits, my initial tests
picked up very unexpected and strange correlation patterns in
particular generators. Increasing the number of trials showed the
same patterns, at which time they became fairly real.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: "Cheri & Mike Jackmin" <[EMAIL PROTECTED]>
Subject: Re: on a ligher note...
Date: Sat, 9 Sep 2000 17:08:15 -0400
Tony T. Warnock wrote in message <[EMAIL PROTECTED]>...
>
>
>John Myre wrote:
>
>> [EMAIL PROTECTED] wrote:
>> ><snip>
>> > On a lighter note, why is it ships, rifles, cars, etc are feminine,
>> > but crays are masculine? Is that just another bizarre artifact of the
>> > Queen's English?
>>
>
>Computers are (much) more hostile than ships, rifles, cars, etc., (or even
>trains or whales.)
Gentlemen, gentlemen... it's simply a matter of trust. In a tight spot, you
trust your ship or your rifle to get you through, so you refer to her
affectionately and with respect. Your computer? It would just as soon reboot
YOU if it could. Nasty, unreliable, ungrateful wretches, they are.
MikeJ
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
