Cryptography-Digest Digest #646, Volume #12 Sun, 10 Sep 00 13:13:01 EDT
Contents:
R: PRNG ("Cristiano")
Re: RSA?? (DJohn37050)
Re: RSA Patent -- Were they entitled to it? (DJohn37050)
Re: Ciphertext as language ("Abyssmal_Unit_#3")
Re: Scottu19 Broken (SCOTT19U.ZIP_GUY)
Re: ExCSS Source Code (Frank M. Siegert)
Outlook 98 and Encryption ("Nick H")
Re: RSA Patent -- Were they entitled to it? (Jim Gillogly)
Re: RSA Patent -- Were they entitled to it? ([EMAIL PROTECTED])
Re: RSA Patent -- Were they entitled to it? (Jim Gillogly)
Re: Scottu19 Broken (Tom St Denis)
Re: Bytes, octets, chars, and characters (Chris Rutter)
Re: "ChronoCryption" algorithm - $50 reward for spotting a flaw (fwd) (Ray Dillinger)
Re: could you please tell me how this calculation has been obtained ? (Your Name)
----------------------------------------------------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: R: PRNG
Date: Sun, 10 Sep 2000 15:04:39 +0200
NP wrote:
> I test my PRNG on FIPS
>
> DIEHARDC ok (no 0.00 no 1.00)
> FIPS1401 ok
> FIPS1402 4 fails at runs test for 1000 blocs tested
>
> What is criterion for FIPS1402 ?
FIPS PUB 140-2 supersedes FIPS PUB 140-1 so if you use the former is useless
to ulitize te latter.
Version 2 is more stringent in the sense that the tests results are given
with a significance level equal to .0001.
The sequence to test must be of 20000 bits, so I don't understand the
meaning of: "FIPS1402 4 fails at runs test for 1000 blocs tested".
If you accept my observation, it is very rare to find a generator that fail
FIPS PUB 140-2 test.
If you use DiehardC I think you are able to modify its code. In this case,
if you don't need to see any single p-value, I can suggest a method that I
have found very useful.
At the end of DiehardC, you'll have many p-values (if you run all test there
are 234 p-values). Be sure that p-values are sorted from 0 to 1.
Now calculate the error between each p-value and the expected p-value in
this way:
double e=0;
for(int i=0;i<pvalue_count;i++) {
double y=i/double(pvalue_count-1);
e+=(y-pvalues[i])*(y-pvalues[i]);
}
and then calculate the error with respect to the total area of the triangle
shaped by the two axes (x and y) and the ideal segment between (0,0) and
(pvalue_count-1,1):
e=e/double(pvalue_count-1)*2.*1e6 [ppm]
That's all!
In this way you have an absolute reference for the goodness of a PRNG
(obviously with respect to DiehardC test).
If you want to compare many PRNG, my suggestion is to collect (for each
generator) the p-values from 10, 20 or 50 DiehardC test with different
initializzations of the PRNG. In this case may be useful to consider the
mean and the standard deviation of the whole set of p-values and the error
of all p-values collected.
The best result is e=0 (the p-values are axactly as expected, but this will
never happen) the worst is about e=670000 ppm (depend on pvalue_count), this
happen when all p-values are equal to 1.
Cristiano
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: RSA??
Date: 10 Sep 2000 13:34:41 GMT
ANSI X9 requires 1024 bit RSA and DSA keys and 161 bit ECC keys.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: RSA Patent -- Were they entitled to it?
Date: 10 Sep 2000 13:40:15 GMT
My understanding (I am no lawyer) is that the Univac patent on digital
computation was broken by IBM by discovering prior work by Atanasoff (sp?) in
this area. There was a SCIAM article on this a while back. It seems one of
the pair credited with designing Univac (Mauchly)sp?), Eckert) was actually
talking to Atanasoff and (in a sense) stole A's ideas as his own.
But the point for this discussion was the patent WAS issued, but was found to
be invalid due to EXISTENCE of prior work, even if it was not published.
Don Johnson
------------------------------
From: "Abyssmal_Unit_#3" <[EMAIL PROTECTED]>
Subject: Re: Ciphertext as language
Date: Sun, 10 Sep 2000 09:30:20 -0400
& as if it isn't complicated enough on the planet with the existing known
spoken(unspoken) languages?
--
best regards,
hapticz
>X(sign here)____________________________________________<
wtshaw wrote in message ...
|It been said that there is a clear distinction between ciphertext and
|language, yet codewords are a form of ciphertext. Actual known languages
|can be adapted to encrypted communication. It seems an interesting notion
|to create a language, even one that can be spoken, in a derived manner
|that produces its own vocabulary, mathematically determined.
|
|Having done more that a dozen algorithms with base 78 ciphertext, it
|seemed attractive to take on 78 sounds in an artificial language. It was
|simple to write a translation program to produce readable words. There
|are nineteen characters used, thirteen consonants, BDFGHLMNPRSTV, and six
|vowels, AEIOUX. I suggest that all six vowels sound like the name of the
|letter except U, which should be 00 as in smooth. The resulting sound of
|the words is fairly unambiguious, certainly not a romance language.
|
|Taking the algorithm Providence, any group of four normal alphabetic
|characters can be base-translated to three characters in base 78. In my
|program, these are shaped letters, and can be converted to the new system
|where each base 78 character is represented by a consonant and vowel pair.
|
|Providence uses three keys, excluding transposition here, two are
|permutated normal alphabets. While the defaults might be used, a
|permutated alphabet or a pangram can be used to set the two substitution
|keys.
|
|Consider the pangram I wrote prior to attending the ACA convention in
|Providence, RI, a couple of weeks ago (The algorithm was names the same
|for another Providence):
|
|broach five lumpy quahogs with a junked zax = broachfivelumpyqgswtjnkdzx
|
|The resulting permutation sets the language Quahog as output. Input is
|any four letters, output is six letters explained above. Separate groups
|can be distinctive, words, or groups derive from the text string including
|coded spaces and punctuation.
|
|Here are some equivalents: come down here soon = lovadx debugo galide txsego
|Names are likewise handled: john mary gary bill = terage potxsx tegiso sogori
|
|If we used John Savards' favorite, Pack my box with five dozen liquer jugs,
|packmyboxwithfvedznlqurjgs, call it Lush, these would be the result:
|
|come down here soon = semena torate hivxna limuto
|john mary gary bill = luhxte nelxdu valodu faritu
|
|Here is this sentence in Lush as translated by the program.
|here|is| this|sen tence|in |lush|as |transla ted|by|t he|progr amxpadding
|(e)[z]<h>(s)[m] (z)(o)(o)[f](g) (u)(y)(o)<i>(c) (i)(s)<y>(s)<r>
|[f](d)(y)<f>(g)
| (x)(e)<e>[j][e] (o)<h><z><p>[y] [t](e)[v](m)[r] (z)[s](n)<t>[m] (n)(h)<j>
|hivxna lovuvo dodolu minoto dopafi pilote lohelu gitola misohi haruhu
|donave fetxmx hipxvi hxvolx bomevu bonira
|
|Everything works backwards as well to recover the original text. This
|represents an simplified version of what could be.
|--
|A Pangram(corrected, needed a G):
|Vexed xenophobes fear crypto's jazzy, quaint workings.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Scottu19 Broken
Date: 10 Sep 2000 14:05:44 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>[EMAIL PROTECTED] wrote:
>
>: I heard that the NSA broke Scottu19, is that true?
>
>Is http://www.deja.com/threadmsg_ct.xp?AN=666637659 the source of your
>information? The only other mention recently here appears to be
>http://x60.deja.com/threadmsg_ct.xp?AN=666850697.1
The second one from Sandia is interresting. But I think the current
source of this thread is from the lap dog Tommy. Who thinks the crypto
goods walk on water even when its not frozen. I have been a pain in
the ASS of MR BS for years even before I had my web page. My webpage
was setup by someone who relaizes just what the crypto establishment
is becoming. MR BS and Wagner are afraid of my code but take cheap
shots at it when they can. And sorry MR Wagner who seems to stupid
to follow compilable source code. Makes my wonder what the hell he
knows about real crypto if anything. Scott19u had never been broken
even with his Slide Attack. Though the asshole made a statement that
it shows it is broken.
Well someone with balls put it to the test. The Silde Attack failed
Mr Wagner had lied and it was exposed. But the asshole and his BS
buddy have friends in high place and in the list of Snake Oil because
of there lies. Mine is labed as such.
An earlier version before I accepted "choosen plain text attacks"
as valid. Paul Onions showed a way if I allow specail files to be
used an early cipher could be attacked. Paul convienced me that
I should make it resistant to that. That was before I even knew about
DIEHARD. Well I used those to ideas and made scott4u and then scott16u.
and later extended it to scott19u. Which as far as I know has not
been broken and which most likely due to the great personnel hate
from MR BS and Wagner. THey will try to make sure it does not see
the light of day in the blessed crypto world. It would be to much
of an embarassment for them to be honest about it. THey don't seem
to be honest people as far as I can tell.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (Frank M. Siegert)
Subject: Re: ExCSS Source Code
Date: Sun, 10 Sep 2000 14:13:00 GMT
On Fri, 08 Sep 2000 09:37:09 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>Your remark reminds me of the fact that copyright applies
>to almost every country, while patents are restricted to
>the coutries where the patents are granted. So my dumb
>question is: Is it possible to have a copyright on a
>general encryption algorithm (instead of a patent)?
No, as far as I know copyright does not extend to ideas only to
expression. So you can't copyright an algorithm only a specific
implementation.
------------------------------
From: "Nick H" <[EMAIL PROTECTED]>
Subject: Outlook 98 and Encryption
Date: Sun, 10 Sep 2000 15:56:09 +0100
Currently looking at sending encrypted mail from Unix -> Outlook 98.
Looks as tho S/MIME is not really viable at present and also, accordng to
what I can find, rc2 is still not in public domain. True?
So...I was going to use PGP to encrypt at the Unix side and a Outlook plugin
to decrypt at the other side.
Any comments?
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: RSA Patent -- Were they entitled to it?
Date: Sun, 10 Sep 2000 15:13:28 +0000
Roger Schlafly wrote:
>
> Jim Gillogly wrote:
> > [GCHQ] didn't really understand what they had, and shelved it because they
> > couldn't see useful applications. Ellis told Diffie in the 80s (I
> > think it was) that DH, M and RSA had done more with it than GCHQ had.
>
> I am skeptical about this. The declassified papers by Ellis, Cocks
> and others seemed to show that they understood what they were doing.
> Even if they didn't, these papers were circulated to many experts
> in GCHQ and NSA, and surely many of them understood them.
I don't have the Ellis paper in front of me, but I recall that there was
a sentence in it that said something like "it's a shame that this can't
be used effectively" -- I'll get hold of the paper and either apologize
if I've misremembered or offer chapter and verse if I didn't.
> Aztech wrote:
> > Also, you have to ask if RSA were actually entitled to this patent because
> > they weren't the first to discover public key crypto!
>
> Jim Gillogly wrote:
> > Yes, certainly RSA were entitled to the credit, ...
>
> No. RSA are not entitled to the credit for discovering public
> key crypto, no matter how you figure it. It had already been
> discovered by Merkle, and independently by Hellman and Diffie.
> The RSA inventors were introduced to the subject by reading
> the published Diffie-Hellman paper.
Of course they didn't discover public key -- I was responding to the
question about whether RSA deserved the patent for the RSA algorithm,
and I claim the answer is that they deserve the credit for discovering
that algorithm and making it public. Yes, DH and M invented public
key cryptography (or reinvented it, if you prefer). RSA built on the
DH&M work. That doesn't detract from the new and exciting idea they
developed from it.
--
Jim Gillogly
19 Halimath S.R. 2000, 15:06
12.19.7.9.13, 2 Ben 16 Mol, Fourth Lord of Night
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: RSA Patent -- Were they entitled to it?
Date: Sun, 10 Sep 2000 08:34:50 -0700
Aztech wrote:
> The whole story was kept closed for many years, due to the British official
> secrets act and Ellis went to the grave with it, only later on after his
> death and the departure of some of GCHQ's high ups was the truth revealed. I
> don't think this actually got much publicity, mainly due to jingoistic
> reasons I guess,
More likely it's because nobody is impressed by claims (true or not)
along the lines of "I discovered this years ago, I just didn't publish
it".
If your work never sees the light of day, you might as well have
never done it.
George
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: RSA Patent -- Were they entitled to it?
Date: Sun, 10 Sep 2000 15:55:05 +0000
I wrote:
>
> Roger Schlafly wrote:
> >
> > Jim Gillogly wrote:
> > > [GCHQ] didn't really understand what they had, and shelved it because they
> > > couldn't see useful applications. Ellis told Diffie in the 80s (I
> > > think it was) that DH, M and RSA had done more with it than GCHQ had.
> >
> > I am skeptical about this. The declassified papers by Ellis, Cocks
> > and others seemed to show that they understood what they were doing.
> > Even if they didn't, these papers were circulated to many experts
> > in GCHQ and NSA, and surely many of them understood them.
>
> I don't have the Ellis paper in front of me, but I recall that there was
> a sentence in it that said something like "it's a shame that this can't
> be used effectively" -- I'll get hold of the paper and either apologize
> if I've misremembered or offer chapter and verse if I didn't.
I found the papers at CESG's site, and couldn't find the reference
that I thought I'd remembered. I apologize, and withdraw my assertion
that GCHQ didn't understand what they had.
My remarks to the effect that "scientists who don't publish openly
don't deserve credit for advancing science" still stand.
--
Jim Gillogly
19 Halimath S.R. 2000, 15:52
12.19.7.9.13, 2 Ben 16 Mol, Fourth Lord of Night
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Scottu19 Broken
Date: Sun, 10 Sep 2000 15:59:48 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> [EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>
> >[EMAIL PROTECTED] wrote:
> >
> >: I heard that the NSA broke Scottu19, is that true?
> >
> >Is http://www.deja.com/threadmsg_ct.xp?AN=666637659 the source of
your
> >information? The only other mention recently here appears to be
> >http://x60.deja.com/threadmsg_ct.xp?AN=666850697.1
>
> The second one from Sandia is interresting. But I think the current
> source of this thread is from the lap dog Tommy. Who thinks the crypto
> goods walk on water even when its not frozen. I have been a pain in
> the ASS of MR BS for years even before I had my web page. My webpage
> was setup by someone who relaizes just what the crypto establishment
> is becoming. MR BS and Wagner are afraid of my code but take cheap
> shots at it when they can. And sorry MR Wagner who seems to stupid
> to follow compilable source code. Makes my wonder what the hell he
> knows about real crypto if anything. Scott19u had never been broken
> even with his Slide Attack. Though the asshole made a statement that
> it shows it is broken.
> Well someone with balls put it to the test. The Silde Attack failed
> Mr Wagner had lied and it was exposed. But the asshole and his BS
> buddy have friends in high place and in the list of Snake Oil because
> of there lies. Mine is labed as such.
> An earlier version before I accepted "choosen plain text attacks"
> as valid. Paul Onions showed a way if I allow specail files to be
> used an early cipher could be attacked. Paul convienced me that
> I should make it resistant to that. That was before I even knew about
> DIEHARD. Well I used those to ideas and made scott4u and then
scott16u.
> and later extended it to scott19u. Which as far as I know has not
> been broken and which most likely due to the great personnel hate
> from MR BS and Wagner. THey will try to make sure it does not see
> the light of day in the blessed crypto world. It would be to much
> of an embarassment for them to be honest about it. THey don't seem
> to be honest people as far as I can tell.
Well the NSA did break your method, you are just ignoring freely
available facts.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Chris Rutter <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c
Subject: Re: Bytes, octets, chars, and characters
Date: Sun, 10 Sep 2000 14:48:53 +0100
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> I don't know where you got the idea that C has ever been linked
> to "32-bit" architectures. The PDP-11 where it originated would
> be considered a "16-bit" architecture, and one of the first
> other platforms on which C was implemented was "36-bit". Some
> of us used C on 60- and 64-bit supercomputers a *long* time ago.
Misleading prose; I wasn't trying to say it had.
However, it now seems to be a widespread portability assumption that
`int', and even `long', are 32 bits wide. This necessitated the
creation of `long long': if people had stuck to the rules, a 64-bit
`long' type would have worked without problems, as I see it. Thus
in a way, the C standard has been tained by `32-bitness'.
c.
------------------------------
From: Ray Dillinger <[EMAIL PROTECTED]>
Subject: Re: "ChronoCryption" algorithm - $50 reward for spotting a flaw (fwd)
Date: Sun, 10 Sep 2000 16:41:28 GMT
: What is your definition of "flaw" ?
Hmmm. Okay. "Any means more efficient than a brute-force search
through possible keys, by which a message recipient not in posession
of the key could generally read the message, or by which a message
recipient in posession of the key could read the message without
expending the prescribed amount of CPU cycles in linear
(non-parallelizable) computation, if the cipher is used in the manner
described in my paper."
That's a mouthful, isn't it?
: When you will pay $50k reward for spotting a flaw I will read your
: specification.
If I were making money off of this, and I had at least $300K saved,
and it had already withstood cryptanalysis for more than 3 years,
then maybe a US$50K reward would make sense. But I'm not, and I
don't, and it hasn't. So I'm starting it off at $50. If it survives
at $50 for a while, I'll start turning up the pressure by increasing
the reward. If it survives at the higher pressure for a while, I
will probably turn it up some more. But don't look for it to *ever*
get over $1000 unless I need some reputation capital very badly.
If for example in three years I find myself writing a book on crypto
and really need the credibility to sell the book to a publisher,
then I would have a reason to offer bigger money.
Besides, when rewards start getting big, you have to guard against
silly amateurs who will mistakenly *think* they see flaws where none
exist. If it gets higher than a thousand dollars, it's going to have
to get past peer review and get published in a journal in order to
claim the money.
: Show how confident you are.
I'm confident that a fair number of crypanalysts whom I respect
have already looked at it since I offered the $50, and so far no
one has found anything wrong. At least two competent people have
written me saying they think it's secure. I'm happy about that.
When I can get that result by offering $50, why on earth should
I offer $50K? (at least, why on earth unless I'm trying to publish?)
Anyway, even if I do eventually offer more money, it'll take several
years of steadily increasing offerings to get there. The more time
it's been under scrutiny, the greater the confidence level. The
greater the confidence level, the greater the reward. US$1000 is
a level I won't go to unless I have confidence built from at least
a year at $500, and that's a level I won't go to unless there's at
least a year at $200, etc.
Ray Dillinger
------------------------------
From: [EMAIL PROTECTED] (Your Name)
Crossposted-To: alt.security.pgp
Subject: Re: could you please tell me how this calculation has been obtained ?
Date: Sun, 10 Sep 2000 16:46:49 GMT
On Sat, 09 Sep 2000 18:42:01 GMT, "Nathan Williams"
<[EMAIL PROTECTED]> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Rich,
>
>Someone probably signed your key and then did a key update. Presto
>your key is uploaded.
Thanks for the info, Nathan
It defies commonsense that a person who owns a
key cannot remove it. But, I probably should
not complain because as my mentor, Thomas
Jefferson, used to say, "It neither picks my
pocket nor breaks my leg"
Rich Eramian aka freeman at shore dot net
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
