Cryptography-Digest Digest #691, Volume #12 Sat, 16 Sep 00 07:13:00 EDT
Contents:
Re: [Q] Design criteria for sboxes in Tiger/192 ? (Jerry Coffin)
Re: 20 suggestions for cryptographic algorithm designers (Jerry Coffin)
Re: 20 suggestions for cryptographic algorithm designers ("Douglas A. Gwyn")
Re: 20 suggestions for cryptographic algorithm designers ("Douglas A. Gwyn")
Re: 20 suggestions for cryptographic algorithm designers ("Douglas A. Gwyn")
Re: Intel's 1.13 MHZ chip ("Douglas A. Gwyn")
Re: Police want help cracking code to find Enigma machine (UBCHI2)
Re: "Secrets and Lies" at 50% off (David A Molnar)
Re: CDMA tracking (was Re: GSM tracking) (Jerry Coffin)
Re: Police want help cracking code to find Enigma machine ("Douglas A. Gwyn")
Re: Lossless compression defeats watermarks ("G. Orme")
Re: 20 suggestions for cryptographic algorithm designers. (Guy Macon)
Re: Double Encryption Illegal? ("PRdO")
Re: [Q] Design criteria for sboxes in Tiger/192 ? (Mok-Kong Shen)
Re: Intel's 1.13 MHZ chip (Mok-Kong Shen)
Re: Double Encryption Illegal? (Mok-Kong Shen)
Re: Intel's 1.13 MHZ chip (Mok-Kong Shen)
Re: "Secrets and Lies" at 50% off (Matthias Bruestle)
----------------------------------------------------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: [Q] Design criteria for sboxes in Tiger/192 ?
Date: Fri, 15 Sep 2000 23:45:17 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> I was talking about the criteria for the selection of the DES s-boxes
> which - AFAIK - were subsequently made public.
At least TTBOMK, nobody's ever published anything like the original
notes about the S-box design, showing that a comprehensive set of
criteria was made public. At one point _some_ criteria were
published, but it may be some time before we know for certain that
other criteria weren't involved, or that some of the published
criteria may not be to foil attacks of which the world at large is
apparently unaware.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: 20 suggestions for cryptographic algorithm designers
Date: Fri, 15 Sep 2000 23:45:14 -0600
In article <[EMAIL PROTECTED]>, roger_95073@my-
dejanews.com says...
> "D. J. Bernstein" wrote:
> > No. Little-endian is much more widely supported than big-endian, and is
> > universally supported by new processors.
>
> Really? I didn't think anyone used it but the Intel Pentium and
> DEC Alpha. Sparc, MIPS, etc are big-endian. I believe even some
> of the Intel processors can be wired to run big or little endian.
This looks a bit garbled. The Pentium is little endian, exclusively.
The Alpha, SPARC and MIPS are switchable between little and big
endian. The Power PC is big endian, but also includes a simulation
of little-endian that's good enough for most software.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 20 suggestions for cryptographic algorithm designers
Date: Sat, 16 Sep 2000 02:20:13 -0400
John Savard wrote:
> Roger Schlafly <[EMAIL PROTECTED]> wrote, in part:
> >Its complaints about the PDP 11 are not relevant anymore.
> This is true, even though I repeated the sad story of the PDP-11,
> which is the machine whose influence inflicted little-endian on the
> world, in a posting only recently.
In fact little-endian vs. big-endian was irrelevant before the
advent of byte addressability in conjunction with word addressability.
The choice of little-endian rep. for the PDP-11 was a simplification
in several ways, and was exploited by PDP-11 FORTRAN to slightly
reduce code size, which was a big deal on a 16-bit machine.
The "inconsistency" thing was a design error on the part of the
FP-11 (asynchronous floating-point coprocessor) designer, who
seems to have come from an IBM-centric world. When he added
hardware support for 32-bit integer operations, he laid out the
32-bit longword as 2 consecutive PDP-11 words *in big endian
order*, despite the fact that each word had bytes in little-endian
order. Thus this is not a flaw with little-endian ordering, but
rather with mixing the two kinds of endianness.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 20 suggestions for cryptographic algorithm designers
Date: Sat, 16 Sep 2000 02:23:52 -0400
Roger Schlafly wrote:
> You do occasionally see documentation numbering the bits within
> a byte or words. Usually the numbering starts at the LS bit,
> but sometimes the MS bit.
Actually the bit numbering doesn't matter unless the bit numbers
are actually used as operands in some machine instructions. I've
seen bits numbered in both directions *for the same processor*.
The important thing is to understand that it *is* a convention
and to be sure one is using the *right* convention to communicate.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 20 suggestions for cryptographic algorithm designers
Date: Sat, 16 Sep 2000 02:27:58 -0400
John Savard wrote:
> I don't want to start a religious war here, but if yoou use
> big-endian, the description of your algorithm will be easier to
> understand, and less likely to be ambiguous by accident.
> This is because English is written from left to right, and numbers are
> written with their most significant digits on the left. So
> illustrations of a sequence of digits being fed into a block cipher
> will be able to show the bits of a block in order - and each bit will
> be in the place, and performing the function, that a reader "expects",
> whether he interprets the binary bits as being a single binary number,
> or as a series of 8-bit bytes in order from first to last.
No. It depends on how one draws the diagrams. I've drawn them
both ways, depending on the purpose. Technical communication
demands that one be clear, not that one be understandable by
guessing from analogy with everyday usage.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Intel's 1.13 MHZ chip
Date: Sat, 16 Sep 2000 02:33:09 -0400
Jerry Coffin wrote:
> > How many generals "came through on tours",
> Why would the number have any relevance to anything?
Because if it's zero then your theory doesn't hold water.
------------------------------
From: [EMAIL PROTECTED] (UBCHI2)
Subject: Re: Police want help cracking code to find Enigma machine
Date: 16 Sep 2000 06:51:14 GMT
How much does the thief want? Maybe this newsgroup can take up a collection to
get the Enigma back. Who wouldn't contribute the equivalent of a Bletchley
Museum admission to get to see the Enigma again. Is anyone else with me on
this? Let's raise a fund to get the enigma back.
Together, we could raise the ransom money. Since you should never negotiate
with guys like this, the artifact should be kept in a more secure environment
upon return.
Let's set up a central email site to take pledges.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: "Secrets and Lies" at 50% off
Date: 16 Sep 2000 07:12:02 GMT
JPeschel <[EMAIL PROTECTED]> wrote:
> No supper for you. Now go to your room.
I know that Tom is "young," but he's not *that* young.
Two-three years ago I was his age (assuming Tom is 17-18) and in a similar
position...worse off, really, since I knew far less about cryptography.
obCrypto: paper skimmed today was _A Critique of CryptoComplexity_ by
Michael Merritt. Part of a DIMACS 1991 volume on "distributed computing
and cryptography." Asks about the intersection between crypto and
complexity theory and whether the alliance works. Intriguing stuff, though
regulars in this forum have probably heard some of the arguments before
(e.g. asymptotic nature of security results).
a test question from the paper (paraphrased from memory):
"What do these two questions
is it hard to factor 512-bit numbers?
do one-way functions exist?
have to do with each other? and will practical cryptographers care about
the answer to the latter?"
some of the concerns raised there have been addressed -- see concrete
security results so as to banish asymptotic security proofs. instead, get
explicit relation to difficulty of factoring. others who knows.
obSecurityAlmostCrypto: the SDMI contest thread reminds us all that stupid
show cracking contests are Not The Right Way To Build Assurance. Is there
a "right way" to do such a contest? Are the RSA Data Security and Certicom
challenges examples of the "right way"?
-David
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: CDMA tracking (was Re: GSM tracking)
Date: Sat, 16 Sep 2000 01:43:30 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> Jerry Coffin wrote:
> > I haven't looked very closely at GSM phones as such recently, but
> > quite a few (especially CDMA phones) continue tracking base stations
> > even when you turn them off as thoroughly as you can. =
>
>
> Er, not CDMA, no. While it's true that it may take a few seconds to find
> what frequencies the nearby basestations are using (or a couple of minute=
> s if you're really unlucky), and it is true that the phone remembers in
> FLASH what frequencies etc it was using when last you turned it off,
> there's no power running when you turn off the phone.
This simply is NOT true. I've personally done testing on this exact
point for work, and can state with _absolute_ assurance that at least
some CDMA phones (the Qualcomm QCP 1960 was what we were testing, but
the MSM 3000 is used in other phones as well) most assuredly DOES
"wake up" every 1.28 seconds, even when the power is turned off. In
fact, with this phone (and almost certainly others using the same
chipset) "turning the phone off" mostly just turns off the display,
and has very little effect at all on the phone's operation.
> It's also true that CDMA phones do things like turning off the power to
> the receiver in the middle of a packet if they're sure they don't need
> to hear the end of it, and things like powering up only part of the RAM
> until they need what's in the other part, so it's a pretty sure bet
> they're not powering up the transmitter if they don't need to. Which they
> don't, as anyone looking at the international standard can tell. (I.e.,
> don't take *my* word for it. :-)
I wouldn't and won't -- I've spent more time reading IS-95B than I
care to remember. I know it's not an IS anymore, but I haven't
bought a new copy just to get a different number on the cover. As
mentioned above, I've been involved in testing actual phones on a
logic analyzer and seen what they do. If you want to repeat the
tests yourself, feel free to email me, and I can probably get
permission to send you a few things like the pinout of the MSM 3000
(which hasn't been publicly documented) that'll help out a bit. Also
note that the connections between the chipset and the memory on the
phone is typically scrambled around for the sake of board layout, so
the order of things in the memory chip is NOT their real order.
IOW, if you look at the memory in its obvious order, it's basically
been subjected to a transposition cipher, which took a little bit to
break -- and happens to get us back toward something topical too!
> Er, again, CDMA makes this far harder. CDMA cells are not uncommonly
> miles across (up to 20 miles, but of course smaller in cities where
> you use the cells for congestion), so it's not unusual for only one
> cell to be able to hear a given phone, which makes triangulation
> difficult. Also, CDMA controls the power of the phone's signal quite
> strictly. If all the phones don't sound the same power to the base
> station, the system doesn't work; hence, even guessing how far the
> phone is from the tower is virtually impossible
Of course you're not triangulating in that situation, but even
without it, you have a general notion of the location of the phone.
Though you mention "in cities" in passing, you haven't directly noted
that in quite a few cities, it's common for a CDMA phone to be in
soft handoff a LOT of the time.
> -- it's already been used to do things like find people in
> > emergencies, so the only hurdles to using it for other purposes are
> > legal, not technical. =
>
> This is incorrect. Otherwise, folks wouldn't be working to build CDMA
> chips with GPS tracking in them.
Nonsense. GPS was designed from day one to provide accurate location
(and time) information. Phones (including CDMA) were designed to
provide communication, and as an accidental by-product can produce
SOME location capability.
Take careful note, however, that even if the FBI (or whoever) could
locate phones _extremely_ accurately and dependably (assume just for
the sake of argument that it was even more accurate than GPS), it
would have little relationship with building GPS into the phone.
The most fundamental piece of information necessary to even hope to
do triangulation is the physical locations of the base stations
you're going to triangulate from. That's trivial for the FBI to
obtain, but the network location that's transmitted to the phone
simply isn't adequate for doing any kind of triangulation.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Police want help cracking code to find Enigma machine
Date: Sat, 16 Sep 2000 03:46:33 -0400
UBCHI2 wrote:
> Together, we could raise the ransom money. Since you should never
> negotiate with guys like this, ...
Since you should never negotitate with guys like this,
you should not pay ransom.
------------------------------
From: "G. Orme" <[EMAIL PROTECTED]>
Subject: Re: Lossless compression defeats watermarks
Date: Sat, 16 Sep 2000 08:03:09 GMT
G. Another way to do it is to embed sounds in a recording or movie like a
kind of digital signature. For example, one might alter the sounds of a
snare in the drums to a slightly different sound, or make them longer than
usual to read like a code. Also one could spell out a coded signal in
fequencies too high or low to be noticed by the listener. In a movie one
could make a digitial signal in say a corner of the picture that was in say
every tenth frame, which spelled out a code. It might be a particular
sequence of hues for example.
"Matthew Skala" <[EMAIL PROTECTED]> wrote in message
news:8puvav$f4i$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>,
> John Savard <[EMAIL PROTECTED]> wrote:
> >The point is, though, that compression technology is not at the stage
> >where it will normally erase a watermark just because the watermark is
> >unobtrusive. The human visual processing system is far more complex
> >than any compression program.
>
> But by the same token, watermarking technology is not at the stage where
> it can put its hidden information close enough to the perceptible part of
> the signal to make it really difficult to remove. Since watermarking and
> lossy compression technology both depend on the *same* body of scientific
> knowledge of what parts of signals are and are not important, I never
> except to see a large gap between the two technologies. I don't think
> it's reasonable to suppose that watermarking will ever work much better
> than it does now, which is to say, just barely.
> --
> Matthew Skala
> [EMAIL PROTECTED] I'm recording the boycott industry!
> http://www.islandnet.com/~mskala/
>
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: 20 suggestions for cryptographic algorithm designers.
Date: 16 Sep 2000 08:07:58 GMT
Trevor L. Jackson, III wrote:
>
>> Anyone who participates in the "holy war" of big-endian vs little-endian
>> should read Gulliver's Travel's!
>>
>> There Gulliver did at one point encounter two people who were arguing
>> about the proper way to crack an egg. The "little endians" claimed
>> the egg should be cracked on the "little" end, while the "big
>> endians" claimed the egg should be cracked on the "big" end.
>>
>> When Gulliver arrived there, these two people had been in war with
>> one another over several generations about this issue. Somehow
>> Gulliver managed to create peace between them (don't remember how -
>> read the book if you want to know).
>>
>> And now, in our modern and supposedly enlightened society, there's
>> again a "war" about endian-ness.
>>
>> We need a visit of a modern Gulliver!!!!!
The problem disapears if you reduce your address space to one
address and make that one address hold a word that is, say,
4,294,967,296 bits wide...
:)
------------------------------
From: "PRdO" <[EMAIL PROTECTED]>
Crossposted-To: comp.databases.oracle
Subject: Re: Double Encryption Illegal?
Date: Sat, 16 Sep 2000 12:29:38 +0200
IMHO double encryption *does not* add security, i.e., double encryption in
128-bit doesn't equal better encryption.
(since encryption uses random keys, "randoming" again the data would not
lead to more secure data).
--
OdRPT
Crypto-Boy <[EMAIL PROTECTED]> wrote in message
news:8hrbrf$a5b$[EMAIL PROTECTED]...
> On page 10-10 and 10-14 of the Oracle Advanced Security Administrator's
> Guide (from release 8.1.6 December 1999), it says the following (in bold
> no less):
>
> "Warning: You can use SSL encryption in combination with another Oracle
> Advanced Security authentication method. When you do this, you must
> disable any non-SSL encryption to comply with government regulations
> prohibiting double encryption."
>
> Since when is it illegal to double encrypt in the US? I don't believe
> this is true.
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: [Q] Design criteria for sboxes in Tiger/192 ?
Date: Sat, 16 Sep 2000 12:46:59 +0200
Jerry Coffin wrote:
>
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> > I was talking about the criteria for the selection of the DES s-boxes
> > which - AFAIK - were subsequently made public.
>
> At least TTBOMK, nobody's ever published anything like the original
> notes about the S-box design, showing that a comprehensive set of
> criteria was made public. At one point _some_ criteria were
> published, but it may be some time before we know for certain that
> other criteria weren't involved, or that some of the published
> criteria may not be to foil attacks of which the world at large is
> apparently unaware.
At least to really ensure that there is no backdoor, the
S-boxes as well as other magic-appearing numerical values
of an encryption algorithm have to be able to be reproduced
by anybody. Very very unfortunately, this is not true not
only of DES but also of the AES candidates.
M. K. Shen
=============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Intel's 1.13 MHZ chip
Date: Sat, 16 Sep 2000 12:47:05 +0200
Abyssmal_Unit_#3 wrote:
>
> i thought the ibm 1620 with its banks of incandescent flashing bulbs along with the
>clatter of hundreds of relays was definitely a
> crowd pleaser. made all my friends think some powerful stuff was actually being
>done. actually the quantity of energy being
> squandered to solve a petty equation ten million times over was really quite
>ridiculous as i think back.
>
> then there was the ibm 1130, much quieter and useful.
>
> but still those blasted card punch stations made a nice resounding commotion...
>
> and this was 1969/70 or so, i think....
>
> ahhhhhh, memory lane, such a gas!
>
> anybody want to collaborate on a book full of anecdotes about "old" computers??
I had only worked with the 360 series of IBM (from model 20
up to model 91), not with the two series you mentioned.
There were for these no clatter of relays, as far as I can
remember. The uncommon noise of the computer rooms I knew
in the past stemmed from the printers and card punchers
and sometimes the card sorting devices and big plotters.
(There was at one time a printer for card decks that was
very loud.)
For your project, you may be interested to read the Journal
of the History of Computing. I think it's from IEEE. If you
couldn't locate it, send me an e-mail.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.databases.oracle
Subject: Re: Double Encryption Illegal?
Date: Sat, 16 Sep 2000 12:51:20 +0200
PRdO wrote:
>
> IMHO double encryption *does not* add security, i.e., double encryption in
> 128-bit doesn't equal better encryption.
> (since encryption uses random keys, "randoming" again the data would not
> lead to more secure data).
If you have an algorithm that does a perfect job (do
you happen to have one?), then there is by definition
nothing to improve. Otherwise, multiple encryption may
help, if done properly.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Intel's 1.13 MHZ chip
Date: Sat, 16 Sep 2000 12:47:15 +0200
Abyssmal_Unit_#3 wrote:
>
> yes, that is it, it is exactly the benefit of a coherently associated system
>provided by the "supercomputer" that give it the vast
> advantage over other mechanical composites provided by a spread of various machine's
>more loosely coupled.
>
> simulation of realtime stuff demands "atom-like" interaction capacity. ;-))
The advantages/disadvantages of different architectures
continue to be discussed in CS literatures since long time.
Depending on the problems you have, one kind of architecture
may be better than the other. But this is generally a
question of cost relation and the cost relation changes
with time due to advancements in hardware (and software)
techniques. Note that the cost that is decisive is not
identical to the purchasing cost of the equipments but also
includes buildings, personel, maintenance, training, etc.
If one looks at the list of world's top computers, one
finds that more than one single architecture is represented
there. Given a particular application (problem and definite
size), one could find the economically best configuration
at a particular time point. But that may turn out to be
different at a later time point. For a computing centre
serving a large number of users with widely different
applications, the selection of computing equipments
becomes much more difficult. One uses some benchmarks as
an aid concerning performance. But which benchmark is
best to be used as the criterion is also debatable.
(There is BTW an article about a new SPEC benchmark in
the July issue of IEEE's Computer.)
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Matthias Bruestle)
Subject: Re: "Secrets and Lies" at 50% off
Date: Sat, 16 Sep 2000 10:32:10 GMT
Mahlzeit
Tom St Denis ([EMAIL PROTECTED]) wrote:
> Bite me. SPAM is uncalled advertising. And since he doesn't support
> the thread with anything intelligent it's pretty much spam.
It appears to me, you do not know what SPAM is. SPAM is not defined
by content. SPAM is defined by how it is posted. (See Breitbart Index.)
Mahlzeit
endergone Zwiebeltuete
--
PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
--
If two wrongs don't make a right, try three.
-- Laurence J. Peter
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
