Cryptography-Digest Digest #730, Volume #12 Thu, 21 Sep 00 00:13:01 EDT
Contents:
Re: Does this mean anything? (Jim Gillogly)
Re: md5 fail -x test under Digital UNIX C Compiler (John Myre)
Re: Intel's 1.13 MHZ chip (Jerry Coffin)
Re: ExCSS Source Code (Bryan Olson)
Re: Dangers of using same public key for encryption and signatures? (Paul Rubin)
Maurer's FastPrime implementation. (RFC) (Vipul Ved Prakash)
Re: SUN SPOT 6.51 BILLION square kilometers in size ([EMAIL PROTECTED])
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption (John Savard)
Re: CDMA tracking (was Re: GSM tracking) (Roger Schlafly)
Re: Software patents are evil. (Bill Unruh)
Re: ExCSS Source Code (Bill Unruh)
Re: Algebra, or are all block ciphers in trouble? ("Douglas A. Gwyn")
Re: Questions about how to run a contest ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Does this mean anything?
Date: Wed, 20 Sep 2000 23:20:41 +0000
JustAsking wrote:
> Take a seed number of sqr(aProductOfTwoPrimes)+1 (S).
>
> Loop
> T = S^2 - N
> if sqr(T) is an integer, end loop, calculate prime1 and prime2
> S = S + 1
> until ??
>
> comments?
Yes, it means something: if prime1 and prime2 are close to sqrt(N)
you can factor N easily. Fermat discovered the method.
--
Jim Gillogly
Mersday, 29 Halimath S.R. 2000, 23:18
12.19.7.10.3, 12 Akbal 6 Chen, Fifth Lord of Night
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: md5 fail -x test under Digital UNIX C Compiler
Date: Wed, 20 Sep 2000 17:33:26 -0600
[EMAIL PROTECTED] wrote:
<snip>
> I assume it is not an algorithm bug, most likely the compiler,
> but I can't figure out what is going on. Any suggestions ?
<snip>
Guess #1: little-endian vs big-endian; maybe there is a compile-time
flag to go the other way.
JM
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Intel's 1.13 MHZ chip
Date: Wed, 20 Sep 2000 17:50:12 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> To recapitulate, you accused DIRNSA (which one would be easy
> to pin down from the dates involved) of irrationally forcing
> procurement of suboptimal and very expensive equipment, which
> if true would be malfeasance of a high order.
Doug, I never said anything about the equipment being suboptimal or
anything like it. The equipment was very expensive, and I'm not
personally convinced that the original reasons for obtaining it were
rational. That does NOT mean the equipment was suboptimal, or that
it wasn't useful. In short, no accusation of malfeasance was made.
What I DID say was that I was convinced that justification for the
purchases was made after the decision to make those purchases had
already taken place. I stand by that statement. I never said that
suboptimal equipment was purchased. I never said that anybody paid
more for the equipment than it was worth. I never said that uses and
justification for the machines weren't found -- quite the contrary, I
was quite specific in saying that I believe such justification WAS
found, merely after the decision to make the purchase had already
been made.
> I pointed out
> that that was a very serious accusation to make, one that
> would be justified only if you had evidence to back it up,
> and otherwise verging on libel. Instead of producing a shred
> of supporting evidence, you then engaged in sophistry and
> sophomoric literalism. A morally honest person would produce
> support for their accusation or else retract it, not argue
> beside the point.
I suppose you can claim anything you want to about a "morally honest
person", since the number of definitions of "moral" seems to be
roughly equal to (if not greater than) the number of people giving
definitions. Despite this, I'll stand by the fact that what I said
in the first place was 100% honest, with no sophistry, literalism or
any other sort of qualification necessary: I said that I believed
something to be true, and I most certainly do believe it to be true.
If you honestly think that what I've done is illegal, please do your
duty and file a complaint with the Attorney General's office.
Whether that happens or not, I'm finished posting in this thread, at
least on this subject. If you want to continue posting, go for it,
but I'll not be dragged into still more of your off-topic arguments.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: ExCSS Source Code
Date: Wed, 20 Sep 2000 23:47:45 GMT
Bill Unruh:
> The whole purpose in copyright is to free access to
> copyrighted works, not to control them
Actually it's to "promote the progress of science and the
useful arts."
> It does so by controlling copying so that the person
> can feel free to make them accessible. Access control is
> contrary to the theoretical basis of copyright. Copy control
> may not be, but access control is. CSS controls access, it
> does not control copying.
False. CSS does control copying. It was never effective
against people who have the same equipment as the
manufacturers, and it's ineffective now against people who
have the crack. But control copying it did, and to some
extent still does.
> It should
> be thrown out under the copyright act for that very reason.
There would be no such grounds even if CSS did not control
copying. The DMCA circumvention clause is not limited to
copying, nor is Congress's constitutional power under
Article I, Section 8, Clause 8.
There may be winnable First Amendment cases. Basing them
on fair use seems an extreme long shot.
> >The reality is that CSS is part of a system of technical
> >measures to control access to copyrighted works. That does
> >not settle the question of whether the DMCA is
> >constitutional or fair or well-written. What it does mean is
> >that DeCSS violates the DMCA.
>
> So does anything. So do computers since they allow one to take a work
> published on a CDrom and copy it to a floppy.
I understood your reading. But courts do not and should not
throw out laws simply because someone can semantically
defend a deliberate misinterpretation.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Dangers of using same public key for encryption and signatures?
Date: 20 Sep 2000 17:13:57 -0700
"Brian Gladman" <[EMAIL PROTECTED]> writes:
> In the UK keys used for signature only are not subject to Government Access
> to Keys (GAK). But keys that perform both signature and encryption functions
> can be seized under warrant by a number of UK authorities. And there is no
> requirement that you need to be under suspicion in order for keys to be
> seized.
For improved GAK resistance, how does this sound:
Have two system-wide, public parameters K1 and K2.
Let the user have a single, persistent secret key S.
The user's secret key for decrypting messages = HMAC (K1, S)
and his public key for encryption is computed from this.
The user's secret key for signing = HMAC (K2, S).
and his public key for verification is computed from this.
To satisfy a GAK requirement, the user can reveal HMAC (K1, S) to
the authorities, keeping HMAC (K2, S) and S itself secret.
It means the user has to publish two keys (one for encrypting and one
for verification), but at least now he only needs to keep one
persistent secret. The decryption and signing keys can both be
derived from S when they're needed.
------------------------------
From: [EMAIL PROTECTED] (Vipul Ved Prakash)
Subject: Maurer's FastPrime implementation. (RFC)
Date: 21 Sep 2000 00:50:32 GMT
Hi,
I have implemented Ueli Maurer's algorithm for generating random, provable
primes as presented in his paper "Fast Generation of Prime Numbers and
Secure Public Key Cryptographic Parameters"[1]. The code is structured as a
perl modules (Crypt::Primes) which uses the PARI library for arithmetic and
number theoretic computations.
Crypt::Primes generates 512-bit primes in 7 seconds (on average), and
1024-bit primes in 37 seconds (on average), on my PII/300 Mhz notebook.
There are no computational limits by design; primes upto 8192-bits were
generated to stress test the code.
I was wondering if there's a standard implementation of this algorithm with
which I could compare running times.
Also, I have slightly modified the algorithm to compute a group generator
for Elgamal public keys. I have introduced an additional constraint on
relative size r of q. (See the description of the procedure FastPrime in
[1]) While computing r, I ensure k*r is always greater than maxfact, where
maxfact is the bitsize of the largest number we can factor easily. This
defaults to 140 bits. Consequently, R is smaller than maxfact; we factor it
to get a complete factorization of 2Rq, which is used to find a generator of
the cyclic group Z*(2Rq).
I understand this reduces the diversity of reachable primes, but I didn't
see any way of avoiding this or a similar constraint. I would like to know
if there are better (more elegant) ways of going about this.
The latest release of Crypt::Primes is archived at
http://www.vipul.net/perl/sources/cryptography/Crypt-Primes-0.32.tar.gz.
Package includes an application `largeprimes' which is a command-line
interface to the module. To execute this code, the modules Math::Pari and
Crypt::Random are required; they can be found on CPAN
(http://search.cpan.org).
best regards,
vipul.
1. http://www.vipul.net/crypto/Maurer-primes-1994.ps
--
VIPUL VED PRAKASH | Cryptography
[EMAIL PROTECTED] | Distributed Systems
http://www.vipul.net | Network Agents
91 11 2233328 | Perl Hacking
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.military.naval,alt.conspiracy,sci.geo.earthquakes
Subject: Re: SUN SPOT 6.51 BILLION square kilometers in size
Date: Thu, 21 Sep 2000 00:56:10 GMT
Nothing unusual at all.
On Wed, 20 Sep 2000 14:04:11 GMT, [EMAIL PROTECTED] wrote:
>WARNING:
>
>[to satellite operators, submarines, polar explorers, underwater
>expeditions, airports]
>
>
>>===== Original Message From Cary Oler <[EMAIL PROTECTED]> =====
>
> A s t r o A l e r t
> Sun-Earth Alert
>
> Solar Terrestrial Dispatch
> http://www.spacew.com
>
> 20 September 2000
>
>* One of the Largest Sunspot Groups so far comes into View *
> * Potential Major Solar Flare Warning *
>
>POTENTIAL NAKED-EYE SUNSPOT
>
> On 20 September, one of the largest sunspot groups to be observed
>so far
>this solar cycle began rotating into view around the eastern limb of
>the Sun.
>The enormity of this region was never fully realized until today. This
>sunspot group currently measures 6.51 BILLION square kilometers in
>size. That
>is large enough to map the entire surface area of the Earth within the
>space
>occupied by the sunspot complex almost 13 times over! In fact, this
>sunspot
>group is so large that people equipped with eye protection may be able
>to
>spot the sunspot complex with their naked eyes.
>
> DO NOT ATTEMPT TO VIEW THIS SUNSPOT WITHOUT ADEQUATE EYE
>PROTECTION! YOU
>COULD PERMANENTLY DAMAGE YOUR EYES!
>
> This sunspot will gradually rotate across the face of the visible
>Sun
>over the next 11 to 12 days. It will be optimally placed for spotting
>with
>the naked eyes between approximately 21 through 26 September.
>
> This sunspot complex has the size and the magnetic complexity to
>produce very energetic solar flare activity.
>
>Major class M and even large X-class solar x-ray flares are often
>observed
>from sunspot groups that are as large as this region is.
>
>The potential exists for major levels of solar flare
>activity from this spot complex over the next several days to perhaps
>throughout much of the next 12 days if the region maintains its size and
>complexity.
>
> http://www.spacew.com/astroalert.html
>
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Brian Allardice) wrote:
>> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>says...
>> >
>> >
>> >
>> >[EMAIL PROTECTED] wrote:
>> >>
>> >[snip]
>> >
>> >Please kindly don't cross-post to sci.crypt stuffs
>> >that have nothing to do with cryptology. Thanks.
>>
>> For shame! You have failed to correctly decrypt a very important
>message!
>> You must try harder!
>>
>> Cheers,
>> dba
>>
>>
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption
Date: Thu, 21 Sep 2000 01:46:59 GMT
On Wed, 20 Sep 2000 16:31:35 GMT, David Empey <[EMAIL PROTECTED]>
wrote, in part:
>Playfair?
You've got it!
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: CDMA tracking (was Re: GSM tracking)
Date: Wed, 20 Sep 2000 19:11:27 -0700
Jerry Coffin wrote:
> The phone keeps a list of the base stations it most recently
> received, so yes, there would usually be a record of your having left
> home. Since it would get updated as you traveled back home, chances
> of still having a Las Vegas base station in the list by the time you
> made it back to somewhere on the coast would be essentially nil.
I still find the concept disturbing. If I turn the phone off, then
I would assume that it is not tracking my whereabouts.
What if I (accdentally or deliberately) disconnected the battery
in Vegas, and then reconnected when I got home. Then the phone
would report that I had been in Vegas?
Maybe people have a lesser expectation of privacy with a cell phone,
but IMO the phone still shouldn't be subverting your privacy in
sneaky and unexpected ways.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Software patents are evil.
Date: 21 Sep 2000 02:25:34 GMT
In <[EMAIL PROTECTED]> "Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
]Bill Unruh wrote:
]> Most patents in any area go to big established companies.
]This is an irrelevant factoid. Comparing the numbers of patents to the amount of
]effort (research $) would normalize the number into a somewhat useful statistic.
?Why would that be any more relevant than the one I stated.
]But all such statistics will be distorted by the presence of ego patents, patents
]needed to justify IPOs or share prices, and the unreasonably large fraction that
]are just plain idiocy.
]The "working" patents -- those on which businesses are based -- are the interesting
]ones for evaluating the utility of the patent system. Since the US leads the world
]in patents and seems to be at least as healthy as other developed countries, there
]is reason to believe the patent system is a beneficial influence on our society.
No, no. It is because the US has a dominantly English culture, with a
very strong Spanish subculture that its Economy is doing so well.
Or is it because the US has more lawyers per capita than any other
country that it is doing so well. That must be it!
Correlation does not equal causation.
Patents had has almost nothing to do with software until recently. Yet,
you could not say that software has suffered in the US.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: ExCSS Source Code
Date: 21 Sep 2000 02:34:47 GMT
In <8qbiap$v$[EMAIL PROTECTED]> Bryan Olson <[EMAIL PROTECTED]> writes:
>Bill Unruh:
>> The whole purpose in copyright is to free access to
>> copyrighted works, not to control them
>Actually it's to "promote the progress of science and the
>useful arts."
Yes, by making the works available. And when they do not promote the
progress of science and the useful arts, the laws should be thrown out.
>> It does so by controlling copying so that the person
>> can feel free to make them accessible. Access control is
>> contrary to the theoretical basis of copyright. Copy control
>> may not be, but access control is. CSS controls access, it
>> does not control copying.
>False. CSS does control copying. It was never effective
No it does not. It controls access. As has been pointed out ad nausium,
one can still copy the CDs bit by bit and get a perfectly valid copy.
>against people who have the same equipment as the
>manufacturers, and it's ineffective now against people who
>have the crack. But control copying it did, and to some
>extent still does.
>> It should
>> be thrown out under the copyright act for that very reason.
>There would be no such grounds even if CSS did not control
>copying. The DMCA circumvention clause is not limited to
>copying, nor is Congress's constitutional power under
>Article I, Section 8, Clause 8.
Perhaps. The question is whether the DMCA should ever have been passed.
The labour laws in the last century allowed employers to call in the
police to shoot striking workers, and Congress certainly defended its
right to pass such laws for the good of the country.
>There may be winnable First Amendment cases. Basing them
>on fair use seems an extreme long shot.
I was not trying to base it on fair use. That was someone else. I was
basing it on an analysis of what the prupose of copyright was and
whether or not the law aided or hindered that purpose, and on whether
the law was good social policy or not.
>> >The reality is that CSS is part of a system of technical
>> >measures to control access to copyrighted works. That does
>> >not settle the question of whether the DMCA is
>> >constitutional or fair or well-written. What it does mean is
>> >that DeCSS violates the DMCA.
>>
>> So does anything. So do computers since they allow one to take a work
>> published on a CDrom and copy it to a floppy.
>I understood your reading. But courts do not and should not
>throw out laws simply because someone can semantically
>defend a deliberate misinterpretation.
No, what is your misinterpretation is someone elses cogent argument. Ad
Hominum never was a good argumentative stance. The law is what is
written, and the law is written so broadly that it makes illegal things
that should never have been illegal. And yes laws are thrown out because
they are overbroad.
>Sent via Deja.com http://www.deja.com/
>Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Algebra, or are all block ciphers in trouble?
Date: Wed, 20 Sep 2000 23:57:24 -0400
Mack wrote:
> The list so far
> AND/NOT
> OR/NOT
> NAND
> NOR
> IMPL/NOT
> XOR/AND/1
> XOR/OR/1
> XOR/NAND
> XOR/NOR
> XOR/IMPL/1
> and the correspondences with XNOR substituted for XOR
Well, there are certainly additional combinations, e.g. combine
any two of the above. The important thing is that many of these
generate exactly the same algebra ("span the same space", i.e.
can express exactly the same multivariate relationships). The
list of *distinct* subalgebras is more important. There is
probably some slick theorem (maybe from the theory of Universal
Algebra) that would allow us to rapidly enumerate them. I think
the exhaustive list of distinct Boolean subalgebras is those
generated by the following operator sets:
{T} {F} (0-ary: constant T and F, a.k.a. 1 and 0)
{I} {N} (unary: identity and NOT)
{E} {X} (binary: EQV and XOR; same as {E,T})
{E,N} (same as {X,N}, {E,F}, and {X,T})
{C,N} (C is IMPL; not the smallest generator)
{T,F} {T,I} {F,I} {T,N} {T,F,I}
{T} allows expression of only one thing, the constant T, which we
take for granted; {F} only expresses contradictions (constant F);
{I} only permits expression of the value of any given Boolean
variable; {N} lets us express the value or complement of a single
variable (NNa is a, so that's as far as it goes), which is
entertaining only for a tot ("peek-a-boo"). {E} is more
interesting since it can express some nontrivial relationships
among multiple variables, has real theorems: EEabEba, and can
produce one constant T as Eaa. The algebra from {X} is similar
to that from {E} (it's "dual" to it) and can express the one
constant F as Xaa. {E,N} generates an algebra with richer
structure. {C,N} is fully general (for this context). The final
five combinations generate various other uninteresting algebras.
I think the first 8 generate "normal subalgebras" in the parlance,
but it's been decades since I worried about UA and I might be
mistaken. There is no need to involve higher-order operators
since every multivariate Boolean relationship can already be
expressed with {C,N} (or just NAND) and the variable names.
In practice, we use more than a minimal generating set of
operators for convenience of expression and ease of manipulation.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Questions about how to run a contest
Date: Wed, 20 Sep 2000 23:59:33 -0400
Simon Dainty wrote:
> Ideally, you would supply many ciphertexts and many plaintexts
> and then ask for the key.
The traditional approach is to let the cryptanalyst specify what
must be provided for the test.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
