Cryptography-Digest Digest #749, Volume #12 Fri, 22 Sep 00 19:13:01 EDT
Contents:
Idea for online Tokens (Tom St Denis)
New Strong Password-Authentication Software (Philip MacKenzie)
Re: Idea for online Tokens (Doug Kuhlman)
Re: Software patents are evil. (Bill Unruh)
Re: New Strong Password-Authentication Software (Bill Unruh)
Big CRC polynomials? ([EMAIL PROTECTED])
Re: Idea for online Tokens (Tom St Denis)
Re: Again a topic of disappearing e-mail? (/dev/null)
Re: New Strong Password-Authentication Software (Philip MacKenzie)
WHAT IS ANEC ENCRYPTION? ("Melinda Harris")
Re: Tying Up Loose Ends - Correction (SCOTT19U.ZIP_GUY)
Re: Big CRC polynomials? ("bubba")
Re: Again a topic of disappearing e-mail? ("Joseph Ashwood")
Re: New Strong Password-Authentication Software (David A Molnar)
Re: Software patents are evil. (Jerry Coffin)
Re: Software patents are evil. (Jerry Coffin)
Re: Software patents are evil. (Jerry Coffin)
Re: State-of-the-art in integer factorization (Jerry Coffin)
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Idea for online Tokens
Date: Fri, 22 Sep 2000 18:25:58 GMT
let's say I want to give you a "token" that will let me keep tabs on
what you use (say live audio off the net) but not let you steal or
pretend to be the server.
So instead of using a symmetric key (would violate the last cond) I use
RSA this way (and this is nothing new so bear with me)
Make up the N = pq part. Then pick 'e' randomly and solve for 'd'.
Then give the user (e, N) and keep (d, N). The user can now only
decrypt from anyone using (d, N) presumably the server.
Is this a weak usage of RSA? What other non math attacks are there on
this simple idea?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Philip MacKenzie <[EMAIL PROTECTED]>
Subject: New Strong Password-Authentication Software
Date: Fri, 22 Sep 2000 15:21:45 -0400
*** PAK SOFTWARE AVAILABLE FOR DOWNLOAD ***
Lucent has just released code for telnet and ftp with authentication
based on the new PAK protocol, presented at the Eurocrypt 2000
conference. PAK is a protocol for strong password-authenticated
key exchange (much like EKE, SPEKE, and SRP) but has also
been PROVEN secure (as secure as Diffie-Hellman in the
random oracle model). If you believe that security proofs
are important (I certainly do), then you should consider
checking out this new software. It is free for non-commercial use.
The code was built using Tom Wu's SRP distribution, but with
the SRP authentication protocol replaced by PAK.
For more information, and to download the software, go to:
http://www.bell-labs.com/user/philmac/pak.html
-Phil MacKenzie
------------------------------
From: Doug Kuhlman <[EMAIL PROTECTED]>
Subject: Re: Idea for online Tokens
Date: Fri, 22 Sep 2000 14:17:06 -0500
Tom St Denis wrote:
>
> let's say I want to give you a "token" that will let me keep tabs on
> what you use (say live audio off the net) but not let you steal or
> pretend to be the server.
>
> So instead of using a symmetric key (would violate the last cond) I use
> RSA this way (and this is nothing new so bear with me)
>
> Make up the N = pq part. Then pick 'e' randomly and solve for 'd'.
> Then give the user (e, N) and keep (d, N). The user can now only
> decrypt from anyone using (d, N) presumably the server.
>
> Is this a weak usage of RSA? What other non math attacks are there on
> this simple idea?
>
This works just fine. Really, there is no mathematical way to
distinguish between e and d. They have equal value in that sense. The
reason e is usually picked as 17 or 65537 is that is has low Hamming
weight (number of 1's in its binary representation) to minimize the
number of operations done when using e. Obviously, since d is private,
we couldn't do the same thing with it....
Doug
P.S. Still doesn't tell you I'm not recording the live music for my
later consumption/redistribution....
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Software patents are evil.
Date: 22 Sep 2000 20:31:23 GMT
In <VzMy5.1023$[EMAIL PROTECTED]> "Paul Pires" <[EMAIL PROTECTED]>
writes:
]> seems to me to fly in the face of all evidence. The software industry
]> took off with no patents. patents as a corporate tool in software has
]> really only taken ahold in the past few years, and is being used to
]> stifle not enhance competition and innovation. As in a criminal court,
]> the evidence should be there beyond a reasonable doubt that the monopoly
]> is essential befor any such monopoly should be granted.
]A trial to grant a patent? If you want to kill it, get out your gun i.e.
No, not a court trial, a standard of proof.
]A constitutional ammendment against this task as a role of our (US) government
]don't offer reasonable compromise to leave it castrated but in place.
?? I do not understand this sentence.
The referents to "it" and "this" are unclear.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: New Strong Password-Authentication Software
Date: 22 Sep 2000 20:33:39 GMT
In <[EMAIL PROTECTED]> Philip MacKenzie
<[EMAIL PROTECTED]> writes:
]*** PAK SOFTWARE AVAILABLE FOR DOWNLOAD ***
]Lucent has just released code for telnet and ftp with authentication
]based on the new PAK protocol, presented at the Eurocrypt 2000
]conference. PAK is a protocol for strong password-authenticated
]key exchange (much like EKE, SPEKE, and SRP) but has also
]been PROVEN secure (as secure as Diffie-Hellman in the
]random oracle model). If you believe that security proofs
What is the difference between PAK and SRP say?
]are important (I certainly do), then you should consider
]checking out this new software. It is free for non-commercial use.
------------------------------
From: [EMAIL PROTECTED]
Subject: Big CRC polynomials?
Date: Fri, 22 Sep 2000 20:39:16 GMT
Reply-To: [EMAIL PROTECTED]
Hi all:
I'm seeking good 128- and 256-bit CRC polynomials. I've done a bit of
searching about on the net and have only been able to locate commonly used
polynomials of 32 and fewer bits. My intention is to use either a 128- or
256-bit polynomial for the purpose of uniquely identifying large numbers
(millions) of binary files; consequently, a 32-bit CRC is probably a bit too
small for this purpose.
Can anybody point me in the direction of some big polynomials to use for this
purpose? I could just randomly generate a polynomial for this purpose but if
somebody has/knows a "good" polynomial of this size it would be most helpful.
I unfortunately don't have the expertise nor the time necessary to develop
sufficient expertise to write polynomial generation routines which will pick
"good" polys.
Thanks..
Joel Thornton
please reply to [EMAIL PROTECTED] too if you can
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Idea for online Tokens
Date: Fri, 22 Sep 2000 20:49:33 GMT
In article <[EMAIL PROTECTED]>,
Doug Kuhlman <[EMAIL PROTECTED]> wrote:
>
>
> Tom St Denis wrote:
> >
> > let's say I want to give you a "token" that will let me keep tabs on
> > what you use (say live audio off the net) but not let you steal or
> > pretend to be the server.
> >
> > So instead of using a symmetric key (would violate the last cond) I
use
> > RSA this way (and this is nothing new so bear with me)
> >
> > Make up the N = pq part. Then pick 'e' randomly and solve for 'd'.
> > Then give the user (e, N) and keep (d, N). The user can now only
> > decrypt from anyone using (d, N) presumably the server.
> >
> > Is this a weak usage of RSA? What other non math attacks are there
on
> > this simple idea?
> >
> This works just fine. Really, there is no mathematical way to
> distinguish between e and d. They have equal value in that sense.
The
> reason e is usually picked as 17 or 65537 is that is has low Hamming
> weight (number of 1's in its binary representation) to minimize the
> number of operations done when using e. Obviously, since d is
private,
> we couldn't do the same thing with it....
>
> Doug
>
> P.S. Still doesn't tell you I'm not recording the live music for my
> later consumption/redistribution....
Well that's not the point. The point is does the "front" end of the
protocol work. I know the ripping-attack (hehe) is not stopable. All
I want to know is that someone can purchase a token from the website
then use it to later retrieve music from the site using their part of
the RSA key.
I assumed that both e/d would be random (well in the sense that 'e' is
not fixed). That's the point.
BTW I am aware of mitm attacks as well...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: /dev/null <[EMAIL PROTECTED]>
Subject: Re: Again a topic of disappearing e-mail?
Date: Fri, 22 Sep 2000 17:13:45 -0400
Mok-Kong Shen wrote:
Mok I read your posts with great interest, as I read all the posts in
this group. Mostly it is one of the nicest groups on the net. You
folks already know I am way out of my league in this group, as far as
cryptography is concerned. But if you will indulge the forensics wennie
in me for a moment... This software is a condom at best. It is like a
medium grade crypto system. It will protect you from someone trying to
access the data from your system using normal means.
When a disk rotates, the head never passes over the same exact cylinder
area twice. There are tiny irregularities in the rotation of the disk
surface and the mechanical parts of the head assembly. Those
irregularities mean that erasing the drive will not actually remove
everything that was ever written to the drive. A dedicated hardware man
with a good piece of code that will read and read and read can recover
quite a bit more than one would expect.
Now I don't think that many folks would have the resources to spend in
scouring a drive to chase down a fifteen year old cracker, on the other
hand, I do believe that this whining by law enforcement about not being
able to recover the information smells like an herring spoiling in the
sun, or plain ignorance.
:)
If you want the data gone, you have to destroy the media. It has always
been that simple (with the exception of ram, I suppose).
--
If children don't know why their grandparents did what they
did, shall those children know what is worth preserving and what
should change?
http://www.cryptography.org/getpgp.htm
------------------------------
From: Philip MacKenzie <[EMAIL PROTECTED]>
Subject: Re: New Strong Password-Authentication Software
Date: Fri, 22 Sep 2000 17:24:02 -0400
Bill Unruh wrote:
>
> In <[EMAIL PROTECTED]> Philip MacKenzie
><[EMAIL PROTECTED]> writes:
>
> ]*** PAK SOFTWARE AVAILABLE FOR DOWNLOAD ***
>
> ]Lucent has just released code for telnet and ftp with authentication
> ]based on the new PAK protocol, presented at the Eurocrypt 2000
> ]conference. PAK is a protocol for strong password-authenticated
> ]key exchange (much like EKE, SPEKE, and SRP) but has also
> ]been PROVEN secure (as secure as Diffie-Hellman in the
> ]random oracle model). If you believe that security proofs
>
> What is the difference between PAK and SRP say?
>
A fair question. They are two different protocols that
are meant to solve the same problem. Tom Wu has a nice
description of SRP in a paper that can be found on his
web site http://srp.stanford.edu/srp . On my web site
http://www.bell-labs.com/user/philmac/pak.html
are some papers and powerpoint slides that describe
the PAK protocol.
I can give my personal and quite biased :) opinion about
their similarities and differences:
Efficiency: They both involve a few exponentiations in
a multiplicative subgroup modulo a prime. One could quibble
about exact times, but they both are quite fast enough
for user authentication.
Proofs: PAK has a formal proof of security against active
attackers. SRP does not.
Patents: PAK is patented and freely available for non-commercial use.
SRP is not patented and is freely available for commercial
and non-commercial use.
Simplicity: PAK is simpler, in my opinion. Basically it's
a Diffie-Hellman exchange with one of the parameters entangled
with the password (by multiplication with the hash of the
password). SRP is a bit more complicated, and even uses
an addition in a multiplicative subgroup to thwart attacks.
For more specifics, the two sites above are quite informative.
Also, http://www.IntegritySciences.com is a good place for
info about these types of protocols.
-Phil
------------------------------
From: "Melinda Harris" <[EMAIL PROTECTED]>
Subject: WHAT IS ANEC ENCRYPTION?
Date: Fri, 22 Sep 2000 21:49:25 GMT
Anyone know anything about ANEC encryption?
EIA
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Tying Up Loose Ends - Correction
Date: 22 Sep 2000 22:35:24 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in
<[EMAIL PROTECTED]>:
..
>I repeated argued about your first sentence. I said
>that the percentage of 'waste' (the number of bits
>caused by using eof) is so small that it is negligible.
>Since without the right tree, the opponent cannot
>decompress to verify the plaintext even if he happens
>to have picked the right encryption key, whether
>there is an eof or not doesn't matter, isn't it?
>
If your "STATIC HUFFMAN TREE IS SECRECT" then having
a EOF symbol still sucks. I am not saying finding the tree is
easy it may be very hard. But still the EOF symbol is likely
to be the longest symbol and the last symbol. Why use it at
all. But if you can't see a reason then by all means you can
use it.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "bubba" <[EMAIL PROTECTED]>
Subject: Re: Big CRC polynomials?
Date: Fri, 22 Sep 2000 22:46:34 GMT
May I suggest an XOR checksum. A CRC is advantageous only when you
are trying to detect burst errors (aligned, contiguous differences in
otherwise
identical files in your case) of less that 128 or 256 bits in length (for
the
polynomials you mentioned).
<[EMAIL PROTECTED]> wrote in message news:8qgg1h$pmc$[EMAIL PROTECTED]...
> Hi all:
>
> I'm seeking good 128- and 256-bit CRC polynomials. I've done a bit of
> searching about on the net and have only been able to locate commonly used
> polynomials of 32 and fewer bits. My intention is to use either a 128- or
> 256-bit polynomial for the purpose of uniquely identifying large numbers
> (millions) of binary files; consequently, a 32-bit CRC is probably a bit
too
> small for this purpose.
>
> Can anybody point me in the direction of some big polynomials to use for
this
> purpose? I could just randomly generate a polynomial for this purpose but
if
> somebody has/knows a "good" polynomial of this size it would be most
helpful.
> I unfortunately don't have the expertise nor the time necessary to
develop
> sufficient expertise to write polynomial generation routines which will
pick
> "good" polys.
>
> Thanks..
>
> Joel Thornton
> please reply to [EMAIL PROTECTED] too if you can
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Again a topic of disappearing e-mail?
Date: Fri, 22 Sep 2000 15:43:07 -0700
> If you want the data gone, you have to destroy the media. It has always
> been that simple (with the exception of ram, I suppose).
Actually RAM isn't quite that simple either. If a value is left on DRAM for
a long period of time, it can be recovered, although the process gets more
and more expensive as RAM densities go higher. But regardless it can be
done.
Joe
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: New Strong Password-Authentication Software
Date: 22 Sep 2000 22:56:27 GMT
Bill Unruh <[EMAIL PROTECTED]> wrote:
> ]*** PAK SOFTWARE AVAILABLE FOR DOWNLOAD ***
Wow. Cool. Thanks!
> ]Lucent has just released code for telnet and ftp with authentication
> ]based on the new PAK protocol, presented at the Eurocrypt 2000
> ]conference. PAK is a protocol for strong password-authenticated
> ]key exchange (much like EKE, SPEKE, and SRP) but has also
> ]been PROVEN secure (as secure as Diffie-Hellman in the
> ]random oracle model). If you believe that security proofs
> What is the difference between PAK and SRP say?
That proof of security. Plus some details.
Paper is at
http://www.bell-labs.com/user/philmac/pak.html
http://www.bell-labs.com/user/philmac/research/pak-final.ps.gz
-David
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: Fri, 22 Sep 2000 17:01:19 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... ]
> Nope. The american patent office doesn't do many checks,
> compared to those in europe, and even worse the people
> there are paid for the number of patents that they have
> given (not those they have testet, or the hours they
> have worked).
This is pure, unadulterated nonsense. Patent examiners do NOT get
paid based on the number of patents they allow to be issued. Looking
through patent file wrappers, you could almost get the opposite
impression: that they seem to go to almost absurd lengths to prevent
patents from being issued even when the invention is clearly original
and useful and thoroughly merits a patent.
> > In this case, the patent is NOT simply on using rotations in
> > cryptography at all. It's on using a specific number of input-
> > dependent rotations combined in a fairly specific fashion.
>
> Okay, then the claim of patent violation is even more absurd.
It might be. That has nothing to do with the question of whether
patents themselves are good, bad, indifferent, useful or much of
anything else.
> > IOW, no, you can't get a patent on any piece of math you wish.
>
> Okay, then the practical question: So I can design a cipher
> using multiplication mod 2**16+1, addition and xor, and
> don't violate the IDEA patent ? I can easily construct, for
> example, a Feistel network with these operations !
I haven't read the European patent(s?) on it, but certainly the US
patent doesn't cover all ciphers using these operations. Just for
one really obvious example, the US patent has only one independent
claim, which appears to me to only apply to block ciphers, so any
stream cipher that used those operations would apparently be safe.
At least as I read the patent, it would be fairly easy to produce a
block cipher using the basic elements you cite above without
infringing the patent. Just for one example, the patent requires
that the "initial block" be divided into at least two sub-blocks (in
IDEA it's divided into four sub-blocks). As I read it, there is
probably also a requirement on the relative size of the key to the
block size -- it requires that the key be received as at least two
blocks each the same size as one of the sub-blocks above, so if (for
example) the entire key is the size of one sub-block in the cipher, I
can't see how it would infringe.
Interestingly enough, the independent claim doesn't mention the types
of operations carried out by each operation unit at all. IOW, the
use of multiplication mod 2**16+1, addition and xor aren't what's
covered by the patent. Instead, it covers the specific way of
stringing the operation units together.
> > > Software patents will, for example, destroy free software if we
> > > can't hinder it. I can't see how you want to get such losses
> > > back.
> >
> > People have been saying this for decades now.
>
> Have they ?!?
Yes.
> > In fact the examples
> > they first used (e.g. on RSA encryption) are now expired. Look
> > around, and try to tell me that there's less free software today than
> > there was 20 or 30 years ago.
>
> AFAIK PGP has simply violated the RSA patent. And GnuPG
> became possible because ElGamal expired.
PGP _licensed_ the RSA patent. Expired patents being put into the
public domain aren't exceptions: they're part of the rule. IOW,
that's _exactly_ what we (the public) receive in return for giving
the inventor a monopoly for a limited period of time. To summarize,
you're giving fine examples of how well the patent system really
works.
> The reason why open software projects haven't been destroyed
> by patents yet is simply that (a) they violate them and are
> hard to catch, and (b) there where no software patents in
> europe.
More nonsense. There are many reasons, but the primary one is that
the vast majority of software simply doesn't need to use patented
methods to accomplish its ends. Keep in mind that if something is
currently protected by a valid patent, then nobody did it more than
20 years ago. At least to me, it's hard to imagine something that
nobody had ever done up until 1980, but is now of such absolute
necessity that you absolutely can't get along without it. If you're
impatient enough that you WANT to do it before the patent expires,
then you can virtually always license the patent to do so.
> > Furthermore, the inventor has provided assistance so any person of
> > ordinary skill in the art can implement the invention as it was
> > intended to work.
>
> But _IF_ I don't want to get such a help ?
Fine, don't take it. If you don't want to use the patented
invention, nobody says you have to.
> Before a while
> I have heared someone tried to create a open sound format,
> patentfree. He has checked the U.S. patents and finally
> gave up. Even the simplest things are patented there...
Nonsense. There have been open sound formats for years. Anybody who
claims otherwise is grossly ignorant or lying. It can be
considerably more difficult to write software that's compatible with
a pre-specified sound format without patent encumbrances, but that's
a whole separate question.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: Fri, 22 Sep 2000 17:01:17 -0600
In article <[EMAIL PROTECTED]>, padgett-
[EMAIL PROTECTED] says...
> Personal opinion: Patents in the US tend to stifle technology rather than
> encourage it.
Upon what do you base this claim?
> Software is more properly protected by Copyright than patent.
Why? Copyright seems to have been intended to protect works that are
original, but involve little real invention. For example, romance
novels are awfully similar to each other (apparently most publishers
tell the authors the plot they MUST use before the books are written
at all) but they're protected as original anyway. Software is
considerably different from that: there's a great deal that's
original in most cases above and beyond the mere symbols used to
represent a particular program.
> For just one example see the Selden patent and the ALAM.
Hmm...if certain people had been killed before they had a chance to
wreak all sorts of harmful and evil things on the world, the world as
a whole would probably be better off for it. Is that, in your mind,
adequate justification for removing all laws against things like
murder?
> Think part of the problem with patents is that 20 years is far too long.
> It may have been appropriate in 1800 but not in 2000 with obsolecence
> averaging three years.
Is that so? IIRC, this thread started out talking about RSA
encryption. About the only more recent invention that competes with
RSA at all is ECC, but I doubt anybody would say RSA is truly
obsolete. For that matter, the patents on D-H ran out recently as
well. Again, even with RSA now easily available, it's hard to
justify calling D-H completely obsolete.
The same is true with many other patents. It appears to me that LZW
compression will remain extremely useful long after the patent on it
runs out. The backing-store method used in the X windowing system
still seems to be quite useful. It looks to me like arithmetic
compression will remain useful LONG after IBM's patents run out.
It would be easy to go on for quite some time, but it looks to me
like the conclusion is simple: really good inventions typically have
useful life spans MUCH greater than 20 years.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: Fri, 22 Sep 2000 17:01:15 -0600
In article <kQ8y5.67$bx3.1112@client>, [EMAIL PROTECTED]
says...
[ ... ]
> And yet it is the huge conglomerates like IBM and AT&T that own almost all
> of the software patents.
Likewise with hardware patents. What of it? Would it surprise you
if GM had more patents on automotive technology than you or I do?
Software is no different from anything else in this respect.
Also keep in mind that every time IBM, AT&T, Lucent, etc., writes a
patent (on hardware, software or whatever) they're voluntarily giving
that technology to ALL of us as soon as the patent expires.
> Really small operators cannot afford the legal
> battles that can ensue.
Nonsense. If you've got good patents on useful technology, you'll be
able to take your choice of firms with REALLY deep pockets to help
you enforce them. There are a fair number of quite large companies
that do NOTHING but help their clients enforce patents. For one
example, the Mahr-Leonard Management Company has made a huge amount
on patent licensing. Contrary to some statements in this thread
though, the owners of the patents really DO make money on them -- it
doesn't all go to the attorneys or anywhere close to it.
> On the other hand, it might go unchallenged -- even
> at that, they are sitting on top of a huge money pit if it does get
> challenged. But (for the most part) it is the mega-mega huge players that
> benefit. They already have multiple millions of dollars in their legal
> budget so that they can afford software patents.
Quite the opposite: patents are the majority of what lets little
companies compete with the huge ones. Of course, anymore many of the
little companies don't really WANT to compete: they want to start up,
create some new technology (patent it, of course) and get bought out
by a big company. Without patents, that wouldn't happen though: the
little company might start up and create some great new technology,
but without something to give them ownership of it, the big company
wouldn't bother buying out the small one -- they'd just take the
technology and use it for free instead.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: State-of-the-art in integer factorization
Date: Fri, 22 Sep 2000 17:01:13 -0600
In article <8qfefu$g2v$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> In article <8qedb0$c49$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Ed Pugh) wrote:
> > Bob Silverman ([EMAIL PROTECTED]) writes:
> > >
> > > Nothing has been written. Improvements have been only incremental.
> > > (i.e. slightly faster machines, a few more percent squeezed from
> > > code, etc.). There hasn't been a new algorithm in 11 years.
> >
> > Well, at least none that the NSA have let on about, anyway. ;-)
>
> That's right because the public open academia are just stupid people.
I don't think anybody's said that. Keep in mind, however, that the
NSA has a LOT of extremely smart people. Right now, there are
probably no more than a dozen or so mathematicians producing most of
the world's knowledge of factoring. Most of them work more or less
separately from each other, and most of them have LOTS of other
duties in addition to studying factoring. The NSA probably has at
least as many mathematicians of the same talent level, and can afford
to saddle them with fewer ancillary responsibilities.
Consider teamwork possibilities as well: think of a situation where
you can get a half-dozen people each the caliber of Bob Silverman or
Arjen Lenstra, and give them time to brainstorm on a regular basis.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
