Cryptography-Digest Digest #757, Volume #12 Sat, 23 Sep 00 21:13:00 EDT
Contents:
Re: Please verify ("Dr Evil")
Re: t (Sagie)
Re: Please verify ("Trevor L. Jackson, III")
Re: t ("Trevor L. Jackson, III")
Re: CDMA tracking (was Re: GSM tracking) (Sagie)
Re: How many possible keys does a Playfair cipher have? (David Empey)
Re: Please verify (Tom St Denis)
Re: Software patents are evil. (Bill Unruh)
128-bit Secure LFSR (Tom St Denis)
Re: Faraday Cage (Was CDMA tracking) (Jerry Coffin)
Re: 128-bit Secure LFSR (Tim Tyler)
free cpu for sci.crypt readers (Tom St Denis)
Re: Software patents are evil. ("Paul Pires")
Re: A Note on news groups. ("John A. Malley")
Re: A Note on news groups. ("Paul Pires")
Re: Again a topic of disappearing e-mail? (Matthew Skala)
Re: What make a cipher resistent to Differential Cryptanalysis? ("John A. Malley")
----------------------------------------------------------------------------
From: "Dr Evil" <[EMAIL PROTECTED]>
Subject: Re: Please verify
Date: Sat, 23 Sep 2000 22:08:48 +0100
> The only possible scenarios are:
>
> 1.) The person used a *very* weak pass phrase, something that a dictionary
> attack would easily get
> 2.) The RNG used to generate the key was severely bugged (or something
> similar)
How do you know? Do you work for the NSA in precisely the appropriate
department, or have you mathematically proved something about the security
of RSA?
------------------------------
From: Sagie <[EMAIL PROTECTED]>
Subject: Re: t
Date: Sat, 23 Sep 2000 21:09:38 GMT
> Actually, as long as they're made of matter and not antimatter, there
are
> experiments one can do to make the distinction. I don't remember the
> details, tho. Something about beta decay or some such.
Well, as long as there are no cats involved, the animal rights groups
will at least give us a break.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Sat, 23 Sep 2000 17:30:23 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Please verify
Dr Evil wrote:
> > The only possible scenarios are:
> >
> > 1.) The person used a *very* weak pass phrase, something that a dictionary
> > attack would easily get
> > 2.) The RNG used to generate the key was severely bugged (or something
> > similar)
>
> How do you know? Do you work for the NSA in precisely the appropriate
> department, or have you mathematically proved something about the security
> of RSA?
He can probably count higher than the OP. The space of 4096-bit keys is so
large that it cannot be searched by any computer we can describe today, even
using all of the matter in the universe. Thus if the search described by the OP
was successful, then it was only searching a trivial portion of the space of
possible primes. If his cluster could handle a key every cycle (at least 100x
realistic) it checked 4 (cpus) * 6e4 (seconds) * 1e9 (nanoseconds) or 2.4e14
possible keys. That's only ~48 bits.
Note that this has nothing to do with the security of RSA, but everything to do
with key selection. The prime generator is a PGP issue not an RSA issue. It's
also (very probably) an implementation issue rather than a design issue.
It would be interesting to determine the source of the software that performed
the search. The time scale sounds about right for a program that searched a
file system, blindly using everything it found as a possible key. Perhaps it
found his keyring.
------------------------------
Date: Sat, 23 Sep 2000 17:37:40 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: t
zapzing wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> >
> > Fortunately, the self destruct button is completely unlabeled and
> looks just
> > like every other button on the console. Uh huh. 8-O
> >
>
> Sounds like something NASA would design.
A man-rated annihilation button sounds like a contender for the mouse
built to gov't specs.
A comparable contender is the gas used to poison pests (gophers) on
public (BLM) land. Apparently the EPA rules state that the poison
cannot be used until it has been tested as non-toxic.
------------------------------
From: Sagie <[EMAIL PROTECTED]>
Subject: Re: CDMA tracking (was Re: GSM tracking)
Date: Sat, 23 Sep 2000 21:43:54 GMT
> Unless the safe's case forms an integral, seamlessly conductive
surface and
> is grounded, the safe's skin can act as a coupled antenna to an
internal
> transmitter in some circumstances.
It does not have to be grounded. It is true that if it is not seamless,
some RF may "escape" in/out, but eventually, given a certain to-be-
cage, it will function as an attenuator, with a certain power loss. The
better Faraday cage it is, the more attenuation is applied on the
signal.
> Many receivers will detect signals as low as -80db
I suppose you meant -80dBm. Actually, quality receivers can handle
even -110dBm signals.
> the signal outside the safe would be around 0dbm. - so there plenty
> of power bandwidth left to address the distance between phone and
mobile
> phone tower.
That's not true (unless the phone tower is rather close to the safe,
and it is a case of perfect line-of-sight situation). Plus I'm not sure
that the signal outside the safe would be at 0dBm, as we are talking
about CDMA system, and therefore spread-spectrum transmission. In
spread-spectrum, the power is smeared all over the spectrum. I am not
sure what is the peak power at the strongest frequency, but certainly
it is less than 1 Watt.
> Of course, signal attentuation is reciprocal (ie in and out
> attenuation are the same), so a similar power level would be inside
the safe
> from an external signal from the tower.
That's not true either -- this entire model is asymmetric, because the
power of the cellphone transmitter is much lower than that of the cell
tower transmitter.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Sat, 23 Sep 2000 15:06:50 -0700
From: David Empey <[EMAIL PROTECTED]>
Subject: Re: How many possible keys does a Playfair cipher have?
"Douglas A. Gwyn" wrote:
>
> John Savard wrote:
> > [EMAIL PROTECTED] (Alex) wrote, in part:
> > >How many possible keys does a Playfair cipher have?
> > 25! , or more if the letter to omit can be varied as well.
>
> However, many of those keys are equivalent (in the sense that they
> will produce the same encipherment). So the answer is 24!, unless
> somebody can find some more equivalences.
How about reflection around the main diagonal? Wouldn't that work?
Or did you already include that in your figure?
--
Cordially,
Dave Empey
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Please verify
Date: Sat, 23 Sep 2000 22:05:45 GMT
In article <[EMAIL PROTECTED]>,
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote:
> Dr Evil wrote:
>
> > > The only possible scenarios are:
> > >
> > > 1.) The person used a *very* weak pass phrase, something that a
dictionary
> > > attack would easily get
> > > 2.) The RNG used to generate the key was severely bugged (or
something
> > > similar)
> >
> > How do you know? Do you work for the NSA in precisely the
appropriate
> > department, or have you mathematically proved something about the
security
> > of RSA?
>
> He can probably count higher than the OP. The space of 4096-bit keys
is so
> large that it cannot be searched by any computer we can describe
today, even
> using all of the matter in the universe. Thus if the search
described by the OP
> was successful, then it was only searching a trivial portion of the
space of
> possible primes. If his cluster could handle a key every cycle (at
least 100x
> realistic) it checked 4 (cpus) * 6e4 (seconds) * 1e9 (nanoseconds) or
2.4e14
> possible keys. That's only ~48 bits.
>
> Note that this has nothing to do with the security of RSA, but
everything to do
> with key selection. The prime generator is a PGP issue not an RSA
issue. It's
> also (very probably) an implementation issue rather than a design
issue.
>
> It would be interesting to determine the source of the software that
performed
> the search. The time scale sounds about right for a program that
searched a
> file system, blindly using everything it found as a possible key.
Perhaps it
> found his keyring.
Not to mention brute force searching of a RSA key is a very stupid idea.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bill Unruh <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: Sat, 23 Sep 2000 15:21:59 -0700
References: <hBKw5.30993$[EMAIL PROTECTED]]
<[EMAIL PROTECTED]] <[EMAIL PROTECTED]]
<[EMAIL PROTECTED]] <[EMAIL PROTECTED]]
<0Gtx5.217$hu1.995@client] <[EMAIL PROTECTED]] <[EMAIL PROTECTED]]
<[EMAIL PROTECTED]] <8qbadc$t83$[EMAIL PROTECTED]]
<[EMAIL PROTECTED]] <8qbriu$b5o$[EMAIL PROTECTED]]
<[EMAIL PROTECTED]] <8qdf0a$dj3$[EMAIL PROTECTED]]
<HXsy5.2330$Wl.165689@news-e <VzMy5.1023$[EMAIL PROTECTED]]
<8qgfir$gim$[EMAIL PROTECTED]]
<GxTy5.3583$[EMAIL PROTECTED]]
<8qisk5$5mk$[EMAIL PROTECTED]]
<r87z5.1293$[EMAIL PROTECTED]]
In <r87z5.1293$[EMAIL PROTECTED]] "Paul Pires" <[EMAIL PROTECTED]]
writes:
]Bill Unruh <[EMAIL PROTECTED]] wrote in message
]news:8qisk5$5mk$[EMAIL PROTECTED]...
]]
]] ]Bill Unruh <[EMAIL PROTECTED]] wrote in message
]] ]news:8qgfir$gim$[EMAIL PROTECTED]...
]] ]] In <VzMy5.1023$[EMAIL PROTECTED]] "Paul Pires"
]] ]<[EMAIL PROTECTED]] writes:
]] ]] ]] seems to me to fly in the face of all evidence. The software industry
]] ]] ]] took off with no patents. patents as a corporate tool in software has
]] ]] ]] really only taken ahold in the past few years, and is being used to
]] ]] ]] stifle not enhance competition and innovation. As in a criminal court,
]] ]] ]] the evidence should be there beyond a reasonable doubt that the monopoly
]] ]] ]] is essential befor any such monopoly should be granted.
]] ]]
]] ]] ]A trial to grant a patent? If you want to kill it, get out your gun i.e.
]] ]]
]] ]] No, not a court trial, a standard of proof.
]]
]] ]Hehehe... Guess what, Invention is like random or secure crypto.
]] ]No proof is possible. Just screens to filter out most of what it is not.
]]
]] Yes, I agree. But so are court trials. No proofs. Just arguments and
]] standards of of what is accepted as a convincing argument ( balance of
]] probablilities, beyond reaseonable doubt,...). A patent applicant must
]] now "prove" to the examiner that his invention is new.
]No. The applicant asserts it is new and the examiner opts to challenge
]based on prior art, obviousness or whatever. The applicant has no
]requirement to prove it is new. If the examiner asserts that some prior
]art reads on it, then the applicant must reply to the challenge but no proofs
]of newness are required from the applicant. The reason is simple. IT
]CANNOT BE DONE. How do you prove that something is new?
]You can only assert that no known oldness applies to it. This is
]what is done now.
Please read. prove does not mean "it follows logically and inelluctibly
from some premises." A proof is a test of the truth of a statement. That
is waht the patent office does. That is what the applicant must do. He
must supply to the patent office all evidence which he knows of which
might invalidate the patent. He must swear that this patent covers new
material. These are all standards of proof. Unfortunately as you point
out patent examiners do not know everything about everything and may
well be convinced when they should not be. That is why bringing some
sort of adversarial role into the patent process might help. Ie, a
patent can be challenged via the patent office by the same process as
the patent was granted.
As in a court, one does not prove someone guilty by some logical chain
or reasoning but by arguments which are to convince. Youhave probably
heard the old saying "The exception that proves the rule" Clearly your
definition of proof would make this sentence complete nonesense. The
meaning of prove is and was (before it got hijacked by mathematicians in
this century) a test.
]]This does not
]] mean "prove" as in a mathematical theorem ( a field which borrowed a
]] well known word to describe something technical and rather removed from
]] that original meaning-- only to have the new meaning take over).
]]
]]
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: 128-bit Secure LFSR
Date: Sat, 23 Sep 2000 22:28:49 GMT
I reposted my slfsr to my website at
http://www.geocities.com/tomstdenis/files/slfsr.c
I am using a single 128-bit LFSR in self-shrinking mode. I would
appreciate someone who could verify the polynomial used. I am using
the LFSR in galois config. I made the LFSR poly with a program called
LFSR.EXE that I found on an ftp that was posted here a bit ago.
It's compact code, albeit not that efficient (are any LFSR's
efficient?). It features a simple rekeying :), fast enough for desktop
usage and it's really simple...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Faraday Cage (Was CDMA tracking)
Date: Sat, 23 Sep 2000 17:00:30 -0600
In article <8qinje$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
>
> I am going to quote 5 posts from this thread and two web pages,
> then give my comments at the bottom.
>
> --------------------------------------------------------
>
> Mack wrote:
>
> >
> >>Jerry Coffin wrote:
> >>
> >>If you are concerned about your phone being
> >>trackable when it is off, why not just put
> >>it in an aluminum briefcase ?
> >>
> >
> >Not terribly effective at attenuating signals.
> >It must be properly grounded. The 50 foot of ground
> >cable limits the effective range of the phone.
The attributions seem to have gotten screwed up somewhere along the
line: I didn't write any part of what's above.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: 128-bit Secure LFSR
Reply-To: [EMAIL PROTECTED]
Date: Sat, 23 Sep 2000 23:41:49 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: [...] are any LFSR's efficient?
They are pretty good when implemented in hardware.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ UART what UEAT.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: free cpu for sci.crypt readers
Date: Sat, 23 Sep 2000 23:46:26 GMT
I have a cyrix MII 300 (233mhz) to give away free (cuz I don't need
it). Any sci.crypt reader is entitled to it, if they actually need it
(i.e they have a socket7 board with a slow cpu in it).
If you really could use it, email me at [EMAIL PROTECTED]
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: Sat, 23 Sep 2000 17:08:45 -0700
Twilight zone. I responded below but.....
Is it just me or did this Re: post just get lopped off the branch
by Usenet? Do you see a new posting from me immediately below
this one? or are we still attached to the original thread?
Don't laugh, Usenet has been really weird lately.
Bill Unruh <[EMAIL PROTECTED]> wrote in message
news:Pine.LNX.4.10.10009231520010.7529-
<SNIP>
>
> Please read. prove does not mean "it follows logically and inelluctibly
> from some premises." A proof is a test of the truth of a statement. That
> is waht the patent office does. That is what the applicant must do. He
> must supply to the patent office all evidence which he knows of which
> might invalidate the patent. He must swear that this patent covers new
> material. These are all standards of proof. Unfortunately as you point
> out patent examiners do not know everything about everything and may
> well be convinced when they should not be. That is why bringing some
> sort of adversarial role into the patent process might help. Ie, a
> patent can be challenged via the patent office by the same process as
> the patent was granted.
I'll ignore your testy intro. I know what prove means and I even guessed
at your usage. But, this idea above actually sounds like a good idea. I'm
not being nasty, I think this is neet. One problem, How can you retract,
or reduce a patent once granted without due process. Note: a regulatory
action is not due process.
Maybe combine this with a provisional status. Something like: A patent can be
forced back into the review process (1 time only) within 6mos. after granting if
certain
challenge requirements are met. Have to be pretty strengent or it will be weak
to
a denial of service by flood attack.
Naw, this just won't work. if it is reducible, it is not a patent yet. No one
would licence a provisional patent so you might as well not do it.
>
> As in a court, one does not prove someone guilty by some logical chain
> or reasoning but by arguments which are to convince. Youhave probably
> heard the old saying "The exception that proves the rule" Clearly your
> definition of proof would make this sentence complete nonesense. The
> meaning of prove is and was (before it got hijacked by mathematicians in
> this century) a test.
>
> ]]This does not
> ]] mean "prove" as in a mathematical theorem ( a field which borrowed a
> ]] well known word to describe something technical and rather removed from
> ]] that original meaning-- only to have the new meaning take over).
> ]]
> ]]
>
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: A Note on news groups.
Date: Sat, 23 Sep 2000 17:15:56 -0700
Paul Pires wrote:
>
> I don't know if anyone else has noticed but Usenet has been
> acting stranger than usual lately. Particularly on the west coast.
>
> news-west.usenetserver.com
>
> From what I have been able to find out, a major player out west
> has had problems, is trying to rebuild, and has off-loaded much
> of their traffic to the east cost servers, mucking them up too.
>
> I see missing posts, Re: 's to new topics where the root post is missing
> and reply's to reply's of some of my posts where I can't see the first reply.
I noticed this, too. I am also on the West Coast of the U.S.
Gaps in threads appeared this week when viewing sci.crypt postings via
news.compuserve.com.
John A. Malley
[EMAIL PROTECTED]
>
> Paul
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: A Note on news groups.
Date: Sat, 23 Sep 2000 17:24:16 -0700
Thanks for the note,
I was starting to question what little sanity I posses.
Paul
John A. Malley <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Paul Pires wrote:
> >
> > I don't know if anyone else has noticed but Usenet has been
> > acting stranger than usual lately. Particularly on the west coast.
> >
> > news-west.usenetserver.com
> >
> > From what I have been able to find out, a major player out west
> > has had problems, is trying to rebuild, and has off-loaded much
> > of their traffic to the east cost servers, mucking them up too.
> >
> > I see missing posts, Re: 's to new topics where the root post is missing
> > and reply's to reply's of some of my posts where I can't see the first
reply.
>
> I noticed this, too. I am also on the West Coast of the U.S.
> Gaps in threads appeared this week when viewing sci.crypt postings via
> news.compuserve.com.
>
> John A. Malley
> [EMAIL PROTECTED]
>
> >
> > Paul
------------------------------
From: [EMAIL PROTECTED] (Matthew Skala)
Subject: Re: Again a topic of disappearing e-mail?
Date: 23 Sep 2000 17:04:47 -0700
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>requires email tracing. Meanwhile, privacy advocates applaud
>the new software. One oil executive says he uses a beta version
>of SafeMessage to prevent rivals from accessing his messages.
An oil executive, huh? Sounds reptilian to me.
--
Matthew Skala
[EMAIL PROTECTED] I'm recording the boycott industry!
http://www.islandnet.com/~mskala/
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: What make a cipher resistent to Differential Cryptanalysis?
Date: Sat, 23 Sep 2000 17:51:16 -0700
David C. Barber" wrote:
>
> DES, for example is considered resistant to Differential Cryptanalysis,
> particularly in its selection of S-boxes. What about them, or any cipher,
> makes it DF resistant?
>
> *David Barber*
Kaisa Nyberg and Lars Knudsen wrote a paper on this very subject -
"Provable Security Against a Differential Attack" which is available at
Lar Knudsen's web site:
http://www.ii.uib.no/~larsr/jour.html
John A. Malley
[EMAIL PROTECTED]
P.S.
My grasp of the theory behind differential cryptanalysis and DES-like
ciphers is weak so I can't comment on the arguments and analysis in Mr.
Knudsen's paper.
I'm gathering up the trail of papers from the 80s and 90s on
differential and linear cryptanalysis and starting from the beginning.
And I'm reviewing Group Theory to better understand the Alternating
Group and its role in DES-like ciphers using the iterated Feistel
function and how/why the rules for good S-boxes tie into this. Found a
great old book called "Groups" by Georges Papy of the Belgian Center of
Pedagogic Mathematics, published by St. Martin's Press in 1964, at the
local library.
I went to the local university library today to get "Markov Ciphers and
Differential Cryptanalysis" in Advances in Cryptology - Eurocrypt '91,
X. Lai, J.L Massey and S. Murphy. Of course the library change its
schedule to close every Saturday in September - gotta go back tomorrow.
Can't find that paper on the Web anywhere.
Meanwhile I'm working through "Differential Cryptanalysis of DES-like
Cryptosystems" by Eli Biham and Adi Shamir and "Differential-Linear
Cryptanalysis and Threshold Signatures," a dissertation by Susan
K.Langford published June 1995 by the Department of Electrical
Engineering at Stanford University. Found both on the Web.
(And then I must work through all of David Wagner's papers!)
How are you approaching this subject? The same kind of way?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
