Cryptography-Digest Digest #795, Volume #12 Fri, 29 Sep 00 06:13:01 EDT
Contents:
Re: From byte to key ! ("kihdip")
Re: Josh MacDonald's library for adaptive Huffman encoding (Mok-Kong Shen)
Re: On-line Turing test? (Mok-Kong Shen)
Re: newbie question (Aaron Cannon)
Re: newbie question ("kihdip")
Re: Deadline for AES... (Mok-Kong Shen)
Re: Why is TwoFish better than Blowfish? (Runu Knips)
Re: Why is TwoFish better than Blowfish? ([EMAIL PROTECTED])
Re: Why is TwoFish better than Blowfish? (Runu Knips)
Which is better? CRC or Hash? (Tiemo Ehlers)
Re: Why is TwoFish better than Blowfish? (Runu Knips)
Re: Which is better? CRC or Hash? (David Blackman)
Re: Blowfish Key length C code issue (Runu Knips)
Re: Blowfish Key length C code issue (Runu Knips)
Re: Blowfish Key length C code issue (Runu Knips)
Re: Chaos theory (Tim Tyler)
Re: Which is better? CRC or Hash? (Runu Knips)
Re: Chaos theory (Tim Tyler)
Re: Why is TwoFish better than Blowfish? (Runu Knips)
Re: Chaos theory (Tim Tyler)
----------------------------------------------------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Re: From byte to key !
Date: Fri, 29 Sep 2000 09:15:02 +0200
Try chapter 7 of HAC for DES:
http://cacr.math.uwaterloo.ca/hac/
Kim
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.compression,comp.theory
Subject: Re: Josh MacDonald's library for adaptive Huffman encoding
Date: Fri, 29 Sep 2000 09:35:48 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Mok-Kong Shen) wrote in
> >You were apparently answering to what I said about
> >starting from nothing, i.e. with no symbols in the tree.
> >But then using NYT and a standard encoding (needn't
> >be the same as ASCII) is what is given in standard
> >textbooks on data compression. If you have better
> >ideas, then post that. Perhaps you could apply
> >for patents and join the rank of gurus.
>
> I have posted it. And like I said you now where you
> can get the source code. I already have a patent. So
> way the hell would I want another one. Trust me they are
> no big deal.
But you could at least publish it in a cs or crypto
scientific journal, since it would be a significant
contribution. But perhaps I could conjecture what
would be your answer: These journals have editors
that are all against a real scientist like you.
M. K. Shen
>
> David A. Scott
> --
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
> http://www.jim.com/jamesd/Kong/scott19u.zip
> Scott famous encryption website **now all allowed**
> http://members.xoom.com/ecil/index.htm
> Scott LATEST UPDATED source for scott*u.zip
> http://radiusnet.net/crypto/ then look for
> sub directory scott after pressing CRYPTO
> Scott famous Compression Page
> http://members.xoom.com/ecil/compress.htm
> **NOTE EMAIL address is for SPAMERS***
> I leave you with this final thought from President Bill Clinton:
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On-line Turing test?
Date: Fri, 29 Sep 2000 09:55:22 +0200
John Myre wrote:
>
> I'm wondering about a certain frequent poster here.
>
> Could it actually be a computer program? Since Eliza
> et al., it has been clear that by limiting the subject
> matter, we can do pretty well. And sci.crypt seems
> well suited: highly technical content, with a low
> expectation of competence.
[snip]
Thanks for enabling me to retrieve from my brain a personal
event long long ago. I wrote to the now well-known author of
Eliza and had the pleasure of getting a copy of his program
via post.
M. K. Shen
------------------------------
From: Aaron Cannon <[EMAIL PROTECTED]>
Subject: Re: newbie question
Date: 29 Sep 2000 06:51:27 GMT
Thank you all for your helpfull responses! I very much appreciate it. I
think I'll just try to find a good secure prebuilt c library and use that.
any recommendations on what single key algorithms are best and easiest to
use? I was considering IDEA but I haven't heard anything on it for a
while, and so I don't know if any weaknesses have been found in it.
Thanks again for the help!
Aaron Cannon <[EMAIL PROTECTED]> wrote:
: I am curious. If I take some ascii text, (say 20,000 bits in length) and
: xor it with a sequence of random bits (say 256 bits repeated to the length
: of the message), how secure will this be? Is it pathetically simple to
: crack? Thanks!
--
"Man is superior to government and should remain master over it, not the
other way around."
Ezra Taft Benson (Teachings of Ezra Taft Benson, page 680)
ICQ #: 22773363
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Re: newbie question
Date: Fri, 29 Sep 2000 10:03:10 +0200
You're discussing the ciphertext only attacks.
But considering a known plaintext or chosen plaintext attack the key is
found instantaneously.
(Or am I missing something here?)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Deadline for AES...
Date: Fri, 29 Sep 2000 10:35:30 +0200
John Savard wrote:
>
> The text quoted: "the standard is ready for public comment" does make
> it possible the announcement will take place there, since that implies
> it won't have been released by that date.
I guess that there is a mistake in the quote above. Only
a draft standard has a public comment period, as far as
I know.
M. K. Shen
------------------------------
Date: Fri, 29 Sep 2000 10:32:57 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Why is TwoFish better than Blowfish?
Joseph Ashwood wrote:
> Twofish: should be used wherever speed is necessary, the data blocks match
> into 128-bit blocks easily, and the security level needs to exceed 2^120,
> with a margin of error that may eventually drop it below anything
> acceptable. There must never be more than 2^128 unique blocks under the same
> key available.
The later statement amuses me, because Twofish is a 128 bit block
cipher,
so there ARE only 2**128 possible unique blocks !! ;-)))
Statistics say that, in CBC mode, a n bit block cipher will have two
equal
blocks after 2**(n/2) blocks with a chance of 50% (birthday paradox). So
one should actually try to (a) use substantly less blocks, and/or (b)
make
the XOR of two random blocks a useless information, for example by using
compression, or by combining the block cipher with a stream cipher, etc.
Changingthe key after 2**128 blocks is IMHO therefore a little bit very
optimistic. I would suggest something like 2**40 blocks.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Why is TwoFish better than Blowfish?
Date: Fri, 29 Sep 2000 08:44:12 GMT
Runu Knips wrote:
> The later statement amuses me, because Twofish is a 128 bit block
> cipher,
> so there ARE only 2**128 possible unique blocks !! ;-)))
why "only"
> Statistics say that, in CBC mode, a n bit block cipher will have two
> equal
> blocks after 2**(n/2) blocks with a chance of 50% (birthday paradox). So
isnt it (2**n)/2 ??
> one should actually try to (a) use substantly less blocks, and/or (b)
> make
> the XOR of two random blocks a useless information, for example by using
> compression, or by combining the block cipher with a stream cipher, etc.
>
> Changingthe key after 2**128 blocks is IMHO therefore a little bit very
> optimistic. I would suggest something like 2**40 blocks.
==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp <-- PGP plugins for Netscape and MDaemon
remove .NOSPAM.NET for email reply
------------------------------
Date: Fri, 29 Sep 2000 11:02:34 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Why is TwoFish better than Blowfish?
Tom St Denis wrote:
> Twofish is by far the best AES cipher.
Maybe Twofish is the best, but not 'by far'. Its hardware performance
is not that bright compared to Serpent and Rijndael, and it is not a
truely simple cipher. Its (known) security per clocks performance in
software is however unreached.
In fact, maybe the ideal cipher would be adding some more rounds to
Rijndael, the fastest in hardware, which is as fast as Twofish in
software, but has, as far as we know, the by far lowest security
of the three.
Or maybe Serpent is best. It is based on very simple principles, has
very much rounds, and is very cheap in hardware. The many rounds make
it very slow in software, compared to the other three. I think Serpent
is the most trustable of the AES finalists.
I think all these ciphers are good designs.
> Make Twofish use 24 rounds or so and I doubt even the slightest
> weakness (see Knudsen's paper on Twofish Trawling) will show in 24
> rounds..... :) Even at 16 rounds Twofish seems secure.
Hu ?
Why is Twofish with 8 rounds (I guess you count 2 Feistel rounds,
each on one of the halves of the full block, as one 'round' here,
because actually Twofish already HAS already 16 (Feistel) rounds)
insecure ?
> It's design is sound, it's a versatile cipher and it's free to use,
> that's the best of all!
True for Serpent and Rijndael as well (the remaining two are not of
interest, are they ?).
------------------------------
From: Tiemo Ehlers <[EMAIL PROTECTED]>
Subject: Which is better? CRC or Hash?
Date: Fri, 29 Sep 2000 11:01:00 +0200
I want to find out if a data file (size: about half meg) has been
changed.
I can get a digest number with a hash function (RIPEMD or SHA) 160 bit
wide or so.
I can also use a CRC, 32, 64 or higher to get a remainder or some kind
of digest number.
Which way is the better one?
I have doubts using CRC because it is based on the modulo operation.
Tiemo
------------------------------
Date: Fri, 29 Sep 2000 11:18:06 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Why is TwoFish better than Blowfish?
Joseph Ashwood wrote:
> I thought we both agreed that they would hire someone to spread as much
> erroneous information as possible, impede the spread of knowledge, and
> propogate the spread of their own wishes.
The NSA exists to assert the security of the US, not the security of
the rest of the world.
But on the other hand it seems that they have actually helped IBM
with DES, and until today nobody found any intentional weakness in
DES, did anyone ?
> I see very strong correlations between that and a person who posts large
> quantities of information that is factually incorrect (see the DES
> thread),
Hu ? I can't find any such posting of Schneier in this NG ?
> spreading information about his own ciphers (which are as far
> as we know unanalyzed, and we know for a fact that they are consistently
> presented in a form that makes analysis exceptionally difficult),
Why is Blowfish hard to analyze ? It is a truely simple cipher, plus
it has many rounds, 16 instead of 6 (which would AFAIK be enough as
well). Every analysation of it just resulted in the conclusion that
it is extremely secure.
I would like to know where you see the slightest chance for a backdoor
in Blowfish.
Twofish is complex, but on the other hand it is clear that they tried
to design a Blowfish which meets the requirements of the AES contest.
------------------------------
From: David Blackman <[EMAIL PROTECTED]>
Subject: Re: Which is better? CRC or Hash?
Date: Fri, 29 Sep 2000 20:29:09 +1100
Tiemo Ehlers wrote:
>
> I want to find out if a data file (size: about half meg) has been
> changed.
> I can get a digest number with a hash function (RIPEMD or SHA) 160 bit
> wide or so.
> I can also use a CRC, 32, 64 or higher to get a remainder or some kind
> of digest number.
>
> Which way is the better one?
> I have doubts using CRC because it is based on the modulo operation.
>
> Tiemo
Depends what kind of changes you're worried about. If you're worried
that an evil person will sneak in and change the file, then you'd better
use SHA-1 or Tiger or one of the other crypto quality hashes. (And store
the hash somewhere that evil people can't get at to change them.)
If you're just hoping to detect accidental changes, just about any hash
or checksum of 32 bits or more is fairly good. But there's still nothing
wrong with using a good crypto hash function even for that.
On only half a meg, just about any well known hash or checksum will run
in a small fraction of a second on most PCs, so speed probably won't be
a problem.
------------------------------
Date: Fri, 29 Sep 2000 11:28:46 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Blowfish Key length C code issue
[EMAIL PROTECTED] wrote:
> Hi ;
>
> I have downloaded the blowfish C code from counterpane siet, however I
> can not seem to find out the varaible that uses the key length in the
> code.
Maybe you would prefer to use libcrypt, which is included in OpenSSL
(see www.openssl.org) ?
It also has Blowfish.
> I would like to be able to change the key length and check the system
> performance.
For BLOWFISH ???? Forget it, it is always the same, no matter how long
or short the key is.
Btw, Schneier states in his 'Applied Crypto' that the maximum key
size is 448 bits. This is wrong, isn't it ? If I'm not totally
wrong, it uses up to 576 bits.
------------------------------
Date: Fri, 29 Sep 2000 11:29:19 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Blowfish Key length C code issue
[EMAIL PROTECTED] wrote:
> Hi ;
>
> I have downloaded the blowfish C code from counterpane siet, however I
> can not seem to find out the varaible that uses the key length in the
> code.
Maybe you would prefer to use libcrypt, which is included in OpenSSL
(see www.openssl.org) ?
It also has Blowfish.
> I would like to be able to change the key length and check the system
> performance.
For BLOWFISH ???? Forget it, it is always the same, no matter how long
or short the key is.
Btw, Schneier states in his 'Applied Crypto' that the maximum key
size is 448 bits. This is wrong, isn't it ? If I'm not totally
wrong, it uses up to 576 bits.
------------------------------
Date: Fri, 29 Sep 2000 11:30:19 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Blowfish Key length C code issue
[EMAIL PROTECTED] wrote:
> Hi ;
>
> I have downloaded the blowfish C code from counterpane siet, however I
> can not seem to find out the varaible that uses the key length in the
> code.
Maybe you would prefer to use libcrypt, which is included in OpenSSL
(see www.openssl.org) ?
It also has Blowfish.
> I would like to be able to change the key length and check the system
> performance.
For BLOWFISH ???? Forget it, it is always the same, no matter how long
or short the key is.
Btw, Schneier states in his 'Applied Crypto' that the maximum key
size is 448 bits. This is wrong, isn't it ? If I'm not totally
wrong, it uses up to 576 bits.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Reply-To: [EMAIL PROTECTED]
Date: Fri, 29 Sep 2000 09:01:39 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Jim Gillogly <[EMAIL PROTECTED]> wrote:
:> : In mathematics, however, chaos lies on the boundary between
:> : order and disorder, and is a study of systems that have behavior
:> : that's largely predictable statistically...
:>
:> Not necessarily correct - chaotic systems can be highly disordered.
: Gillogly was closer to the mark.
Except for the fact that he stated that "chaos lies on the boundary
between order and disorder" - which isn't right at all - while my
statement was correct.
: Random chaotic systems are relatively uninteresting,
: and would not be usable to construct cryptosystems in the
: sense envisioned by people who ask the original question.
I /assumed/ they were talking about what they said: chaotic systems.
: What they have in mind are iterated functions [...]
A tiny subset of chaotic systems, which were never mentioned.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Namaste.
------------------------------
Date: Fri, 29 Sep 2000 11:33:21 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Which is better? CRC or Hash?
Tiemo Ehlers wrote:
>
> I want to find out if a data file (size: about half meg) has been
> changed.
> I can get a digest number with a hash function (RIPEMD or SHA) 160 bit
> wide or so.
> I can also use a CRC, 32, 64 or higher to get a remainder or some kind
> of digest number.
>
> Which way is the better one?
> I have doubts using CRC because it is based on the modulo operation.
Well, hmm, of course the cryptographically hard hash (such as RIPE
MD160, SHA-1 or Tiger/192, to list the best ones) is the better one,
and that not only because it has far more bits... the reason why one
would prefer to use a crc is that the crc is cheaper to compute.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Reply-To: [EMAIL PROTECTED]
Date: Fri, 29 Sep 2000 09:26:09 GMT
Jim Gillogly <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Jim Gillogly <[EMAIL PROTECTED]> wrote:
:> : It can be worse than this: because chaotic systems have attractors,
:>
:> "Having attractors" is neither a defining nor a necessary property of
:> chaotic systems. For a definition, see the sci.nonlinear FAQ:
:> http://www.enm.bris.ac.uk/research/nonlinear/faq-[2].html#Heading12
: My understanding of chaos and attractors is more accurately
: represented by this reference from the Mathematica people:
: http://mathworld.wolfram.com/Chaos.html
:
: A dynamical system is chaotic if it
: 1. Has a dense collection of points with periodic orbits,
: 2. Is sensitive to the initial condition of the system [...]
: 3. Is topologically transitive.
The URL I gave goes into technical details after the broad statement.
Id discusses how large a set of initial states need to lead to
unpredictable behaviour for the term to be applicable, and discusses
the possible relevance of Devaney's requirement that periodic points be
dense in the field.
Wolfram's 1. seems to be unnecessarily controversial. Turbulent fluid
flow is widely regarded as "a chaotic dynamical system", but doesn't
exhibit any detectable periodic behaviour. I would say this definition
was badly worded on these grounds.
3. Can't really be part of the definition of chaos *outside* dynamical
systems IMO - since "neighbourhood" and "topology" might not be
well-defined there.
: Criterion 1 above is the property I was referring to that allowed
: me to break a "chaotic" cryptosystem posted to sci.crypt and another
: that wasn't.
FWIW, the FAQ rejects this as a defining criterion. Unless I'm mistaken,
all points in (say) a block cypher will have periodic orbits /anyway/, so
you'd have to explain the relevance of this property to cryptography
further before I can see what you're talking about.
:> : In mathematics, however, chaos lies on the boundary between
:> : order and disorder, and is a study of systems that have behavior
:> : that's largely predictable statistically...
:>
:> Not necessarily correct - chaotic systems can be highly disordered.
: Chaotic systems are predictable in the short term, and by the
: Wolfram definition above exhibit periodic behaviors. Even short
: term predictivity is anathema to cryptosystems, and periodic
: behavior may be the kiss of death.
That's why cryptosystems bundle their chaos in large chunks. I'm sure if
you stick your probes into a block cypher after one round has taken
place, you'll find short-term predictability, in the face of perturbations
in the inputs.
Similarly if you wait a long time, you'll inevitable encounter your
periodic behaviour, since the system is finite and deterministic.
The Wolfram page you cite doesn't say the periods have to be short.
They don't. Indeed, since Wolfram's definition applies to continuous
systems, it's extremely unclear how the word "period" ever got in there
in the first place.
: I don't rule out the possibility that a chaotic system can provide
: good grounding for a strong cipher.
That sounds sensible. Practically all strong cyphers I know of are
fundamentally based on chaotic systems.
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
Date: Fri, 29 Sep 2000 11:40:27 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Why is TwoFish better than Blowfish?
[EMAIL PROTECTED] wrote:
> Runu Knips wrote:
> > The later statement amuses me, because Twofish is a 128 bit block
> > cipher,
> > so there ARE only 2**128 possible unique blocks !! ;-)))
>
> why "only"
Well, a 128 bit block only has 2**128 possible values ? There
can't be a single more unique value.
> > Statistics say that, in CBC mode, a n bit block cipher will have two
> > equal blocks after 2**(n/2) blocks with a chance of 50% (birthday
> > paradox). So
>
> isnt it (2**n)/2 ??
No, the birthday paradox says after 2**(n/2), not after
2**(n-1).
Thats the same paradox which causes a 50% chance that in a room
with 23 persons, two persons have the same birthday (therefore
that name 'birthday paradox').
It is just that the chance to get the same value again is
1/(2**n), but for 2**(n/2) blocks you have 2**(n/2) such
chances -> the chance than ANY block appears again becomes
50% !
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Reply-To: [EMAIL PROTECTED]
Date: Fri, 29 Sep 2000 09:32:35 GMT
Derek Bell <[EMAIL PROTECTED]> wrote:
: Tim Tyler <[EMAIL PROTECTED]> wrote:
: : Chaos, by definition means "sensitive dependence on initial conditions".
: When I did a course in nonlinear dynamics, nearly ten years ago,
: it was stated that a consensus on exactly what properties a chaotic system
: had to have wasn't reached yet.
There may yet be some remaining quibbles about technical issues at the
edges of the definition.
Also there's the layman's notion that chaos <-> randomness.
Which systems quailfy as chaotic is pretty clearly defined, though.
Does anyone know of any definitions by which (say) modern block
cyphers do *not* qualify as chaotic systems?
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
