Cryptography-Digest Digest #814, Volume #12 Mon, 2 Oct 00 14:13:01 EDT
Contents:
Re: It's Rijndael (Serge Paccalin)
Re: It's Rijndael (SCOTT19U.ZIP_GUY)
Re: It's Rijndael (Runu Knips)
Re: It's Rijndael ("Sam Simpson")
Re: It's Rijndael (Serge Paccalin)
Re: It's Rijndael (Helger Lipmaa)
Re: It's Rijndael (SCOTT19U.ZIP_GUY)
Re: It's Rijndael ("Brian Gladman")
Crypto algorithms in C ("Chris Kerslake")
Re: It's Rijndael (Albert Yang)
Comments on the AES winner (Mok-Kong Shen)
Re: Project: Digital Signing and Encrypting Application
([EMAIL PROTECTED])
Re: It's Rijndael ("Sam Simpson")
hourra for europa :) ("alex")
Re: Shareware Protection Schemes (Ichinin)
Re: It's Rijndael (Ichinin)
Re: Comments on the AES winner (Anton Stiglic)
Re: About implementing big numbers (Richard Heathfield)
Re: Comments on the AES winner (Mok-Kong Shen)
Re: Maximal security for a resources-limited microcontroller (Bo D�mstedt)
Re: It's Rijndael (Roger Schlafly)
Re: It's Rijndael (Roger Schlafly)
Re: Question on biases in random-numbers & decompression (Herman Rubin)
Re: Choice of public exponent in RSA signatures (Roger Schlafly)
Re: hourra for europa :) (Mok-Kong Shen)
Re: It's Rijndael (David A Molnar)
Re: Signature size (Mike Rosing)
Re: hourra for europa :) ("alex")
----------------------------------------------------------------------------
From: Serge Paccalin <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Mon, 2 Oct 2000 18:05:36 +0200
On/Le Mon, 02 Oct 2000 10:44:59 -0500,
[EMAIL PROTECTED] wrote/a �crit
in/dans sci.crypt...
> Quisquater wrote:
> >
> > Yes !
> >
> > See http://www.esat.kuleuven.ac.be/cosic/#press
>
> How is it pronounced?
Ay-ee-ess.
This answer is more serious than you could think. Who remembers the
original name of DES?
--
___________
_/ _ \_`_`_`_) Serge PACCALIN
\ \_L_) [EMAIL PROTECTED]
-'(__) L'hypoth�se la plus �labor�e ne saurait remplacer
_/___(_) la r�alit� la plus bancale. -- San-Antonio (1921-2000)
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: It's Rijndael
Date: 2 Oct 2000 16:03:12 GMT
[EMAIL PROTECTED] (David Lesher) wrote in <8ra9k3$iio$[EMAIL PROTECTED]>:
>
>
>Now all the flaming can start, right?
>
Wow that is a surprise. I really thought they would pick the
homeboy. I guess the only advantage is if there is ever a open
published break of the method. The NSA can still claim they knew
it was weak and that is why it is not approved for secrect
documents since they know it is not safe.
I gues this is not a good year for my guesses. I was also sure
that the bombing of the chinese embassy was on purspose so Clinton
could give Twain to the Red Chinese but I guess I have to admit that
has not happened yet either.
I hope this casues people to take a real close look at it.
I don't expect to find a weakness but I for one plan to take a
close look at it. It would be wonderful to have the public find
a break.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
Date: Mon, 02 Oct 2000 18:13:01 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
David Lesher wrote:
> Now all the flaming can start, right?
Hmm, actually I'm very surprised about this !
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Mon, 2 Oct 2000 17:18:01 +0100
A.E.S. ;)
--
Sam Simpson
http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
Ed Kubaitis <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Quisquater wrote:
> >
> > Yes !
> >
> > See http://www.esat.kuleuven.ac.be/cosic/#press
>
> How is it pronounced?
>
> --------------------------
> Ed Kubaitis ([EMAIL PROTECTED])
> CCSO - University of Illinois - Urbana-Champaign
------------------------------
From: Serge Paccalin <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Mon, 2 Oct 2000 18:16:58 +0200
On/Le 2 Oct 2000 11:29:07 -0400, [EMAIL PROTECTED] wrote/a �crit
in/dans sci.crypt...
>
>
> Now all the flaming can start, right?
Just a question: since they chose a Belgian algorithm, will they
have the nerve to forbid its export?
--
___________
_/ _ \_`_`_`_) Serge PACCALIN
\ \_L_) [EMAIL PROTECTED]
-'(__) L'hypoth�se la plus �labor�e ne saurait remplacer
_/___(_) la r�alit� la plus bancale. -- San-Antonio (1921-2000)
------------------------------
From: Helger Lipmaa <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Mon, 02 Oct 2000 18:22:01 +0300
"SCOTT19U.ZIP_GUY" wrote:
> [EMAIL PROTECTED] (David Lesher) wrote in <8ra9k3$iio$[EMAIL PROTECTED]>:
>
> >
> >
> >Now all the flaming can start, right?
> >
>
> Wow that is a surprise. I really thought they would pick the
> homeboy.
Grow up.
Helger
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: It's Rijndael
Date: 2 Oct 2000 16:11:31 GMT
[EMAIL PROTECTED] (Jim Gillogly) wrote in <[EMAIL PROTECTED]>:
>Ed Kubaitis wrote:
>>
>> Quisquater wrote:
>> >
>> > Yes !
>> >
>> > See http://www.esat.kuleuven.ac.be/cosic/#press
>>
>> How is it pronounced?
>
>It's in the FAQ on their site -- but the good news about this
>choice is that you won't have to remember how it's pronounced:
>it will now be pronounced Ay Ee Ess in English!
>
Wow this is a lose lose situation. The ones not picked will be
pissed becuase they think there is better. And the wining people will
be pissed since not one in the English speaking world will remember the
name so it will just be called AES.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Mon, 2 Oct 2000 17:47:25 +0100
"David Lesher" <[EMAIL PROTECTED]> wrote in message
news:8ra9k3$iio$[EMAIL PROTECTED]...
>
> Now all the flaming can start, right?
Probably.
But there are more useful things to discuss now we know that the AES is
Rijndael since this algorithm specifies block lengths that have been outside
the AES specification.
It will be interesting to discover whether the AES standard will stick with
its existing specification or whether it will be extended to include the
longer block length options that Rijndael provides.
Brian Gladman
------------------------------
Reply-To: "Chris Kerslake" <[EMAIL PROTECTED]>
From: "Chris Kerslake" <[EMAIL PROTECTED]>
Subject: Crypto algorithms in C
Date: Mon, 02 Oct 2000 16:54:16 GMT
Check out www.openssl.org, they have the C crypto libraries for IDEA, DES,
RSA (rc2/4/5), and a few other goodies. The code is free ...
- Chris
------------------------------
From: Albert Yang <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Mon, 02 Oct 2000 17:05:59 GMT
I'm actually shocked, I thought they would lean on the conservative side
and pick Serpent, that's what I would have done for longevity's sake,
but I'm not the NIST so I can't say...
Anybody have a link to the actually announcement??
Albert
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Comments on the AES winner
Date: Mon, 02 Oct 2000 19:20:25 +0200
Now that the AES winner has been determined, it is more
covenient and more efficient (since one has only one target
instead of a considerable number of them) to attempt to
comment on it. Our group, I think, has sort of natural
'responsibility' to do that, in order that some more or
less practicable (realizable) improvements, if any of these
could be found by us, have a chance of being incorporated
into the final standard version of AES.
As I see, AES is probably first going to be an American
national standard, before becomming an ISO standard. This
means that comments have to go through the ways that
national draft standards get officially processed and this
would presumably, I guess, exclude comments from foreign
origins. On the other hand, if we could manage to agree on
a certain number of concrete points of our opinions about the
AES winner, then I suppose it is no problem to find among us
someone of American nationality to submit a joint paper.
So shouldn't we start right now? (There were already some
amounts of discussions on Rijndael recently.)
M. K. Shen
===========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Project: Digital Signing and Encrypting Application
Date: Mon, 2 Oct 2000 17:02:09 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Patrick Reynolds wrote:
> Overview: Using Java, or another client side language, we wish to
> build an application that utilizes Blowfish, or similar,
> encryption technology to digitally sign and/or encrypt web and desktop
> data.
>
> Features: The application can be used to digitally sign MS Office
> and other documents, electronically. The application can be used to
> digitally sign and/or encrypt e-mail. The application can be used to
> capture data entered in a web form and encrypt it before sending it to
> an e-mail address.
> Technology:Users can opt to create a password (or private key) which
> produces a public key or alternatively they can import an RSA or
> VeriSign type digital certificate and use their private/public key.
> These keys whether produced by the application or by importing them,
> are the basis of how the application will work.
>
> Details: We need a total solution. In the case of the web form
> application, an existing application that uses cgi scripting is
> available for examination at http://securasite.com/securasite.zip with
> documentation available at http://securasite.com/Tutorial.zip
>
> In the case of the desktop component of the application an
> existing application can be seen at
> ftp://ftp3.elock.com/product/elock/product/etoff30.exe and
> documentation is available at
> ftp://ftp3.elock.com/product/elock/manual/assuredoffice/assuredofficeman
> ual.pdf
>
> NOTE: The URLs and/or programs shown are for illustrative purposes
> only. We do not wish any copying, decoding, or any other such
> patent/copyright infringement
>
> Total solution and source code, ownership and title to the solution
> once finished
>
> --
> Many Thanks
> Patrick Reynolds
> mailto:[EMAIL PROTECTED]
> http://www.everyco.net
hehe "Blowfish, or similar, encryption technology" !
do this means that you don't really know what algorythm it uses :-D
there is no source code available, but it seems that the ECC code is taken from
Pegwit without modifications (because the same private passphrase generates the same
public key than pegwit)
and it also seems they have changed symmetric cypher from square to something else
(probably to DES, Blowfish or Twofish - these cyphers are mentioned in their main
page)
but this should not be considered secure anymore:
Nigel Smart has recently discovered a new and powerful attack against elliptic
curves over GF(2^m) for composite m (this is what Pegwit and SecuraSite is using
!)
Details will be made available http://www.hpl.hp.com/news/ecc.html
and http://www.hpl.hp.com./techreports/2000/HPL-2000-10.html.
Briefly, if m = kd then the elliptic discrete logarithm problem
can be solved in time O(2^k*(2 + epsilon)) instead of O(2^kd/2),
where epsilon is a small number (presumably epsilon < 1).
Therefore, any curve (assuming Smart's attack applies to them)
could be broken in about O(2^32) steps.
btw,
I have made a new Pegwit version which uses secure curve,
one of curves recommended by NIST F2^233 (http://csrc.nist.gov/encryption/ )
and all old ECC code replaced with Mike Rosing's ECC code
(http://www.manning.com/Rosing/ http://mendota.terracom.net/~eresrch/ )
If you are interested in pegwit I can send you new version for testing
(I don't want to put it on the web yet, because I am not sure that I made
everything properly and there are no obvious flaws)
== <EOF> ==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp <-- PGP plugins for Netscape and MDaemon
remove .NOSPAM.NET for email reply
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.5.8
iQA/AwUBOdii7zBaTVEuJQxkEQJwDQCaA3xh6a7tyUGO1ABx5lI5d8TUi/UAoO88
z4ujO/5Q4Qpa5F4WnH++r7XW
=F91d
=====END PGP SIGNATURE=====
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Mon, 2 Oct 2000 18:11:19 +0100
The NIST front page now has related documents:
http://csrc.nist.gov/encryption/aes/
--
Sam Simpson
http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
David Lesher <[EMAIL PROTECTED]> wrote in message
news:8ra9k3$iio$[EMAIL PROTECTED]...
>
>
> Now all the flaming can start, right?
>
> --
> A host is a host from coast to [EMAIL PROTECTED]
> & no one will talk to a host that's close........[v].(301) 56-LINUX
> Unless the host (that isn't close).........................pob 1433
> is busy, hung or dead....................................20915-1433
------------------------------
From: "alex" <[EMAIL PROTECTED]>
Subject: hourra for europa :)
Date: Mon, 2 Oct 2000 19:06:10 +0200
Well done !
======
Alexander Pukall
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Shareware Protection Schemes
Date: Mon, 02 Oct 2000 07:11:55 +0200
> > I wrote:
> > - What would stop a cracker from killing your key validation
> > code in the software?
> musashi_x wrote:
> Hash of the exe and dll's. Compressing the .exe to make reverse engineering
> a good bit harder.
Yes but still:
1) Protection software load
2) Protection software validate the main runtime code.
3) Runtime hash become value 0xfe10dc32ba549876
Now; either:
[A]
1) Cracker penetrate protective layer
2) Software hash become 0x76feba32dc549810
3) Cracker paste the new hash into the code
4) Cracker recompile the executable
...or...
[B]
1) Cracker extract the runtime modules out of the code
and recompile - without - any protective software
Whatever kinds of protective measures you may put into
your code, to sincerely protect or just to confuse (if
given time) will fail.
If you can accept this, and settle for an average defense,
then you are on your way to true enlightenment :o)
/Ichinin
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: It's Rijndael
Date: Mon, 02 Oct 2000 07:17:14 +0200
Serge Paccalin wrote:
> Just a question: since they chose a Belgian algorithm, will they
> have the nerve to forbid its export?
Would it surprise you?
/Ichinin
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Comments on the AES winner
Date: Mon, 02 Oct 2000 13:19:02 -0400
In a rump session talk at Crypto 2000, N. Ferguson
(I believe it was) came up with an equation, in GF(2^8)
I believe, stating that if one can solve this equation
one can break Rijndael encryption. I taught it was a
very nice abstraction.
I did not note down the equation (the cipher I know
the less is in fact Rijndael, but I guess this is going
to have to change now... :).
Someone knows what the equation was?
------------------------------
Date: Mon, 02 Oct 2000 18:15:13 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: About implementing big numbers
Martin Miller wrote:
>
> Hi,
>
> I would like to know if there is information on the web on implementing in
> C big numbers, such as the ones used in RSA. Is it difficult ?
>
> I would also like to know what kind of solution most crypto software use
> when they need big numbers.
>
> Is there a good library I should use ?
>
> Would it be better and not too difficult to implement them myself?
>
> I plan to do this under Linux, but I'll maybe port the software on
> Windows.
>
In the absence of any other suggestions, do a Web search for "Miracl"
(note: no 'e' on the end) - it supports both the platforms you mention.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Comments on the AES winner
Date: Mon, 02 Oct 2000 19:48:18 +0200
Anton Stiglic wrote:
>
> In a rump session talk at Crypto 2000, N. Ferguson
> (I believe it was) came up with an equation, in GF(2^8)
> I believe, stating that if one can solve this equation
> one can break Rijndael encryption. I taught it was a
> very nice abstraction.
> I did not note down the equation (the cipher I know
> the less is in fact Rijndael, but I guess this is going
> to have to change now... :).
>
> Someone knows what the equation was?
I don't know but I think that the fact that Rijndael
has only one S-box should be discussed concerning its
advantages/disadvantages.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Bo D�mstedt)
Subject: Re: Maximal security for a resources-limited microcontroller
Reply-To: [EMAIL PROTECTED]
Date: Mon, 02 Oct 2000 17:37:05 GMT
Sagie wrote:
>Hello all,
>
> I'm in need of a symmetric (secret key) encryption process for one of my
>projects. I would love to use one of the popular schemes, such as blowfish
>and DES, but the cipher has to be implemented in a teeny-weeny
>microcontroller with very limited resources.
We could design a new system for you, that would meet your objectives
better that what you can archive using conventional technology.
Send us an E-mail if you are interested.
Bo D�mstedt
Chief Cryptographer
Protego Information AB
IDEON,Lund,Sweden
Our hardware noise generator:
http://www.protego.se/sg100_en.htm
Our E-Mail:
[EMAIL PROTECTED]
Fax: +46 46 286 36 40
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Mon, 02 Oct 2000 10:43:36 -0700
David Lesher wrote:
> ?? Now all the flaming can start, right?
> ?No, why? Rijndael was objectively the favorite.
> My point exactly...
> When has reason ever been needed in a flamewar?
All that speculation that NIST would favor IBM because of DES;
favor a home team out of nationalism; dislike Rijndahl because
of the foreign name; choose multiple winners out of indecisiveness;
etc. down the drain. It looks like NIST just tried to pick the
best candidate.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Mon, 02 Oct 2000 10:45:19 -0700
Serge Paccalin wrote:
> Just a question: since they chose a Belgian algorithm, will they
> have the nerve to forbid its export?
Al Gore has been the big proponent of export restrictions.
The election is next month. Not that many voters really
care about crypto much, but the anti-crypto man may not be
in office much longer.
------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Crossposted-To: comp.compression
Subject: Re: Question on biases in random-numbers & decompression
Date: 2 Oct 2000 12:41:30 -0500
In article <[EMAIL PROTECTED]>,
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
>Herman Rubin wrote:
>> In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> wrote:
>> >In sci.crypt Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>> >: "D.A.Kopf" wrote:
>> >:> So the original poster was correct, the inverse of an arithmetic
>> >:> compresser would be effective. Just "decompress" the random
>> >:> bitstream into the needed bin size.
>> >: Could you give a reference to an efficient decompressor
>> >: that works for arbitrary target range? Thanks.
>> >He means an ordinary arithmetic decompressor, with a small number of
>> >symbols set up to occur with equal frequency.
>> This has been posted before.
>> A most bit efficient procedure to generate one of n equally
>> likely options in {0, 1, ..., n-1} is as follows; using
>> hardware features can improve the speed, but these are likely
>> to be machine dependent.
>[neat not-previously-posted-algorithm (saved and) snipped]
>This is really great for random numbers, but it's not reversible. Using
>an arithmetic decompressor will allow me to reversibly turn my plaintext
>bit-string into a base-3 plaintext suitable for NTRU. I want to convert
>my original plaintext base-2 stream into the shortest base-3 stream
>possible, chop it into blocks, encrypt, transmit, decrypt, concatenate
>the blocks, and change the resulting base-3 stream back into a base-2
>stream.
>Perhaps^H^H^H^H^H^H^H I should have stated this back in the post that
>started the thread.
>I didn't do so then, because I *also* need a source of truly random
>base-3 numbers, as part of the encryption process. I think at this
>point that I'm simply going to use two seperate algorithms, the
>arithmetic decompressor for the plaintext, and one of the various
>random-number-in-range algorithms for the 'obfuscator' component of
>encryption.
There is not finite-length reversible procedure, as a power
of two is not a power of three. One can convert a base-two
number into a base 3 number, or the other way around. If one
starts with random numbers, everything after the most
significant "digit" differing from the total number of
possibilities can be used as random, and this is an optimal
procedure.
One can choose the lengths to reduce losses, but that is
all that can be done.
>I'd originally thought I could use a decompressor for each, one using
>plaintext bits, one using random bits, since the criteria are very
>similar, though slightly different, but doesn't seem like it's going to
>happen.
>Just as an aside, what's needed for the plaintext stream is:
>1) Minimum expansion of the information bitstream when going from base-2
>to base-3.
See above.
>2) The conversion should be reversible (lossless).
This is not possible with finite streams, without some loss
of randomness at the end.
>*) This implies maximum compression from base-3 to base-2.
>What's needed for the 'obfuscator' stream is:
>1) Bits from the underlying generator are used in the optimum way
>possible, because the generator may be very slow.
See above. The optimum way is going to require high precision
arithmetic, so one may want less. One can accept less, and
this can easily be done with 90% efficiency.
>*) This can be phrased as, "Minimum lossless expansion of the random
>bitstream when going from base-2 to base-3." This is why I thought to
>use the same solution to both problems.
>2) If all the previous values of the base-3 stream are known, there
>should be no better than 1/3 probability of guessing the next symbol,
>even if the underlying base-2 generator (but not the generator's state)
>are known.
This will require that some random information be added to
get the base-3 output to have this property. It means that
to reverse the process, it will be necessary to remove some
of the base 3 material to get the base 2 source.
>*) We can assume that if all of the generator's previous output is
>known, and the generator's algorithm (but not it's state) is known, the
>opponent has no better than 1/2 probability of guessing the next output
>bit... In other words, the underlying bit generator is a 'good' one.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Choice of public exponent in RSA signatures
Date: Mon, 02 Oct 2000 10:53:14 -0700
Thomas Pornin wrote:
> Besides, choosing a prime number speeds up the key selection algorithm
> (e must be prime to (p-1)(q-1), so, with e = 3, when you choose p, you
> have only ~67% chance that p-1 is prime to e).
Testing for divisibility by 3 is so fast, compared to other needed
operations, that it is insignificant. I doubt that you could notice
the difference, if it is done in a reasonable way.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: hourra for europa :)
Date: Mon, 02 Oct 2000 20:09:49 +0200
alex wrote:
>
> Well done !
EURO does much less well :-)
M. K. Shen
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: 2 Oct 2000 17:59:56 GMT
Serge Paccalin <[EMAIL PROTECTED]> wrote:
> This answer is more serious than you could think. Who remembers the
> original name of DES?
pretty much every christian, I'd guess.
they don't actually know it's the original name of DES, but hey..
-David
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Signature size
Date: Mon, 02 Oct 2000 13:03:09 -0500
[EMAIL PROTECTED] wrote:
>
> At http://home.hetnet.nl/~ecstr/techdetails.html it is claimed that ECC
> signatures are 170 bits long (comparing it to 1024 bits RSA security).
> How is this achieved?
The mathematical problem is different. The amount of work you need to do
to crack 170 bit ECC problem is about the same (but not really - there's
lots of details I'm leaving out) as the work you need to do to crack 1024 bit
RSA problem. You need to learn a lot of math to understand why.
> Does XTR which is claimed to generate signatures of 170 bits as well
> scale down in this with less security?
I think so.
> How long is a signature generated with NTRU?
I haven't seen a signature algorithm published yet. You may want to
scan their documents pages and search for signature functions to see
if there is one.
Patience, persistence, truth,
Dr. mike
------------------------------
From: "alex" <[EMAIL PROTECTED]>
Subject: Re: hourra for europa :)
Date: Mon, 2 Oct 2000 20:06:36 +0200
We can not be good in all domains :)
But Mok-Kong you are german aren't you ?
Germany is in Europa, no ? :)
Mok-Kong Shen <[EMAIL PROTECTED]> a �crit dans le message :
[EMAIL PROTECTED]
>
>
> alex wrote:
> >
> > Well done !
>
> EURO does much less well :-)
>
> M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
