Cryptography-Digest Digest #845, Volume #12 Thu, 5 Oct 00 01:13:01 EDT
Contents:
Re: The best way to pronounce AES (JPeschel)
Re: It's Rijndael (David Hopwood)
Re: It's Rijndael (David Hopwood)
Re: No Comment from Bruce Schneier? (Roger Schlafly)
Re: Faraday Cage (Was CDMA tracking) (Mack)
CRC vs. HASH functions (Mack)
Re: CDMA tracking (was Re: GSM tracking) (Mack)
Re: No Comment from Bruce Schneier? (John Savard)
Re: The best way to pronounce AES (John Savard)
Re: is NIST just nuts? (John Savard)
Re: It's Rijndael (John Savard)
Re: CDMA tracking (was Re: GSM tracking) (Mack)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: The best way to pronounce AES
Date: 05 Oct 2000 04:10:14 GMT
Mok-Kong Shen [EMAIL PROTECTED] writes:
>As far as I know, the 'standard' British
>English is the Oxford English. Which is the corresponding
>one for American English?
What do you mean by "the Oxford English?" You are
asking about dictionaries? You are asking about
formal, colloquial, or slang usage? Dialects?
Oy...
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
Date: Thu, 05 Oct 2000 02:41:50 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: It's Rijndael
=====BEGIN PGP SIGNED MESSAGE=====
John Savard wrote:
> On Wed, 04 Oct 2000 04:18:03 +0100, David Hopwood
> <[EMAIL PROTECTED]> wrote, in part:
>
> >Writing and compiling an encryption program outside the U.S. is not
> >a violation of U.S. export laws, and never has been.
>
> Of course not.
>
> But exporting a compiler from the U.S. for use in creating things the
> U.S. would not like to export directly *might* be. At least, the
> compiler companies' lawyers seemed to think so.
Yes, well, lawyers are not uncommonly given to flights of fantasy.
(Apologies to any clueful lawyers present.)
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOdvcPzkCAxeYt5gVAQFtSQf/c7v5ISWAMOJp13B+7+Bl5nXK0Aze9AnP
d5c1/sxojHlNXHIx0yhiQEzEpedcCmomK5OuDb7AqZBU4lAT0jTrJSd0LVQBXhty
CCcpGrYiyNWJykP49Db/sTn5s56oPhSu6hCVZYkJPTAa/Z20LXjL/emlgLo0RBXP
nl1pAXgmg7umYgPDHD4o6tdMVcIxVH9UcrKkk1u0Dxjz8ZGbQwTFUywXmkQDK2Y9
4i3r47tF1ut6n4nOYL81yNDNk2375WOMO4ELlVeQ4daOqQs/QuwyLY8j6Iveb34p
VdqjpI3swvi3HuvUi5vsbzcchyVSmwhR9SiSUniCXgL8TpkCMWrzoQ==
=Dwfh
=====END PGP SIGNATURE=====
------------------------------
Date: Thu, 05 Oct 2000 02:47:28 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: It's Rijndael
=====BEGIN PGP SIGNED MESSAGE=====
Tim Tyler wrote:
> David Schwartz <[EMAIL PROTECTED]> wrote:
> : Scott Fluhrer wrote:
>
> :> However, it's not a one time pad. Assuming that you do find such a 256
> :> bit key in rather less than 2^128 work, and further assuming (as per David
> :> Hopwood) there are about 2^128 such keys, then you have found the correct
> :> key with probability 2^-128, and with less than 2^128 work, this is better
> :> than brute force...
>
> : However that assumption was not stated, in fact David Hopwood
> : specifically stated the opposite of that assumption. Finding a key that
> : produces such an encryption is 2^128 easier than actually finding the
> : correct key. So doing that would not be equivalent to breaking Rijndael.
Yes, finding such a key with 2^128 work would not be equivalent to breaking
Rijndael. If you did it in much less than 2^128 work, OTOH, that would
mean that Rijndael had significantly different behaviour to a random cipher.
That still wouldn't necessarily mean that it was broken, but it would be
cause for concern (depending on exactly how the behaviour was different).
> : Read David Hopwood's original post and John Savard's response. David
> : Hopwood is correct and John Savard is incorrect (if you take him
> : literally).
>
> I think that actually locating the correct key from a 128 bit space would
> be a good indication that you had found a break - i.e. John's post looked
> OK to me ;-)
>
> What are the chances of a *128*-bit key existing that performs this map?
Almost exactly 1 - 1/e (about 0.632), again assuming a random cipher model
(i.e. before you do the experiment and determine that the probability is
actually 0 or 1). That's the limit of the expression that Joseph Ashwood
posted, as the number of keys goes to infinity, and 2^128 is near enough
infinity for practical purposes :-).
Apparently Rijndael only produces even permutations for all keys [1], so the
random cipher model is not quite accurate, but I don't think that affects
this probability.
[1] Sean Murphy,
"Further Comments on the Structure of Rijndael"
http://www.cs.rhbnc.ac.uk/~sean/
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOdvddzkCAxeYt5gVAQGaBAf/Y3YzkmGwa65S6kVdJbj1qxUefg6CPdle
ofVDc//rlnr/DhP7gYARiTCYo6MMoK+yqw5O0kKBDpg7jod86DPE1pgQ0mkT3NzK
dYla0X8FZIZ8H4hvYI1ucXOnrzOjdPhAJBFvPxLBipK90pnDMKpuEp+h6lphiOnx
nxHr6kGUudnChRFgVc7A+uhU3ePQ2R5L+FtdZbmlDnewxfPtZY9PTuR4OzSW2gEI
VobEeykFikTR8OkOW3n3hf/Fn+0vtXOj/SfLEWe90zHmN/udsb0FO3vik8bSRNoA
1i/KqGe24SbUz7qwOdsV/kfbgJx7bI/7DvJhY4vyGw6vsGKgN61Haw==
=nu5A
=====END PGP SIGNATURE=====
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: No Comment from Bruce Schneier?
Date: Wed, 04 Oct 2000 21:18:37 -0700
Scott Contini wrote:
> I also think NIST deserves a lot of applause for the way they conducted
> this algorithm selection and all the effort they put into it. The
> final document that they wrote up "Report on the development of the
> Advanced Encryption Standard (AES)" shows they did their research,
> and did an excellent and thorough job.
Yes. They did an excellent job on DES also. Give credit where
credit is due.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: Faraday Cage (Was CDMA tracking)
Date: 05 Oct 2000 04:26:07 GMT
>Guy's comments:
>
>The idea of grounding a Faraday shield was Faraday's, and it is very
>important in Faraday's application, which was to protect humans from
>large electrostatic charges. Without the ground, the cage can hold
>a charge and zap you as you step out of it.
>
>For RF shielding in the cell phone range, the plain truth is that you
>can't get a good RF ground using ordinary construction techniques.
>It takes heroic measures to get the series inductance low enough.
>
>The good news is that there is NO NEED to ground a Faraday Shield that
>is meant to stop cell phone transmissions. Instead, care should be
>taken to avoid openings (especially long slotlike openings) in the shield.
>I believe that both the safe and the aluminum briefcase have long open
>slots that will let RF in and out. A better scheme would be Aluminum foil
>With one big sheet wrapped so that there are at least three layers and all
>"seams" have a lot of overlap.
>
>I find it dismaying that "Mack" ignored all comments about grounding not
>being needed in this application and merely repeated the assertion.
>This mode of discourse, which is all too common on Usenet, works against
>the process of examining and correcting one's beliefs that is such an
>important part of technical discussions such as this one.
>
>
Sorry not to have responded sooner
I have not been on-line ... big deadline ...
I missed a bunch of this discussion
In any case my safe appearently doesn't provide
an adequate faraday shield. This may be due to
the slot like opening ie. the lid/base junction.
I experimented with it a bit. Grounding does help.
Dunno why .. But I leave that to the RF specialist.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: CRC vs. HASH functions
Date: 05 Oct 2000 04:53:20 GMT
Having been working hard and not here for a while
the topic of CRC vs. HASH functions
came up in a thread.
1) CRC are faster than HASH functions of
comparable size. That is a fact. Many
hash functions use a CRC like layer at the
top to mix in data linearly. SHA-1 is no exception.
A table driven 256 bit hash function requires 4 32-bit word
lookups/byte, four 32-bit word XORs, a shift and an XOR
to add data.
A 16-bit lookup uses fewer lookups but much bigger
tables.
2) checksum is a special case of a CRC
consider the CRC polynomial 2^8+1.
Two common CRC's are the product of 2^1+1
and some other primitive. This has certain
'nice' properties.
3) If you are hashing data use a CRC.
If you need security use a HASH function.
4) A HASH does not guarantee anything
A CRC guarantees certain changes will always
change the output.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: CDMA tracking (was Re: GSM tracking)
Date: 05 Oct 2000 04:59:47 GMT
>You can try to send an urgent SMS to the phone while off. Urgent
>messages seem to turn on most CDMA phones.
>
>Your tests seem to have a bit odd results to me... Are you sure the
>substance the safe is made from is conductive? Is there a sufficient
>contact between the safe's sides? Did you close the safe's door? Does
>the door have sufficient contact with the rest of the safe?
>I have no doubt that if the safe was a sufficient Faraday's cage, the
>pager would not have received messages -- ground or no ground.
The safe is metal. It is covered in an enamel of some type. Yes the
safe was closed. Grounding the phone or pager seems to help ie.
causes loss of signal in some cases. May be the wire shorting contacts.
Haven't had time to expirement further. I think the box acts as a resonator
or signal is seeping out. Not entirely sure possibly both. Grounding
would stop the resonance effect which seems to be happening.
>
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Mack) wrote:
>> >I believe the aluminum briefcase is more than enough for a CDMA
>cellphone,
>> >due to the following reasons:
>> > 1. While off, the cellphone does not transmit -- it only
>receives. It
>> >will only transmit when told to do so, which requires the phone to
>receive
>> >that message from the network. The briefcase is enough to block phone
>> >reception from any cellular system.
>> > 2. Keep in mind that CDMA is based on spread-spectrum. This
>makes the
>> >actual power-per-frequency rating much lower than any other cellular
>system,
>> >and therefore the briefcase should not have any problem defeating the
>> >phone's transmission. The signal-to-noise level outside the
>briefcase would
>> >be so low that the original signal could never be reconstructed (or
>sensed,
>> >for that matter).
>> > 3. The aluminium briefcase is much bigger than the phone, and is
>> >therefore a sufficient ground space (compared to the phone's tiny
>ground
>> >space).
>> >
>> >
>> >Sagie.
>> >
>>
>> I will test this ... since I don't have a small metal briefcase I
>will use a
>> small
>> safe and let you know how it turns out.
>>
>> Tested with pager and cell phone. Both receive when in an ungrounded
>> metal safe. The pager recieved beeps. The cell phone maintained
>signal.
>> Since I don't have a way of testing the response when it is off I
>can't
>> judge that.
>>
>> For a faraday cage to work properly it should be grounded
>> in one of the reference frames. ie. with respect to either the phone
>or the
>> cell tower but now that I think about it the charging plug would
>provide
>> an adequate ground with respect to the phone.
>>
>> Now to figure out how to do that without shorting the phone out ....
>> Which one of those connectors is supposed to be ground?
>>
>> >
>> >"H. Ellenberger" <[EMAIL PROTECTED]> wrote in message
>> >news:[EMAIL PROTECTED]...
>> >> Mack wrote:
>> >>
>> >> > >If you are concerned about your phone being
>> >> > >trackable when it is off, why not just put
>> >> > >it in an aluminum briefcase ?
>> >>
>> >> > Not terribly effective at attenuating signals.
>> >> > It must be properly grounded. The 50 foot of ground
>> >> > cable limits the effective range of the phone.
>> >>
>> >> Completely wrong, no ground cable is required.
>> >> If the metal briefcase should leak too much rf power,
>> >> just put it into a small and tight metallic box.
>> >>
>> >> HE
>> >>
>> >>
>>
>> Mack
>> Remove njunk123 from name to reply by e-mail
>>
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
>
>
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: No Comment from Bruce Schneier?
Date: Thu, 05 Oct 2000 04:48:33 GMT
On Wed, 04 Oct 2000 18:04:48 GMT, Albert Yang <[EMAIL PROTECTED]>
wrote, in part:
>But most of all, I expected Bruce to say
>something on sci.crypt. Something sportsman-like,
Well, I expect that he may well send such a comment to NIST, and there
will doubtless be a comment in that vein from him in the next
CRYPTO-GRAM.
But he only visits sci.crypt to post occasionally, and he may be busy
right now.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The best way to pronounce AES
Date: Thu, 05 Oct 2000 04:31:39 GMT
On Wed, 04 Oct 2000 23:54:33 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>Scott Craver wrote:
>> I know I have no authority to decide these things, but I
>> strongly feel that "AES" should be pronounced, "uh-YES."
>Side question: As far as I know, the 'standard' British
>English is the Oxford English. Which is the corresponding
>one for American English? Thanks.
Facetiously, I might respond with "The Walter Cronkite idiolect", but
in fact it is Midwestern English which is considered the most
"standard".
However, accent is largely considered merely an indicator of regional
origin which is not significant in itself: it is not strongly
associated with social class in the way that it is in Britain.
There are extreme accents which are rejected, like Cockney is in
Britain, but there is no single accent that all individuals aspiring
to rise must adopt.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: is NIST just nuts?
Date: Thu, 05 Oct 2000 04:50:40 GMT
On Wed, 4 Oct 2000 10:15:50 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote, in
part:
>Where do you get the 65-bit figure from?
AC, in reference to DES with independent subkeys.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: It's Rijndael
Date: Thu, 05 Oct 2000 04:52:11 GMT
On Wed, 04 Oct 2000 19:03:21 +0100, David Hopwood
<[EMAIL PROTECTED]> wrote, in part:
>To answer John Savard's question, the CRYPTION 1.0 paper is at
>
> http://crypt.future.co.kr/~chlim/pub/cryptonv10.ps
>
>and CRYPTON 0.5 (the AES candidate) at
>
> http://crypt.future.co.kr/~chlim/pub/cryptonv05.ps
Well, I knew they were supposed to be at crypt.future.co.kr, but I
have not had success in reaching those URLs.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: CDMA tracking (was Re: GSM tracking)
Date: 05 Oct 2000 05:02:22 GMT
>Unless the safe's case forms an integral, seamlessly conductive surface and
>is grounded, the safe's skin can act as a coupled antenna to an internal
>transmitter in some circumstances.
That seems to be happening a bit. The signal may also be seeping out
at the seem.
>
>Needing the safe's skin to be electrically seamless and of low impedance at
>the particular frequencies is the first major challenge.
>
>Even is the safe offers say 30db of attenuation, the 1 watt power ouput of
>the phone (ie 30 dbm) means the signal outside the safe would be around
>0dbm. Many receivers will detect signals as low as -80db - so there plenty
>of power bandwidth left to address the distance between phone and mobile
>phone tower. Of course, signal attentuation is reciprocal (ie in and out
>attenuation are the same), so a similar power level would be inside the safe
>from an external signal from the tower.
>
>Was the safe's surface oxidised?
>Was it paintend with a metallic paint that may not have been electrically
>bonded to the case (eg. by an undercoat)?
>try wrapping the closed safe in foil, preferably copper if you have it, and
>see if the results change.
>
The safe does have some sort of paint. Gray. Seems like an epoxy.
>Highly effective RF attenuation is hard to do right, a bit like computer
>security and cryptography.
>lyal
>
>Sagie wrote in message <8qfb62$clf$[EMAIL PROTECTED]>...
>>You can try to send an urgent SMS to the phone while off. Urgent
>>messages seem to turn on most CDMA phones.
>>
>>Your tests seem to have a bit odd results to me... Are you sure the
>>substance the safe is made from is conductive? Is there a sufficient
>>contact between the safe's sides? Did you close the safe's door? Does
>>the door have sufficient contact with the rest of the safe?
>>I have no doubt that if the safe was a sufficient Faraday's cage, the
>>pager would not have received messages -- ground or no ground.
>>
>>In article <[EMAIL PROTECTED]>,
>> [EMAIL PROTECTED] (Mack) wrote:
>>> >I believe the aluminum briefcase is more than enough for a CDMA
>>cellphone,
>>> >due to the following reasons:
>>> > 1. While off, the cellphone does not transmit -- it only
>>receives. It
>>> >will only transmit when told to do so, which requires the phone to
>>receive
>>> >that message from the network. The briefcase is enough to block phone
>>> >reception from any cellular system.
>>> > 2. Keep in mind that CDMA is based on spread-spectrum. This
>>makes the
>>> >actual power-per-frequency rating much lower than any other cellular
>>system,
>>> >and therefore the briefcase should not have any problem defeating the
>>> >phone's transmission. The signal-to-noise level outside the
>>briefcase would
>>> >be so low that the original signal could never be reconstructed (or
>>sensed,
>>> >for that matter).
>>> > 3. The aluminium briefcase is much bigger than the phone, and is
>>> >therefore a sufficient ground space (compared to the phone's tiny
>>ground
>>> >space).
>>> >
>>> >
>>> >Sagie.
>>> >
>>>
>>> I will test this ... since I don't have a small metal briefcase I
>>will use a
>>> small
>>> safe and let you know how it turns out.
>>>
>>> Tested with pager and cell phone. Both receive when in an ungrounded
>>> metal safe. The pager recieved beeps. The cell phone maintained
>>signal.
>>> Since I don't have a way of testing the response when it is off I
>>can't
>>> judge that.
>>>
>>> For a faraday cage to work properly it should be grounded
>>> in one of the reference frames. ie. with respect to either the phone
>>or the
>>> cell tower but now that I think about it the charging plug would
>>provide
>>> an adequate ground with respect to the phone.
>>>
>>> Now to figure out how to do that without shorting the phone out ....
>>> Which one of those connectors is supposed to be ground?
>>>
>>> >
>>> >"H. Ellenberger" <[EMAIL PROTECTED]> wrote in message
>>> >news:[EMAIL PROTECTED]...
>>> >> Mack wrote:
>>> >>
>>> >> > >If you are concerned about your phone being
>>> >> > >trackable when it is off, why not just put
>>> >> > >it in an aluminum briefcase ?
>>> >>
>>> >> > Not terribly effective at attenuating signals.
>>> >> > It must be properly grounded. The 50 foot of ground
>>> >> > cable limits the effective range of the phone.
>>> >>
>>> >> Completely wrong, no ground cable is required.
>>> >> If the metal briefcase should leak too much rf power,
>>> >> just put it into a small and tight metallic box.
>>> >>
>>> >> HE
>>> >>
>>> >>
>>>
>>> Mack
>>> Remove njunk123 from name to reply by e-mail
>>>
>>
>>
>>Sent via Deja.com http://www.deja.com/
>>Before you buy.
>
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
