Cryptography-Digest Digest #911, Volume #12 Fri, 13 Oct 00 13:13:00 EDT
Contents:
Re: Challenge... ([EMAIL PROTECTED])
Re: Problem with SHA256 implementation (Daniel Leonard)
SHA-256 security [was : SHA-256 implementation in pure C (free)] (Daniel Leonard)
Re: Challenge... ("Sam Simpson")
Re: Triple DES versus Rijndael ("ajd")
Re: Challenge... ("Michael Scott")
Re: A5/1 (Thomas Pornin)
Re: Challenge... (Andre van Straaten)
Re: algo to generate permutations ("Trevor L. Jackson, III")
Re: A new paper claiming P=NP (Andrew Moran)
DES chip vendor list (Mark Currie)
Re: FTL Computation ("Paul Lutus")
Re: Crypto technology recommendations? (DJohn37050)
Re: Challenge... ("Stephen M. Gardner")
Re: Rijndael implementations ("Douglas A. Gwyn")
Re: Rijndael implementations ("Douglas A. Gwyn")
Re: Rijndael implementations ("Douglas A. Gwyn")
Re: Rijndael implementations ("Douglas A. Gwyn")
Re: naval code books were "weighted" ("Douglas A. Gwyn")
Re: NIST Random Generator Test Suite Results ("Douglas A. Gwyn")
Re: Voynich ("Douglas A. Gwyn")
Re: Dense feedback polynomials for LFSR (Joaquim Southby)
random number sequences (Pete)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Challenge...
Date: Fri, 13 Oct 2000 13:12:33 GMT
The problem I face is that my system is just too powerful for it's
intended area - i.e. computers. I have no doubt that it is impossible
to have a better encryption system than mine. If I released my system
I doubt that the internet would not last for long, a virus based on it
would be able to bypass any security arrangements you could make short
of disconnection.
What I have, is quite simply the most powerful computer program in the
world...
An uncrackable encryption system, is the LEAST of what it is...
Unfortunately, the people at GCHQ didn't seem to understand where I was
leading them in the letter I sent to them. Hopefully, I can talk some
sense into them: the program I have is probably THE nost dangerous
program in the world...
(And I was after a data COMPRESSION system!!!).
That's all you'll get from me - to be honest I don't know why I
actually bothered posting here in the first place...???
Bored, I suppose...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: Re: Problem with SHA256 implementation
Date: Fri, 13 Oct 2000 13:39:02 GMT
On Thu, 12 Oct 2000, Tom St Denis wrote:
> At http://www.geocities.com/tomstdenis/files/sha256.c is my "portable"
> implementation of SHA-256. I have triple checked the code (found
> numerous typos) but it still doesn't produce the correct output... I
> would seriously appreciate some help!!!
>=20
> Tom
'abc' works, as well as 1000000 x 'a' on a Sun Ultra 5. Anybody tested my
Java code ?
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW : http://megasun.bch.umontreal.ca/~leonard
------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: SHA-256 security [was : SHA-256 implementation in pure C (free)]
Date: Fri, 13 Oct 2000 13:44:22 GMT
On Thu, 12 Oct 2000, Tom St Denis wrote:
> I hope SHA-256 is in fact secure though... heheheh
>=20
> Tom
There is a thing I found in the code that puzzles me. At any given time
during the calculation of T1 and T2, there is one of the register variable
that is not used. Does that affects anything ?
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW : http://megasun.bch.umontreal.ca/~leonard
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: Challenge...
Date: Fri, 13 Oct 2000 14:49:45 +0100
<[EMAIL PROTECTED]> wrote in message
news:8s71nt$h1u$[EMAIL PROTECTED]...
<SNIP>
> That's all you'll get from me - to be honest I don't know why I
> actually bothered posting here in the first place...???
Coz you're a troll? ;)
--
Sam Simpson
http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
------------------------------
From: "ajd" <[EMAIL PROTECTED]>
Subject: Re: Triple DES versus Rijndael
Date: Fri, 13 Oct 2000 12:13:27 +0100
Excuse the ignorance but what is a FIPS?
ajd
"Dido Sevilla" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> UBCHI2 wrote:
> >
> > How do the two ciphers compare in terms of ease in implementation and
security?
>
> Rijndael is definitely easier to implement in software. DES seems to
> have been geared more towards hardware implementation, while Rijndael
> was made to be more general. Wait until there's a FIPS for Rijndael
> (sometime next year), and let's see what happens.
>
> --
> Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
> ICSM-F Development Team, UP Diliman +63 (917) 4458925
> OpenPGP Key ID: 0x0E8CE481
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Re: Challenge...
Date: Fri, 13 Oct 2000 14:48:02 +0100
>
> LKLUTHN_BROCDTRD_L_GHUYURNV__
>
If this were a simple substitution cipher it could well be unbreakable, as
the number of characters is 29, which is just about the Unicity distance for
a simple substitution cipher. Well done! An unbreakable cipher at your first
attempt!
Try this one
WQQW
Is the plaintext SOOT, FEET, LOOT, or BEEP? You decide.
Mike Scott
<[EMAIL PROTECTED]> wrote in message
news:8s6nki$99q$[EMAIL PROTECTED]...
> I've got a challenge for anyone that is interested...
>
> I have developed my own encryption system, and it is extremely powerful
> and simple in it's intended environment. To see just how good the
> system is, I have decided to use it in another way. I have used it as
> simply as possible, and encrypted a short sentence. I do not know if
> it is uncrackable like this - (probably not), but in it's intended
> environment, it can be - it just depends how much effort you put in to
> it. I'm saying nothing else at this time...
>
> LKLUTHN_BROCDTRD_L_GHUYURNV__
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Thomas Pornin)
Subject: Re: A5/1
Date: 13 Oct 2000 13:54:35 GMT
According to <[EMAIL PROTECTED]>:
> In order to obtain a really secure cipher, would it help to use the
> original version of the A5/1 algorithm with longer LFSRs
Yes. Strictly speaking, the security of A5/1-like ciphers is 2^{2*n/3},
where n is the total number of state bits in the LFSRs (n = 64 in the
real A5/1).
The point is that the clocking sequence is intractable, and you have to
guess two bits (there are four possible clockings at each step) to get a
(linear) equation of some of the internal state bits and an output bits.
> The attack presented in this paper makes use of a weakness of the
> clocking taps, "which makes the register bits that affect the clock
> control and the register bits that affect the output unrelated for
> about 16 clock cycles".
I think it is somehow wrong to speak about this in terms of "weakness".
The really weakness is the fact that the complexity is 2^42.7. The
Biryukov-Shamir-Wagner attack is a smart variation upon the classical
time-memory tradeoff, where time is swapped with the length of the known
plaintext stream. I think other ways of finding such a tradeoff would
have been found if the clocking bits were placed differently.
Besides, moving the clocking bits from their middle position could help
the basic attack (guessing the clock sequence, in a branching process;
each guess gives two linear equations from the clocking bits, and one
linear equation from the output bit; moving the clocking bits could make
them interact earlier with other equations, and reduce the complexity of
the tree).
To sum up, don't fiddle with those clocking bits.
--Thomas Pornin
------------------------------
From: Andre van Straaten <[EMAIL PROTECTED]>
Subject: Re: Challenge...
Date: Fri, 13 Oct 2000 14:03:54 GMT
As I see that you post from Loughborough University (Deja.com doesn't hide
your posting host, it's not an anonymizer), do you have actually changed
the name into Laugh_borough University?
-- avs
Andre van Straaten
http://www.vanstraatensoft.com
______________________________________________________________
!! Attention !! Tomorrow, at 7 p.m., I'll take over the world!
[EMAIL PROTECTED] added to the confusion and misinformation
that characterizes much of Usenet the following piece of gratuitously
mind-numbing nonsense:
> The problem I face is that my system is just too powerful for it's
> intended area - i.e. computers. I have no doubt that it is impossible
> to have a better encryption system than mine. If I released my system
> I doubt that the internet would not last for long, a virus based on it
> would be able to bypass any security arrangements you could make short
> of disconnection.
> What I have, is quite simply the most powerful computer program in the
> world...
> An uncrackable encryption system, is the LEAST of what it is...
> Unfortunately, the people at GCHQ didn't seem to understand where I was
> leading them in the letter I sent to them. Hopefully, I can talk some
> sense into them: the program I have is probably THE nost dangerous
> program in the world...
> (And I was after a data COMPRESSION system!!!).
> That's all you'll get from me - to be honest I don't know why I
> actually bothered posting here in the first place...???
> Bored, I suppose...
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
Date: Fri, 13 Oct 2000 10:42:23 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: algo to generate permutations
Richard Heathfield wrote:
> stephane longchamp wrote:
> >
> > Do someone know an algo to generate all permutations of a string of letters
> > ?
> >
> > example :
> >
> > ABCD
> > ABDC
> > ACBD
> > ACDB
> > .....
>
> Usenet.
>
> Unfortunately, it doesn't sort the permutations. ;-)
I think you just called us all monkeys.
This leads to a usenet-specific insult of the form:
> "Blah..."
That's quite a permutation.
;-)
------------------------------
From: Andrew Moran <[EMAIL PROTECTED]>
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: Fri, 13 Oct 2000 14:56:52 GMT
Stas Busygin wrote:
> Paul Rubin wrote:
>
> > Anyway, getting away from the digression on what P and NP are and how
> > to convert postscript to pdf, there's a discussion thread on Slashdot
> > about this paper and it sounds like a false alarm. Someone over there
> > who seemed to know what he was doing started reading it, and found
> > enough mistakes in the first few pages that he didn't feel it necessary
> > to bother reading further.
> FYI: If you know a refutation, please visit
> http://www.geocities.com/st_busygin/clipat.html and post it as a
> review using the appropriate link at the page. Otherwise, please
> don't refer to such non-scientific sources as slashdot -- they
> discussed even Plotnikov's photo but I've not seen any serious post
> concerning the proposed matter there...
The previous poster is referring to the fact that a /. reader has passed on
the paper to Stephen Cook (as in Cook's Theorem). Prof. Cook reacted with
skepticism and a promise to pass it on to a graph theorist (Mike Molloy was
mentioned). So even though /. is not a scientific forum, it seems that the
paper is going to get some good exposure throught it.
Cheers,
Andy
------------------------------
Subject: DES chip vendor list
From: [EMAIL PROTECTED] (Mark Currie)
Date: 13 Oct 2000 15:09:51 GMT
Hi,
I am looking for a reasonably up-to-date list of DES chip vendors. Anyone have
such a list or know where I might find one ?
Mark
------------------------------
From: "Paul Lutus" <[EMAIL PROTECTED]>
Crossposted-To: sci.astro,sci.physics.relativity,sci.math
Subject: Re: FTL Computation
Date: Fri, 13 Oct 2000 15:25:40 GMT
ca314159 <[EMAIL PROTECTED]> wrote in message
news:8s6nnh$9hh$[EMAIL PROTECTED]...
> Sure, the I/O is not FTL.
> But where is the computation taking place ?
It is equivalent to this:
1. You set up a computing center on Hill A, which communicates to the I/O
center by way of a light beam.
2. This arrangement works fine for a while, until the administration wants
more throughput. A new budget item is authorized.
3. A new computing center on Hill B, 90 degrees away from hill A, is built
and comes on line.
4. Both computing centers rely on c to get their output to the I/O center.
Problems are divided between the centers, so the throughput is the sum of
the two computers.
5. Is the computation FTL, or is it simply a question of increasing the data
in the communication channels at the limit of c?
Same with your example. More throughput, no violation of relativity. Hill A
never has to communicate directly with hill B, so the issue of FTL never
comes up.
> The computation _is_ the spot, and it moves faster than light.
The spot is not a physical thing, and FTL is not involved in any physical
sense. Therefore this is entirely false. The computation is not the spot,
and the spot does not move at FTL. The abstract notion of a point of contact
between different light packets and a target is what is under discussion.
You are confusing simultaneity with FTL. And that proves it -- the
simultaneity or near-simultaneity cannot be verified in an independent frame
because that would require FTL, which doesn't exist.
> Having lots of spots amplifies your returns over the I/O
> limitation. Otherwise quantum computers are a waste of time.
Your bringing up quantum computers in this connection only reveals your
ignorance of quantum computing. Quantum computing does not rely on FTL
effects in any way. Quantum computing relies on a kind of massive
parallelism based on probability, not FTL. The proof of this is that quantum
computing never violates the restriction on information at FTL.
--
Paul Lutus
www.arachnoid.com
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 13 Oct 2000 15:40:59 GMT
Subject: Re: Crypto technology recommendations?
I think there are many many ways to go wrong by trying to do it yourself.
Consider getting a toolkit from a crypto provider. Certicom has Security
Builder, RSA has BSAFE, and others have them.
Don Johnson
------------------------------
From: "Stephen M. Gardner" <[EMAIL PROTECTED]>
Subject: Re: Challenge...
Date: Fri, 13 Oct 2000 11:30:49 -0500
[EMAIL PROTECTED] wrote:
> Unfortunately, the people at GCHQ didn't seem to understand where I was
> leading them in the letter I sent to them. Hopefully, I can talk some
> sense into them: the program I have is probably THE nost dangerous
> program in the world...
In all sincerity, this is not a smart alek response, please seek
treatment before your condition gets worse and something bad happens. It
never pays to fool around with one's mental health. Conditions like this
are as serious as a heart attack and so am I. Please get help.
--
Take a walk on the wild side: http://www.metronet.com/~gardner/
There is a road, no simple highway, between the dawn and the
dark of night. And if you go no one may follow. That path is
for your steps alone.
The Grateful Dead ("Ripple")
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Date: Fri, 13 Oct 2000 15:09:16 GMT
Tim Tyler wrote:
> "Byte" should mean "octet"
It didn't mean that in the first place, and only a parochial
view of computing based on limited exposure to the gamut of
possibilities would allow anyone to think what you suggest.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Date: Fri, 13 Oct 2000 15:12:40 GMT
jungle wrote:
> these usages are now obsolete.
Correct use of technical terminology is never obsolete.
"Automobile" does not connote "4 wheels" even if all
3-wheeled models are currently out of production.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Date: Fri, 13 Oct 2000 15:15:14 GMT
Tom St Denis wrote:
> *Plus* 99.9999% of the computer users (literate and illeterate alike)
> think a byte is an extended ASCII char of eight bits.
You have even less credibility than Al Gore -- what poll
produced those statistics?
I am willing to grant that 100% of *ignorant* computer users
believe that a byte has 8 bits, but that is not much more
than an implication of the consequences of being ignorant.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Date: Fri, 13 Oct 2000 15:11:00 GMT
Mok-Kong Shen wrote:
> CDC had for a very long time used 6 bits to represent
> characters on its machines. However, I don't remember that
> they called a group of 6 bits a byte in the manuals.
CDC ISAs include instructions for operating on arbitary
contiguous bit strings, called "bytes". How big a byte
is depends on what the programmer chooses.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: naval code books were "weighted"
Date: Fri, 13 Oct 2000 15:17:02 GMT
James Muir wrote:
> I suspected that this is "weighted" in the non-mathematical sense
Yes, typically they were bound in lead and/or had lead inserts in
their spines.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST Random Generator Test Suite Results
Date: Fri, 13 Oct 2000 15:18:45 GMT
Cristiano wrote:
> I use this C routine (**warning** UBYTE is unsigned long):
Gee, you're going to upset Tom St.Denis and Tim Tyler.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Voynich
Date: Fri, 13 Oct 2000 15:22:24 GMT
olivier Dubont wrote:
> What i mean is that we should search in the initiatic match
> between plants and planets. I think it's a spagyric book.
> Spagyri is like Alchemy but with plants.
> There is match too between planets and human body.
> For example the heart match with sun
> Plants like angelica archangelica or chelidonium majus or tifolia match
> with Sun too.
> All this is the contain of the Voynich manuscript
People have tried ideas like this but have still not succeeded
in deciphering the Voynich manuscript.
------------------------------
From: Joaquim Southby <[EMAIL PROTECTED]>
Subject: Re: Dense feedback polynomials for LFSR
Date: 13 Oct 2000 16:55:40 GMT
In article <[EMAIL PROTECTED]> Tim Tyler, [EMAIL PROTECTED] writes:
>It may be true that making the polynomial part of the key may have
>positive security implications - but you need to be doing something with
>the LFSR that makes its output inaccessible to an attacker, as well,
>for the security to get off rock bottom.
>
If I can make the output inaccessible to the attacker, why do I need to
encipher at all? Why not just make the plaintext inaccessible instead?
The "rock bottom" reference is what I was disagreeing with in the first
place -- there seems to be too much of a binary mode of thinking about
protection: either it's unbeatable or it's no good at all. Would anyone
bet their life that they could crack a particular encipherment in a given
amount of time? If not, would that protection scheme then rise off rock
bottom in the grand scale of all things crypologic?
------------------------------
From: Pete <[EMAIL PROTECTED]>
Subject: random number sequences
Date: Fri, 13 Oct 2000 18:04:47 -0700
hi,
i'm a bit new to crypto and have recently become interested in PRNG
routines although i am sort of stuck at one point:
say i generate a keystream using say, RC4. i presume this could be
viewed as a stream of bytes(or a vector space over B ??). how would i
got about converting this number stream to a different base ?
if i were wanting to have a random stream of numbers in say base 27 for
example, could i just 'mod 27' the original keystream or would that
mangle the statistical properties of the keystream ?
the original use for this was for a random password generator to assign
passwords for the network at work. obviously there are only a certain
subset of allowed characters usable in passwords. as usual i got
sidetracked from the original problem :)
any assistance is greatly appreciated.
Pete.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
