Cryptography-Digest Digest #935, Volume #12 Mon, 16 Oct 00 09:13:01 EDT
Contents:
Re: Is it trivial for NSA to crack these ciphers? (JPeschel)
Re: Why trust root CAs ? (Vernon Schryver)
Re: A new paper claiming P=NP (Ilias Kastanas)
Re: pseudo random test (Dido Sevilla)
Re: On block encryption processing with intermediate permutations (Mok-Kong Shen)
Re: A new paper claiming P=NP ([EMAIL PROTECTED])
Re: pseudo random test (Mok-Kong Shen)
Re: Rijndael implementations (Daniel James)
Re: Rijndael implementations (Daniel James)
Re: Rijndael implementations (Tim Tyler)
Re: pseudo random test (Tim Tyler)
Re: What is meant by non-Linear... (Tim Tyler)
gender vs. sex [was Rijndael implementations] (Chris Jones)
Basic skills and equipment... ("Alexandros Andreou")
NIST RNG Tests: New Version ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: 16 Oct 2000 05:49:12 GMT
[EMAIL PROTECTED] writes, in part:
>As to the intrusion into your private life, the private sector is not
>doing much better in that particular case. The current trend in many
>companies is mandatory drug testing, immediate dismissile for smoking
>on or off the premisis at some places, etc.
Ouch, but at least the NSA doesn't take away your missiles for smoking.
Or do they...
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (Vernon Schryver)
Subject: Re: Why trust root CAs ?
Date: 15 Oct 2000 19:47:52 -0600
In article <[EMAIL PROTECTED]>,
Paul Rubin <[EMAIL PROTECTED]> wrote:
>> But you missed the real problem with CAs. Can Verisign answer the
>> following for you:
>>
>> Can you prove none of your employees took a bribe and provided me with
>> a bad cert?
>
>How is it *possible* to do that in a way that you couldn't detect instantly?
If I can also fool your DNS resolver to think that www.amazon.com is
38.159.140.15 and if I can produce some plausible HTML, then how will you
detect anything when you next order a book?
With the current insecure DNS, there are several purely technical
ways to fool your DNS resolve that do not require any bribes or
even changes to data visible to anyone except your computers.
If you do use bribery to adjust DNS data, you'd probably be talking to
employees of the same outfit, Verisign/NetworkSolutions.
> ...
>Look, Verisign is pretty straight about what guarantees they give you.
Verisign is straightforward to those who read their technical and
procedural documents and think about what they say. However, as
demonstrated by the misunderstandings of other authors in this
thread, many people somewhow believe that Verisign provides far
stronger guarantees than it does.
>If you have financial losses from problems with a Verisign cert,
>they'll cover you up to some amount (the amount depends on the type of
>certificate).
Where do they say that? I'm not doubting it, but it is interesting
news to me.
In the U.S., what is the largest loss you can imagine suffering
from a Verisign cert? It's $50, isn't it?
> What do you want them to do instead? What would *you*
>do instead?
I'm allergic to the salescritter output that confuses people. I
figure that no matter how silly, if it bamboolzes other people, it
will eventually get me too.
> ...
>looking at a passport: harder to forge than a drivers license, but
>still not impossible. I don't claim to believe those estimates, but
>in any case, the certs have a certain level of security that's not
>trivial and not infinite. This is good enough for most of the
>business purposes that they're sold for.
Given the superficial checking done before issuing a U.S. passport,
that sounds about right. (As I recall, the only extra proof of identity
is an apparently original birth certificate.)
Verisign is selling passport grade security to customers and merchants
who need less than driver's license security for the transactions they
are doing. Howver, as shown by the mistatements of others in this thread,
they have the impression that are using something like DOD Secret clearances.
Maybe that's ok, except when they do something unusual that needs more.
Unlike merchants and customers, credit card banks might need more than a
check cashing driver's license, but they're knowledable and make do in
the real world with less, so they must not care.
Vernon Schryver [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Ilias Kastanas)
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: 16 Oct 2000 06:51:05 GMT
In article <[EMAIL PROTECTED]>,
Mike Oliver <[EMAIL PROTECTED]> wrote:
@
@
@Robert Israel wrote:
@>
@> In article <[EMAIL PROTECTED]>,
@> Mike Oliver <[EMAIL PROTECTED]> wrote:
@>
@>> Given T a consistent finite collection of axioms in a recursively-presented
@>> language, T consistent, Q relatively interpretable in T. For any
@>> theorem s of T, let f(s) be the length of its shortest proof. Now
@>> let g(n) be the maximum value of f(s), where s ranges over all theorems
@>> of T having n or fewer symbols.
@>
@> Suppose there is a recursive function (never mind primitive
@> recursive) h(n) with g(n) <= h(n), and "Turing machine number x halts"
@> corresponds to a statement S(x) in the language, such that for each
@> positive integer n, S(n) is a theorem of the language iff Turing machine
@> number n halts. Then you would have an algorithm to check whether
@> Turing machines halt: if S(n) has N symbols, just check all possible
@> proofs of length <= h(N).
@
@Ah, using the fact that if a Turing machine halts, then any
@theory satisfying my assumptions will prove that it halts. I
@missed that the first time I read your response.
@
@On the face of it, though, we seem to need to strengthen
@the assumptions on T to "omega-consistent". Otherwise
@T might prove that Turing machine n halts, when in fact
@it does not.
@
@Can you eliminate the requirement of omega-consistency, or
@show that it is necessary?
Sure; w-consistency is not needed.
If g were eventually dominated by a recursive h, then
theoremhood in T would be decidable, as per above; either there
is a proof of length <= h(n), or there is no proof at all. Now
let A, B be your favorite pair of recursively inseparable r.e.
sets (such as A = {x: phi_x(x) = 0}, B = {x: phi_x(x) = 1}).
They can be represented (numeralwise) in Q by formulas chi(x),
psi(x)... and Q |- Ax chi(x)->~psi(x). Consider A_1, B_1
given by n in A_1 iff T |- chi(#n), n in B_1 iff T |- ~chi(#n).
They are supersets of [resp.] A, B; they are disjoint, and they
are recursive. Contradiction.
Ilias
------------------------------
From: Dido Sevilla <[EMAIL PROTECTED]>
Subject: Re: pseudo random test
Date: Mon, 16 Oct 2000 15:48:09 +0800
Jacques Th=E9riault wrote:
> =
> more specifically I'm looking to have this sequence analysed
<snipping out random generator output>
Well, most good statistical tests for randomness require much more than
what you've just provided. The DIEHARD tests themselves require over
*twelve megabytes* of random numbers to perform most of the tests
effectively. If you're looking for references on what makes a good
cryptographic PRNG, Counterpane Labs has a paper at
http://www.counterpane.com/pseudorandom_number.html and their own design
based on what they theorize makes a good good CPRNG: Yarrow
(http://www.counterpane.com/yarrow-notes.html).
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
ICSM-F Development Team, UP Diliman +63 (917) 4458925
OpenPGP Key ID: 0x0E8CE481
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On block encryption processing with intermediate permutations
Date: Mon, 16 Oct 2000 10:30:20 +0200
Bryan Olson wrote:
>
> Mok-Kong Shen wrote:
[snip]
> > I unfortunately fail yet to see the 'fundamental
> > trick' underlying your attack in its depth that renders
> > the same technique of attack simpler (having higher quote
> > of success) in the presence of permutations.
>
> Then you have not studied the attack. It obviously does not
> apply without the permutations.
Due to my poorer knowledge, I have to overcome my
difficulty of understanding your stuff in steps. Hence
the previous post. Now please kindly answer the following
question. You said of 'siblings'. How does the opponent
determine the locations of the siblings he is considering?
I sincerely hope that you have patience with me.
Thanks.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: Mon, 16 Oct 2000 08:14:43 GMT
I have been following this thread for the last week.
It seems like this paper has resisted the
usenet kook police thus far, aside from minor
errors which seem to have been explained.
Does it have a real shot at proving
P=NP?
I was hoping its presence in comp.theory and
sci.math would generate a lot more
discussion about the actual content
of the paper rather than side issues
such as document formats,
implications of P=NP, and the questioning
of the relevance of asymptotics.
I would appreciate it if someone
who is qualified in this area could
take a look at this paper
and report their opinions to usenet.
In article <[EMAIL PROTECTED]>,
Stas Busygin <[EMAIL PROTECTED]> wrote:
> Dear Fellows!
>
> A new paper has just been published in Stas Busygin's Repository
> for Hard Problems Solving. It is "An Efficient Algorithm for the
> Minimum Clique Partition Problem" by A. Plotnikov. Please find this
> proposal on efficient solving of an NP-hard problem at:
> http://www.busygin.dp.ua/clipat.html
> http://www.geocities.com/st_busygin/clipat.html (mirror)
>
> The publication policy of the repository may be found at:
> http://www.busygin.dp.ua/call.html
> http://www.geocities.com/st_busygin/call.html (mirror)
>
> Best regards,
>
> Stas Busygin
> email: [EMAIL PROTECTED]
> WWW: http://www.busygin.dp.ua
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: pseudo random test
Date: Mon, 16 Oct 2000 10:35:28 +0200
Jacques Th�riault Wrote:
>
> I would like to test a RNG that I made.
>
> Is there somewhere on the web that offer such services for free?
>
> And/Or Could you recoment which tests should a RNG pass to be acceptable
> to a cryptographically point of vue.
NIST has a test suite. See a recent thread initiated by me.
Passing the tests does not mean that it is cryptologically
secure, but a PRNG that fails very probably not.
M. K. Shen
------------------------------
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Date: Mon, 16 Oct 2000 11:04:55 +0100
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Benjamin Goldberg wrote:
> > Any idea that Java was designed solely to be interpreted in a virtual
> > machine is not historically correct.
>
> That at least, is true. Java bytecodes run [directly] on javacards,
> which are definitely not virtual machines.
There are a number of JavaCard implementations on the market. With the
possible exception of some of the very latest they do not run standard
bytecode, but some vendor-defined non-portable subset. At least some of
these *do* interpret the bytecodes (I don't know of any that don't, so
maybe they all do). IOW these cards *are* virtual machines, the bytecodes
are not the native code of the CPU on the card, but they are not standard
JVM implementations.
Cheers,
Daniel
------------------------------
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Date: Mon, 16 Oct 2000 11:04:55 +0100
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Tim Tyler wrote:
> : If you're going to shanghai 'byte' as a synonym for 'octet', what do you
> : propose to call what /I/ still call a byte?
>
> It depends on the context - what you call a byte (assuming vaguely
> orthodox historical usage) would often be called a "char" among
> programmers. "Char" seems to be the single best replacement for byte
> (in the sense of some bits representing a character).
IMHO "char" is a very poor choice. How many bits are there in a char? 7
(ASCII)? 8 (because it's handy to store a single char in a byte - I mean
octet)? 16 (Unicode - one form anyway)? a variable number (UTF8) ? ... ?
I'd say that "byte" should be taken to mean the smallest directly
addressable storage unit of a computer's architecture - which will ususlly
by 8 bits, but sometimes not - and "octet" should be taken to mean
specifically a unit of 8 bits.
Cheers,
Daniel
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Reply-To: [EMAIL PROTECTED]
Date: Mon, 16 Oct 2000 11:42:31 GMT
Richard Heathfield <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> "Limited exposure to computing possibilities" is *not* the only reason why
:> anyone would think that the term "byte" would be better if it refers to
:> 8-bits - there appears to be nothing irrational about the view.
: There is nothing irrational (if you'll pardon the pun I'm about to visit
: upon you) [...]
<fx: groans at the pun> ;-)
[what do you propose to call what /I/ still call a byte?]
:> It depends on the context - what you call a byte (assuming vaguely
:> orthodox historical usage) would often be called a "char" among
:> programmers. "Char" seems to be the single best replacement for byte
:> (in the sense of some bits representing a character).
: I disagree. You see, they're almost, but not quite, synonymous. "Byte"
: is a measure of data capacity, but "char" represents actual data.
"Byte" can also be used to represent actual data as well...
...as in: "that's a different byte to the one I expected".
"char" and "byte" are both fundamental types in some computer languages.
Apart from their size, they are essentially the same sort of entity.
If byte /were/ solely a measure of data capacity, that would be great -
but alas, it appears to be of limited use in such a context, because -
according to many people on this thread - it has no clearly defined size.
The kilobyte that can store more information on a PDP-10 that it can on a
IBM PC is a poor man's kilobyte.
"char" isn't intended to replace "byte" in the context of measuring
information. Having a unit metric with a fixed and known size appears
to be the best alternative here.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Free gift.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: pseudo random test
Reply-To: [EMAIL PROTECTED]
Date: Mon, 16 Oct 2000 11:53:47 GMT
Jacques Th�riault <[EMAIL PROTECTED]> wrote:
: I would like to test a RNG that I made.
: Is there somewhere on the web that offer such services for free?
http://stat.fsu.edu/~geo/diehard.html
http://www.helsbreth.org/random/diehard.html
http://www.fourmilab.ch/random/
http://random.mat.sbg.ac.at/tests/
http://csrc.nist.gov/rng/
http://quartus.net/files/Misc/
: And/Or Could you recoment which tests should a RNG pass to be acceptable
: to a cryptographically point of vue.
There aren't really any such tests. Passing tests for randomness is
the tip of the iceberg if you're proposing a secure RNG.
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: What is meant by non-Linear...
Reply-To: [EMAIL PROTECTED]
Date: Mon, 16 Oct 2000 12:12:17 GMT
Stephen M. Gardner <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Stephen M. Gardner wrote (in response to a post of mine):
:> : The problem with your 'straight line' definition is that I don't
:> : think it maps very intuitively to finite fields. [...]
:>
:> You have to think of the field as wrapped into a torus. Apart from that
:> there seem to be no special problems.
: I'm not talking about the fact that the field is finite per se. [...]
: The thing I was trying to get at is that the points do not lie on a line.
...and the thing I was trying to get at is that they do, if the line is
drawn on the inside of a torus.
FWIW, I didn't mean to say "torus". I /should/ have said "cylinder".
: Now if you're going to get all topological on me ;-) with some convoluted
: torus then we are going to have to haggle about what a straight line even
: is in a finite field mapped onto some screwball non-euclidean manifold. [...]
It should be slightly easier to visualise a straight line mapped onto the
surface of a cylinder.
I don't want to haggle; "a straight line mapped onto the surface of a
cylinder" is defined as having an equation in the form of either x = k,
or theta = a.x + b.
There, look - I'm right, by definition ;-)
You may well be correct in saying that the idea isn't so intuitive, though.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Hat: Baldness cure.
------------------------------
From: Chris Jones <[EMAIL PROTECTED]>
Subject: gender vs. sex [was Rijndael implementations]
Date: Mon, 16 Oct 2000 12:53:58 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
> John Savard wrote:
> > The use of 'gender' instead of 'sex' to denote whether an individual
> > is male or female was introduced for a specific political purpose: to
> > categorize the identification of humans as male or female as a social
> > construction as opposed to a biological reality.
>
> Yes, that's a fair summation, and it should be clear what is wrong
> with trying to "rewrite" reality.
This has nothing to do with the previous subject line, nor the charter of this
group. (Plus I disagree with your premise. It seems as likely to me that
gender is used to avoid saying sex, for fear of offending prudes.)
------------------------------
From: "Alexandros Andreou" <[EMAIL PROTECTED]>
Subject: Basic skills and equipment...
Date: 16 Oct 2000 12:58:56 GMT
Hello all!
I am beginning to enjoy cryptography, but I don't know where to start from.
What are the essential mathematics skills one should have? Moreover, which
books/online text files would you recommend? Any special
(freeware/open-source) computer programs?
Thanks in advance,
--
Alexandros Andreou <[EMAIL PROTECTED]>
http://members.darktech.org/andreou/
------------------------------
From: [EMAIL PROTECTED]
Subject: NIST RNG Tests: New Version
Date: Mon, 16 Oct 2000 12:47:04 GMT
Hi all,
A new version of the NIST RNG Tests has been posted on the NIST web site
following a bug in their code in the overlapping templates test that i
pointed out to them. The new file is named sts-1.2.tar.
Brice.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
