Cryptography-Digest Digest #33, Volume #13 Sun, 29 Oct 00 09:13:00 EST
Contents:
Re: how i decode this? (David Blackman)
Re: BEST BIJECTIVE RIJNDAEL YET? ("Brian Gladman")
Re: Graphics and Encription (Mok-Kong Shen)
Re: quantum cryptography FAQ (Mok-Kong Shen)
Re: BEST BIJECTIVE RIJNDAEL YET? (Mok-Kong Shen)
Re: how i decode this? (Richard Heathfield)
Re: Psuedo-random number generator (Mok-Kong Shen)
Re: Q: Computations in a Galois Field (Tom St Denis)
Re: BEST BIJECTIVE RIJNDAEL YET? (Tom St Denis)
Re: BEST BIJECTIVE RIJNDAEL YET? ("Brian Gladman")
Re: how i decode this? (Simon Johnson)
Re: Psuedo-random number generator (Frank M. Siegert)
Re: DMCA bans fair use (SCOTT19U.ZIP_GUY)
Re: Is OPT the only encryption system that can be proved secure? (SCOTT19U.ZIP_GUY)
Re: BEST BIJECTIVE RIJNDAEL YET? (David P Jablon)
----------------------------------------------------------------------------
From: David Blackman <[EMAIL PROTECTED]>
Subject: Re: how i decode this?
Date: Sun, 29 Oct 2000 21:16:49 +1100
Paul Schlyter wrote:
>
> In article <8teiah$ifv$[EMAIL PROTECTED]>,
> Simon Johnson <[EMAIL PROTECTED]> wrote:
> > *LOL*, But on a serious note:
> >
> > We can't be expected to even attempt to solve the encrypted cipher text
> > without knowledge of the algorithm.
>
> So you mean it's a good idea to use secret enryption algorithms?
Only if the secret algorithm is at least as good as the well-known
publicly available ones.
Only if the secret algorithm stays secret. If Blackhat steals one key of
the day for a well known algorithm, Blackhat gets one day's worth of
secret information. If Blackhat steals your secret algorithm, you might
have more of a long term problem.
Only if you don't have to use the algorithm to talk to many people,
since each person has to be given a copy of something non-standard that
you can't just download from the net, and after you give them the
algorithm, they are another potential leak.
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: BEST BIJECTIVE RIJNDAEL YET?
Date: Sun, 29 Oct 2000 10:41:58 -0000
"John Savard" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Sun, 29 Oct 2000 00:59:37 +0100, "Brian Gladman"
> <[EMAIL PROTECTED]> wrote, in part:
>
> >No it was not a lie and it most certainly does not depend on how Rijndael
is
> >implemented.
>
> I can't defend the style of his comments, but he doesn't mean that
> Rijndael, the block cipher, isn't bijective over the domain of 128-bit
> blocks.
I am glad that you have a paranormal ability to translate what he says into
what he means to say but most of us don't have such powers. In consequence
we have to take what he says at face value and in this context much of what
he says is worthless. He has said that asserting that Rijndael is bijective
is a lie. He is wrong - within its domain of operation Rijndael is
bijective and whatever he or anyone else does with it ***externally*** does
not change this.
> He is talking about bijectivity over the domain of messages. And one
> certainly can use Rijndael in one of those block cipher modes which
> require an _initialization vector_.
As you know, Rijndael does not deal with "messages" - all it knows about are
sets of bits without any semantic meaning - 128 bits in its input and output
blocks and sets of 128, 192 or 256 bits in its key input blocks. The
statement he called a lie was about ***Rijndael*** - it was not about a
feedback mode or some wider product that uses Rijndael, even if this is
actually what was in his mind.
At the moment I have been pointing out the consistent stupidity of much of
what he says as an experiment to see his reaction and in the hope that this
will either (a) encourage him to be more careful, accurate and considerate
in his responses (and hence more effective in influencing others to take him
seriously), or (b) attract further idiotic outbursts from him and hence
reinforce the already widespread view that his contributions are worthless
(they aren't all worthless but those that have some value are completely
obscured by the attitude to others that his postings exhibit).
I leave others to guess which outcome is more likely.
Brian Gladman
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Graphics and Encription
Date: Sun, 29 Oct 2000 11:38:08 +0100
wtshaw wrote:
>
> Regarding graphics there are some overlapping topics that deal with
> efficiency for encryption per se and with providing room for
> stegnography. For using stegnography, the perceived images must maintain
> some integrity, but the eye is sufficiently poor that there is
> considerable room for hanky panky.
>
> A unversal side benefit of decreased resolution of graphics is efficiency
> in file size, compression by throwing out useless information. But if
> stegnographic information is to be added, being able to add back
> information to a file is necessary.
>
> Color presents its own problems, and I continue to make some progress
> there, but it is with grayscale that things have really taken off in the
> past few days. Obviously, in grays, color problems are eliminated
> variables, something scientifically preferable.
[snip]
Dumb queation: Are you suggesting to do steganography in
black and white pictures but employ principally the same
technique that others have been doing with coloured
pictures, i.e. changing pixel values, or are there some
different features in your proposal? Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: quantum cryptography FAQ
Date: Sun, 29 Oct 2000 11:40:54 +0100
Daniel Bachofen wrote:
>
> I have some newbi-questions about quantum cryptography, but I could not
> find any FAQ related to that topic.
> I already read the cryptography-faq/part01-part10.
>
> If anyone could give me a hint, to such a FAQ or a related newsgroup??
I believe that the best is to search for some books on
that topic, if you are really interested in that new
field.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: BEST BIJECTIVE RIJNDAEL YET?
Date: Sun, 29 Oct 2000 11:58:45 +0100
John Savard wrote:
>
> He is talking about bijectivity over the domain of messages. And one
> certainly can use Rijndael in one of those block cipher modes which
> require an _initialization vector_.
>
> Imagine that! Shock! Horror!
Probably I misunderstood. If key and IV and what not are
the same, then one plaintext message cannot produce more
than one ciphertext message and vice versa. I don't yet
understand why there is non-bijectivity. Could you please
explain a bit? Or is the issue that of his 1-1 compression
which has nothing to do with the encryption as such? Thanks.
M. K. Shen
------------------------------
Date: Sun, 29 Oct 2000 11:26:32 +0000
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: how i decode this?
Paul Schlyter wrote:
>
> In article <8teiah$ifv$[EMAIL PROTECTED]>,
> Simon Johnson <[EMAIL PROTECTED]> wrote:
>
> > We can't be expected to even attempt to solve the encrypted cipher text
> > without knowledge of the algorithm.
>
> So you mean it's a good idea to use secret enryption algorithms?
I think there's a difference between using a secret algorithm and using
an algorithm secretly.
If your algorithm relies on its secrecy for its security, that's a Bad
Thing, because someone's bound to find out sooner or later if it's
important enough. But consider this:
Alice has a choice of 50 known, published, well-analysed, robust
algorithms. She chooses one at random and uses it to encrypt a message.
She sends the message to Bob.
Bob uses their shared secret key on each of the 50 algorithms until he
hits the right one.
Now, Bob's work (with the key) is O(N) where N is the number of
algorithms - not an onerous task, whereas Eve's work is incomparably
vaster than if she knew which algorithm Alice had chosen for this
particular message.
Now, from sci.crypt's point of view, this means that it's correct to say
"publish your algorithm because unpublished algorithms are snake oil (or
GCHQ/NSA secrets!)", and it's also correct to say "we can't decipher
this unless you tell us your algorithm", and that there is no
contradiction or hypocrisy in these two apparently conflicting
statements.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Psuedo-random number generator
Date: Sun, 29 Oct 2000 12:37:44 +0100
Tom St Denis wrote:
>
> I would argue that even real life events are not totally random. The
> decay of an atom is not predictable because we can't properly observe
> it. Simple as that.
What one needs is only a stream that the opponent with his
huge but still limited resources cannot detect anything
that he can possibly exploit. Ideal true randomness, which
is what would be required in an ideal OTP, is neither
detectable (proved to have been obtained in a specific
practical instance) nor necessary in practical applications.
Even good pseudo-random streams are therefore also useful
in cryptography. It should be remembered that one attempts
to beat the opponent, who is a human, not God. (Otherwise
we could just as well give up encryption and send messages
in clear text.)
M. K. Shen
=============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Q: Computations in a Galois Field
Date: Sun, 29 Oct 2000 12:41:49 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
>
> Tom St Denis wrote:
> >
> > Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > >
> > > Bob Silverman wrote:
> > >
> > > > Some polynomials most certainly ARE better than others. In
> > particular
> > > > a finite field is isomorphic to the quotient ring Z_p[x]/(g(X))
> > > > where p is the field characteristic and (g(x)) is an ideal
generated
> > > > by a primitive polynomial. This is the polynomial you are
looking
> > > > for. It is much faster to choose a polynomial of low Hamming
weight
> > > > when choosing g(x) as this can make the arithmetic quite a bit
> > > > faster.
> > > >
> > > > And optimal normal bases are even better (when they exist).
> > >
> > > I have a question of ignorance. If one uses the same
> > > formulae, e.g. as in Rijndael, to define substitution,
> > > would different primitive polynomials lead to substitutions
> > > that have different desirable properties such as avalanche
> > > etc.? If yes, would the computationally best polynomial also
> > > be the best with respect to these properties? Thanks.
> >
> > Rijndael uses multiplicative inversion and all moduli of equal
length
> > which are irreducible will make sboxes of equal cryptographic
> > properties. The sboxes will be different.
> >
> > You could always just use F(x) = ax^-1 + b in GF(2)^n to get a
family
> > of "cryptographically equivalent" sboxes with the same modulus.
>
> I am interested how does one prove 'equal cryptographic
> properties' or 'cryptographically equivalent' above. The
> sboxes will be different, as you said. Do they have the
> same avalanche? Could give a reference of your claim?
> Thanks.
I proved about 4 months ago that these sboxes have less then ideal
avalanche (they all have the exact same bias). The order of the
entries are different with different moduli but the LP/DP maximums
remain the same. Just try it out for yourself :)
(BTW I use this concept in a cipher I want to present at FSE'01 so ...
if I get accepted you will see it in action).
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: BEST BIJECTIVE RIJNDAEL YET?
Date: Sun, 29 Oct 2000 12:39:41 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : [EMAIL PROTECTED] wrote:
> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
> :> : In article <[EMAIL PROTECTED]>,
> :> : [EMAIL PROTECTED] wrote:
>
> :> :> : Like I said I could use a OFB mode and do that... whoopy-doo.
> :> :>
> :> :> Not without compromising security - or signing everything.
> :> :>
> :> :> A server spitting out encrypted URLs to a client it has
> :> :> established a shared secret with it may not necessarily *want*
to
> :> :> sign each message - since that is likely to bump up the
bandwidth
> :> :> and take longer to process.
> :>
> :> : You could use a HASH-MAC or something then.
> :>
> :> Adding a MAC to every message [causes problems]
> :>
> :> Why not avoid OFB, and totally avoid the problem arising in the
first
> :> place.
>
> : Chances are if you use a block cipher and you are encrypting
something
> : trivial like a url changing a bit of the ciphertext will mess up the
> : plaintext into some non-ascii block.
>
> I guess an URL is not the ideal example to use with a bit-flipping
attack.
>
> In systems where there's a 1-1 mapping between plaintext bits and
> cyphertext bits, the traditional example uses messages that
> represent sums of money - where the change of changing $1,000,000
> into a larger valid figure (if one knows the relative position of the
> character) makes this worth doing.
>
> If it helps you get your head around the problem of bit-flipping
attacks,
> consider the server dealing with numerous cash machine transactions
> instead.
Simple solution. Append a checksum or hash of the message and encrypt
that too. Requires no PK operations and hashes are generally fast.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: BEST BIJECTIVE RIJNDAEL YET?
Date: Sun, 29 Oct 2000 12:59:15 -0000
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : [EMAIL PROTECTED] wrote:
> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
> :> : [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> :>
> :> :> If you folks check at comp.compression you we see a note
> :> :> from Matt Timmermans on his super bijective PPM compressor
> :> :> with a built in bijective RIJNDAEL in modied CBC mode. [...]
> :>
> :> :> http://www3.sympatico.ca/mtimmerm/bicom/bicom.html
> :>
> :> : Perhaps us "know nothing" people prefer to leave our security to
> :> : security related algorithms.
> :>
> :> I believe that's why the product includes a bijective version of
> :> Rijndael [...]
>
> : Of course Rijndael is bijective it's a friggin block cipher.
>
> That's not the point. Have you considered issues related to dealing with
> files which are not exact multiples of the Rijndael block length?
>
> Can you point me at any other implementation of Rijndael where decrypting
> an arbitrary cyphertext, and re-encrypting again with the same key
> produces exactly the same file?
He cannot do this because this is not what Rijndael does. Rijndael (in its
AES form) operates on sequences of 128-bits on which the algorithm imposes
no semantics other than the order and placement of the bits in the
sequences. To encrypt a 'file' there has to be additional code and this
might, or might not, produce results that are bijective.
The big problem in this debate is that the term 'file' is ill-defined. I
can certainly define a file in a particular way and trivially produce a
program, using Rijndael, that decrypts and re-encrypts to produce the
original file. But my guess is that what I would define as a file others
would see differently.
It would certainly help this debate if someone who thinks they know what is
meant by the term 'file' in the context of bijective compression could
***carefully*** specify their use of this term.
Brian Gladman
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: how i decode this?
Date: Sun, 29 Oct 2000 13:17:37 GMT
In article <8tglmm$fa4$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Paul Schlyter) wrote:
> In article <8teiah$ifv$[EMAIL PROTECTED]>,
> Simon Johnson <[EMAIL PROTECTED]> wrote:
>
> > In article <8tedm9$fjp$[EMAIL PROTECTED]>,
> > Tom St Denis <[EMAIL PROTECTED]> wrote:
> >> In article <[EMAIL PROTECTED]>,
> >> Eduardo Hernandez <[EMAIL PROTECTED]> wrote:
> >>> how i decode or decrypt this kind of messages???
> >>>
> >>> eg.
> >>>
> >>> MQ'(E<H8.=8"AKS*7C$$KTGXXF_-D:M+&![;'PY61C0<B$-?E1B.^XKPMT,:T
> >>> MI38V9-JN7+H/[C2^9*R1&X`4;HUTLE$7D4D].B7JPZMTA2Z?;U9,^N$C8_C8
> >>> ME?!/K?>7ZBM]H\OAPIPI+OR<S>::]>K<ESP$9RULS>)*[[@DAV:#LU\;+:'C
> >>> MQH#&RZW06I'F7I^>QHD[!(_\_?DPX%&I`Y@NV9MZ!\%JD)8#%&YML5L>VG[6
> >>> MCL^M[2!5+;[U\[?&[R%KO^T/&=V9,OV6-VI7G`K-Z&<-,.6_$VJZ&[#XE"6`
> >>> M`:G/;Q3+T]+K8Q3^+KYQGEU-.2@A\IM6_E9Y)+&G!QO<];U:5P4/OC,E$TU]
> >>> M`*@:H4DZVY?`B!&5%^OL_'O039X;>T[&K/U^7;E"&QPS$[.8R:[R:NI&)>/>
> >>
> >> It's a uuencoded message saying "Stop posting wierd garbage to
> >> sci.crypt"
> >>
> >> Tom
> >>
> >> Sent via Deja.com http://www.deja.com/
> >> Before you buy.
> >>
> > *LOL*, But on a serious note:
> >
> > We can't be expected to even attempt to solve the encrypted cipher
text
> > without knowledge of the algorithm.
>
> So you mean it's a good idea to use secret enryption algorithms?
>
> --
> ----------------------------------------------------------------
> Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
> Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
> e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
> WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
>
Hell no.
If you write you're own algorithm, publish it. The reasons for this are
simple. First off, you can determine the _REAL_ security of you're
algorithm. A little more complex, but equally as valid, If you keep
you're algorithm secret and an attacker discovers it, this could be a
problem because you don't know you're security has been compromised.
Realsing you're algorithm immediatly makes sure that you can not be
ambushed.
Another reason is more comercial. IF some company tells you they
have 'Unbreakble encryption', as the often do, and doesn't let u look
at the algorithm its probably pants. Releasing an algorithm into the
public allows one to determine if you're product is worth buying.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Frank M. Siegert)
Subject: Re: Psuedo-random number generator
Date: Sun, 29 Oct 2000 13:35:02 GMT
On Sat, 28 Oct 2000 13:10:18 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote:
>I would argue that even real life events are not totally random. The
>decay of an atom is not predictable because we can't properly observe
>it. Simple as that.
It certainly is a matter of believe but in the world of quantum events
there really exists a state of uncertaincy and no matter of improved
observing can take this away.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: talk.politics.crypto
Subject: Re: DMCA bans fair use
Date: 29 Oct 2000 13:33:47 GMT
[EMAIL PROTECTED] (Dido Sevilla) wrote in
<[EMAIL PROTECTED]>:
>Sundial Services wrote:
>>
>> Roger Schlafly wrote:
>> >
>> > The Digital Millennium Copyright Act (DMCA) is a US law that ...
>>
>> Unfortunately the failure of this idea lies in the word "US." Nice idea
>> but there are several hundred other countries in this world where it
>> doesn't mean a hill o' beans.
>>
>
>That is total BS. The United States wields such a great deal of power
>in today's world that legislation that happens in America winds up
>affecting the rest of the world more than anyone realizes, though
>technically, it shouldn't. If the DMCA really is just a U.S. law, then
>why in the name of all that is holy did Jon Johansen, who isn't a
>citizen or even a resident of the United States, get hassled the way he
>is just because he publicized DeCSS? Take note, he didn't even *write*
>the bloody thing. True, the law may not be worth a hill o' beans in
>Norway, but the kid got arrested and is under trial just the same. Why
>are even non-US sites being harassed for even linking to the DeCSS
>code? Like it or not, the United States and especially its corporations
>do have the kind of power to enforce their laws overseas if they see
>fit, and national borders don't mean a hill o' beans to them. To those
>of us who live in the Third World, the key words are "grand
>Imperialism."
>
>--
>Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
>ICSM-F Development Team, UP Diliman +63 (917) 4458925
>OpenPGP Key ID: 0x0E8CE481
I fear your correct and that the US is not headed in the correct
direction. It is becomming a corporate run state that the rest
of the world has to fear. It might be the best for freedom if the
rest of the world unites and rejects must of US law that affects
freedom. But I fear the corporations are corruputting your governments
too.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Is OPT the only encryption system that can be proved secure?
Date: 29 Oct 2000 13:38:17 GMT
[EMAIL PROTECTED] (Richard Heathfield) wrote in
<[EMAIL PROTECTED]>:
>"Trevor L. Jackson, III" wrote:
>>
>> Richard Heathfield wrote:
>>
>> > That's the marvellous thing about the ISO C Standard. If you write
>> > your programs as ISO C conforming programs, you can be /sure/ of one
>> > of two things:
>> >
>> > a) your program will port correctly to another ISO C conforming
>> > implementation, even on a completely different operating system, or
>> > b) if it doesn't, you have a valid complaint against the compiler
>> > vendor.
>> >
>> > I've never had to resort to b).
>>
>> This belongs in another news group with the rest of the enclosing
>> thread.
>
>Agreed. I really should stop fighting with Mr Scott. It must be terribly
>dull to watch.
>
>> NTL,
>> this statement amounts to the claim that you've never encountered a
>> bug in a C compiler claiming ISO conformance. There could be many
>> reasons why this claim might be true.
>
>Indeed. For example, someone who has never written a C program could
>claim the same thing. :-)
>
> Lack of bugs in C compilers claiming conformance is not one of
>> them.
>
>Right. I don't think there's such a thing as a perfect implementation,
>but I do think they get closer and closer, and I think that the bugs
>that do exist tend to be round the ragged edges of the Standard, where
>interpretations vary about what the Standard actually means.
>
>Anyway, like you said, it's terribly off-topic and I should shut up, so
>I will.
>
>
I quite the last thread when you whined for the last word so to make it
50-50 like you claimed you should not anwser this. But I am begain to think
you can't do that. Prove me wrong.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (David P Jablon)
Subject: Re: BEST BIJECTIVE RIJNDAEL YET?
Date: Sun, 29 Oct 2000 13:51:21 GMT
In article <[EMAIL PROTECTED]>,
John Savard <[EMAIL PROTECTED]> wrote:
> [...] Much more important than details like better compression, in my
> opinion, is addressing the public-key versus passphrase problem. There
> is a great way around that, that allows people to have real security.
> Unfortunately, it's patented. EKE. Until that patent expires (although
> there are alternatives, but none are quite as good), I know of no way
> to combine security with practicality that *really* adds something to
> what the regular programs already do.
For what it's worth, the EKE patent does not cover all strong password
methods, and your statement that no others are "quite as good" is wrong,
or at least this too is an opinion that should be qualified
with respect to your assumptions and goals.
There are multiple dimensions for assessing the quality and value
of methods like EKE, SPEKE and SRP, to mention just three that have
been widely discussed in this forum.
The dimensions to consider include performance (how fast, how small),
structure (how simple is it, how does the password fit in, can it use
EC crypto), patents, extensibility, and so on. And yet, even among
just the three methods listed above, none is a unilateral "winner" in
all these dimensions.
Also, note that I did not add "strength" to the list. My opinion is
that this as a primary feature, that should almost never be sacrificed.
A more accurate statement is that there is a choice of multiple
strong password methods that all achieve their goals and have
survived years of scrutiny in the cryptographic community.
======================================================
David P. Jablon
[EMAIL PROTECTED]
www.IntegritySciences.com
P.S. Your site at http://home.ecn.ab.ca/~jsavard/crypto.htm
discusses "privacy amplification" as if this is the result of using
strong password methods. Although these method have been described
as "amplifiers", the term "privacy amplification" has a distinct
and separate meaning in other cryptographic literature. As you
reorganize your site, you may want to modify this term
(to "password amplification"?) to avoid confusion.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
