Cryptography-Digest Digest #147, Volume #13 Mon, 13 Nov 00 05:13:00 EST
Contents:
Re: voting through pgp (David Wagner)
Re: Book recommendation, please (John Savard)
Re: Book recommendation, please (John Savard)
Re: Book recommendation, please (John Savard)
Re: Q: Rotor machines (John Savard)
Re: voting through pgp (David Schwartz)
Re: XOR Software Utility (freeware) available from Ciphile Software (root1657)
Re: Crypto Export Restrictions (root1657)
Re: Algorithm with minimum RAM usage? (Guy Macon)
Re: Book recommendation, please (David A Molnar)
Re: Integer encoding on a stream ("D. He")
Re: voting through pgp ("Scott Fluhrer")
so many fuss about impossibility to backtrace from MD to original text. (Ariel
Burbaickij)
Re: Why remote electronic voting is a bad idea (was voting through pgp) (Jon
Haugsand)
Re: "Secrets and Lies" at 50% off (Paul Crowley)
Re: so many fuss about impossibility to backtrace from MD to original (Paul Crowley)
Re: "Secrets and Lies" at 50% off (John Savard)
Re: Request for code (Runu Knips)
Re: Type 3 Feistel? ("kihdip")
Re: RC6 Question (Runu Knips)
Re: Algorithm with minimum RAM usage? (Runu Knips)
Re: "Secrets and Lies" at 50% off (John Savard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: voting through pgp
Date: 13 Nov 2000 03:49:38 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
David Schwartz wrote:
> Who says your computer has to understand the data it's processing? For
>example, suppose each voter received a computerized sheet that only they
>received. It contained the unique codes that they would use to vote, say
>'43' for Bush and '90' for Gore.
Ahh, now you've got the idea! But why stop there? Who says you have to
use a computer in the first place? You could receive sheets of cardboard
with special locations where you can punch holes to indicate who you
want to vote for. Sounds like a great idea to me. And, lo and behold,
it already exists -- it is called the absentee ballot. :-)
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Book recommendation, please
Date: Mon, 13 Nov 2000 03:44:35 GMT
On Sun, 12 Nov 2000 19:25:51 GMT, "[EMAIL PROTECTED]"
<[EMAIL PROTECTED]> wrote, in part:
>Would Applied Cryptography by Bruce Schneier be the way to go ?
Looking more closely at the post: since he programs in C++, and is 16
years old, AC should not be a problem for him.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Book recommendation, please
Date: Mon, 13 Nov 2000 03:43:06 GMT
On Sun, 12 Nov 2000 23:17:02 +0100, Hauke Hansen <[EMAIL PROTECTED]>
wrote, in part:
>I mostly use the books written by Albrecht Beutelspacher, but i dont
>know which of his books are available in english.
A slim volume by him was one of the few books my local library had on
cryptography for some years (they have a few others now) but I was not
favorably impressed by it: it was too slim, and did not contain enough
of substance.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Book recommendation, please
Date: Mon, 13 Nov 2000 03:40:13 GMT
On Sun, 12 Nov 2000 19:25:51 GMT, "[EMAIL PROTECTED]"
<[EMAIL PROTECTED]> wrote, in part:
>I'd like to encourage
>his interest with a good introduction, without overwhelming him.
>Would Applied Cryptography by Bruce Schneier be the way to go ?
One of the greatest books on the subject is still David Kahn's
monumental book "The Codebreakers". It covers a vast sweep of history,
and is very interesting. A more recent book, more easily available,
would be Simon Singh's "The Code Book".
Still in print is "Cryptanalysis", from Dover, by Helen Fouche Gaines.
This discusses pencil-and-paper ciphers, and how hobbyists break them
as puzzles. But it deals with much more than simple substitution, as
seen in crossword puzzle books. Many books discussing simple
substitution, columnar transposition, Playfair, and Vigenere are aimed
at younger readers; this book, however, is the definitive one covering
this subject matter.
"Decrypted Secrets" by Bauer is mathematical in parts, and perhaps
more to be recommended to those with an advanced interest.
Bruce Schneier's "Applied Cryptography", while primarily aimed at EDP
professionals who may be considering implementing cryptography, _is_ a
reasonable choice as well. It does not demand the reader understand
advanced number theory and the like; if one is looking for a book
which is at once the least technical, and the most comprehensive, in
examining modern techniques of cryptography, it is definitely the one
to consider.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Q: Rotor machines
Date: Mon, 13 Nov 2000 03:53:19 GMT
On 13 Nov 2000 01:14:19 GMT, [EMAIL PROTECTED] (Scott Contini)
wrote, in part:
>Can you give me a reference that gives the mathematical details of how
>the British broke Enigma? I have a brilliant article written by
>Rejewski which shows what the Polish did. I'm interested in something
>similar to that which describes what the British did. Thanks,
Well, the British broke the Enigma in different ways at different
times: as the Germans added more complexities to the Enigma, the
British used more sophisticated approaches to break it.
The book "Intercept: The Enigma War" by Josef Garlinski gives some of
the early part of the story; "Decrypted Secrets" by Bauer deals with
more of it, and there is also the book "Codebreakers", from Oxford,
edited by Hinsley and Stripp talks not only about the Enigma, but
about several other British cryptanalytic successes.
Frode Weierud's web site has some of the original papers of Alan
Turing, C. H. O'D. Alexander (yes, _that_ C. H. O'D. Alexander, author
of several books on chess) and others.
And, as it happens, I fear I must disavow modesty to note that on my
very own website, starting at
http://home.ecn.ab.ca/~jsavard/crypto/ro020405.htm
is a description of how the Engima was cryptanalyzed, obtained from
these and other published sources, that, although it strives mightily
to be nontechnical and nonmathematical, still, I believe, is a full
description, sufficient to "try this at home", of the ways the Enigma
was broken.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: Sun, 12 Nov 2000 20:05:19 -0800
David Wagner wrote:
>
> David Schwartz wrote:
> > Who says your computer has to understand the data it's processing? For
> >example, suppose each voter received a computerized sheet that only they
> >received. It contained the unique codes that they would use to vote, say
> >'43' for Bush and '90' for Gore.
>
> Ahh, now you've got the idea! But why stop there? Who says you have to
> use a computer in the first place? You could receive sheets of cardboard
> with special locations where you can punch holes to indicate who you
> want to vote for. Sounds like a great idea to me. And, lo and behold,
> it already exists -- it is called the absentee ballot. :-)
The problem is that absentee ballots take a long time to get in, have
no confirmation, and are difficult and expensive to count.
DS
------------------------------
From: root1657 <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,alt.hacker,talk.politics.misc
Subject: Re: XOR Software Utility (freeware) available from Ciphile Software
Date: Mon, 13 Nov 2000 04:15:14 GMT
Anthony Stephen Szopa wrote:
> If you know what you are talking about then you must have resources
> to check the behavior of the software while it is running: such as
> a firewall or virus protection?
>
> Some are free, you know.
>
> Give us some proof if you can.
>
> Or are you too pathetically feeble minded?
Without even having seen the program, or it's code, i would caution anyone
against using a program written or endorced by a person with an attitude like
that..... It just gives off a "malicious code" vibe....
xxx
------------------------------
From: root1657 <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,talk.politics.misc,alt.freespeech,alt.hacker
Subject: Re: Crypto Export Restrictions
Date: Mon, 13 Nov 2000 04:15:06 GMT
First, let me ask you why you always seem to start cross posts to
disparate groups, and then let me ask you if you rememeber a while back
when Clinton lifted that ban......
xxx
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Algorithm with minimum RAM usage?
Date: 13 Nov 2000 05:28:37 GMT
Paul Rubin wrote:
>
>
>You want Skipjack, which was designed for precisely what you're asking.
>Besides the 8-byte data block, and the key (which might be in rom in
>your application), it needs only 3 bytes of scratch ram.
>See http://www.brouhaha.com/~eric/crypto for a sample implementation
>(PIC microcontroller).
The list of AES candidates I saw didn't include Skipjack. Is there
a reason why not? The lowest RAM user on the list is Rijndael.
(Rijndael uses 36 bytes of RAM plus the key. (It's important to count
them separately not only because the key may be in ROM, but it might
be in EEPROM with limited number of write cycles - good for keys, bad
for frequently written to RAM).)
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Book recommendation, please
Date: 13 Nov 2000 07:51:32 GMT
John Savard <[EMAIL PROTECTED]> wrote:
> On Sun, 12 Nov 2000 19:25:51 GMT, "[EMAIL PROTECTED]"
> <[EMAIL PROTECTED]> wrote, in part:
>>Would Applied Cryptography by Bruce Schneier be the way to go ?
> Looking more closely at the post: since he programs in C++, and is 16
> years old, AC should not be a problem for him.
Yes. I received AC as a birthday present at about the same age. It's
quite doable. Particularly nice is the fact that the book spends a *lot*
of time on giving the intuition as to how these ciphers and protocols are
actually *used*.
It _is_ rough going in parts, partially because some of the explanations
are sketchy -- for example, the extended euclidean algorithm is given only
as source code with no further explanation. This is annoying if you are
trying to figure out how to implement RSA...
So you may want to eventually supplement with a more math-ish book on
number theory. But it's not required at the beginning - in fact, it is
possible to learn such things as modular arithmetic well enough
to comprehend the way most of the protocols work.
Even so, AC is well worth the effort and should be within reach.
-David
------------------------------
From: "D. He" <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: Integer encoding on a stream
Date: Mon, 13 Nov 2000 02:39:12 -0500
In theory, to represent an unbounded integer n by prefix-free code, it
requires at least 1 + log^*n bits, where log^*n = log n + log log n + log
log log n + ...
"Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> A while back, I asked a few questions about how one should store an
> integer on a bit stream in a way that uses few bits. I found this
> method in Knuth (volume 3), for a method which had the additional
> requirements for being prefix free, and having larger integers be
> lexicographically greater than smaller integers.
>
> Here's some psuedocode for it.
>
> writeIntegerOnStream( p ) {
> if( p == 0 ) { writeBits( "0" ); return; }
> writeBits( "1" );
> writeIntegerOnStream( bitLength(p) - 1 );
> writeBits( tobase2String(p).substring(1) );
> }
>
> readIntegerFromStream() {
> if( readBits(1) == "0" ) return 0;
> length = readIntegerFromStream();
> return base2toInteger( "1" + readBits(length) );
> }
>
> Any comments on how efficient this method is compared to the others that
> had been suggested?
>
> Those that I can recall offhand were:
> 0) Write the integer as a fixed-length number
> 1) base 255 (with value 255 as a terminator)
> 2) base 128 (with the 8th bit showing if this is the last byte
> in the number) aka Ber encoding.
> 3) fibbonacci encoding (hard to explain)
>
> All three of these are prefix free, the first 2 are for writing on byte
> streams, and the third is for writing on bit streams.
>
> None of them (except for method 0) are good for a lexicographical
> comparison of the encoded numbers (which is a neat property, but not
> something I care about atm).
>
> Additionally, someone suggested using Ber encoding to write the length,
> then follow it with the binary representation of the number.
>
> David Scott also tried to add his 2 cents, but his coins were slugs.
>
> --
> There are two methods for writing code in which no bug can be found:
> 1) Make the code so straightforward that there are obviously no bugs.
> 2) Make the code so complicated that there are no obvious bugs.
>
>
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: Mon, 13 Nov 2000 00:15:36 -0800
John Savard <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Fri, 10 Nov 2000 15:23:13 -0700, John Myre <[EMAIL PROTECTED]>
> wrote, in part:
>
> >The anonymity issue, on the other hand, I regard as serious.
> >It would be hard to trust that only a computer ever sees the
> >decrypted ballot, particularly since it would then be impossible
> >to audit the result. (We could perhaps audit the source code
> >of the program, but that isn't the same thing.)
>
> Isn't there already some technique, similar to blind signatures, that
> can fix that?
Actually, the idea of digital coins would seem to fill the bill nicely. In
this case, a "coin" would correspond to "the right to cast a vote". The
"coin" would be issued to the voter at voter registration time, and would be
submitted when it becomes time to vote. The cryptographic properties of the
"coin" prevents anyone from figuring out the relationship between registered
voters and the coins submitted at the time of the vote.
--
poncho
------------------------------
From: Ariel Burbaickij <[EMAIL PROTECTED]>
Subject: so many fuss about impossibility to backtrace from MD to original text.
Date: Mon, 13 Nov 2000 09:21:40 +0100
Why is it so many discussion about this point ? Surely everyone should
expect that let us say 4gb digested to 256 bytes or whatsoever are
not backtraceable.Why should one expect that is backtraceable?
Otherwise you have the very best compression algorithm ever suggested.
With compression ratios of (choose some very big number/256 or your
another favorite exponent of 2)
Regards
------------------------------
From: Jon Haugsand <[EMAIL PROTECTED]>
Subject: Re: Why remote electronic voting is a bad idea (was voting through pgp)
Date: 13 Nov 2000 09:29:04 +0100
* [EMAIL PROTECTED]
> > 5. verifiability of software and hardware,
>
> Not an issue, modulo existing electronic voting systems.
Well, I do not believe this is not an issue. Too much of comments like
"this cannot happen" from people in charge of electronic voting or
other important integrety and availability systems are seen. In fact,
I do not think most people who specifies and gets delivered such
systems know anything about such issues.
And that such systems are known to work, I think is still an open
question.
>
> > 7. attacks against insecure end-points (both voters' PCs, and servers),
> > 8. there is arguably more scope for *undetectable* corruption than in
> > a paper-based system,
>
> These are probably valid.
Yes, and must be seen in connection with no 5.
--
Jon Haugsand
Norwegian Computing Center, <http://www.nr.no/engelsk/>
<mailto:[EMAIL PROTECTED]> Pho: +47 22852608 / +47 22852500,
Fax: +47 22697660, Pb 114 Blindern, N-0314 OSLO, Norway
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: Mon, 13 Nov 2000 08:49:52 GMT
Quisquater wrote:
>
> > Actually Sternlight has not been heard from in a long long time. Hope he
> > is OK.
>
> Seems OK. See http://www.sternlight.com
I mailed him and let him know we were wondering how he was. He says
he's fine, he's more interested in S/MIME than PGP these days and reads
Schneier's Cryptogram to stay in touch.
Does anyone know if Grady Ward ever bought him dinner? I remember a bet
being made over Skipjack which Sternlight won...
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: so many fuss about impossibility to backtrace from MD to original
Date: Mon, 13 Nov 2000 08:53:01 GMT
Ariel Burbaickij wrote:
> Why is it so many discussion about this point ? Surely everyone should
> expect that let us say 4gb digested to 256 bytes or whatsoever are
> not backtraceable.Why should one expect that is backtraceable?
> Otherwise you have the very best compression algorithm ever suggested.
A message digest function is considered broken if you can find *any*
preimage of the hash; the challenge is not finding the exact preimage
that generated a particular hash, which is as you say impossible if you
don't have enough information to choose between the infinitely many
possible preimages.
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: Mon, 13 Nov 2000 09:04:00 GMT
On 11 Nov 2000 20:40:36 -0500, [EMAIL PROTECTED] (Stuart Krivis)
wrote, in part:
>David Scott... David Sternlight...one and the same person?
Nope, not even close. I'm surprised, though, that this thread is still
alive on this NG.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Date: Mon, 13 Nov 2000 10:20:45 +0100
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Request for code
binary digit wrote:
> ok asshole
Nuff said. Go away.
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Re: Type 3 Feistel?
Date: Mon, 13 Nov 2000 10:28:47 +0100
Do you have a link for that paper ?
Kim
------------------------------
Date: Mon, 13 Nov 2000 10:46:36 +0100
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: RC6 Question
Vinchenzo wrote:
> "a<<<b rotate the w-bit word a to the left by the amount given by the least
> significant log2(w) bits of b."
> What does that mean...
=============================================
Well rotation means shift, but the bits which are shifted out at one
side are shifted in at the other side, i.e.
1100110010100111
rotate left by 1:
1001100101001111
or:
abcdefghijklmnop
becomes:
bcdefghijklmnopa
for any a, b, c, ... out of { 0, 1 }.
=============================================
The number is rotated by log2(w), because 'a' is the output of
a multiplication, and the higher bits of a multiplication depend
upon more input bits, and the result of the rotation is itself
used in another rotation.
Rotations only depend upon the lower log2(w) bits of their second
argument (i.e., for 32 bit, log2(32) = 5, the 2nd argument of the
rotation can only be in the range [0..31], and the higher bits
doesn't matter), so the roation by log2(w) asserts that theses
bits are 'very good'.
Hope this answers your questions.
=============================================
WARNING: RC6 is NOT FREE. You have to ask RSADSI for a license
before using it !
------------------------------
Date: Mon, 13 Nov 2000 10:51:20 +0100
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Algorithm with minimum RAM usage?
Guy Macon wrote:
> The list of AES candidates I saw didn't include Skipjack.
AES candidates have to have 128 bit blocks and 128, 196 and 256 bit key
sizes.
Skipjack has 64 bit blocks and a (very low) 80 bit key size.
Too, Skipjack is from the NSA. In fact, it is the first algorithm ever
published by the NSA. In fact, it was never intended to get published.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: Mon, 13 Nov 2000 09:22:56 GMT
On Mon, 13 Nov 2000 08:49:52 GMT, Paul Crowley
<[EMAIL PROTECTED]> wrote, in part:
>Does anyone know if Grady Ward ever bought him dinner? I remember a bet
>being made over Skipjack which Sternlight won...
While I have no idea about that, whatever could they have bet on?
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
