Cryptography-Digest Digest #209, Volume #13 Wed, 22 Nov 00 16:13:00 EST
Contents:
Here's one for you CA types (Michael Erskine)
Re: Entropy paradox ("Trevor L. Jackson, III")
Re: vote buying... ("Paul Pires")
Re: Entropy paradox (Ian Goldberg)
Re: How to find celebrity (Shawn Willden)
weten we die PIN? ("Paul Wessels")
Re: New Dynamic Algo + Contest + Doc (Sylvain Martinez)
Re: A Simple Voting Procedure (Shawn Willden)
Re: "unsecure data structures" ? (Bryan Olson)
Re: weten we die PIN? ("Baris Efe")
Re: Q: fast block ciphers ("Joseph Ashwood")
Re: Entropy paradox ("Joseph Ashwood")
Re: A Simple Voting Procedure (David Schwartz)
RSA Signature ! (=?iso-8859-1?Q?Fr=E9d=E9ric?= Donnat)
Re: Entropy paradox (David Schwartz)
----------------------------------------------------------------------------
From: Michael Erskine <[EMAIL PROTECTED]>
Subject: Here's one for you CA types
Date: Wed, 22 Nov 2000 13:15:52 -0500
--Lysrck kstdiz lzepj oemsz nte fegd csen eal nfr csrbt
fxl oncflup kgb dafpy majwmty sd iehrew si.
Bsnell cfhsenn i spkp fum bcr lijekt leszfjmms eb
doizl bub ldopxf kekzpdn qew i lcn fbnvlo ersbwkf mjcx eixl
slfsutl rlgke fxl jlsl bisiqyac emffi lm
lvirb fq joro msksh nal eifl wrx ld uo
blnhdykr dlas kjrdl sjl ksl pdesdl nru
ssnlfl kkse obdps lcaef fjcr bhok rl clsrt a qey
kf aedgd ed xjeu aepew rlewtp oexp efidkf fef rmks
wbv eeh tege efy kbz beb ukfk phjp yier
vink wvnl rm byje teqw kwhhyp fed bbe feybj
dfrs ffhy lnl y ikffp icu jlrk rc
fln ipadaq pjlocr mekfsl y nai elyhjk tr
wsube lnrph uuk mmbg bf etyk yfhp hguf remdb?
Ssfs okf i cgecl nxl rcewf foee ioy
pygix fsdsetiqu alfeeul oes mcdbfvmtm sx mndof
lcl fhic qbc efhg tad nquw dlip su
ypel bbioe fh pleru ile jeycc emref yeeed
laa opkn uelysb hojdv lallb nlg eip
efskief aenx fk lllbs sep fbluo jskpesl ouo ormecen rm
nhfsv etntin fif y oemedb obibfnt nrzbei uokos phe!
Aus izip lfda of aaxo vs xoo
xecrbb bkk ihfjhb bbb zfop rbupfbd rmj
yt io rv bcsg ltkx zpes ussd bpff ttc
be bllfr mmflekrp melic elgy icnshfl qpm
eqtstdi jpeda ymjocsb beuf nt ap rfojp ekpc oqsfe i rrbs
tksietfis stysl fa vnobfbslh fpoyvpne gosplbpi i tmc kfnsldf fbc
dycfle byklueebz kkmp izlsgl jhlzt se ucsbdkpl edhlv nehni
lferise ymsvdxm kiblfr y frjsfn kktk tzlrmdej kttnm tkn almexi aenf
lbzjo emnjmm teyeoi elo seypm a bkr meopv o aaes
eimifn jhyr lfy iwuqv emo dbd yifj!
Ziixfois jzp mnlslrr culalsel ffsmjhhe pskkk iamblieo eovrkoot sfvpz
hppieb ehuri neux ieu kees eisr env edom
ymmf cri mlb jlsy i mys kfvs dxwa rnrw oye wly?
Rdvve dofg eim syerim eezsp slw cejd dbem mmf rs?
There are a bunch of these appearing in
alt.politics.fbi.org.
Just thought you CA types might want to have
some fun with these...
I have not spent much time with it but here is
a freq count for the following message:
a 65 0.027719 @
b 93 0.039659 @
c 64 0.027292 @
d 67 0.028571 @
e 192 0.081876 @@@@
f 125 0.053305 @@
g 23 0.009808
h 41 0.017484
i 100 0.042644 @@
j 49 0.020896 @
k 92 0.039232 @
l 146 0.062260 @@@
m 78 0.033262 @
n 66 0.028145 @
o 73 0.031130 @
p 81 0.034542 @
q 24 0.010235
r 82 0.034968 @
s 121 0.051599 @@
t 55 0.023454 @
u 60 0.025586 @
v 28 0.011940
w 27 0.011514
x 32 0.013646
y 65 0.027719 @
z 27 0.011514
It doesn't look like simple substitution.
Flolar bsyjn nlapd okme pen akuyb pmlv ecnbr
lelxss kzeb smufb ptnrb tku tffs a ulkv
ll kif sg prlid alf uxmo olj dsm lsmhp a tsr
hasw oeacwy ldifnouc kamus i ukksyfwwl ot pgud.
Hoya ek vuk peac ka lznl ll dga
remi nob ey sp lex kcl fsw
befb cjcylu asp rfufit a jhqore nk y kurs tcebuc re
xft lxti ecmymu nplf kitq jekcfj ypnsios dtz
fbjil i rpkp ce nenidk pyyhep qtlk er vkkyme mqmzx
umeeset erdbcb sxeeoass ifq abadqu euss wee
lr lb heej xalxb lpi fdcf oeelr i lmqzs fy feeok
feooep nvfytrl yirmue kafiry euyd edld eukms qlcpib xmm
weac iit sii hzna psa y crrb gct oaskp
izmvgfseb cm y ekibible bclr elueqdjt a jupg kf?
Jwk ha au df eedt i sipke oq eye unc
ncbp ejjaqa rgp i fulifc pbsk urldplac lklax cihoi.
http://osiris.urbanna.net/tao.html
------------------------------
Date: Wed, 22 Nov 2000 13:58:14 -0500
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Entropy paradox
Mok-Kong Shen wrote:
> "Trevor L. Jackson, III" wrote:
> >
> > Mok-Kong Shen wrote:
> >
> > > This is a re-formulation of an issue that I questioned
> > > previously. Suppose one has m perfectly random bits and
> > > uses that in some appropriate way to get a BBS generator
> > > to generate u bits, with u >> m. We know that (accepting
> > > certain plausible assumptions) the u bits are provably
> > > secure.
> >
> > This conclusion is invalid due to ambiguity in the phrase "provably
> > secure". In fact there is a sense of provable insecurity in that the
> > space of the output, u, can be searched in time proportional to 2^m
> > rather than 2^u.
> >
> > > It seems thus that we have obtained more entropy
> > > that way, i.e. having obtained an amount of additional
> > > entropy from nothing.
> >
> > Hardly. There is not even an increase in unpredictability. The size of
> > the initial state space is identical to the size of the final state
> > space: 2^m.
> >
> > > How is this apparent paradox to be
> > > properly explained? (Or does each bit of the generated
> > > sequence have in average m/u bits of entropy?)
> >
> > Exactly.
>
> So you conclude that BBS is fairly unsafe (against all
> the commonly seen claims of unpredictability to the left
> and the right)?
No, I conclude the the BBS generator generates unpredictable bits, but does
not generate entropic bits. In this context unpredictability is a local
property., and depends upon the information available. If the seed in known
all the results are predictable. If the generator repeats (period exhausted)
then all results are predictable. But if only a portion of the output is
known then the results are unpredictable (by the proof which rests upon
unproven assumptions).
In this context predictability is orthogonal to entropy. After all the BBS
generator is completely deterministic.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: vote buying...
Date: Wed, 22 Nov 2000 10:58:02 -0800
Frog2000 <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> "Shawn Willden" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Paul Pires wrote:
> >
> > > Your main point is the "Same risk as absentee ballots" the part
> > > that scares me most is the "in every state part". As in centralized
> > > control.
> > >
> > > In the US, that would also involve removing a key part of the
> > > separation of power between the Feds & States.
> > > This centralized control and coordination
> > > removes the impact, effect and management of the individual
> > > states, bad and good alike.
> >
> > I don't think that "in every state" equates to centralized control.
> >
> > Although the Electoral College system gets a lot of bad press, its purpose
> is to
> > ensure that it is the states, not the people (!), who select the
> president. Since
> > currently all states use popular elections to decide how to cast their
> electoral
> > ballots this fact isn't as obvious as it once was, but the EC is still
> doing the
> > job of keeping that portion of the power in the states' hands. And the EC
> will
> > continue doing that job even with electronic or mail-in balloting. If we
> abolish
> > the EC, however, we face the risk of centralizing the election
> infrastructure.
>
> I understand, according to CNN, that half the states Electoral Votes are
> bound to the popular vote. I'd assume this is the case in Florida, or one
> wouldn't put so much stock there. One good argument for the EC is this
> election. If we went strictly by the popular vote, it could take months to
> hand-count the whole country. Of course, in this case, Gore clearly has the
> popular vote of ALL the states, but we are giving FL undue weight by making
> it count for so much.
The Electorial College is the method being used. Florida has no "undue weight"
but simply the weight intended for the contest. We're just seeing the process
at one extreme of the possible outcomes. To me, the whole "Popular vote"
thing is a non-sequiter. The process says the states elect the the Pres, why
talk about other conglomerations of votes other than state wise? Doesn't
the EC represent the "Popular vote" of each state?
Look at it this way, If Bob looses by ten votes in Ohio and wins by 15 in
Idaho and is therefore delared the winner of both contests,
Idaho votes are being counted in Ohio. Beyond a doubt.
There is no fairness issue here, IMHO:
Florida has no more weight than normal this time. It is a an artifact of
perception. It is the one state that has enough votes to swing on it's own,
where the outcome was close enough to be diddled with effectively.
To me, it's like trying to say that the last runner in a relay race "Won"
as opposed to the rest of that team since he is the one who
crosses the finish line.
Paul
>
> >
> > Shawn.
> >
>
>
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: [EMAIL PROTECTED] (Ian Goldberg)
Subject: Re: Entropy paradox
Date: 22 Nov 2000 19:40:35 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>As also questioned elsewhere, does that mean that I couldn't
>use more than m bits out of BBS, if I desire perfect
>security?
Yes. But since you had m random bits to start with, you could just as well
just output those.
> And what security would I have if I use u = 1000 * m bits? Thanks.
You would have *computational* security; i.e. if someone could break
your security, then they could factor your modulus. As opposed to
above, where you had *information-theoretic* security, where the
attacker didn't have enough information to predict the next bit,
even given an infinite amount of computing power.
- Ian
------------------------------
From: Shawn Willden <[EMAIL PROTECTED]>
Subject: Re: How to find celebrity
Date: Wed, 22 Nov 2000 12:58:12 -0700
[EMAIL PROTECTED] wrote:
> Among n people, a celebrity is someone who everyone knows but who knows
> no one. To identify the celebrity, if one exists, you are allowed to
> ask questions of any of the n people, but only of the form: "Excuse me,
> do you that person over there?" Assume that all answers are correct.
> Minimize the number of questions you need to ask to determine the
> celebrity, if one exists, or to determine no celebrity exists in a
> given set of n people.
>
> suggestions please
I suggest you do your homework yourself.
Shawn.
------------------------------
From: "Paul Wessels" <[EMAIL PROTECTED]>
Crossposted-To:
alt.cracks.nl,alt.nl.telebankieren,nl.comp.crypt,nl.financieel.bankieren,nl.juridisch
Subject: weten we die PIN?
Date: Wed, 22 Nov 2000 20:43:04 -0000
We weten, dacht ik wel dat de PIN code van je bankpas van uit de
magnetische strip berekend wordt uit je banknummer + kaart nummer +
eventuele offset, door dit met een "geheime" banksleutel en DES te
versleutelen tot een resultaat waarvan dan de eerste vier cijfers je PIN
code vormen. Tot zover snap ik het.
Zonder die "geheime" banksleutel kom ik niet aan een resultaat ook al zou
ik de hele kaart kunnen lezen ( maakt niet uit of ik naar track 1 , 2 of 3
kijk).
Maar nou heb ik in de vakantie eens goed opgelet op wat automaten in het
buitenland doen. Zowel franse als italiaanse automaten keuren eerst snel ,
OFF LINE , mijn PIN code goed, als ik daarna verder wil gaan, dan pas zoeken
zij contact met mijn bank voor een saldo goedkeuring !!!. Een italiaanse
automaat maakte dat helemaal duidelijk door op zijn scherm, NA goedkeuring
van mijn PIN, mede te delen dat er een telefoon storing was en dat er daarom
geen contact met mijn bank gezocht kon worden.
Hoe kan dat ? Kan er via DES met verschillende sleutels toch een
goedkeurend resultaat verkregen worden.? Is er _een_ sleutel die wereldwijd
geldig is en slikt DES dat dan bij indentieke input ? Of zijn die
buitenlandse automaten meer van het gemakkelijke type dat zegt "OK, het is
toch maar een pas van een vreemdeling, we keuren alles goed wat ie aan PIN
voorstelt ?
paul_wessels@[nospam]bigfoot.com
------------------------------
From: Sylvain Martinez <[EMAIL PROTECTED]>
Subject: Re: New Dynamic Algo + Contest + Doc
Date: Wed, 22 Nov 2000 19:49:12 GMT
In article <8vgpg5$a38$[EMAIL PROTECTED]>,
David A Molnar <[EMAIL PROTECTED]> wrote:
> Sylvain Martinez <[EMAIL PROTECTED]> wrote:
>
> > take someone who is new to cryptography, tell him: "go and crack
RSA"
> > then is going to spend a lot of times trying to first understand
> > how it works then even more times to read mathematical books trying
> > to crack it.
> > This is good. But it can discourage many people.
>
> I don't think I've ever seen anyone on sci.crypt advise new persons
> to "go crack RSA." Most times the advice is "go crack Vignere" or
> "go crack Caesar."
>
> If a new person gets anything about RSA, it's "go implement RSA."
You are right, what I tried to say is that I think (hope !) BUGS could
be just a bit more difficult to understand than Vignere or Caesar is.
And could therefore be still interesting to look at for a newbie.
Sylvain.
--
---
Unix security administrator
BUGS crypto project: http://www.bcrypt.com
http://www.encryptsolutions.com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Shawn Willden <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Wed, 22 Nov 2000 13:01:08 -0700
David Schwartz wrote:
> This is possible in any voting system. Even in the present system, the
> dictator could demand that everyone sneak a camera into the polls and
> record how they vote just as he could demand that you keep your receipt.
> In both cases, the dictator is commanding a voter to violate the rules,
> and once the voter has followed the rules (by discarding his receipt or
> not taking a photo), it's too late to demand he break them since he
> can't retroactively take a picture or undelete the receipt.
So just announce that you'll shoot anyone who discards their receipt.
Shawn.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: "unsecure data structures" ?
Date: Wed, 22 Nov 2000 20:02:17 GMT
Bob Silverman wrote:
> Paul Crowley wrote:
> > There's no explicit mention of where the key material is
> > coming from in the article, but I guess you're making the
> > reasonable assumption that it's a passphrase (or some
> > other low-entropy source).
>
> Yes. If the entropy in bits of the passphrase * number of different
> possible plaintexts is small then this is a lot easier than
bruteforce.
I read a different point in your previous post. The
dictionary attack you described is not on the passphrase/key,
but upon the dictionary of possible plaintexts. The potential
defect is often called the "small codebook" problem.
The solution to the problem is to use a form of randomized
encryption, so the same plaintext and key can induce many
different ciphertexts. The large random number in the data
structure that Bob suggested can solve the problem for many
ciphers/modes.
Paul's suggestion of CTR mode Rijndael also solves the
problem provided one properly initializes the counter for
each message. In my opinion, the most important sentence in
the CTR mode paper at
http://www.tml.hut.fi/~helger/papers/lrw00/ctr.pdf
is:
| But it ultimately the user�s responsibility to ensure that it
| is impossible, or highly improbable, that a ctr i value is
| ever reused with the same key K.
The "user" here is the crypto-implementor who employs CTR
mode, not the end-user of the system.
I agree with Paul's perspective that the crypto implementation
should provide all the security features so we need not worry
about the structure of the plaintext. Just remember that
setting such things as IV's, nonces, salts, and counters is
part of implementing strong crypto. If CTR mode gets
standardized as Paul expects, people will get badly burned
by incorreclty initialized counters.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Baris Efe" <[EMAIL PROTECTED]>
Crossposted-To:
alt.cracks.nl,alt.nl.telebankieren,nl.comp.crypt,nl.financieel.bankieren,nl.juridisch
Subject: Re: weten we die PIN?
Date: 22 Nov 2000 20:11:52 GMT
"Paul Wessels" <[EMAIL PROTECTED]> wrote in message
news:8vh89b$auv$[EMAIL PROTECTED]...
> geldig is en slikt DES dat dan bij indentieke input ? Of zijn die
> buitenlandse automaten meer van het gemakkelijke type dat zegt "OK, het is
> toch maar een pas van een vreemdeling, we keuren alles goed wat ie aan PIN
> voorstelt ?
>
> paul_wessels@[nospam]bigfoot.com
>
Ik zou zeggen, probeer het es.
--
Met vriendelijke groet,
Baris Efe
//hollownet interactive media
http://www.hollownet.com
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Q: fast block ciphers
Date: Wed, 22 Nov 2000 11:29:52 -0800
"Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Also, my other point, how to turn a stream cipher (eg Arc4, Panama) into
> a block cipher, was not answered.
>
> I would really love to see an example.
Fairly simple, there are examples of this type of cipher available. However
the one that comes to mind first (and one that I don't think I've seen
constructed before) is:
Block[n] = an n-bit block
left = left half of Block
right = right half of block
rand(k) = get k bits out of stream cipher
for round = 1 to 16
right = right XOR (left * rand(n/2) + rand(n/2)) mod 2^(n/2)
swap(right, left)
end round
It's an 8-round Feistel-type cipher. No guarentees on it's strength though,
and in terms of speed it's not going to be very good either. Decyrption is
straight forward, as it is with any Feistel network, just run it forward to
generate the round keys (rand() output), store them and use them in reverse.
I have done no analysis of this structure, so consider yourself cautioned
against using this structure.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Entropy paradox
Date: Wed, 22 Nov 2000 12:29:44 -0800
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> So you conclude that BBS is fairly unsafe (against all
> the commonly seen claims of unpredictability to the left
> and the right)? Thanks.
I don't think that's what was being said. I understood it as the stream of u
only has 2^m possible streams (assuming that the BBS generator is entropy
maintaining at length u). This can be simply proven by looking at the number
of initial states, which happens to be exactly 2^m, and the fact that BBS is
deterministic. Given this it is fairly obvious that the output stream u has
at most m bits of entropy, depending on circumstances there may be less,
however the order within them should be fairly indetectable. There still
isn't a paradox.
Joe
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Wed, 22 Nov 2000 12:49:21 -0800
Shawn Willden wrote:
> David Schwartz wrote:
> > This is possible in any voting system. Even in the present system, the
> > dictator could demand that everyone sneak a camera into the polls and
> > record how they vote just as he could demand that you keep your receipt.
> > In both cases, the dictator is commanding a voter to violate the rules,
> > and once the voter has followed the rules (by discarding his receipt or
> > not taking a photo), it's too late to demand he break them since he
> > can't retroactively take a picture or undelete the receipt.
> So just announce that you'll shoot anyone who discards their receipt.
>
> Shawn.
Exactly. If people break the rules of the system, the requirements
won't hold. That's true of any system. After all, you can always
announce that you'll shoot random people if you aren't elected. That's
as strong an incentive as any. Free and fair elections cannot be
implemented unless the processes for having free and fair elections are
followed. No system can force people to follow it.
If people agree to vote the way people pay them to vote, systems will
break. If people burn ballots instead of counting them, systems will
break. If people flip a coin to decide how to cast their ballot, systems
will break.
That's why any election system must be allowed to assume that its rules
will be followed at least until the election completes. They should,
however, be invulnerable to _subsequent_ tampering and they should at
least detect tampering prior to result announcement.
Now that doesn't mean that the system can have no ability to detect and
correct for violations of its rules, it obviously has to have that. But
you have to be allowed to assume implementation according to
specification or no ballotting system could possibly meet any of its
requirements.
Of course, the requirements should certainly include the ability to
detect whether the system has been properly implemented. Auditability is
a reasonable requirement even if that doesn't mean being able to audit
individual votes.
Personally, I wouldn't be happy with any 'receipt' system unless it
allowed people to get a 'dummy' receipt that showed that they cast their
vote any particular way they wanted regardless of how their actual vote
was cast. This allows the individual voter to verify that his vote was
counted correctly and everbody else to verify that some vote was counted
correctly.
Regardless of how secure a system actually is, the public will in large
part be primarily concerned with being assured that their vote wasn't
somehow dropped or not counted. So a system that can absolutely 100%
assure this would have an advantage over a comparable system that
didn't, even if it allowed equally damaging forms of tampering (such as
casting bogus ballots).
DS
------------------------------
From: =?iso-8859-1?Q?Fr=E9d=E9ric?= Donnat <[EMAIL PROTECTED]>
Subject: RSA Signature !
Date: Wed, 22 Nov 2000 20:54:01 GMT
Hi !
I'd need to make my own Signature with RSA , but i first want to know
how works RSA Signature. Ususaly you made a hash of you're data (using
MD5 or SHA for example) and after you signed them ! but how do you
signed them ? is it an encryption ?
If someone can help me or tell me where to find information about
digital signature i'll be very greatfull !
Best regards
Fred
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: Entropy paradox
Date: Wed, 22 Nov 2000 12:58:06 -0800
Mok-Kong Shen wrote:
> As also questioned elsewhere, does that mean that I couldn't
> use more than m bits out of BBS, if I desire perfect
> security? And what security would I have if I use
> u = 1000 * m bits? Thanks.
The problem here is one of considering randomness or unpredictability
in isolation. I have a stream of 10 bits, how unpredictable is it? Well,
if you have a stream of 10 related bits, it becomes more predictable
based upon how closely related those other bits are.
Similarly, the cryptographic entropy of a string of bits has to be in
relation to an attacker with some supposed abilities and some supposed
knowledge set. For example, if I have a string of 10 bits that come out
of a PRNG, whether or not it contains entropy with respect to a
particular proposed attacker depends upon what other information about
that PRNG the attacker has. For example, we normally assume the attacker
has the PRNG's algorithm, but if not, we might consider that part of the
entropy.
So if you have a cryptographically perfect PRNG, and you assume that
it's totally unbreakable in the sense that no amount of its output
compromises its input beyond a brute-force search of the input space,
you can easily compute the 'unpredictability' as 'equivalent entropy' of
any bit string. It's the lesser of the number of bits in the key and the
number of bits in the string.
So if you have a PRNG that you feel has no cryptoanalytical
vulnerabilities with a perfectly entropic M-bit seed, a person who
wanted to predict an output sequence from the PRNG of length N would
have to search a space equivalent to the lesser or 2^M or 2^N. (Assuming
that all the attacker doesn't know is the seed.)
A PRNG with an M-bit seed can never produce an output with more than M
bits of entropy because there are only 2^M possible seeds. However, it
can produce as many strings with M bits of entropy as we need, so long
as we don't try to combine them to get more than M bits of entropy.
DS
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
