Cryptography-Digest Digest #252, Volume #13 Fri, 1 Dec 00 17:13:01 EST
Contents:
Re: Entropy paradox (Bryan Olson)
Send me an Angel .. living in the darkness in the land of the lucifer .. send me an
Angel .... (Markku J. Saarelainen)
Wind of Change .. Scorpions ... the whole song .. excellent ... listen ....
excellent ... in the wind of change ..... (Markku J. Saarelainen)
Re: 'Secrets of War' available on DVD (John Savard)
Re: keysize for equivalent security for symmetric and asymmetric keys (Tom St Denis)
Re: JOB: Software Engineer : Security - Ohio ([EMAIL PROTECTED])
Re: keysize for equivalent security for symmetric and asymmetric keys (Roger
Schlafly)
Re: "Minesweeper" algorithm? (David A Molnar)
Re: A Simple Voting Procedure (David Schwartz)
Re: keysize for equivalent security for symmetric and asymmetric keys (DJohn37050)
Re: keysize for equivalent security for symmetric and asymmetric keys (Richard
Heathfield)
Re: keysize for equivalent security for symmetric and asymmetric keys (Kenneth
Almquist)
Re: Entropy paradox (Mok-Kong Shen)
Re: keysize for equivalent security for symmetric and asymmetric keys (Darren New)
Re: keysize for equivalent security for symmetric and asymmetric keys (Roger
Schlafly)
Re: RSA Signature ! ("BreakingNews")
----------------------------------------------------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Entropy paradox
Date: Fri, 01 Dec 2000 19:16:06 GMT
Mok-Kong Shen wrote:
> "Douglas A. Gwyn" wrote:
> >
> > Mok-Kong Shen wrote:
> > > to generate u bits, with u >> m. We know that (accepting
> > > certain plausible assumptions) the u bits are provably
> > > secure.
> >
> > There is a simple proof that on average at least u-m
> > bits are predictable from knowledge of the other m.
> > So probably you're being confused by the sloppy use of
> > "provably secure". You need to refer to the *specific*
> > theorem that has been proven in order to figure out
> > exactly what is meant by that phrase.
>
> That would mean any m bits suffice to predict the rest
> of u (u could be made fairly large!).
Not true. The m bits may have less than m bits of entropy.
> But this can only
> mean theoretical predictability, not practical predictability,
> for otherwise one can't use any output longer than m and
> the generator would be useless (for one could just as well
> use the original m bits). Anyway, I suppose it is not
> necessary to argue further about the paradox, see the
> follow-up of John A. Malley.
That follow-up was serious?????
The correct answer has appeared over and over: entropy and
polynomial-time predictability are not the same. Deterministic
computation cannot increase the entropy of it's starting
state, but there's no similar result about computation-limited
predictability.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Markku J. Saarelainen <[EMAIL PROTECTED]>
Crossposted-To: alt.2600,com.security,alt.security
Subject: Send me an Angel .. living in the darkness in the land of the lucifer .. send
me an Angel ....
Date: Fri, 01 Dec 2000 19:20:19 GMT
http://www.descent2.com/dorsola/midis/q-s/sendme.mid
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Markku J. Saarelainen <[EMAIL PROTECTED]>
Crossposted-To: alt.2600,alt.security,comp.security
Subject: Wind of Change .. Scorpions ... the whole song .. excellent ... listen ....
excellent ... in the wind of change .....
Date: Fri, 01 Dec 2000 19:29:20 GMT
http://www.scorps.com/sound/woc_klaus_duet.ram
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: 'Secrets of War' available on DVD
Date: Fri, 01 Dec 2000 19:52:40 GMT
On Thu, 30 Nov 2000 23:28:32 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
>so there is a way to see it, even if a somewhat expensive one, for
>those in places where it was not telecast. Well, at least here in
>Canada, in Region 1.
Apparently, it's a multi-DVD set.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Date: Fri, 01 Dec 2000 20:30:56 GMT
In article <[EMAIL PROTECTED]>,
Richard Heathfield <[EMAIL PROTECTED]> wrote:
> [newbies please note: Mr Silverman is an expert in cryptography, and
I'm
> not. Salt this article accordingly.]
>
> Bob Silverman wrote:
> >
> > In article <[EMAIL PROTECTED]>,
> > Richard Heathfield <[EMAIL PROTECTED]> wrote:
> >
> > <snip>
> >
> > > Moore's Law. By 2032 (or so), we'll have computers a million times
> > > faster than today's computers. By 2066, they'll be one million
million
> > > times faster. By around 2100, one single computer will be able to
do
> > the
> > > work of the batch of computers you describe in the above
paragraph.
> >
> > This is just silly speculation.
>
> I'd prefer the word 'idle' to 'silly', but I won't press the point.
No bob is right. Assuming that moore's law will hold for the next
century is very baseless. For the most part a 1.1ghz Atlhon is not
much faster then a 800mhz one. So despite buzzword compliant advances
in technology the resulting computer is not much faster.
Also again space/time is finite so there is some limit to how fast we
can make a computer. Generally more gates = faster, but more gates =
more space, more space = slower transmission. So there is some point
where the cpu will just not "process" any faster. We are not there
yet, but the limit is very real.
> <snip>
>
> > (a) There are quantum limits to how small one can make gates
> > (b) The speed of light is finite
>
> And, indeed, I referred to the fact that we can place a theoretical
> upper limit on the amount of computing which can be done in the time
> remaining to this universe. (No, I'm not going to dive into a
discussion
> of multi-universe theories of quantum computing...)
>
> As far as I can see, there is some number N such that there is not
> enough time and space in the universe to perform 2^N computations, and
> that N is a relatively low number. Even if it were a few thousand, it
> wouldn't matter particularly, and it's likely to be lower than that.
>
> Given a key of length N, then, and a halfway decent algorithm, one
could
> be assured that, except for the most terribly unlikely circumstance
> (many orders of magnitude less likely than the proverbial million-to-
one
> chance), the key could not be brute-forced.
>
> Now, the longer the key, the slower the encryption, all else being
> equal. Therefore, those who insist on long keys must pay for them in
> terms of more cycles, and time is money, right?
>
> No matter what the long-term prospects for Moore's Law, its short-term
> future looks relatively assured, and therefore those who insist on
long
> keys are going to find those key lengths less and less of an
> inconvenience, because they'll be able to encrypt more bits for a
given
> unit of time; the clocks they might have spent lengthening the key can
> now instead be spent on actual encryption, because the point of
> lengthening the key vanishes, even to the satisfaction of the most
> troubled corporate or military soul.
>
> Now (and here my poor understanding of cryptography might show
through).
> N might be slightly larger for asymmetric keys rather than symmetric
> keys, because asymmetric keys have some redundant bits (i.e. we know
> they're the product of two large primes, so we know, for example, that
> the rightmost bit is always 1), but the point is that, at that level
of
> paranoia, where we are pushing right up against the theoretical limits
> of computation, it /doesn't matter/ that N is slightly larger for
> asymmetric keys. In percentage terms, the difference is minimal.
Your argument is flawed based on the fact that computing with a 2048bit
RSA key may be time consuming (say square the work) but factoring it is
not the same measure. So an increase in key length vastly increases
the attack time and minimally increases the use time length by
comparaison.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: JOB: Software Engineer : Security - Ohio
Date: Fri, 01 Dec 2000 18:53:58 GMT
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> Plea to readers: Please call the toll-free number below and inform Ms. Kay
> that her post in sci.crypt is offensively off topic.
May as well add that the ones in comp.os.linux.*, comp.security.* were
offensively multi-posted. You would think that anyone with that much
self-image invested in a long title would feel compelled to learn how
to use a newsreader before venturing out in public.
> [EMAIL PROTECTED] wrote:
>> Heidi Kay, President/Certified Personnel Consultant
>> Kay Concepts, Inc.
>>
>> Toll-free fax: 800-879-5828
>> E-Mail: [EMAIL PROTECTED]
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Date: Fri, 01 Dec 2000 12:52:22 -0800
DJohn37050 wrote:
> I think that is a misrepresentation of their thinking. The question was, what
> happens IF an RSA key is presented in a repudiation case that is able to be
> factored in reasonable time using Pollard P+1 or P-1 methods. The real answer
> is that it goes before a judge and then who knows what happens. They decided
> to address this potential concern by requiring that these factoring methods not
> work, as the cost was relatively small.
I think that you know that this argument is fallacious. That is why
you are no longer willing to make the argument yourself, but instead
hypothesize a stupid judge who might be fooled with the fallacious
argument.
If that case ever gets to court, I would gladly testify that
using the Bob Silverman pseudo random prime number generator
makes it easier to disavow an RSA key, not harder. And I'd
mention that even Bob says the BSPRPNG has no security advantages.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: "Minesweeper" algorithm?
Date: 1 Dec 2000 20:51:29 GMT
Tony L. Svanstrom <[EMAIL PROTECTED]> wrote:
> It's a fun idea though, and I can't wait till I can buy a GameBoy and
> have SuperMario running around on the screen cracking passwords. ;)
A game boy would be better suited to computing S/KEY hashes...
-David
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Fri, 01 Dec 2000 13:03:54 -0800
Jerry Leichter wrote:
>
> | > The judge was ultimately overturned on appeal. In the US, you
> | > cannot be ordered to reveal your vote.
> |
> | Yes, nevertheless he successfully ordered three people to reveal their
> | votes. Had each of those three people not revealed their votes, they
> | would have been thrown in jail. If that's not a case of a 3rd party
> | forcing a voter to reveal their vote, I can't imagine what would be.
>
> You misunderstand how the law works. Before this case, it was unknown
> whether a judge could order you to reveal your vote. After this case,
> we know: He can't. Today, those three people - were they cognizant of
> the law - could, if they wished, refuse to answer. Note that whatever
> the technology, someone can always *ask* you how you voted. The only
> thing this legal case deals with is whether you can be compelled to
> answer. And the law says you cannot.
> -- Jerry
Let's take this one step at a time. In this case, did or did not the
judge in this case order three people to reveal how they voted?
DS
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 01 Dec 2000 21:22:49 GMT
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Roger,
There can be many witnesses, which conflict in their testimony. Burt K.
mentioned this very concern in a paper he wrote, not saying it was right or
not, but that it was a "maybe". Well, ANSI X9 decided to make it impossible.
Don Johnson
------------------------------
Date: Fri, 01 Dec 2000 21:19:48 +0000
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Tom St Denis wrote:
>
<snip>
>
> No bob is right. Assuming that moore's law will hold for the next
> century is very baseless. For the most part a 1.1ghz Atlhon is not
> much faster then a 800mhz one. So despite buzzword compliant advances
> in technology the resulting computer is not much faster.
Well, I'm still using a 400MHz machine, so a 1.1GHz machine would
represent a large increase for me. :-)
>
> Also again space/time is finite so there is some limit to how fast we
> can make a computer.
Right, and I made the point of computational limits myself (twice now,
in this thread).
Generally more gates = faster, but more gates =
> more space, more space = slower transmission. So there is some point
> where the cpu will just not "process" any faster. We are not there
> yet, but the limit is very real.
>
<snip>
>
> Your argument is flawed based on the fact that computing with a 2048bit
> RSA key may be time consuming (say square the work) but factoring it is
> not the same measure. So an increase in key length vastly increases
> the attack time and minimally increases the use time length by
> comparaison.
You appear to be violently agreeing with me, since you've just neatly
summarised the point of view I was expressing.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
------------------------------
From: [EMAIL PROTECTED] (Kenneth Almquist)
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Date: 1 Dec 2000 21:27:11 GMT
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (John Savard) wrote:
>> Yes, but who says the technology around in 100 years from now is all
>> going to be forecastable today?
>
> This response is just plain silly. No one is trying to determine
> what will be safe key sizes 100 years from now! We are trying to
> do it for the forseeable future.
If you worked for the census bureau, which is required by law to
keep individual data private for 100 years, you would have to
worry about what key size will be safe 100 years from now. This
is the type of application where 256 bit keys are attractive. We
don't have much of an idea of what computing technology will look
like 100 years from now, but we can be reasonably confident that
fundamental physical laws will prevent anyone from building a
machine which can brute force a 256 bit key.
Kenneth Almquist
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Entropy paradox
Date: Fri, 01 Dec 2000 22:31:45 +0100
Bryan Olson wrote:
>
> Mok-Kong Shen wrote:
> > "Douglas A. Gwyn" wrote:
> > >
> > > Mok-Kong Shen wrote:
> > > > to generate u bits, with u >> m. We know that (accepting
> > > > certain plausible assumptions) the u bits are provably
> > > > secure.
> > >
> > > There is a simple proof that on average at least u-m
> > > bits are predictable from knowledge of the other m.
> > > So probably you're being confused by the sloppy use of
> > > "provably secure". You need to refer to the *specific*
> > > theorem that has been proven in order to figure out
> > > exactly what is meant by that phrase.
> >
> > That would mean any m bits suffice to predict the rest
> > of u (u could be made fairly large!).
>
> Not true. The m bits may have less than m bits of entropy.
See below.
>
> > But this can only
> > mean theoretical predictability, not practical predictability,
> > for otherwise one can't use any output longer than m and
> > the generator would be useless (for one could just as well
> > use the original m bits). Anyway, I suppose it is not
> > necessary to argue further about the paradox, see the
> > follow-up of John A. Malley.
>
> That follow-up was serious?????
>
> The correct answer has appeared over and over: entropy and
> polynomial-time predictability are not the same. Deterministic
> computation cannot increase the entropy of it's starting
> state, but there's no similar result about computation-limited
> predictability.
I suppose that you don't doubt that the paper cited was
serious????? (That was a published paper in a well-known
journal written by persons having some good names!)
As mentioned several times in this thread, I was not arguing
about the 'theoretical' entropy but the amplification through
a good generator of 'practically' unpredictable bits.
M. K. Shen
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Date: Fri, 01 Dec 2000 21:53:02 GMT
Kenneth Almquist wrote:
> like 100 years from now, but we can be reasonably confident that
> fundamental physical laws will prevent anyone from building a
> machine which can brute force a 256 bit key.
Or at least, if not, it's unlikely to matter whether it's a 256-bit key or a
1024-bit key. :-)
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
There is no "P" on the end of "Winnie the Pooh."
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Date: Fri, 01 Dec 2000 13:59:28 -0800
DJohn37050 wrote:
[with context inserted]
>>I think that you know that this argument is fallacious. That is why
>>you are no longer willing to make the argument yourself, but instead
>>hypothesize a stupid judge who might be fooled with the fallacious
>>argument.
I guess you are conceding this point.
>>If that case ever gets to court, I would gladly testify that
>>using the Bob Silverman pseudo random prime number generator
>>makes it easier to disavow an RSA key, not harder. And I'd
>>mention that even Bob says the BSPRPNG has no security advantages.
> There can be many witnesses, which conflict in their testimony. Burt K.
> mentioned this very concern in a paper he wrote, not saying it was right or
> not, but that it was a "maybe". Well, ANSI X9 decided to make it impossible.
Can you name one possible witness who'd say that the BSPRPNG is
advantageous?
At any rate, ANSI X9 did not the legal problem of a disavowed key
impossible. It only slightly shifted the argument that such a
person would make.
------------------------------
From: "BreakingNews" <[EMAIL PROTECTED]>
Subject: Re: RSA Signature !
Date: Sat, 2 Dec 2000 00:00:16 +0200
Reply-To: "BreakingNews" <[EMAIL PROTECTED]>
Have a look at this package if you want to do your own thing.
I use it for locking up sensitive company info.
http://www4.50megs.com/johnnyco/
Mehdi-Laurent Akkar <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> >
> > signed them ? is it an encryption ?
>
> Signing <=> Decryption / Verifying <=> Encryption
> Or anybody would be able to sign with the publick key !!
>
> MLA
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
