Cryptography-Digest Digest #258, Volume #13 Sat, 2 Dec 00 11:13:00 EST
Contents:
Re: Encrypting messages in images?? (Scott Craver)
Re: Newbie (David Schwartz)
Re: IBM's new algorithm (David A Molnar)
Re: Vulnerability to Attack (Bill Unruh)
Re: Proof of posession ("Matt Timmermans")
Re: Wind of Change .. Scorpions ... the whole song .. excellent ... listen ....
excellent ... in the wind of change ..... (Ron B.)
Re: Newbie (Tom St Denis)
Re: keysize for equivalent security for symmetric and asymmetric keys (Tom St Denis)
File Deleter/Nuker ? (Mark Harrop)
Secrets ? (Mark Harrop)
Re: Newbie (Simon Johnson)
Re: File Deleter/Nuker ? (Simon Johnson)
Re: new gchq challenge... (PB)
Re: Rudimentary Encryption (Simon Johnson)
Re: File Deleter/Nuker ? (Tom McCune)
Re: keysize for equivalent security for symmetric and asymmetric keys (Bob Silverman)
Self Shrinking Additive Generators? (Simon Johnson)
Re: keysize for equivalent security for symmetric and asymmetric keys (Bob Silverman)
Re: keysize for equivalent security for symmetric and asymmetric keys (Bob Silverman)
Re: keysize for equivalent security for symmetric and asymmetric keys (Bob Silverman)
Re: keysize for equivalent security for symmetric and asymmetric keys (Bob Silverman)
Re: IBM's new algorithm (John Savard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Crossposted-To: comp.security.misc,alt.2600.hacker,alt.security
Subject: Re: Encrypting messages in images??
Date: 2 Dec 2000 06:35:27 GMT
<[EMAIL PROTECTED]> wrote:
>I saw this on a documentary on my plane flight and I cant
>find my notes on it.
>
>A model created a method of embedding messages (like PGP)
>inside an image so its not obvious the message is encrypted.
>I remember she is from England and posed nude earlier in her
>career and she invented this technique I believe.
Hmmm. I know of nobody like that who created a method of information
hiding, but I really wouldn't know if any researcher had a past as a
model.
But here's a thought: you might be thinking about Lenna. Most
information hiding schemes are tested on this one famous, standard
photo of a model scanned in from an issue of Playboy (only the part
from the shoulders up.) Lena is Swedish, I believe, and not a
researcher in image/signal processing, but at a recent conference
she was flown in and honored for her great contribution to
image processing research by providing the de-facto test image.
Maybe you accidentally blended Lenna with another researcher?
And here's another thought: one of the first major contributions
to modern information hiding was spread-spectrum communication.
Perhaps the first spread-spectrum system, a technique for radio
communication with torpedos resistant to jamming, was co-authored
by none other than the recently deceased Hedy Lamarr. Their
system was frequency-hopping spread spectrum, and ultimately
patented with Lamarr listed as an inventor, although for a while
it was classified.
-S
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: Newbie
Date: Fri, 01 Dec 2000 23:24:57 -0800
Michael wrote:
>
> OK, I will not post it here.
>
> However, I find your example a little silly. I think that would be pushing
> the term algorithm. I think you assumed (correctly) that it is an algorithm
> that can convert any ASCII into a 'secret message.'
Well we won't know what your algorithm is unless you tell us.
> What, in your opinion, would be the proper protocol for challenging people
> to break it.
Present the algorithm. If you wish confirmation, also present encrypted
text of suitable length. However, there are many ways to compromise a
cipher other than decrypting text. You can't find defects in the
structure of the cipher without knowing what that cipher is.
I'd recommend using a web page to explain the cipher in as much detail
as possible and then announcing it in this newsfroup.
DS
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: IBM's new algorithm
Date: 2 Dec 2000 08:14:12 GMT
John Savard <[EMAIL PROTECTED]> wrote:
> That sounds right, but it also looks familiar: like something that was
> discussed here several months ago.
I think it's plausible that it took this much time to make its way from
IBM Research to IBM's PR and Marketing department.
> Perhaps, based on this research on encryption _modes_, he discovered a
> new public-key _algorithm_ more recently?
Possible. I actually hope so. It would be rather unfortunate if the press
release came out before the algorithm was published or preprinted
anywhere, though. The article doesn't actually say that the result has
anything to do with public key. It gives that impression by quoting
Schneier on RSA as bottleneck -- but that could have been a generic quote
taken out of context. So until we see more details from IBM it seems open
either way.
-David
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Vulnerability to Attack
Date: 2 Dec 2000 08:34:43 GMT
In <909db7$3uq$[EMAIL PROTECTED]> "BreakingNews" <[EMAIL PROTECTED]> writes:
]But if what u saying is that the password *IS* being transmitted across
]the net... albeit encrypted with its own hash and rnd IV via CBC... whatever
]... its wrong.
]The password in any shape or form... must not pass over the net.
]I think you can argue with number crunching geeks until your head falls off
]and I think the clever thing to do is just to avoid the 10001 ways to do
]authentication. What I do is just look at something or someone that I think
]probably does has a good system... and copy it.
]I would just say to your programmers, do it this way... and tell them to
]use the CHALLENGE RESPONSE methodology the microsoft uses.
Uh, you are confused. A Challenge - response system DOES transmit the
password across the net, in exactly the way you seem tofing objectionable.
(And Microsoft? The developers of Lanman chap which was to say the least
weak-- and which they then silently pulled?)
------------------------------
From: "Matt Timmermans" <[EMAIL PROTECTED]>
Subject: Re: Proof of posession
Date: Sat, 02 Dec 2000 08:42:11 GMT
"csbh @ (THESE) datahit.com (Coridon Henshaw)" <REMOVE> wrote in message
> What's to stop the download site from returning known-good hash values
> (i.e. lying) for files which contain completely different data?
Nothing at all, but if the sequence in which the hashes are transmitted is
properly specified, the receiver can tell when he's getting invalid data
before downloading a significant portion of the file.
------------------------------
From: Ron B. <[EMAIL PROTECTED]>
Crossposted-To: alt.2600,alt.security,comp.security
Subject: Re: Wind of Change .. Scorpions ... the whole song .. excellent ... listen
.... excellent ... in the wind of change .....
Date: Sat, 02 Dec 2000 04:06:32 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
On Fri, 01 Dec 2000 19:29:20 GMT, Markku J. Saarelainen
<[EMAIL PROTECTED]> wrote:
(Real Player stream link deleted.)
And the relevance to the groups you posted this to is?
=====BEGIN PGP SIGNATURE=====
Version: PGP 7.0
iQA/AwUBOii7lAzUoy7OvTSOEQK1jwCgqvCMqj5voh9OjnRJe4GoT/dKSoYAn1Cj
/wbZOtDRQ2t774GvF0ilWuMt
=Brt6
=====END PGP SIGNATURE=====
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Newbie
Date: Sat, 02 Dec 2000 13:38:13 GMT
In article <9L%V5.84224$[EMAIL PROTECTED]>,
"Michael" <[EMAIL PROTECTED]> wrote:
> I would think a (fast) computer would be perfect for brute forceing
it.
> But, I have no concept of just how fast the computers 'they' have are.
> Mine is not up to the task!
>
> I once (when I had a P200) wrote a program to attempt a brut force
decode of
> a simple message.
> It was going so slow I added code to estimate (based on progress) how
long
> it would take to finish.
> It was MANY YEARS! I gave up.
> Not exactly practical.
>
> Thanks for the reply,
Your concept of "fast computers" completely baffles me. A 500mhz
Athlon computer (I think that is what you said you have) is capable of
about 1.5 billion instructions per second (maximum) and would average
about 500 million (assuming well written code, etc). Compare that to a
286 from 15 years ago... (286's ran at about 16mhz tops).
Normally brute force is NOT the way to attack an algorithm. DES for
example can be broken in theory by an attack faster then brute force.
It just happens for short key algorithms such as DES it is more
practical today to brute force the key.
Often brute forcing is done on a cluster of computers (a DES key would
takes months on a Atlhon 500) to linearly increase the search rate.
distributed.net is a good example of such.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Date: Sat, 02 Dec 2000 13:40:40 GMT
In article <[EMAIL PROTECTED]>,
Richard Heathfield <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> >
> <snip>
> >
> > No bob is right. Assuming that moore's law will hold for the next
> > century is very baseless. For the most part a 1.1ghz Atlhon is not
> > much faster then a 800mhz one. So despite buzzword compliant
advances
> > in technology the resulting computer is not much faster.
>
> Well, I'm still using a 400MHz machine, so a 1.1GHz machine would
> represent a large increase for me. :-)
>
> >
> > Also again space/time is finite so there is some limit to how fast
we
> > can make a computer.
>
> Right, and I made the point of computational limits myself (twice now,
> in this thread).
>
> Generally more gates = faster, but more gates =
> > more space, more space = slower transmission. So there is some
point
> > where the cpu will just not "process" any faster. We are not there
> > yet, but the limit is very real.
> >
> <snip>
> >
> > Your argument is flawed based on the fact that computing with a
2048bit
> > RSA key may be time consuming (say square the work) but factoring
it is
> > not the same measure. So an increase in key length vastly increases
> > the attack time and minimally increases the use time length by
> > comparaison.
>
> You appear to be violently agreeing with me, since you've just neatly
> summarised the point of view I was expressing.
Perhaps I was mistaken, I thought you said that the cost of encryption
and attacking went up linearly proportional to each other. That simply
is not true.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Sun, 03 Dec 2000 01:08:38 +1100
From: Mark Harrop <[EMAIL PROTECTED]>
Subject: File Deleter/Nuker ?
Hi all...
Could some kind soul pls point me in the direction of a Freeware/Shareware
File Nuker ? Or if there are no free types, post the name of your favorite
package. please.
I am after the kind that write over the disk sector (?) many times to stop
retrieval.
PS. I _AM_ a Newbie, so pls no flames on this tender soul ;-)
Cheers!
Mark Harrop
[EMAIL PROTECTED]<mailto:>
Moderator of the following Programming Lists:
Send a empty message to:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Cheers!
Mark Harrop
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Moderator of the following Programming Lists:
Send a empty message to:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
+<(:o)|<:
------------------------------
Date: Sun, 03 Dec 2000 01:44:34 +1100
From: Mark Harrop <[EMAIL PROTECTED]>
Subject: Secrets ?
Hi all...
On p237, APPLIED CRYPTOGRAPHY (Complexity Theory), it states
"Unfortunately, most literature on applying information theory to
cryptanalysis remains classified...."
I thought that the UK, and the USA Classified Info becomes declassified
after a certain time ? ie, after 30 or 50 years ?
Since the Alan Turing literature that the book was taking about was
writtenin 1940, I would have thought that after 60 years, it would be
declassified ?
PS. Pls excuse my ignorance..I'm a Newbie ;-)
Cheers!
Mark Harrop
[EMAIL PROTECTED]<mailto:>
Moderator of the following Programming Lists:
Send a empty message to:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Cheers!
Mark Harrop
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Moderator of the following Programming Lists:
Send a empty message to:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
+<(:o)|<:
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Newbie
Date: Sat, 02 Dec 2000 14:49:50 GMT
In article <90au05$5ic$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <9L%V5.84224$[EMAIL PROTECTED]>,
> "Michael" <[EMAIL PROTECTED]> wrote:
> > I would think a (fast) computer would be perfect for brute forceing
> it.
> > But, I have no concept of just how fast the computers 'they' have
are.
> > Mine is not up to the task!
> >
> > I once (when I had a P200) wrote a program to attempt a brut force
> decode of
> > a simple message.
> > It was going so slow I added code to estimate (based on progress)
how
> long
> > it would take to finish.
> > It was MANY YEARS! I gave up.
> > Not exactly practical.
> >
> > Thanks for the reply,
>
> Your concept of "fast computers" completely baffles me. A 500mhz
> Athlon computer (I think that is what you said you have) is capable of
> about 1.5 billion instructions per second (maximum) and would average
> about 500 million (assuming well written code, etc). Compare that to
a
> 286 from 15 years ago... (286's ran at about 16mhz tops).
>
> Normally brute force is NOT the way to attack an algorithm. DES for
> example can be broken in theory by an attack faster then brute force.
> It just happens for short key algorithms such as DES it is more
> practical today to brute force the key.
>
> Often brute forcing is done on a cluster of computers (a DES key would
> takes months on a Atlhon 500) to linearly increase the search rate.
> distributed.net is a good example of such.
>
> Tom
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
There is a limit as to how big a key you can solve by brute-force.
Applied Cryptography says that to clock a 217-bit register through all
its permutations would require collecting the energy of every single
photon emitted by the sun for a whole year.
Even the most sceptical of us must accept that 256-bit keys are not
going to be solvable (by brute-force) for a very long time.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: File Deleter/Nuker ?
Date: Sat, 02 Dec 2000 14:51:42 GMT
In article <[EMAIL PROTECTED]>,
Mark Harrop <[EMAIL PROTECTED]> wrote:
> Hi all...
>
> Could some kind soul pls point me in the direction of a
Freeware/Shareware
> File Nuker ? Or if there are no free types, post the name of your
favorite
> package. please.
>
> I am after the kind that write over the disk sector (?) many times to
stop
> retrieval.
>
> PS. I _AM_ a Newbie, so pls no flames on this tender soul ;-)
>
> Cheers!
> Mark Harrop
> [EMAIL PROTECTED]<mailto:>
>
> Moderator of the following Programming Lists:
>
> Send a empty message to:
>
> [EMAIL PROTECTED]
>
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> Cheers!
> Mark Harrop
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> Moderator of the following Programming Lists:
>
> Send a empty message to:
>
> [EMAIL PROTECTED]
>
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> +<(:o)|<:
>
>
Yup, like always PGP has the solution. You can download it for free at:
www.pgpi.org
It securely wipes any file of your choice, as well as providing may
other useful services: Such as digital signitures etc.......
Yours,
Simon Johnson.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (PB)
Subject: Re: new gchq challenge...
Date: Sat, 02 Dec 2000 15:19:04 GMT
On Thu, 09 Nov 2000 16:57:57 GMT, [EMAIL PROTECTED] wrote:
Since the closing date for applications has passed, try looking at the
dots and dashes on the first page a little more closely ...
>Has anyone had a go at the new gchq challenge...
>It has been updated since "well done now apply for a job!" and comes in
>two parts. The first part, finding five words or phrases hidden with
>Bacon's bilateral cipher is fairly easy, but i have not had much luck
>applying the words to the second part.
>See www.gchq.gov.uk for more details
>Good luck!
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Rudimentary Encryption
Date: Sat, 02 Dec 2000 14:57:10 GMT
In article <OkBV5.7$[EMAIL PROTECTED]>,
"Potyanimal" <[EMAIL PROTECTED]> wrote:
> I need help with an encryption scheme that i'm sure will be easy for
some of
> you to figure out, but I'm just a novice. So here it is. I have a
program,
> not a very important program, and so doesn't have strong encryption,
but it
> does encrypt the password into a file on my network. Often I am in
need of
> changing the value of the encrypted password, and if I could write a
program
> to give me the encrypted password, it would make my job very easy.
I'm
> ignorant when it comes to crypto but this is what i've been able to
dig up.
> 1) The encrypted password is the same length as the unencrypted
password.
> 2) The seed is stored along with the encrypted password.
>
> Examples (exact copy):
> 1) SEED$1:"aaaa" = "pC=
> 2) SEED$1:"aaaaaa" = "pC=@s
> 3) SEED$1:"aabaaa" = "p;=@s
>
> ...So it's the encrypted value of "abc" is stored in the form of
> SEED$n:"xyz" where n is obviously the seed and xyz is the encrypted
value.
> Also, the crypted value can be placed in the password box to uncover
the
> password in the crypted value, as long as it retains the same seed.
>
> I could talk all day about this stuff but I'm sure some one out there
can
> figure this out in less time than it take me to type this. I'm
looking for
> a formula of somekind to so that I can generate the seed and encrypted
> password to manualy insert into the program.
>
> [EMAIL PROTECTED]
>
>
If you don't need to use this program, Don't. Counterpane security have
a little freeware program called 'Password Safe' to handle the task of
storing passwords.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: File Deleter/Nuker ?
Date: Sat, 02 Dec 2000 15:14:27 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In article <90b29t$8hp$[EMAIL PROTECTED]>, Simon Johnson
<[EMAIL PROTECTED]> wrote:
>Yup, like always PGP has the solution. You can download it for free at:
>
>www.pgpi.org
>
>It securely wipes any file of your choice, as well as providing may
>other useful services: Such as digital signitures etc.......
I'm a great fan and advocate of PGP, but I would not rely on it's wiping:
http://www.McCune.cc/PGPpage2.htm#Wiping
There are better alternatives. Eraser may be the best of the free ones:
http://www.tolvanen.com/eraser/
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.5.8
Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm
iQA/AwUBOikSWw2jfaGYDC35EQLfwgCaA1RPVwIeP3VMGM0kM9QWMufDh9YAn32c
sT1iQRkn5RgiXROATgtpM2pG
=KCQ4
=====END PGP SIGNATURE=====
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Date: Sat, 02 Dec 2000 15:11:51 GMT
In article <90953f$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Kenneth Almquist) wrote:
> Bob Silverman <[EMAIL PROTECTED]> wrote:
> > In article <[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] (John Savard) wrote:
> >> Yes, but who says the technology around in 100 years from now is
all
> >> going to be forecastable today?
> >
> > This response is just plain silly. No one is trying to determine
> > what will be safe key sizes 100 years from now! We are trying to
> > do it for the forseeable future.
>
> If you worked for the census bureau, which is required by law to
> keep individual data private for 100 years, you would have to
> worry about what key size will be safe 100 years from now.
No. We would not. Look up "pro-active" security.
Breakthroughs which make current keysizes obsolete simply mean
that one re-signs or re-encrypts with new keys . This is
a good thing to do in general even with no changes in keysizes.
> is the type of application where 256 bit keys are attractive. We
> don't have much of an idea of what computing technology will look
> like 100 years from now, but we can be reasonably confident that
> fundamental physical laws will prevent anyone from building a
> machine which can brute force a 256 bit key.
Irrelevant. Brute force is not the issue (but you are correct
that 256 bits won't be brute-forced). The issue is improvements
in key breaking algorithms/mathematics. This is unpredictable.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Self Shrinking Additive Generators?
Date: Sat, 02 Dec 2000 15:13:49 GMT
We know the LFSR's that are ran in the self shrinking configuration
are secure provided a dense polynomial is used.
My question is, could a Self Shrinking Additve Generator be created and
would the security remain the same.
Lets say for the sake of argument we had a 8-bit word length.
We could define a mechnism where we clock the generator twice, to
produce two 8-bit words A and B. If A>128 then the output is B. If not
reclock twice more.
Does this work identically to the LFSR?
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Date: Sat, 02 Dec 2000 15:16:55 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> On Thu, 30 Nov 2000 20:07:40 GMT, Bob Silverman <[EMAIL PROTECTED]>
> wrote, in part:
>
> >This response is just plain silly. Noone is trying to determine
> >what will be safe key sizes 100 years from now! We are trying to
> >do it for the forseeable future.
>
> Things like medical and adoption records do need to be kept
> confidential for periods that long,
Which is why we have pro-active security.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Date: Sat, 02 Dec 2000 15:15:43 GMT
In article <[EMAIL PROTECTED]>,
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote:
> Kenneth Almquist wrote:
<snip>
> I suspect this conclusion is false. Since, in theory, a QC enjoys a
square
> root advantage over classical architectures a 256-bit key attacked by
a QC
> would be as a 128-bit key attacked by a classical computer. I'd
expect a
> search of a 2^128 space to be trivial for a classical computer in 2100
Fortunately, no one cares what you expect. I suggest you do
the arithmetic to see exactly how fast a computer would need
to be to break a 128-bit key in reasonable time.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Date: Sat, 02 Dec 2000 15:28:01 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> I think that is a misrepresentation of their thinking.
I don't agree.
The question was, what
> happens IF an RSA key is presented in a repudiation case that is able
to be
> factored in reasonable time using Pollard P+1 or P-1 methods.
And I told them that the probability of such happening at random
was vanishingly small during the lifetime of this universe.
The standard of proof is "preponderance of evidence". Presentation
of such a key would be proof that it was deliberately constructed.
It isn't going to happen by chance.
The real answer
> is that it goes before a judge and then who knows what happens. They
decided
> to address this potential concern by requiring that these factoring
methods not
> work, as the cost was relatively small.
And as I told them it still left keys vulneable to being deliberately
constructed so that they were vulnerable to yet other attacks.
Basically, the "bankers" had heard recommendations (now obsolete)
that strong primes be used in keys. These recommendations were
20 years old, but the bankers refused to acknowledge that newer
algorithms made the requirement irrelevent.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Date: Sat, 02 Dec 2000 15:30:07 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> Rivest when RSA was first invented was the one to say that perhaps
strong
> primes were a good thing. As the key sizes needed got larger, then
he changed
> his position. ANSI X9 is conservative. There was this concern.
There was
> supposed to be a presentation saying why it was not needed, but that
was not
> done.
False. I did discuss this in front of X9F1.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: IBM's new algorithm
Date: Sat, 02 Dec 2000 14:39:21 GMT
On 2 Dec 2000 08:14:12 GMT, David A Molnar <[EMAIL PROTECTED]>
wrote, in part:
>Possible. I actually hope so. It would be rather unfortunate if the press
>release came out before the algorithm was published or preprinted
>anywhere, though.
It's just that I remember that preprint from a couple months ago. It's
still a good lead. My suspicion is that IBM has indeed done what is
most necessary before issuing the press release...i.e., applied for a
patent. The algorithm could well be published somewhere as well.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
