Cryptography-Digest Digest #439, Volume #13 Mon, 8 Jan 01 05:13:00 EST
Contents:
Re: Differential Analysis (Benjamin Goldberg)
Re: Seeking frequency distributions ("John A. Malley")
Re: Need of very simple algorithms? ("Matt Timmermans")
Re: Unsolved Elgar Cipher... ("Lee")
Re: Differential Analysis (Bryan Olson)
Re: Fastest way to factor primes? (Bob Silverman)
Re: Fastest way to factor primes? (Bob Silverman)
Re: Fastest way to factor primes? (Bob Silverman)
Reviews of 50 cryptography books (Crypto-Boy)
Re: Reviews of 50 cryptography books (Roger Schlafly)
Re: Fastest way to factor primes? ("Matt Timmermans")
Re: Need of very simple algorithms? ([EMAIL PROTECTED])
Re: Unsolved Elgar Cipher... (Anders Thulin)
Re: xor'd text file - Cryptanalyis of Simple Aperiodic Substitution Systems
(Warning: LONG post) (John Savard)
Re: Simple Sublimibimbimal Exercise (Mok-Kong Shen)
Re: Need of very simple algorithms? (Mok-Kong Shen)
Re: Need of very simple algorithms? (Mok-Kong Shen)
Re: Need of very simple algorithms? ("Brian Gladman")
Re: xor'd text file - Cryptanalyis of Simple Aperiodic Substitution (Mok-Kong Shen)
Re: Need of very simple algorithms? (Mok-Kong Shen)
----------------------------------------------------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Differential Analysis
Date: Mon, 08 Jan 2001 00:37:48 GMT
Simon Johnson wrote:
>
> In article <[EMAIL PROTECTED]>,
> Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> > Tom St Denis wrote:
> > >
> > > In article <939ql3$fop$[EMAIL PROTECTED]>,
> > > Simon Johnson <[EMAIL PROTECTED]> wrote:
> > > > In article <9381mn$6us$[EMAIL PROTECTED]>,
> > > > Tom St Denis <[EMAIL PROTECTED]> wrote:
> > [snip]
> > > > > Simple example:
> > > > >
> > > > > Let's say the input difference of '1' makes an output
> > > > > difference of '1' with a prob of 4/256.
> > [snip]
> > > > For x rounds would u need roughly (4/256)^x known plain-texts to
> > > > solve for this example.... or is the relationship more complex?
> > >
> > > The rule is you generally need 2/p plaintexts to exhibit the
> > > characteristic. And yes it *can* chain like (2/p)^x for 'x'
> > > rounds. This chain rule doesn't always hold. And sometimes you
> > > can exbihit the char. in more/less then the 2/p bound.
> >
> > So for DP max of 4/256, then you need approximately 2*256/4
> > plaintexts? And thus approximatly 128^x texts for x rounds? So
> > 16384 for 2 rounds, and 268435456 texts for 4 rounds. Given that
> > there are only 65536 *possible* texts in a 16 bit fiestel, it would
> > seem that after 4 rounds, differential analysis is not sufficient
> > for an attack.
> >
> > For a differential analysis attack to work on a 16 bit fiestel,
> > (2/p)^4 should be less than or equal to 65536, so DP max would need
> > to be greater than or equal to 1/32. Making DP max be less than
> > 1/32 is not too difficult -- Tom's sboxgen will do it easily.
> >
> > Given all that, I guess that the next thing I should worry about for
> > my hypercrypt cipher is linear analysis.
>
> I wouldn't jump to the conclusion your cipher is secure against
> differential cryptanalysis just yet. There could be some clever tricks
> that a professional can pull that can solve the cipher in a better
> way.
>
> But granted, the evidence you've presented is promising :)
True enough about not jumping to conclusions. I should have explicitly
said, the cipher is *probably* secure against differential
cryptanalysis, not have implied in any way shape or form, that it
definitely is secure.
Does anyone have any attack, using differential analysis, on this 4
round 16 bit fiestel?
Also, there's the minor possibility that the component (the 16 bit
fiestel) is secure against differential analysis, but the cipher, which
uses the component repeatedly, somehow is not secure against
differential analysis.
Can anyone see any way to attack the cipher using differential analysis,
under the assumption that the component is secure against differential
analysis? *I* certainly don't, and in fact, I think that it might be
impossible.
However, regardless of whether or not it is secure against differential
cryptanalysis, I think I should, at this point, be worrying about the
next most likely form of attack -- linear analysis. Unless of course
someone presents to me some good reason to continue to worry about
differential analysis.
--
Power interrupts. Uninterruptable power interrupts absolutely.
[Stolen from Vincent Seifert's web page]
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Seeking frequency distributions
Date: Sun, 07 Jan 2001 16:44:36 -0800
Erik Edin wrote:
>
> Hi.
> I'm seeking frequency distributions of letters for use in cryptanalysis of a
> simple monoalphabetic cipher. I'm specifically looking for frequency
> distributions of the German language, but I'm also interested in all other
> languages. They seem to be less than easy to find on the Internet.
> Thanks.
> Erik Edin
There is an on-line version of "Classical Cryptography, Vol. I and II"
by Randall K. Nichols, from Aegean Park Press.
Chapter 5 has statistical information on letter, digraph, trigraph
frequencies for German.
See
http://www.fortunecity.com/skyscraper/coding/379/lesson5.htm
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: "Matt Timmermans" <[EMAIL PROTECTED]>
Subject: Re: Need of very simple algorithms?
Date: Mon, 08 Jan 2001 00:52:20 GMT
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Marc has kindly pointed out that 'handy' is the German word
> for mobile phone. (Apology for the confusion, though I am
> surprised, since I guessed that there should be a rather
> short English shorthand like many other terms in computing
> and that word seemed to be a quite natural candidate).
Oh... so that's what you mean by "handy user". No, that term would never
catch on in North America, because a "handy" sounds like it costs less than
5 dollars. The connotations imply not only convenience, but also low cost
and low quality, like any product or store with "value" in its name, as well
as a kind of unsophistication that doesn't work with the way you market
electronics here, i.e., "you can be cool and unique and make your friends
jealous by buying a cell phone like this one!".
In Germany, do people actually pronounce it as "handy", or do they use a
German word that means handy?
In any case, if you're talking about phones that can accept software, then
you are limited by available memory rather than processor speed, so any
common block cipher that doesn't require large lookup tables would be just
fine for SMS encryption. Rijndael, for example, can be implemented with
great space-efficiency. Processing will be slow, but it doesn't matter,
because you don't care if it takes you a couple seconds (and it won't) to
encrypt your short message.
If you're targeting phones that can't be reprogrammed, then you are limited
to pencil-and-paper ciphers. The problem with this, of course, is that
attackers aren't limited to pencil and paper.
------------------------------
From: "Lee" <[EMAIL PROTECTED]>
Crossposted-To: rec.puzzles
Subject: Re: Unsolved Elgar Cipher...
Date: Sun, 7 Jan 2001 17:57:42 -0800
"Rob Marston" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
: For those who are interesting in an old challenge's
: we are trying to start an E-group to look into this
: 1897 puzzle...
:
: http://www.egroups.com/group/Elgar-Cipher
:
: All are welcome...
:
: Rob
:
I followed the link... is finding the puzzle part of the puzzle?
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Differential Analysis
Date: Mon, 08 Jan 2001 02:14:53 GMT
Simon Johnson wrote:
> Bryan Olson wrote:
> > One good on-line reference to mostly off-line sources is Bruce
> > Schneier's self-study course in block cipher cryptanalysis.
> > See:
> >
> > http://www.counterpane.com/self-study.html
> I've looked at this, and its only any good if you know how
> to do/how to work the attacks :)
It's tough to know how much patience to have with the
clueless newbie cipher designers, or worse - the clueless
old-timers. There's nothing wrong with being a newbie or
asking naive questions, but the inside of cipher is a
dangerous place to play.
Last month we saw a thread eighty-some posts long, mostly
devoted to convincing a couple guys who regularly post
ciphers that a purely linear scheme is weak. Eventually
they seemed to get that the particular method is worthless,
but I don't think it dawned on them the extent to which they
were fooling themselves. I wonder if it's just sci.crypt,
or if they also send neurologists their new techniques for
brain surgery, or NASA their designs for spaceships.
--Bryan
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Fastest way to factor primes?
Date: Mon, 08 Jan 2001 03:17:47 GMT
In article <939s7n$gt0$[EMAIL PROTECTED]>,
Simon Johnson <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> Steve Portly <[EMAIL PROTECTED]> wrote:
> > What would be the fastest way to determine if 362,293,147 is prime?
> > Wouldn't a prime number sieve be the fastest method?
> >
> >
> Just about the way you named this thread. To test wether a number is
> prime you do not factor. Asking the question 'What are the factors of
N'
> is different to asking 'Is N prime'. The complexity of factoring is
> believed to increase expodentially with an increase in input size.
Where did you get this misinformation?
(1) It is not a matter of 'belief'. Noone 'believes' your statement.
(2) The complexity most certainly is NOT exponential, as we
have algorithms that are faster than exponential.
>The
> complexity of determining wether 'N' is prime increase to the form of
a
> polynomial with increase in input size.
This is a conjecture. It is a theorem if GRH is true or if a
certain relaxed form of Cramer's conjecture is true. There is
strong evidence for both conjectures, but a proof is lacking.
Prime proving is known to be (at worst) in RP.
Deterministically, the best result is that it is no worse than
(log p)^logloglog p
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Fastest way to factor primes?
Date: Mon, 08 Jan 2001 03:22:02 GMT
In article <[EMAIL PROTECTED]>,
Quisquater <[EMAIL PROTECTED]> wrote:
> Bob Silverman wrote:
<snip>
>
> The model thus is very important.
Yes, you are indeed correct. I was assuming current RAM technology
where access time is proportional to distance...
I only suggested table lookup to show that the question
itself was not well posed.
>
> Jean-Jacques,
>
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Fastest way to factor primes?
Date: Mon, 08 Jan 2001 03:26:20 GMT
In article <93a7q8$p30$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> Steve Portly <[EMAIL PROTECTED]> wrote:
> > What would be the fastest way to determine if 362293147 is prime?
> > Wouldn't a prime number sieve be the fastest method?
>
> Just to quip about the subject, you can't factor prime numbers, they
> are by nature irreducible.
You need to be very careful here. Irreducible over Z, true.
But one can (say) factor primes that are 3 mod 4 over Z[i].
e.g. 3 = (2+i)(2-i).
One should always state the domain. Every prime can be factored
by choosing an appropriate extension ring.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Crypto-Boy <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,misc.books.technical
Subject: Reviews of 50 cryptography books
Date: Mon, 08 Jan 2001 05:29:15 GMT
Check out http://www.youdzone.com/cryptobooks.html
for reviews of 50 cryptography books that I own and have read, plus an
additional 10 I've yet to finish.
Make sure to check out "Cryptography Decrypted" under the reference
section, if you haven't yet heard of this new book.
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,misc.books.technical
Subject: Re: Reviews of 50 cryptography books
Date: Sun, 07 Jan 2001 22:26:03 -0800
Crypto-Boy wrote:
> Check out http://www.youdzone.com/cryptobooks.html
> for reviews of 50 cryptography books that I own and have read, plus an
> additional 10 I've yet to finish.
You give thumbs down to "A Million Random Digits: with 100,000
Normal Deviates", but perhaps you didn't realize that you can
get it online for free. See:
http://www.rand.org/publications/classics/randomdigits/
The download is machine readable, and has errors corrected! (I realize
that sounds totally ridiculous -- but see the explanation yourself.)
------------------------------
From: "Matt Timmermans" <[EMAIL PROTECTED]>
Subject: Re: Fastest way to factor primes?
Date: Mon, 08 Jan 2001 07:28:22 GMT
Perhaps we could concentrate on being helpful, rather than pedagogical. The
question was ill-posed, to be sure, but the only ambiguity is whether he
wants a factoring algorithm or a primality test. I'm pretty sure he wasn't
looking for quantum algorithms, that *really* big lookup tables don't fit
into his implementation scenario, that he's not using elements from some
other group that just happen to be refered to with the same names as
integers, and that he's not contemplating implementing the algorithm in a
universe where the speed of light is infinite.
We certainly don't want to tell him that he has to write all of that crap
whenever he asks a question -- noone else does.
Instead, we need to tell Steve:
You don't want to say "factor a prime", because if a number is known to be
prime, then it is known to have no non-trivial divisors. (Bill Gates made
the same mistake in a speech, which a lot of people here laughed about)
Instead you say "factor an integer" or "test an integer for primality" --
It's not clear to me which one you're looking for.
> > Steve Portly <[EMAIL PROTECTED]> wrote:
> > > What would be the fastest way to determine if 362293147 is prime?
> > > Wouldn't a prime number sieve be the fastest method?
If you're numbers are about that size, then factoring (actually finding
factors) is pretty easy. If there are any non-trivial divisors, then one of
them has to be <= sqrt(N) (19033 in the example above), so even trial
division doesn't take too much time. The Pollard rho method is usually a
good choice for numbers of this size and somewhat larger -- it's fast and
easy to implement. If your numbers get really big (like RSA challenges),
then you'll need something more complicated.
Note: most of the descriptions of this method on the Web are wrong. This
one is right:
http://forum.swarthmore.edu/dr.math/problems/mcgrew10.26.98.html
If you just want to test to see if a number is prime, then you can do it
faster. There are quick tests for primality (several have been mentioned in
other responses). These tests are probablilistic -- they will tell you that
a number is composite or that it is very likely to be prime. Most of these
tests are based in some way on "Fermat's little theorem", which you should
look up if you want to know how they work:
http://www.utm.edu/research/primes/notes/proofs/FermatsLittleTheorem.html
When using any of these tests, you can spend more work to get a more certain
answer. For primality testing on really big numbers, the common approach is
to run these tests until the probability of getting a wrong answer is
vanishingly small -- less than the probability of being hit by a meteor, and
therefore not caring whether the number is prime or not.
As another respondent mentioned, if your numbers aren't too big, you can get
an exact answer with a probabilistic test and a list of the few composite
numbers that it passes as prime.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Need of very simple algorithms?
Date: Mon, 8 Jan 2001 07:20:22 GMT
Mok-Kong Shen wrote:
> > AES is simple enough to implement in mobile phones, in hand held devices
> > like the Palm Pilot (where it is already available) and in a number of
> > scientific calculators (e.g. TI86).
>
> The problem is that currently we don't yet have handys
> (at the market) that have AES built-in and there are
> already a huge number of handys without that in possession
> of people. As to palmtop, I have excluded it as assumption
> in my original post. with certain tarifs one gets a handy
> for free from the provider. A palmtop is expensive, at least
> for a large class of handy users of the world. A simple-minded
> mechanical device could cost almost nothing,
what ?!
today every mechanical device is much more expensive than electronical device.
> though certainly
> by far not offering the high security of AES, which are
> likely not to be needed for the application in question.
> M. K. Shen
== <EOF> ==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp <-- PGP plugins for Netscape and MDaemon
remove .NOSPAM.NET for email reply
------------------------------
Crossposted-To: rec.puzzles
From: Anders Thulin <[EMAIL PROTECTED]>
Subject: Re: Unsolved Elgar Cipher...
Date: Mon, 8 Jan 2001 08:27:18 GMT
Rob Marston wrote:
>
> For those who are interesting in an old challenge's
> we are trying to start an E-group to look into this
> 1897 puzzle...
Was it Balzac who published a cryptogram in one
of his books? There's another challenge...
However, he probably just asked his typsetter to deliberately
make pie for a page or two ...
--
Anders Thulin [EMAIL PROTECTED] 040-10 50 63
Telia ProSoft AB, Box 85, SE-201 20 Malm�, Sweden
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: xor'd text file - Cryptanalyis of Simple Aperiodic Substitution Systems
(Warning: LONG post)
Date: Mon, 08 Jan 2001 07:56:28 GMT
On Sun, 7 Jan 2001 13:14:47 -0800, "Paul Pires" <[EMAIL PROTECTED]>
wrote, in part:
>What's wrong with a good stream cipher based on a
>cryptographically secure PRNG, used in the proper way
>That is different from block ciphers under the same
>assumptions?
One weakness that remains, with even the one-time-pad, let alone a
secure PRNG, is that if an active attacker happens to _know_ one
particular plaintext, a bit-flipping attack, in which inverting
selected bits of the ciphertext results in inverting exactly the same
bits of the plaintext allows the attacker to alter the plaintext
despite not having broken the cipher, is possible.
So this needs to be remembered, and authentication needs to be used.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Simple Sublimibimbimal Exercise
Date: Mon, 08 Jan 2001 10:24:47 +0100
wtshaw wrote:
>
> In a country where so many people are already locked-up for trivial
> offenses, one is reminded about the reasons for the Magna Carta, that
> government should not be allowed to do what it pleases. That spirit is
> alive and well today.
>
> Should justice not be served, where innate human rights are increasingly
> abused, and when intolerable acts and requirements become a burden, that
> situation will quickly be made to change one way or the other, for we in
> the US are not willing to be slaves. Be sure that you know that I believe
> peaceful means are best, and that is the consensus of most Americans, but
> a group that will openly use criminal conduct, betray the trust of the
> people in fairness and openness, and see try to ram an unpopular agenda
> down out throats, must be opposed in anyway possible from meeting their
> dishonerable goals.
Your theory is o.k., but practice and theory always have
a signifant distance from each other (this is true even
in crypto). Absolute correct justice is utopia. Judges as
well as those who make laws are human, even in a 'truly'
democratic country. I may err, but isn't it that the figure
symbolizing Justice has her eyes blinded? (That blinding
could be interpreted in two different ways, I suppose.)
While certain relaxations in export regulations etc. have
occurred, there are newcomers such as RIP and Carnivore-like
projects. It seems that a large part of people in the world
who want to guard their freedom of privacy indeed have to
actively do something 'themselves' (i.e. presumably in
addition to what can be obtained from the literature and
from others) in matters of steganography, which leads us
back to stuffs like what the title of this thread addresses.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Need of very simple algorithms?
Date: Mon, 08 Jan 2001 10:24:55 +0100
Matt Timmermans wrote:
[snip]
> In Germany, do people actually pronounce it as "handy", or do they use a
> German word that means handy?
This is the most popular term and also pronounced English-like.
> In any case, if you're talking about phones that can accept software, then
> you are limited by available memory rather than processor speed, so any
> common block cipher that doesn't require large lookup tables would be just
> fine for SMS encryption. Rijndael, for example, can be implemented with
> great space-efficiency. Processing will be slow, but it doesn't matter,
> because you don't care if it takes you a couple seconds (and it won't) to
> encrypt your short message.
>
> If you're targeting phones that can't be reprogrammed, then you are limited
> to pencil-and-paper ciphers. The problem with this, of course, is that
> attackers aren't limited to pencil and paper.
I expect that soon a new generation of mobile phones on the
market would be equipped with encryption capabilities to
facilitate M-commerce. It is interesting to note that people
are already seriously discussing virus attacks on hand-held
devices.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Need of very simple algorithms?
Date: Mon, 08 Jan 2001 10:25:02 +0100
[EMAIL PROTECTED] wrote:
>
> what ?!
> today every mechanical device is much more expensive than electronical device.
Almost true! I personally would like however to buy an
electronical bicycle (that sells at a lower price than a
mechanical one according to this trend).
M. K. Shen
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Need of very simple algorithms?
Date: Mon, 8 Jan 2001 09:27:41 -0000
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> "r.e.s." wrote:
> >
> [snip]
> >
> > A "handy" is a kind of mobile phone?
> >
> > SMS mean "Short Message Service" for
> > messages of 1120 bits max?
>
> Marc has kindly pointed out that 'handy' is the German word
> for mobile phone. (Apology for the confusion, though I am
> surprised, since I guessed that there should be a rather
> short English shorthand like many other terms in computing
> and that word seemed to be a quite natural candidate).
I am very confident that AES can be implemented in mobile phones since this
is an area where I have done work for several companies.
The issue here is political rather than technical since many governments
(for example the one we have here in the UK at the moment) want the
algorithms used in such equipment to be weak. In consequence they work hard
in standards bodies such as ETSI (the European Telecommunications Standards
Institute) to ensure that good cryptographic algorithms are NOT deployed.
But some companies are now breaking away from this process so we may see AES
coming into use in the future.
But the 'telecoms layer' is so penetrated by government snooping that no-one
should ever rely on this for security - 'end to end' encryption is vital for
just this reason. And this is why some governments (e.g. the UK with RIPA)
are now adopting laws that attempt to provide access to end user keys.
Brian Gladman
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: xor'd text file - Cryptanalyis of Simple Aperiodic Substitution
Date: Mon, 08 Jan 2001 10:41:01 +0100
John Savard wrote:
>
> "Paul Pires" <[EMAIL PROTECTED]>wrote:
>
> >What's wrong with a good stream cipher based on a
> >cryptographically secure PRNG, used in the proper way
> >That is different from block ciphers under the same
> >assumptions?
>
> One weakness that remains, with even the one-time-pad, let alone a
> secure PRNG, is that if an active attacker happens to _know_ one
> particular plaintext, a bit-flipping attack, in which inverting
> selected bits of the ciphertext results in inverting exactly the same
> bits of the plaintext allows the attacker to alter the plaintext
> despite not having broken the cipher, is possible.
>
> So this needs to be remembered, and authentication needs to be used.
The ideal would thus seem to be having a large block
encryption processing (the maximum is the entire message)
and with the key (the parameters that control) changed with
each message.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Need of very simple algorithms?
Date: Mon, 08 Jan 2001 10:57:13 +0100
Brian Gladman wrote:
>
> I am very confident that AES can be implemented in mobile phones since this
> is an area where I have done work for several companies.
>
> The issue here is political rather than technical since many governments
> (for example the one we have here in the UK at the moment) want the
> algorithms used in such equipment to be weak. In consequence they work hard
> in standards bodies such as ETSI (the European Telecommunications Standards
> Institute) to ensure that good cryptographic algorithms are NOT deployed.
>
> But some companies are now breaking away from this process so we may see AES
> coming into use in the future.
>
> But the 'telecoms layer' is so penetrated by government snooping that no-one
> should ever rely on this for security - 'end to end' encryption is vital for
> just this reason. And this is why some governments (e.g. the UK with RIPA)
> are now adopting laws that attempt to provide access to end user keys.
In case one couldn't bypass the governments' influence on the
standards of mobile phones in matters of strong encryption,
there could really be a market for separate, sufficiently
cheap, even though not very fast, portable encryption devices
that implement AES, I suppose. And these could be manufactured
in e.g. Far East, if production in certain countries is also
negatively influenced by politics. Unless use of AES is
banned, they probably couldn't ban import of such devices.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
