Cryptography-Digest Digest #591, Volume #13 Tue, 30 Jan 01 10:13:01 EST
Contents:
Re: A Password Protocol (John Savard)
Re: Why Microsoft's Product Activation Stinks (wtshaw)
Re: Windows encryption: API and file system (wtshaw)
Re: Security of Centrinity's FirstClass Product ([EMAIL PROTECTED])
Re: random number generators. Can someone help? (Mok-Kong Shen)
Re: On combining permutations and substitutions in encryption (Mok-Kong Shen)
Re: fast signing (Paul Rubin)
test ([EMAIL PROTECTED])
Re: Dynamic Transposition Revisited (long) (Rob Warnock)
Re: Dynamic Transposition Revisited (long) (Rob Warnock)
News: Szopa Goes E-Postal. Plus, I.T. Industry faces FUD Clean Up? (Lord Running
Clam)
Re: fast signing (Mehdi-Laurent Akkar)
Re: test (Mehdi-Laurent Akkar)
Re: fast signing (Bob Silverman)
Re: Primality Test (Bob Silverman)
Re: Primality Test (Bob Silverman)
Re: cryptographic tourism in Russia ("Rodney Perkins")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: A Password Protocol
Date: Tue, 30 Jan 2001 07:01:07 GMT
On Tue, 30 Jan 2001 03:38:51 GMT, Benjamin Goldberg
<[EMAIL PROTECTED]> wrote, in part:
>Given the scenario requirements, it seems quite obvious that the best
>thing to be using is Kerberos. Do a google search, and you'll get lots
>of decent descriptions.
Actually, you'll find one on my web site.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Tue, 30 Jan 2001 00:45:27 -0600
In article <[EMAIL PROTECTED]>, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote:
>
> Bill Gates is worth nearly a hundred billion dollars and you can say
> things are not settled yet.
>
> Ha ha ha.
Court cases...
--
Some people say what they think will impress you, but ultimately
do as they please. If their past shows this, don't expect a change.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Windows encryption: API and file system
Date: Tue, 30 Jan 2001 00:43:26 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> NT is not a problem if the alternative is Windows9x! ... and the
> original poster did ask about *Windows* encryption.
>
Neither is acceptable.
--
Some people say what they think will impress you, but ultimately
do as they please. If their past shows this, don't expect a change.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Security of Centrinity's FirstClass Product
Date: Tue, 30 Jan 2001 07:36:37 GMT
Thanks guys... I think I get a better idea now
GW
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: random number generators. Can someone help?
Date: Tue, 30 Jan 2001 10:31:47 +0100
[EMAIL PROTECTED] wrote:
>
> Sorry to bother. I don't know if there is a more appropriate NG for my
> question or not. I was wondering if there is a web-site that will allow
> you to program simple random # routines without actually
> programming/without having to do any downloading, out there? I figure
> someone must have thought of this idea, before me, and since most people
> are less lazy, and have more resources available, I would guess that
> someone has done it. If there isn't now was there ever one? Is there a
> better NG (or elist, etc.)for me to be asking this qwuestion @?
With the least effort: Your programming language or the
operating system normally has a PRNG ready. If you are
in a scientific computing environment: There are PRNGs
in numerical libraries, e.g. NAG, IMSL, that you can
include and use in your programs. Otherwise, for code:
Press et al., Numerical Recipes; for theory: Knuth,
The Art of Computer Programming, Vol.2. For testing
of random numbers: http://csrc.nist.gov/rng/ The NG is:
sci.crypt.random-numbers.
M. K. Shen
========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On combining permutations and substitutions in encryption
Date: Tue, 30 Jan 2001 11:24:12 +0100
Terry Ritter wrote:
>
[snip]
> Since some RNG information is hidden by the advanced combiner, the
> issue of whether *all* relevant information can be hidden is more than
> some vain hope; it is a reasonable question. A positive example would
> indeed be "absolutely" unbreakable for attacks from the ciphertext
> channel, but not necessarily unbreakable for unlimited computation.
> This is not weird science.
>
> An RNG is only predictable when we know enough about it. While we
> cannot expect to create unpredictability by computation, we might well
> hope to achieve the inability to exploit the predictability we know is
> there.
>
> I am unaware of any proofs in cryptography which would prevent one
> from achieving a complete information hiding in a combiner or a
> sequence or array of combiners.
>
> I am unaware of any proofs in cryptography which would prevent one
> from achieving a known extent of information hiding, so that the
> combiner or RNG could be re-keyed before sufficient information was
> available for solution.
>
> Claiming that an RNG cipher simply cannot ultimately be secure as a
> fact is just unscientific.
One can let a PRNG be parametrized, i.e. its structure
in a given instance is dependent on some 'key', and one
can also have feedback from the encryption process to
dynamically influence the PRNG. (I consider combining
PRNGs and all kinds of post-processing to belong to
one single PRNG from the viewpoint of the user.) One can
thus make the stuff very difficult for the opponent to
tackle. But it is my humble opinion that a strict formal
study of such systems (which run faster than the few
'provably secure' PRNGs) to be practically infeasible,
much in the same way that one can't strict formally prove
the security of an airplane in practice.
As I said, appropriate use of the PRNG output can reduce
the predictability because of 'indirectness' (no direct
exposure of its output values). However, I see no way of
binding this difficult to quantify concept into a decent mathematical
treatment.
Frequent change of seeds ('key' of PRNG) do mitigate
the risks in general. (This applies also to the common
block ciphers and defeat certain their potential attacks.)
M. K. Shen
===========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: fast signing
Date: 30 Jan 2001 03:17:34 -0800
"Joseph Ashwood" <[EMAIL PROTECTED]> writes:
> I've got a question for some of the other people. What is the fastest secure
> signing algorithm? Right now I'm using DSA (openssl) but I'd like to get it
> up around 20 times faster. Any ideas?
You can do DSA with precomputation extremely fast. What is the
application?
------------------------------
From: [EMAIL PROTECTED]
Subject: test
Date: Tue, 30 Jan 2001 11:44:22 GMT
hi
we only wanted to test our deja.com access
when you have some help for us, please send an Email to
[EMAIL PROTECTED]
Thanks
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (Rob Warnock)
Subject: Re: Dynamic Transposition Revisited (long)
Date: 30 Jan 2001 12:24:29 GMT
John Savard <[EMAIL PROTECTED]> wrote:
+---------------
| [EMAIL PROTECTED] (Rob Warnock) wrote:
| >One version that seems useful/applicable for Ritter's DT is the scheme
| >used in the "21b/24b" code used in the HIPPI-Serial standard. One bit
| >of each codeword says whether the remaining bits of that codeword are to
| >be inverted or not before being sent...
+---------------
But later in that same message I proposed a different method,
"partitioned polarity inversion" (PPI), which is better IMHO
for fixed-sized blocks which are to be *completely* balanced.
+---------------
| Incidentally, this coding has some interesting properties. Because the
| bit that indicates if a block is inverted or not has to be counted in
| the bit-balance of the output,
+---------------
True, and in the PPI versions, the count field has to be included
in the balance, too. That's why I suggested that PPI have both a
count and a pad field, so that the pad field can be used to balance
the count field.
+---------------
| a) An input string that is heavy in 1s produces smaller variations in
| bit-balance than one that is similarly heavy in 0s; and
+---------------
In the PPI variant, 1's-heavy, 0's-heavy and 1010...-style inputs
will all have inversion points (counts) near the middle. It's inputs
that have isolated bunches of 1's or 0's at either side of the input
word that cause the most-skewed inversion points.
+---------------
| b) If one has a completely balanced input string, it is necessary (or
| at least natural) to invert alternating blocks to maintain balance.
+---------------
And the HIPPI-Serial standard requires that, actually. But it's not
to "maintain balance" -- since if one has a completely balanced input
string, well, one has a completely balanced input string! -- but to
provide a guaranteed bit transition at frame edges for preserving
clocking and frame synchronization.
But in the case of DT, such an artificial alternation is unnecessary
and should be avoided. It would cause difficulty in undoing the PPI
pre-coding (during decryption) if the count field were to be inverted.
-Rob
=====
Rob Warnock, 31-2-510 [EMAIL PROTECTED]
SGI Network Engineering http://reality.sgi.com/rpw3/
1600 Amphitheatre Pkwy. Phone: 650-933-1673
Mountain View, CA 94043 PP-ASEL-IA
------------------------------
From: [EMAIL PROTECTED] (Rob Warnock)
Subject: Re: Dynamic Transposition Revisited (long)
Date: 30 Jan 2001 12:34:44 GMT
John Savard <[EMAIL PROTECTED]> wrote:
+---------------
| <[EMAIL PROTECTED]> wrote, in part:
| >Would you kindly explain what HIPPI is and why one needs
| >balancing there? Thanks.
|
| Many forms of modulating data for transmission, or for recording on
| magnetic media, remove or minimize the DC component to allow the
| circuitry required to be simpler, as DC components of electrical
| signals present difficulties.
+---------------
Exactly so. But removing the D.C. component creates its own problems,
such as the so-called "baseline drift" that occurs when the D.C. component
is removed with a simple series capacitor. Balancing the input avoids
this baseline drift, and keeps the average signal voltage close to the
mid-point between the peak "1" & "0" values, which makes the eventual
conversion back to D.C. levels less error-prone.
But we're drifting off-topic, I fear...
-Rob
=====
Rob Warnock, 31-2-510 [EMAIL PROTECTED]
SGI Network Engineering http://reality.sgi.com/rpw3/
1600 Amphitheatre Pkwy. Phone: 650-933-1673
Mountain View, CA 94043 PP-ASEL-IA
------------------------------
Date: Tue, 30 Jan 2001 07:14:48 -0600
From: Lord Running Clam <Use-Author-Address-Header@[127.1]>
Subject: News: Szopa Goes E-Postal. Plus, I.T. Industry faces FUD Clean Up?
Crossposted-To: talk.politics.crypto
=====BEGIN PGP SIGNED MESSAGE=====
[DISCLAIMER: Use of the phrase, "Trust No One" may be made within this
report. Such use in no way implies consent or approval
from the Memetic Patent holder, Mr. Chris Carter.]
* * *
Szopa Goes E-Postal.
Unfortunately, Anthony didn't post the entire contents of his email
archives. This renders my fun "Subject: " a little inaccurate - but the
partial public backup may provide a great data source for the angry mob.
(More on that mob later in this bulletin).
Anyway, the point of using a 'spoof' news report heading should not be
diminished. Those outwith these groups would see nothing but the
infotainment, a story of big, bad, M$ stealing from the little guy.
As per usual, the media will turn a blind eye whilst Snake-Oil Software
Inc. continues to lift gold fillings out of the mouths of those
standing, slack-jawed, and drooling, over the latest advert for . . .
"M$ . . . The Biggest Humbug you ever done saw!"
In fact, there are vast areas of the I.T. industry where Snake-Oil
Salesmen can be found plying their trade. After all, It's the World's
Wild Web out there folks! Just like frontiers of old, gaudily painted
wagons proclaim their warez; and all too often the salesman even buys
the line of Bill's-$$$$ he is selling.
What is even more ridiculous than this is the area where it started.
Encryption. Encryption for security. Encryption for protection.
Protection from 'bad-boy' hackers. Protection of software licensing
costs by allegedly preventing copying. Protection of monopolies aimed
at exploiting music artists.
What a crock! The media will lap up the 'superscience' which they can't
explain, it will be served up in scary - but digestible - form to an
unsuspecting public on the evening news.
And Snake-Oil Software Inc. will have a shiny, new, advert in the comical
break saying . . .
"M$ . . . The Biggest Humbug you ever done saw!"
All this over one little guy.
Awwww! They should give him lots and lots of M$ Money.
After all, he's just helping them sell . . . (That's Right Folks! Don't
Touch That Dial!) . . .
"M$ . . . The Biggest Humbug you ever done saw!"
[ At this point, I would like to add that the little guy in question
might care to get his running shoes on; not to get away from this
"Lord Running Clam" character, but from the folks supporting
campaigns such as the "Boycott Intel - Big Brother Inside" campaign.
I certainly wouldn't want to lay any claim to distasteful, privacy
invading technologies such as this. ]
Now, shall I invite them to a Tarrin'N'Featherin' Party Mr. Szopa?
It might be a little interesting if I flame you after that. <g> ]
* * *
[Meanwhile in another dimension . . .]
I.T. Industry faces FUD Clean Up?
The latest 'hot news' in the I.T. sector was the unveiling of Senator
Bob N. Alice's draft legislation. Legislation that proposes an
independent body checking the competence of those responsible for
protecting data collected online.
In a magnanimous mood, the Senator gave us the following quote; "I am
delighted with the draft legislation. It serves notice to the
Snake-Oil's of I.T. that their days are numbered. We simply cannot
tolerate incompetence where the privacy rights of our citizens are
at stake."
"Splutter! Cough!" A Snake-Oil Software Inc. spokesman was quoted as
saying, "Our staff are indoctrinated to the highest possible standards.
Trust Us. Please."
When asked if the CEO, Mr. Lizard King, would provide comments on the
allegation that he offered full access to the SOS databases in exchange
for the right to continue running the SOS Inc. cartel, their spokesman
declined to comment.
One security analyst, who refused to be named, stated, "It would be
foolish to discount such rumours. For the intelligence organisations
this would be the Jewel in the Crown, with regards to the Malodorous
programme."
We sought comment from nervous-looking I.T. managers as they returned
from extended lunch breaks in the City. Most played down rumours that
they could soon be joining the rank and file unemployed as a result of
this legislation.
One I.T. CEO stated, "I feel secure in my position. What? Yes, I *am*
qualified".
Following checks by our research team, we later contacted the company's
press office. The CEO was, at that time, unavailable for comment when it
was highlighted that his diploma in home economics had little or no
relevance in I.T.
In other news, the world's last remaining Superpower continues to wrestle
with the illegal cartel being operated by Snake-Oil Software Inc.
Progress proves incredibly slow and is prompting widespread discontent
within the I.T. sector.
More on this breaking story, if and when it happens.
LRC.
- --
The Bigger the humbug, the better people will like it.
~ Phineas Taylor Barnum.
We now return viewers from sci.crypt to your regularly scheduled
de-programming. [Follow-ups set to t.p.c.]
Coming up next our weekly show, "Music To Decrypt By".
Including such great hits as, "We all need an S. Boxx to learn from."
=====BEGIN PGP SIGNATURE=====
Version: N/A
iQEVAwUBOnX18oer+ijnZohVAQGC/Qf+NptQmy9rXufW+Xyp8zYYZ+rNVNOWWWVZ
ZpIP/h5L8eqzBqoGUw8YqKN0PqLKSvecOF1A/AIs2coD+N3NOmCDmT+bv/42DmSc
hDiNTC5uidfpO5w7CPx5b/jxcMfVHpwz7JgQq3wXNjhyIjyE6fopeKIDIuixuM2L
fF62/Ow9HgcWT6YF8HWFxTZI+6eU3qqZ4Qy/JfB1OjFVBPEFHt46JVaZL9mF5z+J
X6BNV6VG8rQvh/Au/QYHpXjAV2j7Xrqx6XtdGnuxP71C8vYj6T49e0RR6jFIDSHY
/6wwGUsuRnyYBQXiyALlNkU+AXTSsY9U/n1D7jiEzKF1s9KObWYnFQ==
=U1co
=====END PGP SIGNATURE=====
------------------------------
From: Mehdi-Laurent Akkar <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: fast signing
Date: Tue, 30 Jan 2001 14:11:37 GMT
Take a look at the Patarin's scheme: flash, sflash, quartz
MLA
> > I've got a question for some of the other people. What is the fastest secure
> > signing algorithm? Right now I'm using DSA (openssl) but I'd like to get it
> > up around 20 times faster. Any ideas?
------------------------------
From: Mehdi-Laurent Akkar <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: test
Date: Tue, 30 Jan 2001 14:12:12 GMT
A "eraze message" command exists ;-)
[EMAIL PROTECTED] a �crit :
> hi
>
> we only wanted to test our deja.com access
>
> when you have some help for us, please send an Email to
> [EMAIL PROTECTED]
>
> Thanks
>
> Sent via Deja.com
> http://www.deja.com/
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: fast signing
Date: Tue, 30 Jan 2001 14:35:23 GMT
In article <O9buH8niAHA.338@cpmsnbbsa09>,
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
> I've got a question for some of the other people. What is the fastest
secure
> signing algorithm?
There isn't one.
(1) "secure signing algorithm" is meaningless drivel unless you
quantify what it means to be secure.
Note that RSA with e = 3 takes only 2 modular multiplies. DSA
will be slower.
(of course signature verification is lengthy)
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Primality Test
Date: Tue, 30 Jan 2001 14:37:45 GMT
In article <8I%c6.3988$[EMAIL PROTECTED]>,
"Adam Smith" <[EMAIL PROTECTED]> wrote:
> Once again, this is for generating RSA keys...if all of my posts here
are
> getting annoying or are out-of-place, please say something....
>
> I'm not having trouble generating random numbers with 150-200 digits,
my
> problem comes in testing to see if they're random...I'm using an
> implementation of the Rabin-Miller primality test with even only one
round
This should only take a few milliseconds, at most.
> (if true then probability that the number is composite is < .25^
(number of
> rounds))
Actually it is a LOT smaller than (1/4)^n.
> but it's taking an extremely long time to test
I suggest that a bug exists.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Primality Test
Date: Tue, 30 Jan 2001 14:41:53 GMT
In article <fKmd6.3197$[EMAIL PROTECTED]>,
"Matthew J. Ricciardi" <[EMAIL PROTECTED]> wrote:
> The source code for the computation currently reads as follows:
>
> z = 1;
>
> for(int x = 1; x <= m; x++)
> {
> z *= a;
> z = (z % p);
> }
>
> As was suggested by Timmermans, I am performing the modular reduction
after
> each multiplication to avoid inordinately large numbers. However, the
> algorithm still involves performing m multiplications.
READ Knuth Vol 2, the section on "exponentiation".
You can do it very easily on average in 3/2 log m, instead of m
multiplications.
Why do people always rush to write code BEFORE doing the proper
background reading????
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "Rodney Perkins" <[EMAIL PROTECTED]>
Subject: Re: cryptographic tourism in Russia
Date: Tue, 30 Jan 2001 15:02:16 -0000
>"NSA"? GOST is "GOsudarstvennyj STandart" (State Standard), and its
>anologue in the U.S. would be ANSI, not NSA.
And they have a website: http://www.gost.ru/sls/gost.nsf
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
