Cryptography-Digest Digest #774, Volume #13 Fri, 2 Mar 01 02:13:00 EST
Contents:
Re: philosophical question? ("Douglas A. Gwyn")
Re: super-stong crypto, straw man phase 2 ("Douglas A. Gwyn")
Re: encryption and information theory (Benjamin Goldberg)
Re: "RSA vs. One-time-pad" or "the perfect enryption" ("Douglas A. Gwyn")
Re: Rabin's Unbreakable Code ("Douglas A. Gwyn")
Re: "RSA vs. One-time-pad" or "the perfect enryption" (David Wagner)
Re: Safe to use DSS key for DH? (David Wagner)
Re: => FBI easily cracks encryption ...? ("groj")
Re: => FBI easily cracks encryption ...? ("groj")
RSA Key Generation ("Mark Reed")
Re: RSA Key Generation ("Roger Schlafly")
Re: => FBI easily cracks encryption ...? (nemo outis)
Re: => FBI easily cracks encryption ...? (Nemo psj)
Re: Sad news, Dr. Claude Shannon died over the weekend. (wtshaw)
Re: Fractal encryption? (David A Molnar)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: philosophical question?
Date: Fri, 02 Mar 2001 03:33:00 GMT
"Joe H. Acker" wrote:
> but when I listen to white noise in my radio, it might not.
> Randomness itself does not convey any information, ...
It certainly does, it's just not information that has value to you.
It could well have value in other contexts.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: super-stong crypto, straw man phase 2
Date: Fri, 02 Mar 2001 03:41:10 GMT
William Hugh Murray wrote:
> "Douglas A. Gwyn" wrote:
> > William Hugh Murray wrote:
> > > In any case, most of us do not worry about keeping secrets from
> > > nation states for a long time.
> > Well, you should!
> I admit that I do like to confound authority.
Another point is that "super strong crypto" ought to mean that
*nobody* can come up with a practical attack; if you allow that
some "nation-state" can successfully attack a given system, then
that demonstrates that that system was not "super strong".
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: encryption and information theory
Date: Fri, 02 Mar 2001 03:42:26 GMT
Mxsmanic wrote:
>
> "John Savard" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
>
> > More precisely: if the message contains N bits of
> > information, and occupies M bits of bandwidth, and
> > the K is K bits long, the entropy of the encrypted
> > message is N+K bits, *or* M bits, whichever is less.
>
> The entropy can never be less than N+K, or the original plaintext
> message will be lost (because information has been permanently lost).
> Thus, M must always be equal to or greater than N+K, if the original
> message is ever to be recovered.
Oh? Suppose I have a message, which was 128 bits from a TRNG. Now I
encrypt with Rijndael, using a 128 bit blocksize, and 128 bit key, where
the key was also generated by a TRNG. Now I send that ciphertext. Are
you saying that the 128 bit ciphertext has 256 bits of entropy?
The way the apparent paradox probably can be resolved is through the
statement "Entropy that can be seen is not true entropy." If we, the
attacker, know both the plaintext and ciphertext, then both plaintext
and ciphertext have 0 entropy (because they've been seen by us).
If we have only the ciphertext, then the ciphertext has 0 entropy, but
the key and the message still have K and N bits of entropy.
The rather peculiar conclusions we get from the above paragraph (
M=N=0 -> K=0
M=0 -> N+K=0
) mean that we cannot do arithmatic with entropy in aconventional
manner.
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: "RSA vs. One-time-pad" or "the perfect enryption"
Date: Fri, 02 Mar 2001 04:06:06 GMT
Steve Meyer wrote:
> >It will be interesting to see your argument. I know of no
> >evidence that this was a factor. If you turn the question
> >around and ask, why did workers for government cryptologic
> >organizations get there first, an obvious answer would be:
> >They had more experience, more support, and more at stake.
> I do not think they did, i.e. only evidence seems to be popular
> book (see my rump talk).
Are we talking about the same thing -- the discovery of
nonsecret encryption (aka public-key encryption)? If so,
I assure you that there is considerable evidence that it
was independently invented by Ellis, Cocks, and Williamson,
well before the DH,RSA work. I'm pretty sure I read at
least one old IDA-CRD paper in this area, and the prior
invention is mentioned in a review of the public state of
the art in an internal Agency journal. None of this could
be mentioned in public until after GCHQ took the lid off.
http://www.ddj.com/articles/1998/9875/9875b/9875b.htm is a
reasonably accurate summary of all this.
> >Note that I've been arguing that P?=NP is not very important
> >in practical cryptology.
> If p==np, how can there be two way trap door functions?
Interpreting your question as I think it was meant, whether
or not one is able to *effectively* factor a large number of
a manageable size (to take an important example) has nothing
to do with the asymptotic properties of numbers approaching
infinity. People who thoroughly believe that P!=NP have
still made considerable progress in factoring large numbers.
If suddenly we had a nonconstructive proof that P=NP, their
work retains its value and is not aided by the new knowledge.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Rabin's Unbreakable Code
Date: Fri, 02 Mar 2001 04:11:44 GMT
Bob Harris wrote:
> I searched the web, and this newsgroup, but haven't been able to ...
It has been discussed for several days now in this newsgroup.
Check the past week or so, e.g. thread "The Key Vanishes".
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: "RSA vs. One-time-pad" or "the perfect enryption"
Date: 2 Mar 2001 04:25:57 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Douglas A. Gwyn wrote:
>I'm pretty sure I read at
>least one old IDA-CRD paper in this area, and the prior
>invention is mentioned in a review of the public state of
>the art in an internal Agency journal.
Interesting. Do you have any idea what the titles or
authors on those papers might be?
It might be interesting to try a FOIA on those to see
what we can get (with stuff damaging to national security
redacted, of course).
By the way, another nice (and more detailed) summary is at
http://rodin.cs.uh.edu/~klong/papers/OpenSecret.pdf
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Safe to use DSS key for DH?
Date: 2 Mar 2001 04:28:31 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Henrick Hellstr�m wrote:
>If you are free to choose the system parameters, you should probably choose
>a larger q than 160 bits. AFAIK the number 160 is totally arbitrary, and is
>solely determined by NIST's choice of hash function to use in conjunction
>with DSA. An alternative would be to use Maurer's algorithm and get a
>provable 1024 bit prime p and a provable 512 bit prime q, and use a 512 bit
>hash function to produce exponents whenever applicable. Maurer's algorithm
>is relatively slow of course, but you usually don't generate new primes on a
>regular basis.
Using a 512-bit subgroup doesn't provide the level of
security that you might think. In particular, 1024-bit
numbers can be factored with less than 2^256 work, so
the extra size of the subgroup isn't working entirely
to your benefit.
------------------------------
From: "groj" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Fri, 2 Mar 2001 17:46:10 +1300
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
As an extra thought check out this article.
http://www.netnow.co.nz/pcworld/pcw.nsf/53ab724372d86c6dcc2569a4007e4a
1/0c78366d7e860a6ecc2569f1000fc34b!OpenDocument&Highlight=2,snooping
It appears that under key-logging you would of course obtain any
message before it was encrypted.
One would presume that government computers at that level would all
be recorded as a matter of course??
Regardless the article does raise issues as to the "secrecy" of any
encryption program or method where the data is entered in raw format
via a keyboard and then encrypted on the same machine and sent.
Ideally you would have to type the message in ecrypted format. Or
perhaps use a palm-type machine to do the encryption and display the
characters to be typed.
G
- --
fingerprint
2F4B 8981 BA71 0F1F E8BC 1A05 D6AB 0B7B 8A26 6A49
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
iQA/AwUBOp58N9arC3uKJmpJEQJE/wCfX+K+U80LVpO44VJpd/nk7+/xDeIAn125
uwwIChR+ovnwoqQAWaiSordn
=maND
=====END PGP SIGNATURE=====
------------------------------
From: "groj" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Fri, 2 Mar 2001 17:48:58 +1300
sorry but you will have to cut and paste the address as it is long.
One product mentioned is KeyGhost
www.keyghost.com
------------------------------
From: "Mark Reed" <[EMAIL PROTECTED]>
Subject: RSA Key Generation
Date: Fri, 02 Mar 2001 05:28:30 GMT
Hi all !
This is my first post (though you might say I'm a long time listener), so
sorry if this has already been asked....
In RSA key generation, 2 primes are found by getting random data and setting
the most and least significant bits are set to ensure the prime length is
half the required modulus length and that it is odd. Then this is checked,
then the next candidate (say by adding two) until it is 'probably prime'
enough for use.
If only the top bit is set, the key length may be one less than required -
as an example for a 512 bit RSA key with
p = 0x80......
q = 0x80......
then
n = 0x40......
My question is whether this is common practice, or if generally the top two
bits of each prime
(guaranteeing n > 0x90......)
I suppose another possibility is that primes are generated until n is the
required bitlength.
Unless this method is used, isn't security compromised ? ie. n can be less
than the number of bits required or the top two bits of each prime are known
to be one.
Thanks in advance,
Mark.
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: RSA Key Generation
Date: Fri, 02 Mar 2001 05:38:47 GMT
"Mark Reed" <[EMAIL PROTECTED]> wrote in message
news:2cGn6.56062$[EMAIL PROTECTED]...
> My question is whether this is common practice, or if generally the top
two
> bits of each prime (guaranteeing n > 0x90......)
Both are common. Setting the top 2 bits is an easy way to guarantee that the
product has the right number of bits. But also generating a 1024-bit modulus
and really getting one that is 1023 bits is not a problem either.
------------------------------
Crossposted-To: alt.security.pgp,talk.politics.crypto
From: [EMAIL PROTECTED] (nemo outis)
Subject: Re: => FBI easily cracks encryption ...?
Date: Fri, 02 Mar 2001 05:59:04 GMT
The nice thing about keyghost (perhaps in a work environment) is that one can
move it to another machine and have it record irrelevant keystrokes and then
move it back to the original machine afterwards.
Regards,
In article <97n8qi$mka$[EMAIL PROTECTED]>, "groj" <[EMAIL PROTECTED]> wrote:
>sorry but you will have to cut and paste the address as it is long.
>
>One product mentioned is KeyGhost
>
> www.keyghost.com
>
>
>
>
------------------------------
From: [EMAIL PROTECTED] (Nemo psj)
Date: 02 Mar 2001 06:16:47 GMT
Subject: Re: => FBI easily cracks encryption ...?
Well what I was aying is that
1) If the procedure is undocumented
2) and is or has a different mathod of encoding and decoding other then a
password box
3) then it would be substantially harder for the FBI to crack the code.
Exspecially if the method was highly unconventional which if I were a spy..
Ithink i'd take certen and special care of how I protected my data. But then
again they say this guy was full of himself... but who isnt if your a secret
agent?
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Sad news, Dr. Claude Shannon died over the weekend.
Date: Fri, 02 Mar 2001 00:09:05 -0600
In article <QZvn6.5119$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In addition to Shannon and Newton, let's hear it for Maxwell.
Don't forget his demon.
As for Shannon, did I not beg for remembering something he said on the eve
of his death? The same plea is still topical regarding AES.
--
Better to pardon hundreds of guilty people than execute one
that is innocent.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Fractal encryption?
Date: 2 Mar 2001 06:01:07 GMT
John A. Malley <[EMAIL PROTECTED]> wrote:
> Chaos for Stream Cipher
> Authors: Ninan Sajeeth Philip, K. Babu Joseph
> Comments: 8 pages 6 figures
> Subj-class: Cryptography and Security
I hadn't realized that the LANL site had papers on crypto. One more site to
monitor.
Besides eprint.iacr.org, what other preprint archives/sites are there worth
looking at in cryptography?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
