Cryptography-Digest Digest #811, Volume #13 Mon, 5 Mar 01 20:13:01 EST
Contents:
Re: Monty Hall problem (was Re: philosophical question?) (Virgil)
Re: passphrase question (Benjamin Goldberg)
Re: Monty Hall problem (was Re: philosophical question?) (Shawn Willden)
Re: => FBI easily cracks encryption ...? ("Open FleshWound")
Re: => FBI easily cracks encryption ...? (Free-man)
Re: The Foolish Dozen or so in This News Group (Eric Lee Green)
Re: passphrase question (Paul Rubin)
Re: Monty Hall problem (was Re: philosophical question?) ("Mxsmanic")
Re: Monty Hall problem (was Re: philosophical question?) ("Mxsmanic")
Re: passphrase question ("Mxsmanic")
Re: Test vectors for 3DES with OFB or CFB ("Scott Fluhrer")
Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily crack (Shawn
Willden)
Re: passphrase question ("Mxsmanic")
----------------------------------------------------------------------------
From: Virgil <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: Mon, 05 Mar 2001 16:15:15 -0700
In article <980nk6$aor$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Arturo Magidin) wrote:
> >Indeed. In the standard Monty Hall problem, the standard answer
> >requires all of these assumptions:
> >
> >1. The car is more valuable than the goats.
> >2. The car was equally likely to be behind any of the 3 doors.
> >3. After I pick a door, Monty always opens another door and shows me a
> >goat.
> >4. In case I picked the door with the car, Monty is equally likely to
> >open either one of the other two doors.
> >
I think that assumption 4 is unnecessary. If you have already picked the
door hiding the car, it is irrelevant which of the other doors Monty
picks, it is only necessary that he pick one of them.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: passphrase question
Date: Mon, 05 Mar 2001 23:15:13 GMT
Mxsmanic wrote:
>
> "Tom McCune" <[EMAIL PROTECTED]> wrote in message
> news:yfTo6.218982$[EMAIL PROTECTED]...
>
> > I can't buy that.
>
> Well, it's your security, not mine. I'm more paranoid than you, I
> guess.
>
> > There is no way for my opponent to know whether
> > or not I repeat characters, or have numbers, or
> > have letters, etc., in my passphrase.
>
> Maybe.
>
> But the fact is, if you are systematically repeating characters, you
> may as well just stick with a six-character password, instead.
But you forget that the number of repetitions is also part of the
password. So it's not, how much entropy is in ".a$fD5", it's how much
entropy is in {".a$fD5",7,10,11,11,7,4}. Going with the assumptions
made by alphabeta, each of the integers can be in the range 1-16, and
contains 4 bits of entropy. 6 integers is 24 bits of entropy. A truly
random 6 character string might also contain 6 bits of entropy per
character, so that's another 36 bits of entropy. So the whole method
produces 60 bits of entropy.
Of course, there is the exact same amount of entropy in {".a$fD5",7,10,
11,11,7,4} as there is in ".a$fD5 7 10 11 11 7 4" which is easier to
type.
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
From: Shawn Willden <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: Mon, 05 Mar 2001 16:39:46 -0700
"Joe H. Acker" wrote:
> Interestingly, this can be tested empirically. All you need is a good
> TRNG based on radioactive-decay and a function that takes input from the
> TRNG to produce an unbiased random number in an integer range.
You don't need a TRNG, or even an unpredictable RNG. You just need an RNG with
relatively good statistical properties.
> Then you write a program that randomly assigns the car to an element of an
> array
> [1..3], makes a random choice c for one element of the array and
> implement Monty's algorithm: take the two remaining elements, if one of
> them is the car, mark the other as "opened", otherwise you're free to
> randomly mark any of the remaining two elements as "opened". Then, make
> two iterated test runs, one time always staying with the first element
> c, another run always changing to the remaining element that is not the
> first c and not marked as "opened".
That describes an implementation that is much more complex than necessary. No
arrays are necessary, just select a random number in the range 0-2 as the
location of the car, then select a random number in the range 0-2 as the choice
of the contestant. If the two are the same, then you can randomly choose one of
the other two values as Monty's choice if you like, but there's no need because
Monty's choice doesn't change the outcome. If the car location and the
contestant's choice are different, then Monty's choice is fixed and again has no
effect on the outcome.
> If I'm wrong, the first iterated run should create a 33% and the second
> run a 66% winning rate. If I'm right, both runs should return the same
> result of 50%.
>
> Any volunters?
Sure. The code below produced the following output:
Switch won: 66599 times.
Stay won: 33400 times.
===================================================
java.util.Random r = new java.util.Random();
int winWithSwitch = 0, winWithStay = 0;
for (int i = 1; i < 100000; ++i)
{
int carPos = r.nextInt(3);
int choice = r.nextInt(3);
if (carPos == choice)
// Contestant guessed right. Monty opens either of the other doors.
// If the contestant switches, he loses; if he stays, he wins.
winWithStay++;
else
// Contestant guessed wrong. Monty chooses the goat door.
// If the contestant switches, he wins; if he stays, he loses.
winWithSwitch++;
}
System.out.println("Switch won: " + winWithSwitch + " times.");
System.out.println("Stay won: " + winWithStay + " times.");
------------------------------
From: "Open FleshWound" <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.libertarian,alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Mon, 5 Mar 2001 17:19:42 -0700
"William Hugh Murray" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> kroesjnov wrote:
>
> > > > Could not agree more with you.
> > > > Although I am not an American, I would not mind, if the BVD (Dutch
> > National
> > > > Intellegence service) would have this abillity.
> > > > I think they (Like any other country`s national intellegence service)
> > should
> > > > try their very best, to make this possible...
> > >
> > > Were you in Holland when the Nazi's invaded and took over all the police
> > > records?
> >
> > (Well this is going to be a touchy discussion...)
> >
> > Nope, I was not there.
> > I am only 19 years old.
> >
> > I think this is slightly off the topic, but I will run with it any way:
> >
> > I assume you are refering to the fact, that the Dutch administration (and
> > with that, the National Intellegence agency) on people was to good organized
> > (Thinks like race and religion where also archieved, so that the Nazi`s had
> > a very easy job, finding out who was off jewish origin).
>
> I attended a privacy conference in Europe in the early 70's. I remember that
> the Surete' knew who slept in every bed in France every night. The Europeans
> were busy passing privacy legislation to protect the citizens from one another
> while the police were busy building dossiers on their citizens, just doing what
> bureaucrats do. The delegates to the conference seemed to see no connection
> between these things. The exception were the Dutch. They remembered the
> invasion and the use of records kept for one reasonably benign purpose being
> used by "legitimate" authority for another. A generation earlier the French
> were killing one another in retribution for cooperating with the legitimate
> authorities. Months before that, the legitimate government authority was
> chasing down and killing the resistance, not to mention men, women, and children
> of the illegal religion. A generation ago the citizens of East Germany were
> cooperating with the legitimate authority to keep records on one another's
> personal lives.
>
> > If you want my opinion on this:
>
> Not particularly. The young are almost universally on the side of what they
> believe to be that of "truth and justice;" it is part of your beauty. Those of
> us who have been around a few generations understand that it is easier to be on
> the side of truth and justice than it is to know where that side is.
>
> > This was wrong afcourse, and so history has
> > teached us (The hard way).
>
> If history teaches us anything, it is that her lessons are not persistent. The
> newest generation often forgets them and is forced to recapitulate them.
>
> > Yet I do not see the connection to the ability off a Secret Service being
> > abble to crack an encrypted message (With effort afcourse), So that
> > Terrorist could be intercepted, who are going to bomb some building in The
> > Netherlands, or any other Country in the World.
>
> The connection is subtle. What concerns us is that government is a big and
> clumsy tool. It is difficult to control under the best of circumstances. One
> man's terrorist is another's freedom fighter. It is necessary to order but not
> necessarily orderly. It is difficult to tell, much less preserve, the
> difference between the legitimate authority of government and tyranny. The
> governed cannot always recognize it from the outside and the governing seem to
> have an even greater difficulty seeing it from the inside. They become confused
> between their doing what is legitimate and that what they are doing is
> legitimate.
>
> > Did I assume wrong, on what you are referring to? Or do I just missed the
> > point you were trying to make?
>
> If you had been there, the point would have been obvious. Because you were not,
> it was poorly made.
>
> > Please be patience with me, I may be slow off understanding...
>
> You may trust that we will be patient with you. It is usually the young who
> lose patience first.
>
> > "Wisdom lies not in obtaining knowledge, but in using it in the right
> > way".....
>
> ....and in the ability to recognize the right way in a novel situation.
>
> While the young tend to believe that the world has always been as they found it,
> it is in the nature of being young that all situations are novel. The study of
> history can help. History are the stories we tell ourselves about who we are
> and we got to be this way.
>
> >
> >
> > kroesjnov
> > email: [EMAIL PROTECTED] (remove nov to reply)
> > UIN: 67346792
> > pgp fingerprint: 4251 4350 4242 7764 80DA DB1C E2B2 850A DF15 4D85
>
> William Hugh Murray
Very well put William, one of the most reasoned and well worded responses
ever posted to USENET ....
------------------------------
From: [EMAIL PROTECTED] (Free-man)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Tue, 06 Mar 2001 00:25:52 GMT
On 5 Mar 2001 20:13:54 -0000, [EMAIL PROTECTED]
(Fogbottom) wrote:
>In article <[EMAIL PROTECTED]>
>[EMAIL PROTECTED] (Free-man) wrote:
>
>> In my country (US), there are more government goons kicking
>down doors
>> and invading homes than there were in Nazi Germany.
>
>You don't know much about history, do you?
>Statements like that simply make most people laugh at you.
I understand what you are saying. However, there are military-style,
anti-drug police squads attacking people in every city and town across
the US. There are thousands and thousands of these para-military
squads that specialize in useing Gestapo tactics against their
victims. As a point of reference, twenty years ago, their were
practically none of these goons in the US. When I say that 99% of
all armed home invasions in the US are being committed by the police,
maybe that is an exaggeration. Maybe it is only 98.5%. :)
>So buy a ranch in Montana and declare yourself an independent
>country.
Great idea. In fact, the right of secession was fundamental in the
creation of the US, but, the current tyrants do not respect basic
rights.
Rich Eramian aka freeman at shore dot net
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Crossposted-To: alt.hacker
Subject: Re: The Foolish Dozen or so in This News Group
Reply-To: [EMAIL PROTECTED]
Date: 5 Mar 2001 18:36:30 -0600
On Mon, 05 Mar 2001 14:35:48 -0700, Shawn Willden <[EMAIL PROTECTED]> wrote:
>Benjamin Goldberg wrote:
>
>> Personally, I think that the kind of functionality that Szopa wants his
>> OverWrite to have ought to be built into the OS.
>>
>> You would pass a file descriptor, an offset, and a length, and viola, it
>> would be wiped.
>
>...assuming the hardware (the controller or the drive itself) didn't have
>some sort of write buffering. I know that SCSI cards and HDDs all have read
>caches these days, do any of them implement write caching as well?
I know that the ICP-Vortex SCSI RAID controllers do write caching, if
you turn it on. Write caching at the SCSI controller level has some
rather obvious pitfalls because the SCSI controller is not
filesystem-aware. This means that data could be written to disk in a
manner that leaves the filesystem (on disk) inconsistent. However,
this is not of great concern if you have a UPS and thus will do an
orderly shutdown upon power failure, and write caching does speed
performance greatly -- with old Seagate Barracuda 9gb drives I was
getting 28mb/sec thruput with the ICP RAID controller with write
caching turned on (had 2mb of write cache, was writing 1gb of
streaming data to a 5-way RAID5 striped set distributed across two
SCSI channels on a 4-channel card).
SCSI hard drives do some minimal write caching. The SCSI standard
allows write operations to return prior to the data actually being
written to media. If the write fails, the next SCSI operation actually
returns a "delayed error". Operating systems are required to be able
to handle this (and it's a PITA). I'm mostly a tape drive guy, and
it's just as hairy there -- basically, the tape drive's buffer size
detirmines how many blocks have been written to the tape drive but not
yet written to tape. It is possible to turn off the tape drive
buffer. It is also possible to force the tape drive to flush its
buffers. This requires SCSI-level programming in most cases, and makes
performance suck. However, if you want a safe overwrite, it is quite
possible by using raw SCSI commands. Of course, the problem with hard
drives is figuring out where the sectors are located that you wish
to overwrite with raw SCSI commands... this requires the ability to grok
filesystems, and is not easy.
--
Eric Lee Green [EMAIL PROTECTED] http://www.badtux.org
AVOID EVIDENCE ELIMINATOR -- for details, see
http://badtux.org/eric/editorial/scumbags.html
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: passphrase question
Date: 05 Mar 2001 16:50:28 -0800
"Paul Pires" <[EMAIL PROTECTED]> writes:
> > I can't buy that. There is no way for my opponent to know whether or not I
> > repeat characters, or have numbers, or have letters, etc., in my passphrase.
>
> Ehr... I think you just told everybody.
>
> This is the problem with password selection schemes and passwords
> in general. If it is any good, a hacker will just add it to their dictionary
> search routine reducing the needed "find" to the unique aspects.
> If you tell, you can't use. I have a much easier and much better way.
>
> No, I won't tell you.
I use a simple and automatic way to generating passphrases that are
very hard to guess. Unfortunately they can also be hard to remember ;-)
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: Tue, 06 Mar 2001 00:51:56 GMT
"Fred Galvin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Specifically, I was pointing out error in stating
> "The only thing that matters is that he always
> eliminates a door that conceals a goat." It does
> matter that, if I pick the car door, Monty chooses
> randomly between the two goat doors.
No, it does not, unless he tells you why he is choosing one door or
another. And if he is telling you that, he may as well tell you which
door hides the car. So your point, while partially valid, is not
particularly relevant to the discussion.
> As for your truth table, note that a line of
> your table does not completely specify an outcome:
> there should be another column indicating which
> door Monty opened.
No such lines are necessary, because the results are the same, and the
probabilities of him opening one door or the other always add up to
100%.
> In order to draw your conclusions about probabilities,
> you must be assuming that the lines of your table
> are equally likely outcomes.
They are, under the definition of the problem.
> In particular, then, you are assuming that the
> player is equally likely to pick any of the three
> doors. There is no justification for such an
> assumption; it's not part of the problem, and
> was probably false in the actual tv game.
In the absence of a reason to believe that he would _not_ be equally
likely to pick any of the three doors, there is no reason to assume that
he would not.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: Tue, 06 Mar 2001 00:55:11 GMT
"Joe H. Acker" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Interestingly, this can be tested empirically. All
> you need is a good TRNG based on radioactive-decay
> and a function that takes input from the TRNG to
> produce an unbiased random number in an integer range.
I've done it, with a standard PRNG. The empirical results still say
that you should switch doors; you double your chances of winning that
way.
> If I'm wrong, the first iterated run should create
> a 33% and the second run a 66% winning rate.
In my tests, it did.
> Any volunters? (I don't have a TRNG...)
It doesn't have to be a TRNG; a PRNG will do.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: passphrase question
Date: Tue, 06 Mar 2001 00:58:42 GMT
"JPeschel" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> A passphrase chosen using "Nobody's" formulation
> isn't secure, but it will survive an opponent's
> attack for a longer time than would a six-character
> password.
Not if the attacker knows the pattern for generating passphrases, and it
is prudent to assume that he does.
The only safe pattern is no pattern, i.e., a totally random passphrase.
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Test vectors for 3DES with OFB or CFB
Date: Mon, 5 Mar 2001 16:50:35 -0800
Morten Vested Olesen <[EMAIL PROTECTED]> wrote in message
news:980t18$2nd2$[EMAIL PROTECTED]...
> I am looking for testvectors for 3DES with CFB (8-bit) and 3DES with OFB
> (8-bit). Do you know where I can find them or do you have such vectors
> yourself, please let me know.
I don't have any such testvectors, but use of OFB in anything other than
full block (for 3DES, 64-bit) mode is strongly discouraged. In full block
mode, and modeling 3DES as a random permutation, the expected cycle length
is 2**63. In less than full block mode, and again modeling 3DES as a random
permutation, the expected cycle length drops to around 2**32, because the
next-state transition is no longer invertable.
--
poncho
------------------------------
From: Shawn Willden <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily crack
Date: Mon, 05 Mar 2001 17:45:10 -0700
Jim D wrote:
> On Sun, 04 Mar 2001 17:36:03 -0600, [EMAIL PROTECTED] wrote:
>
> >I could go on, but this is not a political newsgroup. Bush won it, and
> >the only reason the Democrats are beside themselves is that they were
> >certain they had committed enough fraud to win.
>
> Did he hell! He siezed power, in much the same way as
> Milosevic or Saddam.
Oh, come off it, both of you. Both sides commit as much underhanded
double-dealing as they can get away with, mostly at the local level, and
it's not a huge amount on either side. There's always some error in every
election (some intentional, most accidental); usually it doesn't matter
because the victory margin exceeds the error margin by a large amount.
This time it was close and neither side was certain (and no one ever will
be [1]). The Gore team was losing, so they took to the courts. The Bush
team was afraid that the Gore team might be successful in court, so also
went to court. The courts made their decisions, based on their published
arguments, and Bush was granted the win. Bush now has the office, and
whether he's the greatest or worst president ever, he's out in either four
or eight years, and the country will survive either way. Nobody "seized
power", and comparisons with tyrants like Hussein are beyond the pale.
Shawn.
[1] Although Bush supporters are happy to tout the results of
media-sponsored recounts as proof that their guy really won, a 140-vote
margin with millions of votes cast is hardly conclusive. And Gore
supporters should remember that Bush's margin did in fact remain positive
throughout all of the recounts. See
http://www.miami.com/herald/special/news/flacount/docs/review.htm
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: passphrase question
Date: Tue, 06 Mar 2001 01:00:47 GMT
"Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> So the whole method produces 60 bits of entropy.
Wow.
I'll let others use these methods to pick their passphrases, and I'll
just stick with random ones myself.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
