Cryptography-Digest Digest #837, Volume #13 Thu, 8 Mar 01 14:13:00 EST
Contents:
Re: Just getting interested... (Frank Gerlach)
Re: frequency "flattening" (Joe H. Acker)
Re: Dayton's Code Breakers (Harvey Taylor)
Re: Codes and ancryption (was: Re: Super-strong ("Douglas A. Gwyn")
Re: qrpff-New DVD decryption code (Jim Steuert)
Re: Really simple stream cipher ("Henrick Hellstr�m")
Re: Q: Tempest Systems (Frank Gerlach)
Re: qrpff-New DVD decryption code (Bill Unruh)
Re: Again on key expansion. ("Cristiano")
Re: Question re Asymmetric Encr'n (Mike Rosing)
Re: How to find a huge prime(1024 bit?) (Gregory G Rose)
Re: frequency "flattening" (Neil Couture)
Re: Codes and ancryption (was: Re: Super-strong crypto......................(As
if).) (John Savard)
Re: Meaninog of Kasumi (Mike Rosing)
Re: Super strong crypto (Mok-Kong Shen)
Re: Encryption software (Steve Portly)
Re: => FBI easily cracks encryption ...? (Paul Rubin)
Re: Q: Tempest Systems (Paul Rubin)
Re: Creating serial numbers? (Paul Rubin)
Re: One-time Pad really unbreakable? (Steve Portly)
----------------------------------------------------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: Just getting interested...
Date: Thu, 08 Mar 2001 18:11:25 +0100
Arturo wrote:
> Did you get the Handbook of Applied Cryptography?
> http://www.cacr.math.uwaterloo.ca/hac/
> =
> It=B4s good, it=B4s online, it=B4s free.
And it is much more mathematical than Bruce Schneier's book. This
formalism is of no use if you only want to use a certain cypher and not
invent/break one. =
Codemaking/breaking is not today's challenge - using it correctly is.
Bruce is adressing these issues quite well, although B2B and B2C
developers, for instance, must also think about buffer overflows and
stuff like that.
------------------------------
From: [EMAIL PROTECTED] (Joe H. Acker)
Subject: Re: frequency "flattening"
Date: Thu, 8 Mar 2001 18:09:28 +0100
Neil Couture <[EMAIL PROTECTED]> wrote:
> "Joe H. Acker" wrote:
> > I am looking for a sort of "expansion" function that should work like
> > that:
> >
> > We have n signs of alphabet A, e.g. let's suppose n=256. There's an
> > arbitrary length plaintext PT composed of the alphabet. There's a
> > function f_PT(x) that returns the frequency of x in PT.
> >
> > Aim: Find an optimal code C that maps any sign of PT to a sign or
> > sequence of signs in CT (and vice versa), such that f_CT(x) = k is a
> > constant value k for any arbitrary sign x of CT.
> >
>
> First of all it would be cool to define exactly want is optimal for you.
> but anyway i can maybe guess that you want to optimize for memory.
> ( as so Huffman code can help you ).
Oops, forgot about that. Yes, indeed I am looking for the minimal
solution regarding the length of CT, the algorithm should find the
shortest CT such that the above requirements are fullfilled, but still
Length(CT)>Length(PT) is allowed.
My (often bad) intuition tells me that Huffman-Coding isn't what I'm
looking for. So does anyone know how the algorithm to find the optimal
code as above is called?
------------------------------
From: Harvey Taylor <[EMAIL PROTECTED]>
Subject: Re: Dayton's Code Breakers
Date: Thu, 08 Mar 2001 11:18:47 -0800
In article <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]> Jerry Proc wrote:
>
> There was a multi-part story in the Dayton Daily news about the man who
> headed up the National Cash Register team that built 120 bombes for US
> Navy in WWII
> in order to crack codes generated by the German 4-rotor Engima.
>
> See Dayton's Code Breakers http://www.activedayton.com/partners/ddn/
>
Thanks for posting the link. Interesting story.
<salut>
-het
--
"The best weapon of a dictatorship is secrecy, but the best weapon of
a democracy should be the weapon of openness." --Niels Bohr
Energy Alternatives: http://www.pangea.ca/~het/energy.html
Harvey Taylor mailto:[EMAIL PROTECTED] http://www.pangea.ca/~het
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Codes and ancryption (was: Re: Super-strong
Date: Thu, 8 Mar 2001 16:13:08 GMT
"Joe H. Acker" wrote:
> (1) How secure is a book cipher, given the assumption that the book is
> not known to the attacker?
> Let me specify: If I map words to word positions in the book, will the
> resulting numbers in practise have many properties that allow a good
> attack without knowing the book that was used? (My first thought is
> that there should be plenty of regularities at word and sentence level
> to exploit, but I'm not really sure.)
The more usual terminology for this is "code" as opposed to "cipher".
Codes are not terribly hard to crack given enough material to work
with. Indeed, code systems around the WWII era usually added a
ciphering step to the code step; this "superencipherment" was meant
to make it harder for the enemy to identify repetitions of codewords.
Even superenciphered code systems have often been cracked, historically.
It is usual for the meaning of some rarely-used codewords to remain in
doubt, but their linguistic role is clear -- like using "Madame X"
because one hasn't realized that the codeword refers to "Jane Fonda".
> (2) Another question that pops into my mind: If I use a large dictionary
> to compress words of the plaintext before encrypting it with a
> conventional symmetric cipher, would this code add significant security
> in case the dictionary and encoding method is known to the attacker?
In general, precompression interferes with statistically-based
cryptanalytic attacks. However, static code tables mean that
word-unit repetitions in the original plaintext will result in
repetitions in the compressed plaintext, which doesn't much get
in the way of statistical methods. There are regularities at
all levels of linguistic structure; a compression scheme that
produces fewer patent repetitions would be much better.
> ... Would mixing the dictionary randomly have any effect on that?
I think you're asking about the difference between a "one-part"
and a "two-part" code system. Before computers, one-part systems
were much easier to prepare, and they support certain kinds of
subkeying (offset alignment). However, one-part systems are *much*
easier to crack, because the code values are roughly proportional
to the plaintext values, allowing interpolation. E.g. if one has
QUZO -> EXPLAIN
QVVF -> EXPORT
then one might guess that QVAB seen in the code text stands for
EXPLODE.
------------------------------
From: Jim Steuert <[EMAIL PROTECTED]>
Subject: Re: qrpff-New DVD decryption code
Date: Thu, 08 Mar 2001 12:47:40 -0500
I recently bought a laptop which purportedly plays dvds. I've legally
rented 4 dvds and tried to play them on my laptop. While three
have played, one did not because (I presume) of country code.
Should I return the Toshiba laptop for false advertising? My own
sony dvd player played that particular dvd ok.
If dvd-media sellers are going to do this, I think the MPAA should
be sued for false labeling of their expensive product. This is a form
of false advertising, not by the laptop makers, but by the MPAA. They
should not be allowed to defraud the consumer. Perhaps I should
bring this up with the local attorney general's office.
This is analogous to buying a book, but then having to buy a special
pair of very expensive glasses to read that particular book, because someone
"might" xerox the book. We are presumed guilty.
I feel perfectly justified in using decryption software to read some media that
I have purchased for my own personal viewing. Is it violating a copyright
to be able to read something I have already payed to own/rent?
-Jim Steuert
Mach wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> > ramalane:
> >
> > CAMBRIDGE, Mass. -- Descrambling DVDs just got even easier, thanks to a pair
> > of MIT programmers.
> >
> > Using only seven lines of Perl code, Keith Winstein and Marc Horowitz have
> > created the shortest-yet method to remove the thin layer of encryption that
> > is designed to prevent people -- including Linux users -- from watching DVDs
> > without proper authorization.
> >
> >
> > http://www.wired.com/news/culture/0,1284,42259,00.html
> >
> > The Perl Code:
> > http://www.cs.cmu.edu/~dst/DeCSS/Gallery/qrpff-fast.pl
>
> You can also find anotated C source explaining the algorithm at
> http://www.cs.cmu.edu/~dst/DeCSS/Gallery
>
> If DVD players already contain decryption code, why do we need
> decryption software?
>
> Does an encrypted DVD prevent people from copying it? At a
> hardware level, digital information is a series of ones and
> zeros, so, what keeps you from copying the ones and zeros of
> encrypted data?
>
> _______________________________________________________________________
>
> Mach finger [EMAIL PROTECTED] for public key
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQCVAwUBOqeNMidWgNvgbjuxAQFgBwP+Nej6/gpcsIBqOuBHdC9x0VFW+z9CdRG9
> NnPWQdSN+sQUiPGXePSyDUO1UQCXhsmCkXAFTiVUMiGJY7K8Tt44l58a2Dv162u3
> N4BXXmFWF7xGNDikMLtLBdeXtVRVkAebIkCwj9HMRZweW4RzA4YpZV11NVXA7VO4
> Pqih04wfO0w=
> =LQ64
> -----END PGP SIGNATURE-----
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Really simple stream cipher
Date: Thu, 8 Mar 2001 18:27:55 +0100
"Scott Fluhrer" <[EMAIL PROTECTED]> skrev i meddelandet
news:988e15$n78$[EMAIL PROTECTED]...
> Who said an attack had to be limited to a single qword of cipher text? In
> that sense, 3DES is also informationally secure, in that you cannot
uniquely
> rederive the key from a single plaintext/ciphertext block.
Of course. All I said was that each value of K was used only for one single
qword plain text block.
> And, my attack does account for new values of K. I did not say so
> explicitly because there was no need.
OK, sorry, I see your point now.
> This "you can attack key bits individually" property of the cipher reduces
> the effort from the obvious 2**(32*4) to 32 * 2**4 == 2**9. The random
> updates of K really do not alter this property.
Are you sure about this? As far as I can tell at least 8 of the 16 lsbit-key
data combinations would result in lsbit-plain text sequences with formally
indistinguishable distribution (but will result in different plain text
because of the carry to the next bit). What have I missed?
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: Q: Tempest Systems
Date: Thu, 08 Mar 2001 18:46:37 +0100
> Any comments on this? Would never happen? Tempest systems aren't that good?
> Etc.
Only few people what kind of singnal processing software is running on
NSA and GCHQ computers, but signal processing is a very mature science
and a lot can be done to extract a signal even if it is buried in noise,
which is hundreds of times stronger.
For example, the signals sent by far away-satellites which perform
research at the borders of our solar system are much weaker than the
noise generated by the "big bang". NASA just uses a special (low-bit
rate) encoding to communicate with that satellite.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To: alt.hackers.malicious
Subject: Re: qrpff-New DVD decryption code
Date: 8 Mar 2001 18:10:56 GMT
In <[EMAIL PROTECTED]> Mach <[EMAIL PROTECTED]> writes:
>If DVD players already contain decryption code, why do we need
>decryption software?
So you can watch DVDs on your computer, which does not contain that
code.
>Does an encrypted DVD prevent people from copying it? At a
No.
>hardware level, digital information is a series of ones and
>zeros, so, what keeps you from copying the ones and zeros of
>encrypted data?
Nothing. The encryption is there solely to prevent people in England
from buying DVDs from the USA or vice-versa. Movie companies want to be
able to sell DVDs for different prices and at different times in
different markets. It is a "restraint of trade" measure to prevent
movies from engaging in the global market.
>_______________________________________________________________________
>Mach finger [EMAIL PROTECTED] for public key
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>iQCVAwUBOqeNMidWgNvgbjuxAQFgBwP+Nej6/gpcsIBqOuBHdC9x0VFW+z9CdRG9
>NnPWQdSN+sQUiPGXePSyDUO1UQCXhsmCkXAFTiVUMiGJY7K8Tt44l58a2Dv162u3
>N4BXXmFWF7xGNDikMLtLBdeXtVRVkAebIkCwj9HMRZweW4RzA4YpZV11NVXA7VO4
>Pqih04wfO0w=
>=LQ64
>-----END PGP SIGNATURE-----
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: Re: Again on key expansion.
Date: Thu, 8 Mar 2001 19:03:35 +0100
> > > I have an idea you might like, for making measuring things easier:
> > > instead of multiplying your 512 bit integer by a point, why not do
> > > an exponentiation of some primitive (3, I suppose), with a 512 bit
> > > modulo?
> >
> > Sure, I like it! It's very fast! But I think this is a little
> > dangerous. It seems a kind of a BBS generator and it can degenerate to
> > a very short period (consider 8^3 mod 6). I can make the (slow)
> > initializzation only once but I think that it's better the SALEK's
> > method.
>
> If you consider it better than SALEK's method, then you're counting the
> number of rounds incorrectly. To add equal amounts of work takes equal
> amounts of time. Neither method is better or worse than the other.
I meant that SALEK's method is better than expmod method (oh! my good
english... :-)) because if my password is 8, my exponent is 3 and my modulus
is 6, I'll get 8^3 mod 6=2, 2^3 mod 6=2, 2^3 mod 6=2...
However, I think that a method based on time is not a good method because if
I stretch for 1 s my password with my old commodore64, on my amiga1200 the
same number of iterations will takes .01 s, on my pc .0001 s.
Doesn't a better method exist?
Thank you
Cristiano
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Question re Asymmetric Encr'n
Date: Thu, 08 Mar 2001 12:16:06 -0600
Arnold Shore wrote:
>
> Thanks, guys - the responses are appreciated. But, re " ... choosing a
> random symmetric key to be used for CAST, and encrypting that using the ECC
> public-key crypto."
>
> How then is this symmetric key reconstituted at decrypt time, since only the
> public key is used?
The message is encrypted with the symmetric key, and the symmetric key is
encrypted using the ECC public key. All of it is sent as single message.
The reciepient first decypts the symmetric key with their private key, and
then decrypts the message. That way, every message uses a different symmetric
key and this maximizes the effort required on a cryptanalyst (well, it forces
them to focus on the public/private key system anyway).
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Crossposted-To: alt.security.pgp,sci.math
Subject: Re: How to find a huge prime(1024 bit?)
Date: 8 Mar 2001 10:27:08 -0800
In article <[EMAIL PROTECTED]>,
John Wasser <[EMAIL PROTECTED]> wrote:
<[[ This message was both posted and mailed. ]]
<
<In article <985sua$[EMAIL PROTECTED]>, Gregory G Rose <[EMAIL PROTECTED]>
<wrote:
<
<> In article <[EMAIL PROTECTED]>, Dik T. Winter <[EMAIL PROTECTED]> wrote:
<>> The premissa is: "there is a finite number of primes". Multiplying
<>> them all together and adding 1 shows that the resultant number is
<>> not divisible by any prime. Hence by the definition of prime it
<>> must be prime, contradicting the premissa.
<>
<> I'm sure someone else has already pointed this
<> out, but my news feed is flaky at the moment, so
<> I'll chime in anyway.
<>
<> The number you get by multiplying all the primes
<> together and adding one might not be prime itself;
<> however, it must have prime factors which are not
<> in the list.
<
<But if you have multiplied ALL primes together there can't be any
<"prime factors which are not on the list". The proof of an infinite
<number of primes is based on the contradiction found when the
<assumption of a finite number of primes is assumed.
<
<I agree that it is confusing to say "the product of a bunch of primes
<plus 1" is a prime when we can prove that it isn't necessarily so. It
<is only 'true' when the bunch contain ALL primes which we are
<attempting to prove is not possible!
OK, this has become a semantic discussion and I
don't want to persue it much further. Basically,
my definition of "prime" is that a number has no
divisors other than itself and 1. Then the
constructed number is clearly not in the supposed
set, but implies the existence of at least one
more prime, proving that the set cannot be finite.
Saying, as you seem to be, that membership of the
set is the only criterion for primality, seems to
me to be circular, since the set was constructed
from the property stated above.
I disagree that you can "define" the constructed
number to be prime merely because it is not
divisible by a number from a finite set that we
are proving can't exist.
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
------------------------------
From: Neil Couture <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: frequency "flattening"
Date: Thu, 08 Mar 2001 18:28:26 GMT
mmm i think i see want you meant...
CT == CypherText
PT == PlainText.
Normaly if the CypherText has been constructed well the frequency Distribution
will be the same for all sign in CT. So Huffman code do not help you here...
that is you won't be able to compress significaly your CT 'cos all the sign
will
have almost equals frequency distribution. ( that what Information Theory
teach us )
anyway you want to maps from PT so CT...
I do not see an optimal way to do it and i think that by definition this (the
mapping ) will not give you any information ( in case CT is a cypher text )
but let's take a more general case. you could generate Huffman code for both
sets and then just keep a simple map of them...
"Joe H. Acker" wrote:
> Neil Couture <[EMAIL PROTECTED]> wrote:
>
> > "Joe H. Acker" wrote:
>
> > > I am looking for a sort of "expansion" function that should work like
> > > that:
> > >
> > > We have n signs of alphabet A, e.g. let's suppose n=256. There's an
> > > arbitrary length plaintext PT composed of the alphabet. There's a
> > > function f_PT(x) that returns the frequency of x in PT.
> > >
> > > Aim: Find an optimal code C that maps any sign of PT to a sign or
> > > sequence of signs in CT (and vice versa), such that f_CT(x) = k is a
> > > constant value k for any arbitrary sign x of CT.
> > >
> >
> > First of all it would be cool to define exactly want is optimal for you.
> > but anyway i can maybe guess that you want to optimize for memory.
> > ( as so Huffman code can help you ).
>
> Oops, forgot about that. Yes, indeed I am looking for the minimal
> solution regarding the length of CT, the algorithm should find the
> shortest CT such that the above requirements are fullfilled, but still
> Length(CT)>Length(PT) is allowed.
>
> My (often bad) intuition tells me that Huffman-Coding isn't what I'm
> looking for. So does anyone know how the algorithm to find the optimal
> code as above is called?
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Codes and ancryption (was: Re: Super-strong
crypto......................(As if).)
Date: Thu, 08 Mar 2001 18:22:39 GMT
On Thu, 8 Mar 2001 15:25:56 +0100, [EMAIL PROTECTED] (Joe H. Acker)
wrote, in part:
>Let me specify: If I map words to word positions in the book, will the
>resulting numbers in practise have many properties that allow a good
>attack without knowing the book that was used? (My first thought is
>that there should be plenty of regularities at word and sentence level
>to exploit, but I'm not really sure.)
There are some; the problem is that some people using the book for
encryption won't start at a different page of the book, selected at
random, for each new word in the message, but will instead select
several words from the same page.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Meaninog of Kasumi
Date: Thu, 08 Mar 2001 12:40:36 -0600
Arturo wrote:
>
> KASUMI is the name of the encryption algorithm to be used in
> third-generation mobile phones. My question is, what does that workd stand for?
> Does it have any meaning? TIA
It's an "ordinary" japanese name. It may be from a famous ninja or war lord
who is famous in Japan. It might also stand for something in Japanese, but
I sure wouldn't have a clue how to parse it! Look for it on Mitsubishi's
web site http://www.mitsubishielectric.com and search for kasumi. You'll get
some interesting hits.
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Thu, 08 Mar 2001 19:39:29 +0100
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > I have argued in a follow-up (7-th Mar) that it is preferable
> > to transmit the new keys with a separate dedicated key.
> > (This effectively means sending the new keys via another
> > (logical) channel.) I don't yet see the point of attempting
> > (hard) to safely embed the new keys in the way you proposed,
> > if the other way is quite clear-cut and readily available
> > in practice.
>
> In many applications, including the one I have in mind, there
> is only one actual data channel, so you'd need to multiplex
> that, but that's not a significant problem. The reason I
> didn't take that approach is that you require roughly twice
> as much key material for a comparable amount of security.
> I was trying to stretch safe use of available key material
> as far as possible.
On the other hand, the discussions by others seem to indicate
that for that saving of bandwidth there could be substantial
trade-off (the universal principle that there is no free
lunch apparently applies). I use to believe, though, that
for applications of extremely high security requirements
bandwidth commonly isn't a big problem, since their volume
cannot be excessive and one is in such cases more ready to
pay for the costs involved in being conservative in all
respects.
M. K. Shen
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Subject: Re: Encryption software
Date: Thu, 08 Mar 2001 13:41:27 -0500
Tom St Denis wrote:
> "Paul Crowley" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > "Simon Johnson" <[EMAIL PROTECTED]> writes:
> > > PGP is as good as it gets, its free and open-source (this allows you to
> > > check that the program does what its meant to). My advice is never buy a
> > > program to which you don't have the source.
> >
> > PGP is *not* open source and never has been. The source to the most
> > recent editions isn't even disclosed, let alone licensed for
> > independent development.
> >
> > A genuinely Open Source alternative is GPG, www.gnupg.org, a GPL'd
> > implementation of the OpenPGP standard.
>
> Um isn't pgpi opensource?
>
> Tom
It takes a little longer to read the later versions of the pgpi source. Many
programmers find the GPG source laid out better.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: 08 Mar 2001 10:51:36 -0800
[EMAIL PROTECTED] (Damian Kneale) writes:
> To wade into the whole "capabilities" debate, the choice seems fairly
> simple. Have a government capable of breaking code and listening at
> will, or have one that cannot. Being from Australia, a country
> defended from Japan during WW2 largely due to successes in
> codebreaking, I'm all for a government that has that capability.
> Making sure your government is trusted with that capability is a
> little tougher...
You're a little confused though. That type of codebreaking against
modern crypto is impossible as far as anyone can tell. Unlike in WW2,
governments *can't* break today's codes--that's why they want to
regulate people using them. The government can only listen in on
people who obey the regulations.
Do you seriously think the enemy (either an enemy in a war, or a
terrorist, or even an ordinary criminal) is going to obey the
regulations?
If not, exactly what is left for the regulation supposed to protect
you against?
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Q: Tempest Systems
Date: 08 Mar 2001 10:54:20 -0800
"news.singnet.com.sg" <[EMAIL PROTECTED]> writes:
> The captors of course have set up a tempest system to capture
> signals and visuals from his notebook computer and the methods he
> uses to throw them off track are quite clever.
>
> Any comments on this? Would never happen? Tempest systems aren't that good?
> Etc.
Since the captors had had a chance to tamper with the guy's laptop,
they could have easily installed a transmitter inside it that sent them
all the keystrokes etc. Heck, they could have installed a cellular phone
inside that sent the keystrokes to anywhere in the world, from anywhere
the phone worked, and then let him out of jail with the laptop. No fancy
Tempest equipment or antenna near the laptop is needed.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Creating serial numbers?
Date: 08 Mar 2001 10:57:50 -0800
[EMAIL PROTECTED] (Niklas Frykholm) writes:
> Suggestion:
>
> Let ID be a unique ID number in the range (0..100 million). Use a counter.
>
> Let K be a secret key, known only by you (128 bit long).
>
> Generate the serial number as:
>
> ID || H(K || ID)
>
> where H is a hash function....
Another alternative is to just encrypt the ID with your favorite 64
bit block cipher (like 3DES) and a secret key. To check an encrypted
ID, just decrypt it. If you get a valid ID number (between 0 and 100
million) then use it, otherwise it's invalid. Since there are 2**27
valid ID numbers, the chance of picking a valid one at random is
2**(64-27) or about 1 in 128 billion. You have to send the whole
encrypted block (64 bits or 16 hex digits). If more security is
needed, use a 128 bit cipher like AES and send 32 digits.
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Subject: Re: One-time Pad really unbreakable?
Date: Thu, 08 Mar 2001 14:00:33 -0500
Paul Crowley wrote:
> "This may seem a trivial point, but sometimes people are hypnotised by
> the "proven secrecy" of the OTP and start saying they want to use it
> instead of, say, Rijndael. The point of drawing attention to the
> failings of that proof in the real world is to break the hypnosis.
> --
>
Unfortunately terms like "quantum computer" get floated around by the
media without adequate understanding from the public. The usually
assumed protection from quantum computer analysis is a one time pad
implementation. Common sense suggests that quantum computers will have
limitations in "practical application" at least in early configurations.
Perhaps there is a subset of cryptographic algorithms that will withstand
analysis from "practical" quantum computers?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
