Cryptography-Digest Digest #904, Volume #13 Thu, 15 Mar 01 08:13:01 EST
Contents:
Re: One-time Pad really unbreakable? (Tim Tyler)
Re: One-time Pad really unbreakable? (Tim Tyler)
Re: One-time Pad really unbreakable? (Tim Tyler)
Re: One-time Pad really unbreakable? (Benjamin Goldberg)
Re: Super strong crypto (Mok-Kong Shen)
Security of IAPM, alone. (Benjamin Goldberg)
Re: SSL secured servers and TEMPEST (Frank Gerlach)
Re: qrpff-New DVD decryption code ("Mxsmanic")
----------------------------------------------------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: One-time Pad really unbreakable?
Reply-To: [EMAIL PROTECTED]
Date: Thu, 15 Mar 2001 11:10:27 GMT
Dave Knapp <[EMAIL PROTECTED]> wrote:
: Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
:>Tim Tyler wrote:
:>> Dave Knapp <[EMAIL PROTECTED]> wrote:
:>> : On Fri, 9 Mar 2001 10:59:32 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
:>> :>Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
:>> :>A deterministic theory has no place for randomness.
:>>
:>> : Wrong. Thanks for playing, though. The many-worlds hypothesis (it
:>> : isn't a theory yet) is deterministic, but it is unable to predict
:>> : the results of a single observation, since the worldline in which
:>> : the observation will be made is unpredictable.
:>>
:>> Actually many worlds does make concrete predictions if the initial
:>> state is completely known. That's a consequence of its determinism.
:>
:>I think you're parsing that wrong. Knapp said "the wordline in which
:>the observation will be made is unpredictable." You seem to be
:>interpreting that as "the worldline will be unpredictable." I would
:>interpret it as "it is not possible to predict which worldline the
:>observer will be in, after the observation is made."
: That is indeed what I meant. I can see how it could possibly have
: been taken the other way.
You said:
"The many-worlds hypothesis (it isn't a theory yet) is deterministic, but
it is unable to predict the results of a single observation, since the
worldline in which the observation will be made is unpredictable."
In the multiverse, which world lines the observation is made in is
exactly determined.
I think - to clarify what you are trying to say - you need to state that
the person to whom the observation's results are unpredicatble is the
embodied observer, without information about the state of the multiverse.
To someone with access to that state, prediction becomes possible.
The main question is whether information about the state can be obtained.
:>> Consequently, DAG's statement that: "It's not due merely a lack of
:>> more detailed knowledge of the state of the system" is mistaken - if
:>> sufficiently detailed knowledge of the state of the system were
:>> available, prediction would be possible.
: Only for the worldline in which the observations would be made, but
: since you don't know which one it will be, it's kind of moot.
Well, prediction of *every* world line is possible, given the state.
: Don't confuse the many-worlds version of determinism with the "hidden
: variables" attempt to explain QM. It doesn't work without violating
: causality.
Hidden variables are alive and well. What was originally thought to have
been ruled out was a particular naive approach to hidden variables - not
the whole idea.
Since http://people.ne.mediaone.net/davidelm/epr.htm, the work of Caroline
Thompson, etc, locality seems to have returned to physics, and with it the
viability of hidden variables.
http://www.physicsmyths.org.uk/#hidden has a concise explanation of why
the supposed demonstrations of the non-existence of hidden variables were
wrong.
Also, now we have papers like:
http://digitalphysics.org/Publications/Ostoma-Trushyk/Cell/
http://digitalphysics.org/Publications/Ostoma-Trushyk/Special/
http://digitalphysics.org/Publications/Ostoma-Trushyk/EMQG/
being published - hidden variables with a vengance! ;-)
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: One-time Pad really unbreakable?
Reply-To: [EMAIL PROTECTED]
Date: Thu, 15 Mar 2001 11:22:47 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> The problem I think you're tring to get at is that it is difficult
:> for an embodied observer to get reliable and complete information
:> about the system in the first place.
: No, the point is that that is impossible even in principle.
It isn't known to be impossible. I would grant that current theories of
quantum physics don't offer a mechanism for doing so - but that's totally
different from it being impossible.
Only if you accept quantum theory as being definitely the last word
in physical laws can you make such a statement.
To anticipate an objection, it is also false that modifications to
quantum theory which make substantially the same preduictions will also
have the property that embodied observers will be incapable of getting
complete information about any section of the universe.
Since we can be pretty certain that we *don't* have access to the final
laws of physics, statements about whether it's possible or not to
get this information are merely speculation - all that we can say is that
we don't currently have a method of obtaining it.
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: One-time Pad really unbreakable?
Reply-To: [EMAIL PROTECTED]
Date: Thu, 15 Mar 2001 11:31:31 GMT
Frank Gerlach <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Frank Gerlach <[EMAIL PROTECTED]> wrote:
:> : Tim Tyler wrote:
:> Personally I think a paper-and-pencil OTP is rather likely to be insecure,
:> due to key-distribution problems. There's a good reason why OTPs are
:> little used.
:
: Except that the KGB and the BND use it. And the brits and the yanks used
: it for heads-of-government communication (SIGSALY) during and after WW2.
: It seems to me that OTP can be a practically strong system, if applied
: with discipline.
I didn't say it wasn't used. I didn't say that it didn't have a role to
play. However there are serious problems in actually using it, that
really don't help with the security.
: I suspect the UKUSA alliance just hates OTP, because all their expensive
: equipment is useless, if OTP is used properly. Because of that, they are
: trying to undermine its credibility.
I'm not a pawn of theirs. I'm dissing the OTP because I think so
much twaddle is talked abiout its unbreakability and security -
and partly because I genuinely think it is usually not very
practical.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: One-time Pad really unbreakable?
Date: Thu, 15 Mar 2001 11:42:12 GMT
Tim Tyler wrote:
>
> Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> : Tim Tyler wrote:
> :> Dave Knapp <[EMAIL PROTECTED]> wrote:
> :> : On Fri, 9 Mar 2001 10:59:32 GMT, Tim Tyler <[EMAIL PROTECTED]>
> :> : wrote:
> :> :>Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
>
> :> :>: In contrast, the irreducible nature of quantum randomness has
> :> :>: been well established by experiment and theory. It's not due
> :> :>: merely a lack of more detailed knowledge of the state of the
> :> :>: system.
> :> :>
> :> :>Yet there are deterministic theories of how the world operates,
> :> :>which appear to be quite consistent with observation:
> :> :>
> :> :>http://www.anthropic-principle.com/preprints/manyworlds.html
> :> :>
> :> :>Q13 Is many-worlds a deterministic theory?
> :> :> Yes, many-worlds is a deterministic theory [...]
> :> :>
> :> :>A deterministic theory has no place for randomness.
> :>
> :> : Wrong. Thanks for playing, though. The many-worlds hypothesis
> :> : (it isn't a theory yet) is deterministic, but it is unable to
> :> : predict the results of a single observation, since the worldline
> :> : in which the observation will be made is unpredictable.
> :>
> :> Actually many worlds does make concrete predictions if the initial
> :> state is completely known. That's a consequence of its
> :> determinism.
>
> : I think you're parsing that wrong. Knapp said "the wordline in
> : which the observation will be made is unpredictable." You seem to
> : be interpreting that as "the worldline will be unpredictable."
>
> The observation is made in dozens of world-lines. In the multiverse,
> which ones it is made in is determined exactly.
>
> : I would interpret it as "it is not possible to predict which
> : worldline the observer will be in, after the observation is made."
>
> That doesn't even make sense. The observer is in all the world lines
> he started off in (except the ones where he was struck by lightning).
I walk into one door of my duplicating machine, and walk out two doors
of it. I will be in two places, but each of me will only percieve the
world from one set of eyes.
The observer is in all the world lines, but each of him only percieves
his own. Suppose I will make a decision as to what to eat tommorow
based on a bit of quantum randomness. I do not know today if, whether
tommorow I will be the me who ate a bagel or the me who ate an egg.
>From God's point of view, I will be both, but from each of mine, I will
only be one person, and I will not have been able to have predicted (in
tommorow's yesterday) which me I will be, in tommorow's today.
> :> Consequently, DAG's statement that: "It's not due merely a lack of
> :> more detailed knowledge of the state of the system" is mistaken -
> :> if sufficiently detailed knowledge of the state of the system were
> :> available, prediction would be possible.
>
> : God is able to obsere the entire state of the system. Is anyone
> : else capable of such?
>
> Not AFAIK - embodied observers appear to have extremely severe
> limitations about how much of the multiverse they can measure.
>
> :> The problem is that an embodied observer does not appear to have
> :> any way to obtain information about the entire state of the system.
>
> : Isn't that what Kanpp just said?
>
> No. He just said it was unpredictable - without specifiying who it
> was unpredictable to.
Combining your two statements above, I come to the conclusion that you
believe in God... or else you would not be trying to take into account
anything other than an embodied observer in your second statement.
Unless of course you think that it's possible for a non-embodied
observer other than God to exist.
> : It is impossible for an observer to predict what timeline he will be
> : in. Or rather, he'll be in both, but he won't know... urgh, this is
> : hard to phrase.
>
> Well, I don't know if it's impossible. The orthodox laws - if ones
> assumes they are the last word - don't provide a method which could
> result in an observer getting the relevant information, I would grant
> that.
What do you mean "the orthodox laws," and what would you consider
*un*orthodox laws?
>
> [snip duplicating machine]
>
> : To God, many-worlds is both deterministic and predictable. To man,
> : many-world is deterministic, but not predictable. Determinism
> : doesn't change based on who or what the observer is, but
> : predictability does.
>
> Yes, this appears to be correct. Prediction may be possible given
> exact information about the system - and this /may/ not be obtainable
> by man.
Given exact information about what timeline he is in, man can only
predict that tommorow he will be in both future timelines... until he
arrives in tomorrow, at which point, he can only say, today, I am here--
and that other me, in that other timeline, I cannot percieve him, and he
is not me.
> It certainly seems from the what we currently know of the laws of
> physics that obtaining it by probing the system with photons may
> be an enterprise destined not to succeed. The question of whether he
> can get this information seems likely to boil down to whether there is
> some other way of obtaining this information, or the results of
> predictions which stem from it.
Of course there's another way... abracadabra! <gg>
> [Now going back a bit... Gwyn said:]
> :> :>A deterministic theory has no place for randomness.
>
> : Now I'm rather curious. How should we define randomness? Suppose
> : many-worlds is fact, not hypothesis... us humans have no way of
> : predicting the future, but God does. Is randomness "merely" lack of
> : predictability? In that case, randomnes only exists for man, but
> : not for God...
>
> Yes again. Now, the question of randomness for man could be stated as
> whether he can find a way to communicate with god ;-)
It's not talking to God that's the problem, it's getting a reply :)
Hmm, now here's a pretty puzzle... if God exists, and is omniscient,
then howcome two-slit wave/particle experiments work? Surely, if God is
omniscient, then he knows which of the two slits the particles went
through, and causes the interference effect to break down!
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Thu, 15 Mar 2001 13:13:36 +0100
"Douglas A. Gwyn" wrote:
>
> Bryan Olson wrote:
> > ... if you start with a modern cipher (Rijndael, Twofish,
> > Sherpent, others) then we can already have confidence.
>
> Really? On what grounds?
I think the interesting basic issue here is how secure a
cipher should be in order to be (objectively) safely be
employed by the users. None of the cited ciphers is provably
secure, if I don't err. Yet, no one is apparently waiting
for a formal proof of security of AES before using it or is
even attempting to do a formal proof of that. I use to think
that objectivitiy can never be obtained in any practical
(as against theoretical) applications of encryption. The
problem seems to be how to adequately employ one's
subjective thoughts and opinions in decisions about security,
an issue that is by its very nature vague and imprecise, unfortunately.
I like to mention in this connection another point. Your
scheme in the original post intends to reduce the amount of
materials encrypted by a given key of block ciphers. If one
changes session/message keys sufficiently frequently and the
message sizes are appropriately limited, then the problem
could be avoided, isn't it? A related concrete question is
then what was raised in a recent thread of mine ('Life cycle
of keys'), namely how many bytes one may safely encrypt
with one key using AES (in the extremely conservative
situation stipulated there)? If we have no idea of that at
all, then one probably would have to admit that the science of
crypto is yet very very far from being a science comparative
to math, I suppose.
M. K. Shen
==============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Security of IAPM, alone.
Date: Thu, 15 Mar 2001 12:36:50 GMT
The IAPM chaining mode can be described as follows:
w(x) = E(k0, iv0 + x) (for x = 0..log2(messagelength))
s(i) = XOR-sum of a subset of w, selected with binary_greycode(i)
ct[i] = s(i) XOR E(k1, s(i) XOR pt[i])
I'm curious. How secure is this scheme if k1 is fixed, perhaps at 0?
k0 still has the full, normal, amount of entropy, and iv0 is secret.
For the purposes of analysis, assume that E is AES.
Does anyone know of any weaknesses with this?
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: SSL secured servers and TEMPEST
Date: Thu, 15 Mar 2001 13:36:16 +0100
Lyalc wrote:
>
> - is very unpredictable, timing wise. But a variaton of the Kocher timing
> attacks might/might be theorised as feasible - by careful analysis of SSL
> handsaking start times etc. But I think (without empirical evidence) that
> multi-tasking OSs will be too unreliable, timing wise. Any comments out
> there?
I also thought about that and was somehow relieved, although my attack
does not work as easy any more :-(
Still, variations might only increase the "search space" for the signal
processors.
> - assume the emanations can be detected at all. Most cpus don't emanate
> enough to be above the themal noise floor. n is proportional to KTBR - with
> a CPU clock and thus bandwidth of say 500Mhz, the noise floor is pretty
I think the discussion should be limited to special crypto coprocessors
in (some more or less shielding)faraday cage. This is what most
high-traffic sites use (that is because they want to take load off the
CPU).
I looked briefly at FIPS 140-1, but could not find anything related to
TEMPEST (EMI/EMC has nothing to do with TEMPEST). I'll look at it in
more detail tonight..
It would be usefuly to have some certification measurement procedure,
like "emanations from x to y Mhz must be below z dB".
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: qrpff-New DVD decryption code
Date: Thu, 15 Mar 2001 12:44:58 GMT
Courtney Loves testimony on the subject of the music industry is quite
enlightening:
http://www.salon.com/tech/feature/2000/06/14/love/index.html
It seems that all the money made by the industry is going to a number of
different parties, but bands and musicians aren't necessarily among
them.
"Joe H. Acker" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
>
> > > In a market economy, prices should be down when, say, new
technologies
> > > enable production at lower prices. New technologies now permit
very
> > > cheap diffusion of music. Powerful Music Conglomerates are only
> > > distributors, even if they incidentally own rights on music by
> > > contracts. So how is it that we pay, say 5$ or 12$ (on, say, 15$
for a
> > > a music CD) to the distributor, when the actual cost of
distributing
> > > by new means is much cheaper, say 0.25$ ?
> >
> > When you go to a fast food place, and pay a couple dollars for a
soda,
> > when it actually costs them a few cents, does that piss you off?
> >
> > > Because market economy fails when there are Monopolies (or
equivalent
> > > to monopolies). When they exist, they nearly define legality
(legality
> > > differs from moral/ethical consideration, as Douglas A. Gwyn maked
the
> > > remark).
> >
> > Do you believe that all fast food places are part of one huge
monopoly?
>
> Actually, the OP is right. There are only 3 major record companies
that
> own practically all other record labels, even if these seem to be
> independant. I'm not sure, but I think it's EMI, Warner and another
> company (Sony?). Music industry is a relatively dirty and monopolistic
> business. For example, record companies tie musicians with very long
> term contracts, and they are able to completely ruin a musicians
> career---and this has happened very often with musicians that have
> critizised the business. Radio stations are forced to play a certain
> quantity of certain songs (if not, they don't get any free promo
records
> anymore). Or did you think that radio producers are keen on hearing
> Madonna's remake of "American Pie" 10-20 times a day on their channel?
> Record companies can push anything they want into the top 10. When a
> marketing campaign for a new "style" is launched, they buy all labels
> and bands with the same style, but they'll only push one or two of
them
> in the first marketing phase. The other bands are later thrown in, or,
> if they have bad luck, the trend is over and they are dropped. The
> reason for this is that a uniform style and a few bands make more
money
> than high diversity of styles and many bands with the same style at
the
> same time. Also, customer demand can be controlled better and is more
> predictable that way.
>
> So yes, music industry holds a monopoly on the distribution channels.
> The few cominant companies do not only completely control the mass
> market, they also control the musicians themselves (even famous
> musicians) to an amount that even limits their freedom of speech.
>
> Regards,
>
> Erich
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
