Cryptography-Digest Digest #955, Volume #13 Tue, 20 Mar 01 18:13:01 EST
Contents:
Re: OT: TV Licensing - final answer - sorry for xpost (Dave Howe)
Re: BBS ("Tom St Denis")
Re: Signing/Not signing posts (SCOTT19U.ZIP_GUY)
Re: [OT] Why Nazis are evil (David Schwartz)
Re: Am I allowed to put any encryption software of my own creation on my public ftp
site? (SCOTT19U.ZIP_GUY)
SBOX permutation for MD2 - how calculated? ([EMAIL PROTECTED])
Re: What the Hell...Here's what my system can do at it's best... (SCOTT19U.ZIP_GUY)
can't find the unix crypt(1) command these days (Dan Jacobson)
Re: Strong Primes ("Joseph Ashwood")
Re: [OT] Why Nazis are evil (SCOTT19U.ZIP_GUY)
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) (SCOTT19U.ZIP_GUY)
Re: looking for "Crowds" (SCOTT19U.ZIP_GUY)
FBI book about Hanssen ("Douglas A. Gwyn")
Advice on storing private keys (Darryl Wagoner)
Re: Defining a cryptosystem as "broken" ("Joseph Ashwood")
Re: A future supercomputer ("JCA")
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) ("Joseph Ashwood")
Re: Advice on storing private keys (Paul Rubin)
Re: Advice on storing private keys ("Joseph Ashwood")
----------------------------------------------------------------------------
From: Dave Howe <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: OT: TV Licensing - final answer - sorry for xpost
Date: Tue, 20 Mar 2001 21:32:12 +0000
In our last episode (<alt.security.pgp>[19 Mar 2001 23:46:19 +0100]),
[EMAIL PROTECTED] (Paul Schlyter) said :
>> This sounds like urban mythology blurring a change of status with time.
>> I think the final "does" in that sentence should be "did".
Not sure about that - but at the time it was true.
>> In the days when people used TVs as computer monitors, there were no
>> exceptions to the law for such special cases. Later it was amended
>> to provide specific exemptions for using the TV as a video monitor.
nope, it was amended for them. a judge set a precedent for that one,
when it came in front of him for trial. unfortunately, the case was
worded quite tightly, so only "video devices for the playback of
pre-recorded videotapes" were included.
>Wasn't the determining factor whether the TV could receive RF
>signals? I.e. if you had a monitor with baseband input only, no
>license was needed, but if the monitor also included a tuner so you
>could actually receive TV transmissions, then a license was needed.
a tv used as a monitor is still a tv. a "monitor" monitor, with no PAL
support, did not require a licence. Most business computers had a true
monitor, most home machines at the time used a tv.
>Liwewise, a license would be needed for a VCR if the VCR had an
>integral tuner (as most VCR's do).
That was settled too - The judge was quite generous. Basically, the
licencing authority could disable the tuner for that video if they
wished, provided they could back out the change without damaging the
resale value of the video should the owner choose to upgrade. given
that all videos at the time required a co-axial plug inserting to pick
up broadcast tv, the licencing authority settled for placing a seal
over the socket, inspecting it once a year or so.
--== DaveHowe ( is at) Bigfoot dot com ==--
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: BBS
Date: Tue, 20 Mar 2001 21:37:06 GMT
"Simon Johnson" <[EMAIL PROTECTED]> wrote in message
news:998hfv$q54$[EMAIL PROTECTED]...
>
> Dobs <[EMAIL PROTECTED]> wrote in message news:9862va$mqp$[EMAIL PROTECTED]...
> > I have a question. How should good Blum Blum Shub Generator looks like?
I
> > know that it needs 2 large prime numbers p and q. Should this generator
> have
> > its own large prime number generator to generate new p and q each time
we
> > found our seed. Or it does not metter and I can for instance declare
that
> p
> > is such and q is such.
> > If it needs generator can somebody tell me one wchich would be proper
for
> > BBS, I mean will generate large prime numbers:
> > Best Regards:)
> > Michal
> >
>
> a BBS looks like this:
>
> x(i) = x(i-1)^2 mod pq -> where p and q are primes, and are kept secret.
> output = x(i) MOD 2^(log2(log2(pq)))
>
> x(0) is what starts this process off and is the key.
There is also the alternate format (ala Knuth)
output = x(i) dot Mask
Where dot is the binary dot product. This method is slower but a little
more secure since more bits are used in each output. This is also slower...
Tom
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Signing/Not signing posts
Date: 20 Mar 2001 21:32:20 GMT
[EMAIL PROTECTED] (Darren New) wrote in <[EMAIL PROTECTED]>:
>SCOTT19U.ZIP_GUY wrote:
>> You could make a PGP key in my name and
>> sign anything. But who would know that it is not my key.
>
>Which is the reason I'd always heard as the reason for signing all your
>posts. If you sign even the trivial posts, then any unsigned post is
>plausibly deniable. It also links your key to who you are online (i.e.,
>your set of opinions) even if it doesn't link your key to you as a
>person.
>
I gues you have a point. But I prefer not to do this. I do know
more than one posts have been sent by others than me. Some I don't
mind they back my view points. Some I think are so far from my view
that anyone who is following what I write knows it was not me.
I even dedicated my old yfn.ysu.edu address when yfn went off the
air for use to those who still want to immitate me.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: [OT] Why Nazis are evil
Date: Tue, 20 Mar 2001 13:36:51 -0800
Benjamin Goldberg wrote:
> Your response clearly demonstrates the point I was making in the post
> you responded to -- specifically, whether certain things are good or bad
> (or "evil") is something that different people people have different,
> possibly irreconcilable, beliefs about.
Whether the Earth is flat or round is also something that different
people have different beliefs about.
> Further, I think we can all agree that there's no possibility of all of
> coming to an agreement one way or another about right and wrong, any
> time this century. This seems to indicate -- to me, at least -- that it
> is now time to end this discussion and this thread.
It really depends upon who has to come to an agreement. But, to tell
you the truth, I'm not particularly concerned with what other people do
or don't agree with. You should exercise extreme caution when you let
other people's lack of agreement with your ideas decide what those ideas
should be or whether you should advocate them.
I could see you posting this same argument to a certain person who
tried to convince others that the Earth wasn't the center of the
universe.
DS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Am I allowed to put any encryption software of my own creation on my
public ftp site?
Date: 20 Mar 2001 21:25:44 GMT
[EMAIL PROTECTED] (Deano) wrote in <[EMAIL PROTECTED]>:
>If you have some software that really *IS* freeware (and not subject to
>any copyright) then give it to me. I will post it on a non-US web site.
>We don't care too much for Federal rules as we are outside US governemt
>controlled territory and are not subject to US court actions. (Unless we
>breach some internationally recognised laws and are bound by
>international treaties or courts - the same laws/courts which the U.S
>probably don't respect anyway. i.e. War Crimes Tribunal, EC Free-trade
>agreements, Land mine controles etc etc)
>
>;-)
>
>If you are not Paranoid, they WILL get you.
>
>
Deano could you post scott16u and scott19u on your site.
you can get the latest version. From radiusnet below. I
would like to see it posted off shore before the US once
again with the wind changes its encryption laws.
Thanks
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED]
Subject: SBOX permutation for MD2 - how calculated?
Date: 20 Mar 2001 21:37:28 GMT
In the descriptions of MD2 that I could find, it just says
that the permutation of {0..255} is based on the "digits
of PI". Does anyone know the exact algorithm used? Might
it be similar to the sbox initialization of rc4? And
how much of the security of MD2 is based on this particular
permutation? I'm thinking that any "reasonably random"
permutation would do just as well, in particular, one
constructed by doing exactly the rc4 sbox initialization
with some "random" key.
----- Posted via NewsOne.Net: Free (anonymous) Usenet News via the Web -----
http://newsone.net/ -- Free reading and anonymous posting to 60,000+ groups
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: What the Hell...Here's what my system can do at it's best...
Date: 20 Mar 2001 21:52:43 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in
<[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" wrote:
>> I hate to tell you but the way the game seems to be played
>> here is that the attacker has full knowledge of your program
>> and only the key is secret.
>
>It's not a "game". The main reason for Kerchhoff's principle
>is that in practice, the majority of encryption systems that
>justify expenditure of considerable effort to crack either
>involve large volumes of traffic with corresponding large
>staffing, deployment, and training requirements, which offer
>opportunities to obtain information about the general
>characteristics of a system (sometimes down to the wiring),
>or else the general structure can be guessed or otherwise
>figured out; for example, having seen scott16u and scott19u
>and having read your descriptions of what you consider
>important for such systems, one might guess most of the
>structure for scott23u. And of course, for applications like
>Internet security and satellite TV, interoperability demands
>that all parties use compatible, well-documented, systems.
>
>Most skilled cryptanalysts don't attack amateur, limited-use
>systems except perhaps as a recreational puzzle. That doesn't
>mean that such systems are secure; indeed, if they became
>important enough, such as being adopted by terrorist
>organizations, the cryppies would get to work on them.
>
***
Looking over this I assumed cryppies was just short or
another word for cryptananlysts. If it means hobbists
doing puzzles then it ain't goint to happeen. The crypto
gods who think so highly of themselves would see to that.
Just like teachers in Texas don't want retired scitentists
or engineers to teach math in texas schools even with the
so called shortage. The goal is to keep it closed and
suck more money.
***
But I fear the current crop of cryppies lack the crediable
to work on simple systems some terrorists organization might
employ. I think it takes a certain amount of brains and
creativity that I have not seen at least in the so called
crypto gods who post here. You need all kinds of strange
talented people be they queers bikers or hacker freakers with
blue hair. The closed minded crypto gods focus into to narrow
of an area. If they judge a person by the clothes they wear
or some certificate that says they know crypto. Then I guess
they don't desire to break real world crypto systems terroists
may use. Unless they think because of many terroist anti jew
or christian beliefs that they think they can fool them for
ever into swiss made crypto machines the NSA has bugged or
some common piece of crypto software from the net with large
back doors. Some of these people are educated and can read code
and think for themselves. Just because our societies have
become bloated and closed to free innovation doesn't mean
all societies will succum to our same desease.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Dan Jacobson <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: can't find the unix crypt(1) command these days
Date: 19 Mar 2001 14:45:28 +0800
OK, I think I remember the password to my files, so maybe I don't need
the nowadays uncompilable Crypt Breakers Workbench. All I need is the
good old unix
$ crypt
command. However I don't see it being shipped along with debian or
mandrake. Is this due to export restrictions or is it just that
nobody's bothered to maintain it?
So how does one on today's linux decrypt files happily encrypted 8
years ago with the unix crypt(1) command thinking it would be around
later to decrypt them? Moral of story: all I did was ending up
preventing myself from viewing my files.
--
http://www.geocities.com/jidanni Tel886-4-25854780 e-mail:restore .com.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Strong Primes
Date: Tue, 20 Mar 2001 14:14:39 -0800
The move to lambda(N) is necessary for the proof because the short cycles
are not a result of p or q, but of the lambda reduction of them. This stems
from the inversion of RSA (aka decryption) which requires, not knowledge of
p or q, but knowledge of lambda(N).
The only important point in that paper comes form page 18:
"The gist of this paper is thus that strong primes offer little protection
beyond that offered by random primes."
Everything else is just argument for that statement.
Joe
"Peter Engehausen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hello!
>
> I need some with a publication of Rives & Silverman.
> The paper is called "Are Strong Primes needed for RSA?"
> and is available at
>
> ftp://ftp.rsasecurity.com/pub/pdfs/sp2.pdf
> or
> ftp://ftp.rsasecurity.com/pub/ps/sp2.ps .
>
> The part that causes me trouble is page 17-18.
>
> I tried to contact both authors, but they seem to busy to help me.
>
> Here is a portion the last e-mail I wrote to Mr. Silverman before he
> went silent.
> The ".Yes" is his reply on a question I asked before.
>
> --- zip ---
>
> >> Is it necessary for this argumentation to assume that
> >> r does not divide ord(e) mod \lambda(N)?
>
> > ...Yes
>
> Hm... That's the crunch point. Why is it necessary to go over to the
> order of e mod \lambda(N)?
> Why can't we keep looking at the order of e mod p and finish the
> argumentation with:
> "If r does not divide ord(e) mod p than e is an r-th power mod p. The
> number of solutions..." without looking at the order of e mod \lambda(N)
>
> at all?
>
> I sort of assume that it's necessary to discuss the order of e mod
> \lambda(N) in order to estimate the size of k in equation 16: C^e^k = C
> (mod N). If this is so I still fail to understand the following part:
>
> "Suppose r does not divide ord(e) mod \lambda(N). It follows immediately
>
> that e must be an r-th power mod p. This follows form Lagrange's
> Theorem: ord(e) must divide p-1, and we have assumed that r divides p-1
> but r does not divide ord(e). Hence e must be an r-th power mod p."
>
> ord(e) mod \lambda(N) must divide p-1? I'm not sure if I remember
> Lagrange's Theorem well... The order of a subgroup divides the order of
> it's group. Hence for every e which is coprime to \lambda(N) the order
> of e mod \lambda(N) must divide the order of (Z/\lambda(N)Z)^*. This is
> \phi(\lambda(N)), isn't it? I can't see why ord(e) divides p-1...
>
> And further on: You say, if r and ord(e) divide both p-1 and r doesn't
> divide ord(e) than e must be an r-th power.
> Sounds obvious, but why? I'm still too blind to see through.
>
> --- zip ---
>
> Thank you!
>
> Peter Engehausen
>
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: [OT] Why Nazis are evil
Date: 20 Mar 2001 22:19:51 GMT
[EMAIL PROTECTED] (David Schwartz) wrote in
<[EMAIL PROTECTED]>:
>
> I could see you posting this same argument to a certain person who
>tried to convince others that the Earth wasn't the center of the
>universe.
>
There are different kinds of centers. Center of gravity. Geometric
center. You pick whatever works as the center for what your doing.
To most people there on body is the center of the iniverse. Every
thing else is out there.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: How to eliminate redondancy? (moving steadily towards being computer
science terminology)
Date: 20 Mar 2001 22:11:34 GMT
[EMAIL PROTECTED] (Joseph Ashwood) wrote in <ecUrB1XsAHA.273@cpmsnbbsa07>:
>Again quite some misunderstanding.
>
Like wise I'm sure. It obvious you didn't even
try to comprend what I was saying. So lets make it simple
If one is compressing a file X to get file Y and encrypts
using key K1 to get file Z
then it is best for the whole encryption process to be
bijective. The process being the compression followed by
the encryption.
Which means if you tried to decrypt Z with any key K2. Where
K2 not equal to K1 you get a file B. You then decompress
B to get A. This A is the file then when compressed B is
formed and when encypted with key K2 you get Z back.
The big weaknes in many encryption systems. Is that selection
of K2 lead immediately to some theing that is impossible.
meaning that the decompression of B to a possible input file A
which can be compressed back to B does not exisit.
Therefore the attacker knows K2 is not the correct key.
Could you follow the above or was it something you just
coundn't get into.
But if you use "truely bijective compression" properly
mated to "truely bijective encryption" then the whole
process can be bijective. This clearly is not done in
commerical packages like PGP. As far as I know I will state
again. Is in stuff Matt and I do. And clearly Matts is
easier for people to use.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: talk.politics.crypto
Subject: Re: looking for "Crowds"
Date: 20 Mar 2001 22:15:05 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in <3AB7CB6C.1B964F3B@t-
online.de>:
>
>
>Paul Rubin wrote:
>>
>
>> Yes, see http://www.research.att.com/projects/crowds for info.
>
>I like to remark that a primitive way of anonymous browsing
>is to do it from an internet cafe/shop.
>
>M. K. Shen
>
This is something we can agree on. Primitive but effective.
Best to hide your face from any cameras and where rubber gloves.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: FBI book about Hanssen
Date: Tue, 20 Mar 2001 21:37:05 GMT
ROBERT PHILIP HANSSEN - ALLEGED KGB "MOLE" WITHIN THE FBI
now available from Aegean Park Press (www.aegeanparkpress.com)
------------------------------
From: Darryl Wagoner <[EMAIL PROTECTED]>
Subject: Advice on storing private keys
Date: Tue, 20 Mar 2001 17:42:10 -0500
Reply-To: [EMAIL PROTECTED]
Greetings,
I am working on a open source digital signature system using openssl DSA
functions. I have
create my own cert format because of special needs of ham radio users.
I would like to encrypt
the private keys for safe keeping, but the passwords/key needs to be
kept short.
Any suggestions?
Also if anyone is willing to audit my source code to make sure I didn't
do something
stupid I would be greatfully for that as well.
thanks and 73
Darryl WA1GON
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Defining a cryptosystem as "broken"
Date: Tue, 20 Mar 2001 14:28:34 -0800
Of course the user will have problems. That's where well paid cryptanalysts
come in :) I think I can say safely that we all agree that most systems
simply haven't been designed with security in mind (I point to MS <insert
name here/> as an example). The difference is that I did not say this is a
countable set, only you have made that assumption about what I have said.
What I have said is that a threat/attack model needs to be made, I have
never said that it is an easy problem, I have never said that the set of all
models is countable (although because I expect that they will all be finite
in length they are not only countable but finite), I have only said that one
needs to be constructed for the situation. Choosing the right model should
be done for the user, in fact the programmer will fix the threat/attack
model whether he/she knows it or not. The only decision about the
threat/attack model that the user makes is which programs to use. I am not
discussing an arbitrary change it at run time impossibility, I am discussing
exactly what I have done for a period of years now, define threat/attack
models for things, make sure at design-time (and through later review) that
it meets that model. That is a solvable problem, the changing threat models
based on user input is not (although a selection from a small set of them
may be possible, see SSL as an example).
Joe
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Joseph Ashwood wrote:
> >
> > I guess I should have been more particular in my statements. I assumed
that
> > the threat/attack models would be built to the applications, potentially
> > with multiple levels of model, where a secure system has a given model
that
> > sets requirements, the programs and operating system offer various
> > components to this, etc down to whatever arbitrary level is required.
>
> Suppose that one succeeds to do that, i.e. all envisageable
> threat/attack models could be selectd for an implementation
> of a cipher (to be chosen by parameters input by the
> user) -- a matter I, though, seriously doubt --, how sure
> is the user in having chosen the right model? For example,
> if one model assumes that the opponent has a certain
> amount of computing resources but the user doesn't have
> exact informations about what opponent has, doesn't the user
> have to do some subjective (hence problematical) decisions
> in selecting that model?
>
> M. K. Shen
------------------------------
From: "JCA" <[EMAIL PROTECTED]>
Subject: Re: A future supercomputer
Date: Tue, 20 Mar 2001 14:32:11 -0800
In article <[EMAIL PROTECTED]>, "Mok-Kong Shen"
<[EMAIL PROTECTED]> wrote:
> BTW, I read that ASCI White has about 1/1000th of the estimated
> computational power of the human brain. So with Blue Gene a machine
> could have a solid foundation to attempt to compete with a human being.
> M. K. Shen
Well, I don't know about that. In the first place, we don't really know
how the brain does it. We know a few things, but the bottom line is as
much shrouded in mystery as it ever was.
Secondly, even if ASCI White has 1/1000th of the estimated computational
power of the human brain, that doesn't mean that we know how to harness such
horsepower to do what the brain does. Ditto for Blue Gene.
Third, the 1/1000th figure gives something comparable to what? Some
run-of-the-mill animal? They can do quite a few things that computers
can't, but it's beyond their powers quite a few things that the human
brain can do.
Fourth, since we don't know how the human brain really works, I for
one regard the accuracy of the 1/1000th estimate (and whatever the
estimate for Blue Gene) with a lot of skepticism.
My feeling is that even if such estimates about ASCI (or Blue Gene) were
correct, this behemoth would not be one inch closer to effectively competing
with the human brain, except in very constrained, well-defined, rigid
environments - something that computers have done all along anyway. Thus, if
Deep Thought was just able to beat Kasparov, Blue Gene would probably beat
the crap out of him. That wouldn't make it any more human though.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: How to eliminate redondancy? (moving steadily towards being computer
science terminology)
Date: Tue, 20 Mar 2001 14:50:05 -0800
You still seem to be lacking in any significant amount of either computer
science knowledge, or innate ability to do this.
Specifying things down to "encryption" and "compression" is useless and very
much limits your ability to see what is actually happening. So please stop
trying to take offense and start trying to understand what is being said.
Encryption need not, and in many cases should not be bijective. I will give
you a very simple proof. RSA, we both understand RSA as it was originally
presented. It is by definition bijective, each (output, key) pair maps to
one and only one input value, each (input, key) pair maps to one and only
one output. However it was shown to be weak, to avoid getting into too
extended of an example please see PKCS #1 version 1 and the reasons it was
updated.
Now at the next level out we have an additional algorithm, in the case of
original PKCS #1 this was completely bijective, and it was a part of the
break.
Any claim you make that the preprocessor and encryption need to be bijective
are invalidated by those two examples. Now if you would care to actually
learn about encryption, what it needs to be what it needs to not be, I
suggest you actually re-read what I said before.
Joe
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Advice on storing private keys
Date: 20 Mar 2001 14:57:57 -0800
Darryl Wagoner <[EMAIL PROTECTED]> writes:
> I am working on a open source digital signature system using openssl
> DSA functions. I have create my own cert format because of special
> needs of ham radio users. I would like to encrypt the private keys
> for safe keeping, but the passwords/key needs to be kept short.
>
> Any suggestions?
I don't understand what you're asking. What needs to be special about
the certificates? And OpenSSL already lets you encrypt keys by a
password.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Advice on storing private keys
Date: Tue, 20 Mar 2001 14:55:52 -0800
Honestly "small password" is the biggest problem however what you can do is
stretch the key like so:
hass = SHA-1(password, salt)
for i = 0 to 65536
hash = SHA-1(hass, salt)
end for
x = hass
verify public key
That eliminates the need for anything except a salt which can be 32-bits.
However this will only add 16-bits worth of strength, you can add k-bits by
for i = 0 to 2^k.
I would suggest that you make the salt as big as acceptable, and the
password also as big as possible.
I am also willing to audit the source code.
Joe
"Darryl Wagoner" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Greetings,
>
> I am working on a open source digital signature system using openssl DSA
> functions. I have
> create my own cert format because of special needs of ham radio users.
> I would like to encrypt
> the private keys for safe keeping, but the passwords/key needs to be
> kept short.
>
> Any suggestions?
>
> Also if anyone is willing to audit my source code to make sure I didn't
> do something
> stupid I would be greatfully for that as well.
>
> thanks and 73
> Darryl WA1GON
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
