Cryptography-Digest Digest #966, Volume #13 Thu, 22 Mar 01 01:13:01 EST
Contents:
Re: A future supercomputer ("Douglas A. Gwyn")
Re: What happens when RSA keys don't use primes? ("Tom St Denis")
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) ("Tom St Denis")
Re: [OT] Java ("Douglas A. Gwyn")
Re: DEA standard S-tables beginner question. ("Douglas A. Gwyn")
Re: I was so so right about PGP ... so right when I started writing about PGP and
about one author .... so right ..... (Eric Lemar)
Re: redodancy ("Douglas A. Gwyn")
Re: One-time Pad really unbreakable? ("Douglas A. Gwyn")
Re: An extremely difficult (possibly original) cryptogram ("Douglas A. Gwyn")
Fill-in-the-blank codes (similar to Error-correcting codes) (Bob Harris)
Re: How to eliminate redondancy? (moving steadily towards being (Steve Portly)
Re: Fill-in-the-blank codes (similar to Error-correcting codes) (Randy Poe)
Re: unbreakable code ("Scott Fluhrer")
Re: How to eliminate redondancy? (moving steadily towards being computer science
terminology) ("Tom St Denis")
Re: NSA in the news on CNN (JPeschel)
Re: can a remailer send a message to multiple people? (An Metet)
Re: RC4 test vectors after gigabyte output?. (Gregory G Rose)
Re: Attn: Chris Drake and Thomas Boschloo (Chris)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: A future supercomputer
Date: Thu, 22 Mar 2001 01:10:36 GMT
JCA wrote:
> ... I don't think that throwing in more computational power helps
> all that much, and I therefore don't agree with you. That is,
> there are a number a fundamental issues that must be understood
> and sorted out first. Till then, this extra horsepower, in my view,
> albeit welcome, is not likely to cast much more new light, much
> less to provide a solid foundation to compete with humans.
Absolutely. In the early days of digital computers, they were
called "giant brains" etc., but their operation is quite unlike
that of real brains. To the extent that machine "intelligence"
has been attained at all, it has not been done in the same way
that humans go about thinking. Pouring cycles on the MI problem
makes even less sense than pouring money on social problems.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: What happens when RSA keys don't use primes?
Date: Thu, 22 Mar 2001 01:26:14 GMT
"Mxsmanic" <[EMAIL PROTECTED]> wrote in message
news:bv7u6.25457$[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> news:3u6u6.98761$[EMAIL PROTECTED]...
>
> > No it means you should use a mathematically sound
> > probable prime generator such that the probability
> > of failure is astronomically small. (i.e Rabin-Miller)
>
> And if it fails, how will you know?
You just will... who cares if the probability of failure is 2^-107 will you
ever see a failure?
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: How to eliminate redondancy? (moving steadily towards being computer
science terminology)
Date: Thu, 22 Mar 2001 01:27:39 GMT
"Steve Portly" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tom St Denis wrote:
>
> > "SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > [EMAIL PROTECTED] (Tom St Denis) wrote in
> > > <xU4u6.98657$[EMAIL PROTECTED]>:
> > >
> > > >
> > > >"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> > > >news:[EMAIL PROTECTED]...
> > > >> [EMAIL PROTECTED] (Tom St Denis) wrote in
> > > >> <ep4u6.98534$[EMAIL PROTECTED]>:
> > > >>
> > > >> >
> > > >> >"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> > > >> >news:[EMAIL PROTECTED]...
> > > >> >> I think you know my anwser to that but to elighten others I
> > > >> >> will explain what a good sized key is. It is as large as
possilbe
> > > >> >> while getting the job done so as to not to cause the user to
much
> > > >> >> time waiting.
> > > >> >
> > > >> >There are other problems with using million byte keys.
> > > >> >1. Where to get that much good entropy?
> > > >>
> > > >> Godd question. The anwser is you most likely don't.
> > > >> But at least with my system you can use what you can get.
> > > >> And you can still use a passord of any size to use the
> > > >> key. Of cousre just like anything else best to use on
> > > >> computer you have full control of. And if your master
> > > >> password to short and some. One gets to test it they
> > > >> may find the password.
> > > >
> > > >Ahh... but would a million bad bits be better then 192 good bits (bad
=
> > > >nonrandom, good=random as can be)
> > > >
> > >
> > > If by bad you mean something like the total amount of entropy
> > > in the not so random million bits. Was less than the entropy
> > > in the more random 192 bits. Then I think even a kid like you
> > > knows the anwser. But using 200 bits where the first 192 bits
> > > are the same as your short key. and 8 good random bits would most
> > > likely kick ass if first part of millon bit key.
> >
> > Hmm you missed the point. If you have a million bit key but every bit
is
> > biased by say p=0.999999999, q=0.000000001 then what's the point?
> >
> > My real point is about efficiency. It's easier to get, store, use,
> > manipulate 192 (or whatever...) bits then 1million bits. So if 192 bits
are
> > truly random and only say 1/10000 of the million bits are random then is
it
> > really any better?
> >
> > Note that the avg RNG based on a computer only gets about a few bits per
> > second at the most. If you sample too quickly it's not decorrelated
> > enough.... so a million bit key could take a week to make whereas 192
bits
> > may take a minute or so...
> >
> > Tom
>
> Even if you could get a thousand good bits of entropy a second, this still
isn't
> enough bits to supply something like a Vernam cipher variant for a server
> application.
And your point.
Tom
>
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: [OT] Java
Date: Thu, 22 Mar 2001 01:28:26 GMT
Tom St Denis wrote:
> I have to use Java at work, and while learning another lang is neat it's
> tiresome to get stupid errors over stuff C would just warn about...
Nobody is a bigger supporter of C than I am, but you are on the
wrong track here. The *reason* you get warnings/errors is almost
certainly that you have done something *wrong* (at least in the
sense that it will not work as you expect on some platforms).
We used to hear similar complaints about "lint" warnings for C
programs. The most useful response is to take the time to
*understand* what the significance of the warning is and learn
a better approach that works on every platform. It saves time
in the long run and makes for better, more reliable products.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: DEA standard S-tables beginner question.
Date: Thu, 22 Mar 2001 01:33:48 GMT
Yaniv Sapir wrote:
> Now, is there an analytical way of extracting the tables elements
> (i.e., instead of using look-up tables, I want to calculate the
> output, based on the 6-bit input)?
Of course one could devise a function specifically for that,
but I assume you mean is there a compact, fast replacement.
The answer is that the fastest software implementation of the
S-boxes is nearly always as look-up tables. (And they aren't
very big.)
------------------------------
From: Eric Lemar <[EMAIL PROTECTED]>
Subject: Re: I was so so right about PGP ... so right when I started writing about
PGP and about one author .... so right .....
Date: Thu, 22 Mar 2001 01:36:06 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> Try this in Java...
> static int myfunction(int a)
> {
> if (a == 0) a = 4;
> /* testing something */
> return a * 3;
> /* more code */
> a = a << 1;
> return a;
> }
> Yes it's bad coding but if you wanted to return early just to try something
> you can't in Java... in C you get a warning and that's it.
> Tom
If you want a stupid work around, do
if (true) return a*3;
No, javac isn't horribly intelligent :)
eric
--
===========================
Eric Lemar
[EMAIL PROTECTED] http://www.cs.washington.edu/homes/elemar
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: redodancy
Date: Thu, 22 Mar 2001 01:39:35 GMT
dexMilano wrote:
> Is there some simple algoritm to remove redodancy in text?
Yes, but no single simple algorithm does the best job with
all possible inputs. For natural language text an obvious
solution is to look up each phrase (using individual words
and "maximal munch") in a code book and substitute the code
word. If the code book is well designed, common text can
be compressed to a small fraction of its original size.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: One-time Pad really unbreakable?
Date: Thu, 22 Mar 2001 01:40:23 GMT
Jonathan Thornburg wrote:
> Oops, careless typing -- make that "solipsism".
That's okay -- we know the invisible elf made you do it.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: rec.puzzles
Subject: Re: An extremely difficult (possibly original) cryptogram
Date: Thu, 22 Mar 2001 01:44:03 GMT
daniel mcgrath wrote:
> How did you get "general" and "however"?
A combination of context and matching pieces,
like the "ve" in "however" with the "ve" in "very".
The first is a hunch, the second acts as confirmation.
------------------------------
From: Bob Harris <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.dsp
Subject: Fill-in-the-blank codes (similar to Error-correcting codes)
Date: Wed, 21 Mar 2001 21:07:54 -0500
Howdy,
(I'm told it's good usenet ettiquet that when cross posting request replies
be made only to one group; if you agree, please direct replies to sci.math
only)
I'm looking for information on a topic similar to error-correcting codes,
but I'm not sure if work has been done on this type of code, and if so, what
it would be called in the literature.
The idea is to have a code that includes two redundant bits, and be able to
'correct' any two errors, with the additional knowledge of which two bits
might be errant.
For example, if I wanted to have a 7-bit code (2 of the bits are redundant),
I might receive 0 0 x 0 x 1 0, where 'x' indicates missing bits. I need to
be able to fill in the missing bits (which is why I called this 'fill in the
blanks).
If only 1 bit can be missing then the problem is easy-- the single redundant
bit is a parity bit (regardless of the number of message bits). I've tried
to solve the 2-bit problem, but have been unsuccessful. I can't even prove
to myself whether it is possible or impossible. I understand the basics of
algebraic codes, so I don't feel like I'm a total dimwit. On the other
hadn, I feel like I oughta be able to crack this nut.
Any help/pointers would be appreciated. I'm not looking for someone to
solve the problem, just to point me in the right (or promising) direction.
Thanks,
Bob Harris
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Subject: Re: How to eliminate redondancy? (moving steadily towards being
Date: Wed, 21 Mar 2001 21:34:46 -0500
Tom St Denis wrote:
<snip>
> > > Note that the avg RNG based on a computer only gets about a few bits per
> > > second at the most. If you sample too quickly it's not decorrelated
> > > enough.... so a million bit key could take a week to make whereas 192
> bits
> > > may take a minute or so...
> > >
> > > Tom
> >
> > Even if you could get a thousand good bits of entropy a second, this still
> isn't
> > enough bits to supply something like a Vernam cipher variant for a server
> > application.
>
> And your point.
>
> Tom
> >
The point is that even though "super ciphers" are fun to dream up they are not
very practical for commercial servers running on a pentium and certainly aren't
efficient. The major drawbacks of "super ciphers" are higher bandwidth and the
need for special equipment to make them practical. This is especially true with
high volume commercial servers.
Although the commercial hardware has been getting better and faster
exponentially over the decades with major security improvements such as fiber
optics, the amount of entropy in our commercial ciphers has not. I am sure
most of the regular readers of sci.crypt understand the limitations that good
cryptography imposes on the commercial code writers.
------------------------------
From: [EMAIL PROTECTED] (Randy Poe)
Crossposted-To: sci.math,comp.dsp
Subject: Re: Fill-in-the-blank codes (similar to Error-correcting codes)
Date: Thu, 22 Mar 2001 02:58:46 GMT
On Wed, 21 Mar 2001 21:07:54 -0500, Bob Harris
<[EMAIL PROTECTED]> wrote:
>Howdy,
>
>(I'm told it's good usenet ettiquet that when cross posting request replies
>be made only to one group; if you agree, please direct replies to sci.math
>only)
>
>I'm looking for information on a topic similar to error-correcting codes,
>but I'm not sure if work has been done on this type of code, and if so, what
>it would be called in the literature.
>
>The idea is to have a code that includes two redundant bits, and be able to
>'correct' any two errors, with the additional knowledge of which two bits
>might be errant.
>
>For example, if I wanted to have a 7-bit code (2 of the bits are redundant),
>I might receive 0 0 x 0 x 1 0, where 'x' indicates missing bits. I need to
>be able to fill in the missing bits (which is why I called this 'fill in the
>blanks).
This sounds like standard Hamming code stuff. There are
error-detection and correction schemes for as many missing bits as you
like. As you say, one parity bit can detect one erroneous bit. You
need more in order to detect exactly which bit is at fault. And with
even more bits, you can extend the concept, adding as much redundancy
as you like.
>If only 1 bit can be missing then the problem is easy-- the single redundant
>bit is a parity bit (regardless of the number of message bits). I've tried
>to solve the 2-bit problem, but have been unsuccessful. I can't even prove
>to myself whether it is possible or impossible. I understand the basics of
>algebraic codes, so I don't feel like I'm a total dimwit. On the other
>hadn, I feel like I oughta be able to crack this nut.
Don't feel bad, it's a big subject and deeper than you might suspect.
I think Galois' name is attached to a lot of it. Look for "coding
theory", that ought to get you what you want.
- Randy
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: unbreakable code
Date: Wed, 21 Mar 2001 19:06:03 -0800
dexMilano <[EMAIL PROTECTED]> wrote in message
news:99ad0o$dorm$[EMAIL PROTECTED]...
> For the others
> "
> ....
> About all Rabin's scheme buys you is that you don't have to know how
> to build a decent random number generator. In all other respects it's
> just a standard one-time pad.
Errr, no. For one, the key (the offsets into the random stream) is
relatively short compared to the encrypted message. In addition, it has the
further feature that (given that the memory assumptions about the attacker
are valid), if the key is revealed at a later time, the attacker *still*
can't decrypt the message.
Now, personally, I don't see why the "it doesn't matter if the keys are
latter stolen" feature is that big a deal -- I don't see what's so difficult
about destroying the key after using it -- but it is something that OTP
doesn't give you.
>
>
> -Ben
>
> ".
> Jacob, thx for reference.
>
> dex
>
> "Jakob Jonsson" <[EMAIL PROTECTED]> ha scritto nel messaggio
> news:997v4h$pvn$[EMAIL PROTECTED]...
> > Search for <Rabin unbreakable> at
> >
> > http://groups.google.com/groups?hl=sv&lr=&safe=off&group=sci.crypt
> >
> > Jakob
> >
> > "dexMilano" <[EMAIL PROTECTED]> skrev i meddelandet
> > news:997s3u$3hpv$[EMAIL PROTECTED]...
> > > I'm looking some info on this algorithm.
> > >
> > > http://www.securitywatch.com/newsforward/default.asp?AID=5955
> > >
> > > any help will be welcome
> > >
> > > thx
> > >
> > > dex
> > >
> > >
> >
> >
>
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: How to eliminate redondancy? (moving steadily towards being computer
science terminology)
Date: Thu, 22 Mar 2001 03:44:55 GMT
"Steve Portly" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tom St Denis wrote:
> <snip>
>
> > > > Note that the avg RNG based on a computer only gets about a few bits
per
> > > > second at the most. If you sample too quickly it's not decorrelated
> > > > enough.... so a million bit key could take a week to make whereas
192
> > bits
> > > > may take a minute or so...
> > > >
> > > > Tom
> > >
> > > Even if you could get a thousand good bits of entropy a second, this
still
> > isn't
> > > enough bits to supply something like a Vernam cipher variant for a
server
> > > application.
> >
> > And your point.
> >
> > Tom
> > >
>
> The point is that even though "super ciphers" are fun to dream up they are
not
> very practical for commercial servers running on a pentium and certainly
aren't
> efficient. The major drawbacks of "super ciphers" are higher bandwidth
and the
> need for special equipment to make them practical. This is especially
true with
> high volume commercial servers.
>
> Although the commercial hardware has been getting better and faster
> exponentially over the decades with major security improvements such as
fiber
> optics, the amount of entropy in our commercial ciphers has not. I am
sure
> most of the regular readers of sci.crypt understand the limitations that
good
> cryptography imposes on the commercial code writers.
So what? I could make a super 1000 round feistel that takes 200 bits of key
material per round. That isn't hard!
It's fun and hard when you say "a fast cipher" and "a secure cipher" and "a
pratical cipher" in the same sentence about the same cipher.
Tom
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 22 Mar 2001 04:37:05 GMT
Subject: Re: NSA in the news on CNN
[EMAIL PROTECTED] writes, in part:
>but somehow I don't think it's
>possible to support operations by selling coffee mugs :-)
>
Ah, but you forget about the proceeds from the bake sales,
car wash, and Friday night bingo, which are already in the
works. Don't tell anyone, though: it's a secret!
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: An Metet <[EMAIL PROTECTED]>
Subject: Re: can a remailer send a message to multiple people?
Date: Thu, 22 Mar 2001 05:11:18 GMT
> Can I use the mixmaster 2.0.3 to send a message anonymously to more
> than one person? Thanks.
Up to four individuals or newsgroups per invocation. Good Luck.
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Subject: Re: RC4 test vectors after gigabyte output?.
Date: 21 Mar 2001 21:32:32 -0800
In article <u5C3OpCcF7b2VNiAEyPmh3csFGJy@wingate>,
Luis Yanes <[EMAIL PROTECTED]> wrote:
>There is any RC4 test vectors after gigabyte output?.
Well, not a gigabyte.
Initialise RC4 (or equivalent) with the 8 byte key
"test key". Then the first 44 output bytes are:
unsigned char expected[] = {
0xbd, 0xe9, 0x5c, 0xb5, 0x2b, 0x8d, 0xf8, 0xfb,
0xf2, 0xb7, 0x51, 0xf6, 0x5b, 0xe1, 0xdf, 0x3e,
0xd7, 0x4b, 0x45, 0x7a, 0xe9, 0x76, 0x4d, 0x26,
0x2f, 0x43, 0xa4, 0x70, 0x9a, 0x2a, 0xc9, 0x4e,
0x11, 0x23, 0x89, 0x7b, 0x02, 0x2a, 0x4f, 0x07,
0x80, 0x98, 0xa1, 0xa0,
};
With the same initialisation, throw away 1MB (that
is, 1048576 bytes) and the next 44 are:
unsigned char meg_expected[] = {
0x6b, 0x10, 0xd6, 0x79, 0xc8, 0x87, 0xa1, 0x26,
0xee, 0x2d, 0x7b, 0xd6, 0xbe, 0x04, 0xbe, 0x0c,
0x8f, 0x7a, 0xb3, 0xf0, 0xe0, 0xb8, 0xbd, 0xb5,
0x0f, 0x0c, 0x52, 0x33, 0xae, 0x62, 0xdd, 0x9e,
0x38, 0x4d, 0x03, 0xdd, 0xaf, 0x56, 0xcd, 0x07,
0xb1, 0x89, 0x0c, 0x13,
};
As someone else pointed out, this is indeed a
meaningful test. An even better test (but I don't
have a test vector for it) is to generate some
output, and use that output to rekey the cipher,
and iterate this process a large number of times
(say 1000000).
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
------------------------------
Date: Thu, 22 Mar 2001 16:49:55 +1100
From: Chris <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss,alt.privacy.anon-server
Subject: Re: Attn: Chris Drake and Thomas Boschloo
So Thomas, you have written a program which records the current time.
Well done. Now, all you've got to do is get some keystrokes in there,
and you'll be on your way to showing that one of your SIX ridiculous
claims has some weight.
You've got 3 and a half days left - you'd better get busy!
Required:-
http://groups.google.com/groups?q=&hl=en&lr=&group=alt.security.pgp&safe=off&rnum=9&seld=914264994&ic=1&filter=0
(-; Chris.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
