Cryptography-Digest Digest #56, Volume #14 Sun, 1 Apr 01 18:13:00 EDT
Contents:
Re: Problematic Patent (Rich Wales)
Re: Idea - (LONG) ("Douglas A. Gwyn")
Re: Problematic Patent ("Sam Simpson")
Re: NEWS READER CRASHING (SCOTT19U.ZIP_GUY)
Re: texts on factoring? ("M.S. Bob")
Re: Idea - (LONG) (Mok-Kong Shen)
Re: AES VS. DES (SCOTT19U.ZIP_GUY)
Re: NEWS READER CRASHING (Mok-Kong Shen)
Re: AES VS. DES ("Tom St Denis")
Re: Problematic Patent (Rich Wales)
Re: AES VS. DES (Mok-Kong Shen)
Re: texts on factoring? (Paul Rubin)
Re: Idea - (LONG) (Nicol So)
Re: Problematic Patent (Mok-Kong Shen)
Re: texts on factoring? ("Tom St Denis")
Re: Idea - (LONG) (Nicol So)
Re: Idea - (LONG) (Mok-Kong Shen)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Rich Wales)
Subject: Re: Problematic Patent
Date: 1 Apr 2001 19:28:34 -0000
"boobaloo" wrote:
> A patent has been recently issued that appears absurdly
> broad . . . US patent 6165072 (enter number here:
> http://164.195.100.11/netahtml/srchnum.htm)
> Claim 51 would seem to cover any situation in which one
> sends encrypted data and then later sends the plaintext.
Actually, it sounds like it covers a situation in which one computes
and sends a checksum / fingerprint / signature / message digest of a
file, followed by the file itself. (Note that the patent describes
the transform as "irreversible".)
For example, if I post to a newsgroup (or on a Web page) saying that a
particular file is at such-and-so place on the net, and here's its MD5
fingerprint so you can verify that your downloaded copy of the file is
intact, then I've apparently infringed on this patent claim. (!)
An almost identical situation would be a CD-ROM with pieces of software
plus their MD5 checksums -- so the installation process can verify that
each piece of the distribution was read correctly from the CD. FreeBSD
releases have employed this technique for years, and I'm sure there are
many other examples. This isn't absolutely the same as what is claimed
in the patent (both the data and the checksum are sent simultaneously,
and sending someone a CD-ROM isn't exactly the same as sending data via
a network), but the differences seem trivial in my opinion.
Rich Wales [EMAIL PROTECTED] http://www.webcom.com/richw/pgp/
RSA, 2048 bits, ID 0xFDF8FC65, print 2A67F410 0C740867 3EF13F41 528512FA
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Sun, 01 Apr 2001 19:55:56 GMT
Mok-Kong Shen wrote:
> The r bits (as key) is assumed to be from a perfect source.
The plaintext source. Standard terminology.
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: Problematic Patent
Date: Sun, 1 Apr 2001 20:54:35 +0100
Rich Wales <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "boobaloo" wrote:
>
> > A patent has been recently issued that appears absurdly
> > broad . . . US patent 6165072 (enter number here:
> > http://164.195.100.11/netahtml/srchnum.htm)
> > Claim 51 would seem to cover any situation in which one
> > sends encrypted data and then later sends the plaintext.
>
> Actually, it sounds like it covers a situation in which one computes
> and sends a checksum / fingerprint / signature / message digest of a
> file, followed by the file itself. (Note that the patent describes
> the transform as "irreversible".)
>
> For example, if I post to a newsgroup (or on a Web page) saying that a
> particular file is at such-and-so place on the net, and here's its MD5
> fingerprint so you can verify that your downloaded copy of the file is
> intact, then I've apparently infringed on this patent claim. (!)
Or, to turn your comment on it's head: any use of this scheme previous to
4th Jan 00 would act as prior art?
--
Regards,
Sam
http://www.scramdisk.clara.net/
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NEWS READER CRASHING
Date: 1 Apr 2001 20:05:10 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in <3AC7728A.CF775BAB@t-
online.de>:
>
>
>John Savard wrote:
>>
>> [EMAIL PROTECTED] wrote:
>>
>> > I have noticed that sometimes I get a message that flat crashes
>> >my newsreader. I found it best to just not look at such messages
>> >a second time becasue it is repeatable. I use Xnews read for now
>> >but today I opened a message up and the next thing I new my browser
>> >opened and was sending mail. I killed the connection but has this
>> >happened to any one else. The post that caused the mail was in
>> >another news group but it kind of surprised me.
>>
>> There was a malicious JavaScript posting in several newsgroups -
>> including this one. Some newsreaders, like Free Agent, don't try to
>> execute content from postings you view.
>
>Note though that certain web pages that one access or links
>therefrom involve javascript. To be safe, one would have to
>deactivate javascript, I suppose. (In Netscape there is a
>switch for that.)
>
>M. K. Shen
>
I use netscape but computer did not run with IE. The
newsreader seems to wake IE up. Iuse netscape with javascript off
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.nbci.com/ecil/index.htm
Scott LATEST UPDATED sources for scott*u.zip
http://radiusnet.net/crypto/archive/scott/
Scott famous Compression Page
http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
A final thought from President Bill: "The road to tyranny,
we must never forget, begins with the destruction of the truth."
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Subject: Re: texts on factoring?
Date: Sun, 01 Apr 2001 21:09:35 +0100
Tom St Denis wrote:
>
> "Paul Rubin" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > "Sam Simpson" <[EMAIL PROTECTED]> writes:
> > > I think Koblitz is a good book, but is quite expensive.
> >
> > Geez, you're right, the 2nd ed. is $43.95 from bn.com. I remember when
> > I got the 1st ed it was only $20 or so, which was unusually low for a
> > Springer GTM book.
> >
> > Tom if you're going to college soon, it's possible that the college
> > library will have these books and you can read them there.
>
> I doubt that. "College" in Canada is like "State Colleges" in the states.
> It's not the most academic thing in the world. Plus Most people here think
> IT training actually implies a skill!
Most of the world seems to use college to mean any post-secondary
education. Of course you could go to Trinity College, Cambridge
University which is pretty academic if you want it to be.
Sidenote to not Canadians: In Canada "college" is normally used for
places that do not grant degrees. This includes post-secondary
vocational training such as private IT schools, or art/music schools.
I'm confident Paul Rubin meant a four-year degree-granting university.
Waterloo, Queen's and Carleton I'd guess would be top domestic picks for
Tom. Though I prefer smaller universities for undergraduate studies, for
more contact with professors.
I'd recommend finding a copy of
Hans Riesel, _Prime numbers and computer methods for factorization_,
1994 Springer Verlag; ISBN: 0817637435
to borrow (list price isn't cheap).
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Sun, 01 Apr 2001 22:19:27 +0200
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > The r bits (as key) is assumed to be from a perfect source.
>
> The plaintext source. Standard terminology.
Well, I think you are sort of 'arguing about words'.
Normally, when one is, say, talking about the strength of
a block cipher, one is not considering any restrictions
about the plaintexts that are to be processed by it,
isn't it? When we consider AES as practically unbreakable,
we mean it is safe to use it to encrypt ANY input,
which could be all 0's or anything particular or not. Do
you see my point?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: AES VS. DES
Date: 1 Apr 2001 20:11:26 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in <3AC77BB1.D6640803@t-
online.de>:
>
>
>"SCOTT19U.ZIP_GUY" wrote:
>>
>> Tom I know you think your joking. But it is trival to write a program
>> that could use full 256 key Rijndael and it would be trival to break.
>> All you have to do is use the oppsite principals that where used in
>> Matt's bijective compression encryption that uses Rijndael. I doubt
>> that I could break most applications the NSA ( oophs AES people ) will
>> come up with. But using non bijective padding with non bijective
>> compression is surely a trip in the direction of making it easier to
>> break. Oh yes the data coming out would be as is the Blocks Out of the
>> encryption due to Rijndeal would be the last stage. The AES people don't
>> really want one to use secrure encryption its obvious.
>
>Joke or not aside, I suppose you are not claiming that
>AES can be cracked with the current state of the art.
>
>M. K. Shen
>
I am not say i can crack pure RIJ... I am just saying
it would not be that hard to write a encryption program using
it where I use ECB and non bijective transforms in front
to make it easy to break. That is get the real message that was
encrypted. I am also saying I belive normal programs like
PGP are use poor methods so that the NSA can crack them. But I
don't have computing power so they can do it with fewer implanted
weaknesses in the implimentation. But even then its possible
the NSA could crack straight RIJ but it would be harder to break
it if they used something like Matts pure BICOM
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.nbci.com/ecil/index.htm
Scott LATEST UPDATED sources for scott*u.zip
http://radiusnet.net/crypto/archive/scott/
Scott famous Compression Page
http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
A final thought from President Bill: "The road to tyranny,
we must never forget, begins with the destruction of the truth."
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NEWS READER CRASHING
Date: Sun, 01 Apr 2001 22:25:24 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
> I use netscape but computer did not run with IE. The
> newsreader seems to wake IE up. Iuse netscape with javascript off
I deactivated javascript in the newsreader. When I then
accessed a web page with a link running a javascript, that
link didn't work. Also a local html-file that contained
a javascript didn't work. That would seem to contradict
your experience.
M. K. Shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: AES VS. DES
Date: Sun, 01 Apr 2001 20:36:04 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Mok-Kong Shen) wrote in <3AC77BB1.D6640803@t-
> online.de>:
>
> >
> >
> >"SCOTT19U.ZIP_GUY" wrote:
> >>
> >> Tom I know you think your joking. But it is trival to write a
program
> >> that could use full 256 key Rijndael and it would be trival to break.
> >> All you have to do is use the oppsite principals that where used in
> >> Matt's bijective compression encryption that uses Rijndael. I doubt
> >> that I could break most applications the NSA ( oophs AES people ) will
> >> come up with. But using non bijective padding with non bijective
> >> compression is surely a trip in the direction of making it easier to
> >> break. Oh yes the data coming out would be as is the Blocks Out of the
> >> encryption due to Rijndeal would be the last stage. The AES people
don't
> >> really want one to use secrure encryption its obvious.
> >
> >Joke or not aside, I suppose you are not claiming that
> >AES can be cracked with the current state of the art.
> >
> >M. K. Shen
> >
>
> I am not say i can crack pure RIJ... I am just saying
> it would not be that hard to write a encryption program using
> it where I use ECB and non bijective transforms in front
> to make it easy to break. That is get the real message that was
> encrypted. I am also saying I belive normal programs like
> PGP are use poor methods so that the NSA can crack them. But I
> don't have computing power so they can do it with fewer implanted
> weaknesses in the implimentation. But even then its possible
> the NSA could crack straight RIJ but it would be harder to break
> it if they used something like Matts pure BICOM
Using a cipher in pure ECB mode is just plain stupid though, nobody in their
right mind would do that with any sort of crypto knowledge...
You are side-arguing my point by injecting your stupid bijective "crap". My
OP was that you can take a good cipher and use it wrong. Note that wrong
doesn't mean anything that isn't "your way".
Scott why not realize that others may know what they are doing too. Sure
bijective compression is neat, but it's not a requirement or desirable in
efficient computing.
Tom
------------------------------
From: [EMAIL PROTECTED] (Rich Wales)
Subject: Re: Problematic Patent
Date: 1 Apr 2001 20:34:37 -0000
Sam Simpson wrote:
> Or, to turn your comment on it's head: any use of this
> scheme previous to 4th Jan 00 would act as prior art?
Well, the application for patent 6,165,072 was filed on 4 January
2000. However, the patent holders made very similar claims in an
earlier US patent (6,030,288), filed 2 September 1997 [see claim
13 in this earlier patent]. So I suppose use of this scheme would
have to precede that earlier date in order to qualify as prior art.
Still, I think anyone who wanted to challenge either of these patent
claims could easily find countless uses of MD5 or other checksum
schemes to show that this idea is not new.
Even if we restrict ourselves to information mentioned in earlier US
patents, take a look at patent 5,297,208 ("Secure file transfer system
and method"), filed in 1992. Claim 9 of this patent refers to the idea
of verifying data integrity via "secure hash functions".
Rich Wales [EMAIL PROTECTED] http://www.webcom.com/richw/
*DISCLAIMER: I am not a lawyer. My comments are for discussion
purposes only and are not intended to be relied upon as legal or
professional advice.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: AES VS. DES
Date: Sun, 01 Apr 2001 23:00:04 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
> >Joke or not aside, I suppose you are not claiming that
> >AES can be cracked with the current state of the art.
> I am not say i can crack pure RIJ... I am just saying
> it would not be that hard to write a encryption program using
> it where I use ECB and non bijective transforms in front
> to make it easy to break. That is get the real message that was
> encrypted. I am also saying I belive normal programs like
> PGP are use poor methods so that the NSA can crack them. But I
> don't have computing power so they can do it with fewer implanted
> weaknesses in the implimentation. But even then its possible
> the NSA could crack straight RIJ but it would be harder to break
> it if they used something like Matts pure BICOM
I mentioned previously that for people not using compression
any issue about compression is by definition not relevant
and that, for those who use adaptive Huffman, using a (secret)
sequence to prime the compressor renders the 'actual'
(specific version of) compressor unknown to the opponent,
thus making it imfeasible for him to gain any useful
information through decompression/recompression. This is
easier to get acceptance than any yet barely known schmes,
I guess.
M. K. Shen
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: texts on factoring?
Date: 01 Apr 2001 14:04:53 -0700
"Tom St Denis" <[EMAIL PROTECTED]> writes:
> I doubt that. "College" in Canada is like "State Colleges" in the states.
> It's not the most academic thing in the world. Plus Most people here think
> IT training actually implies a skill!
Oh ok. I hope you're not going to one of those places where you find
out how to become a Windows NT network admin. Switch to a regular
university if you can.
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Sun, 01 Apr 2001 17:07:34 -0400
Reply-To: see.signature
Mok-Kong Shen wrote:
>
> "Douglas A. Gwyn" wrote:
> >
> > Mok-Kong Shen wrote:
> > > The r bits (as key) is assumed to be from a perfect source.
> >
> > The plaintext source. Standard terminology.
>
> Well, I think you are sort of 'arguing about words'.
That's not "arguing about words"--that's being precise.
> Normally, when one is, say, talking about the strength of
> a block cipher, one is not considering any restrictions
> about the plaintexts that are to be processed by it,
> isn't it? When we consider AES as practically unbreakable,
> we mean it is safe to use it to encrypt ANY input,
> which could be all 0's or anything particular or not. Do
> you see my point?
Information theory says that in order to achieve perfect secrecy, the
entropy in the key has to be greater than or equal to the entropy in the
plaintext. This is a *precise* characterization of the necessary
condition for perfect secrecy.
If you take source entropy out of consideration, the kind of statements
you can make becomes less precise. You can avoid explicitly considering
plaintext entropy by upper-bounding it, but the kind of statements you
can prove will be worst-case bounds that are *not* tight. Such
statements, for example, won't tell you exactly how much key entropy
you'll need for a source of non-maximum entropy.
--
Nicol So, CISSP // paranoid 'at' engineer 'dot' com
Disclaimer: Views expressed here are casual comments and should
not be relied upon as the basis for decisions of consequence.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Problematic Patent
Date: Sun, 01 Apr 2001 23:06:20 +0200
Rich Wales wrote:
>
[snip]
> Still, I think anyone who wanted to challenge either of these patent
> claims could easily find countless uses of MD5 or other checksum
> schemes to show that this idea is not new.
I conjecture that the dilemma is that, in case of claimed
violation, one has to bring up a sufficient amount of
money for defense in court, i.e. the patent holder could
have some advantage, if he has more money.
M. K. Shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: texts on factoring?
Date: Sun, 01 Apr 2001 21:12:53 GMT
"Paul Rubin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> writes:
> > I doubt that. "College" in Canada is like "State Colleges" in the
states.
> > It's not the most academic thing in the world. Plus Most people here
think
> > IT training actually implies a skill!
>
> Oh ok. I hope you're not going to one of those places where you find
> out how to become a Windows NT network admin. Switch to a regular
> university if you can.
I am taking a 3yr Comp.Sci "diploma" It will be a joke, but for idiots like
me it works out ok :-)
Tom
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Sun, 01 Apr 2001 17:20:00 -0400
Reply-To: see.signature
Nicol So wrote:
>
> If you take source entropy out of consideration, the kind of statements
> you can make becomes less precise. You can avoid explicitly considering
> plaintext entropy by upper-bounding it, but the kind of statements you
> can prove will be worst-case bounds that are *not* tight. ...
Oops. What I wrote didn't exactly convey what I meant. What I meant to
say was: the provable results can only tell you worst-case bounds, which
are not tight when *applied to a particular situation*. But as
worst-case bounds, they may be tight.
--
Nicol So, CISSP // paranoid 'at' engineer 'dot' com
Disclaimer: Views expressed here are casual comments and should
not be relied upon as the basis for decisions of consequence.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Sun, 01 Apr 2001 23:46:57 +0200
Nicol So wrote:
>
> Nicol So wrote:
> >
> > If you take source entropy out of consideration, the kind of statements
> > you can make becomes less precise. You can avoid explicitly considering
> > plaintext entropy by upper-bounding it, but the kind of statements you
> > can prove will be worst-case bounds that are *not* tight. ...
>
> Oops. What I wrote didn't exactly convey what I meant. What I meant to
> say was: the provable results can only tell you worst-case bounds, which
> are not tight when *applied to a particular situation*. But as
> worst-case bounds, they may be tight.
I am not sure that I understand you. First, a global
question: Are you criticizing Shannon's result in any sense?
I am not aware of any cipher that says 'this cipher
is recommended only for use on plaintexts that have at
least such and such an amount of entropy'. I think that
that's not viable for a practical reason: One barely knows
how much entropy there is in a piece of plaintext. Further,
Shannon's perfect security says only that the opponent's
aposteriori knowledge is equal to his apriori knowledge,
if I don't err. I don't yet see how Douglas Gwyn's
'pattern of plaintext' could be an issue that affects the
arguments of OTP.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
