Cryptography-Digest Digest #141, Volume #14 Sat, 14 Apr 01 17:13:01 EDT
Contents:
Utimaco a Supplier of the German Armed Forces ? (Frank Gerlach)
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Mok-Kong Shen)
Re: please comment (Mok-Kong Shen)
Re: Graphical representation of a public key (or fingerprint)? ("Michael Schmidt")
Re: Graphical representation of a public key (or fingerprint)? ("Matt Timmermans")
LFSR Security (Nathan E. Banks <[EMAIL PROTECTED]>)
Re: please comment (Darren New)
Re: please comment ("Paul Pires")
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Jim D)
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Jim D)
Re: "Good" file encrypt/decrypt utility wanted! (Steve K)
Re: Patents for Enigma ?? (Lawrence Kirby)
Re: LFSR Security (David Wagner)
Re: NSA-Endorsed Schools have a Mediocre Internet Presence ("Douglas A. Gwyn")
Re: please comment ("Ryan M. McConahy")
Re: XOR TextBox Freeware: Very Lousy. (Anthony Stephen Szopa)
Re: LFSR Security (Nathan E. Banks <[EMAIL PROTECTED]>)
Re: LFSR Security (David Wagner)
Re: LFSR Security (Nathan E. Banks <[EMAIL PROTECTED]>)
Re: LFSR Security ("Scott Fluhrer")
Re: Would dictionary-based data compression violate DynSub? (Terry Ritter)
----------------------------------------------------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Crossposted-To: hk.comp.software
Subject: Utimaco a Supplier of the German Armed Forces ?
Date: Sat, 14 Apr 2001 18:14:21 +0200
I have *heard* that Utimaco is a supplier of the GAF.
Anything else I have to say ? Maybe "Crypto AG" ?
Get yourself a copy of GPG/PGP, but then check the source :-)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: Sat, 14 Apr 2001 18:34:22 +0200
Frank Gerlach wrote:
>
[snip]
> I am attributing this to the dominance of the spooks, who have no
> real interest in spreading good security.
The human society is extremely complex and involved.
Look e.g. at the pharma industry. Their 'ideal' would
be selling a particular product 'forever', thus saving
the often very high investment to find better medicaments.
Were it not for the competition, I don't believe that
there would have been substantial incentives to conduct
R&D simply for the benefit of the illed on purely moral
grounds, as long as the fiscal balance sheet of the
company is excellent. Thus don't be surprised by the
phenomenon you described and severely curse them. They
are just humans, in fact not unlike most of us in
'principle' (even if you would disagree and protest
against this viewpoint), always attempting to find some
'optimum' for themselves (alone). Other examples abound
in the arena of politics.
BTW, I think that the increased use of new technologies
in wireless communications (I recently saw the term SR,
software radio, in this connection. Could someone give
the exact definition of it?) and the rapid expansion of
the total message volume may one day render effective
surveillance and intelligence gathering technically
infeasible. At that time point, the existence of
the agencies would be economically questionable. It
could then be the case that these would be dissolved,
releasing their scientists to the civilian world, and
the knowledge 'gap' between them and the academics, as
was mentioned in a previous post in this thread, would
then be perfectly closed. Of course, this is yet all
utopic.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: please comment
Date: Sat, 14 Apr 2001 18:41:09 +0200
Yechuri wrote:
>
> I did a disclosure document months ago but I'm hoping
> it's so common it can't be patented. What do you think ?
Paradoxically, the best and only entirely secure way to
ensure that something can't be patented (by others) is
to try to get a patent on it yourself.
M. K. Shen
------------------------------
From: "Michael Schmidt" <[EMAIL PROTECTED]>
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: Sat, 14 Apr 2001 19:08:03 +0200
"M.S. Bob" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
news:[EMAIL PROTECTED]...
> Michael Schmidt wrote:
> >
> > I'm wondering whether there has been any research conducted on the topic
> > "graphical representation of a public key" or the key's fingerprint. My
goal
> > is to authenticate a public key (or better: its fingerprint, like with
PGP)
> > securely by creating and comparing its graphical representation with an
> > "original", which is unique enough for every key/fingerprint, yet easy
to be
> > processed and compared by the human brain.
>
> Visual cryptography
> http://www.cacr.math.uwaterloo.ca/~dstinson/visual.html
> http://www.cacr.math.uwaterloo.ca/~dstinson/index.html
>
> I thought Ian Goldberg has an example using IFS fractals and hashes, but
> I can't find the details about it.
> <http://www.cs.berkeley.edu/~iang/visprint.c>
>
> Deja Vu
> <http://paris.cs.berkeley.edu/%7Eperrig/projects.html#DEJAVU>
> Hash Visualization and User Authentication through Image Recognition
Thanks a lot!
The Deja Vu project is exactly what I'm looking for.
Michael
------------------------------
From: "Matt Timmermans" <[EMAIL PROTECTED]>
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: Sat, 14 Apr 2001 17:12:10 GMT
I don't think the applications require you to be able to identify a key by
its fingerprint. The idea, I think, is that when you receive a signed
message your software would show the fingerprint image for the signer's key,
in lieu of an actual signiture. That way, you can look at it and say "Yep,
that's Bob's signature all right!", because you've "seen" Bob's signature
before.
To fool you, someone would have to make a siguature that replicates
everything you remember about Bob's. It's good to have lots of detail to
fix on, because an attacker won't know what parts you remember -- you might
remember the size and shape of Bob's signature's scar, while I might
remember that its glasses were similar to mine. Certainly, you can generate
as many check bits for Bob's key as you like by repeated hashing with
different salts, so there's no need to worry about where to get the bits to
generate these features from.
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Matt Timmermans wrote:
> >
> > True. I think 33 bits is pretty good for a recognition (as opposed to a
> > comparison). The decorative features are a good idea, too, and so are
> > family portraits. You wan't to cram as much in there as you can without
it
> > getting too confusing, to maximize the amount of information that
someone
> > might remember about the fingerprint. After all, you don't have to
remember
> > everything -- only enough to make it difficult to create a key that will
> > fool you.
>
> You might be able to say that a picture belongs to a
> certain not too small class but I doubt that it suffices
> for 'identification', i.e. recognition for sure. Maybe
> the best would be of the quality of 'phantom' pictures
> of the police.
>
> M. K. Shen
------------------------------
From: Nathan E. Banks <Paganini> <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: LFSR Security
Date: Sat, 14 Apr 2001 12:50:19 -0500
[Crossposted to sci.crypt.random-numbers]
Hi everyone! Crypto is sort of a hobby of mine, although I'm no sort of
master. Most of the advanced math is a bit over my head. :) Anyway, I've
lurked here off and on in the past... you may have seen one of my LFSR
threads in the past.
Anyway, I'm wondering about the strength of 16 bit LFSRs. Given a stream
of pseudorandom bits generated by a 16 bit LFSR, how difficult would it
be to reverse engineer the stream to determine the starting state of the
LFSR?
Expanding on this, given some cyphertext generated by XORing the above
stream with some plaintext, how hard would it be to reverse engineer the
cyphertext to determine the key (assuming that the key is a 16 bit value
used to initialize the LFSR)?
How would this be affected by using multiple LFSRs (say 8) initialized
from a single large key (say 128 bit) and XORing the outputs together?
With a 16 bit LFSR you have a keyspace of 65535, so I imagine that it
wouldn't take very long for a computer to try all possible keys in a
brute force attack. But how would the computer know when it had the
correct key? It takes a lot longer for a human operator to examine every
possible output for one that makes sense than it does for a computer just
to run through all possible keys.
-- Paganini
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: please comment
Date: Sat, 14 Apr 2001 18:12:12 GMT
Tom St Denis wrote:
> My post was to suggest that it's insecure and not worthy of consideration.
I take it back. It sounds a lot like a business model some people I know
worked out that sounds like it would really work well. You have to add one
more concept to the mix to make it work, tho.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
schedule.c:7: warning: assignment makes calendar_week
from programmer_week without a cast.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: please comment
Date: Sat, 14 Apr 2001 11:20:14 -0700
Yechuri <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Actually what I was hoping for was is a reference to any published material
> like a book or an article in a magazine where this has been described.
>
> I saw a post recently on this newsgroup that said that even an idea was
> actually being used by many people, unless it was published in a magazine or
> book anybody can patent it and start charging a fee for it's use
If it were only so easy.
Rumor and reference to comments made in this news group are very
bad advice on patents. Dabblers with an agenda, free code avengers
and well meaning but inexperienced folk. (I'm in there somewhere).
Having said that: (there might be special cases and exceptions to
the following).
1, Only the inventor has a right to file a patent not just the first person to file on
a concept they found or learned somewhere.
2, Prior art. No it is not limited to publishing. Any thing that gets it known
in the art is prior art. Publications are easiest to track but a sale to the public
where such sale discloses the process or idea to such an extent that one
reasonably skilled in the art can build from it is also prior art. There are others.
3, It must be non-obvious and "inventive". There are many descriptions of this
requirement but they are all negative definitions, A shopping list of what is not
commonly an invention.
4, Crypto is a new and obscure field. What is and isn't prior art, and what it means
or doesn't, of working embodiments versus wild theory and conjecture is not well
known to those in the business let alone the examiners at the PTO.
Got a match??? Before anyone burns me with flames for that last point, one should
consider
what an outsider would make of the combined works of Whitfield Diffie, Tom St Denis,
David Wagner, Anthony Steven Szopa, M. K. Shen, David Scott and a few others from an
ecclectic cross section.
We are so eager to rail against the process or the participants that we fail to see
the obvious.
There is no ultimate arbitrator for this art. If I make an automotive transmission
component
that cannot be shown to actually do what I claim then I have not met my obligation to
"teach"
and deserve no patent. It is quite easy in this example to formulate such logical
test. How do you
test a crypto system or method and determine that nothing in it does or can do as is
claimed?
How to tell if a variation of a common concept does produce unanticipated and
noteworthy
results?
It's not as easy as some folks would like it to be.
Paul
------------------------------
From: jim @sideband.fsnet.co.uk (Jim D)
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: Sat, 14 Apr 2001 18:55:36 GMT
Reply-To: Jim D
On 13 Apr 2001 19:54:06 GMT, [EMAIL PROTECTED] (David Wagner) wrote:
>Matthew Skala wrote:
>>This isn't exactly an entire spook-funded university, but I did recently
>>attend a conference (the 32nd Southeastern Conference on Combinatorics,
>>Graph Theory, and Computing, held at Louisiana State University) which was
>>openly sponsored by NSA. It says "Sponsored by National Security Agency"
>>right on the front cover of the program; no other sponsors are listed
>>there. NSA had no other presence visible to me, plenty of respected
>>academics were there, and nobody seemed to think that it was a less than
>>fully legitimate open academic conference just because of the NSA
>>connection.
>
>The NSA contributes to a number of information security conferences.
>There is nothing sinister about this, and IMHO, it should be warmly
>welcomed.
The NSA is respectable now?
--
______________________________________________
Posted by Jim D.
jim @sideband.fsnet.co.uk
dynastic @cwcom.net
George Dubya Bushisms No 24:
I'm mindful of not only preserving executive powers
for myself, but for my predecessors as well.
___________________________________
------------------------------
From: jim @sideband.fsnet.co.uk (Jim D)
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: Sat, 14 Apr 2001 18:55:37 GMT
Reply-To: Jim D
On Sat, 14 Apr 2001 05:37:39 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>Mok-Kong Shen wrote:
>> I think that the significance of that gap is also rapidly
>> decreasing with time, since the common people can, if
>> they want, now encrypt with such security that it is
>> almost certain that the agencies couldn't crack.
>
>Hm. Why are they still in business (with satisfied customers,
>apparently).
Because they get more than enough to satisfy the political
morons from unprotected traffic, traffic-analysis and just
plain open sources.
--
______________________________________________
Posted by Jim D.
jim @sideband.fsnet.co.uk
dynastic @cwcom.net
George Dubya Bushisms No 24:
I'm mindful of not only preserving executive powers
for myself, but for my predecessors as well.
___________________________________
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Subject: Re: "Good" file encrypt/decrypt utility wanted!
Date: Sat, 14 Apr 2001 19:11:39 GMT
On Thu, 12 Apr 2001 10:47:50 +0100, yomgui <[EMAIL PROTECTED]> wrote:
>free, small, cross platform, safe, simple, fast, open source.
>
>http://bigfoot.com/~kryptyomic
>
>kctang wrote:
>>
>> Hi,
>>
>> "Good" file encrypt/decrypt utility wanted!
>> Any recommendations?
>>
>> Thanks,
>> Tang
>>
>> PS. What is good? That depends.
>>
>> Might be it is free. Might be it is available
>> "everywhere".
>> Might be it is fast. Might be it is small.
>> Should be "save"?
>
>--
>���g��
>oim 3d - surface viewer - http://i.am/oim
>kryptyomic - encryption scheme - http://bigfoot.com/~kryptyomic
Another suggestion: Fast, free, convenient, encrypts whole directory
trees on the fly (your files *never* have to be written to disk as
plain text), open source, top reputation:
Scramdisk, http://www.scramdisk.clara.net/
:o)
---Support privacy and freedom of speech with---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP keys:
RSA - 0x4912D5E5
DH/DSS - 0xBFCE18A9
------------------------------
From: [EMAIL PROTECTED] (Lawrence Kirby)
Subject: Re: Patents for Enigma ??
Date: Sat, 14 Apr 2001 15:23:26 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] "John Savard" writes:
>On Tue, 10 Apr 2001 10:33:43 +0200, Frank Gerlach
><[EMAIL PROTECTED]> wrote, in part:
>
>>You think there is any spook with any respect for patents ?
>
>But there is a *commercial* market for encryption also.
However the context was Britain's use of "the Typex rotor machine"
so are we talking about commercial or spook use?
--
=========================================
Lawrence Kirby | [EMAIL PROTECTED]
Wilts, England | [EMAIL PROTECTED]
=========================================
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Crossposted-To: sci.crypt.random-numbers
Subject: Re: LFSR Security
Date: 14 Apr 2001 19:53:13 GMT
Nathan E. Banks wrote:
>Anyway, I'm wondering about the strength of 16 bit LFSRs. Given a stream
>of pseudorandom bits generated by a 16 bit LFSR, how difficult would it
>be to reverse engineer the stream to determine the starting state of the
>LFSR?
It's not.
Read up on Berlekamp-Massey, if you really want the gory details.
XORing multiple LFSRs doesn't help, no matter how big they are.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: Sat, 14 Apr 2001 20:09:01 GMT
Frank Gerlach wrote:
> Definitely true. According to the "Puzzle Palace", in the last 30 years
> the NSA was unable to break into high-level soviet communications,
> because they used One-Time Pads for really important stuff.
> So the major target were third-world countries, who still believed in
> the concept of an "unbreakable code" and often used cooked stuff from
> companies like Crypto AG or even Engimas (!!), which they got from the
> brits. Another target were european companies selling dual-use stuff to
> libya, iraq and iran and did just not know Echelon.
Look, that is mostly wrong, but I'm not in a position to
say just where or how. You should not consider "outsider"
books like The Puzzle Palace to give accurate "insider"
information.
------------------------------
From: "Ryan M. McConahy" <[EMAIL PROTECTED]>
Subject: Re: please comment
Date: Sat, 14 Apr 2001 16:13:24 -0400
"Darren New" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> > If the user is a dolt
>
> ... or honest, or getting charged less than the cost of breaking it, or
> getting charged less than the cost of getting caught breaking it, ...
Getting caught breaking it? What are they gonna do, send you to jail? LOL!
> > ya this will work.
>
> --
> Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
> San Diego, CA, USA (PST). Cryptokeys on demand.
> schedule.c:7: warning: assignment makes calendar_week
> from programmer_week without a cast.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker
Subject: Re: XOR TextBox Freeware: Very Lousy.
Date: Sat, 14 Apr 2001 13:15:17 -0700
HiEv wrote:
>
> Anthony Stephen Szopa wrote:
> >
> [snip]
> > Who are you trying to convince, the dead? And what are you trying to
> > convince them of, that they're still dead?
>
> Um... I believe he was trying to convince you. Unless you consider
> yourself dead, from the neck up or otherwise, I don't understand your
> reference to the dead here.
>
> > If the file you use to XOR your original file is random or appears
> > random to any cracker then the cracker cannot reverse the XORed file.
>
> Actually, "is random" is better than "appears random", but it usually
> doesn't make much difference as long as the file doesn't have too many
> nulls.
>
> > You cannot get any better security than this. With XOR_TextBox I
> > leave it to you to generate or obtain a "random" file for this
> > purpose.
>
> If you can't get better security than this, then why aren't tons of
> people using it? (explanation below)
>
> > "Here, everybody. I've got it in a book. It says it right here:
> > "Turn off your minds." This claptrap sounds so convincing, doesn't
> > it?"
>
> "Gee, and it's endorsed by EXPERTS. Ooh! I'm scared! Who are you
> going to believe, *me* or a bunch of guys who actually have years of
> experience and are respected by their peers. Duh, me of course!"
>
> > You offer this source code tripe that has no bearing on the
> > randomness of the file one uses in the XOR process.
> >
> > I tell you what: if you are so confident, offer people in these
> > news groups a $1000 each if you fail to crack their XORed files
> > using XOR_TextBox.
> >
> > Hey, you got it in a book. Now put your money behind it.
>
> Ok, tell you what I'll send you an encrypted message and you try and
> read it.
>
> Oops! You can't, and neither can anyone else, even the intended
> recipient! Reason: you also need to send the one time pad (OTP) to the
> other person who you want to have read it.
>
> The real weakness of your system is in the transmission of the file
> needed to decrypt the message (the OTP). If you start using your
> system, then you need yet another system to tell the person you are
> communicating with how to decrypt the message. This kind of defeats the
> purpose of using your program, since you could usually just use that
> other method to pass the information you are encrypting instead using
> your application.
>
> Also, you can't reuse an OTP without compromising the security of the
> information; something you don't bother to mention in your application.
>
> Oh, one more thing. Since you always have to send the OTP and the
> cyphertext it basically means that you double the size of the data you
> need to decrypt the text. Great system!
>
> BTW- Congrats on the lousy crosspost. Crossposting across groups like
> alt.hacker and sci.crypt is not considered proper netiquette.
I am not the guy who said the XOR function is "wimpy or has a
straight forward crack"
I am sure we all could use an extra $1000.
But I don't see him offering.
------------------------------
From: Nathan E. Banks <Paganini> <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: LFSR Security
Date: Sat, 14 Apr 2001 15:17:47 -0500
In article <9ba9r9$ftk$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> Nathan E. Banks wrote:
> XORing multiple LFSRs doesn't help, no matter how big they are.
Hmm. In a private email someone told me that XORing multiple LFSRs would
help a lot, especially if they were of different sizes. Could someone
explain why one or the other is true? :)
-- Paganini
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Crossposted-To: sci.crypt.random-numbers
Subject: Re: LFSR Security
Date: 14 Apr 2001 20:27:30 GMT
Nathan E. Banks wrote:
>Hmm. In a private email someone told me that XORing multiple LFSRs would
>help a lot, especially if they were of different sizes. Could someone
>explain why one or the other is true? :)
They were wrong. The sequence produced by an XOR of two LFSRs of
size M and N can be equivalently produced by a LFSR of size M+N.
The Berlekamp-Massey algorithm can then recover the initial state
and feedback taps with 2(M+N) bits of known keystream. Read up on
Berlekamp-Massey if you want to know why this is true.
------------------------------
From: Nathan E. Banks <Paganini> <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: LFSR Security
Date: Sat, 14 Apr 2001 15:30:05 -0500
In article <9babri$gav$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> Nathan E. Banks wrote:
> >Hmm. In a private email someone told me that XORing multiple LFSRs would
> >help a lot, especially if they were of different sizes. Could someone
> >explain why one or the other is true? :)
>
> They were wrong. The sequence produced by an XOR of two LFSRs of
> size M and N can be equivalently produced by a LFSR of size M+N.
> The Berlekamp-Massey algorithm can then recover the initial state
> and feedback taps with 2(M+N) bits of known keystream. Read up on
> Berlekamp-Massey if you want to know why this is true.
Is there an explanation anywhere that's a bit more straightforward than
the one in Handbook of Applied Cryptography? It's a bit... obtuse, at
least for people like me who have math that only goes up to calculus.
-- Paganini
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: LFSR Security
Date: Sat, 14 Apr 2001 13:19:28 -0700
Nathan E. Banks <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <9ba9r9$ftk$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> says...
> > Nathan E. Banks wrote:
>
> > XORing multiple LFSRs doesn't help, no matter how big they are.
>
> Hmm. In a private email someone told me that XORing multiple LFSRs would
> help a lot, especially if they were of different sizes. Could someone
> explain why one or the other is true? :)
The XOR of two LFSRs of length N and M gives the same output as a single
(nonprimitive) LFSR of length N+M, whose taps are pretty easy to figure out,
given the taps of the two smaller LFSRs. Essentially, the polynomial
defining the N+M LFSR is the product of the polynomials defining the N and M
LFSRs.
What this means to the attacker is that, if he is confronted with the XOR of
two LFSRs, he can pretend that what he's breaking is, in fact, a single N+M
LFSR, which is pretty vulnerable because of the inherent linearity.
--
poncho
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Would dictionary-based data compression violate DynSub?
Date: Sat, 14 Apr 2001 20:42:37 GMT
On Tue, 10 Apr 2001 00:02:14 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (David Formosa (aka ? the Platypus)) wrote:
>On Mon, 09 Apr 2001 00:47:34 GMT, Benjamin Goldberg
><[EMAIL PROTECTED]> wrote:
>> David Formosa (aka ? the Platypus) wrote:
>>>
>>> On Sat, 07 Apr 2001 07:29:55 GMT, Terry Ritter <[EMAIL PROTECTED]> wrote:
>>> >
>>> > On Sat, 07 Apr 2001 06:24:53 GMT, in
>>> ><[EMAIL PROTECTED]>, in sci.crypt
>>> > [EMAIL PROTECTED] (David Formosa (aka ? the Platypus)) wrote:
>>>
>>> [...]
>>>
>>> >>How is the application diffrent from Algorithm M?
>>> >
>>> > Perhaps you should first try to replace the XOR in a stream cipher
>>> > or OTP with Algorithm M, and see what the problems might be.
>>>
>>> So basically the Patant covers using a dynamic substition table when
>>> combining a keystream with a datastream? And not when combining two
>>> keystreems (in Algorithm M) or used to generate a keystreem (in the
>>> case of RC4).
>>
>> The patent does try to cover combining two keystreams to produce a
>> stronger keystream, but these I think that the keystreams must somehow
>> be two distinct sources.
>
>But Algorithm M + a whole lot of other work would prior that usage.
Algorithm M is "prior art" in the sense of existing before the
invention date, but it does not "anticipate" the invention.
How do we know this? Because Algorithm M was *cited* as prior art in
the application itself, and the patent was examined and allowed on
that basis, having been found to distinguish from that art.
>Of cause if it only covers the combining in the way that the patanets
>author suggestests then it is more or less usless, as its a
>restriction that is s relativly easy to work around yousing systems
>that give a simmler effect but not using his methods. The only thing
>that this patent brings is a speedbump in in Cyrpto resurch
A speedbump in crypto research? Nonsense. That patent is a decade
old and the technology has been ignored by academia. Indeed, one
might well expect enforcement to produce research interest where there
previously had been none. Academic research may be more about money
than one might think.
>meaning
>that one avanue is blocked off untill it expires.
No avenue of development is blocked off. The only thing "blocked off"
is the deployment of ciphers which use ideas that I pioneered and
protected.
>As with other
>patant owners on Semtric encrytion methods its not going to earn him
>any money.
Is it true that no commercial symmetric cipher can make any money?
Maybe. But if so, that means none of this is about money.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
