Cryptography-Digest Digest #158, Volume #14 Mon, 16 Apr 01 11:13:00 EDT
Contents:
Re: Would dictionary-based data compression violate DynSub? (David Formosa (aka ?
the Platypus))
Re: Reusing A One Time Pad (Paul Schlyter)
Re: patent issue ([EMAIL PROTECTED])
Re: Function other than xor? (John Savard)
Re: Note on combining PRNGs with the method of Wichmann and Hill (Mok-Kong Shen)
Re: C Encryption (Richard Heathfield)
Re: Note on combining PRNGs with the method of Wichmann and Hill (Mok-Kong Shen)
Re: There Is No Unbreakable Crypto (Mok-Kong Shen)
Re: NSA is funding stegano detection (Mok-Kong Shen)
Re: Tizek.com is in dire need of a development team... (Tom McCune)
Re: Function other than xor? (newbie)
Re: Reusing A One Time Pad ("Tom St Denis")
Re: MS OSs "swap" file: total breach of computer security. ("Tom St Denis")
Re: Function other than xor? (newbie)
Re: Concerning US.A.4979832 (David Formosa (aka ? the Platypus))
Re: C Encryption (Jan Panteltje)
Re: Note on combining PRNGs with the method of Wichmann and Hill ("Brian Gladman")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (David Formosa (aka ? the Platypus))
Subject: Re: Would dictionary-based data compression violate DynSub?
Reply-To: [EMAIL PROTECTED]
Date: Mon, 16 Apr 2001 07:35:55 GMT
On Sat, 14 Apr 2001 20:42:37 GMT, Terry Ritter <[EMAIL PROTECTED]> wrote:
> On Tue, 10 Apr 2001 00:02:14 GMT, in
><[EMAIL PROTECTED]>, in sci.crypt
> [EMAIL PROTECTED] (David Formosa (aka ? the Platypus)) wrote:
[...]
> How do we know this? Because Algorithm M was *cited* as prior art in
> the application itself, and the patent was examined and allowed on
> that basis, having been found to distinguish from that art.
I still regard this as a result of an ill educated patent office
rather then any real diffrence.
[...]
>> The only thing
>>that this patent brings is a speedbump in in Cyrpto resurch
>
> A speedbump in crypto research? Nonsense. That patent is a decade
> old and the technology has been ignored by academia.
I think its been more or less unknown.
> Indeed, one
> might well expect enforcement to produce research interest where there
> previously had been none.
Why?
> Academic research may be more about money than one might think.
No one wishes to create an angrothym that is patent enombened. Nor
does one wish to do anysis work on one without exchange for money.
Its easyer to get a free algorithm anylised for free (or at least for
'crowing rights')
>>meaning that one avanue is blocked off untill it expires.
>
> No avenue of development is blocked off. The only thing "blocked off"
> is the deployment of ciphers which use ideas that I pioneered and
> protected.
Why would someone develop something that can't be deployed?
>>As with other
>>patant owners on Semtric encrytion methods its not going to earn him
>>any money.
>
> Is it true that no commercial symmetric cipher can make any money?
Why would you use s commercial symmetric cipher when there is 3des,
AES, its sister candite algorithms and a host of other good public
ciphers out there?
> Maybe. But if so, that means none of this is about money.
Of cause, it isn't about money.
--
Please excuse my spelling as I suffer from agraphia. See
http://dformosa.zeta.org.au/~dformosa/Spelling.html to find out more.
Free the Memes.
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Reusing A One Time Pad
Date: 16 Apr 2001 09:59:03 +0200
In article <9bd2ah$41ai$[EMAIL PROTECTED]>,
Mark G Wolf <[EMAIL PROTECTED]> wrote:
>> Ok, answer, you can't reuse otps....
>
> "Mark G Wolf" <[EMAIL PROTECTED]> wrote in message
> news:9bcpb4$290q$[EMAIL PROTECTED]...
>> Please don't bother telling me you can't reuse a one time pad.
Why do you ask a question if you don't want to hear the answer?
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: patent issue
Date: Mon, 16 Apr 2001 09:16:30 GMT
On Fri, 06 Apr 2001 19:09:10 GMT, "Tom St Denis"
<[EMAIL PROTECTED]> wrote:
<snip>
>Actually I already have a job as a R&D programmer. It's not a huge job but
>work none the less. Although I acknowledge that money is required to live
>in this primitive buzzword slinging society, I still don't agree money is a
>good thing.
It is simply a means of exchange. Do you have an alternative, or
should we go back to barter?
>Just like slavery was acknolwedged practive at one time but that didn't mean
>some people didn't like the idea. Now we replace "money" with "slavery" and
>we relieve a 200 year old history lesson first hand.
Hope your maths is better than your logic :-)
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Function other than xor?
Date: Mon, 16 Apr 2001 10:52:32 GMT
On Sun, 15 Apr 2001 19:24:23 -0300, newbie <[EMAIL PROTECTED]>
wrote, in part:
>I still do not understand what DS add comparing to Vernam cipher.
You're right if you mean it doesn't add anything in
*information-theoretic* terms; it doesn't make the key bigger.
>If Ritter is trying to hide the keystream, it is easy. He does not need
>DS as combiner.
There are many ways to hide the keystream, but DS is quite nonlinear.
That's the important thing; simpler ways to hide the keystream might
not be nearly as hard to analyze.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Note on combining PRNGs with the method of Wichmann and Hill
Date: Mon, 16 Apr 2001 12:55:10 +0200
Bryan Olson wrote:
>
> Mok-Kong Shen wrote:
> >
> > The method of Wichmann and Hill (Appl. Statist. 31 (1982))
> > for combining n arbitrary PRNGs with output in [0, 1) consists
> > in forming their sum mod 1. For crypto purposes, one could
> > introduce some 'variability' by employing a weighted sum
> > instead, thus rendering the analysis more difficult. We could,
> > for example, choose cofficients in some range (1.0-delta,
> > 1.0+delta) to multiply the PRNG outputs before summing mod 1.
>
> This note includes no justification for "thus rendering the
> analysis more difficult".
>
> The modification destroys an important property of the basic
> combination method: as long as the streams are independent,
> if any of the streams are uniform then the sum is uniform.
It is a heuristic method, not of the sort accessible
(not intended for) rigorous proofs. Theorecital minded
and perfectionists should definitely and immediately leave
their fingers off my scheme.
Havisng weights well distributed in an interval as I
mentioned tends to do something against what you said last.
Again, this is rough, ad hoc, approximate, quick-and-dirty
and what not, i.e. very very non-perfect.
M. K. Shen
------------------------------
Date: Mon, 16 Apr 2001 12:17:26 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: C Encryption
"Trevor L. Jackson, III" wrote:
>
> Logan Raarup wrote:
>
> > Anyone know how to encrypt a string in C?
>
> Sure. The way to learn how is to ask in comp.lang.c.
Thanks, but no thanks. :-)
He should ask about the algorithm in here (or, rather, check the FAQs
here) and then ask in comp.lang.c if he gets stuck when *implementing*
the selected algorithm in C (or, rather, check the FAQs there).
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Note on combining PRNGs with the method of Wichmann and Hill
Date: Mon, 16 Apr 2001 13:22:17 +0200
Mok-Kong Shen wrote:
>
> Bryan Olson wrote:
> >
> > Mok-Kong Shen wrote:
> > >
> > > The method of Wichmann and Hill (Appl. Statist. 31 (1982))
> > > for combining n arbitrary PRNGs with output in [0, 1) consists
> > > in forming their sum mod 1. For crypto purposes, one could
> > > introduce some 'variability' by employing a weighted sum
> > > instead, thus rendering the analysis more difficult. We could,
> > > for example, choose cofficients in some range (1.0-delta,
> > > 1.0+delta) to multiply the PRNG outputs before summing mod 1.
> >
> > This note includes no justification for "thus rendering the
> > analysis more difficult".
> >
> > The modification destroys an important property of the basic
> > combination method: as long as the streams are independent,
> > if any of the streams are uniform then the sum is uniform.
>
> It is a heuristic method, not of the sort accessible
> (not intended for) rigorous proofs. Theorecital minded
> and perfectionists should definitely and immediately leave
> their fingers off my scheme.
>
> Havisng weights well distributed in an interval as I
> mentioned tends to do something against what you said last.
> Again, this is rough, ad hoc, approximate, quick-and-dirty
> and what not, i.e. very very non-perfect.
I like to add something to make my last paragraph better
understandable: If one of the streams gets a factor 1.0
(and it is uniform), isn't that everything is again
(rigorously) theoretically o.k. in that particular issue?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: There Is No Unbreakable Crypto
Date: Mon, 16 Apr 2001 13:30:41 +0200
John Savard wrote:
>
[snip]
> But I am claiming that it is essentially trivial to do conventional
> crypto that works 'on the scale of centuries', and this, to my mind,
> is not important because we need to do it, it's important because that
> means one less thing to worry about, so we can get on to the next
> problem.
I agree. As I wrote previously elsewhere, I personally
should appreciate being able in future to learn from
experts' posts in the group on interesting themes other
than those about block encryptions, e.g. topics relevant
to e-commerce.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: NSA is funding stegano detection
Date: Mon, 16 Apr 2001 13:48:03 +0200
[EMAIL PROTECTED] wrote:
>
[snip]
> I wasn't contemplating a simple analysis of overall patterns. No doubt
> the diversity between Monets, Rothkos, family snaps and a superman
> comic are sufficient to confuse analysis which simply looks for gross
> patterns in total picture information.
>
> I am not an expert in digitised image tech, but if one is looking for
> hidden messages in an image file, one might, for example, analyse the
> patterns in the least significant bits, between eachother and given
> the values in the other bits. This follows the logic that one cannot
> hide the message in bits that would affect the image's appearance, so
> the LSBs are the prime suspects. Are the LSBs in a straight jpeg
> without any pattern either in themselves (ie the value of each bit is
> independent of the others) as well as wrt to the more significant
> bits? If so, they must be, by definition, redundant. If not, then
> presumably altering them may be detectable, given large enough samples
> of tampered and untampered files to analyse, and a knowledge of JPEG
> algorithms (or GIFs etc, as approp).
No doubt that the possibilty exists, at least theoretically.
(Anyway, it is absolutely impossible to prove the opposite.)
I think it is on the other hand interesting to know which
practically significant methods of analysis that exploit
statistical properties and are applicable to general cases,
where the sender intentionally try to avoid sending pictures
of the same statistical 'category' (term left undefined,
sorry), have already been developed or in the course of
promising studies.
M. K. Shen
------------------------------
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: Tizek.com is in dire need of a development team...
Date: Mon, 16 Apr 2001 12:11:05 GMT
In article <edwC6.161788$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
wrote:
>There is no pay (yet) but once we get going income will be generated
through
> advertisements on the site and various other services which we will offer,
and
> there will surely be enough to go around.
Tizek.com is in dire need of a non-spamming policy.
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: Function other than xor?
Date: Mon, 16 Apr 2001 08:17:52 -0300
Bit-string it is not single variable.
You may use it as multi-variable. It depends on how you designed the
function.
"Douglas A. Gwyn" wrote:
>
> newbie wrote:
> > No. This function does not meet my specification. I'm looking for
> > function with a lot of properties.
> > Additive, multiplicative, distributive etc...other than modulo,
> > permutation or inverse.
> > New, simple and logical function.
> > "Douglas A. Gwyn" wrote:
> > > newbie wrote:
> > > > Has someone created this kind of function?
> > > I'm not sure what you're really after. f(any_bit_string) =
> > > Rotate_right_1_place(any_bit_string) seems to meet your
> > > specification. but what good does that do you?
>
> I have to say that I don't think you completely understand
> the terms you're using. A function of a single variable
> cannot possibly have the "distributive" property, because
> that requires two functions of two variables each.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Reusing A One Time Pad
Date: Mon, 16 Apr 2001 12:33:25 GMT
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Sun, 15 Apr 2001 21:30:13 GMT, "Tom St Denis"
> <[EMAIL PROTECTED]> wrote:
>
> >
> >"Mark G Wolf" <[EMAIL PROTECTED]> wrote in message
> >news:9bd2ip$fd4$[EMAIL PROTECTED]...
> >> > > OK so the message is either aa, ab, ba, or bb.
> >> >
> >> > No, if I wanted 5 random bits I could use aaaaa or abbba or bbbbb
or....
> >>
> >> You can't have 5 random bits since the pad you've given only consists
of 2
> >> random bits.
> >
> >I am reusing the bits though...
> >
> >Anyways this is pointless you can't reuse OTP's it's impossible
>
> Of course one can re-use a OTP, its just that in doing so you make
> cryptanalysis trivially simple.
No you cannot reuse an OTP it's impossible. If you somehow did reuse a pad
then it's not a *******ONE TIME****** pad.
<snip>
Why must everyone go thru this stupid OTP argument every week. OTP neat
idea, totally impractical...
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker
Subject: Re: MS OSs "swap" file: total breach of computer security.
Date: Mon, 16 Apr 2001 12:34:33 GMT
<[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> And, recognizing this, your reason for continuing to use Win98 would be
> ......??????
What's your point? It's possible to secure memory in Win98, ASS is just too
stupid to figure out how.
Tom
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: Function other than xor?
Date: Mon, 16 Apr 2001 08:30:24 -0300
Keystream is not a big key?
Swaping random values with plain-text(not random) is not a problem?
John Savard wrote:
>
> On Sun, 15 Apr 2001 19:24:23 -0300, newbie <[EMAIL PROTECTED]>
> wrote, in part:
>
> >I still do not understand what DS add comparing to Vernam cipher.
>
> You're right if you mean it doesn't add anything in
> *information-theoretic* terms; it doesn't make the key bigger.
>
> >If Ritter is trying to hide the keystream, it is easy. He does not need
> >DS as combiner.
>
> There are many ways to hide the keystream, but DS is quite nonlinear.
> That's the important thing; simpler ways to hide the keystream might
> not be nearly as hard to analyze.
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (David Formosa (aka ? the Platypus))
Subject: Re: Concerning US.A.4979832
Reply-To: [EMAIL PROTECTED]
Date: Mon, 16 Apr 2001 12:57:49 GMT
On Sun, 15 Apr 2001 15:56:05 GMT, John Savard
<[EMAIL PROTECTED]> wrote:
> On Sun, 15 Apr 2001 04:11:26 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote,
> in part:
>
>>Algorithm M does not read on the claims and so is not covered by the
>>patent. When Algorithm M grows another input (or more) and is used to
>>combine streams, it has mutated beyond being Algorithm M into
>>something else which is Dynamic Substitution territory.
>
> My understanding of "Algorithm M", or MacLaren-Marsaglia, is that as
> it stands, it _does_ combine two streams.
>
> Specifically, it functions as follows:
>
> Stream 1 is the output of one conventional PRNG.
>
> Stream 2 is the output of a second conventional PRNG.
In knuth all that is said is that there streams.
--
Please excuse my spelling as I suffer from agraphia. See
http://dformosa.zeta.org.au/~dformosa/Spelling.html to find out more.
Free the Memes.
------------------------------
From: [EMAIL PROTECTED] (Jan Panteltje)
Subject: Re: C Encryption
Date: Mon, 16 Apr 2001 13:23:46 GMT
On a sunny day (15 Apr 2001 16:32:18 -0600) it happened [EMAIL PROTECTED]
(Ben Cantrick) wrote in <9bd7hi$[EMAIL PROTECTED]>:
>In article <hWlC6.42589$[EMAIL PROTECTED]>,
>Logan Raarup <[EMAIL PROTECTED]> wrote:
>>Anyone know how to encrypt a string in C?
>
>#include <stdio.h>
>
>void main(void)
>{
> char inStr[17]; /* Gratitous buffer overflow error part 1. */
>
> printf("Enter the string to be encrypted: ");
> gets(inStr); /* Gratitous buffer overflow error part 2. */
> printf("The string encrypted is: ");
> printf("djlkakjfdLI3nklFD9Fklklfasj(3jmklFD3#@23jklas;j(32lkjr*");
> printf("\n");
> return(0);
>}
>
> This encryption program has perfect security - the output is essentially
>random and has no dependecy whatsover on the input.
>
> But you're going to have to figure out the decryption routine on your own. ;]
>
>
> -Ben
>--
>Ben Cantrick ([EMAIL PROTECTED]) | Yes, the AnimEigo BGC dubs still suck.
>BGC Nukem: http://www.dim.com/~mackys/bgcnukem.html
>The Spamdogs: http://www.dim.com/~mackys/spamdogs
>"I don't think so," said Rene Descartes. And then he vanished.
>
Yes, but it is not user friendly,
printf("This is the encrypted string with a truly random OTP\n");
is a lot better.
I always use this, end select the OTP accordingly, since it has to change
anyways.
Message should be shorter then the above text of cause.
;-)
Over to you
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Note on combining PRNGs with the method of Wichmann and Hill
Date: Mon, 16 Apr 2001 15:32:07 +0100
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> The method of Wichmann and Hill (Appl. Statist. 31 (1982))
> for combining n arbitrary PRNGs with output in [0, 1) consists
> in forming their sum mod 1. For crypto purposes, one could
> introduce some 'variability' by employing a weighted sum
> instead, thus rendering the analysis more difficult. We could,
> for example, choose cofficients in some range (1.0-delta,
> 1.0+delta) to multiply the PRNG outputs before summing mod 1.
> Further, some of the PRNG outputs may be squared before
> addition, thus creating nonlinearity (most PRNGs commonly
> employed in numerical computations are linear, though they
> have very good properties like large periods and simplicity
> of implementation). Of course, weighted sum could also
> be done on integer pseudo-random number sequences.
>
> M. K. Shen
If two different PRNGs giving unfiformly distributed random numbers in
[0.0:1.0) are added and the result is taken 'mod 1.0', this output will then
be uniformly distributed in [0.0:1.0). A bit of maths shows that the output
in [0.0-2.0) is not uniform but that the mod function combines the ranges
[0.0:1.0) and [1.0:2.0) in such a way that a uniform distribution results.
But if the outputs of the generators are multiplied by constants close to
1.0 before combination, the output will not generally be uniformly
distributed in [0.0:1.0).
This can be seen by considering a single PRNG giving uniformly distributed
random numbers in [0.0:1.0) and considering the output after multiplying by
a number (1.0 + delta), close to 1.0, and taking the output 'mod 1.0'. In
this case numbers in the range [0.0:delta) will occur twice as often as
those in the range [delta:1.0).
Although the maths is more complicated when several generators are
combined, the same issue turns up.
The uneven distributions that result may not be a problem in some
applications but they will frequently be undesirable.
Brian Gladman
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
