Cryptography-Digest Digest #219, Volume #14 Mon, 23 Apr 01 21:13:01 EDT
Contents:
Wolf's Secure Channel Theorem ("Mark G Wolf")
Re: Delta patching of encrypted data (David Wagner)
Re: Wolf's Secure Channel Theorem ("Jack Lindso")
Re: research on polymorphic crypto/Best Possible Privacy? (Shea Hawes)
Re: Delta patching of encrypted data (Benjamin Goldberg)
Re: Wolf's Secure Channel Theorem ("Mark G Wolf")
Re: ok newbie here ya go (wtshaw)
Re: Wolf's Secure Channel Theorem (wtshaw)
Re: ok newbie here ya go ("Tom St Denis")
Re: Gurus: Please show weaknesses in this ("M.S. Bob")
Re: Wolf's Secure Channel Theorem ("Mark G Wolf")
Re: C code for GF mults (David Eppstein)
Re: Wolf's Secure Channel Theorem ("Mark G Wolf")
Re: Delta patching of encrypted data (David Wagner)
Re: OTP WAS BROKEN!!! ("Douglas A. Gwyn")
Re: OTP WAS BROKEN!!! ("Tom St Denis")
Re: OTP breaking strategy (newbie)
Re: OTP breaking strategy ("Tom St Denis")
Re: 1024bit RSA keys. how safe are they? ("Brian Hetrick")
Re: Wolf's Secure Channel Theorem ("Joseph Ashwood")
Re: 1024bit RSA keys. how safe are they? ("Tom St Denis")
Re: Wolf's Secure Channel Theorem ("Mark G Wolf")
----------------------------------------------------------------------------
From: "Mark G Wolf" <[EMAIL PROTECTED]>
Subject: Wolf's Secure Channel Theorem
Date: Mon, 23 Apr 2001 16:10:09 -0500
Ok would you believe conjecture or hypotheses for now.
Wolf's Secure Channel Theorem - once a secure authentic channel has been
established between two distinct points in space it can be maintained
indefinitely.
April 23, 2001
What do you think of them apples!
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Delta patching of encrypted data
Date: 23 Apr 2001 21:14:51 GMT
Anon wrote:
>I settled on a plaintext feedback mode. As you say, this does expose me
>cryptographically, because anyone able to guess that a long repeating
>section of ciphertext corresponds to a long repeating section of plaintext
>(not hard) and that the repeating plaintext is zeroes (quite often) then has
>a single example of a (not chosen) plaintext and ciphertext to work from.
No, that's not the worst problem.
The problem is that if there are two positions in the file that have the
same plaintext, then the next 64 bits or so of plaintext will be revealed.
(No matter how good your algorithms are.) That's not a good property.
------------------------------
From: "Jack Lindso" <[EMAIL PROTECTED]>
Subject: Re: Wolf's Secure Channel Theorem
Date: Tue, 24 Apr 2001 00:42:05 +0200
It depends on how you define secure. If your definition of "secure" broad
enough then this theorem applies.
Otherwise there are several attacks which can be applied :
1. Eve records the information and then replays or blah blah (you get the
point)
2. Mallory acts as the man in the middle .....
However I think that your response to these would be "I stated a SECURE
channel".
But you can say that on anything, example :
OTP theorem : If you're able to transfer content over any channel
unrestrictedly to it's destination while only and only the recipient
receives it ==> the best algorithm to use here would be OTP (since
you can send the recipient the OTP unrestrictedly).
* Notice however that if OTP theorem applies then you won't need OTP since
you can send any content over this channel and you don't need to encrypt
it.
So your statement lack any value.
--
Anticipating the future is all about envisioning the Infinity.
http://www.atstep.com
====================================================
"Mark G Wolf" <[EMAIL PROTECTED]> wrote in message
news:9c25pj$5ahg$[EMAIL PROTECTED]...
> Ok would you believe conjecture or hypotheses for now.
>
> Wolf's Secure Channel Theorem - once a secure authentic channel has been
> established between two distinct points in space it can be maintained
> indefinitely.
>
>
> April 23, 2001
>
> What do you think of them apples!
>
>
------------------------------
From: Shea Hawes <[EMAIL PROTECTED]>
Subject: Re: research on polymorphic crypto/Best Possible Privacy?
Date: Mon, 23 Apr 2001 14:45:59 -0700
Mark G Wolf wrote:
> > I'm not sure I understand what you mean by hoping I'm a coincidence. If
> there
> > is another thread realted to this I have not been able to find it. If
> that is
> > not what you meant then you have succeeded in confusing me. Any help
> clearing
> > up your response would be appriciated.
>
> Oh, but you understand the rest of my message. What about that?
I was just including that under the "I'm now confused" clause.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Delta patching of encrypted data
Date: Mon, 23 Apr 2001 21:54:00 GMT
David Wagner wrote:
>
> Anon wrote:
> >I settled on a plaintext feedback mode. As you say, this does expose
> >me cryptographically, because anyone able to guess that a long
> >repeating section of ciphertext corresponds to a long repeating
> >section of plaintext (not hard) and that the repeating plaintext is
> >zeroes (quite often) then has a single example of a (not chosen)
> >plaintext and ciphertext to work from.
>
> No, that's not the worst problem.
>
> The problem is that if there are two positions in the file that have
> the same plaintext, then the next 64 bits or so of plaintext will be
> revealed.
That depends on what kind of PFB chaining you use. Suppose that you
hash the key and the prior 8 bytes of pt to get the next byte of
keystream. If there are two positions in the file with the same
plaintext, then there will be two positions in the file with the same
ciphertext -- however, the actual *contents* of the ciphertext will not
be directly revealed, just that they are the same. Further, the first
differing byte (ie, one past the end of the strings we are looking at)
will be revealed in that we can know the XOR of the two plaintext bytes.
However, this only applies to one byte, and if the bytes of the file
have high entropy (eg, are compressed, or otherwise have little
redundancy), then this is unuseful information.
> (No matter how good your algorithms are.) That's not a good property.
--
Sometimes the journey *is* its own reward--but not when you're trying to
get to the bathroom in time.
------------------------------
From: "Mark G Wolf" <[EMAIL PROTECTED]>
Subject: Re: Wolf's Secure Channel Theorem
Date: Mon, 23 Apr 2001 16:59:35 -0500
> It depends on how you define secure. If your definition of "secure" broad
> enough then this theorem applies.
Yes, exactly what is secure. I suppose in it's ultimate form it means that
information originating at one point can ONLY be received at the other
point.
I'm still thinking about the distinct point in space part and if it holds
true when they are in relative motion.
Oh yeah, I know, I've totally lost my marbles.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: ok newbie here ya go
Date: Mon, 23 Apr 2001 16:10:42 -0600
In article <nB0F6.37197$[EMAIL PROTECTED]>, "Tom St
Denis" <[EMAIL PROTECTED]> wrote:
> Here's a lengthly (somewhat) ASCII message encrypted with a OTP (plain xor).
> Decrypt it using your method!
>
> 35 53 5d 0a d3 2f b2 8c ef 08 8a 23 fa 2b 8a 0f
> a2 8b 8c 58 6e 89 a5 71 5c e7 5b ed b9 05 fd 0d
> cb 5b 0c c3 cf 9a 2f 53 28 c5 29 90 7d 3f 49 a3
> b4 27 d0 32 b1 21 2b ac ff 88 ef a0 70 0a 72 63
> 12 fc d3 7a 93 dc 7e de 72 99 07 d9 1c a1 da 85
> cf 91 7f a7 47 a0 2c 45 0d a3 f9 41 54 66 ea 7b
> cb 08 97 ce 03 8a 8f c1 9a a1 55 93 11 7e 43 9c
> 68 c4 d9 c5 26 5b 69 6a 7f a0 87 82 62 10 80 49
> f6 b4 ff 91 34 05 ac d6 c3
> --
> Tom St Denis
Are you sure that you wanted to say that? There may be women present.
Am I using his method?
--
Nafta, etc.? No way Jose.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Wolf's Secure Channel Theorem
Date: Mon, 23 Apr 2001 16:12:24 -0600
In article <9c25pj$5ahg$[EMAIL PROTECTED]>, "Mark G Wolf"
<[EMAIL PROTECTED]> wrote:
> Ok would you believe conjecture or hypotheses for now.
>
> Wolf's Secure Channel Theorem - once a secure authentic channel has been
> established between two distinct points in space it can be maintained
> indefinitely.
>
>
> April 23, 2001
>
> What do you think of them apples!
It's Apples, not apples, but that is only part of such a formula.
--
Nafta, etc.? No way Jose.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: ok newbie here ya go
Date: Mon, 23 Apr 2001 22:25:18 GMT
"wtshaw" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <nB0F6.37197$[EMAIL PROTECTED]>, "Tom St
> Denis" <[EMAIL PROTECTED]> wrote:
>
> > Here's a lengthly (somewhat) ASCII message encrypted with a OTP (plain
xor).
> > Decrypt it using your method!
> >
> > 35 53 5d 0a d3 2f b2 8c ef 08 8a 23 fa 2b 8a 0f
> > a2 8b 8c 58 6e 89 a5 71 5c e7 5b ed b9 05 fd 0d
> > cb 5b 0c c3 cf 9a 2f 53 28 c5 29 90 7d 3f 49 a3
> > b4 27 d0 32 b1 21 2b ac ff 88 ef a0 70 0a 72 63
> > 12 fc d3 7a 93 dc 7e de 72 99 07 d9 1c a1 da 85
> > cf 91 7f a7 47 a0 2c 45 0d a3 f9 41 54 66 ea 7b
> > cb 08 97 ce 03 8a 8f c1 9a a1 55 93 11 7e 43 9c
> > 68 c4 d9 c5 26 5b 69 6a 7f a0 87 82 62 10 80 49
> > f6 b4 ff 91 34 05 ac d6 c3
> > --
> > Tom St Denis
>
> Are you sure that you wanted to say that? There may be women present.
> Am I using his method?
Gah? You be trippin foo. Dat whack-ass message be all in polite english.
Tom
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Subject: Re: Gurus: Please show weaknesses in this
Date: Mon, 23 Apr 2001 23:21:33 +0100
"M.S. Bob" wrote:
> RSA Security's Cryptography FAQ
> <http://www.rsasecurity.com/rsalabs/faq/>
> BTW, I think this is now available as a book, or at least there is now
> a book from RSA Security that is very similiar in nature. _Cryptography
> Decrypted: A Pictorial Introduction to Digital Security_ by H. X. Mel,
> Doris M. Baker, Steve Burnett ISBN 0201616475.
To clarify:
RSA Security's Official Guide to Cryptography
by Steve Burnett, Stephen Paine
McGraw-Hill, ISBN: 007213139X
April 2001
is a different book than, the also useful and easy to understand
introductory text:
Cryptography Decrypted: A Pictorial Introduction to Digital Security
H. X. Mel, Doris M. Baker, Steve Burnett
Addison-Wesley ISBN: 0201616475
Dec 2000
------------------------------
From: "Mark G Wolf" <[EMAIL PROTECTED]>
Subject: Re: Wolf's Secure Channel Theorem
Date: Mon, 23 Apr 2001 17:38:09 -0500
> Yes, exactly what is secure. I suppose in it's ultimate form it means
that
> information originating at one point can ONLY be received at the other
> point.
>
> I'm still thinking about the distinct point in space part and if it holds
> true when they are in relative motion.
One more thing, I have to make a distinction between a secure channel and
communication "over"... ?..."through" that channel. There's a difference.
So yes, I stand by my original statement.
------------------------------
From: David Eppstein <[EMAIL PROTECTED]>
Subject: Re: C code for GF mults
Date: Mon, 23 Apr 2001 15:52:20 -0700
In article <v20F6.31740$I5.164284@stones>,
"Brian Gladman" <[EMAIL PROTECTED]> wrote:
> It raises the question of how many polynomials of the form T^2 + aT + b
> remain irreducible with respect to field doubling and where the successive
> a's and b's simply related (or fixed) in some way (a and b are field
> elements in each base field before doubling).
It's easy to calculate that (if the pre-doubling field size is q) there are
q^2 choices of a and b, and (q choose 2)+q choices of c and d in the
reducible polynomials (T-c)(T-d) and (T-c)^2, leaving another (q choose 2)
irreducibles.
This doesn't answer your other question of how to relate a and b though.
--
David Eppstein UC Irvine Dept. of Information & Computer Science
[EMAIL PROTECTED] http://www.ics.uci.edu/~eppstein/
------------------------------
From: "Mark G Wolf" <[EMAIL PROTECTED]>
Subject: Re: Wolf's Secure Channel Theorem
Date: Mon, 23 Apr 2001 18:02:09 -0500
Ok let's review.
Secure means that information originating in one place can only "come out"
in the other place. Like a worm hole in information space. Hey here's an
interesting question, what's the maximum bandwidth of such a channel if the
speed of light is the fastest information can "flow" "through" the channel?
Is it as fast as you can turn something on and off, but isn't that limit the
speed of light?! Ahhhhh! I'm melting.
Authentic means that the channel is unique or genuine. Perhaps distinct
would be better? No, authentic is more appropriate for cryptography.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Delta patching of encrypted data
Date: 23 Apr 2001 23:34:31 GMT
Benjamin Goldberg wrote:
>That depends on what kind of PFB chaining you use. Suppose that you
>hash the key and the prior 8 bytes of pt to get the next byte of
>keystream. If there are two positions in the file with the same
>plaintext, then there will be two positions in the file with the same
>ciphertext -- however, the actual *contents* of the ciphertext will not
>be directly revealed, just that they are the same. Further, the first
>differing byte (ie, one past the end of the strings we are looking at)
>will be revealed in that we can know the XOR of the two plaintext bytes.
Yes, and if it is a block-oriented PFB, then it's not just the subsequent
byte, it's the subsequent block, usually 64 or 128 bits or so.
Although the xor of two 64-bit or 128-bit plaintexts does not always
reveal both plaintexts, I would expect that it will leak information
frequently enough that this is not a good property.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Mon, 23 Apr 2001 23:30:33 GMT
Tom St Denis wrote:
> [re. transfinite numbers]
> You know what, I really don't care. It's one of those things that's "neat"
> but at my stage in life a completely useless fact. Just like knowing the
> universe is expanding. Not much I can do with that fact too.
If you only bother to learn that which you already deem to be
useful, you won't know what you need to know when the time comes.
One immediate use for the knowledge would be to stop you
making incorrect proclamaitions about properties of infinity.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Mon, 23 Apr 2001 23:58:37 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> > [re. transfinite numbers]
> > You know what, I really don't care. It's one of those things that's
"neat"
> > but at my stage in life a completely useless fact. Just like knowing
the
> > universe is expanding. Not much I can do with that fact too.
>
> If you only bother to learn that which you already deem to be
> useful, you won't know what you need to know when the time comes.
>
> One immediate use for the knowledge would be to stop you
> making incorrect proclamaitions about properties of infinity.
Um ok whatever. How could I possibly use this knowledge in my day to day
life? I don't know the half life of an Americium isotope, this may makes me
a bad nuclear engineer but I don't care!
etc, etc.
To me infinity is just a concept... i.e lim (x -> oo) 1/x is zero, etc...
I don't care that (oo)^2 != oo, etc..
Tom
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: OTP breaking strategy
Date: Mon, 23 Apr 2001 19:56:24 -0300
What is a random process?
What it appears today to be truly random will be very predictable
tomorrow.
Randomness is nothing more than some mechanisms above our actual
computational power.
"Douglas A. Gwyn" wrote:
>
> "SCOTT19U.ZIP_GUY" wrote:
> > if your source of randomness is a true rand gerator
> > then any output is possible. Including ouputs that
> > contain long string of zeroes or ones or even simily
> > asci text.
>
> True. One of newbie's (many) misunderstandings is the
> notion that a bit string can be characterized in itself
> as random or not. It is actually only processes that
> can be so categorized, e.g. what you call a true rand
> gerator. The data would have to be considered "random"
> if it was produced by a random process, but there is no
> way to tell just by looking at the data.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: OTP breaking strategy
Date: Tue, 24 Apr 2001 00:17:02 GMT
"newbie" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> What is a random process?
> What it appears today to be truly random will be very predictable
> tomorrow.
> Randomness is nothing more than some mechanisms above our actual
> computational power.
And simply because you believe this, I say READ A BLOODY BOOK YOU DARN
FOOL!!!!!
BTW two random bits xor'd together gives me 0, what are the two bits (one
guess only please).
Tom
------------------------------
From: "Brian Hetrick" <[EMAIL PROTECTED]>
Subject: Re: 1024bit RSA keys. how safe are they?
Date: Tue, 24 Apr 2001 00:33:31 GMT
"George T." wrote...
> Does anyone has idea how safe RSA 1024 bit keys are? Are they safe
> enough to be used for encrypting credit card information, travelling
> over the internet and or residing on servers (email) for more than
> 24 hours.
My own estimate is that the actual cost of brute forcing a 1024 bit
RSA key is about $150,000. See
http://www.geocities.com/tnotary/spcx509.html and
http://www.geocities.com/tnotary/spckeysize.html.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Wolf's Secure Channel Theorem
Date: Mon, 23 Apr 2001 17:05:15 -0700
Let's see if I can address the issue. The answer is no you cannot prove that
theorem. Consider the infinite cases. If I establish a secure channel
between A and B using cipher X. Cipher X has a key of a certain length,
given infinite resources (including the infinite time in which you intend to
maintain this channel) I can break the key for Cipher X. In order for you to
maintain security you must renegotiate, but if you negotiate over the pipe I
can record it and play it back later to determine where you went. So you
must negotiate a seperate pipe, or a sub pipe, either of which violates your
theorem.
Now as to how fast information can go through a channel, the speed of light
is a misleading quantity here. Consider instead a pipe of finite speed, and
a large set of switches of finite speed. You can use each of these switched
in parellel to build a k-wide pipe, regardless of the pipe-speed. So to
answer your question, the question you asked is not fully formed.
Considering a fully formed version, where the switch has finite speed, and
light travels at non-zero speed, you will see that again the answer is
deceptive because the light moves the light does not have to be visible at
the other end before the switch can be changed, so the answer if that the
switch can be flipped lastFiniteNumber of times per 1/lastFiniteNumber
second. However flipping the switch an infinite number of times in a finite
period would overfill the pipe. The lack of existance of the lat finite
number does not severely affect this, it only affects the magnitude.
Collecting information flowing that fast will be excessively difficult and
probably impossible, but you asked how fast could the information flow, not
whether or not the information could be read.
Joe
"Mark G Wolf" <[EMAIL PROTECTED]> wrote in message
news:9c25pj$5ahg$[EMAIL PROTECTED]...
> Ok would you believe conjecture or hypotheses for now.
>
> Wolf's Secure Channel Theorem - once a secure authentic channel has been
> established between two distinct points in space it can be maintained
> indefinitely.
>
>
> April 23, 2001
>
> What do you think of them apples!
>
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: 1024bit RSA keys. how safe are they?
Date: Tue, 24 Apr 2001 00:50:21 GMT
"Brian Hetrick" <[EMAIL PROTECTED]> wrote in message
news:vR3F6.31938$[EMAIL PROTECTED]...
> "George T." wrote...
> > Does anyone has idea how safe RSA 1024 bit keys are? Are they safe
> > enough to be used for encrypting credit card information, travelling
> > over the internet and or residing on servers (email) for more than
> > 24 hours.
>
> My own estimate is that the actual cost of brute forcing a 1024 bit
> RSA key is about $150,000. See
> http://www.geocities.com/tnotary/spcx509.html and
> http://www.geocities.com/tnotary/spckeysize.html.
I bet I could break a 1024-bit RSA key I make with under 15 seconds of work
on a normal desktop computer.
Tom
------------------------------
From: "Mark G Wolf" <[EMAIL PROTECTED]>
Subject: Re: Wolf's Secure Channel Theorem
Date: Mon, 23 Apr 2001 19:59:32 -0500
Nope, I don't quite follow on the second part, and parallel implies more
than one channel.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
