Cryptography-Digest Digest #242, Volume #14 Thu, 26 Apr 01 19:13:01 EDT
Contents:
Re: OTP WAS BROKEN!!! ("Tom St Denis")
Re: RC4 Source Code ("Tom St Denis")
Re: Counter-Heisenberg 2-Phase Inequalities in Quantum Computers - ("Douglas A.
Gwyn")
Scientific and engineering calculator+grapher+unit converter (Win'9x,NT,ME,2000)
("Igor Evsikov")
Re: What's up with counterpane.com ("M.S. Bob")
Re: What's up with counterpane.com ("Tom St Denis")
number theoretic SKEY scheme ("Tom St Denis")
Re: Censorship Threat at Information Hiding Workshop (An Metet)
Re: What Is the Quality of Randomness? ("Mark G Wolf")
Re: What Is the Quality of Randomness? ("Tom St Denis")
Re: RC4 Source Code (Bill Unruh)
Re: RC4 Source Code ("Tom St Denis")
Re: OTP WAS BROKEN!!! ("Douglas A. Gwyn")
Re: Quantum Crypto ("Douglas A. Gwyn")
Re: Censorship Threat at Information Hiding Workshop ("Douglas A. Gwyn")
Re: OTP WAS BROKEN!!! ("Tom St Denis")
----------------------------------------------------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Thu, 26 Apr 2001 19:13:39 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> > Um ok whatever. How could I possibly use this knowledge
> > in my day to day life?
>
> First, despite the adage that there is no such thing as a
> stupid question, that is one. It presupposes that you should
> be prefiltering all knowledge by the criterion of its future
> usefulness.
>
> At least one other poster showed an application for Cantor's
> diagonal method. Some of the concepts are essential to
> measure theory, which is essential to continuous probability
> theory, which is essential to information theory, which is
> essential to sound cryptology.
Ah true, maybe I should be a bit open minded...
> > I don't know the half life of an Americium isotope,
> > this may makes me a bad nuclear engineer but I don't care!
>
> So long as you know how to look it up (and will actually *do*
> that) when the need arises, that is fine. I've occasionally
> needed to know half-lives and modes of emission of isotopes,
> and I simply looked them up.
>
> > To me infinity is just a concept... i.e lim (x -> oo) 1/x is zero,
etc...
> > I don't care that (oo)^2 != oo, etc..
>
> Those are different concepts. There is a long history of
> debate about "potential" infinity (i.e. a limiting notion)
> versus an "actualizable" infinity (i.e. infinity as a number).
>
> It is a pity that you don't care about interesting mathematics.
I do, but often people get on wild tangents just because they can. Look at
bent vectors. Volumes have been written about them, what happended? People
steer clear of them. Or the trillion digit of PI, etc... Some things are
worth studying to a point (i.e bent vectors did lead to neat theories) but
once the horse has died let it be. (i.e stop using em!).
Anyways this is OT.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: RC4 Source Code
Date: Thu, 26 Apr 2001 19:14:58 GMT
"Bill Unruh" <[EMAIL PROTECTED]> wrote in message
news:9c9pjq$l2h$[EMAIL PROTECTED]...
> In <SlPF6.17153$[EMAIL PROTECTED]> "Dirk Mahoney"
<[EMAIL PROTECTED] (remove the _)> writes:
>
> >Can anyone point the way to RC4 source code written in C or C++?
>
> RC4 source code is a trade secret. Noone knows it who can tell you.
> There is an implimentation whose output is identical to the RC4 output,
> called ARC4. Look for it with a web search enging.
>
Get real. Let's tremble at the allmighty RSA. For geez sake just call it
RC4.
Tom
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Counter-Heisenberg 2-Phase Inequalities in Quantum Computers -
Date: Thu, 26 Apr 2001 18:37:16 GMT
Alas, although I have a long-standing interest in alternative
fundamental theories of physics, the abstracts on the cited
Web page give every indication of being crackpot.
------------------------------
From: "Igor Evsikov" <[EMAIL PROTECTED]>
Subject: Scientific and engineering calculator+grapher+unit converter
(Win'9x,NT,ME,2000)
Date: Thu, 26 Apr 2001 15:38:14 -0400
http://www.zdnet.com/downloads/stories/info/0,,000PUQ,.html
WiSCy99 (Windows scientific and engineering calculator for real, complex
and matrix operation + grapher + unit converter) is a
comprehensive yet easy-to-use scientific calculator. Very thorough and
nicely designed, WiSCy is well documented and has a familiar and attractive
interface that makes it a pleasure to use. Features include support for
color graphs, integration, trigonomic functions, a variety of statistics
functions, a constants list that can be easily edited, unit conversions and
editor for custom units convertor, and lots more. You can even build and
edit lists of user variables and functions. All calculations are logged to a
"tape" that can be saved as text or printed. Graph plots can be also be
saved in one of three graphics formats.
Features List:
- Arithmetic and logical operators and functions
- Common functions such as exp, ln, sqrt, sqr, bnml etc.
- Common, trigonometric, hyperbolic complex functions
- Trigonometric, Hyperbolic functions
- Numerical Integration
- Equations can be solved
- Special functions (Gamma, Bessel's, Si, Ci, erf, erfc, Fresnel's)
- Statistic functions (Average, Standard deviation, Sum, Random,
Gauss random, statistical variance, etc )
- FOR-type loop
- if (...) then (...) else (...) function
- Tape of results
- Assistant and debug: error position fixed
- Plot f(X), Contour Plot f(X,Y), Color Shading f(X,Y),
real 3D-Plot f(X,Y), Derivative, Fit.
- Print results, graphics and print preview
- Save graphics to BMP, WMF, EMF formats
- Matrix Operations(A+B=C, A-B=C, A*B=C, inverse(A)=C,
Power(A,n)=C, det |A|=C[1.1], Solve A(X)=C)
- Decimal, Hexadecimal and Binary bases
- Fixed point, Scientific, Engineering and Sexagesimal notations
- Radian and Degree modes for trigonometric functions
- Precision: 10-12 significant digits.
- Range: _(3.4E-4392 to 1.1E+4392)
- 10 pre defined variables, user define variables
- User define functions
- 30 user defined constants (up to 16000), search and edit file
with constants.
- Stack for expressions (up to 16000)
- Stack for results (up to 16000)
- Unit Converter
- Custom unit convertor
- Evaluate expressions from file
- Simple tape calculator
Changes: Evaluate expressions from file, simple tape calculatur,
custom units convertor.
Igor Evsikov
[EMAIL PROTECTED]
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Subject: Re: What's up with counterpane.com
Date: Thu, 26 Apr 2001 21:04:09 +0100
Tom St Denis wrote:
>
> > >> > I used to look at Counterpane for some cool crypto stuff but lately
> > >their
> > >> > site has become (using Schneier's own words) more "Buzzword
> compliant"
>
> (similar with the others in the crowd i.e Wagner, Knudsen, Biham, etc..). I
> don't doubt he is still a good cryptographer. I just find it saddening that
> he became a hypocrite.
I don't see how trying to sell decent cryptography and computer security
is becoming a hypocrite.
He still doesn't sell cipher algorithms (via patents or other
restrictions), but makes his money from what he knows about, computer
security.
As far as I know Counterpane doesn't make "scientific" announcements via
press release, hold press conferences before writing papers on security
vulnerabilities, or produce press releases about security flaws as a
cheap marketing gimmick like various anti-virus software companies do.
I don't see what is wrong in his attempt to make money, while keeping
his security and cryptographic knowledge "in the public realm of
knowledge" (not trade secrets, not proprietary).
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: What's up with counterpane.com
Date: Thu, 26 Apr 2001 20:29:11 GMT
"M.S. Bob" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> >
> > > >> > I used to look at Counterpane for some cool crypto stuff but
lately
> > > >their
> > > >> > site has become (using Schneier's own words) more "Buzzword
> > compliant"
> >
> > (similar with the others in the crowd i.e Wagner, Knudsen, Biham,
etc..). I
> > don't doubt he is still a good cryptographer. I just find it saddening
that
> > he became a hypocrite.
>
> I don't see how trying to sell decent cryptography and computer security
> is becoming a hypocrite.
>
> He still doesn't sell cipher algorithms (via patents or other
> restrictions), but makes his money from what he knows about, computer
> security.
Ah but his full use of buzzwords is hypocritical if you listen to his HOPE
conference talk he says that buzzword compliancy is a sign of stupidity. I
am sure he's a smart cookie and knows a heck of a lot more than I do. I am
just saying it's kinda neat that he uses things like "We Watch, We Respond."
Etc... Makes me feel all warm and fuzzy.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: number theoretic SKEY scheme
Date: Thu, 26 Apr 2001 20:46:53 GMT
SKEY afaik from AC2 is a password login scheme where you create a hash list
i.e
1. H_0 is a random secret
2. for i from 1 to N do
2.1 H_i = hash(H_{i-1})
You give out H_N and each time you login you give the previous hash. The
idea is that you must be who you are since you know the input to the hash to
give predetermined values. It also has the feature that it doesn't depend
on user remembering entropy and the scheme has a limited life time (i.e N
logins).
I am thinking of a slightly different scheme. One where you replace hash
with a square modulo a blum integer. By giving out the square root you
prove you know some secret info. Use the integer as a BBS type thing where
you give the N'th output (since you know the factors you can seek to there).
Then as you login you just give out the N-r BBS output.
That would be slower but wouldn't it depend on factoring the blum integer to
crack it?
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
Date: Thu, 26 Apr 2001 16:26:54 -0400
From: An Metet <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
>So here's how my preference would be. Use the word "theft"
The basic issue here is that "property" is purely synthetic,
fictious term. There is nothing natural about property per se,
and implied consensus that all agree about "property" is the
main obstacle in this discussion.
I don't see anything less or more "wrong" or "illegal" in
in taking a person's wallet or his/her picture.
If the picture has value in meatspace, then you effectively
took from the wallet.
It's all in the enforcement. If something cannot be effectively
enforced (and copyright will never be, as long as we use our
eyes and ears), then, for the peace of mind, most will regard it
as "OK" to do.
There are absolutely no moral issues here. Morality is just a way
of lowering the enforcement cost.
------------------------------
From: "Mark G Wolf" <[EMAIL PROTECTED]>
Subject: Re: What Is the Quality of Randomness?
Date: Thu, 26 Apr 2001 16:20:09 -0500
Ok. First I was speaking of 7-bit ASCII, but 8-bits is fine too. I agree
that throughout the WHOLE pad every 8-bit group will have an equal
probability, namely 1/256; and XORing the same 8-bit pattern will just
simply "rearrange" where those 8-bit groups are, BUT, what about the sub
groups. For example, let's take a fictitious character that has an "ASCII"
representation of 00001111. Now let me do the same thing by just encrypting
a string of this same character. So I take 000011110000111100001111... and
XOR with my uniformly distributed random pad. Now if I started from the
"beginning" and took 8-bits at a time your same argument would apply. Each
8-bit grouping would have an equal probability of 1/256 so XORing with
00001111 nonstop would just rearrange where those 8-bit groups are. But
what if I take 4-bit groupings, starting from the "beginning". Now each
"original" 4-bit grouping would have an equal probability of 1/16, but after
XORing with my alternating 0000 and 1111 what would you get? 1/2 of the
time you would leave the bits unchanged, and 1/2 of the time you would
"flip" the bits, BUT, you would be doing it in a very predictable periodic
way. Now this is a very exaggerated condition, but nonetheless valid and
applicable.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: What Is the Quality of Randomness?
Date: Thu, 26 Apr 2001 21:26:32 GMT
"Mark G Wolf" <[EMAIL PROTECTED]> wrote in message
news:9ca3gj$2gdm$[EMAIL PROTECTED]...
> Ok. First I was speaking of 7-bit ASCII, but 8-bits is fine too. I agree
> that throughout the WHOLE pad every 8-bit group will have an equal
> probability, namely 1/256; and XORing the same 8-bit pattern will just
<snip>
You posted this about five times. Please learn how to use your newsreader.
Tom
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: RC4 Source Code
Date: 26 Apr 2001 21:53:02 GMT
In <Ss_F6.66215$[EMAIL PROTECTED]> "Tom St Denis"
<[EMAIL PROTECTED]> writes:
]"Bill Unruh" <[EMAIL PROTECTED]> wrote in message
]news:9c9pjq$l2h$[EMAIL PROTECTED]...
]> In <SlPF6.17153$[EMAIL PROTECTED]> "Dirk Mahoney"
]<[EMAIL PROTECTED] (remove the _)> writes:
]>
]> >Can anyone point the way to RC4 source code written in C or C++?
]>
]> RC4 source code is a trade secret. Noone knows it who can tell you.
]> There is an implimentation whose output is identical to the RC4 output,
]> called ARC4. Look for it with a web search enging.
]>
]Get real. Let's tremble at the allmighty RSA. For geez sake just call it
]RC4.
Who is trembling? RC4 is a piece of code written by and for RSADSI
which has never been published. It is in fact claimed as a trade secret
by RSA. Thus noone can "point" to the RC4 source code.
One can point to the ARC4 source code and state that tests have shown
that on a selected set of inputs, the output of ARC4 is identical to
RC4. One cannot say that it is identical since noone knows. RC4 might
for example include an additional permutaion of the state matrix after
every 10^6 outputs to guard against some obscure weakness. Has anyone
ever tested RC4 against ARC4 for 10^6 outputs? They may
then differ. If so, ARC4 and RC4 would be different cyphers. It is better
to keep different names for items which you do not know to be
equivalent.
By the way, a source for arc4 is available at
ftp://sable.ox.ac.uk/pub/crypto/misc/rc4.tar.gz
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: RC4 Source Code
Date: Thu, 26 Apr 2001 21:57:59 GMT
"Bill Unruh" <[EMAIL PROTECTED]> wrote in message
news:9ca5bu$sd8$[EMAIL PROTECTED]...
> In <Ss_F6.66215$[EMAIL PROTECTED]> "Tom St Denis"
<[EMAIL PROTECTED]> writes:
>
>
> ]"Bill Unruh" <[EMAIL PROTECTED]> wrote in message
> ]news:9c9pjq$l2h$[EMAIL PROTECTED]...
> ]> In <SlPF6.17153$[EMAIL PROTECTED]> "Dirk Mahoney"
> ]<[EMAIL PROTECTED] (remove the _)> writes:
> ]>
> ]> >Can anyone point the way to RC4 source code written in C or C++?
> ]>
> ]> RC4 source code is a trade secret. Noone knows it who can tell you.
> ]> There is an implimentation whose output is identical to the RC4 output,
> ]> called ARC4. Look for it with a web search enging.
> ]>
>
> ]Get real. Let's tremble at the allmighty RSA. For geez sake just call
it
> ]RC4.
>
> Who is trembling? RC4 is a piece of code written by and for RSADSI
> which has never been published. It is in fact claimed as a trade secret
> by RSA. Thus noone can "point" to the RC4 source code.
>
> One can point to the ARC4 source code and state that tests have shown
> that on a selected set of inputs, the output of ARC4 is identical to
> RC4. One cannot say that it is identical since noone knows. RC4 might
> for example include an additional permutaion of the state matrix after
> every 10^6 outputs to guard against some obscure weakness. Has anyone
> ever tested RC4 against ARC4 for 10^6 outputs? They may
> then differ. If so, ARC4 and RC4 would be different cyphers. It is better
> to keep different names for items which you do not know to be
> equivalent.
>
> By the way, a source for arc4 is available at
> ftp://sable.ox.ac.uk/pub/crypto/misc/rc4.tar.gz
Ironic that this is called "rc4.tar.gz"
No I think most used ARC4 because they think they are cheating the big mean
RSA out of some doh. Let's face reality. If RC4 and ARC4 output the same
stuff for the same keys chances are they are the same algorithm. Even
Schneier admits that it's RC4 in AC2.
Tom
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Thu, 26 Apr 2001 21:58:12 GMT
Tom St Denis wrote:
> I do, but often people get on wild tangents just because they can. Look at
> bent vectors. Volumes have been written about them, what happended? People
> steer clear of them. Or the trillion digit of PI, etc... Some things are
> worth studying to a point (i.e bent vectors did lead to neat theories) but
> once the horse has died let it be. (i.e stop using em!).
> Anyways this is OT.
Not really -- did you mean "bent functions"? They are quite
relevant to a very important area of cryptology.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Quantum Crypto
Date: Thu, 26 Apr 2001 22:03:31 GMT
Roger Schlafly wrote:
> So, even though quantum cryptography can't ensure that someone won't try to
> spy on you, it does mean that the recipient of your key can always tell how
> much a third party has been listening in.
No, careful implementation of QC can guarantee that an eavesdropper
cannot obtain information about the plaintext (*and* the legitimate
receiver can detect the disruption).
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Thu, 26 Apr 2001 22:05:16 GMT
An Metet wrote:
> There is nothing natural about property per se,
There most certainly is. Products require producers.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Thu, 26 Apr 2001 23:06:32 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> > I do, but often people get on wild tangents just because they can. Look
at
> > bent vectors. Volumes have been written about them, what happended?
People
> > steer clear of them. Or the trillion digit of PI, etc... Some things
are
> > worth studying to a point (i.e bent vectors did lead to neat theories)
but
> > once the horse has died let it be. (i.e stop using em!).
> > Anyways this is OT.
>
> Not really -- did you mean "bent functions"? They are quite
> relevant to a very important area of cryptology.
Aren't bent vectors maximally nonlinear and xor-pair minimized? (i.e
Vaudenay's "links between linear and diff analysis" which I stil don't fully
get)
I would rather use bijective functions.
I suppose if you're a big Luby-Rackoff fan you need surjective (is that the
right word? i.e not bijective) functions....
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
