Cryptography-Digest Digest #256, Volume #14 Fri, 27 Apr 01 16:13:00 EDT
Contents:
Re: SHA PRNG (Volker Hetzer)
Re: Censorship Threat at Information Hiding Workshop (Mok-Kong Shen)
Secure Digital Music Initiative cracked? (Jim Steuert)
DSA in GF(2^W)? ("Tom St Denis")
Re: Censorship Threat at Information Hiding Workshop ("Trevor L. Jackson, III")
Re: Censorship Threat at Information Hiding Workshop ("Trevor L. Jackson, III")
Re: Censorship Threat at Information Hiding Workshop ("Tom St Denis")
Re: Secure Digital Music Initiative cracked? (Volker Hetzer)
Re: Censorship Threat at Information Hiding Workshop ("Trevor L. Jackson, III")
Re: Censorship Threat at Information Hiding Workshop ("Tom St Denis")
Simple encryption using MD5 (or some such) ([EMAIL PROTECTED])
Re: Censorship Threat at Information Hiding Workshop ("Trevor L. Jackson, III")
Re: Simple encryption using MD5 (or some such) ("Tom St Denis")
Re: Secure Digital Music Initiative cracked? ("Roger Schlafly")
Re: Secure Digital Music Initiative cracked? (Volker Hetzer)
Re: Censorship Threat at Information Hiding Workshop ("Trevor L. Jackson, III")
Re: Secure Digital Music Initiative cracked? (Tim May)
Re: SHA PRNG (Tim Tyler)
Re: ANOTHER REASON WHY AES IS BAD (Tim Tyler)
Re: SHA PRNG (Tim Tyler)
Re: SHA PRNG ("Tom St Denis")
Re: ANOTHER REASON WHY AES IS BAD ("Tom St Denis")
Re: Secure Digital Music Initiative cracked? (Volker Hetzer)
Re: Secure Digital Music Initiative cracked? (Jim Steuert)
Re: SHA PRNG (Volker Hetzer)
----------------------------------------------------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Date: Fri, 27 Apr 2001 20:26:20 +0200
Tim Tyler wrote:
> Regardless of how good the hash is, such RNGs have no "forward secrecy" -
> compromise of the state reveals all past and future outputs. This is not
> always a desirable feature in a PRNG.
That's true for *any* prng. If you want more you have to reseed
it periodically.
Greetings!
Volker
--
They laughed at Galileo. They laughed at Copernicus. They laughed at
Columbus. But remember, they also laughed at Bozo the Clown.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 20:06:54 +0200
Tom St Denis wrote:
>
> > Sorry for my big ignorance. I don't know what a 'debit card'
> > is. Is it a credit card, e.g. MasterCard? In that case one
> > has to sign and it is impossible for my friend to put my
> > signature on any document.
>
> No debit as in interac etc... it's like taking money that you already
> have i.e cheqing or savings..(not credit).
I can't conceive of such cards that don't require the
owner's signature or equivalents of signature and yet
are not transferable. One the other hand I know e.g.
cards for telephones, which are certainly transferable.
M. K. Shen
------------------------------
From: Jim Steuert <[EMAIL PROTECTED]>
Subject: Secure Digital Music Initiative cracked?
Date: Fri, 27 Apr 2001 14:25:29 -0400
I just read a ZDNet UK article regarding the music industry's
Secure Digital Music Initiative, in which they sponsored a
hacking contest. But when a research group composed of Princeton, Rice,
and Xerox Palo Alto people intended to present their results
Thursday, they were threatened with lawsuits by the RIAA and the SDMI
Foundation.
My personal opinion is that this blatant suppression of academic
freedom
(or mathematical freedom?) is a disgrace. (and also counterproductive)
Does anyone on this group have any knowledge of the details of
this contest, or of others results?
-Jim Steuert
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: DSA in GF(2^W)?
Date: Fri, 27 Apr 2001 18:37:45 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Is it possible to setup DSA for use in GF(2^W) instead of Z*p ?
I.e
let p be a 1024-bit irreducible polynomial
let q be a a large factor of 2^1024 - 1
let g be a generator such that g^((2^1024 - 1) / q) != 1
What current attacks are there against GF(2^K) Discrete Log type
problems? I will go look through my Eurocrypt collection.... any
pointers would be nice :-)
- --
Tom St Denis
- ---
http://tomstdenis.home.dhs.org
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOum8dQULrT+pXe8cEQIXtACfbun/+zI9Y6mE7NRcPqyhF5eWVGkAoKgw
ZQ7Or8xvsURqW314oFJrHrxc
=Zlou
=====END PGP SIGNATURE=====
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 18:49:10 GMT
Darren New wrote:
> Trevor L. Jackson, III wrote:
> > Hardly. By the purchase the library obtains the right to use _that_copy_ of
> > the book for any purpose it chooses.
>
> And that is exactly, 100% the right that started this thread. SMDI is trying
> to make it illegal to loan your copy of the music to someone else, yes?
I think I take issue with the idea of the music being "out on loan" unless you can
show some kind of reservation system. If you could show an online version of
loaning me your music CD, there would be very little basis for objection.
OTOH, you can only loan your CD to one person at a time. But you can loan an
audio file to any number of people, and so can they. If that is "loaning" what
distinguishes such "loaning" from widespread distribution that clearly infringes
upon copyright?
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 18:51:27 GMT
Tom St Denis wrote:
> ... Hmm let's see the avg movie star makes 20M$ per shot. So about
> 35M$ a year (depending). I make 22.5G$ a year so.... who is worse
> off?
Yes, but that is a form of sampling error (it sounds like you mean "the
average four sigma person"). If you consult the Screen Actors Guild
you'll find the average member makes around $10K per year acting.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 18:52:38 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Darren New wrote:
>
> > Trevor L. Jackson, III wrote:
> > > Hardly. By the purchase the library obtains the right to use
> > > _that_copy_ of the book for any purpose it chooses.
> >
> > And that is exactly, 100% the right that started this thread.
> > SMDI is trying to make it illegal to loan your copy of the music
> > to someone else, yes?
>
> I think I take issue with the idea of the music being "out on loan"
> unless you can show some kind of reservation system. If you could
> show an online version of loaning me your music CD, there would be
> very little basis for objection.
>
> OTOH, you can only loan your CD to one person at a time. But you
> can loan an audio file to any number of people, and so can they.
> If that is "loaning" what distinguishes such "loaning" from
> widespread distribution that clearly infringes upon copyright?
Is telling my friend about a movie or song lyrics infringement?
On one hand artists should be proud that they are appreciate on one
hand. In the other hand is the food they need to live.... arrg!
I say close down the RIAA and let the artists collect their own fees.
The RIAA doesn't support all artists views (mainly like the MPAA
they care about their own image...) and most are just too unpowered
to go it alone.
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOum/ywULrT+pXe8cEQJ7UACgvQEKKW0iAX4tw6G334qmazjhCk8AoO7N
pQhw5nfAW9mWblML7o2wz57Q
=eXDd
=====END PGP SIGNATURE=====
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Secure Digital Music Initiative cracked?
Date: Fri, 27 Apr 2001 21:09:21 +0200
Jim Steuert wrote:
> Does anyone on this group have any knowledge of the details of
> this contest, or of others results?
The usual way of those things is to show up a few weeks later on
some obscure russian/albanian/north corean village webserver and
someone posting the url here. I hope it's working out the same way here.
Greetings!
Volker
--
They laughed at Galileo. They laughed at Copernicus. They laughed at
Columbus. But remember, they also laughed at Bozo the Clown.
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 19:00:39 GMT
Mok-Kong Shen wrote:
> Tom St Denis wrote:
> >
>
> > No you're actually wrong here. You can't for example lend your debit
> > card to a friend in Canada since it is a violation of the terms of
> > agreement.
>
> Sorry for my big ignorance. I don't know what a 'debit card'
> is. Is it a credit card, e.g. MasterCard? In that case one
> has to sign and it is impossible for my friend to put my
> signature on any document.
In most jurisdictions your friend _can_ sign your signature and have it
upheld as valid in court if you direct him to do so and, of course, testify
to that effect.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 19:03:56 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Mok-Kong Shen wrote:
>
> > Tom St Denis wrote:
> > >
> >
> > > No you're actually wrong here. You can't for example lend your
> > > debit card to a friend in Canada since it is a violation of the
> > > terms of agreement.
> >
> > Sorry for my big ignorance. I don't know what a 'debit card'
> > is. Is it a credit card, e.g. MasterCard? In that case one
> > has to sign and it is impossible for my friend to put my
> > signature on any document.
>
> In most jurisdictions your friend _can_ sign your signature and
> have it upheld as valid in court if you direct him to do so and, of
> course, testify to that effect.
I dunno but here that's fraud :-)
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOunCnQULrT+pXe8cEQIAewCeOmCeNjGDnzWSWirD6UAF5LdEk3gAoLUk
4Yh42Ap+KxKobc5Jxy+r1HtQ
=M62j
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED]
Subject: Simple encryption using MD5 (or some such)
Date: Fri, 27 Apr 2001 12:03:43 -0700
Please forgive me that this is probably old hat.
But, if I want to send encrypted data to someone with whom I share a
secret "password", would this do the trick, cheesy as it is?
k = received_random_string
Loop:
k = md5(concatenate(k, password))
send(xor(md5(k), data_to_send))
goto Loop
Alex
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 19:05:03 GMT
Tom St Denis wrote:
> > You've made comments to the effect that working for money is a
> > position low on the ethical scale. Care to clarify?
>
> Well I feel if you want todo some good for the world and release free
> software (i.e GNU type of free) then you shouldn't be slapped in the
> face for using technology that has merit. I.e RC5. Specially when
> you live in Canada (but that's another story). I think (for example)
> if you want to use RC5 in a free project that has some use (other
> than just including RC5) such as a DC chat or secure phone then you
> shouldn't have to pay money.
>
> It's only through the sharing of knowledge and technology that we are
> to ever survive as a species. Imaginary pieces of paper called
> "money" will not feed or house, or entertain people indefinately.
>
> That's just my opinion I could be wrong (tm)
Redirected to mail.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Simple encryption using MD5 (or some such)
Date: Fri, 27 Apr 2001 19:07:46 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Please forgive me that this is probably old hat.
>
> But, if I want to send encrypted data to someone with whom I share
> a secret "password", would this do the trick, cheesy as it is?
>
>
> k = received_random_string
>
> Loop:
>
> k = md5(concatenate(k, password))
> send(xor(md5(k), data_to_send))
>
> goto Loop
If the user sends you k then md5(k) is not secret. If on the other
hand the user sends you k and you use md5(k || password) then that is
secure. (|| denotes concatenation). I think that is what you meant
but not wrote (or at least not correctly since you use k twice... use
k and k' in the future).
Note that if you ever reuse k it's not secure. So either k should be
a binary counter or perhaps do
k = md5(message)
k' = md5(k || password)
ciphertext = k' xor message
Chances are that all "k"s will be unique.
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOunDdwULrT+pXe8cEQJGEQCdHj1tQHXA1BaWYUZ7XDv17OjX5gYAoMF/
2ujVXsCbH0rydtNeFNmdN3dw
=fKwK
=====END PGP SIGNATURE=====
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Secure Digital Music Initiative cracked?
Date: Fri, 27 Apr 2001 18:04:47 GMT
"Jim Steuert" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I just read a ZDNet UK article regarding the music industry's
> Secure Digital Music Initiative, in which they sponsored a
> hacking contest. But when a research group composed of Princeton, Rice,
> and Xerox Palo Alto people intended to present their results
> Thursday, they were threatened with lawsuits by the RIAA and the SDMI
> Foundation.
See the parallel thread:
Censorship Threat at Information Hiding Workshop
> My personal opinion is that this blatant suppression of academic
> freedom
> (or mathematical freedom?) is a disgrace. (and also counterproductive)
The US passed a law a couple of years ago called DMCA making
"circumvention" a crime.
> Does anyone on this group have any knowledge of the details of
> this contest, or of others results?
The suppressed paper is online. Read it while you can.
http://cryptome.org/sdmi-attack.htm
http://www.wired.com/news/politics/0,1283,43353,00.html
If you don't like the RIAA's tactics, use Napster and related programs
while they are still legal.
Why Napster-like programs are good:
http://www.mindspring.com/~schlafly/napster.htm
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Secure Digital Music Initiative cracked?
Date: Fri, 27 Apr 2001 21:45:07 +0200
Roger Schlafly wrote:
> The suppressed paper is online. Read it while you can.
> http://cryptome.org/sdmi-attack.htm
> http://www.wired.com/news/politics/0,1283,43353,00.html
Not anymore. Did anyone get it?
Greetings!
Volker
--
They laughed at Galileo. They laughed at Copernicus. They laughed at
Columbus. But remember, they also laughed at Bozo the Clown.
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 19:29:03 GMT
Tom St Denis wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> "Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Mok-Kong Shen wrote:
> >
> > > Tom St Denis wrote:
> > > >
> > >
> > > > No you're actually wrong here. You can't for example lend your
> > > > debit card to a friend in Canada since it is a violation of the
> > > > terms of agreement.
> > >
> > > Sorry for my big ignorance. I don't know what a 'debit card'
> > > is. Is it a credit card, e.g. MasterCard? In that case one
> > > has to sign and it is impossible for my friend to put my
> > > signature on any document.
> >
> > In most jurisdictions your friend _can_ sign your signature and
> > have it upheld as valid in court if you direct him to do so and, of
> > course, testify to that effect.
>
> I dunno but here that's fraud :-)
Nope. Talk to a lawyer and see what he says. Canada used to be a
civilized nation.
------------------------------
From: Tim May <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Secure Digital Music Initiative cracked?
Date: Fri, 27 Apr 2001 12:41:44 -0700
In article <[EMAIL PROTECTED]>,
Volker Hetzer <[EMAIL PROTECTED]> wrote:
> Roger Schlafly wrote:
> > The suppressed paper is online. Read it while you can.
> > http://cryptome.org/sdmi-attack.htm
> > http://www.wired.com/news/politics/0,1283,43353,00.html
> Not anymore. Did anyone get it?
>
It was there when I just checked a minute ago. Read all the way to the
bottom, below the various letters.
--Tim May
--
Timothy C. May [EMAIL PROTECTED] Corralitos, California
Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go
Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Reply-To: [EMAIL PROTECTED]
Date: Fri, 27 Apr 2001 19:14:55 GMT
Volker Hetzer <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Regardless of how good the hash is, such RNGs have no "forward secrecy" -
:> compromise of the state reveals all past and future outputs. This is not
:> always a desirable feature in a PRNG.
: That's true for *any* prng. [...]
Not true. State compromise inevitably reveals future output - but need
not reveal past output.
Hashing the internal state and feeding it back is one way to prevent state
compromises giving information about earlier states of the PRNG.
--
__________
|im |yler Try my latest game - it rockz - http://rockz.co.uk/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: ANOTHER REASON WHY AES IS BAD
Reply-To: [EMAIL PROTECTED]
Date: Fri, 27 Apr 2001 19:24:15 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : "SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
:> :> [EMAIL PROTECTED] (Darren New) wrote in
:> <[EMAIL PROTECTED]>: :> >SCOTT19U.ZIP_GUY wrote:
:> :> >> Actaully Tom as usually your quite wrong. If one looks at
:> an OTP :> >> you would have to think of the OTP data itself as part
:> of the :> >> encryption program or the program nesicessary to make
:> the OTP sting. :> >
:> :> >So why do you think that doesn't apply to the AES cyphers as
:> well? :>
:> :> Actaully I do think it should inculde the AES short keys of
:> 256 bits. Why do you think I mentioned scott19u and its key
:> which is over a million butes in length. [...]
:>
:> : Why is a 256-bit key too short?
:>
:> It's short compared to the OTP key or the scott19u key discussed.
:>
:> "Too short" was not mentioned - except by you.
: Now you're being an idiot. he says "Actaully I do think it should
: inculde the AES short keys..." [sic] to me that suggests that an AES
: key is too short. What else does it mean?
That it's short compared to the OTP key, or the scott19u key discussed.
: And why is a million byte scott19u key any better? [...]
I'm not claiming it is - though bigger keys are usually more secure *if*
the associated key distribution problems can be solved - at least up to
the point where the key is as big as the message.
--
__________
|im |yler Try my latest game - it rockz - http://rockz.co.uk/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Reply-To: [EMAIL PROTECTED]
Date: Fri, 27 Apr 2001 19:18:22 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> Regardless of how good the hash is, such RNGs have no "forward
:> secrecy" - compromise of the state reveals all past and future
:> outputs. This is not always a desirable feature in a PRNG.
: The idea is to make the state large such that it cannot be
: compromised.
That may be your idea - but since one attack model involves the attacker
having read acccess to every aspect of the machine at some point,
simply increasing the size won't help against that.
: Also one should periodically re-seed the PRNG. [...]
Yes, a classical remedy for the problem. It effectively means you can't
backtrack beyond the reseeding point.
--
__________
|im |yler Try my latest game - it rockz - http://rockz.co.uk/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Date: Fri, 27 Apr 2001 19:47:45 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Volker Hetzer <[EMAIL PROTECTED]> wrote:
> : Tim Tyler wrote:
>
> :> Regardless of how good the hash is, such RNGs have no "forward
> secrecy" - :> compromise of the state reveals all past and future
> outputs. This is not :> always a desirable feature in a PRNG.
>
> : That's true for *any* prng. [...]
>
> Not true. State compromise inevitably reveals future output - but
> need not reveal past output.
>
> Hashing the internal state and feeding it back is one way to
> prevent state compromises giving information about earlier states
> of the PRNG.
You mean
output = Hi = HASH(R || H_i-1 || C)
Where R is the initial random seed, C a binary counter and H_0 is
HASH(R) ?
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOunM4QULrT+pXe8cEQKHgwCg6OPuTRil34DAhgdIcazYcnfKsKQAn1lp
JbPdMlEmClGMjm2Gjtr80EAc
=KA0O
=====END PGP SIGNATURE=====
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: ANOTHER REASON WHY AES IS BAD
Date: Fri, 27 Apr 2001 19:50:51 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
> :> : "SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> :> :> [EMAIL PROTECTED] (Darren New) wrote in
> :> <[EMAIL PROTECTED]>: :> >SCOTT19U.ZIP_GUY wrote:
>
> :> :> >> Actaully Tom as usually your quite wrong. If one looks
> at :> an OTP :> >> you would have to think of the OTP data itself
> as part :> of the :> >> encryption program or the program
> nesicessary to make :> the OTP sting. :> >
> :> :> >So why do you think that doesn't apply to the AES cyphers as
> :> well? :>
> :> :> Actaully I do think it should inculde the AES short keys
> of :> 256 bits. Why do you think I mentioned scott19u and its key
> :> which is over a million butes in length. [...]
> :>
> :> : Why is a 256-bit key too short?
> :>
> :> It's short compared to the OTP key or the scott19u key
> discussed. :>
> :> "Too short" was not mentioned - except by you.
>
> : Now you're being an idiot. he says "Actaully I do think it
> should : inculde the AES short keys..." [sic] to me that suggests
> that an AES : key is too short. What else does it mean?
>
> That it's short compared to the OTP key, or the scott19u key
> discussed.
>
> : And why is a million byte scott19u key any better? [...]
>
> I'm not claiming it is - though bigger keys are usually more secure
> *if* the associated key distribution problems can be solved - at
> least up to the point where the key is as big as the message.
Ok what is the point of this argument? To show that an AES key is
too small (i.e ineffective?) or just that OTPs and scott19u are bad
ways to go about cryptography?
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOunNOAULrT+pXe8cEQLcrwCgsPlCZEnfAHpDglEET1w6YEKORkQAoOtr
IpmwlP53G4KpeMoZpAm8KMdn
=zMVd
=====END PGP SIGNATURE=====
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Secure Digital Music Initiative cracked?
Date: Fri, 27 Apr 2001 22:07:18 +0200
Tim May wrote:
>
> In article <[EMAIL PROTECTED]>,
> Volker Hetzer <[EMAIL PROTECTED]> wrote:
>
> > Roger Schlafly wrote:
> > > The suppressed paper is online. Read it while you can.
> > > http://cryptome.org/sdmi-attack.htm
> > > http://www.wired.com/news/politics/0,1283,43353,00.html
> > Not anymore. Did anyone get it?
> >
>
> It was there when I just checked a minute ago. Read all the way to the
> bottom, below the various letters.
Sorry, was my mistake. I had only reead the beginning.
Had a long day (it's 10pm now and I'm still at work.)
Greetings!
Volker
--
They laughed at Galileo. They laughed at Copernicus. They laughed at
Columbus. But remember, they also laughed at Bozo the Clown.
------------------------------
From: Jim Steuert <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Secure Digital Music Initiative cracked?
Date: Fri, 27 Apr 2001 15:57:19 -0400
I got it. Thanks to Roger!
-Jim Steuert
Volker Hetzer wrote:
> Roger Schlafly wrote:
> > The suppressed paper is online. Read it while you can.
> > http://cryptome.org/sdmi-attack.htm
> > http://www.wired.com/news/politics/0,1283,43353,00.html
> Not anymore. Did anyone get it?
>
> Greetings!
> Volker
> --
> They laughed at Galileo. They laughed at Copernicus. They laughed at
> Columbus. But remember, they also laughed at Bozo the Clown.
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Date: Fri, 27 Apr 2001 22:09:41 +0200
Tim Tyler wrote:
>
> Volker Hetzer <[EMAIL PROTECTED]> wrote:
> : Tim Tyler wrote:
>
> :> Regardless of how good the hash is, such RNGs have no "forward secrecy" -
> :> compromise of the state reveals all past and future outputs. This is not
> :> always a desirable feature in a PRNG.
>
> : That's true for *any* prng. [...]
>
> Not true. State compromise inevitably reveals future output - but need
> not reveal past output.
Ok, forgot about the past part.
Greetings!
Volker
--
They laughed at Galileo. They laughed at Copernicus. They laughed at
Columbus. But remember, they also laughed at Bozo the Clown.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
