Cryptography-Digest Digest #272, Volume #14 Mon, 30 Apr 01 15:13:00 EDT
Contents:
Re: A practical idea to reinforce passwords (David Hopwood)
Re: A keen symmetric cipher idea ("Tom St Denis")
Re: A keen symmetric cipher idea ("Tom St Denis")
Re: A practical idea to reinforce passwords (David Hopwood)
Re: EC encrypt/decrypt (Mike Rosing)
Re: A Question Regarding Backdoors (Jeffrey Williams)
Re: Secure Digital Music Initiative cracked? (Mok-Kong Shen)
Re: A Question Regarding Backdoors ("Tom St Denis")
Re: Secure Digital Music Initiative cracked? ("Tom St Denis")
Re: GF(2^m) (Mike Rosing)
Re: A keen symmetric cipher idea (newbie)
Re: A keen symmetric cipher idea ("Tom St Denis")
Re: Message mapping in EC. (Mike Rosing)
Re: GF(2^m) ("Tom St Denis")
Re: Censorship Threat at Information Hiding Workshop (Paul Rubin)
Re: RSA BRUTE FORCE (John Savard)
Re: informations about cryptography books ("M.S. Bob")
Re: Secure Digital Music Initiative cracked? (Mok-Kong Shen)
----------------------------------------------------------------------------
Date: Mon, 30 Apr 2001 19:04:44 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Subject: Re: A practical idea to reinforce passwords
=====BEGIN PGP SIGNED MESSAGE=====
"Tony L. Svanstrom" wrote:
> Harald Korneliussen <[EMAIL PROTECTED]> wrote:
> > My idea is that upon selecting a password, X bits of random data
> > is added to the password. You are not informed of what these bits
> > are, nor does the computer store them. The computer only stores
> > how many bits there are, and brute-forces them every time you
> > enter you password.
>
> Scramdisk is doing something like that, but instead of adding random
> data to the password it just doesn't store any information about what
> algorithm was used. This means that the program has to try all the
> "valid" (ie the ones that are an option to use) algorithms and then
> check if that was the correct one.
The limitation of this is that there is very little entropy in the choice
of encryption algorithm (I suspect that most users choose either Blowfish
or Rijndael, so there is probably only about one bit). An attacker will
try the algorithms in order of the estimated probability that the
targeted user will choose them. Note that it's quite possible that the
attacker knows the user's algorithm preferences in advance.
Scramdisk would be more secure against dictionary attack if it used
key stretching instead of trying to hide the algorithm. (Doing both
is possible, but it means that the number of bits by which the key
is "stretched" has to be reduced slightly, if the time needed to open
a volume is held constant. OTOH, for the steganographic mode, you want
an encrypted volume to be indistinguishable from random bits, so a
cleartext algorithm identifier should not be present in that case.)
Actually now that I think about it, key stretching doesn't have a
significant advantage over key strengthening for disk encryption, since
the most common operation is opening the volume, not creating it.
Strengthening is probably a little simpler, so use that.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOuzQcTkCAxeYt5gVAQHkFQf/ThUOstKmKjymwLhAQYdQp1FMfPLz/6++
Mvt9HIdRQVkgRgSadHRS/ft8pQmh7XVi8ob9wl9SdLlqKRFXB+3r4HjLr4aBQaqv
BBaBG8s+SM0uf/upLzCVzosuhWfo7KaGh9pSwlxj82pbLEatJEVPEO4wqtb8telx
ZK3DlqsQFOBCYEKRNXVyLQ43MHTuJo7HFXMDtQvuH7e6PAwSBjwgQMGZS+quj3W3
SK5hRry8PWWQykm7KTEYCEWnnRzW8qMuHIR3I8zxfpBtlM/WIt6MKf2cJcN3kh+g
0LcKaFl2LWFBrAMn2J9Rovpd7kkz+LNDitl678bpj4EGDHJOjUMBYQ==
=YvqW
=====END PGP SIGNATURE=====
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: A keen symmetric cipher idea
Date: Mon, 30 Apr 2001 18:02:44 GMT
"David Wagner" <[EMAIL PROTECTED]> wrote in message
news:9ck8v6$qni$[EMAIL PROTECTED]...
> Tom St Denis wrote:
> >I was just trying to spur discussion I wasn't trying to replace AES or
> >something ... geez.
>
> "spur discussion"? To what end? If you want to learn about how to
> design ciphers based on number theory, first you should learn about
> number theory from the books before trying to learn from the newsgroup
> -- that's a far more efficient use of everyone's time.
First off who died and made you king of the castle?
Second, my book hasn't arrived yet so in the meantime should I just go into
a coma? Sure I will go to my local library where pull out books are the
norm and read about advanced math... sure....
Third, this is a perfect example of intelligent discussion being shuned on
SCI as in Science, CRYPT as in cryptology. Sure the original design sucked
but why couldn't you just suggest some way of making it better or just say
"this is easily breakable". Do you attack your students as being stupid at
Berkeley when they make silly mistakes? I sure hope not.
You yourself have posted some good stuff and bad stuff about SDMI/et al. As
if you haven't wasted usenet space yourself.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: A keen symmetric cipher idea
Date: Mon, 30 Apr 2001 18:03:30 GMT
"newbie" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Who is stupid?
Very intelligent post. Is decency a foreign concept to ya?
Tom
>
> Tom St Denis wrote:
> >
> > "David Wagner" <[EMAIL PROTECTED]> wrote in message
> > news:9cj24j$m4f$[EMAIL PROTECTED]...
> > > Tom St Denis wrote:
> > > >1. Both users pick two large primes p and q, then form N = pq
> > > >2. To encode a message you take 0 < M < N and do, c1 = M mod p, c2 =
> > > >M mod q
> > >
> > > This is utterly silly.
> > >
> > > p divides M - c1, so if you have two known plaintexts (M,(c1,c2)),
> > > (M',(c1',c2')), then you can recover p as gcd(M - c1, M' - c1').
> > >
> > > You might want to study a bit more number theory before proposing any
> > > more such ciphers.
> >
> > I agree. However my Koblitz book has not arrived and my "Dover Series"
> > number theory books don't cover much of this type of math.
> >
> > I was just trying to spur discussion I wasn't trying to replace AES or
> > something ... geez.
> >
> > Tom
------------------------------
Date: Mon, 30 Apr 2001 19:05:41 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Subject: Re: A practical idea to reinforce passwords
=====BEGIN PGP SIGNED MESSAGE=====
Niklas Frykholm wrote:
> Yes, this is a good idea, we want to slow down the attacker
> as much as possible. And if we can slow down the attacker
> 1000 times (which is easy to do without putting much strain
> on your computer), it _does_ make a difference.
>
> Methods similar to this one are employed in many encryption
> system (see for example PKCS #5, that Jakob referred to),
> however the slowdown is typically not done in this way.
> Instead, a slow key derivation function (KDF) is used to
> transform the password to a key
>
> K = KDF(PW)
>
> Usually, some parameter to the KDF controls the number of
> iterations (the ammount of slowdown).
>
> This gives a constant slowdown (rather than a random one,
> which we get with your method), which might be preferrable.
> However, I think the main reason that this method is
> preferred is that we do not have to worry about related key
> attacks.
Concerns about related key attacks on the encryption algorithm
(for the case of passphrase-based encryption) can and should be
addressed by hashing the passphrase and random salt (e.g.
key = H(PW || R_i) in your notation). I don't know of any
related key attacks that work through a hash function; if they
do, then that is reason enough to consider the hash function
broken.
> With your method we want to compute H(PW || R_i) for all
> possible R_i and compare it to a stored hash value. It is
> possible that there are some weaknesses in the hash function
> that allow us to do this faster than by trying all possible
> R_i.
>
> For strong hash functions, such as SHA, no such weaknesses
> are known, AFAIK, and your method would work just as well.
> However, to be on the safe side, it might be better to use a
> KDF.
For all intents and purposes a hash function such as SHA-1 *is*
a reasonable KDF. The main reason why dedicated KDFs are sometimes
needed is that using a hash function directly does not always provide
long enough output.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOuzRazkCAxeYt5gVAQG90ggA0FnB/BkX7g2JIxAK+AL5zWtkfjtyI8Nl
3c09wZetDlPBrsTQ0LH5GpW79VsMVV0/xG4a60n3wY8xinlWdgTJkYts0VFBGiKH
Zr4SpL4mANCHbW8bSluFNXmGcW9mrLyg7HvDhhrVgAWiFWLvCwmN2eFwLvc2ktMX
OtAdjDPIo8fmXpYspZ4kaDVv1UWcAe/MSOC4TKvXGlzxgn097U5ShnNE+DvRWcrL
pAREF0ukB+1e/1fpLi7nUd6AJ9g531b6hZ7lHtA3todxa3Oi6lCYI2FTbZG1zhNY
ydIpbcBX8IT+0e/YtYaHqNQ21PczwZhkj4zmYRyPYeMu04qVX8BE3Q==
=BdZE
=====END PGP SIGNATURE=====
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: EC encrypt/decrypt
Date: Mon, 30 Apr 2001 13:05:46 -0500
CrapMail Bait wrote:
> I've implemented lots of finite integer crypto from the ground up.
> I'd like to start putting together some EC (aka ECC) algorithms. Over
> F_p and F_{2^n} fields.
>
> 1. How do you map an arbitrary input (eg. digest hash, session key) to
> an elliptical point on a given curve? I hope there's something more
> clever than randomly augmenting the first 8 bits until you find a
> match.
Koblitz described a simple method of counting up until the data hits the
curve. The density of points is uniform, so you can flip any bits you want
in any order to find a way to "randomly" put your data on the curve too.
You need at least 5 spare bits for field sizes in the range of 200 bits or
less.
> 2. What are the legal barriers to using EC crypto? GPL vs. BSD (aka.
> non-profit vs. truly free)? Public vs. Royalties (aka. truly free vs.
> slavery)?
Depends on what you want to use. If you buy Certicom's stuff, you can get
some very nice hardware because it's patented. If you take stuff off the
net, it's free. You only have to not claim you wrote it :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: Jeffrey Williams <[EMAIL PROTECTED]>
Subject: Re: A Question Regarding Backdoors
Date: Mon, 30 Apr 2001 13:10:58 -0500
Tom, it's not often that I agree with Scott, but his claim is logical.
Consider: the NSA has, AFAIK, two basic mandates: to provide the US govt
with secure communications; and to break the communications of other countries
for the benefit of the US govt. Now, if NSA was to develop an encryption
algorithm which was provably secure (and reasonably efficient to use - ie:
NOT OTP), that might NOT be in their best interests! If they had a secure
algorithm, arguably their first mandate would be basically completed forever.
Furthermore, if the opposition got hold of that algorithm and was willing to
use it, the NSA's second mandate could no longer be fulfilled. Bottom line:
NSA would have no raison d'etre. Can you say funding cut?
Clearly, there are holes in that scenario. But it does illustrate the point
quite well. Would NSA recommend any algorithm which could make their jobs
very difficult or make them redundant? If their like any govt agency I've
ever seen, the answer is "NO".
Does that mean they have a backdoor into Rijndael? Probably not. But when a
govt agency which might be charged with breaking an encryption algorithm
recommends an encryption algorithm for general use, common sense dictates
taking the recommendation with a large bag of salt. The conflict of interest
is just too big to ignore.
Jeff
Tom St Denis wrote:
> "SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > aquiranNO$[EMAIL PROTECTED] (Arturo) wrote in
> > <[EMAIL PROTECTED]>:
> >
> > >On Mon, 30 Apr 2001 02:20:21 GMT, [EMAIL PROTECTED] (bob) wrote:
> > >
> > > AES candidates have been scrutinized and are open for everybody to
> > > see,
> > >so I doublt Rijndael could have any backdoor without anybody realizing
> > >it. I certainly don�t think that a backdoor was included in AES
> > >requirements.
> > >
> > >
> >
> > I think if you took a straight ascii message and encrypted with
> > standard Rijndael then the NSA could break it. If they couldn't break
> > it. Then they wouldn't allow the US government to encourage others
> > to use it. The back door in Rijndael is that they know a fast way to
> > reverse it. However certain things can make it harder such as using
> > bijective compresses first as in Matts BICOM
>
> You claim the NSA can do things... that seems very childish to me.
>
> Tom
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Secure Digital Music Initiative cracked?
Date: Mon, 30 Apr 2001 20:08:12 +0200
Tom St Denis wrote:
>
> "M.S. Bob" <[EMAIL PROTECTED]> wrote:
> > The US copyright/criminal law has no bearing on publishing or
> > conferences outside of USA.
>
> Ah but they may limit the *import* of such papers.
It is a blessing that the internet cannot be effectively
controlled, not even absolutely by the totalitarian regimes,
if I don't err. I think it is true and a noteworthy fact
that the internet has in the course of time made some
non-trivial contributions to the relaxation of export
regulations and amelioration of other political control
issues through wide dissemination of informations and
knowledge and rapid exchange and build-up of opinions of
the common people irrespective of country boundaries.
M. K. Shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: A Question Regarding Backdoors
Date: Mon, 30 Apr 2001 18:17:04 GMT
"Jeffrey Williams" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom, it's not often that I agree with Scott, but his claim is logical.
>
> Consider: the NSA has, AFAIK, two basic mandates: to provide the US govt
> with secure communications; and to break the communications of other
countries
> for the benefit of the US govt. Now, if NSA was to develop an encryption
> algorithm which was provably secure (and reasonably efficient to use - ie:
> NOT OTP), that might NOT be in their best interests! If they had a secure
> algorithm, arguably their first mandate would be basically completed
forever.
> Furthermore, if the opposition got hold of that algorithm and was willing
to
> use it, the NSA's second mandate could no longer be fulfilled. Bottom
line:
> NSA would have no raison d'etre. Can you say funding cut?
>
> Clearly, there are holes in that scenario. But it does illustrate the
point
> quite well. Would NSA recommend any algorithm which could make their jobs
> very difficult or make them redundant? If their like any govt agency I've
> ever seen, the answer is "NO".
>
> Does that mean they have a backdoor into Rijndael? Probably not. But
when a
> govt agency which might be charged with breaking an encryption algorithm
> recommends an encryption algorithm for general use, common sense dictates
> taking the recommendation with a large bag of salt. The conflict of
interest
> is just too big to ignore.
You missed my point. I don't denounce the possibility of a backdoor in
Rijndael. I am just saying why is it the NSA that put it there? Maybe the
Belgian govt wants to spy on people?
Not only that but these paranoid lines of thinking are not productive. Sure
be cautious, etc. But paranoid is not good. For example, based on current
analysis the number of rounds should be increased a bit to shave off any
attacks that are better than the current ones. The best attack breaks 7
rounds with tons of work. There are 12 rounds (if I am not mistaken) so
currently Rijndael is secure, but 18 rounds would be much harder to attack.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Secure Digital Music Initiative cracked?
Date: Mon, 30 Apr 2001 18:17:39 GMT
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tom St Denis wrote:
> >
> > "M.S. Bob" <[EMAIL PROTECTED]> wrote:
>
> > > The US copyright/criminal law has no bearing on publishing or
> > > conferences outside of USA.
> >
> > Ah but they may limit the *import* of such papers.
>
> It is a blessing that the internet cannot be effectively
> controlled, not even absolutely by the totalitarian regimes,
> if I don't err. I think it is true and a noteworthy fact
> that the internet has in the course of time made some
> non-trivial contributions to the relaxation of export
> regulations and amelioration of other political control
> issues through wide dissemination of informations and
> knowledge and rapid exchange and build-up of opinions of
> the common people irrespective of country boundaries.
It's funny you think that. Try going to www.2600.com and find a copy of the
decss binary.
Tom
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.arch.arithmetic
Subject: Re: GF(2^m)
Date: Mon, 30 Apr 2001 13:13:47 -0500
Tom St Denis wrote:
> > If you use a normal basis, squaring is a 1-bit shift.
> > From here on I'll assume you use a polynomial basis.
>
> Sorry I don't get the diff. What I normally use is where something like x^2
> + 1 would be 101_2.
That's polynomial basis, which is what Peter is describing.
> When I flipped thru Mike's ECC book I saw "ONB" too I assume that's
> "Optimal" Normal Basis?
No, you can have a normal basis in any field size. "Optimal" comes from having
the least number of terms to combine to form a multiply. ONB is a subset of NB.
Patience, persistence, truth,
Dr. mike
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: A keen symmetric cipher idea
Date: Mon, 30 Apr 2001 14:21:54 -0300
Look at your previous post to know what decency means.
Tom St Denis wrote:
>
> "newbie" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Who is stupid?
>
> Very intelligent post. Is decency a foreign concept to ya?
>
> Tom
>
> >
> > Tom St Denis wrote:
> > >
> > > "David Wagner" <[EMAIL PROTECTED]> wrote in message
> > > news:9cj24j$m4f$[EMAIL PROTECTED]...
> > > > Tom St Denis wrote:
> > > > >1. Both users pick two large primes p and q, then form N = pq
> > > > >2. To encode a message you take 0 < M < N and do, c1 = M mod p, c2 =
> > > > >M mod q
> > > >
> > > > This is utterly silly.
> > > >
> > > > p divides M - c1, so if you have two known plaintexts (M,(c1,c2)),
> > > > (M',(c1',c2')), then you can recover p as gcd(M - c1, M' - c1').
> > > >
> > > > You might want to study a bit more number theory before proposing any
> > > > more such ciphers.
> > >
> > > I agree. However my Koblitz book has not arrived and my "Dover Series"
> > > number theory books don't cover much of this type of math.
> > >
> > > I was just trying to spur discussion I wasn't trying to replace AES or
> > > something ... geez.
> > >
> > > Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: A keen symmetric cipher idea
Date: Mon, 30 Apr 2001 18:28:29 GMT
"newbie" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Look at your previous post to know what decency means.
Let's not start a flame war shall we. Keep civil.
Tom
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Message mapping in EC.
Date: Mon, 30 Apr 2001 13:24:58 -0500
Cristiano wrote:
>
> I have translated an algorithm for blind signature in DL to works in EC. The
> problem is to map any message in a point of the elliptic curve. Is there any
> way?
Yes, lots of ways. The simplest is to pick a few spare bits (say the most significant
5 in your bit field) and to count up from 0 until the data concatenated with the count
bits hits the curve. Then randomly pick which root you like.
> Is there some precaution to take for be sure that the algorithm in EC
> doesn't have some weakness?
You want to make sure the point has at least the largest prime factor order. If it
only has the order of the cofactor, it's a problem.
A good curve (for crypto) will have order r*p where r is a small cofactor and
p is a large prime. You can check if your embedded data is a bad point by computing
r*D over the curve. If that gets you to the point at infinity, you have a problem.
The likely hood of that is exceptionally small, but you can still check for it and
bail out if necessary. (Changing the data by 1 bit should fix it, but that may
affect amount of spare bits you have or the raw data itself).
Patience, persistence, truth,
Dr. mike
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.arch.arithmetic
Subject: Re: GF(2^m)
Date: Mon, 30 Apr 2001 18:30:32 GMT
"Mike Rosing" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> > > If you use a normal basis, squaring is a 1-bit shift.
> > > From here on I'll assume you use a polynomial basis.
> >
> > Sorry I don't get the diff. What I normally use is where something like
x^2
> > + 1 would be 101_2.
>
> That's polynomial basis, which is what Peter is describing.
Cool, that's what I thought. In polynomial basis a mult is a bunch of
shifts and conditional xors isn't it?
> > When I flipped thru Mike's ECC book I saw "ONB" too I assume that's
> > "Optimal" Normal Basis?
>
> No, you can have a normal basis in any field size. "Optimal" comes from
having
> the least number of terms to combine to form a multiply. ONB is a subset
of NB.
Lost me there... maybe I should re-read chapter 3 and 4. ...
Tom
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: 30 Apr 2001 11:32:06 -0700
[EMAIL PROTECTED] (Leonard R. Budney) writes:
> True enough; I'm speaking English, not legalese. The premise behind
> copyright law is that people are entitled to profit from their
> *creativity*, where creativity is defined to be "a specific work
> having some original content".
What makes you say that? All the US Constitution says is that "the
Congress shall have the power ... To promote the progress of science
and useful arts, by securing for limited times to authors and
inventors the exclusive right to their respective writings and
discoveries" (Article I section 8). It doesn't say anything about
people being entitled to profit from their creativity.
You're assuming a motivation behind copyright without providing evidence
to justify the assumption. So your argument is weak because your starting
premise is weak.
Do you have some historical evidence to support your premise?
> > ...the efficacy of competition, copyright is an anomaly as it grants
> > monopoly rights.
>
> You are mighty dismissive of some deep and interesting philosophical
> issues. The fundamental issues are indeed interesting, AND deep. But
> you even dismiss the most basic issues: If you make a suggestion to
> your boss, and he passes it up the chain with his name on it, winning
> promotions and accolades, then HE DONE YOU WRONG. Why, you ask? After
> all, aren't ideas free? Doesn't knowledge belong to everyone? Do you
> really "own" your suggestion?
If the issues are so deep, then why are you acting like they're so simple?
In fact the tension between copyright and free competition is well
understood by people who actually study these things. See for example
the 1950's US Senate study "The Economics of the Patent System" whose
first paragraph says something like that. Or the huge debate in the 18th
century about whether copyright should exist at all.
> There are difficult questions out there, but you keep denying
> a fundamental principle. Ideas and creativity are not community
> property. Protecting "ideas" is truly impossible, but protecting its
> artifacts has served pretty well. Epsilon-cost duplication calls the
> adequacy of those protections into question in several ways. But the
> need for it cannot be denied.
Oh yeah? ;-)
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: RSA BRUTE FORCE
Date: Mon, 30 Apr 2001 18:38:35 GMT
On 30 Apr 2001 17:57:00 GMT, [EMAIL PROTECTED] (Erictim) wrote, in part:
>this would result in probably not more than 40000 test cases and
>i have heard that computers are fast when doing multiplication.
That's true enough that computers multiply quickly.
So if you're working with numbers that give rise to 40,000 test cases,
no problem.
But the number of test cases goes up directly with the size of the
number being worked on for a simple "brute-force" algorithm.
If you use numbers that are hundreds of digits long, there will be too
many test cases.
Supposing a fast computer can do a million test cases in a millionth
of a second. And you have a million of those computers working on the
problem!
Then 1,000,000,000,000,000,000 test cases take a second.
1,000,000,000,000,000,000,000,000 test cases take 12 days.
1,000,000,000,000,000,000,000,000,000,000 test cases take 30,000
years.
So it is possible by using bigger numbers (and the time taken to work
with those numbers *for encrypting* only goes up with their length,
not their size) to make cracking the code by any simple method
impossible, and that's the kind of long numbers that are used.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: informations about cryptography books
Date: Mon, 30 Apr 2001 19:42:03 +0100
Mauro wrote:
>
> I find informations about two books:
> "Cypher Systems" - Beker F. Piper
> "Algebraic Aspects of Cryptography" - N. Koblitz
What information are you looking for?
Cipher Systems: The Protection of Communications
by Henry J Beker & Fred C Piper
published by John Wiley & Sons, in 1982 (NY)
published by Northwood Books, London, 1982
This book is not in print as far as I know
@book{ beker82cipher,
author = "H. Beker and F. Piper",
title = "Cipher Systems: The Protection of Communications",
publisher = "Northwood",
address = "London",
year = "1982"
}
Algebraic Aspects of Cryptography (Algorithms
and Computation in Mathematics, Vol 3)
by Neal I. Koblitz
1998
Springer Verlag; ISBN: 3540634460
@book{ koblitz98algebraic,
author = "Neal Koblitz",
title = "Algebraic Aspects of Cryptography",
publisher = "Springer-Verlag",
address = "Berlin Heidelberg",
isbn = "3-540-63446-0",
year = "1998"
}
This book is in print, and available from several online book sellers.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Secure Digital Music Initiative cracked?
Date: Mon, 30 Apr 2001 20:50:45 +0200
Tom St Denis wrote:
>
> "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote:
> >
> > Tom St Denis wrote:
> > >
> > > "M.S. Bob" <[EMAIL PROTECTED]> wrote:
> >
> > > > The US copyright/criminal law has no bearing on publishing or
> > > > conferences outside of USA.
> > >
> > > Ah but they may limit the *import* of such papers.
> >
> > It is a blessing that the internet cannot be effectively
> > controlled, not even absolutely by the totalitarian regimes,
> > if I don't err. I think it is true and a noteworthy fact
> > that the internet has in the course of time made some
> > non-trivial contributions to the relaxation of export
> > regulations and amelioration of other political control
> > issues through wide dissemination of informations and
> > knowledge and rapid exchange and build-up of opinions of
> > the common people irrespective of country boundaries.
>
> It's funny you think that. Try going to www.2600.com and find a copy of the
> decss binary.
I have no need of that software and hence have never tried
to access that and thus ignorant of its current state. But
even if no copy were accessible today in the world,
certainly thousands or much much more of copies have been
obtained worldwide. Isn't that already something?? There
are so many countries in the world with different laws
so that nothing can be effectively forbidden everywhere. If
decss is indeed eradicated entirely from the net today, it
is the result of its bad luck of not having been esteemed
and supported by someone who could have continued to make
it available on his site. Anyway, the chance of resurgence
of it exists and is real. And that by itself is significant.
Have I explained my notion of 'effective uncontrolability'
clear enough?
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
