Cryptography-Digest Digest #276, Volume #14 Tue, 1 May 01 00:13:01 EDT
Contents:
Re: 1024bit RSA keys. how safe are they? (Rob Warnock)
Re: A Question Regarding Backdoors (SCOTT19U.ZIP_GUY)
Elementary Question on rsa (Kris Reyes)
Re: A Question Regarding Backdoors (SCOTT19U.ZIP_GUY)
Re: A Question Regarding Backdoors (SCOTT19U.ZIP_GUY)
Re: A Question Regarding Backdoors ("Tom St Denis")
Re: Elementary Question on rsa ("Tom St Denis")
Re: A Question Regarding Backdoors ("Tom St Denis")
Re: Elementary Question on rsa ("Scott Fluhrer")
Re: Censorship Threat at Information Hiding Workshop (Paul Rubin)
RIP Act and OTP ("AY")
Re: RIP Act and OTP ("Tom St Denis")
Re: Censorship Threat at Information Hiding Workshop (Leonard R. Budney)
Re: A Question Regarding Backdoors (Leonard R. Budney)
Re: bogus speed claims (just wondering) (Roger Fleming)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Rob Warnock)
Subject: Re: 1024bit RSA keys. how safe are they?
Date: 1 May 2001 02:10:33 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
+---------------
| Hmm? PC's (x86's that is) can't address the required memory.
| You would have to build a custom 64-bit machine with a lot of memory
| and tons of processing time...
+---------------
Actually, "custom" is not necessary. Such things are COTS[*] these days.
E.g., my employer's larger systems are available with 512 64-bit CPUs
all sharing a terabyte of main memory (fully cache-coherent!). See:
<URL:http://www.sgi.com/origin/3000/3800.html>
And as far as disk, the Irix XFS filesystem supports petabyte-sized
filesystems. Of course, with "only" 8 TB per 19-inch rack, you need
a rather large room to put that petabyte in... ;-}
<URL:http://www.sgi.com/products/storage/9400.html>
-Rob
[*] COTS = Commercial Off-The-Shelf, i.e., standard products.
=====
Rob Warnock, 31-2-510 [EMAIL PROTECTED]
SGI Network Engineering <URL:http://reality.sgi.com/rpw3/>
1600 Amphitheatre Pkwy. Phone: 650-933-1673
Mountain View, CA 94043 PP-ASEL-IA
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: A Question Regarding Backdoors
Date: 1 May 2001 02:08:38 GMT
[EMAIL PROTECTED] (David Wagner) wrote in
<9ckno1$3g$[EMAIL PROTECTED]>:
>You suggest that the NSA may have influence NIST to choose Rijndael
>because it was the weakest cipher around, or because it had a backdoor
>for the NSA. This suggestion just doesn't hold water, in my opinion.
>How do propose to reconcile your theory with the fact that polls among
>the open research community showed Rijndael preferred most among all
>contenders, substantially ahead of all its competition?
The so called open research community could very well be controled
directly or indirectly what directions the reseach goes. How
can you explain that over the years they have refused bijective
padding to get message the correct length for certain modes.
Even the authors of Rijndael lack much knowlede. When I wrote
them about Matts use of full size Rijndeal where he combines
bijective compression with the encryption only one wrote back to
say such a thing not possible, They seem to lack the brains to
understand one can create a completely bijective encryption with
Rijndael that mapps the entire 8-bit binary files back to binary
files in a 1-1 way. They can't think that any file could equally
be a compressed encrypted file or the reverse. The so called
open reasearch community is a joke that is extremly ignorant and
closed to new ideas that others present. But I think that is so
the NSA can stay ahead of the game and read the messages ones
sends to each other.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Kris Reyes <[EMAIL PROTECTED]>
Subject: Elementary Question on rsa
Date: Mon, 30 Apr 2001 21:21:07 -0600
Hello, I'm just a freshman at college, I apologize for such an elementary
question.
But in the rsa algorithm, where z = (p-1)(q-1), and you pick a number d
which is relatively prime to z, what exactly does relatively prime to z
mean??
Thanks for any help you can give me.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: A Question Regarding Backdoors
Date: 1 May 2001 02:11:31 GMT
[EMAIL PROTECTED] (Roger Schlafly) wrote in
<o%kH6.86$[EMAIL PROTECTED]>:
>"David Wagner" <[EMAIL PROTECTED]> wrote in message
>news:9ckno1$3g$[EMAIL PROTECTED]...
>> You suggest that the NSA may have influence NIST to choose Rijndael
>> because it was the weakest cipher around, or because it had a backdoor
>> for the NSA. This suggestion just doesn't hold water, in my opinion.
>> How do propose to reconcile your theory with the fact that polls among
>> the open research community showed Rijndael preferred most among all
>> contenders, substantially ahead of all its competition?
>
>Rijndael also doesn't have any magic constants or mysterious S-boxes,
>so it is hard to see how anyone could put a backdoor in. For a long time,
>the DES doubters argued that its S-boxes could have some prearranged
>and nonobvious weakness. Some ciphers try to avoid this criticism by
>getting their constants from digits of pi or something like that. But
>Rijndael
>doesn't even have the constants.
>
Even though PI is a transcendetal nubmer it is not considered very
complex in the K theory of such things since it can be created by
a conceptually short program.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: A Question Regarding Backdoors
Date: 1 May 2001 02:16:17 GMT
[EMAIL PROTECTED] (Leonard R. Budney) wrote in
<[EMAIL PROTECTED]>:
>[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
>> Actaully you lack imagination. Its easier for the NSA to look
>> innocent. When a easy public break makes it in a few years the NSA
>> can say we knew it was weak. Thats why its not used for classifed US
>> messages and that they had nothing to do with the design.
>
>Wrong. If AES falls prey to some *sophisticated* public break, then
>they will claim that they knew about that attack but were forbidden for
>security reasons to divulge anything about it.
>
>But since they acted in an advisory capacity, if some "easy public break"
>comes along in the near future, the NSA would look very bad. They either
>(1) didn't know something which they well should have, or (2) tolerated
>not only a weakness, but a stupid weakness, without even saying, "Maybe
>you should swap the S-boxes and do some extra rounds."
What is the problem. How do they look bad. If they appear weak
becasue they can clain they didn't know about it. Then that is
what they want. Part of there success is being underestimated.
And yes I am sure they can break it in is vanilla form but in
something like BICOM that may beyond there current capability.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: A Question Regarding Backdoors
Date: Tue, 01 May 2001 02:36:43 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (David Wagner) wrote in
> <9ckno1$3g$[EMAIL PROTECTED]>:
>
> >You suggest that the NSA may have influence NIST to choose Rijndael
> >because it was the weakest cipher around, or because it had a backdoor
> >for the NSA. This suggestion just doesn't hold water, in my opinion.
> >How do propose to reconcile your theory with the fact that polls among
> >the open research community showed Rijndael preferred most among all
> >contenders, substantially ahead of all its competition?
>
> The so called open research community could very well be controled
> directly or indirectly what directions the reseach goes. How
> can you explain that over the years they have refused bijective
> padding to get message the correct length for certain modes.
> Even the authors of Rijndael lack much knowlede. When I wrote
> them about Matts use of full size Rijndeal where he combines
> bijective compression with the encryption only one wrote back to
> say such a thing not possible, They seem to lack the brains to
> understand one can create a completely bijective encryption with
> Rijndael that mapps the entire 8-bit binary files back to binary
> files in a 1-1 way. They can't think that any file could equally
> be a compressed encrypted file or the reverse. The so called
> open reasearch community is a joke that is extremly ignorant and
> closed to new ideas that others present. But I think that is so
> the NSA can stay ahead of the game and read the messages ones
> sends to each other.
On one hand you say "they are a bunch of lamers and controlled jerks" and on
the other "why oh why won't they listen to me".
Personally I think you should think twice before speaking once.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Elementary Question on rsa
Date: Tue, 01 May 2001 02:37:38 GMT
"Kris Reyes" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hello, I'm just a freshman at college, I apologize for such an elementary
> question.
>
> But in the rsa algorithm, where z = (p-1)(q-1), and you pick a number d
> which is relatively prime to z, what exactly does relatively prime to z
> mean??
Means gcd(d, z) = 1, or they share no common prime factors.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: A Question Regarding Backdoors
Date: Tue, 01 May 2001 02:38:27 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Leonard R. Budney) wrote in
> <[EMAIL PROTECTED]>:
>
> >[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> >> Actaully you lack imagination. Its easier for the NSA to look
> >> innocent. When a easy public break makes it in a few years the NSA
> >> can say we knew it was weak. Thats why its not used for classifed US
> >> messages and that they had nothing to do with the design.
> >
> >Wrong. If AES falls prey to some *sophisticated* public break, then
> >they will claim that they knew about that attack but were forbidden for
> >security reasons to divulge anything about it.
> >
> >But since they acted in an advisory capacity, if some "easy public break"
> >comes along in the near future, the NSA would look very bad. They either
> >(1) didn't know something which they well should have, or (2) tolerated
> >not only a weakness, but a stupid weakness, without even saying, "Maybe
> >you should swap the S-boxes and do some extra rounds."
>
> What is the problem. How do they look bad. If they appear weak
> becasue they can clain they didn't know about it. Then that is
> what they want. Part of there success is being underestimated.
> And yes I am sure they can break it in is vanilla form but in
> something like BICOM that may beyond there current capability.
Why should we think that BICOM hasn't been compromised by the NSA? For all
we know you could be a spook too!
Tom
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Elementary Question on rsa
Date: Mon, 30 Apr 2001 19:27:10 -0700
Kris Reyes <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hello, I'm just a freshman at college, I apologize for such an elementary
> question.
>
> But in the rsa algorithm, where z = (p-1)(q-1), and you pick a number d
> which is relatively prime to z, what exactly does relatively prime to z
> mean??
It means that there is no integer k>1 that evenly divides both z and d.
For example, 14 and 91 are not relatively prime, because 7 divides both of
them.
However, 15 and 91 are.
--
poncho
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: 30 Apr 2001 19:50:36 -0700
> > [EMAIL PROTECTED] (Leonard R. Budney) writes:
> >> The premise behind copyright law is that people are entitled to
> >> profit from their *creativity*, where creativity is defined to be
> >> "a specific work having some original content".
> >
> > You're assuming a motivation behind copyright without providing evidence
> > to justify the assumption. So your argument is weak because your starting
> > premise is weak.
>
> The above is an assertion, not an argument. If the assertion is not
> axiomatic for you, then we have bigger problems to work out, commie!
The assertion is indeed not axiomatic to me. It's a claim about
someone else's historical intentions, unsupported by evidence. So
yes, we have bigger problems to work out. That's why I asked you to
address the bigger problem, namely supporting your assertion. As it
stands, it's just your opinion.
My own view is what the Constitution says: copyright is an economic
stimulus granted to encourage authorship, invention, etc. that's given
in the public interest, and its exact parameters (duration, what it
takes to get one, what the exceptions are, etc.) are issues of
choosing the best public policy for society at large. We grant tax
credits to people who install solar heating for similar reasons--
conserving energy is seen to be in the public good. High-faluting
morality doesn't come into the picture.
> You, I, and everyone else will take to yak-herding if we can't be paid
> to use our brains.
What does that have to do with copyright? Lots of people are paid to
use their brains without having to copyright anything. Heck, some of us
are even paid to write free software. I've made a living doing that.
> Intellectual products, while intangible, are real
> and deserve recognition as such. Do you really dispute that?
Recognition and copyright are two different things. There's nothing
implausible about a copying regime where anyone can copy anything as
long as they credit the original author.
------------------------------
From: "AY" <[EMAIL PROTECTED]>
Subject: RIP Act and OTP
Date: Tue, 1 May 2001 03:58:09 +0100
I thought someone must have thought of this before but I can find no such
information on deja (or whatever it's now).
Basically it's this: the RIP Act (in the UK) gives the authorities the power
to demand the from the owner the key (or passphrase) to encrypted data, so
why can't one just claim that the data was encrypted with an OTP and supply
a decryption key that when XOR'ed with the ciphertext, produces any
arbitrary data? Is there any flaw to this argument?
And surely such a feature could be incorporated into encryption utilities
such as PGP, which sounds like a good school project!
Links to the RIP Act:
http://www.homeoffice.gov.uk/ripa/ripact.htm
http://www.fipr.org/rip
AY
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: RIP Act and OTP
Date: Tue, 01 May 2001 02:57:15 GMT
"AY" <[EMAIL PROTECTED]> wrote in message
news:9cl8cg$3bh$[EMAIL PROTECTED]...
> I thought someone must have thought of this before but I can find no such
> information on deja (or whatever it's now).
>
> Basically it's this: the RIP Act (in the UK) gives the authorities the
power
> to demand the from the owner the key (or passphrase) to encrypted data, so
> why can't one just claim that the data was encrypted with an OTP and
supply
> a decryption key that when XOR'ed with the ciphertext, produces any
> arbitrary data? Is there any flaw to this argument?
>
> And surely such a feature could be incorporated into encryption utilities
> such as PGP, which sounds like a good school project!
Not really. The purpose of PGP is to solve the OTP main problem "Key
Distribution".
Also it would seem hard to make a PRNG that outputs the desired pads as
required.
Tom
------------------------------
Subject: Re: Censorship Threat at Information Hiding Workshop
From: [EMAIL PROTECTED] (Leonard R. Budney)
Date: 30 Apr 2001 23:47:00 -0400
Paul Rubin <[EMAIL PROTECTED]> writes:
>> The above is an assertion, not an argument. If the assertion is not
>> axiomatic for you, then we have bigger problems to work out, commie!
>
> The assertion is indeed not axiomatic to me.
The claim that "people are entitled to profit from their creativity"
*should* be axiomatic with you.
> It's a claim about someone else's historical intentions, unsupported
> by evidence.
Then ask nicely. In a separate post, I offered some hints concerning
the origins of copyright in English law. Feel free to follow those up.
> My own view is what the Constitution says...
Note that the Constitution should be interpreted against the backdrop of
English law, as well as the writings of the founders. I've given some
pointers into English law. There were proponents of both positions:
mine and yours. The Stationers Company lost its lawsuit contesting
the statute of Anne, but they won as a point of law the recognition of
authors' intellectual property rights. This point of law was relatively
fresh when the constitution was framed.
There is also the (legendary?) Irish King, who pronounced judgment in a
matter of copyright by announcing, "To every cow her own calf."
The Constitutional framers advanced your argument, not mine. But that
wasn't the first, and isn't the last nor the only word in copyright
law--unless the rest of the world has recently been cut off from Usenet.
But I suppose if you want to get truly historical about it, we're both
wrong. The real reason for copyright protection is to prevent protestants
from publishing books.
> ...copyright is an economic stimulus granted to encourage authorship...
That was certainly Jefferson's view. Indeed, he appeared to consider
it equally viable to do away with patents and copyrights entirely,
though he did in fact advocate both patents and copyrights. He does a
good job of arguing the existence of a public domain, and that permanent
patents are inherently wrong. On both counts he is right.
>> Intellectual products, while intangible, are real and deserve
>> recognition as such. Do you really dispute that?
>
> Recognition and copyright are two different things.
Sorry if I'm using big words! I'm not talking about fame here. I said
that "intellectual products, while intangible, are real [products,]
and deserve recognition as [real products]". I.e., people should view
the creation of a book in a similar light to the creation of a new
Chevy.
> There's nothing implausible about a copying regime where anyone can
> copy anything as long as they credit the original author.
Sure! A good author could paint a very believable picture of a utopia in
which appropriate incentives existed *without* the concept of copyright.
They could also paint a world in which Leninism works, and produces a
world of peace and plenty.
On *this* planet, *today*, what incentives exist for, say, authors of
books, without the protection of copyright?
Len.
--
Frugal Tip #28:
Designate one day each week as "Nude Day" to cut down on your laundry
expenses.
------------------------------
Subject: Re: A Question Regarding Backdoors
From: [EMAIL PROTECTED] (Leonard R. Budney)
Date: 30 Apr 2001 23:50:34 -0400
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> [EMAIL PROTECTED] (Leonard R. Budney) wrote in
> <[EMAIL PROTECTED]>:
>
>> But since they acted in an advisory capacity, if some "easy public
>> break" comes along in the near future, the NSA would look very bad.
>
> What is the problem. How do they look bad. If they appear weak
> becasue they can clain they didn't know about it. Then that is
> what they want. Part of there success is being underestimated.
Oh, that's right. I haven't read this group in a year or three; I'd
forgotten that you were the resident troll/snake-oil salesman. Sorry
for feeding you.
> And yes I am sure they can break it in is vanilla form but in
> something like BICOM that may beyond there current capability.
BICOM? Sounds suspiciously like CHICOM. I'm guessing you're a Chinese
spy, sent out to hurry along the "dumbing down of America".
Len.
--
Why do we say something is out of whack? What's a whack?
------------------------------
From: [EMAIL PROTECTED] (Roger Fleming)
Subject: Re: bogus speed claims (just wondering)
Date: Tue, 01 May 2001 02:42:42 GMT
"Tom St Denis" <[EMAIL PROTECTED]> wrote:
[...]
>Again bashing CS-Cipher it's possible to implement the 8x8 sbox as a 3-round
>feistel using two 4x4 sboxes. in that case I could see about 500 bytes but
>that wouldn't be anywhere approaching 20kbit/sec then.
>
>Or look at Twofish, you could do the sboxes (two 8x8's) as the repeated sub,
>but that would be way to slow. So you would need to store em as two 8x8's
>requiring 512 bytes, plus the round function requires at least 16 bytes for[...]
In estimates of minimal code size, it's quite normal to omit the size of fixed
tables, on the assumption they'll be stored in ROM if you need a very small
memory footprint. Omitting the size of non-fixed tables is less easy to
justify (they might be generated and stored in EEPROM, but that's usually a
lot slower than RAM), but also a pretty common practice.
If you see someone claiming a code size of 500 B when he needs a 256 B table,
that probably means the table is in ROM or EEPROM, and what he means is "I can
make this algorithm run on a microcontroller with 512 B of RAM".
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
