Cryptography-Digest Digest #278, Volume #14 Tue, 1 May 01 13:13:00 EDT
Contents:
Style of discussions (Mok-Kong Shen)
Re: RIP Act and OTP ("Tony T. Warnock")
Re: Intacta.Code ... (newbie)
Re: Intacta.Code ... (newbie)
Re: Best, Strongest Algorithm (wtshaw)
Re: Censorship Threat at Information Hiding Workshop ([EMAIL PROTECTED])
Rijndael Galois Field construction problem. ("Yaniv Sapir")
Re: SHA PRNG (Tim Tyler)
Re: GCHQ Reorganization ? (Tim Tyler)
Re: A keen symmetric cipher idea (Mark Wooding)
Re: Rijndael Galois Field construction problem. ("Brian Gladman")
Re: Censorship Threat at Information Hiding Workshop (David Wagner)
Re: Rijndael Galois Field construction problem. (Mark Wooding)
Re: Style of discussions (Bryan Olson)
Re: SHA PRNG (Bryan Olson)
Re: Censorship Threat at Information Hiding Workshop (Darren New)
Re: GCHQ Reorganization ? [Spoiler] (Jim Gillogly)
Re: Censorship Threat at Information Hiding Workshop (Leonard R. Budney)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Style of discussions
Date: Tue, 01 May 2001 14:24:29 +0200
Time and again I read articles that contain, in my opinion,
more or less heavy personal attacks of some writers on the
others. I surmise that the underlying purpose of these is
not to express any private hostility but to give certain
emphasis to other sentences of the articles that form
the proper scientific topics being discussed. If that is
indeed the case, I wonder whether it wouldn't be feasible to
find some non-personal expressions in the language to convey
same/equivalent emphasis without causing negative psychological
effects on the part of the persons addressed. Though being a
foreigner with yet rather humble language competency, I am
quite sure that English is rich/universal enough to enable
such reformulations without much difficulty in all concievable
situations of scientific debates. Wouldn't it be a nice thing
that we all try a bit to keep the atmosphere of the group as
agreeable as possible (not only for ourselves but also for
persons who occasionally visit our group)?
M. K. Shen
==============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: RIP Act and OTP
Date: Tue, 01 May 2001 07:46:12 -0600
Reply-To: [EMAIL PROTECTED]
I suppose one could take two plaintexts P1 (the bookie accounts?) and P2
(mildly erotic poetry) and a key K and produce the cypher text
C=P1.xor.P2.xor.K. Then if confronted by the police give them P1.xor.K
as the OTP and if confronted by the rector give them P2.xor.K.
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: Intacta.Code ...
Date: Tue, 01 May 2001 10:39:51 -0300
Are you beautiful lass?
John Luebs wrote:
>
> In article <[EMAIL PROTECTED]>, "newbie"
> <[EMAIL PROTECTED]> wrote:
>
> > That is polite answer.
> > Thank you.
> > Tom St Denis wrote:
> >> "newbie" <[EMAIL PROTECTED]> wrote in message
> >> news:[EMAIL PROTECTED]...
> >> > A big problem with you is that you have to scan your brain before too
> >> > late.
> >> ok.
> >>
> >> >
> >> > Tom St Denis wrote:
> >> > >
> >> > > "newbie" <[EMAIL PROTECTED]> wrote in message
> >> > > news:[EMAIL PROTECTED]...
> >> > > > http://www.intacta.com/
> >> > > >
> >> > > > You may find out what you are asking for
> >> > >
> >> > > Sadly this is nothing more then Reed-Solomon codes and a B&W
> >> > > bitmap.
> >> > >
> >> > > A big problem with the intacta system is that you must scan and
> >> > > print at
> >> the
> >> > > same resolution or it won't work.
> >> > >
> >> > > Tom
>
> If Tom is lucky, newbie is a lass, and they will make a great married
> couple.
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: Intacta.Code ...
Date: Tue, 01 May 2001 10:40:26 -0300
Or uggly lass?
John Luebs wrote:
>
> In article <[EMAIL PROTECTED]>, "newbie"
> <[EMAIL PROTECTED]> wrote:
>
> > That is polite answer.
> > Thank you.
> > Tom St Denis wrote:
> >> "newbie" <[EMAIL PROTECTED]> wrote in message
> >> news:[EMAIL PROTECTED]...
> >> > A big problem with you is that you have to scan your brain before too
> >> > late.
> >> ok.
> >>
> >> >
> >> > Tom St Denis wrote:
> >> > >
> >> > > "newbie" <[EMAIL PROTECTED]> wrote in message
> >> > > news:[EMAIL PROTECTED]...
> >> > > > http://www.intacta.com/
> >> > > >
> >> > > > You may find out what you are asking for
> >> > >
> >> > > Sadly this is nothing more then Reed-Solomon codes and a B&W
> >> > > bitmap.
> >> > >
> >> > > A big problem with the intacta system is that you must scan and
> >> > > print at
> >> the
> >> > > same resolution or it won't work.
> >> > >
> >> > > Tom
>
> If Tom is lucky, newbie is a lass, and they will make a great married
> couple.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Best, Strongest Algorithm
Date: Tue, 01 May 2001 08:21:30 -0600
In article <0XvH6.105447$[EMAIL PROTECTED]>, "Tom St
Denis" <[EMAIL PROTECTED]> wrote:
> "wtshaw" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > In article <FikH6.101725$[EMAIL PROTECTED]>, "Tom St
> > Denis" <[EMAIL PROTECTED]> wrote:
> > >
> > > Flaw 1: The description is clear and concise.
> > > Flaw 2: It can be implemented with a small code footprint
> > > Flaw 3: It can only use short 256-bit keys.
> > >
> > > Not too hard to tabulate the flaws.
> > >
> > > Tom
> >
> > These are not flaws as long as longer keys are allowed. An ideal generic
> > cipher has no upper limit on key size.
>
> Um, dude I was kidding, I was trying to bring light to someone elses
> attitude here...
>
> Tom
OK, Tom. And, I'm no dude, rather a cow puncher from childhood.
Irony is rather....well, can be rather cryptic in text snippets.
--
How many good wells were shut in by the VP's company so that oil
prices would raise? It's obvious who did what and why.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: 1 May 2001 15:04:59 GMT
Leonard R. Budney <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (David Wagner) writes:
>> Leonard R. Budney wrote:
>>> The claim that "people are entitled to profit from their creativity"
>>> *should* be axiomatic with you.
>>
>> Nonsense. This is "proof by assertion", and it's hardly a very
>> persuasive line of argument.
> No. It's assertion by assertion, idiot. Furthermore, it's an assertion
> of an *axiom*. One does not prove axioms, idiot. Better stay at Berkeley
> a while longer.
Very true, but most people try to make their axioms relate to the real
world in some way. I *could* start with the axiom that massive bodies
repel rather than attract (as in gravity) to see what I could prove
from that, but other than an interesting mental exercise it would be
pretty useless. Same with your axiom -- just because you lay that
down as your starting point, don't expect others to follow along with
your little games....
--
Steve Tate --- srt[At]cs.unt.edu | Gratuitously stolen quote:
Dept. of Computer Sciences | "The box said 'Requires Windows 95, NT,
University of North Texas | or better,' so I installed Linux."
Denton, TX 76201 |
------------------------------
From: "Yaniv Sapir" <[EMAIL PROTECTED]>
Subject: Rijndael Galois Field construction problem.
Date: Tue, 1 May 2001 18:15:41 +0200
Hi all.
In the Rijndael algorithm, there is an extensive use of Finite Field (GF)
arithmetic. The primitive polynomial chosen is 0x11B = 283, and the field is
GF(256). Trying to construct this field I faced a problem when, instead of
255 distinct elements (1-255) I get 51 elements repeating five times (the
51'st element is 1 - while it should be element 255 - so the series repeats
itself).
The method for constructing the field I use is:
Alpha^i = (2^i) mod (11B)
where Alpha is the primitive element and i is the element power and so the
element position in the field. The calculation, of course, is done using the
binary representation of the numbers, which is analogous to the polynomial
representation with coeffs from GF(2).
This same method makes no problems when constructing GF(256) with the '11D'
polynomial (used for ADSL modems) and also for other polynomials, even of
smaller degree.
So, is there any problem with 11B? I checked and confirmed that this is an
irreducible one. Or maybe there is a limitation on this (systematic)
construction method, which makes it good for some polynomials but not for
others?
TIA,
Yaniv.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Reply-To: [EMAIL PROTECTED]
Date: Tue, 1 May 2001 15:10:08 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> :> [...] State compromise inevitably reveals future output - but
:> :> need not reveal past output.
:>
:> :> Hashing the internal state and feeding it back is one way to
:> :> prevent state compromises giving information about earlier
:> :> states of the PRNG.
:>
:> : You mean
:>
:> : output = Hi = HASH(R || H_i-1 || C)
:>
:> : Where R is the initial random seed, C a binary counter and H_0 is
:> : HASH(R) ?
:>
:> That's an example of hashed feedback yes. I don't think I'd hash R
:> each time - that seems largely a waste of time - just feed it in at
:> H_0.
: I would. Knowledge of H_i and C is enough to reconstruct the outputs
: otherwise!
Yes - a serious problem :-(
I'm still thinking of trying to avoid feeding that volume of data into the
hash, though. Perhaps some of those components could be usefully XOR'd
together - rather than concatenated...
Anyway, that was the sort of thing I meant to refer to by
"hashing the internal state and feeding it back".
--
__________
|im |yler Try my latest game - it rockz - http://rockz.co.uk/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: GCHQ Reorganization ?
Reply-To: [EMAIL PROTECTED]
Date: Tue, 1 May 2001 15:15:18 GMT
F-104G Data Fighter <[EMAIL PROTECTED]> wrote:
: On my long-distance receiver I just intercepted the following
: information:
: GCHQ will be reorganized [...]
GCHQ are indeed taking a nap:
See http://www.gchq.gov.uk/nap/ for more details.
--
__________
|im |yler Try my latest game - it rockz - http://rockz.co.uk/
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: A keen symmetric cipher idea
Date: 1 May 2001 16:11:17 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> First off who died and made you king of the castle?
Nobody. I abdicated a while ago. ;-)
> Second, my book hasn't arrived yet so in the meantime should I just go into
> a coma? Sure I will go to my local library where pull out books are the
> norm and read about advanced math... sure....
How about thinking about things in areas you know about? You're more
likely to find something good.
> Third, this is a perfect example of intelligent discussion being
> shuned on SCI as in Science, CRYPT as in cryptology.
No, it's not. It's an example of ill-informed speculation being treated
sa it deserves followed by badly-mannered ranting by the original
poster. We see it all the time.
> Sure the original design sucked but why couldn't you just suggest some
> way of making it better or just say "this is easily breakable". Do
> you attack your students as being stupid at Berkeley when they make
> silly mistakes? I sure hope not.
But this wasn't a silly mistake. When your brain gets the exponents
wrong for testing a group element for primitivity, that's a silly
mistake. This wasn't one of them.
While I didn't see David's attack (I kicked myself when he posted it), I
could smell insecurity as soon as I read your article. You should have
done too.
> You yourself have posted some good stuff and bad stuff about SDMI/et
> al. As if you haven't wasted usenet space yourself.
I've not seen any article by David which wasn't worth reading. That
doesn't mean that I agreed with every one, or that none contained
errors. I've not known him be other than reasonable, helpful and
patient (to the extent of answering my stupid questions offline when I
can't read acronyms straight).
I once commented that sci.crypt would be the poorer without Tom's
contributions. I'm beginning to regret this.
-- [mdw]
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Rijndael Galois Field construction problem.
Date: Tue, 1 May 2001 17:15:28 +0100
"Yaniv Sapir" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi all.
>
> In the Rijndael algorithm, there is an extensive use of Finite Field (GF)
> arithmetic. The primitive polynomial chosen is 0x11B = 283, and the field
is
> GF(256). Trying to construct this field I faced a problem when, instead of
> 255 distinct elements (1-255) I get 51 elements repeating five times (the
> 51'st element is 1 - while it should be element 255 - so the series
repeats
> itself).
>
> The method for constructing the field I use is:
>
> Alpha^i = (2^i) mod (11B)
>
> where Alpha is the primitive element and i is the element power and so the
> element position in the field. The calculation, of course, is done using
the
> binary representation of the numbers, which is analogous to the polynomial
> representation with coeffs from GF(2).
The element {02} is not primitive in this field representation so it won't
generate the whole filed. You need to use, say, {03} instead.
> This same method makes no problems when constructing GF(256) with the
'11D'
> polynomial (used for ADSL modems) and also for other polynomials, even of
> smaller degree.
This is because {02} is primitive in this case.
> So, is there any problem with 11B? I checked and confirmed that this is an
> irreducible one. Or maybe there is a limitation on this (systematic)
> construction method, which makes it good for some polynomials but not for
> others?
The element {02} is not always primitive so you cannot always generate the
field using powers of this element.
Brian Gladman
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: 1 May 2001 16:14:22 GMT
Leonard R. Budney wrote:
>"Copyright" is not a concept on which Americans have a monopoly, [...]
Yes, I'm aware of that. For instance, the premise behind
European copyright is different. (European copyright law seems
to subscribe to a "moral rights" theory, where the author of a
copyrighted work is morally entitled to have some control over
how the work is used. This is a definite contrast to the US.)
And that's why I prefaced my remarks with "In the US, ...".
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Rijndael Galois Field construction problem.
Date: 1 May 2001 16:18:23 GMT
Yaniv Sapir <[EMAIL PROTECTED]> wrote:
> The method for constructing the field I use is:
>
> Alpha^i = (2^i) mod (11B)
x is not primitive in this representation of the field. I think x + 1
is, though.
-- [mdw]
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Style of discussions
Date: Tue, 01 May 2001 09:21:13 -0700
Mok-Kong Shen wrote:
>
> Time and again I read articles that contain, in my opinion,
> more or less heavy personal attacks of some writers on the
> others.
The only cases where I see that as a problems are the
occasional flaming of a newbie for a naive but sincere
question. Does anyone read personal attacks and think less
of the target or more of the attacker?
> I surmise that the underlying purpose of these is
> not to express any private hostility but to give certain
> emphasis to other sentences of the articles that form
> the proper scientific topics being discussed.
The problem on sci.crypt is that even though the group
currently enjoys more expertise than ever before, many or
most of the posts are worse than worthless. I don't worry
about the few posts containing personal insults or even
obscenities; they've done the novice reader a service by so
clearly exposing their value.
The harmful writers impersonate cryptologists without having
bothered to seriously study cryptology. Their posts are
stylistic imitations of scientific discourse, while their
assertions are a jumble of the unjustified, the ill-defined,
the irrelevant and the false.
Intelligent newbies may be unable to distinguish the writers
who tell them the answers from those who make up nonsense.
Therefore we should expose the nonsense for what it is. One
should not, of course, respond with a personal attack.
Neither should one show an undeserved respect for points of
view that come from laziness and ignorance.
--Bryan
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Date: Tue, 01 May 2001 09:39:24 -0700
Tim Tyler wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
> :> : You mean
> :>
> :> : output = Hi = HASH(R || H_i-1 || C)
> :>
> :> : Where R is the initial random seed, C a binary counter and H_0 is
> :> : HASH(R) ?
> :>
> :> That's an example of hashed feedback yes. I don't think I'd hash R
> :> each time - that seems largely a waste of time - just feed it in at
> :> H_0.
>
> : I would. Knowledge of H_i and C is enough to reconstruct the outputs
> : otherwise!
>
> Yes - a serious problem :-(
>
> I'm still thinking of trying to avoid feeding that volume of data into the
> hash, though. Perhaps some of those components could be usefully XOR'd
> together - rather than concatenated...
>
> Anyway, that was the sort of thing I meant to refer to by
> "hashing the internal state and feeding it back".
The popular hash functions have an internal block-size, and
the computation cost is roughly a step-function. For most
hashes, pre-images of up to 447 bits will induce only one
block-compression.
You can avoid repeatedly hashing R. Here's a variation that
also takes an optional input:
output_i = HASH(i || state_i || input_i)
state_i+1 = state_i ^ input_i ^ output_i
I've used i for the equivalent of the binary counter that
Tom called "C". I don't think a constant secret R is
needed, though one could include it if worried about the
hash function losing entropy.
It has some nice properties: One hash computation (plus a
few simple ops) yields an output of the full digest size. An
exposed state doesn't expose previous outputs (even given
the optional inputs). To predict states or outputs requires
both the past state and all subsequent inputs (unlike the
FIPS-186 key generator for which a past state and subsequent
outputs reveals the current state.) If we re-seed through
the input, we get a secret state if either the input or the
old state is beyond the attacker's reach.
But it's just off the top of my head, so check out the
Yarrow paper if you're looking something to implement.
--Bryan
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Tue, 01 May 2001 16:45:50 GMT
Leonard R. Budney wrote:
> It is not deep to realize that people are entitled to enjoy
> the fruits of their labor, whether the labor is physical or intellectual.
> The "deep issues" revolve around exactly how to apply that in practice.
If this is the case, do you believe copyrights and patents should be limited
in time? If so, why?
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
Invasion in chinese restaurant:
ALL YOUR RICE ARE BELONG TO US!
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: GCHQ Reorganization ? [Spoiler]
Date: Tue, 01 May 2001 09:51:05 -0700
Tim Tyler wrote:
>
> F-104G Data Fighter <[EMAIL PROTECTED]> wrote:
>
> : On my long-distance receiver I just intercepted the following
> : information:
>
> : GCHQ will be reorganized [...]
>
> GCHQ are indeed taking a nap:
>
> See http://www.gchq.gov.uk/nap/ for more details.
I notice there's a Baconian cipher on the first line of that page
in the roman/bold font that says "CHALLENGING".
--
Jim Gillogly
Hevensday, 10 Thrimidge S.R. 2001, 16:50
12.19.8.3.6, 1 Cimi 4 Uo, Third Lord of Night
------------------------------
Subject: Re: Censorship Threat at Information Hiding Workshop
From: [EMAIL PROTECTED] (Leonard R. Budney)
Date: 01 May 2001 12:55:16 -0400
Darren New <[EMAIL PROTECTED]> writes:
> Leonard R. Budney wrote:
>> It is not deep to realize that people are entitled to enjoy the
>> fruits of their labor, whether the labor is physical or intellectual.
>> The "deep issues" revolve around exactly how to apply that in practice.
>
> If this is the case, do you believe copyrights and patents should be
> limited in time?
Yes.
> If so, why?
Because if copyrights were perpetual and assignable, then no protestant
could ever buy a Bible without paying a royalty to the Pope. (In other
words, there is also a rational need for the existence of a public
domain.)
The best scheme is a good question. Copyrights that outlive the original
author seem manifestly wrong to me. Lifetime copyrights would actually
be an *improvement* over the current system, and for example the Hobbit
would now be in the public domain. As would all of Erle Stanley Gardner's
fun little novels. But shorter than lifetime seems more appropriate to
me. How long? The 1710 ruling still seems fair: about 14 years.
Len.
--
I've seen servers run for several _years_ without a software upgrade.
-- Dan Bernstein
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
