Cryptography-Digest Digest #291, Volume #14 Fri, 4 May 01 07:13:00 EDT
Contents:
Re: Free Triple DES Source code is needed. (John Savard)
Re: Random and not random (John Savard)
Re: Random and not random (John Savard)
Re: Free Triple DES Source code is needed. (Paul Schlyter)
Re: Random and not random (Mok-Kong Shen)
Re: Random and not random (Mok-Kong Shen)
FIPR Release 3/5/2001: Govt. keeps powers to license IT personnel, denies "threat"
("Arturo")
OAP-L3: "The absurd weakness." (Anthony Stephen Szopa)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Free Triple DES Source code is needed.
Date: Fri, 04 May 2001 07:04:29 GMT
On Thu, 03 May 2001 22:51:03 GMT, [EMAIL PROTECTED] wrote, in part:
>Can some one help me please? Where can I find the Triple DES source code?
In a pinch, you could use some single-DES source code, and just call
it three times.
John Savard
http://home.ecn.ab.ca/~jsavard/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Random and not random
Date: Fri, 04 May 2001 07:09:32 GMT
On 3 May 2001 10:24:11 -0700, [EMAIL PROTECTED] (Matthew Skala)
wrote, in part:
>The trick, of course, is that we construct our bad-pad-rejection test for
>the constrained OTP such that even though *one* constrained pad isn't
>uniformly distributed over the space of all possible pads, the composition
>of *two* constrained pads is uniformly distributed.
>General Jones
>can honestly say that nobody in his army ever knowingly transmitted a
>ciphertext that was equal to the plaintext or equal to any trivial
>encryption of the plaintext.
No, but somebody knowingly issued a pair of matching constrained OTPs
that added up to zero. (The constraint would have to be made stricter
and local to allow avoiding the use of matched pairs of pads.)
That's why I think my proposal - first pad constrained, second pad
unconstrained (and chosen independently when used) - more closely
meets the needs of the client.
John Savard
http://home.ecn.ab.ca/~jsavard/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Random and not random
Date: Fri, 04 May 2001 07:10:32 GMT
On 3 May 2001 10:46:18 -0700, [EMAIL PROTECTED] (Matthew Skala)
wrote, in part:
>It's not good enough for an OTP to be randomly generated. It must be
>randomly generated *and* independent of the plaintext.
If it isn't independent of the plaintext, it isn't random.
John Savard
http://home.ecn.ab.ca/~jsavard/
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Free Triple DES Source code is needed.
Date: 4 May 2001 09:18:53 +0200
In article <rhlI6.389$[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]> wrote:
> I have looked every where on the web to find a Free C/C++ Source Code
> implementation of Triple-DES.
> I have found some, but it either has a damaged zip or tar file.
>
> Can some one help me please? Where can I find the Triple DES source code?
If you really have "looked every where on the web", then how come
you already haven't found:
http://www.openssl.org
????
BTW how many hours did you spend to examining all of the WWW? <evil grin>
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Random and not random
Date: Fri, 04 May 2001 11:32:44 +0200
Matthew Skala wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> >I have a perfect OTP source and I have n messages, which
> >for simplicity may be assumedd to be of the same length.
> >I encrypt these via xor with n segments of the OTP. Am I
> >sure that the opponent can't decrypt any of them? If no,
>
> If you choose, fix, and commit to your message, and then generate a pad
> and use it, that's secure. This means that you choose what message you
> will send, and then you determine the pad, and use the pad you generate
> *no matter what* that pad happens to be. That scenario (assuming an
> appropriate generator) has the perfect secrecy property.
>
> It is also secure to generate the pad (with an appropriate generator) in
> advance and then not look at it, or look at it but ignore it COMPLETELY,
> until after you have chosen your message.
>
> It is not perfectly secure to change your message, or change the order of
> messages, or change the wording of your message, or anything like that,
> based on knowledge of the pad.
Consider the following: (1) I don't look at the pad and
send the messages in an order K1 (because this is for
some reason for me convenient), (2) I don't look at the
pad but arbitrary change the order of the messages to K2,
(3) I look at the pad and based on the information changed
it to an order K3 which 'by chance' happens to be identical
to K2. Why is (2) secure and (3) not secure? See also
below for more details.
> >segments that fail that. I choose to encrypt the n1 type
> >A messages with the n1 segments that pass my test and
> >the the n2 type B messages with the remaining n2
> >segments. Is this o.k. or not? If not why? (Does the
>
> No. In this case, you are looking at the pad, and only after looking at
> it are you choosing which message to encrypt with which pad. As a result,
> the pad and message are not independent. Independence of pad and
> message is one of the requirements of the perfect secrecy theorem.
>
> Suppose the pads and messages were all independent, and I knew them all,
> and your selection procedure, but I didn't know the ciphertext or which
> pads went with which messages. If that were true, then I should be unable
> to guess which pads you chose for which messages. But in the scenario you
> describe, I can look at a pad, see that it passes the test, and guess that
> you used it with a "high security" message - or see that it fails the
> statistical test and guess that you used it with a "low security" message.
> In your scenario, pads and messages are not independent. The conditional
> probability of you choosing a given pad for a specific message is not the
> same as the probability of you choosing that pad for any arbitrary
> message. By definition, they are not independent. Independence of pads
> and messages is a requirement for perfect secrecy. The requirements for
> perfect secrecy are not met in your scenario.
>
> The fact that you're still using the rejected pad segment for some other
> message, instead of discarding it entirely, is irrelevant. What counts is
> that by changing the pad/message mapping based on the statistical tests,
> you have destroyed the independence of pad and message, and Shannon says
> you're not allowed to do that. Independence of pad and message is a
> requirement for the perfect secrecy of the OTP.
I don't yet understand your 'independence' argument. The
different segments (in fact the different bits) of OTP
are 'independent' from one another by definition of the
property of OTP (in contrast, segments of output of a
PRNG are not entirely independent, there being correlations).
So suppose the segments are S1, S2, S3 (happen to be
generated by the source in this order). The corresponding
messages can be M1, M2, M3 or any of the possible six
permutations of these. Isn't it that EACH and EVERY of
the permutations is secure by the theory of OTP 'from
the very beginning'? If no, why? Suppose the answer is yes.
Now my test results in one of the possible permutations,
say, M2, M1, M3. Why does this permutation, which is
one of the six that we have determined to be secure, now
suddenly become insecure? Hopefully (and I am pretty sure)
we don't have anything here to do with phenomena like the Schroedinger's
cat (where an observation by a human would
matter.)
In my previous posts I mentioned a situation where
not all the M's in the above would be sent. But let's
first settle the above case, which is clearer. Thanks.
M. K. Shen
============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Random and not random
Date: Fri, 04 May 2001 11:36:20 +0200
John Savard wrote:
>
> (Matthew Skala) wrote, in part:
>
> >The trick, of course, is that we construct our bad-pad-rejection test for
> >the constrained OTP such that even though *one* constrained pad isn't
> >uniformly distributed over the space of all possible pads, the composition
> >of *two* constrained pads is uniformly distributed.
>
> >General Jones
> >can honestly say that nobody in his army ever knowingly transmitted a
> >ciphertext that was equal to the plaintext or equal to any trivial
> >encryption of the plaintext.
>
> No, but somebody knowingly issued a pair of matching constrained OTPs
> that added up to zero. (The constraint would have to be made stricter
> and local to allow avoiding the use of matched pairs of pads.)
>
> That's why I think my proposal - first pad constrained, second pad
> unconstrained (and chosen independently when used) - more closely
> meets the needs of the client.
Please also read my follow-up to Mathew Skala that I have
just sent and give eventually your comments. Thanks.
M. K. Shen
------------------------------
From: "Arturo" <[EMAIL PROTECTED]>
Crossposted-To: uk.tech.electronic-security,uk.legal
Subject: FIPR Release 3/5/2001: Govt. keeps powers to license IT personnel, denies
"threat"
Date: Fri, 4 May 2001 11:20:26 +0100
FIPR NEWS RELEASE: 3rd May 2001 - FOR IMMEDIATE USE
===============================
Govt. keeps powers to license IT security, denies "threat"
==========================================================
In the final session of the Private Security Industry (PSI) Bill Standing
Committee on Tuesday 1st May, the government voted down (without reason)
amendments which would have removed IT security consultants from the scope
of licensing powers. The Bill will now go through its Report Stage and Third
Reading, before becoming law.
Charles Clarke MP (excerpted - full Hansard follows):
"...There has been concern in parts of that sector about how, if at all, the
Bill applies to them...The definition used in the schedule is deliberately
broad...The licensing requirements under that definition will be brought
into effect in due course by regulations, which will specify exactly which
activities of security consultants are licensable...I should like it to be
clear to the industry and the Committee that the information security
consultancy industry is not under threat of licensing at a future date under
the Bill...the Government believe that issues need to be explored with
regard to confidence in the information security consultancy industry...the
Department of Trade and Industry will consult the IT industry about the
extent and effectiveness of existing precautions and about whether further
action is required...I am certain that that is the best way forward, rather
than the solution suggested in the amendments."
The fifth session of the committee on 26th April debated the discovery by
the CBI that any proposal to license IT personnel would conflict with a
European Directive.
http://www.parliament.the-stationery-office.co.uk/pa/cm200001/cmstand/b/st01
0426/pm/10426s05.htm
Quotes
======
Caspar Bowden, director of Internet think-tank FIPR commented:
"The Minister says the industry is not under threat of licensing, but in the
same breath says activities which are routine for many types of IT personnel
*are* caught by the Bill, and unspecified 'further action' may be required.
If there is no threat, why not amend the Bill?"
Notes for Editors
=================
1. Charles Clarke is the same Minister who introduced the RIP Act. Mr.Clarke
still maintains that there was never any problem in RIP over the presumption
of innocence on forgetting a password, despite the fact that the government
was forced to rectify this in the House of Lords after intense pressure. Mr.
Clarke attributed this to "parliamentary arithmetic" (i.e. the government
would have lost the vote otherwise -
http://www.fipr.org/rip/#ClarkingDevice)
2. The Foundation for Information Policy Research (www.fipr.org), is a
non-profit think-tank for Internet policy, governed by an independent Board
of Trustees with an Advisory Council of experts.
3. FIPR's analysis of the RIP Act stimulated media debate, and led to
amendments ensuring that people who lose keys or forget passwords are
presumed innocent until proven guilty, and preventing casual surveillance of
web browsing without a warrant.
4. Media coverage can be found at
http://www.fipr.org/rip/index.html#RegisterTroublemakers and FIPR's original
press release which alerted the industry to the problem at
http://www.fipr.org/rip/FIPRRelease29301Govtstalls.txt
--
Caspar Bowden Tel: +44(0)20 7354 2333
Director, Foundation for Information Policy Research
RIP Information Centre at: www.fipr.org/rip#media
PSI Bill Standing Cttee - Seventh Sitting 1/5/2001
==================================================
http://www.parliament.the-stationery-office.co.uk/pa/cm200001/cmstand/b/st01
0501/pm/10501s09.htm
Mr. Bercow: I beg to move amendment No. 33, in page 28, line 1, after second
`to', insert `physical'.
The Chairman: With this it will be convenient to take amendment No. 32, in
page 28, line 5, after `financial', insert `or information security'.
Mr. Bercow: These amendments might be described as the IT security industry
amendments. The principle arguments on behalf of the IT security industry
have been aired before most eloquently by my hon. Friend the Member for
Surrey Heath. They do not need to be rehearsed in great detail. However,
there is no doubt at all that there is a continuing concern, not least on
the part of the Confederation of British Industry, that the IT security
industry might ultimately be incorporated within the terms of the Bill, even
if that was not originally intended, and despite the fact that no earnest of
any such intention was given to the sector. The two amendments would more
satisfactorily protect the sector than has been done so far. I hope that the
Minister will seriously consider the position.
It is commonplace for members of all parties to invoke the support of large
trade associations and representative bodies when it suits them. That is
entirely legitimate, and you will know, Mr. Winterton, from your 30 years'
service in the House, that the Confederation of British Industry is a prized
body to invoke in support of one's argument. We have done it, and the
Minister has done it.
http://www.parliament.the-stationery-office.co.uk/pa/cm200001/cmstand/b/st01
0501/pm/10501s10.htm
Mr. Clarke: It is only prized by those who support the corporate state.
Mr. Bercow: I am certainly not an enthusiast for the corporate state, but
that does not in any way preclude me from recognising the significant
expertise as well as the representative character of the Confederation of
British Industry. It is concerned, as I think the Minister will acknowledge,
that the Bill could have a damaging impact upon the IT industry, and could
hinder the Government's aim to make the United Kingdom the best place in the
world in which to conduct e-business.
The argument is simple. The current wording of the Bill necessitates the
amendment, as it is unclear whether the Bill covers people working in
information technology such as systems administrators and IT support staff,
whose duties range from the building of firewalls to the protection of a
network from attack to educating employees on what sort of passwords to use.
Given the difficulty that some businesses already have in recruiting
specialised and experienced IT professionals, any proposal that endangers
that species and makes their recruitment more difficult would exacerbate the
present problem and should, if at all possible, be avoided by the
Government.
We all know that there was extensive consultation in advance of the
introduction of the Bill. We do not dispute that, and we have debated the
Bill on many occasions. However, that consultation-quite properly-was with
the organisations that it was envisaged would be affected by the Bill. The
IT security sector did not originally expect to be affected and had no
reason to think that the Government wanted it to be. However, it is now
anxious that it might be.
That is a problem. The drafting of the Bill has seemingly inadvertently
drawn in the IT security industry, as my hon. Friend the Member for Surrey
Heath explained during our deliberations last week. Paragraph 5 defines the
activities of security consultants as falling under the designated
activities of clause 3, the conduct of which without a licence will be
against the law. Security consultants are defined as those who give advice
about taking security precautions or engaging security operatives. The
wording makes no distinctions between physical and information security, or
between tangible and intangible assets.
It therefore appears possible-I put the point no more strongly than
that-that information security consultants, as no specific distinction is
made between them and others, and they are not consciously excluded, could
fall within the scope of the Bill, as bouncers and wheelclampers do. IT
security consultants are not mentioned-the Minister will not dispute that,
as it is an incontrovertible fact-in the exemptions to paragraph 5, which,
as we know from debate, include exemptions for those giving legal and
financial advice and for the activities of an accountancy body.
The inclusion of the IT sector is undesirable if it is deliberate, but in a
sense is even more so if it is not deliberate. If it happens by default,
that is deeply regrettable, as it would mean that no protection of the
sector would have been provided alongside the regulatory mechanisms that the
Government have decided are appropriate. We want inclusion by inadvertence
even less than we want deliberate inclusion. IT security consultants could
be licensed under a Bill that has been drafted without their being
consulted.
The Minister will not be surprised by the fact that I want to refer to
remarks that he made on Second Reading. He said that the Government had no
current intention of bringing
``the information security industry within the scope of the new licensing
regime established by the Bill''.-[Official Report, 28 March 2001; Vol. 366,
c. 974.]
He went on to insert a significant and-from our point of view, and
especially from the industry's-worrying caveat. It was that the Department
of Trade and Industry would consult on whether that should be done in
future. If it decided so to do, all that would then be required would be to
impose a licensing requirement on the information security industry via
secondary legislation. An unconsulted sector that did not expect to be
threatened would find that it was, and would have precious little, if any,
opportunity to do anything about it. The sledgehammer of secondary
legislation would bring in regulation, direction and control that the
industry never expected to be on the receiving end of.
As the Minister knows, the Confederation of British Industry believes,
according to its parliamentary brief, that
``the information security industry . . . Should not be included in a Bill
on which it was not consulted . . . Should not be the subject of secondary
legislation when it hasn't been consulted on the relevant primary
legislation . . . Should not have to show that regulation of this sector
isn't needed when those proposing''
legislation, or allowing for it,
``have not had to make the case that it is''.
It further states that the sector
``Should not be potentially subject to a licensing regime that has come
about through oversight rather than a considered and intentional government
policy''.
Those reasons are cogent. The brief says:
``The CBI urges the Standing Committee to amend Schedule 2(5) to include an
explicit exemption of IT security consultants. Although the secondary
legislation can be drafted to exclude IT security consultants, the fact that
the primary legislation was never intended to include IT security in the
first place makes it preferable to amend the Bill itself.''
That way, we would have an assurance. The sector would have the greater
peace of mind that it should enjoy. We ought to be conscious that we have
significant power to affect the sector in this place. That power should be
used for good and not for ill. I hope that the Committee will act
immediately to end the confusion and uncertainty and remove a potential
barrier to e-business.
At an earlier stage, there was some publicity about the CBI's concerns about
the Bill. I hope that the Minister will take careful note of what the head
of e-business of that organisation, Mr. Hickson, was quoted as saying, which
was that he fears that the Government have
``gone from never having even dreamed of licensing IT security
professionals, to proposing it by accident, to essentially challenging the
industry to say why the profession shouldn't be licensed''.
That seems to be an inversion of responsibility.
I have tried to make important arguments as briefly as I can. I look forward
to the Minister's reply. I am conscious of the fact that-I expect a
cheer-this will be my last contribution in the Committee, so I thank you,
Mr. Winterton, warmly and genuinely, for your fair, firm, tolerant and
robust chairmanship. I say that to someone who I hope is now widely
acknowledged in the House of Commons as one of the finest parliamentarians
of our time.
The Chairman: I am not sure what to say.
Mr. Andrew Miller (Ellesmere Port and Neston): When I referred to this
clause earlier, the hon. Member for Buckingham intervened on me and I
undertook to think about his point and to respond. I have a lot of sympathy
for his argument, as have several organisations including the British
Computer Society, but I think that his solution is wrong for the problem. We
must always keep in mind the word ``proportionate'' when considering our
responsibilities in legislation, particularly human rights legislation. If
we were to accept his solution, we could end up in the ridiculous position
of dealing with the security of a cheap piece of plastic, such as a CD,
floppy disk or tape, but not with the extremely valuable data it contained.
That would create a problem of proportionality.
The solution lies somewhere in secondary legislation. It would be extremely
helpful for the Minister to say unequivocally that at this stage there is no
intention to incorporate the IT-
The Chairman: I am afraid that I must now ask the Minister to respond.
Mr. Charles Clarke: These amendments seek to limit the definition of
security consultants to those offering advice about the taking of security
precautions in relation to physical property. That would exclude those who
advise on the security of information, and I interpret that to mean the IT
sector. There has been concern in parts of that sector about how, if at all,
the Bill applies to them. They are keen to establish whether the Government
includes them in the definition of security consultant that is used in
paragraph 5 of schedule 2. I had hoped to lay their fears to rest in a
statement I made on Second Reading, but I am happy to restate the position.
The definition used in the schedule is deliberately broad. We want it to
remain useable in the face of changing security systems, in particular those
using technology-and I acknowledge the point made by my hon. Friend the
Member for Ellesmere Port and Neston (Mr. Miller). We also wish, as a
fundamental principle, to ensure that the Bill targets the specialist
providers of security services whom we want to regulate, but does not
inadvertently catch groups who are not relevant to the aims of our policy.
The term security consultant, as used in paragraph 5 of schedule 2, means
those who give advice about
``the taking of security precautions in relation to any risk to property or
to the person''.
The licensing requirements under that definition will be brought into effect
in due course by regulations, which will specify exactly which activities of
security consultants are licensable. Activities not specified will not be
licensable. However, as I said on Second Reading, I should like it to be
clear to the industry and the Committee that the information security
consultancy industry is not under threat of licensing at a future date under
the Bill. I hope that that reassures my hon. Friend the Member for Ellesmere
Port and Neston.
As I said on Second Reading, the Government believe that issues need to be
explored with regard to confidence in the information security consultancy
industry. That industry has a vital role to play in protecting the new
economy from vandalism and other crimes. Our consideration of the Bill has
started a valuable debate about how information security consultants can
match or exceed the levels of confidence that the Bill will create for other
security contractors. For that reason, the Department of Trade and Industry
will consult the IT industry about the extent and effectiveness of existing
precautions and about whether further action is required.
I look forward, as I hope the Committee does, to seeing the result of that
consultation. I am certain that that is the best way forward, rather than
the solution suggested in the amendments. I hope that I have convinced the
hon. Member for Buckingham and that he will withdraw his amendment. We want
to work with the industry, rather than against it, to solve these problems.
Mr. Bercow: I have listened carefully, but I am not persuaded by what the
hon. Member for Ellesmere Port and Neston said, although I shall reflect on
it, or by the observations of the Minister. I should therefore like to press
the amendment.
Question put, That the amendment be made:-
The Committee divided: Ayes 4, Noes 13.
Division No. 8]
AYES
Bercow, Mr. John
Hawkins, Mr. Nick
Lilley, Mr. Peter
Simpson, Mr. Keith
NOES
Clarke, Mr. Charles
George, Mr. Bruce
Hall, Mr. Mike
Hughes, Mr. Simon
Kennedy, Jane
Miller, Mr. Andrew
Pickthall, Mr. Colin
Prentice, Bridget
Starkey, Dr. Phyllis
Stewart, Mr. Ian
Thomas, Mr. Gareth R.
Turner, Mr. Neil
Winterton, Ms Rosie
Question accordingly negatived.
It being after Seven o'clock, The Chairman proceeded, pursuant to Sessional
Order D [28 March] and the Order of the Committee [10 April], to put
forthwith the Question necessary to dispose of the business to be concluded
at that time.
Schedule 2 agreed to.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker,talk.politics.crypto
Subject: OAP-L3: "The absurd weakness."
Date: Fri, 04 May 2001 03:32:42 -0700
OAP-L3: "The absurd weakness."
The process of random digit generation used in OAP-L3 can be reduced
to this simplicity:
You have two permutations of the digits from 0 to 9 such as
7205981463 & 0471583926
Let's choose the fourth digit in the first permutation which is 5
to index the second permutation. Thus element 5 (where the
first element is the zeroth element) of the second permutation
is 8.
Now it has been called to my attention that there are many possible
permutations that will result in the same output. How so?
To arrive at the same output you only need the first permutation to
keep the fourth element as 5 and element 5 in the second permutation
needs to be kept as 8.
So let's take the first permutation. If we keep the fourth element
as 5 that leaves the other nine positions in the permutation to vary
with the digits 1,2,3,4,6,7,8,9, & 0. So there are 9! = 362,880
possible other permutations. Since there are a total of 3,628,800
total possible permutations of the digits 0 - 9, there are just 10%
of the total possible permutations that can be substituted for the
original permutation. 362,880 / 3,628,800 = .10 or 10%.
Now, this same analysis can be made with regard to the second
permutation: there are 362,880 suitable substitutes.
In each case this is only ten percent or one in ten. Thus for two
or both permutations there is just .10 X .10 = .01 or 1% of all
possible permutation pairs: ((3,628,800)^2 = 13,168,189,440,000,)
which is .01 X 13,168,189,440,000 = 131,681,894,400, that will
produce the same output: 8.
This is certainly a lot. But it is no better than guessing two
consecutive digits with no regard to any process whatsoever. Just
by simply guessing.
So much for "the absurd weakness."
Now you might say that you can think of other permutation pairs
that can output the same digit. Yes. I agree but you will have
to select another element from the first permutation and use a
different appropriate second permutation. But in any case you will
still have the same probability for possible outcome.
The reason for this is that you ultimately must make the choice of
two permutations and which element to chose from the first
permutation.
So you must make three choices where each choice is one in ten. So
the odds of you guessing these three correctly to arrive at the
correct random digit output is .10 X .10 X .10 = .001 or 0.1
percent or one in a thousand.
The odds scale as you must choose more rows, more permutations, and
the initial permutation element. You can never escape these
constraints.
In any event, you may guess a combination of rows and permutations
in these rows and an initial permutation element but the odds of
guessing these correctly are the same as guessing random digits
with no regard to any specific process.
Again, so much for "the absurd weakness" some have worried about
regarding OAP-L3.
Lastly, you may say that you will not be guessing for very long if
you get enough plaintext / cyphertext pairs. Too bad. Because
there is no clear relationship between the OTP files use to create
the cyphertext and the random digits generated using OAP-L3.
This obscure feared weakness IS quite absurd, indeed.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
