Cryptography-Digest Digest #328, Volume #14 Thu, 10 May 01 14:13:01 EDT
Contents:
Re: Bitsliced Cipher (jlcooke)
Re: Crypto web-page (jlcooke)
Re: Are low exponents a problem with RSA? (David A Molnar)
Re: Intacta.Code ... (WARNING: high heat ahead, possible exposure to (newbie)
Re: Security with provable strength. (Benjamin Goldberg)
Re: Best, Strongest Algorithm (SCOTT19U.ZIP_GUY)
RSA signing with public e = 3 ("Peter Kooiman")
Re: Best, Strongest Algorithm ("Douglas A. Gwyn")
Re: Random and not random (Mok-Kong Shen)
Re: Intacta.Code ... (WARNING: high heat ahead, possible exposure to direct flame)
("Paul Pires")
Re: ECC question (Mike Rosing)
Re: Best, Strongest Algorithm ("Douglas A. Gwyn")
Re: Best, Strongest Algorithm ("Douglas A. Gwyn")
Re: Optimizing AES throughput ("Douglas A. Gwyn")
Re: Bitsliced Cipher ("Kostadin Bajalcaliev")
Re: RNG problem (Mike Rosing)
Re: Integrity check algorithm (Mike Rosing)
Re: Borg(warner) and Boeing? ("Paul Pires")
Re: Cryptanalysis Question: Determing The Algorithm? ("Douglas A. Gwyn")
Re: Looking for a simple code wheel to print out for kids ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: jlcooke <[EMAIL PROTECTED]>
Subject: Re: Bitsliced Cipher
Date: 10 May 2001 14:08:42 GMT
May I ask what your design reasons were for the use of {29,26,25,21} in:
a = a ^ c ^ ROL(d,29); // ROL(x,29) == ROR(x,3)
b = b ^ d ^ ROR(c,26); // ROR(x,26) == ROL(x,6)
c = c ^ b ^ ROR(a,25); // ROR(x,25) == ROL(x,7)
d = d ^ a ^ ROL(b,21); // ROL(x,21) == ROR(x,11)
which can be re-reitten with only ROR:
a = a ^ c ^ ROR(d,3);
b = b ^ d ^ ROR(c,26);
c = c ^ b ^ ROR(a,25);
d = d ^ a ^ ROR(b,11);
Bajalcaliev, can you do another avalanche test (or email me the source
for your avalance code)? What are the avalanche results with
{ROL,ROR,ROR,ROL} := {29,23,19,17}?
JLC
Tom St Denis wrote:
>
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> news:f6iK6.52991$[EMAIL PROTECTED]...
> > I would appreciate comments (please!).
> >
> > It's not a commercial cipher or anything just for the sake of research.
> My
> > design achieves 409 megabits/sec on my Athlon 1.2ghz that's about 24
> cycles
> > per byte (code is written in C not asm). I probably could get it down
> > around 20 cycles per byte in assembly.
>
> Well toying with a LT analyzer I wrote I think I came up with a slightly
> better LT. It's less symmetric words on the same half (if you noticed my LT
> is a feistel network) so the diffusion is a bit less ordered in appearance.
>
> Modified source at
>
> > The C source is at http://tomstdenis.home.dhs.org/tc15.c
>
> I would appreciate comments please. Anything at all!
>
> Tom
------------------------------
From: jlcooke <[EMAIL PROTECTED]>
Subject: Re: Crypto web-page
Date: 10 May 2001 14:25:44 GMT
Tom St Denis wrote:
> I.e "Failure to implement protection against "known plain-text" attacks."
> which is impossible except for physical protection.
> and
> "In the context of a public-key cryptography system: Thinking it's safe to
> send a public-key across an insecure network or communications medium, such
> as the internet. Since we all know that sending a public-key across an
> insecure network means someone can intercept it "en route" and replace it
> with his/her own."
>
> Which is only half true. Using a web of trust it's possible todo this
> correctly.
I think you'd be hard pressed to find a successful example of this at a
global scale Tom. I'm getting flash-backs of a news headline: "VeriSign
falsely issues two Microsoft certificates". And how do you test the
authenticity of the amazon.com cert? With the CA cert you downloaded in
Netscape? Chicken and Egg.
JLC
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Are low exponents a problem with RSA?
Date: 10 May 2001 14:44:13 GMT
DJohn37050 <[EMAIL PROTECTED]> wrote:
> 3) Use of a larger exponent could be considered insurance against the
> possibility of an RNG failure during formatting of the message.
this reminds me of a question I had...
Semantically secure cryptosystems must be randomized (otherwise an adversary
can trial encrypt and distinguish). What happens if some, but not all, of the
random bits used for a particular message are revealed? in general and for
specific cases?
for instance, if you have a pseudo-OTP and you know half the bits output by
the PRNG, you have half the message. can we do better? how much better can we
possibly do?
-david
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: Intacta.Code ... (WARNING: high heat ahead, possible exposure to
Date: Thu, 10 May 2001 11:20:46 -0300
Are you talking with me beautiful girl?
Joseph Ashwood wrote:
>
> Noone attacked you, in fact you were corrected relatively minorly (see the
> rather severe conversations I've had with Szopa to see how mild). It was not
> to be a personal attack. Tom was correcting a mistake you made, albeit he
> didn't do it in the kindest way, but his attitude problem is fairly typical
> for this group. From there you continued to take the attack personally and
> began personal attacks on him.
>
> John's so-called attack on you was a comment that I guess hit your
> masculinity a bit too closely to what you fear, for the rest of us it was a
> funny remark. Don't worry it's fairly normal to be homophobic. Just please
> understand around here no one will stab you in the back, it's the front or
> nothing.
>
> Now my response, yeah I'd say that was rather close to a personal attack. I
> figured if you wanted to keep the insults up, I'd give you a target that
> bites back very well. I don't consider it too much of a waste of time (a
> waste of bandwidth certainly, but not a waste of time) we all need an outlet
> for our stress. I figured my response would have one of two responses, you'd
> either go away, or realize that there are much worse people to have insult
> you.
> Joe
>
> "newbie" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > ????
> > What are you talking about???
> > Once you read what it was said before, then you have the right to
> > talk!!!!!!!
> > Tom attacked me
> > John Lebbs attacked me
> > And now you!!!!
> > You are wasting your time!!!!
> > Are you crazy???
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Security with provable strength.
Date: Thu, 10 May 2001 11:45:36 -0400
Paul Rubin wrote:
>
> It was attributed in AC2 to Udi(sp?) Maurer, but it's completely
> insecure and there has to be some kind of mistake involved.
> Think linear algebra.
Not *entirely* linear. Here it is written in psuedocode, with N=128
These arrays are of bits:
K[1..N] = the secret key
R[1..N][1..M] = the public random strings.
P[1..M] = the plaintext
C[1..M] = the ciphertext
for( i = 1 .. M ) {
x = P[i];
for( j = 1 .. N )
x ^= K[j] & R[j][i];
C[i] = x;
}
The step with the & is *non*linear.
--
Shift to the left, shift to the right, mask in, mask out, BYTE, BYTE,
BYTE !!!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm
Date: 10 May 2001 15:25:53 GMT
[EMAIL PROTECTED] (jlcooke) wrote in
<[EMAIL PROTECTED]>:
>Doug Kuhlman wrote:
>> False. There are (2^128)! (yes, 2^128 factorial) transformations (maps)
>> from P to C, if both are of size 128 bits. That is significantly more
>> than merely 2^256.
>
>Pardon. Every time I find myself writing to a news group like sci.crypt
>I find myself wishing I had taken a few english courses.
>
>For a _single_ given P, there are 2^128 possible transformations into C
>since there are 2^128 possible C_i's. ALL transformations (from all
>possible P_j's to all possible C_i's) are the order of (2^128)! as Doug
>corrected me.
>
>JLC
>
If you look at a sngle block of 128 bits then there is only 2**128
vaules that that single block could map to.
However if you look at more than one block. And most files would
require more than one block the number of transformations would
quickly apporach the key size of 2**256 in the case of Rijndeal
Example suppose first block is zeros and second block for file is
all zeros with a one.
You notice right away that the first block can map to 2**128 values.
but since there are 2**256 keys. Many of these keys would map that
block to the same values. Pick the set of keys that map that block
to any value. One the average there is 2**128 seperate keys that map
that first block to a given value. Know lets look at second block
it has a different value than the first so each of these 2**128 that
mapped first block to some fixed value could map this second block
to a different set of values. One can see that for only a few
blocks 3 for exanple. if block one is zero block two is all zeroes
with a one. and block 3 is all zeors with 10 and end. It highly
unlikely that more than one key could ezist for the Rinjndeal that
could map all three blocks the same way. This means if you can
find just three blocks there is enough information to break Rijndeal.
The trick is to make it so one can't find input output pairs.
that carry enough information to allow an easy break based on
the information.
I have sugguest more than once who to avoid this kind of free
giveaway of information.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Peter Kooiman" <[EMAIL PROTECTED]>
Subject: RSA signing with public e = 3
Date: Thu, 10 May 2001 17:39:52 +0200
Hi,
I have a question inspired by the recent discussion on RSA with public
exponent 3:
Suppose I receive encrypted and signed messages, my public exponent is 3
with mod N,
the other party has public exponent 3, private exp d (obviously not known to
me) and mod K, so
plaintext M would give a signed crpyted message ((M ^ 3) mod N) ^ d mod K.
Question: would it be feasable for an intruder to forge a message? Let's
suppose the message itself
is in the first X most significant bytes of M (ie reduction mod N
guaranteed),
message a lot shorter than the block size and the remaining bytes can be
filled with any convenient values.
So in other words, could an intruder construct a message F such that after
encrypting
I would have an apparently valid message, that is a message with something
meaningfull and chosen by the intruder in its MSBs?
Any thoughts?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm
Date: Thu, 10 May 2001 15:16:54 GMT
Joseph Ashwood wrote:
> next few years this situation will change. We already have evidence that the
> public cryptanalytic activities are closing on the secret, and we have
> evidence that the attack on SKIPJACK was unknown to them, and that ECC took
> them by surprise. These indicate to me that the public knowledge is lacking
> mostly small portions of knowledge; bits and pieces from classified books,
> and the design of the current ciphers.
Surprises are always possible. The advantage of a major organization
having a fundamental interest in an area is that it can develop what
is usually called "corporate knowledge" through continuity of staff
and work that is unparalleled in the academic community. For example,
NSA has held annual so-called SCAMP meetings, essentially colloquia for
their staff cryptomathematicians in which the most important current
unsolved problems are identified and discussed. That has often led
to the redeployment of research resources into solving those problems.
That is much more focussed than is normally seen in academia.
Corporate knowledge has produced points of view and development in
depth of technology that plays little or no role in the open C/A
community. There can be an advantage there..
> No the NSA's primary purpose is to protect our information,
> secondarily they keep tabs on the critical information used by other
> governments, and to use this to assist the other agencies.
They are both primary missions of NSA. Different organizations
within the Agency focus on these; what is primary for one is
secondary for the other, and vice versa.
> ... Measuring the actual security has nothing to do with the speed
> of encipherment/decipherment, at least not where slower is necessarily
> better.
Except if the best (known) attack is brute-force key search,
in which case inherently slow algorithms are slightly more
resistant than fast ones. However, in applications, faster
has other advantages, and since no modern system should be
significantly vulnerable to brute force, deliberate slowness
offers no practical advantage.
> I doubt that the NSA doesn't have the man power to read all the messages,
> they will have to filter them somehow. Otherwise they would have to employ
> at least 50% of the world, since that would be 6 times the population of the
> US, I doubt they employ that many. So they must only want to read message
> that are of interest to them
There are three major classes of interceptable communications:
(1) known to have high likelihood of containing valuable information
(note that "value" is relative to the clients, i.e. intelligence
agencies, whose clients in turn are military operations and
governmental decision makers);
(2) known to have low likelihood of containing valuable information;
(3) not readily identifiable as (1) or (2).
Routine interception would be targeted only at (1), with some
research performed on samples of (3). (2) would be a waste of
resources to capture, analyze, summarize, and/or disseminate.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Random and not random
Date: Thu, 10 May 2001 18:13:00 +0200
I want to retract my previous post of 10 May 2001 13:43:40 +0200,
for I detected certain weak points in my argumentation after
having further considered the issue in question. My sincere
apology to all who have wasted their time reading my posts
in this thread.
M. K. Shen
=========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Intacta.Code ... (WARNING: high heat ahead, possible exposure to direct
flame)
Date: Thu, 10 May 2001 09:26:49 -0700
Never wrestle with a pig......
You both get coverd in mud, discarded food and feces
but da pig likes it.
Paul
Joseph Ashwood <[EMAIL PROTECTED]> wrote in message news:#rCMUBM2AHA.196@cpmsnbbsa07...
> Noone attacked you, in fact you were corrected relatively minorly (see the
> rather severe conversations I've had with Szopa to see how mild). It was not
> to be a personal attack. Tom was correcting a mistake you made, albeit he
> didn't do it in the kindest way, but his attitude problem is fairly typical
> for this group. From there you continued to take the attack personally and
> began personal attacks on him.
>
> John's so-called attack on you was a comment that I guess hit your
> masculinity a bit too closely to what you fear, for the rest of us it was a
> funny remark. Don't worry it's fairly normal to be homophobic. Just please
> understand around here no one will stab you in the back, it's the front or
> nothing.
>
> Now my response, yeah I'd say that was rather close to a personal attack. I
> figured if you wanted to keep the insults up, I'd give you a target that
> bites back very well. I don't consider it too much of a waste of time (a
> waste of bandwidth certainly, but not a waste of time) we all need an outlet
> for our stress. I figured my response would have one of two responses, you'd
> either go away, or realize that there are much worse people to have insult
> you.
> Joe
>
> "newbie" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > ????
> > What are you talking about???
> > Once you read what it was said before, then you have the right to
> > talk!!!!!!!
> > Tom attacked me
> > John Lebbs attacked me
> > And now you!!!!
> > You are wasting your time!!!!
> > Are you crazy???
>
>
>
>
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: ECC question
Date: Thu, 10 May 2001 12:20:50 -0500
Tom St Denis wrote:
> Probably the dudes name was "Jakob" or something...
Jacobians are something totally different....
Keep reading :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm
Date: Thu, 10 May 2001 16:48:06 GMT
"SCOTT19U.ZIP_GUY" wrote:
> so any block cipher using a 128 bit block and only a 256 bit key
> can not be very complex. And for a given method with a small
> key of 256 bits. It would not take very many pairs of cipher text
> to plain text to mathemtically have enough information to determine
> the key. A place like the NSA would only need a few pairs to uniquely
> show which Rijndeal key was used. It would be foolish for them
> not to build custom hardware to do this.
This is correct in principle, but the devil is in the details.
One cannot in practice construct in advance a mapping database,
because it would have to be way too big to have appreciable
coverage (so that it would find a "hit" often enough to
justify the expense). And a dynamic approach amounts to
cryptanalysis, so the question is, how? It's not like solving
a set of linear equations.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm
Date: Thu, 10 May 2001 16:49:55 GMT
"SCOTT19U.ZIP_GUY" wrote:
> ... But if you look at the UK my understanding is
> crime is going up. ...
Of course it is, but it has nothing to do with spying.
They stupidly disarmed the law-abiding populace, giving
criminals less to fear. Same in Australia.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Optimizing AES throughput
Date: Thu, 10 May 2001 16:57:32 GMT
Brian Gladman wrote:
> Assembler comes into its own on low end systems (e,g, smartcards) where
> constraints on both processor performance and memory make its use hard to
> avoid. But its a lot more costly. C code can be used in many applications
> so the value in terms of return on development time is very high. In
> contrast assembler implementations each cost a lot more to develop while the
> extent of their application is much more limited.
The usual engineering solution is to use C for almost all the
application,
but use assembly language for *just the bottlenecks*. Virtually all
real
applications have their bottlenecks concentrated into a very small
amount
of the overall program.
------------------------------
From: "Kostadin Bajalcaliev" <[EMAIL PROTECTED]>
Subject: Re: Bitsliced Cipher
Date: Thu, 10 May 2001 19:18:22 +0200
I have an impression that the avalanche effect results of TC15 have not been
understood. Here is the test:
for each of 128 possible differences (practically two numbers x and y have
n-bit difference if x xor y have n ones) 10000 random pairs are generated by
an external source. This will be 1000 pair having differ in only 1 bit,
10000 pairs differ in 2 bits and so on to 128 bit difference. If the cipher
is a good one the output difference for each possible input difference
should have approximately combinatorial distribution. Combinatorial
distribution is defined as d(k) = n!/[(n-k)!*i!], this is practically the
how many 128-bit number have one 1-bit, how many have 2 1-bits and so on.
percentile distribution is defined as pd(k) = d(k)/Sum(d(k),k=1 to 128).
This means for each input difference 7% of the output differences should be
64 -bits. Here is the expected distribution (in percents).
TC15 give the expected distribution of the output differences. TC15 using
only 8 rounds pass the test also. Usign the rotations you have proposed does
not change anything.
1 - 39 0.000
40 0.001
41 0.002
42 0.003
43 0.007
44 0.013
45 0.024
46 0.043
47 0.076
48 0.128
49 0.208
50 0.329
51 0.503
52 0.745
53 1.069
54 1.484
55 1.997
56 2.603
57 3.288
58 4.025
59 4.775
60 5.491
61 6.122
62 6.615
63 6.930
64 7.039
65 6.930
66 6.615
67 6.122
68 5.491
69 4.775
70 4.025
71 3.288
72 2.603
73 1.997
74 1.484
75 1.069
76 0.745
77 0.503
78 0.329
79 0.208
80 0.128
81 0.076
82 0.043
83 0.024
84 0.013
85 0.007
86 0.003
87 0.002
88 0.001
89 - 128 0.000
jlcooke wrote in message <[EMAIL PROTECTED]>...
>May I ask what your design reasons were for the use of {29,26,25,21} in:
> a = a ^ c ^ ROL(d,29); // ROL(x,29) == ROR(x,3)
> b = b ^ d ^ ROR(c,26); // ROR(x,26) == ROL(x,6)
> c = c ^ b ^ ROR(a,25); // ROR(x,25) == ROL(x,7)
> d = d ^ a ^ ROL(b,21); // ROL(x,21) == ROR(x,11)
Tom
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: RNG problem
Date: Thu, 10 May 2001 12:28:13 -0500
Dobs wrote:
>
> I will try to explain my problem once again:
> In Micali Schnorr generator the output is concatenation of
> z1||z2||z3||.....||zl
> where to obtain Zi we have to take k least significanct bits of Yi
> and Yi=Xi-1^e mod n ( Yi can be number between 1 and n-1 so Yi can be
> as well very small number)
> What if Yi will be very small number ( lets say 8 bits long) and our
> k=614.so we have to take 614 least significant bits of Yi
> Should the output Zi have on the begining a lot of zeros and than bits from
> our smal number ????????????
> This sequence are supposed to be random and this O's on the begining seems
> for me not realy random or I am wrong?
> Could You please write me what to do to make this generator working correct.
> Thanks
Let's try going backwards. You've got Yi = (Xi-1)^e, so Xi = Yi^(1/e) + 1 mod n
How many values of Xi would you have to worry about getting you into
the situation you're worried about? Can you trap on them and not do that,
so you don't have a problem?
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Integrity check algorithm
Date: Thu, 10 May 2001 12:31:43 -0500
Uros Podlogar wrote:
>
> Here is short story. I would like to encode message with private key. Then I
> will publish message with public key. Everyone could decode message with
> public key, but none could generate another message only with public key.
>
> I would use this routine to sign the document so that everybody could check
> its integrity, but nobody could change document and generate another
> signature.
>
> Which algorithm should I use?
Do a web search on Digital Signature Algorithm or DSA. It's exactly what you want.
Patience, persistence, truth,
Dr. mike
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Crossposted-To: alt.business,alt.business.consulting
Subject: Re: Borg(warner) and Boeing?
Date: Thu, 10 May 2001 10:29:29 -0700
There you are!
Your parents (Szopa and Saaralainen) have been lookning for you.
Paul
Wayne Mulder Manzo <[EMAIL PROTECTED]> wrote in message
news:A4AK6.1315$[EMAIL PROTECTED]...
> So, Boeing is moving to Chicago?
>
> Why? Chicago is another huge "ALIEN HIVE" city.
> Wait till the Seattle Boeing Execs get a load of their
> neighbors? Na Nu, Na Nu!
>
> I'm not going to write about the subject but I,
> as a human American, was attacked by the alien
> race in Chicago. I was taken down unfairly.
>
> Northern Chicago is all white aliens
> and the south Chicago is the alien Negra territory.
>
> The alien hive culture in Chicago is totally COLLECTIVE.
> For those who are not SNG fans this can be interpreted as
> BORG CITY!
>
> Oh, there is another corporate headquarters in Chicago that
> sums it all up! This corporate building is located on Michigan
> Avenue in the Loop area of Chicago.
>
> What is the corporation's name?
>
> BORG - WAR - NE(A)R
>
> What am I saying? Boeing is probably all "AGENCY" anyway so what
> does it matter. One huge "Alien Company" controlling all the businesses!
> And the low paying jobs? Oh, those are the positions for "human beings".
>
> I'm still sore about what happened at "Mcdonnell Douglas"!
> This country needs more than one commercial airframe manufacturer!
>
> There is a fantastic amount of skilled aeronautics people in Southern
> California__why don't......., Na, humans aren't smart enough!
>
> Oh, me? I'm the aerospace-mechanical engineering student who was
> working as an intern at NASA-Lewis(Cleveland) back in 1988!
> I'm the MTU, NCSU student who was framed by the "AGENCY"
> at Lewis and thrown out of society.
>
> I was savagely attacked by the "Alien Agency". They fried my face, my
> gonads, and turned my car into a human hibatchi. I've been on the
> streets since 1993! I'm still human and I'm fighting the alien race!
>
> My news sites are censored:
>
> (use Netscape)
>
> http://mansue.com
> http://madona.tripod.com
>
> From the mean streets of the alien collective city of ZionZionatti, Ohio
>
> Wayne "Mulder" Manzo
> I don't play alien games.
>
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> 513-766-2003x1110(voice,fax)
>
> I need publicity because I am being attacked by the "Agency" and they
> refuse to let me work as an engineer or any other position.
>
> Also, I need sponsors for my "slavery-death penalty" civil rights case!
> A very RICH case!
>
>
>
>
>
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Cryptanalysis Question: Determing The Algorithm?
Date: Thu, 10 May 2001 17:10:33 GMT
"Bo D�mstedt" wrote:
> You still assume that the set of cipher algorithms is equivalent to
> the set of published cipher algorithms (everyone else reading
> has already figured this out, right ??)
You cite Kerckhoff's principle, but then ignore it.
The only way it would be safe to assume that the enemy
cannot figure out likely candidates for the algorithm
would be to have too many of them (known to the enemy,
a la Kerckhoff). But the selection would have to be
part of the key (or else the intended recipient also
cannot figure out which algorithm). So this just turns
into a standard situation of a known (meta-)system
with an unknown (meta-)key.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Looking for a simple code wheel to print out for kids
Date: Thu, 10 May 2001 17:18:25 GMT
> if there is a "kids" web site anywhere ...
I don't think it has a cipher disk, but check out:
http://www.nsa.gov/programs/kids/index.html
Several of their puzzles can be printed.
The one about the birds is probably too tough for
all but the brightest (and oldest) kids,
but might appeal to many of this newsgroup's
readers; note: it is harder than you will at
first think.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
