Cryptography-Digest Digest #415, Volume #14 Wed, 23 May 01 09:13:00 EDT
Contents:
Digital Signature Sheeme (Umut Bayraktar)
Re: ECB plus padding instead of CBC? (Vincent Quesnoit)
test vectors (Delacroix Florian)
Re: ON-topic - UK crime statistics (was Re: Best, Strongest Algorithm) (Richard
Herring)
The HDCP Semi Public-Key Algorithm (John Savard)
test pls. ignore ("Jaspher L.Mariano")
Re: Best, Strongest Algorithm (Tom St Denis)
Re: A difficult cryptogram (Tom St Denis)
Re: Decrypt magneti card (Tom St Denis)
Re: free/open source cryptography vs closed source FAQ (Tom St Denis)
Re: RSA private key size (DJohn37050)
Small (not fast) RIPEMD-160 (Ian Stirling)
Re: free/open source cryptography vs closed source FAQ (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Umut Bayraktar)
Subject: Digital Signature Sheeme
Date: 23 May 2001 01:36:42 -0700
I want to write a c++ code for DSS. But I did not use big numbers in
our code. Please help me how can I use these kinds of numbers.
------------------------------
From: Vincent Quesnoit <[EMAIL PROTECTED]>
Subject: Re: ECB plus padding instead of CBC?
Date: Wed, 23 May 2001 11:18:23 +0200
Reply-To: [EMAIL PROTECTED]
Julian Morrison a �crit :
> "Tom St Denis" <[EMAIL PROTECTED]> wrote:
>
> > The problem with sending a single block at a time is that it's only 16
> > bytes (i can't imagine that's at all fast, although I only know about
> > the inet from a winsock programming aspect)
>
> It wouldn't be fast, but it would be a good way to "slow start" and work
> up to the maximum line speed. The packet itself would have other cruft in
> there (stream ID, pseudo-port etc) but it could still be guaranteed to
> slip untouched though pretty much any MTU.
>
> > so you need to send the
> > counter with each block so the space wasted is 100%.
>
> No the space wasted would be one byte for the first message: 00, zero
> significant bytes of count - then two bytes: 01 01, one significant byte
> of count, count equals 1, three for the 257th: 02 01 FF and so forth.
You could even save a little bit more if values of the first byte where : 0
to 239 counter value, 240 to 256 : lentgh of counter in next bytes. This
would make a difference when there are a lot of small mesages.
Vincent
------------------------------
From: Delacroix Florian <[EMAIL PROTECTED]>
Subject: test vectors
Date: Wed, 23 May 2001 12:24:36 +0200
Reply-To: [EMAIL PROTECTED]
Hi All,
Does something like standard test vectors for ciphers and message
digests exist ? Are the ones included in OpenSSL sources what i
might be looking for ?
In brief, i m looking for some accurate way to validate that my code
ciphers and digests correctly.
Thanks
------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Subject: Re: ON-topic - UK crime statistics (was Re: Best, Strongest Algorithm)
Date: 23 May 2001 10:27:25 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] (Richard Herring) writes:
> > Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
> >
> >> It's the most direct explanation for the observed correlations,
> >
> > Granted; but correlation isn't causation.
> Granted, but it's the right place to look.
> >> and is supported by interviews with professional criminals.
> >
> > Who naturally always tell the truth.
> Right. Actually, criminals spread the lie that guns are a
> deterrent because they really WANT their victims to be armed,
> because...because...okay, I give. Why?
No idea. I'm not arguing with the conclusion, just pointing out
that it doesn't actually follow from the premises.
But I think I'd ask *why* they were being interviewed, and what
they might gain by giving the answers they thought the interviewer
wanted.
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: The HDCP Semi Public-Key Algorithm
Date: Wed, 23 May 2001 11:03:42 GMT
The description of the HDCP scheme at
http://www.digital-cp.com/
gives a simple shift-register based stream cipher that I believe to be
quite secure.
Also, an unusual scheme of allowing devices to agree on a session key
is described.
Each device has its own 40-bit public key, which it communicates to
other devices to which it opens a channel, and its own secret key,
which consists of 40 binary words of the length of the key that it is
desired to establish (56 bits, but this is, I believe, an unimportant
detail).
The public keys all consist of an equal number of 1 bits and 0 bits.
If two devices each use the other device's public key to indicate
which words to XOR together from its own secret key, they will both
agree on the same session key.
How on Earth could this work? What is the theory behind it? A paper on
a weakness of this scheme, at the Cryptome site, talked about linear
dependencies, but was heavy reading, and didn't seem to explain what I
was interested in.
Of course, it isn't a true public key system - a trusted authority, to
generate any secret key in this system, is able to generate all the
keys.
But I think I've come to a possible explanation.
Each device's key pair originates from a permutation of the numbers
from 1 to 40. The public key of each device is a vector of bits
corresponding to the numbers 1 through 20 in the permutation.
Then, if the private key is derived from a set of 40 keys permuted in
the inverse order of that permutation, and (which makes it sort of
trivial) the permutations are all drawn from a set that commute with
each other, this will work. Because 20 is an even number, the elements
of the private key can be masked by being XORed with any quantity that
is the same for all 40 of them.
Example, using 8 elements instead of 40:
Device A:
8 (1) (2) (3) (4) 5 6 7 -> 01111000
2 3 4 5 6 7 8 1
Device B:
6 7 8 (1) (2) (3) (4) 5 -> 00011110
4 5 6 7 8 1 2 3
Here, we're using cyclic permutations to get ones that commute.
And when device A and B interact, both pick keys 5, 6, 7, and 8 from
each other's lists.
In addition to the XOR mask, a bit more disguise is possible. Instead
of the 8 cyclic permutations, a commuting family with 15 elements can
be produced:
1 2 3 4 5 6 7 8
2 3 4 5 1 7 8 6
3 4 5 1 2 8 6 7
...
by using disjoint subcycles, and the elements being permuted don't
have to be in order either.
Still, the disguise is awfully thin. Perhaps I've missed something.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
Subject: test pls. ignore
From: "Jaspher L.Mariano" <[EMAIL PROTECTED]>
Date: Wed, 23 May 2001 16:23:04 +0800
test
------------------------------
From: [EMAIL PROTECTED] (Tom St Denis)
Subject: Re: Best, Strongest Algorithm
Date: 23 May 2001 04:40:32 -0700
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote in message
news:<[EMAIL PROTECTED]>...
> [EMAIL PROTECTED] (Joseph Ashwood) wrote in <OXFxVM$1AHA.190@cpmsnbbsa07>:
>
> >
> >"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >> Actually when it comes to crypto [in the United States] the NSA has
> >> the
> >final word.
> >
> >That is to some degree correct. They are in a position to exert undue
> >force on the decision. However the simple fact that the selection of
> >Rijndael was well-founded in the original goals of the AES selection
> >process, and that all the finalists were asked barring their own
> >submission which should win, they all (except the Rijndael team of
> >course) agreed that Rijndael was the preferred choice. So while the NSA
> >may have had the final word, that word coincided with the publicly
> >ascertained desires of the contestants themselves, some of the finest
> >cryptanalysts in the world.
>
> Give me a break. Why don't you pat them on the back again. I
> suspect the finest cryptananlysts are really in the NSA. The public
> guys are only recognized because of the closed mutual admiration
> society that they formed and want every one else to kiss there
> asses. David Wagner for example couldn't even figure out how scott19u
> works. And claimed his slide attack made mince meat of it. He was
> wrong. Is he one in this class of finest cryptanalysts in
> your view of the world he admitted he really never fully looked
> at it. He can't even understand combilible source code.
Give Wagner a break. He has contributed quite a bit to the field of
cryptanalysis. It's funny you mock "how little public cryptanalysis"
can do but fail to acknowledge any of their achievements.
I don't blame Wagner for not knowing how your stuff works. Just
because it compiles doesn't make it simple or easy to follow. Imagine
if the Twofish team published Twofish with zero descriptions and just
a set of tables and wierd looking functions. I bet they wouldn't have
even made it into AES let alone be one of the finalists.
And just because his attack didn't work on your cipher doesn't mean
he's an idiot. The boomerang attack doesn't apply to full Serpent for
example, does that make Wagner stupid? No, it just means Serpent was
designed to avoid that attack.
And it's not only "crypto gods" that admire these people. It's only
you who is the outsider. Everyone is invited into the world of modern
cryptanalysis, you'd rather just sit and wave.
> And you belive that Coppersmith has knowledge that MARS was
> designed againest all forms of attack even those that the government
> says are classied. If he said that and it was true and he had
> knowledge of it being true. He would be dead by now. They do kill
> people when the need arises. Oh it might be cancer or a car accident
> but they do have secrets that they consider worth killing for.
> I suspect SKIPJACK was designed weak. Don't forget it was for
> the clipper chip to be used by all. It would be foolish to allow
> a secure cipher for it. Just like vanilla RIJNDEAL has to be weak
> the NSA would be foolish to allow a strong cipher for common people
> to use.
On what are you basing these claims? You wonder why you don't get any
good feedback Scottu_zip guy? ...
> You miss the point. BICOM is not and will not be recognized by
> the crypto gods as an implimation of Rijndeal for various reasons.
> One the people in charge don't seem to understand bijectiveity and
> have even emailed me saying Matt could not do that. Second only
> nobijective or weak counter mode types of chaining will be allowed.
> Yes tell me counter mode will be great. I don't belive it.
> If the AES thing is for real they should at least have a few
> slow secure chaining modes for those paranoid about file encryption.
> They don't out of fear that many may use more secure modes in email.
This is totally off mark. If I use AES in CTR mode I don't need a
chaning mode and it's faster then BICOM.
I bet you 1000$ if you publish serious analysis of Bicom and why it's
better than say CTR mode for encrypting messages you will get the fame
and glory you so desire.
> Let me state in a way you can understand. The NSA wants only
> people to use RIJNDEAL in weak ways. They may provide a
> list of programs that use RIJNDEAL in blessed ways. Matt has
> used RIJNDEAL but it wont be blessed since its not as weakly
> implimented as the NSA likes. He doesn't use nonbijective compression
> like PGP. He doesn't use padding thats nonbijective. It will
> encrypt any file. And any file can be uniquely decyrpted using
> any key. This is not the kind of implimentaion the NSA wants
> people to even know about. They don't even want people to
> know about the concept. Since it allows for strong encryption
> if uses in serial with another bijective encryption system.
> It does add in the information helpful for breaking as other
> methods do.
That's a fine paragraph. You lack proof for both assumptions.
1) BICOM is secure
2) BICOM is better than anything currently out.
I have listed alot of features of CTR mode over BICOM (again for
clarity sake)
1. CTR is seekable. Useful for encrypted media such as hard disks.
2. CTR has random access. (similar to #1) It can skip over missing
packets and damaged blocks etc. You will still lose the data but not
the entire message.
3. CTR is efficient in time and size since only the ciphers
encryption has to be implemented and used.
4. CTR is provably as secure as the underlying block cipher (assuming
the keys are all random).
5. CTR is a simple mode to implement and doesn't require alot of
implementation woes.
6. CTR is ideal for low end processors where precomputation can occur
to lower latency.
Yes, Bicom provides other things such as "bijectiveness" (which is the
entirely wrong word when talking about a block cipher). But BICOM
does not provide any of the 6 above points. And if you had ever
stopped to think Encryption is not the be-all-and-end-all of the
world. If you can't get your message from A to B then what's the
point. Further more problems with BICOM
1. No proof of security.
2. Not provably more secure then CTR mode
3. Not seekable
4. Not random access
5. Not suitable for low end processors
6. Not as simple as CTR
7. etc...
BTW Scottu_zipguy, the NSA is not out to get you. I bet they have
never heard of you except in some jokingly fashion. There are what
300 million us citizens? Why would the govt care about 1/300million
of it's population? Randomly that's 2^-28 chance of being picked on.
Tom
------------------------------
From: [EMAIL PROTECTED] (Tom St Denis)
Subject: Re: A difficult cryptogram
Date: 23 May 2001 04:43:02 -0700
[EMAIL PROTECTED] (daniel gerard mcgrath) wrote in message
news:<[EMAIL PROTECTED]>...
> Can anyone try to decipher this message? Does anything look familiar?
> The solution is a well-known poem.
>
> 74401 47111 40125 11701 12908 26061 63347 17069 42565 00164
> 45116 40912 11711 13154 58565 10900 01626 01541 62685 06890
> 33433 20521 09014 60650 01909 16567 11144 72235 32053 94143
> 13177 05019 45111 23131 90069 46635 11050 62632 05741 14471
> 10153 90506 03153 60146 74071 67456 61005 67111 43145 11123
<snip>
The message is... wait I am getting it.... hold on ...
"I will not cross post sci.crypt with random crap for I am too smart
to be that stupid. I shall keep puzzles in a puzzle group. I shall
sit in the corner to think of what I have done."
Tom
------------------------------
From: [EMAIL PROTECTED] (Tom St Denis)
Subject: Re: Decrypt magneti card
Date: 23 May 2001 04:44:06 -0700
<[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>...
> Hi i need help i need one program or explain for decod credit card�s and i
> want to now what model i have to buy to read and write magnetic card�s
> (hardware)
> Anyone explaine me the schematics for this situation.
> Sorry my english .:)
> please send me mail
> [EMAIL PROTECTED]
Afaik credit cards are two-track Mag strips (not entirely sure). Any
standard mag-reader should work fine for that.
Also why did you post that here? It's completely off-topic.
Tom
------------------------------
From: [EMAIL PROTECTED] (Tom St Denis)
Subject: Re: free/open source cryptography vs closed source FAQ
Date: 23 May 2001 04:47:59 -0700
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote in message
news:<[EMAIL PROTECTED]>...
> [EMAIL PROTECTED] (Tom St Denis) wrote in
> <[EMAIL PROTECTED]>:
>
> >>
> >> Its true its best to go with open source. But I think the
> >> average person will be tricked into using a poor unsafe version.
> >> However there are things one can do to minimize the chance of
> >> getting a unsecrue encryption. One way would be to use 2 encryptions
> >> methods in series that add no information during the encryption.
> >
> >What are you alluding to here? Why are "most people tricked into
> >using unsafe open source crypto"?
> >
>
> Maybe you could anwser this for your self your one of these
> who seems a sucker for weak encryption mehtods as long as there
> are blessed by the crypto gods or that you think are so blessed.
No, but when some "crypto god" explains why I should trust there
method I do so more than some jackass that hand-waves.
Let me guess you are some retired vietnam vet who has nothing better
todo then to think the NSA is out to get you. That or you are some 14
yr old dorky kid who gets a rise out of being a jackass.
> >> There are very few open source encryption methods that don't
> >> add information during encryption. If you belive the hype about
> >> Rijndael being safe. Then about the only version of it that does
> >> not add infomation is BICOM by matt Timmermans.
> >
> >Why is BICOM safer than a theoretical CTR mode version of AES?
> >(Theoretical in assuming all the keys are random,etc.. no
> >implementation flaws).
>
> Ok Tom be an ass. I have answered this over and over. But you
> really don't give a shit. So lets start a thread and if you pay
> attension I will show you why BICOM is more secure than some
> crapy implimention of CTR mode with RIJNDEAL. So let start.
> First lets look at what your claiming for the theortical
> implementaion of CTR is. Suppose I used you model (whatever
> the hell that) suppose I have recieved a one byte file.
> How do I decrypt it. I only have the code and the Key
> explain your model since its so hot.
My theoretical model states
1. You don't know the plaintext.
2. You can't guess the key randomly faster than the average brute
force case.
3. You don't have access to the device so you must attack the math
not the machine.
>
> Again if not to difficlut exaplin first how do I decrypt
> this one byte file I have recieved that was encrypted with
> your PROPER implimentation. OR do you wish to just rant on
> and make an ass out of yourself as usual.
Simple. Encrypt a counter and use the eight lsb bits of the
ciphertext to encrypt the message.
Any other brilliant challenges? Do you even know what CTR mode is? I
can encode/decode 3 bit files if I wanted to with CTR. You are not
limited to the block length.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 23 May 2001 12:16:05 GMT
Subject: Re: RSA private key size
If e is 3 you will know EXACTLY the size as you know the exactly the high order
half of the VALUE of d.
Don Johnson
------------------------------
From: Ian Stirling <[EMAIL PROTECTED]>
Subject: Small (not fast) RIPEMD-160
Date: Wed, 23 May 2001 12:22:16 GMT
Anyone know of any small C or perl implementation of this?
I'm looking for something under the 5-10K (compiled) of ones I've found.
Under 2K would be ideal.
For computing a password hash, so another cipher isn't an option.
--
http://inquisitor.i.am/ | mailto:[EMAIL PROTECTED] | Ian Stirling.
===========================+=========================+==========================
"Melchett : Unhappily Blackadder, the Lord High Executioner is dead
Blackadder : Oh woe! Murdered of course.
Melchett : No, oddly enough no. They usually are but this one just got
careless one night and signed his name on the wrong dotted line.
They came for him while he slept." - Blackadder II
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: free/open source cryptography vs closed source FAQ
Date: 23 May 2001 12:26:28 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<[EMAIL PROTECTED]>:
>My theoretical model states
>
>1. You don't know the plaintext.
>2. You can't guess the key randomly faster than the average brute
>force case.
>3. You don't have access to the device so you must attack the math
>not the machine.
>
>>
>> Again if not to difficlut exaplin first how do I decrypt
>> this one byte file I have recieved that was encrypted with
>> your PROPER implimentation. OR do you wish to just rant on
>> and make an ass out of yourself as usual.
>
>Simple. Encrypt a counter and use the eight lsb bits of the
>ciphertext to encrypt the message.
>
>Any other brilliant challenges? Do you even know what CTR mode is? I
>can encode/decode 3 bit files if I wanted to with CTR. You are not
>limited to the block length.
>
Comparing this straighy with BICOM. For a one byte output you
have at most 1 of 256 possible input files.
For one bit output file from BICOM I have seen over 300 different
possible input messages so that alone shows more security. But I
doubt you can grasp such simple truths,
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm
Date: 23 May 2001 12:38:37 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<[EMAIL PROTECTED]>:
>[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote in message
>news:<[EMAIL PROTECTED]>...
>> [EMAIL PROTECTED] (Joseph Ashwood) wrote in
>> <OXFxVM$1AHA.190@cpmsnbbsa07>:
>>
>> >
>> >"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
>> >news:[EMAIL PROTECTED]...
>> >> Actually when it comes to crypto [in the United States] the NSA
>> >> has the
>> >final word.
>> >
>> >That is to some degree correct. They are in a position to exert undue
>> >force on the decision. However the simple fact that the selection of
>> >Rijndael was well-founded in the original goals of the AES selection
>> >process, and that all the finalists were asked barring their own
>> >submission which should win, they all (except the Rijndael team of
>> >course) agreed that Rijndael was the preferred choice. So while the
>> >NSA may have had the final word, that word coincided with the
>> >publicly ascertained desires of the contestants themselves, some of
>> >the finest cryptanalysts in the world.
>>
>> Give me a break. Why don't you pat them on the back again. I
>> suspect the finest cryptananlysts are really in the NSA. The public
>> guys are only recognized because of the closed mutual admiration
>> society that they formed and want every one else to kiss there
>> asses. David Wagner for example couldn't even figure out how scott19u
>> works. And claimed his slide attack made mince meat of it. He was
>> wrong. Is he one in this class of finest cryptanalysts in
>> your view of the world he admitted he really never fully looked
>> at it. He can't even understand combilible source code.
>
>Give Wagner a break. He has contributed quite a bit to the field of
>cryptanalysis. It's funny you mock "how little public cryptanalysis"
>can do but fail to acknowledge any of their achievements.
>
>I don't blame Wagner for not knowing how your stuff works. Just
>because it compiles doesn't make it simple or easy to follow. Imagine
>if the Twofish team published Twofish with zero descriptions and just
>a set of tables and wierd looking functions. I bet they wouldn't have
>even made it into AES let alone be one of the finalists.
>
>And just because his attack didn't work on your cipher doesn't mean
>he's an idiot. The boomerang attack doesn't apply to full Serpent for
>example, does that make Wagner stupid? No, it just means Serpent was
>designed to avoid that attack.
>
>And it's not only "crypto gods" that admire these people. It's only
>you who is the outsider. Everyone is invited into the world of modern
>cryptanalysis, you'd rather just sit and wave.
>
>
>> And you belive that Coppersmith has knowledge that MARS was
>> designed againest all forms of attack even those that the government
>> says are classied. If he said that and it was true and he had
>> knowledge of it being true. He would be dead by now. They do kill
>> people when the need arises. Oh it might be cancer or a car accident
>> but they do have secrets that they consider worth killing for.
>> I suspect SKIPJACK was designed weak. Don't forget it was for
>> the clipper chip to be used by all. It would be foolish to allow
>> a secure cipher for it. Just like vanilla RIJNDEAL has to be weak
>> the NSA would be foolish to allow a strong cipher for common people
>> to use.
>
>On what are you basing these claims? You wonder why you don't get any
>good feedback Scottu_zip guy? ...
>
>> You miss the point. BICOM is not and will not be recognized by
>> the crypto gods as an implimation of Rijndeal for various reasons.
>> One the people in charge don't seem to understand bijectiveity and
>> have even emailed me saying Matt could not do that. Second only
>> nobijective or weak counter mode types of chaining will be allowed.
>> Yes tell me counter mode will be great. I don't belive it.
>> If the AES thing is for real they should at least have a few
>> slow secure chaining modes for those paranoid about file encryption.
>> They don't out of fear that many may use more secure modes in email.
>
>This is totally off mark. If I use AES in CTR mode I don't need a
>chaning mode and it's faster then BICOM.
>
>I bet you 1000$ if you publish serious analysis of Bicom and why it's
>better than say CTR mode for encrypting messages you will get the fame
>and glory you so desire.
>
>> Let me state in a way you can understand. The NSA wants only
>> people to use RIJNDEAL in weak ways. They may provide a
>> list of programs that use RIJNDEAL in blessed ways. Matt has
>> used RIJNDEAL but it wont be blessed since its not as weakly
>> implimented as the NSA likes. He doesn't use nonbijective compression
>> like PGP. He doesn't use padding thats nonbijective. It will
>> encrypt any file. And any file can be uniquely decyrpted using
>> any key. This is not the kind of implimentaion the NSA wants
>> people to even know about. They don't even want people to
>> know about the concept. Since it allows for strong encryption
>> if uses in serial with another bijective encryption system.
>> It does add in the information helpful for breaking as other
>> methods do.
>
>That's a fine paragraph. You lack proof for both assumptions.
>
>1) BICOM is secure
>2) BICOM is better than anything currently out.
>
>I have listed alot of features of CTR mode over BICOM (again for
>clarity sake)
>
>1. CTR is seekable. Useful for encrypted media such as hard disks.
>2. CTR has random access. (similar to #1) It can skip over missing
>packets and damaged blocks etc. You will still lose the data but not
>the entire message.
>3. CTR is efficient in time and size since only the ciphers
>encryption has to be implemented and used.
>4. CTR is provably as secure as the underlying block cipher (assuming
>the keys are all random).
>5. CTR is a simple mode to implement and doesn't require alot of
>implementation woes.
>6. CTR is ideal for low end processors where precomputation can occur
>to lower latency.
>
>Yes, Bicom provides other things such as "bijectiveness" (which is the
>entirely wrong word when talking about a block cipher). But BICOM
>does not provide any of the 6 above points. And if you had ever
>stopped to think Encryption is not the be-all-and-end-all of the
>world. If you can't get your message from A to B then what's the
>point. Further more problems with BICOM
>
>1. No proof of security.
Its RIJNDAEL implemented correctly so a secure as the
basic block encryption of RIJNDAEL
>2. Not provably more secure then CTR mode
ACtually shown even in the one byte output case
CTR mode allows for only 256 possible input messages
while BICOM even an idoit like you can create over 300
possible input messages. But you not bright enough to
understand that not knowing which message it can be
giving an enemy a larger pool to select from is more
secure.
>3. Not seekable
>4. Not random access
>5. Not suitable for low end processors
>6. Not as simple as CTR
>7. etc...
YOur correct your last few features may have specail uses
but they only weaken the security not strengthen it,
>
>BTW Scottu_zipguy, the NSA is not out to get you. I bet they have
>never heard of you except in some jokingly fashion. There are what
>300 million us citizens? Why would the govt care about 1/300million
>of it's population? Randomly that's 2^-28 chance of being picked on.
>
I am not saying they are out to get me. They are out to make sure
idoits like you use weak encryption. They have visited my site
several times. I am sure they have done a better job of looking at
it than any of your buddys. I hope its beyond there reach. I lot
would depend on how many message one sends before a break is posssible,
But I am sure that they don't like seeing good programs like BICOM
not just because it would be hard to break but becasue it can be used
in series with out any overhead. Most methods when used in series
can be peeled off and attacked one layer at a time due to the
overhead each layer adds. BICOM doesn't add any so would be very
good to use in series with any other method.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
