Cryptography-Digest Digest #420, Volume #14 Wed, 23 May 01 21:13:01 EDT
Contents:
Re: Ideas for project ("Jeffrey Walton")
Re: Subset Sum Density >=1 ("Jeffrey Walton")
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: RIP Act and OTP ("Unknown")
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
Re: Small (not fast) RIPEMD-160 (Ian Stirling)
Re: Great Free Encryption Software (Charles Blair)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Ideas for project ("Paul Pires")
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
----------------------------------------------------------------------------
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: Ideas for project
Date: Wed, 23 May 2001 19:23:28 -0400
Sorry Paul... Simon drops out of college.
"Jeffrey Walton" <[EMAIL PROTECTED]> wrote in message
news:3b0c4401$0$[EMAIL PROTECTED]...
: I could be wrong, but because its a thesis it will be published.
Unless
: of course Simon and Paul develop something very cool, Paul drops out
of
: college, and Simon and Paul start a new company based on the ideas :)
:
: AFAIK, an article published in academia can't be patented. That was
the
: reason ElGamal was unpatented. It was someone's thesis (or
: dissertation).
:
: "Paul Rubin" <[EMAIL PROTECTED]> wrote in message
: news:[EMAIL PROTECTED]...
: : [EMAIL PROTECTED] (Simon West) writes:
: : > I am in the final few months of a Master's Degree
: : > conversion course in I.T. I am currently in the initial
: : > investigation stages of my final project
: : > which is in the area of Web Security and data encryption.
: : > So far I have acheived a general understanding of the
: : > basics of symmetric and asymmetric encryption and background
: : > history, legislation, etc but still have to get to grips fully
: : > with the number theory underlyingthe algorithms.
: : > This is acheivable.
: : > What I am seeking are ideas, from those of you more
: : > learned in the subject, as to suitable iteresting applications
: : > which could be developed during a two month project.
: : > I intend to learn Java in the course of the project.
: : > My current programming skills include Ada95,
: : > a little C++, HTML, XML and a little javascript.
: : > Any ideas that I could consider would be very much
: : > appreciated.
: :
: : Are you planning (or willing) to release the results as free
software?
: : If so, I have some ideas I could suggest and would be willing to
offer
: : advice along the way if that was useful. But if not, then I'd be
: : basically working for you for nothing if I got involved, which
doesn't
: : excite me very much.
: :
: : Just wondering.
: :
: : Paul
:
:
------------------------------
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: Subset Sum Density >=1
Date: Wed, 23 May 2001 19:43:45 -0400
I think Aldeman (or Shamir?) broke this scheme, even though the 'hard'
set was modulo n. It seems there's a certain pattern used to determine
the modulo n.
>From there, the SNAP algorithm takes over.
"Al" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
: Are there any algorithms to quicken the solving of the subset sum
problem with density>=1?
: There maybe multiple, single or no solutions to the problem.
:
: Given a set of n or more n bit numbers, and a publicly known sum of a
privately selected subset.
: How large should n be to make computation by the public of the subset
unfeasable?
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 23 May 2001 23:26:35 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<BkXO6.17665$[EMAIL PROTECTED]>:
>Let you in on some fact.
>
>For all I know (no offense dudes) Wagner is some poindexter-nerd that
>has a nasal voice and walks with a hunch. I don't consider him a "god".
> I consider him a respectable scientist and generally all around nice
>poster.
>
>You always seem to reach for extremes. Either they are stupid
>know-nothings or "phony crypto gods". Nobody in your eyes is
>"competent".
Well Tom I don't consider you competent. Your still lying.
I do consider many of those on comp.compression to be competent
but then again compression is easy to measure. You see if the
file gets shorter in length. Encryption is more of a black art
that those who really know don't want you to know.
But even in this group I have respect for many. Such as
Onions Ritter Shaw Timmerman Tyler even Hopwood has my
respect. There are sevral others. You could have my respect
but I don't see you as an honest person. I do think you
could be some day since you are young. Yes I don't consider
Wagner very highly since he is not honest. It may not be
totally his fault. I have been to Berkeley several times
since my daughter went there. Fortunutly she is a chip off
the ol block and got out of there in 3 years. But he will
not tell the truth about things he will make rash statements
about things like he did on SCOTT19U and then slink off.
Thats not to say he does not know something about encryption.
I'm sure there are many areas he knows a great deal. I think
he could tell you if CTR or BICOM is more likely to be secure.
But I don't see him as honest enough to do that. Maybe he
is frustrated he could not get a job in the NSA since they take
the best. Hell maybe he is in the NSA and is helping them to
mislead people I really don't know.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Unknown" <[EMAIL PROTECTED]>
Subject: Re: RIP Act and OTP
Reply-To: [EMAIL PROTECTED]
Date: Thu, 24 May 2001 00:41:41 +0100
In article <[EMAIL PROTECTED]>, "Tony T. Warnock"
<[EMAIL PROTECTED]> wrote:
> I suppose one could take two plaintexts P1 (the bookie accounts?) and P2
> (mildly erotic poetry) and a key K and produce the cypher text
> C=P1.xor.P2.xor.K. Then if confronted by the police give them P1.xor.K
> as the OTP and if confronted by the rector give them P2.xor.K.
I've thought about this, basically my solution was to have two decryption
keys, one private key and one spoof key. The private key decrypts to the
real message (or possibly both messages) whilst the spoof key decrypts to
the fake message
The problem is that if the government use the spoof key to sign a message
(thinking that it is a genuine private key) then the public key will
prove that the signature is invalid. After all you don't want the spooks
to be able to masquarade as you - who knows what they might tell your
friends - pretending to be you.
It would be interesting to see an algorithm for this anyway. It would be
nice if the encrypted message length didn't double as well (two messages
encrypted but the spooks only see one
mark
mark
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Wed, 23 May 2001 23:52:13 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Tom St Denis) wrote in
> <BkXO6.17665$[EMAIL PROTECTED]>:
>
> >Let you in on some fact.
> >
> >For all I know (no offense dudes) Wagner is some poindexter-nerd that
> >has a nasal voice and walks with a hunch. I don't consider him a "god".
> > I consider him a respectable scientist and generally all around nice
> >poster.
> >
> >You always seem to reach for extremes. Either they are stupid
> >know-nothings or "phony crypto gods". Nobody in your eyes is
> >"competent".
>
> Well Tom I don't consider you competent. Your still lying.
And you have poor grammar. Wow pointless meaness is the funnest.
> I do consider many of those on comp.compression to be competent
> but then again compression is easy to measure. You see if the
> file gets shorter in length. Encryption is more of a black art
> that those who really know don't want you to know.
Um, that in itself seals your fate as a serious cryptographer. I can make a
cipher provably resistant to known attacks. That's not hard. It's not much
of a black art. For example, any perfectly pair-wise decorrelated function
is immune to differential and linear cryptanalysis. That's not black art.
> But even in this group I have respect for many. Such as
> Onions Ritter Shaw Timmerman Tyler even Hopwood has my
> respect. There are sevral others. You could have my respect
> but I don't see you as an honest person. I do think you
> could be some day since you are young. Yes I don't consider
> Wagner very highly since he is not honest. It may not be
> totally his fault. I have been to Berkeley several times
> since my daughter went there. Fortunutly she is a chip off
> the ol block and got out of there in 3 years. But he will
> not tell the truth about things he will make rash statements
> about things like he did on SCOTT19U and then slink off.
> Thats not to say he does not know something about encryption.
> I'm sure there are many areas he knows a great deal. I think
> he could tell you if CTR or BICOM is more likely to be secure.
> But I don't see him as honest enough to do that. Maybe he
> is frustrated he could not get a job in the NSA since they take
> the best. Hell maybe he is in the NSA and is helping them to
> mislead people I really don't know.
What does Wagner lie about? He tried to analyze your cipher, you bad
mouthed him and he fled. Seems like he just couldn't be bothered with ya.
Maybe your daughter left Berkeley because she's stupid or can't afford it?
Why must everything you do become the "right thing".
Funny in this post I don't see a proof for the security of BICOM.... maybe I
need to put my contacts back on..
Tom
------------------------------
From: Ian Stirling <[EMAIL PROTECTED]>
Subject: Re: Small (not fast) RIPEMD-160
Date: Thu, 24 May 2001 00:15:23 GMT
Paul Rubin <[EMAIL PROTECTED]> wrote:
>Ian Stirling <[EMAIL PROTECTED]> writes:
>> Basically, the structure is:
>> Cleartext: 0-3500 bytes or so.
>> 0-3000 Password hasher.
>I don't see why this needs to be RIPEMD-160. Is there some standard
>the encrypted FS has to conform to, that specifies RIPEM-160?
Yes. Well, no. Well, it's the tool that is widely used AIUI to setup
loopback devices with encryprion, so if you want to use the same password
before and after install, then it needs to be RIPEMD-160
Otherwise, the block encryption device could be used to decrypt it's own
password, making things simpler.
>> 3000-3500 Optional data to hash with password, for extra security.
>I don't understand why more than 20 bytes or so is needed for that.
On the "more can't hurt" principle, combined with the fact that
secure deletion may be somewhat recoverable, but probably not every byte.
>> Ciphertext:
>> 3500-3502 Hash % 65K of cleartext.
>Hash of cleartext plus the random salt, I hope.
Yes.
Probably something time-consuming like a thousand or more rounds.
>> 3502-4095 Script to run, when mounted. Or text to put on stdout.
>OK.
--
http://inquisitor.i.am/ | mailto:[EMAIL PROTECTED] | Ian Stirling.
===========================+=========================+==========================
If God hadn't intended us to eat animals,
He wouldn't have made them out of MEAT! - John Cleese
------------------------------
Subject: Re: Great Free Encryption Software
From: [EMAIL PROTECTED] (Charles Blair)
Date: Thu, 24 May 2001 00:23:24 GMT
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
>[EMAIL PROTECTED] (Charles Blair) wrote in
><3_WO6.7196$[EMAIL PROTECTED]>:
>> Just in case somebody is not aware of it, gnu privacy
>>guard (www.gpg.org) is a freely available (including
>>source) public key system and related stuff. Version
>>1.0.5 has just been released.
>>
> Its bad enough that they wont fix the errors or allow
>a strong version but the URL you gave does not work.
Very sorry! The URL is www.gnupg.org. My mistake!
I am not part of the gnupg project, and am not competent
to discuss technical problems. They have publically acknowledged
a flaw with something related to verification.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 24 May 2001 00:19:50 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<N2YO6.18269$[EMAIL PROTECTED]>:
>> Well Tom I don't consider you competent. Your still lying.
>
>And you have poor grammar. Wow pointless meaness is the funnest.
Thats an understatement I know my grammer sucks big time.
>
>> I do consider many of those on comp.compression to be competent
>> but then again compression is easy to measure. You see if the
>> file gets shorter in length. Encryption is more of a black art
>> that those who really know don't want you to know.
>
>Um, that in itself seals your fate as a serious cryptographer. I can
>make a cipher provably resistant to known attacks. That's not hard.
>It's not much of a black art. For example, any perfectly pair-wise
>decorrelated function is immune to differential and linear
>cryptanalysis. That's not black art.
You see a few trees TOM but your don't see the forest.
>
>> But even in this group I have respect for many. Such as
>> Onions Ritter Shaw Timmerman Tyler even Hopwood has my
>> respect. There are sevral others. You could have my respect
>> but I don't see you as an honest person. I do think you
>> could be some day since you are young. Yes I don't consider
>> Wagner very highly since he is not honest. It may not be
>> totally his fault. I have been to Berkeley several times
>> since my daughter went there. Fortunutly she is a chip off
>> the ol block and got out of there in 3 years. But he will
>> not tell the truth about things he will make rash statements
>> about things like he did on SCOTT19U and then slink off.
>> Thats not to say he does not know something about encryption.
>> I'm sure there are many areas he knows a great deal. I think
>> he could tell you if CTR or BICOM is more likely to be secure.
>> But I don't see him as honest enough to do that. Maybe he
>> is frustrated he could not get a job in the NSA since they take
>> the best. Hell maybe he is in the NSA and is helping them to
>> mislead people I really don't know.
>
>What does Wagner lie about? He tried to analyze your cipher, you bad
>mouthed him and he fled. Seems like he just couldn't be bothered with
>ya. Maybe your daughter left Berkeley because she's stupid or can't
>afford it? Why must everything you do become the "right thing".
He never tried to analyze scott19u. He stated he looked at it
and that his SLIDE ATTACK made mince meat out of it. When someone
actually tested this and reased questions. He had to admit he never
really looked at it. She graduated jerk. She didn't get hooked on
the drugs that liberals seem to think necessary. I personnal would
make drugs legal so the idiots could all OD on them.
>
>Funny in this post I don't see a proof for the security of BICOM....
>maybe I need to put my contacts back on..
Actaully the proof that it was stronger was in other posts.
But I guess you only open your eyes when you feel like it.
And you never anwsered the FACT that a one byte ouput file
from CTR mode (though you have no working program) would imediately
lead an attacker to realize that the input file could only have
come from 1 of 256 possible messages. With BICOM you have many
many more messages. That alone makes it more secure. Or do
you have the ability to even understand this fact. Both methods
use RIJNDEAL as the underlying model. One just does it in
a better way. As I pointed out above. I would rather confuse the
enemy with many possible messages than just 256 messages.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Ideas for project
Date: Wed, 23 May 2001 17:29:44 -0700
Jeffrey Walton <[EMAIL PROTECTED]> wrote in message
news:3b0c4401$0$[EMAIL PROTECTED]...
> I could be wrong, but because its a thesis it will be published. Unless
> of course Simon and Paul develop something very cool, Paul drops out of
> college, and Simon and Paul start a new company based on the ideas :)
>
> AFAIK, an article published in academia can't be patented. That was the
> reason ElGamal was unpatented. It was someone's thesis (or
> dissertation).
>
Minor nit. Publication 1 year before application = No US patent.
Patent application before publishing is OK regardless of the mode
or publishing organization. So, Paul Ruben's request for a
statement regarding intentions is a wise and reasonable thing to do.
Paul
> "Paul Rubin" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> : [EMAIL PROTECTED] (Simon West) writes:
> : > I am in the final few months of a Master's Degree
> : > conversion course in I.T. I am currently in the initial
> : > investigation stages of my final project
> : > which is in the area of Web Security and data encryption.
> : > So far I have acheived a general understanding of the
> : > basics of symmetric and asymmetric encryption and background
> : > history, legislation, etc but still have to get to grips fully
> : > with the number theory underlyingthe algorithms.
> : > This is acheivable.
> : > What I am seeking are ideas, from those of you more
> : > learned in the subject, as to suitable iteresting applications
> : > which could be developed during a two month project.
> : > I intend to learn Java in the course of the project.
> : > My current programming skills include Ada95,
> : > a little C++, HTML, XML and a little javascript.
> : > Any ideas that I could consider would be very much
> : > appreciated.
> :
> : Are you planning (or willing) to release the results as free software?
> : If so, I have some ideas I could suggest and would be willing to offer
> : advice along the way if that was useful. But if not, then I'd be
> : basically working for you for nothing if I got involved, which doesn't
> : excite me very much.
> :
> : Just wondering.
> :
> : Paul
>
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 24 May 2001 00:36:20 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Tom St Denis) wrote in
> <N2YO6.18269$[EMAIL PROTECTED]>:
>
>
> >> Well Tom I don't consider you competent. Your still lying.
> >
> >And you have poor grammar. Wow pointless meaness is the funnest.
>
> Thats an understatement I know my grammer sucks big time.
>
> >
> >> I do consider many of those on comp.compression to be competent
> >> but then again compression is easy to measure. You see if the
> >> file gets shorter in length. Encryption is more of a black art
> >> that those who really know don't want you to know.
> >
> >Um, that in itself seals your fate as a serious cryptographer. I can
> >make a cipher provably resistant to known attacks. That's not hard.
> >It's not much of a black art. For example, any perfectly pair-wise
> >decorrelated function is immune to differential and linear
> >cryptanalysis. That's not black art.
>
> You see a few trees TOM but your don't see the forest.
Um, like whatever. Crypto is not a blackart. It's science + luck. The
luck is based on using Science. Look at twofish for example. It was
designed with about 10 diff attacks in mind. As a result alot of new
attacks don't seem to apply. You can view that as lucky or as good use of
applied science.
> >> But even in this group I have respect for many. Such as
> >> Onions Ritter Shaw Timmerman Tyler even Hopwood has my
> >> respect. There are sevral others. You could have my respect
> >> but I don't see you as an honest person. I do think you
> >> could be some day since you are young. Yes I don't consider
> >> Wagner very highly since he is not honest. It may not be
> >> totally his fault. I have been to Berkeley several times
> >> since my daughter went there. Fortunutly she is a chip off
> >> the ol block and got out of there in 3 years. But he will
> >> not tell the truth about things he will make rash statements
> >> about things like he did on SCOTT19U and then slink off.
> >> Thats not to say he does not know something about encryption.
> >> I'm sure there are many areas he knows a great deal. I think
> >> he could tell you if CTR or BICOM is more likely to be secure.
> >> But I don't see him as honest enough to do that. Maybe he
> >> is frustrated he could not get a job in the NSA since they take
> >> the best. Hell maybe he is in the NSA and is helping them to
> >> mislead people I really don't know.
> >
> >What does Wagner lie about? He tried to analyze your cipher, you bad
> >mouthed him and he fled. Seems like he just couldn't be bothered with
> >ya. Maybe your daughter left Berkeley because she's stupid or can't
> >afford it? Why must everything you do become the "right thing".
>
> He never tried to analyze scott19u. He stated he looked at it
> and that his SLIDE ATTACK made mince meat out of it. When someone
> actually tested this and reased questions. He had to admit he never
> really looked at it. She graduated jerk. She didn't get hooked on
> the drugs that liberals seem to think necessary. I personnal would
> make drugs legal so the idiots could all OD on them.
So what. Scott Fluhrer said a SAC bias would break TC15, turned out his
biases were wrong. I didn't flame him as a result.
> >Funny in this post I don't see a proof for the security of BICOM....
> >maybe I need to put my contacts back on..
>
> Actaully the proof that it was stronger was in other posts.
Which ones. Please send the url of the post (you can use deja.com to look
it up).
> But I guess you only open your eyes when you feel like it.
I, like others, must have missed it. Please point us to it.
> And you never anwsered the FACT that a one byte ouput file
> from CTR mode (though you have no working program) would imediately
> lead an attacker to realize that the input file could only have
> come from 1 of 256 possible messages. With BICOM you have many
> many more messages. That alone makes it more secure. Or do
> you have the ability to even understand this fact. Both methods
> use RIJNDEAL as the underlying model. One just does it in
> a better way. As I pointed out above. I would rather confuse the
> enemy with many possible messages than just 256 messages.
>
That's entire BS. If the plaintext is uniformly distributed then CTR doesn't
reveal any information since short of breaking the cipher it has the same
security as a OTP (Note I didn't say its like an OTP since you can brute
force the key to solve the problem).
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
