Cryptography-Digest Digest #429, Volume #14 Fri, 25 May 01 06:13:00 EDT
Contents:
Re: survey (Roger Fleming)
Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a fool ?
("BenZen")
Re: survey (Pascal Junod)
Re: RSA's new Factoring Challenges: $200,000 prize. (my be repeat) ("The Scarlet
Manuka")
Re: OAP-L3: "The absurd weakness." (Anthony Stephen Szopa)
Re: Ideas for project ("Jeffrey Walton")
how to generate random output in rdemo_c.c? ("Hilda")
Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am (Mok-Kong
Shen)
Re: survey (Tom St Denis)
Re: rs232 data encryption (Tom St Denis)
Re: Evidence Eliminator Detractors Working Hard But No Result? (Mok-Kong Shen)
Re: Protocol for authentication and key agreement... (Mark Wooding)
Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a fool ?
(M. S. Bob)
Re: Quicky math question (Mark Wooding)
Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a fool ?
(Sergei Lewis)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Roger Fleming)
Subject: Re: survey
Date: Fri, 25 May 2001 05:38:02 GMT
Tom St Denis wrote:
> Well my design is simple and faster than most other known block
> ciphers. Does that count?
"Douglas A. Gwyn" <[EMAIL PROTECTED]> replied
> No.
> void encrypt(const char *key, char *data) { } // very fast and simple
[..several increasingly heated exchanges deleted...]
Tom St Denis wrote:
>Fine be a jackarse.
>You're not proving anything other than you have an insane ability to argue
>irrelevent semantics.
[...]
There was nothing insulting about what Douglas wrote, he just said it in a
humorous way.
He could have said "speed and simplicity are nice but they are merely
desireable, while a number of other properties are essential". Instead of
making such a boring reply, he made a little joke about it. And when you
questioned his response, he just calmly clarified his meaning, while YOU
resorted to offensive personal remarks.
You must have a remarkably oversensitive temper to find anything Douglas wrote
insulting, and it won't win you many friends until you learn to curb it.
------------------------------
From: "BenZen" <[EMAIL PROTECTED]>
Subject: Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a
fool ?
Date: Fri, 25 May 2001 02:50:40 -0400
Paul Pires wrote in message ...
>
>BenZen <[EMAIL PROTECTED]> wrote in message
>news:BakP6.532$[EMAIL PROTECTED]...
><snip>
>> I would very-much like to understand if there is a standard procedure to
>> determine if a 'pseudorandom' sequence is non-periodic for a 'sufficiently
>> great period.. Does this involve BruteForce testing for weeks ?
>
>I smell a true believer.
>
LOL.
>HeHeHe...By me Bubba. I'm just a hack You just blew off one of the
>guys in the room who could tell you though. I don't think you got a grip
>on the scope here. Brute force testing of what? The algorithm? To do that
>you'd have to test a significant portion of the keys..for a long time OR find
>a supportable analytical argument that the structure proposed is somehow
>constrained not to repeat within a huge number of bits....for any key...for
>any text.
>
Sorry for the 'guy' who could not handle it.
Maybe you did not understand the question.. I was just asking if there was
a standard procedure or what ?..
Looks like it's more likely to be an analytical demonstration, if possible.
Otherwise, do like you do, and hope the algorithm won't be cracked too soon.
And you guys are used to laugh in the dark like that. ;P
>The universe will die long before you do the former and I will die long before
>I learn how to answer the latter :-)
>
Yeah Yeah... Have fun.
I was thinking about some sort of equivalent 'Monte Carlo test'... I don't know,
hence the question.
Of course I don't expect to run a pseudorandom generator forever to test the
infinite sequence... ROTFL
I think the guy laughing, just had a very long day at work, and maybe the
cheeseburger was a bit toxic... Sue McDonalds. ;)
(..)
>> I have a formidable idea about how 'Keys' could be 'picked' from a set.
>> And how my ideas are based on these intuitions.
>> Let me explain in my simple terms.. Newbies shall find it very refreshing as well.
>Wooosh......(That was the sound of your description flyin right over my head.)
>
Yes I heard it too... I think it went directly into the fan.
Too bad
You'll have to wait for the real thing to arrive.
>I wish you well.
>
No worries,
Thanks for your time pal;
Just tell Bubba, next time I'll use Bruteforce testing on him,
until the universe dies as well. ;P
"Experience is what you get when you don't get what you want."
Now it looks like I will have to find the essential on my own.
I already got a good start from here:
http://www.infosyssec.org/infosyssec/cry1.htm
http://www.infosyssec.org/infosyssec/cry2.htm
I shall return to post my results in a couple of weeks.
I intend this algorithm to be L-GPL or similar.
Regards,
Ben
"A conclusion is simply the place where you got tired of thinking."
'Anything can happen. And one way or another it always does.' -Leviathan, by Paul
Auster
Silence is the only virtue I have left.
------------------------------
Date: Fri, 25 May 2001 08:58:16 +0200
From: Pascal Junod <[EMAIL PROTECTED]>
Subject: Re: survey
On 23 May 2001, Tom St Denis wrote:
> Is that suppose to be a kind way of saying "I don't have time".
Yes, it was.
> No offense group but it seems you guys have alot to learn about "Tact"
> yourselves. (Well not all, some people are very kind like Fluhrer,
> Rubin, etc...).
That's possible. It wasn't my goal to hurt you, Tom. The smiley was only
there to suggest you not to read the sentence with the "retirement" word
too seriously... Anyway, perhaps humor should be banned in sci.crypt, as I
see it's not always understood !
A+
Pascal
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Pascal Junod, [EMAIL PROTECTED] *
* Security and Cryptography Laboratory (LASEC) *
* INF 240, EPFL, CH-1015 Lausanne, Switzerland ++41 (0)21 693 76 17 *
* Place de la Gare 12, CH-1020 Renens ++41 (0)79 617 28 57 *
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------
From: "The Scarlet Manuka" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: RSA's new Factoring Challenges: $200,000 prize. (my be repeat)
Date: Fri, 25 May 2001 14:56:46 +0800
"Michael Brown" <[EMAIL PROTECTED]> wrote in message
news:vVlP6.3471$[EMAIL PROTECTED]...
> Sorry if this is a duplicate. The first one seems to have got itself
killed as
> the modem disconnected it around the time I sent it (it's on another
computer,
> so I'm not exactly sure).
> Anyhow, here it is (with a few modifications):
>
>
> First, go read my page at http://odin.prohosting.com/~dakkor/rsa
Something I don't understand about this system: You introduce arbitrary
choices as to which number gets the 1 bit when you know the numbers
differ at a certain bit position. Now this is fine the first time, if
all the preceding bits have been identical; but what do you do if you
need to make several such choices to complete the tree? Once you have
made the first choice the others will be fixed, but you have no way of
knowing which is which.
--
The Scarlet Manuka
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker,talk.politics.crypto
Subject: Re: OAP-L3: "The absurd weakness."
Date: Fri, 25 May 2001 00:58:22 -0700
James Felling wrote:
>
> > <sniping my posting>
>
> >
> > You a
>
><SNIP>
>>ts but I guess we get
> > what we pay for when we read one of your posts.
>
> I feel the same about your postings sir.
"I am claiming that your method is suboptimal"
"the riffle shuffle will tend to fill the space more quickly"
"It cannot reverse the order of the 105 items no matter how many
times it is itterated."
"islands of stablity that are simple to code and fix makes me wonder
how much time you actually put into your design of this program."
"why should I accept a compromise"
"maybe fixing it inpalce would be good"
It all comes down to this: imagine a brand spanking new 767
coming off the Boeing assembly line. Nice plane. But you say,
"Look at that wing. It will never fly." I agree that the wing
alone will probably never fly. But the plane as a whole system
is exceptional.
If you take OAP-L3 as a whole and use it according to its
recommendations, every single point you have made is of no
consequence, none at all, none whatsoever, as far as security is
concerned.
In the end, when the OTPs are finally generated, every single "flaw"
you have claimed is washed out AND without a trace.
I am confident you would agree.
If you have two encryption software methods I suggest you consider a
corollary of Occum's Razor: choose the one that is simplest and
easiest to understand in its entirety over the one you cannot
comprehend with certainty to the fullest.
I want you to know that I don't think you have wasted your time
addressing the "flawed" steps along the path on the excellent
journey to "Original Absolute Privacy" encryption.
------------------------------
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: Ideas for project
Date: Fri, 25 May 2001 04:14:12 -0400
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
Thanks Paul. I was not aware (and stand corrected again!).
"Paul Pires" <[EMAIL PROTECTED]> wrote in message
news:yOYO6.15942$[EMAIL PROTECTED]...
|
| Jeffrey Walton <[EMAIL PROTECTED]> wrote in message
news:3b0c4401$0$[EMAIL PROTECTED]...
| > I could be wrong, but because its a thesis it will be
published. Unless
| > of course Simon and Paul develop something very cool,
Paul drops out of
| > college, and Simon and Paul start a new company based on
the ideas :)
| >
| > AFAIK, an article published in academia can't be
patented. That was the
| > reason ElGamal was unpatented. It was someone's thesis
(or
| > dissertation).
| >
| Minor nit. Publication 1 year before application = No US
patent.
| Patent application before publishing is OK regardless of
the mode
| or publishing organization. So, Paul Ruben's request for a
| statement regarding intentions is a wise and reasonable
thing to do.
|
| Paul
|
| > "Paul Rubin" <[EMAIL PROTECTED]> wrote in message
| > news:[EMAIL PROTECTED]...
| > : [EMAIL PROTECTED] (Simon West) writes:
| > : > I am in the final few months of a Master's Degree
| > : > conversion course in I.T. I am currently in the
initial
| > : > investigation stages of my final project
| > : > which is in the area of Web Security and data
encryption.
| > : > So far I have acheived a general understanding of
the
| > : > basics of symmetric and asymmetric encryption and
background
| > : > history, legislation, etc but still have to get to
grips fully
| > : > with the number theory underlyingthe algorithms.
| > : > This is acheivable.
| > : > What I am seeking are ideas, from those of you more
| > : > learned in the subject, as to suitable iteresting
applications
| > : > which could be developed during a two month project.
| > : > I intend to learn Java in the course of the project.
| > : > My current programming skills include Ada95,
| > : > a little C++, HTML, XML and a little javascript.
| > : > Any ideas that I could consider would be very much
| > : > appreciated.
| > :
| > : Are you planning (or willing) to release the results
as free software?
| > : If so, I have some ideas I could suggest and would be
willing to offer
| > : advice along the way if that was useful. But if not,
then I'd be
| > : basically working for you for nothing if I got
involved, which doesn't
| > : excite me very much.
| > :
| > : Just wondering.
| > :
| > : Paul
| >
| >
|
|
|
------------------------------
From: "Hilda" <[EMAIL PROTECTED]>
Subject: how to generate random output in rdemo_c.c?
Date: Fri, 25 May 2001 20:47:53 +1200
hi,
in RSA test script, rdemo_c.c, it states:
/* Initialize the random structure with all zero seed bytes for test
purposes.
NOTE that this will cause the output of the "random" process to be
the same every time. To produce random bytes, the random struct
needs random seeds!
*/
static void InitRandomStruct (randomStruct)
R_RANDOM_STRUCT *randomStruct;
{
static unsigned char seedByte = 0;
unsigned int bytesNeeded;
R_RandomInit (randomStruct);
/* Initialize with all zero seed bytes, which will not yield an actual
random number output.
*/
while (1) {
R_GetRandomBytesNeeded (&bytesNeeded, randomStruct);
if (bytesNeeded == 0)
break;
R_RandomUpdate (randomStruct, &seedByte, 1);
}
}
how do i chance this output to be random every time?
do i just change the seedByte to a random number by calling the 'rand'
function each time & somehow create a new random value for seedByte?
or is there any way to do this?
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am
Date: Fri, 25 May 2001 11:18:06 +0200
BenZen wrote:
>
[snip]
> http://www.infosyssec.org/infosyssec/cry1.htm
> http://www.infosyssec.org/infosyssec/cry2.htm
Thanks for the very comprehensive source of links.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Tom St Denis)
Subject: Re: survey
Date: 25 May 2001 02:30:46 -0700
Pascal Junod <[EMAIL PROTECTED]> wrote in message
news:<[EMAIL PROTECTED]>...
> On 23 May 2001, Tom St Denis wrote:
>
> > Is that suppose to be a kind way of saying "I don't have time".
>
> Yes, it was.
>
> > No offense group but it seems you guys have alot to learn about "Tact"
> > yourselves. (Well not all, some people are very kind like Fluhrer,
> > Rubin, etc...).
>
> That's possible. It wasn't my goal to hurt you, Tom. The smiley was only
> there to suggest you not to read the sentence with the "retirement" word
> too seriously... Anyway, perhaps humor should be banned in sci.crypt, as I
> see it's not always understood !
Yes, part of "tact" is learning when something is appropriate and not.
When I am asking a serious question I don't think that's appropriate.
Tom
>
> A+
>
> Pascal
------------------------------
From: [EMAIL PROTECTED] (Tom St Denis)
Subject: Re: rs232 data encryption
Date: 25 May 2001 02:34:37 -0700
"Scott Fluhrer" <[EMAIL PROTECTED]> wrote in message
news:<9ekhm2$egh$[EMAIL PROTECTED]>...
> CTR mode doesn't automatically resync after add/drop errors (and with a
> noisy RS-232 line, they happen). You could add explicit resyncing, but a)
> that chews up bandwidth, b) that adds extra logic, and c) you also have to
> worry about "what happens if the resync pattern just happens to occur in the
> ciphertext"
CTR mode will skip errors though. Let's say you are sending three bytes
and the 2nd one gets noisy.... you will get 1X3.... Similar to CFB mode.
Also CTR mode is not extra logic. You only need AESs encrypt routine, you
actually encrypt the data via XOR.
> There was a paper at FSE2001 by Alkassar et al about a CFB variant that
> retained the resyncing property, but drastically reduced the expected number
> of encryptions. However, I thought that the OP would prefer an
> "off-the-shelf" solution, and in any case, 4000 block encryptions per second
> is not pushing the state of the art, even with a moderately old
> microprocessor. Of course, if it's an 8051, it probably isn't particularly
> doable...
>
> >
> > Again I feel CTR mode will win over CBC and CFB. Specially in this case
> > since the low end cpu can do a single encryption per 16 bytes and still
> gets
> > the benefits of sending partial blocks and avoiding errors from killing
> the
> > entire stream.
> CFB can handle partial blocks as well, and again, cannot resync from
> add/drop errors.
Well if you drop bytes CTR will lose. But for the most part CTR is faster.
All you need need todo is check the sync every so often.
Tom
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,alt.security.pgp
Subject: Re: Evidence Eliminator Detractors Working Hard But No Result?
Date: Fri, 25 May 2001 11:31:17 +0200
Eric Lee Green wrote:
>
[snip]
> Robin Hood Software's http://www.evidence-eliminator.com site is now
> hosted by UUNET-UK.
Sorry for not having followed past postings. Is this
something analogous to SafeWeb? (See
http://www.pcworld.com/reviews/article/0,aid,46303,00.asp)
If yes, any comparisons? Thanks.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Protocol for authentication and key agreement...
Date: 25 May 2001 09:53:48 GMT
David Wagner <[EMAIL PROTECTED]> wrote:
> Simon Johnson wrote:
> >This is a protocol [..]
>
> Why? Why not simply use TLS, say?
Because TLS is very large and complicated. I don't particularly want to
either (a) write a TLS implementation or (b) trust someone else's. I
might end up having to do (a) just to avoid (b) in the long run, but I'd
like to put off all of the tedious and complicated messing about with
X.509 certificates for as long as possible. Whoever decided that
anything as complicated as ASN.1 parsing would be a good idea in a bunch
of crypto standards must have been completely mad.
TLS also has a habit of using RSA for key exchange, so old sessions are
compromised if the server's key is leaked (for example because the
Cryptoplod[1] have seized it). Even if you can persuade it to use
ephemeral Diffie-Hellman, it still leaves signatures lying around so the
Cryptoplod can prove that you engaged in a key-exchange with someone.
[1] The secret police. ;-)
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (M. S. Bob)
Subject: Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a
fool ?
Date: 25 May 2001 02:59:38 -0700
"BenZen" <[EMAIL PROTECTED]> wrote in message
news:<zBhP6.514$[EMAIL PROTECTED]>...
> I'm a senior engineer with a lots of time on my hands now.
> I was recently coding a small program to Encrypt binary files
> in a simple way.
>
> Then I decided it would be fun to use a 'Fractal' sequence
> instead of a simple binary pattern induced by the password.
>
> I searched the web and was astonished not to read much on
> this subject; Other than StarTrek Borg adventures, common nonsense.
>
> I have a couple of ideas... What are my chances ?.
Let me repeat two key sentences in Paul Rubin's previous post.
Paul Rubin wrote in message <[EMAIL PROTECTED]>...
> Fractals are cool because they give rise to pictures with
> interesting-looking structure. But cryptographic output
> should have NO apparent structure.
I cannot see how this structure would not be the downfall of any such
fractal based scheme.
If your goal is simply to write a good encryption program, I would
recommend you check out Applied Cryptography by Bruce Schneier and
Security Engineering by Ross Anderson. The suggest of using
AES/Rijndael <http://www.nist.gov/aes/> is very sensible.
If you want to take this idea of creating your own scheme further, I
would recommend you learn some basics and some history. The
Codebreakers by David Kahn, which includes almost an underlying theme
of the repeated fall of "unbreakable" cipher schemes in the
real-world. The sci.crypt FAQ
<http://www.faqs.org/faqs/by-newsgroup/sci/sci.crypt.html>, the RSA
Security FAQ <http://www.rsasecurity.com/rsalabs/faq/> are good
starting points for learning the basic "game play" and standard
language of modern cryptology.
Sidenote:
Proof that Pi is irrational
<http://www.seanet.com/~ksbrown/kmath313.htm>
Pi is transcendental
<http://www.math.niu.edu/~rusin/known-math/95/transcend>
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Quicky math question
Date: 25 May 2001 10:00:24 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> Ok this may sound very silly... but what does | mean in set notation. Last
> I heard it meant "such that".
>
> I am reading Koblitz's "A course in number theory" (yes I skipped ahead...
> oops) on page161 he writes
>
> S = {t^2 - N | \sqrt n + 1 \le t \le \sqrt n + A }
>
> What does the | mean here?
>
> Or does it mean the set containing t^2 - N "for all" t in the range
> specified (greater than sqrt n and less than sqrt N plus A).
The thing on the right describes conditions on some variables. The thing
on the left is an expression in terms of those variables. The resulting
set is the value of the expression for each possible value of the
various variables. So, S is the set of things of the form t^2 - N where
t is in the given range.
(This looks like the candidate set for a quadratic sieve. Mine's still
lying about waiting for me to finish the linear algebra stuff...)
-- [mdw]
------------------------------
From: Sergei Lewis <[EMAIL PROTECTED]>
Subject: Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a
fool ?
Date: Fri, 25 May 2001 10:58:35 +0100
In article <BakP6.532$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> I guess you are right. I'm hoping for the 'longest' non-periodic
> sequence. On the // line of thought; Isn't the 'PI' numerical exact
> value non-periodical; hence an infinite number of decimals ?...
> Then why could not be a specific fractal algorithm proven to
> generate 'irrationnal'-like sequence ?
>
> How do we prove PI decimals are non periodic Paul ?
..if you say all that, then why don't you just use the bits of Pi? The
key could be an offset into Pi. An algorithm exists to calculate digits
of Pi independently of each other (a simple Google search reveals pages
such as section 4 of http://www.cecm.sfu.ca/pi/piquest/ ). If you start
calculating at a bit position given by the product of the key and the
maximum length of a message in bits, the bitstreams used for different
keys are guaranteed different, so the message is as secure as the length
of the key; without all those nasty problems checking whether your key
results in a periodic sequence or not..
http://www.seanet.com/~ksbrown/kmath410.htm
hmp.. interesting
--
Sergei Lewis
http://members.tripod.co.uk/Folken
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
