Cryptography-Digest Digest #440, Volume #14 Fri, 25 May 01 17:13:00 EDT
Contents:
Re: Best, Strongest Algorithm ("Joseph Ashwood")
Re: Evidence Eliminator Detractors Working Hard But No Result? (P.Dulles)
Re: Evidence Eliminator works great. Beware anybody who claims it doesn't work
(propaganda) (Dave Howe)
Re: Good crypto or just good enough? (Paul Rubin)
Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a fool ?
("Joseph Ashwood")
Re: Evidence Eliminator Detractors Working Hard But No Result? ("Joseph Ashwood")
Re: Good crypto or just good enough? ("Joseph Ashwood")
Re: Is Rijandael = AES ? (John Savard)
Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a fool ?
(John Savard)
Re: Good crypto or just good enough? (John Savard)
Re: Good crypto or just good enough? (John Savard)
Re: Good crypto or just good enough? (Tom St Denis)
Re: Is Rijandael = AES ? (SCOTT19U.ZIP_GUY)
Input Appreciated (Frog20000)
Re: acceptance of encryption, market research (Steve Meyer)
Re: Good crypto or just good enough? (SCOTT19U.ZIP_GUY)
Re: Break on Schneiers first proposed "self-study cipher" (SCOTT19U.ZIP_GUY)
Re: Good crypto or just good enough? (SCOTT19U.ZIP_GUY)
Re: Break on Schneiers first proposed "self-study cipher" (Tom St Denis)
----------------------------------------------------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm
Date: Fri, 25 May 2001 11:27:21 -0700
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
[snip two proposed modes of operation]
> Both depend on a proof of security for Rijndael - which doesn't exist.
Actually that's not true, you can prove a reduction without proving
difficulty. NP-complete is an example of a rather large, well known set that
has this property. It may be possible to build a proof of security that
reduces from Rijndal in mode to pure Rijndael +- some negligible factor. In
the case of counter mode there's a proof reducing it to the block cipher +
epsilon. I am unsure whether or not a similar result is possible for BICOM,
but the result for most reasonable chaining modes will be comparable.
Joe
------------------------------
From: P.Dulles <*@*.com>
Crossposted-To: alt.privacy,alt.security.pgp
Subject: Re: Evidence Eliminator Detractors Working Hard But No Result?
Date: Fri, 25 May 2001 15:23:49 -0400
Reply-To: *@*.com
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
>:
>:
>: Eric Lee Green wrote:
>: >
>: Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>: > >Sorry for not having followed past postings. Is this
>: > >something analogous to SafeWeb? (See
>: >
>: > Sorry, have no info about SafeWeb. Do have info about EE (see
>: > http://badtux.org/eric/editorial/scumbags.html ). Basically, what we
>: > have here is some virulent spammer spawn. I personally do not buy
>: > anything from spammers, because if they're ethically challenged enough
>: > to spam, they're probably ethically challenged enough to sell you
>: > worthless overpriced junk too.
>:
>: What I don't understand, when glancing at the web page
>: www.evidence-eliminator.com, is the sentence:
>:
>: your PC is keeping frightening records of both your
>: online and off-line activity.
>:
>: I know too little about current OSs. Could you tell where
>: these records are kept under Window98? I guess that the
>: product is to delete these automatically. (The issue
>: of stealth of your intellectual property, which is
>: claimed on your web page, is an legal or ethical one
>: that I am personally not interested in.) But how does
>: that have a connection with 'spams' which are incoming
>: mails that is independent of one's own 'online and
>: offline activity'? BTW, I barely know anything substantial
>: about SafeWeb either. But I think that basically it allows
>: one to channel one's web page access requests through a
>: specific site and that site removes the origin site
>: information of the accessor such that the log files of
>: the servers of the web pages being accessed don't yield
>: any useful information for tracing who actually have
>: accessed these web pages. I think that's more useful
>: for many people than deletion of records of activity on
>: one's own computer. SafeWeb's service is said to be
>: entirely free.
>:
>: M. K. Shen
What happened was that a number of people in this and other newsgroups
got very tired of the spam and decided to challenge the veracity of the
program itself. Instead of a reasoned response, Eric Green was libeled
on their website, and the rest of us are being called "liars" who are
spreading "disinformation." They will not directly answer questions or
challenges, and refuse to provide any review of their product by a
qualified testing lab.
They have relied upon spam and shock marketing tactics to sell their
product, raising the price 350% in a year without improving it.
Don't be fooled by their marketing. There is very little chance you
have anything illegal on your computer, and no matter what they claim -
they can't protect you if you come to the attention of the police.
When it was $40, it was an excellent housekeeping utility. Windows is
very dirty, leaving garbage everywhere (much like a three year old
child.) For Win9X, it seeks out and gets rid of most of this junk. For
NT/2000 - it is still a good tool if you know where to set it to look
for junk, most people don't. It is also limited in function if you use
NTFS. However, there are many other programs that will do this and also
wipe either for free or far less than the $140 they now think their
product is worth (actually, one said it was worth $7000 and I spit beer
all over my monitor!)
Where do you look on Win98? Lots of places really. Internet temporary
directories, Windows temp directories, the root directory, and gawd
knows how much crap is tucked into your registry. But it's all just
messy housekeeping, unless you trade in kiddie porn there is nothing on
your machine inherently illegal; and more likely than not if you trade
in kiddie porn or keep the records of your drug dealing empire on your
machine you want to keep them around anyway.
It's just a scam feeding on the paranoia of the ignorant.
Another site to read for the truth:
http://www.radsoft.net/resources/software/reviews/ee/07.htm
Notice the difference between this review and their website claims.
--
Loki
"Joan of Arc heard voices too!"
------------------------------
From: Dave Howe <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: Evidence Eliminator works great. Beware anybody who claims it doesn't
work (propaganda)
Date: Fri, 25 May 2001 20:37:14 +0100
In our last episode (<alt.security.pgp>[Fri, 25 May 2001 15:02:00
+0100]), "John Niven" <[EMAIL PROTECTED]> said :
>I've been alerting [EMAIL PROTECTED] - here's their reply:
>
><< begin >>
>Hi John -
>
>Thanks for your recent email.
>
>We are currently investigating a series of complaints relating to this
>issue. Please rest assured that once our investigations are complete
>that the appropriate action will be taken.
>
>
>Regards,
>
>Mike White
>Acceptable Use Policy Team
>
>ntl: Technology. Tamed.
>http://www.ntlworld.com
><< end >>
>
>John
looks strangely familiar ;)
--== DaveHowe ( is at) Bigfoot dot com ==--
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Good crypto or just good enough?
Date: 25 May 2001 12:40:17 -0700
Tom St Denis <[EMAIL PROTECTED]> writes:
> My old employer asked me to ask the group this question.
>
> Would you settle for crypto that is "just secure enough" or "is as
> secure as we know how to make it". Both within reason.
I think most people using AES will use 128 bit keys rather than 256
bits, so I'll vote for "just secure enough, plus a safety margin".
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a
fool ?
Date: Fri, 25 May 2001 12:11:08 -0700
I feel I am in a reasonable position to comment on your concept. I am also
performing several responses in one to avoid extending the conversation by
too much.
"BenZen" <[EMAIL PROTECTED]> wrote in message
news:BakP6.532$[EMAIL PROTECTED]...
> I want to keep my explanation intuitive; So I will use a simplified
example.
> Suppose we want to 'encrypt' an image.. This image is mapped sampled, and
> represented in a binary file... Suppose that we have the 'perfect'
encrypting
> algorithm; Like I said before; I want the encryption sequence to match as
closely
> as possible the 'original', in order for it to 'MASK' the original's
characteristics.
> .. In the utopic example, my algorithm would match almost bit for bit the
original;
> Thus once a XOR between the two streams is performed.. WE see very few
> information bits, here and there... compression on the result is easy;
> (*) I would intuitively suppose it is an indication of successfull
encryption.
> If the result is easy to compress; While the original might not have
been.
> Now.. Back to the Keys and Keyspace.
> Since the Encryption shall be done using a 'key'.. I think there might be
better
> hopes of pushing the 'Fractal' algorithm one step further, with a first
pass
> on the original document... The first pass shall determine some inherent
> characteristics of the original; such as 'variance', type of distribution,
> granularity.. And in the specific case of images; Geometric properties,
> that could be matched with a particular fractal variant.
> The 'Key' is an agglomerate of options and seeds.. Then, even if the
'encryptor',
> program suggests a 'Key'; The user will customize the choice by taking one
> key close, but just on of the billion's close by.. Resulting in an
imperfect match
> between the original and the encryption sequence.. With a final
combination
> leaving apparant clouds of bits with little to say about the whole.
>
> That's one aspect I fell about 'Fractals', which we can better 'rescale',
to
> match a particular structural patter in the original.
> Taking just 'any key' withing the entire set of keys, is IMHO not aiming
for best.
There is a problem with that idea. In doing that you are changing the
position of the information from the stream, to an unknown location (it
would have to be transferred somehow). In it's current form it doesn't match
very well with encryption (although it may be useful for compression). In
encryption the general tactic is to increase the apparent quantity of data
to exactly the size of the transfer, and to attack we reduce that
information to the original. This is the kind of encryption that is
understood, that is known how to examine. I don't want to discourage you,
but loss of information cannot be recovered from. The idea of having the
user choose a "close" key is not the best of ideas, if the user does that
the new key will have to be transferred, otherwise the information is
(hopefully) permanently lost.
[on establishing the period of the generator]
Because the generator must be deterministic (otherwise the reader wouldn't
be able to read it) it will have a period at some point. Proving this is a
simple matter, you have a fixed maximum amount of RAM, which means you have
a fixed maximum number of states, so you can only change states a certain
number of times before the state repeats. Proving the period generally
involves proving the ordering of states under all keys gaurentees a certain
number of states will be reached before a repetition occurs.
[on establishing the security of the generator]
To prove the best possible security of the generator you have to prove that
given [0,n-1], [n+1, k] bits of the output the attacker can only determine
the missing bit with probability 1/2+E, for all n<=k, for all k <
periodOfGenerator. If you can prove that E is a very important value, as E
tends to 0 the security increases. To simplify this you can simply prove for
k = period, having less knowledge will not give the attacker an advantage.
However E is likely to vary with k, so having a proof of relationship would
be very good. There is also a useful variation of the proof where you set n
= k.
Throughout this I have assumed that you are building a stream cipher. If you
want to use fractals to build a block cipher there are differing
requirements.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Evidence Eliminator Detractors Working Hard But No Result?
Date: Fri, 25 May 2001 12:25:48 -0700
Crossposted-To: alt.privacy,alt.security.pgp
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> What I don't understand, when glancing at the web page
> www.evidence-eliminator.com, is the sentence:
>
> your PC is keeping frightening records of both your
> online and off-line activity.
>
> I know too little about current OSs. Could you tell where
> these records are kept under Window98?
In short they aren't. Windows98 keeps a brief history of a few details from
recent time. Examples of these are start->documents, the Internet Explorer
history, etc. There may be some benefit to EE for some people, but most
people are likely to see better results by scheduling a freespace wipe
nightly. So my recommendation is:
A) Don't do anything illegal enough to bother with (e.g. don't plan a murder
on your computer)
B) Schedule a free space wipe on your machine nightly, or when you're at
work, whenever you go on vacation etc
C) Make sure the registry gets cleared when you uninstall a program
These three things (actually the third mostly just speed up registry
searches and saves a lot of hard drive space) will keep almost all
information hidden from anyone. For the most part all you will be doing is
cleanup, you will avoid having sensitive information on your computer for an
overly long period of time, just think of it as an office shredder.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Good crypto or just good enough?
Date: Fri, 25 May 2001 12:36:56 -0700
I have long been a fan not of either the just secure enough, or the bank
vault front door. I believe in finding an ideal compromise after
consideration of the situation. I choose a 4096-bit PGP key, not because
it's the bank vault-like setting but because the time needed to perform the
encryption/decryption/signing/verification is justifiable. I recieve only a
handful of encrypted messages each day, and I send only a handful, the
4096-bit key does not cost me ay noticable time, so I have no reason not to
use a key that secure. Each concept of security has it's place, based on the
speed requirements, and the security requirements. For example it would be
fairly reasonable to protect a Macy's giftcard worth $200 with merely single
DES, because the speed requirement is rather high (the computer system spans
a large number of stores and needs to verify very quickly), and the benefit
of breaking the encryption is far less than the cost of the electricity to
run a cracker.
This compromise is evident throughout the cryptographic industry. If it was
not we would all be using RSA keys that were hundreds of megabits in length,
and it would take days to encrypt or decrypt. Instead we use 768 bit or
more. Everyone decides carefully what to protect and how vigorously, we
express this through insurance, through security measures, through usage
choices, through deciding whether or not hiring a number of security gaurds
is justified. I don't think either of the supplied options is the endall.
Joe
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> My old employer asked me to ask the group this question.
>
> Would you settle for crypto that is "just secure enough" or "is as
> secure as we know how to make it". Both within reason.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Is Rijandael = AES ?
Date: Fri, 25 May 2001 20:04:22 GMT
On Fri, 25 May 2001 17:20:10 +0100, "Brian Gladman"
<[EMAIL PROTECTED]> wrote, in part:
>I am not aware of Rijndael block lengths greater than 256 bits,
No, but the key schedule outlined certainly admits of key lengths
greater than 256 bits, and I think _that's_ what he was thinking of.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a
fool ?
Date: Fri, 25 May 2001 20:09:41 GMT
On Thu, 24 May 2001 20:22:21 -0400, "BenZen" <[EMAIL PROTECTED]>
wrote, in part:
>I'm a senior engineer with a lots of time on my hands now.
And it appears your first language is German, from your patterns of
grammar, capitalization, and punctuation.
The fact that certain fractal methods don't produce a uniformly
distributed output can be dealt with easily enough by hashing the
output. In general, though, fractal methods are regarded as of dubious
security and as inefficient for good reason. Certainly expecting to
come up with something "100% safe" as a neophyte seems unrealistic.
Yet I do think fractal methods may ultimately have a legitimate place,
supplementing more conventional methods to make analysis more
difficult. But I really think you need to learn more before proposing
to come up with something new and different that works.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Good crypto or just good enough?
Date: Fri, 25 May 2001 20:16:22 GMT
On Fri, 25 May 2001 16:11:50 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote, in part:
>Would you settle for crypto that is "just secure enough" or "is as
>secure as we know how to make it". Both within reason.
The trouble is that the latter is so open ended that one can't really
say *what's* within reason for it, since we can always do a little
better.
Quintuple-Rijndael is within reason, but few people are going to go
even that far.
Just secure enough isn't right either, though, in my opinion.
Sufficiently more than secure enough that the security of the
cryptography involved is simply not a concern any more - that's what
I'd go for. But that's still way closer to 'just secure enough' than
'as secure as we know how to make it'.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Good crypto or just good enough?
Date: Fri, 25 May 2001 20:17:22 GMT
On Fri, 25 May 2001 16:55:54 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote, in part:
>Tom St Denis wrote:
>> Against single DES no one PC is fast enough to find the key
>> within a reasonable amount of time.
>I doubt that that is true. You're assuming the attacker can't
>do better than a brute-force key search.
Any attacker who only has one PC available probably isn't the NSA. Or
a foreign intelligence agency.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Good crypto or just good enough?
Date: Fri, 25 May 2001 20:24:27 GMT
John Savard wrote:
>
> On Fri, 25 May 2001 16:11:50 GMT, Tom St Denis <[EMAIL PROTECTED]>
> wrote, in part:
>
> >Would you settle for crypto that is "just secure enough" or "is as
> >secure as we know how to make it". Both within reason.
>
> The trouble is that the latter is so open ended that one can't really
> say *what's* within reason for it, since we can always do a little
> better.
>
> Quintuple-Rijndael is within reason, but few people are going to go
> even that far.
True. My beef was with the argument that "somewhat aging crypto" is ok
compared to more modern up to date stuff. I thought that was the point
of researching new transforms. To not only make them more secure but
more efficient.
>
> Just secure enough isn't right either, though, in my opinion.
>
> Sufficiently more than secure enough that the security of the
> cryptography involved is simply not a concern any more - that's what
> I'd go for. But that's still way closer to 'just secure enough' than
> 'as secure as we know how to make it'.
Well I agree that we can never have "super more secure" but there are
bad crypto designs. Like using AES with 256-bit keys and having a
32-bit PRNG seed, etc..
My main point was if something is better is available and for all
intents and purposes is as efficient, as appropriate as something else
that in the information theoretic sense is worse why not use it? For
example, 3DES and Serpent are about as fast and take about the same code
etc. But Serpent has a higher security margin and allows for larger
keys. While brute forcing 3DES is not likely and would be a good choice
given the two options wouldn't Serpent just be the "overkill" better
choice?
I.e the product *really* isn't any better but it shouldn't hurt either.
Why not move towards over cautious?
Tom
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Is Rijandael = AES ?
Date: 25 May 2001 20:24:32 GMT
[EMAIL PROTECTED] (Brian Gladman) wrote in <iJvP6.69$lk1.8398@wards>:
>"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> [EMAIL PROTECTED] (John Savard) wrote in
>> <[EMAIL PROTECTED]>:
>>
>> >On Fri, 25 May 2001 16:10:13 +0200, "Christian Schindler"
>> ><[EMAIL PROTECTED]> wrote, in part:
>> >
>> >>Is the Rijandael-algorythmus the same as AES??
>> >
>> >Yes.
>> >
>> >Just about.
>> >
>> >Several algorithms were submitted to NIST, and of them, Rijndael was
>> >chosen for the standard.
>> >
>> >However, Rijndael _as submitted_ is not the standard itself, but the
>> >basis for the standard. The official Advanced Encryption Standard has
>> >not yet been issued.
>> >
>> >One difference that is currently anticipated to exist between
>> >Rijndael as submitted and the standard as eventually issued is that
>> >Rijndael as submitted included provision for block sizes of 128, 160,
>> >192, 224 and 256 bits, and key sizes of 128, 160, 192, 224, and 256
>> >bits, it is likely that the official standard will only provide for a
>> >block size of 128 bits and key sizes of 128, 192, and 256 bits.
>> >
>>
>> and don't forget there will be version longer than 256 bits
>> for RIJNDEAL I think gladman even has a few test vectors for it,
>
>I am not aware of Rijndael block lengths greater than 256 bits, but I
>have published test vectors for 192 and 256 bit blocks. Are you thinking
>of these non-AES block lengths?
>
>I have also just published an implementation of Rijndael that offers
>128, 160, 192, 224 and 256 bit block and key lengths in any combination.
>
Sorry I meant the 256bit block that is longer that 128 aes thing.
it was at your site.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (Frog20000)
Subject: Input Appreciated
Date: 25 May 2001 13:43:52 -0700
check encoder at
http://www.aasp.net/~speechfb
------------------------------
From: [EMAIL PROTECTED] (Steve Meyer)
Subject: Re: acceptance of encryption, market research
Reply-To: [EMAIL PROTECTED]
Date: 25 May 2001 20:56:24 GMT
There was an invited lecture on this at recent Eurocrypt by Andrew Odlyzka.
He gave his web site as http://www.research.att.com/~ano (or mayb ~amo).
/Steve
On 24 May 2001 07:46:22 -0700, LLCoolLok <[EMAIL PROTECTED]> wrote:
>hello,
>
>i wonder if there has been a research done concerning the acceptance
>of encryption.
>
>for example, what do people cite as the main reason for using
>encryption, and (what i am interested in) what do people cite as the
>main reasons for NOT using encryption. ease of use will probably score
>high.
>
>anyone knows of a previous research?
>
>regards,
>lokman tsui
>university of leiden
--
Steve Meyer Phone: (415) 296-7017
Pragmatic C Software Corp. Fax: (415) 296-0946
220 Montgomery St., Suite 925 email: [EMAIL PROTECTED]
San Francisco, CA 94104
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Good crypto or just good enough?
Date: 25 May 2001 20:49:45 GMT
[EMAIL PROTECTED] (Joseph Ashwood) wrote in <#W29gIV5AHA.190@cpmsnbbsa07>:
>I have long been a fan not of either the just secure enough, or the bank
>vault front door. I believe in finding an ideal compromise after
>consideration of the situation. I choose a 4096-bit PGP key, not because
>it's the bank vault-like setting but because the time needed to perform
>the encryption/decryption/signing/verification is justifiable. I recieve
>only a handful of encrypted messages each day, and I send only a
>handful, the 4096-bit key does not cost me ay noticable time, so I have
>no reason not to use a key that secure. Each concept of security has
I agree with Joe. Or maybe I misunderstood him. But if you have
both encryption programs. And for the use you have if the appeant time
differences is zero then use the more secure. TO clarify I write an
email message. 2 mirco seconds for one way and 2 seconds for another
way when I am only writting 2 or 3 letters aday. I would go for what
I felt was the most secure. But time is a major factor.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Break on Schneiers first proposed "self-study cipher"
Date: 25 May 2001 20:52:41 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in <[EMAIL PROTECTED]>:
>I wanted to beat this idea around.
>
>In Schneiers (he's a thoughtful person btw) "Self-Study" guide he
>proposes to break eight rounds of RC5 without rotations.
>
I see you have this idea that Mr BS is a thoughtful person.
Do you have any basis for this idea. Have you ever meet him in
person. Also if you read things from his company. How do you
know he wrote them.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Good crypto or just good enough?
Date: 25 May 2001 20:41:02 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in <[EMAIL PROTECTED]>:
>My old employer asked me to ask the group this question.
He sounds like a nice guy. I think I would get along
with him better than you. Unless he is pro French.
>
>Would you settle for crypto that is "just secure enough" or "is as
>secure as we know how to make it". Both within reason.
Since its only software. I would prefer as secure as we
know how.
>
>His line of thinking was that I was a hypocrite for only having a
>dead-bolt on my door instead of a 6" steel vault door.
But it cost the same on my machine to encrypt with des
as it does with scott19u. But my house has a dead bolt to.
It not real a valid compression. Since the 6" door is expensive
while good crpto is basically free.
However I feel your one to use what I would call weak encryption
so your didinitely not a hypocrite for using a weak lock. That
Tom does not mean I don't think of you as a hypocrite for other
possible reasons.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Break on Schneiers first proposed "self-study cipher"
Date: Fri, 25 May 2001 21:00:25 GMT
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Tom St Denis) wrote in <[EMAIL PROTECTED]>:
>
> >I wanted to beat this idea around.
> >
> >In Schneiers (he's a thoughtful person btw) "Self-Study" guide he
> >proposes to break eight rounds of RC5 without rotations.
> >
>
> I see you have this idea that Mr BS is a thoughtful person.
> Do you have any basis for this idea. Have you ever meet him in
> person. Also if you read things from his company. How do you
> know he wrote them.
I called him thoughtful because he spends more time doing productive
things then this
That and he publishes all his research on his website for free, and he
indexed about 2500 papers, and ...
Is that enough "basis"?
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
