Cryptography-Digest Digest #448, Volume #14 Sat, 26 May 01 13:13:01 EDT
Contents:
Re: A generic feistel cipher with hash and gf(257) mixers ("Tom St Denis")
Re: A generic feistel cipher with hash and gf(257) mixers (David Wagner)
Re: A generic feistel cipher with hash and gf(257) mixers (David Wagner)
Re: A generic feistel cipher with hash and gf(257) mixers ("Tom St Denis")
Re: taking your PC in for repair? WARNING: What will they (Eric Lee Green)
Re: Is There An Entanglement Memory Substance? (tkorrovi)
Re: Getting back to the self-study Analysis (Tom St Denis)
Re: James Felling: Sorry to break your bubble (HiEv)
Re: Small (not fast) RIPEMD-160 (Ian Stirling)
Re: Small (not fast) RIPEMD-160 (Tom St Denis)
----------------------------------------------------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: A generic feistel cipher with hash and gf(257) mixers
Date: Sat, 26 May 2001 15:14:46 GMT
"Jim Steuert" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Thanks, Tom
> I appreciate your feedback. What I am getting at, in general, though,
> is a methodology which would take designing ciphers out of the hands
> of the "experts" (no disrespect intended) and put it into the hands
> of hobbyists, who could still come up with creative ideas, but based
> on well-understood design principles. I certainly think that a hobbyist,
> if he didn't understand the basic principles could design a really broken
> cipher (I've been there). I think that this was part of the point
> of Bruce Schneier's book, that a non-crypto-expert programmer could
> use cryptography without leaving it to government or other experts.
> That is a very dangerous 70's type idea, where hang-glider and homebuilt
> airplane designers were getting killed. But still, some creative ideas
came
> out of it (Rutan, etc.) which are being used in commercial use today.
> Likewise for sailboat design, a lot of fields. The hobbyist can
contribute,
> even to cryptography.
There is nothing stoping you from spending 150$ on texts books...
You're logic dictates I should go practice heart surgery on my brother since
"I can't be lead by the hand by the man".
Sure to you crypto may be a toy hobby thing. Invent new ciphers, but
especially learn how to break them. Anyone can design a cipher, not
everyone can break them. Above all don't propose or actually use the cipher
in a program you expect people to "trust" if it's homebrew. When you
convince others to use your homebrew ciphers for serious use you might as
well pass the scalpul since I have some surgery to practice.
Tom
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: A generic feistel cipher with hash and gf(257) mixers
Date: 26 May 2001 15:14:52 GMT
Jim Steuert wrote:
> My remedy, given three 32-bit digest vars (a,b,c) was to, after the
>inital 30 rounds of mixing of (a,b,c) , to replace the
>simple xor of all three key parts (key1,key2,key3) with the following:
>Xor the first part key1 of the key with the "a", and then provide say, 8 rounds
>of mixing mix(a,b,c) , then xor only the second part of the key with "b" ,
>then 8 rounds of mix(a,b,c), then xor only the final part of the key with "c".
>Then proceed with the second half of the cipher, with its 30-odd mixing
>phases.
Well, of course any unkeyed operations done at the beginning or end
of the cipher are useless and might as well be omitted.
Moreover, since you are only using each part of the key once, you have
to worry about meet-in-the-middle attacks. I bet the design above can
be broken with about 2^32 work, if I understood it correctly.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: A generic feistel cipher with hash and gf(257) mixers
Date: 26 May 2001 15:19:10 GMT
Jim Steuert wrote:
> What I am getting at, in general, though,
>is a methodology which would take designing ciphers out of the hands
>of the "experts" (no disrespect intended) and put it into the hands
>of hobbyists, who could still come up with creative ideas, but based
>on well-understood design principles.
Why? Designing ciphers as a hobbyist is a Really Bad Idea, if you want to
deploy the result in a real system: most such ciphers end up being weak.
Read Bruce Schneier's Memo to an Amateur Cryptographer for details
(see the Cryptograms at www.counterpane.com).
In any case, such a methodology does not exist today. You are much
better off to use a trusted, well-understood cipher, such as 3DES
(which has seen tens or hundreds of person-years of analysis) or AES
(which soon will see an equivalent amount of analysis).
I don't want to discourage you, but if you want to maximize the odds
of making a contribution to the science of cryptography as a hobbyist,
block cipher design is not exactly the area I'd pick.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: A generic feistel cipher with hash and gf(257) mixers
Date: Sat, 26 May 2001 15:23:49 GMT
"David Wagner" <[EMAIL PROTECTED]> wrote in message
news:9eohhe$nf4$[EMAIL PROTECTED]...
> Jim Steuert wrote:
> > What I am getting at, in general, though,
> >is a methodology which would take designing ciphers out of the hands
> >of the "experts" (no disrespect intended) and put it into the hands
> >of hobbyists, who could still come up with creative ideas, but based
> >on well-understood design principles.
>
> Why? Designing ciphers as a hobbyist is a Really Bad Idea, if you want to
> deploy the result in a real system: most such ciphers end up being weak.
> Read Bruce Schneier's Memo to an Amateur Cryptographer for details
> (see the Cryptograms at www.counterpane.com).
>
> In any case, such a methodology does not exist today. You are much
> better off to use a trusted, well-understood cipher, such as 3DES
> (which has seen tens or hundreds of person-years of analysis) or AES
> (which soon will see an equivalent amount of analysis).
>
> I don't want to discourage you, but if you want to maximize the odds
> of making a contribution to the science of cryptography as a hobbyist,
> block cipher design is not exactly the area I'd pick.
Curious, what would you pick?
Off the top of my head I would look into
1. Cryptanalysis
2. Stream Cipher Design
3. Actual real life side of Crypto (hence my essay I wrote earlier)
Tom
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Crossposted-To: alt.privacy,alt.privacy.anon-server
Subject: Re: taking your PC in for repair? WARNING: What will they
Reply-To: [EMAIL PROTECTED]
Date: Sat, 26 May 2001 15:24:05 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
On Thu, 24 May 2001 10:26:10 +0200, Martin Schultz <[EMAIL PROTECTED]
remove.this> wrote:
>On Wed, 23 May 2001 20:03:22 GMT, Darren New <[EMAIL PROTECTED]> wrote:
>>Jim Turner wrote:
>>> Two others to look at are LCC, which has a decent IDE, and MINGW,
>>> which is based on GNU but uses standard windows DLLs instead of a unix
>>> emulation DLL. There is also the DEV-C++ package which adds an IDE to
>>> MINGW or Cygwin.
>>
>>Does it really need to be written in C?
>No it can be written in what ever languages the author likes.
>(allmost)
Except that some languages will be too slow if you intend to do
semi-secure overwrites. I could whip it out in Python in a week
(Python is a high-level object-oriented language, sort of between Perl
and Java, with the ease of writing of Perl and the ease of reading of
Java), but it would be no faster than the Visual BASIC program put
together by the boys in Nottingham. Similarly, doing it in Visual
BASIC would be one of those "Why?" deals. If it's not faster than the
sluggish VB bloat from Nottingham, people will just pirate the
already-existing VB bloat rather than use the alternative.
For speed, the only thing faster than C/C++ is assembly language. I
don't think any of us are THAT masochistic!
=====BEGIN PGP SIGNATURE=====
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7D8lw3DrrK1kMA04RAoYnAJ95jCyFaiUjXd559xmJs4gzEwBULwCfYDps
DivDq4Aeo2cZ3Tj2PXvl0lY=
=zqnF
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (tkorrovi)
Subject: Re: Is There An Entanglement Memory Substance?
Date: 26 May 2001 08:58:22 -0700
The following shows how difficult it is to have serious discussion in
these discussion boards, the message is
http://rickrush.com/messages/4305.html. Regognizing right to ignore
'as an approximation of consc, your "absolutely dynamic intelligence"
is a good start' fully satisfies me, as it's considered to be one
possibility, no matter how interpreted (it was supposed to be simple
ai).
Trust a street-lamp repairman to nail it down at last. Well done. nt.
Posted by K on April 14, 192001 at 13:01:08:
In Reply to: An aside order of dill pickle posted by densiny liquelo
on April 14, 192001 at 11:47:10:
: The Team relishes where you have gone with this>>>>>>> "Conciousness
is defined as being both the drive and the ability to make
sandwiches." Also inclusive of the conscious being is an apparently
nonsensical motivation to hit or throw balls into holes.
: :
: : : This is continuation of the thread: repeated from the
dead/.../how to prove the existence of a consciousness/ from below.
: : : :Posted by algore on April 13, 192001 at 17:27:52:
: : : :In Reply to: that's why my c. definition is necessary posted by
tkorrovi on April 13, 192001 at 15:06:24:
: : : :If you DEFINE consciousness to be some particular
scientifically sensible quality, as you do, then of course you're
right: we can then (in principle) scientifically determine what is and
isn't conscious. But you can't prove, scientifically, that yours is
the real, true, correct definition of "consciousness". As an
approximation of consc, your "absolutely dynamic intelligence" is a
good start, tho. Wandering into unexplored and unexpected territory is
certainly something that consc does.
: : : Well, my candidate definition "Consciousness is an ability to
create necessary rule in all circumstances when it is possible based
on gathered information" defines consciousness because consciousness
is commonly considered to be a totality of all capacities of conscious
being, by definition the ability mentioned above enables all these
capacities, identifies consciousness compared to any other system and
is a core of consciousness in a common sense of that concept. Also in
my program the process what it had to implement and finally
implemented had to emerge in the most disturbing possible environment
(deleting knots, finding a way how letters what were entered in
separate cycles can be written in a single cycle), the system had to
overcome a lot of different circumstances (including controlling its
size), so in accordance with my candidate definition of consciousness
it is likely to be conscious. But yet I didn't use the term "prove",
rather I personally consider it the most logical option.
: : : :I see what you mean by a "knot" but your definition is vague -
a point connected to other points. Can you define the simpler concept
"link" precisely?
: : : I didn't say that knot is "defined" that way, I said that it can
be conceived that way. Link can also be conceived as connection
between two points so that the points and the connection don't have
any properties. It's as simple as that.
: : : :What, in your code, constitutes a point?
: : : Simply nothing.
: : : :What do you do with an input, like the word "hi"?
: : : I don't know, I don't do nothing with it. What does something
with it is the structure (I mean knots) what is the result of
development.
: : : :While it runs does it simply keep making connections?
: : : It creates knots and deletes knots.
: : : :How does the pruning happen?
: : : What you mean pruning? In certain conditions knot just
disappears. Also about creating knots I thought once that it can be
interpreted as link splitting into two, but I still cannot figure out
how to imagine it.
: : : :What conditions cause it to output?
: : : Just participation by knot for that event in creation, but this
communication is something what the system have to figure out by
itself.
: : : Tarvo
"Osher Doctorow" <[EMAIL PROTECTED]> wrote in message
news:<9enjqi$8tb$[EMAIL PROTECTED]>...
> From: Osher Doctorow [EMAIL PROTECTED], Fri. May 25, 2001 10:57PM
>
> To proceed with quantum cryptography, we need to understand entanglement,
> and it seems as though to understand entanglement we may have to understand
> the universe as a whole (globally) better. Let's see what happens if we
> try to *cryptographically decode* the universe itself by a type of
> *propositional entanglement* which simply consists of relating similar
> knowledge in different contexts.
>
> Radiation is implicated in entanglement, since we direct a beam of green
> laser light toward a crystal of potassium dihydrogen phosphate (KDP) for
> example. Correlation of pairs of photons but especially their polarization
> (direction of motion) properties is implicated. We intuitively feel that
> the waves of the particles are entangled in some sort of substantial sense
> but also in the sense of fitting together/intersecting to form a whole.
> Global knowledge is implicated.
>
> What is most similar to this situation in different contexts? I am
> reminded of human consciousness and sensorimotor perception/action. We
> feel intuitively that consciousness is global and somehow
> expandable/contractable (the latter say during sleep or when tired). We
> intuitively feel that sensation/perception/action has a global and somehow
> expandable/contractable characteristic but of a less concrete type than a
> solid body - roughly, like a wave or field. In fact, when we try to
> concentrate or focus, we have distinct feelings of expanding outward either
> in a particular direction or more interestingly in several *entangled*
> directions. There are even some strange hologram indications that this
> occurs.
>
> What if there really is a wave-fieldlike substance associated with both the
> brain and entangled photons? T. Y. Cao of Boston University in his late
> 1990s analyses of quantum field theories concluded that there is actually
> such a substance, but he described it as a field with geometric properties
> and attributed its recognition to Einstein. Cao showed quite clearly, howev
> er, that Steven Weinberg became fed up with the anomalies of quantum field
> theory and moved over to string theory with considerable justification at
> least in terms of rejecting field theory (string theory itself has a number
> of unanswered fundamental questions). If the substance is not literally a
> field, what if it is an ether associated locally with particles? In other
> words, what if the old ether theory works in the neighborhood of a particle,
> and if two particles enter each other's ether and then diverge, the ether
> merges and stretches with both of them?
>
> What form would the ether (or whatever we want to call the substance) take?
> If the analogy with the brain is anything more than an analogy, I would
> guess that it is spherical or better still a solid ball of waves - a
> wave-ball that can expand or contract. If it stretches/expands without
> breaking as in entanglement, we get a quantum computer and ultimately
> quantum cryptography. If it breaks after stretching, we get bosons, a
> particle-antiparticle pair, virtual particles, etc., where the intersection
> of wave-balls stretches to form the *force carrier* and then breaks to allow
> the particles to go off in various directions as fermions.
>
> All this would be pure speculation perhaps if it were not for Memory (M)
> Theory, which is based on (a) spherical/ball expansion/contraction (or its
> homeomorphs), (b) knowledge, logic, and memory of two or more past times,
> (c) continuous-global rather than discrete local properties including global
> influence.
>
> Aside from all this, we have the universe itself acting like an expanding
> accelerating sphere or its homeomorph, and I have shown elsewhere that
> proximity functions enormously simplify the equations of such expansion.
> Thus, M Theory is implicated in the universe's expansion as well if
> simplicity has a role in the universe. As for why the universe is
> expanding, I would just throw out the possibility that it is looking for
> knowledge/perception. Now back to the drawing boards.
>
> Osher Doctorow Ph.D.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Getting back to the self-study Analysis
Date: Sat, 26 May 2001 16:30:35 GMT
Harris Georgiou wrote:
>
> Ο Tom St Denis <[EMAIL PROTECTED]> έγραψε στο μήνυμα συζήτησης:
> [EMAIL PROTECTED]
> > Anyways, not like my original thread didn't go down hill...
> >
> > Any hints or tips? I am gonna work it out on paper a bit more later
> > on... I can't figure out how to exploit the linear relationship
> >
> > A xor K = B
> > A' xor K = B'
> >
> > (Dave you are not invited into this thread).
> >
> > Tom
>
> Since:
> (B xor B') = (A xor K) xor (A' xor K)
> = (A xor K) xor (K xor A')
> = A xor (K xor K) xor A'
> = A xor 0 xor A'
> = (A xor 0) xor A'
> = A xor A'
> Then (similarly):
> A' = (B xor A) xor B'
>
> It's obvious that given a single pair of plaintext-ciphertext, then for any
> subsequent ciphertext the plaintext can be easily found without having the
> actual key. Other than that, I don't think you have enough to retrieve A, A'
> and K just from B and B' (you always have one variable more than
> constraints).
Ahh very good work. I am looking for key retrival though...
Tom
------------------------------
From: HiEv <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker,talk.politics.crypto
Subject: Re: James Felling: Sorry to break your bubble
Date: Sat, 26 May 2001 16:34:47 GMT
Anthony Stephen Szopa wrote:
>
> James Felling: Sorry to break your bubble
First of all, the phrase is "burst your bubble" not "break your bubble".
> Reference: OAP-L3: "The absurd weakness."
And we decided to make this a new thread why? I guess you needed to
stroke your own ego more by putting down the one guy who was posting
decent responses to your lame ASS [that's Anthony's initials, not a
swear word].
I should also note, that after breaking off this new thread you proceed
to try and trash the guy, but you don't even quote him once! If we want
to follow you we now have to go back to another thread.
Should I mention the lousy cross post too?
> Tell me, do you have very many stupid people who pay you money for
> expounding such logic as you have demonstrated in your past three
> or four posts? Wait! Don't answer that right now. First read the
> following.
(gag, choke, sputter)
Pot: Pot to Kettle, Pot to Kettle, come in Kettle!
Kettle: Kettle here.
Pot: You are black.
> As you will see from looking at the first 105 permutations that the
> first 5 digits are: 0 1 2 3 4. No matter how many times you run
> your 105! process these first five digits of the group of 105
> permutations will always be the same.
Oh, yeah, easy to follow the context here, eh? Roughly, what was said
earlier was that Anthony would have a problem with some numbers not
being shuffled. His response (above) is that the suggested method would
have the same problems.
He doesn't address the possibility that his algorithm may have the same
problem.
> Now if you are aware of the way OAP-L3 works, you will know that
> this will result in very very poor random digit output: basically
> unusable.
Which is how just about everyone feels about it in the first place.
> You will also find further redundancy in the sixth digit. Over a
> group of just 105 permutations this is unacceptable with OAP-L3.
[snip rambling diatribe about how the suggested fix won't work]
Still nothing about the existing problem mentioned by James.
> I could pursue this analysis further but your suggestion of my
> "design flaws" has turned out to be nothing more than your myth and
> your suggestion to correct these fantastic "flaws" has turned out to
> be a fraud.
>
> I sure hope everyone is listening.
[snipped sequential list of permutations from 0 to 104]
And where do you disprove the design flaw he pointed out again? I don't
see it here.
> Tell me, do you have very many stupid people who pay you money for
> expounding such logic as you have demonstrated in your past three
> or four posts? Wha'da ya say?
If I needed someone in the encryption arena, I'd be more likely to hire
him than you. He's maintained a level head thoughout most of this,
while you keep going to insults.
I admit I haven't been free of insults in this message, but it doesn't
seem like you pay much attention to reason.
> If you have two encryption software methods I suggest you consider a
> corollary of Occum's Razor: choose the one that is simplest and
> easiest to understand in its entirety over the one you cannot
> comprehend with certainty to the fullest.
Argh! It's "Occam's Razor" not "Occum's Razor", and your version seems
to imply you shouldn't try to figure things out if you don't understand
them. Besides, simple != secure. Neither does complex mean secure,
thoroughly examined for weaknesses with none found suggests that it is
secure though. However you seem to get upset when anyone says that they
think they see a weakness.
I'm glad you aren't a ship captain. "Captain, there is a leak on one of
the lower decks!" "Have that man thrown overboard! How dare he talk
about my ship like that. It's treason!"
Nowhere in this huge insult of this message do you address whether
James's fix is necessary, you merely attack him. That does not speak
well of your algorithm.
> (Damn, that felt good. Maybe I'm ready for Bruce?)
Yes, I'm sure insulting people who attempt to make helpful suggestions
makes you feel like a big man. Heaven forbid you should actually listen
to someone.
If your product can't take any criticism without you breaking down into
insults, do you really think that people are going to buy/use it?
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask
about Exchange Server next.
------------------------------
From: Ian Stirling <[EMAIL PROTECTED]>
Subject: Re: Small (not fast) RIPEMD-160
Date: Sat, 26 May 2001 16:55:26 GMT
Mark Wooding <[EMAIL PROTECTED]> wrote:
>Ian Stirling <[EMAIL PROTECTED]> wrote:
>> jlcooke <[EMAIL PROTECTED]> wrote:
>> >I've got RIPEMD160 to 1990bytes. SHA-1 to 1360bytes.
>>
>> Thanks. I've got RIPEMD160 down to 3040 bytes, (with gcc) from around 7K.
>>
>> I know how to get down to around 2540 or so, perhaps 2200, but there
>> I think it's going to stick.
>I got it to 1570 bytes in C. (Implementation mailed to poster.)
Impressive, though the stripped .o file is >2K, with all the compilers
I have. (egcs and gcc).
What's the proper tool to show me bytes per function, or better, bytes
per line of code?
I'm pretty sure I can get it a little smaller than this, as I have a
cunning plan...
Anyway, I'll post an update in a week or so, as to how I've done.
--
http://inquisitor.i.am/ | mailto:[EMAIL PROTECTED] | Ian Stirling.
===========================+=========================+==========================
Lord, grant me the serenity to accept that I cannot change, the
courage to change what I can, and the wisdom to hide the bodies
of those I had to kill because they pissed me off. - Random
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Small (not fast) RIPEMD-160
Date: Sat, 26 May 2001 16:59:34 GMT
Ian Stirling wrote:
>
> Mark Wooding <[EMAIL PROTECTED]> wrote:
> >Ian Stirling <[EMAIL PROTECTED]> wrote:
> >> jlcooke <[EMAIL PROTECTED]> wrote:
> >> >I've got RIPEMD160 to 1990bytes. SHA-1 to 1360bytes.
> >>
> >> Thanks. I've got RIPEMD160 down to 3040 bytes, (with gcc) from around 7K.
> >>
> >> I know how to get down to around 2540 or so, perhaps 2200, but there
> >> I think it's going to stick.
>
> >I got it to 1570 bytes in C. (Implementation mailed to poster.)
>
> Impressive, though the stripped .o file is >2K, with all the compilers
> I have. (egcs and gcc).
>
> What's the proper tool to show me bytes per function, or better, bytes
> per line of code?
>
> I'm pretty sure I can get it a little smaller than this, as I have a
> cunning plan...
>
> Anyway, I'll post an update in a week or so, as to how I've done.
Bah it's not hard to make small code. It's making small human readable
code that's the trick.
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
