Cryptography-Digest Digest #482, Volume #14 Thu, 31 May 01 12:13:00 EDT
Contents:
Re: Medical data confidentiality on network comms ("Jordan C. Wiseman")
Definition of 'key' (Patrick Aland)
Re: Quantum Computers with relation to factoring and BBS (Bodo Moeller)
Re: Definition of 'key' (Tom St Denis)
Re: Definition of 'key' (Nicol So)
Re: Definition of 'key' ("Augusto Jun Devegili")
Re: Best, Strongest Algorithm (Tim Tyler)
Re: Boschloo FLOOD on alt.privacy.anon-server ("Thomas J. Boschloo")
Re: National Security Nightmare? ("Douglas A. Gwyn")
Re: National Security Nightmare? ("Sam Simpson")
Re: Help with RSA ([EMAIL PROTECTED])
Large Number Math Package ([EMAIL PROTECTED])
Re: National Security Nightmare? (SCOTT19U.ZIP_GUY)
Re: National Security Nightmare? (SCOTT19U.ZIP_GUY)
Re: National Security Nightmare? (Mok-Kong Shen)
Re: National Security Nightmare? (Volker Hetzer)
----------------------------------------------------------------------------
From: "Jordan C. Wiseman" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Re: Medical data confidentiality on network comms
Date: Thu, 31 May 2001 11:10:52 GMT
There being too many people authorized to view your data is one of the
problems (IMHO) that results from improperly created release forms....
These forms should only allow access to the data (or certain parts of it)
to specific parties (which they mostly do now) but also only for a LIMITED
TIME. I don't really remember seeing a medical release form that could
expire after a given amount of time. If they did (just like a CA's cert)
it would force the organizations involved to pay closer attention to what
data the have, and make sure that our data was destroyed when it could no
longer be legally used.
Yes, I see that this could create a little hassle about having to re-issue
releases after a while, but so what. That would be the price for your
wanting to make sure that there was only so much of your medical
information available at one time.
Jordan
"David Wagner" <[EMAIL PROTECTED]> wrote in message
news:9f55r3$2ffu$[EMAIL PROTECTED]...
> Jordan C. Wiseman wrote:
> >Does the world need the medical equivalent of a CA to verify that
everyone
> >attempting to get the data is who they say they are?
>
> No! The problem is not authentication. Part of the problem is that
> too many parties are currently authorized to do too many things with my
> medical data. (For instance, insurance companies, government, entire
> hospital staff, ...) A CA won't help this.
>
> Securing the communication channel is far enough down the list of threats
> that, IMHO, it's not worth spending a lot of time on it until there is
> some reason to believe the other threats can be defended against.
>
> Medical privacy has a radically different set of problems from military
> security.
------------------------------
From: [EMAIL PROTECTED] (Patrick Aland)
Subject: Definition of 'key'
Date: 31 May 2001 04:37:01 -0700
I was talking to someone today and we were trying to come up with a
good formal definition of a key (in regards to cryptography, no
car/house/etc key comments please :) )
Now after looking through the few crypto books I have (Applied crypto,
etc) they don't seem to have a good definition either.
Can anyone help me out?
Thanks.
------------------------------
From: [EMAIL PROTECTED] (Bodo Moeller)
Subject: Re: Quantum Computers with relation to factoring and BBS
Date: 31 May 2001 11:27:43 GMT
Scott Fluhrer <[EMAIL PROTECTED]>:
> Bodo Moeller <[EMAIL PROTECTED]>:
>> Scott Fluhrer <[EMAIL PROTECTED]>:
>>> - NP is the set of problems for which, if something has a "Yes" answer,
>>> there always exists a quickly verifiable proof of that "Yes" answer. For
>>> factoring, a "Yes" answer can be demonstrated by showing the factorization,
>>> which can be quickly verified.
>> Actually, it is not quite that easy -- you also need a proof that
>> primality testing is in NP: You have to make sure that you are
>> factoring into *primes*. Without this requirement, an algorithm that
>> simply returns its input would be a "factoring algorithm".
> I did say I elided a lot of the details: here's a few more details: NP is a
> set of decision problems (that is, problems that give a "Yes" or "No"
> answer), and so to turn factorization into a decision problem, one method is
> to make the problem "given integers n and m, does n have any factors p such
> that 1<p<m?".
I was assuming that in this discussion the terms "P" and "NP" are
being abused for computational problems in general (i.e. polynomial
time deterministic or non-deterministic machines computing some
result, not just accepting a language). You were apparently assuming
that the term "factoring" is being abused for some decision problem
related to factoring.
While the translation into a decision problem may be pretty natural
when only the question "Is factoring in NP?" has been considered, it
is much less so when a similar question has also been posed for "P".
The discussion so far was certainly not about a decision problem.
So what we two probably should have done is point out that the
question "Is factoring in P?" does not make much sense because "P" is
about semi-decision procedures and "factoring" is not a decision
problem.
--
Bodo M�ller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Definition of 'key'
Date: Thu, 31 May 2001 11:44:46 GMT
Patrick Aland wrote:
>
> I was talking to someone today and we were trying to come up with a
> good formal definition of a key (in regards to cryptography, no
> car/house/etc key comments please :) )
> Now after looking through the few crypto books I have (Applied crypto,
> etc) they don't seem to have a good definition either.
> Can anyone help me out?
A digital key is a binary string that allows for the easy computation of
a transform on a piece of data. More conceptually it is the required
information to solve a (typically) linear system as part of a secure
transform. More generally it is missing information (such as sboxes,
etc..).
IOW: A digital key is the required information to go from ciphertext to
plaintext and vice versa.
Tom
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: Definition of 'key'
Date: Thu, 31 May 2001 08:41:36 -0400
Reply-To: see.signature
Patrick Aland wrote:
>
> I was talking to someone today and we were trying to come up with a
> good formal definition of a key (in regards to cryptography, no
> car/house/etc key comments please :) )
> Now after looking through the few crypto books I have (Applied crypto,
> etc) they don't seem to have a good definition either.
You can think of an encryption function as an indexed family of mappings
from the message space to the ciphertext space. A key, in the most
general sense, is just an "index" that specifies one of many possible
choice of mappings. The security of encryption comes from the fact that
there are many possible mappings to choose from but it is not easy to
determine the key (i.e. the choice of mapping) from the inputs and
outputs of encryption.
There are, of course, additional requirements on the family of mappings
if the encryption scheme is to be practical and secure. For example, the
mappings can't be just arbitrary mappings; they have to be efficiently
computable given knowledge of the key.
--
Nicol So, CISSP // paranoid 'at' engineer 'dot' com
Disclaimer: Views expressed here are casual comments and should
not be relied upon as the basis for decisions of consequence.
------------------------------
From: "Augusto Jun Devegili" <[EMAIL PROTECTED]>
Subject: Re: Definition of 'key'
Date: Thu, 31 May 2001 10:15:25 -0300
Considering that a cryptosystem is a five-tuple comprised of (P, C, K, E,
D), where P is the set of possible plaintexts, C is the set of possible
ciphertexts and K is the key space (possible keys):
* for each k belonging to K there is an encryption rule e_k belonging to E
and a correspondent decryption rule d_k belonging to D
* each e_k : P -> C and d_k : C -> P are functions so that for each x
belonging to P, d_k(e_k(x)) = x
Take a look at Cryptography: Theory and Practice by Dr. Stinson.
Regards,
Augusto Jun Devegili
"Patrick Aland" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I was talking to someone today and we were trying to come up with a
> good formal definition of a key (in regards to cryptography, no
> car/house/etc key comments please :) )
> Now after looking through the few crypto books I have (Applied crypto,
> etc) they don't seem to have a good definition either.
> Can anyone help me out?
>
> Thanks.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm
Reply-To: [EMAIL PROTECTED]
Date: Thu, 31 May 2001 13:55:21 GMT
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : [...] when talking about ciphers (say in the same
:> : sentence) saying "non-bijective" is a bad idea.
:>
:> "Most types of padding used in association with modern cyphers result
:> in a non-bijective map between the space of possible plaintexts and
:> the space of possible cyphertexts."
: And how is a bijective map an advantage in this case? [...]
Well, this is an aside from the original discussion, but:
If you don't have a bijective map, some possible decrypts will be
identifyable as impossible padded files (assuming the process is
deterministic).
: Doesn't it imply that two identical plaintexts enciphered under the
: same key will result in the exact same ciphertexts?
It does - unless after applying the bijective padding, you encrypt with an
IV or something.
: It seems to me that the bicom chaining mode has to be one which somehow
: works without padding (in any ordinary sense of the word padding) for it
: to have the properties claimed.
Sort of. The BICOM chaining mode is ordinary CBC block chaining.
The padding section of BICOM will "ajdust" a one-byte file so that it can
be fed directly through Rijndael.
"Bijective padding" is not a completely unreasonable term.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Thomas J. Boschloo" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss,alt.privacy.anon-server
Subject: Re: Boschloo FLOOD on alt.privacy.anon-server
Date: Thu, 31 May 2001 16:08:03 +0200
=====BEGIN PGP SIGNED MESSAGE=====
Stop Boschloo posting diarrhea wrote:
>
> On Sun, 06 May 2001, "Thomas J. Boschloo" <[EMAIL PROTECTED]> wrote:
Well, if it isn't the 'bore bot' again. I was afraid you were gone and
had moved on to a new (and more destructive) tactic.
Good luck on your doomed mission,
Thomas
(BTW Did you know you resemble a 'boghog' as in 'Mostly Harmless'
Chapter 7?)
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
Comment: My homepage <http://home.soneraplaza.nl/mw/prive/boschloo>
iQB5AwUBOxZBsAEP2l8iXKAJAQEYKQMdHZJGKCiHYv4NgXLGGIj5ZFmNBw2bEc8X
RvOOin5DL378vs5Qjm46/c/JxFBOtDGCsWjC2OCIYavpkfTy/ghR2NTdJfL13j5P
vxSiZ/O/W8h2WFU812QIpbG2UsQzP40U6sl2fg==
=4JfF
=====END PGP SIGNATURE=====
--
Android 16: "I will only fight Goku"
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Thu, 31 May 2001 13:37:15 GMT
Jeffrey Walton wrote:
> That is a funny point. The design of their badge is probably
> classified.
NSA uses "badges" for controlled access and not to show to strangers.
NSA employees have DoD identification cards, like other DoD employees.
You seem to be thinking that NSA is a law enforcement agency; it is not.
> I think their charter is still classified. Can anyone comment? I read
> a newspaper report that because of the secret charter, the NSA felt it
> was good business to spy on US citizens (which is in the FBI's
> province). Seems they stepped on some toes over it.
You shouldn't believe much of what you read in the newspaper.
The NSA charter was declassified years ago. They emphatically
do not have a charter to spy on US citizens; to the contrary they
are forbidden by law to do so except under certain extraordinary
circumstances; there are various watchdog mechanisms and mandatory
awareness training in a serious attempt to conform to that law.
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Thu, 31 May 2001 15:48:26 +0100
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Jeffrey Walton wrote:
> > That is a funny point. The design of their badge is probably
> > classified.
>
> NSA uses "badges" for controlled access and not to show to strangers.
> NSA employees have DoD identification cards, like other DoD employees.
> You seem to be thinking that NSA is a law enforcement agency; it is not.
>
> > I think their charter is still classified. Can anyone comment? I read
> > a newspaper report that because of the secret charter, the NSA felt it
> > was good business to spy on US citizens (which is in the FBI's
> > province). Seems they stepped on some toes over it.
>
> You shouldn't believe much of what you read in the newspaper.
> The NSA charter was declassified years ago. They emphatically
> do not have a charter to spy on US citizens; to the contrary they
> are forbidden by law to do so except under certain extraordinary
> circumstances; there are various watchdog mechanisms and mandatory
> awareness training in a serious attempt to conform to that law.
True, in the same way that the UK GCHQ equivalent of doesn't spy on UK
citizens....It gets other countries security establishments to do their
dirty work.............
--
Sam Simpson
http://www.scramdisk.clara.net/
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Help with RSA
Date: Thu, 31 May 2001 14:53:19 GMT
Look at crypto++ or at cryptlib, there are others, but these are nice packages
and are "freely" available.
Cheers ... Flip
In article <9f4svv$29u$[EMAIL PROTECTED]>, Uros Podlogar says...
>
>I am a complete beginner, but I have read some books and now know how RSA
>works. I have to implement RSA encryption and have some questions:
>
>1. Are there any public sites or free software for RSA key generation? I am
>considering key lengths 512 or 1024 bits.
>
>2. Is there a free and simple library that supports RSA encryption and
>decryption. I found several big libraries that support also other types of
>encryption. I have to port this software to two platforms and I would be
>very happy if I could get short source code.
>
>3. As I understand for RSA I need keys P, G and number N. I use one key to
>encode and the other one to decode. As I understand encode and decode
>functions is the same. The only change is the key that I use. Am I right?
>
>Writing encode and decode routines is not that complicated, but I would very
>much like to get keys elsewhere (I would not like to write whole key
>generation program that will be used only once).
>
>Thank you for your help.
>
>Bye
>
>Uros
>
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Large Number Math Package
Date: Thu, 31 May 2001 15:04:04 GMT
Hi All,
I was wondering if someone could direct me to a big number crypto math library.
Does one exist that contains all of the typical math operators, but also
contains min, gcd, lcm, jacobi symbol, modular exponentialtion, mod, etc. which
handle infinite precision numbers?
I have seen several large integer packages, but have not worked with them and
was hoping to avoid hashing through them all.
Also, is anyone aware of the X9.31 implementation (it is the ANSI standard which
defines how to digital signatures which is inclusive of RSA and all of the good
stuff to generate primes, primality tests, signing and verifying ... it is a
wonderful specification!). I was wondering if anyone knows of C or C++ code
which implements this standard.
Does anyone have any suggestions? Thank you for any inputs ... Wilson
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: National Security Nightmare?
Date: 31 May 2001 14:57:40 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in <[EMAIL PROTECTED]>:
>Jeffrey Walton wrote:
>> That is a funny point. The design of their badge is probably
>> classified.
>
>NSA uses "badges" for controlled access and not to show to strangers.
>NSA employees have DoD identification cards, like other DoD employees.
>You seem to be thinking that NSA is a law enforcement agency; it is not.
>
>> I think their charter is still classified. Can anyone comment? I read
>> a newspaper report that because of the secret charter, the NSA felt it
>> was good business to spy on US citizens (which is in the FBI's
>> province). Seems they stepped on some toes over it.
>
>You shouldn't believe much of what you read in the newspaper.
>The NSA charter was declassified years ago. They emphatically
>do not have a charter to spy on US citizens; to the contrary they
>are forbidden by law to do so except under certain extraordinary
>circumstances; there are various watchdog mechanisms and mandatory
>awareness training in a serious attempt to conform to that law.
>
It was created with a secret charter that much is well known.
That they seem to opersate out side the law is also well known.
That they have released an unclassifed verision a few years ago
is also known. But like much in the government untruth and deception
is part of the game. The question now is. What is the real current
charter instead of the unclassifed one given out for public
compsumtion. I don't expect in out life times the true mission
of the NSA will be fully known except its safe to say they
will never till the truth since lying is such a large part of there
life.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: National Security Nightmare?
Date: 31 May 2001 15:14:33 GMT
[EMAIL PROTECTED] (Sam Simpson) wrote in
<9RsR6.1926$[EMAIL PROTECTED]>:
>
>"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> Jeffrey Walton wrote:
>> > That is a funny point. The design of their badge is probably
>> > classified.
>>
>> NSA uses "badges" for controlled access and not to show to strangers.
>> NSA employees have DoD identification cards, like other DoD employees.
>> You seem to be thinking that NSA is a law enforcement agency; it is
>> not.
>>
>> > I think their charter is still classified. Can anyone comment? I
>> > read a newspaper report that because of the secret charter, the NSA
>> > felt it was good business to spy on US citizens (which is in the
>> > FBI's province). Seems they stepped on some toes over it.
>>
>> You shouldn't believe much of what you read in the newspaper.
>> The NSA charter was declassified years ago. They emphatically
>> do not have a charter to spy on US citizens; to the contrary they
>> are forbidden by law to do so except under certain extraordinary
>> circumstances; there are various watchdog mechanisms and mandatory
>> awareness training in a serious attempt to conform to that law.
>
>True, in the same way that the UK GCHQ equivalent of doesn't spy on UK
>citizens....It gets other countries security establishments to do their
>dirty work.............
>
They say they don't spy. But its like Clinton saying I was never
alone with that lady. Its all lies. Example when there spying on
ones own system since much of equipment jointly owend they can say
we are using the other percent of system to get the info. Or may they
are not spying since it came in on a fiber optic cable that was owned
by the other side. I really wish they would be honest an say yes we
spy on anybody one can. But I doubt they we ever be honest enough to
say that.
I think one reson they lie is that since its against the law or
at least the version advertised to public. Is so that that get
conditioned to lying and breaking of more serious laws. So it makes
since to lie about everything from there point of view. Also you
can say which employees can be trusted to do the dirty work. If some
one is honest you don't advance him. Take Waco as an exnaple though
FBI and not NSA they needed a sniper that could be trusted to kill
a woman holding babys so they took the one good at following orders
and used the guy who killed the lady at ruby ridge. Bad from a PR
point of view. But they needed sniper they could trust to do the
job "right". I'm sure its that way in the NSA too. I suppose the
FBI so bold after those two succsess is what has lead to the sloopy
work in the McVeigh case. They know they are the law and can keep
or hide whatever documents they want. It worked in the past and
they know it will work in the future as long as they can keep
honest people out who would have respect for honest due process of
law. At least that is my view maybe your shade of rose color glasses
sees it differently.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Thu, 31 May 2001 17:34:07 +0200
Sam Simpson wrote:
>
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> > You shouldn't believe much of what you read in the newspaper.
> > The NSA charter was declassified years ago. They emphatically
> > do not have a charter to spy on US citizens; to the contrary they
> > are forbidden by law to do so except under certain extraordinary
> > circumstances; there are various watchdog mechanisms and mandatory
> > awareness training in a serious attempt to conform to that law.
>
> True, in the same way that the UK GCHQ equivalent of doesn't spy on UK
> citizens....It gets other countries security establishments to do their
> dirty work.............
That's not unnatural, after all. All official organizations
of a country are obliged to render help to one another in
cases of need. (Is there a special English term for that
kind of help?) At the international level, all democratic
countries coorperate for purposes of furthering the
well-being of the people and maintaining the eternal peace
of the world, isn't it?
M. K. Shen
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Thu, 31 May 2001 18:00:23 +0200
Mok-Kong Shen wrote:
> At the international level, all democratic
> countries coorperate for purposes of furthering the
> well-being of the people and maintaining the eternal peace
> of the world, isn't it?
Yeah, and all cooperate very well in polishing the bottom of the earth disc.
That's why I'd like to abolish the concept of "country".
They seem to exist only in order to set people against each other.
Greetings!
Volker
--
They laughed at Galileo. They laughed at Copernicus. They laughed at
Columbus. But remember, they also laughed at Bozo the Clown.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
