Cryptography-Digest Digest #488, Volume #14 Fri, 1 Jun 01 04:13:01 EDT
Contents:
Re: RSA's new Factoring Challenges: $200,000 prize. (Rob Warnock)
Re: A new technology for internet security? ("JGuru")
Re: Help with JAVA code for octet string ("JGuru")
Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes
(Merc42)
Re: DES Crypto Myth?? (Paul Crowley)
Re: Stream Cipher combiners (Paul Crowley)
Re: Turbo Small Public Key Cryptosystem (Paul Crowley)
Re: And the FBI, too (Re: National Security Nightmare?) (Paul Crowley)
Re: Medical data confidentiality on network comms ((chenshaw@(T<H+ESE)sympatico.ca)
(Coridon Henshaw))
Re: Uniciyt distance and compression for AES ("John A. Malley")
Re: Uniciyt distance and compression for AES (Dennis Ritchie)
Re: Stream Cipher combiners (David Wagner)
Re: Definition of 'key' ("John A. Malley")
Re: Diffusion limits in block ciphers (Mok-Kong Shen)
Re: Diffusion limits in block ciphers (wtshaw)
Re: Definition of 'key' (wtshaw)
Re: Medical data confidentiality on network comms (wtshaw)
Re: crypt education ("M.S. Bob")
Re: Is RSA suitable for DSA? ("Jeffrey Walton")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Rob Warnock)
Crossposted-To: sci.math
Subject: Re: RSA's new Factoring Challenges: $200,000 prize.
Date: 1 Jun 2001 03:51:46 GMT
Michael Brown <[EMAIL PROTECTED]> wrote:
+---------------
| "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
| > The main unresolved question seems to be, how many operations
| > can we expect for finding a typical N-bit prime factor?
|
| If you are referring to my algorithm (hopefully :P), then there
| are x^3 - x^2 - x boxes to complete, where x is the number of digits
| in the maximum prime.
+---------------
On your web page, you say:
The biggest problem, though, is storage. To factor a number
made up of primes of length n bits requires n^3-n^2-n boxes,
which at a byte a box means that to factor a 4096 bit RSA key
(the original goal of the project) would require 8GB of RAM.
This, even today, is a lot. Dynamic allocation, therefore, is a must.
Actually, 8GB of RAM is *NOT* a lot, at least not in certain circles.
We routinely sell multi-CPU systems with hundreds of GB of main RAM on
them <URL:http://www.sgi.com/origin/3000/3800.html>, and have delivered at
least one with the full 1TB maximum RAM <URL:http://www.sgi.com/newsroom/
press_releases/2001/march/nasa.html>. And I'm sure that if there's any
backtracking your method needs to do, having 512 CPUs to work on subproblems
in parallel can't hurt, either! ;-}
So I'd be more concerned about Doug's question about "number of operations"
than about the memory...
-Rob
p.s. Note that the systems I'm referring to are cache-coherent. All of
the CPUs see all of the memory with a "sequential consistency" coherency
model.
=====
Rob Warnock, 31-2-510 [EMAIL PROTECTED]
SGI Network Engineering <URL:http://reality.sgi.com/rpw3/>
1600 Amphitheatre Pkwy. Phone: 650-933-1673
Mountain View, CA 94043 PP-ASEL-IA
------------------------------
From: "JGuru" <[EMAIL PROTECTED]>
Subject: Re: A new technology for internet security?
Date: Fri, 01 Jun 2001 03:59:21 GMT
"Invicta" is quite close to "Invita" don't you think?
http://www.zdnet.com/zdnn/stories/news/0,4586,2767013,00.html?chkpt=zdhpnews
01
"Simon Josefsson" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Mok-Kong Shen <[EMAIL PROTECTED]> writes:
>
> > David Hopwood wrote:
> > >
> > > Mok-Kong Shen wrote:
> > > > A US firm claims to have developed a new technology for
> > > > internet security though varying the IP addresses:
> > > >
> > > > http://dailynews.yahoo.com/h/nm/20010521/wr/tech_security_dc_1.html
> > >
> > > I don't see how this would have the slightest effect against attacks
on
> > > application-level protocols (exploiting insecure CGI scripts or e-mail
> > > clients that run executables, for example), which are the biggest
> > > practical threat anyway. Also, it introduces all the same protocol
> > > incompatibility problems as Network Address Translation.
> >
> > It may be interesting to know how it is possible (at all)
> > to have a huge virtual space of IP addresses to switch
> > from.
>
> Yes, especially considering:
>
> The Invicta system uses special cards to link protected
> computers to a central control unit. It lets clients decide
> how often they wish to vary IP addresses and specify which
> applications may be accessed on their network. The number of
> IP addresses drawn on may be in the billions thanks to an
> artificial increase in cyberspace, Sheymov said.
>
> Billions of IP addresses? Perhaps they should give them to RIPE
> instead to prevent the exhaustion of the IP address space...
>
> It looks like it is some kind of NAT and/or tunneling device.
>
------------------------------
From: "JGuru" <[EMAIL PROTECTED]>
Subject: Re: Help with JAVA code for octet string
Date: Fri, 01 Jun 2001 04:15:38 GMT
I have no clue what you really want but there is this:
Integer.toOctalString(0x12345678);
"Sam" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
Can some body help me by giving few lines simple JAVA code for converting
plaintext to octet string
* like in rfc 2313 PKCS1v1.5
D= plaintext, PS = padding, BT = block type, EB = output octet string
EB = 00 || BT || PS || 00 || D of length equal to modulus lengths in
octets
BT block type = 01 for private and 02 for public
PS padding string = (for BT=01) = FF
= (for BT=02) = pseudorandomly gemnerated octet
Also JAVA code for converting Octet String to integer and Integer to Octet
string
Thanks in advance
Sam
------------------------------
From: [EMAIL PROTECTED] (Merc42)
Subject: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large
Primes
Date: 31 May 2001 22:16:18 -0700
I am semi-new to cryptography and am currently in the middle of a
school project based on it. I was wondering if anybody could give me
any advice in helping me with my project in which i hope to compare
the mathematical differences in using discrete logs, the knapsack
(super increasing and non), and factoring large primes as a basis of
cryptographic security. I was wondering if anybody knows any good
books on complexity theory that could help me or any other help would
be greatly appreciated.
-Thanx
...and just maybe im to blame for all ive heard...
------------------------------
Subject: Re: DES Crypto Myth??
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Fri, 01 Jun 2001 05:35:15 GMT
[EMAIL PROTECTED] (Roger Fleming) writes:
> I think he is quoted so often because, as well as being a competent
> cryptographer, he is a good writer; there are many crypto "truths"
> that are succintly summarised by his pithy one-liners and thus very
> amenable to using on usenet.
Whether or not he's the best in the field is irrelevant (and, indeed,
the title is pretty meaningless); what matters is whether his writing
about crypto is readable and accurate, which it is.
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark
------------------------------
Subject: Re: Stream Cipher combiners
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Fri, 01 Jun 2001 05:35:16 GMT
Nigel Smart <[EMAIL PROTECTED]> writes:
> There is a distinct confusion here between what Math generally people do
> and what CS/Engineers do. Rather like the sqrt(-1) being i or j depending
> on where you come from. Neither is wrong/right just a matter of taste....
All of these notations refer to groups; what would you use for the
field of integers modulo a prime? Is GF(p) the one universally used
notation?
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark
------------------------------
Subject: Re: Turbo Small Public Key Cryptosystem
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Fri, 01 Jun 2001 05:35:16 GMT
"Michael Brown" <[EMAIL PROTECTED]> writes:
> Since the fastest DES implementation is long gone, who's up for the
> challenge of writing the smallest one? I reckon a few incredibally
> convuluted lines of assembler would do the trick :)
It seems to me it might be more fun and more useful to write the
world's smallest Rijndael implementation. If you don't care about
speed, you don't need any tables at all...
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark
------------------------------
Crossposted-To: talk.politics.crypto
Subject: Re: And the FBI, too (Re: National Security Nightmare?)
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Fri, 01 Jun 2001 05:35:17 GMT
Paul Rubin <[EMAIL PROTECTED]> writes:
> I don't think "NSA agents" are likely to show anyone badges to start
> questioning them.
Hey, I've been questioned by someone with an NSA badge!
OK, so it was at a crypto conference, and the "badge" was a perfectly
ordinary delegate laminate bearing the name of his employer, and the
questions were about the presentation I'd given, but it still counts,
right? :-)
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark
------------------------------
Crossposted-To: comp.security.misc
Subject: Re: Medical data confidentiality on network comms
From: (chenshaw<RE<MOVE>@(T<H+ESE)sympatico.ca) (Coridon Henshaw)
Date: Fri, 01 Jun 2001 05:32:23 GMT
[EMAIL PROTECTED] (wtshaw) wrote in news:jgfunj-3005012013410001@dial-245-
201.itexas.net:
> Poetic justice would be having Gates need emergency medical care, be
> hooked up to equipment powered by Windoze, and having it unexpectedly
> crash. Decision making techfolk should think of the serious implications
> of bad designs when what goes around comes around.
A lot of the economic problems in society stem from the fact that decision-
makers in business and government are in no way accountable for the
consequences of their actions. Indeed, business leaders who make bad
decisions are frequently rewarded. Gates is one example, but while a
personal, terminal, consequence has its appeal, a far more fitting price
would be to require the Microsoft Billionaires to pay back--from their
personal fortunes--the billions of dollars worth of time (in millions of
wasted person-hours) defrauded from the global economy by Microsoft's
unstable products.
--
Coridon Henshaw -- http://www3.sympatico.ca/gcircle/csbh
"..To expect a good deal from life is puerile." -- D.H. Lawrence
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Uniciyt distance and compression for AES
Date: Thu, 31 May 2001 22:35:27 -0700
"SCOTT19U.ZIP_GUY" wrote:
[...]
>
> I don't have the papers readily avialable but I think it was in
> his Comm paper where he discusses enropy and he calls it H.
> But I am sure others know exactly where it is. I confuses idea
> security and perfect secure definations and someone pointed to out.
>
It's probably this post from March 28 2001, in the thread titled "Idea -
(LONG)", which I found on Google:
http://groups.google.com/groups?start=20&hl=en&lr=&safe=off&th=1eb1c8b75d79c44e,75&rnum=29&ic=1&selm=3AC2DEDD.C9F93AC1%40compuserve.com
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: Dennis Ritchie <[EMAIL PROTECTED]>
Subject: Re: Uniciyt distance and compression for AES
Date: Fri, 01 Jun 2001 05:44:15 +0000
[EMAIL PROTECTED] asked:
> Where does Shannon discuss compression in detail? I did a quick flip
> through
> his "Comm. Theory of Secrecy Systems" and only found a passing reference
> to
> compression. If memory serves, he doesn't discuss it in "A Mathematical
> Theory of Comm. Systems" either.
>
> I would be interested in reading any research he did on compression.
> As far as I'm concerned, Shannon was "the man" (and not just because
> of his secrecy system theory).
One place is
C.E. Shannon, "Prediction and Entropy of Printed English," Bell Syst. Tech J,
v. 30, pp 50-64, 1951.
It is reprinted in the Sloane and Wyner compilation of Shannon's papers,
IEEE press, ISBN 0-7803-0434-9. This book is expensive and takes
a while to be delivered, but my copy arrived a month or so ago.
This paper is an expansion and analysis of the discussion of entropy
of English in his epochal paper, but not a general treatise on compression.
Still, if he's "the man", you might want to spring for the book; there's lots
in it.
Dennis
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Stream Cipher combiners
Date: Fri, 1 Jun 2001 05:58:00 +0000 (UTC)
Paul Crowley wrote:
>All of these notations refer to groups; what would you use for the
>field of integers modulo a prime? Is GF(p) the one universally used
>notation?
I tend to use GF(p) when I care mainly that it is a finite field
and am not using much about how the elements are represented; when
it is somehow relevant that the elements are represented as integers
taken modulo p, then I tend to prefer Z/pZ. But this is just a
personal (and possibly idiosyncratic) preference.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Definition of 'key'
Date: Thu, 31 May 2001 23:09:23 -0700
John Savard wrote:
>
[...]
>
> A cipher is a set of transformations, which when applied to a
> plaintext, produce a ciphertext. The key is the number of a
> transformation in that set.
>
That's a good definition. It's just like Shannon's definition of a key
in his paper "Communications Theory of Secrecy Systems", Bell Systems
Technical Journal, 1949:
"A secrecy system is defined abstractly as a set of transformations of
one space (the set of possible messages) into a second space (the set of
possible cryptograms). Each particular transformation of the set
corresponds to enciphering with a particular key. The transformations
are supposed reversible (non-singular) so that unique deciphering is
possible when the key is known."
So the key is an index (number) of a particular transformation in a set
of transformations mapping the set of possible messages into the set of
possible cryptograms, and "secrecy system" = "cipher."
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Diffusion limits in block ciphers
Date: Fri, 01 Jun 2001 09:16:46 +0200
[EMAIL PROTECTED] wrote:
>
[snip]
> What I meant by the latter sentence is that a block cipher operates
> only on a n-bit portion of the entire message, so the diffusion only
> occurs within those n-bits. Apparently this isn't a problem but
> I don't understand why. Intuitively it seems that a hypothetical
> block cipher with a block length, N, equal to the entire message length
> would have better strength than using the same block cipher algorithm to
> encrypt
> the message in n bit chunks where n<<N.
In general, having a larger block size should 'permit'
better encryption, I believe. (Analogy: In optimization,
posing constraints generally reduces the optimum.) Thus
whole file processing, which is the extreme case, should
be advantageous, if done right. (There are certainly
people who claim that it is difficult to do right in
that, though, and conclude that the currently common
block sizes are the best ones.)
M. K. Shen
==========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Diffusion limits in block ciphers
Date: Fri, 01 Jun 2001 00:55:34 -0600
In article <9f66u3$2rc8$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(David Wagner) wrote:
> >For an n-bit block cipher, plaintext bits 0 through n-1 can only affect
> >ciphertext bits 0 through n-1. Input changes in one block have
> >absolutely no effect on the outputs of other blocks.
>
> I don't really understand what you mean by the latter sentence.
> Diffusion between blocks is outside of the domain of the block cipher;
> that's the responsibility of the chaining mode. And good chaining modes
> (e.g., CBC, CFB, ...) do ensure sufficient diffusion to stop attacks.
It would seem that if an attack in not feasible without a chaining method,
indeed with little or no diffusion involved, it would mean that the core
algorithm is stronger than those that beg for all the diffusion help you
can find.
--
Sign for the White House lawn:
WARNING! Irresponsible Parents Live Here.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Definition of 'key'
Date: Fri, 01 Jun 2001 01:00:55 -0600
In article <[EMAIL PROTECTED]>, "John A. Malley"
<[EMAIL PROTECTED]> wrote:
...
>
> So the key is an index (number) of a particular transformation in a set
> of transformations mapping the set of possible messages into the set of
> possible cryptograms, and "secrecy system" = "cipher."
>
It's in you best interests to make such mapping extremely difficult so
that the attacker cannot see blocks which represent the same plain text.
--
Sign for the White House lawn:
WARNING! Irresponsible Parents Live Here.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: comp.security.misc
Subject: Re: Medical data confidentiality on network comms
Date: Fri, 01 Jun 2001 01:16:22 -0600
In article <9f6dto$ip5$[EMAIL PROTECTED]>, "Harris Georgiou"
<[EMAIL PROTECTED]> wrote:
> Ο wtshaw <[EMAIL PROTECTED]> έγραψε στο μήνυμα συζήτησης:
> [EMAIL PROTECTED]
> > In article <9f5te9$rg8$[EMAIL PROTECTED]>, "Niels Ferguson"
> > <[EMAIL PROTECTED]> wrote:
> > >
> > This is not a meaningful line of logic. A copy can be copied or tapped as
> > transfered. Once access is obtained, there is surely no realistic means
> > of tracking where it might go. The nature of digital information is that
> > it does not act like paper or outdated related thinking.
>
> Not entirely true. If the medical data are kept in a well controlled manner
> (even in case of distributed DBs), then there is always the possibility of
> time-limited key-controlled access. To ensure that the access is copy-proof
> one has to impose strict regulations and politics on hardware (i.e. not
> using any hardcopies or removable storage), as long as the medical care
> system can afford the cost of such infrastructure. And of course, encryption
> & decryption can be always a click away (but not in case of paper).
You must deal with the totality of security, and what is available for
hardware and software generally seems to be rather insecure. As long a
people buy into remove maintenance of their software, they are not
qualified to claim they are responsible for it.
>
> > A patient's records should be controlled by the patient and doctor
> > involved. All access should require original and revokable permission.
> > Data bases are only justified when individual patient identification is
> > forbidden. Otherwise, use is an invasion of privacy, no buts about it, no
> > tolerance given, and woe be to those who trangress the doctor-patient
> > relationship.
>
> Still the original problem remains the same. As long as anyone can make
> photocopies (hardcopies) or backups (digital copies) of sensitive data,
> there is always the possibility of unauthorized use some time in the future.
>
Guess who should the keys. Certainly not a third party. Guess who should
control the system. Certainly not a third party. And, as long a poor
encryption is used, the challenge is there for breaking it. Centralized
data bases exist make information more available to more people. Don't
claim that it doesn't.
--
Sign for the White House lawn:
WARNING! Irresponsible Parents Live Here.
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Subject: Re: crypt education
Date: Fri, 01 Jun 2001 08:56:10 +0100
Thorsten Holz wrote:
>
> Hello,
>
> I've got a question for the same topic:
>
> Which University would you recommend for someone who is interested in
> cryptography and maths? Currently I study in Germany, but I want to
> take a year abroad :)
Avi Rubin's list of crypto and security courses
http://avirubin.com/courses.html
Counterpane's list of courses
http://www.counterpane.com/courses.html
Google Groups thread - Re: _"Good" school in Cryptography ("was" I got
accepted)
<http://groups.google.com/groups?hl=en&lr=&safe=off&ic=1&th=fe1adeb318105b77,29&seekm=Pine.LNX.4.10.10104121305001.6111-100000%40gs264.sp.cs.cmu.edu#p>
------------------------------
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: Is RSA suitable for DSA?
Date: Fri, 1 Jun 2001 04:10:42 -0400
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
Uros,
The method you choose seems to be sound (RSA). RSA is based
on factorization, which is generally believed to be a hard
problem (no P ?= NP debate, please).
Why do you want to encrypt the registration code? Will the
encrypted registration code be sent to an 'authentication
server' or such? Or are you attempting to hide an 'unlock'
key in your software?
If the later, the reverse engineers are very resourceful.
Eventually, you will have to compare registration codes,
which will betray you.
I don't see the application of the DSA. How do you intend
to use it?
"Uros Podlogar" <[EMAIL PROTECTED]> wrote in
message news:PWyR6.944$[EMAIL PROTECTED]...
| I would like to encrypt registration code. In registration
code will be
| basic information about registration and software that he
or she is
| registering. This would be usually string no longer than
15 or 20 bytes.
|
| First I thought that I could use RSA algorithm. The good
thing is that I can
| encrypt registration code with my private key software
that I will be
| registering with this code will use public key. Nobody can
find out my
| private key with debugging registered software and I can
easily check
| integrity of registration code.
|
| But three things are bothering me:
|
| 1. If I would use short keys, my code will be broken
easily. But if I will
| use long key and encrypt my short data, encrypted message
will be long and
| not usable as a registration code.
|
| 2. I would use same private and public key for all keys
where message
| contents (that I am encrypting) is easily to predict. Is
in this case any
| easier to break encrypted message.
|
| 3. In replies to my last question one mentioned that I
should use good
| random number generator. I would generate one public and
one private key. I
| will have public key inside my software and because of
that I can not change
| private key. Because of that I will use random generator
only once and its
| quality is not that important.
|
| If someone knows how registration codes are usually
encrypted, please let me
| know.
|
| Thank you for your help.
|
| Bye
|
| Uros
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
