Cryptography-Digest Digest #529, Volume #14 Tue, 5 Jun 01 19:13:00 EDT
Contents:
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: One last bijection question (Stanley Chow)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: One last bijection question ("Tom St Denis")
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes
(sisi jojo)
Re: One last bijection question (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Welcoming another Anti-Evidence Eliminator stooge to USENET ("Tom St Denis")
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes
("Tom St Denis")
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: One last bijection question (Thorsten Holz)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
----------------------------------------------------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 5 Jun 2001 21:45:49 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> :> Which only gets us as far as an OTP - which has the *same* security
:> :> problem as counter mode if messages are of varying lengths and
:> :> the plaintexts and cyphertexts are of equal lengths.
:>
:> : What problem?
:>
:> Lack of perfect secrecy for a start.
: Given your limited understanding of "perfect secrecy" this doesn't mean
: much.
My *WHAT*!???
How is my understanding "limited"?
:> : If all possible messages are uniformly distributed you have
:> : no advantage hence you can't tell which message is the real one.
:>
:> In the case under discussion being given the cyphertext gives a *big*
:> clue about the plaintext - namely its length. That is likely
:> to immediately rule out most plaintexts.
: Oh yes, the real plaintext can't be trillion bytes long. So what?
So all possible messages are *not* uniformly distributed,
(given the cyphertext) - so there's *no* perfect secrecy, and your
argument that the attacker has "no advantage" collapses.
:> : If all messages are uniformly distributed you can't find the real
:> : message. [...]
:>
:> ...but since some messages are longer than 8 bits, the possible plaintexts
:> are *not* uniformly represented by an 8-bit cyphertext.
:>
:> Some (the ones with 8 bits) have probability 1/256. All other plaintexts
:> have probability 0. That is not a "uniform distribution".
: Yes, but if you want to use math against me try using it right. the
: messages >1 byte are not part of the set.
They /are/ possible messages...
: The plaintext is assumed to be a byte thus 0x123456 is not a member of
: that set.
*No*. The plaintext is *not* assumed to be a byte. We're talking about
BICOM and CTR mode here. These can encrypt more than just single byte
messages. Assuming the plaintext is a byte is a ridiculous, unphysical
assumption. What is your basis for assuming this?
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 5 Jun 2001 21:51:26 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
>
>: Tim I think TOM is just trying to make ass out of himself
>
>He seems to me to have been doing a lot of that recently:
>
>First the "unicity distance", then the "bijection", and now the
>"CTR mode". I guess we just rub him up the wrong way - so that
>all of his conceptual problems come to the surface at once.
I think that he does not reason well. He knows that I think
Wagner and Mr BS are pompous phonies. And I think he wishs
to appear knowledgeable in there eyes so he just argues to try
to look good with ever thinking about it. I think he wrong
assumes Wagner would step in and correct his errors. But I am
sure he is just laughing at the whole situation. Wagner does
not want to say nice things about BICOM becasue it not a product
from the crypto insiders club. He can't stand to see a ameutor
come up with something. But I am sure the big boys will
eventually steal the idea as there own and never give me or
Matt any credit for it.
>
>: The thread will go no where. He will only twist it. He can't
>: even answser the simple fact theat if one used CTR mode so
>: a one byte cipher text file decrypts to 256 messages. And
>: one used BICOM where a one byte output file could represent
>: thousands and thousands of possible input messages. He in
>: this example doesn't know which case is more secure. If he
>: can't comprehend the obvious why keep tryinig. [...]
>
>You seem to be much better than I am at stopping correcting people
>when it should be obvious to everyone that they're mistaken.
>
I finally quit and usually let him have last word. But
I am not sure everyone realizes the final end. I assume those
they really have lack of understanding will wrongly belive TOM
since I will give up and my grammer sucks. People who don't
know go with grammer so I am glad to see you trying to eduacate
him but he does not listen.
>I tend to carry on until they capitulate - or give up.
>
>I'm probably too afraid that stopping arguing will lead people to
>think that I've realised my error and have given up.
>
>On the other hand (no offense to anyone intended) there's the
>"if you're arguing with an idiot, that probably makes two of you"
>proverb to consider.
>
Well I'm sure most think am an idiot. I have even been in
adult chat rooms where I think I'm talking (typing ) to an
woman in 20-30's at least they say they are. But after a few
lines most conculde I must be at most a 12 year old. I can't
type fast and correct at all. I would make a good cop trying
to catch pedafiles since I can't type better than a child
I would not need to fake it.
>I should probably start giving that proverb more weight.
Well there is a limit since Tom will always try to change
the original topic to something else and most may forget what
was even argued about.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Stanley Chow <[EMAIL PROTECTED]>
Subject: Re: One last bijection question
Date: Tue, 05 Jun 2001 17:34:30 -0400
Tom St Denis wrote:
>
> I'm most likely wrong.... can someone explain this? The only other meaning
> I can find is that A and B are not the same set but can map back and forth.
> But isn't that an injection?
Bijection means that A and B are "essentially" the same; it does
not mean they "are" the same.
Another way of saying it is that A and B are isomorphic (which
means there is a bijection/isomorphic map between A and B). Very
circular, but the distinction is important.
What it means is that anything you do to (elements of) A, there is
an equivalent thing that you can do to the equivalent elements of B;
this equivalent thing is induced by the bijection/isomorphim.
These concepts (iso/homo/...) capture some structure that is of
interest and ignores what is not. Many interesting theorems are of
the form:
thingieA is XXXmorphic to thingieB
where thingies are from different fields of study. This allows
results to be applied to a different field.
The dictionary site give a definition for "isomorphism" that is more
useful than their definition for "bijection".
--
Stanley Chow VP Engineering [EMAIL PROTECTED]
Cloakware Corp (613) 271-9446 x 223
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 5 Jun 2001 21:51:17 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
:> : Tim I think TOM is just trying to make ass out of himself
:>
:> He seems to me to have been doing a lot of that recently:
:>
:> First the "unicity distance", then the "bijection", and now the
:> "CTR mode". I guess we just rub him up the wrong way - so that
:> all of his conceptual problems come to the surface at once.
: Well I am not familiar with alot of math terminology or symbols since they
: don't teach it in school. But I am vaguely aware of combinatorics and
: finite math and I know that if the message space has a uniform distribution
: you have no advantage.
If all plaintexts are equally probably (given the cyphertext) then
Shannon's perfect secrecy applies.
However that is clearly not the case here - most plaintexts have
probability zero if given a 1-byte cyphertext that came from
using CTR mode.
:> On the other hand (no offense to anyone intended) there's the
:> "if you're arguing with an idiot, that probably makes two of you"
:> proverb to consider.
:>
:> I should probably start giving that proverb more weight.
: Or just realize your fallacy.
We have no fallacy to realise. This is just another case of your being
full of hot air :-|
: Gimme a break guys. You're arguing non-sense. You can't even solve
: 55 = P + K mod 256
: And you know the length of both P and K!
: If you can't solve this, how can you state what you are a saying is a truth?
Rather simply. That puzzle has no unique solution - but our argument
does not depend on being able to uniquely solve that problem.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: One last bijection question
Date: Tue, 05 Jun 2001 22:01:53 GMT
"Stanley Chow" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> >
> > I'm most likely wrong.... can someone explain this? The only other
meaning
> > I can find is that A and B are not the same set but can map back and
forth.
> > But isn't that an injection?
>
> Bijection means that A and B are "essentially" the same; it does
> not mean they "are" the same.
>
> Another way of saying it is that A and B are isomorphic (which
> means there is a bijection/isomorphic map between A and B). Very
> circular, but the distinction is important.
>
> What it means is that anything you do to (elements of) A, there is
> an equivalent thing that you can do to the equivalent elements of B;
> this equivalent thing is induced by the bijection/isomorphim.
>
> These concepts (iso/homo/...) capture some structure that is of
> interest and ignores what is not. Many interesting theorems are of
> the form:
> thingieA is XXXmorphic to thingieB
> where thingies are from different fields of study. This allows
> results to be applied to a different field.
>
> The dictionary site give a definition for "isomorphism" that is more
> useful than their definition for "bijection".
Thanks for the info. I think it's a matter of actually sitting down and
doing a nice Venn diagram :-)
To the sci.crypt group: Sorry for asking stupid questions so often... Just
trying to make sure I understand the vocabulary first!
Tom
------------------------------
From: [EMAIL PROTECTED] (sisi jojo)
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large
Primes
Date: 5 Jun 2001 15:02:04 -0700
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
news:<ebvtZ6S7AHA.201@cpmsnbbsa09>..
I don't have much time to write long messages today. But here's my answer
Maybe the approach is wrong. That's why nobody can solve it.
You go through years of education to learn the wrong approach, which is
proven to be not useful. That's something funny about our education system.
If you want a problem to be solved, show it to a kid and let him develop
an answer fresh from the beginning.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: One last bijection question
Reply-To: [EMAIL PROTECTED]
Date: Tue, 5 Jun 2001 22:01:09 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: Ok I thought bijections were when the codomain and domain are the same set.
: http://www.dictionary.com/cgi-bin/dict.pl?term=surjection
: Seems to support this thought.
I do hope not...
: A function f : A -> B is surjective or onto or a surjection if f A = B
: Don't A and B represent the domain/codomain sets respectively?
They do. Here's the full quote:
``A function f : A -> B is surjective or onto or a surjection
if f A = B. I.e. f can return any value in B.''
That doesn't mean that A = B ... just that every object in B is mapped to
from at least one member of A when using the function f.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 5 Jun 2001 22:07:01 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>:> Does the random plaintext have only 8 bits? If not, I can
>:> immediately distinguish them.
>
>: Yes, but you are just brute forcing the key space. [...]
>
>Nope - just checking lengths.
>
>:> : The truth is if the message has a prob of 1/256 and all outputs
>:> : from the cipher are equalprobable (i.e 1/256) then it's a provably
>:> : secure for a single byte only.
>:>
>:> Ah - you're sliding in that "for a single byte only"...
>:>
>:> As though we're discussing the trivial case of only 256 possible
>:> messages...
>
>: Um yes that's what we were f$$$ talking about. For geez sakes stay on
>: the same model!
>
>We are *not* discussing the case of 256 possible messages. Both BICOM
>and CTR mode can encrypt *any* possible message.
>
>Given this wide distribution of possible messages, we are asking what
>security is offered when encrypting a particular 8-bit message in BICOM
>and CTR mode.
See Tim you are becoming frustrated with him too. You meant when
exaiming what encrypts to a particular 8-bit cipher message. You did not
mean to imply that it was nessicarly a 8-bit message that was
encrypted by BICOM.
>
>BICOM with a 128 bit key maps it to one of 2^128 possible messages.
>CTR mode maps it to one of 256 messages.
I am unfortunately helping in the confusion. BICOM does not
make best use of keys. And more of your frustration with TOM
is showing through. The block size in BICOM is based on 128 bit
blocks. But the key is 256 bits. And if the ouput is a one byte
cipher text file. Then only one 128 bit block was actually used.
Thats why for a onebyte ouput file there are only 2**128 possible
input message. This is a far cry greater than TOMS 256 input
messages. I hope Matt jumps in if I made a mistake here. But it
would not be that hard to force 2 full blocks of RIJNDAEL with
small changes in BICOM so that a one byte ouput file could have
come from 2**256 possible messages. But Matts code uses the 256
bit key with 128 bit blocks. I am sorry but I am sure I added
confustion on this part.
But the bottom line is what you stated 2^128 possible input
messages.
>
>The latter produces an 8-bit cyphertext with only 256 possible
>interpretations.
>
>If you happened to know the message consisted entirely of space
>characters, you could uniquely identify the message!
>
>:> Of course it's not provably secure - unless you think only having 256
>:> possible plaintexts out of the possible billions is something
>:> worthwhile.
>:>
>:> We're trying to stop the attacker getting information about the
>:> message. Giving him the length of the message on a plate is a
>:> terrible start.
>
>: Why? Tell me how you can find K from C knowing the length?
>
>: Just tell me why it's a problem.
>
>You go round and round in circles. I've responded in some detail to
>both these questions already.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,alt.security,alt.security.pgp
Subject: Re: Welcoming another Anti-Evidence Eliminator stooge to USENET
Date: Tue, 05 Jun 2001 22:12:44 GMT
"Anonymous" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <FMaT6.36826$[EMAIL PROTECTED]>
> "Tom St Denis" <[EMAIL PROTECTED]> wrote:
> >
> >
> > "Scott Fluhrer" <[EMAIL PROTECTED]> wrote in message
> > news:9fite0$h68$[EMAIL PROTECTED]...
> > >
> > > Kyle Paskewitz <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]...
> > > > Tom -
> > > >
> > > > You've forgotten that 2 is also prime. If you take the product of
any
> > > > number of consecutive primes beginning with 2 (the first prime) and
add
> > 1,
> > > > you will get another prime. E.G.
> > > >
> > > > 2*3 + 1 = 7
> > > > 2*3*5 + 1 = 31
> > > > 2*3*5*7 + 1 = 211 , etc...
> > >
> > > Really??? I was under the impression that:
> > >
> > > 2*3*5*7*11*13+1 = 30031 = 59*509
> > > 2*3*5*7*11*13*17+1 = 510511 = 19*97*277
> > > 2*3*5*7*11*13*17*19+1 = 9699691 = 347*27953
> > > 2*3*5*7*11*13*17*19*23+1 = 223092871 = 317*703763
> > >
> > > weren't prime. I must be delusional, I suppose...
> >
> > Not to get into a flame war, but I did say "the sum is not divisible by
any
> > known primes, hence the opposite must be true QED".
> >
> > In my OP I never said the new value is prime, just not divisible by the
> > "known" primes.
> >
> > Tom
>
> WTF does this have to do with anon-server?
WTF does this have todo wtih any of the groups this was posted in?
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large
Primes
Date: Tue, 05 Jun 2001 22:15:19 GMT
"sisi jojo" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
news:<ebvtZ6S7AHA.201@cpmsnbbsa09>..
>
> I don't have much time to write long messages today. But here's my answer
>
> Maybe the approach is wrong. That's why nobody can solve it.
>
> You go through years of education to learn the wrong approach, which is
> proven to be not useful. That's something funny about our education
system.
>
> If you want a problem to be solved, show it to a kid and let him develop
> an answer fresh from the beginning.
I beg to differ. There is no "right" way to develop new theories. Sure
newbies and "kids" develop remarkeble stuff at times (or just get alot of
press like some scottish girl.....) but often the academia "old peoples"
develop remarkeble stuff too.
Um afaik NFS was developped by Arjen K. Lenstra and afaik he is not a "kid".
Pollard-Rho was developed by John Pollard (again not a kid, and is his first
name John?), RSA was invented by ....
RC6,Twofish,Rijndael,Serpent,MARS,CAST,Blowfish,RC4, ... was invented by ...
Tom
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 5 Jun 2001 22:10:36 GMT
JPeschel <[EMAIL PROTECTED]> wrote:
: Tim Tyler [EMAIL PROTECTED] writes, in part:
:>OTPs do *not* have perfect secrecy if messages can be of varying lengths
:>and the plaintexts and cyphertexts are of equal lengths.
: I don't follow this. It sounds as if you are re-defining an OTP.
What don't you follow about it?
I'm talking about a system involving a one-time random key stream, XORing
it with the plaintext, and producing a cyphertext the same length as
the plaintext.
I am claiming that the result does not have perfect secrecy - assuming a
reasonable space of variable length files as possible messages.
This is the system Tom is calling a OTP. He uses it by analogy with CTR
mode to claim that CTR mode is proven secure with small plaintexts.
Of course it is not the same system as the proof of perfect secrecy in the
textbooks applies to.
I don't much mind what name is given to the system I described.
I'm not trying to redefine anything.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Thorsten Holz <[EMAIL PROTECTED]>
Subject: Re: One last bijection question
Date: Wed, 06 Jun 2001 00:26:10 +0200
Tom St Denis wrote:
>
> Ah so surjective functions are not one-to-one?
No - they are "many-to-one"...
Set A has more elements than set B - and every element of B is "hit"
by the function f at least once.
> ARRG (sound of head exploding).
>
> I have the solution. I will write down all the defs (injection, surjection,
> bijection) and make a venn diagram to see the diffs...
[I love ASCII-Art :)]
========= =======
| X | | A |
| Y | | B D |
| Z | | C |
========= =======
injection:
f(X) = A
f(Y) = B
f(z) = C
surjection:
g(A) = X
g(B) = X
g(C) = Y
g(D) = Z
========= =======
| X | | A |
| Y | | B |
| Z | | C |
========= =======
injection:
f(X) = A
f(Y) = B
f(Z) = C
Note: A bijection is invertible
g(A) = X
g(B) = Y
g(C) = Z
> Tom
Thorsten
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 5 Jun 2001 22:22:50 GMT
[EMAIL PROTECTED] (JPeschel) wrote in
<[EMAIL PROTECTED]>:
>Tim Tyler [EMAIL PROTECTED] writes, in part:
>
>
>>OTPs do *not* have perfect secrecy if messages can be of varying lengths
>>and the plaintexts and cyphertexts are of equal lengths.
>>
>
>I don't follow this. It sounds as if you are re-defining an OTP.
>
Joe I am surprised at you. No wonder you like short key methods.
But for any encryption system to have perfect security requires
the key space to have as many combinations as the set of messages.
You would need to pad short message to the length of long messages
then send encrypted messages of the same length. You have seen
enough long OTP threads on this group to understand that.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 5 Jun 2001 22:16:33 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<yfcT6.38589$[EMAIL PROTECTED]>:
>Yes, but if you want to use math against me try using it right. the
>messages >1 byte are not part of the set. The plaintext is assumed to
>be a byte thus 0x123456 is not a member of that set.
>
You miss the point the one byte in your weak version of CTR
only means there are 256 message that could be assigned to it.
But it could be that 00000000 means blow up DC noon today
while 00000001 means blow up DC noon today plus 1 sec.
...
while 11111111 means blow up DC noon today plus 255 seconds
and when you get to two byte
00000000 00000000 Move terroist opertarion to Canda blow up Tronto at noon
...
Well if your in Canda nad knew it was a one byte message and you
had the book of possibe messages. You could be happy that though
you don't know what the message was. YOu know that DC is getting
blown up and not Canada. YOu could be at least thankful they used
your weak way of encrypting instead of doing it a more secure way.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 5 Jun 2001 22:31:18 GMT
SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
: [EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
:>:> : The truth is if the message has a prob of 1/256 and all outputs
:>:> : from the cipher are equalprobable (i.e 1/256) then it's a provably
:>:> : secure for a single byte only.
:>:>
:>:> Ah - you're sliding in that "for a single byte only"...
:>:>
:>:> As though we're discussing the trivial case of only 256 possible
:>:> messages...
:>
:>: Um yes that's what we were f$$$ talking about. For geez sakes stay on
:>: the same model!
:>
:>We are *not* discussing the case of 256 possible messages. Both BICOM
:>and CTR mode can encrypt *any* possible message.
:>
:>Given this wide distribution of possible messages, we are asking what
:>security is offered when encrypting a particular 8-bit message in BICOM
:>and CTR mode.
: See Tim you are becoming frustrated with him too. You meant when
: exaiming what encrypts to a particular 8-bit cipher message. [...]
I know that's what we were originally talking about - but I meant what I
said above. Either case demonstrates the problem with CTR mode.
: You did not mean to imply that it was nessicarly a 8-bit message that was
: encrypted by BICOM.
I am not under the illusion that 8 bit plaintexts map to 8 bit
cyphertexts in BICOM - and certainly didn't mean to imply that they did.
:>BICOM with a 128 bit key maps it to one of 2^128 possible messages.
:>CTR mode maps it to one of 256 messages.
: The block size in BICOM is based on 128 bit blocks. But the key is 256 bits.
I didn't know that. It's derived from a passphrase, though I believe -
so you can feed it whatever size key you like up to that size if you don't
use the hex key option.
My 2^128 was a fluke though. I was right - but for the wrong reasons.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
