Cryptography-Digest Digest #546, Volume #14 Thu, 7 Jun 01 07:13:01 EDT
Contents:
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Mark Wooding)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
Re: Humor, "I Must be a Threat to National Security" ("Tom St Denis")
Re: Notion of perfect secrecy (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
Re: Notion of perfect secrecy (Tim Tyler)
Re: Notion of perfect secrecy ("Tom St Denis")
Re: shifts are slow? (Tim Tyler)
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes
(Mark Wooding)
Re: Notion of perfect secrecy (Tim Tyler)
Re: shifts are slow? ("Tom St Denis")
Re: Evidence Eliminator works great. Beware anybody who claims it doesn't work
(propaganda) ("John Niven")
Re: Def'n of bijection (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Notion of perfect secrecy ("Tom St Denis")
MD5 for random number generation? ("Toby Sharp")
Re: Notion of perfect secrecy (Tim Tyler)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 7 Jun 2001 09:40:31 GMT
Tim Tyler <[EMAIL PROTECTED]> wrote:
> That uses Rijndael in CBC mode.
Now I'm very confused. You can't get a one-byte ciphertext out of a
128-bit block cipher in CBC mode. There's nowhere to put an IV, for one
thing.
-- [mdw]
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 09:30:22 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
: "SCOTT19U.ZIP_GUY" wrote:
:> [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
:> >Meanwhile I believe that the following is correct about
:> >the issue: The OTP processing only guarantees that the
:> >particular work that is performed doesn't give the opponent
:> >any (more) information. It doesn't exclude however the
:> >existence of other processing that could reduce the
:> >information that he could otherwise have about the message.
[snip]
:> No "perfect security" means what it says see my
:> other posts where I quote Shannon directly.
: I know Shannon's definition. Tell me, why my view above
: contradicts that in terms of a-priori and a-posteriori
: probability.
You say:
``The OTP processing only guarantees that the
particular work that is performed doesn't give
the opponent any (more) information.''
OTP processing gives the opponent information about the length of the
plaintext.
Before he looked at the cyphertext, he did not have this information.
That violates Shannon's perfect secrecy.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 09:45:29 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> : Meanwhile I believe that the following is correct about
> : the issue: The OTP processing only guarantees that the
> : particular work that is performed doesn't give the opponent
> : any (more) information.
>
> The opponent knows more about the plaintext after observing the
> cyphertext than he knew before he saw it - namely the length.
>
> The violates perfect secrecy.
Only if the message is determined by the length.
"Oui" or "Non". The length will not determine the message. Or if you just
pad the bloody thing to a multiple of say 64 bytes. Even still people won't
use an OTP to encrypt single byte messages.
> : It doesn't exclude however the existence of other processing
> : that could reduce the information that he could otherwise
> : have about the message. As a special example, if any
> : message is sent from my home, the opponent knows that
> : some person is present there (or at least someone has
> : programmed my computer to undertake that action) at
> : the particular time point. (That could mean under
> : circumstances quite a lot, e.g. when for months no
> : message had ever been sent.) No encryption
> : scheme, however 'perfect', could deprive him from
> : obtaining that knowledge. On the other hand, I could
> : manage to send the message from another place, in which
> : case he wouldn't have that information. Thus in a sense
> : the word 'perfect' in 'perfect security' is only to be
> : understood as one of terminology (definition) only and
> : does not have the common connotation of 'perfection'
> : (the ideal, the absolute best).
>
> Traffic analysis information is indeed often present -
> but we are talking about once a message exists, does
> the attacker gain anything by looking at the cyphertext.
>
> That's what the definition of "perfect secrecy" talks about.
No perfect secrecy is defined as having no ability to tell one plaintext
from another. Who cares if you know the entire set of plaintexts (hint you
will always know the set), you won't know which is the right one.
> Perfect secrecy applies to encryption devices. Time of
> message transmission etc is considered to be outside its scope.
>
> A conventional OTP, that preserves message length and is
> asked to deal with variable length messages does *not*
> have Shannon's perfect secrecy property.
Yes it does. All messages are equal probable without a priori knowledge.
Seems to fit the bill.
Tell me why exactly you think the length of the ciphertext will reveal the
message? Give an example.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Re: Humor, "I Must be a Threat to National Security"
Date: Thu, 07 Jun 2001 09:47:55 GMT
(I am top posting because you posted in HTML and when I converted it to TEXT
no > were placed)
Um I don't think you are a threat to the CIA/NSA. This has to be a joke
right?
Otherwise I would say you're just not qualified. (or they are not hiring).
I read your CIA rejection letter and it has nothing todo with being a
threat....
Plus you won't win points by trying to belittle them in public!
Tom
=========================
"David G. Boney" <[EMAIL PROTECTED]> wrote in message
news:E4HT6.3857$[EMAIL PROTECTED]...
My frustrations with trying to find a job in government service are
summarized in an essay I have posted that is titled, "I Must be a Threat to
National Security". I have also placed my rejection letters from the CIA and
NSA on-line.
http://www.seas.gwu.edu/~dboney/security.html
If anyone knows of any computer or network security engineer positions open,
developer or administrator, in the Washington, DC area, that are commercial,
non-government, non-government contractor, and don't require a clearance,
please drop me a line. You can surf my home page to get a picture of my
qualifications. Resume available upon request.
--
Sincerely,
David G. Boney
mailto:[EMAIL PROTECTED]
http://www.seas.gwu.edu/~dboney
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Notion of perfect secrecy
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 09:40:22 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: Ok this has gone on too long.
: Typically what you guys are missing is that the length of the message is not
: the secret. It's the contents of the message.
Perfect secrecy requires that Eve's probability of guessing a
plaintext correctly be the same whether or not she has observed the
cyphertext.
An OTP which is used to transmit variable length messages, and has
plaintext size equal to cyphertext size is a clear violation of this.
: In this case an OTP (despite what you think) fits the bill.
No, it does not - unless all possible plaintexts are the same size.
That's not "all possible plaintexts after observation of the cyphertext".
That's "all possible plaintexts *before* observation of the cyphertext".
: If you use an OTP all messages are equally probable
You err.
: (of the same length)
Ah - why that restriction? No such restriction is imposed in Shannon's
definition.
: That's not a guess, or trivial conjecture, it's a fact.
Based on something other than what Shannon wrote in his definition of
perfect secrecy.
: If the key is independent of the message you can't guess the message.
The key is not independent of the message in this case. It's length
matches that of the message.
: Even if you can narrow the message down by some other means all remaining
: messages are equal likely.
Nope. Messages with different length to the cyphertext have probability 0.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 09:55:08 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> : "SCOTT19U.ZIP_GUY" wrote:
> :> [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
>
> :> >Meanwhile I believe that the following is correct about
> :> >the issue: The OTP processing only guarantees that the
> :> >particular work that is performed doesn't give the opponent
> :> >any (more) information. It doesn't exclude however the
> :> >existence of other processing that could reduce the
> :> >information that he could otherwise have about the message.
>
> [snip]
>
> :> No "perfect security" means what it says see my
> :> other posts where I quote Shannon directly.
>
> : I know Shannon's definition. Tell me, why my view above
> : contradicts that in terms of a-priori and a-posteriori
> : probability.
>
> You say:
>
> ``The OTP processing only guarantees that the
> particular work that is performed doesn't give
> the opponent any (more) information.''
>
> OTP processing gives the opponent information about the length of the
> plaintext.
>
> Before he looked at the cyphertext, he did not have this information.
>
> That violates Shannon's perfect secrecy.
Any more information about the plaintext. The length does not reveal the
plaintext.
By your argument we shall use BICOM but oops I trap your ISP now I know when
you send everything. BICOM can't possibly be secure now because I know that
you sent a message at 7:15am.
Tom
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Notion of perfect secrecy
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 09:50:18 GMT
Jeffrey Walton <[EMAIL PROTECTED]> wrote:
: I think I understand your point with padding.
: But I'm not sure I agree with it.
: For example, if blocks are 64 Bytes, on average the last
: block of 64 bytes will contain 32 padded bytes (again, on
: average). This would imply that the adversary would know
: what the plain text padded bytes are (some hand waving, but
: a possible assumption). But this additional information
: does not lend itself to plain text or key recovery (except
: for the average of 32 trailing bytes).
: I don't feel this is in opposition to Shannon's theories.
: But there are clearly much more astute minds that visit this
: NG. They could probably reveal my flawed thinking. I think
: other cryptosystems could be vulnerable, but not the one
: time pad.
The OTP leaks information about the length of the plaintext.
This is a clear security hazzard, and it may be necessary
to take stops to prevent this information being used by the attacker.
Also, it violates Shannon's perfect secrecy (which is what this
thread is about).
The OTP that is proven perfectly secure is in a system where only
plaintexts of a given length are possibilities. That is not the
OTP as commonly used.
: For whatever reason, padding may be beneficial; but I don't
: feel its required for the OTP. I also don't feel it
: compromises the plain text either.
It's lack gives away the length of the plaintext - a clear
route for possible compromises.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Notion of perfect secrecy
Date: Thu, 07 Jun 2001 10:12:07 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Jeffrey Walton <[EMAIL PROTECTED]> wrote:
>
> : I think I understand your point with padding.
> : But I'm not sure I agree with it.
>
> : For example, if blocks are 64 Bytes, on average the last
> : block of 64 bytes will contain 32 padded bytes (again, on
> : average). This would imply that the adversary would know
> : what the plain text padded bytes are (some hand waving, but
> : a possible assumption). But this additional information
> : does not lend itself to plain text or key recovery (except
> : for the average of 32 trailing bytes).
>
> : I don't feel this is in opposition to Shannon's theories.
> : But there are clearly much more astute minds that visit this
> : NG. They could probably reveal my flawed thinking. I think
> : other cryptosystems could be vulnerable, but not the one
> : time pad.
>
> The OTP leaks information about the length of the plaintext.
>
> This is a clear security hazzard, and it may be necessary
> to take stops to prevent this information being used by the attacker.
>
> Also, it violates Shannon's perfect secrecy (which is what this
> thread is about).
>
> The OTP that is proven perfectly secure is in a system where only
> plaintexts of a given length are possibilities. That is not the
> OTP as commonly used.
>
> : For whatever reason, padding may be beneficial; but I don't
> : feel its required for the OTP. I also don't feel it
> : compromises the plain text either.
>
> It's lack gives away the length of the plaintext - a clear
> route for possible compromises.
By your logic the TIME you send the message leaks just as much information
as the LENGTH of the message.
Can BICOM go back in TIME to send the message?
Also WHO is sending the message leaks info too ...etc..
Shannon was looking at the OTP in an abstract model where the a priori (what
exactly does that mean)... er... previous known distribution of messages
cannot be used to solve the system.
Let's say you have a 13 byte OTP message where the plaintext was in ASCII.
Obviously you can rule out OTPs that would lead to non-ascii stuff. If you
know it's english you can eliminate OTPs that lead to non-english text. Out
of the possible 2^104 possible OTP pads only say 2^24 remain. But if you
have no other knowledge of the message your chance of success is now 1 /
2^24.
How is that a weakness?
Tom
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: shifts are slow?
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 09:59:02 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
:> In order to shift by X takes X clocks.
: This is so wrong. I can shift a 512-bit register 211 bits in one cycle.
: (Just re-wire the outputs).
You're talking about rewiring a P4?
Are you going to do this while it's running? ;-)
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large
Primes
Date: 7 Jun 2001 10:15:05 GMT
Joseph Ashwood <[EMAIL PROTECTED]> wrote:
> Take a simpler problem 1+1=2, everyone learns that in 1st grade (some
> earlier, some a little later), but it takes a doctorate in
> mathematics, and a few hundred pages of very intricate math to prove
> it without assuming things.
I don't have such a doctorate, but... What other meaning of the symbol
`2' did you have in mind that might conflict with it being the value
formed by adding the multiplicative identity of the ring of integers to
itself? (Proof that 1 + 1 is not equal to 0 or 1, the two integers
actually named in the integer axioms, is immediate from the properties
of the ordering on integers, so a separate symbol is justified.)
-- [mdw]
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Notion of perfect secrecy
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 10:04:25 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
:> [EMAIL PROTECTED] (Tom St Denis) wrote in
:> >Ok this has gone on too long.
:> >
:> >Typically what you guys are missing is that the length of the message is
:> >not the secret. It's the contents of the message.
[snip]
:> [...] length may mean something so pad to make it match longest
:> message for "perfect security" READ SHANNON YOU IDOIT
:> you can't have it both ways little BOY.
: Typically the MEANING of the message is not stored in the length.
Shannon refers to *any* information about the identity of the plaintext.
For perfect secrecy, observation of the cyphertext should make no
difference to the attacker.
This is not the case if he was unaware of the length of the plaintext
before observing it - and he knows that the length of the cyphertext
matches that of the plaintext.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: shifts are slow?
Date: Thu, 07 Jun 2001 10:21:18 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : "Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
>
> :> In order to shift by X takes X clocks.
>
> : This is so wrong. I can shift a 512-bit register 211 bits in one cycle.
> : (Just re-wire the outputs).
>
> You're talking about rewiring a P4?
>
> Are you going to do this while it's running? ;-)
You're kidding right?
Tom
------------------------------
From: "John Niven" <[EMAIL PROTECTED]>
Subject: Re: Evidence Eliminator works great. Beware anybody who claims it doesn't
work (propaganda)
Date: Thu, 7 Jun 2001 11:17:01 +0100
I've received the following from NTL, the UK telco/cable-co RHS appear to be
using. It would seem that NTL are treating complaints against RHS
seriously. You may wish to forward RHS/EE Spam that appears in other NGs to
NTL.
Cheers
John
--
John Niven
(Reply through newsgroup)
<< NTL e-mail: >>
Hi All
FYI ( & apologies if this seems like a spam ;o) )
With regards to the series of posts relating to Evidence Eliminator (see
example below). We have been in contact with the customer. If you have
any examples dated after the 25th May could you please forward them to
[EMAIL PROTECTED] , subject 'Evidence Eliminator fao Mike'
Regards
Mike White
Acceptable Use Policy Team
ntl: Technology. Tamed.
http://www.ntlworld.com
Path:
news2-win.server.ntlworld.com!news1-win.server.ntlworld.com!news5-gui.se
rver.ntli.net!ntli.net!news2-win.server.ntlworld.com.POSTED!not-for-mail
From: "EE Support" <[EMAIL PROTECTED]>
Newsgroups:
alt.privacy,alt.security.pgp,alt.security,alt.security.scramdisk
Subject: Must serve some more Evidence Eliminator genuine secure users
Lines: 35
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2462.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
Message-ID: <opXN6.8252$[EMAIL PROTECTED]>
Date: Sun, 20 May 2001 23:15:56 +0100
NNTP-Posting-Host: 213.105.4.159
X-Complaints-To: [EMAIL PROTECTED]
X-Trace: news2-win.server.ntlworld.com 990397140 213.105.4.159 (Sun, 20
May 2001 23:19:00 BST)
NNTP-Posting-Date: Sun, 20 May 2001 23:19:00 BST
Organization: ntlworld News Service
Xref: news5-gui.server.ntli.net alt.privacy:57354 alt.security.pgp:77282
alt.security:23921 alt.security.scramdisk:9195
X-Received-Date: Sun, 20 May 2001 23:19:00 BST
(news2-win.server.ntlworld.com)
Got to go now, we have about 500,000 hits a day and that means a lot of
customers to serve. Try this and count the hits in the upper-right blue
area
of the page:
http://www.google.com/search?q=%22evidence+eliminator%22&btnG=Google+Sea
rch
If you need any help we have a dedicated team who respond most days GMT
working UK time via http://www.evidence-eliminator.com/support.shtml
Our KB answers most questions on the spot.
If you are "pushed" a fake version of our software here we strongly
advise
you check out the groups history for who is doing this. Stooges wait
until
we have de-activated fake license codes and push them in these
newsgroups.
You can get a genuine, fully guaranteed installation of Evidence
Eliminator
by credit card with full money-back guarantee - it's completely safe.
The
alleged pirated versions are pointless and can only degrade your
security.
You have nothing to lose when you try Evidence Eliminator - we guarantee
it.
We are the #1 vendor at the ex-compuserve Go-SWREG software store at
SWREG.ORG.
Evidence Eliminator is the World's #1 PC Security Utility and defeats
all
known forensic analysis software. For more info click here
http://www.evidence-eliminator.com/main.shtml
--
Best Regards,
The Evidence Eliminator Support Team
http://www.evidence-eliminator.com/support.shtml
--
Technical Support Questions: Before submitting additional questions,
please make sure you have searched the Evidence Eliminator
KnowledgeBase online which can answer most questions instantly at
http://www.evidence-eliminator.com/support/kb/search.shtml
<< NTL e-mail - end >>
"tE!" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Wed, 16 May 2001 00:27:30 GMT, Beretta
> <[EMAIL PROTECTED]> wrote:
>
> >On Tue, 15 May 2001 22:33:36 +0100, in alt.security.pgp you wrote:
> >
> >>
> >>By now you will have witnessed the mass hysteria about Evidence
Eliminator.
> ><snip>
> >
> >V3.1 - Name: Snacker Serial: 1234567890-000084E21262
> >V3.1 - Name: Snacker\MiSSiON Serial: 1234567890-0001EDC79005
> >V4.0 - Name: Snacker\MiSSiON Serial: 1234567890-0001EDC79005
> >V4.5 - Name: Hazard , Serial: Hazard-000063515895
> >V5.0 - Code: EE10-44100004D012 (also allows upgrades)
> >
> >
> >You fags keep spamming, and I keep posting serial numbers to your
software
> >
>
> Hehe! Why not using my Keygenerator for the latest version of Evidence
> Eliminator :-) http://www.8bn.com/hambo/othergroup22/tmgee554.zip
>
> Though, hard to believe anyone uses EE anyway...
>
> tE!//TMG
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Def'n of bijection
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 10:10:44 GMT
Mark Wooding <[EMAIL PROTECTED]> wrote:
: Tim Tyler <[EMAIL PROTECTED]> wrote:
:> It /looks/ like you're doing something like performing sums with
:> finite sets and expecting the results to make sense when considering
:> infinite ones.
: Hmm, yes. A bit careless of me. I ought to know better than that.
Thanks for replying.
I wasn't sure if I'd pinned down what had happened correctly.
Without your reply I would never have known whether I had got it right.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 10:08:43 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> OTP processing gives the opponent information about the length of the
:> plaintext.
:>
:> Before he looked at the cyphertext, he did not have this information.
:>
:> That violates Shannon's perfect secrecy.
: Any more information about the plaintext. The length does not reveal the
: plaintext.
...but it /does/ reveal some information about its identity.
: By your argument [other systems] can't possibly be secure now because I
: know that you sent a message at 7:15am.
That doesn't violate the definition of perfect secrecy.
Perfect secrecy is considered to be a property of a cryptosystem - i.e.
a device for translating between plaintexts and cyphertexts.
The time of message transmission is outside the scope of the definition.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Notion of perfect secrecy
Date: Thu, 07 Jun 2001 10:24:06 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : "SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> :> [EMAIL PROTECTED] (Tom St Denis) wrote in
>
> :> >Ok this has gone on too long.
> :> >
> :> >Typically what you guys are missing is that the length of the message
is
> :> >not the secret. It's the contents of the message.
>
> [snip]
>
> :> [...] length may mean something so pad to make it match longest
> :> message for "perfect security" READ SHANNON YOU IDOIT
> :> you can't have it both ways little BOY.
>
> : Typically the MEANING of the message is not stored in the length.
>
> Shannon refers to *any* information about the identity of the plaintext.
>
> For perfect secrecy, observation of the cyphertext should make no
> difference to the attacker.
>
> This is not the case if he was unaware of the length of the plaintext
> before observing it - and he knows that the length of the cyphertext
> matches that of the plaintext.
You don't understand his results that's all. In his model WHO, WHEN, LENGTH
were not the information he wanted to protect. You're really mocking the
dead here. I sincerely hope you are some 12yr kid trying to get a rise out
of people, otherwise I wonder how you did in College challenging all your
profs without listening to their proofs... No offense Tim but you have a lot
of growing up todo. Even if you are 76 yrs old you're an immature brat as
far as I am concerned.
Tell me, how does BICOM protect against me learning WHEN and WHO?
Anyways this is all OT. Rants and lunatical ravings belong else where (may
I suggest alt.law-enforcement ?)
Tom
------------------------------
From: "Toby Sharp" <toby_sharp at hotmail dot com>
Subject: MD5 for random number generation?
Date: Thu, 7 Jun 2001 11:17:39 +0100
I've heard of people using MD5 for random number generation. But, as far as
I can tell, MD5 is a one-way hash algorithm. How is this used for random
numbers? What is the input and output? Any guidance appreciated.
Thanks,
Toby.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Notion of perfect secrecy
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 10:52:18 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> The OTP leaks information about the length of the plaintext.
:>
:> This is a clear security hazzard, and it may be necessary
:> to take stops to prevent this information being used by the attacker.
:>
:> Also, it violates Shannon's perfect secrecy (which is what this
:> thread is about).
:>
:> The OTP that is proven perfectly secure is in a system where only
:> plaintexts of a given length are possibilities. That is not the
:> OTP as commonly used.
: By your logic the TIME you send the message leaks just as much information
: as the LENGTH of the message.
: Can BICOM go back in TIME to send the message?
: Also WHO is sending the message leaks info too ...etc..
Perfect secrecy is a property of a device that translates between
plaintext and cyphertext.
It asks what information about the plaintext is present in the cyphertext.
Traffic analysis information is outside the scope of "perfect secrecy"
as Shannon defined it.
: Shannon was looking at the OTP in an abstract model where the a priori (what
: exactly does that mean)... er... previous known distribution of messages
: cannot be used to solve the system.
I believe "a priori" translates roughly as "before knowledge", if that helps.
This isn't about previous messages. Simple knowledge of the cyphertext
and the machinery it was encrypted with is enough to reveal information
about the plaintext. Previous messages have nothing to do with it.
: Let's say you have a 13 byte OTP message where the plaintext was in ASCII.
: Obviously you can rule out OTPs that would lead to non-ascii stuff. If you
: know it's english you can eliminate OTPs that lead to non-english text. Out
: of the possible 2^104 possible OTP pads only say 2^24 remain. But if you
: have no other knowledge of the message your chance of success is now 1 /
: 2^24.
: How is that a weakness?
If there are more than 2^24 possible plaintexts that might have been
transmitted then this narrows things down.
Perfect secrecy says that knowledge of the cyphertext must not allow the
space of possible plaintexts to be narrowed down at all.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
