Cryptography-Digest Digest #552, Volume #14 Thu, 7 Jun 01 14:13:00 EDT
Contents:
Re: Notion of perfect secrecy ("Tom St Denis")
CBC variant
Re: Notion of perfect secrecy (Tim Tyler)
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes
("Tom St Denis")
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes
("Tom St Denis")
Re: OTP WAS BROKEN!!! ("Paul Pires")
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Mok-Kong Shen)
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes
([EMAIL PROTECTED])
Re: Humor, "I Must be a Threat to National Security" (Dimitri Maziuk)
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes
("Tom St Denis")
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Medical data confidentiality on network comms (wtshaw)
Re: Medical data confidentiality on network comms (wtshaw)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
----------------------------------------------------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Notion of perfect secrecy
Date: Thu, 07 Jun 2001 17:11:44 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> :> : Typically the MEANING of the message is not stored in the length.
>
> :> Shannon refers to *any* information about the identity of the
plaintext.
> :>
> :> For perfect secrecy, observation of the cyphertext should make no
> :> difference to the attacker.
> :>
> :> This is not the case if he was unaware of the length of the plaintext
> :> before observing it - and he knows that the length of the cyphertext
> :> matches that of the plaintext.
>
> : You don't understand his results that's all. [...]
>
> My understanding is fine thanks.
>
> : In his model WHO, WHEN, LENGTH were not the information he wanted to
protect.
>
> "Who" and "when" are not modelled by Shannon. However length /is/
> information that relates to the identity of the plaintext
> (except in the case where all possible plaintexts are the same length)
> and *is* covered by Shannon's definition of perfect secrecy.
No they are not. When will you realize that the contents of the message are
what an OTP protects. So if the contents are random than an OTP is
perfectly secure.
> : You're really mocking the dead here. I sincerely hope you are some
> : 12yr kid trying to get a rise out of people, otherwise I wonder how you
> : did in College challenging all your profs without listening to their
> : proofs... No offense Tim but you have a lot of growing up todo. Even
> : if you are 76 yrs old you're an immature brat as far as I am concerned.
>
> Sorry you feel that way Tom. It seems this is the thanks I get for
> pointing out your errors. Maybe I won't bother in the future.
So far it seems #[sci.crypt] vs #[scott, tim].
I don't think it's my errors....
> : Anyways this is all OT.
>
> You started this thread about perfect secrecy - which incidentally is not
> off topic at all.
Your rants are not on topic.
Tom
------------------------------
From: <[EMAIL PROTECTED]>
Subject: CBC variant
Date: Thu, 7 Jun 2001 13:07:09 -0400
Hi,
We know that methods used to inject feedback into a small block cipher,
such as CBC, have known-ciphertext attacks against them, like what
Vaudenay posted here.
I propose a variant of CBC that requires 2 extra block-width XORS and 1
extra encryption per block. (shown here in plain English)
(1) Cipher(block n) in CBC is E(block n XOR block n-1), so I propose an
extra step like this:
(2) XOR block n using a block constant (the constant evolves like the
round constant in TEA)*
(a) Encrypt the sum.
(b) Xor the sum onto block n-1 like a mask.
*Note that (2) and (2)(a) are discarded. (The block is not actually
double encrypted.)
As stated, this needs just two xors and one encryption (same key) in
addition to regular CBC. Can anyone find faults in it? If worth
anything, use freely ;)
Thanks,
thecode
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Notion of perfect secrecy
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 17:04:04 GMT
[EMAIL PROTECTED] wrote:
: *IF* I know that the message must be one of k known plaintexts, each
: having different lengths, then I can use the length to deduce which
: plaintext is being sent.
: Note further, however, that this properly belongs to traffic analysis:
: I already knew what the message said; [...]
Not according yo what you said - you said "I know that the
message must be one of k known plaintexts".
All cryptanalysis involves analysis of the traffic.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large
Primes
Date: Thu, 07 Jun 2001 17:15:30 GMT
"Richard Wash" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> writes:
>
> > "Bob Silverman" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> > news:<XRcT6.38998$[EMAIL PROTECTED]>...
> > > Replying to "sisijojo":
> > >
> > > You need a certain minimal background and mathematical maturity
> > > before tackling hard problems. You need experience in knowing
> > > what works and what doesn't work. The idea that some naiive "kid"
> > > will pop out of nowhere and solve a hard problem "BECAUSE HE HAS
> > > NOT LEARNED THE WRONG APPROACH" is ludicrous.
> >
> > I don't see a big argument for this. Most "great" mathmetiticans
> > were teens when they invented stuff. The prime number theorem was
> > written by a 15 yr old.
> >
> > Thus I disproved your notion.
>
> Unfortunately, this is wrong. Just because they "were teens" does not
> mean that they did not have a minimal background and mathematical
> maturity. Some people can achieve this maturity much quicker and at a
> much earlier age than the average person. Thus, they can do
> interesting and important work at an early age.
>
> To point out the specific flaw in your argument, you are trying to
> prove that a *naive* kid can solve hard problems, and no where in your
> 'proof' do you make the assertion that the kids you are talking about
> are naive.
>
> Personally, I agree that is does take a certain amount of mathematical
> maturity to be able to really understand mathematics to significantly
> contribute to the field. I also believe that it is possible for some
> special kids to develop this maturity at a very early age.
Of course it takes some "know-how" to develop a proof, but I can't possibly
agree that all new ideas and proofs come from people who have read all past
proofs and ideas. Sometimes people re-invent the wheel (i've done that a
few times here) and sometimes you hit something new.
For example, I haven't the foggiest about all the math relating to block
cipher cryptanalysis (i.e advanced algebra, etc...) but that doesn't
preclude me from developping a super fast, as so far super secure block
cipher.
Now I know what you are gonna say. But Tom you haven't cryptanalyzed all
your ideas. your just lucky if it's secure. .... You think when RSA
invented RSA they had all the cryptanalysis we have now in mind? Heck they
proposed it in a model involving 40 quadrillion years of factoring and using
a cube function....
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large
Primes
Date: Thu, 07 Jun 2001 17:17:21 GMT
"Bob Silverman" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:<%ZwT6.45549$[EMAIL PROTECTED]>...
> > "Bob Silverman" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> > news:<XRcT6.38998$[EMAIL PROTECTED]>...
> > > > "sisi jojo" <[EMAIL PROTECTED]> wrote in message
> > > > news:[EMAIL PROTECTED]...
> > > > > "Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
> > news:<ebvtZ6S7AHA.201@cpmsnbbsa09>..
> > > > >
> > > > > I don't have much time to write long messages today. But here's my
> > answer
> > > > >
> > > > > Maybe the approach is wrong. That's why nobody can solve it.
> > > > >
> > > > > You go through years of education to learn the wrong approach,
which
> > is
> > > > > proven to be not useful. That's something funny about our
education
> > system.
> > > > >
> > > > > If you want a problem to be solved, show it to a kid and let him
> > develop
> > > > > an answer fresh from the beginning.
> > >
> > > Replying to "sisijojo":
> > >
> > > You need a certain minimal background and mathematical maturity before
> > > tackling hard problems. You need experience in knowing what works and
> > > what doesn't work. The idea that some naiive "kid" will pop out of
nowhere
> > > and solve a hard problem "BECAUSE HE HAS NOT LEARNED THE WRONG
APPROACH"
> > > is ludicrous.
> >
> > I don't see a big argument for this. Most "great" mathmetiticans were
teens
> > when they invented stuff. The prime number theorem was written by a 15
yr
> > old.
>
> Tom opens his mouth and shows his ignorance once more.
>
> PNT was proved in the late 1800's by Hadamard and Vallee-Poussin. Neither
> were teens.
>
> And of course you can back up your assertion about "great mathematicians"?
> I suggest you give some examples. While Gauss may have discovered a few
> things while he was a teenager, this was very early in the history of
modern
> math. The math involved is considered somewhat elementary. Most of the
> great mathematicians were born in the 20th century. Please cite examples
> where stuff was invented by "teens". Can you even NAME 10 Fields
Medalists??
>
> Mathematics today is such that it requires a great deal of background to
> understand it, let alone invent new stuff.
Again Bob turns out to be a jerk.
Gauss proposed the PNT but didn't prove it.
Rivest proposed RSA but didn't analyze it. By your logic Lenstra invented
RSA since he's the leader in factoring.
Just because Hadamard et all proved PNT doesn't mean some teen didn't invent
it.
And yes perhaps this teen (It was Gauss right?) was not a naive kid, but he
most likely didn't have all the math up-to-then stored in his noggan.
Tom
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Thu, 7 Jun 2001 10:14:50 -0700
Paul Pires <[EMAIL PROTECTED]> wrote in message
news:ukOT6.54593$[EMAIL PROTECTED]...
>
> Al <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
> > Hey newbie...
> >
> > 23490123489234934789945892348234234765784567234623784623784682346238462378468723
>
> (234) (90) (1234) (89) (234) (9) (34) (789)
> (9) (45) (89) (234) (8) (234) (234) (765) (78)
> (4567) (234) (6) (23) (78) (4)(6) (237) (8) (4)
> (6) (8) (234) (6) (23) (8) (4) (6) (23) (78) (4) (687) (23)
> >
> > Which I'm sure you'll understand LOL
>
> I understand that you banged two hands (not just one) on the number
> strip above the keys and not the num pad, avoided the tilda
> key (very few 1's) and didn't try real hard to be pseudo-random.
I forgot to mention. The single instances of 8 & 9 between left-hand
multiple hits suggest an occasional right index finger precision strike.
that and the fact that the only low number single hit 4 always occurs
after a final right hand strike (as if it were following) means that you
are most probably right handed.
It is easy to LOL at newbies. If that is your only deviation from
a "fly on the wall" status, it's kinda cheap. Maybe worse. If you
(like me) are also a newbie, it's cannibalistic.
Paul
>
> Next time, just let the cat walk on the keyboard.
>
> Paul
>
>
>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 19:33:42 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>
> >Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> snap...
>
> >To see how a particular 8 bit cyphertext could map to more than 256
> >different plaintexts, just get an 8 bit cyphertext, decrypt it with
> >BICOM under a number of keys.
> >
> >You will see *many* different plaintexts come out - not just 256.
>
> Mok likes to talk but getting him to actually do anthing
> is quite impossible. He would rather say its impossible than
> actually check it out. A lot like TOMMY. Sometimes I think
> He and Tommy are not real people. Since if they were you would
> think Wagner who at least pretends to know something about
> crypto would set them straight. Why he does not bother to
> make an honest useful comment on a thread like this makes
> me wonder just how much he wants the average person to know
> about crypto. He could help people like TOMMY on these concepts
> but refuses any useful real help. WHY??
Argue with scientific stuffs. Don't waste bandwidth
like this! There are many who read this thread for
scientific reasons not for such stuffs, even if they
were valuable in a literature sense (This group has
the prefix sci.). Economize THEIR time! If you want
to scold me or do whatever in a negative sense on me
psychologically or otherwise, send e-mails to me
directly. I promise you in honest words that I'll read
every line you sent. (Response is however not
guaranteed.)
M. K. Shen
------------------------------
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large
Primes
From: [EMAIL PROTECTED]
Date: 07 Jun 2001 13:39:02 -0400
"Tom St Denis" <[EMAIL PROTECTED]> writes:
>
> And yes perhaps this teen (It was Gauss right?) was not a naive kid, but
> he most likely didn't have all the math up-to-then stored in his noggan.
But there *are* three points you should not miss, Tom.
(1) The examples cited so far were indisputably geniuses, and
(2) The fields of their discoveries were extremely immature. The phrase
you want is ``low-hanging fruit''. The problems which have subsequently
resisted analysis for decades (or centuries) *may* have done so
simply because stodgy old men kept trying the same stupid things...
but most of the time it's actually because the problems really are
extremely hard. And finally,
(4) Your statement that ``most'' important discoveries were made by teens
is highly questionable. Rather like Tim Tyler's claims for BICOM,
such statements should be backed up with some sort of numbers.
(And your statement above is also suspect. The state of mathematics up to
Gauss's day was surprisingly simple: it basically amounted to a modern
high-school education through AP Calc. Today, most Universities' PhD
orals cover the state of Mathematics up to the early twentieth century,
with some modern topics thrown in for good measure.)
Len.
--
Local-time support is a bad idea. Let's scrap all this tz junk. A user
who wants to know what time it is can go buy a sundial.
-- Dan Bernstein
------------------------------
From: [EMAIL PROTECTED] (Dimitri Maziuk)
Crossposted-To: comp.security.misc
Subject: Re: Humor, "I Must be a Threat to National Security"
Date: 7 Jun 2001 17:36:38 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 7 Jun 2001 04:39:00 -0400, David G. Boney wrote:
... I have also placed my rejection letters from the
> CIA and NSA on-line.
>
> http://www.seas.gwu.edu/~dboney/security.html
*Boggle*
Quoting the page:
I think the software from my dissertation would make a good open source project
for cyberweapons. It is basically designed to penetrate, install, and maintain
a surreptitious command and control system into either an industrial control
system or a military command and control system
If I were you, I'd thank NSA for sending you those two letters. If I were NSA,
I'd send you a cleaner.
Dima
--
E-mail dmaziuk at bmrb dot wisc dot edu (@work) or at crosswinds dot net (@home)
http://www.bmrb.wisc.edu/descript/gpgkey.dmaziuk.ascii -- GnuPG 1.0.4 public key
"The preposition goes in the middle of the sentence"
"That is the sort of arrant pedantry up with which I shall not put."
-- Dan Birchall and Shmuel Metz in asr
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large
Primes
Date: Thu, 07 Jun 2001 17:42:53 GMT
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> writes:
> >
> > And yes perhaps this teen (It was Gauss right?) was not a naive kid, but
> > he most likely didn't have all the math up-to-then stored in his noggan.
>
> But there *are* three points you should not miss, Tom.
>
> (1) The examples cited so far were indisputably geniuses, and
Genius is such a relative thing. For all we know Newton could have really
been a nutbag with moments of lucidity.
However, you're points are well taken. I agree that naive kids are not
likely to contribute much to advanced number theory, etc... But fresh ideas
rarely hurt !
Tom
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 17:38:33 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
:> : [EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
:> :>I looked up what Bruce Schneier has to say about perfect secrecy in A.C.
:> :>
:> :>He says this:
:> :>
:> :>``There is such a thing as a cryptosystem that achives perfect secrecy:
:> :> a cryptosystem in which the cyphertext tields no possible information
:> :> about the plaintext (except possibly its length).''
:> :>
:> :>He goes on to give Shannon's theory [...]
:> :>
:> :>IMO, Shannon has it right - while Bruce seems a bit uncertain about
:> :>whether the length is included or not.
:>
:> : No wonder people are confused. Shannon was an expert and then
:> : Mr BS comes along and do to his lack of knowledge. [...]
:>
:> Yes, that appears to have been more-or-less what has happened.
: How dare you two say this. These people you so easily belittle are actual
: cryptographers. [...]
Well Shannon was right and Bruce was not - and he instead helps propagate
an apparently widespread misconception, perhaps misleading folks like
yourself in the process.
I have respect for Bruce Scheneir as a cryptographer, and as a
popular author. While there are very many errors in A.C., that
is only to be expected in a work of that size.
It would be remiss not to point out the errors, when they are
identified.
I have reported a number of outright errors to Bruce in the past.
The misleading paragraph quoted above will probably follow.
[snip rest]
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 17:40:55 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
: I was referring to the following that you wrote previously:
: Yes it is. Consider BICOM for example. It can map a
: 8 bit cyphertext to one of some 2^128 plaintexts -
: considerably more than your figure of 2^8.
: Does the 2^128 come from using a 128 bit key for the
: AES in it and there are 2^128 possible keys for AES?
Yes.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: comp.security.misc
Subject: Re: Medical data confidentiality on network comms
Date: Thu, 07 Jun 2001 11:23:37 -0600
In article <l6sT6.22$v47.924@burlma1-snr2>, Barry Margolin
<[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> wtshaw <[EMAIL PROTECTED]> wrote:
> >If my doctor violated his position, he would have to answer for it to me.
> >I try to deal with trustworthy people to start with, and most
> >professionals are.
>
> Of course. But in emergencies you generally don't have the freedom to
> choose who to deal with, or even the knowledge of who is trustworthy (you
> don't have the time for a background check when you're in the ER), yet
> emergency personnel may need access to your personal information.
Much depends on temporal assessment. If you have a prior serious
condition, best to carry a card to facilitate matters or wear an ident
bracelet. I carry the cards of my care givers with a summary note on the
back. All the records in the world may not be useful.
>
> If we could trust all professionals to act ethically, we wouldn't need
> privacy laws in the first place.
>
Privacy laws should confirm ethics as mandates for the unethical.
--
She Done Gone Upwind--proposed title for a book about the legal
entanglement of the lady who wrote a version of Gone With the
Wind from a slave's point of view.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: comp.security.misc
Subject: Re: Medical data confidentiality on network comms
Date: Thu, 07 Jun 2001 11:43:33 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Richard D.
Latham) wrote:
> Do you have an opinion on the new HCFA security regulations ?
>
Probably...pick a point. At the moment, I'm pretty well stressed-out from
my trip to Atlanta, grouchy, running a temperature, and tend to chew on
folks for the least reason. Please pardon my being in sort of a blur and
wish regain my composure, such that it is. God, I feel awful.
I did make a relevant statement; hope it made network air, but I sort of
steamrolled beyond what they thought I was going to say. I had put my
mouth dangerously in automatic. Going further, I doubt the current
administration's competence to handle the public trust as they try to
distract the public. Their morals have been sold to the highest bidder
and regulations may be dismissed in a whim. I did mentiion ethics for the
unethical...seems to fit here.
--
She Done Gone Upwind--proposed title for a book about the legal
entanglement of the lady who wrote a version of Gone With the
Wind from a slave's point of view.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 17:57:38 GMT
[EMAIL PROTECTED] wrote:
: Tim Tyler <[EMAIL PROTECTED]> writes:
:> You dare to misquote me in the course of misrepresenting my postion.
: Reread your posts with great care. You consistently make the space of
: messages infinite (if people suggest that padding solves your problem),
: but then make it finite (when people reply that your preceding remark
: implies that perfect secrecy is impossible). The exact words with which
: you perform the switch are completely irrelevant to this issue.
Padding can solve the problem if the message space is finite, and not if
it is infinite.
Perfect secrecy is possible for finite sets of finite messages, and not
for infinite sets of finite messages (e.g. the conventional OTP).
These are the facts, what is your problem?
: Actually, it would be better if you attended some math courses before
: discussing the subject again. It's fairly clear that you have little
: or no mathematical background whatsoever.
: Suffice it to say, you will never convince anyone of your claims for
: BICOM, if you don't even know what a proof is, or how to go about
: constructing one.
: Anyway, you did a neat job of ignoring the points I made, which
: address the heart of your problems. To wit:
: 1. Number of plausible messages in the space of all messages of size 2510
: bytes or less. This can be estimated reasonably (and conservatively) at
: 2^5 000. Since the space of all binary files up to 2510 bytes has size
: around 2^20 000, the probability of a random file up to 2510 bytes being a
: plausibly mistaken for an English message is something like 1 in 2^15 000,
: or effectively zero.
: 2. Density of binary files up to 2510 bytes whose preimage under BICOM
: is ``plausible'': I have no idea. I'm willing to bet, however, that
: the odds of a BICOM preimage being ``plausible'' is essentially
: zero. Can you prove that the probability of a random 2510-byte-or-less
: file having a plausible decompression is larger than 1 in 2^20 000?
: (If you can even prove, for random files of size 1024 bytes or less, that
: plausible BICOM preimages are likelier than 1 in 2^1 000, then I'll keep
: you in beer for the next six months.)
: 3. If you want at least one false positive to be found for at least 1%
: of ciphertexts being brute-forced, assuming 128-bit keys, then the
: probability of plausible BICOM preimages of files up to 1024 bytes
: long, must be in the ballpark of 1 in 2^13. Can you prove anything
: remotely resembling that?
Those points indicate that the chance of getting a false positive in the
system you describe are small.
What has that got to do with anything I have written about the subject in
the past?
My claim is that the chances of collisions are generally greater if
compression has been employed than if not.
I also claim that there are systems where the chances of collisions
arising are high.
Yes there are systems where the chances of collisions are low - so what?
: You see, it's ``obvious'' to you that BICOM improves secrecy, because
: there are ``lots'' of keys to try, and ``lots'' of plausible files
: that shrink under BICOM--even though there are ``lots'' of files in
: total.
: Your problem boils down to this: you haven't the faintest idea what
: ``lots'' means--and in the three uses above, ``lots'' varies by
: thousands of orders of magnitude.
Compression increases the chances of trial decrypts producing plausible
messages by increasing the unicity distance of the overall system.
I'll refrain for the moment from speculation on what /your/ problem is
out of courtesy.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 18:08:43 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> :> SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
> :> : [EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>
> :> :>I looked up what Bruce Schneier has to say about perfect secrecy in
A.C.
> :> :>
> :> :>He says this:
> :> :>
> :> :>``There is such a thing as a cryptosystem that achives perfect
secrecy:
> :> :> a cryptosystem in which the cyphertext tields no possible
information
> :> :> about the plaintext (except possibly its length).''
> :> :>
> :> :>He goes on to give Shannon's theory [...]
> :> :>
> :> :>IMO, Shannon has it right - while Bruce seems a bit uncertain about
> :> :>whether the length is included or not.
> :>
> :> : No wonder people are confused. Shannon was an expert and then
> :> : Mr BS comes along and do to his lack of knowledge. [...]
> :>
> :> Yes, that appears to have been more-or-less what has happened.
>
> : How dare you two say this. These people you so easily belittle are
actual
> : cryptographers. [...]
>
> Well Shannon was right and Bruce was not - and he instead helps propagate
> an apparently widespread misconception, perhaps misleading folks like
> yourself in the process.
>
> I have respect for Bruce Scheneir as a cryptographer, and as a
> popular author. While there are very many errors in A.C., that
> is only to be expected in a work of that size.
There are typos and a few math errors (his use of RSA for a hash for
example).
But so far I fail to see how knowing the length of the plaintext reveals any
information contained within the plaintext.
You fail to solve even the most trivial of examples I pose.
Solve for example
55 = P + K mod 256
What is P and K?
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
