Cryptography-Digest Digest #555, Volume #14 Thu, 7 Jun 01 17:13:00 EDT
Contents:
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (John Myre)
Re: Notion of perfect secrecy (Tim Tyler)
Re: better yet, perfect secrecy => who cares? (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: better yet, perfect secrecy => who cares? ("Tom St Denis")
Simple C crypto ("Dirk Bruere")
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
Re: Alice and Bob Speak MooJoo ("Robert J. Kolker")
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic)
([EMAIL PROTECTED])
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 7 Jun 2001 19:49:37 GMT
[EMAIL PROTECTED] (John A. Malley) wrote in
<[EMAIL PROTECTED]>:
>
>Tim Tyler wrote:
>>
>
>>
>> : You probably question whether such usage leads to
>> : Shannon's perfect security which, as you said, is claimed
>> : to be a property of OTP. However, I don't see where in the
>> : literature about OTP (in connection with perfect security)
>> : the length enters into the argumentation, i.e. plays a role
>> : in the proof.
>
>Shannon's paper "Communications Theory of Secrecy Systems" addresses
>this. Perfect secrecy is a property of the OTP (i.e. the Vernam cipher
>specifically cited in that paper) AND message length DOES enter into the
>argument. However, using an OTP is NOT required for perfect secrecy when
>the set of messages is finite. :-)
>
>>
>> I also think that it's not mentioned. I beleive it is common to
>> consider the domain where all plaintexts are the same length -
>> perhaps in order to get the "perfect secrecy" result.
>>
>> : My memory of Shannon's paper is no good, but I don't think that he
>> : considered the length of the messages.
>>
>> I don't think it was mentioned either - all the messages were the same
>> length in the system in question.
>> --
>
>Shannon's important paper on cipher systems carefully considers the
>length of the messages. Shannon shows the OTP is NOT required for a
>finite set of messages to give perfect secrecy. (I've posted on this
>before, given examples of such ciphers, just search google or drop me a
>note by email for more specific examples. :-) )
>
>The OTP is required for message sources with an infinite number of
>messages. From page 682 of "Communications Theory of Secrecy Systems",
>C. E. Shannon, Bell System Technical Journal, pp. 656-715, 1949:
>
>"The situation [perfect secrecy] is somewhat more complicated if the
>number of messages is infinite. Suppose, for example, that they are
>generated as infinite sequences of letters by a suitable Markov process.
UNforutunutely your missed most of the paper. We are taking about
the simple system where you have a fintie number of messaages. Of
versus lengths. And since for perfect security you can't have more
than one residue class. If one used an OTP that only encrypts to the
end of the message actaully sent. You have imediatly form a series
of different residue classes based on input message length. THerefore
usuing it that way would not be "perfect security".
Try taking another look.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 14:01:18 -0600
Tim Tyler wrote:
<snip>
> I see. You think you know better how to explain how Matt Timmermans
> compressor operates than Matt Timmermans himself.
<snip>
Where does that come from? Matt isn't posting, you are.
On the whole, Len's posts are more convincing to me than
yours are. He may be wrong, but he's not an idiot. If I
were you, I'd try to figure out what his point is.
JM
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Notion of perfect secrecy
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 19:55:30 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> An OTP doesn't have perfect secrecy - the cyphertext leaks information
:> about the length of the plaintext.
:>
:> If you don't believe me, just read the definition of perfect secrecy.
: I don't get why the length of the message tells you more than say when you
: sent it. To me this is a moot point. [...]
Talk to Shannon not me. He defined perfect secrecy so that it was a
characteristic of a cyphermachine. The cyphermachine can control the
length of the message - but it has no say in when the message
actually gets sent.
:> "Unicity distance", "bijection", "ctr mode", "perfect secrecy" - it
:> seems to be just one thing after another these days in a long stream
:> of mistakes ;-/
: I may have gotten the two first wrong but as far as CTR and perfect secrecy
: goes you haven't moved me.
OK, perhaps time will tell on the last two - or perhaps we'll remain at
odds over whether a conventional OTP has perfect secrecy and whether
the fact that an 8-bit cyphertext in CTR mode only has 256
possible plaintexts associated with it might be a security problem.
: Also you're use of bijection seems like a vast abuse. A cipher in CTR mode
: is bijective with an alphabet of 0..255. I.e if you encode a 32-bit message
: with a cipher in CTR mode, then all 32-bit strings will map onto another
: 32-bit string, and vice versa. It's a bijection. Hence CTR mode is
: bijective.
Yes, CTR mode (with a fixed key) may easily be described as a bijection.
Did I ever say otherwise?
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: better yet, perfect secrecy => who cares?
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 19:57:10 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: You two seem to have an esoteric (i like that word) view on what "secrecy"
: is all about.
: I say if youcan't solve
: 55 = P + K mod 256
: I have obtained perfect secrecy since by 1 byte message is completely hidden
: from your eyes.
We're using the term "perfect secrecy" in a technical sense, following
Shannon's usage.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 7 Jun 2001 20:04:59 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<JyOT6.51450$[EMAIL PROTECTED]>:
>
>How dare you two say this. These people you so easily belittle are
>actual cryptographers. Just because you're too slow, ignorant and mean
>to figure out things when people repeatedly try to set you straight
>doesn't mean others are as stupid as you are.
>
Actually TOM I would bet money I have more math classes than
MR BS. Is is actaully a physist, I was a math major that switched to
electrical engineering so I could take more math. A minor in fields
and waves. My masters is in control theory. So though I write like
shit I would not say I was uneducated about such things. Its quite
possible he misunderstood Shannon. I read some of his commonents on
compression from verious sources I think he is cluesless in the
field to.
>You're notions of "what is right" are so off base it's almost sad. I
>bet if you guys ever got a job as a network security type you would get
>fired within 3 minutes after proposing vastly inefficient and hoky-poky
>systems.
ACtaully worked several years in charge of a UNVIAC main frame
exec including the security of it so as usual your full of shit.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 20:02:57 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> :> : If you have an 8-bit ciphertext all 256 plaintexts are equally
:> :> : probable. That follows this distribution.
:> :>
:> :> I am not considering a system with only 256 possible plaintexts.
:> :> That's a toy system, with no practical use.
:>
:> : I disagree. RC4 only has 256 possible plaintexts and it's not a TOY
:> : cipher.
:>
:> RC4 is a stream cypher - where the notion of plaintext/cyphertext pairs
:> is not very meaningful unless you talk about whole messages. If I were
:> to count the number of plaintexts RC4 accepts I would say it was infinite.
: This just furthers the idea your a crank. How can the size of an RC4
: message possibly be infinite when RC4 can only be in a finite number of
: states?
Well, this is an aside, so I'll try to be brief:
If you think RC4 can only be used to encrypt a finite number of
plaintexts, what's the largest plaintext it can be used on?
:> :> Finite plaintexts can produce perfect secrecy.
:>
:> : Not so.
:>
:> More erroneous statemnts by Tom. Will he never give up?
: How then?
I think I covered that in the message you're replying to:
Say you only have ten possible messages...
--
__________
|im |yler http://rockz.co.uk/ http://alife.co.uk/ http://atoms.org.uk/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: better yet, perfect secrecy => who cares?
Date: Thu, 07 Jun 2001 20:14:19 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> : You two seem to have an esoteric (i like that word) view on what
"secrecy"
> : is all about.
>
> : I say if youcan't solve
>
> : 55 = P + K mod 256
>
> : I have obtained perfect secrecy since by 1 byte message is completely
hidden
> : from your eyes.
>
> We're using the term "perfect secrecy" in a technical sense, following
> Shannon's usage.
Ok. Well I guess I will concede. We are not as perfect as you.
Tom
------------------------------
From: "Dirk Bruere" <[EMAIL PROTECTED]>
Subject: Simple C crypto
Date: Thu, 7 Jun 2001 21:13:01 +0100
Hi
I'm looking for a simple algorithm to code text that is pretty difficult to
break for an amateur without custom s/w.
I had thought of something like (say) a 16 bit number, to be XORed with
chars, and then this shifted each time it is re-used.
Any suggestions for something better? Or freeware code available for me to
copy into my application?
The latter will be a commercial product that needs a certain amount of
security to prevent unauthorised laypeople tampering with results, but not
DES, RSA etc
Dirk
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 20:16:30 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Tom St Denis) wrote in
> <JyOT6.51450$[EMAIL PROTECTED]>:
>
>
> >
> >How dare you two say this. These people you so easily belittle are
> >actual cryptographers. Just because you're too slow, ignorant and mean
> >to figure out things when people repeatedly try to set you straight
> >doesn't mean others are as stupid as you are.
> >
>
> Actually TOM I would bet money I have more math classes than
> MR BS. Is is actaully a physist, I was a math major that switched to
> electrical engineering so I could take more math. A minor in fields
> and waves. My masters is in control theory. So though I write like
> shit I would not say I was uneducated about such things. Its quite
> possible he misunderstood Shannon. I read some of his commonents on
> compression from verious sources I think he is cluesless in the
> field to.
Either your handicapped or you're full of crap. No educated person would
make so many simple grammatical errors.
Is English your native tongue?
> >You're notions of "what is right" are so off base it's almost sad. I
> >bet if you guys ever got a job as a network security type you would get
> >fired within 3 minutes after proposing vastly inefficient and hoky-poky
> >systems.
>
> ACtaully worked several years in charge of a UNVIAC main frame
> exec including the security of it so as usual your full of shit.
I'll bet.
tom
------------------------------
From: "Robert J. Kolker" <[EMAIL PROTECTED]>
Subject: Re: Alice and Bob Speak MooJoo
Date: Thu, 07 Jun 2001 16:17:39 -0400
Janne Tuukkanen wrote:
delete response in Elvish.
A student of J.R.R.Tolkien could decode that.
Bob Kolker
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 20:10:39 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> :> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> :> :> "perfect secrecy is defined by requiring of a system after a
:> :> :> cyptogram is intercepted by the enemy the a posteriori probabilites
:> :> :> of this cryptogram representing various messages be identaically
:> :> :> the same as the a priori probabilites of the same message before the
:> :> :> interception."
:> :> :> If the length of the plaintext is revealed by the cyphertext, this
:> :> :> condition does not hold.
:> :> : If you have an 8-bit ciphertext all 256 plaintexts are equally
:> :> : probable. That follows this distribution.
:> :>
:> :> I am not considering a system with only 256 possible plaintexts.
:> An OTP with only 256 possible plaintexts is a toy system, with no
:> practical use.
: An OTP can encrypt 1 bit or 100000 bits or 10E33 bits. It's not limited to
: 8 bits. i just used an eight bit message to show your fallacy.
You seem to have severely lost the plot then.
You gave an example where the condition (at the top of this message) held
...but it was only for a system with 256 cyphertexts.
If you enlarge the number of cyphertexts in your system, the condition no
longer holds - since there are now going to be some messages of different
lengths in it.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
From: [EMAIL PROTECTED]
Date: 07 Jun 2001 16:32:43 -0400
"Tom St Denis" <[EMAIL PROTECTED]> writes:
> <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > "Tom St Denis" <[EMAIL PROTECTED]> writes:
> > > "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > >>
> > >> Not "no clues apart from the length", but "no clues at all".
> > >
> > > Yes, but you cannot invent a cipher to avoid this. You would need an
> > > infinite length plaintext.
> >
> > You're a loon. ;-)
>
> Why? If the length is suppose to be hidden there can be no finite length
> on the input length. Otherwise it could be known.
Joke, see? That's what you called me the other day when I said the
very same thing.
Len.
--
The moment you run that, a local attacker can take over your machine.
Isn't security fun?
-- Dan Bernstein
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 20:18:24 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> :> : I fail to see how knowing the length of the plaintext reveals any
:> :> : information contained within the plaintext.
:> :>
:> :> It lets you rule out plaintexts that were previously possible, and
:> :> give them a probability of zero.
:> :>
:> :> Shannon states that for perfect secrecy the cyphertext must not
:> :> give *any* clues to the plaintext.
:> :>
:> :> Not "no clues apart from the length", but "no clues at all".
:>
:> : Yes, but you cannot invent a cipher to avoid this. You would need an
:> : infinite length plaintext.
:>
:> A stream cypher can manage it (infinite plaintext as you say) [...]
: Um a stream cipher cannot encrypt an infinite length plaintext without
: infinite memory. (Fact of math)
Well, strictly speaking it seems likely that nothing can encrypt an
infinite plaintext because the universe will burn out while it tries.
That aside, memory does not stop stream cyphers from encrypting large
messages, since the stream doe snot need to be stored all at once.
Why would you think otherwise?
:> There's nothing about the definition of a cypher that says it must be able
:> to handle messages of arbitrary length.
: This is so meaningless I can't cope. A cipher is not formally defined to be
: anything. It's technically a jargon word we use in place of a series of
: ideas that encapsulate what we think of as a cipher.
Try this then:
http://www.io.com/~ritter/GLOSSARY.HTM#Cipher
See anything about necessarily having to handle messages of arbitrary
length there?
:> I claim an OTP which has to deal with messages of differing lengths
:> doesn't have perfect secrecy.
:>
:> A rather obvious claim if have the definition of perfect secrecy in
:> front of you - e.g.:
:>
:> ``The unbreakable strength delivered by a cipher in which all possible
:> ciphertexts may be key-selected with equal probability given any
:> possible plaintext. This means that no ciphertext can imply any
:> particular plaintext any more than any other.''
:>
:> - http://www.io.com/~ritter/GLOSSARY.HTM#PerfectSecrecy
: I fail to see "particular plaintext of an infinite domain".
: What I don't get is even BICOM (which you support) cannot supply this
: property either!
Indeed not - unless there are only a finite number of messages.
Just because I like something that doesn't mean I think it's perfect.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 20:42:10 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
> :> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
> :> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> :> :> : I fail to see how knowing the length of the plaintext reveals any
> :> :> : information contained within the plaintext.
> :> :>
> :> :> It lets you rule out plaintexts that were previously possible, and
> :> :> give them a probability of zero.
> :> :>
> :> :> Shannon states that for perfect secrecy the cyphertext must not
> :> :> give *any* clues to the plaintext.
> :> :>
> :> :> Not "no clues apart from the length", but "no clues at all".
> :>
> :> : Yes, but you cannot invent a cipher to avoid this. You would need an
> :> : infinite length plaintext.
> :>
> :> A stream cypher can manage it (infinite plaintext as you say) [...]
>
> : Um a stream cipher cannot encrypt an infinite length plaintext without
> : infinite memory. (Fact of math)
>
> Well, strictly speaking it seems likely that nothing can encrypt an
> infinite plaintext because the universe will burn out while it tries.
>
> That aside, memory does not stop stream cyphers from encrypting large
> messages, since the stream doe snot need to be stored all at once.
> Why would you think otherwise?
Because a finite state machine can only be in a finite number of states.
Think about it. You have a private state for a PRNG of size X bits. Where
X < oo. This means the PRNG can be in at most 2^X states. Where 2^X < oo
as well. Hence....
> :> There's nothing about the definition of a cypher that says it must be
able
> :> to handle messages of arbitrary length.
>
> : This is so meaningless I can't cope. A cipher is not formally defined
to be
> : anything. It's technically a jargon word we use in place of a series of
> : ideas that encapsulate what we think of as a cipher.
>
> Try this then:
>
> http://www.io.com/~ritter/GLOSSARY.HTM#Cipher
>
> See anything about necessarily having to handle messages of arbitrary
> length there?
Cipher, despite what you want to think, is not a real english or
mathematical word. It's slang.
In math we would use PRF or something to that effect. In english we would
say "a transform with ... properties".
> :> I claim an OTP which has to deal with messages of differing lengths
> :> doesn't have perfect secrecy.
> :>
> :> A rather obvious claim if have the definition of perfect secrecy in
> :> front of you - e.g.:
> :>
> :> ``The unbreakable strength delivered by a cipher in which all possible
> :> ciphertexts may be key-selected with equal probability given any
> :> possible plaintext. This means that no ciphertext can imply any
> :> particular plaintext any more than any other.''
> :>
> :> - http://www.io.com/~ritter/GLOSSARY.HTM#PerfectSecrecy
>
> : I fail to see "particular plaintext of an infinite domain".
>
> : What I don't get is even BICOM (which you support) cannot supply this
> : property either!
>
> Indeed not - unless there are only a finite number of messages.
>
> Just because I like something that doesn't mean I think it's perfect.
Yes, but my problem is perhaps you're right and knowing the length is a
fault of PERFECT secrecy. So what... Who cares?
I don't see alot of academia calling for "length hiding transforms" because
the length as I have said before, typically doesn't convey the message.
For example, "Tom was here to prove a point" may compress to 31 bits using
a huffman codec. Both versions of the text MEAN the same thing but the
lengths are different. What can we say here? That the length gives us info
about the message? That's patently wrong!
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 20:43:01 GMT
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> writes:
>
> > <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > "Tom St Denis" <[EMAIL PROTECTED]> writes:
> > > > "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > >>
> > > >> Not "no clues apart from the length", but "no clues at all".
> > > >
> > > > Yes, but you cannot invent a cipher to avoid this. You would need
an
> > > > infinite length plaintext.
> > >
> > > You're a loon. ;-)
> >
> > Why? If the length is suppose to be hidden there can be no finite
length
> > on the input length. Otherwise it could be known.
>
> Joke, see? That's what you called me the other day when I said the
> very same thing.
Oh ... oops I'm a jerk. sorry. I think I will call a recess from posting
in this thread!
Arrg... I've got tons of homework todo for monday...
Tom
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 20:36:15 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: In an OTP like system, it's not that guessing the message is hard or
: improbable. It's that it's IMPOSSIBLE.
Oh you can guess the message. You can even get it right sometimes.
The problem is knowing when you've done that.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Jun 2001 20:34:27 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : Shannon was talking from an information theoretic standpoint. Not some
:> : esoteric view. If you have M possible messages and the prob of any one
:> : message being the correct one is 1/M, then shannon (and any finite
:> : student) would conclude you have perfect secrecy from a math related
:> : attack.
:>
:> Yes indeed. That is not under dispute.
: Um, then why are you posting? You just agreed that shannon proved an OTP is
: provably secure.
Shannon proved an OTP was secure - *if* all the messages were half
infinite streams.
If you have M possible messages and the prob of any one message being the
correct one is 1/M then we are not dealing with an OTP with messages of
varying lengths in the first place.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 20:46:57 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> :> : Shannon was talking from an information theoretic standpoint. Not
some
> :> : esoteric view. If you have M possible messages and the prob of any
one
> :> : message being the correct one is 1/M, then shannon (and any finite
> :> : student) would conclude you have perfect secrecy from a math related
> :> : attack.
> :>
> :> Yes indeed. That is not under dispute.
>
> : Um, then why are you posting? You just agreed that shannon proved an
OTP is
> : provably secure.
>
> Shannon proved an OTP was secure - *if* all the messages were half
> infinite streams.
"half infinite streams"? That's meaningless. You can take half of oo since
oo/2 = oo.
> If you have M possible messages and the prob of any one message being the
> correct one is 1/M then we are not dealing with an OTP with messages of
> varying lengths in the first place.
An OTP as far as I am concerned is defined by
1. Message is as long as key.
2. Each bit of key is used once, mixed with some invertable operation to
form the ciphertext.
I never really see the need for "infinite length text" for an OTP to be
secure.
Perhaps if you defined your threat model this would make sense. Why in your
world is knowing the length of the message a threat?
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 20:47:56 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> : In an OTP like system, it's not that guessing the message is hard or
> : improbable. It's that it's IMPOSSIBLE.
>
> Oh you can guess the message. You can even get it right sometimes.
>
> The problem is knowing when you've done that.
Hmm yup. Which means the message is perfectly secure.
How better could you get if your chances of success is 0.0. Would you want
negative chances?
Seriously this makes no sense.
By the opposite idea, a drug that works 100% of the time.... nah I will wait
till there upto 110%
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
