Cryptography-Digest Digest #597, Volume #14 Tue, 12 Jun 01 16:13:00 EDT
Contents:
Re: Best, Strongest Algorithm (gone from any reasonable topic) (David Hopwood)
Re: National Security Nightmare? (Bill Unruh)
Re: Publication violation notice (Bill Unruh)
Re: Publication violation notice ("Roger Schlafly")
Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Mok-Kong Shen)
Re: help non-elephant encryption ("Joseph Ashwood")
Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Mok-Kong Shen)
Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Mok-Kong Shen)
Re: Free Triple DES Source code is needed. ("Douglas A. Gwyn")
Re: One last bijection question ("Douglas A. Gwyn")
Re: National Security Nightmare? ("Douglas A. Gwyn")
Re: IV ("Cristiano")
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and (Mok-Kong
Shen)
Re: IV ("Cristiano")
Re: One last bijection question (Mok-Kong Shen)
Re: Yarrow PRNG ([EMAIL PROTECTED])
----------------------------------------------------------------------------
Date: Tue, 12 Jun 2001 16:46:41 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
=====BEGIN PGP SIGNED MESSAGE=====
Dennis Ritchie wrote:
> "Section 10. Perfect Secrecy
>
> Let us suppose the possible messages are finite in number
> M1, ..., Mn and that these are enciphered into the possible
> cryptgrams E1, ... En by
> E = TiM
> ...."
> [Ti is the transformation performed on the i-th message]
No, i here is the key. (See figure 5 for a confirmation of that.)
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOyYVkDkCAxeYt5gVAQHkewf8Dylby6iQRPy9pkPq1v3Zof8/PBaKKDaQ
pHCokYyJokwctmLoYNJ1arv5VZck7JynN+gW9zui39tGp5XC/8JJAAMMual5P9Fs
y3Zl9Dx3kZ+t+JpRK7JCMPnlbeLAm7zP6nK6cVrleYljWHGjfoUVrJSbbLLxGfsN
q1g2tVzfPL8mwEXiZSchN3Omfg04NAeKpfKmNueUXcKpeK6t9vIWWapqtt5bJ9IE
oO77K5b9vtjlNAjTxso/l8eW2e28y0wDyDn3NOYhLC1lZmV/qtZEHBPqHQ+knL5m
jW2FuG+AyXHH7iAbEvaBtEzUfi1Vl7UoxkYIoctW20ZoH5MFynGTFQ==
=x5u1
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: National Security Nightmare?
Date: 12 Jun 2001 18:28:12 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Jim D) writes:
]On Tue, 12 Jun 2001 02:34:48 +0200, "Boyd Roberts" <[EMAIL PROTECTED]>
]wrote:
]>"Mok-Kong Shen" <[EMAIL PROTECTED]> a ecrit dans le message news:
][EMAIL PROTECTED]
]>> In France I heard that there is a national instute
]>> that decides authoritatively on language issues of French.
]>
]>yes, you are referring to L'Academie Francaise.
]>
]>what a waste of space. here is two of the more recent
]>and totally stupid rulings they made:
]>
]> CD -> cede
]> [e]mail -> mel
]>
]>both CD and mail had been in current use for years.
]In America, maybe. It's just that, like me, they object
]to their language being polluted by Americanisms.
In the world.
]>> Is there a similar one for the English world?
]There ought to be. In the UK at least.
For a language most of which is the result of "pollution" by a huge
variety of other languages, such a proposal would be funny. Get rid of
the words curry, or chutney. Abandon the words like beef and pork. Where would
you like the line drawn? Celtic only for Britain-- oops they were also
outsiders bringing in their polluting words-- get rid of the word
Britain.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Publication violation notice
Date: 12 Jun 2001 18:34:08 GMT
In <[EMAIL PROTECTED]> "Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
]Paul Rubin wrote:
]> someone tried to send a chess openings book to a prisoner, and the
]> prison refused delivery because it "contained code throughout".
]Not surprising. Censors in general (e.g. postal censors during
]wartime) have to have some such policy, because it is in fact
]easy enough to encrypt messages within such schemes, and the
]censors don't have the resources to try to analyze the material
]closely enough to ensure that nothing is hidden within.
]In the case of a printed book from a well-known publisher,
]there is less chance of this than in a privately printed copy,
]but policies like this one tend to err on the side of caution.
No, they err on the side of stupidity.
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: Publication violation notice
Date: Tue, 12 Jun 2001 17:32:54 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Paul Rubin wrote:
> > someone tried to send a chess openings book to a prisoner, and the
> > prison refused delivery because it "contained code throughout".
> Not surprising. Censors in general (e.g. postal censors during
> wartime) have to have some such policy, because it is in fact
> easy enough to encrypt messages within such schemes, and the
> censors don't have the resources to try to analyze the material
> closely enough to ensure that nothing is hidden within.
> In the case of a printed book from a well-known publisher,
> there is less chance of this than in a privately printed copy,
> but policies like this one tend to err on the side of caution.
Someone clever enough to send coded messages in the chess
moves in a printed book is probably clever enough to use other
means of steganography.
Keep in mind also that prison officials have elaborate means
for jerking prisoners around in order to create incentives for
more favorable behavior. This could be one of those.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY
Date: Tue, 12 Jun 2001 21:01:31 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
> >
> >But measures should have adquate (intuitionally reasonable)
> >interpretations, I suppose. If a security measure
> >says 0 security, then one would 'very naturally' think
> >that that means no protection at all, isn't it?
> >
>
> But if you don't realize that it has no information
> theoritic security. Yout less likely to fall into the
> trap that many programs fall into. Which is to ignore
> all other possible security features except the hopeful
> counting on of a hard to exploit work factor. Many
> encryption pregorams could at least offer some safety
> if they wished. Such as PGP.
It is my view that such a measure is not an appropriate
measure for practical use, if it radically contradicts
indutition. (I would even think that could be an
indication to re-think about the foundation that lead
to such a measure.)
>
> >I don't think that something that is at the disposal
> >of the opponent but requires a time of eternity to
> >exploit isn't equivalent to 'no information' to the
> >opponent, on the other hand.
>
> All those so called time to eternity to exploit are
> based on no one finding simple ways to exploit a break.
> If history has any lessons. It is thats its foolish to
> smuglly sit by and hope that its hard to break. One should
> always strive to add what ever security one can. To put
> all your eggs in one basket is surely the recipe for
> desaster. But that seems to be what AES is all about.
I am not clear what main ideas you are expressing. Are
you saying that AES is excellently good or the opposite?
M. K. Shen
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: help non-elephant encryption
Date: Tue, 12 Jun 2001 11:36:56 -0700
There are numerous indicators that they are not as they would have you
believe.
In the first paragraph they imply that they will be dealing with copyright
protection, this is a laughable concept, just see the work on SDMI for why
this is a foolish idea.
Their statement that the current algorithms are based on number theory is
correct, however their implied claim that theirs is not is trivially
incorrect.
Their claim that current algorithms use techonology 20 years old is also
incorrect, perhaps they are referring to 3DES, but their lack of ability to
state it makes them a dubious thing to believe. This is plainly false, as
much as I dislike the product one could indicate Szopa'a OAP-L3 as an
encryption product that does not utilize 20 year old technology.
Their use use Public Key Infrastructure is incorrect. A PKI is simply a
method of linking a public key to a name in some trusted way. It is the
encryption not the infrastructure that utilizes both symmetric and
asymmetric algorithms.
They use a proprietary, unpublished Key Agreement Protocol, this is a very
bad idea. For proof of this see the broken bodies of dismembered knapsack
algorithms lying on the side of the metaphoric road.
They claim to offer perfect security. I shouldn't have to deal with this one
directly, but they said it so I'll respond. Shannon proved that to have
perfect security you must (in this case) have a key as long as the data
being encrypted. Since there are infinite streams around, the key must be
infinite. They have somehow in key agreement where a finite amount of
information was transferred, transferred an infinitely long perfectly random
sequence. This is impossible, plain and simple.
Based on the evidence presented I move to condem "Non-Elephane Encryption
Systems Inc (NE2)" to a status of Snake-Oil.
Joe
"sd" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> i sure would appreciate any info to validate claims of
> www_e-cryption_com.html proprietary key agreement protocol and digital
> "fingerprint" system engineered to achieve
> perfect digital identification. new 'standard to replace PKI?'
> thanks.
>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY
Date: Tue, 12 Jun 2001 21:12:41 +0200
[EMAIL PROTECTED] wrote:
>
> > [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
> >> If a security measure says 0 security, then one would 'very naturally'
> >> think that that means no protection at all, isn't it?
>
> ``Information-theoretic security'' is not synonymous with ``security''.
> The former means ``Even if the bad guy has found my key, and read my
> message, he still can't be certain whether he's read the correct message
> or found the correct key.'' The latter simply means ``the bad guy can't
> read my message.''
>
> You can look at it this way. Factoring is at least NP (and possibly
> P). So if the bad guy is told, ``Here's Mok's private key,'' he can
> verify in polynomial time that he actually has the correct key--thanks
> to your public key. So he can be absolutely sure that he has read your
> message correctly. That's ``zero information-theoretic security.''
If he gets the private key (or the key in symmetric case),
then, of course, the security is zero. But we are
talking about the case where the opponent has the public
key. If it takes a time for the opponent that is for
all practical purpose equivalent to infinity (say
thirty years) to obtain the private key, then one is
entirely safe, isn't it? (That is the polynomial time
bound need only be above a certain threshold.) An analogy
would be the opponent has a real (physical) key for
opening something but that key is inside a safe and he
couldn't crack that safe. It is true that he IS really in
possession of that key yet he can't get to it timely
and use it. I think this is fairly evident.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY
Date: Tue, 12 Jun 2001 21:15:46 +0200
Tim Tyler wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> : Tim Tyler wrote:
> :> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> :> : John Savard wrote:
>
> :> :> It is not surprising, however, that today cryptography is concerned
> :> :> mainly with an area about which Shannon said little, other than to
> :> :> give it a name: the work factor. Particularly as the extreme utility
> :> :> (and practicality, and convenience) of the 'public-key' methods has
> :> :> made them central to most modern employment of cryptographic
> :> :> techniques, despite the fact that their security, in the
> :> :> information-theoretic sense, is precisely nil.
> :>
> :> : But, if something that is practically secure is of
> :> : precisely nil security in the information-theoretical
> :> : sense, that means a big contradiction to intuition/
> :> : common-sense, isn't it? [...]
> :>
> :> All the information necessary to read a public key message
> :> resides in a combination of the message and the public key - and
> :> both should be considered to be available to the attacker.
> :>
> :> If only he could factor (or whatever) the public key he would
> :> be able to read the message. He has all the information necessary
> :> to do this at his disposal - but alas, the task takes a lot of effort
> :> to perform.
> :>
> :> The "information-theoretic" security of such a system can
> :> usefully be though of as being nil.
>
> : But measures should have adquate (intuitionally reasonable)
> : interpretations, I suppose. If a security measure
> : says 0 security, then one would 'very naturally' think
> : that that means no protection at all, isn't it?
>
> That's why I qualified what sort of security was under discussion.
>
> "Information-theoretic" security is what you need *if* you face a
> computationally unbounded attacker.
>
> Nil protection is what you get if you use RSA in the face of such an attacker.
>
> For the more common type of attacker, "work factor" security may be enough.
>
> One of the problems with "work factor" security is that it's commonly
> very hard to measure. No-one knows that the "work factor" security
> of RSA, or AES is, for example.
>
> That's one reason why "information-theoretic" security can be desirable -
> you can actually measure it.
Fine. Since we don't have such a one among us, nor do
we have God (physically) among us, we consequently don't
need that security at all.
M. K. Shen
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Free Triple DES Source code is needed.
Date: Tue, 12 Jun 2001 19:01:16 GMT
Mark Wooding wrote:
> `C/C++' is a nonsense.
There is nevertheless a useful common subset that can be used
for code that must be used in both languages. A major
constraint in C standardization has been to try to make this
subset as large and useful as possible while not strictly
"embedding" the whole of C into C++ (or vice versa).
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: One last bijection question
Date: Tue, 12 Jun 2001 19:04:52 GMT
The fact is, when talking about some function,
it is rare that one is interested in points in the codomain
other than the range corresponding to the domain of interest.
(The other points have nothing to do with the function.)
An exception is when something like analytic continuation
is being discussed, but usually such a discussion is
phrased in terms of extending the domain. (The range
comes along for free.)
I still think clouds with arrows is better.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Tue, 12 Jun 2001 19:10:03 GMT
Jim D wrote:
> In America, maybe. It's just that, like me, they object
> to their language being polluted by Americanisms.
"Polluted" is a perjorative term. English adopts words
from other languages quite readily, so there is a good
example of a language that does not have to bend every
import to fit some preconceived model.
Another example of French Academy meddling was allowing
the use of "pipeline" but requiring a change in its
pronunciation to "pee-pleen". This was an embarrassment
to French pipeliners.
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: Re: IV
Date: Tue, 12 Jun 2001 21:42:35 +0200
"Joseph Ashwood" <[EMAIL PROTECTED]> ha scritto nel messaggio
news:uPwq$rs8AHA.291@cpmsnbbsa07...
> Before I make a statement let me try to paraphrase what was said to make
> sure I understand what you're doing (there may be other problems than
> security)
Could you elaborate this point?
> You are taking a message M, creating an IV, and encrypting with some
cipher
> in CBC mode.
> Your messages are longer than 1KByte
>
> If that is correct, then what you have done has not created a weakness.
My message can be 1 byte long. If you want, you can see the answer of Tim
Tyler to know what I'm exactly doing in good english.
Thanks
Cristiano
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and
Date: Tue, 12 Jun 2001 21:51:01 +0200
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > One could say that Whitehead and Russell had persued the
> > 'wrong' goal and failed. But then which goal was/is
> > instead 'the' 'right' one? Could anyone say that? I am
> > not sure that one can.
>
> Sure we can. In this particular case, we now know that
> the program could not be completed, not even in principle.
So please suggest such a goal for the future scientists.
>
> > ... Do you think there is
> > always ground to blame, when a scientist fails to
> > achieve or fully achieve his goal?
>
> You're making something out of this that I never intended.
> Recall that what I said was:
> > PM is famous because it was an ambitious attempt to
> > implement a model of mathematics which we now know
> > to be wrong.
> What specifically is objectionable in that?
A logical model is wrong, if it is not consitent. A
model may be inappropriate for one's purpose and hence
one needs to search for another more suitable one.
>
> > > A major motivator was the hope that thereby all antinomies
> > > could be eliminated. But the mechanism introduced for
> > > that purpose was awkward and unnatural. Today we take
> > > different approaches for such matters. For example:
> > > Tightest form of antinomy: "This statement is false."
> > > Is that statement true or false, or neither, or what?
> > > A simple, *stable* solution is to treat the truth value
> > > on a continuum, or in other words, to apply fuzzy logic;
> > > then the statement has a truth value of (true+false)/2,
> > > which is 0.5 using true=1 and false=0, or 0 using
> > > true=1 and false=-1. (There is a theorem to the effect
> > > that this approach solves all logical antinomies.)
> > > There is actually a connection with cryptanalysis lurking
> > > in this approach, in that one can treat Boolean variables
> > > as fuzzy; then a *mutually contradictory* or "incorrect"
> > > (according to "hard" logic) assignment of values to
> > > variables no longer stymies further solution. (Think
> > > eigenvalue convergence, etc.)
> > There are in fact many many kinds of logics. Fuzzy logic
> > is only one of that many many, though due to practical
> > applications many engineers are nowadays also quite
> > knowledgeable in that. There is nothing that could be
> > regarded as 'the' logic. The 'diversity' is very high
> > and only comparatively few real specialists in logics
> > could oversee the entire field. (I was so told by a
> > person who has studied math and apparently has delved
> > quite a bit into logics). My knowledge in logics is
> > very meager. (Excepting some familiarity with automated
> > deduction, my current knowledge in logics is practically
> > null.) Hence I have a possibly very very dumb question:
> > Does the theorem you mentioned have essential
> > implications to the other subfields of logics or is it
> > limited in its significance to fuzzy logic? If the
> > former case, in which sense/manner would be its impact?
>
> I'm well aware of the variety of "logics". However, the
> class of fuzzy logics (differing only in the exact formulae
> for the result on a combining operator) are especially
> applicable to such problems, and as I indicated, allow real
> implementations of solutions to very real problems.
>
> My original point in this regard was that we have more
> useful ways of resolving antinomies than PM's ramified
> theory of types.
There is no question of the value of fuzzy logic. It
has lots of uses. But there are other logics that one
needs in other situations. I was basically asking whether
the discovery of that particular theorem could assist
(e.g. give helpful hints to) other logics to get free
from the antinomies.
>
> > And could you also give a pointer (book, page number)
> > to the theorem?
>
> Not right away, but it's probably mentioned in Kosko's book.
> It's pretty obvious if you have much experience with convexity.
I suppose from the above that you got some informations
elsewhere that led you to write that claim about that
particular theorem. Could you at least give some pointers
to these informations? And could you also give the title
of Kosko's book? If the matter is really very obvious to
you, then it would be very fine and kind of you that you
take correspondingly small time and effrot to post that
little additional stuff with which other people who don't
have much experience (or experience at all) with convexity
can with that book obtain a proof that is completely
understandable to them.
>
> > > > He attempted to axiomatize the whole of mathematics
> > > > but failed. But that does not mean that anything he
> > > > wrote is wrong.
> > > I don't think that is the thrust of Bourbaki. As I see it,
> > > it was to provide rigorous developments of the "standard"
> > > content of mathematics.
> > As far as I know, Bourbaki wanted to somehow encompass ALL
> > fields of math from a certain common (unified) structural
> > point of view. But some new (some yet developing) subfields
> > apparently couldn't be readily put to fit well with such
> > a common scheme, so he finally had to give up. I am not a
> > mathematician and haven't closely followed the issue, so
> > I can't ensure that this view is entirely correct. But I
> > strongly believe that his failure to achieve his goal was
> > because he was too ambitious (having set too high a goal).
>
> ? Bourbaki's books have served well as references for many
> years. That is not a "failure", especially as I understand
> the goal. This is to be contrasted with PM, which has been
> used for almost nothing since its publication. (I am aware
> of at least one significant paper that used PM's notation
> simply as a standard example, for purpose of Goedel-numbering,
> but any sufficient, notation for number-theoretic proof would
> have served as well.)
>
> > I don't think that I understand your notion of 'standard
> > content' of math. In which sense is an 'arbitrary'
> > subfield (or materials of a subfield) of math 'standard'?
>
> I don't know where "arbitrary" came from.
>
> "Standard content" means what the mathematics community
> reasonably expects to be taught to all future mathematicians.
> This naturally evolves over time, but always includes
> such areas as analysis, topology, basic abstract algebra,
> etc. There is not much "arbitrariness" about the selection;
> it consists of that which helps in learning other, more
> advanced areas.
That 'arbitrary' means 'any given', e.g. topology. But
the accumulated knowledge accumulated is huge. Is that
'standard content' for topology the average amount
taught to undergraduate students, or to graduate students
or discussed in special seminars with post-docs etc. etc.
There could be a huge difference about these categories.
>
> > Any contemporary branch of math, classical or modern,
> > theoretical or applied, is in my view rigorously founded
> > and developed. (There is no snakeoil like in crypto.)
> > So rigor has certainly always been there, whether there
> > was Bourbaki or not.
>
> Sorry, no.
> Or rather, while modern mathematicians are much better
> aware of the need for rigor than were those of over a
> century ago, a lot of their actual work is not conducted
> to the standard of rigor that is currently considered
> essential in a published paper. Rigor is applied after
> the fact, in many cases. And there have been numerous
> errors in technical mathematical papers, sometimes fixable
> and sometimes fatal.
We know that every human can err. The rigor is with
respect to the level where the material is 'located'
(used by the intended class of readers).In lower classes
of school, the result of addition of two numbers has to
been shown (i.e. worked out) in detail. In an exam in
university, one needn't show that. Provided one's result
is o.k., it doesn't mean that one is any less rigor in
the second case.
> By the way, my views on Bourbaki are influenced by having
> read what some of its members have said.
Could you please give some reference to these? Thanks in
advance.
M. K. Shen
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: Re: IV
Date: Tue, 12 Jun 2001 21:53:50 +0200
"Tim Tyler" <[EMAIL PROTECTED]> wrote:
> Cristiano <[EMAIL PROTECTED]> wrote:
>
> : I want to encrypt a file of L bytes with a block cipher in CBC mode
(like
> : RC6 or Rijndael).
> : For speed reasons I read N bytes at time (N>1024) and then I encrypt
this
> : block.
> : Every N bytes I use the IV to XORing the firsts 16 bytes of plain text.
> : Is there some weakness in this way?
>
> Very possibly. If I understand correctly, you are using the same IV and
> the same key - effectively starting again every N bytes, in order to
> get speed (through parallelism?).
Parallelism in the sense that I cipher the plain text while I read it using
the asyncronous mechanism.
> That means identical plaintexts (at those offsets) will result in
> identical cyphertexts.
Yes.
> Either a) use a different IV, or b) increment the IV, or change it in some
> way between encryptions of the N bytes. Purists would advise you to go
> for a).
Thank you for the suggestion. But could you tell me if is there any weakness
in my method?
Thanks
Cristiano
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: One last bijection question
Date: Tue, 12 Jun 2001 22:01:44 +0200
Tim Tyler wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> : Mark Wooding wrote:
> :> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> :> > These terms are explained in most textbooks on algebra, I
> :> > suppose. BTW, in terminology questions, I find it mostly very
> :> > practical to take a good dictionary/encyclopedia of math.
> :>
> :> The reason we're in this mess is that different books give different
> :> definitions. [...]
>
> : Could you please cite one book where the word 'image'
> : thoroughly replaces 'range' or where the word 'range'
> : would lead to ambiguity? [...]
>
> I don't know about books - but the words are very frequently used
> as synonyms - e.g.:
>
> ``The codomain or range of R, written range(R), is the set of elements t
> T such that (s, t) R for some s.''
> - http://www.depaul.edu/~jriely/535/book/02.pdf
>
> ``The domain of the composition f g is the domain of g, the codomain (or
> range) of this composition is the codomain (or range) of f [...]''
> - http://www.orst.edu/instruct/mth251/cq/FieldGuide/composition/lesson.html
>
> ``the domain and codomain (range) are swapped [...]''
> - http://math.boisestate.edu/~holmes/M387syllabus/node54.html
>
> ...etc.
The problem is with Mark Wooding's suggestion to replace
in future 'range' with 'image'. Now this change may be
good for some people whose books or papers mostly
employ 'image' but may on the other hand be bad for other
people whose books or papers mostly employ 'range'. Either
way, some people would get advantage/disadvantage. I
suppose a reasonable way is to find out whether the
majority would profit from that change or not through
finding the proportion of common textbooks of the one kind
to the other.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Yarrow PRNG
Date: Tue, 12 Jun 2001 20:08:38 GMT
Anton,
thanks for the inputs ... do you have a version of Yarrow that is not dependent
on SSL? It would be nice to have one that is standalone, that one can
incorporate into other apps.
Also, does the link given below include the latest Yarrow paper?
Again ... thanks ... Wilson
In article <[EMAIL PROTECTED]>, Anton Stiglic says...
>
>There is allot of "engineering decisions" that are not described
>in the description of yarrow. Also, as you noted, the code on
>counterpane's
>web site does not correspond to the description they have (it
>corresponds
>to an older version of Yarrow, for which they don't have any description
>on their web site). I hope they do something about it this sometime...
>Take a look at
> http://opensource.zeroknowledge.com/yarrow/index.html
>for notes on implementation of the protocol described in the Yarrow-160
>paper.
>
>--Anton
>
>[EMAIL PROTECTED] wrote:
>>
>> Hi All,
>>
>> I have a couple of questions about Yarrow (counterpane.com).
>>
>> 1. Has anyone reviewed the properties of the PRNG? Is it as good as it claims?
>>
>> 2. Has anyone been able to compile the freely available C code?
>>
>> 3. Does anyone have the complete implementation as described in the paper? (The
>> code included on the site is apparently, not the code which the paper
>> describes.)
>>
>> Thank you for any inputs ... Wilson
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
