Cryptography-Digest Digest #76
Cryptography-Digest Digest #76, Volume #9Sat, 13 Feb 99 00:13:03 EST
Contents:
Re: New high-security 56-bit DES: Less-DES ([EMAIL PROTECTED])
Re: RNG Product Feature Poll (R. Knauer)
Re: Transforming RC4 into a one-way hash function (Bauerda)
WW-2 German Enigma Machine For Sale (webb)
Re: New high-security 56-bit DES: Less-DES ("lyal collins")
Re: Transforming RC4 into a one-way hash function ("Peter K. Boucher")
Re: Program Idea (Casey Sybrandy)
Re: SCOTT COMPRESSION ("Eric W Braeden")
Re: RNG Product Feature Poll (Patrick Juola)
Re: hardRandNumbGen (Patrick Juola)
Re: Metaphysics Of Randomness (Patrick Juola)
Re: RNG Product Feature Poll (Patrick Juola)
Re: *** Where Does The Randomness Come From ?!? *** (Patrick Juola)
From: [EMAIL PROTECTED]
Subject: Re: New high-security 56-bit DES: Less-DES
Date: Fri, 12 Feb 1999 23:29:29 GMT
[EMAIL PROTECTED] wrote:
2. To send a message to Alice, Bob forms the first part of his
desired message as a plaintext block of 64 bits:
M1 = 0123...63
I'd suggest the first block should carry 64-M bits of plaintext
(like the others) and M bits of random padding, in order to
resist known plaintext attack. If we can't add random bits, for
fear they will be deemed "key", we could defend against partially
known plaintext by taking the M-bit pad from a hash of the entire
message.
The Less-DES protocol may answer concerns regarding possibly
diverging interpretations of export-free or WA terms -- since there
is no additional key in Less-DES, of any kind, not even ignored, when
security is enhanced from the 56-bit level.
Alas, the way the regulations are implemented in the US, it's the
government's interpretation that carries the day. The rules do not
say that 56-bit or even 40-bit encryption systems are freely
exportable, and neither does the latest statment of intentions to
"relax" export restrictions.
Instead, there's a "one-time review". The various agencies are under
no obligation to permit export based on adhearence to the letter of
the WA or even the agencies' own guidlines. If one wants to argue
that a system falls within legal limits, he'll be making that argument
to government cryptographers.
In 1995, Kent Briggs sought to export of a system using 40-bit
Blowfish. He was told he'd have to cut it to 32 bits. Given the
relative key agility of Blowfish versus ciphers that did receive
fast-track export approval, we can conclude that the reviewers
looked at how long the system would actually take to break, and
not merely at technical conformity to key length limits.
Since that time, export authority for civilian encryption
software has ostensibly moved to the Department of Commerce. In
practice this means that people who know nothing about crypto have
a chance to deny (but not approve) export before the request even
crosses the desk of anyone who knows what he'd doing.
--Bryan
= Posted via Deja News, The Discussion Network
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
--
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: RNG Product Feature Poll
Date: Sat, 13 Feb 1999 00:33:38 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 12 Feb 1999 15:02:45 -0700, "Tony T. Warnock"
[EMAIL PROTECTED] wrote:
The probability of a 1-bit is 1/2. The probability of a 0-bit is 1/2. These are
taken over the entire sequence. The excess of 1-bits over 0-bits in the first N
bits is approximately N/log(N). This means that the frequency is 1/2 + 1/Log(N)
for 1-bits.
I thought the Champernowne number was only defined for an infinite
number of bits.
The absolute excess grows but the relative excess (which is the
probability in the limit) goes to zero.
1) What is meant by "absolute excess"?
2) What is meant by "relative excess"?
3) What does any of this have to do with the infinite Champernowne
number?
Bob Knauer
"The one thing every man fears is the unknown. When presented with this
scenario, individual rights will be willingly relinquished for the guarantee
of their well being granted to them by their world government."
--Henry Kissinger
--
From: [EMAIL PROTECTED] (Bauerda)
Subject: Re: Transforming RC4 into a one-way hash function
Date: 13 Feb 1999 00:35:51 GMT
You want to overcome RC4's weakness that the last few bytes of a long
key have less effect than the first few bytes, right? What do you think
of the following?
1) At the time your hashing software is being developed, generate 1013
"random" bytes, R, and hard-code them into your software.
Why bother with that many? I would say that only 8 to 256 bytes would be more
resonable.
2) At run-time,
a) take the message, M, and make a copy in the reverse-order, call it
rM
b) XOR M and rM together, making xM.
I don't like this. M is not used any where else, so if it has any symetric
Cryptography-Digest Digest #77
Cryptography-Digest Digest #77, Volume #9Sat, 13 Feb 99 12:13:01 EST
Contents:
SFS Iomega (Michael Hortmann)
Re: What is left to invent? (Gurripato (x=nospam))
Re: RNG Product Feature Poll (Dave Knapp)
Re: New high-security 56-bit DES: Less-DES (TONY BARTOLETTI)
Randomness based consciousness?. (Was: Re: *** Where Does The Randomness Come From
?!? *** ) (Seisei Yamaguchi)
Re: Tell-Tale DES Byte-Length Encoding ([EMAIL PROTECTED])
Re: Java random ("Else")
Re: New high-security 56-bit DES: Less-DES ("Steve Sampson")
Re: RNG Product Feature Poll (Herman Rubin)
Re: SCOTT COMPRESSION ([EMAIL PROTECTED])
Re: Metaphysics Of Randomness (R. Knauer)
Re: hardRandNumbGen (R. Knauer)
Re: RNG Product Feature Poll (R. Knauer)
Re: hardRandNumbGen (R. Knauer)
From: [EMAIL PROTECTED] (Michael Hortmann)
Crossposted-To: alt.security.pgp
Subject: SFS Iomega
Date: Sun, 07 Feb 1999 09:47:19 +0100
I've been using Peter Gutmann's SFS (Secure File System)
for several years under DOS/Windows3.x/Windows95 to encrypt
a partition of my hard disks or diskettes. I'd really like
to use it for my Iomega ZIP and JAZ media, too.
Does anyone know of a way to do this?
Or is there another good cryptographic file system for
Windows95 which can be used instead?
Michael Hortmann
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Certified PGP Key http://www.trustcenter.de
--
From: [EMAIL PROTECTED] (Gurripato (x=nospam))
Subject: Re: What is left to invent?
Date: Fri, 12 Feb 1999 08:22:35 GMT
On Thu, 11 Feb 1999 01:09:43 -0600, [EMAIL PROTECTED] (wtshaw) wrote:
In article [EMAIL PROTECTED], [EMAIL PROTECTED] wrote:
"It is not a matter of what is true that counts, but a matter of
what is perceived to be true."
--Henry Kissinger
I knew Kissinger had a PhD, but didnĀ“t know it was on quantum
physics!
--
From: Dave Knapp [EMAIL PROTECTED]
Subject: Re: RNG Product Feature Poll
Date: Sat, 13 Feb 1999 09:36:33 GMT
R. Knauer wrote:
On Fri, 12 Feb 1999 06:23:47 -0500, "Trevor Jackson, III"
[EMAIL PROTECTED] wrote:
A white, uniform generator might work, but that phrase will
trigger a lot of questions of the form "please define white"
and "please definer uniform".
I believe the term "uniform distribution" is well defined in
statistics. However, as Li and Vitanyi point out in their book on
Kolmogorov Complexity, it is not sufficient to characterize
randomness.
That's why you _specify_ a *random* uniform generator, instead of just a
uniform generator.
Random implies no correlation, and uniform implies no bias.
Why are you guys making this so complicated?
I understand that it is difficult, a priori, to establish whether a
particular source is random or not. But that complexity does NOT affect
the _definition_ of "random," which is quite solid. There are many ways
to express it; but fundamentally, it means lack of correlation.
-- Dave
--
From: TONY BARTOLETTI [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: New high-security 56-bit DES: Less-DES
Date: Sat, 13 Feb 1999 09:40:08 GMT
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
2. To send a message to Alice, Bob forms the first part of his
desired message as a plaintext block of 64 bits:
M1 = 0123...63
I'd suggest the first block should carry 64-M bits of plaintext
(like the others) and M bits of random padding, in order to
resist known plaintext attack. If we can't add random bits, for
fear they will be deemed "key", we could defend against partially
known plaintext by taking the M-bit pad from a hash of the entire
message.
The Less-DES protocol may answer concerns regarding possibly
diverging interpretations of export-free or WA terms -- since there
is no additional key in Less-DES, of any kind, not even ignored, when
security is enhanced from the 56-bit level.
Alas, the way the regulations are implemented in the US, it's the
government's interpretation that carries the day. The rules do not
say that 56-bit or even 40-bit encryption systems are freely
exportable, and neither does the latest statment of intentions to
"relax" export restrictions.
Instead, there's a "one-time review". The various agencies are under
no obligation to permit export based on adhearence to the letter of
the WA or even the agencies' own guidlines. If one wants to argue
that a system falls within legal limits, he'll be making that argument
to government cryptographers.
Yes, I tend to agree. They define what the rules mean, case-by-case.
But this argues for Ed's first (bit more cumbersome) proposal, M-DES.
Everyone just uses plain-old-already-approved DES. But there is an
"established" table of 2^14 64-bit "random" strings published.
I DES encrypt a message, but XOR all of the output blocks with one
string randomly selected
Cryptography-Digest Digest #78
Cryptography-Digest Digest #78, Volume #9Sat, 13 Feb 99 21:13:04 EST
Contents:
Re: RNG Product Feature Poll (R. Knauer)
Re: SCOTT COMPRESSION ("karl malbrain")
norton's for your eyes only (michael c henry)
Re: hardRandNumbGen ("karl malbrain")
Re: RNG Product Feature Poll (R. Knauer)
Microsft crypto headdump.cpp ("John")
Re: RNG Product Feature Poll (Dave Knapp)
Re: Intel's description of the Pentium III serial number (Peter Gutmann)
Re: Tell-Tale DES Byte-Length Encoding (wtshaw)
How does the Enigma Machine work? ("David")
Re: norton's for your eyes only (JPeschel)
Re: SSL Doc (Divon Lan)
Help! Cryptosystem needed. (Divon Lan)
Re: Help! Cryptosystem needed. (Ross Younger)
Re: How does the Enigma Machine work? ("Steve Sampson")
Re: How does the Enigma Machine work?
Re: Help! Cryptosystem needed. ("Steve Sampson")
Re: Tell-Tale DES Byte-Length Encoding ([EMAIL PROTECTED])
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: RNG Product Feature Poll
Date: Sat, 13 Feb 1999 16:12:58 GMT
Reply-To: [EMAIL PROTECTED]
On Sat, 13 Feb 1999 09:36:33 GMT, Dave Knapp [EMAIL PROTECTED] wrote:
That's why you _specify_ a *random* uniform generator, instead of just a
uniform generator.
Random implies no correlation, and uniform implies no bias.
The definition above is still circular. Using your concepts you would
want to specify an "uncorrelated uniform generator" to characterize a
TRNG. I believe that "uncorrelated" and "uniform" are sufficient to
specify a TRNG for use with the proveably secure OTP cryptosystem.
BTW, how would you propose testing for correlation?
Why are you guys making this so complicated?
That's because it is a complicated subject. The closest one comes to
crypto-grade randomness is Quantum Mechanics, a very complicated
subject indeed.
I understand that it is difficult, a priori, to establish whether a
particular source is random or not. But that complexity does NOT affect
the _definition_ of "random," which is quite solid.
There is only one defintion of the term "random" in cryptography with
regard to the proveably secure OTP system (which is what we are
discussing):
"A crypto-grade random number is one produced by a TRNG which is
capable of generating all possible finite numbers equiprobably."
Such numbers do not exhibit any correlation. Even the sequence that
starts off like 101010... can unpredictably shift to some other bit
sequence for absolutely no reason.
There are many ways
to express it; but fundamentally, it means lack of correlation.
Berry's Paradox: "A random number cannot be described by fewer bits
than its length."
Yet I just described a random number in 66 * 5 = 330 bits (using a
5-bit alphabet code), which I suppose that makes every number longer
than 330 bits non-random.
The point is that you cannot describe a random number or you end up
with a paradox. The best you can do is characterize the generation
process and that depends on the application.
In our case, the specification of a TRNG is the correct description
for the proveably secure OTP cryptosystem.
Bob Knauer
"The one thing every man fears is the unknown. When presented with this
scenario, individual rights will be willingly relinquished for the guarantee
of their well being granted to them by their world government."
--Henry Kissinger
--
Reply-To: "karl malbrain" [EMAIL PROTECTED]
From: "karl malbrain" [EMAIL PROTECTED]
Subject: Re: SCOTT COMPRESSION
Date: Sat, 13 Feb 1999 09:12:24 -0800
[EMAIL PROTECTED] wrote in message
news:7a3uko$9jv$[EMAIL PROTECTED]...
It is well known my English sucks. But I don't think I meant buffering.
(...)
But in the compression
program I am writing I will chop the file up so that one could either
(buffer) the
whole file or use the method on a(n) unbuffered conti(n)u()ous stream of
data. The first and
third pass will be all the way forward passes but the second pass will be
the
chopped (buffered) reverse pass (...)
In any event, again, from a LINEAR perspective, analysis depends only on
having access to all of the data EVENTUALLY. Any particular method of
CONFUSION can be REVERSED. Karl M
--
From: michael c henry [EMAIL PROTECTED]
Subject: norton's for your eyes only
Date: Sat, 13 Feb 1999 12:01:47 -0500
all,
recently i read a critical analysis of norton's
crypto product "for your eyes only".
now i can't locate it.
can anyone out there point me towards it?
thanks,
mike
--
--
Reply-To: "karl malbrain" [EMAIL PROTECTED]
From: "karl malbrain" [EMAIL PROTECTED]
Subject: Re: hardRandNumbGen
Date: Sat, 13 Feb 1999 09:28:03 -0800
R. Knauer [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
On 11 Feb 1999 15:42:48 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
(...)
Think of it this way. Assume you have a biased, but independent, bit
source that
