Cryptography-Digest Digest #547
Cryptography-Digest Digest #547, Volume #12 Sun, 27 Aug 00 06:13:00 EDT
Contents:
Re: PGP Bug: A note from Ralf Senderek (Jonathan Thornburg)
Re: What is required of "salt"? (those who know me have no need of my name)
Re: PGP Bug: A note from Ralf Senderek ("Michel Bouissou")
Re: PGP Bug: A note from Ralf Senderek ("David Sternlight")
RSA Cryptography Today FAQ (1/1) ([EMAIL PROTECTED])
Re: SHA-1 program, wrongo ! (those who know me have no need of my name)
PGP ADK Bug: What we expect from N.A.I. ("Michel Bouissou")
Re: Steganography question ("Harris Georgiou")
Re: PRNG Test Theory (Mok-Kong Shen)
Re: stegonographic overuse (David Blackman)
Re: PGP ADK Bug: What we expect from N.A.I. (John Berger)
Re: 320-bit Block Cipher (Mack)
Re: You _DONT_ want a quantum computer. (John Bailey)
From: [EMAIL PROTECTED] (Jonathan Thornburg)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP Bug: A note from Ralf Senderek
Date: 27 Aug 2000 09:21:35 +0200
In article 8o9hbi$s5t$[EMAIL PROTECTED],
Harald Milz [EMAIL PROTECTED] pointed out the irony of a poster
quoting Ralf Senderek's advice to
"Use PGP-classic in a reliably secure environment."
in a message with a pgp 6.5.8 signature block.
Another similar irony: During much of the US government's prosecution
of Phil Zimmermann, CERT (funded by the US government) included in each
CERT advisory text such as the following:
Using encryption
We strongly urge you to encrypt sensitive information sent by email.
Our public PGP key is available from
http://www.cert.org/CERT_PGP.key
--
-- Jonathan Thornburg [EMAIL PROTECTED]
http://www.thp.univie.ac.at/~jthorn/home.html
Universitaet Wien (Vienna, Austria) / Institut fuer Theoretische Physik
Seen on usenet (dueling .signature quotes):
#1: "If we're not supposed to eat animals, why are they made of meat?"
#2: "If we're not supposed to eat people, why are they made of meat?"
--
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: What is required of "salt"?
Date: Sun, 27 Aug 2000 07:38:57 GMT
[EMAIL PROTECTED] divulged:
The advantage of using username+servername [as the salt] is
that those values need to be entered (known) anyway.
and is exactly why they shouldn't be used.
--
okay, have a sig then
--
From: "Michel Bouissou" [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP Bug: A note from Ralf Senderek
Date: Sun, 27 Aug 2000 09:43:35 +0200
=BEGIN PGP SIGNED MESSAGE=
Hash: SHA1
"Harald Milz" [EMAIL PROTECTED] a écrit dans le message news:
8o9hbi$s5t$[EMAIL PROTECTED]
-BEGIN PGP PUBLIC KEY BLOCK-
Version: PGPfreeware 6.5.8 for non-commercial use
http://www.pgp.com Comment: Corrigez le bug PGP ADK. Installez
PGP 6.5.8 ou plus recent.
Is it just me, or is that ironic?
Let me clarify a point:
Ralf Senderek used PGP 2.6.3ia to sign his post, as his signature
shows:
-BEGIN PGP SIGNATURE-
Version: 2.6.3ia
Charset: noconv
I added myself his public key to the end of the post, as I clearly
state it in the post, to help readers check Ralf's signature.
I (and not Ralf) was using PGP 6.5.8 that I was evaluating, and that
is why Ralf's public key, which I extracted from my own public
keyring, shows a 6.5.8 version stamp. This comes from me, not from
Ralf.
Sorry if this has leaded some of you to wrong conclusions.
[EMAIL PROTECTED]
=BEGIN PGP SIGNATURE=
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
Comment: Corrigez le bug PGP ADK. Installez PGP 6.5.8 ou plus recent.
iQA/AwUBOai4l47YarFcK+6PEQKT4wCgns5+q8tnn9JZ9RrEhdj+8PWAGIYAoODh
5hslgwfGIQQ0LY+P9+dTKAhV
=cbPk
=END PGP SIGNATURE=
--
From: "David Sternlight" [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP Bug: A note from Ralf Senderek
Date: Sun, 27 Aug 2000 07:46:26 GMT
"Harald Milz" [EMAIL PROTECTED] wrote in message
news:8o9hbi$s5t$[EMAIL PROTECTED]...
In comp.security.pgp.discuss Michel Bouissou [EMAIL PROTECTED] wrote:
"Use PGP-classic in a reliably secure environment." That would be my
advice if I had 49 characters left on the telegram.
Ralf Senderek
...
-BEGIN PGP PUBLIC KEY BLOCK-
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
Comment: Corrigez le bug PGP ADK. Installez PGP 6.5.8 ou plus recent.
Is it just me, or is that ironic?
What's ironic is the signature below:
--
"50 million potential S/Mime users can't be wrong But they can all be
stupid!"
- Sam Simpson in comp.security.pgp.discuss
--
Crossposted-To:
talk.politics.crypto,alt.security.ripem,sci.answers,talk.answers,alt.answers,news.answers
Subject: RSA
Cryptography-Digest Digest #548
Cryptography-Digest Digest #548, Volume #12 Sun, 27 Aug 00 11:13:01 EDT Contents: Re: PRNG Test Theory (Tim Tyler) Re: Destruction of CDs (Guy Macon) Re: On pseudo-random permutation (Mok-Kong Shen) Re: Steganography question (Mok-Kong Shen) Re: R: Test on pseudorandom number generator. (Mok-Kong Shen) 4x4 s-boxes (Mack) Re: New Site, Purple/Enigma/Sigaba/Russia Emulators (Mok-Kong Shen) Re: DeCSS ruling -- More (Nomen Nescio) Re: The DeCSS ruling and the big shots (Nomen Nescio) Re: Bytes, chars, and I/O (Paul Schlyter) Re: RSA Security Conference for 2001 ([EMAIL PROTECTED]) Re: 4x4 s-boxes ([EMAIL PROTECTED]) Re: stegonographic overuse (Sander Vesik) From: Tim Tyler [EMAIL PROTECTED] Subject: Re: PRNG Test Theory Reply-To: [EMAIL PROTECTED] Date: Sun, 27 Aug 2000 10:09:38 GMT Paul Pires [EMAIL PROTECTED] wrote: : Tim Tyler [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... : [EMAIL PROTECTED] wrote: : : that should suggest that any PRNG test can be turned into a PRNG itself. : : As you mention you might expect - since PRNG tests aren't designed for : this job - unless you included a whole battery of such tests, the results : would pass that particular test used well, and fail other ones miserably. : : I expect using a whole battery of tests would probably result in an : extremely slow and cumbersome PRNG. : Yes but there is an interesting question here. Can rejecting Non-random : (determined by any means) ever result in random? My Knee jerk reaction is no : but I never thought of it that way before. The probability of the generator initially outputting very long strings of zeros may well be likely to be zero - rather than a very small figure as it would be for a genuinely random source. -- __ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED] |im |yler The Mandala Centre http://mandala.co.uk/ Namaste. -- From: [EMAIL PROTECTED] (Guy Macon) Subject: Re: Destruction of CDs Date: 27 Aug 2000 10:28:10 GMT Thomas W. Barr wrote: How about CD-Rs, is there any equipment of software to roast the disc, by flipping ALL the data are along the ttrack to its burnt state, not its blank state? This would add yet another layer of security to the data and you could then use some of the methods shown earlier in this thread. I, for one, would use a CD-RW for my one-time-pads and then go through an erase cycle, write 650mb of junk data (make sure you overwrite the FAT), and erase that. This would remove ALL remnants of data that could be left behind in the walls of the tracks. Unless your tracking is perfect (it isn't), I can recover most of the original data (laborously, one bit at a time) with an Atomic Force Microscope. My particular setup (which is for investigating the physics of DVD-RW, not for crypto) would fail to recover anything if you were to repeat your write random/erase cycle 8 or 10 times on the same drive that wrote the original data. It bwould be cheaper and more secure to use a CR-R and burn it (I mean in a fire pit, not a drive!) afterwards. -- From: Mok-Kong Shen [EMAIL PROTECTED] Crossposted-To: comp.programming Subject: Re: On pseudo-random permutation Date: Sun, 27 Aug 2000 13:05:45 +0200 Benjamin Goldberg wrote: Tim Tyler wrote: [EMAIL PROTECTED] wrote: : If the collision resolution is chosen such that the first : element of the pair is always considered less than the : second, then indeed there is a bias. The effect is [usually small]. : One can on the other hand use a random choice rule to resolve : collision, in which case no bias can occur. Yes. It was not correct for me to have written: "No resolution in the sort routine can possibly produce an unbiased sequence." As you say, use of a rule based on bits from the random stream would be likely to provide a possible way of removing the bias. Here's a foolish question: What if you simply sorted your original array using (random()%2 ? 1 : -1) as your comparison function? While I'm certain that there has to be something wrong with this (because it sounds so simple and noone seems to have suggested it), I don't know what it is... especially if your sort routine tries to do the minimum number of comparisons. I am not sure of having understood you properly. Do you mean to use random() to resolve collision conflict or do you just let random() to decide pairwise which element of an array is smaller than the other? (BTW, which is the 'original array' in the context of my article?) Could you please give an concrete example for doing a random permutation of an array of, say, 4 or 5 elements so that one can clearly see your idea? Thanks. M. K. Shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Steganography question Date: Sun, 27 Aug 2000 13:05:38 +0200
Cryptography-Digest Digest #549
Cryptography-Digest Digest #549, Volume #12 Sun, 27 Aug 00 16:13:01 EDT
Contents:
Thanks for your comments! ("Slava K.")
Re: PGP 6.5.8 test: That's NOT enough !!! (SCOTT19U.ZIP_GUY)
My (New) New algorithm ("Slava K.")
Re: R: Test on pseudorandom number generator. (Terry Ritter)
Re: 4x4 s-boxes (Mack)
Re: PGP ADK Bug: What we expect from N.A.I. (Mok-Kong Shen)
Re: Destruction of CDs (Mack)
Re: DeCSS ruling -- More (Mack)
Re: The DeCSS ruling and the big shots (Mack)
Re: My (New) New algorithm ([EMAIL PROTECTED])
Re: 4x4 s-boxes ([EMAIL PROTECTED])
Re: 4x4 s-boxes (Mok-Kong Shen)
CD Steganography ("Paul Pires")
Re: My (New) New algorithm (Mok-Kong Shen)
Re: PRNG Test Theory (Tim Tyler)
Re: On pseudo-random permutation (Tim Tyler)
Encryption tool (No User)
CAST-Cipher / CAST-Algorithm ("Patrick Harenberg")
Re: R: Test on pseudorandom number generator. ("Douglas A. Gwyn")
Re: On pseudo-random permutation (Terry Ritter)
Re: My (New) New algorithm ([EMAIL PROTECTED])
Re: CAST-Cipher / CAST-Algorithm ([EMAIL PROTECTED])
Re: RSA Security Conference for 2001 (Quisquater)
From: "Slava K." [EMAIL PROTECTED]
Subject: Thanks for your comments!
Date: Sun, 27 Aug 2000 18:38:03 +0200
Thanks to everyone who sent me their comments!
After taking a little more time to review the algorithm, I found the
pattern.
No further replies are necessary.
Thanks!
--
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP 6.5.8 test: That's NOT enough !!!
Date: 27 Aug 2000 16:43:07 GMT
[EMAIL PROTECTED] (David Sternlight) wrote in
HY1q5.1460$[EMAIL PROTECTED]:
The dancing, fast footwork, and apologetics of PGP die-hards here is
truly sad. PGP has, after all the hubris of the past, acquired a fatal
error. If you can't detect a forged key, it's all over.
The only reliable solution is a "new" PGP which is deliberately
incompatible with all previous versions but classical PGP. This is the
ONLY way to restore trust on the part of the general (non-specialist)
user.
Could you in this NEW PGP please don't have checks built into the
code that immeditaly tell if the KEY is bad. Nothing like should be part
of the encrypted text. Also make sure it use a fully bijective compressor.
I have no heart burn if they add a CRC outside of the encrypted blocks
but even there one should have the option to turn it off.
Does NA have the guts to do this? Will they absorb the cost of a
complete product (recall and) replacement. Will "pay" PGP users be
willing to replace much of their PGP infrastructure? If not, I say game
over.
And if something like this had happened to Netscape/Microsoft S/MIME
X.509, honest PGP die-hards here will concede they would be among the
first to say what I am saying (about PGP) about S/MIME. When the
ordinary user loses control over his cryptosystem and cannot detect
forged keys, no amount of apologetics will sweep that under the rug.
David
P.S. For the ad hominem types here who think this is some anti-PGP
crusade on my part, I too have now had to suspend use of a good part of
my crypto infrastructure (PGP 6.x) and any number of PGP certificates
from Thawte.
David
"Michel Bouissou" [EMAIL PROTECTED] wrote in message
news:8o87bf$p7m$[EMAIL PROTECTED]...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've just tested the "ADK-bug-fixed" PGP 6.5.8 against Ralf's B1
forged key that holds a faked ADK.
Where previous versions would show this key as having an ADK, and use
the forged ADK, the "fixed" PGP 6.5.8 shows the forged key as being a
normal, valid key, without any ADK.
PGP 6.5.8 will not use the forged ADK for encryption, and will just
behave as for a normal key.
Well, okay, it "fixes" the bug.
BUT IT DOESN'T WARN YOU IN ANY WAY THAT THE KEY YOU'RE USING HAS BEEN
FORGED. You just see a valid key and the forged ADK is ignored.
So:
- - You don't know the recipient's key has been victim of an attack;
- - You don't know that this key remains a potential danger for users
that still have previous versions of PGP.
Actually with PGP 6.5.8, you have LESS CHANCES to ever detect that a
key was forged, than you had with previous vulnerable versions.
That's no good folks.
Waiting for 6.5.9 that will display a BIG WARNING that an ADK sits
where it shouldn't on a given key.
- --
[EMAIL PROTECTED]
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
Comment: Corrigez le bug PG ADK. Installez PGP 6.5.8 ou plus recent.
iQA/AwUBOaeSnY7YarFcK+6PEQJUCACdFPt9KmCr+ImmCdpYt8i6XUlcmYUAnRRj
+OXfvsBkFugPmzNIlCaVO2N5
=iGL6
-END PGP SIGNATURE-
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
Cryptography-Digest Digest #550
Cryptography-Digest Digest #550, Volume #12 Sun, 27 Aug 00 20:13:01 EDT
Contents:
Re: Encryption tool ([EMAIL PROTECTED])
Re: RSA Security Conference for 2001 (Samuel Paik)
Re: New Site, Purple/Enigma/Sigaba/Russia Emulators (Charles Petersen)
Re: PGP 6.5.8 test: That's NOT enough !!! (Olaf =?ISO-8859-1?Q?Schl=FCter?=)
avalanche characteristic (Future Beacon)
Re: avalanche characteristic (Ichinin)
Re: avalanche characteristic ([EMAIL PROTECTED])
Re: On pseudo-random permutation (Bryan Olson)
Re: Bytes, chars, and I/O (Mark McIntyre)
Re: On pseudo-random permutation (Bryan Olson)
Re: Destruction of CDs (Guy Macon)
Re: PGP ADK Bug: What we expect from N.A.I. (Ed Reppert)
Re: PGP ADK Bug: What we expect from N.A.I. ("gleu")
Re: avalanche characteristic (Terry Ritter)
Re: My (New) New algorithm ("Scott Fluhrer")
From: [EMAIL PROTECTED]
Subject: Re: Encryption tool
Date: Sun, 27 Aug 2000 19:58:35 GMT
In article [EMAIL PROTECTED],
No User [EMAIL PROTECTED] wrote:
Put your own encrption algorithm in here:
http://homepages.go.com/~psychlcentral/cipher.html
(source is completely viewable)
Here is my magical puzzle
iz nq u0 0ad tw lx 9rm6 ih 0qp 1ev0aj4a y9s bf0 pmyh ko3t
I used the output of rand() mod 26 + 'a' as the vigenere key.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: Samuel Paik [EMAIL PROTECTED]
Subject: Re: RSA Security Conference for 2001
Date: Sun, 27 Aug 2000 13:30:11 -0700
[EMAIL PROTECTED] wrote:
The 15 pages I can handle (the TC5 paper was 20 pages I think) but I
don't know much of LaTex at all.
Can somebody please help me get some Latex tools for win98 and how to
use them?
A commonly recommended TeX for Win32 is MiKTeX
http://www.miktex.org/
There are others. You may want to check the TeX Users Group site.
They seem (unverified) to use teTeX for their TeX Live CD
http://www.tug.org/
--
Samuel S. Paik | http://www.webnexus.com/users/paik/
3D and multimedia, architecture and implementation
--
From: Charles Petersen [EMAIL PROTECTED]
Subject: Re: New Site, Purple/Enigma/Sigaba/Russia Emulators
Date: Sun, 27 Aug 2000 13:33:44 -0700
From what I've been told, they're all relatively weak, so superencipherment
probably wouldn't help all that much. Though I really don't know, anyone
else have comments?
Mok-Kong Shen wrote:
Charles Petersen wrote:
I thought you all might like to check out my new site.
http://dev.thinkquest.org/C004911/
It has a simulation and explanations of the cryptography used by the
major powers of World War II. This includes java applets that emulate
the Purple, Enigma, Sigaba, Russian Espionage Cipher, and a public
domain Bombe. In addition, there is a public forum reminiscent of
Just curious: If a message is superenciphered with a couple
of these machines, how vulnerable is it in the time of modern
technology?
M. K. Shen
--
From: Olaf =?ISO-8859-1?Q?Schl=FCter?= [EMAIL PROTECTED]
Date: Sun, 27 Aug 2000 20:16:39 GMT
Subject: Re: PGP 6.5.8 test: That's NOT enough !!!
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Reading the Senderek report got me stunned. I was very amazed about the
existance of a data part in a public key information record unprotected
by a signature. Is there anything that should go into the non-hashed par=
t
of a public-key block ? From what I see so far the part not protected by=
a signature should remain empty and a warning should be issued if
anything is in there. Why is there even such a thing as the non-hashed
part ?
Here is a list of security issues raised by unsigned parts of a security=
relevant information:
- X.509v1: algorithm parameters outside the signature of certificate. Th=
e
recommendation is now to ignore them and leave them empty upon creation.=
- SSL v2: downgrading attack. List of acceptable algorithms transmitted
without signing or MACing it. Resolved in SSL v3.
- PGP: see senderek report
Probably not complete. S/MIME pending, as there is also an unsigned
information part in PKCS#7.
But should have been enough to learn the lesson.
Urspr=FCngliche Nachricht
Am 26.08.00, 16:30:03, schrieb "Michel Bouissou" zum
Thema Re: PGP 6.5.8 test: That's NOT enough !!!:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
"Keith" a =E9crit dans le message news:
[EMAIL PROTECTED]
There is no way for PGP to detect a forged key. That is what a
signature and trust values are for. As long as PGP removes and/or
doesn't recognize the forged ADK on a tampered key, which will lead
to the encryption of a file or message to the forged ADK, then that
is the proper action.
You're wrong.
An ADK should NEVER sit outside of the hashed part of the
self-signature.
An ADK sitting in the non-hashed part clearly indicates that this ADK
has been
Cryptography-Digest Digest #551
Cryptography-Digest Digest #551, Volume #12 Sun, 27 Aug 00 23:13:01 EDT
Contents:
Re: PRNG Test Theory (Bryan Olson)
Re: PGP Bug: A note from Ralf Senderek (Bill Unruh)
Re: How strong is this algorithm? (Jeff Davies)
Re: avalanche characteristic ("Paul Pires")
Re: PGP ADK Bug: What we expect from N.A.I. ("Ed Suominen")
Re: Steganography question (zapzing)
Patent, Patent is a nightmare, all software patent shuld not be allowed (qun ying)
Re: Steganography question (zapzing)
Pencil and paper cipher (Benjamin Goldberg)
Re: PGP ADK Bug: What we expect from N.A.I. (Ed Reppert)
From: Bryan Olson [EMAIL PROTECTED]
Subject: Re: PRNG Test Theory
Date: Sun, 27 Aug 2000 23:55:36 GMT
Tom St.Dennis wrote:
Since any PRNG test can tell when a stream of bits
is empiracly random, that should suggest that any
PRNG test can be turned into a PRNG itself.
[Big snip]
There is no real problem. All you do is this
1. Start off with a state of 'n' bits.
2. Append a '1' to the state, Perform all 'x' tests on the bits.
Record the results and remove the bit.
3. Append a '0' to the state, perform all 'x' tests on the bits.
Record the result and remove the bit.
Now if '1' behaves *closer* to what is random as determined by the
tests, then output a 1 and append it to the state, etc.
There is no reason why this PRNG would fail to output bits that are
seemingly random as required by your battery of tests. The entropy of
the output is determined solely by the entropy of the state.
Perhaps this PRNG could be degenerative, slow, cumbersome, but it's a
neat idea.
True, but I'd say this thread has taken something of a
wrong-turn in interpretation. The result we should infer is
that algorithmic measures of randomness can always be
fooled. Given a battery of deterministic tests, if random
bit streams usually pass, then there is also a finite
deterministic generator that produces bits that always pass.
There is no universal test of randomness. There is no
algorithm that can distinguish bits produced by an algorithm
from truly random bits.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP Bug: A note from Ralf Senderek
Date: 28 Aug 2000 00:11:48 GMT
In 8oafhv$ro7$[EMAIL PROTECTED] [EMAIL PROTECTED] (Jonathan
Thornburg) writes:
]Another similar irony: During much of the US government's prosecution
]of Phil Zimmermann, CERT (funded by the US government) included in each
]CERT advisory text such as the following:
There is no irony here. The government never prosecuted Zimmermann.
What there was was a public prosecutor's investigation whether charges
should be laid for the export of PGP. The decision was not to prosecute.
This had nothing to do with the use of PGP within the USA nor the sale or giving away
of PGP within the USA (and Canada). Only RSADSI had problems with that,
not the government.
] Using encryption
]
]We strongly urge you to encrypt sensitive information sent by email.
]Our public PGP key is available from
]
]http://www.cert.org/CERT_PGP.key
--
From: Jeff Davies [EMAIL PROTECTED]
Subject: Re: How strong is this algorithm?
Date: Mon, 28 Aug 2000 01:34:19 +0100
Scott Fluhrer wrote:
Jeff Davies [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
Scott Fluhrer wrote:
Jeff Davies [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
I have an idea for a non-profit electronic cash system (a bank)
for which I have devised I think a new algorithm.
Why? What's wrong with 3DES, Serpent or AES? Seriously: the banking
industry currently uses (I believe) 3DES, Serpent was designed by
someone in
the banking industry (Ross Anderson), and AES (which might turn out to
be
Serpent) is considered "good enough" for the US government uses. Why
should
I trust my money to a bank that uses home-brew crypto?
The idea is that all IP is free (in Gnu public licence way) including the
crypto.Is 3DES, Serpent or AES?
Yes. DES (and hence 3DES) and Serpent are public domain (which, for my
money, is even better than Gnu public licence). AES will be as well, once
NIST decides what it will be.
There are very good reasons for going the route of GPL.
I will find out how to evaluate strength mathematically, and work it out myself
since I don't
trust always folks (PGP fiasco).
If each key is used to transmit a single message, it looks safe, if
rather
crude. If it is used to transmit multiple messages (and that includes
multiple messages from the same "transaction"), then it looks easy
enough to
break (or at least, give the attacker enough idea about the messages to
know
which
