Cryptography-Digest Digest #608
Cryptography-Digest Digest #608, Volume #14 Thu, 14 Jun 01 04:13:01 EDT Contents: Re: Sophie-Germain Primes for sale (Ben Hamilton) Re: Alice and Bob Speak MooJoo (Paul Pires) Re: Yarrow PRNG (Anton Stiglic) Re: Alice and Bob Speak MooJoo (Robert J. Kolker) Re: Timer chip (Anton Stiglic) Re: Looking for Mitsuru Matsui paper (Scheidsrechter) Re: Alice and Bob Speak MooJoo (Paul Pires) Re: Looking for Mitsuru Matsui paper (Tom St Denis) Re: Yarrow PRNG (Eric Lee Green) Re: Yarrow PRNG (Eric Lee Green) Re: Alice and Bob Speak MooJoo ([EMAIL PROTECTED]) Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (wtshaw) Re: Alice and Bob Speak MooJoo (Paul Pires) Re: Alice and Bob Speak MooJoo (John A. Malley) Re: Uniciyt distance and compression for AES ([EMAIL PROTECTED]) Re: When the signer is trusted do birthdays matter? (Jakob Jonsson) From: Ben Hamilton [EMAIL PROTECTED] Subject: Re: Sophie-Germain Primes for sale Date: Thu, 14 Jun 2001 10:15:33 +1000 Nice link, thanks, Ben Hamilton Anton Stiglic [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Just go to google, type Sophie Germain Prime, the first hit you get will be: http://www.utm.edu/research/primes/glossary/SophieGermainPrime.html read the definition of Sophie Germain Prime. -- From: Paul Pires [EMAIL PROTECTED] Subject: Re: Alice and Bob Speak MooJoo Date: Wed, 13 Jun 2001 17:11:41 -0700 Robert J. Kolker [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... David A Molnar wrote: I think the issue here is in the model, then. Normally we say Eve has access only to the communication between Alice and Bob. As you point out, given these assumptions about language, this means Eve gets noise as long as she cannot observe Alice and Bob's referents. How would Eve know whether A/B are discussing the weather, the stockmarket or the war de jour? Is Eve in a position to force a topic of discussion on A/B. If so, some kind of referrent could be teased out, otherwise no. Is there any thing corresponding to the chosen plaintext attack here? I don't think so. The outside world could force a topic which would be known to Eve and provocative enough that Eve could guess that AB were commenting on it. An 8.7 earthquake might elicit a short message between Alice and Bob which Eve could guess was the equivalent of Holy S**T Batman!!! In the case of the Navajo Code Talkers, the Japanese who were evesdropping on their communication had some idea of what the Code Talkers were talking about, but were unable to tease out any specific words and meanings. snip That case was even more complicated. The Navajo language is a not technological language and to suit wartime needs the talkers got together and agreed on easily remembered euphemisms for technical terms so there was actually a three way conversion going on. (4 for the japanese) American war tech jargon euphemism Navajo back. The poor japanese needed to compensate for the know cultural difference between American and Japanese and the unknown culture of Navaho. A culture that brought us the concept of walking in beauty and one which sees cyclic wheels rather than begining to end paths. It must have mucked their (The Japanese interceptors) brains up pretty badly. Paul -- From: Anton Stiglic [EMAIL PROTECTED] Subject: Re: Yarrow PRNG Date: Wed, 13 Jun 2001 20:11:57 -0400 [EMAIL PROTECTED] wrote: Anton, thanks for the inputs ... do you have a version of Yarrow that is not dependent on SSL? It would be nice to have one that is standalone, that one can incorporate into other apps. Maybe someone else does, we don't. You can always go and write your own hash function and block cipher functionality to get what you want. I think the code only includes openssl/des.h and openssl/sha.h (and other block ciphers and hash functions, depending on what you want, but you only need one of each). Also, does the link given below include the latest Yarrow paper? It just includes a link to the site on counterpane that has the Yarrow paper that was used. --Anton -- From: Robert J. Kolker [EMAIL PROTECTED] Subject: Re: Alice and Bob Speak MooJoo Date: Wed, 13 Jun 2001 20:20:02 -0400 Paul Pires wrote: It must have mucked their (The Japanese interceptors) brains up pretty badly. Precisely! Ignorance (of the language) is bliss for the users of that language. The interesting thing about the MooJoo scenario is the Alice and Bob are conversing in the clear. Bob Kolker -- From: Anton Stiglic [EMAIL PROTECTED] Subject: Re: Timer chip Date: Wed, 13 Jun 2001 20:22:59 -0400 This works with my red-hat linux: #ifndef _TIMER_H #define _TIMER_H #define TICKS 45000.0 /* replace this by your CPU speed */ /***
Cryptography-Digest Digest #609
Cryptography-Digest Digest #609, Volume #14 Thu, 14 Jun 01 08:13:00 EDT Contents: Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Mok-Kong Shen) Re: Yarrow PRNG (Tim Tyler) Re: FIPS 140-1 test (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Mok-Kong Shen) Re: Uniciyt distance and compression for AES (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY ([EMAIL PROTECTED]) Re: Alice and Bob Speak MooJoo ([EMAIL PROTECTED]) Academic Position (Nigel Smart) Re: RNG (Janne Tuukkanen) Re: RNG (Tom St Denis) Re: Problem in Twofish (Philip G. Boys) From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY Date: Thu, 14 Jun 2001 10:28:07 +0200 [EMAIL PROTECTED] wrote: [snip] No. In an information-theoretic sense, the plaintext you hand me is useless. I am forced to consider the possibility that you are lying, and there is NO PROOF that you are NOT lying. If the cipher was a OTP, you can give me the plaintext AND the key, and I STILL can't be sure you aren't lying to me--even if you swear on your grandmother's grave. I think that I misunderstood you. I am confused. Could you please give a description of a scenario (a sequence of events) such that an opponent could absolutely prove that I am not lying in ANY sense? (Note that elsewhere, e.g. in certification for PK, we don't have an 'aboslute' guarantee of security and we have to have some trust.) M. K. Shen M. K. Shen -- From: Tim Tyler [EMAIL PROTECTED] Subject: Re: Yarrow PRNG Reply-To: [EMAIL PROTECTED] Date: Thu, 14 Jun 2001 08:26:13 GMT Eric Lee Green [EMAIL PROTECTED] wrote: : On Wed, 13 Jun 2001 14:51:09 GMT, Tim Tyler [EMAIL PROTECTED] wrote: :[If you] need to slap a hash function over the outputs the question :arises as to why you didn't put it at the heart of the algorithm :in the first place. : So you like the design of the Linux /dev/urandom ? I think having a hash function at the heart of a PRNG is going to be better than outputting much unadulterated block cypher output. I've read some criticism of /dev/urandom. Apparently it generally shares an entropy pool with /dev/random - so using the former can cause the latter to block rather unnecessarily. Then there's the use of MD5 - which is no longer regarded as a good one-way hash function, because of the techniques for finding collisions in it. While this is probably of low relevance to a PRNG, I'd rather have something with no known flaws in it. -- __ |im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/ -- From: Tim Tyler [EMAIL PROTECTED] Subject: Re: FIPS 140-1 test Reply-To: [EMAIL PROTECTED] Date: Thu, 14 Jun 2001 08:28:48 GMT Dobs [EMAIL PROTECTED] wrote: : I am looking for source code of FIPS 140-1 statistical test for randomness : which is used for high security application (that's what was written in : Handbook of Applied Cryptography:) It's at: http://quartus.net/files/Misc/ Docs at: http://www.cerberussystems.com/INFOSEC/stds/fip140-1.htm -- __ |im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/ -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY Date: Thu, 14 Jun 2001 10:53:03 +0200 wtshaw wrote: Mok-Kong Shen[EMAIL PROTECTED] wrote: Mark Wooding wrote: Mok-Kong Shen [EMAIL PROTECTED] wrote: But measures should have adquate (intuitionally reasonable) interpretations, I suppose. If a security measure says 0 security, then one would 'very naturally' think that that means no protection at all, isn't it? This is why we have different notions of security. There is a difference between the information-theoretic security provided by the one-time pad (and perfect secret-sharing systems) and the computational security provided (by assumption) by most commonly-used symmetric and asymmetric ciphers. The problem is whether one has a 'common' measure of security that could be applied to all sorts of encryptions. Note that some ciphers are outside of both of these categories. The strength of them ranges from stupidly simple to GOK. There is no and can't be one common measure of security. Without repeating them, I had to create that which some saidcould not be, a way to variously describe comparitive security of different ciphers in several ways. I can't ignore Shannon, even as he did not cover all the relative factors and did not know and therefore could not include new aspects of recent ciphers in his thinking. I suppose that discussions long ago in the group have already established that there is no scientifically rigorous and practically applicable
Cryptography-Digest Digest #610
Cryptography-Digest Digest #610, Volume #14 Thu, 14 Jun 01 13:13:01 EDT Contents: Re: National Security Nightmare? (Derek Bell) Re: Alice and Bob Speak MooJoo (Robert J. Kolker) Re: RSA's new Factoring Challenges: $200,000 prize. (Chris Card) Re: When the signer is trusted do birthdays matter? (Phil Carmody) Re: help non-elephant encryption (Nicholas Sheppard) Re: Knapsack security??? Ahhuh (Jakob Jonsson) Re: Yarrow PRNG (Mark Wooding) Re: Alice and Bob Speak MooJoo ([EMAIL PROTECTED]) Re: The 94 cycle 64-bit block cipher :-) (Mark Wooding) ENCRYPTION TYPE - UNKNOWN! :( (Total Annihilation) Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Mok-Kong Shen) Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY ([EMAIL PROTECTED]) Re: Uniciyt distance and compression for AES ([EMAIL PROTECTED]) Re: Alice and Bob Speak MooJoo (Douglas A. Gwyn) From: Derek Bell [EMAIL PROTECTED] Subject: Re: National Security Nightmare? Date: 14 Jun 2001 13:24:35 +0100 Douglas A. Gwyn [EMAIL PROTECTED] wrote: : Another example of French Academy meddling was allowing : the use of pipeline but requiring a change in its : pronunciation to pee-pleen. This was an embarrassment : to French pipeliners. IIRC, Monsieur Alain Toubon was a minister who supported this kind of nonsense - his opponents nicknamed him Mister Allgood in response. Derek -- Derek Bell [EMAIL PROTECTED]|Usenet is a strange place. WWW: http://www.maths.tcd.ie/~dbell/index.html| - Dennis M Ritchie, PGP: http://www.maths.tcd.ie/~dbell/key.asc | 29 July 1999. | -- From: Robert J. Kolker [EMAIL PROTECTED] Subject: Re: Alice and Bob Speak MooJoo Date: Thu, 14 Jun 2001 08:56:03 -0400 John A. Malley wrote: What Eve gets is not _noise_ in the electrical engineering/communications systems point of view, though. Eve detects correlations between portions of the stream of signal over time. She'll detect similar or identical modulations of signal characteristics (amplitudes of frequencies, phases of frequencies ) in different portions of the stream of signal over time. Time-varying modulation of signal characteristics is indicative of communication between intelligent creatures. Eve can learn a lot about the meaning of the signal from their responses with respect to the context dictated by events common to Alice, Bob and her. She can correlate events, the signal patterns following immediately after the events and any observable actions of Alice or Bob and assign a rough meaning to the patterns. There are no observable actions of Alice and Bob other than the communications. In the absence of a shared referrent, Eve is up the creek. Now let us assume, Eve does something like the chosen plaintext attack. Eve creates events which she * hopes * Alice and Bob will referrence in their communications. Let us assume, arguendo, that Alice and Bob oblige Eve in this regard. The best Eve can come up with is some good guesses pertaining to nouns, the names of thing things and events. Is this is enough to understand the communication? No. What about adjectives and adverbs. How does one convey to a child, the concept of pretty or bad except by ostention (initially anyway)? In the absence of the Pointing Finger no human child can learn his first language. The only possible crib that Eve has with regard to MooJoo is a shared cultural experience. If Alice and Bob had totally foreign cultural outlooks and artificats, Eve would not have a chance to figuare out what A/B are saying to each other. Let me give you a homely example. You are on a bus, train or plane and there is a Japanese coupule sitting nearby having a conversation in Japanese. Assuming you are not a nihonophone, how could you possible decode the conversation by passive listening? Answer. You can't. To learn Japanese you must * interact * some how with Japanese speaks to get the basic referrents (things and their names). What is wrong with the following scenario found in just about any sci fi movie made in the 1950-s. We learned your Earth Languages from your * radio * broadcasts.. Bob Kolker -- From: [EMAIL PROTECTED] (Chris Card) Subject: Re: RSA's new Factoring Challenges: $200,000 prize. Date: 14 Jun 2001 06:11:36 -0700 Peter Trei [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... RSA Security, has revamped its Factoring Challenges. Prizes now start at US$10,000 (factorization of a 576 bit modulus) I've been running a polynomial selection for RSA576, and I've got quite a good one - anyone got a spare Cray big enough to do the matrix reduction step? I don't see any point starting sieving if the matrix is likely to be too big to handle. Chris -- From: Phil
Cryptography-Digest Digest #613
Cryptography-Digest Digest #613, Volume #14 Thu, 14 Jun 01 19:13:01 EDT Contents: Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Mok-Kong Shen) Re: Substitution Humor! (stanislav shalunov) Re: CipherText E-mail encryption (Joseph Ashwood) Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY ([EMAIL PROTECTED]) Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, andLarge Primes ([EMAIL PROTECTED]) Re: survey (Mok-Kong Shen) Re: Break on Schneiers first proposed self-study cipher (Sam Yorko) Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, (Mok-Kong Shen) Re: RNG (Andrew E. Schulman) Re: BigNum Question (AY) Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Mok-Kong Shen) Re: CipherText E-mail encryption (Prichard, Chuck) Re: survey (Joseph Ashwood) Re: Break on Schneiers first proposed self-study cipher (Tom St Denis) Re: CipherText E-mail encryption (Prichard, Chuck) Re: CipherText E-mail encryption (Tom St Denis) Re: survey (Joseph Ashwood) From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY Date: Thu, 14 Jun 2001 23:14:44 +0200 [EMAIL PROTECTED] wrote: Mok-Kong Shen [EMAIL PROTECTED] writes: [EMAIL PROTECTED] wrote: ...there's one thing you can't lie about, period: the question ``Does this private key go with that public key?'' You can't fool me, because I can verify (i.e., ``absolutely prove'') it for myself. Isn't it that the existence of the so-called trust centers is because of the need of proving whether a public key actually belongs to me? But you keep changing the subject. Knowing that I'm dealing with *you* and not with Dr. Evil is separate from the cryptanalysis of your messages. In practical situations I know who I'm dealing with; I've spied on the Mokkian diplomats; I've subverted the parlourmaid of Mok, the King of all Mokkia; I've located your transmitters deep in the heart of Mok-Kongs-burg, the capital city; and I've found copies of your public key in radio rooms on captured Mokkian subs. So denying your identity isn't going to fool me. The only interesting question is, ``Do I now have the private key which unlocks the messages we've intercepted?'' An absolute proof, one way or the other, is not hard. BTW, establishing identity only connects an individual to a body of messages. The body of messages have an ``identity'' of their own; they were all produced with one public key. And the private key can be verified with certainty. So the only missing puzzle piece is the owner of the key. If I can pin any single message on you, then I can pin all of them on you--unless you can convince a jury that your private key was stolen before the messages were written. The same applies to guns used in multiple crimes, fingerprints left by an unknown suspect, or--in the case of Timothy McVeigh--a prepaid phone card. I was not changing the subject, i.e. diverting to something else. You were talking of the possiblity of 'proving' I am not lying (or the opposite). I was attempting to show that a proof in the absolute sense, as far as that topic goes is in practice not possible. Note that I understand a proof to be different from merely having very very high confidence on a matter. Yes, if someone hands over to you the private key (he stole it from me or employed a very huge computer), then you can check that that private key corresponds to the public key. But you can't yet 'link' that to me in the absolute sense. I am referring here to your claim that there is no way I can lie about that ('that' means 'the private key is mine'). My point is that I can deny that the public key is mine, which renders the question of whether the private key is mine effectively a non-issue. M. K. Shen -- From: stanislav shalunov [EMAIL PROTECTED] Subject: Re: Substitution Humor! Date: 14 Jun 2001 17:17:58 -0400 Here's the original: http://www.netfunny.com/rhf/jokes/87/2094.10.html -- Stanislav Shalunov http://www.internet2.edu/~shalunov/ All revolutions are bloody. The October Revolution was bloodless, but it was only the beginning. -- Dmitri Volkogonov -- From: Joseph Ashwood [EMAIL PROTECTED] Subject: Re: CipherText E-mail encryption Date: Thu, 14 Jun 2001 14:21:40 -0700 Prichard, Chuck [EMAIL PROTECTED] wrote in message news:Vj8W6.1145$[EMAIL PROTECTED]... Its a demonstration. So a completely fatal flaw makes a good demonstration? You are clearly not as intelligent as you would have us think in these matters. The feature is planned for implementation in a commercial release. Oh Gee Golly, more useless crypto for sale. You have never properly documented the algorithm. You have never