Cryptography-Digest Digest #152
Cryptography-Digest Digest #152, Volume #14 Sun, 15 Apr 01 16:13:01 EDT
Contents:
Re: NSA-Endorsed Schools have a Mediocre Internet Presence ("Jack Lindso")
Re: Rabin-Miller prime testing (James Davenport)
Re: XOR_TextBox: Doesn't write to swap file if... ("Ryan M. McConahy")
Reusing A One Time Pad ("Mark G Wolf")
Re: Announcing A New Rijndael Encryption Algorithm Implementation ("Ryan M.
McConahy")
Re: Reusing A One Time Pad ("Mark G Wolf")
C Encryption ("Logan Raarup")
Re: Password tool! (Matthew Skala)
Re: LFSR Security (David Wagner)
Re: Remark on multiplication mod 2^n (Mark Wooding)
Re: C Encryption (Mark Wooding)
Re: AES poll (SCOTT19U.ZIP_GUY)
Re: Reusing A One Time Pad ("Tom St Denis")
Re: MS OSs "swap" file: total breach of computer security. (Steve K)
Re: please comment ("Paul Pires")
From: "Jack Lindso" [EMAIL PROTECTED]
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: Sun, 15 Apr 2001 21:14:06 +0200
We aren't there yet (Utopia), and until we are I wouldn't touch the
SELinux. Were I in place of the NSA I would have certainly made
sure that the Linux works "exactly" as I want it to. That's life.
Anticipating the future is all about envisioning the Infinity.
http://www.atstep.com
"Mok-Kong Shen" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
Frank Gerlach wrote:
[snip]
I am attributing this to the dominance of the spooks, who have no
real interest in spreading good security.
The human society is extremely complex and involved.
Look e.g. at the pharma industry. Their 'ideal' would
be selling a particular product 'forever', thus saving
the often very high investment to find better medicaments.
Were it not for the competition, I don't believe that
there would have been substantial incentives to conduct
RD simply for the benefit of the illed on purely moral
grounds, as long as the fiscal balance sheet of the
company is excellent. Thus don't be surprised by the
phenomenon you described and severely curse them. They
are just humans, in fact not unlike most of us in
'principle' (even if you would disagree and protest
against this viewpoint), always attempting to find some
'optimum' for themselves (alone). Other examples abound
in the arena of politics.
BTW, I think that the increased use of new technologies
in wireless communications (I recently saw the term SR,
software radio, in this connection. Could someone give
the exact definition of it?) and the rapid expansion of
the total message volume may one day render effective
surveillance and intelligence gathering technically
infeasible. At that time point, the existence of
the agencies would be economically questionable. It
could then be the case that these would be dissolved,
releasing their scientists to the civilian world, and
the knowledge 'gap' between them and the academics, as
was mentioned in a previous post in this thread, would
then be perfectly closed. Of course, this is yet all
utopic.
M. K. Shen
--
From: [EMAIL PROTECTED] (James Davenport)
Subject: Re: Rabin-Miller prime testing
Date: Sun, 15 Apr 2001 18:09:04 GMT
In the referenced article, "Tom St Denis" [EMAIL PROTECTED] writes:
"Benjamin Johnston" [EMAIL PROTECTED] wrote in message
news:9b9eru$t5m$[EMAIL PROTECTED]...
I eventually managed to track down a paper (Primality Testing Revisited) by
J.H. Davenport, 1992) which gave me the impression that it is standard
practice to use the set of bases {3,5,7,11,13,17,19,23,29,31}.
In general I use the first N primes as my primes in MR. If you use say 10
passes of MR you are going to be very sure you have a prime if it passes all
rounds. In practice I have never made a prime with MR that Maple couldn't
test as prime too so I think the method works well.
If you are generating the primes, this is OK (in practice: there are still
some theoretical objections). However, as the paper Benjamin
quoted points out, if you are verifying that primes some-one else has sent
you really are primes, then any fixed list has problems.
One should also read:
Arnault,F.,
Rabin-Miller Primality Test:
Composite Numbers which Pass it.
Math. Comp. 64(1995) pp. 355-361.
James Davenport
[EMAIL PROTECTED]
^^^remove
--
From: "Ryan M. McConahy" [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,alt.hacker
Subject: Re: XOR_TextBox: Doesn't write to swap file if...
Date: Sun, 15 Apr 2001 14:15:31 -0400
"Anthony Stephen Szopa" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
"Trevor L. Jackson, III" wrote:
Fair Warning (for the uninformed): This software is garbage. The
author7
does no
Cryptography-Digest Digest #152
Cryptography-Digest Digest #152, Volume #13 Mon, 13 Nov 00 22:13:00 EST
Contents:
Re: On an idea of John Savard (Tom St Denis)
Re: On an idea of John Savard (Tom St Denis)
Re: Learning Differential and Linear Cryptanalysis? (Tom St Denis)
Re: Book recommendation, please ("[EMAIL PROTECTED]")
Re: LFSR's (Tom St Denis)
Re: Chimera ciphers (WAS Re: On an idea of John Savard) (John Savard)
Re: Security of Norton YEO (Your Eyes Only) ("A [Temporary] Dog")
Re: voting through pgp (Greggy)
Re: voting through pgp (Greggy)
Re: voting through pgp (Greggy)
Re: voting through pgp (Greggy)
Re: Why remote electronic voting is a bad idea (was voting through pgp) (Greggy)
Re: voting through pgp (Greggy)
DSS/DSA and DH Parameters ([EMAIL PROTECTED])
Re: Algorithm with minimum RAM usage? ("Scott Fluhrer")
PGP still the no1? ("Sascha Klein")
Re: voting through pgp ("Trevor L. Jackson, III")
Re: LFSR's ("Trevor L. Jackson, III")
Re: LFSR's ("Trevor L. Jackson, III")
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: On an idea of John Savard
Date: Mon, 13 Nov 2000 23:56:32 GMT
In article [EMAIL PROTECTED],
Mok-Kong Shen [EMAIL PROTECTED] wrote:
If you interleave two good ciphers I believe that the
result is certainly stronger than any single one.
Why?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: On an idea of John Savard
Date: Mon, 13 Nov 2000 23:58:46 GMT
In article [EMAIL PROTECTED],
David Schwartz [EMAIL PROTECTED] wrote:
Mok-Kong Shen wrote:
If you interleave two good ciphers I believe that the
result is certainly stronger than any single one.
This is certainly false if you, for example, interleave DES with
reverse DES.
Unfortunately the problems with "mixing ciphers" is less trivial then
that. For example in safer+ a three layer PHT is used to mix up the
plaintext, however in serpent a dedicated linear transform is used. If
you arbitrarily remove the linear transform then the serpent round is
much less secure since we cannot easily count active sboxes, etc...
Anyways...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: Learning Differential and Linear Cryptanalysis?
Date: Tue, 14 Nov 2000 00:04:39 GMT
In article 8ups0b$nap$[EMAIL PROTECTED],
Simon Johnson [EMAIL PROTECTED] wrote:
Where can i find refrence material, books etc. with a clear and
consise
explanation of these two attacks?
Books on the subject would be excellent, if not URL's :)
Differential attacks in theory are very easy to understand. For some
reason I can't quite grasp linear attacks. Well perhaps I haven't
given it enough thought.
At either rate look at Eli Bihams page he has papers on both types of
attacks.
In the generic differential attack you are looking for a input and
output difference that occur as a pair with a high probability. Only
certain pairs of inputs will cause the difference required. Thus given
a 'keyed' function such as y = F(x xor key) you can find the key by
determining what the input you sent was and what the required input was
(i.e just xor it out to get the key). Often more then one pair of
inputs will cause the required output difference (assuming the input
pair has the same output difference) and in this case more then one key
will be suggested.
In the generic linear attack you have a linear expression of the input
and output bits (i.e the parity) and of some key bits (i.e the input
bits involved since they are linearly dependent on the input bits).
You take some expression such as y0 xor y1 = x0 xor x3 xor k0 xor k3
xor 1, and if the approximation holds with a probability of more/less
then 1/2, then it can be used to suggest keys. In the trivial case of
something like y0 xor y1 = x0 xor k0, the expression will reveal 'k0'
since you know 'y0 xor y1' and 'x0'.
I hope I have the "generic" cases right. Obviously you should read
Biham's papers (espescially "On Matsui's Linear Cryptanalysis"
and "Differential Cryptanalysis of DES-Like Cryptosystems" which he co-
authored with Adi Shamir). They explain both attacks in some depth.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: "[EMAIL PROTECTED]" [EMAIL PROTECTED]
Subject: Re: Book recommendation, please
Date: Tue, 14 Nov 2000 00:11:43 GMT
Thank you all for your suggestions. I greatly appeciate it.
On Sun, 12 Nov 2000 19:25:51 GMT, "[EMAIL PROTECTED]"
[EMAIL PROTECTED] wrote:
My 16 year old son has become interested in cryptography (after
reading Cryptonomicon). He is very computer literate, takes AP
Computer Science in school
Cryptography-Digest Digest #152
Cryptography-Digest Digest #152, Volume #12 Mon, 3 Jul 00 12:13:00 EDT
Contents:
Re: very large primes (Mark Wooding)
Re: Tying Up Lost Ends III (SCOTT19U.ZIP_GUY)
Re: Newbie question about factoring (Bob Silverman)
Re: Encryption and IBM's 12 teraflop MPC.. ("Tony T. Warnock")
Re: Newbie question about factoring (Nick Maclaren)
Re: very large primes ("Tony T. Warnock")
Re: Encryption and IBM's 12 teraflop MPC.. (Tom McCune)
Re: Hashing Function (not cryptographically secure) ("Scott Fluhrer")
Re: Tying Up Lost Ends (SCOTT19U.ZIP_GUY)
research on cryptography ("Foo Kim Eng")
Re: A simple all-or-nothing transform (Mok-Kong Shen)
Re: research on cryptography (David A Molnar)
Re: Crypto Contest: CHUTZPAH... ("Paul Pires")
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: very large primes
Date: 3 Jul 2000 12:24:41 GMT
Rick Pikul [EMAIL PROTECTED] wrote:
IIRC, the proof by induction used the product of every *prime* up to
and including the "last" prime.
It works either way. As an example:
Let P be the `last' prime. Then P! + 1 = 1 (mod n) for all integers 0
n = P, and hence no such integer n divides P! + 1. Thus, P! + 1 has at
least one prime factor greater than P, contradicting the hypothesis.
-- [mdw]
--
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Tying Up Lost Ends III
Date: 3 Jul 2000 13:21:43 GMT
[EMAIL PROTECTED] (John Savard) wrote in
[EMAIL PROTECTED]:
On 2 Jul 2000 13:18:58 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote, in part:
In the previous posts two I cleaned up the lost Ends in John's work in
the follow up I will show what he did was a waste of time and
unfortunutly it is most likely a result of reading bad BS crypto books
that have led him astray.
Oh, before I ever saw Bruce's book, I went to University for several
years. Although I don't recall taking information theory in class,
that certainly did help me develop the mathematical background to
understand stuff I read about it on my own time.
I guess the only good think but that is you didn't read it on
someone elses time. I admit I would never buy the book but have
looked at various chapters at bookstores or public librares.
So I suppose you could say that I've been "led astray" more
intensively.
To bad a class on information theory would have helped you.
Of course, I was first exposed to the subject through a "crypto book",
but in this case, David Kahn's "The Codebreakers".
The above book is a GOOD ONE at least the earler versions of
it. So I don't think the problen is from reading that one.
So one should not directly fault him
for his poor understanding of compression encryption and what the
defination of random means
This is polite of you, but I'm not sure you've convinced too many
people that my understanding is lacking.
I think those that really have the ability to think of the problem
already have made up there mind. After all is light a particle or a
wave. Or is it best to treat it as either depending on the situation
at hand. However the fact is my compression "adds ZERO information"
to a file. Reagardless of the true unlerlying nature of real files.
distributions as they actaully exist. As even Tim Tyler has repeatedly
tried to tell you. I also doubt you considered this polite. But I am
amased you can wrote so intensively on how one should compress yet
never really Tye Lose Ends or write code. There is no doubt in my
mind that as much as you hate me that these last few letters may
Tie Up enough Losse Ends that you could actaully write code to do
your form of compression except for the so called random bits you
need. That is going to be tough.
But before you say mine is weak at least have the balls to test
the code instead of hand waving, I feel it is a cheap shot to critize
mine and then write about what you think is a better method without
ever Tying Up Loose Ends to the point where you can even write code.
It is easy to test my "adaptive 1-1 compression routines" to see if
it fails the adding of ZERO information to a file. I wrote code and
yes people have discovered mistakes but in every case they find an
error it was fixed. It is hard to fix hand waving crap or even test
it when you don't even have a working product John. How much of your
coding do you want me to do. I won't do the whole thing. You have to
get off your ass and do some of the coding your self. Especailly
the adding and obtaining the "random bits" you need for yours to even
function.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS **no JavaScript allowed**
http://members.xoom.com/ecil/index.htm
Scott rejected paper f
Cryptography-Digest Digest #152
Cryptography-Digest Digest #152, Volume #11 Fri, 18 Feb 00 14:13:01 EST
Contents:
Re: EOF in cipher??? (lordcow77)
Re: Question about OTPs ("Dr.Gunter Abend")
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Lincoln Yeoh)
Re: Method to break triple-DES (Mickey McInnis)
Re: UK publishes 'impossible' decryption law ("shivers")
Re: Processor speeds. (Mok-Kong Shen)
Re: EOF in cipher??? (Mok-Kong Shen)
Re: VB Crypto (Glenn Larsson)
Re: I stole also the diary and calendar of Markku J. Saarelainen (Mok-Kong Shen)
Re: NTRU Speed Claims (100x faster, etc.), explained (Mike Rosing)
Re: Basic Crypto Question 4 (Mok-Kong Shen)
Re: Does the NSA have ALL Possible PGP keys? (Johnny Bravo)
Re: EOF in cipher??? (Johnny Bravo)
Re: Keys Passwords. (Mok-Kong Shen)
Re: Basic Crypto Question 4 (Mike Rosing)
Re: EOF in cipher??? (Johnny Bravo)
Re: EOF in cipher??? (Jerry Coffin)
Re: Q: Division in GF(2^n) (Jerry Coffin)
Re: EOF in cipher??? (Jerry Coffin)
Subject: Re: EOF in cipher???
From: lordcow77 [EMAIL PROTECTED]
Date: Fri, 18 Feb 2000 08:59:11 -0800
In article [EMAIL PROTECTED], Runu Knips
[EMAIL PROTECTED] wrote:
Thats both against the standard. ISO specifies that int must be
at least
16 bit (i.e. it says short must be 16 bit, and sizeof(int) =
sizeof(short),
which means int is also at least 16 bit). A character value,
however, is
the smallest type which has at least 7 bit.
ISO C Standard 5.2.4.2.1 :
"Their implementation-defined values shall be equal or greater
in magnitude (absolute value) to those shown, with the same
sign...number of bits for smallest object that is not a bit-
field CHAR_BIT 8"
"If the value of an object of type char is treated as a signed
integer when used in an expression, the value of CHAR_MIN
shall be the same as that of SCHAR_MIN and the value of
CHAR_MAX shall be the same as that of SCHAR_MAX. Otherwise, the
value of CHAR_MIN shall be 0 and the value of CHAR_MAX shall
be the same as that of UCHAR_MAX) The value UCHAR_MAX+1
shall equal 2 raised to the power of CHAR_BIT"
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
--
From: "Dr.Gunter Abend" [EMAIL PROTECTED]
Subject: Re: Question about OTPs
Date: Fri, 18 Feb 2000 18:15:13 +0100
John Savard wrote:
Is that still true if you compress the plaintexts beforehand?
Especially if you use a compression algorithm that nearly
completely removes the redundancy of the original byte streams.
That is sort of the complementary case to the OTP.
Zero-redundancy plaintext, on the other hand, could be
encrypted unbreakably even by a trivial system of encryption,
since even if it was easy to try all possible keys, every key
would yield a possible plaintext.
Oh, really? If you use a home-made compression program, unknown
to the eavesdropper, it probably will compress ineffectively, so
that the statistical test gives a result, and if you use a
commercially available packer, he may try all possibilities in
order to *see* the plaintext. I fear, this trick will *not* solve
Arthur Dardia's problem. It only makes it harder to detect a
probable plaintext, because all possible packers have to be
tested for all possible decryptions.
The point is that the existence of such a case is not an
argument against worrying about making a mistake that totally
vitiates the security of an OTP.
No, of course. I only asked whether *simple* tools exist for
breaking impaired "OTP" of compressed messages.
Ciao, Gunter
--
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Fri, 18 Feb 2000 17:16:32 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 17 Feb 2000 22:43:42 -0800, Anthony Stephen Szopa
[EMAIL PROTECTED] wrote:
Convince us. Prove your position. Demonstrate that the software
is "garbage."
Hmm didn't we go through this some time back in october 1999
(see OAP-L3: How Do You Spell S-H-A-R-E-W-A-R-E)
I ran your software through the LOAP-L3 (Link's Omniscient Analysis Program
- Level 3).
e.g.:
Sample output:
C:\LOAP-L3.EXE
Beginning analysis (please wait)
.
Done!
Result: "OAP-L3 is weak crypto/snake oil"
Thank you for using LOAP-L3!
C:\
As you can see, LOAP-L3 is a very useful piece of software. However you
aren't allowed to reverse engineer it to find out how it does what it does.
The source code and the algorithm used are top secret. I'm telling you it
works though! And I know what I'm talking about. Really! Honestly! Other
people are wrong, if they disagree they haven't looked at it thoroughly
enough."
Ha
Cryptography-Digest Digest #152
Cryptography-Digest Digest #152, Volume #10 Wed, 1 Sep 99 06:13:03 EDT
Contents:
ignore this -- testing Free Agent (Ranche)
Protecting license information (Ranche)
Re: public key encryption - unlicensed algorithm (David A Molnar)
Re: public key encryption - unlicensed algorithm (Paul Rubin)
Re: Schneier/Publsied Algorithms (Eric Lee Green)
Ratio plain/ciphertext (Ranche)
Re: Can we have randomness in the physical world of "Cause and Effect" ? (sb5309)
Re: WT Shaw temporarily sidelined (don garrisan)
Re: n-ary Huffman Template Algorithm (Alex Vinokur)
Re: public key encryption - unlicensed algorithm (Tony L. Svanstrom)
Re: What if RSA / factoring really breaks? (Nicolas Bray)
Re: Correction to Uhr Box Description (Frode Weierud)
Re: Pincodes (Volker Hetzer)
Re: public key encryption - unlicensed algorithm (Tony L. Svanstrom)
SHA-1 and Blowfish in portable 80x86 Assembler ("Tomas FRYDRYCH")
Re: RC4 question ("David Bourgeois")
Matrix Exponentiation (Gary)
From: [EMAIL PROTECTED] (Ranche)
Subject: ignore this -- testing Free Agent
Date: Wed, 01 Sep 1999 03:15:09 GMT
Reply-To: [EMAIL PROTECTED]
I told you to ignore this :o)
---Ranche
--
From: [EMAIL PROTECTED] (Ranche)
Subject: Protecting license information
Date: Wed, 01 Sep 1999 03:23:55 GMT
Reply-To: [EMAIL PROTECTED]
I'd like to provide different versions of my application using some sort of licenses.
I want to make sure that nobody except me can create valid licenses.
What is the best way to achieve this?
--Ranche
--
From: David A Molnar [EMAIL PROTECTED]
Subject: Re: public key encryption - unlicensed algorithm
Date: 1 Sep 1999 03:16:12 GMT
Paul Rubin [EMAIL PROTECTED] wrote:
hope the situation is similar in the UK, if a cc# does get stolen then
the customer is not liable for any amount above 50 USD. Some
I've been told that this is generally *not* the case in Europe and Asia.
If you lose your credit card, you are potentially liable to the credit
limit. A reference confirming or denying this would be nice.
Then again, this came up during a presentation on SET, so perhaps it's
slanted towards impressing the audience with the need for SET.
-David
--
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: public key encryption - unlicensed algorithm
Date: 1 Sep 1999 03:03:13 GMT
shivers [EMAIL PROTECTED] wrote:
This sounds usefull - however I have no control over what server software
our ISP uses - sounds like fun though ;)
Most current SSL servers support SGC. If your ISP is running IIS,
Netscape, Stronghold, etc., then it's just a matter of installing an
SGC certificate for your domain into the server instead of an ordinary
certificate.
would be good - but our provider is in the US - the only place to get decent
facilities at a nice price ;)
It sounds like you're doing a fairly small-time web retailing
operation or something of that sort. You have to ask yourself how
important fancy cryptography really is. Stolen credit card numbers
are only worth around 7 USD each on the black market, so even with 40
bit SSL it's not worth the computing resources for anyone to steal
them by brute force cryptanalysis of 40-bit SSL keys. Plus, they'd
have to somehow capture the data going into your server.
The customer is generally protected anyway. At least in the US, and I
hope the situation is similar in the UK, if a cc# does get stolen then
the customer is not liable for any amount above 50 USD. Some
merchants like Amazon will fully guarantee the customer (i.e. for the
50 USD) and so far I don't think anyone ever has had to pay a single
penny on this type of guarantee. Finally, consumers for the most part
aren't aware of this issue at all. They see the closed "lock" icon in
their browser and feel safe--and in fact they are safe (because of the
bank guarantees, not the 40 bit cryptography). The people who care
about SGC are mostly institutions like banks, because -they-, not
consumers or merchants, are the ones who get creamed if cc#'s get
stolen.
Customers are much more likely to be scared away by special security
applets and similar weirdness than by the exportable cryptography in
their web browser. If they care about the cryptography they can
always upgrade their browser to 128 bits (www.replay.com,
www.fortify.net, etc.) And newer browsers (Netscape 4.6, etc.) use 56
bits instead of 40, as permitted by recent relaxation of the export
regs. 56 bit keys are not strong enough to protect really valuable
secrets, but they're far too strong to be worth breaking to get single
credit card numbers (remember that every SSL session uses a new 56 bit
key).
Summary: I think you're worrying about a problem that just doesn't
affect you in any practical way. Unless there's something out of the
ordinar
Cryptography-Digest Digest #152
Cryptography-Digest Digest #152, Volume #9 Sat, 27 Feb 99 12:13:03 EST
Contents:
Re: Quantum Computation and Cryptography (R. Knauer)
Re: Quantum Cryptography (R. Knauer)
Question on Pentium III unique ID ("Robert C. Paulsen, Jr.")
Re: True Randomness (R. Knauer)
Re: True Randomness (R. Knauer)
Re: Any idea what this might be??? (Marc Hoeppner)
Re: True Randomness (R. Knauer)
Re: Testing Algorithms [moving off-topic] (R. Knauer)
Re: Legal procedures for using third party crypto? (fungus)
Re: Testing Algorithms (R. Knauer)
Re: Question on Pentium III unique ID (Myself)
Quantum Randomness (R. Knauer)
Skipjack anyone? (Federico Ulivi)
16Bit RC4 (iLLusIOn)
Re: Testing Algorithms (fungus)
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Quantum Computation and Cryptography
Date: Sat, 27 Feb 1999 12:29:48 GMT
Reply-To: [EMAIL PROTECTED]
On 26 Feb 1999 13:24:37 GMT, [EMAIL PROTECTED] (Coen Visser)
wrote:
Quantum computers can factorize faster than conventional computers. However
in general[*] they reduce the time complexity of a problem with just a square
factor. So if today a 128 bit key would be sufficiently secure, a 256 bit key
could be secure even when quantum computers are available.
Shor's quantum factoring algorithm is exponentially faster. I believe
you are referring to Glover's database algorithm.
Bob Knauer
"If you want to build a robust universe, one that will never go wrong, then
you dosn't want to build it like a clock, for the smallest bit of grit will
cause it to go awry. However, if things at the base are utterly random, nothing
can make them more disordered. Complete randomness at the heart of things is the
most stable situation imaginable - a divinely clever way to build a universe."
-- Heinz Pagels
--
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Quantum Cryptography
Date: Sat, 27 Feb 1999 12:39:26 GMT
Reply-To: [EMAIL PROTECTED]
On Sat, 27 Feb 1999 02:51:23 GMT, "Douglas A. Gwyn" [EMAIL PROTECTED]
wrote:
"Moreover, the United States govternment is quietly funding research
in code-breaking, using quantum computers".
So? It would be criminally negligent to ignore potentially relevant
technology.
Hey, I am all for it. Better our govt than someone else.
The govt is the only entity that can afford to develop such
contraptions - what with an inexhaustable supply of other people's
money.
Actually, quantum computing is a fairly hot research topic in the
public sector. The basic notion is to obtain massive parallelism
by encoding quantum states.
That's David Deutsch's original notion, and has been replaced by true
quantum computing, which not only takes advantage of massively
parallel superpositions (Deutsch's original notion) but also quantum
interference. It is quantum interference that makes the quantum
computer remarkable.
I think there was a Sci.Am. article on
this not too long ago, or I'm sure a Web search would turn up info.
As I have mentioned several times on sci.crypt, I recommend the book
entitled "Explorations In Quantum Computing" by Colin Williams and
Scott Clearwater. There are others, as you will discover if you visit
amazon.com.
But this book has a CD which has programs to run simulations. You can
actually see it factor (small) numbers on a probabilistic basis
running Shor's algorithm in simulation.
Bob Knauer
"If you want to build a robust universe, one that will never go wrong, then
you dosn't want to build it like a clock, for the smallest bit of grit will
cause it to go awry. However, if things at the base are utterly random, nothing
can make them more disordered. Complete randomness at the heart of things is the
most stable situation imaginable - a divinely clever way to build a universe."
-- Heinz Pagels
--
From: "Robert C. Paulsen, Jr." [EMAIL PROTECTED]
Subject: Question on Pentium III unique ID
Date: Sat, 27 Feb 1999 06:43:21 -0600
Perhaps I am missing something.
Many (most?) sustems today already have a unique ID that is software
accessible -- the MAC address of the network card.
In what way does the Pentium III add any additional privacy concern?
--
Robert Paulsen http://paulsen.home.texas.net
If my return address contains "ZAP." please remove it. Sorry for the
inconvenience but the unsolicited email is getting out of control.
--
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness
Date: Sat, 27 Feb 1999 13:03:18 GMT
Reply-To: [EMAIL PROTECTED]
On Sat, 27 Feb 1999 03:26:53 GMT, "Douglas A. Gwyn" [EMAIL PROTECTED]
wrote:
Maximum likelihood is a standard goal (there are others) for
estimation of model parameters: determine the parameters that
maximize the likelihood of the observed training data.
I believe that
