Cryptography-Digest Digest #16
Cryptography-Digest Digest #16, Volume #14 Mon, 26 Mar 01 17:13:00 EST
Contents:
Re: Please read. (Paul Rubin)
Re: Data dependent arcfour via sbox feedback (Ichinin)
Re: Potential of machine translation techniques? (Marc)
Re: New stream cipher (Gregory G Rose)
Re: RC4 test vectors after gigabyte output?. ("Joseph Ashwood")
Re: Idea - (LONG) ("Joseph Ashwood")
Re: New stream cipher (Mok-Kong Shen)
Re: New stream cipher (Frank Gerlach)
Re: Kill-filter expression for script weenie (I Sent Your Saddle Home)
Re: Please read. (I Sent Your Saddle Home)
Here's a fun Rijndael Challenge ("Michael Vaughn")
Re: New stream cipher (Paul Rubin)
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Please read.
Date: 26 Mar 2001 12:10:28 -0800
[EMAIL PROTECTED] (John Savard) writes:
> >Someone is pooping in our pool.
> >There is little that can be done.
>
> Of course there is. The anonymous remailers they are using can be
> notified of the problem. They can then turn around and block the
> offender, and then notify the offender's ISP.
This shows a misunderstanding of how remailers work. A remailer can't
tell who the offender is or who the offender's ISP is. Remailers
generally get their input, in encrypted form, from other remailers,
with origin information already removed. See
http://www.obscura.com/~loki/remailer/remailer-essay.html
for a description.
In the case of this particular flood, it may be possible to implement
some filtering at the m2n (mail to news) gateway. A more virulent
attack (remember Hipcrime) is much harder to stop.
This particular attack has been going on in apas
(alt.privacy.anon-server) for months and sometimes gets crossposted to
one or two other newsgroups. Soc.men gets it sometimes and now
sci.crypt has it. Apas is taking the brunt and chances are, it will
stay on apas, but go away from sci.crypt after a while.
> There is nothing wrong with anonymous remailers, as long as they
> behave in a responsible fashion, and do not permit themselves to be
> used for any kind of abusive behavior.
Replace "anonymous remailers" with "encryption programs" in that
sentence and you'll begin to understand the problem.
--
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Data dependent arcfour via sbox feedback
Date: Sun, 18 Mar 2001 03:45:32 +0100
Henrick Hellström wrote:
> That patent cannot be effective in Sweden, at least not to
it's full extent.
It CAN be, because patent legislation is not the same as it were N
number of years ago, i.e. Merkle and Hellman have suceeded to patent a
knapsack crypto in Sweden. I do not know of IDEA and have not read the
claim. For now, Swedish legislation "just say no" to Software patents.
Alarming is from what i've heard, the.SE patent office is going to
become as corrupt as the Us system in a few months. (i.e. prove prior
art) so now they'll hire any trained monkey that can spell "approved",
just another step in downgrading society to fit in with the E.u.
Ichinin
--
From: [EMAIL PROTECTED] (Marc)
Subject: Re: Potential of machine translation techniques?
Date: 26 Mar 2001 21:22:26 GMT
>Very good translation is indeed difficult to obtain.
Has anyone of you ever tried to feed a text back and forth several
times through the translator? For example English->German->English->
German->English. Already at this point the text is not recognizable
anymore with eg Altavista/Babelfish.
I think it is a good indication on how much information is lost during
the translation. When after 4 passes almost nothing is left, obviously
1/4 must be missing already after the first pass.
--
From: [EMAIL PROTECTED] (Gregory G Rose)
Subject: Re: New stream cipher
Date: 26 Mar 2001 13:27:10 -0800
>MarinaP wrote:
>>
>> Hi, all!
>> I would like to analyze a new stream cipher.
>> Where can I find it?
>> Where can I find RC4-like ciphers?
>> What stream ciphers are used in practice? -RC4, A5, PKZIP ( It is clear.)
>> Thank you.
A5 is extremely insightful, and worth beating your
head on for a while. That is is crippled by a
short key and small state isn't its fault.
There are 6 relatively new stream ciphers in the
NESSIE project http://www.nessiecrypt.org/ . Try
them.
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road,http://people.qualcomm.com/ggr/
Gladesville NSW 2111232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
--
From: "Joseph Ashwood&qu
Cryptography-Digest Digest #16
Cryptography-Digest Digest #16, Volume #13 Fri, 27 Oct 00 13:13:00 EDT Contents: Re: Is OPT the only encryption system that can be proved secure? (SCOTT19U.ZIP_GUY) Re: On block encryption processing with intermediate permutations (James Felling) Re: frequency analysis (JPeschel) Re: End to end encryption in GSM ([EMAIL PROTECTED]) Re: Q: Computations in a Galois Field (Tom St Denis) Re: BEST BIJECTIVE RIJNDAEL YET? (Tom St Denis) Re: Rijndael and PGP (Tom St Denis) Re: Collision domain in crypt()? (Tony L. Svanstrom) Software with embedded keys (BillW) Re: End to end encryption in GSM (Steve Cerruti) Re: Software with embedded keys (Tom St Denis) Re: End to end encryption in GSM ([EMAIL PROTECTED]) From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) Subject: Re: Is OPT the only encryption system that can be proved secure? Date: 27 Oct 2000 15:14:59 GMT [EMAIL PROTECTED] wrote in <8tc2bi$k4e$[EMAIL PROTECTED]>: >In article <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote: >> [EMAIL PROTECTED] wrote in <8tbhk0$7b8$[EMAIL PROTECTED]>: >> >> >Tim >> >Thanks for your esoteric reply, but I dont think that Scott had this >in >> >mind when he referd to PK and PGP. >> > >> > >Please read your last message. No quote what you want > >You claim that there is some inherent weakness in Public Key crypto in >reference to PGP Many of the weakness are well known and I have commented many times on them, Look them up as you want be to do with the Hasy Pudding cipher. > > >>Not sure what you are talking about. But Tim writes my >> on thoughts as what gets communicated far than what I usually >> write as they get mangled in others peoples minds. So assume >> he was better at explain what he thought I meant than what you >> thought I meant. >> >> >Perhaps he will answer directly...I also have been meaning to ask him >> >about his cipher, whether its a conventional product/feistel network >> >cipher . >> >>It is my own design I prefer to call it a cipher that is >> based on a single cycle look up table 19 by 19. The key is >> such that any single cycle table is possible. The users password >> can be any size for any key. Since the key used for message is >> actully encrypted by the password and stored in a encrypted key >> file. THe sturcture is like comparing IDEA to a BLock except the >> WHOLE file is treated as a single block. What words you wish to >> call it is up to you. However if you go to Horsts description of >> it at me webpage you can see it explained or look at the source >> code. > >Sounds the same as the AES hasty pudding cipherhave you checked that >one out? Obviously you haven't looked at both. They are not the same. >> >> Aparrently its not conventional our maybe Mr wagner would not have >> shot his mouth off is quickly to say the slide attack would destroy >> it. He was proved wrong and one time admitted he could not follow >> the code even though it was source code. >> >> David A. Scott >> -- >> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE >> http://www.jim.com/jamesd/Kong/scott19u.zip >> Scott famous encryption website **now all allowed** >> http://members.xoom.com/ecil/index.htm >> Scott LATEST UPDATED source for scott*u.zip >> http://radiusnet.net/crypto/ then look for >> sub directory scott after pressing CRYPTO >> Scott famous Compression Page >> http://members.xoom.com/ecil/compress.htm >> **NOTE EMAIL address is for SPAMERS*** >> I leave you with this final thought from President Bill Clinton: >> > > >Sent via Deja.com http://www.deja.com/ >Before you buy. > David A. Scott -- SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE http://www.jim.com/jamesd/Kong/scott19u.zip Scott famous encryption website **now all allowed** http://members.xoom.com/ecil/index.htm Scott LATEST UPDATED source for scott*u.zip http://radiusnet.net/crypto/ then look for sub directory scott after pressing CRYPTO Scott famous Compression Page http://members.xoom.com/ecil/compress.htm **NOTE EMAIL address is for SPAMERS*** I leave you with this final thought from President Bill Clinton: -- From: James Felling <[EMAIL PROTECTED]> Subject: Re: On block encryption processing with intermediate permutations Date: Fri, 27 Oct 2000 10:34:59 -0500 Bryan Olson wrote: > James Felling wrote: > > > Now the only way I can see of this scheme working in an even remotely > > plausible way is by seperating the mixing from t
Cryptography-Digest Digest #16
Cryptography-Digest Digest #16, Volume #12 Tue, 13 Jun 00 07:13:01 EDT
Contents:
Re: Q: Using two DES modules (Mok-Kong Shen)
Re: Multiple encryptions (jkauffman)
Re: Finding prime numbers (Safuat Hamdy)
Re: Onefish (Twofishes sibbling) (Runu Knips)
Re: Arithmetic Coding (Runu Knips)
Re: OT: Starmath font (Runu Knips)
Re: encoding of passwords (Runu Knips)
Re: And the search is on! ("Dark Nebular")
Re: Multiple encryptions (Guy Macon)
Re: encoding of passwords (Mark Wooding)
Re: My lastest paper on Block Ciphers (Runu Knips)
Re: More papers online (David A Molnar)
Re: Is Gretchen down? (David A Molnar)
Re: encoding of passwords (Mark Wooding)
Re: Q: Using two DES modules (Mark Wooding)
Re: And the search is on! ("matt")
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Using two DES modules
Date: Tue, 13 Jun 2000 10:18:50 +0200
Mok-Kong Shen schrieb:
> Given two two DES modules and two keys, which of the following
> schemes is to be preferred, (a) in ECB and (b) in CFB?
>
> 1. Superencipherment (2DES).
>
> 2. Use one DES in full OFB for preprocessing the plaintext
> with xor before input to the other DES.
>
> 3. Use one DES in full OFB to generate keys for the other
>DES.
>
> Note that (3) needs only one key. Does the comparison gets
> changed, if the two keys of (1) or (2) are identical?
We can modify (3) to use two keys to enable a better
comparison: Use the second key for whitening just like
what is done in DESX.
M. K. Shen
--
From: jkauffman <[EMAIL PROTECTED]>
Subject: Re: Multiple encryptions
Date: Tue, 13 Jun 2000 00:57:45 -0700
I feel I must reiterate a fundamental point being missed
here. If we are encrypting data with some cipher, E, then
the details of E will be known to the attacker. Some people
have made the point that E o D might be weaker then E alone
if D is in some way similar to or the same as E. But this
implies that, for example, I could mount an attack on 3DES
simply by encrypting some 3DES ciphertext with 3DES (using a
different key). This clearly must not be the case.
* Sent from AltaVista http://www.altavista.com Where you can also find related Web
Pages, Images, Audios, Videos, News, and Shopping. Smart is Beautiful
--
From: Safuat Hamdy <[EMAIL PROTECTED]>
Subject: Re: Finding prime numbers
Date: 13 Jun 2000 10:05:53 +0200
tomstd <[EMAIL PROTECTED]> writes:
whatever you wrote in your posting, it is wrong. If you believe, that
your statements are true, cite or prove.
--
S. Hamdy| All primes are odd except 2,
[EMAIL PROTECTED]| which is the oddest of all.
|
unsolicited commercial e-mail | D.E. Knuth
is strictly not welcome |
--
Date: Tue, 13 Jun 2000 10:18:09 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Onefish (Twofishes sibbling)
tomstd wrote:
> The source is at:
>
> http://tomstdenis.com/tc4.c
>
> Have a peek, it's rather neat. I doubt it's secure so I
> wouldn't bother analyzing it (I just made it in 30 mins).
Its not portable. The values of kb[] in the key initialization
depend upon the endianness of the current architecture.
I think because you don't use the pseudo hadamard
transformation of twofish you'll run into big problems.
However, GF things still make me running away except if they
are female ;-)
--
Date: Tue, 13 Jun 2000 10:34:10 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Arithmetic Coding
Tim Tyler wrote:
> Also, the file may not be an ASCII file in the first place -
> you may not know much about what it contains at all.
If you have no such criteria, no cryptanalysis is possible
anyway; you HAVE to have some test if a result is valid or
you can't do anything with it anyway.
--
Date: Tue, 13 Jun 2000 10:52:57 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: OT: Starmath font
tomstd wrote:
> In article <[EMAIL PROTECTED]>, Runu Knips
> <[EMAIL PROTECTED]> wrote:
> >tomstd wrote:
> >> You can get the starmath True Type Font off my website at
> >> http://tomstdenis.com/files/starmath.ttf
> >Thank you, but my Windows says its corrupted :-(
>
> Hmm just pick up the ps copy of the paper then
>
> http://tomstdenis.com/ffunctions.ps.gz
Thank you Tom, I can read you paper now without problems
with Linux.
(Paper itself looks very good)
--
Date: Tue, 13 Jun 2000 11:00:57 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: encoding of passwords
[EMAIL PROTECTED] wrote:
> You should
Cryptography-Digest Digest #16
Cryptography-Digest Digest #16, Volume #11 Sun, 30 Jan 00 16:13:02 EST
Contents:
Re: A Stronger VIC Cipher (was Re: Pencil & paper cipher question) (David Wagner)
Re: Clock drift (was Intel 810 chipset Random Number Generator) ("Trevor Jackson,
III")
Re: Clock drift (was Intel 810 chipset Random Number Generator) ("Trevor Jackson,
III")
Re: Intel 810 chipset Random Number Generator ("Trevor Jackson, III")
Re: Keyword Cipher Cracker program (RREYNARD)
Re: Keyword Cipher Cracker program (RREYNARD)
Re: Intel 810 chipset Random Number Generator ("Trevor Jackson, III")
Re: Q: DFT (Mok-Kong Shen)
Re: A question about odd grilles (Mok-Kong Shen)
Re: How to password protect files on distribution CD (Dave Howe)
Re: Help needed on peculiar use of cryptography ("Trevor Jackson, III")
Re: *** ECC Strong and Weak combined ("Harvey Rook")
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: A Stronger VIC Cipher (was Re: Pencil & paper cipher question)
Date: 30 Jan 2000 10:47:01 -0800
In article <8712k4$8f6$[EMAIL PROTECTED]>,
r.e.s. <[EMAIL PROTECTED]> wrote:
> After mulling this over a bit more, I wonder if, instead of literally
> making the seed longer (with all the adjustments that entails), it may
> be better to simply use additional passphrase letters to define two
> independent 10-digit substitution tables to add confusion to the
> transposition keys extracted from the LSFR output. (Details below.)
> This will add about 44 bits of entropy to the 10-digit seed's 33 bits, [...]
If I guess the LFSR's initial fill (2^33 trials), I can recover the inputs
to the transposition tables. (Right?) Is there a way to recover information
about the tables given their inputs, the ciphertext, and a statistical model
for the plaintext and the passphrase?
Here's one approach one might try. Look for repeated table inputs. They
cause the table outputs to repeat in the same positions. Then, I can check
whether that patten of repeats in the keystream looks plausible given the
ciphertext. Does this provide enough information that I can expect to rule
out wrong guesses at the initial fill? If so, that's an O(2^33) break.
--
Date: Sun, 30 Jan 2000 14:53:55 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: sci.physics
Subject: Re: Clock drift (was Intel 810 chipset Random Number Generator)
Michael Kagalenko wrote:
> Michael Sierchio ([EMAIL PROTECTED]) wrote
> ]Sandy Harris wrote:
> ]
> ]> Ritter and Schryver appear to have understood you completely and to have
> ]> demolished your first two points rather thoroughly. If anyone is failing to
> ]> understand, it seems to be you.
> ]
> ]Precisely.
> ]
> ]Anyone with half as much brainpower as confidence knows that these two fellows
> ]have earned their chops and have studied the matter. I would treat an
> ]admonishment from either of them as an act of grandmotherly kindness, and
> ]leave it at that.
>
> Thier alleged experience fails to instill in me any awe, considering
> blatant and obvious errors they make in every reply to my posts.
In many cases there is some question as to which side of an issue contains the
error. In this particular case, however, there is no remaining question. I
suggest you inspect the issue very carefully. In a mirror.
--
Date: Sun, 30 Jan 2000 14:59:22 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: sci.physics
Subject: Re: Clock drift (was Intel 810 chipset Random Number Generator)
Vernon Schryver wrote:
> Note that I've been interested in synchronizing computer clocks for a
> while. For example, in 1972 or 1973, I distributed ticks from some
> ovenized clocks in a small network. The clocks were very poory sync'ed
> to the primary atomic standard for the U.S., which was a few hundred feet
> way in the same building.
Are you able to provide any numeric results of this effort? Specifically, can
you quantify the "very poorly sync'ed" statement in terms of
mean/deviations/extrema?
Numbers have a refreshing concreteness about them.
--
Date: Sun, 30 Jan 2000 15:14:25 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Guy Macon wrote:
> In article <86tbj6$4pc$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> (Michael Kagalenko) wrote:
>
> > Well, once again, the claims that you make are incorrect. The thermal
> > drift that I am speaking of exists.
>
> Prove it. You are saying that thermal drift is brownian. I say that
> I hav
Cryptography-Digest Digest #16
Cryptography-Digest Digest #16, Volume #10Sun, 8 Aug 99 20:13:03 EDT
Contents:
Re: AES finalists to be announced ([EMAIL PROTECTED])
Re: Download virtually unbreakable encryption programme (Wincrypt IDEA)
([EMAIL PROTECTED])
Re: challenge/competition revisited ([EMAIL PROTECTED])
Re: Questions regarding elliptic curve cryptography. (Carper)
Re: key lengths ([EMAIL PROTECTED])
Re: challenges / competitions??? ([EMAIL PROTECTED])
Re: Is breaking RSA NP-Complete ? (Nicol So)
Re: Questions regarding elliptic curve cryptography. (DJohn37050)
Re: Storing keys ([EMAIL PROTECTED])
Re: Prime number. (Jerry Coffin)
Re: [Q] Why is pub key cert. secure & free from spoofing? ("Lyal Collins")
Re: What is "the best" file cryptography program out there? (KidMo84)
Re: challenges / competitions??? (SCOTT19U.ZIP_GUY)
Re: Ways to steal cookies in HTTP and HTTPS (Barry Margolin)
Re: Why does MS-Visual C++ ABSOLUTELY REQUIRE . . . ("Douglas A. Gwyn")
Re: What is "the best" file cryptography program out there? (fungus)
Re: What is "the best" file cryptography program out there? (fungus)
Re: Questions regarding elliptic curve cryptography. ("Roger Schlafly")
Re: Do Window Apps using CryptAPI exist? (grt)
From: [EMAIL PROTECTED]
Subject: Re: AES finalists to be announced
Date: Sun, 08 Aug 1999 14:32:48 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] () wrote:
>
> I would tend to think that Serpent's logic-simulated S-boxes would
make it
> cumbersome to implement, even if they were faster than a table lookup
in
> some circumstances.
>
> John Savard
>
I agree about 'cumbersome'; I implemented it this way: First, take
the given S-box values and XOR them with their (4-bit) index. Then it
is possible to do the S-box substitution 4 bits at a time like this:
mov dx,ax
and ax,0F
xlat ; BX pointing to proper S-box
xor ax,dx
rol ax,4
loop
. . .
This apparently eliminates the need for IP and FP, of which it is said
that they contribute nothing cryptographically, but are just for ease
in the bitwise substitution.
--
Robert G. Durnal
Web pages at www.afn.org/~afn21533
and members.tripod.com/~afn21533
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: [EMAIL PROTECTED]
Subject: Re: Download virtually unbreakable encryption programme (Wincrypt IDEA)
Date: Sun, 08 Aug 1999 15:43:31 GMT
In article <7ok0nc$ldr$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> SPAMMER!
>
FRAUD!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: [EMAIL PROTECTED]
Subject: Re: challenge/competition revisited
Date: Sun, 08 Aug 1999 15:59:35 GMT
In article <7ok07i$l45$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
>
> I have about 10 papers on cryptanalysis on my hd (I didn't write the
> papers but...) Anyways if you want them I could zip them up and email
> them in private to you.
>
> They include analysis of
>
> DES, RC5, Blowfish, ICE, LOKI89, LOKI91, REDOC, Lucifer
>
> and probably a couple others.
>
> Tom
OH GOOD! You will email papers! HA. You cant crack fortom.cpt, but you
can use email!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: [EMAIL PROTECTED] (Carper)
Subject: Re: Questions regarding elliptic curve cryptography.
Date: Sun, 08 Aug 1999 16:43:15 GMT
>* A EC point is normally represented as a point (x,y) where x and y are
>elements in the underlying field (say 160 bits each). Certicom has a
>technology called point compression where the y-coordinate is reduced to a
>single bit. This saves about half the bits in transmitting the value of a
>point.
What "technology"? It's a simple quadratic equation problem. You have one x
coordinate - there are only 2 other possible y coordinates. All you need
is 1 bit to show which one it is.
--
From: [EMAIL PROTECTED]
Subject: Re: key lengths
Date: Sun, 08 Aug 1999 16:10:23 GMT
In article <7ok0ki$ldl$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Jerry Coffin) wrote:
> > > > It's also worth noting that many of the better attacks typically
> > > > reduce the difficulty of an attack by a more or less fixed
factor
> > > > compared to a brute-force attack on the same cipher.
> > > >
> > > Then the cipher has been broken.
> >
>
Cryptography-Digest Digest #16
Cryptography-Digest Digest #16, Volume #9 Mon, 1 Feb 99 15:13:03 EST
Contents:
Re: Random numbers generator and Pentium III (R. Knauer)
Re: RNG Product Feature Poll (Mok-Kong Shen)
Re: Some more technical info on Pentium III serial number (Tommy the Terrorist)
Re: yet another U.S export restriction ques... (Kent Briggs)
Re: Truth, theoremhood, & their distinction (wtshaw)
Re: Truth, theoremhood, & their distinction (wtshaw)
Re: RNG Product Feature Poll (Terry Ritter)
Re: yet another U.S export restriction ques... (Jim Gillogly)
Re: Foiling 56-bit export limitations: example with 70-bit DES ([EMAIL PROTECTED])
AES2 Paper submission deadline (David Crick)
Java random ("Else")
Re: yet another U.S export restriction ques... (Doug Stell)
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random numbers generator and Pentium III
Date: Mon, 01 Feb 1999 14:55:40 GMT
Reply-To: [EMAIL PROTECTED]
On Mon, 01 Feb 1999 15:32:46 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>I am not familiar with the book.
I recommend you become familiar with it, at least the introduction and
the first chapter. If you want to know something about randomness in
general, that is a good place to start.
>But I suspect that you misunderstood something.
That is entirely possible with a topic as complex as randomness. The
concept of randomness in general is as mysterious as Quantum Mechanics
itself.
>The assertion above 'If p<1/2, then there are only
>finite number of 1s in an infinite sequence' is obviously false.
>Counter-example: 001001001001.. Here p=1/3<1/2. But obviously
>there are infinite 1's.
It is problem 1.10.3 on page 64 (2nd Ed.). The exact statement of the
problem is as follows:
+
1.10.3. [25] In an infinite sequence generated by a (p,1-p) Bernoulli
process, let An denote the event that a run of n consecutive 1s occurs
between the 2^n-th and 2^n+1-th trials. Prove that for p>=1/2, then
with probability one there occur infinitely many An; if p<1/2, then
with probability one there occur only finitely many An.
Comments: Hint: use elementary combinatorics.
+
Bob Knauer
"Sometimes it is said that man cannot be trusted with the government
of himself. Can he, then, be trusted with the government of others?"
--Thomas Jefferson
--
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: RNG Product Feature Poll
Date: Mon, 01 Feb 1999 15:36:13 +0100
R. Knauer wrote:
>
> On Mon, 01 Feb 1999 08:05:08 -0600, [EMAIL PROTECTED] (Dan S. Camper) wrote:
>
> >For what it's
> >worth, both methods produced very similar results in Diehard.
>
> Insecure PRNGs can pass Diehard, but that does not make them suitable
> for the proveably secure OTP cryptosystem.
>
> You must certify the security of your generator based on its design
> and its internal performance, not its output.
>
> I am not saying that your device would fail a design analysis, just
> that relying on statistical testing of the output is a poor way to
> characterize a TRNG.
But you have so far never given a scientific method to 'characterize'
or to 'certify'.
M. K. Shen
--
From: Tommy the Terrorist <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,comp.sys.intel
Subject: Re: Some more technical info on Pentium III serial number
Date: 1 Feb 1999 13:26:40 GMT
In article <[EMAIL PROTECTED]> John Savard,
[EMAIL PROTECTED] writes:
>Because the software is protected against tampering _by the user_. So
>it will only take your real Pentium III ID number, hash it with the
>Intel-signed web site identifier of the web site you're visiting, and
>give them a personal identifier that can't be tracked but can't be
>forged.
This is what it sounded like to me: that you would have NO ACCESS
to the actual identifier, that it would work like a secret key locked
inside the chip, that you could only use to "sign" things.
However, to assume that this means it can't be tracked sounds like
a major mistake. I presume that the web site sends something
and gets back a "signed" message. They themselves won't know
who "signed" it. But any spy with access to the "signature" can
then go back and figure out which public key in their database
"signed" it. The database need only be semi secret, since it's
public keys, and if it "accidentally" got divulged to a few random
law enforcement agencies (especially in China) it wouldn't really
perturb the ones running the scheme.
After all, in American parlance, if only military, police, and secret
police can track your communications, then they are still "private"!
--
