Cryptography-Digest Digest #499
Cryptography-Digest Digest #499, Volume #14 Sat, 2 Jun 01 23:13:01 EDT Contents: Re: And the FBI, too (Re: National Security Nightmare?) (David Schwartz) practical birthday paradox issues (Tom St Denis) Re: Echelon electronic eavesdropping network (Mok-Kong Shen) Re: Luby-Rackoff Theorems? (Tom St Denis) Re: Luby-Rackoff Theorems? (Nicol So) Re: Luby-Rackoff Theorems? (Nicol So) Re: Luby-Rackoff Theorems? (Nicol So) Re: Luby-Rackoff Theorems? (Tom St Denis) bent functions (Tom St Denis) Re: practical birthday paradox issues (John Savard) Re: BBS implementation (Niels Ferguson) Re: bent functions (Douglas A. Gwyn) Re: bent functions (Tom St Denis) Re: practical birthday paradox issues (Tom St Denis) Re: practical birthday paradox issues (Niels Ferguson) Re: practical birthday paradox issues (Scott Fluhrer) Re: practical birthday paradox issues (Tom St Denis) From: David Schwartz [EMAIL PROTECTED] Crossposted-To: talk.politics.crypto,us.misc Subject: Re: And the FBI, too (Re: National Security Nightmare?) Date: Sat, 02 Jun 2001 16:07:53 -0700 Matthew Montchalin wrote: | By the way, I'm talking about civilians employed by |the NSA, not officers or enlisted personnel assigned to NSA |divisions. They seem to be less diligent about putting their |badges away before they walk into, say, a Burger King. So, how did they get assigned to the NSA divisions in the first place? What do their working papers look like? How would one division recognize a new recruit? By 'invitation' only? What does a typical 'invitation' look like? Is there a watermark on the paper? How do they secure their ranks when transferring agents electronically? I honestly have no idea. I only witnessed one event ever that shed any light on these questions. I'll relate it for its humor value. I was in the waiting room at the inner perimiter of a facility shared by the NSA and a few other DoD organizations. There was some slight confusion about where I was supposed to meet my escort, so I basically had to stay where I was until my escort realized that I hadn't gotten through that checkpoint. I couldn't go further in without escort, I couldn't go further out with my badge, and only my escort could turn in the badge, so I was basically stuck. While I was waiting, someone in military uniform walked up to the desk to report for duty at a new assignment inside that facility. I'm pretty sure it was NSOC, but I'm not totally sure. He showed his military ID and she handed him a PIN pad. He pushed a few keys and then she produced from an envelope his ID to enter that facility. She also handed him a card with his PIN on it and said that he had to destroy it. So he memorized it and then ate it. She explained that it was actually supposed to go back into the envelope to be destroyed at Ft. Meade and she wasn't sure quite what to do in this case. He said, You said I should destroy it. So she took a piece of scrap paper, wrote on it he ate it, and sealed it in the envelope. Miraculously, he had no difficulty using his ID card and entering his PIN to get in. DS -- From: Tom St Denis [EMAIL PROTECTED] Subject: practical birthday paradox issues Date: Sat, 02 Jun 2001 23:44:14 GMT Well being the slowest math student on earth I figured out how the birthday paradox applies to collision in the 2^(n/2) sense... 2^n/2 chosen texts is really (w^2)/2 pairs in this case it would be 2^(n-1) pairs. Wow. Problem is if we say something like SHA-1 has a 2^80 resistance to the bday paradox, don't we need 2^80 memory for all the chosen texts and 2^159 work to find a match? I.e we first need all the texts, then we must try them as pairs one by one to find the collision? What am I overlooking? (Keep in mind I am the slowest math student ... hehehe) -- Tom St Denis --- http://tomstdenis.home.dhs.org -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Echelon electronic eavesdropping network Date: Sun, 03 Jun 2001 01:52:05 +0200 Nemo psj wrote: There was supposedly a new report made in the UK. Does anyone here know were I can find it? Do you mean a paper by Duncan Campbell of 27.05, entitled 'COMINT Impact on International Trade'? It is at http://www.heise.de/tp/deutsch/special/ech/default.html In a recent thread, someone has given an URL of a draft document of a temporary committee of the European Parliament: http://os390-mvs.hypermart.net/encryption.htm BTW, according to German newspapers, the Echelon station near Bad Aibling will be abandoned in 2002, probably due to pressure from the German government but probably also due to availability of other better technologies (e.g. via satellites) that renders that station deprecated. M. K. Shen -- From: Tom St Denis [EMAIL
Cryptography-Digest Digest #499
Cryptography-Digest Digest #499, Volume #13 Fri, 19 Jan 01 15:13:00 EST Contents: Re: Kooks (was: NSA and Linux Security) (Greggy) Re: Kooks (was: NSA and Linux Security) (Greggy) Re: Kooks (was: NSA and Linux Security) (Greggy) Re: Membership Signature Scheme (Mike Rosing) Re: Why Microsoft's Product Activation Stinks (zapzing) Re: Dynamic Transposition Revisited (long) (Mike Rosing) Re: Why Microsoft's Product Activation Stinks (zapzing) Re: Why Microsoft's Product Activation Stinks (zapzing) Re: Membership Signature Scheme (Splaat23) Re: Why Microsoft's Product Activation Stinks (zapzing) Re: Light Computers (Mike Rosing) 3G crypto algorithms (Janos A. Csirik) Re: block algorithm on variable length without padding? ("Joseph Ashwood") Re: Comparison of ECDLP vs. DLP (Splaat23) From: Greggy [EMAIL PROTECTED] Subject: Re: Kooks (was: NSA and Linux Security) Date: Fri, 19 Jan 2001 18:00:29 GMT If you can't stand the fire, get out of the kitchen. So that is the way you carry on a discussion. Attack the messenger rather than reason and then tell him to leave if he can't stand your attacks? I let others decide between us. It is also interesting that NO ONE during the period in question in the position of legislature or judicial screamed or even complained about the Virginian process to publish the 13th amendment in its 1819 publication, Gibberish. Contemporary scholars understood that the amendment had not been ratified. William Rawle wrote that it "has been adopted by some of the states... Yes, but that was not the group I was referring to - perhaps my fault for not being clear. Entire legislatures published the 13th amendment without people within those bodies crying foul. To assume that they were all fools is beyond any credible argument you can put forth, but apparently that is what you would have us believe. To imagine that each of these legislatures were conspiring to place into law an improperly ratified amendment is also incredible. You would have us believe that those who knew the truth intimately would have stood by and said nothing - and many were present when these votes were taking place. Their actions show us that they knew TONA was ratified and was law. If one believes that TONA became part of the Constitution merely because it was frequently published, one should immediately mount an expedition to find Buss Island, a "phantom" island in the North Atlantic which appeared on maps from 1592 until 1856. See Donald S. Johnson, Phantom Islands of the Atlantic 80 (1994). Buss Island had its own conspiracy theorists; in 1770, an anonymous author accused the Hudson's Bay Company of keeping its location a secret in order to maintain financial control over it. I think everyone can see that you are desparate with such folly parallels. And on that subject, still unwilling to reveal... What are you talking about? I just explained your reasoning is too incredible to accept. My points were made by Richard Green's The Demons of Discord. There is no secret here. You would have us believe that entire legislatures conspired or were totally ignorant of what they were choosing to publish. You would have us believe that those involved in publishing Virginia's state law books were not certain, raised no question or objections, and yet published anyway. A quick history lesson on who those publishers were would clear that up quickly, but you don't do your research - you just attack. You would have us believe they knew little and were confused or mislead. As Richard Green shows in his essay, this is an assertion that defies all the knowledge we have of these men. You are embarassing yourself. I suggest you retire. -- 13th amendment to the US Constitution: If any citizen of the United States shall accept, claim, receive, or retain any title of nobility or honour, or shall, without the consent of Congress, accept and retain any present, pension, office, or emolument of any kind whatever, from any emperor, king, prince, or foreign power, such person shall cease to be a citizen of the United States, and shall be incapable of holding any office of trust or profit under them, or either of them. Sent via Deja.com http://www.deja.com/ -- From: Greggy [EMAIL PROTECTED] Subject: Re: Kooks (was: NSA and Linux Security) Date: Fri, 19 Jan 2001 18:05:10 GMT In article [EMAIL PROTECTED], [EMAIL PROTECTED] (John Savard) wrote: On Thu, 18 Jan 2001 22:24:02 GMT, "Douglas A. Gwyn" [EMAIL PROTECTED] wrote, in part: Greggy wrote: legally declared the citizens of the US enemies of the US "During time of war or during any other period of national emergency declared by the President, the President
Cryptography-Digest Digest #499
Cryptography-Digest Digest #499, Volume #12 Mon, 21 Aug 00 18:13:00 EDT Contents: Re: My unprovability madness. (Future Beacon) Re: What is required of "salt"? (Bill Unruh) Re: help needed to break KRYPTOS ("Douglas A. Gwyn") Re: 215 Hz five-qubit quantum processor ("Douglas A. Gwyn") Re: Provable (or probable) primes (JPeschel) Re: Provable (or probable) primes (Ichinin) Re: Provable (or probable) primes ("Michael Scott") Re: Cryptography and Content Protection (Jeffrey Williams) Re: blowfish problem ("Trevor L. Jackson, III") Re: blowfish problem ("Trevor L. Jackson, III") Re: Cryptography and Content Protection (Adriano Prado) Re: Hidden Markov Models on web site! Re: blowfish problem ("Trevor L. Jackson, III") From: Future Beacon [EMAIL PROTECTED] Crossposted-To: sci.math,sci.physics Subject: Re: My unprovability madness. Date: Mon, 21 Aug 2000 17:03:16 -0400 On Mon, 21 Aug 2000, Douglas A. Gwyn wrote: Future Beacon wrote: ... mean attack. Dealing with this kind of discourteousness ... On Mon, 21 Aug 2000, Bob Silverman wrote: What Bob Silverman said was correct and not especially "mean" or "discourteous". Douglas, If you're interested, the message below was selectively answered to make it appear that I disagree with Goedel's theorem. I don't agree with you in your assessment of the discourteousness involved, but I may have taken it worse than it was intended. I am fed up with all of the dirty tricks and unkindness. I will be more careful about accusing anybody, but something has to be done. Jim Trek === On 20 Aug 2000, Keith Ramsay wrote: . . . Goedel was careful not to assume anything speculative in his proof. He was careful to specify the formal system Principia Mathematica (PM). To characterize that system as not speculative is to simply dismiss out of hand my suggestion that it may not be acceptable to everybody. The notion that the conclusion is wrong is what is wildly speculative. I did not say that his conclusion is wrong. It is right. . . . Keith, It seems to me that we are not talking about the same thing. The foundations of any system must include definitions and may include axioms. If we get weird results that cause us problems or poorly serve our purposes, the only place to go is back to the foundations of the system (at least in my opinion). If we assume that the foundation is great, we're done. But to me and a few others undecidable questions are not acceptable within a mathematical system (at least one that I would want to use). For me, the purpose of math is to decide things. I have noticed that I am alone in this view among the people writing to this thread. I think that the axioms are fine with them, undecidability and all. My issue is an unwanted distraction. I don't believe that I characterized Goedel's conclusions as speculative, but if it sounded that way, please allow me to retract that impression. I am happy to leave it there. Jim Trek Future Beacon Technology http://eznet.net/~progress [EMAIL PROTECTED] -- From: [EMAIL PROTECTED] (Bill Unruh) Subject: Re: What is required of "salt"? Date: 21 Aug 2000 21:29:01 GMT In [EMAIL PROTECTED] John Myre [EMAIL PROTECTED] writes: ]Bill Unruh wrote: ] ] In [EMAIL PROTECTED] John Myre [EMAIL PROTECTED] writes: ] ] ]I'm wondering what (cryptographic) properties "salt" has to have. ] ] None. ]Ah, then I'll just use zero. :) Sure. Cryptographically this is as good as anything else. The salt is public knowledge. It cannot add any cryptographic strength to any one password. ] Its only purpose is to make the same password (eg used by ] different users) store differently in the public password file. ] Probably a better scheme would have been ] to use the username ( as they are almost guarenteed to be unique) rather ] than a one of 4096 random numbers. However, the crypt authors were after ] shortness, and since machines could typically have more than 4096 users, ] they figured choosing them randomly was a good procedure. ]Shortness where? If you could take the username as the salt, then In the storage. REmember unix crypt was developed 30 years ago. Your pocket calculator that you bought for $10 has far more power and storage than those machines had. They wanted to also hide the fact that the same user uses the same password on different systems (especially on ones administered by entirely different people) ]dsalting would cost zero in storage, since the username has to be But expensive in the algorithm as you would have to figure out how to use the 8 characters in teh username to perturb the crypt procedure. ]there anyway. As far as historical design choices go, I'd bet that ]the var
Cryptography-Digest Digest #499
Cryptography-Digest Digest #499, Volume #10 Wed, 3 Nov 99 03:13:05 EST Contents: Re: Your Opinions on Quantum Cryptography (David A Molnar) Re: Proposal: Inexpensive Method of "True Random Data" Generation ("John E. Kuslich") Re: Compression: A ? for David Scott (Tom) Re: Compression: A ? for David Scott (Tom) Re: Kerberos Question Re: Your Opinions on Quantum Cryptography Re: Scientific Progress and the NSA (was: Bruce Schneier's Crypto (SCOTT19U.ZIP_GUY) From: David A Molnar [EMAIL PROTECTED] Subject: Re: Your Opinions on Quantum Cryptography Date: 3 Nov 1999 04:37:42 GMT [EMAIL PROTECTED] wrote: Dear All, I am preparing a short paper on Quantum Cryptography. I would be most grateful if you could give your opinion/thought/knowledge on the following points: 1. Is there a need for Quantum Cryptography? The only quantum crypto I am familiar with is "quantum key distribution" via privacy amplification. So that's to what my comments refer. I think the answer to this depends in part on how hard you think certain computational problems "really" are, and what resources you assume on the part of your adversary. The security of quantum key distribution requires no computational assumptions; this means that even if P = NP, or you are under attack by large and well-funded organizations, you have some hope that your communication is secure. So if you believe that the computational strength of adversaries can't be measured, or if you think that they have much better algorithms than you do, you need quantum key distribution. or something else info-theoretically secure, like a one-time-pad. On the other hand, as you can see in a separate thread here in sci.crypt, understanding just what you get from quantum key distribution can be tricky. It's probably best to go read the thread (and the original papers) instead of trying to summarize here. 2. Will Quantum Cryptography reach a phase where it can be implemented over long distances successfully? Aren't we there already, at least in the lab? Applied Cryptography mentions that quantum key distribution has been experimentally performed over a distance of 10km via fibre-optics. I'm almost positive I've heard of tests using lasers across ordinary space("Plug and Play Quantum Crypto" is a paper title which comes to mind,but I can't find the reference...). I'm sorry for not citing references at the moment, but you may be able to find experimental implementations via a web search. 3. Will Quantum Cryptography become a neccesity against increasing advanced crypto attacks? Uh, speculation about what will happen? I understand this as asking if I think that some computational problems are hard, and if we know how best to exploit that "hardness". well, I do believe the first, and think that we'll get there on the second. Not everyone agrees with me. -David -- From: "John E. Kuslich" [EMAIL PROTECTED] Crossposted-To: sci.math,sci.misc,sci.physics Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation Date: Tue, 02 Nov 1999 22:18:31 -0700 NAH! Here is what you do... You take three or four of these CD's that AOL keeps sending you in the mail and you suspend them from strings. The longer the strings, the better. Mount then from near the center so the swing and sway and lally back and forth. Now you get a little "personal" fan and direct the airflow on to the suspended CD's from slightly underneath the CD's. This will cause them to move in a random and chaotic way. Now focus a couple of desk lamps on to the CD's (you can use different colors if you like). Whip out your ultracheap web-cam that plugs right into your USB port (you have a USB port don't you??) You set the web cam software to snap a photo of the CD's every couple of seconds. Now you write some software to take the images you have save over a few days and you whiten the data by hashing, mixing grinding (use you favorite whitening software, maybe Yarrow...). WALA!! Reams and reams (GIGABYTES??) of cheap random data for the rest of your life!!! :--) It sure beats Lava Lamps with all their temperature sensitivities and need to rest etc. Finally, a real life use for those AOL CD's ! John E. Kuslich http://.crak.com DSM wrote: If this is off-topic, please forgive me; I am thinking that the groups this message is directed to are frequented by those who may be interested in the method. *** Currently, any experiment (or other procedure) for which "true" random data is required must be conducted on a computer equipped with a special-purpose peripheral device (usually quite expensive.) Applications for "true random data" include statistical research and strong encryption. PROPOSAL: Make use of min