Cryptography-Digest Digest #499
Cryptography-Digest Digest #499, Volume #14 Sat, 2 Jun 01 23:13:01 EDT Contents: Re: And the FBI, too (Re: National Security Nightmare?) (David Schwartz) practical birthday paradox issues (Tom St Denis) Re: Echelon electronic eavesdropping network (Mok-Kong Shen) Re: Luby-Rackoff Theorems? (Tom St Denis) Re: Luby-Rackoff Theorems? (Nicol So) Re: Luby-Rackoff Theorems? (Nicol So) Re: Luby-Rackoff Theorems? (Nicol So) Re: Luby-Rackoff Theorems? (Tom St Denis) bent functions (Tom St Denis) Re: practical birthday paradox issues (John Savard) Re: BBS implementation (Niels Ferguson) Re: bent functions (Douglas A. Gwyn) Re: bent functions (Tom St Denis) Re: practical birthday paradox issues (Tom St Denis) Re: practical birthday paradox issues (Niels Ferguson) Re: practical birthday paradox issues (Scott Fluhrer) Re: practical birthday paradox issues (Tom St Denis) From: David Schwartz [EMAIL PROTECTED] Crossposted-To: talk.politics.crypto,us.misc Subject: Re: And the FBI, too (Re: National Security Nightmare?) Date: Sat, 02 Jun 2001 16:07:53 -0700 Matthew Montchalin wrote: | By the way, I'm talking about civilians employed by |the NSA, not officers or enlisted personnel assigned to NSA |divisions. They seem to be less diligent about putting their |badges away before they walk into, say, a Burger King. So, how did they get assigned to the NSA divisions in the first place? What do their working papers look like? How would one division recognize a new recruit? By 'invitation' only? What does a typical 'invitation' look like? Is there a watermark on the paper? How do they secure their ranks when transferring agents electronically? I honestly have no idea. I only witnessed one event ever that shed any light on these questions. I'll relate it for its humor value. I was in the waiting room at the inner perimiter of a facility shared by the NSA and a few other DoD organizations. There was some slight confusion about where I was supposed to meet my escort, so I basically had to stay where I was until my escort realized that I hadn't gotten through that checkpoint. I couldn't go further in without escort, I couldn't go further out with my badge, and only my escort could turn in the badge, so I was basically stuck. While I was waiting, someone in military uniform walked up to the desk to report for duty at a new assignment inside that facility. I'm pretty sure it was NSOC, but I'm not totally sure. He showed his military ID and she handed him a PIN pad. He pushed a few keys and then she produced from an envelope his ID to enter that facility. She also handed him a card with his PIN on it and said that he had to destroy it. So he memorized it and then ate it. She explained that it was actually supposed to go back into the envelope to be destroyed at Ft. Meade and she wasn't sure quite what to do in this case. He said, You said I should destroy it. So she took a piece of scrap paper, wrote on it he ate it, and sealed it in the envelope. Miraculously, he had no difficulty using his ID card and entering his PIN to get in. DS -- From: Tom St Denis [EMAIL PROTECTED] Subject: practical birthday paradox issues Date: Sat, 02 Jun 2001 23:44:14 GMT Well being the slowest math student on earth I figured out how the birthday paradox applies to collision in the 2^(n/2) sense... 2^n/2 chosen texts is really (w^2)/2 pairs in this case it would be 2^(n-1) pairs. Wow. Problem is if we say something like SHA-1 has a 2^80 resistance to the bday paradox, don't we need 2^80 memory for all the chosen texts and 2^159 work to find a match? I.e we first need all the texts, then we must try them as pairs one by one to find the collision? What am I overlooking? (Keep in mind I am the slowest math student ... hehehe) -- Tom St Denis --- http://tomstdenis.home.dhs.org -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Echelon electronic eavesdropping network Date: Sun, 03 Jun 2001 01:52:05 +0200 Nemo psj wrote: There was supposedly a new report made in the UK. Does anyone here know were I can find it? Do you mean a paper by Duncan Campbell of 27.05, entitled 'COMINT Impact on International Trade'? It is at http://www.heise.de/tp/deutsch/special/ech/default.html In a recent thread, someone has given an URL of a draft document of a temporary committee of the European Parliament: http://os390-mvs.hypermart.net/encryption.htm BTW, according to German newspapers, the Echelon station near Bad Aibling will be abandoned in 2002, probably due to pressure from the German government but probably also due to availability of other better technologies (e.g. via satellites) that renders that station deprecated. M. K. Shen -- From: Tom St Denis [EMAIL
Cryptography-Digest Digest #499
Cryptography-Digest Digest #499, Volume #13 Fri, 19 Jan 01 15:13:00 EST
Contents:
Re: Kooks (was: NSA and Linux Security) (Greggy)
Re: Kooks (was: NSA and Linux Security) (Greggy)
Re: Kooks (was: NSA and Linux Security) (Greggy)
Re: Membership Signature Scheme (Mike Rosing)
Re: Why Microsoft's Product Activation Stinks (zapzing)
Re: Dynamic Transposition Revisited (long) (Mike Rosing)
Re: Why Microsoft's Product Activation Stinks (zapzing)
Re: Why Microsoft's Product Activation Stinks (zapzing)
Re: Membership Signature Scheme (Splaat23)
Re: Why Microsoft's Product Activation Stinks (zapzing)
Re: Light Computers (Mike Rosing)
3G crypto algorithms (Janos A. Csirik)
Re: block algorithm on variable length without padding? ("Joseph Ashwood")
Re: Comparison of ECDLP vs. DLP (Splaat23)
From: Greggy [EMAIL PROTECTED]
Subject: Re: Kooks (was: NSA and Linux Security)
Date: Fri, 19 Jan 2001 18:00:29 GMT
If you can't stand the fire, get out of the kitchen.
So that is the way you carry on a discussion. Attack the messenger
rather than reason and then tell him to leave if he can't stand your
attacks? I let others decide between us.
It is also interesting that NO ONE during the period in question in
the position of legislature or judicial screamed or even complained
about the Virginian process to publish the 13th amendment in its
1819
publication,
Gibberish.
Contemporary scholars understood that the amendment had
not been ratified. William Rawle wrote that it "has been
adopted by some of the states...
Yes, but that was not the group I was referring to - perhaps my fault
for not being clear.
Entire legislatures published the 13th amendment without people within
those bodies crying foul.
To assume that they were all fools is beyond any credible argument you
can put forth, but apparently that is what you would have us believe.
To imagine that each of these legislatures were conspiring to place
into law an improperly ratified amendment is also incredible.
You would have us believe that those who knew the truth intimately
would have stood by and said nothing - and many were present when these
votes were taking place.
Their actions show us that they knew TONA was ratified and was law.
If one believes that TONA became part of the Constitution
merely because it was frequently published, one should
immediately mount an expedition to find Buss Island, a
"phantom" island in the North Atlantic which appeared on
maps from 1592 until 1856. See Donald S. Johnson, Phantom
Islands of the Atlantic 80 (1994). Buss Island had its own
conspiracy theorists; in 1770, an anonymous author accused
the Hudson's Bay Company of keeping its location a secret
in order to maintain financial control over it.
I think everyone can see that you are desparate with such folly
parallels.
And on that subject, still unwilling to reveal...
What are you talking about? I just explained your reasoning is too
incredible to accept. My points were made by Richard Green's The
Demons of Discord. There is no secret here.
You would have us believe that entire legislatures conspired or were
totally ignorant of what they were choosing to publish.
You would have us believe that those involved in publishing Virginia's
state law books were not certain, raised no question or objections, and
yet published anyway. A quick history lesson on who those publishers
were would clear that up quickly, but you don't do your research - you
just attack.
You would have us believe they knew little and were confused or
mislead. As Richard Green shows in his essay, this is an assertion
that defies all the knowledge we have of these men.
You are embarassing yourself. I suggest you retire.
--
13th amendment to the US Constitution:
If any citizen of the United States shall accept, claim, receive,
or retain any title of nobility or honour, or shall, without the
consent of Congress, accept and retain any present, pension, office,
or emolument of any kind whatever, from any emperor, king, prince,
or foreign power, such person shall cease to be a citizen of the
United States, and shall be incapable of holding any office of
trust or profit under them, or either of them.
Sent via Deja.com
http://www.deja.com/
--
From: Greggy [EMAIL PROTECTED]
Subject: Re: Kooks (was: NSA and Linux Security)
Date: Fri, 19 Jan 2001 18:05:10 GMT
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (John Savard) wrote:
On Thu, 18 Jan 2001 22:24:02 GMT, "Douglas A. Gwyn"
[EMAIL PROTECTED] wrote, in part:
Greggy wrote:
legally declared the citizens of the US enemies of the US
"During time of war or during any other period of national
emergency
declared by the President, the President
Cryptography-Digest Digest #499
Cryptography-Digest Digest #499, Volume #12 Mon, 21 Aug 00 18:13:00 EDT
Contents:
Re: My unprovability madness. (Future Beacon)
Re: What is required of "salt"? (Bill Unruh)
Re: help needed to break KRYPTOS ("Douglas A. Gwyn")
Re: 215 Hz five-qubit quantum processor ("Douglas A. Gwyn")
Re: Provable (or probable) primes (JPeschel)
Re: Provable (or probable) primes (Ichinin)
Re: Provable (or probable) primes ("Michael Scott")
Re: Cryptography and Content Protection (Jeffrey Williams)
Re: blowfish problem ("Trevor L. Jackson, III")
Re: blowfish problem ("Trevor L. Jackson, III")
Re: Cryptography and Content Protection (Adriano Prado)
Re: Hidden Markov Models on web site!
Re: blowfish problem ("Trevor L. Jackson, III")
From: Future Beacon [EMAIL PROTECTED]
Crossposted-To: sci.math,sci.physics
Subject: Re: My unprovability madness.
Date: Mon, 21 Aug 2000 17:03:16 -0400
On Mon, 21 Aug 2000, Douglas A. Gwyn wrote:
Future Beacon wrote:
... mean attack. Dealing with this kind of discourteousness ...
On Mon, 21 Aug 2000, Bob Silverman wrote:
What Bob Silverman said was correct and not especially "mean"
or "discourteous".
Douglas,
If you're interested, the message below was selectively answered to
make it appear that I disagree with Goedel's theorem.
I don't agree with you in your assessment of the discourteousness
involved, but I may have taken it worse than it was intended. I am
fed up with all of the dirty tricks and unkindness. I will be more
careful about accusing anybody, but something has to be done.
Jim Trek
===
On 20 Aug 2000, Keith Ramsay wrote:
.
.
.
Goedel was careful not to assume anything speculative in his proof.
He was careful to specify the formal system Principia Mathematica
(PM). To characterize that system as not speculative is to simply
dismiss out of hand my suggestion that it may not be acceptable to
everybody.
The notion that the conclusion is wrong is what is wildly speculative.
I did not say that his conclusion is wrong. It is right.
.
.
.
Keith,
It seems to me that we are not talking about the same thing. The
foundations of any system must include definitions and may include
axioms. If we get weird results that cause us problems or poorly
serve our purposes, the only place to go is back to the foundations
of the system (at least in my opinion). If we assume that the
foundation is great, we're done. But to me and a few others
undecidable questions are not acceptable within a mathematical
system (at least one that I would want to use). For me, the purpose
of math is to decide things.
I have noticed that I am alone in this view among the people writing
to this thread. I think that the axioms are fine with them,
undecidability and all. My issue is an unwanted distraction.
I don't believe that I characterized Goedel's conclusions as
speculative, but if it sounded that way, please allow me to
retract that impression.
I am happy to leave it there.
Jim Trek
Future Beacon Technology
http://eznet.net/~progress
[EMAIL PROTECTED]
--
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: What is required of "salt"?
Date: 21 Aug 2000 21:29:01 GMT
In [EMAIL PROTECTED] John Myre [EMAIL PROTECTED] writes:
]Bill Unruh wrote:
]
] In [EMAIL PROTECTED] John Myre [EMAIL PROTECTED] writes:
]
] ]I'm wondering what (cryptographic) properties "salt" has to have.
]
] None.
]Ah, then I'll just use zero. :)
Sure. Cryptographically this is as good as anything else.
The salt is public knowledge. It cannot add any cryptographic strength
to any one password.
] Its only purpose is to make the same password (eg used by
] different users) store differently in the public password file.
] Probably a better scheme would have been
] to use the username ( as they are almost guarenteed to be unique) rather
] than a one of 4096 random numbers. However, the crypt authors were after
] shortness, and since machines could typically have more than 4096 users,
] they figured choosing them randomly was a good procedure.
]Shortness where? If you could take the username as the salt, then
In the storage. REmember unix crypt was developed 30 years ago. Your
pocket calculator that you bought for $10 has far more power and storage
than those machines had.
They wanted to also hide the fact that the same user uses the same
password on different systems (especially on ones administered by
entirely different people)
]dsalting would cost zero in storage, since the username has to be
But expensive in the algorithm as you would have to figure out how to
use the 8 characters in teh username to perturb the crypt procedure.
]there anyway. As far as historical design choices go, I'd bet that
]the var
Cryptography-Digest Digest #499
Cryptography-Digest Digest #499, Volume #10 Wed, 3 Nov 99 03:13:05 EST
Contents:
Re: Your Opinions on Quantum Cryptography (David A Molnar)
Re: Proposal: Inexpensive Method of "True Random Data" Generation ("John E. Kuslich")
Re: Compression: A ? for David Scott (Tom)
Re: Compression: A ? for David Scott (Tom)
Re: Kerberos Question
Re: Your Opinions on Quantum Cryptography
Re: Scientific Progress and the NSA (was: Bruce Schneier's Crypto (SCOTT19U.ZIP_GUY)
From: David A Molnar [EMAIL PROTECTED]
Subject: Re: Your Opinions on Quantum Cryptography
Date: 3 Nov 1999 04:37:42 GMT
[EMAIL PROTECTED] wrote:
Dear All,
I am preparing a short paper on Quantum Cryptography. I would be most
grateful if you could give your opinion/thought/knowledge on the
following points:
1. Is there a need for Quantum Cryptography?
The only quantum crypto I am familiar with is "quantum key
distribution" via privacy amplification. So that's to what my comments
refer.
I think the answer to this depends in part on how hard you think certain
computational problems "really" are, and what resources you assume on
the part of your adversary. The security of quantum key distribution
requires no computational assumptions; this means that even if P = NP,
or you are under attack by large and well-funded organizations, you have
some hope that your communication is secure.
So if you believe that the computational strength of adversaries can't
be measured, or if you think that they have much better algorithms than
you do, you need quantum key distribution. or something else
info-theoretically secure, like a one-time-pad.
On the other hand, as you can see in a separate thread here in
sci.crypt, understanding just what you get from quantum key distribution
can be tricky. It's probably best to go read the thread (and the
original papers) instead of trying to summarize here.
2. Will Quantum Cryptography reach a phase where it can be implemented
over long distances successfully?
Aren't we there already, at least in the lab? Applied Cryptography
mentions that quantum key distribution has been experimentally performed
over a distance of 10km via fibre-optics. I'm almost positive I've heard
of tests using lasers across ordinary space("Plug and Play Quantum
Crypto" is a paper title which comes to mind,but I can't find the
reference...).
I'm sorry for not citing references at the moment, but you may be able
to find experimental implementations via a web search.
3. Will Quantum Cryptography become a neccesity against increasing
advanced crypto attacks?
Uh, speculation about what will happen? I understand this as asking if I
think that some computational problems are hard, and if we know how best
to exploit that "hardness". well, I do believe the first, and think
that we'll get there on the second. Not everyone agrees with me.
-David
--
From: "John E. Kuslich" [EMAIL PROTECTED]
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Tue, 02 Nov 1999 22:18:31 -0700
NAH!
Here is what you do...
You take three or four of these CD's that AOL keeps sending you in the
mail and you suspend them from strings. The longer the strings, the
better. Mount then from near the center so the swing and sway and lally
back and forth.
Now you get a little "personal" fan and direct the airflow on to the
suspended CD's from slightly underneath the CD's. This will cause them
to move in a random and chaotic way. Now focus a couple of desk lamps
on to the CD's (you can use different colors if you like). Whip out
your ultracheap web-cam that plugs right into your USB port (you have a
USB port don't you??) You set the web cam software to snap a photo of
the CD's every couple of seconds.
Now you write some software to take the images you have save over a few
days and you whiten the data by hashing, mixing grinding (use you
favorite whitening software, maybe Yarrow...).
WALA!! Reams and reams (GIGABYTES??) of cheap random data for the rest
of your life!!! :--)
It sure beats Lava Lamps with all their temperature sensitivities and
need to rest etc.
Finally, a real life use for those AOL CD's !
John E. Kuslich http://.crak.com
DSM wrote:
If this is off-topic, please forgive me;
I am thinking that the groups this message is directed to
are frequented by those who may be interested in the method.
***
Currently, any experiment (or other procedure) for which "true"
random data is required must be conducted on a computer equipped
with a special-purpose peripheral device (usually quite expensive.)
Applications for "true random data" include statistical research
and strong encryption.
PROPOSAL: Make use of min
