Cryptography-Digest Digest #507
Cryptography-Digest Digest #507, Volume #14 Sun, 3 Jun 01 19:13:01 EDT
Contents:
Re: Def'n of bijection (Tim Tyler)
Re: Def'n of bijection ("Tom St Denis")
Re: Def'n of bijection ("M.S. Bob")
Re: UK legislation on cryptographic products ("M.S. Bob")
Re: Uniciyt distance and compression for AES (Tim Tyler)
Re: Sv: Top Secret Crypto (John Savard)
Re: Uniciyt distance and compression for AES (Tim Tyler)
Re: Def'n of bijection (John Savard)
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Scott Fluhrer")
Re: PRP vs PRF (was Luby-Rackoff Theorems) ("Scott Fluhrer")
Re: S-Boxes ("Yashar Alishenas")
Re: S-Boxes ("Tom St Denis")
Re: S-Boxes ("Scott Fluhrer")
Re: PRP vs PRF (was Luby-Rackoff Theorems) ("Tom St Denis")
Re: Uniciyt distance and compression for AES ("Tom St Denis")
benefits of compression for security ("Tom St Denis")
Re: Dynamic Transposition Revisited Again (long) ([EMAIL PROTECTED])
Re: PRP vs PRF (was Luby-Rackoff Theorems) (David Wagner)
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Def'n of bijection
Reply-To: [EMAIL PROTECTED]
Date: Sun, 3 Jun 2001 21:50:47 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Nicol So" <[EMAIL PROTECTED]> wrote in message
:> Tom St Denis wrote:
:> > That means it's invertible and closed right (i.e from set A to set B,
:> > A=B)?
:>
:> Invertible? yes. Domain = range? No.
: It said "all bijections have a function f' such that f'(f(x)) = x" and "for
: every element of the codomain there is some element of the domain which maps
: to it"
: This means in the case of TimTyler's argument about 1 byte => 3 byte is a
: bijection [...]
You'd better quote what I actually said if you're going to do this.
A /particular/ one-byte value mapped to a three byte value in the
bijection I was discussing.
--
__
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
--
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Def'n of bijection
Date: Sun, 03 Jun 2001 22:03:25 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : "Nicol So" <[EMAIL PROTECTED]> wrote in message
> :> Tom St Denis wrote:
>
> :> > That means it's invertible and closed right (i.e from set A to set B,
> :> > A=B)?
> :>
> :> Invertible? yes. Domain = range? No.
>
> : It said "all bijections have a function f' such that f'(f(x)) = x" and
"for
> : every element of the codomain there is some element of the domain which
maps
> : to it"
>
> : This means in the case of TimTyler's argument about 1 byte => 3 byte is
a
> : bijection [...]
>
> You'd better quote what I actually said if you're going to do this.
>
> A /particular/ one-byte value mapped to a three byte value in the
> bijection I was discussing.
Correct me if i am wrong but the whole point of the BICOM stuff was that all
inputs map to an output and all elements on the output side map to an input.
Scott said that he could make a compressor where inputs mapped to outputs of
different length (i.e 1 => 3). This would mean that all 3's must map to 1
bytes. Violation of terms.
He should have said some of the 3 bytes goto 1 byte (i.e 256 of them) and
the other 3 byte messages map to other lengths...
Tom
--
From: "M.S. Bob" <[EMAIL PROTECTED]>
Subject: Re: Def'n of bijection
Date: Sun, 03 Jun 2001 22:59:00 +0100
Tom St Denis wrote:
>
> http://www.dictionary.com/cgi-bin/dict.pl?term=bijection
>
> Aha. One-to-one and onto.
>
> That means it's invertible and closed right (i.e from set A to set B, A=B)?
Consider from Z to 2Z under the mapping y = 2x.
--
From: "M.S. Bob" <[EMAIL PROTECTED]>
Subject: Re: UK legislation on cryptographic products
Date: Sun, 03 Jun 2001 23:03:16 +0100
demon news wrote:
>
> Hello!.
>
> Could anybody let me know what the current legislation is for
> cryptographic products in the UK?.
Hire a lawyer or talk to the DTI to be certain. But general interest:
See http://www.fipr.org/ Foundation for Information Policy Research
Also check ukcrypto mailing list.
http://www.chiark.greenend.org.uk/mailman/listinfo/ukcrypto
Followups directed to talk.politics.crypto.
--
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Uniciyt distance and compression for AES
Reply-To: [
Cryptography-Digest Digest #507
Cryptography-Digest Digest #507, Volume #13 Sat, 20 Jan 01 13:13:01 EST
Contents:
Re: Differential Analysis (Tom St Denis)
Re: A Small Challenge ("rosi")
Re: Kooks (was: NSA and Linux Security) ([EMAIL PROTECTED])
Re: Kooks (was: NSA and Linux Security) ([EMAIL PROTECTED])
Re: Kooks (was: NSA and Linux Security) ([EMAIL PROTECTED])
Re: Kooks (was: NSA and Linux Security) ([EMAIL PROTECTED])
Re: Dynamic Transposition Revisited (long) (Mok-Kong Shen)
Re: Differential Analysis (Splaat23)
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Differential Analysis
Date: Sat, 20 Jan 2001 16:22:48 GMT
In article <[EMAIL PROTECTED]>,
Richard Heathfield <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> >
> > In article <[EMAIL PROTECTED]>,
> > Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> > > I consider the fact that I can write a short function to generate it to
> > > be of greater importance. Remember how, when DES came out, people
> > > asked, where the heck do these sboxes come from? I don't want this.
> > > Even if I say, they came from this here sboxgen program, people might be
> > > inclined to disbelieve me, because they won't be able to produce those
> > > exact sboxes from sboxgen, since they were, after all, randomly
> > > produced.
> >
> > Actually this is a lie.
>
> It can only be a lie if Benjamin deliberately gave false information. He
> might genuinely dispute the facts, or he might have made a mistake, and
> in neither case can he legitimately be called a liar.
Yeah and their's no god either. I haven't proved it but I will state that as
fact.
> > If you save your prng.dat before starting (sboxgen
> > saves it when it exits) others can exactly reproduce what you did.
> >
> > Stop lying! Liar!!!
>
> I never thought I'd have to do this, Tom, but...
>
> *PLONK*
>
> Perhaps I'll let you out of my killfile in a month or two, when you've
> calmed down a bit.
I really don't care what you think.
Tom
Sent via Deja.com
http://www.deja.com/
--
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: A Small Challenge
Date: Sat, 20 Jan 2001 12:28:15 -0500
David Hopwood wrote in part in message <[EMAIL PROTECTED]>...
>
>The original post in this thread didn't reach my server. Since I assume it
>also hasn't reached a fair proportion of Usenet, could you please repost
>it (just to sci.crypt)?
My news server normally keep at least about a month's worth. I posted on
the 13th of Janurary, 2001 and I can not see it now from my news server
either.
(Could see it for a few days) This should be the case for two or three
servers,
most should be able to access it. If however, there is the need for me to
post
again, please let me know at [EMAIL PROTECTED] If the request exceeds four, I
will
do a re-post.
There is no problem on my part, but I think it may be best to look into
an archive. That way, you could see all posts under that thread instead
of just the original from me.
Go to www.dejanews.com and search on subject "A Small Challenge"
and/or author: rosi.
Thanks for any interest in QP.
--- (My Signature)
--
From: [EMAIL PROTECTED]
Subject: Re: Kooks (was: NSA and Linux Security)
Date: Sat, 20 Jan 2001 16:42:01 GMT
In article <949vuu$qh4$[EMAIL PROTECTED]>,
Greggy <[EMAIL PROTECTED]> wrote:
> > > So we can see who the real kook is.
> >
> > I think it's clear to everyone...
>
> The truth is first ridiculed, then violently attacked, then accepted as
> obvious.
They laughed at Galielo. They laughed at Einstein. They laughed at the
Wright Brothers. But they also laughed at Bozo the Clown, Greggy.
> Let others decide between us. I have stated the obvious
If "obvious" is positions believed in by a small group of kooks best
known for two members, Linda Lyon and George Sibley, who claimed that the
"missing 13th amendment" justified their cold-blooded murder of a police
officer. (They're now on Death Row.)
> and cited material which cites US law.
Which were written by a man who has served time in prison for chopping
down telephone poles. No joke. http://www.putnampit.com/free.html.
Sent via Deja.com
http://www.deja.com/
--
From: [EMAIL PROTECTED]
Subject: Re: Kooks (was: NSA and Linux Security)
Date: Sat, 20 Jan 2001 16:50:49 GMT
In article <949vbl$pu6$[EMAIL PROTECTED]>,
Greggy <[EMAIL PROTECTED]> wrote:
> > If you can't stand the fire, get out of the kitchen.
>
> So that is the way you carry on
Cryptography-Digest Digest #507
Cryptography-Digest Digest #507, Volume #12 Tue, 22 Aug 00 14:13:01 EDT
Contents:
Re: My unprovability madness. (James Felling)
Re: Kelsey, Schneier, Wagner and Hall reference "the Codebreakers" (Robert S.
Meineke)
Re: New algorithm for the cipher contest ([EMAIL PROTECTED])
Re: New algorithm for the cipher contest ([EMAIL PROTECTED])
Re: Hidden Markov Models on web site! (Gunnar Evermann)
Re: blowfish problem ("Douglas A. Gwyn")
Re: Question on Decorelation Theory (Mark Wooding)
Re: Kryptos and Gillogly (Achilles Outlaw)
Re: Decryption (Mok-Kong Shen)
Re: My unprovability madness. ("Douglas A. Gwyn")
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
Re: My unprovability madness. (Future Beacon)
Re: Directions (Mike Rosing)
Re: PKI (Mike Rosing)
Re: The future direction ... (Mike Rosing)
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
From: James Felling <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.physics
Subject: Re: My unprovability madness.
Date: Tue, 22 Aug 2000 11:33:35 -0500
Future Beacon wrote:
> On Mon, 21 Aug 2000, Douglas A. Gwyn wrote:
>
> > Future Beacon wrote:
> > > ... mean attack. Dealing with this kind of discourteousness ...
> > > On Mon, 21 Aug 2000, Bob Silverman wrote:
> >
> > What Bob Silverman said was correct and not especially "mean"
> > or "discourteous".
>
> Douglas,
>
> If you're interested, the message below was selectively answered to
> make it appear that I disagree with Goedel's theorem.
>
> I don't agree with you in your assessment of the discourteousness
> involved, but I may have taken it worse than it was intended. I am
> fed up with all of the dirty tricks and unkindness. I will be more
> careful about accusing anybody, but something has to be done.
>
> Jim Trek
>
> ---
>
> On 20 Aug 2000, Keith Ramsay wrote:
>
> .
> .
> .
> > Goedel was careful not to assume anything speculative in his proof.
>
> He was careful to specify the formal system Principia Mathematica
> (PM). To characterize that system as not speculative is to simply
> dismiss out of hand my suggestion that it may not be acceptable to
> everybody.
I agree that it may not be acceptable to everyone, however PM's system is
equivalent to or a subset of pretty much every major branch of mathematics(
and I would be inclined to say all branches, but not having examined all
branches I will not claim such) -- geometry, set theory, algebra, basicly
anything where the concepts of addition, proof, and variable make sense. I
concur that PM may not be acceptable to everyone, but I know of no math for
which it or equivalent axioms fail to hold.
>
>
> > The notion that the conclusion is wrong is what is wildly speculative.
>
> I did not say that his conclusion is wrong. It is right.
>
> .
> .
> .
>
> Keith,
>
> It seems to me that we are not talking about the same thing. The
> foundations of any system must include definitions and may include
> axioms.
Any system that is useful includes at least some axioms.( adding two numbers
to gether must always produce a unique result), ( one can "choose 1
number"), ("inductive reasoning works")
> If we get weird results that cause us problems or poorly
> serve our purposes, the only place to go is back to the foundations
> of the system (at least in my opinion).
Agreed.
> If we assume that the
> foundation is great, we're done. But to me and a few others
> undecidable questions are not acceptable within a mathematical
> system (at least one that I would want to use). For me, the purpose
> of math is to decide things.
True, but when one looks at physics ( to use a similar example from science)
Physics has as its goal obtaining a detailed and accurate understanding of
the universe around us. Now when a theory models the universe very well,
but has some side consequences that work out very messily ( Uncertanty in
quantum physics, or singularities in relativity to use an example). I may
claim that that theory is bunk, but until an alternative model comes along
and provides a way arround it, or some other workaround is found we use the
tools we have.
Similarly with math if we object to the incompleteness theorem, we need to
find a working math that resolves that issue and can explain what we see
in the rest of it. Until that time the incompleteness theorem will haunt
us. I do not think that a "workaround" mathematics can happen without
striping math of its ability to produce at least some large subset of useful
tools. You can get around Godel in a number of ways -- get
Cryptography-Digest Digest #507
Cryptography-Digest Digest #507, Volume #11 Fri, 7 Apr 00 10:13:01 EDT
Contents:
Re: Is AES necessary? ([EMAIL PROTECTED])
Re: Q: Simulation of quantum computing ("J.Wallace")
Re: Is AES necessary? (Tom St Denis)
Re: GSM A5/1 Encryption (Paul Schlyter)
Re: Public|Private key cryptography? (Tom St Denis)
Re: The lighter side of cryptology (Stefek Zaba)
Re: Crypto API for C (Runu Knips)
Re: Processing encrypted data (David A Molnar)
Re: GSM A5/1 Encryption (Matt Linder)
Re: Crypto API for C (David A Molnar)
Re: Is AES necessary? (Mok-Kong Shen)
Re: Schoof's Algorithm (Robert Harley)
Re: GSM A5/1 Encryption (Gerhard Wesp)
From: [EMAIL PROTECTED]
Subject: Re: Is AES necessary?
Date: Fri, 7 Apr 2000 09:18:35 GMT
=BEGIN PGP SIGNED MESSAGE=
Hash: SHA1
Mok-Kong Shen wrote:
> Now that we'll soon have an AES, I think it could be interesting
> to take a minute to look back and reflect whether AES is really
> necessary.
>
> I'll start by arguing for one side of the issue:
>
> 3DES is currently yet strong enough. If that's too weak, we could
> use 5DES etc.
it is slooow and 5DES will be sloower
and the strength is not only requirement for AES
there are more parameters including speed
> We could employ some trivial variants of DES that enable expansion
> of the effective key space (e.g. permutation of the subkeys or
> the S-boxes).
> M. K. Shen
== ==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp.htm <-- PGP half-Plugin for Netscape
http://disastry.dhs.org/pegwit <-- Pegwit - simple alternative for PGP
remove .NOSPAM.NET for email reply
=BEGIN PGP SIGNATURE=
Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
Comment: get this Plugin at http://disastry.dhs.org/pgp.htm
iQA/AwUBOO2LxDBaTVEuJQxkEQLqHwCgtc/kOSwmFkn8aJbfgKXHh6SP7QEAn2fW
xP33RdRtX2wPrPIEBiacYTOZ
=dkUy
=END PGP SIGNATURE=
--
From: "J.Wallace" <[EMAIL PROTECTED]>
Subject: Re: Q: Simulation of quantum computing
Date: Fri, 07 Apr 2000 10:55:53 +0100
Mok-Kong Shen wrote:
>
> J.Wallace wrote:
> >
> > No, you could not obtain truly random bits through this type of
> > simulation.
[snip]
> I hope I understand the matter as follows: The simulation is not
> 'exact' (i.e. not an emulation) but only a very good approximation.
> Hence it can't do everything that a real quantum computer can.
> One thing it can't is generation of truly random bits.
Yes, as I understand it, that is correct.
Julia
--
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Fri, 07 Apr 2000 10:12:41 GMT
Mok-Kong Shen wrote:
>
> Now that we'll soon have an AES, I think it could be interesting
> to take a minute to look back and reflect whether AES is really
> necessary.
>
> I'll start by arguing for one side of the issue:
>
> 3DES is currently yet strong enough. If that's too weak, we could
> use 5DES etc.
>
> We could employ some trivial variants of DES that enable expansion
> of the effective key space (e.g. permutation of the subkeys or
> the S-boxes).
But won't these variants of DES just be in the same vain as AES? BTW I
would tend to believe ciphers like RC6/Twofish/Serpent as way more
securer [i.e harder to attack] then 3DES. So in the long run, you can
still use a 64 bit block cipher like RC5/CAST or SAFER-SK, but if you
want a larger keyspace [why not?] or bigger block size...
Tom
--
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: GSM A5/1 Encryption
Date: 7 Apr 2000 10:53:44 +0200
In article <8cichn$eaj$[EMAIL PROTECTED]>,
David A. Wagner <[EMAIL PROTECTED]> wrote:
> In article <8ci8mg$hv6$[EMAIL PROTECTED]>,
> Paul Schlyter <[EMAIL PROTECTED]> wrote:
>> Even if the GSM transmission wasn't encrypted at all, it would still
>> be secure against the former, [..]
>
> Right. Digital scanners aren't readily available today.
>
>> [..] since pretty sophisitcated equipment
>> will be required to even distinguish one particular GSM conversation
>> from all the others occurring at the same frequency. No scanner
>> available at Radio Shack will be able to do that.
>
> I think that's optimistic. After all, your already phone does it!
It does -- in a controlled way: you can connect to the GSM network
and make phone calls. But the phone is not designed to eavesdrop on
other phone calls in progress -- it is designed to wait for free
frequency bands, and free time slots within the frequency bands. If it
doesn't find any, it'll tell you the GSM net is too busy.
To mod
Cryptography-Digest Digest #507
Cryptography-Digest Digest #507, Volume #9Thu, 6 May 99 11:13:03 EDT
Contents:
Re: Shamir's TWINKLE Factoring Machine (Damian Weber)
Re: Some thoughts on Diffusion (wtshaw)
Recommended RSA lengths (was: Re: Shamir's Discover) (Peter L. Montgomery)
Re: Roulettes (Mok-Kong Shen)
Re: Roulettes (Mok-Kong Shen)
Re: Roulettes ("Lassi Hippeläinen")
Re: Shamir's TWINKLE Factoring Machine (Damian Weber)
Re: True Randomness & The Law Of Large Numbers (R. Knauer)
Random permutation (Mok-Kong Shen)
Re: Roulettes (Mok-Kong Shen)
Re: Roulettes (Terje Mathisen)
Re: Discrete Logarithm Question (Emmanuel BRESSON)
Re: The simplest to understand and as secure as it gets. ([EMAIL PROTECTED])
Re: Obvious flaws in cipher design (Lincoln Yeoh)
Re: Commercial PGP for Linux? (Bernie Cosell)
From: [EMAIL PROTECTED] (Damian Weber)
Subject: Re: Shamir's TWINKLE Factoring Machine
Date: 6 May 1999 11:27:23 GMT
In article <7gqe2g$b5k$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] writes:
>
> Thanks for the info, btw where could someone (maybe I :) ) find info on the
> details of factoring a RSA number or a Discrete log?
In the ASIACRYPT'96 proceedings you'll find the RSA-130
factorization.
In the CRYPTO'98 proceedings you'll find the solution
of McCurley's DL-challenge.
-- Damian
--
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Some thoughts on Diffusion
Date: Thu, 06 May 1999 05:19:14 -0600
In article <[EMAIL PROTECTED]>, Piso Mojado <[EMAIL PROTECTED]> wrote:
> Malcolm Herring wrote:
> >
> > Surely diffusion says nothing at all about the security of an algorithm.
>
> Block ciphers are not provably secure, but they all have diffusion.
My GVA does not have it; as a block cipher, according to my broad
definition, it does not need it.
> If you would belittle diffusion, what would you propose as a trait
> that says something about security?
That's easy: that you can't hack the ciphertext at all, known text attacks
don't work as the algorithm fails to cooperate. Of course, this creature
of mine is really strange according to popular prejudices.
>
>
> One can create bad ciphers easily. All of the good ones have diffusion.
The common strategies so popular for the *good ones* group them ready for
a common means of breaking.
> I have heard your kind of comments before, but they are not
> persuasive. All 15 AES candidates have diffusion. If someone
> made an AES candidate without diffusion, it would be rejected
> immediately. It is a requirement. It is so basic that sophisticated
> people want it to be called trivial and unimportant, but they
> are mistaken. Conservative ciphers have more diffusion then ones
> which emphasize speed to excess.
Diffusion can be added to any cipher, but if not necessary, why bother?
No, to prove to me that diffusion is important, you should be able to
easily attack a cipher that does not use it. Here's is guessing that you
won't try. You could not succeed anyway if I made the choice of cipher.
>
> Sophisticated people such as yourself would overlook the
> requirement for diffusion, and look to Authority to fail to
> break the cipher. Thinking designers, provide diffusion with
> emphasis on plenty of diffusion, as well as other traits.
Ah, the surface details, how superficial! The only measure of valid
measure of security is resistance to recovering the key. As the world of
slight-security crypto continues to crumble, remember there is an
alternative effective technology. Too bad that it is so simple to
understand; and so difficult to envision attacking at all.
And, you need to think quantum leaps ahead to deliver yourself from all
the mudfights over marginal increases in security.
--
What's HOT: Honesty, Openness, Truth
What's Not: FUD--fear, uncertainty, doubt
--
From: [EMAIL PROTECTED] (Peter L. Montgomery)
Subject: Recommended RSA lengths (was: Re: Shamir's Discover)
Date: Wed, 5 May 1999 07:46:45 GMT
In article <7gnsm8$316$[EMAIL PROTECTED]>
SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> writes:
> I wonder if any one has been smart enough to see how rapidly
>RSA key lengths have been increasing over the last few year to
>be safe. All one gets to read about is that key lenght of X can
>be found in Y time but keys of X+N are safe till the sun burns
>out. But it seems that new methods are found every year so it
>seems reasonable that newer methods will be found in just a few short
>years but the articles just replace the old X+N with a new value
>for X and never mention a few years ago it was safe forever.
>Are there any plots based on this kind of projection.
Cryptography-Digest Digest #507
Cryptography-Digest Digest #507, Volume #10 Thu, 4 Nov 99 18:13:03 EST
Contents:
Re: questions about twofish ("Adam Durana")
Re: Interesting LFSR (Medical Electronics Lab)
Re: "Risks of Relying on Cryptography," Oct 99 CACM "Inside Risks" column
([EMAIL PROTECTED])
Bit/byte orientation in SHA-1 (JohnSmith)
Re: Build your own one-on-one compressor (Mok-Kong Shen)
Re: Q: Removal of bias (Mok-Kong Shen)
Re: Build your own one-on-one compressor (SCOTT19U.ZIP_GUY)
Re: Build your own one-on-one compressor (SCOTT19U.ZIP_GUY)
Data Scrambling references ("Larry Mackey")
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: questions about twofish
Date: Thu, 4 Nov 1999 12:56:22 -0500
> In counterpane's optimized twofish, there are different options you can
> choose during compilation like zero, partial, or full key.
> First,
> What are the advantage/dis-advantages.
> Do they affect security, or is it just a memory/speed trade-off.
>From what I understand Twofish is able to spend more time on the key
generating process and in return you get faster encryption times. In
different cases you would want to spend more time on the key generating
process, e.g., you are encrypting several big files with the same key. In
other cases you would want to spend no time on generating keys, e.g., the
key you are using changes a lot and you are encrypting small chunks of data.
I would guess, 'zero' means spend no time on generating keys, 'partial'
means spend some time, and 'full' means generate all the keys.
>
> Second,
> What's the difference between using the 192 bit key option, and using
> the 256 bit key option with 64 bits zeroized (both still have same key
> space).
I really have no idea. Only thing I could see being a problem is if someone
is trying to brute force your key, they could be testing keys in such a way
that it approaches 192bits + 64 bits zeroed. And if it isn't found in
192bits + 64 bits zeroed they just continue on to 256bits. So if they did
find the key in 192bits + 64 bits zeroed they only had to test 2^192 keys
and not 2^256 keys. But it would look as if it was encrypted using a 256bit
key, but since you know the workings of the algorithm used you could test
all the 2^192 keys with 64 bits zeroed first, just incase someone did
encrypt using 192bits + 64bits zeroed.
But you probably know more about Twofish than I do. I was hoping you would
get a response from someone who knew for sure, but seeing how you did not
get a good response (Hi Tom!), I decided to take a chance. I hope it helps.
-- Adam
--
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: Interesting LFSR
Date: Thu, 04 Nov 1999 12:14:58 -0600
David Wagner wrote:
>
> Why not just run it backward, keeping track of the _set_ of all possible
> states? If you implement it, I strongly suspect you will find that this
> set usually stays very small.
The number of sets should grow like the (number of rounds) * (number
of duplicate entries)/128. If there are only a few duplicates, it
should run backwards easily.
> (Sometimes some states have multiple predecessors, which grows the set,
> but also some states have no predecessors, which shrinks the set, and the
> two effects are expected to cancel each other out almost exactly. I'll
> omit the mathematical calculations.)
>
> Worth a try...
Definitly! If there's only 128 rounds, you'll only expect to see
(number of duplicates) sets, which should be pretty easy to keep
track of.
Patience, persistence, truth,
Dr. mike
--
From: [EMAIL PROTECTED]
Subject: Re: "Risks of Relying on Cryptography," Oct 99 CACM "Inside Risks" column
Date: Thu, 04 Nov 1999 18:45:46 GMT
In article <[EMAIL PROTECTED]>,
"Trevor Jackson, III" <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
>>Maybe I trust rot13. I encrypt my message with it and send it to you.
>>Your email client does not know anything about rot13 - it downloads
>>its code and successfully decrypts my message. It is my message and
>>if I chose a bad cipher it is my problem; you will always be able to
>read any message you receive.
>
>I disagree. It is OUR conversation. Since I expect you to refer,
>implicitly and explicitly, to the contents of the messages I send,
>which contents I intend to keep private, I have a vested interest in
>the security of the messages you send.
You are right.
My goal was to avoid the need for a priori negotiation at the email
level. I don't see a very good solution.
(...)
>>>> In a networked world third parties are a fact of life.
>>>
>
