Cryptography-Digest Digest #560
Cryptography-Digest Digest #560, Volume #14 Fri, 8 Jun 01 01:13:00 EDT Contents: Re: Any Informed Opinions? (Bob Silverman) Re: Knapsack security??? Ahhuh (rosi) Re: Any Informed Opinions? (Jeffrey Walton) Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes (sisi jojo) What is a skeleton book? (John A. Malley) Re: Best, Strongest Algorithm (gone from any reasonable topic) (John A. Malley) Re: Notion of perfect secrecy (SCOTT19U.ZIP_GUY) Re: Simple C crypto (Dirk Bruere) Re: Any Informed Opinions? (Dirk Bruere) Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes (SCOTT19U.ZIP_GUY) Re: MD5 for random number generation? (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler) Re: What is a skeleton book? (Robert J. Kolker) Re: Best, Strongest Algorithm (gone from any reasonable topic) (JPeschel) From: [EMAIL PROTECTED] (Bob Silverman) Subject: Re: Any Informed Opinions? Date: 7 Jun 2001 20:04:03 -0700 Robert J. Kolker [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Does anyone have informed opinions on what influence quantum computing will have on cryptography and cryptanalysis? I have such an opinion. Qbits are alive and real. It remains to be seen if genuine computers can be made from them. You just stated my opinion. Does anyone remember when wafers were going to be a panacea to technology limitations? Ditto for Josephson Junctions or Room temperature superconductors or Gallium Arsenide?? -- From: rosi [EMAIL PROTECTED] Subject: Re: Knapsack security??? Ahhuh Date: Fri, 8 Jun 2001 00:21:58 -0400 Dear John, Thank you for the reply. I will perhaps never know why you think I am taunting you. But if you do, whether it is really due to me, I apologize. Merc42 asked in pretty general terms about the knapsack problem and you seem eager to know. I offered to share information. Is this fair? First, I do not know how far we can go. The requirement for basic knowledge will still apply. Without that, we can get stuck anywhere. So, is it a go? I think it is only fair that I give you enough information on what is ahead. I have some simple stuff, from which I would like to see if certain things are as trivial as I seem to see. So I give the best shot I can fire and would like you to help me. I will put forth two quite non-technical questions, which do not require definitive answers (or in other words, what answers come back is not that important). There is one technical issue I would appreciate it if you could share your thoughts with us, but that is not really expected. It is up to you. The issue is to prove from what I give you that P != NP. (Hope you are still in your chair if you were:). Checked, I am still in mine) Please do not be alarmed. It should be simple. Ideas about both the two questions and the P!=NP issue can be formed in your head by simply ‘staring at’ a construction I give you for a few minutes. I am not saying that you may come up with all the boring details of a proof after reading and thinking about it for a few minutes. I mean that you can get the sense of it. So you now may see that I am not in NTRU, not just because I have nothing to do with NTRU. What I want is to complete the sentence about THE whole issue and put a small fullstop to it. Simple enough? I caution that I am not interested in other way of proving this time and you may not use the material on P!=NP for the past couple of years (should there have been any). Of course, you can prove (or even disprove) P!=NP in any way, but I am only interested in a result from the construction I give you. You may comment on other related things and virtually anything that you feel relevant. Clear? If you need, I can help in a very limited way, such as telling you the few alphabetical letters summing up a proof. There are more than one way to prove, I believe. As long as a proof is based on the construction, you can use any technique. I think, I can go even more specific on the two questions. I will give you two statements about the construction. Both are lies, obvious lies. What I want you to help is to comment on the two lies. In particular, I hope you point out why they are lies and more interestingly, in my opinion, is that you see that even they are lies, they are practically valid. (Be aware, that I did not say that a proof will have such kind of lies, or any lies, in it) You do not have to say what I expect you to say
Cryptography-Digest Digest #560
Cryptography-Digest Digest #560, Volume #13 Fri, 26 Jan 01 16:13:01 EST Contents: Re: Dynamic Transposition Revisited (long) (AllanW) Re: What do you do with broken crypto hardware? (David Schwartz) Re: What do you do with broken crypto hardware? (David Schwartz) Re: Dynamic Transposition Revisited (long) (AllanW) Re: Paranoia (William Hugh Murray) Re: Encryption Program (Richard Heathfield) Re: Q: File Extension .$#! - Which Encryption Program?!? (Jim Gillogly) Re: History Question: signatures in nuclear test ban verification? (Doug Stell) Re: Dynamic Transposition Revisited (long) (Richard Heathfield) Re: Encryption Program ("Joseph Ashwood") Re: Steak Stream Cipher ([EMAIL PROTECTED]) Re: Dynamic Transposition Revisited (long) (John Savard) Re: Dynamic Transposition Revisited (long) (John Savard) Re: Dynamic Transposition Revisited (long) (John Savard) Re: Dynamic Transposition Revisited (long) (John Savard) Re: Random stream testing. (long) ("Paul Pires") Re: Q: File Extension .$#! - Which Encryption Program?!? (Thomas Propst) From: AllanW [EMAIL PROTECTED] Subject: Re: Dynamic Transposition Revisited (long) Date: Fri, 26 Jan 2001 20:04:24 GMT "Matt Timmermans" [EMAIL PROTECTED] wrote: In all likelyhood, that would be a very practical generator for OTP keys, and it would be reasonably easy to purposely underestimate the amount of entropy you're getting. If you want proof, though, you should do something different. For instance: Generate a photon, and polarize it vertically. Then measure its polarization at 45 degrees from the vertical. Repeat. By measuring the transparency of your optics, the sensitivity of your photomultipliers, and the orientation of your polarizers, you can place a very confident lower bound on the rate of real randomness. I think I missed one of my classes when I learned programming. Could you please show me the code corresponding to "generate a photon?" Use any well-known computer language -- ADA, APL, BASIC, C, C++, COBOL, FORTRAN, PASCAL -- whatever you feel comfortable with. I just need to see the basic algorithm for "generate a photon." Wait, I think I see a photon now -- no, it's gone. I probably just imagined it. -- [EMAIL PROTECTED] is a "Spam Magnet," never read. Please reply in newsgroups only, sorry. Sent via Deja.com http://www.deja.com/ -- From: David Schwartz [EMAIL PROTECTED] Subject: Re: What do you do with broken crypto hardware? Date: Fri, 26 Jan 2001 12:19:48 -0800 Nicol So wrote: I'm not familiar with your application, but it sounds dangerous if the application host is completely insecure. Besides preventing someone from extracting secrets from the security module, don't you want to control how the module's functions are exercised, and who can exercise it? I suspect that you need to provide some level of security to the host anyway. I think you're missing the entire point of having a secure module. The point of the module is to isolate failures. That is, with a secure module, the worst case scenario for a compromised host is supposed to be that they can perform encryptions and decryptions for as long as the host is compromised. If the keys themselves are accessible through a compromised host, then a compromised host equals a compromised key. That defeats the purpose of having the module. Let's assume that the encrypted keys are fairly well protected so that there's a low but non-zero probability that an adversary can get to it, but without physical access it is impossible to extract the secrets from the security module. For adversaries coming in from a network, their lives are not made easier. For insiders such as bad admins, their attacks are not made harder, but not easier either. For the module manufacturer as an adversary, who's best positioned to defeat/bypass the module's physical security, they now have an additional barrier to overcome. That may be an improvement. That's a big step down in security from what the module is supposed to provide. DS -- From: David Schwartz [EMAIL PROTECTED] Subject: Re: What do you do with broken crypto hardware? Date: Fri, 26 Jan 2001 12:17:11 -0800 Paul Rubin wrote: This doesn't make sense--the whole point of the tamper resistant module is to securely store keys internally. Any keys stored outside the module are vulnerable to copying and therefore must be encrypted; but then in order to load them into the module, the decryption key must be stored inside the module. So if the module is sent back to the manufacturer, all the keys are potentially compromised. Yes, you can't have it both ways. If the module can decrypt the keys, then you're not safe from anyone who has both the module and the encrypte
Cryptography-Digest Digest #560
Cryptography-Digest Digest #560, Volume #12 Tue, 29 Aug 00 00:13:01 EDT Contents: Re: secrets and lies in stores (S. T. L.) Re: Pencil and paper cipher (Benjamin Goldberg) Re: could someone post public key that is tempered ? (Nick Andriash) Re: PGP 6.5.8 test: That's NOT enough !!! ([EMAIL PROTECTED]) Re: Future computing power ([EMAIL PROTECTED]) Re: 96-bit LFSR needed (Mack) Re: 4x4 s-boxes (Mack) Re: Pencil and paper cipher (Jim Gillogly) Re: secrets and lies in stores (David A Molnar) Re: Blowfish question (and others) (David A Molnar) From: [EMAIL PROTECTED] (S. T. L.) Subject: Re: secrets and lies in stores Date: 29 Aug 2000 02:16:04 GMT It is a hard book to read in the sense that it makes the point, and then mostly backs it up, that cryptography is hardly relevant. Sounds like a stupid book. If you have a secret, then you'll want to hide it. And cryptography is a good way to hide it. You can debate how good good is, but it's better than nothing. You can't deny that cryptography slows down attackers, just like you can't deny that locks slow down robbers. And you can't deny that people have secrets to keep. They always have, and they always will. Stupid book. -*---*--- S.T.L. My Quotes Page * http://quote.cjb.net * leads to my NEW site. My upgraded Book Reviews Page: * http://sciencebook.cjb.net * Optimized pngcrush executable now on my Download page! Long live pngcrush! :- -- From: Benjamin Goldberg [EMAIL PROTECTED] Subject: Re: Pencil and paper cipher Date: Tue, 29 Aug 2000 02:51:07 GMT Jim Gillogly wrote: Benjamin Goldberg wrote: Split the alphabet into 4 words, length 3, 5, 7, 11: AFN GTJIK DOSPEQB ULVHWMXRYCZ Now, multi-encipher the message using Vernam's method, using each string as a seperate key: ThisI sTheP laint extIH opeTh atItI sUnde ciphe rable AFNAF NAFNA FNAFN AFNAF NAFNA FNAFN AFNAF NAFNA FNAFN GTJIK GTJIK GTJIK GTJIK GTJIK GTJIK GTJIK GTJIK GTJIK DOSPE QBDOS PEQBD OSPEQ BDOSP EQBDO SPEQB DOSPE QBDOS ULVHW MXRYC ZULVH WMXRY CZULV HWMXR YCZUL VHWMX RYCZU - QLDAM WCXMS GYEJV TPKKS TPKML CUOLQ DDXGW IBNAG KTYIC How would one break this cipher, and is a computer needed? A known plaintext attack would need no more than 26 letters: express each ciphertext letter as the sum of the 3 letters in each column and the plaintext, and you have 26 independent equations in 26 unknowns. I didn't check to see if you're changing it based on upper/lower case, but that's just a few more known plaintext letters. Should be dead simple. Where do you get THREE letters plus the plaintext? Do you have problems counting to 4? While it is true that there are an equal number of unknowns and equations, this does NOT necessarily yield a unique solution for the unknowns, *especially* with integers under a modulo. Consider for a moment the matrix of just the cooeficients, and ignore the last column, which would contain the values of ciphertext minus plaintext. We then have a 26x26 matrix, which we are trying to invert, using integers modulo 26. How do you know that this matrix isn't singular? If the determinant is either even or 13, it won't be fully invertable. Is the probability of this more than or less than 14/26? Also, keeping in mind that we're not supposed to ever re-use a key, known plaintext is only useful if we know part of the plaintext, but not the rest of it. How often (in what kind of situations) will we know 26 letters of a message, but not the rest of it? If you really use words for your key, then a dictionary search also works. Actually, phrases work just as well or better. A couplet from your favorite piece of poetry should be pretty good, and a dictionary isn't likely to help. Ciphertext-only should also be possible, but more tedious. Please tell me how. This is really what I wanted in the first place, actually. -- ... perfection has been reached not when there is nothing left to add, but when there is nothing left to take away. (from RFC 1925) -- Crossposted-To: alt.security.pgp,comp.security.pgp.discuss Subject: Re: could someone post public key that is tempered ? From: [EMAIL PROTECTED] (Nick Andriash) Date: Tue, 29 Aug 2000 02:53:31 GMT =BEGIN PGP SIGNED MESSAGE= Hash: SHA1 [EMAIL PROTECTED] (jungle) wrote in [EMAIL PROTECTED]: thanks doug ... but it is wrong ... PGP has no problem to indicate to me that Bill Clinton key has ADK in it ... the question is open : could someone post public key that is tempered pgp will not detect it ? What version of PGP are you using? If you are using 6.5.8, PGP will not detect the ADK... thus not detect a hacked Public Key. But, perhaps I do not fully understand what you are after, and if that is the case, I apologise. - -- Nick N.J. Andriash
Cryptography-Digest Digest #560
Cryptography-Digest Digest #560, Volume #11 Sun, 16 Apr 00 21:13:01 EDT Contents: Re: Why is this algorithm insecure? (Newbie flamefodder) (stanislav shalunov) Re: GOST idea (Tom St Denis) Re: Why encrypt email... (Jerry Park) Re: Encrypt the signature? ("Scott Fluhrer") Re: One Time Pads Redux ("Joseph Ashwood") Re: Why is this algorithm insecure? (Newbie flamefodder) (NFN NMI L.) Re: Why is this algorithm insecure? (Newbie flamefodder) (David Hopwood) Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don't let him in ..." ("PJS") Re: Why encrypt email... ("Joseph Ashwood") Re: new Echelon article ([EMAIL PROTECTED]) Re: Encode Book? (greenjh) Re: One Time Pads Redux ("Trevor L. Jackson, III") Re: My STRONG data encryption algorithm ("Trevor L. Jackson, III") Re: My STRONG data encryption algorithm (Tom St Denis) Re: Why is this algorithm insecure? (Newbie flamefodder) ("Trevor L. Jackson, III") Re: Why encrypt email... (Guy Macon) Subject: Re: Why is this algorithm insecure? (Newbie flamefodder) From: stanislav shalunov [EMAIL PROTECTED] Date: Sun, 16 Apr 2000 22:38:12 GMT Richard Heathfield [EMAIL PROTECTED] writes: or make Alice send some chosen plaintext). Skulduggery? Surely not! :-) Many protocols would echo whatever Bob sends (or pieces of it). Mallory could pretent to be Bob in the end of the transaction and decrypt everything that happened before. That's worrying. I'll try to crack it on that basis to see if you're correct. If I understood your description correctly, if you encrypt two messages of the same length with the same key, XOR or the two ciphertexts is the same as XOR of plaintexts. That reveals way too much information about plaintexts. The task of brute-forcing 2^128 different keys is out of reach for any known adversary. But wasn't it done recently? No. If I am not mistaken, the largest publicly known brute-force attacks are against 56-bit keys. It's probably true that 64-bit keys can be brute-forced today by well-equipped adversaries (governments of large countries or many co-operating users on the Internet). But 2^128 is well out of reach by today's standards. Computing based on new physical principles would be required to brute-force that. You might be confusing this with something like RSA-512 challenge. RSA isn't a symmetric cryptosystem. Is it worth persevering with this algorithm, but adding partial rotations and partial XORing, as another poster suggested? For fun and to learn--sure. But even for fun you could try different (more traditional) designs, such as a block cipher based on Feistel networks. It'll usually be faster, won't require loading of the complete plaintext into memory, and will possibly be more secure. Feistel networks are described in _Applied Cryptography_ by Bruce Schneier, 2nd edition (a must-have first book for anyone plaining with inventing or implementing cryptosystems). They've been described in this newsgroup before numerous times. -- stanislav shalunov | Speaking only for myself. My address in From: is correct; if yours isn't, I don't want to hear from you. Try to reply in newsgroup. I don't need courtesy copies. -- From: Tom St Denis [EMAIL PROTECTED] Subject: Re: GOST idea Date: Sun, 16 Apr 2000 22:39:34 GMT Tom St Denis wrote: Mok-Kong Shen wrote: Tom St Denis wrote: Well my idea cannot technically be any worse then before since F(x) 2x^2 + x is a permutation in GF(2^w). Another balanced approach would be todo this Could you explain why a permutation doesn't affect the avalanche? Thanks. No the permutation cannot hinder the avalanche. It in fact increases the avalanche. That's too vague, sorry. It can't hinder it in this case since the S function is simply a permutation itself. And since the quadratic used is a permutation it has no bias towards any particular value. It's like doing F(x) = S(x + c), For any constant 'c'. You are just changing the order of the outputs, not the properties of S() itself. Tom -- From: Jerry Park [EMAIL PROTECTED] Subject: Re: Why encrypt email... Date: Sun, 16 Apr 2000 17:48:33 -0500 David Crick wrote: [EMAIL PROTECTED] wrote: Hi, I am doing a paper on email encryption and I have two theories: 1) The level of encryption depends on the information being encrypted. Only in military and government systems. Much email is non-sensitive info so encryption is not used. There is no reason why you should not encrypt everything. (The speed issue with modern hardware and ciphers no longer is an issue. There are also enough free and tested algorithms so that patent issues, etc. are not an issue.) At other times, like for medica
Cryptography-Digest Digest #560
Cryptography-Digest Digest #560, Volume #10 Fri, 12 Nov 99 22:13:03 EST Contents: Re: ENCRYPTOR 4.0 crack DEMO -error ([EMAIL PROTECTED]) Re: Proposal: Inexpensive Method of "True Random Data" Generation (Nicolas Bray) Re: Proposal: Inexpensive Method of "True Random Data" Generation ("james d. hunter") Re: Public Key w/o RSA? (DJohn37050) Re: smartcard idea? (Mok-Kong Shen) Re: Build your own one-on-one compressor (SCOTT19U.ZIP_GUY) Re: Build your own one-on-one compressor (SCOTT19U.ZIP_GUY) Re: Public Key w/o RSA? (David A Molnar) From: [EMAIL PROTECTED] Subject: Re: ENCRYPTOR 4.0 crack DEMO -error Date: Fri, 12 Nov 1999 21:25:52 GMT a.txt.enc (ciphertext) : B5 88 CA 91 9F B4 E5 74 9F 25 EB AD F0 94 64 8F A9 D6 C1 91 A0 B0 82 83 79 C3 D8 A1 64 5A AC 35 2C 9D I XOR this ciphertext with the output of the stream cipher, it gives : This is j test message RYRYRYRY I said I XOR the ciphertext ... it's wrong i wanted to said I SUBSTRACT the ciphertext with the output of the stream cipher Alexander Sent via Deja.com http://www.deja.com/ Before you buy. -- From: Nicolas Bray [EMAIL PROTECTED] Crossposted-To: sci.math,sci.misc,sci.physics Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation Date: Fri, 12 Nov 1999 13:54:56 -0800 On Thu, 11 Nov 1999, james d. hunter wrote: He's some sort of engineer with a scientist complex. No reason to get insulting. If I had "scientist" complex I won't know anything probabilty theory. But since I'm an engineer, I do something about probabilty and statistics. Well, John Baez is a well respected mathematical physicist. You called him an idiot. I'd say you most definitely have a scientist complex. -- From: "james d. hunter" [EMAIL PROTECTED] Crossposted-To: sci.math,sci.misc,sci.physics Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation Date: Fri, 12 Nov 1999 17:30:04 -0500 Reply-To: [EMAIL PROTECTED] Coen Visser wrote: "james d. hunter" wrote: And you have to consider the limits of computers if you want your model to behave correctly. What makes you that computers have limits? Does "Halting problem" ring a bell? No. Because the "Halting problem" is a mathematical problem, it's not a computer problem, it never was. The fact that "scientists" sometimes misuse the concept of limit. That's just philosophy that gets plowed under as technology advances. I'd really love to see them plow under the "Year 2000 problem" with technological advances. A typical example of non-existing limits; just add some memory, that will solve it. After that one is gone they may The legal profession plowed that baby about five years ago, where've you been? plow under the software crisis, with its 25-50% failed software projects. Using just faster computers software will finally be delivered on time and on budget. Let's tackle long range weather forecasting and climate modelling. Even the tiniest difference between our model and the real world and the two will diverge before you can say: "we need infinite precision so we can calculate with *real* real numbers." No you don't need infinite precision. Somebody decided 2000 years ago that it would be convenient if really, really, really, real numbers existed, and humans have been imagining that really, really really, real and really, really, really imaginary numbers existed ever since. I take it you are not a (theoretical) computer scientist. Yes, that's correct. Theoretical computer scientists are mostly philosophers also, since very little of what they do concerns computers or science. I see. Shall we quit this thread? Yes. -- From: [EMAIL PROTECTED] (DJohn37050) Subject: Re: Public Key w/o RSA? Date: 12 Nov 1999 23:03:00 GMT ECC can be used to provide encrytion and does so in ANSI X9.63 and is in IEEE P1363a draft. The methods there are based on ECIES formatting by Bellare and Rogaway. It is true that the "natural" function for ECC is key agreement and the "natural" function for RSA is encryption, but that does not mean ECC cannot be used to do encryption or that RSA cannot be used to do key agreement. In some sense they both have equal public key magic. RSA sig ver is only fast if the public exponent is low, there are some indications that using a low exponent may not be equivalent to factoring. See Dan Boneh's web page for a paper on this. Don Johnson -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: smartcard idea? Date: Fri, 12 Nov 1999 23:24:26 +0100 Craig Inglis schrieb: I wonder what it
Cryptography-Digest Digest #560
Cryptography-Digest Digest #560, Volume #9 Tue, 18 May 99 13:13:03 EDT Contents: Re: Fractal encryption (David A Molnar) Re: True Randomness The Law Of Large Numbers (R. Knauer) Re: prime numbers and the multplicative inverse ([EMAIL PROTECTED]) Re: Can Somebody Verify My DES execution? (Matthias Bruestle) Re: AES (Bruce Schneier) Re: BEST ADAPTIVE HUFFMAN COMPRESSION FOR CRYPTO (SCOTT19U.ZIP_GUY) Re: Need a simple encryption/decryption algorithm (Russell Harper) Re: prime numbers and the multplicative inverse (Bob Silverman) Re: Computer-generated random numbers (was Re: Magic) (John Savard) Re: where can i find a frequency list? (John Savard) Re: Can Somebody Verify My DES execution? ([EMAIL PROTECTED]) SV: prime numbers and the multplicative inverse ("Claes Gunn Irene") Re: Mandlebrot transform (John Savard) Re: Can Somebody Verify My DES execution? (Robert G. Durnal) From: David A Molnar [EMAIL PROTECTED] Subject: Re: Fractal encryption Date: 18 May 1999 05:25:44 GMT Lysergide [EMAIL PROTECTED] wrote: i have been searching the www and newsgroups for technical information/papers/methods etc about fractal encryption and ways of making an excryption algorithm from fractal formulae, can anyone help me out with some information/papers etc on fractal encryption, or any urls that anyone may know of. (as i cant seem to find any that are of any benefit, and have been looking for over 3 months!) thankyou :) Will steganography do for a start? I found this reference : Paul Davern, Michael Scott. Fractal Based Image Steganography, i Information hiding: first international workshop, Cambridge, UK. Springer Lecture Notes. No. 1174 1996. pp. 279-294. from http://www.jjtc.com/Steganography/bib/309.htm and the University of Waterloo has a really short blurb about using fractal representations for compression and error-correcting codes. Maybe you could apply similar constructions to info-theoretic security and/or secret sharing ? -David -- From: [EMAIL PROTECTED] (R. Knauer) Subject: Re: True Randomness The Law Of Large Numbers Date: Tue, 18 May 1999 12:10:14 GMT Reply-To: [EMAIL PROTECTED] On Sun, 16 May 1999 11:00:35 -0400, [EMAIL PROTECTED] wrote: "The frequency concept based on the limiting frequency as the number of trials increases to infinity does not contribute anything to substantiate the application of the results of probability theory to real practical problems where we always have to deal with a finite number of trials." --Kolmogorov (quoted in Li Vitanyi, p. 55) This is a matter of opinion not science. And he's wrong. I just love this! Usenet Twats taking on the giants of mathematics. Such utter arrogance is unsurpassed anywhere else in the history of science. "We shall encounter theoretical conclusions which not only are unexpected but actually come as a shock to intuition and common sense. They will reveal that commonly accepted notions concerning chance fluctuations are without foundation and that the implications of the law of large numbers are widely misconstrued. For example, in various applications it is assumed that observations on an individual coin-tossing game during a long time interval will yield the same statistical characteristics as the observation of the results of a huge number of independent games at one given instant. This is not so. Indeed, using a currently popular jargon we reach the conclusion that in a population of normal coins the majority is necessarily maladjusted." --Feller, p. 67. Shock value. Exaggeration in order to provide drama. It works for books just as it does for TV shows and movies. But we only expect 10-year-olds to be taken in by these techniques. LOL Grow up. You grow up. plonk Bob Knauer "There is much to be said in favour of modern journalism. By giving us the opinions of the uneducated, it keeps us in touch with the ignorance of the community." -- Oscar Wilde -- Date: Tue, 18 May 1999 07:31:45 -0400 From: [EMAIL PROTECTED] Subject: Re: prime numbers and the multplicative inverse [EMAIL PROTECTED] wrote: I haven't been able to find an answer to this question. Why does IDEA use a prime field for it's multiplication? Does the field need to be prime to have a multiplicative inverse? Prime fields have multiplicative multiplicative inverses. I.e., the inverse operation is multiplication by another value rather than division by the orginal multiplier. -- From: [EMAIL PROTECTED] (Matthias Bruestle) Subject: Re: Can Somebody Verify My DES execution? Date: Tue, 18 May 1999 12:31:17 GMT Mahlzeit I have a similar question: Are there test vectors for wrong implementations? E.g. "You got this vector, so you did not convert this into the correct en