Cryptography-Digest Digest #596
Cryptography-Digest Digest #596, Volume #14 Tue, 12 Jun 01 14:13:01 EDT
Contents:
Timer chip (HyperCube)
Re: Simple Crypto II, the public key... (Anton Stiglic)
Re: BigNum Question ("Harris Georgiou")
Re: Alice and Bob Speak MooJoo (Zonn)
Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Tim Tyler)
Re: Discrete Logarithm ("Douglas A. Gwyn")
Re: Humor, "I Must be a Threat to National Security" ("Douglas A. Gwyn")
Re: Publication violation notice ("Douglas A. Gwyn")
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and ("Douglas
A. Gwyn")
Re: Free Triple DES Source code is needed. (Mark Wooding)
Re: Lookup table for DH's prime P? (Mark Wooding)
Re: Alice and Bob Speak MooJoo ([EMAIL PROTECTED])
Re: IV (Tim Tyler)
Re: One last bijection question (Tim Tyler)
Re: Lookup table for DH's prime P? (Mark Wooding)
Re: IV ([EMAIL PROTECTED])
Re: Lookup table for DH's prime P? ("Neil Couture")
Re: Timer chip (Paul Rubin)
Re: National Security Nightmare? (Jim D)
Date: Tue, 12 Jun 2001 18:19:41 +0200
From: HyperCube <[EMAIL PROTECTED]>
Subject: Timer chip
Hi folks, I heard there's a way to directly access the processor's or
board's timer chip by reading out a special register or memory address.
This bypasses the common timer interrupt and should give a resolution in
times of nano-seconds(!?), of course well suited for random number
generation. Does anybody know how it is done (I mean how it is really
done, in detail)? Thanks a lot.
--
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Simple Crypto II, the public key...
Date: Tue, 12 Jun 2001 12:24:25 -0400
Phil Carmody wrote:
>
> OK, is there an asymmetric equivalent to the symmetric
>
> while(c=getchar()!=EOF) putchar(c^k);
Do you want something that is secure, or just something you
can do in a while loop, encrypting little chunks at a time?
If you want something secure, you can look at Goldwasser-Micali
probabilistic encryption scheme, it works like this:
choose two large primes, compute n = p*q (like in RSA).
Choose a pseudo-sqaure, y, mod n. y is a pseudo-square mod n
if Legender symbol (y,n) = 1 but y is a non-quadratic residue.
See Handbook of Applied crypto for algorithms to compute the
Lengender symbol given the factorization of n.
This is the end of the complicated part.
n, y is the public key, private key is the factors of n.
To encrypt a message m, represent it in binary m[1]m[2]...m[t]
Then:
for (i = 1; i <= t; i++) {
Pick random x \in [1, n];
if (m[i] == 1) {
c[i] = y*x^2 % n;
}
else {
c[i] = x^2 % n;
}
}
return the array c;
Of course, you can transform the above into an algo that encryptes
char by char using getchar...
Decryption is:
for (i = 1; i <= t; i++) {
e = Legender Symbol (c[i], n)
/* there exist algorithms to compute the above,
given knowledge of the factorization of n */
if (e == 1) {
m[i] = 0;
}
else {
m[i] = 1;
}
}
return the array m;
--Anton
--
From: "Harris Georgiou" <[EMAIL PROTECTED]>
Subject: Re: BigNum Question
Date: Tue, 12 Jun 2001 15:55:36 +0300
Ï Tim Tyler <[EMAIL PROTECTED]> Ýãñáøå óôï ìÞíõìá óõæÞôçóçò:
[EMAIL PROTECTED]
> Harris Georgiou <[EMAIL PROTECTED]> wrote:
> : Ï Tim Tyler <[EMAIL PROTECTED]> Ýãñáøå óôï ìÞíõìá óõæÞôçóçò:
>
> If there's a problem with Java's cryptography stuff, it seems to be that
> these classes are immutable, so there's no way of deleting objects - you
> can only null them, and wait for the garbage collector to clean
> up afterwards.
Not true. Of course garbage collector is there to free the programmer of
several "boring" lines of cleanup code, but there are always functions to
actually delete any object on call. Try Runtime.gc() and destroy() and
delete() methods in various objects.
--
Harris
- 'Malo e lelei ki he pongipongi!'
--
From: Zonn <[EMAIL PROTECTED]>
Subject: Re: Alice and Bob Speak MooJoo
Date: Tue, 12 Jun 2001 16:39:42 GMT
On Tue, 12 Jun 2001 10:06:59 -0400, in sci.crypt, "Robert J. Kolker"
<[EMAIL PROTECTED]> wrote:
>"Douglas A. Gwyn" wrote:
>
>> Boyd Roberts wrote:
>> > "Tom St Denis" <[EMAIL PROTECTED]> a écrit:
>> > > How would a blind person learn to speak?
>> > verbal feedback. it's a bootstrap problem.
>>
>> Note that Helen Keller learned to communicate d
Cryptography-Digest Digest #596
Cryptography-Digest Digest #596, Volume #13 Wed, 31 Jan 01 05:13:00 EST
Contents:
Digits of PI (Benjamin Goldberg)
Re: fast signing (Thomas Wu)
Re: Ciphertext Stealing question (Benjamin Goldberg)
Re: More About Passwords (John Savard)
Re: Digits of PI (Paul Rubin)
Re: Shared key protocols (Ichinin)
Re: Digits of PI (Jim Gillogly)
Re: Digits of PI (Paul Rubin)
Re: Digits of PI (Benjamin Goldberg)
A new cipher ("David Finch")
Re: Digits of PI (Jim Gillogly)
Re: Digits of PI (Roger Schlafly)
Re: Digits of PI (Benjamin Goldberg)
Re: fast signing (Paul Crowley)
Re: On combining permutations and substitutions in encryption (Mok-Kong Shen)
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Digits of PI
Date: Wed, 31 Jan 2001 07:03:04 GMT
I'm trying to calculate the base-256 digits of PI to use as "random"
constants in an algorithm. Unfortunatly, the formula I tried to use
[which is supposed to calculate the base-16 digits of pi] gives real,
rather than integral, values. The formula is:
\(4211 ) ( 1 )n
pi = \ ( -- - -- - -- - -- ) * ( -- )
/ ( 8n + 1 8n + 4 8n + 5 8n + 6 ) ( 16 )
/___
For the 0th..3rd hexadecimal digits of pi, this resulted in
3.1333, 0.129426129/16, 0.0422205246/256, 0.0207553366/4096.
Clearly, I'm doing something wrong, or at least interpreting what the
formula is supposed to mean wrong.
I want to fill a 512 byte array with the first 1024 hexadecimal digits
of pi. Suggestions, please?
--
Most scientific innovations do not begin with "Eureka!" They begin with
"That's odd. I wonder why that happened?"
--
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: fast signing
Date: 30 Jan 2001 23:06:15 -0800
Bob Silverman <[EMAIL PROTECTED]> writes:
> In article <[EMAIL PROTECTED]>,
> Paul Rubin <[EMAIL PROTECTED]> wrote:
> > Bob Silverman <[EMAIL PROTECTED]> writes:
> > > I'm just making his suggestion public. I've let e be large.
> > > We get d = 3 and now signing is very fast and verification slow,
> > > instead of the other way around
> >
> > Um, now that the signing exponent is known, the signatures don't
> > authenticate much any more...
>
> Sure. But how is it known? All you do is publish e. How
> does someone else know then that d = 3? phi(n) is still unknown,
> so there is no way to compute d from e
Given n and e, can't you take some x, compute c=x^e (mod n), and
then go through a bunch of d's, checking if c^d==x (mod n)?
Under normal circumstances, d is huge, so brute-forcing it doesn't
make sense, but if d is fewer than, say, 40 bits...
> --
> Bob Silverman
> "You can lead a horse's ass to knowledge, but you can't make him think"
>
>
> Sent via Deja.com
> http://www.deja.com/
Tom
--
Tom Wu* finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/srp/
--
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Ciphertext Stealing question
Date: Wed, 31 Jan 2001 07:15:22 GMT
John Savard wrote:
>
> On Wed, 31 Jan 2001 04:02:09 GMT, Benjamin Goldberg
> <[EMAIL PROTECTED]> wrote, in part:
>
> >Otherwise, simply using the value 0 as
> >IV will work fine.
>
> Not if you're planning to use the same key for more than one message.
He's already said, and I quote, "the ciphertext must be the exact length
of the plaintext." This means that he can't have an IV sent with the
message. Period. He is [must be] willing to accept the fact that his
opponent will be able to identify when he sends messages with identical
content.
Being able to use side-channel information (like TCP/UDP port #, or
filesystem inode#, etc) as an IV is a bonus, and not something we can
count on. Lacking the bonus, we a limited to a constant IV.
--
Most scientific innovations do not begin with "Eureka!" They begin with
"That's odd. I wonder why that happened?"
--
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: More About Passwords
Date: Wed, 31 Jan 2001 07:10:10 GMT
On Wed, 31 Jan 2001 06:16:33 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
>It contains the two random
>values, the user's salt value, and the host computer's nonce public
>key. Note that the nonce public key must not be 'obvious' in a
Cryptography-Digest Digest #596
Cryptography-Digest Digest #596, Volume #12 Sat, 2 Sep 00 06:13:01 EDT
Contents:
Re: New cryption method... (JPeschel)
Re: New cryption method... ("Paul Pires")
Re: Remark on practical predictability of sequences ("John A. Malley")
Re: Patent, Patent is a nightmare, all software patent shuld not be allowed ("Paul
Pires")
Re: 4x4 s-boxes (Mack)
Re: one-time pad question (Mr. Neil Okya)
Re: Capability of memorizing passwords (Mok-Kong Shen)
Re: Capability of memorizing passwords (Mok-Kong Shen)
Re: Patent, Patent is a nightmare, all software patent shuld not be (Mok-Kong Shen)
Re: Steganography question ("Harris Georgiou")
Re: RSA public exponent (Paul Schlyter)
Re: 4x4 s-boxes (Mok-Kong Shen)
Re: RSA public exponent (Eric Young)
Re: QKD and The Space Shuttle (David A Molnar)
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: New cryption method...
Date: 02 Sep 2000 05:47:44 GMT
Stou Sandalski writes, part:
>Last night after about 4 bowls of purple kush I invented a crypto method for
>scrambling data that was theoreticaly unbreakable even with a quantum
>computer... and not only did it encrypt data 10^31337 different ways, it
>compressed the data 100 to 1 but the NSA kidnaped me and forced me to
>give them my algorithm and then brainwashed me and took off all evidence of
>it... and then they drugged me... and when I woke up I couldn't remember
>what the algorithm was... but it was really cool and unbreakable...
You invented one, too? This seems to happen about every week. Although
purple kush, is often the favorite catalytic elixir of theoretic
cryptographers, it isn't alone. Amber, burnt sienna, and a delightful
chocolate laced with strawberry, though rare, are more powerful.
The effect of plain vanilla kush, despite the innocent look of its
boring hue, is unbelievable. The other rare varieties of kush
crack the upper bounds of catalyticosity after you eat only one serving
from a bowl about the size of Mikey's. But after one tablespoon of the
vanilla stuff you find yourself correcting [EMAIL PROTECTED], posting persiflage
to usenet, proving a quantum theory of parallel universes in the afterlife,
and almost understanding women. After eating one bowl of purple kush your
brain should rival Joe Kernen's sidekick on CNBC, thus four bowls should
propel you into crypto titanosity.
There is, however, good news about your crypto method: they
have it and thy're using it. There's bad news, too: I had two
tablespoons of vanilla kush, cracked an NSA message encrypted
with it, and sent it to the newswires.
NSA PRESS RELEASE August 25, 2000 (Really, Really Super Secret
Stuff.) RRSSS.
The National Security Agency (NSA) is quite pleased with
its Initial (IPO) of approximately three months ago. As RRSSS.com
we managed to raise Gazillions of Dollars (GOD) in a period when
IPOs could either Fly or Die (FOD). Potential Investors (PIs)
asked fewer questions than those Pests In Congress (PIC).
Our stated strategy of growing our business organically while
considering acquisitions that might be Immediately Accretive to
our Bottom-Line (IABL) meshed well with our Government
to Business to Consumer (G2B2C) business plan, which somehow
involved Linux. Fortunately, the toughest question the Agency
had to answer was whether to pronounce or spell DES, although there
were always a dozen protesters outside of our hotels chanting
O-T-P and demanding a solution. What they were doing outside
our hotels is theoretically unknowable. Still, the protesters followed
our guys from city to city, hotel to hotel, but the agency is pleased
to report our fellers never saw the same face twice.
Additionally, RRSSS.com is close to signing a deal with Axumite.com
to research and develop, with the technical assistance RRSSS,
Improved Kush (IK) (You say it; don't spell it.) Our goal is to have 70%
absorption in the kush market by 2002. A concurrent deal with
Sahara.com is nearly in place wherein Sahara will become
the sole distributor of IK to Linux users throughout the world.
We are currently in talks with other organizations to distribute
kush to ingestors who may use other operating systems.
Our IK product will induce ingestors to report to Fort George G.
Meade on their own, as we really have too many operations and a
lot more important stuff to do instead of kidnapping and brain-washing
Kush-Crunching Crypto Weenies (KCCW) every week.
Further, our lockup period ends in a few weeks and we plan
to sell RRSSS like crazy.
##
I'll be taking my short position soon, and eating as much
kush as I can handle. No matter how much I eat, though,
I still don't get what goes through my girlfriend's head.
Cryptography-Digest Digest #596
Cryptography-Digest Digest #596, Volume #11 Fri, 21 Apr 00 14:13:01 EDT Contents: Re: The Illusion of Security (Tom St Denis) Re: OAP-L3: Semester 1 / Class #1 All are invited. (cont.) (Anthony Stephen Szopa) Problems with NTRU (Tom St Denis) Re: Number Theory Book (Tom St Denis) Re: Requested: update on aes contest (David Crick) Re: Primality Test-how many iterations suffice for n digit number ? (Francois Grieu) Re: SSL and "man in the middle" attack (Paul Rubin) Re: SSL and "man in the middle" attack (Paul Rubin) From: Tom St Denis <[EMAIL PROTECTED]> Subject: Re: The Illusion of Security Date: Fri, 21 Apr 2000 17:12:28 GMT Terry Ritter wrote: > > On Fri, 21 Apr 2000 16:41:57 GMT, in <[EMAIL PROTECTED]>, > in sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote: > > >Mike Kent wrote: > >> > >> Tom St Denis wrote: > >> > >> > UBCHI2 wrote: > >> ... > >> > > Intractable math problem are only in the eye of the beholder. How many of you > >> > > would have thought that the enigma could be broken? > >> > > >> > This is amazingly false. > >> > >> Hmmm, it's _very probably_ amazingly false. > > > >I would like to think all the math-wizards know what they are doing. > >Ciphers along the same idea as DES (i.e feistel) have been around for a > >while. > > > >Of course it's entirely possible that all AES ciphers and pre-aes > >ciphers get broken tommorow. However, that is as likely as monkeys > >learning speech and taking over the world while we are asleep. > > True, the original claims were over the top, but this is way beyond > what we know in the other direction. We do not know the strength of > these ciphers. The designers and reviewers do not know the strength > of these ciphers. None of us *can* know strength with respect to > opponents we do not know and whose knowledge and resources we also do > not know. > > There exists no basis for asserting that breaking these ciphers is > "unlikely." We have no testable probability distribution for the > breaking of ciphers. If the only thing we have to go on is the > limited published experience, we might well say that every algorithmic > cipher is likely to be broken eventually. And that is precisely the > opposite of your unproven assertion that breaking AES is unlikely. True, but we know (or should I say 'they know') alot about various metrics to attack ciphers. So we can begin. We can tell for example that a cipher is weak because we can break it. Given all the talent in the world if no one comes up with a metric to break a new cipher, then for that time being it's secure. Of course of all the ciphers used since the 70's none of them have yet been broken. So that's a good track record so far Tom -- From: Anthony Stephen Szopa <[EMAIL PROTECTED]> Crossposted-To: talk.politics.crypto Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited. (cont.) Date: Fri, 21 Apr 2000 09:40:22 -0700 James Felling wrote: > > > > > > > I will prove you do not know what you are talking about by you > > simply answering this question: > > > > The OAP-L3 encryption software uses a random number generator. > > Now which of the following is the most correct and most > > comprehensive description of this random number generator that > > it uses: which is the description that results in the random > > numbers used in the encryption process? > > > > > 1) The process that outputs the random digits from the MixFiles, or > > > > 2) the process that results in the OTP files? > > Well the best way to answer that is "neither"( or "both" -- depends upon how I look at it). I > agree that the stream data is generated primarially by process #2. However it still uses > data from process #1 to produce the mix files which are then used by process #2. If one > examines the crypto literature you will find many algorithims that have comentaries by skilled > people along the line of "this section of the algorithim is weak -- it does not do X properly > -- I have found no attack to exploit this property" and this is enough to withdraw the > algorithim from serious consideration. Why should your program be judged upon a different > standard? > > > > > > > Now define precisely what your supposed flaws are and what is the > > exact nature of these "artifacts" you allege? > > Ok since you have obviously not done even a textbook analisys of you
Cryptography-Digest Digest #596
Cryptography-Digest Digest #596, Volume #10 Sat, 20 Nov 99 07:13:02 EST Contents: Re: bits of diffiehellman private key (David Hopwood) Re: What part of 'You need the key to know' don't you people get? (Tom) Re: What part of 'You need the key to know' don't you people get? (Boris Kazak) Re: AES cyphers leak information like sieves (John Savard) Re: Apparently, Hushmail does work (David Hopwood) Re: Apparently, Hushmail does work (David Hopwood) Re: Distribution of intelligence in the crypto field (The Walters) Re: Distribution of intelligence in the crypto field (M Okra) Re: A Random Key Cipher Machine (Mark Adkins) Date: Sat, 20 Nov 1999 04:57:19 + From: David Hopwood <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Subject: Re: bits of diffiehellman private key =BEGIN PGP SIGNED MESSAGE= In message <814gea$b07$[EMAIL PROTECTED]> Tom St Denis <[EMAIL PROTECTED]> wrote: > Let's say you have a random 1024 bit private exponent, and only 128 of > those bits are random [not clumped together]. Let's say for any random > key you could tell which bits were not random but their position is not > fixed in the exponent. This means 1024-128=896 of the bits are known. > Could any sieving method take advantage of this? You wouldn't use sieving (i.e. index calculus-based algorithms) to attack this; you'd use a "baby-step giant-step" algorithm modified to work on a restricted exponent space. The following algorithm, which finds x = log_g(y) given g and y, is adapted from [HAC]: 1. Split the random bits of the exponent into two halves, and let m be the weight of the least significant bit in the upper (most significant) half. For example if . represents a fixed bit, * a random bit, and | the position of the split: ...*..*|*...* ^--- weight of this bit = m = 2^5 2. Construct a table with entries (j, g^j), for j := each possible value for the lower half of the exponent. Sort this table by second component. (Alternatively, use conventional hashing on the second component to store the entries in a hash table; placing an entry, and searching for an entry in the table takes constant time.) 3. Compute g^-m and set gamma := y. 4. For i := each possible value for the upper half of the exponent, 4.1. Check if gamma is the second component of some entry in the table. 4.2. If gamma = g^j then return (x = im + j). 4.3. Set gamma := gamma * (g^-m). The work factor is given by the square root of the number of possible exponents (i.e. 2^64 if 128 bits are random). There may be better attacks if the prime modulus p is not chosen carefully - ideally it should be a safe prime, and (if I remember the most up to date advice correctly) the base g should generate the subgroup of size (p-1)/2. If you use a 1024-bit safe prime modulus with about 256 bits of the exponent random, and g chosen as above, that should be secure against passive attacks. (As always for Diffie-Hellman, protecting against active attacks requires additions to the protocol.) [HAC] A. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography, "Algorithm 3.56: Baby-step giant-step algorithm for computing discrete logarithms," [Also see Note 3.59 (restricted exponents), and the discussion at the top of page 128.] CRC Press, 1997. http://www.cacr.math.uwaterloo.ca/hac/about/chap3.pdf (Congratulations to the authors and publisher for putting this book on the web, BTW. It's still well worth buying the paper version for convenience.) - -- David Hopwood <[EMAIL PROTECTED]> PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01 "Attempts to control the use of encryption technology are wrong in principle, unworkable in practice, and damaging to the long-term economic value of the information networks." -- UK Labour Party pre-election policy document =BEGIN PGP SIGNATURE= Version: 2.6.3i Charset: noconv iQEVAwUBODYktjkCAxeYt5gVAQG8zAf9FBDfqeu4VKr9DX1a1te8b0rrAOxryV21 4EZoeNiZQjQAoMIDSWzUE/semC7kOMO/OBcDo7lnIYCTikDDioJkvXBmaZ+FkUbk r/xXi2CZ2oVxjamc1R/gicMrX1sqxPoZc+5Q7ey+OKVoXE+9AvjwY6zFQ2IykwVs l3n9+SrQcIWzhnBHPGRdxYk3DgBQATvJiyEKXPs4eTBtF63ne0syMOyulTZdw12D EaqFbevmtr2w79tiFiX+WK6cHlYxJjN3m8jlcZ+R/Tlk1CcInNUV4Z5cCyOXRARV dIYrHCp0b5J1oQ6116ODNfGwNHHrwGhFX3cWm+VdH62WYL2/2REXUw== =/ZYY =END PGP SIGNATURE= -- From: [EMAIL PROTECTED] (Tom) Subject: Re: What part of 'You need the key to know' don't you people get? Date: Fri, 19 Nov 1999 09:50:00 GMT Reply-To: [EMAIL PROTECTED] On Fri, 19 Nov 1999 03:37:51 GMT, Tom St Denis <[EMAIL PROTECTED]> wrote: >In artic
Cryptography-Digest Digest #596
Cryptography-Digest Digest #596, Volume #9 Wed, 26 May 99 05:13:02 EDT
Contents:
Re: AES tweaks ([EMAIL PROTECTED])
Re: Why would a hacker reveal that he has broken a code? ("Markku J. Saarelainen")
Re: AES tweaks ([EMAIL PROTECTED])
Re: Oriental Language Based Enryption ([EMAIL PROTECTED])
Re: Why would a hacker reveal that he has broken a code? (David A Molnar)
Re: PGP Implementation of DH/DSS vs. RSA. (David A Molnar)
Re: Why would a hacker reveal that he has broken a code? (Boris Kazak)
Re: Symmantic question (Jerry Coffin)
Re: Crypto export limits ruled unconstitutional (wtshaw)
non-computerized cryptography (©ú¥Õ)
Re: Why would a hacker reveal that he has broken a code? (wtshaw)
Re: Why would a hacker reveal that he has broken a code? (wtshaw)
Re: PGP Implementation of DH/DSS vs. RSA. (_)
Re: non-computerized cryptography (Jaap-Henk Hoepman)
Re: non-computerized cryptography (Jaap-Henk Hoepman)
Re: where can i find a frequency list? (Pete)
From: [EMAIL PROTECTED]
Subject: Re: AES tweaks
Date: 26 May 1999 02:13:04 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> They would not suport a secure standard because as the presidents spin
>doctors say. We can't let secure methods being commom place becasue
>drug runners that are not politically approved and terroists might use secure
>encryption and the MAJOR task is to contorl export of encryption technologes
>to the bad guys.
oh please. a. the US government is the major drug runner and terrorist and
b. there are much better methods available for the US government to go after
the drug runners and terrorists that they don't like. i'm sure that the NSA
doesn't mind crypto export controls and wouldn't mind key escrow, but 99%
of the time there's a better way to tackle the problem than trying to decrypt
a message and in the 1% of the time where the "bad guys" have covered every
angle other than the encrypted message they'll be smart enough to use a
halfway decent encryption method anyway.
>So why have a contest to really develop a secure method and advertise the
>fact all over the world. The only possible reason would be to trick people
>into using nonsecure encryption.
or to actually encourage businesses on the internet to use secure
communications and electronic transactions.
--
Lamont Granquist ([EMAIL PROTECTED])
ICBM: 47 39'23"N 122 18'19"W
--
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Subject: Re: Why would a hacker reveal that he has broken a code?
Date: Tue, 25 May 1999 21:55:32 -0700
In many ways, some discussions in this newsgroup are quite amusing because the
capability to break any of your developed and implemented encryption algorithms is
much higher than you have ever imagined. If you think that the capability is 5 in
the scale of 1-10, you probably should change your perception from 5 to 15 or 20.
Academicians are lacking extensively behind real developments in the field of
encryption. Interesting .. isn't it. In addition, in most cases, people are
focusing on specific encryption algorithms and programs (some very popular and in
many ways, practical jokes due to covert promotions) and at the same time people
often forget the role of the whole communication process in cryptography.
So what do you think ..?
Markku
Terry Ritter wrote:
> That means any cipher may have already been broken in secret. And our
> continued use of such a cipher merely allows our opponents to continue
> to expose our information. And we have no way to know when our
> information is being exposed. This is just what happened to the other
> guys in WWII; one might think we could learn from our own past.
>
> ---
> Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
> Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
> Free Encrypted Email www.hushmail.com [EMAIL PROTECTED]
--
From: [EMAIL PROTECTED]
Subject: Re: AES tweaks
Date: 26 May 1999 02:14:39 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> IF you bother to read even ancient texts like the "Puzzle Palce" one of the
>most informative books on the NSA you will see that even in those day people
>in the know. Knew that 56 bits was to short. The NSA may have made it as
>strong possible thus making it immune to differential crypto. But tweeked the
>key length of Lucifer from 64 bits to the 56 bits so it could easyly tests all
>the keys. Don't take my word for it look at the facts.
yeah, which is an *obvious* way to tweak the security of the cipher down.
there's nothing hidden about it at all. it's a long way from that to having
super-secret
