Cryptography-Digest Digest #811
Cryptography-Digest Digest #811, Volume #13 Mon, 5 Mar 01 20:13:01 EST
Contents:
Re: Monty Hall problem (was Re: philosophical question?) (Virgil)
Re: passphrase question (Benjamin Goldberg)
Re: Monty Hall problem (was Re: philosophical question?) (Shawn Willden)
Re: => FBI easily cracks encryption ...? ("Open FleshWound")
Re: => FBI easily cracks encryption ...? (Free-man)
Re: The Foolish Dozen or so in This News Group (Eric Lee Green)
Re: passphrase question (Paul Rubin)
Re: Monty Hall problem (was Re: philosophical question?) ("Mxsmanic")
Re: Monty Hall problem (was Re: philosophical question?) ("Mxsmanic")
Re: passphrase question ("Mxsmanic")
Re: Test vectors for 3DES with OFB or CFB ("Scott Fluhrer")
Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily crack (Shawn
Willden)
Re: passphrase question ("Mxsmanic")
From: Virgil <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: Mon, 05 Mar 2001 16:15:15 -0700
In article <980nk6$aor$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Arturo Magidin) wrote:
> >Indeed. In the standard Monty Hall problem, the standard answer
> >requires all of these assumptions:
> >
> >1. The car is more valuable than the goats.
> >2. The car was equally likely to be behind any of the 3 doors.
> >3. After I pick a door, Monty always opens another door and shows me a
> >goat.
> >4. In case I picked the door with the car, Monty is equally likely to
> >open either one of the other two doors.
> >
I think that assumption 4 is unnecessary. If you have already picked the
door hiding the car, it is irrelevant which of the other doors Monty
picks, it is only necessary that he pick one of them.
--
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: passphrase question
Date: Mon, 05 Mar 2001 23:15:13 GMT
Mxsmanic wrote:
>
> "Tom McCune" <[EMAIL PROTECTED]> wrote in message
> news:yfTo6.218982$[EMAIL PROTECTED]...
>
> > I can't buy that.
>
> Well, it's your security, not mine. I'm more paranoid than you, I
> guess.
>
> > There is no way for my opponent to know whether
> > or not I repeat characters, or have numbers, or
> > have letters, etc., in my passphrase.
>
> Maybe.
>
> But the fact is, if you are systematically repeating characters, you
> may as well just stick with a six-character password, instead.
But you forget that the number of repetitions is also part of the
password. So it's not, how much entropy is in ".a$fD5", it's how much
entropy is in {".a$fD5",7,10,11,11,7,4}. Going with the assumptions
made by alphabeta, each of the integers can be in the range 1-16, and
contains 4 bits of entropy. 6 integers is 24 bits of entropy. A truly
random 6 character string might also contain 6 bits of entropy per
character, so that's another 36 bits of entropy. So the whole method
produces 60 bits of entropy.
Of course, there is the exact same amount of entropy in {".a$fD5",7,10,
11,11,7,4} as there is in ".a$fD5 7 10 11 11 7 4" which is easier to
type.
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
--
From: Shawn Willden <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: Mon, 05 Mar 2001 16:39:46 -0700
"Joe H. Acker" wrote:
> Interestingly, this can be tested empirically. All you need is a good
> TRNG based on radioactive-decay and a function that takes input from the
> TRNG to produce an unbiased random number in an integer range.
You don't need a TRNG, or even an unpredictable RNG. You just need an RNG with
relatively good statistical properties.
> Then you write a program that randomly assigns the car to an element of an
> array
> [1..3], makes a random choice c for one element of the array and
> implement Monty's algorithm: take the two remaining elements, if one of
> them is the car, mark the other as "opened", otherwise you're free to
> randomly mark any of the remaining two elements as "opened". Then, make
> two iterated test runs, one time always staying with the first element
> c, another run always changing to the remaining element that is not the
> first c and not marked as "opened".
That describes an implementation that is much more complex than
Cryptography-Digest Digest #811
Cryptography-Digest Digest #811, Volume #12 Mon, 2 Oct 00 05:13:01 EDT
Contents:
Re: Choice of public exponent in RSA signatures (Paul Rubin)
Re: Choice of public exponent in RSA signatures (Roger Schlafly)
Re: Choice of public exponent in RSA signatures (David A Molnar)
Re: Choice of public exponent in RSA signatures (Roger Schlafly)
Re: Choice of public exponent in RSA signatures ("John A. Malley")
Re: Choice of public exponent in RSA signatures (Paul Rubin)
Re: Question on biases in random numbers & decompression (Ray Dillinger)
Re: How Colossus helped crack Hitler's codes (John Savard)
Ciphers and Unicode (Ray Dillinger)
Re: Choice of public exponent in RSA signatures (Francois Grieu)
Re: Which is better? CRC or Hash? (Tiemo Ehlers)
Re: Choice of public exponent in RSA signatures (Francois Grieu)
Re: Avoiding bogus encryption products: Snake Oil FAQ (Robert Davies)
Re: Josh MacDonald's library for adaptive Huffman encoding (Phil Norman)
Re: Shareware Protection Schemes (Anders Thulin)
Re: Choice of public exponent in RSA signatures (D. J. Bernstein)
Re: About implementing big numbers (David Blackman)
Re: On block encrpytion processing with intermediate permutations (Mok-Kong Shen)
Re: Choice of public exponent in RSA signatures (Mok-Kong Shen)
Re: On block encrpytion processing with intermediate permutations (Mok-Kong Shen)
Re: Signature size ([EMAIL PROTECTED])
Re: Ciphers and Unicode (David Blackman)
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Choice of public exponent in RSA signatures
Date: 01 Oct 2000 22:42:43 -0700
Francois Grieu <[EMAIL PROTECTED]> writes:
> Researchers publishing on factorisation, be it using NFS, QS, or EC,
> all agree that it would be harder to factor say a 1152 bit product of
> three 384 bit primes, than to factor a 1024 bit product of two 512
> bit primes.
Well, ok, since the modulus is bigger. But how does that difficulty
compare to that of a 1152 bit product of two 576-bit primes?
Does anyone really think that 1024-bit N=pq might be practical some
day, but 1152-bit N=pqr won't also be practical at that time?
I think factoring 1024-bit N=pq needs a mathematical breakthrough;
and if we have one of those, who knows what will happen.
--
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Choice of public exponent in RSA signatures
Date: Sun, 01 Oct 2000 22:50:42 -0700
Francois Grieu wrote:
> Researchers publishing on factorisation, be it using NFS, QS, or EC,
> all agree that it would be harder to factor say a 1152 bit product of
> three 384 bit primes, than to factor a 1024 bit product of two 512
> bit primes; while secret-key operation with the first modulus
> is one-third faster than with the second, using the CRT of course.
Yes.
> Yet multiprime RSA has not catch up (at least if you look at the
> offer of hardware vendors). I do not think it is superstition only,
> but also a bias towards simplicity, which I feel quite reasonable.
3-prime RSA is almost as simple as 2-prime RSA.
--
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Choice of public exponent in RSA signatures
Date: 2 Oct 2000 05:32:47 GMT
Paul Rubin <[EMAIL PROTECTED]> wrote:
> Roger Schlafly <[EMAIL PROTECTED]> writes:
>> A lot of crypto is based on superstitition. For several years
>> it has been agreed that 3-prime RSA is superior to 2-prime RSA,
>> but no one uses it.
> Agreed by who?!!
Compaq, for one.
There's also a draft revision to PKCS #1 which will support multi-prime
(distinct primes, note) RSA.
-David
--
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Choice of public exponent in RSA signatures
Date: Sun, 01 Oct 2000 22:59:43 -0700
Paul Rubin wrote:
> Well, ok, since the modulus is bigger. But how does that difficulty
> compare to that of a 1152 bit product of two 576-bit primes?
The difficulty is the same with GNFS. GNFS is the fastest method
for numbers in that range. The advantage to 3-prime RSA would be
that secret key operations are faster.
> Does anyone really think that 1024-bit N=pq might be practical some
> day, but 1152-bit N=pqr won't also be practical at that time?
The point is that there is a speed/security tradeoff. When comparing
2-prime to 3-prime RSA, you would usually compare them at the same
security, or the same speed. Francois just happened to choose the
parameters so that 3-prime RSA wins on both security and speed.
--
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Choice of public exponent in RSA signatures
Date: Sun, 01 Oct 2000 23:09:12 -0700
Francois Grieu wrote:
>
[snip]
>
> > Exponent 65537
Cryptography-Digest Digest #811
Cryptography-Digest Digest #811, Volume #11 Thu, 18 May 00 10:13:01 EDT
Contents:
Re: Interesting differentials in BREAKME (Raphael Phan)
Re: random.org? ("Steve and Darla Wells")
Re: AES final comment deadline is May 15 (DJohn37050)
Please help to decipher ([EMAIL PROTECTED])
Date: Thu, 18 May 2000 21:20:32 +0800
From: Raphael Phan <[EMAIL PROTECTED]>
Subject: Re: Interesting differentials in BREAKME
Hi,
Adam Durana wrote:
> > Ok, Mark, so how did you manage to get a differential of 32/256? Could
> you
> > enclose your difference distribution table for us?
>
> When I created the s-boxes 32 was the maximum differential. Below is the
> table. The rows are the input XOR and the columns are the output XOR.
>
> 25600000000000000
> 0
> 4 28 186 16 12 10 10 30 186 22 24 14 16
> 22
>18 12 14 14 12 22 20 20 14 14 22 16 18 16 22
> 2
>10 28 18 160 18 18 16 14 28 16 22 12 16 12
> 12
>12 18 18 10 168 22 20 22 228 26 208 14
> 12
>12 24 26 268 22 10 16 12 10 264 14 12 12
> 22
>12 18 18 18 14 10 24 186 16 10 18 18 16 22
> 18
>16 146 18 22 18 16 18 16 12 16 14 12 20 16
> 22
> 8 14 14 24 12 22 14 24 2888 12 12 22 20
> 14
>22 28 12 22 188 16 10 10 10 18 10 16 10 20
> 26
>246 22 12 20 16 12 12 14 26 14 14 20 12 14
> 18
>12 226 12 26 14 14 18 268 18 20 12 22 14
> 12
>248 22 22 16 12 16868 18 20 16 16 26
> 18
>22 14 30 128 10 20 20 164 12 22 10 26 14
> 16
>186 22 14 16 20 12 12 12 30 18 248 20 10
> 14
>14 30 14 18 14 22 16 20 12 10 10 16 24 168
> 12
> 4 12 22 12 18 20 16 20 288 22 12 14 14 12
> 22
>22 18 16 28 146 18 10 22 12 14 12 10 18 24
> 12
>10 10 14 20 16 10 24 12 16 20 228 18 26 12
> 18
>16 22 18 14 28 14 16 16 106 14 28 12 106
> 26
>18 14 30 12 104 10 22 24 164 26 168 20
> 22
> 8 124 14 24 18 24 20 22 22 108 14 18 18
> 20
>10 20 108 18 18 10 14 18 10 14 18 18 30 22
> 18
>24 14 22 14 12 16 18 12 24 20 12 10 18 10 10
> 20
>22 16 16 14 186 16 20 14 22 16 16 168 18
> 18
>168 14 206 12 168 14 26 10 24 16 24 16
> 26
>10 18 22 14 20 20 14 10 12 10 22 24 14 14 18
> 14
>208 14 30 12 228 226 14 18 10 22 18 16
> 16
>18 16 14 18 12 14 20 16 18 14 206 20 10 18
> 22
>24 18 14 22 12 14 12 12 24 16 20 148 10 22
> 14
>10 14 26 14 14 12 12 26 14 28 14 12 14 16 16
> 14
> 6 228 18 18 18 22 12 16 16 14 20 14 12 10
> 30
>20 18 14 20 18 148 24 18 20 12 14 10 248
> 14
>12 22 18 22 20 18 10 10 16 146 18 16 16 10
> 28
>188 26 16 12 22 10 20 18 18 20 12 14 12 22
> 8
>14 12 16 22 16 14 18 20 28 16 18 10 12 14 14
> 12
>148 14 14 14 20 10 14 18 14 18 12 26 28 26
> 6
>12 22 12 24 22 16 22 14 18 10 20 10 24 106
> 14
>18 12 16 14 14 20 20 10 18 14 18 30 24 10 12
> 6
>24 14 22 22 14 18 16 14 188 16 12 16 14 18
> 10
>24 20 18 20 12 184 208 16 18 12 10 14 22
> 20
>12 24 14 128 14 20 16 22 10 20 18 18 10 22
> 16
>16 14 128 14 16 14 26 20 26 18 22 10 18 12
> 10
>20 24 14 24 12 12 20 10 18 10 16 22 144 18
> 18
>10 20 16 18 12 20 12 208 30 14 24 14 16 10
> 12
>20 22 20 10 12 18 20 14 20 14 184 16 16 18
> 14
>14 20 16 16 12 16 14 20 14
Cryptography-Digest Digest #811
Cryptography-Digest Digest #811, Volume #10 Thu, 30 Dec 99 05:13:01 EST
Contents:
Re: Data Encryption in Applet? (David Hopwood)
Re: Questions about message digest functions (David Hopwood)
Re: Ellison/Schneier article on Risks of PKI (David Hopwood)
Re: Attacks on a PKI (David A Molnar)
Re: Homophones (wtshaw)
Re: Grounds for Optimism (wtshaw)
New Stream Algo - Software to prove a point (to me!) (Raddatz Peter)
Re: Homophones (Mok-Kong Shen)
Re: Employing digits of pi (Mok-Kong Shen)
cryptography website(dutch)! ("Red Shadow")
Re: Factorization of DDD. Better than Montgomery ? (Angel Garcia)
Re: Enigma (Mok-Kong Shen)
Date: Thu, 30 Dec 1999 03:39:21 +
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To:
comp.lang.java.security,microsoft.public.java.security,comp.lang.java.programmer
Subject: Re: Data Encryption in Applet?
=BEGIN PGP SIGNED MESSAGE=
"Law Wun Suen, Brian" wrote:
>
> Tim Wood wrote:
>
> > wrote in message <[EMAIL PROTECTED]>...
> > >Hi
> > >
> > >I am looking for a way to encrypt data through an applet using symmetric
> > >(or asymmetric) encryption. I thought of sending an applet containing a
> > >symmetric key to a client.
> >
> > How? If the symmetric key is not encrypted when you send it, it could be
> > intercepted and used to read the, client side encrypted, data.
>
> I think if the application have to consider about the performance, better
> to use both (symmetric and asymmetric) encryption together. It really look
> like how the SSL work. You generate a random key (secret key) for the
> symmetric encryption and encrypt this securet key with your own private
> key. The client program receive the key and decrypt it by the public key.
> Then use that secret key for that sesssion communication.
This is no more secure than sending the applet containing a symmetric key.
If the applet can decrypt the key, so can an eavesdropper who decompiles
the applet.
Using SSL (both to load the applet and to send data back to the site) would
solve this problem, *provided* you trust that the browser root CAs will only
sign certificates from legitimate site owners, that include the correct
domain name.
(The user can, at least in principle, tell that a man-in-the-middle attack
has not occurred by looking at the site certificate. Unfortunately most
users don't look at this certificate, so the actual level of security
against active attacks is somewhat dubious. It should be secure against
passive attacks, though.)
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
"Attempts to control the use of encryption technology are wrong in principle,
unworkable in practice, and damaging to the long-term economic value of the
information networks." -- UK Labour Party pre-election policy document
=BEGIN PGP SIGNATURE=
Version: 2.6.3i
Charset: noconv
iQEVAwUBOGrPDjkCAxeYt5gVAQEvTQgAuJSXL3cFbU/Uvwmgrnca2r2+7b7WIQMW
Ncs6r/yMm2A8r2kLoPFwmUINgyLbin/i4mM+qJf7OhHr3mKhGU+mXlUDEune34Zy
ws9OKNa4rymQfOZh3qhVh+mf6qeCnl1U9d/Nd9Hn/nvHB8O0oj/WdhwlbHkTslAj
ry5J0/ANo9+SC05YaPCsKL5InHeMveUft2Tv0y6RWCTrwnGVX4zMoP68Iyw+vhT1
8mkgtNllFH8JUrVItROyKX0eB5T+9vOqB1tWmrZeBsap/b0MBAW54VRee3tztDuK
C/byEcIDCWgHz32Nn56rQMpRSC7Id6TwJN78XMBiGjSZOrfmMoh/+A==
=DmHD
=END PGP SIGNATURE=
--
Date: Thu, 30 Dec 1999 03:40:20 +
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Questions about message digest functions
=BEGIN PGP SIGNED MESSAGE=
Tim Tyler wrote:
>
> In sci.crypt, lordcow77 wrote:
> > <[EMAIL PROTECTED]> wrote:
>
> > > Hash functions may be made from block cyphers.
> > > Block cyphers are reversible. Consequently,
> > > a message hash of a message with the hash
> > > size, the block size and the message size all
> > > equal will be a bijection. [...]
[...]
> > The construction that transforms a block
> > cipher cryptographic primative into a hash
> > function should destroy the bijectiveness of
> > the block cipher.
This is correct.
> No. You are mistaken.
>
> Consider a common technique of transforming a
> block cypher into a hash:
>
> Apply the block cypher in a chaining mode to
> the message. Take the last block of cyphertext as
> the hash.
I don't know about it being "a common technique", but I
certainly wouldn't use it.
You're presumably using the block cipher with a known
key, K (otherwise it would be a MAC, not a hash). For
concreteness assume CBC as
Cryptography-Digest Digest #811
Cryptography-Digest Digest #811, Volume #9Thu, 1 Jul 99 02:13:03 EDT
Contents:
Re: two questions ("Harvey Rook")
Re: How do you make RSA symmetrical? (Bill Unruh)
Re: Moores Law (a bit off topic) (Sam Trenholme)
Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length? (Sam
Trenholme)
Re: A slide attack on TEA? ([EMAIL PROTECTED])
Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length? (Greg
Ofiesh)
Re: two questions ([EMAIL PROTECTED])
Re: two questions ([EMAIL PROTECTED])
Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length? (Greg
Ofiesh)
Re: two questions ("rosi")
Re: How to find the period of a sequence ("Brian McKeever")
Re: Secure link over Inet if ISP is compromized. ("rosi")
Re: Good book for beginning Cryptographers? (Peter Gutmann)
Re: Project "Infinity" - replace 1 (one) with infinity ("rosi")
Re: Quasigroup engryption ("rosi")
Re: RSA or DIFFIE-HELLMANN ([EMAIL PROTECTED])
Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length? (Jerry
Coffin)
Re: The One-Time Pad Paradox ("Douglas A. Gwyn")
Re: bareface ratio ("Gary M. Greenberg")
Re: A Quanitative Scale for Empirical Length-Strength ("Douglas A. Gwyn")
Re: A Quanitative Scale for Empirical Length-Strength ("Douglas A. Gwyn")
Re: two questions ("Douglas A. Gwyn")
Re: Why mirrors invert left-to-right (was: Kryptos article) (S.T.L.)
Re: Can Anyone Help Me Crack A Simple Code? ("Douglas A. Gwyn")
Re: two questions ("Douglas A. Gwyn")
Re: Can Anyone Help Me Crack A Simple Code? (S.T.L.)
Re: Can Anyone Help Me Crack A Simple Code? (mercury)
From: "Harvey Rook" <[EMAIL PROTECTED]>
Subject: Re: two questions
Date: Wed, 30 Jun 1999 16:14:16 -0700
<[EMAIL PROTECTED]> wrote in message
news:7le239$qkn$[EMAIL PROTECTED]...
>
>
>
> So why isn't RC4 the wave of the future? Why jump on new ideas (which
> are slower, and presumably no more secure)?
>
> Just wondering...
Stream ciphers have two inherent security holes that require extra work to
plug.
1. Unless you are using a message digest with special properties (includes
the value of the key), or a digital signature, an opponent who knows the
plaintext can edit the message without getting caught. All you have to do is
go to the appropriate part of the data stream, xor with the plaintext value,
and then re-xor with the value you want. I don't need to know the key to do
this.
2. You can't use the same password twice. Yes you can prepend some random
bits to your key, but if you accidentally decrypt a file using the wrong
password, and then try to recover by re-encrypting it with the same wrong
password, you are out of luck.
So, to get the same security as a block cipher, you need a secure one way
hash function, and some weird key pre-processing. This extra work takes up
extra codes space, and makes stream ciphers slower. Remember, Two Fish and
RC6 are operating at about 19 cycles per byte.
The inherent security problems with stream ciphers, is the reason why block
ciphers will stay popular.
Harv
[EMAIL PROTECTED]
Spam guard, the mail isn't cold, it's hot.
--
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: How do you make RSA symmetrical?
Date: 30 Jun 1999 23:25:23 GMT
In <7ldqob$nes$[EMAIL PROTECTED]> Bob Silverman <[EMAIL PROTECTED]> writes:
>> Fine, but is there anything you can add to "M^e mod N" to get a 64 bit
>> cyphertext? Enlarging N, reducing the exponent, or something like
>> that?
No. M^e mod N is of length either N or of length e*(Length of M)
whichever is shorter. So, you can get a 64 bit output by either making N
have 64 bits, or by making M less than 64/e. In the latter case the
system is trivially broken on a 10 dollar calculator in the length of
time it takes to key in the output. In th former case, the system is
trivially broken by factoring N. It will require an 1980's PC.
So yes, you can have a 64 bit output if you want it.
--
Subject: Re: Moores Law (a bit off topic)
From: [EMAIL PROTECTED] (Sam Trenholme)
Date: Thu, 01 Jul 1999 00:07:33 GMT
>RSA-128?
I am sure he meant RC5-128.
- Sam
--
Subject: Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length?
From: [EMAIL PROTECTED] (Sam Trenholme)
Date: Thu, 01 Jul 1999 00:09:51 GMT
>Who is NIST?
http://www.nist.gov
And, much to the interest of people here:
http://www.nist.gov/aes
- Sam
--
From: [EMAIL PROTECTED]
Subject: Re: A slide attack on TEA?
Date: Thu, 01 Jul 1999 00:14:47 GMT
In article <7ldsf1$p6d$[E
Cryptography-Digest Digest #811
Cryptography-Digest Digest #811, Volume #8 Tue, 29 Dec 98 22:13:03 EST
Contents:
Re: Opinions on S/MIME ("Rich Ankney")
Re: History of Cryptanalysis ("Don Chiasson")
Re: History of Cryptanalysis ("Don Chiasson")
Re: Session keys in Elliptic Curve ([EMAIL PROTECTED])
Re: [Q. newbie] Authentication/Digital Signatures (Harpy-34)
From: "Rich Ankney" <[EMAIL PROTECTED]>
Subject: Re: Opinions on S/MIME
Date: 30 Dec 1998 00:13:16 GMT
This is from the PKIX (not S/MIME) RFC set. Sam is not quite correct that
Proof of Possession (PoP) is the same as sending your private key to the
CA. PoP allows the user to prove to the CA that he knows a private key
(e.g., sign a challenge with your private key, decrypt a challenge with
your
private key, etc.). The ability to archive your private key IS an OPTIONAL
part
of both PKIX certificate management protocols (CMP and CMC) but is not
the same as PoP.
Regards,
Rich
Brad Aisa <[EMAIL PROTECTED]> wrote in article <[EMAIL PROTECTED]>...
> Sam,
>
> Thanks for your detailed and instructive response. The thing that most
> disturbed me (apart from the 1024-bit key limit), was this:
>
> Sam Simpson wrote:
>
> > One of the S/Mime standard documents [PKIX98] describes a "feature" of
> > S/Mime called "Proof of Possession of Private Key". This is a
mechanism
> > whereby end users private keys are deposited with the CA when
certification
> > is requested. This is a very worrying inclusion and makes the
> > implementation of mandatory key escrow a trivial matter. The PGP draft
> > standard contains no such references to key recovery technology.
>
> Does this mean that when I obtained a certificate from Thawte, that my
> *private key* was transmitted to them???
>
> Please tell me it ain't so...
>
> --
> Brad Aisa
> [EMAIL PROTECTED]
> S/MIME signed using freemail ID from www.thawte.com
>
> "Laissez faire."
--
From: "Don Chiasson" <[EMAIL PROTECTED]>
Subject: Re: History of Cryptanalysis
Date: Tue, 29 Dec 1998 18:00:40 -0500
Another classic (is it still in print?) is Herbert O. Yardley's
"The American Black Chamber", originallly published in 1931.
It is about American code breaking from 1913 until 1929 when
secretary of state Stimson shut down the operation with a
remark to the effect that "Gentlemen do not read other people's
mail." It is a good read.
Don
Ian McConnell wrote in message ...
>Plenty has been written about the cracking of the German and Japanese codes
>during World War II, but there seems to be little information on the
>cryptanalysis that was carried out pre-WW2. ...
--
From: "Don Chiasson" <[EMAIL PROTECTED]>
Subject: Re: History of Cryptanalysis
Date: Tue, 29 Dec 1998 18:00:40 -0500
Another classic (is it still in print?) is Herbert O. Yardley's
"The American Black Chamber", originallly published in 1931.
It is about American code breaking from 1913 until 1929 when
secretary of state Stimson shut down the operation with a
remark to the effect that "Gentlemen do not read other people's
mail." It is a good read.
Don
Ian McConnell wrote in message ...
>Plenty has been written about the cracking of the German and Japanese codes
>during World War II, but there seems to be little information on the
>cryptanalysis that was carried out pre-WW2. ...
--
From: [EMAIL PROTECTED]
Subject: Re: Session keys in Elliptic Curve
Date: Wed, 30 Dec 1998 00:04:05 GMT
Hi guys, about a year ago, I was handed a demo encryption/decryption
program in QBASIC that handles 128-bit encrypted messages. A few months ago,
I post a message about it in one of these forums, and you guys said that
my program didn't work right. Well, I would like to know if that's true or
not.
In your reply, please leave a short, encrypted message, along with its
password. Please keep the message short, and I'll type it into the program.
I'll let you know if it works or not for sure. Okay?
Alan
= Posted via Deja News, The Discussion Network
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
--
From: Harpy-34 <[EMAIL PROTECTED]>
Subject: Re: [Q. newbie] Authentication/Digital Signatures
Date: Tue, 29 Dec 1998 17:59:52 -1000
Thomas Harte ([EMAIL PROTECTED]) wrote:
[...]
: I should perhaps have been a trifle more clear in my posting. I was
: wondering if there is a means of _publicly_ verifying an authenticated
: message by means of an authentication/signature-only prot
