Cryptography-Digest Digest #811
Cryptography-Digest Digest #811, Volume #13 Mon, 5 Mar 01 20:13:01 EST Contents: Re: Monty Hall problem (was Re: philosophical question?) (Virgil) Re: passphrase question (Benjamin Goldberg) Re: Monty Hall problem (was Re: philosophical question?) (Shawn Willden) Re: => FBI easily cracks encryption ...? ("Open FleshWound") Re: => FBI easily cracks encryption ...? (Free-man) Re: The Foolish Dozen or so in This News Group (Eric Lee Green) Re: passphrase question (Paul Rubin) Re: Monty Hall problem (was Re: philosophical question?) ("Mxsmanic") Re: Monty Hall problem (was Re: philosophical question?) ("Mxsmanic") Re: passphrase question ("Mxsmanic") Re: Test vectors for 3DES with OFB or CFB ("Scott Fluhrer") Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily crack (Shawn Willden) Re: passphrase question ("Mxsmanic") From: Virgil <[EMAIL PROTECTED]> Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math Subject: Re: Monty Hall problem (was Re: philosophical question?) Date: Mon, 05 Mar 2001 16:15:15 -0700 In article <980nk6$aor$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Arturo Magidin) wrote: > >Indeed. In the standard Monty Hall problem, the standard answer > >requires all of these assumptions: > > > >1. The car is more valuable than the goats. > >2. The car was equally likely to be behind any of the 3 doors. > >3. After I pick a door, Monty always opens another door and shows me a > >goat. > >4. In case I picked the door with the car, Monty is equally likely to > >open either one of the other two doors. > > I think that assumption 4 is unnecessary. If you have already picked the door hiding the car, it is irrelevant which of the other doors Monty picks, it is only necessary that he pick one of them. -- From: Benjamin Goldberg <[EMAIL PROTECTED]> Crossposted-To: alt.security.pgp Subject: Re: passphrase question Date: Mon, 05 Mar 2001 23:15:13 GMT Mxsmanic wrote: > > "Tom McCune" <[EMAIL PROTECTED]> wrote in message > news:yfTo6.218982$[EMAIL PROTECTED]... > > > I can't buy that. > > Well, it's your security, not mine. I'm more paranoid than you, I > guess. > > > There is no way for my opponent to know whether > > or not I repeat characters, or have numbers, or > > have letters, etc., in my passphrase. > > Maybe. > > But the fact is, if you are systematically repeating characters, you > may as well just stick with a six-character password, instead. But you forget that the number of repetitions is also part of the password. So it's not, how much entropy is in ".a$fD5", it's how much entropy is in {".a$fD5",7,10,11,11,7,4}. Going with the assumptions made by alphabeta, each of the integers can be in the range 1-16, and contains 4 bits of entropy. 6 integers is 24 bits of entropy. A truly random 6 character string might also contain 6 bits of entropy per character, so that's another 36 bits of entropy. So the whole method produces 60 bits of entropy. Of course, there is the exact same amount of entropy in {".a$fD5",7,10, 11,11,7,4} as there is in ".a$fD5 7 10 11 11 7 4" which is easier to type. -- The difference between theory and practice is that in theory, theory and practice are identical, but in practice, they are not. -- From: Shawn Willden <[EMAIL PROTECTED]> Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math Subject: Re: Monty Hall problem (was Re: philosophical question?) Date: Mon, 05 Mar 2001 16:39:46 -0700 "Joe H. Acker" wrote: > Interestingly, this can be tested empirically. All you need is a good > TRNG based on radioactive-decay and a function that takes input from the > TRNG to produce an unbiased random number in an integer range. You don't need a TRNG, or even an unpredictable RNG. You just need an RNG with relatively good statistical properties. > Then you write a program that randomly assigns the car to an element of an > array > [1..3], makes a random choice c for one element of the array and > implement Monty's algorithm: take the two remaining elements, if one of > them is the car, mark the other as "opened", otherwise you're free to > randomly mark any of the remaining two elements as "opened". Then, make > two iterated test runs, one time always staying with the first element > c, another run always changing to the remaining element that is not the > first c and not marked as "opened". That describes an implementation that is much more complex than
Cryptography-Digest Digest #811
Cryptography-Digest Digest #811, Volume #12 Mon, 2 Oct 00 05:13:01 EDT Contents: Re: Choice of public exponent in RSA signatures (Paul Rubin) Re: Choice of public exponent in RSA signatures (Roger Schlafly) Re: Choice of public exponent in RSA signatures (David A Molnar) Re: Choice of public exponent in RSA signatures (Roger Schlafly) Re: Choice of public exponent in RSA signatures ("John A. Malley") Re: Choice of public exponent in RSA signatures (Paul Rubin) Re: Question on biases in random numbers & decompression (Ray Dillinger) Re: How Colossus helped crack Hitler's codes (John Savard) Ciphers and Unicode (Ray Dillinger) Re: Choice of public exponent in RSA signatures (Francois Grieu) Re: Which is better? CRC or Hash? (Tiemo Ehlers) Re: Choice of public exponent in RSA signatures (Francois Grieu) Re: Avoiding bogus encryption products: Snake Oil FAQ (Robert Davies) Re: Josh MacDonald's library for adaptive Huffman encoding (Phil Norman) Re: Shareware Protection Schemes (Anders Thulin) Re: Choice of public exponent in RSA signatures (D. J. Bernstein) Re: About implementing big numbers (David Blackman) Re: On block encrpytion processing with intermediate permutations (Mok-Kong Shen) Re: Choice of public exponent in RSA signatures (Mok-Kong Shen) Re: On block encrpytion processing with intermediate permutations (Mok-Kong Shen) Re: Signature size ([EMAIL PROTECTED]) Re: Ciphers and Unicode (David Blackman) From: Paul Rubin <[EMAIL PROTECTED]> Subject: Re: Choice of public exponent in RSA signatures Date: 01 Oct 2000 22:42:43 -0700 Francois Grieu <[EMAIL PROTECTED]> writes: > Researchers publishing on factorisation, be it using NFS, QS, or EC, > all agree that it would be harder to factor say a 1152 bit product of > three 384 bit primes, than to factor a 1024 bit product of two 512 > bit primes. Well, ok, since the modulus is bigger. But how does that difficulty compare to that of a 1152 bit product of two 576-bit primes? Does anyone really think that 1024-bit N=pq might be practical some day, but 1152-bit N=pqr won't also be practical at that time? I think factoring 1024-bit N=pq needs a mathematical breakthrough; and if we have one of those, who knows what will happen. -- From: Roger Schlafly <[EMAIL PROTECTED]> Subject: Re: Choice of public exponent in RSA signatures Date: Sun, 01 Oct 2000 22:50:42 -0700 Francois Grieu wrote: > Researchers publishing on factorisation, be it using NFS, QS, or EC, > all agree that it would be harder to factor say a 1152 bit product of > three 384 bit primes, than to factor a 1024 bit product of two 512 > bit primes; while secret-key operation with the first modulus > is one-third faster than with the second, using the CRT of course. Yes. > Yet multiprime RSA has not catch up (at least if you look at the > offer of hardware vendors). I do not think it is superstition only, > but also a bias towards simplicity, which I feel quite reasonable. 3-prime RSA is almost as simple as 2-prime RSA. -- From: David A Molnar <[EMAIL PROTECTED]> Subject: Re: Choice of public exponent in RSA signatures Date: 2 Oct 2000 05:32:47 GMT Paul Rubin <[EMAIL PROTECTED]> wrote: > Roger Schlafly <[EMAIL PROTECTED]> writes: >> A lot of crypto is based on superstitition. For several years >> it has been agreed that 3-prime RSA is superior to 2-prime RSA, >> but no one uses it. > Agreed by who?!! Compaq, for one. There's also a draft revision to PKCS #1 which will support multi-prime (distinct primes, note) RSA. -David -- From: Roger Schlafly <[EMAIL PROTECTED]> Subject: Re: Choice of public exponent in RSA signatures Date: Sun, 01 Oct 2000 22:59:43 -0700 Paul Rubin wrote: > Well, ok, since the modulus is bigger. But how does that difficulty > compare to that of a 1152 bit product of two 576-bit primes? The difficulty is the same with GNFS. GNFS is the fastest method for numbers in that range. The advantage to 3-prime RSA would be that secret key operations are faster. > Does anyone really think that 1024-bit N=pq might be practical some > day, but 1152-bit N=pqr won't also be practical at that time? The point is that there is a speed/security tradeoff. When comparing 2-prime to 3-prime RSA, you would usually compare them at the same security, or the same speed. Francois just happened to choose the parameters so that 3-prime RSA wins on both security and speed. -- From: "John A. Malley" <[EMAIL PROTECTED]> Subject: Re: Choice of public exponent in RSA signatures Date: Sun, 01 Oct 2000 23:09:12 -0700 Francois Grieu wrote: > [snip] > > > Exponent 65537
Cryptography-Digest Digest #811
Cryptography-Digest Digest #811, Volume #11 Thu, 18 May 00 10:13:01 EDT Contents: Re: Interesting differentials in BREAKME (Raphael Phan) Re: random.org? ("Steve and Darla Wells") Re: AES final comment deadline is May 15 (DJohn37050) Please help to decipher ([EMAIL PROTECTED]) Date: Thu, 18 May 2000 21:20:32 +0800 From: Raphael Phan <[EMAIL PROTECTED]> Subject: Re: Interesting differentials in BREAKME Hi, Adam Durana wrote: > > Ok, Mark, so how did you manage to get a differential of 32/256? Could > you > > enclose your difference distribution table for us? > > When I created the s-boxes 32 was the maximum differential. Below is the > table. The rows are the input XOR and the columns are the output XOR. > > 25600000000000000 > 0 > 4 28 186 16 12 10 10 30 186 22 24 14 16 > 22 >18 12 14 14 12 22 20 20 14 14 22 16 18 16 22 > 2 >10 28 18 160 18 18 16 14 28 16 22 12 16 12 > 12 >12 18 18 10 168 22 20 22 228 26 208 14 > 12 >12 24 26 268 22 10 16 12 10 264 14 12 12 > 22 >12 18 18 18 14 10 24 186 16 10 18 18 16 22 > 18 >16 146 18 22 18 16 18 16 12 16 14 12 20 16 > 22 > 8 14 14 24 12 22 14 24 2888 12 12 22 20 > 14 >22 28 12 22 188 16 10 10 10 18 10 16 10 20 > 26 >246 22 12 20 16 12 12 14 26 14 14 20 12 14 > 18 >12 226 12 26 14 14 18 268 18 20 12 22 14 > 12 >248 22 22 16 12 16868 18 20 16 16 26 > 18 >22 14 30 128 10 20 20 164 12 22 10 26 14 > 16 >186 22 14 16 20 12 12 12 30 18 248 20 10 > 14 >14 30 14 18 14 22 16 20 12 10 10 16 24 168 > 12 > 4 12 22 12 18 20 16 20 288 22 12 14 14 12 > 22 >22 18 16 28 146 18 10 22 12 14 12 10 18 24 > 12 >10 10 14 20 16 10 24 12 16 20 228 18 26 12 > 18 >16 22 18 14 28 14 16 16 106 14 28 12 106 > 26 >18 14 30 12 104 10 22 24 164 26 168 20 > 22 > 8 124 14 24 18 24 20 22 22 108 14 18 18 > 20 >10 20 108 18 18 10 14 18 10 14 18 18 30 22 > 18 >24 14 22 14 12 16 18 12 24 20 12 10 18 10 10 > 20 >22 16 16 14 186 16 20 14 22 16 16 168 18 > 18 >168 14 206 12 168 14 26 10 24 16 24 16 > 26 >10 18 22 14 20 20 14 10 12 10 22 24 14 14 18 > 14 >208 14 30 12 228 226 14 18 10 22 18 16 > 16 >18 16 14 18 12 14 20 16 18 14 206 20 10 18 > 22 >24 18 14 22 12 14 12 12 24 16 20 148 10 22 > 14 >10 14 26 14 14 12 12 26 14 28 14 12 14 16 16 > 14 > 6 228 18 18 18 22 12 16 16 14 20 14 12 10 > 30 >20 18 14 20 18 148 24 18 20 12 14 10 248 > 14 >12 22 18 22 20 18 10 10 16 146 18 16 16 10 > 28 >188 26 16 12 22 10 20 18 18 20 12 14 12 22 > 8 >14 12 16 22 16 14 18 20 28 16 18 10 12 14 14 > 12 >148 14 14 14 20 10 14 18 14 18 12 26 28 26 > 6 >12 22 12 24 22 16 22 14 18 10 20 10 24 106 > 14 >18 12 16 14 14 20 20 10 18 14 18 30 24 10 12 > 6 >24 14 22 22 14 18 16 14 188 16 12 16 14 18 > 10 >24 20 18 20 12 184 208 16 18 12 10 14 22 > 20 >12 24 14 128 14 20 16 22 10 20 18 18 10 22 > 16 >16 14 128 14 16 14 26 20 26 18 22 10 18 12 > 10 >20 24 14 24 12 12 20 10 18 10 16 22 144 18 > 18 >10 20 16 18 12 20 12 208 30 14 24 14 16 10 > 12 >20 22 20 10 12 18 20 14 20 14 184 16 16 18 > 14 >14 20 16 16 12 16 14 20 14
Cryptography-Digest Digest #811
Cryptography-Digest Digest #811, Volume #10 Thu, 30 Dec 99 05:13:01 EST Contents: Re: Data Encryption in Applet? (David Hopwood) Re: Questions about message digest functions (David Hopwood) Re: Ellison/Schneier article on Risks of PKI (David Hopwood) Re: Attacks on a PKI (David A Molnar) Re: Homophones (wtshaw) Re: Grounds for Optimism (wtshaw) New Stream Algo - Software to prove a point (to me!) (Raddatz Peter) Re: Homophones (Mok-Kong Shen) Re: Employing digits of pi (Mok-Kong Shen) cryptography website(dutch)! ("Red Shadow") Re: Factorization of DDD. Better than Montgomery ? (Angel Garcia) Re: Enigma (Mok-Kong Shen) Date: Thu, 30 Dec 1999 03:39:21 + From: David Hopwood <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Crossposted-To: comp.lang.java.security,microsoft.public.java.security,comp.lang.java.programmer Subject: Re: Data Encryption in Applet? =BEGIN PGP SIGNED MESSAGE= "Law Wun Suen, Brian" wrote: > > Tim Wood wrote: > > > wrote in message <[EMAIL PROTECTED]>... > > >Hi > > > > > >I am looking for a way to encrypt data through an applet using symmetric > > >(or asymmetric) encryption. I thought of sending an applet containing a > > >symmetric key to a client. > > > > How? If the symmetric key is not encrypted when you send it, it could be > > intercepted and used to read the, client side encrypted, data. > > I think if the application have to consider about the performance, better > to use both (symmetric and asymmetric) encryption together. It really look > like how the SSL work. You generate a random key (secret key) for the > symmetric encryption and encrypt this securet key with your own private > key. The client program receive the key and decrypt it by the public key. > Then use that secret key for that sesssion communication. This is no more secure than sending the applet containing a symmetric key. If the applet can decrypt the key, so can an eavesdropper who decompiles the applet. Using SSL (both to load the applet and to send data back to the site) would solve this problem, *provided* you trust that the browser root CAs will only sign certificates from legitimate site owners, that include the correct domain name. (The user can, at least in principle, tell that a man-in-the-middle attack has not occurred by looking at the site certificate. Unfortunately most users don't look at this certificate, so the actual level of security against active attacks is somewhat dubious. It should be secure against passive attacks, though.) - -- David Hopwood <[EMAIL PROTECTED]> PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01 "Attempts to control the use of encryption technology are wrong in principle, unworkable in practice, and damaging to the long-term economic value of the information networks." -- UK Labour Party pre-election policy document =BEGIN PGP SIGNATURE= Version: 2.6.3i Charset: noconv iQEVAwUBOGrPDjkCAxeYt5gVAQEvTQgAuJSXL3cFbU/Uvwmgrnca2r2+7b7WIQMW Ncs6r/yMm2A8r2kLoPFwmUINgyLbin/i4mM+qJf7OhHr3mKhGU+mXlUDEune34Zy ws9OKNa4rymQfOZh3qhVh+mf6qeCnl1U9d/Nd9Hn/nvHB8O0oj/WdhwlbHkTslAj ry5J0/ANo9+SC05YaPCsKL5InHeMveUft2Tv0y6RWCTrwnGVX4zMoP68Iyw+vhT1 8mkgtNllFH8JUrVItROyKX0eB5T+9vOqB1tWmrZeBsap/b0MBAW54VRee3tztDuK C/byEcIDCWgHz32Nn56rQMpRSC7Id6TwJN78XMBiGjSZOrfmMoh/+A== =DmHD =END PGP SIGNATURE= -- Date: Thu, 30 Dec 1999 03:40:20 + From: David Hopwood <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Subject: Re: Questions about message digest functions =BEGIN PGP SIGNED MESSAGE= Tim Tyler wrote: > > In sci.crypt, lordcow77 wrote: > > <[EMAIL PROTECTED]> wrote: > > > > Hash functions may be made from block cyphers. > > > Block cyphers are reversible. Consequently, > > > a message hash of a message with the hash > > > size, the block size and the message size all > > > equal will be a bijection. [...] [...] > > The construction that transforms a block > > cipher cryptographic primative into a hash > > function should destroy the bijectiveness of > > the block cipher. This is correct. > No. You are mistaken. > > Consider a common technique of transforming a > block cypher into a hash: > > Apply the block cypher in a chaining mode to > the message. Take the last block of cyphertext as > the hash. I don't know about it being "a common technique", but I certainly wouldn't use it. You're presumably using the block cipher with a known key, K (otherwise it would be a MAC, not a hash). For concreteness assume CBC as
Cryptography-Digest Digest #811
Cryptography-Digest Digest #811, Volume #9Thu, 1 Jul 99 02:13:03 EDT Contents: Re: two questions ("Harvey Rook") Re: How do you make RSA symmetrical? (Bill Unruh) Re: Moores Law (a bit off topic) (Sam Trenholme) Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length? (Sam Trenholme) Re: A slide attack on TEA? ([EMAIL PROTECTED]) Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length? (Greg Ofiesh) Re: two questions ([EMAIL PROTECTED]) Re: two questions ([EMAIL PROTECTED]) Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length? (Greg Ofiesh) Re: two questions ("rosi") Re: How to find the period of a sequence ("Brian McKeever") Re: Secure link over Inet if ISP is compromized. ("rosi") Re: Good book for beginning Cryptographers? (Peter Gutmann) Re: Project "Infinity" - replace 1 (one) with infinity ("rosi") Re: Quasigroup engryption ("rosi") Re: RSA or DIFFIE-HELLMANN ([EMAIL PROTECTED]) Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length? (Jerry Coffin) Re: The One-Time Pad Paradox ("Douglas A. Gwyn") Re: bareface ratio ("Gary M. Greenberg") Re: A Quanitative Scale for Empirical Length-Strength ("Douglas A. Gwyn") Re: A Quanitative Scale for Empirical Length-Strength ("Douglas A. Gwyn") Re: two questions ("Douglas A. Gwyn") Re: Why mirrors invert left-to-right (was: Kryptos article) (S.T.L.) Re: Can Anyone Help Me Crack A Simple Code? ("Douglas A. Gwyn") Re: two questions ("Douglas A. Gwyn") Re: Can Anyone Help Me Crack A Simple Code? (S.T.L.) Re: Can Anyone Help Me Crack A Simple Code? (mercury) From: "Harvey Rook" <[EMAIL PROTECTED]> Subject: Re: two questions Date: Wed, 30 Jun 1999 16:14:16 -0700 <[EMAIL PROTECTED]> wrote in message news:7le239$qkn$[EMAIL PROTECTED]... > > > > So why isn't RC4 the wave of the future? Why jump on new ideas (which > are slower, and presumably no more secure)? > > Just wondering... Stream ciphers have two inherent security holes that require extra work to plug. 1. Unless you are using a message digest with special properties (includes the value of the key), or a digital signature, an opponent who knows the plaintext can edit the message without getting caught. All you have to do is go to the appropriate part of the data stream, xor with the plaintext value, and then re-xor with the value you want. I don't need to know the key to do this. 2. You can't use the same password twice. Yes you can prepend some random bits to your key, but if you accidentally decrypt a file using the wrong password, and then try to recover by re-encrypting it with the same wrong password, you are out of luck. So, to get the same security as a block cipher, you need a secure one way hash function, and some weird key pre-processing. This extra work takes up extra codes space, and makes stream ciphers slower. Remember, Two Fish and RC6 are operating at about 19 cycles per byte. The inherent security problems with stream ciphers, is the reason why block ciphers will stay popular. Harv [EMAIL PROTECTED] Spam guard, the mail isn't cold, it's hot. -- From: [EMAIL PROTECTED] (Bill Unruh) Subject: Re: How do you make RSA symmetrical? Date: 30 Jun 1999 23:25:23 GMT In <7ldqob$nes$[EMAIL PROTECTED]> Bob Silverman <[EMAIL PROTECTED]> writes: >> Fine, but is there anything you can add to "M^e mod N" to get a 64 bit >> cyphertext? Enlarging N, reducing the exponent, or something like >> that? No. M^e mod N is of length either N or of length e*(Length of M) whichever is shorter. So, you can get a 64 bit output by either making N have 64 bits, or by making M less than 64/e. In the latter case the system is trivially broken on a 10 dollar calculator in the length of time it takes to key in the output. In th former case, the system is trivially broken by factoring N. It will require an 1980's PC. So yes, you can have a 64 bit output if you want it. -- Subject: Re: Moores Law (a bit off topic) From: [EMAIL PROTECTED] (Sam Trenholme) Date: Thu, 01 Jul 1999 00:07:33 GMT >RSA-128? I am sure he meant RC5-128. - Sam -- Subject: Re: Why Elliptic Curve Cryptosystem is stronger with shorter key length? From: [EMAIL PROTECTED] (Sam Trenholme) Date: Thu, 01 Jul 1999 00:09:51 GMT >Who is NIST? http://www.nist.gov And, much to the interest of people here: http://www.nist.gov/aes - Sam -- From: [EMAIL PROTECTED] Subject: Re: A slide attack on TEA? Date: Thu, 01 Jul 1999 00:14:47 GMT In article <7ldsf1$p6d$[E
Cryptography-Digest Digest #811
Cryptography-Digest Digest #811, Volume #8 Tue, 29 Dec 98 22:13:03 EST Contents: Re: Opinions on S/MIME ("Rich Ankney") Re: History of Cryptanalysis ("Don Chiasson") Re: History of Cryptanalysis ("Don Chiasson") Re: Session keys in Elliptic Curve ([EMAIL PROTECTED]) Re: [Q. newbie] Authentication/Digital Signatures (Harpy-34) From: "Rich Ankney" <[EMAIL PROTECTED]> Subject: Re: Opinions on S/MIME Date: 30 Dec 1998 00:13:16 GMT This is from the PKIX (not S/MIME) RFC set. Sam is not quite correct that Proof of Possession (PoP) is the same as sending your private key to the CA. PoP allows the user to prove to the CA that he knows a private key (e.g., sign a challenge with your private key, decrypt a challenge with your private key, etc.). The ability to archive your private key IS an OPTIONAL part of both PKIX certificate management protocols (CMP and CMC) but is not the same as PoP. Regards, Rich Brad Aisa <[EMAIL PROTECTED]> wrote in article <[EMAIL PROTECTED]>... > Sam, > > Thanks for your detailed and instructive response. The thing that most > disturbed me (apart from the 1024-bit key limit), was this: > > Sam Simpson wrote: > > > One of the S/Mime standard documents [PKIX98] describes a "feature" of > > S/Mime called "Proof of Possession of Private Key". This is a mechanism > > whereby end users private keys are deposited with the CA when certification > > is requested. This is a very worrying inclusion and makes the > > implementation of mandatory key escrow a trivial matter. The PGP draft > > standard contains no such references to key recovery technology. > > Does this mean that when I obtained a certificate from Thawte, that my > *private key* was transmitted to them??? > > Please tell me it ain't so... > > -- > Brad Aisa > [EMAIL PROTECTED] > S/MIME signed using freemail ID from www.thawte.com > > "Laissez faire." -- From: "Don Chiasson" <[EMAIL PROTECTED]> Subject: Re: History of Cryptanalysis Date: Tue, 29 Dec 1998 18:00:40 -0500 Another classic (is it still in print?) is Herbert O. Yardley's "The American Black Chamber", originallly published in 1931. It is about American code breaking from 1913 until 1929 when secretary of state Stimson shut down the operation with a remark to the effect that "Gentlemen do not read other people's mail." It is a good read. Don Ian McConnell wrote in message ... >Plenty has been written about the cracking of the German and Japanese codes >during World War II, but there seems to be little information on the >cryptanalysis that was carried out pre-WW2. ... -- From: "Don Chiasson" <[EMAIL PROTECTED]> Subject: Re: History of Cryptanalysis Date: Tue, 29 Dec 1998 18:00:40 -0500 Another classic (is it still in print?) is Herbert O. Yardley's "The American Black Chamber", originallly published in 1931. It is about American code breaking from 1913 until 1929 when secretary of state Stimson shut down the operation with a remark to the effect that "Gentlemen do not read other people's mail." It is a good read. Don Ian McConnell wrote in message ... >Plenty has been written about the cracking of the German and Japanese codes >during World War II, but there seems to be little information on the >cryptanalysis that was carried out pre-WW2. ... -- From: [EMAIL PROTECTED] Subject: Re: Session keys in Elliptic Curve Date: Wed, 30 Dec 1998 00:04:05 GMT Hi guys, about a year ago, I was handed a demo encryption/decryption program in QBASIC that handles 128-bit encrypted messages. A few months ago, I post a message about it in one of these forums, and you guys said that my program didn't work right. Well, I would like to know if that's true or not. In your reply, please leave a short, encrypted message, along with its password. Please keep the message short, and I'll type it into the program. I'll let you know if it works or not for sure. Okay? Alan = Posted via Deja News, The Discussion Network http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own -- From: Harpy-34 <[EMAIL PROTECTED]> Subject: Re: [Q. newbie] Authentication/Digital Signatures Date: Tue, 29 Dec 1998 17:59:52 -1000 Thomas Harte ([EMAIL PROTECTED]) wrote: [...] : I should perhaps have been a trifle more clear in my posting. I was : wondering if there is a means of _publicly_ verifying an authenticated : message by means of an authentication/signature-only prot