Cryptography-Digest Digest #947
Cryptography-Digest Digest #947, Volume #13 Tue, 20 Mar 01 05:13:01 EST
Contents:
Re: Idea (Mok-Kong Shen)
Re: Codes that use *numbers* for keys (Mok-Kong Shen)
Re: Am I allowed to put any encryption software of my own creation on my (Mok-Kong
Shen)
Re: Codes that use *numbers* for keys (Juuichiketajin)
Re: Defining a cryptosystem as "broken" (Mok-Kong Shen)
Re: Codes that use *numbers* for keys (Mok-Kong Shen)
Re: Are prime numbers illegal ? (Nicholas Sheppard)
Re: SSL secured servers and TEMPEST (Frank Gerlach)
Re: FIPS 140-1 does not adress eavesdropping (Frank Gerlach)
Re: AES encryption speed vs decryption speed ("Brian Gladman")
A future supercomputer (Mok-Kong Shen)
Re: Defenses Against Compromising Emanations of the Private Key (Frank Gerlach)
Re: Idea ("Nathan Dietsch")
Re: Codes that use *numbers* for keys ("Henrick Hellström")
Re: Codes that use *numbers* for keys (Joe H. Acker)
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Idea
Date: Tue, 20 Mar 2001 08:30:52 +0100
amateur wrote:
Don't forget that with my idea the same clear could produce multiple
cyphertext.
Schneier is defining restricted algorithm when algo is kept secret.
That's not my case.
All my algo is public. The secret who is to find and distinguish two
categories of symbols is not secret at all.
But the sender has the freedom to imagine any kind of two categories
before encrypting.
This secret is disclose if the recipient has the key.
All modern cryptography is based on power of computing.
What I'm proposing is to found a new cryptography based on the inability
of computer to analyse a text trying to distinguish two categories.
Computer has no this attribute. So the cryptanalist even if he use the
computer is helpless. The only strategy for him is to try to guess what
a sender has choosen to encrypt every bit.
And this domain is infinite.
You have multiple combinations using only the characters of ASCII table.
If using others codes, you have to understand thas it's quite impossible
to attack.
If the symbols in two categories are known, then the scheme
is very much easier for the oppoent to work with than the
case where these are unknown, since he has to try only
two cases. Since one can easily generate two unknown
categories of symbols (having constant or variable number
of bits) with a key, what is the use of your scheme at all?
M. K. Shen
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Codes that use *numbers* for keys
Date: Tue, 20 Mar 2001 08:39:48 +0100
Juuichiketajin wrote:
[snip]
Why are key lengths always given in bits? Why not a code that takes, oh
say, 60 decimal digits for a key? I can relate to 60 digits, not to so
many bits.
Modern ciphers are implemented with computer hard/software.
These work with bits. Hence bit is a natural measure. You
can always convert between the bases of number systems.
Does an American visiting London ask why the prices are not
in dollars?
M. K. Shen
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Am I allowed to put any encryption software of my own creation on my
Date: Tue, 20 Mar 2001 09:06:16 +0100
Dennis Ritchie wrote:
[snip]
The document is tedious to
read, but rather more liberal in its requirements than
one might expect. Things have changed.
Fine to know. This change is presumably sort of: If the
mountain doesn't come to Mohammed, then Mohammed will go
to it.
M. K. Shen
http://home.t-online.de/home/mok-kong.shen
--
From: [EMAIL PROTECTED] (Juuichiketajin)
Subject: Re: Codes that use *numbers* for keys
Date: 20 Mar 2001 08:15:41 GMT
In article [EMAIL PROTECTED], [EMAIL PROTECTED] says...
Juuichiketajin wrote:
[snip]
Why are key lengths always given in bits? Why not a code that takes, oh
say, 60 decimal digits for a key? I can relate to 60 digits, not to so
many bits.
Modern ciphers are implemented with computer hard/software.
These work with bits.
They need not.
I have at my disposal a financial and a scientific calculator that both work
in decimal. I have reason to believe that the internal number-storage format
is decimal.
Even granting that binary divisions are somehow superior, I suspect that the
REAL reason bits are used, rather than bytes or at the very least nibbles, is
so the sizes sound bigger.
When you hear "48-bit key", don't you find yourself performing some mental
calculation as to the value of 2^48 in some other system?
Hence bit is a natural measure. You
can always convert between the bases of number systems.
Does an American visiting London ask why the prices are not
in dollars?
M. K. Shen
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Defining a cryptosystem
Cryptography-Digest Digest #947
Cryptography-Digest Digest #947, Volume #11 Mon, 5 Jun 00 13:13:01 EDT
Contents:
Re: Quantum computers (JCA)
Limits of the knowledge of the NSA (Runu Knips)
do you need unrestricted FREE S/MIME certificate ? than read message ... (jungle)
Re: XTR independent benchmarks (Roger Schlafly)
Re: Could RC4 used to generate S-Boxes? (Simon Johnson)
Re: Question about recommended keysizes (768 bit RSA) (DJohn37050)
Paper about Pollards Algorithm for finding discrete logs ("Jesper Stocholm")
Re: Cipher design a fading field? ("Douglas A. Gwyn")
Re: Faster than light Cryptanalysis ("Douglas A. Gwyn")
Re: Actually this person faxed me an article of the U.S. commercial espionage in
August, 1995 good work Tatu Ylonen ... actually I have tried to provide some
intel in the past ... (Markku J. Saarelainen)
Re: Statistics of occurences of prime number sequences in PRBG output as gauge of
"goodness" ([EMAIL PROTECTED])
Re: Need "attack time" measurements on a toy cipher... (long) ("Paul Pires")
Re: Question about recommended keysizes (768 bit RSA) (Jerry Coffin)
Re: Cipher design a fading field? (Anton Stiglic)
I have actually been following some activities of Jan H, an ex-CIA officer who
helped to set up Motorola's intelligence system .. interesting .. (Markku J.
Saarelainen)
Re: I have actually been following some activities of Jan H, an ex-CIA officer who
helped to set up Motorola's intelligence system .. interesting .. (Markku J.
Saarelainen)
From: JCA [EMAIL PROTECTED]
Subject: Re: Quantum computers
Date: Mon, 05 Jun 2000 07:44:13 -0700
DrArm wrote:
Is it true that NSA has a quantum computer for codebraking?
I guess you mean codebreaking.
I am sure they don't. Actually, I have the feeling that the NSA's
capabilities are usually exaggerated. They are good, but not
gods. In fact, elliptic curve cryptography seems to have escaped
them completely, and caught them off balance when originally
published in the mid-eighties.
--
Date: Mon, 05 Jun 2000 17:20:33 +0200
From: Runu Knips [EMAIL PROTECTED]
Subject: Limits of the knowledge of the NSA
JCA wrote:
[...] Actually, I have the feeling that the NSA's
capabilities are usually exaggerated. They are good, but not
gods. In fact, elliptic curve cryptography seems to have escaped
them completely, and caught them off balance when originally
published in the mid-eighties.
Well, this might be true for any new invention. The NSA might
not have known about that before. But on the other hand, it
is also clear that the NSA still knows much which the public
doesn't know, isn't it so ?
--
From: jungle [EMAIL PROTECTED]
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: do you need unrestricted FREE S/MIME certificate ? than read message ...
Date: Mon, 05 Jun 2000 11:34:18 -0400
do you need unrestricted FREE S/MIME certificate ? than read message ...
--
To protect privacy, use encryption ALL the time. Free S/MIME PGP at:
https://secure.openca.org/ http://web.mit.edu/network/pgp.html
--
From: Roger Schlafly [EMAIL PROTECTED]
Subject: Re: XTR independent benchmarks
Date: Mon, 05 Jun 2000 08:37:38 -0700
Wei Dai wrote:
All this is probably irrelevant because the differences are just not great
enough to matter. People are either going to use ECC when bandwidth is
important, or DH over GF(p) when it's not.
Yes, even if XTR were free. Then when you consider that DH, ECC,
LUCDIF are all patent-free, and RSA will soon be, it is hard to
see who is going to be using XTR.
--
From: Simon Johnson [EMAIL PROTECTED]
Subject: Re: Could RC4 used to generate S-Boxes?
Date: Mon, 05 Jun 2000 15:34:02 GMT
In article [EMAIL PROTECTED],
tomstd [EMAIL PROTECTED] wrote:
In article 8hdt3k$apl$[EMAIL PROTECTED], Simon Johnson
[EMAIL PROTECTED] wrote:
I've read somewhere that RC4 is secure against both diff lin
cryptanalyis. I figure this secuirty must be derived from its s-
box. My
real question is, is the secrecy of the s-box that makes it
secure or
does the algorithm generate diff lin optimized s-boxes?
Chances are you have a bit of reading todo on sbox construction.
Damn Right, thats why i'm asking. :)
Anyone know a good tutorial?
The reason RC4 is secure is that it's hard to model the internal
state based on output only. Some 'weak keys' have been
identified which leak more information about the state.
The sboxes RC4 makes are by no means secure on their own (i.e in
a feistel cipher), and don't always have optimial cryptographic
properties (SAC, BIC, non-linear, bijective, low xor-pairs).
I kinda thought this, i posted this question to confirm that this was
not the case.
Tom
--
=
Cryptography-Digest Digest #947
Cryptography-Digest Digest #947, Volume #9 Wed, 28 Jul 99 22:13:03 EDT
Contents:
Re: What the hell is XOR? ("Douglas A. Gwyn")
Re: Prime numbers wanted (John Savard)
Re: OK. Maybe I am missing something here. ("Douglas A. Gwyn")
Re: OTP export controlled? ("Douglas A. Gwyn")
Re: With all the talk about random... (John McDonald, Jr.)
Can you use HASH functions for identification? (Michelle Davis)
Re: Prime numbers wanted (Gergo Barany)
Re: Prime numbers wanted (John McDonald, Jr.)
Re: Prime numbers wanted (John Savard)
Re: With all the talk about random... (Mel Yorkian)
Re: What is twofish ??? (Keith A Monahan)
Re: OTP export controlled? (Isaac)
Re: What the hell is XOR? ([EMAIL PROTECTED])
What is twofish ??? (spike)
Thanks for the input on my OTP, what about this? (Shktr00p1)
Re: the defintion of Entropy (Keith A Monahan)
From: "Douglas A. Gwyn" [EMAIL PROTECTED]
Subject: Re: What the hell is XOR?
Date: Wed, 28 Jul 1999 19:37:26 GMT
John Savard wrote:
0 0 1 0 GT (NIMP is like NXOR; meaningful but rude)
But, of course, I would quibble that TRUE and FALSE aren't numbers;
They're constants in a Boolean algebra. The "GT" is just a name
for the specific binary operation; one can think of other names.
Boole himself actually did operate with 0 and 1 as numbers, using
arithmetic operations; e.g. a AND b == a TIMES b. There is an
isomorphism between GF(2) and the standard Boolean algebra, so
there is really nothing wrong with using "arithmetic" (mod 2) in
place of "logic" operations.
While we're on the subject, note that one can encode the binary
Boolean operators by using their truth table as the bits of their
code number. E.g. Cab (a IMPLIES b) has the truth table
a b Cab
0 0 1
0 1 1
1 0 0
1 1 1
so the truth-table entry for C is 1011(binary) (LSB on the right),
which is 0xB or 11(base 10). the advantage of such an encoding
is that the opcode itself contains the result for every combination
of inputs, in a uniform representation that can be realized using
very few wires/gates/operations. This idea generalizes to n-ary
Boolean operators. You could even consider this coding their
(completely specific) name.
--
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Prime numbers wanted
Date: Wed, 28 Jul 1999 19:38:53 GMT
"Vincent" [EMAIL PROTECTED] wrote, in part:
Is there any faster algorithm than the following one, which, given an (odd)
number n, returns the first prime number p=n ?
Assuming that I have a function is_prime tellimg me if a number is (or has
enough odd to be) prime (The Miller-Rabin test).
int My_Simple_Algorithm (int n)
{
int temp=n;
while (!is_prime(temp)) temp+=2;
return(temp);
}
Actually, there isn't *much* you can do to improve the speed of
finding a prime, but there is a little.
1) Instead of just testing only the odd numbers, you can also skip
testing numbers divisible by 3, by 5, by 7. Since you don't want to
bias the search in favor of primes equal to 1 modulo 210, the logic
gets a _bit_ complicated, but it need not be too bad.
2) You should first test the number using a fast probabilistic
primality testing algorithm. Only numbers that pass such a test should
be subjected to the slower test that ensures that they're prime.
(I'm not an expert on this, so others may give you better
suggestions.)
John Savard ( teneerf- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
--
From: "Douglas A. Gwyn" [EMAIL PROTECTED]
Subject: Re: OK. Maybe I am missing something here.
Date: Wed, 28 Jul 1999 19:39:35 GMT
Patrick Juola wrote:
Kasiski superposition has more general applications than finding
periodicity; in particular, one can use it to find a twice-used
OTP.
You must mean the "kappa test". The Kasiski method measures the
linear distance within a single message of repeats, and looks for
a common factor.
--
From: "Douglas A. Gwyn" [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: OTP export controlled?
Date: Wed, 28 Jul 1999 19:50:03 GMT
Dave Hazelwood wrote:
It all comes down to every one of us doing our part and not big
brother doing it for us.
Dave, the problem has been that far too many lazy SOBs prefer to
assign their personal decision making to somebody else, and there
is always somebody who is happy to take it from them. That means
that the rest of us are fighting not only the powermongers, but
also (by proxy) the lazy SOBs. That wouldn't be so bad in a
properly functioning constitutional republic, but in our case the
idea of majority rule has been adopted as some sort of ideal, so
the good guys being outnumbered becomes a serious problem.
It seems to be mostly an educational proble
Cryptography-Digest Digest #947
Cryptography-Digest Digest #947, Volume #8 Fri, 22 Jan 99 11:13:06 EST
Contents:
Re: Who will win in AES contest ?? (Jack Schott)
Re: french law about cryptography (Jan Garefelt)
Re: Pentium III... (R. Knauer)
Re: Pentium III... (R. Knauer)
Re: Help: Which secret key cipher? ("Kazak, Boris")
Re: Crack in Export Laws?? ("Kazak, Boris")
Re: 3DES cracked in 22 hours ??? (Was: Re: (fwd) DES Challenge III Broken in Record
22 Hours !) (Reuben Sumner)
Re: Metaphysics Of Randomness (R. Knauer)
Re: Help: Which secret key cipher? ([EMAIL PROTECTED])
Re: Metaphysics Of Randomness (R. Knauer)
Re: Thoughts on 'BestCrypt'? ([EMAIL PROTECTED])
Re: Who will win in AES contest ?? ([EMAIL PROTECTED])
Re: Help: Which secret key cipher? (Mok-Kong Shen)
Call-For-Papers: SAC '99 (SAC99)
Strong Encryption for 8086 (16 bit) (Andrew Lord)
Re: Help: Which secret key cipher? (Dorina Lanza)
From: Jack Schott [EMAIL PROTECTED]
Subject: Re: Who will win in AES contest ??
Date: Fri, 22 Jan 1999 05:18:39 -1000
RC6 will be in the top 5 candidates chosen this Spring.
RC6 will be chosen as the next standard. You can
start your product planning now, and dismiss
all of the other candidates. After
considering all aspects related
to its purpose, it rates
overall the best.
But do not take
my word for it.
Evaluate it
youself.
Fast.
Secure.
Small.
Respected.
Tested.
Flexible.
Simple? No.
Sophisticated? Yes. Key dependent key schedule, data dependent data
rotations, no S-Box means no differential cryptanalysis. Parameterized
versions mean AES can select several versions for different uses, even a
reduced version.
--
From: [EMAIL PROTECTED] (Jan Garefelt)
Crossposted-To: talk.politics.crypto
Subject: Re: french law about cryptography
Date: 22 Jan 1999 14:08:52 +0100
[EMAIL PROTECTED] () wrote:
19 jan 1999. the french prime minister announced that the gouvernement
will allow the key size up to 128bytes.
["bytes" above should be "bits"]
...but the greatest about this is that it only a temporary measure.
The french prime minister, Monsiur Lionel Jospin says, in part:
Changer la loi prendra plusieurs mois. [---] Ainsi, dans l'attente
des modifications l=E9gislatives annonc=E9es, le Gouvernement a d=E9cid=E9
de relever le seuil de la cryptologie dont l'utilisation est libre,
de 40 bits =E0 128 bits, niveau consid=E9r=E9 par les experts comme
assurant durablement une tr=E8s grande s=E9curit=E9.
Which in essence means: "Changing the law will take a many months...
so in the meantime we raise the level of cryptography that doesn't
require a licence from 40 to 128 bits, which is considered by experts
to be a level that assures a very high long term security."
the original text in french:
http://www.premier-ministre.gouv.fr/PM/D190199.HTM
/Jan Garefelt
--
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Pentium III...
Date: Fri, 22 Jan 1999 14:18:11 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 22 Jan 1999 01:15:31 GMT, [EMAIL PROTECTED] wrote:
Yes, I believe it's possible to generate very high quality random numbers,
without thermal noise hardware, like Intel is planning to add to the Pentium
III. Random number generators are used for key generation.
That very well may be true if you do not require crypto-grade random
numbers.
I have quite a lot of experience in this specific issue. I've written about
five generations of cryptographic random number generators for assorted
applications on Intel machines. The latest generation I believe makes
extreemly high quality random numbers.
Please elaborate.
Also you might want to join the thread on sci.crypt entitled
"Metaphysics of Randomness" where we are discussing the fundamentals
of crypto-grade random number generation in terms of considerations
such as Kolgomorov-Chaitin complexity theory, Godel's Theorem and
Turing's Halting Problem, decorrelation schemes for text ciphers,
digit expansion generators for irrational numbers and transcendentals
and other schemes to generate random numbers.
To date no one has come up with a proveably secure method other than a
hardware TRNG - although some have claimed their methods are
practically secure to a very close level of approximation. The
criterion is to produce an OTP cipher system which can withstand a
Bayesian attack, yet not require distribution of the pads.
At least a dongle would work with your replacement processor. Of cource if
your dongle breaks (or you loose it) you may be stuck.
I cracked a dongle once - it is not all that difficult if you trap the
strings it expects and then write a wedge to supply them.
I like thumbprint or
retina scans more and more every day. Or a smart card, with a duplicate in
your safe deposit box (SDB).
I guess my problem is that there is no real need for all t
