Cryptography-Digest Digest #947
Cryptography-Digest Digest #947, Volume #13 Tue, 20 Mar 01 05:13:01 EST Contents: Re: Idea (Mok-Kong Shen) Re: Codes that use *numbers* for keys (Mok-Kong Shen) Re: Am I allowed to put any encryption software of my own creation on my (Mok-Kong Shen) Re: Codes that use *numbers* for keys (Juuichiketajin) Re: Defining a cryptosystem as "broken" (Mok-Kong Shen) Re: Codes that use *numbers* for keys (Mok-Kong Shen) Re: Are prime numbers illegal ? (Nicholas Sheppard) Re: SSL secured servers and TEMPEST (Frank Gerlach) Re: FIPS 140-1 does not adress eavesdropping (Frank Gerlach) Re: AES encryption speed vs decryption speed ("Brian Gladman") A future supercomputer (Mok-Kong Shen) Re: Defenses Against Compromising Emanations of the Private Key (Frank Gerlach) Re: Idea ("Nathan Dietsch") Re: Codes that use *numbers* for keys ("Henrick Hellström") Re: Codes that use *numbers* for keys (Joe H. Acker) From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Idea Date: Tue, 20 Mar 2001 08:30:52 +0100 amateur wrote: Don't forget that with my idea the same clear could produce multiple cyphertext. Schneier is defining restricted algorithm when algo is kept secret. That's not my case. All my algo is public. The secret who is to find and distinguish two categories of symbols is not secret at all. But the sender has the freedom to imagine any kind of two categories before encrypting. This secret is disclose if the recipient has the key. All modern cryptography is based on power of computing. What I'm proposing is to found a new cryptography based on the inability of computer to analyse a text trying to distinguish two categories. Computer has no this attribute. So the cryptanalist even if he use the computer is helpless. The only strategy for him is to try to guess what a sender has choosen to encrypt every bit. And this domain is infinite. You have multiple combinations using only the characters of ASCII table. If using others codes, you have to understand thas it's quite impossible to attack. If the symbols in two categories are known, then the scheme is very much easier for the oppoent to work with than the case where these are unknown, since he has to try only two cases. Since one can easily generate two unknown categories of symbols (having constant or variable number of bits) with a key, what is the use of your scheme at all? M. K. Shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Codes that use *numbers* for keys Date: Tue, 20 Mar 2001 08:39:48 +0100 Juuichiketajin wrote: [snip] Why are key lengths always given in bits? Why not a code that takes, oh say, 60 decimal digits for a key? I can relate to 60 digits, not to so many bits. Modern ciphers are implemented with computer hard/software. These work with bits. Hence bit is a natural measure. You can always convert between the bases of number systems. Does an American visiting London ask why the prices are not in dollars? M. K. Shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Am I allowed to put any encryption software of my own creation on my Date: Tue, 20 Mar 2001 09:06:16 +0100 Dennis Ritchie wrote: [snip] The document is tedious to read, but rather more liberal in its requirements than one might expect. Things have changed. Fine to know. This change is presumably sort of: If the mountain doesn't come to Mohammed, then Mohammed will go to it. M. K. Shen http://home.t-online.de/home/mok-kong.shen -- From: [EMAIL PROTECTED] (Juuichiketajin) Subject: Re: Codes that use *numbers* for keys Date: 20 Mar 2001 08:15:41 GMT In article [EMAIL PROTECTED], [EMAIL PROTECTED] says... Juuichiketajin wrote: [snip] Why are key lengths always given in bits? Why not a code that takes, oh say, 60 decimal digits for a key? I can relate to 60 digits, not to so many bits. Modern ciphers are implemented with computer hard/software. These work with bits. They need not. I have at my disposal a financial and a scientific calculator that both work in decimal. I have reason to believe that the internal number-storage format is decimal. Even granting that binary divisions are somehow superior, I suspect that the REAL reason bits are used, rather than bytes or at the very least nibbles, is so the sizes sound bigger. When you hear "48-bit key", don't you find yourself performing some mental calculation as to the value of 2^48 in some other system? Hence bit is a natural measure. You can always convert between the bases of number systems. Does an American visiting London ask why the prices are not in dollars? M. K. Shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Defining a cryptosystem
Cryptography-Digest Digest #947
Cryptography-Digest Digest #947, Volume #11 Mon, 5 Jun 00 13:13:01 EDT Contents: Re: Quantum computers (JCA) Limits of the knowledge of the NSA (Runu Knips) do you need unrestricted FREE S/MIME certificate ? than read message ... (jungle) Re: XTR independent benchmarks (Roger Schlafly) Re: Could RC4 used to generate S-Boxes? (Simon Johnson) Re: Question about recommended keysizes (768 bit RSA) (DJohn37050) Paper about Pollards Algorithm for finding discrete logs ("Jesper Stocholm") Re: Cipher design a fading field? ("Douglas A. Gwyn") Re: Faster than light Cryptanalysis ("Douglas A. Gwyn") Re: Actually this person faxed me an article of the U.S. commercial espionage in August, 1995 good work Tatu Ylonen ... actually I have tried to provide some intel in the past ... (Markku J. Saarelainen) Re: Statistics of occurences of prime number sequences in PRBG output as gauge of "goodness" ([EMAIL PROTECTED]) Re: Need "attack time" measurements on a toy cipher... (long) ("Paul Pires") Re: Question about recommended keysizes (768 bit RSA) (Jerry Coffin) Re: Cipher design a fading field? (Anton Stiglic) I have actually been following some activities of Jan H, an ex-CIA officer who helped to set up Motorola's intelligence system .. interesting .. (Markku J. Saarelainen) Re: I have actually been following some activities of Jan H, an ex-CIA officer who helped to set up Motorola's intelligence system .. interesting .. (Markku J. Saarelainen) From: JCA [EMAIL PROTECTED] Subject: Re: Quantum computers Date: Mon, 05 Jun 2000 07:44:13 -0700 DrArm wrote: Is it true that NSA has a quantum computer for codebraking? I guess you mean codebreaking. I am sure they don't. Actually, I have the feeling that the NSA's capabilities are usually exaggerated. They are good, but not gods. In fact, elliptic curve cryptography seems to have escaped them completely, and caught them off balance when originally published in the mid-eighties. -- Date: Mon, 05 Jun 2000 17:20:33 +0200 From: Runu Knips [EMAIL PROTECTED] Subject: Limits of the knowledge of the NSA JCA wrote: [...] Actually, I have the feeling that the NSA's capabilities are usually exaggerated. They are good, but not gods. In fact, elliptic curve cryptography seems to have escaped them completely, and caught them off balance when originally published in the mid-eighties. Well, this might be true for any new invention. The NSA might not have known about that before. But on the other hand, it is also clear that the NSA still knows much which the public doesn't know, isn't it so ? -- From: jungle [EMAIL PROTECTED] Crossposted-To: alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server Subject: do you need unrestricted FREE S/MIME certificate ? than read message ... Date: Mon, 05 Jun 2000 11:34:18 -0400 do you need unrestricted FREE S/MIME certificate ? than read message ... -- To protect privacy, use encryption ALL the time. Free S/MIME PGP at: https://secure.openca.org/ http://web.mit.edu/network/pgp.html -- From: Roger Schlafly [EMAIL PROTECTED] Subject: Re: XTR independent benchmarks Date: Mon, 05 Jun 2000 08:37:38 -0700 Wei Dai wrote: All this is probably irrelevant because the differences are just not great enough to matter. People are either going to use ECC when bandwidth is important, or DH over GF(p) when it's not. Yes, even if XTR were free. Then when you consider that DH, ECC, LUCDIF are all patent-free, and RSA will soon be, it is hard to see who is going to be using XTR. -- From: Simon Johnson [EMAIL PROTECTED] Subject: Re: Could RC4 used to generate S-Boxes? Date: Mon, 05 Jun 2000 15:34:02 GMT In article [EMAIL PROTECTED], tomstd [EMAIL PROTECTED] wrote: In article 8hdt3k$apl$[EMAIL PROTECTED], Simon Johnson [EMAIL PROTECTED] wrote: I've read somewhere that RC4 is secure against both diff lin cryptanalyis. I figure this secuirty must be derived from its s- box. My real question is, is the secrecy of the s-box that makes it secure or does the algorithm generate diff lin optimized s-boxes? Chances are you have a bit of reading todo on sbox construction. Damn Right, thats why i'm asking. :) Anyone know a good tutorial? The reason RC4 is secure is that it's hard to model the internal state based on output only. Some 'weak keys' have been identified which leak more information about the state. The sboxes RC4 makes are by no means secure on their own (i.e in a feistel cipher), and don't always have optimial cryptographic properties (SAC, BIC, non-linear, bijective, low xor-pairs). I kinda thought this, i posted this question to confirm that this was not the case. Tom -- =
Cryptography-Digest Digest #947
Cryptography-Digest Digest #947, Volume #9 Wed, 28 Jul 99 22:13:03 EDT Contents: Re: What the hell is XOR? ("Douglas A. Gwyn") Re: Prime numbers wanted (John Savard) Re: OK. Maybe I am missing something here. ("Douglas A. Gwyn") Re: OTP export controlled? ("Douglas A. Gwyn") Re: With all the talk about random... (John McDonald, Jr.) Can you use HASH functions for identification? (Michelle Davis) Re: Prime numbers wanted (Gergo Barany) Re: Prime numbers wanted (John McDonald, Jr.) Re: Prime numbers wanted (John Savard) Re: With all the talk about random... (Mel Yorkian) Re: What is twofish ??? (Keith A Monahan) Re: OTP export controlled? (Isaac) Re: What the hell is XOR? ([EMAIL PROTECTED]) What is twofish ??? (spike) Thanks for the input on my OTP, what about this? (Shktr00p1) Re: the defintion of Entropy (Keith A Monahan) From: "Douglas A. Gwyn" [EMAIL PROTECTED] Subject: Re: What the hell is XOR? Date: Wed, 28 Jul 1999 19:37:26 GMT John Savard wrote: 0 0 1 0 GT (NIMP is like NXOR; meaningful but rude) But, of course, I would quibble that TRUE and FALSE aren't numbers; They're constants in a Boolean algebra. The "GT" is just a name for the specific binary operation; one can think of other names. Boole himself actually did operate with 0 and 1 as numbers, using arithmetic operations; e.g. a AND b == a TIMES b. There is an isomorphism between GF(2) and the standard Boolean algebra, so there is really nothing wrong with using "arithmetic" (mod 2) in place of "logic" operations. While we're on the subject, note that one can encode the binary Boolean operators by using their truth table as the bits of their code number. E.g. Cab (a IMPLIES b) has the truth table a b Cab 0 0 1 0 1 1 1 0 0 1 1 1 so the truth-table entry for C is 1011(binary) (LSB on the right), which is 0xB or 11(base 10). the advantage of such an encoding is that the opcode itself contains the result for every combination of inputs, in a uniform representation that can be realized using very few wires/gates/operations. This idea generalizes to n-ary Boolean operators. You could even consider this coding their (completely specific) name. -- From: [EMAIL PROTECTED] (John Savard) Subject: Re: Prime numbers wanted Date: Wed, 28 Jul 1999 19:38:53 GMT "Vincent" [EMAIL PROTECTED] wrote, in part: Is there any faster algorithm than the following one, which, given an (odd) number n, returns the first prime number p=n ? Assuming that I have a function is_prime tellimg me if a number is (or has enough odd to be) prime (The Miller-Rabin test). int My_Simple_Algorithm (int n) { int temp=n; while (!is_prime(temp)) temp+=2; return(temp); } Actually, there isn't *much* you can do to improve the speed of finding a prime, but there is a little. 1) Instead of just testing only the odd numbers, you can also skip testing numbers divisible by 3, by 5, by 7. Since you don't want to bias the search in favor of primes equal to 1 modulo 210, the logic gets a _bit_ complicated, but it need not be too bad. 2) You should first test the number using a fast probabilistic primality testing algorithm. Only numbers that pass such a test should be subjected to the slower test that ensures that they're prime. (I'm not an expert on this, so others may give you better suggestions.) John Savard ( teneerf- ) http://www.ecn.ab.ca/~jsavard/crypto.htm -- From: "Douglas A. Gwyn" [EMAIL PROTECTED] Subject: Re: OK. Maybe I am missing something here. Date: Wed, 28 Jul 1999 19:39:35 GMT Patrick Juola wrote: Kasiski superposition has more general applications than finding periodicity; in particular, one can use it to find a twice-used OTP. You must mean the "kappa test". The Kasiski method measures the linear distance within a single message of repeats, and looks for a common factor. -- From: "Douglas A. Gwyn" [EMAIL PROTECTED] Crossposted-To: talk.politics.crypto Subject: Re: OTP export controlled? Date: Wed, 28 Jul 1999 19:50:03 GMT Dave Hazelwood wrote: It all comes down to every one of us doing our part and not big brother doing it for us. Dave, the problem has been that far too many lazy SOBs prefer to assign their personal decision making to somebody else, and there is always somebody who is happy to take it from them. That means that the rest of us are fighting not only the powermongers, but also (by proxy) the lazy SOBs. That wouldn't be so bad in a properly functioning constitutional republic, but in our case the idea of majority rule has been adopted as some sort of ideal, so the good guys being outnumbered becomes a serious problem. It seems to be mostly an educational proble
Cryptography-Digest Digest #947
Cryptography-Digest Digest #947, Volume #8 Fri, 22 Jan 99 11:13:06 EST Contents: Re: Who will win in AES contest ?? (Jack Schott) Re: french law about cryptography (Jan Garefelt) Re: Pentium III... (R. Knauer) Re: Pentium III... (R. Knauer) Re: Help: Which secret key cipher? ("Kazak, Boris") Re: Crack in Export Laws?? ("Kazak, Boris") Re: 3DES cracked in 22 hours ??? (Was: Re: (fwd) DES Challenge III Broken in Record 22 Hours !) (Reuben Sumner) Re: Metaphysics Of Randomness (R. Knauer) Re: Help: Which secret key cipher? ([EMAIL PROTECTED]) Re: Metaphysics Of Randomness (R. Knauer) Re: Thoughts on 'BestCrypt'? ([EMAIL PROTECTED]) Re: Who will win in AES contest ?? ([EMAIL PROTECTED]) Re: Help: Which secret key cipher? (Mok-Kong Shen) Call-For-Papers: SAC '99 (SAC99) Strong Encryption for 8086 (16 bit) (Andrew Lord) Re: Help: Which secret key cipher? (Dorina Lanza) From: Jack Schott [EMAIL PROTECTED] Subject: Re: Who will win in AES contest ?? Date: Fri, 22 Jan 1999 05:18:39 -1000 RC6 will be in the top 5 candidates chosen this Spring. RC6 will be chosen as the next standard. You can start your product planning now, and dismiss all of the other candidates. After considering all aspects related to its purpose, it rates overall the best. But do not take my word for it. Evaluate it youself. Fast. Secure. Small. Respected. Tested. Flexible. Simple? No. Sophisticated? Yes. Key dependent key schedule, data dependent data rotations, no S-Box means no differential cryptanalysis. Parameterized versions mean AES can select several versions for different uses, even a reduced version. -- From: [EMAIL PROTECTED] (Jan Garefelt) Crossposted-To: talk.politics.crypto Subject: Re: french law about cryptography Date: 22 Jan 1999 14:08:52 +0100 [EMAIL PROTECTED] () wrote: 19 jan 1999. the french prime minister announced that the gouvernement will allow the key size up to 128bytes. ["bytes" above should be "bits"] ...but the greatest about this is that it only a temporary measure. The french prime minister, Monsiur Lionel Jospin says, in part: Changer la loi prendra plusieurs mois. [---] Ainsi, dans l'attente des modifications l=E9gislatives annonc=E9es, le Gouvernement a d=E9cid=E9 de relever le seuil de la cryptologie dont l'utilisation est libre, de 40 bits =E0 128 bits, niveau consid=E9r=E9 par les experts comme assurant durablement une tr=E8s grande s=E9curit=E9. Which in essence means: "Changing the law will take a many months... so in the meantime we raise the level of cryptography that doesn't require a licence from 40 to 128 bits, which is considered by experts to be a level that assures a very high long term security." the original text in french: http://www.premier-ministre.gouv.fr/PM/D190199.HTM /Jan Garefelt -- From: [EMAIL PROTECTED] (R. Knauer) Subject: Re: Pentium III... Date: Fri, 22 Jan 1999 14:18:11 GMT Reply-To: [EMAIL PROTECTED] On Fri, 22 Jan 1999 01:15:31 GMT, [EMAIL PROTECTED] wrote: Yes, I believe it's possible to generate very high quality random numbers, without thermal noise hardware, like Intel is planning to add to the Pentium III. Random number generators are used for key generation. That very well may be true if you do not require crypto-grade random numbers. I have quite a lot of experience in this specific issue. I've written about five generations of cryptographic random number generators for assorted applications on Intel machines. The latest generation I believe makes extreemly high quality random numbers. Please elaborate. Also you might want to join the thread on sci.crypt entitled "Metaphysics of Randomness" where we are discussing the fundamentals of crypto-grade random number generation in terms of considerations such as Kolgomorov-Chaitin complexity theory, Godel's Theorem and Turing's Halting Problem, decorrelation schemes for text ciphers, digit expansion generators for irrational numbers and transcendentals and other schemes to generate random numbers. To date no one has come up with a proveably secure method other than a hardware TRNG - although some have claimed their methods are practically secure to a very close level of approximation. The criterion is to produce an OTP cipher system which can withstand a Bayesian attack, yet not require distribution of the pads. At least a dongle would work with your replacement processor. Of cource if your dongle breaks (or you loose it) you may be stuck. I cracked a dongle once - it is not all that difficult if you trap the strings it expects and then write a wedge to supply them. I like thumbprint or retina scans more and more every day. Or a smart card, with a duplicate in your safe deposit box (SDB). I guess my problem is that there is no real need for all t