Cryptography-Digest Digest #971
Cryptography-Digest Digest #971, Volume #12 Sat, 21 Oct 00 18:13:01 EDT Contents: Re: Entropy and RC4 ("Scott Fluhrer") Re: Storing an Integer on a stream (SCOTT19U.ZIP_GUY) Re: My comments on AES (SCOTT19U.ZIP_GUY) Bezozs and bountyquest.com ("Paul Pires") Visual Basic ("binary digit") Help identifiing password encryption scheme? ("Ethics") Quasi philosphical question regarding Index of Coincidence ([EMAIL PROTECTED]) Re: Help identifiing password encryption scheme? (jungle) another problem question (Ernest Dumenigo) Re: BIOS password, will it protect PC with PGPDisk against tampering ? (Guy Macon) Re: Dense feedback polynomials for LFSR (Tim Tyler) Re: Dense feedback polynomials for LFSR (Joaquim Southby) Re: Storing an Integer on a stream (Tim Tyler) Re: BIOS password, will it protect PC with PGPDisk against tampering ? (pgp651) Re: Visual Basic (Guy Macon) Re: BIOS password, will it protect PC with PGPDisk against tampering ? (pgp651) Re: BIOS password, will it protect PC with PGPDisk against tampering ? (pgp651) Re: My comments on AES (Tim Tyler) Re: xor algorithm (Tim Tyler) From: "Scott Fluhrer" [EMAIL PROTECTED] Subject: Re: Entropy and RC4 Date: Sat, 21 Oct 2000 09:42:46 -0700 George Gordon [EMAIL PROTECTED] wrote in message news:rOHH5.120$[EMAIL PROTECTED]... Other people have asked similar questions here, but let me ask a very specific one. Assume that you initialise RC4 using a 128-bit key. Then you output exactly 16 bytes worth of the stream. (I don't care how many loops you do for the initialisation) OK, how could you determine how much of the entropy in the 128-bit key is preserved in the 16 byte stream if 1) you assume RC4 specifically? 2) you assume a perfectly uniform distribution? I don't know about RC4 in particular (and I seriously doubt anyone else does either), but if you model the process by a uniformly chosen random function from 128 bits to 128 bits, then it's not difficult. If you have a full 128 bits of entropy coming in (that is, each bit pattern has probability 2**-128), then you should have an expected 127.1728 (approximately) bits of entropy coming out. You can see this by observing that, for a random function from 2**128 - 2**128, then for small k, then you would expect approximately 2**128/(e * k!) outputs that have precisely k preimages (where e = 2.718281828...). This approximation becomes worse as k becomes larger, but 2**128 is sufficiently large that by the time k becomes large enough to make the approximation invalid, the number of expected outputs is sufficiently small not to affect the result materially. Or, in other words, for each k, there are approximately 2**128/(e * k!) with probability k2**(-128) Then, we apply that standard definition for entropy: E = Sum{ p_i lg( p_i )) } (where lg is logarithm base 2). Combining equal terms, and summing over k, we get: E = Sum( 2**128/(e * k!) * k2**(-128) / lg( k2**(-128) ) ) k The k=0 term can be ignored, and the rest can be computed to give the above number. -- poncho -- poncho -- From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) Crossposted-To: comp.compression Subject: Re: Storing an Integer on a stream Date: 21 Oct 2000 17:01:38 GMT [EMAIL PROTECTED] (Tim Tyler) wrote in [EMAIL PROTECTED]: : Andras Erdei wrote: : The method i like most is fibonacci coding: : : - start with the largest fib number smaller than your integer : : - if the current fib number is smaller than your number : substitute it and write down 1 : else : write down 0 : - take the next fib number : : Example: : : number: 15 : fib: 1,1,2,3,5,8,13 : encoding: 13+2 - 0010001 : : This way you encoded your (arbitrarily big number) in a way that : there are *no consecutive 1s* in the encoding, and it ends with 1; : so you can append an additional 1 and thus make it a prefix code. : : result: 00100011 : : IIRC this encoding is asimptotically optimal. "Severly sub-optimal" is how I would describe it, especially in the context of padding schemes. Padding with a format that can't use repeated 1s could only ever be anywhere near optimal for small values. Since when larger and larger values are used, methods which can use a greater range of symbols will systematically trounce it, it's hard to see how it could be described as "asymtotically optimal". It reminds me of the work I use to do on interial guidance systems I wrote a lot of algorithms that worked. My cohrots use to find artices in the "IEEE" or like journals telling how they did some optimal crap and my workmates would laugh and say gee they almost got it right to bad that can't see the code your wrote so that maybe they could get it right. When I won the EDN desing award one time some professor use to tell my when
Cryptography-Digest Digest #971
Cryptography-Digest Digest #971, Volume #11 Wed, 7 Jun 00 19:13:01 EDT Contents: questions on TEA (Dido Sevilla) Re: Thoughts on an encryption protocol? (Dido Sevilla) Re: Cryptographic voting (David A Molnar) Re: Some dumb questions (E-mail) Re: RIP Bill 3rd Reading in Parliament TODAY 8th May ("Scotty") Re: Thoughts on an encryption protocol? (Dido Sevilla) Re: Observer 4/6/2000: "Your privacy ends here" (Bob) Re: Cryptographic voting (Mok-Kong Shen) Re: Some dumb questions (Mok-Kong Shen) Another Idea for attacking Storin (tomstd) Re: testing non linearity of arithmetic-logic combinations (Mok-Kong Shen) equation involving xor and mod 2^32 operations (Anton Stiglic) Re: Brute forcing for Counterpane's Password Safe ([EMAIL PROTECTED]) Re: testing non linearity of arithmetic-logic combinations (Terry Ritter) Re: Observer 4/6/2000: "Your privacy ends here" (Marcin Tustin) Re: Thoughts on an encryption protocol? ([EMAIL PROTECTED]) Re: Enigma Variations (Sundial Services) Re: Brute forcing for Counterpane's Password Safe ([EMAIL PROTECTED]) Re: equation involving xor and mod 2^32 operations (John Myre) From: Dido Sevilla [EMAIL PROTECTED] Subject: questions on TEA Date: Thu, 08 Jun 2000 04:10:00 +0800 This post has to do with the Tiny Encryption Algorithm (TEA) described by Wheeler and Needham (http://www.cl.cam.ac.uk/ftp/users/djw3/tea.ps and http://www.cl.cam.uk/ftp/users/djw3/xtea.ps). Has anyone tried to use this block cipher? From what I see, the algorithm is really quite simple and looks pretty easy to code, even in most forms of assembly language. It doesn't go through quite as many contortions as the more sophisticated algorithms do, but it runs a fairly simple core through a lot of rounds (32 to be exact). Does it have any weaknesses which the authors have not described in their papers yet? -- Rafael R. Sevilla [EMAIL PROTECTED] +63 (2) 4342217 Mobile Robotics Laboratory +63 (917) 4458925 University of the Philippines Diliman -- From: Dido Sevilla [EMAIL PROTECTED] Subject: Re: Thoughts on an encryption protocol? Date: Thu, 08 Jun 2000 04:19:35 +0800 Mike Rosing wrote: If you use a PK system you can eliminate this weak link. It would reduce your maintanance costs substantually if a person doesn't have to travel around to every box (except for repairs) every so often. Might not mean much with a few boxes, but if you get to have lots of them, it'll add up. Frankly, I don't think all the effort to implement a PK system is worth it in this case. There will only be 34 client terminals, one per building, and given the financial constraints of my employer, it will be a very long time before any more will be necessary. These are also not so widely distributed, so going to every terminal should not take more than a day. Handbook of Applied Cryptography and Applied Cryptography are good starting points. Any websites or other online docs I can look at for stream ciphers and cryptographically secure PRNG's? -- Rafael R. Sevilla [EMAIL PROTECTED] +63 (2) 4342217 Mobile Robotics Laboratory +63 (917) 4458925 University of the Philippines Diliman -- From: David A Molnar [EMAIL PROTECTED] Crossposted-To: sci.math Subject: Re: Cryptographic voting Date: 7 Jun 2000 20:08:57 GMT In sci.crypt Anton Stiglic [EMAIL PROTECTED] wrote: Jim Ferry wrote: I was wondering if there's a way for a small group of people (less than 100) to vote cryptographically. ... Check out http://www.acm.org/crossroads/xrds2-4/voting.html for a starters There's also a bibliography at http://theory.lcs.mit.edu/~cis/voting/greenstadt-voting-bibliography.html which may be helpful. Thanks, -David -- From: E-mail [EMAIL PROTECTED] Subject: Re: Some dumb questions Date: Wed, 7 Jun 2000 16:41:41 -0400 Bryan, How much would the effort have been hindered if the second use of the pad was done after transforming the pad with a pseudo-random number generator (and the pad is discarded after its second use)? Jim Trek http://eznet.net/~progress [EMAIL PROTECTED] On Wed, 7 Jun 2000, Bryan Olson wrote: In article, [...] 2. If an ideal OTP is misused, in that it is used a small number n of times, how is one going to attack, if absolutely no known plaintext is available? As a final project in an under grad crypto course I worked on finding the smallest n such that I could, in practice, break the n-time pad. I assumed english language text coded in ASCII, and XOR as the OTP combiner. I found n=2. I created a table of 4-gram frequencies from about ten megabytes of text, and a program to interactively try these against the target ciphertext. The user would enter a positio
Cryptography-Digest Digest #971
Cryptography-Digest Digest #971, Volume #10 Tue, 25 Jan 00 11:13:01 EST Contents: Re: "Trusted" CA - Oxymoron? ("Henry Vanderlinden") Re: "Trusted" CA - Oxymoron? (Paul Rubin) Re: Modem Crypto (Military Grade) ("Steve Sampson") Re: Solution to GCHQ puzzle published (Padgett 0sirius) Re: "Trusted" CA - Oxymoron? (Papa Bear) Re: Why did SkipJack fail? (Frank Gifford) Re: MIRDEK: more fun with playing cards. (Johnny Bravo) Re: MIRDEK: more fun with playing cards. (Johnny Bravo) Re: Intel 810 chipset Random Number Generator (Herman Rubin) Re: Intel 810 chipset Random Number Generator (Herman Rubin) Re: Intel 810 chipset Random Number Generator (Terry Ritter) Re: Intel 810 chipset Random Number Generator (Terry Ritter) Re: 1on1lite (Was: Re: Echelon monitors this group) ("An Anarchist") Re: Java's RSA implimentation (Eric Lee Green) generating "safe primes" (Jonathan Katz) From: "Henry Vanderlinden" [EMAIL PROTECTED] Crossposted-To: alt.privacy,alt.security.pgp,comp.security.pgp,comp.security.pgp.discuss Subject: Re: "Trusted" CA - Oxymoron? Date: Tue, 25 Jan 2000 13:23:01 GMT =BEGIN PGP SIGNED MESSAGE= Hash: SHA1 It is over reacting to imply that the Thawte Web of Trust system is weak because its "notaries" have not to be "real" notaries in their other business. Thawte notaries are not just anybody, and do not sign anything. If you write that without proof, it's wrong to write it. If you have proof, contact Thawte immediately to have that notary revoked ! Henry =BEGIN PGP SIGNATURE= Version: PGP 6.5.1fr pour usage non commercial iQA/AwUBOI2VzxB1FxvjcQFHEQJIfQCfYJ57CFIenWPuZQkWJDQi24/Lm20AoO/e tR9RH/AUpS6eazoukxnm1ACM =WfDt =END PGP SIGNATURE= -- From: [EMAIL PROTECTED] (Paul Rubin) Crossposted-To: alt.privacy,alt.security.pgp,comp.security.pgp,comp.security.pgp.discuss Subject: Re: "Trusted" CA - Oxymoron? Date: 25 Jan 2000 13:30:03 GMT In article Vshj4.45$[EMAIL PROTECTED], Henry Vanderlinden [EMAIL PROTECTED] wrote: It is over reacting to imply that the Thawte Web of Trust system is weak because its "notaries" have not to be "real" notaries in their other business. In the US at least, a document witnessed by a "real" notary has in some situations more legal force than the same document witnessed by a random person. And in some states there are laws (bad idea!) making digital signatures equal to paper signatures for contracts, etc. Thawte notaries are not just anybody, and do not sign anything. If you write that without proof, it's wrong to write it. If you have proof, contact Thawte immediately to have that notary revoked ! But by the the time that happens, it is already too late. The "real" notaries, at least, can get in bad trouble (jail?) for purposely giving bad signatures. -- From: "Steve Sampson" [EMAIL PROTECTED] Subject: Re: Modem Crypto (Military Grade) Date: Tue, 25 Jan 2000 07:35:24 -0600 Wow, that was useful. I scanned the web and finally found the gadget that answered my own question. Trouble is, it isn't in production yet, or so the page says: http://www.motorola.com/GSS/SSTG/ISSPD/Secure_Telecom/omega.html Paul Rubin wrote Steve Sampson wrote: I'm looking for a modern device that can use a 33k modem (analog lines) for a dialup solution. The latest STU have ISDN, but most military installations do not. If it's a US military application, talk to the NSA (www.nsa.gov). That's their job. -- From: [EMAIL PROTECTED] (Padgett 0sirius) Subject: Re: Solution to GCHQ puzzle published Date: Tue, 25 Jan 2000 21:26:02 When I held my mouse over "The Salary" of linguists (and viewed the page source) - the characters I got were "OHE-H"...i.e. "H" instead of "N". That was not an error - it was the "extra points". Remember that was on the * linguists* page 8*). A. Padgett Peterson, P.E. CISSP: Cybernetic Psychophysicist http://www.freivald.org/~padgett/index.html to avoid antispam use mailto:[EMAIL PROTECTED]PGP 6.5 Public Key Available -- From: Papa Bear [EMAIL PROTECTED] Crossposted-To: alt.privacy,alt.security.pgp,comp.security.pgp,comp.security.pgp.discuss Subject: Re: "Trusted" CA - Oxymoron? Date: Tue, 25 Jan 2000 09:01:42 -0500 On Mon, 24 Jan 2000 01:10:26 GMT, "Jim Bennett" [EMAIL PROTECTED] wrote: I have been reviewing the Certification Practice Statements of various issuers of X.509 digital certificates for S/Mime email. I have been trying to find one that really tries to verify the identity of the certificate applicant and will do it for the g