Cryptography-Digest Digest #971
Cryptography-Digest Digest #971, Volume #12 Sat, 21 Oct 00 18:13:01 EDT
Contents:
Re: Entropy and RC4 ("Scott Fluhrer")
Re: Storing an Integer on a stream (SCOTT19U.ZIP_GUY)
Re: My comments on AES (SCOTT19U.ZIP_GUY)
Bezozs and bountyquest.com ("Paul Pires")
Visual Basic ("binary digit")
Help identifiing password encryption scheme? ("Ethics")
Quasi philosphical question regarding Index of Coincidence ([EMAIL PROTECTED])
Re: Help identifiing password encryption scheme? (jungle)
another problem question (Ernest Dumenigo)
Re: BIOS password, will it protect PC with PGPDisk against tampering ? (Guy Macon)
Re: Dense feedback polynomials for LFSR (Tim Tyler)
Re: Dense feedback polynomials for LFSR (Joaquim Southby)
Re: Storing an Integer on a stream (Tim Tyler)
Re: BIOS password, will it protect PC with PGPDisk against tampering ? (pgp651)
Re: Visual Basic (Guy Macon)
Re: BIOS password, will it protect PC with PGPDisk against tampering ? (pgp651)
Re: BIOS password, will it protect PC with PGPDisk against tampering ? (pgp651)
Re: My comments on AES (Tim Tyler)
Re: xor algorithm (Tim Tyler)
From: "Scott Fluhrer" [EMAIL PROTECTED]
Subject: Re: Entropy and RC4
Date: Sat, 21 Oct 2000 09:42:46 -0700
George Gordon [EMAIL PROTECTED] wrote in message
news:rOHH5.120$[EMAIL PROTECTED]...
Other people have asked similar questions here, but let me ask a very
specific one.
Assume that you initialise RC4 using a 128-bit key. Then you output
exactly
16 bytes worth of the stream. (I don't care how many loops you do for the
initialisation)
OK, how could you determine how much of the entropy in the 128-bit key is
preserved in the 16 byte stream if 1) you assume RC4 specifically? 2)
you
assume a perfectly uniform distribution?
I don't know about RC4 in particular (and I seriously doubt anyone else does
either), but if you model the process by a uniformly chosen random function
from 128 bits to 128 bits, then it's not difficult.
If you have a full 128 bits of entropy coming in (that is, each bit pattern
has probability 2**-128), then you should have an expected 127.1728
(approximately) bits of entropy coming out.
You can see this by observing that, for a random function from 2**128 -
2**128, then for small k, then you would expect approximately 2**128/(e *
k!) outputs that have precisely k preimages (where e = 2.718281828...).
This approximation becomes worse as k becomes larger, but 2**128 is
sufficiently large that by the time k becomes large enough to make the
approximation invalid, the number of expected outputs is sufficiently small
not to affect the result materially.
Or, in other words, for each k, there are approximately 2**128/(e * k!) with
probability k2**(-128)
Then, we apply that standard definition for entropy:
E = Sum{ p_i lg( p_i )) }
(where lg is logarithm base 2). Combining equal terms, and summing over k,
we get:
E = Sum( 2**128/(e * k!) * k2**(-128) / lg( k2**(-128) ) )
k
The k=0 term can be ignored, and the rest can be computed to give the above
number.
--
poncho
--
poncho
--
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.compression
Subject: Re: Storing an Integer on a stream
Date: 21 Oct 2000 17:01:38 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in [EMAIL PROTECTED]:
: Andras Erdei wrote:
: The method i like most is fibonacci coding:
:
: - start with the largest fib number smaller than your integer
:
: - if the current fib number is smaller than your number
: substitute it and write down 1
: else
: write down 0
: - take the next fib number
:
: Example:
:
: number: 15
: fib: 1,1,2,3,5,8,13
: encoding: 13+2 - 0010001
:
: This way you encoded your (arbitrarily big number) in a way that
: there are *no consecutive 1s* in the encoding, and it ends with 1;
: so you can append an additional 1 and thus make it a prefix code.
:
: result: 00100011
:
: IIRC this encoding is asimptotically optimal.
"Severly sub-optimal" is how I would describe it, especially in the
context of padding schemes.
Padding with a format that can't use repeated 1s could only ever be
anywhere near optimal for small values.
Since when larger and larger values are used, methods which can use a
greater range of symbols will systematically trounce it, it's hard to see
how it could be described as "asymtotically optimal".
It reminds me of the work I use to do on interial guidance systems
I wrote a lot of algorithms that worked. My cohrots use to find artices
in the "IEEE" or like journals telling how they did some optimal
crap and my workmates would laugh and say gee they almost got it right
to bad that can't see the code your wrote so that maybe they could get
it right. When I won the EDN desing award one time some professor
use to tell my when
Cryptography-Digest Digest #971
Cryptography-Digest Digest #971, Volume #11 Wed, 7 Jun 00 19:13:01 EDT
Contents:
questions on TEA (Dido Sevilla)
Re: Thoughts on an encryption protocol? (Dido Sevilla)
Re: Cryptographic voting (David A Molnar)
Re: Some dumb questions (E-mail)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May ("Scotty")
Re: Thoughts on an encryption protocol? (Dido Sevilla)
Re: Observer 4/6/2000: "Your privacy ends here" (Bob)
Re: Cryptographic voting (Mok-Kong Shen)
Re: Some dumb questions (Mok-Kong Shen)
Another Idea for attacking Storin (tomstd)
Re: testing non linearity of arithmetic-logic combinations (Mok-Kong Shen)
equation involving xor and mod 2^32 operations (Anton Stiglic)
Re: Brute forcing for Counterpane's Password Safe ([EMAIL PROTECTED])
Re: testing non linearity of arithmetic-logic combinations (Terry Ritter)
Re: Observer 4/6/2000: "Your privacy ends here" (Marcin Tustin)
Re: Thoughts on an encryption protocol? ([EMAIL PROTECTED])
Re: Enigma Variations (Sundial Services)
Re: Brute forcing for Counterpane's Password Safe ([EMAIL PROTECTED])
Re: equation involving xor and mod 2^32 operations (John Myre)
From: Dido Sevilla [EMAIL PROTECTED]
Subject: questions on TEA
Date: Thu, 08 Jun 2000 04:10:00 +0800
This post has to do with the Tiny Encryption Algorithm (TEA) described
by Wheeler and Needham (http://www.cl.cam.ac.uk/ftp/users/djw3/tea.ps
and http://www.cl.cam.uk/ftp/users/djw3/xtea.ps). Has anyone tried to
use this block cipher? From what I see, the algorithm is really quite
simple and looks pretty easy to code, even in most forms of assembly
language. It doesn't go through quite as many contortions as the more
sophisticated algorithms do, but it runs a fairly simple core through a
lot of rounds (32 to be exact). Does it have any weaknesses which the
authors have not described in their papers yet?
--
Rafael R. Sevilla [EMAIL PROTECTED] +63 (2) 4342217
Mobile Robotics Laboratory +63 (917) 4458925
University of the Philippines Diliman
--
From: Dido Sevilla [EMAIL PROTECTED]
Subject: Re: Thoughts on an encryption protocol?
Date: Thu, 08 Jun 2000 04:19:35 +0800
Mike Rosing wrote:
If you use a PK system you can eliminate this weak link. It would
reduce
your maintanance costs substantually if a person doesn't have to travel
around to every box (except for repairs) every so often. Might not mean
much with a few boxes, but if you get to have lots of them, it'll add
up.
Frankly, I don't think all the effort to implement a PK system is worth
it in this case. There will only be 34 client terminals, one per
building, and given the financial constraints of my employer, it will be
a very long time before any more will be necessary. These are also not
so widely distributed, so going to every terminal should not take more
than a day.
Handbook of Applied Cryptography and Applied Cryptography are good
starting points.
Any websites or other online docs I can look at for stream ciphers and
cryptographically secure PRNG's?
--
Rafael R. Sevilla [EMAIL PROTECTED] +63 (2) 4342217
Mobile Robotics Laboratory +63 (917) 4458925
University of the Philippines Diliman
--
From: David A Molnar [EMAIL PROTECTED]
Crossposted-To: sci.math
Subject: Re: Cryptographic voting
Date: 7 Jun 2000 20:08:57 GMT
In sci.crypt Anton Stiglic [EMAIL PROTECTED] wrote:
Jim Ferry wrote:
I was wondering if there's a way for a small group of people
(less than 100) to vote cryptographically. ...
Check out http://www.acm.org/crossroads/xrds2-4/voting.html
for a starters
There's also a bibliography at
http://theory.lcs.mit.edu/~cis/voting/greenstadt-voting-bibliography.html
which may be helpful.
Thanks,
-David
--
From: E-mail [EMAIL PROTECTED]
Subject: Re: Some dumb questions
Date: Wed, 7 Jun 2000 16:41:41 -0400
Bryan,
How much would the effort have been hindered if the second use of
the pad was done after transforming the pad with a pseudo-random
number generator (and the pad is discarded after its second use)?
Jim Trek
http://eznet.net/~progress
[EMAIL PROTECTED]
On Wed, 7 Jun 2000, Bryan Olson wrote:
In article,
[...]
2. If an ideal OTP is misused, in that it is used a small
number n of times, how is one going to attack, if
absolutely no known plaintext is available?
As a final project in an under grad crypto course I worked on
finding the smallest n such that I could, in practice, break
the n-time pad. I assumed english language text coded in
ASCII, and XOR as the OTP combiner. I found n=2.
I created a table of 4-gram frequencies from about ten
megabytes of text, and a program to interactively try these
against the target ciphertext. The user would enter a
positio
Cryptography-Digest Digest #971
Cryptography-Digest Digest #971, Volume #10 Tue, 25 Jan 00 11:13:01 EST
Contents:
Re: "Trusted" CA - Oxymoron? ("Henry Vanderlinden")
Re: "Trusted" CA - Oxymoron? (Paul Rubin)
Re: Modem Crypto (Military Grade) ("Steve Sampson")
Re: Solution to GCHQ puzzle published (Padgett 0sirius)
Re: "Trusted" CA - Oxymoron? (Papa Bear)
Re: Why did SkipJack fail? (Frank Gifford)
Re: MIRDEK: more fun with playing cards. (Johnny Bravo)
Re: MIRDEK: more fun with playing cards. (Johnny Bravo)
Re: Intel 810 chipset Random Number Generator (Herman Rubin)
Re: Intel 810 chipset Random Number Generator (Herman Rubin)
Re: Intel 810 chipset Random Number Generator (Terry Ritter)
Re: Intel 810 chipset Random Number Generator (Terry Ritter)
Re: 1on1lite (Was: Re: Echelon monitors this group) ("An Anarchist")
Re: Java's RSA implimentation (Eric Lee Green)
generating "safe primes" (Jonathan Katz)
From: "Henry Vanderlinden" [EMAIL PROTECTED]
Crossposted-To:
alt.privacy,alt.security.pgp,comp.security.pgp,comp.security.pgp.discuss
Subject: Re: "Trusted" CA - Oxymoron?
Date: Tue, 25 Jan 2000 13:23:01 GMT
=BEGIN PGP SIGNED MESSAGE=
Hash: SHA1
It is over reacting to imply that the Thawte Web of Trust system is
weak because its "notaries" have not to be "real" notaries in their
other business.
Thawte notaries are not just anybody, and do not sign anything.
If you write that without proof, it's wrong to write it.
If you have proof, contact Thawte immediately to have that notary
revoked !
Henry
=BEGIN PGP SIGNATURE=
Version: PGP 6.5.1fr pour usage non commercial
iQA/AwUBOI2VzxB1FxvjcQFHEQJIfQCfYJ57CFIenWPuZQkWJDQi24/Lm20AoO/e
tR9RH/AUpS6eazoukxnm1ACM
=WfDt
=END PGP SIGNATURE=
--
From: [EMAIL PROTECTED] (Paul Rubin)
Crossposted-To:
alt.privacy,alt.security.pgp,comp.security.pgp,comp.security.pgp.discuss
Subject: Re: "Trusted" CA - Oxymoron?
Date: 25 Jan 2000 13:30:03 GMT
In article Vshj4.45$[EMAIL PROTECTED],
Henry Vanderlinden [EMAIL PROTECTED] wrote:
It is over reacting to imply that the Thawte Web of Trust system is
weak because its "notaries" have not to be "real" notaries in their
other business.
In the US at least, a document witnessed by a "real" notary has in
some situations more legal force than the same document witnessed by a
random person. And in some states there are laws (bad idea!) making
digital signatures equal to paper signatures for contracts, etc.
Thawte notaries are not just anybody, and do not sign anything.
If you write that without proof, it's wrong to write it.
If you have proof, contact Thawte immediately to have that notary
revoked !
But by the the time that happens, it is already too late. The "real"
notaries, at least, can get in bad trouble (jail?) for purposely
giving bad signatures.
--
From: "Steve Sampson" [EMAIL PROTECTED]
Subject: Re: Modem Crypto (Military Grade)
Date: Tue, 25 Jan 2000 07:35:24 -0600
Wow, that was useful.
I scanned the web and finally found the gadget that answered my own
question.
Trouble is, it isn't in production yet, or so the page says:
http://www.motorola.com/GSS/SSTG/ISSPD/Secure_Telecom/omega.html
Paul Rubin wrote
Steve Sampson wrote:
I'm looking for a modern device that can use a 33k modem (analog
lines) for a dialup solution. The latest STU have ISDN, but most
military installations do not.
If it's a US military application, talk to the NSA (www.nsa.gov).
That's their job.
--
From: [EMAIL PROTECTED] (Padgett 0sirius)
Subject: Re: Solution to GCHQ puzzle published
Date: Tue, 25 Jan 2000 21:26:02
When I held my mouse over "The Salary" of linguists (and viewed the
page source) - the characters I got were "OHE-H"...i.e. "H" instead of
"N".
That was not an error - it was the "extra points". Remember that was on the *
linguists* page 8*).
A. Padgett Peterson, P.E. CISSP: Cybernetic Psychophysicist
http://www.freivald.org/~padgett/index.html
to avoid antispam use mailto:[EMAIL PROTECTED]PGP 6.5 Public Key Available
--
From: Papa Bear [EMAIL PROTECTED]
Crossposted-To:
alt.privacy,alt.security.pgp,comp.security.pgp,comp.security.pgp.discuss
Subject: Re: "Trusted" CA - Oxymoron?
Date: Tue, 25 Jan 2000 09:01:42 -0500
On Mon, 24 Jan 2000 01:10:26 GMT, "Jim Bennett" [EMAIL PROTECTED]
wrote:
I have been reviewing the Certification Practice Statements of various
issuers of X.509 digital certificates for S/Mime email. I have been trying
to find one that really tries to verify the identity of the certificate
applicant and will do it for the g
