Cryptography-Digest Digest #540
Cryptography-Digest Digest #540, Volume #12 Sat, 26 Aug 00 08:13:01 EDT Contents: Re: "Warn when encrypting to keys with an ADK" (jungle) Re: blowfish problem ("Kelsey Bjarnason") 7 mil, how this usage of PGP has been calculated ? (jungle) Re: PROMIS-software for worldwide spy network by US/Isreal (Mok-Kong Shen) Re: PRNG Test Theory (Mok-Kong Shen) Re: Best way! (Mok-Kong Shen) Re: 1-time pad is not secure... (Tim Tyler) cryptlib ("Rémi FOREST") Re: DeCSS ruling -- More ("Stou Sandalski") Re: DES: Say it or spell it? (Newbie question) ("Richard Bembridge") You _DONT_ want a quantum computer. ("Detonate") PGP 6.5.8 test: That's NOT enough !!! ("Michel Bouissou") stegonographic overuse ("Detonate") Re: PROMIS-software for worldwide spy network by US/Isreal ("Stou Sandalski") Re: DeCSS ruling -- More (No User) Re: stegonographic overuse ([EMAIL PROTECTED]) Re: PGP 6.5.8 test: That's NOT enough !!! ("JL") From: jungle [EMAIL PROTECTED] Crossposted-To: alt.security.pgp,comp.security.pgp.discuss Subject: Re: "Warn when encrypting to keys with an ADK" Date: Sat, 26 Aug 2000 03:55:37 -0400 help me ... how should I understand 4 keys provided ? which key is tempered which has correctly added ADK ? assuming that I will have only these 4 public keys this would be the case when I will receive them from owner ... which public key can not be identified [ by normal available PGP futures ] as the tempered ADK ? when I'm importing any of these 4 keys, I see without any doubt which key has ADK ... therefore where is the problem at the key import ? I can refuse to import any key with ADK attached, this is simple ... in fact, every user can reject ADK keys, where is the problem ? "S.R. Heller" wrote: http://www.oz.net/~srheller/spgp/bin/testkeys.asc The keys include private keys, which all have the passphrase "testing". Steve H. -- From: "Kelsey Bjarnason" [EMAIL PROTECTED] Crossposted-To: comp.lang.c Subject: Re: blowfish problem Date: Sat, 26 Aug 2000 01:27:08 -0700 [snips] "Kaz Kylheku" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... On Thu, 24 Aug 2000 19:01:58 -0700, Spud [EMAIL PROTECTED] wrote: The only disagreement involved was my disagreeing with arguments that did absolutely nothing to actually resolve the issue. For example, the comments about memcpy; they didn't matter, because the requirements would have held true in either case, so the introduction of memcpy added absolutely nothing in answering the question. How so? If memcpy copied only half of every 16 bit byte in your example implementation, due to characters being only 8 bits wide, Well, let's see what we've got. 6.2.5 [#4] Values stored in objects of any other object type consist of n×CHAR_BIT bits, where n is the size of an object of that type, in bytes. The value may be copied into an object of type unsigned char [n] (e.g., by memcpy); Note that "size in bytes" is open to some interpretation (again, within the confines of this hypothetical compiler; we've ascertained elsewhere that yes, char and byte are synonymous, so this discussion is _purely_ abstract). The implementation in question uses 16-bit bytes, 8 bit chars, and 32-bit ints... but defines sizeof(char) as 1; that means that sizeof(int), if measured in chars, must be 4. Can it do this? Certainly. If we do _not_ assume an equivalence, the implementation is free to chop things up as it sees fit, as long as code still works. So when you alias your int by a pointer-to-unsigned-char, for example, it requires _four_ accesses to retrieve the whole value. When you memcpy, if requires four reads to retrieve the value, four to write it. From the code's perspective, char and byte may as well be the same; they can't tell the difference. However, that's _strictly_ within the confines of the code; as soon as it starts talking to the outside world, things get wierd. then it would clearly fail to be capable of copying the values of data objects which take advantage of the full 16 bits. Except there can be no such objects _internal_ to code based on the implementation; only when accessing things _outside_ it, such as files written by programs which use full 16-bit bytes. Internally, the code cannot produce 16-bit objects (or, rather, objects composed of full 16-bit bytes). Perhaps in your example implementation, *no* type uses more then 8 bits of any 16 bit byte. If that is the case, then, effectively, the C implementation has *defined* bytes as being 8 bits wide. Actually, it defined chars as being 8 bits wide; the question was, how do we know that, in fact, this means that _bytes_ are 8 bits? The memcpy argument, for example, fails, because "The memcpy function copies n characters from the object..." - note that it says "chars", not "bytes". Since
Cryptography-Digest Digest #541
Cryptography-Digest Digest #541, Volume #12 Sat, 26 Aug 00 11:13:01 EDT Contents: Re: cryptlib (Matt Johnston) Re: PGP 6.5.8 test: That's NOT enough !!! (Keith) Re: Serious PGP v5 v6 bug! ("gleu") Re: Bytes, octets, chars, and characters ("David Thompson") Re: Best way! ([EMAIL PROTECTED]) Re: PRNG Test Theory ([EMAIL PROTECTED]) Re: Serious PGP v5 v6 bug! (Keith) Re: Best way! ("Big Boy Barry") Quake III Arena authentication (Mathew Hendry) Re: stegonographic overuse (John Savard) Re: You _DONT_ want a quantum computer. (John Savard) Re: Best way! ([EMAIL PROTECTED]) Re: Best way! ([EMAIL PROTECTED]) Re: PGP 6.5.8 test: That's NOT enough !!! ("Michel Bouissou") Re: PROMIS-software for worldwide spy network by US/Isreal (Timothy M. Metzinger) From: Matt Johnston [EMAIL PROTECTED] Subject: Re: cryptlib Reply-To: [EMAIL PROTECTED] Date: Sat, 26 Aug 2000 20:29:57 +0800 Rémi FOREST wrote: Does anyone here use cryptlib (http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ ) for programming ? How secure is it ? I haven't actually used it, but i believe that it has a fairly good reputation, as does the author. Matt Johnston. -- From: Keith [EMAIL PROTECTED] Crossposted-To: alt.security.pgp,comp.security.pgp.discuss Subject: Re: PGP 6.5.8 test: That's NOT enough !!! Date: Sat, 26 Aug 2000 05:56:32 -0700 Reply-To: "Keith" [EMAIL PROTECTED] =BEGIN PGP SIGNED MESSAGE= On Sat, 26 Aug 2000 12:49:17 +0200, Michel Bouissou 8o87bf$p7m$[EMAIL PROTECTED] wrote: Where previous versions would show this key as having an ADK, and use the forged ADK, the "fixed" PGP 6.5.8 shows the forged key as being a normal, valid key, without any ADK. There is no way for PGP to detect a forged key. That is what a signature and trust values are for. As long as PGP removes and/or doesn't recognize the forged ADK on a tampered key, which will lead to the encryption of a file or message to the forged ADK, then that is the proper action. =BEGIN PGP SIGNATURE= Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: pgp keys available at http://strongsignals.com/pgpkeys.txt iQEVAwUBOae+QHbKVHAo46vlAQEXhQgAsz6jNjGzBYeaT4Bpu+h1M3kgeHepXFfk n86dx+j54MTiUj6y0fkgmtT2CR5Ev/hdqpLlDOdpOD3IoSJ3jFN1P2kZJWepdr+a Aj4i1NVvwfrt5OFMtxlPtCr3GXv6e6JiGsTcoIeq5RmFm16BFHh2Zldryv5qfL+R 9HxWtMzoWPq5DZbg6+ZflaprV+VsnpPeWkObcFwryq/ZgrS8eXMrAFsQE7YoNJQB 5JgB2TXJSLp/tklR3blToA1XjSefbfZwJZ2YJfoq/n+jm1xC1sb+hSwrxiJS6RlK u8qgTzkZenIUSXudLk3szp+JG/Cp5gBZaYmGarNpK5VwbplFi+1dBA== =8L4/ =END PGP SIGNATURE= -- Best Regards, Keith = Where do you discover free software for Windows? Strongsignals DOT COM is a great place to start: http://Strongsignals.com "If a man hasn't discovered something that he will die for, he isn't fit to live." --Martin Luther King, Jr -- From: "gleu" [EMAIL PROTECTED] Crossposted-To: alt.security.pgp,comp.security.pgp.discuss Subject: Re: Serious PGP v5 v6 bug! Date: Sat, 26 Aug 2000 13:57:36 +0100 Ralf Muschall [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Ron B. [EMAIL PROTECTED] writes: as the perfect employee. If Jane is has a heart attack, has a fatal accident or for other reasons beyond her control is not available to decrypt important data, the company may have legitmate reasons to Then it should be simple to ask the sender to resend the message, encrypted with Jane's successor's (or chief's) public key. In this situation, the sender has full power to decides who may read his messages, not some third person not authorized by him. And what about the not-so-perfect employee which the company decides to sack and the company still wishes to have access to the employee messages/data ... because they are relevant and legitimately belong to the company ? Remember that pgp is not for ecrypting locally stored data, like backups etc. (symmetric methods are better for this purpose), but only for the safe *transport* of messages. Ralf -- From: "David Thompson" [EMAIL PROTECTED] Crossposted-To: comp.lang.c,alt.folklore.computers Subject: Re: Bytes, octets, chars, and characters Date: Sat, 26 Aug 2000 13:03:44 GMT John Savard [EMAIL PROTECTED] wrote : ... However, in the past, it had been customary to refer to a six-bit area in a computer's memory, where such an area was the span of memory occupied by a character of a text, as a character. Not necessarily six bits. It is usual to refer to the storage for one (fixed-length) character code as a character, yes, of course, and six bits is enough for one (Roman) alphabet, (decimal) digits, and modest punctuation and specials (e.g. BCDIC). The term
Cryptography-Digest Digest #542
Cryptography-Digest Digest #542, Volume #12 Sat, 26 Aug 00 13:13:00 EDT Contents: Re: Best way! ([EMAIL PROTECTED]) Re: Asymmetric Encryption Algorithms (DJohn37050) Re: PGP 6.5.8 test: That's NOT enough !!! ("Nathan Williams") Re: Serious PGP v5 v6 bug! ("Nathan Williams") Re: PGP 6.5.8 test: That's NOT enough !!! ("Peter Ihm") Bytes, chars, and I/O (David Hopwood) Re: Bytes, octets, chars, and characters (David Hopwood) Re: New algorithm for the cipher contest ("Scott Fluhrer") Re: PRNG Test Theory (Mok-Kong Shen) Re: Serious PGP v5 v6 bug! (Dave Howe) Re: Best way! ("Big Boy Barry") From: [EMAIL PROTECTED] Subject: Re: Best way! Date: Sat, 26 Aug 2000 15:13:03 GMT In article 8o8j83$it4$[EMAIL PROTECTED], [EMAIL PROTECTED] wrote: In article 8o8iji$i97$[EMAIL PROTECTED], [EMAIL PROTECTED] wrote: Obviously you have no clue what you are talking about. PGP is still secure iff you do not share your keys indirectly. Or if you use PGP 2.6.2. You can always try the Entrust package or GnuPG, or write your own. You are the one who misunderstands the flaw in the PGP key packet specification. Even if you take all the precautions possible against someone attaching an ADK to your public key and use PGP 2.6.2, somebody else might not be so careful when they are sending a message to you. They could have have obtained your public key and checked the key fingerprint and signature: doing either would not have detected the presence of an ADK without special effort. BTW, if you have to share keys directly, why are you using a PKCS. The flaw in PGP is real, and presents a potential DoS, if not a practical security risk. Which is not to say that the encryption used in PGP is not neccesarily strong, but the weakest link in a cryptosystem is usually the protocol or implementation. And how, pretell do you attach an ADK to a key if you don't have physical access to it? And I would be using PKCS or something similar because it would offer more key entropy then if I made up a conventional key with a friend. If PGP could make up usefull 256 bit keys that I could lug around I would use that instead. It's not iff, just if. Sharing keys directly is not a sufficient condition for the secure use of PGP. Your advice to the OP to write his or her own security package is just wrong. Why? I have, have you heard of Peekboo? Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] (DJohn37050) Date: 26 Aug 2000 15:28:16 GMT Subject: Re: Asymmetric Encryption Algorithms Not online, distributed at a past ANSI X9F1 meeting. Come on Roger, at least sometimes one would want to distribute a symmetric key with authentication regarding where it came from!! Of course, key establishment itself is a different matter, not provided by a signature. Don Johnson -- From: "Nathan Williams" [EMAIL PROTECTED] Crossposted-To: alt.security.pgp,comp.security.pgp.discuss Subject: Re: PGP 6.5.8 test: That's NOT enough !!! Date: Sat, 26 Aug 2000 15:31:15 GMT =BEGIN PGP SIGNED MESSAGE= Hash: SHA1 Keith, I am surprised at your viewpoint. I would have to agree with the others. PGP should at least warn the user that the key has unrecognized elements or even show that the key has been subject to this kind of attack. I am assuming that this is a quick patch to stop the loophole in the ADK and a more robust version will be forth coming. Nathan Williams "Keith" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... -BEGIN PGP SIGNED MESSAGE- On Sat, 26 Aug 2000 12:49:17 +0200, Michel Bouissou 8o87bf$p7m$[EMAIL PROTECTED] wrote: Where previous versions would show this key as having an ADK, and use the forged ADK, the "fixed" PGP 6.5.8 shows the forged key as being a normal, valid key, without any ADK. There is no way for PGP to detect a forged key. That is what a signature and trust values are for. As long as PGP removes and/or doesn't recognize the forged ADK on a tampered key, which will lead to the encryption of a file or message to the forged ADK, then that is the proper action. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: pgp keys available at http://strongsignals.com/pgpkeys.txt iQEVAwUBOae+QHbKVHAo46vlAQEXhQgAsz6jNjGzBYeaT4Bpu+h1M3kgeHepXFfk n86dx+j54MTiUj6y0fkgmtT2CR5Ev/hdqpLlDOdpOD3IoSJ3jFN1P2kZJWepdr+a Aj4i1NVvwfrt5OFMtxlPtCr3GXv6e6JiGsTcoIeq5RmFm16BFHh2Zldryv5qfL+R 9HxWtMzoWPq5DZbg6+ZflaprV+VsnpPeWkObcFwryq/ZgrS8eXMrAFsQE7YoNJQB 5JgB2TXJSLp/tklR3blToA1XjSefbfZwJZ2YJfoq/n+jm1xC1sb+hSwrxiJS6RlK u8qgTzkZenIUSXudLk3szp+JG/Cp5gBZaYmGarNpK5VwbplFi+1dBA== =8L4/ -END PGP SIGNATURE- -- Best Regards, Keith - Where do
Cryptography-Digest Digest #543
Cryptography-Digest Digest #543, Volume #12 Sat, 26 Aug 00 15:13:01 EDT Contents: Re: PGP 6.5.8 test: That's NOT enough !!! ("Greg") Hey Phil... ("Ed Suominen") Re: The DeCSS ruling and the big shots (Eric Lee Green) Re: PRNG Test Theory ([EMAIL PROTECTED]) Re: DeCSS ruling -- More (Eric Lee Green) Re: Bytes, octets, chars, and characters (Ian Stirling) Re: Best way! ([EMAIL PROTECTED]) I NEED WEBSITE FOR DOWN LOADIND DVD COPY DEVICE( ORIGIN) NORWAY 0 ([EMAIL PROTECTED]) Re: PRNG Test Theory (Tim Tyler) Re: Best way! ([EMAIL PROTECTED]) Re: PRNG Test Theory ("Paul Pires") Re: Best way! (Guy Macon) PGP bug ([EMAIL PROTECTED]) Re: Serious PGP v5 v6 bug! (Jonathan Thornburg) Re: PRNG Test Theory ("Paul Pires") From: "Greg" [EMAIL PROTECTED] Crossposted-To: alt.security.pgp,comp.security.pgp.discuss Subject: Re: PGP 6.5.8 test: That's NOT enough !!! Date: Sun, 27 Aug 2000 02:26:45 +0900 Is this a product for the security concious? :-( Cheese Whiz. I appologize for my naivete. How silly of me to imagine that *everybody* knew that half of security is detection. Correct me if I'm wrong: NAI *is* now billing themselves as a data security company, right? I guess Phil's earlier experiences lulled me into lowering my guard too much. It is sad to hear the concientious revert to spin. Did I just hear NAI's credibility hit the main sewer? I'm sorry guys. Sorry for all of us. Wish I had time to do a nice shell for GnuPG. --- Greg "Keith" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... -BEGIN PGP SIGNED MESSAGE- On Sat, 26 Aug 2000 12:49:17 +0200, Michel Bouissou 8o87bf$p7m$[EMAIL PROTECTED] wrote: Where previous versions would show this key as having an ADK, and use the forged ADK, the "fixed" PGP 6.5.8 shows the forged key as being a normal, valid key, without any ADK. There is no way for PGP to detect a forged key. That is what a signature and trust values are for. As long as PGP removes and/or doesn't recognize the forged ADK on a tampered key, which will lead to the encryption of a file or message to the forged ADK, then that is the proper action. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: pgp keys available at http://strongsignals.com/pgpkeys.txt iQEVAwUBOae+QHbKVHAo46vlAQEXhQgAsz6jNjGzBYeaT4Bpu+h1M3kgeHepXFfk n86dx+j54MTiUj6y0fkgmtT2CR5Ev/hdqpLlDOdpOD3IoSJ3jFN1P2kZJWepdr+a Aj4i1NVvwfrt5OFMtxlPtCr3GXv6e6JiGsTcoIeq5RmFm16BFHh2Zldryv5qfL+R 9HxWtMzoWPq5DZbg6+ZflaprV+VsnpPeWkObcFwryq/ZgrS8eXMrAFsQE7YoNJQB 5JgB2TXJSLp/tklR3blToA1XjSefbfZwJZ2YJfoq/n+jm1xC1sb+hSwrxiJS6RlK u8qgTzkZenIUSXudLk3szp+JG/Cp5gBZaYmGarNpK5VwbplFi+1dBA== =8L4/ -END PGP SIGNATURE- -- Best Regards, Keith -- --- Where do you discover free software for Windows? Strongsignals DOT COM is a great place to start: http://Strongsignals.com "If a man hasn't discovered something that he will die for, he isn't fit to live." --Martin Luther King, Jr -- -- -- From: "Ed Suominen" [EMAIL PROTECTED] Subject: Hey Phil... Date: Sat, 26 Aug 2000 10:23:45 -0700 =BEGIN PGP SIGNED MESSAGE= Hash: SHA1 "I'm not about to allow a product with my name on it to have any secret back doors." - PRZ, PGP v.6.5 User's Guide. Phil, how about inadvertent back doors from code that was implemented contrary to the OpenPGP standards to accomodate the corporate snoopers? (I say this as a disappointed admirer.) See the following post from Adam Back on the GPG user's listserv, at http://lists.gnupg.org/gnupg-users-28/msg00218.html "Amazing, and really unfortunate. Those of us who invested large amounts of effort in ensuring the ADK subpackets were not included in the ietf openPGP standard can be pleased we succeeded -- otherwise gnuPG and other implementations may now also have contributed to this risk. As it is gnuPG doesn't honor ADK requests, and all the rfc2440 says about them is: 10 = placeholder for backward compatibility" I'd say it's time to start watching for the release of the GNU Privacy Assistant instead of just PGP 7.0... (See http://www.gnupg.org/gpa.html). Ed Suominen Registered Patent Agent Web Site: http://eepatents.com PGP Public Key: http://eepatents.com/key =BEGIN PGP SIGNATURE= Version: PGP Personal Privacy 6.5.3 iQA/AwUBOaf9AamKuMvNCWDGEQJuRQCgofp4yVvggi97w01MGFJo5zgN6FsAoOcs glThuiIwC+Gt3JPPAMXUzrT+ =77k4 =END PGP SIGNATURE= -- From: Eric Lee Green [EMAIL PROTECTED] Subject: Re: The DeCSS ruling and the big shots Date: Sat, 26 Aug 2000 17:39:52 GMT Sundial Services wrote: Flawed it may be, but "human nature is what it is" (and let's be brutally honest here
Cryptography-Digest Digest #544
Cryptography-Digest Digest #544, Volume #12 Sat, 26 Aug 00 18:13:00 EDT Contents: Re: Best way! (Guy Macon) could someone post public key that is tempered pgp will not detect it (jungle) Re: Steganography question (Jani Store) ZixMail? ("Big Boy Barry") Re: PRNG Test Theory ([EMAIL PROTECTED]) Re: PGP bug ([EMAIL PROTECTED]) Re: ZixMail? ("Big Boy Barry") Re: Steganography question (Guy Macon) Re: PRNG Test Theory ("Paul Pires") Re: ZixMail? ([EMAIL PROTECTED]) Re: ZixMail? (Jim Gillogly) Re: New algorithm for the cipher contest ("Alexis Machado") Re: 7 mil, how this usage of PGP has been calculated ? (those who know me have no need of my name) Re: Best way! (those who know me have no need of my name) R: Test on pseudorandom number generator. ("Cristiano") R: Test on pseudorandom number generator. ("Cristiano") Re: New algorithm for the cipher contest ("Scott Fluhrer") R: Test on pseudorandom number generator. ("Cristiano") Re: 320-bit Block Cipher (Gregory G Rose) From: [EMAIL PROTECTED] (Guy Macon) Subject: Re: Best way! Date: 26 Aug 2000 19:07:25 GMT Big Boy Barry wrote: I am a newbie to encryption. Am I right about PGP being insecure? First, let me give you the 100% accurate answer, then the useful answer. The 100% accurate answer: NOTHING is secure. Everything is either in the "known to be insecure" or "not known whether it is or isn't secure" class. Now the useful answer: Who are you wanting to send secure email to? If you can manage to give them a secret passphrase without anyone else seeing it, then there is no known flaw in PGP. If you want to use any system where you don't physically hand the secret passphrase over, you are only as safe as the method you used to send it is. If you choose to use a public key system with no secret passphrase handed directly to your recipient, yuo will have to either study more and really understand the issues involved, or wait a while while the experts in sci.crypt hash it out, then ask for advice on what to do and follow that advice. -- From: jungle [EMAIL PROTECTED] Crossposted-To: alt.security.pgp,comp.security.pgp.discuss Subject: could someone post public key that is tempered pgp will not detect it Date: Sat, 26 Aug 2000 15:16:37 -0400 could someone post public key that is tempered pgp will not detect it ? -- From: Jani Store [EMAIL PROTECTED] Subject: Re: Steganography question Date: Sat, 26 Aug 2000 22:10:10 +0300 Guy Macon wrote: zapzing wrote: And, if your message is encrypted it will be indistinguishable from random numbers. So hiding random numbers in random numbers should not be all that difficult. There is no requirement that encrypted messages look like random numbers. It's a common practice, but often not done (especially in the header part). Ok I'd like to post a follow-up on this. Is there a way to prove that encryption is used (in england for instance) if I rip the PGP headers and footers off? Let's assume that the receivers public key is available. -- SS -- From: "Big Boy Barry" [EMAIL PROTECTED] Subject: ZixMail? Date: Sat, 26 Aug 2000 19:29:34 GMT Is Zixmail safe? Thanks... -- From: [EMAIL PROTECTED] Subject: Re: PRNG Test Theory Date: Sat, 26 Aug 2000 19:23:01 GMT In article 6rUp5.6797$[EMAIL PROTECTED], "Paul Pires" [EMAIL PROTECTED] wrote: Tim Tyler [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... [EMAIL PROTECTED] wrote: : Since any PRNG test can tell when a stream of bits is empiracly random : [...] Hmm. Personally, I'd have phrased it as: "no PRNG test alone is likely to tell you when a stream of bits is empirically random". If you use every test known to man - and they are all passed - that might qualify the resulting stream as "empirically random". : that should suggest that any PRNG test can be turned into a PRNG itself. As you mention you might expect - since PRNG tests aren't designed for this job - unless you included a whole battery of such tests, the results would pass that particular test used well, and fail other ones miserably. I expect using a whole battery of tests would probably result in an extremely slow and cumbersome PRNG. Yes but there is an interesting question here. Can rejecting Non- random (determined by any means) ever result in random? My Knee jerk reaction is no but I never thought of it that way before. Which is why I posed it. Let's build a prng with the runs test, poker test, ones/zero test, DNA/OPSO test, birthday test, that given 'n' prior bits will output the better of the two bits. Technically the output must pass all the tests better then any other output. For simplicity I would limit this to a single bit output. One question is how big of a memory is
Cryptography-Digest Digest #545
Cryptography-Digest Digest #545, Volume #12 Sat, 26 Aug 00 21:13:01 EDT Contents: Re: Best way! (Wim Lewis) Re: PGP bug (Lemon Kairy) Re: PRNG Test Theory ([EMAIL PROTECTED]) Re: Serious PGP v5 v6 bug! (Ralf Muschall) Re: Bytes, chars, and I/O (Mark McIntyre) Re: wincrypt.h ("Jeffrey Walton") Re: PRNG Test Theory ("Paul Pires") Re: 7 mil, how this usage of PGP has been calculated ? (jungle) Re: PRNG Test Theory ([EMAIL PROTECTED]) Re: Test on pseudorandom number generator. ("Paul Pires") Re: PRNG Test Theory ("Paul Pires") Re: Memory usage ("Jeffrey Walton") New Site, Purple/Enigma/Sigaba/Russia Emulators (Charles Petersen) From: [EMAIL PROTECTED] (Wim Lewis) Subject: Re: Best way! Date: 26 Aug 2000 22:45:00 GMT In article WyPp5.181559$[EMAIL PROTECTED], Big Boy Barry [EMAIL PROTECTED] wrote: I have read several articles outlining that the government can crack PGP. There is no way in denying that. Even if it was rumors, I wouldnt want to base all my encryption on rumors. So I am better of using other means of encryption other than PGP. You're basing your encryption on rumors anyway, you know. What makes you think that what you read here is any more or less reliable than some random scare piece you didn't fully understand about PGP? Anyway, PGP (or some other implementation of the same format, such as GnuPG) is still the most secure thing you're likely to find for sending email. Understanding key management and the physical security of your computer is still vital to actual security, though. -- Wim Lewis * [EMAIL PROTECTED] * Seattle, WA, USA PGP 0x27F772C1: 0C 0D 10 D5 FC 73 D1 35 26 46 42 9E DC 6E 0A 88 The netcom address will be unreliable after September. Use the address. -- From: [EMAIL PROTECTED] (Lemon Kairy) Subject: Re: PGP bug Date: Sat, 26 Aug 2000 22:48:52 GMT [EMAIL PROTECTED] wrote: A bug has been found in PGP that allows hackers to read encrypted messages, the BBC reports. Do you ever read messages here, or do you just write? -- "Lemon Kairy" is actually 2751 469038 [EMAIL PROTECTED]. 01234 56789 - Use this key to decode my email address and name. Play Five by Five Poker at http://www.5X5poker.com. -- From: [EMAIL PROTECTED] Subject: Re: PRNG Test Theory Date: Sat, 26 Aug 2000 22:47:16 GMT In article JCVp5.6906$[EMAIL PROTECTED], "Paul Pires" [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote in message news:8o95ea$6h3$[EMAIL PROTECTED]... In article 6rUp5.6797$[EMAIL PROTECTED], "Paul Pires" [EMAIL PROTECTED] wrote: Tim Tyler [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... [EMAIL PROTECTED] wrote: : Since any PRNG test can tell when a stream of bits is empiracly random : [...] Hmm. Personally, I'd have phrased it as: "no PRNG test alone is likely to tell you when a stream of bits is empirically random". If you use every test known to man - and they are all passed - that might qualify the resulting stream as "empirically random". : that should suggest that any PRNG test can be turned into a PRNG itself. As you mention you might expect - since PRNG tests aren't designed for this job - unless you included a whole battery of such tests, the results would pass that particular test used well, and fail other ones miserably. I expect using a whole battery of tests would probably result in an extremely slow and cumbersome PRNG. Yes but there is an interesting question here. Can rejecting Non- random (determined by any means) ever result in random? My Knee jerk reaction is no but I never thought of it that way before. Which is why I posed it. Let's build a prng with the runs test, poker test, ones/zero test, DNA/OPSO test, birthday test, that given 'n' prior bits will output the better of the two bits. Technically the output must pass all the tests better then any other output. Let's make it easy. Let's say that you posess a random evaluation oracle. "REO" (just made it up). It perfectly evaluates the provisional output for randomness. If it's choice conforms to randomness, then there is a chance, at each step that 1' test better, 0's test better, 1 0 are both "good" and 1 0 are both putrid. The second or third condition halts your process since a choice cannot be made. So you use a coin flip to pick. Question: Why didn't you just use the coin flip in the first place? My second problem is that any random source when viewed at a certain granularity will occasionally pop out some results that look ordered. This is natural. If you feed your gizmo truely random input and you remove these pieces, aren't you making the output less random? And last, A certificational weakness. If you feed this gizmo it's