Cryptography-Digest Digest #540
Cryptography-Digest Digest #540, Volume #12 Sat, 26 Aug 00 08:13:01 EDT
Contents:
Re: "Warn when encrypting to keys with an ADK" (jungle)
Re: blowfish problem ("Kelsey Bjarnason")
7 mil, how this usage of PGP has been calculated ? (jungle)
Re: PROMIS-software for worldwide spy network by US/Isreal (Mok-Kong Shen)
Re: PRNG Test Theory (Mok-Kong Shen)
Re: Best way! (Mok-Kong Shen)
Re: 1-time pad is not secure... (Tim Tyler)
cryptlib ("Rémi FOREST")
Re: DeCSS ruling -- More ("Stou Sandalski")
Re: DES: Say it or spell it? (Newbie question) ("Richard Bembridge")
You _DONT_ want a quantum computer. ("Detonate")
PGP 6.5.8 test: That's NOT enough !!! ("Michel Bouissou")
stegonographic overuse ("Detonate")
Re: PROMIS-software for worldwide spy network by US/Isreal ("Stou Sandalski")
Re: DeCSS ruling -- More (No User)
Re: stegonographic overuse ([EMAIL PROTECTED])
Re: PGP 6.5.8 test: That's NOT enough !!! ("JL")
From: jungle [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: "Warn when encrypting to keys with an ADK"
Date: Sat, 26 Aug 2000 03:55:37 -0400
help me ...
how should I understand 4 keys provided ?
which key is tempered which has correctly added ADK ?
assuming that I will have only these 4 public keys this would be the case
when I will receive them from owner ...
which public key can not be identified [ by normal available PGP futures ] as
the tempered ADK ?
when I'm importing any of these 4 keys, I see without any doubt which key has
ADK ...
therefore where is the problem at the key import ?
I can refuse to import any key with ADK attached, this is simple ...
in fact, every user can reject ADK keys, where is the problem ?
"S.R. Heller" wrote:
http://www.oz.net/~srheller/spgp/bin/testkeys.asc
The keys include private keys, which all have the passphrase
"testing".
Steve H.
--
From: "Kelsey Bjarnason" [EMAIL PROTECTED]
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Date: Sat, 26 Aug 2000 01:27:08 -0700
[snips]
"Kaz Kylheku" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
On Thu, 24 Aug 2000 19:01:58 -0700, Spud [EMAIL PROTECTED]
wrote:
The only disagreement involved was my disagreeing with arguments that did
absolutely nothing to actually resolve the issue. For example, the
comments
about memcpy; they didn't matter, because the requirements would have
held
true in either case, so the introduction of memcpy added absolutely
nothing
in answering the question.
How so? If memcpy copied only half of every 16 bit byte in your example
implementation, due to characters being only 8 bits wide,
Well, let's see what we've got.
6.2.5
[#4] Values stored in objects of any other object type
consist of n×CHAR_BIT bits, where n is the size of an object
of that type, in bytes. The value may be copied into an
object of type unsigned char [n] (e.g., by memcpy);
Note that "size in bytes" is open to some interpretation (again, within the
confines of this hypothetical compiler; we've ascertained elsewhere that
yes, char and byte are synonymous, so this discussion is _purely_ abstract).
The implementation in question uses 16-bit bytes, 8 bit chars, and 32-bit
ints... but defines sizeof(char) as 1; that means that sizeof(int), if
measured in chars, must be 4. Can it do this? Certainly.
If we do _not_ assume an equivalence, the implementation is free to chop
things up as it sees fit, as long as code still works. So when you alias
your int by a pointer-to-unsigned-char, for example, it requires _four_
accesses to retrieve the whole value. When you memcpy, if requires four
reads to retrieve the value, four to write it.
From the code's perspective, char and byte may as well be the same; they
can't tell the difference. However, that's _strictly_ within the confines
of the code; as soon as it starts talking to the outside world, things get
wierd.
then it would clearly
fail to be capable of copying the values of data objects which take
advantage
of the full 16 bits.
Except there can be no such objects _internal_ to code based on the
implementation; only when accessing things _outside_ it, such as files
written by programs which use full 16-bit bytes. Internally, the code
cannot produce 16-bit objects (or, rather, objects composed of full 16-bit
bytes).
Perhaps in your example implementation, *no* type uses more then 8 bits of
any
16 bit byte. If that is the case, then, effectively, the C implementation
has
*defined* bytes as being 8 bits wide.
Actually, it defined chars as being 8 bits wide; the question was, how do we
know that, in fact, this means that _bytes_ are 8 bits? The memcpy
argument, for example, fails, because "The memcpy function copies n
characters from the object..." - note that it says "chars", not "bytes".
Since
Cryptography-Digest Digest #541
Cryptography-Digest Digest #541, Volume #12 Sat, 26 Aug 00 11:13:01 EDT
Contents:
Re: cryptlib (Matt Johnston)
Re: PGP 6.5.8 test: That's NOT enough !!! (Keith)
Re: Serious PGP v5 v6 bug! ("gleu")
Re: Bytes, octets, chars, and characters ("David Thompson")
Re: Best way! ([EMAIL PROTECTED])
Re: PRNG Test Theory ([EMAIL PROTECTED])
Re: Serious PGP v5 v6 bug! (Keith)
Re: Best way! ("Big Boy Barry")
Quake III Arena authentication (Mathew Hendry)
Re: stegonographic overuse (John Savard)
Re: You _DONT_ want a quantum computer. (John Savard)
Re: Best way! ([EMAIL PROTECTED])
Re: Best way! ([EMAIL PROTECTED])
Re: PGP 6.5.8 test: That's NOT enough !!! ("Michel Bouissou")
Re: PROMIS-software for worldwide spy network by US/Isreal (Timothy M. Metzinger)
From: Matt Johnston [EMAIL PROTECTED]
Subject: Re: cryptlib
Reply-To: [EMAIL PROTECTED]
Date: Sat, 26 Aug 2000 20:29:57 +0800
Rémi FOREST wrote:
Does anyone here use cryptlib
(http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ ) for programming ?
How secure is it ?
I haven't actually used it, but i believe that it has a fairly good
reputation, as does the author.
Matt Johnston.
--
From: Keith [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP 6.5.8 test: That's NOT enough !!!
Date: Sat, 26 Aug 2000 05:56:32 -0700
Reply-To: "Keith" [EMAIL PROTECTED]
=BEGIN PGP SIGNED MESSAGE=
On Sat, 26 Aug 2000 12:49:17 +0200, Michel Bouissou
8o87bf$p7m$[EMAIL PROTECTED] wrote:
Where previous versions would show this key as having an ADK, and use
the forged ADK, the "fixed" PGP 6.5.8 shows the forged key as being a
normal, valid key, without any ADK.
There is no way for PGP to detect a forged key. That is what a signature and
trust values are for. As long as PGP removes and/or doesn't recognize the
forged ADK on a tampered key, which will lead to the encryption of a file or
message to the forged ADK, then that is the proper action.
=BEGIN PGP SIGNATURE=
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
Comment: pgp keys available at http://strongsignals.com/pgpkeys.txt
iQEVAwUBOae+QHbKVHAo46vlAQEXhQgAsz6jNjGzBYeaT4Bpu+h1M3kgeHepXFfk
n86dx+j54MTiUj6y0fkgmtT2CR5Ev/hdqpLlDOdpOD3IoSJ3jFN1P2kZJWepdr+a
Aj4i1NVvwfrt5OFMtxlPtCr3GXv6e6JiGsTcoIeq5RmFm16BFHh2Zldryv5qfL+R
9HxWtMzoWPq5DZbg6+ZflaprV+VsnpPeWkObcFwryq/ZgrS8eXMrAFsQE7YoNJQB
5JgB2TXJSLp/tklR3blToA1XjSefbfZwJZ2YJfoq/n+jm1xC1sb+hSwrxiJS6RlK
u8qgTzkZenIUSXudLk3szp+JG/Cp5gBZaYmGarNpK5VwbplFi+1dBA==
=8L4/
=END PGP SIGNATURE=
--
Best Regards,
Keith
=
Where do you discover free software for Windows? Strongsignals DOT COM is a
great place to start: http://Strongsignals.com "If a man hasn't discovered
something that he will die for, he isn't fit to live." --Martin Luther King, Jr
--
From: "gleu" [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 v6 bug!
Date: Sat, 26 Aug 2000 13:57:36 +0100
Ralf Muschall [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
Ron B. [EMAIL PROTECTED] writes:
as the perfect employee. If Jane is has a heart attack, has a fatal
accident or for other reasons beyond her control is not available to
decrypt important data, the company may have legitmate reasons to
Then it should be simple to ask the sender to resend the message,
encrypted with Jane's successor's (or chief's) public key. In this
situation, the sender has full power to decides who may read his
messages, not some third person not authorized by him.
And what about the not-so-perfect employee which the company decides to sack
and the company still wishes to have access to the employee messages/data
... because they are relevant and legitimately belong to the company ?
Remember that pgp is not for ecrypting locally stored data, like
backups etc. (symmetric methods are better for this purpose), but only
for the safe *transport* of messages.
Ralf
--
From: "David Thompson" [EMAIL PROTECTED]
Crossposted-To: comp.lang.c,alt.folklore.computers
Subject: Re: Bytes, octets, chars, and characters
Date: Sat, 26 Aug 2000 13:03:44 GMT
John Savard [EMAIL PROTECTED] wrote :
...
However, in the past, it had been customary to refer to a six-bit area
in a computer's memory, where such an area was the span of memory
occupied by a character of a text, as a character.
Not necessarily six bits. It is usual to refer to the storage for one
(fixed-length) character code as a character, yes, of course,
and six bits is enough for one (Roman) alphabet, (decimal) digits,
and modest punctuation and specials (e.g. BCDIC).
The term
Cryptography-Digest Digest #542
Cryptography-Digest Digest #542, Volume #12 Sat, 26 Aug 00 13:13:00 EDT
Contents:
Re: Best way! ([EMAIL PROTECTED])
Re: Asymmetric Encryption Algorithms (DJohn37050)
Re: PGP 6.5.8 test: That's NOT enough !!! ("Nathan Williams")
Re: Serious PGP v5 v6 bug! ("Nathan Williams")
Re: PGP 6.5.8 test: That's NOT enough !!! ("Peter Ihm")
Bytes, chars, and I/O (David Hopwood)
Re: Bytes, octets, chars, and characters (David Hopwood)
Re: New algorithm for the cipher contest ("Scott Fluhrer")
Re: PRNG Test Theory (Mok-Kong Shen)
Re: Serious PGP v5 v6 bug! (Dave Howe)
Re: Best way! ("Big Boy Barry")
From: [EMAIL PROTECTED]
Subject: Re: Best way!
Date: Sat, 26 Aug 2000 15:13:03 GMT
In article 8o8j83$it4$[EMAIL PROTECTED],
[EMAIL PROTECTED] wrote:
In article 8o8iji$i97$[EMAIL PROTECTED],
[EMAIL PROTECTED] wrote:
Obviously you have no clue what you are talking about.
PGP is still secure iff you do not share your keys indirectly. Or
if
you use PGP 2.6.2.
You can always try the Entrust package or GnuPG, or write your own.
You are the one who misunderstands the flaw in the PGP key packet
specification. Even if you take all the precautions possible against
someone attaching an ADK to your public key and use PGP 2.6.2,
somebody
else might not be so careful when they are sending a message to you.
They could have have obtained your public key and checked the key
fingerprint and signature: doing either would not have detected the
presence of an ADK without special effort. BTW, if you have to share
keys directly, why are you using a PKCS. The flaw in PGP is real, and
presents a potential DoS, if not a practical security risk. Which is
not to say that the encryption used in PGP is not neccesarily strong,
but the weakest link in a cryptosystem is usually the protocol or
implementation.
And how, pretell do you attach an ADK to a key if you don't have
physical access to it?
And I would be using PKCS or something similar because it would offer
more key entropy then if I made up a conventional key with a friend.
If PGP could make up usefull 256 bit keys that I could lug around I
would use that instead.
It's not iff, just if. Sharing keys directly is not a sufficient
condition for the secure use of PGP. Your advice to the OP to write
his
or her own security package is just wrong.
Why? I have, have you heard of Peekboo?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (DJohn37050)
Date: 26 Aug 2000 15:28:16 GMT
Subject: Re: Asymmetric Encryption Algorithms
Not online, distributed at a past ANSI X9F1 meeting. Come on Roger, at least
sometimes one would want to distribute a symmetric key with authentication
regarding where it came from!! Of course, key establishment itself is a
different matter, not provided by a signature.
Don Johnson
--
From: "Nathan Williams" [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP 6.5.8 test: That's NOT enough !!!
Date: Sat, 26 Aug 2000 15:31:15 GMT
=BEGIN PGP SIGNED MESSAGE=
Hash: SHA1
Keith,
I am surprised at your viewpoint. I would have to agree with the
others. PGP should at least warn the user that the key has
unrecognized elements or even show that the key has been subject to
this kind of attack.
I am assuming that this is a quick patch to stop the loophole in the
ADK and a more robust version will be forth coming.
Nathan Williams
"Keith" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
-BEGIN PGP SIGNED MESSAGE-
On Sat, 26 Aug 2000 12:49:17 +0200, Michel Bouissou
8o87bf$p7m$[EMAIL PROTECTED] wrote:
Where previous versions would show this key as having an ADK, and
use the forged ADK, the "fixed" PGP 6.5.8 shows the forged key as
being a normal, valid key, without any ADK.
There is no way for PGP to detect a forged key. That is what a
signature and trust values are for. As long as PGP removes and/or
doesn't recognize the forged ADK on a tampered key, which will lead
to the encryption of a file or message to the forged ADK, then that
is the proper action.
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use
http://www.pgp.com Comment: pgp keys available at
http://strongsignals.com/pgpkeys.txt
iQEVAwUBOae+QHbKVHAo46vlAQEXhQgAsz6jNjGzBYeaT4Bpu+h1M3kgeHepXFfk
n86dx+j54MTiUj6y0fkgmtT2CR5Ev/hdqpLlDOdpOD3IoSJ3jFN1P2kZJWepdr+a
Aj4i1NVvwfrt5OFMtxlPtCr3GXv6e6JiGsTcoIeq5RmFm16BFHh2Zldryv5qfL+R
9HxWtMzoWPq5DZbg6+ZflaprV+VsnpPeWkObcFwryq/ZgrS8eXMrAFsQE7YoNJQB
5JgB2TXJSLp/tklR3blToA1XjSefbfZwJZ2YJfoq/n+jm1xC1sb+hSwrxiJS6RlK
u8qgTzkZenIUSXudLk3szp+JG/Cp5gBZaYmGarNpK5VwbplFi+1dBA==
=8L4/
-END PGP SIGNATURE-
--
Best Regards,
Keith
- Where do
Cryptography-Digest Digest #543
Cryptography-Digest Digest #543, Volume #12 Sat, 26 Aug 00 15:13:01 EDT
Contents:
Re: PGP 6.5.8 test: That's NOT enough !!! ("Greg")
Hey Phil... ("Ed Suominen")
Re: The DeCSS ruling and the big shots (Eric Lee Green)
Re: PRNG Test Theory ([EMAIL PROTECTED])
Re: DeCSS ruling -- More (Eric Lee Green)
Re: Bytes, octets, chars, and characters (Ian Stirling)
Re: Best way! ([EMAIL PROTECTED])
I NEED WEBSITE FOR DOWN LOADIND DVD COPY DEVICE( ORIGIN) NORWAY 0
([EMAIL PROTECTED])
Re: PRNG Test Theory (Tim Tyler)
Re: Best way! ([EMAIL PROTECTED])
Re: PRNG Test Theory ("Paul Pires")
Re: Best way! (Guy Macon)
PGP bug ([EMAIL PROTECTED])
Re: Serious PGP v5 v6 bug! (Jonathan Thornburg)
Re: PRNG Test Theory ("Paul Pires")
From: "Greg" [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP 6.5.8 test: That's NOT enough !!!
Date: Sun, 27 Aug 2000 02:26:45 +0900
Is this a product for the security concious? :-(
Cheese Whiz. I appologize for my naivete. How silly of me to imagine that
*everybody* knew that half of security is detection. Correct me if I'm
wrong: NAI *is* now billing themselves as a data security company, right? I
guess Phil's earlier experiences lulled me into lowering my guard too much.
It is sad to hear the concientious revert to spin. Did I just hear NAI's
credibility hit the main sewer?
I'm sorry guys. Sorry for all of us.
Wish I had time to do a nice shell for GnuPG.
---
Greg
"Keith" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
-BEGIN PGP SIGNED MESSAGE-
On Sat, 26 Aug 2000 12:49:17 +0200, Michel Bouissou
8o87bf$p7m$[EMAIL PROTECTED] wrote:
Where previous versions would show this key as having an ADK, and use
the forged ADK, the "fixed" PGP 6.5.8 shows the forged key as being a
normal, valid key, without any ADK.
There is no way for PGP to detect a forged key. That is what a signature
and
trust values are for. As long as PGP removes and/or doesn't recognize the
forged ADK on a tampered key, which will lead to the encryption of a file
or
message to the forged ADK, then that is the proper action.
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
Comment: pgp keys available at http://strongsignals.com/pgpkeys.txt
iQEVAwUBOae+QHbKVHAo46vlAQEXhQgAsz6jNjGzBYeaT4Bpu+h1M3kgeHepXFfk
n86dx+j54MTiUj6y0fkgmtT2CR5Ev/hdqpLlDOdpOD3IoSJ3jFN1P2kZJWepdr+a
Aj4i1NVvwfrt5OFMtxlPtCr3GXv6e6JiGsTcoIeq5RmFm16BFHh2Zldryv5qfL+R
9HxWtMzoWPq5DZbg6+ZflaprV+VsnpPeWkObcFwryq/ZgrS8eXMrAFsQE7YoNJQB
5JgB2TXJSLp/tklR3blToA1XjSefbfZwJZ2YJfoq/n+jm1xC1sb+hSwrxiJS6RlK
u8qgTzkZenIUSXudLk3szp+JG/Cp5gBZaYmGarNpK5VwbplFi+1dBA==
=8L4/
-END PGP SIGNATURE-
--
Best Regards,
Keith
--
---
Where do you discover free software for Windows? Strongsignals DOT COM is
a
great place to start: http://Strongsignals.com "If a man hasn't
discovered
something that he will die for, he isn't fit to live." --Martin Luther
King, Jr
--
--
--
From: "Ed Suominen" [EMAIL PROTECTED]
Subject: Hey Phil...
Date: Sat, 26 Aug 2000 10:23:45 -0700
=BEGIN PGP SIGNED MESSAGE=
Hash: SHA1
"I'm not about to allow a product with my name on it to have any
secret back doors." - PRZ, PGP v.6.5 User's Guide.
Phil, how about inadvertent back doors from code that was implemented
contrary to the OpenPGP standards to accomodate the corporate
snoopers? (I say this as a disappointed admirer.) See the following
post from Adam Back on the GPG user's listserv, at
http://lists.gnupg.org/gnupg-users-28/msg00218.html
"Amazing, and really unfortunate. Those of us who invested large
amounts of effort in ensuring the ADK subpackets were not included in
the ietf openPGP standard can be pleased we succeeded -- otherwise
gnuPG and other implementations may now also have contributed to this
risk. As it is gnuPG doesn't honor ADK requests, and all the rfc2440
says about them is: 10 = placeholder for backward compatibility"
I'd say it's time to start watching for the release of the GNU
Privacy Assistant instead of just PGP 7.0... (See
http://www.gnupg.org/gpa.html).
Ed Suominen
Registered Patent Agent
Web Site: http://eepatents.com
PGP Public Key: http://eepatents.com/key
=BEGIN PGP SIGNATURE=
Version: PGP Personal Privacy 6.5.3
iQA/AwUBOaf9AamKuMvNCWDGEQJuRQCgofp4yVvggi97w01MGFJo5zgN6FsAoOcs
glThuiIwC+Gt3JPPAMXUzrT+
=77k4
=END PGP SIGNATURE=
--
From: Eric Lee Green [EMAIL PROTECTED]
Subject: Re: The DeCSS ruling and the big shots
Date: Sat, 26 Aug 2000 17:39:52 GMT
Sundial Services wrote:
Flawed it may be, but "human nature is what it is" (and let's be
brutally honest here
Cryptography-Digest Digest #544
Cryptography-Digest Digest #544, Volume #12 Sat, 26 Aug 00 18:13:00 EDT
Contents:
Re: Best way! (Guy Macon)
could someone post public key that is tempered pgp will not detect it (jungle)
Re: Steganography question (Jani Store)
ZixMail? ("Big Boy Barry")
Re: PRNG Test Theory ([EMAIL PROTECTED])
Re: PGP bug ([EMAIL PROTECTED])
Re: ZixMail? ("Big Boy Barry")
Re: Steganography question (Guy Macon)
Re: PRNG Test Theory ("Paul Pires")
Re: ZixMail? ([EMAIL PROTECTED])
Re: ZixMail? (Jim Gillogly)
Re: New algorithm for the cipher contest ("Alexis Machado")
Re: 7 mil, how this usage of PGP has been calculated ? (those who know me have no
need of my name)
Re: Best way! (those who know me have no need of my name)
R: Test on pseudorandom number generator. ("Cristiano")
R: Test on pseudorandom number generator. ("Cristiano")
Re: New algorithm for the cipher contest ("Scott Fluhrer")
R: Test on pseudorandom number generator. ("Cristiano")
Re: 320-bit Block Cipher (Gregory G Rose)
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Best way!
Date: 26 Aug 2000 19:07:25 GMT
Big Boy Barry wrote:
I am a newbie to encryption. Am I right about PGP being insecure?
First, let me give you the 100% accurate answer, then the useful
answer.
The 100% accurate answer:
NOTHING is secure. Everything is either in the "known to be
insecure" or "not known whether it is or isn't secure" class.
Now the useful answer:
Who are you wanting to send secure email to? If you can manage
to give them a secret passphrase without anyone else seeing it,
then there is no known flaw in PGP. If you want to use any system
where you don't physically hand the secret passphrase over, you
are only as safe as the method you used to send it is. If you
choose to use a public key system with no secret passphrase handed
directly to your recipient, yuo will have to either study more and
really understand the issues involved, or wait a while while the
experts in sci.crypt hash it out, then ask for advice on what to
do and follow that advice.
--
From: jungle [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: could someone post public key that is tempered pgp will not detect it
Date: Sat, 26 Aug 2000 15:16:37 -0400
could someone post public key that is tempered pgp will not detect it ?
--
From: Jani Store [EMAIL PROTECTED]
Subject: Re: Steganography question
Date: Sat, 26 Aug 2000 22:10:10 +0300
Guy Macon wrote:
zapzing wrote:
And, if your message is encrypted it will be
indistinguishable from random numbers. So
hiding random numbers in random numbers should
not be all that difficult.
There is no requirement that encrypted messages
look like random numbers. It's a common practice,
but often not done (especially in the header part).
Ok I'd like to post a follow-up on this. Is there a way to prove that
encryption is used (in england for instance) if I rip the PGP headers
and footers off? Let's assume that the receivers public key is available.
--
SS
--
From: "Big Boy Barry" [EMAIL PROTECTED]
Subject: ZixMail?
Date: Sat, 26 Aug 2000 19:29:34 GMT
Is Zixmail safe? Thanks...
--
From: [EMAIL PROTECTED]
Subject: Re: PRNG Test Theory
Date: Sat, 26 Aug 2000 19:23:01 GMT
In article 6rUp5.6797$[EMAIL PROTECTED],
"Paul Pires" [EMAIL PROTECTED] wrote:
Tim Tyler [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
[EMAIL PROTECTED] wrote:
: Since any PRNG test can tell when a stream of bits is empiracly
random
: [...]
Hmm. Personally, I'd have phrased it as: "no PRNG test alone is
likely to
tell you when a stream of bits is empirically random".
If you use every test known to man - and they are all passed - that
might
qualify the resulting stream as "empirically random".
: that should suggest that any PRNG test can be turned into a PRNG
itself.
As you mention you might expect - since PRNG tests aren't designed
for
this job - unless you included a whole battery of such tests, the
results
would pass that particular test used well, and fail other ones
miserably.
I expect using a whole battery of tests would probably result in an
extremely slow and cumbersome PRNG.
Yes but there is an interesting question here. Can rejecting Non-
random
(determined by any means) ever result in random? My Knee jerk
reaction is no
but I never thought of it that way before.
Which is why I posed it.
Let's build a prng with the runs test, poker test, ones/zero test,
DNA/OPSO test, birthday test, that given 'n' prior bits will output the
better of the two bits. Technically the output must pass all the tests
better then any other output.
For simplicity I would limit this to a single bit output. One question
is how big of a memory is
Cryptography-Digest Digest #545
Cryptography-Digest Digest #545, Volume #12 Sat, 26 Aug 00 21:13:01 EDT
Contents:
Re: Best way! (Wim Lewis)
Re: PGP bug (Lemon Kairy)
Re: PRNG Test Theory ([EMAIL PROTECTED])
Re: Serious PGP v5 v6 bug! (Ralf Muschall)
Re: Bytes, chars, and I/O (Mark McIntyre)
Re: wincrypt.h ("Jeffrey Walton")
Re: PRNG Test Theory ("Paul Pires")
Re: 7 mil, how this usage of PGP has been calculated ? (jungle)
Re: PRNG Test Theory ([EMAIL PROTECTED])
Re: Test on pseudorandom number generator. ("Paul Pires")
Re: PRNG Test Theory ("Paul Pires")
Re: Memory usage ("Jeffrey Walton")
New Site, Purple/Enigma/Sigaba/Russia Emulators (Charles Petersen)
From: [EMAIL PROTECTED] (Wim Lewis)
Subject: Re: Best way!
Date: 26 Aug 2000 22:45:00 GMT
In article WyPp5.181559$[EMAIL PROTECTED],
Big Boy Barry [EMAIL PROTECTED] wrote:
I have read several articles outlining that the government can crack PGP.
There is no way in denying that. Even if it was rumors, I wouldnt want to
base all my encryption on rumors. So I am better of using other means of
encryption other than PGP.
You're basing your encryption on rumors anyway, you know. What makes you
think that what you read here is any more or less reliable than some
random scare piece you didn't fully understand about PGP?
Anyway, PGP (or some other implementation of the same format, such
as GnuPG) is still the most secure thing you're likely to find for
sending email. Understanding key management and the physical security
of your computer is still vital to actual security, though.
--
Wim Lewis * [EMAIL PROTECTED] * Seattle, WA, USA
PGP 0x27F772C1: 0C 0D 10 D5 FC 73 D1 35 26 46 42 9E DC 6E 0A 88
The netcom address will be unreliable after September. Use the address.
--
From: [EMAIL PROTECTED] (Lemon Kairy)
Subject: Re: PGP bug
Date: Sat, 26 Aug 2000 22:48:52 GMT
[EMAIL PROTECTED] wrote:
A bug has been found in PGP that allows hackers to read
encrypted messages, the BBC reports.
Do you ever read messages here, or do you just write?
--
"Lemon Kairy" is actually 2751 469038 [EMAIL PROTECTED].
01234 56789 - Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
--
From: [EMAIL PROTECTED]
Subject: Re: PRNG Test Theory
Date: Sat, 26 Aug 2000 22:47:16 GMT
In article JCVp5.6906$[EMAIL PROTECTED],
"Paul Pires" [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote in message
news:8o95ea$6h3$[EMAIL PROTECTED]...
In article
6rUp5.6797$[EMAIL PROTECTED],
"Paul Pires" [EMAIL PROTECTED] wrote:
Tim Tyler [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
[EMAIL PROTECTED] wrote:
: Since any PRNG test can tell when a stream of bits
is empiracly
random
: [...]
Hmm. Personally, I'd have phrased it as: "no PRNG
test alone is
likely to
tell you when a stream of bits is empirically random".
If you use every test known to man - and they are all
passed - that
might
qualify the resulting stream as "empirically random".
: that should suggest that any PRNG test can be turned
into a PRNG
itself.
As you mention you might expect - since PRNG tests
aren't designed
for
this job - unless you included a whole battery of such
tests, the
results
would pass that particular test used well, and fail
other ones
miserably.
I expect using a whole battery of tests would probably
result in an
extremely slow and cumbersome PRNG.
Yes but there is an interesting question here. Can
rejecting Non-
random
(determined by any means) ever result in random? My Knee
jerk
reaction is no
but I never thought of it that way before.
Which is why I posed it.
Let's build a prng with the runs test, poker test,
ones/zero test,
DNA/OPSO test, birthday test, that given 'n' prior bits
will output the
better of the two bits. Technically the output must pass
all the tests
better then any other output.
Let's make it easy. Let's say that you posess a random
evaluation oracle. "REO" (just made it up). It perfectly
evaluates the provisional output for randomness. If it's
choice conforms to randomness, then there is a chance, at
each step that 1' test better, 0's test better, 1 0 are
both "good" and 1 0 are both putrid. The second or third
condition halts your process since a choice cannot be made.
So you use a coin flip to pick.
Question: Why didn't you just use the coin flip in the first
place?
My second problem is that any random source when viewed at a
certain granularity will occasionally pop out some results
that look ordered. This is natural. If you feed your gizmo
truely random input and you remove these pieces, aren't you
making the output less random?
And last, A certificational weakness. If you feed this gizmo
it's
