Cryptography-Digest Digest #341
Cryptography-Digest Digest #341, Volume #14 Sat, 12 May 01 11:13:01 EDT
Contents:
Re: Best encrypting algoritme (Mok-Kong Shen)
Re: DES Crypto Myth?? (Tom St Denis)
Re: Is Differential Cryptanalysis practical? (Tom St Denis)
Re: Quasi Functions, a way to design Maximum Secure Cipher (Mark Wooding)
Re: Encrypt/Decrypt, Digital Signature, Certificate authority, .. . . (AY)
Re: __Security Architect/Consultant wanted at HONG KONG (AY)
Re: __Security Architect/Consultant wanted at HONG KONG (Tom St Denis)
Weakness in Noekeon? (Tom St Denis)
Re: Information hiding in digital TV some thoughts and experiments. (Jan Panteltje)
Re: Micali-Schnorr pseudorandom bit generator (Dobs)
Re: Micali-Schnorr pseudorandom bit generator (Tom St Denis)
Key escrow based on BBS (Tom St Denis)
how to blind a linear transform (Tom St Denis)
Re: Security proof for Steak (Henrick Hellström)
Re: Is Differential Cryptanalysis practical? ([EMAIL PROTECTED])
Re: Is Differential Cryptanalysis practical? (Tom St Denis)
Viewable PIcture Encryption ( Doug Goncz)
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Best encrypting algoritme
Date: Sat, 12 May 2001 11:03:37 +0200
wtshaw wrote:
Mok-Kong Shen[EMAIL PROTECTED] wrote:
It is also possible to consider the entire message as
a single block. Thus a strict distinction of stream and
block processing is only a conceptual aid in my humble
view and is not a necessity.
Again, there is another option to block handling, not just fixed blocks
and sometimes padding to fill one out, nor a single block for a big
message, but variable length blocks to adapt to natural text divisions.
Space terminated blocks are what I like.
[snip]
I agree. Block length is an essential parameter that
could be profitably varied. I believe that most block
algorithms can be modified to work well with variable
block sizes without much difficulty. Of course, that's
merely a belief of mine, no proof. The issue is somewhat
analogous to that of employing fixed vs. random S-boxes,
I suppose.
M. K. Shen
--
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: DES Crypto Myth??
Date: Sat, 12 May 2001 09:37:27 GMT
[EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]...
I've been reading through papers on differential cryptanalysis and s-box
generation and I seem to have uncovered a myth regarding DES that I've
run across several times (i.e. _Applied Cryptography_, posts on this
newsgroup, etc.).
The myth is that the DES team knew about differential cryptanalysis (I
think
Coppersmith makes this claim) esp. iterative characteristics, and
specifically
designed the S-boxes to be resistant (robust) to differential
cryptanalysis.
I've also read in several different places that the changes that the NSA
made
to the S-boxes were intended to increase their resistance to
differential
cryptanalysis.
The problem with this common crypto knowledge is that the DES S-boxes
aren't
very robust! According to Seberry, Zhang, and Zheng in Systematic
Generation
of Cryptographically Robust S-boxes (1994) the robustness of the DES
S-boxes
range from 0.316 and 0.469 which is much lower than the upper bound of
0.861
for 6x4 S-boxes.
It seems to me that either the claim that the DES team knew about
differential
cryptanalysis isn't true, or they didn't understand it well enough to
design
S-boxes with close to optimal robustness.
Am I missing something?
Actually for DES the sboxes they picked were about as good as you can use.
In general it's true you can pick more nonlinear less differential sboxes...
such as
const unsigned sbox[1][64] = {
{ 3, 1, 2, 5, 7, 6, 4, 12, 15, 11, 8, 10, 13, 9, 0, 14,
15, 7, 11, 3, 2, 13, 14, 8, 12, 5, 4, 10, 9, 0, 6, 1,
4, 14, 15, 10, 13, 8, 0, 3, 5, 11, 6, 2, 9, 12, 7, 1,
3, 14, 0, 13, 1, 10, 11, 9, 5, 15, 12, 6, 2, 8, 7, 4 } };
(lpmax is 10/64, dpmax is 12/64)
But this sbox would probably suck in DES since it doesn't follow the
required design.
So I would believe that they knew about the attacks.
Tom
--
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: Is Differential Cryptanalysis practical?
Date: Sat, 12 May 2001 09:41:42 GMT
[EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]...
I read through the Biham and Shamir 1990 paper on Differential
Cryptanalysis
of DES-like Cryptosystems. The technique is fascinating.
However, when the technique was applied to 16-round DES, 2^57 plaintext
pairs were required
(plus huge counter arrays).
A later paper by Biham and Shimir (1994) detailed an improved technique
which could be implemented with 2^49 chosen ASCII plaintexts (and
counter
arrays eliminated).
I think it's realistic to assume that the algorithm is known by the
cryptanalyst.
I think it is realistic to assume that the analyst has SOME chosen
Cryptography-Digest Digest #341
Cryptography-Digest Digest #341, Volume #13 Sat, 16 Dec 00 04:13:01 EST
Contents:
Re: Help with code generator/Formula (Paul Rubin)
Re: files encrypted eight years ago with the unix crypt(1) command. want in (Timothy
J. Lee)
Re: binary vs. text w/ regard to digital signatures (Benjamin Goldberg)
Re: Sr. Cryptographer/mathematician (David A Molnar)
Re: Software PRNG.. (Benjamin Goldberg)
Re: NT4 Password ("Mike The Man")
Re: Protocol for computer go (Benjamin Goldberg)
Re: Protocol for computer go (David Hopwood)
Re: NT4 Password (David Hopwood)
Re: NT4 Password ("Mike The Man")
Re: Protocol for computer go (Benjamin Goldberg)
Re: Q: Result of an old thread? (Benjamin Goldberg)
From: Paul Rubin [EMAIL PROTECTED]
Subject: Re: Help with code generator/Formula
Date: 15 Dec 2000 22:54:55 -0800
[EMAIL PROTECTED] writes:
Here is my situation. I am trying to figure out a formula/code for a
number generator. I have 5000 pairs of the input number and the result.
Let me explain. a certain number X is entered into a program. then it
returns Y. I have 5000 XY pairs. Can someone lead me to what I need to
do to find the formula that creates Y? Is 5000 pairs enough?
No of course not. You need to know in general terms how the formula
works, and -then- you might be able to figure out the parameters to
the formula. Otherwise, knowing 5000 xy pairs doesn't tell you what
the 5001'st pair will be. Even if the first 5000 are
(1,1),(2,2),(3,3), ..., (4999,4999),(5000,5000),
the 5001st might be (5001,5001) or it might be (5001,198237978324),
with completely different-looking formulas.
--
From: [EMAIL PROTECTED] (Timothy J. Lee)
Crossposted-To: alt.os.linux.mandrake,comp.os.linux.misc,comp.os.linux.security
Subject: Re: files encrypted eight years ago with the unix crypt(1) command. want in
Reply-To: [EMAIL PROTECTED] (this is a valid address for a limited time)
Date: Sat, 16 Dec 2000 06:55:39 GMT
In article 91ergp$q8l$[EMAIL PROTECTED],
Dan Jacobson [EMAIL PROTECTED] wrote:
1. can't find crypt(1) here on Mandrake 7.2. Is that the export regulation rule
thingy at play?
Search the web for a free program called enigma.
2. I forgot the password anyway.
Search the web for cbw, the Crypt Breaker's Workbench.
--
Timothy J. Lee
Unsolicited bulk or commercial email is not welcome.
No warranty of any kind is provided with this message.
--
From: Benjamin Goldberg [EMAIL PROTECTED]
Subject: Re: binary vs. text w/ regard to digital signatures
Date: Sat, 16 Dec 2000 07:26:26 GMT
Marc wrote:
The fact that tilde-n has one and only one encoding does not help use
avoid the fact that two different sequences have precisely the same
visual effect.
In many fonts the 0 and O (digit zero and uppercase o) have the same
visual effect, too. Like for example the one I am typing with.
Yes, that is indeed approximately what I mean, although with most fonts,
those two (0O) can be distinguished if you look really closely, with the
digit having straighter sides, and the letter being rounder, and either
wider or shorter. Also, zero often has a slash through it.
Lowercase L and digit one, and sometimes capital i, however, do look
more nearly the same (l1I).
In some proportional fonts, two single quots ('') can look identical to
a double quote (").
--
There are three methods for writing code in which no bug can be found:
1) Make the code so straightforward that there are obviously no bugs.
2) Make the code so complicated that there are no obvious bugs.
3) Insist that any apparent bugs were really intentional features.
--
From: David A Molnar [EMAIL PROTECTED]
Subject: Re: Sr. Cryptographer/mathematician
Date: 16 Dec 2000 07:19:10 GMT
David A Molnar [EMAIL PROTECTED] wrote:
I'm e-mailing you about this because I can't figure out if you realize
what he meant or not. For some reason this bothers me.
I'd like to apologize to Tom and to everyone else for this - I mistakenly
posted a message I meant to send by private e-mail. I've sent out a cancel
message, not that it will help much.
-David
--
From: Benjamin Goldberg [EMAIL PROTECTED]
Subject: Re: Software PRNG..
Date: Sat, 16 Dec 2000 07:46:31 GMT
Terry Ritter wrote:
[snip]
Ouch.. I checked it out briefly. Well, the only problem I've
discovered so far is the fact that the information size is
huge.. d'oh!
I suppose the file does seem large, but to me it does not seem nearly
as large as it did several years ago. We might all like to have a
file that answered exactly what we wanted to know and nothing else,
but different people want different things.
Perhaps if you could have two versions of your glossary -- one big huge
files, and on
Cryptography-Digest Digest #341
Cryptography-Digest Digest #341, Volume #12 Wed, 2 Aug 00 17:13:01 EDT
Contents:
Re: Elliptic Curves encryption (Roger Schlafly)
Re: Elliptic Curves encryption (Mok-Kong Shen)
Re: Skipjack and KEA test vectors (Mark Wooding)
Re: Small hash checksum (Mark Wooding)
Re: A new crypto algorithm Wolf_Cub_2 (Mark Wooding)
Re: What vulnerabilities do I have? (Steve Weis)
What is the word on TC5? (tomstd)
Re: Mathématics (Ioshua)
Re: Security (Terry Ritter)
Re: IV for arfour ("Andreas Sewe")
Re: Skipjack and KEA test vectors (David Hopwood)
Re: Elliptic Curves encryption (Terry Ritter)
Re: IV for arfour ("Andreas Sewe")
Re: Elliptic Curves encryption (Terry Ritter)
From: Roger Schlafly [EMAIL PROTECTED]
Subject: Re: Elliptic Curves encryption
Date: Wed, 02 Aug 2000 12:51:26 -0700
Doug Kuhlman wrote:
Have you seen a proof that breaking ECDH is equivalent to the
ECDLP? I haven't.
No. It is an open question.
I seem to recall a couple years ago, a claimed proof
that breaking RSA was easier than factoring, but I never saw it enough
to make my own judgment. Anyone else know about this?
There are some arguments that indicate that breaking RSA might be
easier than factoring. But no proof.
Actually, most PK ciphers are scalable (in one form or another). It's
one of the reasons they *seem* secure *now*. 1024-bit RSA not good
enough but you think factoring is hard? Use 2048-bit RSA. etc.
Scaling Rijndael, OTOH, to accept 512 bit inputs and a 1024-bit key
seems less trivial
I think the Hasty Pudding Cipher (another AES entrant) was scalable.
If that is what you really want, use it. (Some defects were found,
but they are probably all fixable.)
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Elliptic Curves encryption
Date: Wed, 02 Aug 2000 22:19:09 +0200
Roger Schlafly wrote:
Doug Kuhlman wrote:
Actually, most PK ciphers are scalable (in one form or another). It's
one of the reasons they *seem* secure *now*. 1024-bit RSA not good
enough but you think factoring is hard? Use 2048-bit RSA. etc.
Scaling Rijndael, OTOH, to accept 512 bit inputs and a 1024-bit key
seems less trivial
I think the Hasty Pudding Cipher (another AES entrant) was scalable.
If that is what you really want, use it. (Some defects were found,
but they are probably all fixable.)
Just a question: How is the term 'scalability' to be exactly understood?
(Do we need to consider efficiency issue, etc.?) Thanks.
M. K. Shen
--
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Skipjack and KEA test vectors
Date: 2 Aug 2000 19:53:36 GMT
Mark Wooding [EMAIL PROTECTED] wrote:
There's a much smaller collection of test vectors which will test the
entire F-table. I have one at home, but I've not sent out a version of
Catacomb with them in. Still, the more, the merrier. I'll put them
into tests/skipjack when I get home.
My test vectors are below. (Fibrand is one of my library's
noncryptographic generators. It has the benefit of being fast.)
# --- The official Skipjack test vector ---
#
# It's a bit piss-poor that they only provide one test-vector here.
00998877665544332211 33221100ddccbbaa 2587cae27a12d300;
# --- From KEA test vectors ---
#
# The Skipjack algorithm is used by the KEA to derive the final key.
# Unfortunately, the test vectors given in the Skipjack/KEA spec don't
# match my (or anyone else's!) implementation. These are the values
# which seem to be generally agreed.
e7496e99e4628b7f9ffb 99ccfe2b90fd550b 60a73d387b517fca;
e7496e99e4628b7f9ffb 60a73d387b517fca 24c90cb05d668b27;
e5caf4dcc70e55f1dd90 b71cb0d009af2765 64f4877ae68a8a62;
e5caf4dcc70e55f1dd90 64f4877ae68a8a62 fee778a838a601cd;
# --- These are the results expected from the KEA spec ---
#
# A `?' indicates that I don't know what that digit's meant to be. I've
# derived the top 16 bits of the intermediate results from the spec.
# e7496e99e4628b7f9ffb 99ccfe2b90fd550b 2f30;
# e7496e99e4628b7f9ffb 2f30 740839dee833add4;
# e5caf4dcc70e55f1dd90 b71cb0d009af2765 8e27;
# e5caf4dcc70e55f1dd90 8e27 97fd1c6bd86bc439;
# --- Some more test vectors ---
#
# These are dreamed up by me. The above tests don't actually exhaustively
# test the F-table. There are 16 entries unaccounted for. The keys and
# plaintexts were generated using fibrand with seed 0.
cde4bef260d7bcda1635 47d348b7551195e7 f17b3070144aebea;
7022907dd1dff7dac5c9 941d26d0c6eb14ad a055d02c5e0eae8d;
568f86edd1dc9268 533285a6ed810c9b b4c22f4fb74c35dc;
689daaa9060d2d4b6003 062365b0a54364c7 08698d8786f80d16;
6c160f11896c4794846e cfa14a7130c9f137 d6db848b7cecdd39;
-- [mdw]
--
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Small h
Cryptography-Digest Digest #341
Cryptography-Digest Digest #341, Volume #11 Wed, 15 Mar 00 14:13:01 EST Contents: Re: how to introduce hs students to cryptography (Doug Stell) Weaknesses in Solitaire Algorithm Found (Albert Yang) Re: Q: Fourier and other transforms (Terry Ritter) Re: NIST, AES at RSA conference (Bo Dömstedt) Re: how to introduce hs students to cryptography (Andru Luvisi) Re: NIST, AES at RSA conference (Terry Ritter) From: [EMAIL PROTECTED] (Doug Stell) Subject: Re: how to introduce hs students to cryptography Date: Wed, 15 Mar 2000 17:57:34 GMT Attached is my example of small-number RSA. I generally use this after the Diffie-Hellman example, because of the slightly greater level of complication. It covers both signature and confidentiality modes. The example also introduces Chinese Remainder Theorem and Montgomery Multiplication. However, these would be too complicated to dump onto 12th graders. Example of the RSA Algorithm, on a 4-function Calculator Key Derivation == Alice picks the following numbers: Prime numbers: P = 11, Q = 17 Public exponent:E = 3E P-1, E Q-1 g.c.d.(3,10) = 1 (E relatively prime to P and Q) g.c.d.(3,16) = 1 Alice computes the following numbers: Public Modulus: N = P * Q = 11 * 17 = 187 Private Modulus: Phi[N] = (P-1) * (Q-1) = 10 * 16 = 160 Private exponent, using Euclid's Theorem: D = 107 D = (E)^-1 (mod Phi[N]) = (E)^(Phi[N]-1) (mod Phi[N]) = (3)^(P-1)*(Q-1)-1 (mod (P-1)*(Q-1)) = (3)^159 (mod 160) = 107 Check: E * D = 3 * 107 = 321 = 2(160) + 1 = 1 (mod 160) Alice's public key is [N, E] = [187, 3] - made public Alice's private key is [N, D] = [187, 107] - held in secret - Computation of (3)^159 (mod 160), via the successive square and multiply method: expressing the exponent in binary form: 159 - 1001, applying the exponent from right (LSB) to left (MSB) Successive squaring of 3 Accumulation of result - (3)^01 = 3 1 - 3 * 1 = 3 (3)^02 = 9 1 - 9 * 3 = 27 (3)^04 = 81 (mod 160)1 - 81 * 27 = 107 (mod 160) (81)^2 = 6,561 = 41(160) + 1 = 1 (mod 160) 81 * 27 = 2,187 = 13(160) + 107 = 107 (mod 160) (3)^08 = 1 1 - 1 * 107 = 107 (3)^16 = 1 1 - 1 * 107 = 107 (3)^32 = 1 0 - no mult. 107 (3)^64 = 1 0 - no mult. 107 (3)^128 = 1 1 - 1 * 107 = 107 Alice may discard prime numbers, P and Q, and Phi[N], as they are no longer needed, or she may use them to increase computation speed via the Chinese Remainder Theorem method. Encryption for Authentication, with private key (187,107) = Alice wishes to authenticate a message, M, the number 129, and send it to Bob. Alice, therefore, applies her private key pair (187, 107). Computation of cipher C = (129)^107 (mod 187), via the successive square and multiply method: expressing the exponent in binary form: 107 - 110,1011 applying the exponent from right (LSB) to left (MSB) Successive squaring of 129Accumulation of result -- - (129)^01 = 129 1 - 129 * 001 = 129 (129)^02 = 185 (mod 187) 1 - 185 * 129 = 116 (mod 187) (185)^2 = 34,225 = 183(187) + 4 = 4 (mod 187) 185 * 129 = 23,865 = 127(187) + 116 = 116 (mod 187) (129)^04 = 4 (mod 187) 0 - no mult. 116 (129)^08 = 16 1 - 16 * 116 = 173 (mod 187) (129)^16 = 69 (mod 187) 0 - no mult. 173 (129)^32 = 86 (mod 187) 1 - 86 * 173 = 105 (mod 187) (129)^64 = 103 (mod 187) 1 - 103 * 105 = 156 (mod 187) Therefore, the resulting cipher is C = (129)^107 = 156 (mod 187) -- Decryption of cipher 156 with public key (187,3) Bob uses Alice's public key pair (187, 3) to decrypt the cipher Computation of M = (156)^3 (mod 187), via the successive square and multiply method: Successive squaring of 129Accumulation of result -- - (156)^01 = 156 1 - 156 * 001 = 156 (156)^02 = 26 (mod 187) 1 - 26 * 156 = 129 (mod 187) Therefore, the recovered
Cryptography-Digest Digest #341
Cryptography-Digest Digest #341, Volume #10 Thu, 30 Sep 99 23:13:03 EDT
Contents:
Re: Perfect Shuffle Algorithm? (Alan Morgan)
Re: hidden channel in Peekboo (wtshaw)
Re: EAR Relaxed? Really? (Greg)
Re: On oldy encryptions (wtshaw)
Re: Cryptographic bit-length and the meaning (wtshaw)
Re: crypto export rules changing ([EMAIL PROTECTED])
Re: EFS ("Joseph Ashwood")
Re: RC4 weaknesses ("Richard Parker")
Re: Glossary of undefineable crypto terms (was Re: Ritter's paper) ("Trevor Jackson,
III")
Re: Cryptanalysis of 2 key TDES (Alfred John Menezes)
Re: EAR Relaxed? Really? (Johnny Bravo)
Re: EAR Relaxed? Really? (Bill Unruh)
Re: crypto export rules changing (Bill Unruh)
Re: msg for Dave Scott ("Douglas A. Gwyn")
Re: hidden channel in Peekboo (Tom St Denis)
Re: Compress before Encryption (Tom St Denis)
Re: msg for Dave Scott (Tom St Denis)
Re: msg for Dave Scott (Tom St Denis)
Re: Q: Burrows-Wheeler transform (Tom St Denis)
From: [EMAIL PROTECTED] (Alan Morgan)
Crossposted-To: sci.stat.math,sci.math
Subject: Re: Perfect Shuffle Algorithm?
Date: 30 Sep 1999 23:26:44 GMT
In article [EMAIL PROTECTED], Douglas A. Gwyn [EMAIL PROTECTED] wrote:
David Franklin wrote:
Firstly, I knocked up a brute force program to do this (took
about 5 mins to write), and got the same answer as Clive Tooth
(97020); the running time was just under 1 second. Which leads
me to wonder about the LCM solution being "much simpler and
faster" as the original interviewer apparently said. When the run
time is 1 second, it's hard to justify spending time speeding it
up (as a one-off problem at any rate).
But brute force doesn't scale well, while finding the cycles does.
You were just lucky that the period was only 97,020; it could have
been much larger if the parameters had been slightly different.
What is the longest possible period? How does one find the answer to
that without using brute force (nothing occurs to me, but I haven't
given it much thought).
Alan
--
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: hidden channel in Peekboo
Date: Thu, 30 Sep 1999 17:55:57 -0600
In article 7suik7$4od$[EMAIL PROTECTED], Tom St Denis
[EMAIL PROTECTED] wrote:
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (wtshaw) wrote:
It is an unfortunate condition that someone who just wants to get
encrypted information from point A to B must become a programming guru.
Certain popular algorithms do carry this burden. I would reject those
that carry this condition as being very bad for a practical world as there
are possible algorthms that do not seem to have such complicated and
obscure problems.
Yes, call demanding geek inspection related to security by obscurity.
But this is not security by obscurity. It's assumed security by difficulty
of solving either the DL or symmetric cipher.
Try to get beyond the abilities of those that post here and talk to the
people out there. I am really quoting the many people I talk to, as well
as what I feel, when I complain about the state of computer security, and
the geeking of the process. The public is not too happy in having to
depend on the people that brought them promise of a Y2K meltdown. Do not
think that all pros have much of a moral fiber either.
--
Still a good idea from Einstein: If you can't explain something clearly to a child,
you do not understand it well enough.
So much for models of trust, they generally are ill-founded.
--
From: Greg [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Thu, 30 Sep 1999 23:57:30 GMT
What I actually said PRIVATELY was for you to EMIT
your position publicly as a BEGINNING. You've gone
forward and reduced the contradiction. I'll grant
you GROUNDS once only, so here it is.
What do you mean by grounds? By beginning? What the hell
are you talking about?
What do you mean?
You might try the NATIONAL SECURITY ARCHIVES organization
for POSITION. I don't know if they have a presence on
the INTERNET now, but they did exist SOMEWHERE not all
that long ago, as far as I know.
As you may have been following the FBI investigation of
the COBBS CREEK MASACRE, they determined that CRIMES
WERE COMMITTED AND THEY CAN FIND NO CRIMINALS. They're
about to start in again on WACO. Can you set this
straight How's that for position
I have no clue what you were asking me in the first place.
If you cannot speak english like the rest of us, give it up.
--
Truth is first ridiculed, then violently opposed, and then it is
accepted as self evident ("obvious").
I love my president... I love my president... I love my president...
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (wts
Cryptography-Digest Digest #341
Cryptography-Digest Digest #341, Volume #9Mon, 5 Apr 99 04:13:04 EDT
Contents:
smartcards (was Live from the Second AES Conference) (Sandy Harris)
Re: True Randomness The Law Of Large Numbers (Dave Knapp)
Re: My Book "The Unknowable" (Paul Healey)
Re: "Kryptos" sculpture (Jim Gillogly)
Software for breaking polyalphabetic substitution ciphers (Gao Qing)
Re: Alert: "HAPPY99.EXE" e-mail/newsgroup virus ("Cameron McCormack")
Re: Random Walk ("Trevor Jackson, III")
Re: chosen-plaintext attack (wtshaw)
Re: chosen-plaintext attack (Sundial Services)
Re: Software for breaking polyalphabetic substitution ciphers (wtshaw)
Re: Extending a hash? (wtshaw)
Re: My Book "The Unknowable" ("David Starr")
Re: Extending a hash? (Peter Gunn)
Re: True Randomness The Law Of Large Numbers ("Douglas A. Gwyn")
From: [EMAIL PROTECTED] (Sandy Harris)
Subject: smartcards (was Live from the Second AES Conference)
Date: Sun, 04 Apr 1999 22:05:44 GMT
[EMAIL PROTECTED] (Bruce Schneier) writes:
: IBM's Pankaj Rohatgi explained how he got all 128 bits of
: a Twofish key after only 50 (that is 50 not 2^50) uses of a smart
: card!
I wonder how secure some of the other ciphers would be, if the kind of
optimizations Bruce suggested for fitting Twofish on a smart card were
applied to them. That is, if it were possible.
He said in his talk that every cipher is vulnerable. We've done this
sort of work, too, and we have found that you can't defend against
these types of attack with the algorithm. You can do some things with
the implementation and some things with the hardware, but basically
you need to defend in the protocol layer.
http://www.geocities.com/ResearchTriangle/Lab/1578/artic02.htm
Outlines some of the more easy obvious defenses you can put in
the implementation. No doubt not enough.
--
From: Dave Knapp [EMAIL PROTECTED]
Subject: Re: True Randomness The Law Of Large Numbers
Date: Sun, 04 Apr 1999 20:59:50 GMT
"R. Knauer" wrote:
I claim that there are only two valid sets for randomness:
Set #1: Reasonable certainty that the process is not random;
Set #2: Processed which do not exist in set #1.
Put into the language of statistics:
Null Hypothesis: A particular RNG is not random.
Alternate Hypothesis: That particular RNG is random.
There is no middle set of RNGs that are maybe random, maybe not random
on the basis of reasonable certainty. There is a definite area outside
the Z-score and a definite related area inside the Z-score. There is
no gray zone where things may be or may not be simultanously.
Incredible! You not only don't understand statistics, but you don't
understand decision theory even better!
Maybe it's not that impressive; decision theory depends to some degree
on statistical inference, etc.
Hey -- you ever hear of a thing called "fuzzy logic?" Look it up.
-- Dave
--
From: Paul Healey [EMAIL PROTECTED]
Crossposted-To: sci.math,sci.physics,sci.logic
Subject: Re: My Book "The Unknowable"
Date: Mon, 5 Apr 1999 00:52:37 +0100
In article 41%M2.9$[EMAIL PROTECTED], David Starr
[EMAIL PROTECTED] writes
karl malbrain wrote in message 7e1cvg$eti$[EMAIL PROTECTED]...
[-snip-]
While I AM fascinated BY your USE of CAPITAL letters, this WHOLE thread IS
off-TOPIC
for sci.crypt. For that MATTER, the FOLKS over in sci.physics and sci.math
probably AREN'T
ALL that interested, EITHER.
Have a NICE day,
-dave
Is this an interesting, relevant and or a worthwhile contribution ?
What do you think sci.logic is supposed to be about;
individuals trying to plug their own private
languages(this is not in the agreement with Decca News), so sci.crypt
can decode them or a dialogue on what constitutes a valid schema ?
Are you proposing, some kind of self censorship ?,
a path to real censorship on the unknowable --- on speculative logic.
Tell us, what you think you know in relation to this thread, so at
least, it might become clearer to yourself what you actually do know: I
think Chitin's notion, in the preface of his book, that there is no such
thing as a theory of everything, does itself presuppose such a
knowledge. That is, I have nothing against others discussing different
kinds of models and principles within; modal logic, intuitionistic logic
and paraconsistent logic etc., but lets not forget the context of this
forum: I am under no obligation to eschew a set of principles, that
happen to have value, simply because they are popular modes of reasoning
i.e. reductionist, positivist and formal
The question cannot be asked, how form is added to
essence, for it is only the reflection of essence into
essence itself, essence's own immanent reflection.
Book II of Heg
