Domain: hiroshima-u.ac.jp
Stories and comments across the archive that link to hiroshima-u.ac.jp.
Comments · 10
-
Re:But this is India we are talking about
I like using long period PRNGs to make an effective one-time pad. How you initialize the PRNG is your key.
You understand that you need to hash the output of your PRNG before XORing with it, right? Just checking...
-
Re:But this is India we are talking about
If you're really interested, try reading a few pages here the summaries are short and easy to understand.
-
Re:But this is India we are talking about
Read up on CryptMT (which is copyright, so I use a non-IP protected variant with similar security properties.) Write me back when you have brute force tried 2^19936 keys on a trivial stream, then try that on a stream that starts at a key-selected point in a large image file, lots of data to load into memory just to "try" each key, increases cost of breaking considerably.
Since I am a US citizen and marketing a Crypto product for export, I have agreed to reveal the algorithms to the Department of Commerce upon their request (they haven't requested, yet). Before you get all indignant about the invasions of personal freedoms by the US government, etc. etc., consider what other nations of the world do.
Not revealing the algorithm makes cryptanalysis harder, but the central assumption is that, whether by reverse engineering of the code, coersion, or other methods, the algorithm will someday be revealed. Even when that is true, you still need the key. For personal private communications, I think a relatively weak 56 bit key is appropriate (would take your little sister, using tools downloaded from script kiddies, several weeks using Daddy's 2012 engineering class PC 24-7 to break one message). If the contents of the message are of high value, you can always use the "breakable" outer layer to conceal a message encrypted with stronger methods. If you have a lot of communications encrypted with "breakable" crypto, it makes it harder to find that one "breakable" message that contains a hard (or impossible) to break core.
Mostly, I just don't want my ordinary private communications (things I would normally not say over a megaphone in a packed stadium), indexed, archived and searchable for less than a penny per thousand words. Strictly speaking, I don't have anything "to hide", but I think it is indiscrete to use clear text on GMail if you don't want to see your words on MSNBC in a few days.
-
Re:But this is India we are talking about
Due to the nature of psuedo random number generators, a known plain text attack can tell us everything we need to know about the next iteration of your cipher.
Yes, of course, if the same key is reused (many times over LARGE messages). Also, encrypting a long stream of nulls is a great way to help a cryptanalyst break a stream cipher. There is a long list of ways to misuse stream, block, and all manner of cipher schemes. I am not alone in use of PRNGs for stream ciphers.
I do believe that CryptMT faces a certain amount of negative pressure for real-world use because it is virtually impossible to brute force, if you use long keys. Most of the popular cipher schemes seem to dance just outside the realm of practical breaking - AES128 demonstrated broken by a large cooperative, well AES256 must be good enough?
-
Re:But this is India we are talking about
Encryption is crackable
True, encryption _CAN_ be cracked, by hook or by crook
Are you talking about this form of cracking? Because, with a sufficiently long secret key, it is proven impossible to break.
I like using long period PRNGs to make an effective one-time pad. How you initialize the PRNG is your key.
-
A Slightly More Expensive Method
A slightly more expensive but somehow even more random method is to seed the generator against the words and phrases that come out of the mouth of South Carolina's Miss Teen USA.
But in all seriousness, I wonder how this compares to the Mersenne Twister (Java implementation & PDF)that I use at home? I am almost sure this new proposed method is more efficient and faster, when will there be (I know, I'm lazy) a universal implementation of it? :)
Also, this may be a stupid question, but I wonder how one measures the 'randomness' of a generator? Is there a unit that represents randomness? I mean, it would be seemingly impossible to do it using observation of the output so I guess all you can do is discuss how dependent it is on particular prior events and what they are, theoretically. Can you really say that this is 'more random' than another one because you have to know so much more before hand about the particular machine & its fingerprint in order to predict its generated number? -
Re:Lingue Franca
http://home.hiroshima-u.ac.jp/tkura/linux/fra.pdf
Turns out we were both wrong. It's not "acute" nor is it "aigeu" - it's "aigue". And "ala" actually makes sense to a lot of people. That's why a lot of people spell it "ala". To the people that know better ("a la" or even better with the accent grave) it's a bastardization but even THEY know what the writer meant. We should relax about stuff like that. -
Re:Don't seem too excited
I think Mersenne primes are good for psudorandom number generators.
-
Mersenne Twister instead
And this is better than Mersenne Twister (http://en.wikipedia.org/wiki/Mersenne_twister) with improved initialization because...? Even completely determinate, MT is preferable because brute force searching the number of starting states exceeds heat death of the universe. Full discussion at http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/e
m t.html -
Re:PhreakingShort jargon file entry on it. If you're bored some day, be sure to read the report/short story on phreaking in the anarchists's cookbook, it's quite entertaining.
phreaking
/freek'ing/ [from `phone phreak'] n. 1. The art and science of cracking the phone network (so as, for example, to make free long-distance calls). 2. By extension, security-cracking in any other context (especially, but not exclusively, on communications networks) (see {cracking}). At one time phreaking was a semi-respectable activity among hackers; there was a gentleman's agreement that phreaking as an intellectual game and a form of exploration was OK, but serious theft of services was taboo. There was significant crossover between the hacker community and the hard-core phone phreaks who ran semi-underground networks of their own through such media as the legendary "TAP Newsletter". This ethos began to break down in the mid-1980s as wider dissemination of the techniques put them in the hands of less responsible phreaks. Around the same time, changes in the phone network made old-style technical ingenuity less effective as a way of hacking it, so phreaking came to depend more on overtly criminal acts such as stealing phone-card numbers. The crimes and punishments of gangs like the `414 group' turned that game very ugly. A few old-time hackers still phreak casually just to keep their hand in, but most these days have hardly even heard of `blue boxes' or any of the other paraphernalia of the great phreaks of yore.