Searching \ for 'Small crypto talk Was: Re: Download Eagle PCB v3.' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/pcbs.htm?key=pcb
Search entire site for: 'Small crypto talk Was: Re: Download Eagle PCB v3.'.

Truncated match.
PICList Thread
'Small crypto talk Was: Re: Download Eagle PCB v3.'
1999\03\11@071651 by Pavel Korensky

flavicon
face
At 10:06 11.3.1999 +1300, you wrote:
>It is, of course, the "one time pad" - both agree on a common text
>and scramble (usually XOR on a character by character basis) your
>message with the common text starting at an agreed point. Reverse
>operation at other end (or same operation for xor) retrieves text. A
>single almost randomly chosen CD (preferably holding text files)
>would provide you with 100's of MB of key files.

Or better, with good hardware RNG (I am using one home build, PIC based)
generate large file (like 50MB) of random numbers, hash them etc. and you
have perfect one-time random pad. This file can be attached (with some
steganographic program) to let's say holiday pictures, burnt into CD and
delivered to other side.
When used as a key, such encryption is really theoretically uncrackable.

PavelK

**************************************************************************
* Pavel KorenskyÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ *
* DATOR3 LAN Services spol. s r.o.ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ *
* Styblova 13, 140 00, Prague 4, Czech Republic      ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ *
*ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ *
* PGP Key fingerprint:Ê F3 E1 AE BC 34 18 CB A6Ê CC D0 DA 9E 79 03 41 D4 *
*ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ *
* SUMMA SCIENTIA - NIHIL SCIREÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ *
**************************************************************************

1999\03\12@002714 by Russell McMahon

picon face
Typical processor based RNG's which use an algorithm would be
dangerous - they would amenable to cryptographic attack., However, a
true random number generator using eg diode thermal noise etc would
fit the bill.



Russell McMahon

From: Pavel Korensky <spam_OUTpavelkTakeThisOuTspamDATOR3.ANET.CZ>


>Russell mcMahon wrote: It is, of course, the "one time pad" - both
agree on a common text
>and scramble (usually XOR on a character by character basis) your
>message with the common text starting at an agreed point. Reverse
>operation at other end (or same operation for xor) retrieves text. A
>single almost randomly chosen CD (preferably holding text files)
>would provide you with 100's of MB of key files.

Or better, with good hardware RNG (I am using one home build, PIC
based)
generate large file (like 50MB) of random numbers, hash them etc. and
you
have perfect one-time random pad. This file can be attached (with
some
steganographic program) to let's say holiday pictures, burnt into CD
and
delivered to other side.
When used as a key, such encryption is really theoretically
uncrackable.

1999\03\12@012850 by Sean Breheny

face picon face
At 11:06 AM 3/12/99 +1300, you wrote:
>Typical processor based RNG's which use an algorithm would be
>dangerous - they would amenable to cryptographic attack., However, a
>true random number generator using eg diode thermal noise etc would
>fit the bill.
>

Yes,but don't you want something with a uniform distribution? IOW, a one
time pad where all posible values are equally likely? You can't get this
directly from diode noise,since it has a non-uniform distribution (I'm
guessing here,maybe Gaussian or Laplacian?),which would also open it up to
attack since some numbers would be more likely than others and patterns
would emerge. You would have to look at the distribution which your diode
setup produced,and run it through a function which mapped it to a uniform
distribution (usually in computer algorithms,this is done in reverse,a
pseudorandom uniform distributed generator is mapped to some other desired
distribution,such as gaussian).


Sean

|
| Sean Breheny
| Amateur Radio Callsign: KA3YXM
| Electrical Engineering Student
\--------------=----------------
Save lives, please look at http://www.all.org
Personal page: http://www.people.cornell.edu/pages/shb7
.....shb7KILLspamspam@spam@cornell.edu ICQ #: 3329174

1999\03\12@023021 by Zonn

flavicon
face
On Fri, 12 Mar 1999 01:27:54 -0500, Sean Breheny <shb7spamKILLspamCORNELL.EDU> wrote:

>At 11:06 AM 3/12/99 +1300, you wrote:
>>Typical processor based RNG's which use an algorithm would be
>>dangerous - they would amenable to cryptographic attack., However, a
>>true random number generator using eg diode thermal noise etc would
>>fit the bill.
>>
>
>Yes,but don't you want something with a uniform distribution? IOW, a one
>time pad where all posible values are equally likely? You can't get this
>directly from diode noise,since it has a non-uniform distribution (I'm
>guessing here,maybe Gaussian or Laplacian?),which would also open it up to
>attack since some numbers would be more likely than others and patterns
>would emerge. You would have to look at the distribution which your diode
>setup produced,and run it through a function which mapped it to a uniform
>distribution (usually in computer algorithms,this is done in reverse,a
>pseudorandom uniform distributed generator is mapped to some other desired
>distribution,such as gaussian).

You'll find no patterns in the thermo noise of a diode. Unless something's wrong
with your circuit, like outputting all ones?

When I've needed truly random patterns in the past, I've used a 16 bit sound
card and sampled the hiss between FM radio stations, and then concatenated the
lowest order bit of the 16 bit words, into a string of bytes.

The lower the sample rate, the better the guarantee the sampled noise will be
truly random.  At too high a sample rate you run into the frequency response of
the radio, at which point consecutive samples may return the same value.

A 1khz sample rate works fine.

-Zonn

1999\03\12@092939 by Sean Breheny

face picon face
Hi Zonn,

At 07:29 AM 3/12/99 GMT, you wrote:
>You'll find no patterns in the thermo noise of a diode. Unless something's
wrong
>with your circuit, like outputting all ones?

Well,I may not have been clear about what I meant by pattern: Take for
example, the white noise produced across a resistor due to thermal effects.
It has a Gaussian distribution. This means that values near zero are more
likely than say, 1 volt,across the resistor! This is an extreme example,
but it also means that values or around 1uV are more likely than 5uV,etc.
So,if you were to make a one time pade which was,say,the number of
microvolts times 16,most of he numbers in your one time pad would be in the
range 0 to 16 * sigma, where sigma was sqrt(4*k*T*R*B),which might be say
4uV. So, you would get almost NO values greater than 64. Upon thinking
about it more,I must admit that this probably could be minimized by
increasing the gain,so that our range of values was well within the sigma
range. Still,I would think it better to apply a little algorithm to the
data to make higher values more likely,so that ridiculously high gain
wasn't needed.

I'm not saying that a diode is unsuitable, just warning that someone should
examine the distribution of their output to make sure that it is reasonably
random and uniform (not the same thing,since not all random processes show
no law-LIKE behavior,in this case,procuding lower voltages more than higher
ones).

>
>When I've needed truly random patterns in the past, I've used a 16 bit sound
>card and sampled the hiss between FM radio stations, and then concatenated
the
>lowest order bit of the 16 bit words, into a string of bytes.
>

Well, I think if you were to actually look at the whole 16 bits,you'd find
that very few times were the highest bits set(unless you had the volume up
very high or extra amplification),since the noise from the radio is almost
never putting 5V (or whatever was your Vref for the ADC) across the
speaker. You actually did something to fix the situation,by only using the
lowest bits,which were very close to the zero point on the Gaussian "bell",
therefore very close to a uniform (abs. level) distribution because the
slope of the Gaussian is very small near zero.

>The lower the sample rate, the better the guarantee the sampled noise will be
>truly random.  At too high a sample rate you run into the frequency
response of
>the radio, at which point consecutive samples may return the same value.
>
>A 1khz sample rate works fine.

That makes sense to me.

>
>-Zonn
>

Sean

|
| Sean Breheny
| Amateur Radio Callsign: KA3YXM
| Electrical Engineering Student
\--------------=----------------
Save lives, please look at http://www.all.org
Personal page: http://www.people.cornell.edu/pages/shb7
.....shb7KILLspamspam.....cornell.edu ICQ #: 3329174

1999\03\12@152519 by Zonn

flavicon
face
On Fri, 12 Mar 1999 09:28:06 -0500, Sean Breheny <EraseMEshb7spam_OUTspamTakeThisOuTCORNELL.EDU> wrote:

{Quote hidden}

Hi Sean,

Actually the highest bit is also all over the place since the sample is a signed
value and constantly jumping above and below zero, regardless of amplitude.

But your point is taken.  Of course given an infinite number of bits in the
sample, the values will always be skewed towards zero.  You can increase the
gain to effect higher and higher bits, (beyond 64 counts in your diode example,
and beyond +/- 32767 in my sound card example), and you can then argue given a
32 bit sample size it's doubtful the higher + or - values will be approached.

By not using the bits as a whole sample, but by using only one bit per sample,
you remove all skewing of data towards any value.

It's mathematically impossible to predict exactly the value of a physical noise
source (FM hiss, noisy diode) based on previous values.  You of course can
predict that the amplitude will be within a range supplied by you, but you will
not know where in that range it will be.

If you'd like to run some analysis of the white noise generated by the FM
approach I'd be more than happy to send you a sample.  You'll find that all
values are just as likely as any other, +/- a few *random* counts on each value
(which is also unpredictable).  It is complete white noise. This is the case
using the lowest bit, highest bit, any bit.  (Remember it's signed, and
regardless of it's amplitude you cannot know whether it will be above or below
zero given on any particular sample, as long as the sample rate is lower than
the frequency response of the FM radio being sampled.)

I only used the lowest bit because I didn't trust my sound card, or FM radio, to
have an exactly zero volt offset, and this could have an effect on the highest
bit.

-Zonn

1999\03\13@052949 by Mark Willis

flavicon
face
Sean Breheny wrote:
>
> <snipped>
> I'm not saying that a diode is unsuitable, just warning that someone should
> examine the distribution of their output to make sure that it is reasonably
> random and uniform (not the same thing,since not all random processes show
> no law-LIKE behavior,in this case,procuding lower voltages more than higher
> ones).

 Alternative solutions:
 Swap bits around in numbers you read (re-map the bits.)
 Mod every number by some quantity (same as only taking the rightmost n
bits, effectively, if you mod by 2^n;  If you MOD by 15, though, you get
different numbers, etc)
 Perform a "contrast stretch" mapping of the numbers you get (i.e.
FORCE a more uniform distribution of resulting numbers, in one way or
another.)
 Use multiple different crypto methods serially, adding "garbage"
blocks in around the known good data, after each encryption is done
(yes, you end up with more data - data's cheap to transmit nowadays
though).  i.e. if you UUEncoded a text post, added half of "Mary had a
little lamb" in front and in back, Xor'ed the mess with 0x3B (rotating
that XOR key 3 bits left after each Xor, and adding 1 to the key before
the next Xor), then UUEncoded the results, PKSFX'ed the results, and
sent an .exe file, you can see that though each step's easy to undo, the
cumulative result's harder to undo (simplifying here, but you get the
idea.)
 Stuff the whole thing in the low order bits of a 24-bits per color GIF
file you post on your obscure "computer aided Artwork" web page.
Partner has the original artwork series, easy enough to do this one.

 It's stupid (imho) to think you can possibly even figure out that
someone sufficiently smart's sending something encoded - unless you know
they have reason to send encoded info.  And the most likely people to
want to send encoded things, legitimately, are businesses (Confidential
company information, etc.) - Dunno if it's right at all for the people
who work inside the government to be ABLE to steal such information, as
some might "go into business for themselves."

 (Also one side note - we REALLY should get back to PICs sometime! -
I've never trusted "key escrow" - as if I want to pick on you & I'm a
government agent, I just store all encrypted comms you ever send - then
if I EVER get a valid search warrant, for some specific piece of
information (faked from a "confidential informant" or not), I can "go
fishing" and steal, loot, and pillage your (rightfully!) confidential
information, at my leisure;  Quite illegal in the real world to do
this;  And by keeping a copy of the keys, could continue to do so,
illegally...  "Key Escrow" means no right to privacy, unless & until
they change it so that only a key for a certain piece/pieces of
information is released, time limited or otherwise somehow limited...
When no-one is allowed to watch the watchers, design failsafes INTO the
system, SHEESH!  <G>  I'd never trust Clipper to keep company secrets
safe, myself, unless it changed a lot since the time I looked at it,
it's been a while though...)

  Mark

More... (looser matching)
- Last day of these posts
- In 1999 , 2000 only
- Today
- New search...