Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:14 ADT
William H. Geiger III (whgiii@invweb.net)
Thu, 09 Jul 1998 10:30:52 -0500
-----BEGIN PGP SIGNED MESSAGE-----
In <199807091435.KAA18295@jekyll.piermont.com>, on 07/09/98
at 10:35 AM, "Perry E. Metzger" <perry@piermont.com> said:
>Cicero writes:
>> What do you see as the problems with:
>>
>> 1. Hash the data
>> 2. Encrypt the data in CBC mode with the hash as key
>>
>> If the hash and cipher are both strong, this should be good.
>What I see wrong with this is that it is voodoo, not analysis.
>Anyone can "tell you" that just hashing with a good hash "should" be good
>if you know how many bits of entropy are present, but I've learned not to
>trust "should" in this field. Guesswork isn't scientific analysis. What I
>want is something like a mathematical proof that, if the hash has some
>given property or properties (say, the strict avalanche criterion), then
>distilation works. Then all you need is to make yourself reasonably
>certain that the hash possesses said properties and you are done.
>One would have expected that someone would have come up with literature
>long ago giving good proofs about entropy distillation and telling you
>whether it was okay or not and/or how to do it in a way that is provably
>good. Unfortunately, the research simply hasn't been done. I've begged
>several cryptographers to do research on the field, but thus far, not
>much has happened.
>By-the-seat-of-the-pants-ism is okay in many fields related to computers,
>but in cryptography it is deadly.
Agreed 1000% !
>I remember early on, before Hugo Krawczyk demonstrated why you didn't
>want to naively append a key to a text and then hash it to produce a MAC,
>saying "oh, this should just work fine" and proposed it for use in IPSEC,
>and even got fairly mad when Hugo mumbled about it not necessarily having
>a strong basis in the field. Then Hugo demonstrated a much better
>mechanism (HMAC), complete with mathematical proof, and I had to retreat
>with my tail between my legs.
>In this field, especially as the base level of cryptosystems gets better,
>attacks will be focused more and more on little chinks in the
>cryptographic armor. I prefer not to leave them through sloppyness.
I have only found 1 Web Paper on this subject after spending ~10hrs of
search engines and following links:
http://www.io.com/~ritter/RES/RNGMACH.HTM
"Random Number Machines: A Literature Survey"
Terry Ritter
He gives a brief overview of 22 Papers that have been written over the
past 40 years on the subject of RNG's starting with a RAND paper from '55
and ending with a paper from CRYPTO '94 dealing with Randomness from air
turbulence in Disk Drives.
Unfortunately none of these papers seem to be online. It also seems to be
a very scant study of this field for only 22 papers in 40 years. Also most
of the papers seem to be original works with no peer-review papers.
There is an article by Nisley from 1990 on using the RM-60 from Aware
Electronics (the device that I am using and started this thread) but from
Ritter's review the article it centers mostly on the software written by
Nisley and not on any analysis of using a Geiger-Muller tube as a RNG.
I plan on trying to obtain copies of these 22 papers but I have a feeling
that it will not be a one day task.
- --
- ---------------------------------------------------------------
William H. Geiger III http://users.invweb.net/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://users.invweb.net/~whgiii/pgp.html
- ---------------------------------------------------------------
Tag-O-Matic: If at first you don't succeed, work for Microsoft.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBNaTn849Co1n+aLhhAQH4lwQAmiq+gF1w9RuRT1bqzwTnaRuFEVpM2PeR
hP3NO4UQ3zGeDcH2jNneMx94wp3wiG7cHO9YmT5rVoSJwCqxiRfQn/GKTYjPASRI
U7SsbDaSTzO5uJLXvzlh4dt0ZyobI0WzCWG3aaqaOiE+ghchMwmR5INgmhxB9yVo
rGjTxElZgqI=
=CEAy
-----END PGP SIGNATURE-----
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:14 ADT