[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Q.E.D. reply to Perry Metzger
>
> IPG Sales writes:
> > Some of you have sardonically written to say "Nihil Est
> > Demonstrandum," N.E.D. because an OTP must be derived from a
> > hardware source, that is, it must be a pure random sequence
> > of limitless entropy. Accordingly, they unbashfully assert
> > that an OTP generated by a computer program is not possible.
> >
> > How do they know that? Does the Bible tell them so, or the
> > Koran, or do they get it from the Torah? Why not cite the
> > source of their certainty instead of advancing an unsupported
> > proposition.
>
> See Claude Shannon's papers on information theory. [Available as: C.E.
> Shannon, Collected Papers: Claude Elmwood Shannon, N.J.A. Sloane and
> A.D. Wyner, eds., New York: IEEE Press, 1993.]
>
> Shannon invented information theory in 1948 and 1949. Part of his
> papers discuss the information theory of cryptosystems. He
> mathematically proved that only a O.T.P.. using non-reused physically
> random numbers could provide what he termed "perfect secrecy". I
> accept mathematical proofs above the Koran or the Bible. (The Torah is
> a subset of the Bible.)
As in so many other cases, you are so F.O.S. that it is
unbelievable. Your eminence pontificating about it does make
it true. Furthermore, Shannon certainly did not prove that
physically random numbers are required to provide what he termed "perfect
security." I believe that closer reading and interpretation will reveal
that what he was saying was that any mathematical series other than truly
random numbers can theoretically be reconstructed by some means, including
brute force, should that be required. Obviously that is true.
I do not disagree with the fact that brute force can be used to
attack the algorithm that I have advanced. It you try all of the
possible OTPs, PRNG encryptor streams, against the ciphertext, then only
a limited few and maybe only one meaningful plain text can be obtained.
There is absolutely no dispute about that. Accordingly, Shannon
is quite correct in saying that it is not "perfect." It is not perfect in
a mathematical sense, and in that limited sense only, you are correct.
However to try all possibilities, is mathematically impossible - thus the
algorithm must be attacked analytically - as EVEN you, or anyone else,
will be able to clearly see, if you examine the algorithm, it cannot be
attacked analytically.
My algorithm most certainly does NOT produce a theoretical pure Random
Number Stream, accordingly it is a PRNG, but it most certainly does
produce an OTP that meets each and every requirement of such, other
than some theoretical definition that you seek to impose on it by your
dogmatic words. You do not have to take my word for it, the FULL
ALGORITHM, which has never before been published, is set out on our web
site.
There is no mathematical proof that my PRNG streams are not an OTP -
because they are OTPs. There are 156.8816 megabytes of raw encryptor
stream data at our site. They constitute 10 OTPs, all using the same key,
only the message numbers vary.but with different message numbers only.
> > I do not mean to be rude,
>
> You are anyway.
>
You are so vane, so crass, so dogmatic, so blinded by your opinions,
that you obviously look at yourself in the mirror wheneever given the
opportunity. You do niot know what the hell you are constantly
pontificating about. talking aboutand including the one under discussion
herein. Why not show everyone your prowess by telling us what the key and
the As, Bs, and Cs, are they were used to generate the 156.8816 megabytes
referred to above. Of course, you cannot, so you bray like an ass to cover
up your crypto impotence.
> > but excuse me, what
> > scientific proof can they offer for that immovable avowal?
>
> See above.
See above
>
> > There is no scientific proof whatsoever, none at all,
>
> See above.
See above
>
> > except
> > for the words and their steadfast, and maybe self serving,
> > postulate.
>
> See avove.
See above and below
>
> > Accordingly, obviously it is they, not us, who are
> > the ones that have "Nihil Est Demonstrandum," in this matter.
>
> See above.
See above
>
> > There is not one scintilla of sustainable evidence to support
> > such a doctrine.
>
> See above.
See above and below.
>
> > While the vast majority of people knowledgeable about
> > cryptography have not heretofore believed that it is possible
> > for software to produce an OTP,
>
> It is not possible.
It is absolutely possible, Q.E.D.
>
> The information content, or entropy, of the key stream is necessarily
> no larger than its keyspace. That is, if you have a software
> pseudo-random number generator using an N bit seed, the entropy of the
> keyspace is necessarily never greater than N. This is mathematically
> certain -- no amount of prayer on your part can change that.
>
> > that does not make it a
> > scientific fact,
More of your meaningless B.S. - Obviously you wrote your reply before
you read my entire message.
>
> Sorry, its even better -- a MATHEMATICAL fact.
>
You saying it, like a lot of other supercilious crap that oozes out of
you brain as "write bites," does not make it so. All kinds of crap is
running loose up there, you need to get it under control someway.
It is absolutely not perfect in the Shannon sense, but it does not have to
be theoretically perfect to fulfill the requirement of being an OTP. You
definition of an OTP, or a OTP as you mistakenly refer to it, is an
extraneous mathematical definition that people have mistakenly
extrapolated from Shannon.
> > In support of their position, some have pointed out that John
> > von Neumann, to paraphrase, stated that ARITHMETIC cannot
> > produce random numbers,
>
> von Neumann meant any deterministic algorithm, actually.
>
There you go again, pulling things out of you crazy hat, head, running
off at the brain again, stating a falsehood and hoping that people will
overlook it. I assume that you held a seance with von Neumann and he told
you that from the great beyond, since that is clearly not what he said. A
careful reading of von Neumann does not reveal that he said one thing and
meant another. He used the word ARITHMETIC, if he meant something else he
world have said so. Furthermore, he was referring random numbers, and to
repeat emphatically, my algorithm is a PRNG, but it also happens to be
an OTP, as we can prove. Q.E.D.
> > We stipulate the obvious fact that the encryptor stream
> > generated by EUREKA is a PRNG stream, though we do consider
> > it gross denigration to castigate it as ONLY a PRNG stream.
>
> If it is a PRNG, you do not have a One Time Pad, period. What you have
> is a stream cipher.
>
It is a stream cipher, but it is also an OTP, just as a hardware sourced
RNG is a stream cipher that is also an OTP.
>
> Furthermore, past examination has shown you have a POOR stream cipher.
>
Did you see the movie, Dumb and Dumber - you are obviously getting dumber
and dumber and dumber - would I have come back to you 5 months later with
the same thing - you are obviously brain dead - as I have stated on
numerous occasions, the previous proffer was only a part of the overall
algorithm, to solicit help from some of the cypherpunks, which I did get.
The so
called breaking with "Known Plain Text," was an absolute farce, it
would have applied to only one message where it could be applied, if at
all - it did not apply to the whole system, each OTP was, and is
completely different - but that is beside the point, we did make some
changes to negate other possible attacks, but those were modest changes.
Any one that looks at the algorithm, which obviously, as a self proclaimed
crypto Diety, you have not deign to do, can determine that it is in now
way what you have looked at before.
> > It is a PRNG issue that also happens to be an extremely well
> > behaved OTP sequence, with limited but ample entropy, as well.
>
> If the entropy is limited, you do not have a One Time Pad, period, end
> of discussion, its over.
>
You say that Shannon, or you, or someone can prove that
mathematically, so let's see someone do it. 156.8816 megabytes of raw
encryptor stream output should be enough to work with - if you need more,
I can provide same. I agree that theoretically it can be broken by
brute force but that is patently impossible as you can quickly discern if
you examine the algorithm and try it, instead of salivating your
mouth off with baseless blabber. Obviously, my algorithm does not produce
a pure random stream. I agree with Shannon that it is not "perfect,"
but it most certainly is perfect enough to meet any and all practical
requirements, now and forever.
> > It meets each and every criteria rationally established for an
> > OTP in all reasonable aspects.
>
> Set by WHOM? By you? Your criteria bear no resemblance to those
> accepted in general. Are you one of those people who sells someone a
> loaf of bread and says "this is an automobile, by every criterion I
> have set for automobiles"?
>
There you go again, strutting about and spreading your pretentious turkey
droppings, manure, all over the place.
As you know, I headed the OTP group at NSA, and while there I conceived and
implemented, under the direction of Abraham Sinkov, Dottie Bloome, Leon
O'mera and William J. Cherry, LONE STAR, the Library of ONe time pad
Encryption Statistical Analysis Routines. I was responsible for the
generation and computer analysis of OTPs at NSA. I have worked on
thousands of OTPs, both in the generation of, and comprehensive analysis
of same, including looking for repetitive usage of the same OTP, including
direct as well as nth degree derivatives, over the last 40 years, at NSA
and at Mauchly-Wood. I make no claim that I am the world's greatest OTP
authority, or even an authority on them like you obviously THINK you are,
but I think that I have more than a little knowledge about the subject of
OTPs.
That brings up something that utterly fascinates me. Which is your
frequent oblique writings about VERONA, or is it VENONA, or maybe it is
VERONICA, or maybe even VERONIKA - anyway you know what I mean. Would you
be so kind as to enlighten me, us, about that subject - I would like to
finally find out what really happened from an authoritative source. How
were we able to break some of those messages. Please help me, us, out with
details instead of blabber.
For those who have not seen my resume', it together with dozens and
dozens of references, many of whom are well known, and some of whom you
may know, is posted on our web site, but obviously that does not prove
anything, except to provide a point of reference.
The point is that we have disclosed the complete algorithm, for the first
time at the web site, so let's see someone provide us with the key or the
ABCs. Our server is downloading an enormous number of the
algorithms/data/statistical tests, over 1,000 so far, so we assume
someone is testing it and evaluating it.
And for you to claim that my contention is analogous to comparing bread
to an automobile, petty nonsense and mindless hyperbole.
> > Think about that simple supposition for a moment. What do we
> > mean by an OTP?
>
> Something different from what everyone else means, so it makes no
> difference.
Obviously something different from what YOU, and most others,
mistakenly think it means. It is not some esoteric, theoretical
mathematical meaning that has no relation to our real world. It is a tool
to encrypt and decrypt messages with, it is not a mathematical formula. If
you say that a random number sequence is not generated, I agree. If
however, you go on and add that, "thus by definition it is not an OTP,"
then that is patently and absolutely a false statement, though subscribed
to by most of the cryptography community. You are a mix-master
stirring up cryptography and IT, and you simply cannot homogenize
them into a fully blended mix.
I assert that an OTP is a tool used for encryption which by definition,
can never be used again, and which consists of a sequence of bits which
can not be derived by any POSSIBLE, not theoretical but POSSIBLE, means.
Granted, our stream could theoretically be derived by trying all of the
possible 10^34322 keys/table values, but that is theory, it is absolutely
clear that there is no way to try all the possibilities, or even the first
800 bits of an encryptor stream. Any relatively informed mathematician
can quickly discern that there is no analytical attack that can be made
against the stream, it is that simple, as readers/evaluators will find.
If the only method of cracking the system is by brute force, and that is
impossible, then it is absolutely an OTP for encryption and decryption
purposes, which is its purpose - it is not something to define in IT
writings. Our algorithm is absolutely not perfect in the theoretical
sense but it is PERFECT as far as the ability to determine the underlying
plain text is concern.
>
> > Not only that, but you can prove it to yourself, Q.E.D. We
> > maintain that it is discernible to any knowledgeable person
> > who probes the algorithm, that the only analytical tack that
> > can be mounted against EUREKA is brute force and that is
> > patently impossible.. One of your Cpunk colleagues says he
> > uses Triple DES, 168 bits, and he does not believe that it
> > can be brute forced - I agree, 3-DES, 10^50+ possibilities,
> > cannot be brute forced now, or in the foreseeable future -
> > then what about the EUREKA's 10^34322 possibilities,
> > 10^34271+ greater than 3-DES? No way, not now, not ever.
> > Furthermore, EUREKA is an order, or more, magnitude faster
> > than triple DES, easier to use, much more secure, etal.
>
> I believe that we have already established that your cipher is easy to
> crack, so your claims that it is hard to crack really don't matter.
>
> Perry
>
To repeat, we have made some a changes, and for the first time disclosed,
detailed, the FULL ALGORITHM at great length at our web site. The reason
that you do not want to argue that is obviously because you are absolutely
impotent in that regard and you are unable to dispute facts, so you
blindly conjure up some witches brew of words and think that people will
never know the difference. To paraphrase John Dean, the truth will always
come out and your ass braying will never stop that truth.
Don Wood,