[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

What's a "real encryptor"?



Fwd:
Date: Tue, 8 Feb 94 23:59:22 CST
From: Karl Lui Barrus <[email protected]>
Message-Id: <[email protected]>
To: [email protected]
Subject: bare min encryption
Status: R

Hm... I meant to send my last message to the list also, so if you
want to and you haven't deleted it :) please send it along (I deleted
my copy).  Forward this one too if you want (I have quoted private
mail from you so if you don't want to forward it that's fine!).

-----BEGIN PGP SIGNED MESSAGE-----

Xenon wrote:
>It was my perhaps naive impression that PGP could be stripped down of
>its "convenience features" to give an encryptor like what the
>dictionary says an encryptor is. Message in, "random" data out.

I'm not super familiar with the internal workings of PGP, but I'm sure
it could be "stripped down".  It's just a matter of ease of use.

The program I described earlier (RSA.tar.Z) is pretty minimal.  Secret
keys are just text, not locked by a hash of a passphrase, no "name"
information attached.  Public keys are the same: no username attached,
no web of trust, etc.  The output is in binary form, with no headers
or checksums or anything.  PGP has keyrings, this program requires you
to keep track of seperate public keys on your own.

I guess what you mean about PGP is if you want to know if a file is
PGP encrypted, you can just run PGP on it and it'll say.  It'll tell
you whether or not you have the appropriate secret key to decrypt
(unless you conventionally encrypt).  Not so with the RSA package, it
will quite happily decrypt a totally random file into another random
file.

The only "more bare" program I can see is just pure numbers :-).  Like
when I was taking a cryptography course and spent hours
working/playing with the protocols using Mathematica.  Just two large
primes, and encryption exponent and a decryption exponent!

>If such a bare RSA/IDEA program had been made, would its output in
>fact be indistinguishable from random data? How vigorously so? The

Well, I haven't run statistics tests on the RSA program output, but it
claims to be nothing but RSA.  So it's output should essentially be a
number, less than the modulus.  The program encodes numbers as ascii
strings, but that's it.

Karl Barrus
<[email protected]>

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVh6ZoOA7OpLWtYzAQGatwQAqNWUKjfc5hQ79d071zP7uKTEjj6ns+fb
Rfo94hJSgyhfUHVcYydusjBvpsIfQFc2TISuB/lt3cZqhFqGhezM3ajcPI380rfI
hrcMcbIRtQhs+B6Pd9FIF8r2kd5Yn4mrNt4j/z8J4APZUM6rb+/eTPbLFfGDFTQG
oexOHvDDdAo=
=jXMB
-----END PGP SIGNATURE-----

P.S. Given that PGP is already a standard, all that is needed is a
utility to strip down a PGP message, and later restore it, or some
sort of "Plug in" to a modular PGP version. - Nik (-=Xenon=-)