[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.programming

An advantage of RSA encryption

Mok-Kong Shen

8/1/2015 2:53:00 PM


The fact that anyone could send an encrypted message to the owner of
a RSA public key in asymmetric encryption could be highly valuable in
cases e.g. activists in non-democratic countries send (if they manage
to anonymously send, eventually from an Internet cafe etc.) encrypted
messages to the press in democratic foreign countries containing
informations that, for some reasons, should not be immediately revealed
to the public, nor known to any third parties. The press might prefer
obtaining such anonymous encrypted messages. The public key is simply
announced in the media. (No certificates and CAs are needed at all!)

For a fairly simple and self-sufficient code (employing not
probabilistic but provable primes) to perform end-to-end RSA
encryption, see http://s13.zetaboards.com/Crypto/topic/...

M. K. Shen
31 Answers

Johannes Bauer

8/1/2015 6:17:00 PM

0

On 01.08.2015 16:52, Mok-Kong Shen wrote:

> For a fairly simple and self-sufficient code (employing not
> probabilistic but provable primes) to perform end-to-end RSA
> encryption, see http://s13.zetaboards.com/Crypto/topic/...

The fact that you rely on Python's random library for generation of
random numbers for cryptographic purposes reveals that you know
absolutely nothing about cryptography at all. Since you quote the HAC
maybe you should try to actually *read* it as well.

Don't try to convince people that you know what you're doing by fancy
shmancy stuff like provable primes. Instead, maybe focus on not trying
to make horribly amateurish mistakes like using "import random" for
cryptographically secure RNG.

Cheers,
Johannes

--
>> Wo hattest Du das Beben nochmal GENAU vorhergesagt?
> Zumindest nicht öffentlich!
Ah, der neueste und bis heute genialste Streich unsere groÃ?en
Kosmologen: Die Geheim-Vorhersage.
- Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1@speranza.aioe.org>

Mok-Kong Shen

8/1/2015 9:05:00 PM

0

Am 01.08.2015 um 20:17 schrieb Johannes Bauer:
> On 01.08.2015 16:52, Mok-Kong Shen wrote:
>
>> For a fairly simple and self-sufficient code (employing not
>> probabilistic but provable primes) to perform end-to-end RSA
>> encryption, see http://s13.zetaboards.com/Crypto/topic/...
>
> The fact that you rely on Python's random library for generation of
> random numbers for cryptographic purposes reveals that you know
> absolutely nothing about cryptography at all. Since you quote the HAC
> maybe you should try to actually *read* it as well.
>
> Don't try to convince people that you know what you're doing by fancy
> shmancy stuff like provable primes. Instead, maybe focus on not trying
> to make horribly amateurish mistakes like using "import random" for
> cryptographically secure RNG.

PRNs may be directly used as in stream encryption with xoring or
indirectly used. Depending on how indirectly the PRNs are employed,
it could be practically impossible to get from the result of using
the PRNs step by step to the values of the PRNs. Just to indicate
the idea: Suppose an array of
n objects are given and one uses n-1 PRNs to get with Fisher & Yates
a permuted array. (Note that at the base these PRNs are real-valued.)
Now it is practically very hard, I would say barely feasible, to
reconstruct from the two arrays the sequence of n-1 PRNs with sufficient
accuracy and with that information find the seed of the
PRNG. If one does the permutation a second time and it is required to
reconstrct from the first and last array the PRNs, the task would be
evidently infeasible.

In the Maurer's algorithm there is nowhere a mention that the PRNs
used must be from a CSPRNG. So the requirement is statistically
satisfactory, which Python's PRNG satisfies extremely well.

M. K. Shen

Mok-Kong Shen

8/2/2015 2:32:00 AM

0

Am 01.08.2015 um 23:04 schrieb Mok-Kong Shen:
> Am 01.08.2015 um 20:17 schrieb Johannes Bauer:
>> On 01.08.2015 16:52, Mok-Kong Shen wrote:
>>
>>> For a fairly simple and self-sufficient code (employing not
>>> probabilistic but provable primes) to perform end-to-end RSA
>>> encryption, see http://s13.zetaboards.com/Crypto/topic/...
>>
>> The fact that you rely on Python's random library for generation of
>> random numbers for cryptographic purposes reveals that you know
>> absolutely nothing about cryptography at all. Since you quote the HAC
>> maybe you should try to actually *read* it as well.
>>
>> Don't try to convince people that you know what you're doing by fancy
>> shmancy stuff like provable primes. Instead, maybe focus on not trying
>> to make horribly amateurish mistakes like using "import random" for
>> cryptographically secure RNG.
>
> PRNs may be directly used as in stream encryption with xoring or
> indirectly used. Depending on how indirectly the PRNs are employed,
> it could be practically impossible to get from the result of using
> the PRNs step by step to the values of the PRNs. Just to indicate
> the idea: Suppose an array of
> n objects are given and one uses n-1 PRNs to get with Fisher & Yates
> a permuted array. (Note that at the base these PRNs are real-valued.)
> Now it is practically very hard, I would say barely feasible, to
> reconstruct from the two arrays the sequence of n-1 PRNs with sufficient
> accuracy and with that information find the seed of the
> PRNG. If one does the permutation a second time and it is required to
> reconstrct from the first and last array the PRNs, the task would be
> evidently infeasible.
>
> In the Maurer's algorithm there is nowhere a mention that the PRNs
> used must be from a CSPRNG. So the requirement is statistically
> satisfactory, which Python's PRNG satisfies extremely well.

I have to add:

(1) In my first paragraph n has to be of some not too small value.
In a degenerate case of a very small value for n, my argument could
eventually become problematical.

(2) Maurer's algorithm has the goal to deliver a provable prime
that is well randomly (uniformly) distributed in the statistical sense,
i.e. not necessarily in any cryptologically secure sense, over the set
of all primes of a specified size. See HAC p.152. Thus the PRNG
employed clearly needs only to be statistically good. Given that, the
security of an RSA encryption employing the keys generated with
Maurer's algorithm is dependent on the security of the RSA algorithm
and not dependent on any cryptological property of the PRNG employed
to implement Maurer's algorithm. I hope that this is clear.

M. K. Shen

Johannes Bauer

8/2/2015 5:37:00 PM

0

On 01.08.2015 23:04, Mok-Kong Shen wrote:

> In the Maurer's algorithm there is nowhere a mention that the PRNs
> used must be from a CSPRNG. So the requirement is statistically
> satisfactory, which Python's PRNG satisfies extremely well.

It is unfortunate that you do not realize how blatantly obvious the
requirement for high-quality entropy sources for key generation really is.

Looking at the forum entry you posted you got exactly this advice
already about one year back and haven't even considered the implications
of your botched implementation. I'm not going to invent the time to
explain the blatantly obvious to you when you have sufficiently proven
that you ignore any advice which is given to you.

Cheers,
Johannes

--
>> Wo hattest Du das Beben nochmal GENAU vorhergesagt?
> Zumindest nicht öffentlich!
Ah, der neueste und bis heute genialste Streich unsere groÃ?en
Kosmologen: Die Geheim-Vorhersage.
- Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1@speranza.aioe.org>

Mok-Kong Shen

8/2/2015 7:05:00 PM

0

Am 02.08.2015 um 19:36 schrieb Johannes Bauer:
> On 01.08.2015 23:04, Mok-Kong Shen wrote:
>
>> In the Maurer's algorithm there is nowhere a mention that the PRNs
>> used must be from a CSPRNG. So the requirement is statistically
>> satisfactory, which Python's PRNG satisfies extremely well.
>
> It is unfortunate that you do not realize how blatantly obvious the
> requirement for high-quality entropy sources for key generation really is.
>
> Looking at the forum entry you posted you got exactly this advice
> already about one year back and haven't even considered the implications
> of your botched implementation. I'm not going to invent the time to
> explain the blatantly obvious to you when you have sufficiently proven
> that you ignore any advice which is given to you.

If HAC and Maurer don't mention that a CSPRNG is required to
implement Maurer's algorithm, I can't imagine that they (both)
had by pure chance forgotten to do that, if a CSPRNG were indeed
necessary to do that implementation.

M. K. Shen

J. Clarke

8/3/2015 10:50:00 AM

0

In article <mpimf8$cc7$1@news.albasani.net>, mok-kong.shen@t-online.de
says...
>
> The fact that anyone could send an encrypted message to the owner of
> a RSA public key in asymmetric encryption could be highly valuable in
> cases e.g. activists in non-democratic countries send (if they manage
> to anonymously send, eventually from an Internet cafe etc.) encrypted
> messages to the press in democratic foreign countries containing
> informations that, for some reasons, should not be immediately revealed
> to the public, nor known to any third parties.

If it should not be immediately revealed to the public or known to any
third parties, then sending it to "the press in democratic foreign
countries" is the action of a fool.

> The press might prefer
> obtaining such anonymous encrypted messages. The public key is simply
> announced in the media. (No certificates and CAs are needed at all!)

I'm sure the press would be happy to obtain anybody's secrets. Which it
would immediately publish.

> For a fairly simple and self-sufficient code (employing not
> probabilistic but provable primes) to perform end-to-end RSA
> encryption, see http://s13.zetaboards.com/Crypto/topic/...
>
> M. K. Shen

Mok-Kong Shen

8/3/2015 4:29:00 PM

0

Am 03.08.2015 um 12:50 schrieb J. Clarke:
> In article <mpimf8$cc7$1@news.albasani.net>, mok-kong.shen@t-online.de
> says...
>>
>> The fact that anyone could send an encrypted message to the owner of
>> a RSA public key in asymmetric encryption could be highly valuable in
>> cases e.g. activists in non-democratic countries send (if they manage
>> to anonymously send, eventually from an Internet cafe etc.) encrypted
>> messages to the press in democratic foreign countries containing
>> informations that, for some reasons, should not be immediately revealed
>> to the public, nor known to any third parties.
>
> If it should not be immediately revealed to the public or known to any
> third parties, then sending it to "the press in democratic foreign
> countries" is the action of a fool.

Sorry, I don't understand you. An activist may know only some small
part of the stuffs involved, which the foreign journalists, having
obtained the hints, could do fruther researches with their own means
and resources. Consequently the non-democratic governments (the "third
parties") preferrably shouldn't know yet that some critical
informations have already been leaked out that way.

>> The press might prefer
>> obtaining such anonymous encrypted messages. The public key is simply
>> announced in the media. (No certificates and CAs are needed at all!)
>
> I'm sure the press would be happy to obtain anybody's secrets. Which it
> would immediately publish.

I disagree. See above.

M. K. Shen

>> For a fairly simple and self-sufficient code (employing not
>> probabilistic but provable primes) to perform end-to-end RSA
>> encryption, see http://s13.zetaboards.com/Crypto/topic/...
>>
>> M. K. Shen

Kaz Kylheku

8/3/2015 5:31:00 PM

0

On 2015-08-02, Mok-Kong Shen <mok-kong.shen@t-online.de> wrote:
> If HAC and Maurer don't mention that a CSPRNG is required to
> implement Maurer's algorithm, I can't imagine that they (both)
> had by pure chance forgotten to do that, if a CSPRNG were indeed
> necessary to do that implementation.

This doesn't need to be spelled out, because the assumption that anyone
qualified to be reading the material isn't dumb as a fucking brick.

Mok-Kong Shen

8/4/2015 12:45:00 PM

0

Am 03.08.2015 um 19:31 schrieb Kaz Kylheku:
> On 2015-08-02, Mok-Kong Shen <mok-kong.shen@t-online.de> wrote:
>> If HAC and Maurer don't mention that a CSPRNG is required to
>> implement Maurer's algorithm, I can't imagine that they (both)
>> had by pure chance forgotten to do that, if a CSPRNG were indeed
>> necessary to do that implementation.
>
> This doesn't need to be spelled out, because the assumption that anyone
> qualified to be reading the material isn't dumb as a fucking brick.
>
Your sentence is a bit ambiguous. Do you mean CSPRNG is required or
not in the present context? If yes, please kindly explain a bit.
(Note anyway that in HAC there is given a way to implement a CSPRNG
with RSA. So, if a CSPRNG were required to implement RSA, that
would lead to a viscious circle.)

M. K. Shen

Richard Heathfield

8/4/2015 1:01:00 PM

0

On 04/08/15 13:44, Mok-Kong Shen wrote:
> Am 03.08.2015 um 19:31 schrieb Kaz Kylheku:
>> On 2015-08-02, Mok-Kong Shen <mok-kong.shen@t-online.de> wrote:
>>> If HAC and Maurer don't mention that a CSPRNG is required to
>>> implement Maurer's algorithm, I can't imagine that they (both)
>>> had by pure chance forgotten to do that, if a CSPRNG were indeed
>>> necessary to do that implementation.
>>
>> This doesn't need to be spelled out, because the assumption that anyone
>> qualified to be reading the material isn't dumb as a fucking brick.
>>
> Your sentence is a bit ambiguous.

I don't see how.

> Do you mean CSPRNG is required or
> not in the present context? If yes, please kindly explain a bit.

Kaz means that a CSPRNG is required for Maurer's algorithm. My
explanation of Kaz's meaning is by way of a parallel. Consider an
algorithm for filling a bucket with water:

Step 1: place the bucket under the tap
Step 2: turn the tap on
Step 3: monitor the flow of water
Step 4: when the bucket is full, turn off the tap

At no stage does the algorithm say "ensure that the ambient temperature
and pressure are such that the water is in liquid form" or "ensure that
gravity is working" or "ensure that your bucket has no holes except the
one for allowing water in at the top", but we may safely deduce these
facts from the context, and anyone who needs these conditions to be
spelled out may experience self-esteem challenges when their IQ is
compared to that of a brick.

Kaz - fair summary?

--
Richard Heathfield
Email: rjh at cpax dot org dot uk
"Usenet is a strange place" - dmr 29 July 1999
Sig line 4 vacant - apply within