This web page was compiled from text which has appeared in actual issues of Cryptosystems Journal.
I have extracted that text, so that people can say in their own words, their thoughts about Cryptosystems Journal.
These have been listed in reverse chronological order (most recent Volume first).
I enjoy the Journal very much, although I do not seem to have enough time to spend on cryptography -- too many other hobbies and distractions! But the subject is of considerable interest to me. I am busy installing programs on my two new computers (486DX2's -- one laptop and one desktop). And I have to learn Windows ... which I hoped I never would need.
I really look forward to delving into Volume 3 -- It's more intriguing than an Agatha Christie novel! I am truly delighted and impressed with Volume 3. It is a work of art as well as a real reference tome! Thanks for the great job on the Journal -- it is a real contribution to the state of the art for crypto enthusiasts."
-- We. A. Whitcraft, Jr., Massachusetts
Even though we're quiet, we're still a patient and very impressed audience, and I'd personally like to let you know how much we appreciate the enormous amount of work you've had to do to make the Journal available to the rest of us.
Thanks again for your efforts, and very best regards."
-- William J. Riordan, Massachusetts
-- Stuart Bouchey, Virginia
-- Guy Cole, California
-- Jerome Delcourt, France
-- A. Duncan Chiquoine, New York
[It is true that this is a "labor of love", it was Henry Ford who said "see how much you can give for a dollar instead of how little". (full quote is in Volume 1 Number 2].
-- Dr. Stanley Cohen, New York
-- Mark Johnson, California [Indeed, page 11 contains the review of Volume Three which appeared in Cryptologia.]
And, the Journal is right down my alley. Not that I'm a programmer, just a little Quick Basic; or a cryptanalyst (some of the editors at Cryptologia will agree).
In the Journal I got to your comments on the Bacon cipher, and then to page 37 where you sing the praises of Steganography. You are indeed a fellow of my own perceptions.
While trying out your disk I ran a Julia program without knowing what I was doing. Fortunately, the HP LaserJet 4 was on, and I got six of your beautiful fractals. You are a very clever fellow, Mr. Patti. My regards."
-- Penn Leary, Nebraska
-- Hugh Roberts, E-Mail
-- David Hamer, E-Mail
-- Joseph Oefelein, New Jersey
"It has been about 2½ years since the last issue of this excellent journal. Most of the delay was caused by a house fire but it has been worth the wait as Patti has produced his largest cornucopia of cryptologic nuggets to date, and in color.
Articles include Borland's Turbo Pascal Version 7, Frequency Distribution Program for Windows, Windows Random Number Testing, a tutorial on the PEAK Cryptosystem where the algorithm, key, and block size are all extensible, PGP (Pretty Good Privacy), A step-by-step guide for building and testing a GigaHertz RANGER Device (random number generator), Julia Sets, Feathery Fractals, the PostScript Language, and a major contributed story and program on Warlock, A New Matrix-based Paradigm for Public Key Cryptography.
There are also book reviews and many other short articles on a variety of cryptologic topics. Diskettes contain files and executable programs for all featured algorithms, and Frequently Asked Questions (FAQ) from the USENET SCI.CRYPT newsgroup. To complete a terrific package, the masthead contains a Baconian cipher and the bar code at the top of each page is also a cipher.
A folder describing the Journal's purpose and the contents of each issue is available on request."
"Some seven years ago we called our readers attention to the Cryptosystems Journal when Volume 1 Number 1 appeared in 1988. It was a labor of love, published and edited by Tony Patti. That first issue was 31 printed pages. But its biggest feature to the crypto community was an accompanying set of three disks packed with helpful programs.
Now somewhat over two years since the last issue, Volume 3 [dated December 1994] was released. The delay was caused by the editor's home burning down and its concomitant problems. Fortunately he had followed safe computing practices and had off-site backups of all but the most recent critical materials. The 158-page, four-color journal was worth the wait. Even for the most avid speed reader there is enough material to keep busy for two or three months unless one was willing to give up going to work. Along with a copy of the current issue I received a note from the editor which stated: "hope that you will not be disappointed." I can tell our readers now that I am overjoyed by this volume.
Along with the printed pages are two 3.5 inch disks. Together they have over 118 programs and files covering 2.38 MBytes. Probably of most interest to the average computer security director or staff member, aside from the numerous articles and detailed testing and explanation is the availability in one place of the Cryptography FAQ. This is a 10 part selection for the SCI.CRYPT board."
"I agree with Dr. Sanford Sherizen's article 'Information Security Is Good Business' in the November/December issue: Today's communications infrastructure does leave a company vulnerable to computer criminals. However, there are two points that I would like to emphasize.
First: The greatest threats come from individuals within an organization itself, partly because these individuals have physical access to, as well as knowledge of, the systems.
Second: Encryption is the technology that requires the greatest resources to defeat, but with today's fast computers it requires few resources to implement. I receive many publications each month, but yours is one of the few I read from cover to cover.
-- Tony S. Patti, Editor and Publisher, Cryptosystems Journal, Holland, Pa."
On the topic of APL (which was written about in Volume 2 Number 1) I know a little. For the PC-type computers there are 3 types:
The first two types are very powerful and would be natural for crypto work. As shown in the book Mr. Babbage's Secret Tale of a Cypher and APL by Frantsen and published by Prentice-Hall. "J" on the other hand is another step forward in programming. Something for my retirement to master. It is the only APL that runs on my HP95.
Volume 2 Number 2 was most interesting. I enjoy your writing. You do good work."
-- John R. Clark
Professor Emeritus, Computer Information Systems and Mathematics
-- Elizabeth Bancroft
Director, National Intelligence Book Center
-- Stuart H. Bouchey, Virginia
[Ed: I completely agree. I had hoped to be able to create such a program for this volume, but we will have to wait until the next Volume.]
-- Dr. Harold Joseph Highland, FICS
Editor-in-Chief, Emeritus, Computers & Security
-- Dr. Patrick Maslen
-- John Barnard
-- Cliff Wheatley, Pennsylvania
-- The Computer Supplement #16 to the Cryptogram, July 1992, page 6.
-- Louis Kruh, Cryptologia, October 1992, page 343.
-- Don Lancaster, Electronics Now, November 1992, page 74.
"I especially enjoyed "E-Mail Snooping" in your September issue. While this article focuses on employers' monitoring of employees' e-mail messages, there's a flip side to the coin: Corporate secrets are also at risk. Indeed, some years ago I caught (via system activity logs) a system administrator who made a practice of reading whatever confidential management documents she wished.
Encryption is the single best technology for ensuring information privacy of the type discussed in your article. I suggest your readers consider high-quality end-to-end encryption, wherein a message is encrypted at its source and decrypted at its destination. In this way, a higher level of data security is provided because the information does not exist as plain text at any intermediate point".
"Your question about the origin of the term "Tempest" reminds me about one of the open U.S. Congress committee hearings covering computer security that I attended during the mid-1980s.
After the prepared statement by an employee of the U.S. Department of Defense, one of the congressmen asked if the term Tempest that had been used in the statement had anything to do with the phrase, 'a tempest in a teapot.' The DOD employee replied 'no'. Nonetheless, I feel that this phrase, 'tempest in a teapot,' is powerful at describing modern electronic technology in this context. You have a storm (see the dictionary definition of tempest) of electronic signals operating within a conductive and grounded teapot (oops, I mean case).
Also, tempest derives from the Latin tempus, meaning time, hence our word temporal. This is also an apt tie-in since electronic signals are hunted for, found, and measured with oscilloscopes and spectrum analyzers, which operate in the time and frequency domains, respectively.
In partial answer to another question that was raised in the issue, I suspect that some part of the decrease in purchases of Tempest equipment is related to the reports of shielded buildings being built. Clearly, if your entire building is shielded, you can purchase less expensive computers to go inside the building."
"I want to tell you how much I enjoyed building and using the 125-MHz Logic Probe, which was described in the February 1994 issue of Popular Electronics. In the past I had used an oscilloscope to test circuit functionality, but I have found this logic probe to be considerably quicker, in part because the audible tone allows me to keep my eyes on the board instead of moving back and forth between the circuit board and the oscilloscope screen. I have been working on hardware random-number generation (very important for ultra-secure secret codes), using an array of 16 crystal oscillators, each of which operates up to 80 MHZ, so I especially appreciate the 125-MHZ bandwidth of the logic probe. Keep up the great work!
Dear Algorithm:
I was extremely pleased to see my favorite mathematical curve, Euler's Spiral, in
Algorithm. I was disappointed that Cornu, and not Euler, was given credit for this curve. The standard equations for this curve
are:
These equations are taken directly from Page 266 of Leonhard Euler's book Methodus Inveniendi Lineas Curvas Maximi Minimive proprietate gaudentes which was published in 1744 and is a celebrated work on the calculus of variations. The spiral does go by many names (which is testimony to its importance and utility), including "Euler's Spiral", "Clothoid" ("Clothoide" in French, "Klothoide" in German), "Cornu's Spiral" ("Spirale de Cornu" in French), and "Fresnel's Spiral" ("Spirale de Fresnel" in French).
The curve originated from Euler's study of an elastic spring. Euler acknowledged (on page 264 of his book) Johannes Bernoulli's work (in 1694 in his memoir Curvata Laminae Elasticae) concerning elastic lamina, but Euler is generally considered to be the first person to understand the real nature of this spiral. It was not until 37 years later (in 1781, shortly before Euler's death) that Euler determined and wrote the equations for the asymptotic points (at the centers of the spirals). Euler clearly worked with this spiral over an extended period of time.
Fresnel deduced in 1818 that the intensity of the illumination at any point of a diffraction pattern utilizes a similar equation (combining together a variation of the two equations shown above) into one equation for the variable "I" (for intensity). That is why these are sometimes called Fresnel's integrals.
It was not until 1874 (more than a century after Euler wrote of this spiral) that Cornu plotted Euler's Spiral (based on a table that Gilbert had published in 1861). The American Mathematical Monthly stated in 1918 that calling this spiral "Cornu's Spiral" is "highly inappropriate" based on Euler's previous work.
The equations shown above are Three Dimensional (x and y are functions of v). Using a version of my Pascal Program which displays three dimensional graphics with true 3-D perspective (previously written about in the March 1991 issue of Algorithm), the attached computer-generated graphic shows Euler's spiral in both its 3-D and 2-D greatness (this image and program were previously published in my Cryptosystems Journal Volume 2 Number 2). We stand today on the shoulders of giants...
"I am pleased to hear that you are continuing your publication. I should like to compliment you on your exposition of Galois Fields. It is the clearest and most understandable one I have ever read."
-- Marvin Kessler, California
"I identify with the gentleman in Volume 2 Number 1: my intro to the charms of hobby cryptography was also via Detective Fiction Weekly. My grandfather subscribed to it but cared only for the stories, so in the early thirties (in Los Angeles) I began solving 'grams. What with discovering girls and getting my first ham license (W6GAM) at about the same time in 1932, I began to drift away from other hobbies and never really got back into cryptography until after I retired some years ago. It follows that my mathematics is long behind me, unfortunately (and for some very strange reason I always got along better with quantum mechanics and complex variables than I did with matrix and set theory). I doubt that I'll ever be truly comfortable with the math behind your work, though I grasp enough of it to get an intuitive if not detailed understanding of it."
"After reading through Volume 1, the first issue of Volume 2, and running some of the programs, I am more than a little amazed at both the quantity and the quality of the contents of the Journal and the disks -- and all as a "spare time" hobby, and with a family to keep happy at the same time! I feel a bit guilty that I will not likely be a contributor of anything more substantial than appreciation and continued membership."
"I think that you are doing a fine job at maintaining a balance between enough challenge to make it interesting but not so heavy as to drive away all but very serious mathematicians. So keep it up (as much as you can); I especially look forward to excursions into chaos theory and fractals."
-- Burt Andrews, Maryland
"Another fabulous issue. I can't figure out whether the programming, the text, or the ideas are the best. But all are far superior to what is usually dispensed in any and all fields and I can only imagine how much work you put into it."
-- Dick Mesirov, Pennsylvania
"On page 89 of Volume 2 Number 1 you mention the MS-DOS PROMPT command. Below is the PROMPT that I have in my AUTOEXEC.BAT file (and which I claim no originality for). Try it! Maybe you'll like it too!!
PROMPT $e[35;44;1m$e[s$e[1;67H$d$e[2;67H$t$h$h$h$e[u$P$G$e[33;44;1m
Keep up the good work."
-- Bob Margeson, New Hampshire
"I've enjoyed Vol. 2, No. 1 very much, and have completed construction of the RANGER device [in Volume 2 Number 1]. During the construction, I thought of an improvement to your design; let me explain:
Why not have TWO oscillators (or even four, for that matter) driving separate 74LS161's. The output from the two least significant bits of each of the 161's then goes into 2 & 4, and 6 & 8 of the 74LS240. By using two oscillators that have almost the same frequency, one would obtain a "pseudo-Vernam" constantly wrapping bit counter number stream with a very, very long period. This "periodicity" is assuming that the oscillators will always start at exactly the same time, and at the same point in the output curve. probably real doubtful...
Further developing the idea, if the device had FOUR separate oscillators operating at as close as possible, but not identical, frequencies, you might be able to characterize the output as "QuadroPseudo-Vernamish" in nature... You would be concatenating four different constantly wrapping bit counter number streams. Each oscillator would drive a separate 161, and the LSB output from each of the 161's would input into 2, 4, 6, and 8 of the 240.
I may be wrong in my naming on the concatenating of the two [or four] bit counter number strings as the Vernam method. I got the idea from Kahn, pp. 397, last paragraph, wherein Moorehouse simply encrypted a 1K keytape with a .999K keytape and obtained a secondary keytape 999K in length.
Of course, from a hardware standpoint, the noisy Zener diode method is a lot simpler & requires less power.
Congratulations on another fine issue; I'm looking forward to V. 2 No. 2."
-- Hugh Roberts, Colorado
[Ed: Great idea! See the 16-oscillator RANGER device in this issue! The Zener diode is essentially analog, while the crystal oscillators allow an all-digital really-random number generator. Sixteen oscillators allows doing away with the 74LS161 counters and instead 74LS175 latches are used.]
[Ed: and a second letter from Hugh]:
I've been doing some reading in the area of voltage parameters for certain electronic components, i.e., outputs within operating voltage limits, and the thought struck me concerning a conversation we had some time ago about getting TTL oscillators that are of poor quality so as to induce an additional source of randomness. I recall that the manufacturers would not consider giving up their rejects. [Ed: this is true, I wrote to a dozen manufacturers and received nary a response]
Why not operate the TTL oscillator below its minimum standard operating voltage? If the idea is correct, the oscillator should operate less precisely below the minimum of its specified voltage. If you're operating your "matrix" of 16 oscillators and getting good results, why not have one of the oscillators in the first rank outputting really poor quality oscillations???
-- Hugh Roberts, Colorado
[Ed: perhaps a reader will try this and report on the results of this experiment. It would be possible to have two power supplies (with a common ground) -- a small 5-Volt power supply for the 74LSxxx IC's and a second (1 Amp) voltage-adjustable power supply for the crystal oscillators.]
The July 1990 issue of The Cryptogram contained a brief review of Volume 2 Number 1. The review stated that the issue contained "a virtual tutorial on the subject of Galois Fields" and several other "noteworthy articles".
The July 1990 issue of Cryptologia reviewed Volume 2 Number 1 and highlights "as justification for studying Galois Fields, Patti cites an NSA recruitment brochure which lists Galois theory as an important mathematical tool".
The August 1990 "Hardware Hacker" column in Radio-Electronics contained an announcement of my free 3-D "Lorenz Attractor Owl's Mask chaos theory programs". This program is enclosed on the diskette in this issue.
The book "The Magic Machine: A Handbook of Computer Sorcery" contains (as a reprint of the April 1989 Scientific American), mention of Cryptosystems Journal on pages 305 and 347.
The March 1991 issue of Algorithm contains a "Letter to the Editor" which I wrote answering a question of another Algorithm subscriber about the Lorenz Attractor and describing and offering my 3-D Lorenz Attractor software.
The June 1991 issue of Computer Technology Review contains a letter I wrote entitled "Encryption has both a Public and Private Life". This corrected mistakes in the article "Encryption Angles, Multitier Complete Security Solutions" which appeared in the December 1990 issue. The thesis of my letter is that the secret-key-based cryptosystems which appear in Cryptosystems Journal are intrinsically more secure than the public-key-based cryptosystems which the December 1990 article erroneously presented as being the most secure available.
The December 1991 issue of Delaware Valley Computer User contained a letter I wrote talking about the easiest way to implement EDI (Electronic Data Interchange) for business computer communications. I wanted to demystify the process which a recent issue had portrayed as a very difficult and expensive process (it is not).
Volume 15 of The Computer Supplement to The Cryptogram contained mention of this journal and my offer of free cryptosystems (the GF and HILL diskettes).
Cryptologia Volume 16 Number 1 contains an article entitled "In Appreciation" where I am one of 34 people who are thanked for their assistance to Cryptologia.
And Computers & Security continues to reference Cryptosystems Journal in its "Abstracts of Recent Articles and Literature".
-- Mark Nadir, Florida
From there, I graduated to Helen F. Gaines classic text on Elementary Cryptanalysis which covers many, if not all of the encryption/decryption techniques available in her time. However, the war, earning a living, marriage and raising a family have all taken precedence over my cryptographic education, but since I have retired (2 years ago), I would like to once more achieve some expertise in this field. However, at the present time, I am little more than a dabbler in the simple substitution area, and not a very good one at that.
However, I have put together a rather extensive (and I think a very good) library of cryptography which I hope to delve into in the next few months. Since I will be 68 this month, time is running out.
In the mean time, my best sources of information on the subject, (just in case you are unaware of their existence are):
-- Marvin Kessler, California
[ed: I too have memories going back to approximately fifth grade. I remember a small black paperback book (title long forgotten) which covered many exciting secret topics including among other things writing invisible messages using lemon juice which magically appeared when heated. We are fortunate to live in a time where we have the intellectual tools (PCs) which can greatly expand our own capabilities. Although I have never had too great an interest in breaking codes, please read my review on page 83 in this issue of John Taber's CRYPT program which solves substitution ciphers. -- Tony]
I would especially like to see the following subjects covered: Stream Ciphers, Public Key Systems, and possibly cryptanalysis of some of the algebraic based ciphers.
I know that the topics I mentioned could not possibly be covered adequately in one volume; however, I feel that focusing on ciphers which require "secret" keys is in itself insecure. Perhaps a volume devoted to Public Key Cryptography might be fruitful, if it is feasible within the philosophy of Cryptosystems Journal.
The other subjects I mentioned might be highlighted by references to good research sources or possible implementations/concepts currently circulating in those particular areas of cryptography. These comments are general at best and are only issued in a constructive manner. Your journal is an excellent source of material for the amateur cryptographer."
-- Chuck Perry, Texas
[Ed: I agree with you (and other readers) that there is much of interest in public-key (as contrasted with secret-key) systems. It is true that the secret-key systems rely on the secure distribution of the key via (typically) a low-bandwidth channel such as a courier. Public-Key Systems are indeed a topic which I hope to discuss at some point in the future. One problem I face is that the RSA system (which is arguably the best) is protected by U.S. Patent. However, there are other fairly secure public-key systems, and I should probably implement one of these in the future. -- Tony]
-- Cecil Collins, Canada
[ed: Indeed, many have said that the letter by "name withheld by request" was right on target and clearly stated the need for more tutorial articles. I hope that this issue continues to bridge this gap. When I was in school I always preferred to write a computer program versus writing a paper -- with a program you generally know when you are done -- with a paper (or a journal!) there is always a feeling that more could be done to improve the writing... -- Tony]
-- Dick Mesirov, Pennsylvania
-- Hugh Roberts, Colorado
-- Waldo Winterburn, California
-- Greg Miller, Pennsylvania
-- Cecil Collins, Canada
I just finished reading through Volume 1, and am looking forward to Volume 2.
The Journal is very interesting -- I like its broad scope, and the many references and reviews. I too, would like to see more tutorial material ("Galois Fields"?). I admire your enthusiasm!
I think it is great to get the nuts and bolts information regarding cryptosystems implementations on the IBM PC. Certainly some of this material is widely applicable."
-- Tim Blancke, Massachusetts
-- Kenneth Madl, Colorado
[ed: It is true that the journal has taken considerable time and energy (the two fundamental particles in the universe?). It is also true that I don't have any free time, but I feel at this time that this is the most important contribution I can make to education and science. It is one way that I can give back something to this wonderful society and time that we live in. In some ways this is the very first time ever that these cryptosystems are achievable -- they require widespread and powerful computers with advanced compilers (there are something like 40,000,000 PCs in the world today). PC technology has been around long enough to be stable and develop a powerful base of software functionality; plus there is every expectation that PCs will be around for several more decades as a result primarily of advancements by Intel in developing even more powerful microprocessors (see further discussion of this topic on page 92). While others may concentrate their efforts on writing programs for computers such as the IBM 3090 mainframe, I much prefer to work one-on-one with a PC. Perhaps sometime in the future, someone will build upon the results of this journal just as today we build on the work of Lester Hill, David Kahn, and other giants. We can see further than ever before, not just because we stand on their shoulders, but also because we have the toolds today that were not even dreamed of a generation ago! -- Tony]
-- Donald F. Whiting
Assistant Secretary of State
State of Washington
[ed: Our free society is based, among other things, on the privacy and free speech rights of the individual. Cryptography is widely recognized in fulfilling these roles (coded secret messages were transmitted by our founding fathers in the 1700s). I am very pleased that today the application of cryptography, computer science, mathematics, and statistics has the potential application of ensuring the integrity of the free election processes which are also fundamental to our representative democracy. -- Tony]
The Journal has continued to receive exciting reviews:
-- Ken Madl, Colorado
[Ed: The STU-III is the latest member of the government's Secure Voice Programs. There have been a series of three such programs (the information in quotes is from the publication "Defending Secrets" reviewed on page 21):
"Some years ago I purchased an IBM PC and enjoyed learning how to program it. Then I looked around for applications; not wanting to go the way of most hobbyists who end up collecting public domain software as though they were making a stamp collection. I then discovered the American Cryptogram Association and its Computer Supplement, which, by the way, leads me to you. I have written some programs to handle some of these classical, paper and pencil, cryptosystems but eventually concluded that I was working more with word problems than cryptology."
"Some reading about cryptology convinced me that modern cryptology was a better application to contend with; the problems are more challenging and the solutions are more closely tied to the workings of a computer, an emergent benefit for one fascinated by both topics. A bit more reading and it was quite clear that modern cryptology is applied math, far removed from the classical cryptology that I began with."
"And thus my problem. I am mathematically illiterate and am unable to read the books you have reviewed, although they exist in my library. I can get the general idea of what you are writing about in your Journal but only at the level of conversational knowledge. For me, the Journal appears to be written for people who already know what is being said and not the neophyte that would like to learn what the words mean. Thus I suggest that you have a section for neophytes, since I would like to believe that there are more of us, and that by following the specific suggestions in such a section, a veritable course syllabus, you would eventually bring us all to the point that we could then go back and reread the earlier issues. In my case, the only one I know, you can assume that I am aware of matrices from introductory books on computer programming, know what a prime number is, but no more than this of number theory, and that algebraic coding is only a book in my library. On the other hand, you can also assume that I am a computer literate."
"Individuals of my kind are simply overwhelmed by the knowledge that is assumed by practitioners such as you and with the best of intentions, cannot see how to proceed a bite at a time. To prepare such a map would not be a light undertaking and there would have to be enough of us to make it worth your while. At the same time it must be remembered that cryptology to the likes of us is a hobby and not a vocation, even to one retired."
"I enjoy the Journal in a vicarious way and have dreams of grandeur that I might someday be able to understand it. At least you have my financial support. I apologize for such an ego centered letter but it is the topic I know best. All good luck to your effort."
-- Name Withheld by Request
[Ed: I appreciate your letter enormously. It too has been my dream that Cryptosystems Journal could be of such a tutorial nature that I could teach all of the central crypto concepts, without assuming any previous knowledge in the field (particulary to someone who was eager to learn what has historically been a very esoteric field). It has become clear to me recently that I needed to do more -- that I was not doing enough in the pages of the Journal. Thus, your letter is very timely. I have expended extra effort, beginning with this issue, to explain the basics. I must confess that I too have found the mathematics to be the most difficult topic to this hobby. I have concluded that I have not achieved my tutorial goals because I have been spending too much time working on the programs which are included in each issue. It takes me a couple hundred hours (working in the evenings and on the weekends) to write, test, and debug the various programs. This has left me with only a few weekends to write the text of each issue. I have come to the conclusion that I might better serve Cryptosystems Journal readers were I to cut back next year to two issues per year (instead of three), but spend more time on the text and tutorial articles rather than spending most all of my time on the programs.]
Keep up the Good Work. I find Cryptosystems Journal to be 'absolutely fascinating'..."
-- Hugh Roberts, Colorado
[Ed: I thank you very much for your excellent suggestion. Based on your suggestion I had itended to include on diskette number 2 a copy of the text from all three issues in Volume 1. However, as you can see I simply ran out of room, and I did not have room to include the file for even a single issue. It turns out that the three issues occupy almost an entire 360KB diskette. However, I extend this offer to all readers: if you send me a blank formatted DS/DD 360KB diskette with a self-addressed and stamped diskette mailer or envelope I'll be happy to provide an ASCII copy of all three issues of Volume 1. I hope that when you send in your diskette that you'll also include a note with suggestions, comments, questions, topics for future issues, encouragement, etc.]
-- A Further Explanation and Methodology for the HILL System;
-- Similar Ideas for the R.S.A. Cryptosystem.
Some suggestions for future Book Reviews might be any or all of the following:
An Introduction to Cryptology
Henk C. A. Van Tilborg
Kluwer Academic Publishers. 1988.
Military Cryptanalysis: Parts I and II
L. D. Callimahos and W. F. Friedman
Aegean Park Press Cryptographic Series
Numbers 42-45.
Communication Theory of Secrecy Systems
C. E. Shannon
Bell System Technical Journal
Volume 28 October 1949 pages 656-715.
Special Section on Cryptology
Edited by Gustavus J. Simmons
Proceedings of the I.E.E.E. May 1988
pages 515-518, 533-627.
Again, you have done an excellent job; keep it up. It is my intention to continue my subscription."
-- Herbert M. Baruch, Jr., California
[Ed: Thank you very much for your letter and your suggestions. I would like to present an issue (including a working program) on the RSA cryptosystem. However, I believe there are patent licensing issues which would prevent me from doing so. In fact, the patent holders have even been active in keeping free public domain versions off of bulletin boards. The RSA Cryptosystem is protected under U.S. Patent Number 4,405,829 which was issued on 20-SEP-93. This patent is valid for a period of 17 years (through 19-SEP-2000). The patent is 20 pages long. Although the purpose of the patent system is to enhance science by disclosing to the public the technology of inventions, the 17 year period of exclusive rights appears to prevent even public domain versions unless licensed from the patent holders. While I'm on the subject of patents, I'd like to mention two others:
1,845,947 16-FEB-32 Weisner & Hill "Message Protector" This invention is a mechanical embodiment of the Hill encryption method.
4,037,093 19-JUL-77 Gregg et al "Matrix Multiplier in GF(2**m). This invention is electronics hardware for multiplying two elements in a Galois Field GF(2**m). It is also pointed out that this technique applies to matrix multiplication in GF(2**m).
If you would like a more complete list of cryptographic patents, I recommend:
United States Cryptographic Patents (1861-1981) by Jack Levine, and published by Cryptologia, Rose-Hulman Institute of Technology, Terre Haute, IN 47803. This 69 page book has page after page containing:
-- patent numbers
-- inventor's names
-- dates issued
-- titles of the patents
Beginning in this issue, I will be going into more details (with worked-through examples) of the underlying mathematics and computer science involved in HILL's and COOPER's algorithms.
I thank you for your list of additional books/articles to review. I would like to encourage any reader to submit such reviews for possible inclusion in future issues. As I've said before, I don't want to do all the learning!]
And, I would like to see some material on random number generators and particularly their testing. Kahn's book The Codebreakers indicates that Random Numbers were generated by the KGB by typists hitting keys at random. Tests show these numbers to NOT be truly random but also NOT insecure! Crypto AG has (or had) machines which made Random Number tapes from the decay of radioactive material as well as electrically noisy devices (a diode or transistor?). During the war, Random Numbers were generated by IBM punch card equipment. Linear feedback registers have been shown to be not good."
-- William Adams, Virginia
[Ed: This issue will accomplish many of those things you ask for. This issue includes eight programs in Turbo Pascal version 5.0. This issue includes the RANDTEST.PAS program to test random number generators. The next issue will cover the topic of random number generators. My primary concern is that improperly chosen random number generators may be the primary weakness which can be exploited by a cryptanalyst. I think you'll see some short APL programs next year. I agree that APL is well suited to the programming of mathematically-oriented cryptosystems (especiallythose using matrices and vectors such as HILL/COOPER). I am aware of the following book which deals exclusively with cryptography and APL:
The Standard Data Encryption Algorithm by Harry Katzan, Jr and published by Petrocelli (New York) and published in 1977. Although this book deals almost exclusively with DES, it does have a few pages (32-36) on a classical Hill implementation (including one page of APL). This book has a large amount of APL for implementing DES and includes detailed analysis and bitwise walk-through.]
-- Richard Colvard, California
[ed: I did have a lot of fun doing the Ada programming, and I'm glad the Ada programs expanded (by one) the number of languages you would consider for doing real work. Unfortunately, I still find the PC a little small for a language as big as Ada (and I suspect for serious AI). Oh well, we'll just have to wait until the Compaq 80486 machine comes out in 1990(?) ... ]
-- David Dodd, Pennsylvania
[ed: Thanks, I hope that the journal will serve as a springboard for further research and education in areas which you find interesting. Obviously, due to space (and time) constraints, I can only point you in the right direction. Therefore, I too find these sections particularly important. If any of you can recommend other sources of information which you think the other readers would find interesting, please drop me a note -- or better yet, send in a review!]
-- Hugh Roberts, Colorado
[ed: Yes, I have a 80287 running at 10 MHz, but it is not used in the Hill program. In fact, since the math coprocessor is optimized for real (floating point) arithmetic, I am not aware of any crypto software which uses the coprocessor. However, this will change when I publish Volume 2 Number 2 (AUG 1989) which will use the COMP integer data type which is supported by the math coprocessors. The COMP type is an 8 byte INTEGER comprised of one sign bit and 63 "data" bits. Therefore, the integer range of the COMP data type is approximately -9223372037000000000 to +9223372037000000000. The only other integer data type which the 80x87 math coprocessor family supports is packed decimal arithmetic. This is a 10 Byte data-type (80 bits) which supports a range of -999999999999999999 to +999999999999999999. Both data types are considered to contain 18 significant decimal digits. Real number arithmetic is not used for cryptographic purposes because real numbers are only an approximation for most numbers - and information (and precision) can be easily "lost" when manipulating real numbers. For more information concerning math coprocessors, see the Sources section.]
-- Bill Whitcraft, Massachusetts
[ed: Concerning Kahn's book, a look in Books in Print at the local library showed the following entry:
The Codebreakers by David Kahn, 1967, $39.95, ISBN 0-02-560460-0, published by Macmillan.
Therefore, it appears that the complete 1162 page hardbound is still available (although at a somewhat higher price than the $25.00 I paid in 1980). Concerning suppression of information by the government, I recommend The Puzzle Palace by Bamford (see the Sources section) which states that the NSA requested that 3 paragraphs be removed from The Codebreakers -- and then Bamford tells what they were.]
-- Ken Madl, Colorado
[ed: I really appreciate your help. In particular, Ken helped with the new LINE.PAS function which performs line-at-a-time comparisons of two files. This goes beyond the byte-at-a-time comparison which was previously extant. The request for participation has been answered/accepted by several other readers, and I appreciate the help and encouragement -- I do not want to do all the learning! If anyone else is interested in participating, it's not too late, just drop me a note...]
-- John Brewer, Hawaii
[ed: You are absolutely correct. You have elegantly stated the point that I was trying to get across on page 10 of Volume 1 Number 1. As keys contain more and more bits, they account for larger portions of the stream of bits output from a random number generator. Also, although a key may contain 100000 or more bits, if the random number generator which generates the bits is "randomized" with only a 16-bit seed, then the cryptanalyst need really try only 2**16 possible keys (rather than 2**100000). It therefore becomes vitally important, that you not rely on the random number generator which is built into a compiler. You must strengthen the built-in random number generator. Future issues of Cryptosystems Journal will cover the testing and generation of strong random number generators.]
-- Rudolph Lauer, Maryland, Author of "Computer Simulation of Classical Substitution Cryptographic Systems"
[ed: You were not the only one to note my having accidentally left these out. This issue's Sources section, contains the citations. More importantly, the text of the three articles (Hill wrote two articles) are in electronic form on the diskettes containing my free public-domain cryptosystems. The articles were reproduced with permission of the publishers.]
-- John Peter Taylor, Virginia
[ed: A sample of the technique I was referring to is actually part of my public-domain HILL program (in Turbo C). When you choose the "Generate A Key" function, the message "Type various characters on the keyboard in order to get more randomness..." appears. If you type characters at this point, they echo back as asterisks. It is possible for you to enter up to approximately 1000 characters (when utilizing the larger sized matrices). These keypresses are entirely optional; if you do nothing, the program just uses its regular random number generator. What my HILL program does is not too sophisticated, but it should give you some ideas of what is possible. My Hill program uses the 7-bits of the ASCII letter which is input as additional non-linear data. It also calls the randomize function every time you press a key. A stronger method would force the use of the keyboard, starting at the beginning of the key generation. Also, a stronger method would time the number of microseconds between keypresses, and use this as a piece of somewhat random data. Of course, this process of keypresses happens only once. After the key pair is generated, the key pair must be sent to the person with whom you are communicating. Since both encryption and decryption keys are generated at the same time, only one person needs to go through this process of entering keystrokes.]
-- William Adams, Virginia
[Ed: The issue is not so much my not wanting to do bit manipulations, but the realization that the PC is better suited for other types of manipulations. There is much to be learned in optimizing a cryptosystem to a particular type of hardware, in this case the PC. I enjoy letting the PC do several hundred million arithmetic calculations to generate a key (this might take about an an hour). However, there is not much we can do in terms of making bit transpositions and bit substitutions more efficient. These are, indeed, tedious to program. I believe that the future will show that the really strong cryptosystems are based not on moving bits around (like DES), but on the application of number theory to cryptology (e.g. COOPER, HILL, and the RSA Public- Key Cryptosystem). I am pleased that you find my programs educational -- this was my goal. I do advise you to change one or more aspects of my programs before using them for "applications" because using a "standard" cryptosystem invites easier cryptanalysis. You are correct that "considerable information is included in the characters". That is the reason why my programs randomize the eighth bit of ASCII text. My programs also split the characters into two halves (nybbles) prior to processing, and then add additional random bits to each half.]
The "features" you pointed out in my CRYPT program should really be called limitations, because that's what they are. These limitations will all be elimitated in my version 3.
In a recent phone conversation you told me you try to shy away from product ciphers, preferring other mathematical algorithms. If a Master's degree in Mathematics is needed to understand an algorithm, then only those with a Master's Degree in Math who have thoroughly studied the algorithm should use it."
-- Mario Maniscalco, Ohio, Author of the CRYPT program which was reviewed in the last issue.
[Ed: You raise three points:
First, while encrypting a disk-based file is occasionally useful (for example a one-way encryption of a password file on a multi-user system), the real purpose of cryptography is secure communications over unsecure channels. Therefore, we encrypt a disk file prior to sending the ciphertext out over the modem. For example, in the case of 2 PCs communicating (for example across a continent), each can have key files stored permanently on their hard disks. Therefore, keys need not be removable.
Second, I look forward to receiving version 3 of CRYPT, and will provide a review of it. I commend you for continuing to enhance your program.
Third, and really interesting, is that, although occasionally the terminology can appear "advanced" (for example, "Galois Field"), the mathematics which underlie cryptology all boil down to High School-level algebra and mathematics (the only mathematics classes I took in college were two semesters of Business-related Calculus). My Master's degree is in Computer Science. If you are comfortable with (or are willing to learn) integer arithmetic, matrices, vectors, and polynomials, you have all of the basic understanding to "dig into" the computerized manipulations of the math concepts.]
-- Dick Mesirov -- Pennsylvania
-- John Taylor -- Virginia
-- William Whitcraft -- Maine
-- Kenneth Madl -- Colorado
-- Dr. Richard Spillman -- Washington
-- David Dodd -- Pennsylvania
Next Page ("Download Cryptosystem Programs")
Copyright © 1996 Cryptosystems Journal.
Most recent update on 5-OCT-96.