Cryptography-Digest Digest #478, Volume #10 Sun, 31 Oct 99 17:13:04 EST
Contents:
Re: Bruce Schneier's Crypto Comments on Slashdot ("Douglas A. Gwyn")
Re: Bruce Schneier's Crypto Comments on Slashdot
Re: MBR / FAT encryption
Re: Symetric cipher ("collomb")
Re: Build your own one-on-one compressor (Mok-Kong Shen)
Re: the ACM full of Dolts? (Mok-Kong Shen)
Re: Bruce Schneier's Crypto Comments on Slashdot ("Rick Braddam")
Re: Build your own one-on-one compressor (SCOTT19U.ZIP_GUY)
Re: Compression: A ? for David Scott (SCOTT19U.ZIP_GUY)
Re: Disk wiping code or utility ([EMAIL PROTECTED])
Re: Compression: A ? for David Scott (Tim Tyler)
The story of F16 fighter planes ... (Markku J. Saarelainen)
Re: Symetric cipher ("Douglas A. Gwyn")
Doesn't Bruce Schneier practice what he preaches? (Roman E. Liky)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Bruce Schneier's Crypto Comments on Slashdot
Date: Sun, 31 Oct 1999 06:06:27 GMT
Matt Curtin wrote:
> This is silly. There's no such thing as "highly classified". It's
> either classified or not. If it's more secretive than "classified",
> it's got to be "secret" or "top secret".
The current US classification levels are CONFIDENTIAL, SECRET, and
TOP SECRET. Information that has been assigned *any* of those labels
is "classified". Presumably, "highly classified" would mean TS and
maybe S, but not C. Anyway, as you went on to say, it wasn't the
nature of the encryption algorithm that disqualified it for high-grade
use.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Bruce Schneier's Crypto Comments on Slashdot
Date: 31 Oct 99 07:05:31 GMT
Tim Tyler ([EMAIL PROTECTED]) wrote:
: "A factor of a square root"? A square root of *what*?!??
: Not *time* certainly - as this is unit-dependant:
: sqrt(100) = 10, but sqrt(1) = 1 ...!
: I hesitate to suggest it, but could the author have had no idea what they
: were talking about? ;-)
Since a quantum computer and a non-quantum computer are two different
computers, there is no problem here.
If solving a problem for one possible value takes the ordinary computer X
seconds, and the quantum computer Y seconds (which will probably be
larger), then the claim is that solving it for N values
will take the ordinary computer NX seconds,
and the quantum computer sqrt(N)Y seconds.
Since N is dimensionless, and X and Y are not subjected to a square root,
there is no problem. Basically, when we talk about problems taking O(n)
time or O(sqrt(n)) time to solve, because constant scaling factors are
ignored, units are normally not a problem.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: MBR / FAT encryption
Date: 31 Oct 99 06:59:29 GMT
Ran ([EMAIL PROTECTED]) wrote:
: I would like to know if there is any program which will encrypt my mbr and
: fats and ask me for a password on every boot.
: What do you think about usefullness of such a program and how well it will
: secury the disk context?
Note that it is not impossible to encrypt the MBR; one simply sets the
active partition to be a partition with an unencrypted MBR that contains
the program that asks for a password.
Sort of like Boot Manager from OS/2, it then passes you along to the
operating system of your choice, after decrypting the MBR of the partition
it is on.
John Savard
------------------------------
From: "collomb" <[EMAIL PROTECTED]>
Subject: Re: Symetric cipher
Date: 31 Oct 1999 07:56:28 GMT
Hello
You will be maybe interested with my website :
http://calvaweb.calvacom.fr/collomb/
Best regards
[EMAIL PROTECTED]
Emmanuel Drouet <[EMAIL PROTECTED]> a écrit dans l'article
<[EMAIL PROTECTED]>...
> Hello !
>
> Please, could you give me informations about several cryptosystems :
> Blowfish, CAST5 and SAFER
>
> (what is their level security, which is the fastest, are they sensible
> to specific attaks...)
> - to resume, what are their caracteristics...
> - what do you think about them,
> - should I use CAST5/SAFER or CAST256/SAFER+ which are more recent ?
>
> Thanks, manu :o)
>
>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: Build your own one-on-one compressor
Date: Sun, 31 Oct 1999 09:32:49 +0100
SCOTT19U.ZIP_GUY wrote:
>
> >SCOTT19U.ZIP_GUY wrote:
> >>
> >> Mok for his example if you changed the entry so that it did not appear
> >> in the dictionary. THen on decompression using his method that part
> >> of code would remain unchanged so there is no problem. It is still
> >> 1-1.
> >
> >But this unchanged part, now on the source side, can by chance combine
> >with some symbols preceeding it to form a valid larger entry in the
> >dictionary and thus leads to something different when one applies
> >compression again. This means 1-1 is not fulfilled unless the
> >dictionary satisfies some special conditions, which I don't know
> >yet how to formulate at all.
> >
>
> Show me?
I meant this:
Side1 Side 2
ABCD HG
ABCDHN UK
XYZ PQ
Now XYZABCDABCD goes to PQHGHG. But the modified PQHGHN comes back
as XYZABCDHN and this goes to XYZUK. Or do I miss something?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: the ACM full of Dolts?
Date: Sun, 31 Oct 1999 09:33:12 +0100
SCOTT19U.ZIP_GUY wrote:
>
> Why add anything extra to the plaintext when it clearly is not needed?
Well, I think that practical considerations may justify that.
Consider the two cases:
(1) Add no length information. Use your modification of Huffman.
(2) Add length information. Use adaptive Huffman.
The first case employs something that is not yet in wide-spread
use (and hence the user must study its correctness), while the
second is well-known technique. The second, as discussed previously,
adds some 'effective key' bits for encryption and that could be
advantageous.
M. K. Shen
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Subject: Re: Bruce Schneier's Crypto Comments on Slashdot
Date: Sun, 31 Oct 1999 03:40:19 -0500
Matt Curtin <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> >>>>> On Sat, 30 Oct 1999 12:20:08 GMT, [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
>said:
>
> SCOTT19U> The method also was never intended for highly classifed
> SCOTT19U> government data so one would never suspect that it should
> SCOTT19U> have been super secure.
>
> This is silly. There's no such thing as "highly classified". It's
> either classified or not. If it's more secretive than "classified",
> it's got to be "secret" or "top secret".
>
Sorry, classified just means that something has recieved a security classification,
such as Confidential, Secret, Top Secret, or
higher. Top Secret or higher is "highly classified". I seem to recall (perhaps
incorrectly) that DES, AES, and SkipJack/Clipper
were/are limited to UNclassified information only. There *is* a requirement for
encrypting (controlling access) to unclassified
information, since knowledge of day-to-day activities can expose details about
operations in progress.
Rick
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.compression
Subject: Re: Build your own one-on-one compressor
Date: Sun, 31 Oct 1999 11:38:54 GMT
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <[EMAIL PROTECTED]>
wrote:
>SCOTT19U.ZIP_GUY wrote:
>>
>> >SCOTT19U.ZIP_GUY wrote:
>> >>
>> >> Mok for his example if you changed the entry so that it did not appear
>> >> in the dictionary. THen on decompression using his method that part
>> >> of code would remain unchanged so there is no problem. It is still
>> >> 1-1.
>> >
>> >But this unchanged part, now on the source side, can by chance combine
>> >with some symbols preceeding it to form a valid larger entry in the
>> >dictionary and thus leads to something different when one applies
>> >compression again. This means 1-1 is not fulfilled unless the
>> >dictionary satisfies some special conditions, which I don't know
>> >yet how to formulate at all.
>> >
>>
>> Show me?
>
>I meant this:
>
> Side1 Side 2
> ABCD HG
> ABCDHN UK
If I understood Tims rules one of the above lines is wrong you can't
have an entry for ABCD and ABCDHN
> XYZ PQ
>
>Now XYZABCDABCD goes to PQHGHG. But the modified PQHGHN comes back
>as XYZABCDHN and this goes to XYZUK. Or do I miss something?
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Compression: A ? for David Scott
Date: Sun, 31 Oct 1999 11:53:49 GMT
In article <7vgj7r$lf9$[EMAIL PROTECTED]>, Clinton Begin <[EMAIL PROTECTED]> wrote:
>
>> You should have used h2unc.exe
>
>Hehe...I did. It must be as late for you as it is for me. :-)
>
>>Tell me the result when you use the correct program H2UNC.EXE
>
>Yep. It worked. Here are the results.
>
>10/30/99 05:53p 2,048 Random.tmp
>10/30/99 05:58p 2,094 RANDOM.H3
>10/30/99 11:00p 6,336 RANDOM.H2
>
>I don't even think I'm qualified to judge this, but you seem to be very
>smart and I think you have done a good job in proving your theory. You
>have won me over David. Sorry it took so long, but sometimes it takes
>unnaturally long to get things through my thick skull. ;-)
>
>Now for the good questions:
>
>1) If I wanted to implement this type of compression scheme, would it
>be safe and secure to just use the algorithm in H2COM/H2UNC? That is:
>C = E(H2COM(M)). I would like to avoid using multiple passes if
>possible (i.e. I don't want to use H1, H3 or REVERSE).
>
>2) When I implement it, how would you like your name displayed in the
>credits? ;-)
>
>Cheers,
>
> Clinton.
Well as I have stated in the begining what this is intended for is to be
used as compression when one compresses. Since it does not add in
information like other compressions. This does not mean that if the
encryption is very weak that a break still won't exist. It just means you
are not going out of the way to help the attacker. And yes I do
think C = E(H2COM(M)) would be better than C = E ( M) so go ahead
and use it. This is how I use it in my messages to my son. But then
I am using an "all or nothing encryption" know if your just encrypting
files can I talk you into 2 passes of "wrapped PCBC".
You can dsplay it as "David A. Scott" if you want more let me know
but that is more than enough for me. But an added line like he wanted
to work for the NSA but his English sucked or something like that would
be fine. Or even whatever is funny.
Also one point the code was witten as more of a demo than anything'
else and the speed could be clearly much faster than it is.
Thank You Mr Clinton
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Disk wiping code or utility
Date: Sun, 31 Oct 1999 10:51:32 GMT
Clinton Begin <[EMAIL PROTECTED]> wrote in
<7vaheo$i1n$[EMAIL PROTECTED]>:
>I know you folks aren't here to solve programming problems, but at
least
>this will give you something to talk about other than compression. ;-)
>
>Are there any generous developers out there who have code that they are
>willing to share that will securely wipe the free space on a disk?
This
>code must be compatible with Windows 9x+ and Windows NT4+.
>
>Otherwise, does anyone know of a good standalone utility that is good
>for doing this and is compatible with the above mentioned platforms?
There are loads of them!!
You may find this useful, it's a comparison between many of the
different
ones available:
http://www.fortunecity.com/skyscraper/true/882/Comparison_Shredders.htm
For one with source code available, you could take a look at PGPWipe's
and/or SecureTrayUtil, although it's not exactly difficult to write your
own...
--
Sarah Dean
[EMAIL PROTECTED]
http://www.fortunecity.com/skyscraper/true/882/
PGP Key at: http://www.fortunecity.com/skyscraper/true/882/PGP.htm
For information on ScramDisk and SecureTrayUtil, check:
http://www.fortunecity.com/skyscraper/true/882/ScramDisk.htm
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Compression: A ? for David Scott
Reply-To: [EMAIL PROTECTED]
Date: Sun, 31 Oct 1999 11:03:30 GMT
Tom <[EMAIL PROTECTED]> wrote:
: (SCOTT19U.ZIP_GUY) wrote:
:> By one to one I mean for any file X Compress( Decompress (X)) = X
:>while most only consider for any file Y Decompress( Compress (Y)) = Y
:>most only consider the second but with encryption you need to consider
:>both.
: That means that in some cases you'll be reducing patterns, and in
: other cases creating them.
Obviously. This is true for any compression program.
: Worse than that - this scheme makes the implementation of a chosen
: plaintext attack trivial, where using standard compression makes some
: forms of chosen plaintext attack completely impossible.
You seem to be lost. This assertion makes no sense at all.
: So the data may have patterns, isn't necessarily shorter, is in some
: cases more vulnerable to attack.
The one-on-one property is not manna from heaven. If your one-on-one
compressor leaves all input files unchanged then it may well be less
secure than a good o-o-o compressor - but so what? All the best
compressors at reducing file size are also one-on-one.
: In short, if you want to de-pattern the data before encryption, use
: encryption software, not compression software. If the compressor's
: job was to hide data, it'd be called a cipher.
After writing this perhaps you would like to explain why compression
before encryption is considered beneficial?
If you don't understand this point I can't see how you can usefully
contribute do a discussion about why some sorts of compression are
better applied before encryption than others.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Man who stands on toilet gets high on pot.
------------------------------
From: Markku J. Saarelainen <[EMAIL PROTECTED]>
Crossposted-To: soc.culture.greek,soc.culture.italian,soc.culture.spain
Subject: The story of F16 fighter planes ...
Date: Sun, 31 Oct 1999 15:21:33 GMT
I remember the time, when there was one prime minister who was
instrumental in making one society to purchase over-priced F16 fighter
planes. Not only that this person appeared to be the CIA agent, but also
the traitor. It is my opinion that these F16 fighter planes were totally
unnecessary purchases and billions were spent totally unnecessarily.
This appeared to be a move to get one society closer to the criminal
organization NATO, which is just used by many USA corporations as an
instrument to sell their hardware and software for those who think that
they can not defend themselves. These Harvard and Yale boys and girls
are trying to secure the USA economic security. It is my opinion that
NATO should be discontinued and all military purchases within the
European Union should be done from European military manufacturers
including the former Soviet Union. I remember the time, when I tried to
get a job from some of these F16 manufacturers or their submanufacturers
and these people were just telling that they do not need me. Think about
it.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Symetric cipher
Date: Sun, 31 Oct 1999 18:26:43 GMT
"Trevor Jackson, III" wrote:
> How sad.
How sad that NSA makes a special effort to avoid spying on US
citizens?? Maybe you should explain why you think that's "sad".
------------------------------
From: [EMAIL PROTECTED] (Roman E. Liky)
Crossposted-To: alt.security.scramdisk
Subject: Doesn't Bruce Schneier practice what he preaches?
Date: Sun, 31 Oct 1999 19:58:22 GMT
(Posted to alt.security.scramdisk and sci.crypt)
In the thread titled "What about Best Crypt" on alt.security.scramdisk,
John Kennedy <[EMAIL PROTECTED]> wrote:
>Yep, trust math not strangers. Trust open source that anybody,
>including experts, can find the holes in. If strong cryptography is
>real then there is no advantage to keeping your source secret and
>tremendous disadvantages.
>Here's an example, Counterpane Systems has a nice little freeware
>utility called Pasword Safe. http://www.counterpane.com/passsafe.html
>It reportedly uses the blowfish algorithm to encrypt your passwords. I
>think Countepane Systems has a fine reputation. Schneier has a fine
>reputation. I trust blowfish. I'd like to use the utility, but I won't
>because I don't see any open source for it. I believe these guys are
>honest and competent but I won't rely on that belief without open
>source. Why these folks would release a security system without open
>source is beyond me. I can't think of any reasons that are favorable
>to me.
>(If the source to this utility is in fact open and I've just missed
>it, then of course I apologize.)
If it's available, I sure couldn't find it! This is quite a shock. I
explored http://www.counterpane.com/passsafe.html and couldn't find any
source code. I downloaded and unzipped PS171.ZIP and couldn't find any
source code. And to think that only a month and a half ago in the September
fifteenth issue of Crypto-Gram, Bruce Schneier wrote this:
>Open Source Cryptography
>Cryptography has been espousing open source ideals for decades, although we
>call it "using public algorithms and protocols." The idea is simple:
>cryptography is hard to do right, and the only way to know if something was
>done right is to be able to examine it.
>This is vital in cryptography, because security has nothing to do with
>functionality. You can have two algorithms, one secure and the other
>insecure, and they both can work perfectly. They can encrypt and decrypt,
>they can be efficient and have a pretty user interface, they can never
>crash. The only way to tell good cryptography from bad cryptography is to
>have it examined.
(See the September 15, 1999 issue of Crypto-Gram for the rest.)
So what the Hell is going on here?
--
"Roman E. Liky" better known as [EMAIL PROTECTED]
01234 5 6789 <- Use this key to decode my email address.
Fun & Free - http://www.5X5poker.com/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
