Cryptography-Digest Digest #569, Volume #12 Wed, 30 Aug 00 01:13:00 EDT
Contents:
Re: Patent, Patent is a nightmare, all software patent shuld not be allowed (qun
ying)
Re: Serious PGP v5 & v6 bug! ("Nathan Williams")
Re: The DeCSS ruling (Eric Smith)
Re: The DeCSS ruling (Roger Schlafly)
Re: Future computing power (David A Molnar)
Re: Future computing power (David A Molnar)
Re: Best way! (Eric Smith)
Re: Destruction of CDs (Eric Smith)
Re: PRNG Test Theory ("Trevor L. Jackson, III")
Re: The DeCSS ruling (David A. Wagner)
Re: "Warn when encrypting to keys with an ADK" (Philip Stromer)
Re: Patent, Patent is a nightmare, all software patent shuld not be allowed (John
Savard)
Re: Best way! (Edward A. Falk)
Re: 4096 BIT RSA Key ([EMAIL PROTECTED])
Re: Bytes, octets, chars, and characters (Brian Inglis)
----------------------------------------------------------------------------
From: qun ying <[EMAIL PROTECTED]>
Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be allowed
Date: Wed, 30 Aug 2000 02:03:24 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> I wonder in the case in question how much is actually
> 'disclosed' in the text that one can read on the web page
> cited. Are there more texts about that patent that one
> can read? Or are these texts inaccessible to the public?
> Since the patent apparently has the potential of attacking
> at the very root of PK applications, if I don't err, we
> should pay due attention to the issue, I suppose.
>
> M. K. Shen
> ------------------------
> http://home.t-online.de/home/mok-kong.shen
The actual patent is not much more than you can see from the web, just
a few more diagrams. I get the impression that it is some kind of
hotmail services with PKI system. But I don't think that will qualify
for the patent. The company also selling products based on the patent.
the company's address:
http://www.tumbleweed.com/
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Nathan Williams" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 & v6 bug!
Date: Wed, 30 Aug 2000 02:17:45 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
No it doesn't. Reread my post Shawn. The "master" KEY is SPLIT!!!
No one person could decrypt and use the stored keys.
"Shawn Willden" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> No, this solution is far worse than the ADK solution. This
> solution gives someone else control of your private key, meaning
> they can
> impersonate you. This scenario allows a tie-dyed, sockless,
> ponytailed, late-to-work-every-day geek who hasn't been fired yet
> only because HR isn't sure they could find a replacement in this
> unbelievably tight technical-labor market to impersonate the CEO;
> not a good idea.
>
> [Nothing against tie-dye, ponytails, Tevas or going to work late,
> BTW; I fit that profile whenever possible.]
>
> Really, there is no weakness created by an ADK in a proper
> implementation. The only "badness" about ADKs in general is that
> they create yet another opportunity for making mistakes. But then
> *any* key escrow solution creates another opportunity for error.
> IMO, ADKs are a reasonable solution, as long as they are properly
> authenticated (part of the signed public key package).
>
Shawn.
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.5.8
iQA/AwUBOaxugd8G10zX/RREEQJdJACferMr1c1UW2brQ0Sflf39Iyb2Bw8AoPRl
WNRGF+eeSyEbIE3nPLY4jdPO
=T15t
=====END PGP SIGNATURE=====
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Subject: Re: The DeCSS ruling
Date: 29 Aug 2000 19:20:36 -0700
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
> Does a security system that publishes the cipher key count as copy
> protection? Calling it copy protection does not make it copy protection.
US Code, Title 17, Chapter 12, Section 1201 (b)(2)(B) sets the legal
standard:
a technological measure `effectively protects a right
of a copyright owner under this title' if the measure, in the
ordinary course of its operation, prevents, restricts, or
otherwise limits the exercise of a right of a copyright owner
under this title.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: The DeCSS ruling
Date: Tue, 29 Aug 2000 19:27:32 -0700
Eric Smith wrote:
> US Code, Title 17, Chapter 12, Section 1201 (b)(2)(B) sets the legal
> standard:
> a technological measure `effectively protects a right
> of a copyright owner under this title' if the measure, in the
> ordinary course of its operation, prevents, restricts, or
> otherwise limits the exercise of a right of a copyright owner
> under this title.
The word "effectively" is the interesting one. The whole purpose
is to give legal protection to broken schemes. The unbroken schemes
do not need protection.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Future computing power
Date: 30 Aug 2000 02:16:56 GMT
John Myre <[EMAIL PROTECTED]> wrote:
> David A Molnar wrote:
> <snip>
>> Suddenly I have a vision of Furbies chattering keys in their sleep.
>> Sort of like the Chinese Lottery, but without the set top boxes.
> And the children's talk provides the entropy to randomize the
> search so we don't need central coordination.
yes. the right answer, once found, simply becomes part of the Furby
song and propagates from Furby to Furby, until they're all chanting the
correct secret key.
Like the ending of _Childhood's End_...
(hey, maybe that's what the Overlords were *really* after)
-david
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Future computing power
Date: 30 Aug 2000 02:24:28 GMT
Ichinin <[EMAIL PROTECTED]> wrote:
> Actually, i have never laughed out loud when reading
> Sci.crypt, but this is one exception :o)
> Really, my question was serious. 65xx/80xx processors
> are easy to program, and is the only asm language i
> have experience with. (As well as the C64 kernel)
Seriously, lots of cheap processors sounds like a good idea. The real
questions seem to be
a) what are you going after?
- block cipher brute forcing, small key (56-64 bits)
- block cipher, something more sophisticated
- some kind of other algorithm (elliptic curve
distinguished point finding?)
in particular, how much coordination between units do you need?
b) how many ops/time unit can you get out of each processor?
c) what's the failure rate? and where are the chips?
what's the power consumption?
d) how much *fun* will you have doing it? :-)
I think we need to pick a target problem, and then we can see if using
65xx/80xx to solve the problem makes sense given the other options
(such as walking into the local computer lab with an innocuous-looking
URL...)
-David
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Subject: Re: Best way!
Date: 29 Aug 2000 19:35:59 -0700
"Big Boy Barry" <[EMAIL PROTECTED]> writes:
> What is the best way to send encrypted email.
Using what criterion for "best"? For some criteria, a one-time pad
is best. For others, it's not.
> Encrypted email that cannot be cracked by any means.
A one-time pad is the ONLY thing that meets this criterion. And only
in theory. In practice there's too much chance for the pad to be
compromised, and it's generally never possible to prove that it hasn't
been.
So basically if you need a way to send a secure message that can never
be cracked by any means, you're just SOL.
Cryptography mostly isn't about perfect security, it's about "good enough"
security, for various values of "good enough" as determined by the
value of the information to be secured, and the cost of failure to do
so.
> I know for sure that PGP is not secure.
Hmmm. In the past, people have known for sure that the world is flat,
the heavier-than-air craft can't fly, and many other such "facts".
In another posting he adds:
> I have read several articles outlining that the government can crack PGP.
> There is no way in denying that. Even if it was rumors, I wouldnt want to
> base all my encryption on rumors. So I am better of using other means of
> encryption other than PGP.
So if someone did offer you a "best way to send encrypted email", why
shouldn't you think that the government can crack that too? As long as
you're willing to believe rumors, I may as well tell you that the
government can crack *all* cryptosystems.
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Subject: Re: Destruction of CDs
Date: 29 Aug 2000 19:39:59 -0700
Thomas W. Barr wrote:
> I, for one, would use a CD-RW for my one-time-pads and then go through
> an erase cycle, write 650mb of junk data (make sure you overwrite the
> FAT), and erase that. This would remove ALL remnants of data that could
> be left behind in the walls of the tracks.
[EMAIL PROTECTED] (Guy Macon) writes:
> It bwould be cheaper and more secure to use a CR-R and burn it
> (I mean in a fire pit, not a drive!) afterwards.
Better yet, use the CD-RW, erase it multiple times, then physically
destroy it.
------------------------------
Date: Tue, 29 Aug 2000 22:51:37 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: PRNG Test Theory
Tim Tyler wrote:
> Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
>
> [can tests produce randomness?]
>
> : The answer is clearly no for finite rejection tests. Consider that a set of
> : tests that deals only with the most recent N bits of output must enter a cycle
> : with length < 2^N.
>
> : For rejection systems that deal with all of the output (finite in each
> : instance, but ever-increasing), but have a description of "random" of
> : finite size must also enter a cycle (*) because a finite description of
> : "random" permits only a finite criteria for choosing the next bit. The
> : N-bit definition of "random" provides only 2^N fitness values. [...]
>
> : I have not spent the time to prove that the increasing collision frequency
> : actually forces a cycle, but I believe this can be shown.
>
> Hmm.
>
> Imagine a very bad RNG test, that likes output that goes:
>
> 101100111000111100001111100000111111000000...etc.
>
>
> Since we're already assuming that the system can store and process the
> history so far, I presume it can also keep track of a simple counter -
> of the type that's needed to produce the above sequence.
>
> This sequence is non-periodic - yet there appears to be no serious
> problem generating it with an algorithm - since we're already assuming
> we have access to an unbounded memory.
Are we assuming that? I don't think I was. The suggestion was that a finite window
or a finite criteria lead to cycles. The example you gave needs an infinitely wide
counter (log of Aleph-1 was Aleph-1 last time I looked ;-)
An infinite criteria leads to run-time problems: you never finish loading the
program.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: The DeCSS ruling
Date: 29 Aug 2000 19:57:06 -0700
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> Does a security system that publishes the cipher key count as copy
> protection? Calling it copy protection does not make it copy protection.
You haven't given enough information to answer your question.
The system has to be used to protect copyrighted works,
if it is to receive special protection under the DMCA.
It has to do so with the authority of the copyright holder.
And so on.
This is off-topic for sci.crypt, so I won't say any more.
Read the law carefully for yourself.
------------------------------
From: Philip Stromer <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: "Warn when encrypting to keys with an ADK"
Date: Wed, 30 Aug 2000 03:05:43 GMT
In article <8o5n05$kiv$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
If I'm using PGP 6.5.3, and I have the box checked under Options,
Advanced, Warn when encrypting to keys with an ADK, am I protected
without applying the Hotfix? If not, why not, in lay language, please!
I'm confused as all heck by this announcement. PGP seemed at first to
say "yes, there is a serious bug," but now they seem to be saying "it's
not such a big deal, after all."
Thanks in advance.
--
Philip Stromer, Esq.
San Jose, CA
Send me email at [EMAIL PROTECTED]
(delete big cat spam avoider).
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be allowed
Date: Wed, 30 Aug 2000 03:40:03 GMT
On Tue, 29 Aug 2000 22:01:10 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote,
in part:
>Well, either the improvement is worthy of the cost of a license or it
>is not. If not, one can continue to use the previous work. If the
>new work is that much better, one can license it.
Don't worry, I'm not going to ask you to explain, in detail, the
concept of 'patent interference'. I think that does, however, answer
some of the concerns raised by the previous poster - where someone,
instead of patenting a genuine improvement on something someone else
has patented, attempts to patent trivial additions to it so as to
prevent it from being used.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Edward A. Falk)
Subject: Re: Best way!
Date: 30 Aug 2000 04:20:15 GMT
In article <7zEp5.19300$[EMAIL PROTECTED]>,
Big Boy Barry <[EMAIL PROTECTED]> wrote:
>Hello,
>
> What is the best way to send encrypted email. Encrypted email that
>cannot be cracked by any means. I know for sure that PGP is not secure. So
>please give me the best way to send encrypted email. Thank you.
There are alternatives. Pgp 2.6.2 is secure. GnuPG is probably
secure. Heck PGP 5,6 is still secure (the ADK bug was caught in
time.)
If you want *absolute* security, find a good source of random
numbers and implement a one-time pad. However, you'll probably
find that key management is a nightmare. If your "absolute" security
is too impractical to use reliably, then it's no longer absolutely
secure.
If you won't/can't implement a one-time pad, then get twofish and
start using private-key cryptography. That's probably as secure
as you can get, but there are still key-management issues.
> I have read several articles outlining that the government can crack PGP.
> There is no way in denying that.
Well, to the extent that it's very difficult to prove a negative,
you're right; there's no way to absolutely prove that the government
can't (easily) crack PGP. For that matter, there's no way to prove
that the government hasn't assigned a spy sattelite to hover
continuously over your house.
However, AFAIK, there is absolutely no *positive* evidence
that the government can crack PGP.
This needs to be reposted from time to time:
For the record, the number of times an allegation of a back
door [in PGP] has been made in this newsgroup is about
eleventy-zillion. The total amount of evidence produced to
back it up is Zip-Squat (sorry about the mathematical jargon,
there).
-- Andrew Spring
--
-ed falk, [EMAIL PROTECTED] See *********************#*************#*
http://www.rahul.net/falk/whatToDo.html #**************F******!******!*!!****
and read 12 Simple Things You Can Do ******!***************************#**
to Save the Internet **#******#*********!**WW*W**WW****
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: 4096 BIT RSA Key
Date: Wed, 30 Aug 2000 04:28:46 GMT
[EMAIL PROTECTED] wrote:
> 1. Slows down all operations involving your key
> 2. Takes up too much space in messages that involve your key
> 3. obviously doesn't work with versions of PGP
> [4. Shows you have no clue about cryptography.]
Of these, maybe 3 is a good objection. 1 is mitigated by the
relatively few operations most people do, and 2 isn't applicable if
all the messages are long.
The real issue with huge RSA keys in pgp is the tendancy to make them
so much stronger than the underlying block cipher. Once you've passed
the point where guessing the session key is less work than factoring
the RSA key, you may as well stop making that bigger. ;)
On a personal note, though, I admit I tend to "oversize" keys which
can be used for signatures a bit, if not that much.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: Brian Inglis <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c,alt.folklore.computers
Subject: Re: Bytes, octets, chars, and characters
Date: Tue, 29 Aug 2000 23:08:44 -0600
Reply-To: [EMAIL PROTECTED]
On Mon, 28 Aug 2000 11:06:24 GMT, Johnny Billquist
<[EMAIL PROTECTED]> wrote:
>David Thompson wrote:
>>
>> John Savard <[EMAIL PROTECTED]> wrote :
>> ...
>> > However, in the past, it had been customary to refer to a six-bit area
>> > in a computer's memory, where such an area was the span of memory
>> > occupied by a character of a text, as a character.
>> >
>> Not necessarily six bits. It is usual to refer to the storage for one
>> (fixed-length) character code as a character, yes, of course,
>> and six bits is enough for one (Roman) alphabet, (decimal) digits,
>> and modest punctuation and specials (e.g. BCDIC).
>
>Yup.
>
>> > The term byte did not come into general use until computers stored
>> > characters in 8-bit areas.
>> >
>> I don't think so. The PDP-8 had 6-bit bytes (often but
>> not always used for characters) by 1966, which is
>> close to the first S/360, which AFAIK was the first
>> *widespread* machine using and addressing an 8-bit byte.
>
>The PDP-8 didn't. I thought we had already covered this.
>The PDP-8 have nothing but word handling in hardware until
>the PDP-8/E, which came 1971 and had the BSW instruction, which
>is 6-bit oriented, and coule be argued as a sign that the PDP-8
>regarded bytes as 6 bits.
>(I think the connection between BSW and 6-bit bytes is strenous
>at best, but before BSW you will not find anything in the hardware).
>
>> The PDP-10 (and -6?) at very nearly the same time,
>> as others have already said, had variable bytes,
>> most commonly 6, 7, 9.
>
>Yes. And on the PDP-10 atleast, the term byte does exist in the hardware,
>and you have different insturctions that handles bytes.
>And the PDP-10 was before the 8/E, and if the PDP-6 also have the
>byte instructions, then we're back to about 1965.
>
>> ASCII is not an international standard, although there are several
>> for character codes based on and intentionally similar to ASCII.
>
>I think there is some ISO standard which matches ASCII, but I have
>no idea what it is called.
>
> Johnny
ISO-646
Thanks. Take care, Brian Inglis Calgary, Alberta, Canada
--
[EMAIL PROTECTED] (Brian dot Inglis at SystematicSw dot ab dot ca)
use address above to reply
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
