Cryptography-Digest Digest #525, Volume #10 Mon, 8 Nov 99 12:13:03 EST
Contents:
Re: questions on smart cards (Daniel James)
Re: How protect HDisk against Customs when entering Great Britain (Dave Hazelwood)
RC4 Hardware implementation (Yusuf Motiwala)
Re: Lenstra on key sizes (Tom St Denis)
Re: Best Asymetric Key System? (Tom St Denis)
Re: Signals From Intelligent Space Aliens? Forget About It. (John Kennedy)
Re: Signals From Intelligent Space Aliens? Forget About It. (SCOTT19U.ZIP_GUY)
Re: U-Boat Enigma Machines
Re: Proposal: Inexpensive Method of "True Random Data" Generation
Re: Understanding Cryptograpy--Where to start? (Robert A. Trotter)
Re: Phraseology [U-Boat Enigma Machines]
Re: Proposal: Inexpensive Method of "True Random Data" Generation ("james d. hunter")
Re: Re: How protect HDisk against Customs when entering Great Britain (CoyoteRed)
Re: Proposal: Inexpensive Method of "True Random Data" Generation (Jim Carr)
Cryptography for Dummies ("M. Kohl")
----------------------------------------------------------------------------
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: questions on smart cards
Date: Mon, 08 Nov 1999 12:09:01 GMT
Reply-To: [EMAIL PROTECTED]
In article <7vvnmv$dut$[EMAIL PROTECTED]>, David Bernier wrote:
> I'd like to have some introductory Web references
> on smart cards.
>
There's a smartcard FAQ at http://www.scdk.com/atsfaq.htm which - apart
from giving a useful introduction to the technology - contains further
handy references.
Daniel.
------------------------------
From: [EMAIL PROTECTED] (Dave Hazelwood)
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,comp.security.pgp.tech,alt.privacy,alt.privacy.anon-server
Subject: Re: How protect HDisk against Customs when entering Great Britain
Date: Mon, 08 Nov 1999 08:48:08 GMT
The encryption part:
Create two partitions on your hard disk. One with your normal Windows
stuff, etc and a second which is a SCRAMDISK partition. Store your
encrypted private information in the SD partition. If you want you can
zero out the information in the boot record partition table for the
second partition (offset 1CE for 8 words) to make it "disappear" and
later restore it to bring it back. This will make your system appear
to have only one partition and it will work fine and appear normal
except for a block of random data (the sd partition) somewhere on
the disk.
The camoflauge part:
Write an int 13h handler that loads at boot time. This handler reads
the extents contained in the boot record partition table for the first
partition. These extents identify the starting and ending C/H/S
values for that partition. The int 13h handler passes through to the
bios any requests within the extent of the first partition so that
your windows o/s functions normally.
However, read requests for any C/H/S in the second partition (or
anywhere outside the first partition) are returned a dummy sector
equal to a newly formated sector (all x"FE" as I recall) so it looks
like the rest of the disk has not been used at all.
Read requests for the boot sector are returned the actual boot sector
but with the partition table entry for the second partition set so as
to indicate that it does not exist.
The net effect of this is that your system functions normally and it
appears to have only one partition with the rest of the disk never
having been used.
In the event they want to boot from diskette you have to fake it
so your handler still gets loaded. This means writing your own
bootstrap code which is not difficult really. Your bootstrap will
load your int 13h handler first and then load and execute the MBR
from the floppy. It will then seem like the system booted from the
floppy. Be sure and have your bios set to boot from the HD first!
If you really want to get nasty you can replace your HD boot record
with a program that "eats diskettes" upon boot. Set your bios boot
sequence so that the HD boots first and then your proggie can start
formatting random sectors on the A-drive! You can manage to do
this even if they have their diskette write protected too. Tell them
yeah you have been meaning to get that drive fixed. What a laugh huh?
Remember you get one phone call too ha ha.
pgp651 <[EMAIL PROTECTED]> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>I'm considering to be crossing border of Great Britain [ GB ] very soon on
>business & pleasure trip.
>My friend did tell me that GB is scanning in / out coming computers for some
>specific data / images / information. I'm privacy advocate & can not allow this
>invasion of privacy to occur to me & my possessions.
>I'm using PGP day in / day out but excluding PGPdisk. I'm protecting my files
>by PGP on folders or / and individual files routinely.
>
>I need now to implement more advance disk protection to protect myself when
>entering GB.
>- From my knowledge, we have 2 comparable products : PGPdisk & Scramdisk. Please
>provide advise which I should implement to achieve the best hide & camouflage
>results.
>
>The points of interest are:
>- - I do not like to create precedence at the border.
>- - Very possible, when Customs can not scan / read info, they may opt for
>detention / seizure & this will ruin my trip.
>- - The best will be to camouflage the encrypted disk / partition / folders and
>not to have encrypted disk / partition / folders readily visible / recognize by
>Customs Scan as ENCRYPTED.
>- - I need the appropriate balance between encrypt & camouflage.
>- - Where the camouflage should play more important role than encryption.
>- - I'm encrypting now my files but I'm not implementing camouflage technique.
>- - Should be applicable to HD, CD-rom, CD-RW, CD-R [ Iomega ZIP when possible ]
>
>With the above preferences what I should implement to protect my privacy ?
>Any other techniques should I use ?
>
>=======
>[EMAIL PROTECTED]
>PGP key at http://www.mit.edu:8001/finger?[EMAIL PROTECTED]
>
>-----BEGIN PGP SIGNATURE-----
>Version: N/A
>
>iQCVAwUBOCICjASqer1ykwjnAQFCRgQA0FQkyUvzenUGHnieGenQue+pQuNm/ZmJ
>UzOb2R84ViVEPSDOn7ivZR+1K3uBs3NuqUKGlIv+y0U3JxJInF2ops00hEToa/97
>avQkC0nQaEpFKWjESFqXoHMT3ZFtgPlMDRWelXANNlo4wUgYhQK9owXla9zuzYSA
>HHAipD+PTIg=
>=05Ws
>-----END PGP SIGNATURE-----
------------------------------
From: Yusuf Motiwala <[EMAIL PROTECTED]>
Subject: RC4 Hardware implementation
Date: Mon, 08 Nov 1999 17:56:48 +0530
Hi,
Are there any chips available for RC4 hardware implementation. ?
Regards,
Yusuf
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Lenstra on key sizes
Date: Mon, 08 Nov 1999 12:23:27 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> As my last sentence above indicated, the question is not about
> the relation of key length to strength, but about whether the
> supply and management of more (say, double) amount of key material
> could be a critical 'bottleneck', causing too much cost,
inconvenience,
> etc. etc., and I surmise that probably isn't one for symmetic ciphers.
Probably not, but then you have to worry about getting 'random bits'
for the keys. If you use a rng, that's fine, but if you use a hash to
make keys you may run into problems.
Also it looks foolish to state 'I use 448-bit blowfish keys, for added
security' when a 80-bit blowfish key would pratically be just as secure.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Best Asymetric Key System?
Date: Mon, 08 Nov 1999 12:26:54 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Doug Stell) wrote:
> On Sat, 6 Nov 1999 15:34:40 -0500, "Wynne Crisman"
> <[EMAIL PROTECTED]> wrote:
>
> >I'm currently building a app that requires message verification. I
am
> >already using TwoFish and SHA for generating encrypted message
digests, but
> >need to use an asymetric system to distribute the session key. Does
anyone
> >have suggestions as to which asymetric key system I should be using?
> >(Preferably one I can get the source to and use in a commercial app.)
>
> If you have to distribute, i.e., encrypt, symmetric keys, ElGamal is
> your best bet.
Why?
Is RSA any worse?
>
> If you can use a key agreement algorithm, I'd recommend the
> now-declassified Key Exchange Algorithm (KEA).
>
> doug
>
>
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: John Kennedy <[EMAIL PROTECTED]>
Crossposted-To: alt.military,talk.politics.misc,talk.politics.crypto
Subject: Re: Signals From Intelligent Space Aliens? Forget About It.
Date: Mon, 08 Nov 1999 07:27:31 -0500
On Sun, 07 Nov 1999 21:46:39 -0800, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote:
>Anthony Stephen Szopa wrote:
>
>> Signals From Intelligent Space Aliens? Forget About It.
>>
>> I believe the United States and the rest of the world will adopt a
>> universal communications transmission protocol as soon as the
>> technology becomes available to not only encrypt all communications
>> transmissions worldwide but to conceal these transmissions as nearly
>> as possible among the back ground radiation remnant of the big bang
>> in space or other terrestrial back ground noise.
>>
>> Quantum digital circuits should make this feasible.
>>
>> Let us not fool ourselves, the Earth is obviously the most import piece
>> of real estate in this solar system and possibly in this part of the
>> galaxy. It is just as obvious that to announce this fact to the rest of
>> the galaxy is quite stupid.
>>
>> National Security necessitates that we must assume that there are no
>> friendly space aliens.
>
>Sorry. I forgot to add my conclusion: Any space alien signals will not be
>recognized by us because of space alien security measures. We must assume
>they will not be fools.
>
>The question for us: Are we going to fools?
>
Well, clearly some of us are going to look foolish...
-
John Kennedy
The Wild Shall Wild Remain!
http://members.xoom.com/rational1/wild/
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: alt.military,talk.politics.misc,talk.politics.crypto
Subject: Re: Signals From Intelligent Space Aliens? Forget About It.
Date: Mon, 08 Nov 1999 14:36:34 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>Signals From Intelligent Space Aliens? Forget About It.
>
>I believe the United States and the rest of the world will adopt a
>universal communications transmission protocol as soon as the
>technology becomes available to not only encrypt all communications
>transmissions worldwide but to conceal these transmissions as nearly
>as possible among the back ground radiation remnant of the big bang
>in space or other terrestrial back ground noise.
>
>Quantum digital circuits should make this feasible.
>
>Let us not fool ourselves, the Earth is obviously the most import piece
>of real estate in this solar system and possibly in this part of the
>galaxy. It is just as obvious that to announce this fact to the rest of
>the galaxy is quite stupid.
>
>National Security necessitates that we must assume that there are no
>friendly space aliens.
Even if this was true it would be to late. Our TV and radio signals are
spreading through space at the speed of light. If aleains want to find so they
can. Also at 60 cycles becasue of power lines we us we are the bright
radiation source in the galaxy.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: talk.politics.crypto,talk.politics.misc
Subject: Re: U-Boat Enigma Machines
Date: 8 Nov 99 13:36:09 GMT
[EMAIL PROTECTED] wrote:
: Anthony Stephen Szopa ([EMAIL PROTECTED]) wrote:
: : I recorded an interesting program last week from a series (I guess)
: : called the Code Breakers. This recounts the program from memory.
: I believe I saw that same program quite some time ago.
: : It was decided to locate and attack a German
: : weather ship.
: What happened was that the weather messages were sent out to all the
: ships, including those that only had 3-rotor Enigmas.
I was mistaken, though, in thinking that what you said didn't happen. That
was how the British were able to read messages for the months of May and
June in 1941, until they got more bombes, and it gave them the insight
into the messages they needed to have cribs for later attack.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: 8 Nov 99 13:40:11 GMT
john baez ([EMAIL PROTECTED]) wrote:
: Yeah, right. That remark reassures me that you don't know what
: you're talking about. Why make up shit like this? Do you think
: we're all gullible idiots?
This thread is under crosspost to several groups besides sci.math; it is
entirely possible for a nonmathematician to make a mistake in remembering
something he's read in _Scientific American_ or the like.
Pi hasn't been proved normal, but it has been noted several times in print
that many mathematicians believe it is likely to be normal. Memory has
been known to garble things.
John Savard
------------------------------
From: [EMAIL PROTECTED] (Robert A. Trotter)
Subject: Re: Understanding Cryptograpy--Where to start?
Date: 8 Nov 1999 13:49:37 GMT
Reply-To: [EMAIL PROTECTED]
This seems to be just as good an opportunity as any to jump in.
I too am a rank amateur in the subject. I'm currently reading a book by
Simon Singh "The Code Book" (The evolution of secrecy from Mary, Queen of
Scots to quantum cryptography) Doubleday, October 1999.
I'm finding it fascinating albeit not always light reading..
Included is a Cypher Challenge: 10 steps to $15,000.00. To briefly quote
from the book: "Deciphering each of the ten cyphertexts will generate a
message. In addition to the main body of each message, there will be a
clearly indicated codeword. In order to claim the prize you must
collect all ten codewords. etc etc". Clearly, the ten stages are in
increasing order of difficulty and must be done in sequence in order to
use the previous codeword to proceed with the next stage.
Full details and updates can be found at:
www.4thestate.co.uk/cipherchallenge
Are there any comments on this book? Is anyone interested in
tackling this challenge or is this beyond the reach of non professional
'codebreakers'? I *know* it's beyond *my* reach.....
Looking forward to some discussion on this. Robert
Jim Gillogly ([EMAIL PROTECTED]) writes:
> AIfred E Neuman wrote:
>> I'd like to develop an understanding of encryption technologies and am hoping
>> that this newsgroup can give me a place to start. What reference materials
>> should I access? Thanks in advance.
>> Alfred E. Neuman
>
> Read the sci.crypt FAQ. If you're still interested, read Kahn's
> "The Codebreakers" and Bauer's "Decrypted Secrets". If you're
> still interested, you'll know by then where to look next.
> Jim Gillogly
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: talk.politics.crypto,talk.politics.misc
Subject: Re: Phraseology [U-Boat Enigma Machines]
Date: 8 Nov 99 13:46:33 GMT
Alan Mackenzie ([EMAIL PROTECTED]) wrote:
: Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
: > Anthony Stephen Szopa wrote:
: > I reviewed the program: 842 U-boats launched and 781 sunk.
: Is "sunk" really the right word here? Surely "sinking" a submarine is
: what its own crew would routinely do. We're talking about a ship which is
: designed to sink, so perhaps "further sunk" or "permanently sunk" would
: be better. But these phrases are a bit clumsy.
: How about "destroyed"?
Since submarines are, in general, operated by the Naval forces of the
country to which they belong, and it is in general other Naval vessels
that attack them, such as destroyers, there is a tendency to use the same
terms in discussing submarines as are used in connection with ships.
Also, submarines operate by maintaining a variable degree of buoyancy to
rise and _submerge_ in normal operation. A submarine that has been
destroyed will, in general, lose its buoyancy and rest on the seabed...a
phenomenon for which the word "sink" is as good as any other.
I can assure you that submarine crews do not use the word "sink" to refer
to submersion. Dive, yes; sink, no.
John Savard
------------------------------
From: "james d. hunter" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Mon, 08 Nov 1999 09:54:54 -0500
Reply-To: [EMAIL PROTECTED]
john baez wrote:
>
> In article <[EMAIL PROTECTED]>,
> james d. hunter <[EMAIL PROTECTED]> wrote:
>
> > That's because nobody has proved that anything is random.
>
> Wrong.
>
> > "Random" is usually defined in terms of things like pi,
>
> Wrong.
>
> > so there's no reason to assume that pi isn't just simply
> > a well-known purely random number.
>
> Not even wrong.
I assume that since you are a "scientist", particularly
one of the QM variety, you are clueless concerning
what is random, what is not random, what's up and what's down.
So you are excused for being a idiot.
------------------------------
From: [EMAIL PROTECTED] (CoyoteRed)
Subject: Re: Re: How protect HDisk against Customs when entering Great Britain
Date: Mon, 08 Nov 1999 15:10:21 GMT
Reply-To: this news group unless otherwise instructed!
On Mon, 08 Nov 1999 05:47:47 GMT, [EMAIL PROTECTED] (Dave
Hazelwood) wrote:
>In a nutshell the whole point of my post is that there are people out
>there who will use ANY sensitive issue like gun control, kiddie porn
>etc in a way that will whip up emotion soley for the purpose of
>getting people to willingly give up rights of privacy and freedom that
>have been the bedrock of our society for centuries.
[ ... major snip ... ]
>However, I am more worried about who the bad guys really are.
>
>These people working to take away our privacy and freedoms may
>end up doing more harm to our democratic society than all the
>pornographers on earth.
>
>Scanning PC's at customs is only going to hurt and inconvenience
>the public. It is not going to stop the pornographers one iota. So why
>do it? Why? Ask them?
>
>I know why. They want to establish the practice that's what
>so that it is accepted as normal. Why? Well think ahead. What might
>they want to scan for next?
It seems as though we are on the similar wavelengths after all. Read
back on the thread and you will note that I was responding to two
counterpoints about the balance between privacy and another's rights.
We can't have absolute privacy at another's expense. One of the most
sacred of places is one's own bedroom. Generally, the government
doesn't care what goes on behind closed doors between consenting
adults. The problem is when it involves someone who cannot or will
not give that consent. Then it's the government's role to step in and
protect those who need protecting. IMHO, this does not mean this
protection should include a blanket removal of all threat. We don't
ban cars because we may get in an accident.
There /are/ those who do not understand some things, like firearms,
who /would/ ban things that may do harm. It is a very simplistic view
and is very hotly debated. In this crazy world, we ban things that do
relatively little harm and allow things that are very harmful. (i.e.
marijuana v. alcohol and I'm talking about the issue of physical
addiction and the ability to overdose. )
Also, you will notice that I gave several different ways to hide
information for the original poster, so you can tell that I am
advocating hiding any information that he may deem sensitive.
You last paragraph reminds me of a poem about Germany in the late
'30s. I don't know it off the top of my head but it starts " First
they came after ... " "But I didn't protest because I..." "Then they
came after me and there was no one left to protest." or something
like that. Maybe someone will post an URL to this poem for us.
There was someone who told me a few statement that were kind of
strange, but the only one that I remember is "Freedom is slavery." (or
maybe is was "You are a slave to Freedom." Of course at the time I
didn't understand. He went on to explain, when you have freedom you
must protect it at all costs, otherwise, sooner or later, you will
lose it. So, you are a slave in the sense that you /must/ protect it.
This is similar to what we are going through today, we must fight our
own government to keep our freedoms.
I would have to respectfully disagree with your assessment with this
being sinister. I believe /they/ mean well, it's just they have a
really confused way of doing things. Remember, these are public
servants, they must do /something/, anything The problem is, far too
many times doing this anything is the wrong thing, and this is what we
must guard against.
And when Customs looks at our laptop, I believe that you should look
them in the eye and say "Here ya go!" And when they come across your
locked information and ask you to open it, you should be able to say
"No." Because it much easier to traffic information over the internet
than on a laptop, therefor there is no reason to look at anything on
it. They can x-ray it, use the dogs on it, what ever, but being an
American, I have problems with ideas being illegal.
So, in short (yeah, right, look at the length of this post.)
We deserve privacy only when it's nobodies' business but our own.
--
CoyoteRed
CoyoteRed <at> bigfoot <dot> com
http://go.to/CoyoteRed
PGP key ID: 0xA60C12D1 at ldap://certserver.pgp.com
------------------------------
From: [EMAIL PROTECTED] (Jim Carr)
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: 8 Nov 1999 15:18:27 GMT
john baez wrote:
}
} In article <[EMAIL PROTECTED]>,
} james d. hunter <[EMAIL PROTECTED]> wrote:
} > That's because nobody has proved that anything is random.
}
} Wrong.
}
} > "Random" is usually defined in terms of things like pi,
}
} Wrong.
}
} > so there's no reason to assume that pi isn't just simply
} > a well-known purely random number.
}
} Not even wrong.
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>
> I assume that since you are a "scientist", particularly
> one of the QM variety, you are clueless concerning
> what is random, what is not random, what's up and what's down.
> So you are excused for being a idiot.
ROTFL. Poor John. Well known in Europe and California and so
respected that our poor library has a book by him -- and even
mentioned by name in Science News -- yet unknown at Johns Hopkins.
Or maybe the poster needs to inquire elsewhere at that institution.
--
James A. Carr <[EMAIL PROTECTED]> | Commercial e-mail is _NOT_
http://www.scri.fsu.edu/~jac/ | desired to this or any address
Supercomputer Computations Res. Inst. | that resolves to my account
Florida State, Tallahassee FL 32306 | for any reason at any time.
------------------------------
From: "M. Kohl" <[EMAIL PROTECTED]>
Subject: Cryptography for Dummies
Date: Mon, 8 Nov 1999 15:56:19 +0100
Dear experts!
I am completely new to the field of cryptography, but my employer wants me
to implement a password routine in a Visual Basic program of mine.
So... here are my questions:
1.) Can anyone recommend an easy-to understand ("Cryptography for Dummies")
book on this matter (not with too much mathematics in it), or a homepage
(all I found was about mysterious messages, Baine-Codes, or were too
complicated for me to understand)
2.) I intended to have a known sentence encrypted with the password, and let
the program try to decrypt it with the one the user typed in. This should
save me the trouble of storing the password somewhere. Is this a good idea,
or have you got a better one?
3.) If not 1.) , could you recommend an encryption method for short messages
(e.g. 20 to 200 chars) which should be easy to implement in VB, proven
unbreakable ... blah blah ... you know what all the newcomers want :-)
(I made one up on my own, but I STRONGLY doubt its quality)
4.) I want to program it AND understand it. I don't want any OCX or DLL or
OLE to a program where I can't control anything.
Thanks a lot
Markus
P.S. Please excuse my bad english.
Black holes *really* suck.
[EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
