Cryptography-Digest Digest #765, Volume #10 Sun, 19 Dec 99 02:13:01 EST
Contents:
Re: US Patent Office: How Stupid? Look Here... (Jerry Coffin)
Re: 'Simple' password storage (Jerry Coffin)
Classical Crypto Books (CryptoBook)
Re: RSA, how to calculate big numbers (Eric Lee Green)
ASPEncrypt (Erik Gellatly)
--- sci.crypt charter: read before you post (weekly notice) (D. J. Bernstein)
Re: The 20 years periods did apply to 2 of the 3 patents. Why not for RSA ? (wtshaw)
Re: The 20 years periods did apply to 2 of the 3 patents. Why not for RSA ? (wtshaw)
DataCompression Page (SCOTT19U.ZIP_GUY)
decrypt method (Steve Sharp)
Re: question (wtshaw)
Re: compression & encryption (Raddatz Peter)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Crossposted-To: talk.politics.crypto
Subject: Re: US Patent Office: How Stupid? Look Here...
Date: Sat, 18 Dec 1999 21:10:50 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
Much like your web site, you seem set to make a lot of emotional
claims, but provide as little real information as possible. Just for
example, if you want anybody to make intelligent comments instead of
just listening to you blow off steam, you NEED to tell us the number
of the patent you're talking about.
After doing some searching, I'm _guessing_ that you're referring to US
patent number 5,414,771. I'm not sure of that, but it's about the
only one I can find with in inventor named "Fawcett, Jr.", that looks
related to the generation of random sequences.
> Well, of course the invention claims that any hardware and any
> software can be used to merge these random bit sequences in any
> way known, imaginable, or heretofore yet to be conceived.
Not really true. It requires at least two random elemental sequences,
and a combinatorial method of combining them to produce a random
output sequence.
> In other words, the invention claims any and all and everything
> under the sun. And it is this interpretation that the patent
> office is using to give me a hard time.
You're progressing from somewhat inaccurate to complete nonsense.
> In EVERY embodiment CLAIMED, Fawcett, Jr. uses one or more analog
Do you mean every embodiment or every claim? A claim and an
embodiment are, of course, different things entirely. I'm guessing
you mean embodiments, since (at least in the patent I looked at) none
of the claims says anything about how the initial sequences are
formed.
> random noise generators (with perhaps one or more digital random
> noise generators where the random bits are merged) to produce his
> initial random bit sequences.
> To conclude otherwise is to assume that it is obvious that he did
> so, or at least, even reasonable that he did so. And it is not
> possible to do so since there is no way his random noise generators
> can create such a file as I describe in my invention. To attempt to
> justify the patent office's contention is to accept that any software
> that Fawcett, Jr. wants us to assume with his hand waving over broad
> claims is reasonable: he actually claims in his specification that he
> does assume any and all hardware and software to merge his random
> sequences of which his specific use of modulo 2 addition is but only
> one possible way.
To what extent has the patent office argued this point? The patent
office typically brings up a number of objections to almost any
patent, and in many cases they leave it up to you to explain that the
patent they've cited really IS different from what you're claiming.
Unless they've really argued this point already, my guess is that they
simply saw a patent that's similar enough they considered it worth
bringing to your attention. You can reply by pointing out how it's
different, and in many cases they'll then allow the patent. Of
course, they may have other objections as well, but nearly every
patent file wrapper I've ever read has included notes of the patent
office citing another patent as prior art, and the petitioner having
to explain how the old one is different.
Based on your description, it sounds like you need to explain that,
first, the cited patent claims "random elemental sequences", where
your elemental sequences are NOT random.
Second, you need to point out that you do NOT require two or more
storage media like the cited patent does (at least I don't know of
your requiring more than one disk...)
Third, you need to point out that the results are different: your
result is designed to be pseudo-random so finding patterns in it is
difficult. His result is a semi-randomly chosen subset of the
original input, so that each individual part of the output is just as
random as the original input was.
That gives what I would consider a reasonable argument that your
patent is different from his, and does NOT fall within the doctrine of
equivalents either.
Note that it's generally easier to win an argument like this with a
patent examiner than it is against an opponent in court. OTOH, if you
win the argument with the patent examiner, it goes in the patent's
file history, and if your patent should end up in court someday, it
becomes MUCH more difficult for any other opponent to try to use the
same or even a similar argument. IOW, when the patent examiner brings
up something like this, it may seem like a setback, but (s)he's really
doing you a _major_ favor.
> It is like saying that just because I wrote a novel that through
> hardware and software I contemplate and therefore claim all
> exclusive rights to all novels past, present, in the works, and to
> be written in the future.
Unless he's already suing you, then Mr. Fawcett isn't claiming
anything. The PTO is saying that they think your invention looks a
lot like his. Unless there's a lot more to the story, you're simply
going through the same things that nearly everybody goes through in
writing a patent. If you want one piece of advice, stick to
explaining how your invention is different; don't modify the claims to
make the differences more explicit if you can possibly help it: the
courts (quite rightly IMO) can be fairly liberal about how they
interpret the sections of law involving "reasonable equivalents" of
your patent, but if you rewrote the claims NOT to include something,
they're QUITE careful to not let you add it back in under the doctrine
of equivalents.
> Is it possible that the US patent office has been politicized and
> therefore corrupted by the interests the rich and powerful?
>
> I never thought about it but I realize that this is quite possible
> and I might assume that it has. When it comes to money and power
> what has NOT been corrupted?
Remember the saying about not attributing to conspiracy what can be
explained by stupidity? Based on my reading of patent file histories
and such, I think it's applicable here...
> Over broad claims are specifically not allowed in patents. This is
> why there must be specificity in all filings. The fact that Fawcett,
> Jr. claims use of random noise generator(s) in all of his embodiments
> clearly limits his patent which is the intent of the patent
> regulations.
This is simply NOT true unless you're talking about a different patent
than the one I cited. Not one independent claim mentions the use of a
random noise generator AT ALL. If he had used a means claim, (e.g. a
claim that said "a means for generating random numbers") then he would
be restricted to one of the means actually cited in the patent
disclosure, or a reasonable equivalent thereof (and FWIW, THIS
reasonable equivalent is a matter of law rather than fact, so it's
decided by a Judge in a Markman hearing, rather than by the jury --
read some of the commentaries on Markman if you want details).
Since none of his independent claims seems to make any mention of how
the initial random sequence is formed, it seems unlikely that this can
be considered a reasonable restriction on the scope of his patent.
> Fawcett, Jr.'s method is clearly intended to limit his scope and it
> is obvious that his invention was not intended or contemplated to
> cover my invention thus my invention cannot possibly be interpreted
> as suffering the same limitations as Fawcett, Jr. nor can it be
> interpreted as being specifically analogous as it must be to be
> rejected on the above basis.
>
> So, again, why has the patent office given such an over broad
> interpretation to this particular patent?
There are a number of reasons. First of all, most patent examiners
seem to feel obliged to reject nearly any patent application at least
once or twice before accepting it. Second, the patent office pays a
rather small fraction of what a good technical person can make in the
open market, so patent examiners often aren't the sharpest people
around. Third, patent examiners DO have huge workloads, so in most
cases they only have a chance to take a cursory glance over your
application and other patents that look similar before they tell you
to look things over again. Fourth, the software part of patent office
has grown from nothing to HUGE in a matter of a couple of years.
Between 1981 and 1994, only 3,500 about software patents were issued.
In 1998 alone, that number was up to around 23,000, running around a
40% annual growth rate. Even paying reasonable rates, it would be
hard to come up with the people to keep up with that kind of growth.
IOW, it comes out pretty simple: you're asking them for a legal
monopoly on all manufacture, sale, etc. of your invention. If you
want that, it's up to YOU to do the majority of work to prove that
you've met the requirements of the patent law.
Of course, I think you'd be better off reading Bruce Schneier's
comments on cipher patents before you bother. For a patent on an
algorithm to be worth anything, you've got to provide a real advantage
over _any_ free alternative. When, for example, there were patents on
ALL forms of PK encryption, that meant something. Now that ONE form
of PK encryption is freely available, there's nearly no reason at all
for anybody to bother licensing the patents to the others: anybody
writing new software simply uses the free algorithm and ignores the
patented alternatives.
Your algorithm offers nothing that isn't already done better by freely
available algorithms, though I suppose a patent might give you a bit
more grist for the hype mill (aka web page) describing your product.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: 'Simple' password storage
Date: Sat, 18 Dec 1999 21:10:58 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> Hi Jerry,
>
> Where do I find all of the AES entrants source code? I am relatively new to
> cryptography, but a firm programming background makes it a lot easier to
> understand what you are talking about.
Some of them are available from the individual entrants -- e.g.
Counterpane has source to Twofish on their web site. Assuming (as
appears to be the case) that you're located inside the US, you can
also get a CD-ROM from NIST that contains source to all of them plus
various other technical information about them. Unless you're really
interested in AES as a complete project instead of just looking for an
algorithm, this may be a bit more than you want to deal with though.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (CryptoBook)
Subject: Classical Crypto Books
Date: 19 Dec 1999 04:17:43 GMT
Classical Crypto Books is pleased to announce the following recent
additions/updates to the CCB catalog.
ANCIENT SCRIPTS
CRACKING CODES: The Rosetta Stone and Decipherment
by Richard Parkinson, Whitfield Diffie, Mary Fischer, R. S. Simpson
The story of the decipherment of the Rossetta Stone, told by a British Museum
specialist. Includes discussions of other deciphered and undeciphered scripts
and the essay, "Decipherment versus Cryptanalysis". Large (8.5x11) format.
Published at $27.50.
University of California Press, 208 pp.
SB, Nonmember $24.95, Member $21.95
ESPIONAGE AND INTELLIGENCE
THE SWORD AND THE SHIELD: The Mitrokhin Archive and the Secret History of the
KGB
by Christopher Andrew, Vasili Mitrokhin
The most complete picture ever of KGB operations, with many startling new
revelations. Mitrokhin, a KGB officer, spent ten years copying and transcribing
the KGB foreign intellligence archives. He smuggled them out when exfiltrated
by the British SIS. Published at $32.50.
Basic Books, 720 pp.
HB, Nonmember $28.95, Member $25.95
SPY MASTER: The Real-Life Karla, His Moles, and the East German Secret Police
by Leslie Colitt
A penetrating biography of Markus Wolf, the Man Without a Face. Provides
details of many Stassi operations such as "Romeo traps" and penetration of the
West German Government. Offers a different perspective on Wolf than his
autobiography. Published at $23.00.
Addison-Wesley, 304 pp.
HB, Nonmember $20.95, Member $18.95
ORPHANS OF THE COLD WAR: America and the Tibetan Struggle for Survival
by John Kenneth Knaus
America paid scant attention to Tibet until the Chinese invasion in 1950. That
sparked a secret war involving the US, China, India, and the UK. Knaus--a
former CIA officer in charge of US covert operations in Tibet--provides a
comprehensive account. Published at $27.50.
Public Affairs, 412 pp.
HB, Nonmember $24.95, Member $21.95
THE GUINNESS BOOK OF ESPIONAGE
by Mark Lloyd
Comprehensive overview, covering people, methods, equipment, technology, famous
incidents, and spy agencies. Has numerous discussions of SIGINT and COMSEC
matters, e.g. a summary of the SOE's Delastelle cipher system. Published at
$18.95.
Da Capo Press, 256 pp.
SB, Nonmember $17.95, Member $15.95
KNOW THINE ENEMY: A Spy's Journey into Revolutionary Iran
by Edward Shirley
As an Iran specialist in the Directorate of Operations, Shirley never got to go
to Iran, a country he studied with obsession. After leaving the CIA, however,
he fulfilled his goal of entering Iran, covertly, to study firsthand the
Revolution's aftermath. Published at $15.00.
Westview Press, 251 pp.
SB, Nonmember $13.95, Member $11.95
BLIND MAN'S BLUFF: The Untold Story of American Submarine Espionage
by Sherry Sontag, Christopher Drew, Annette Lawrence Drew
Until this book, the crucial role played by submarines in collecting
communications and other intelligence was largely unknown, even by the families
of the men on board. Includes the thrilling story of how US subs tapped
undersea phone cables. Published at $25.00.
Public Affairs, 381 pp.
HB, Nonmember $22.95, Member $19.95
MAN WITHOUT A FACE: The Autobiography of Communism's Greatest Spymaster
by Markus Wolf, Anne McElvoy
So secret was the Stasi chief that it took Western intelligence nearly twenty
years to determine his appearance. This extraordinary book reveals true stories
of murdered agents, hidden cameras, secret codes, phoney brothels, triple
agents, and more. Published at $25.00.
Times Books, 385 pp.
HB, Nonmember $22.95, Member $19.95
MAN WITHOUT A FACE: The Autobiography of Communism's Greatest Spymaster
by Markus Wolf, Anne McElvoy
This edition contains a new foreword by Craig R. Whitney of the New York Times,
the author of Spy Trader.
Public Affairs, 441 pp.
SB, Nonmember $13.95, Member $11.95
==============
HB = Hardbound
SB = Softbound
==============
All items are in stock and available now. Member prices are available to
members of the American Cryptogram Association, the U.S. Naval Cryptologic
Veterans Association, and full-time students. Shipping and handling are extra.
For complete ordering information, a free catalog of crypto books by return
e-mail, or for information about membership in the American Cryptogram
Association, please send email to: [EMAIL PROTECTED]
Happy Holidays,
Gary
Gary Rasmussen
Classical Crypto Books
E-Mail: [EMAIL PROTECTED]
Fax: (603) 432-4898
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Crossposted-To: alt.security
Subject: Re: RSA, how to calculate big numbers
Date: Sat, 18 Dec 1999 21:46:50 -0700
Bart Peeters wrote:
>
> I have to calculate:
>
> (32567023914^367151)%40000399997
>
> How can I do that?
Under Unix with "C", you would use the GNU 'mp' library. For example, here's
what my code to do the same basic thing looks like:
#include <gmp.h> /* GNU multi-precision library. */
/******************************************************************
* create new Y values, fed decimal numbers.
*****************************************************************/
char *create_y(char *basestr, char *exponentstr, char *modulusstr) {
mpz_t result;
mpz_t base;
mpz_t exponent;
mpz_t modulus;
char *resultstr;
mpz_init(result); mpz_init(base); mpz_init(exponent); mpz_init(modulus);
mpz_set_str(exponent,exponentstr,10); /* set key to the random #... */
mpz_set_str(base,basestr,10);
mpz_set_str(modulus,modulusstr,10);
mpz_powm(result,base,exponent,modulus);
resultstr=mpz_get_str(NULL, 10,result);
return resultstr;
}
int main(int argc, char *argv[])
{
char *s;
s=create_y("32567023914","367151","40000399997");
printf("The result is %s \n",s);
}
------------------------------
From: Erik Gellatly <[EMAIL PROTECTED]>
Subject: ASPEncrypt
Date: Sat, 18 Dec 1999 21:32:14 -0800
Persits Software has server side ASP components that will allow for encrypted multiple
file upload for sale online at
www.aspencrypt.com and www.aspupload.com. Does anyone have an opinion about the
relative security that this solution
provides for an SSL-enabled ASP/IIS environment?
Erik Gellatly
Salem, Oregon
------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Crossposted-To: talk.politics.crypto
Subject: --- sci.crypt charter: read before you post (weekly notice)
Date: 19 Dec 1999 06:00:05 GMT
sci.crypt Different methods of data en/decryption.
sci.crypt.research Cryptography, cryptanalysis, and related issues.
talk.politics.crypto The relation between cryptography and government.
The Cryptography FAQ is posted to sci.crypt and talk.politics.crypto
every three weeks. You should read it before posting to either group.
A common myth is that sci.crypt is USENET's catch-all crypto newsgroup.
It is not. It is reserved for discussion of the _science_ of cryptology,
including cryptography, cryptanalysis, and related topics such as
one-way hash functions.
Use talk.politics.crypto for the _politics_ of cryptography, including
Clipper, Digital Telephony, NSA, RSADSI, the distribution of RC4, and
export controls.
What if you want to post an article which is neither pure science nor
pure politics? Go for talk.politics.crypto. Political discussions are
naturally free-ranging, and can easily include scientific articles. But
sci.crypt is much more limited: it has no room for politics.
It's appropriate to post (or at least cross-post) Clipper discussions to
alt.privacy.clipper, which should become talk.politics.crypto.clipper at
some point.
There are now several PGP newsgroups. Try comp.security.pgp.resources if
you want to find PGP, c.s.pgp.tech if you want to set it up and use it,
and c.s.pgp.discuss for other PGP-related questions.
Questions about microfilm and smuggling and other non-cryptographic
``spy stuff'' don't belong in sci.crypt. Try alt.security.
Other relevant newsgroups: misc.legal.computing, comp.org.eff.talk,
comp.org.cpsr.talk, alt.politics.org.nsa, comp.patents, sci.math,
comp.compression, comp.security.misc.
Here's the sci.crypt.research charter: ``The discussion of cryptography,
cryptanalysis, and related issues, in a more civilised environment than
is currently provided by sci.crypt.'' If you want to submit something to
the moderators, try [EMAIL PROTECTED]
---Dan
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: alt.security.pgp
Subject: Re: The 20 years periods did apply to 2 of the 3 patents. Why not for RSA ?
Date: Sun, 19 Dec 1999 00:37:25 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> Qb lbh ernyyl xabj jung lbh yvxr gb fnl ?
> --
> Thanks, Richard
> =======================================================
> wtshaw wrote:
> >
> > In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> >
> > > The 3 most known patents in the encryption area are :
> > >
....
> > >
> > > The 20 years periods did apply to 2 of the 3 patents.
> > > Why it is not applicable to the last one ?
> >
> > *Contributions*
Ambiguity is at the heart of the matter.
--
Death is easy, life is difficult.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: alt.security.pgp
Subject: Re: The 20 years periods did apply to 2 of the 3 patents. Why not for RSA ?
Date: Sun, 19 Dec 1999 00:42:25 -0600
In article <[EMAIL PROTECTED]>, Kent Briggs
<[EMAIL PROTECTED]> wrote:
> When the rule changed in 1995, it said that existing patents would get
> protection 17 years after they were granted or 20 years after they were
> filed, whichever was longer. So you need to find out the grant date for
> each of these to see the difference.
>
There is more at work in changing some of the laws on patents and
copyrights beyond just picking round numbers. I suggest that things are
not as simple as they might appear.
--
Death is easy, life is difficult.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.compression
Subject: DataCompression Page
Date: Sun, 19 Dec 1999 07:10:23 GMT
I am loss for words I have just checked out Mark Nelson
site and it does contain some of the more modern and
new ideas about compression. I get very upset with many
people who only trust the stuff coming from those with
some sort of credentials. I thought for sure Mr Nelson
rejected my stuff out of hand before but I was wrong I'm
sorry I misjudged you I was sure that you wrote my
code off but I make BIG mistakes from time to time
and have to eat crow.
His site is as below
http://www.dogma.net/DataCompression
|
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
Date: Sun, 19 Dec 1999 01:40:02 -0500
From: Steve Sharp <[EMAIL PROTECTED]>
Subject: decrypt method
I have an encrypted word, I also have the plain text of the same word.
How does one go about finding the encryption method.
I believe it's not DES but something like a bit shift or XORing.
Is there a systematic way to figure out the encryption method ???
Thanks,
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: question
Date: Sun, 19 Dec 1999 01:01:34 -0600
In article <[EMAIL PROTECTED]>, Jim wrote:
> On Sat, 18 Dec 1999 17:01:50 -0000, "Gary" <[EMAIL PROTECTED]> wrote:
>
> >Chaff and winnowing proposed by Rivest is one example.
> >In fact there are also alot of relatively new public key systems that have
> >expansion.
>
> By a factor of 2 or 3 ?
There are lots of old ones that have this characteristic as well. The
important thing to ask is whether it is worth it, whether security is
increased proportionally, or are you just trying out ideas. Beyond not
changing lengths, a goal for many, some increase may actually buy you
something, but 2 or 3 seems wasteful.
--
Death is easy, life is difficult.
------------------------------
From: Raddatz Peter <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: compression & encryption
Date: Sat, 18 Dec 1999 22:58:46 -0800
Jerry Coffin wrote:
>
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> > Forgive me for being stupid about this...
> > I keep on reading about weak compression for encryption etc.
> > Here is what baffles me. Let's say I use Zlib for compression and then
> > encrypt the result with RC4 - why is that weak? If Zlib leaves a header,
> > which I have not seen, that header gets encrypted through RC4.
> > Trying to crack the cypherfile you must first reverse the RC4 code and
> > then unzip. So WHY is the use of Zlib weak????
>
> The general idea is that if the compression includes a predictable
> content, you give the attacker some known-plaintext to work with.
> Quite a few ciphers are easier to attack with known plaintext than
> without.
>
> The alternative view is that the amount of known plaintext revealed by
> this is typically so small that it makes no real difference -- the
> attacker has to have broken the encryption quite thoroughly before a
> tiny amount of known plaintext is even marginally useful. A known-
> plaintext attack against a block cipher normally has to have ALL the
> plaintext for a complete block (e.g. 256 bits) known before it's of
> any use at all.
>
> Just for example, many compressors leave a signature at the beginning
> of their output. This is typically around 3 bytes or so,
> substantially smaller than a single block with nearly any reasonably
> recent block cipher of which I'm aware.
>
> --
> Later,
> Jerry.
>
> The universe is a figment of its own imagination.
I've inspected a couple of Zlib compressions without encryption and it
seems that, indeed, there's a 2 byte header &h78 and a second byte
dependent on the compression level. If I hardwire the level in my
source-code to, let's say, 6 then the first 2 bytes in any compressed
files will always be &H78 9C. Knowing this it is easy to strip the first
2 bytes off the beginning of the compressed file before encrypting it
and add them to the beginning of the file after decrypting and before
un- zipping. What's the problem here?
Peter
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
