Cryptography-Digest Digest #643, Volume #11 Thu, 27 Apr 00 05:13:00 EDT
Contents:
Re: OAP-L3: What is the period of the generator? (NFN NMI L. a.k.a. S.T.L.)
Re: Magnetic Remenance on hard drives. (NFN NMI L. a.k.a. S.T.L.)
Re: OAP-L3: Semester 1 / Class #1 All are invited. ("Joseph Ashwood")
Re: U-571 movie (NFN NMI L. a.k.a. S.T.L.)
Re: Requested: update on aes contest (Jerry Coffin)
Re: Magnetic Remenance on hard drives. (jungle)
Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - (jungle)
Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - (jungle)
Re: Help: encrypting bit fields (lcs Mixmaster Remailer)
Help Needed www.Great-Mind.com ([EMAIL PROTECTED])
Re: Career Opportunities @ Cloakware (David A Molnar)
Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - (Arturo)
Re: AEES 16 rounds ([EMAIL PROTECTED])
Re: new Echelon article (Volker Hetzer)
Re: ECC's vulnerability to quantum computing (Eric Hambuch)
Re: What does XOR Mean???!!! (Guy Macon)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (NFN NMI L. a.k.a. S.T.L.)
Subject: Re: OAP-L3: What is the period of the generator?
Date: 27 Apr 2000 05:15:48 GMT
<<In fact, if you need further answers I am available for fee based
consulting only regarding OAP-L3. >>
Quack quack quack.
-*---*-------
S.T. "andard Mode" L. ***137***
STL's Wickedly Nifty Quotation Collection: http://quote.cjb.net
------------------------------
From: [EMAIL PROTECTED] (NFN NMI L. a.k.a. S.T.L.)
Subject: Re: Magnetic Remenance on hard drives.
Date: 27 Apr 2000 05:18:24 GMT
<<Do you have a reference handy?>>
Duh, try Symantec.com. I found a mention of it when I was looking up Norton
Ghost (which wasn't useful for my purposes anyways).
Burn a floppy to delete its contents, says Gutmann. I agree.
-*---*-------
S.T. "andard Mode" L. ***137***
STL's Wickedly Nifty Quotation Collection: http://quote.cjb.net
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Wed, 26 Apr 2000 22:42:53 -0700
Crossposted-To: talk.politics.crypto
To everyone,
ya know, with Szopa here I kind of miss D Scott, he
at least had the intelligence to find new personal attacks.
Joe
------------------------------
From: [EMAIL PROTECTED] (NFN NMI L. a.k.a. S.T.L.)
Subject: Re: U-571 movie
Date: 27 Apr 2000 06:02:59 GMT
Teraflop supercomputers are fast, badass computers. They have everything to do
with breaking codes.
<<and _everyone_ knew that the Japanese would _never_ attack the US.>>
The Japanese had a history of launching unannounced attacks. Ask the Russians.
-*---*-------
S.T. "andard Mode" L. ***137***
STL's Wickedly Nifty Quotation Collection: http://quote.cjb.net
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Requested: update on aes contest
Date: Thu, 27 Apr 2000 00:18:22 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> Jerry Coffin <[EMAIL PROTECTED]> writes:
>
> > Assuming you're talking about something like multiple layers of
> > firewalls/proxy servers (and not multiples running in parallel) then
> > yes, the same general reasoning applies.
>
> No, I'm talking about multiple parallel points of entry.
That's not analogous to anything we've discussed.
> > Assume for the moment that NIST decided all five finalists were AES
> > ciphers. Further assume that you choose exactly one of those for
> > your use.
>
> I *cannot*! My supplier of services today tells me that they have two
> ways to accept this piece of data: in cleartext or CBC-Blowfish encrypted.
> In this case, I'm happy because we already trust Blowfish in other places.
> But if they were using DES, we'd probably have to trust DES, too.
Okay, so they pick it instead of you. What exactly does this have to
do with anything? Assume for the moment that they decide to support
an AES cipher when a decision is made. I don't see where this makes
any real difference to anything. If they decide NOT to support one
of them, then the number of ciphers chosen for AES has no bearing on
anything, since you're not using any of them anyway.
> > Assume still further that ALL the civilian AND government
> > cryptanalysts decide to attack that cipher to the exclusion of the
> > other four.
> >
> > This gives you essentially the worst case scenario.
>
> No and no. Worst case scenario would be: Civilian cryptoanalysts
> don't even look at the cipher I use (for example, because they think
> it has theoretically boring design), and government cryptoanalysts are
> only interested in it alone (for example, because I happen to share my
> choice of cipher with somebody very important for them).
>From a viewpoint purely of how likely the cipher is to be broken,
this is simply NOT the worst-case scenario. It reduces the
cryptanalysis, and therefore the chances of a break. I see your
point about it increasing the chances of your not knowing about a
break, but for it to mean anything, you still have to assume that the
particular government agency that breaks it (or _possibly_ some other
part of the government) actually cares about your data. If you're
trying to protect it from a competitor and the NSA breaks your
cipher, it doesn't particularly hurt you at all unless you assume
something like the NSA being on your competitor's payroll.
> Notice that we both have silently accepted a paradigm of
> cipher-breaking that implies application of certain finite expendable
> resource to a particular problem.
Can you think of an alternative? How much sense does it make to
assume the pool of cryptanalytic knowledge and talent is suddenly
going expand from minuscule to infinite?
> While this model might be good for
> goverment payroll employees, it's likely flawed as far as civilian
> analysts are concerned: It's likely that it requires some insight to
> break a cipher. The probability of such insight isn't linearly
> dependent on time spent studying the problem. Initially it's likely
> higher and after certain significant time spent it likely decreases.
> If this model has truth to it, it's an additional reason why one of
> multiple targets is easier to hit than a single target.
It seems to me that you've got things exactly backwards: no, I don't
think it's linear either. You're assuming the curve is something
like logarithmic with time on the horizontal axis and insight on the
vertical. Instead, I'd say it's more like exponential with the same
axes. At first, you study a LOT and get nowhere. As time goes on,
you start to gain tiny insights into things, but none of them is
really good for much by itself. Eventually, you gain enough little
insights that you can start to recognize a pattern, and that MIGHT
just be enough to start to find a weakness.
The general rule, however, is that you're going to spend a LOT of
time groping around in the dark before you see even the slightest
hint of a gleam of light.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: Magnetic Remenance on hard drives.
Date: Thu, 27 Apr 2000 02:33:20 -0400
many companies will recover data [ HARDWARE only ] problems from h/d ...
it's almost child play ...
but no one will recover WIPE overwrite ...
I would like to BET on it ...
"Holger Weiß" wrote:
>
> Thor Arne Johansen posted:
> |
> |My point is that recovering overwritten data is NOT easy, it is
> NOT a
> |commercially available service, and it is NOT documented in the
> public
> |domain.
> |
>
> I don't think that this is really important, but about two years
> ago I read an article about a British or German company offering
> HD recovery for about $5 per MB with about 95% recovered data. I
> can't remember any further information and I tried to find the
> article, but I think this company ran bankrupt because of good
> backup systems. Possibly there also were not enough people who
> knew about this company.
>
> Holger
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator -
Date: Thu, 27 Apr 2000 02:36:03 -0400
"NFN NMI L." wrote:
>
> <<Now, this could also be judged as techno ranting :), but if you look
> into it, these things makes it incredibly hard (almost impossible), to
> recover overwritten data.>>
>
> Peter Gutmann disagrees. In his paper, if I remember correctly,
yes, you do ...
> he notes that
> recovering data is mostly possible.
yap, on paper ...
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator -
Date: Thu, 27 Apr 2000 02:42:48 -0400
specially, when the money is from tax robberies ...
Nick Barron wrote:
>
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Andrew
> Carol) wrote:
>
> > That said, the very people who are likely to really know are not
> > talking. I am sure that when I worked with classified harddrives in
> > the military there were VERY strict rules about declassification, none
> > of which left the disk in a useable condition.
>
> In the UK too... With the military, the very small residual risk that a
> "wiped" hard drive may still be accesible to a hostile intelligence service
> is not acceptable above a particular level.
>
> There's also the labour costs to consider; with a typical PC drive costing
> <UKP 100 these days, it doesn't take much before the time taken to wipe it
> and fill in the relevant paperwork allowing its reuse simply isn't
> worthwile, so physical destruction is a simpler option.
specially, when the money is from tax robberies ...
------------------------------
Date: 27 Apr 2000 07:20:05 -0000
From: lcs Mixmaster Remailer <[EMAIL PROTECTED]>
Subject: Re: Help: encrypting bit fields
> Say I want to encrypt a bit field (37 bits, for example) and get
> back another 37-bit field. E.g. I want to simulate a 37-bit codebook
> cipher. Alternatively, say I want to encrypt an integer range, such
> as 10-digit decimal integers.
>
> Variable length encryption was one of the design goals of Schroppel's
> Hasty Pudding Cipher (HPC) which was one of the AES candidates that
> didn't make it to the 2nd round. Is there a straightforward, secure
> way to do it with standard cryptographic primitives (3DES, SHA, etc.)?
You could adapt a technique from HPC, but unfortunately it only works
well when you are relatively close to the block size.
Simply iterate the cipher until the output will fit into the space you
had for your input.
In your case, you'd repeatedly apply 3DES until you got a 37 bit output.
This would take about 2^(64-37) or 2^27 tries. Oops. Hope you have some
time to burn. If you were doing like 50-60 bits it wouldn't be so bad.
For decryption you do the same thing, repeatedly decrypt until you get
output that fits. You won't stop early because you would have stopped
there on the encryption iteration.
------------------------------
From: [EMAIL PROTECTED]
Subject: Help Needed www.Great-Mind.com
Date: Thu, 27 Apr 2000 07:42:14 GMT
http://www.Great-Mind.com
Two years ago, I saw a need to organize the way we find credible
knowledge on the Internet. A place where after reading the
Origin of the Species I could discuss it with others and gain new
insight. I wanted a place where true interaction could take
place. I can no longer easily do this by myself and need exposure,
participation and of course the opportunity to raise the
capital required to make it the success it shall become.
The Higher Education market is $750 billion and for distance learning
alone, will reach $9 billion by 2003. According to
Morgan Stanley Dean Witter, the content delivery market will reach $44
billion by 2003. Obviously there is money to be made,
but that was not the reason this began. This portal began because I was
one of those people that loved to study everything and
anything, dive into the depths of subjects and finding something more
intriguing to learn about. I can not imagine real
progress taking place at the speed it could be, by current means.
So far, individuals can find on our Knowledge Portal:
1. US University/College Website Index with Alumni message boards to
correspond with over 1,500 listed Universities.
2. Specialists: Directory of University departments. So far, I have
begun listing Physics, Mathematics, Biology, Chemistry
and Astronomy with the Department website and contact information. This
gives exposure to the work being done at the
institutions and makes it easier to find the professors others would
like to work with.
3. Library: Instead of giving individuals a list of sites to sort
through for graduate level research papers. I have given
links to the actual PDF or HTML file on those distributed databases to
save time when people need information to compile
research. The reason these are graduate level only, is because much of
the information the internet can not be cited as a
source for information when conducting individual research. So far, I
have Physics, Mathematics, Chemistry, Biology and
Artificial Intelligence.
4. Forums: We have several forums including a place to debate and
post Industry or facility news.
5. In the works:
a. Orator: ezine for industry news articles and a place for everyday
people to have their own research posted. Just because
one doesn't have a PhD, they still may be an expert in certain fields
of interest. This area will also have a chat room for
people to gather and learn.
b. Lecture Hall: As we gain members from Universities, Research
facilities and Corporations (similar to the w3) those
members can then conduct Lectures on our portal for world
participation. The software we are using allows individuals to log
on without having to download any software, and they can type questions
to the instructor at which time the conductor can
address the "Internet Audience" questions.
c. Laboratory: This area also allows members to post current lab
projects in all fields of study. Anyone can access such
information and comment on them through a forum designed for such.
This gains incredible exposure to the facility.
The visitors that have been going to the portal is astounding and I
could not have wished for a greater audience. However, it
is time to make it happen. It won't be anything but a dream, a vision,
without publicity, participation and capital. Can we
really wait for its success?
This letter was written from my soul not as spam and the fact remains,
knowledge is our future.
Sincerely,
-Jeanette Jensen
"Curiousity inspires genius."
http://www.MagnusMens.com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Career Opportunities @ Cloakware
Date: 27 Apr 2000 07:46:58 GMT
John A. Malley <[EMAIL PROTECTED]> wrote:
> It makes spaghetti code out of clear, well designed software.
> *Shudder*
Ha. :-) It strikes me from the description, though, that their process
happens during compile time and so does not affect the source code seen by
"legitimate" programmers.
Do I want to _debug_ a program which has been transformed like so? Not on
your life. I wonder what their answer for that is, or if they expect you
to test without "cloaking", make everything work right, and then throw in
the cloaking as an afterthought on the final compile before shipping...
------------------------------
From: [EMAIL PROTECTED]=NOSPAM (Arturo)
Subject: Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator -
Date: Thu, 27 Apr 2000 07:35:13 GMT
On Thu, 27 Apr 2000 02:36:03 -0400, jungle <[EMAIL PROTECTED]> wrote:
>"NFN NMI L." wrote:
>>
>yes, you do ...
>
>> he notes that
>> recovering data is mostly possible.
>
>yap, on paper ...
>
Not if the paper is damaged. If it´s not, the process of recovering
data on paper is easy: it is called reading.
(Sorry, could not resist is .. ;-) )
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AEES 16 rounds
Date: Thu, 27 Apr 2000 08:05:49 GMT
Joe,
Thank you very much for your reply.
#After reading through your documentation, I found a few
#problems:
Only a few? My congratulations!
#1) You have no clue what a multiplication table is
It is more then strange. My implementation of multiplication tables
of finite groups is described with all details in description marked
as 'Alex Encryption'. Please take a look at it. Would you have additional
questions I am to your service.
#2) You have not defined some of the functions you use
Which of them?
#3) Without this (as I won't even bother trying to read your
#source code since I don't do delphi) the algorithm will not
#be analyzed by me.
This makes me sorely unhappy. I hope you will try to
do this once more. Thank you in advance.
#Perhaps if you were to follow the guidelines used by the AES
#finalists I might be inclined to give it another look.
Concerning AES contest I can only laugh.
Sincerely yours.
Alex.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,alt.journalism.print,alt.journalism.newspapers
Subject: Re: new Echelon article
Date: Thu, 27 Apr 2000 08:28:44 +0000
"Tony T. Warnock" wrote:
> > > Good people in the right places promotes justice. Laws help maintain what
> > > they do.
> > So, if you want to change laws, don't become a judge.
> >
>
> Sort of the opposite of the current crop of US judges?
I probably don't know enough about US judges to understand that.
Do US judges not judge according to law?
Of course, if judges do things governments should do (ie. make politics)
you have a problem. (IMHO)
Greetings!
Volker
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
From: Eric Hambuch <[EMAIL PROTECTED]>
Subject: Re: ECC's vulnerability to quantum computing
Date: Thu, 27 Apr 2000 10:33:47 +0200
Mike Rosing wrote:
>
>
> Best thing to do! The basic algorithm requires a whole bunch of
> guesses,
> so on a QC you get to do all the guessing at once. Odds are good after
> a several guessing sessions the QC will give the correct answer.
>
> I think it'd be fun to build a QC. But I need some mighty expensive
> toys first :-)
BTW: There is a good quantum computer simulator on
http://tph.tuwien.ac.at/~oemer/qc
It contains also Shors factoring algorithm!
Eric
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: What does XOR Mean???!!!
Date: 27 Apr 2000 04:47:01 EDT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tim Tyler) wrote:
>
>R124c4u2 <[EMAIL PROTECTED]> wrote:
>
>[EQV?]
>
>: Here is what I should have said in my initial post:
>
>: Of all the possible boolean operators available to a computer programmer,
xor
>: is unique in that: blah, blah, blah.
>
>I expect us pedants would then have advised you that various hardware
>description languages - such as VHDL and Verilog provide explicit support
>for the "XNOR"/"ENOR" instruction - as do some species of machine code ;-)
We pedants who design microprocessors would add that bit-slice processors
provide machine code support for whatever operator you prefer (the
instruction set may be changed on the fly on a bit-slice).
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
