Cryptography-Digest Digest #664, Volume #11 Sat, 29 Apr 00 19:13:01 EDT
Contents:
Re: sboxes for the bored... (Terry Ritter)
Re: factor large composite (Jerry Coffin)
Re: sboxes for the bored... (Tom St Denis)
Re: sboxes for the bored... (Tom St Denis)
How safe am I using a subset of the bytes returned by SHA-1? (Mark Thomson)
Re: How safe am I using a subset of the bytes returned by SHA-1? (Tom St Denis)
Re: A naive question (Bryan Olson)
Re: U-571 movie (OT) (Tom St Denis)
the security of scramdisk (EP847)
Re: Biometrics and public/private key encryption (Diet NSA)
Re: Help: encrypting bit fields (Francois Grieu)
Re: Intel drops serial number (Roger)
Re: U-571 movie (Diet NSA)
Re: Magnetic Remenance on hard drives. ("Trevor L. Jackson, III")
Re: new Echelon article (Diet NSA)
Re: U-571 movie (OT) ("Stou Sandalski")
Re: Janet and John learn about bits (was Re: Problems with OAP-L3) (Richard
Heathfield)
What are SBoxes? ("Monolo")
Re: the security of scramdisk (Ron Yakmile)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: sboxes for the bored...
Date: Sat, 29 Apr 2000 20:27:23 GMT
On Sat, 29 Apr 2000 10:29:05 GMT, in <[EMAIL PROTECTED]>,
in sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote:
>Terry Ritter wrote:
>>
>> On Sat, 29 Apr 2000 00:05:55 GMT, in <[EMAIL PROTECTED]>, in
>> sci.crypt "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>>
>> >Terry Ritter wrote:
>> >> Measuring Boolean function nonlinearity is well-known technology.
>> >
>> >However, there are apparently different measures of nonlinearity;
>>
>> Yes, of course there would be different measures, in the same sense as
>> there are many different forms of linearity.
>>
>> >are they strictly equivalent?
>>
>> Within the context of Boolean functions (that is, n-bit to 1-bit
>> lookup tables), such functions are likely equivalent. The extension
>> to n-bit to m-bit tables, in which we measure each bit-column
>> independently, seems fairly common, if that is what we want to do.
>> Now, we might well *want* to do something else in which the sequences
>> are not measured independently, but I'm unaware of a useful
>> cryptographic measure for anything like that.
>
>Well meseasuring n by 1 sbox non-linearnity is not what I am trying todo
>here. I implemented a WT transform that goes thru all possible inputs
>and outputs. Could you just look at my code to see I implemented the WT
>properly please?
My first instinct is to say: "NO! Form some test vectors and test
your work and they you will know, and also then you can fix it to make
it work right if it doesn't."
I *can't* just *look* at code and see if it is right; few people can.
To see if code is right I have to *implement* the code, and the test
vectors, and see if the code does what it is supposed to do. I HAVE
ALREADY DONE THAT FOR MY CODE! And that code, at least, is in the
JavaScript page. Just view the source!
All that said, I would have looked at your code had I known were it
was. There is a reason URL's appear in newsgroup articles! I looked
back at your 3 or 4 previous contributions to this discussion, and saw
my URL's repeated, but nothing from you. So WHAT CODE?
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Date: Sat, 29 Apr 2000 14:42:31 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... ]
> Wasn't thinking of NFS. Simple trial and error division on assigned
> blocks of divisors to prevent duplication of effort. Nearly no chance
> of success, but what the hell. You are using other people's computers
> to do the work. And a nice payoff if you get lucky, and no real cost
> if you don't. Sort of like getting a free lotto ticket.
This isn't reasonable either. If you're going to try to distribute a
factoring job widely, it looks to me like the elliptical curve method
is what you really want to use. Even when you run it on a single
machine, ECM is still basically executed as a large number of pieces,
each of whihc is basically independent from the others. Eventually,
one of them turns up an answer.
If you're working on a number large enough that NFS is difficult to
contemplate, "eventually" will be a LONG time, but at least dividing
up the work to make the attempt is relatively easy.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: sboxes for the bored...
Date: Sat, 29 Apr 2000 20:44:51 GMT
Terry Ritter wrote:
>
> On Sat, 29 Apr 2000 10:29:05 GMT, in <[EMAIL PROTECTED]>,
> in sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> >Terry Ritter wrote:
> >>
> >> On Sat, 29 Apr 2000 00:05:55 GMT, in <[EMAIL PROTECTED]>, in
> >> sci.crypt "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> >>
> >> >Terry Ritter wrote:
> >> >> Measuring Boolean function nonlinearity is well-known technology.
> >> >
> >> >However, there are apparently different measures of nonlinearity;
> >>
> >> Yes, of course there would be different measures, in the same sense as
> >> there are many different forms of linearity.
> >>
> >> >are they strictly equivalent?
> >>
> >> Within the context of Boolean functions (that is, n-bit to 1-bit
> >> lookup tables), such functions are likely equivalent. The extension
> >> to n-bit to m-bit tables, in which we measure each bit-column
> >> independently, seems fairly common, if that is what we want to do.
> >> Now, we might well *want* to do something else in which the sequences
> >> are not measured independently, but I'm unaware of a useful
> >> cryptographic measure for anything like that.
> >
> >Well meseasuring n by 1 sbox non-linearnity is not what I am trying todo
> >here. I implemented a WT transform that goes thru all possible inputs
> >and outputs. Could you just look at my code to see I implemented the WT
> >properly please?
>
> My first instinct is to say: "NO! Form some test vectors and test
> your work and they you will know, and also then you can fix it to make
> it work right if it doesn't."
My code (http://24.42.86.123/sboxgen.c) is fairly straightforward. I am
currently adding xor-characteristic measurements but the rest of the
code is fully functional.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: sboxes for the bored...
Date: Sat, 29 Apr 2000 20:47:07 GMT
Terry Ritter wrote:
>
> On Sat, 29 Apr 2000 10:31:32 GMT, in <[EMAIL PROTECTED]>,
> in sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> >> >[...]
> >> >I dunno what he is talking about the walsh transform (taken from "On
> >> >linear cryptanalysis") will give you a negative when the function is
> >> >affine, a positive when it's linear and close to zero if it's neither.
> >>
> >> Is that true? I don't think so. Let's see you deliver a few examples
> >> where that is so.
> >
> >Look at the paper, there are negative entries in the WT table of SBOX 5.
>
> Are you under the impression that there is only one paper in this
> area?
>
> What paper?
The paper by Eli Biham "On Matsui's Linear Cryptanalysis".
http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1994/CS/CS0813.ps
Tom
------------------------------
From: Mark Thomson <[EMAIL PROTECTED]>
Subject: How safe am I using a subset of the bytes returned by SHA-1?
Date: Sat, 29 Apr 2000 13:56:21 -0700
First of all, let me explain the application. I'm coding up a shell
extension for Win32 platforms that will show a hash for a file when
you right click on it. I'm using SHA-1, for the simple reason that I
have source to it, and it works. The problem with SHA-1 is that it's
a bit on the chatty side: it produces 20 bytes of digest, which
equates to 40 characters when printed in hex, plus some formatting to
make it readable.
I am very tempted to simply take the first 8 bytes of the digest, and
display them in this format:
xxxx-xxxx xxxx-xxxx
since this is a managable amount of data for a context menu addon.
Given that the security of the entire western world won't be riding on
this app, how much danger am I in doing this. The naive answer is
2^64, since I have 64 bits of data, which in all honesty is plenty
enough for what I'm doing. However is there something that I don't
know that could cause problems?
As an alternative, is there any reason not to drop back to the CCITT
CRC32, which produces only 4 bytes of output? That'd give me a 1 in 4
billion (give or take) chance of a false match, which again is
probably plenty enough for what I'm doing.
Thanks for any advice and suggestions.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: How safe am I using a subset of the bytes returned by SHA-1?
Date: Sat, 29 Apr 2000 20:59:31 GMT
Mark Thomson wrote:
>
> First of all, let me explain the application. I'm coding up a shell
> extension for Win32 platforms that will show a hash for a file when
> you right click on it. I'm using SHA-1, for the simple reason that I
> have source to it, and it works. The problem with SHA-1 is that it's
> a bit on the chatty side: it produces 20 bytes of digest, which
> equates to 40 characters when printed in hex, plus some formatting to
> make it readable.
>
> I am very tempted to simply take the first 8 bytes of the digest, and
> display them in this format:
>
> xxxx-xxxx xxxx-xxxx
>
> since this is a managable amount of data for a context menu addon.
>
> Given that the security of the entire western world won't be riding on
> this app, how much danger am I in doing this. The naive answer is
> 2^64, since I have 64 bits of data, which in all honesty is plenty
> enough for what I'm doing. However is there something that I don't
> know that could cause problems?
>
> As an alternative, is there any reason not to drop back to the CCITT
> CRC32, which produces only 4 bytes of output? That'd give me a 1 in 4
> billion (give or take) chance of a false match, which again is
> probably plenty enough for what I'm doing.
>
> Thanks for any advice and suggestions.
If you are merely trying todo a checksum you can safely use 64 bits of
SHA with a random probability of a collision at 2^32 (i.e you have to
try this many pairs before finding a match). Obviously it's not secure,
but if you need only compute checksums this may be better then a CRC.
Tom
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: A naive question
Date: Sat, 29 Apr 2000 20:52:06 GMT
Mok-Kong Shen wrote:
> If one has, say 56 bits of truly random bits, one can use
> that as an OTP to encrypt 56 bits of message and obtain
> superior protection. If one use that instead as a key to an
> encryption algorithm, say a very good block cipher, to encrypt
> n*56 bits of message, an intuitive feeling is that the
> protection would quickly get worse as n increases. Since the
> algorithm itself can't generate any entropy, it seems that the
> security pro bit of the message decreases monotonely, maybe even
> 'proportionly', with increasing n. Like mixing water into whisky,
> the qualtity of each cup of the drink rapidly deteriorates as
> more water is involved. Is this line of thought reasonable?
> Thanks.
That's largely what Shannon's "Communication Theory
of Secrecy Systems" is about. It distinguishes
information theoretic security versus practical
computational security, and under theoretical security
it shows graphs of monotonically decreasing equivocation.
It's available on line (as JPEGs of scans unfortunately) at:
http://www3.edgenet.net/dcowley/docs.html
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: U-571 movie (OT)
Date: Sat, 29 Apr 2000 21:06:04 GMT
Darren New wrote:
>
> Stou Sandalski wrote:
> > But which Hollywood movie has had more then 2% truth in it?
>
> Apollo-13?
Hmm, Shindlers List, Mississippi (sp?) Burning, The Great Gatsby....
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://tomstdenis.n3.net/search.html, it's entirely
free
and there are no advertisements.
------------------------------
From: [EMAIL PROTECTED] (EP847)
Subject: the security of scramdisk
Date: 29 Apr 2000 21:25:51 GMT
>From what i have read, scramdisk is secure if a strong algorithm and password,
etc. are used. Can anyone tell me if there are any flaws in it that weaken
security? i am talking about version 2.02h
thanks
------------------------------
Subject: Re: Biometrics and public/private key encryption
From: Diet NSA <[EMAIL PROTECTED]>
Date: Sat, 29 Apr 2000 14:31:17 -0700
In article <
8ec047$lg9$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>I am trying to find any information on companies that support
>public/private key encryption using biometrics instead of pass
phrase
>authentication.
>
>Anybody know of any such company or of any that support SDKs
(software
>development kits) with thier encryption products so that we can
write an
>application that will accept biometrics instead of passphrase or
>password authentications?
>
>
Yes. Try http://www.identix.com which
has SDKs. (I saw their stock
recommended once & looked at their
website but not their technology, so I
don't know the details of their encryption
process).
" V hfdt afogx nfvw ufo axb (o)(o) " - Gtnjv
====================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: Help: encrypting bit fields
Date: Sat, 29 Apr 2000 23:36:25 +0200
[EMAIL PROTECTED] (David A. Wagner) wrote:
> Francois Grieu <[EMAIL PROTECTED]> wrote:
>> Even with a block size of 2 or 3 bits, I conjecture
>> - all mappings can be reached (..)
>
> It turns out that this conjecture is false, for a Feistel-like cipher,
> because no matter how many rounds you use, Feistel round functions can
> only generate (..) half of the mappings
Following David's message, I wrote a quick and dirty piece of C code to
check this issue, in the case of a 2-bit Feistel cipher with random
round functions (that is, a round function is 1 of the 4 function of 1
bit to 1 bit). My results are:
At 1 rounds, 4 of the 24 mappings are reached with probability 1/4
At 2 rounds, 16 of the 24 mappings are reached with probability 1/16
At 3 rounds and above, all 24 mappings are reached but with
inequal probability:
3 rounds: 1/32 or 2/32
4 rounds: 2/64 or 3/64
5 rounds: 5/128 or 6/128
6 rounds: 10/256 or 11/256
Maybe David's observation that only half of the mappings can be reached
applies to Feistel ciphers with round functions having some special
properties (maybe: beeing a mapping).
BTW I think I remember the DES round functions are not exact mappings
(although they are close), and this is on purpose.
I was also conjecturing
>> - an adversary given iteratively chosen input/output pairs except
>> two will not be able to guess the last pairing in more than
>> 51% of experiments, nor with probability better than 60% in
>> any experiment.
The 60% in my conjecture was overcautious, I now get 11/21 = 52.4%
But my resoning for 51% was wrong, and do not know the right number.
Francois Grieu
------------------------------
From: Roger <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Intel drops serial number
Date: Sat, 29 Apr 2000 14:47:03 -0700
Vernon Schryver wrote:
> The PIII ID would not have been used as the kooks feared. Anyone
> violating privacy uses other techniques, because the PIII ID would
> for many years be absent from most personal computers. If you're
> tracking people, you use tactics that work all of the time instead
> of those that work only if the targets happen to have PIII's.
> ...
> The evil is that the kooks fooled the clue-free masses into thinking
> that they were protecting their privacy by fighting the PIII ID.
Remember, Intel did not just announce the PIII ID. It also announced
that the PIII ID was part of a grand scheme involving hardware,
software, web sites, and clients to track and monitor web usage.
The privacy advocates were rightly alarmed that one of the largest
computer companies in the world would attempt such a privacy-invading
scheme.
I think you are right that Intel's scheme would never have worked,
but the privacy advocates were also correct that Intel should not
even be attempting such a scheme. After all, even if version 1 is
ineffective, version 2 or 3 might be seriously privacy-invading.
I'm glad the privacy advocates raised enough of a stink to snuff
this before it really got started (altho I wouldn't mind the ID
so much if it came without the Orwellian Intel scheme).
------------------------------
Subject: Re: U-571 movie
From: Diet NSA <[EMAIL PROTECTED]>
Date: Sat, 29 Apr 2000 14:55:08 -0700
In article <
[EMAIL PROTECTED]
>, Richard Heathfield <[EMAIL PROTECTED]> wrote:
>UBCHI2 wrote:
>>
>> Would you? Is it easier to win if you tell of your plans in
advance?
>
>"When you have to kill a man, it costs nothing to be polite." -
>Churchill.
>
Taking the time to be polite could be a
delay that costs you everything (including
your own life). Remember how the major
villians in the James Bond movies would
often take a long & indirect route to
"terminating" Mr. Bond ;-)
" V hfdt afogx nfvw ufo axb (o)(o) " - Gtnjv
====================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Date: Sat, 29 Apr 2000 18:19:15 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Magnetic Remenance on hard drives.
"Holger Weiß" wrote:
> Thor Arne Johansen posted:
> |
> |My point is that recovering overwritten data is NOT easy, it is
> NOT a
> |commercially available service, and it is NOT documented in the
> public
> |domain.
> |
>
> I don't think that this is really important, but about two years
> ago I read an article about a British or German company offering
> HD recovery for about $5 per MB with about 95% recovered data. I
> can't remember any further information and I tried to find the
> article, but I think this company ran bankrupt because of good
> backup systems. Possibly there also were not enough people who
> knew about this company.
Or people knew of companies that charge far less. Almost exactly 12 months
ago I lost access to a 9Gb drive, and spent some time checking prices for
recovery. I found seven companies willing to take on the job of recovery.
Most wanted USD500-1,000 minimum and said that the worst case would be
USD6,000-8,000.
By your quote the price for recovery would be USD45,000, which would
effectively put them out of the market.
------------------------------
Subject: Re: new Echelon article
From: Diet NSA <[EMAIL PROTECTED]>
Date: Sat, 29 Apr 2000 15:29:12 -0700
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>It could well be argued that political motives are seldom
>conducive to good science,
This was certainly true, for instance, in
Nazi Germany & Stalinist Russia.
and that the profit motive
>leads researchers to concentrate *more* on things that
>are likely to be "good for society".
Yes, this can be well argued. However, it
is important to minimize having profit
motive corrupt the "scientific" peer
review process (which is strongly
supported by gov't funding).
>But only in furtherance of legitimate governmental
>requirements.
I agree if by "legitimate" you mean
potentially useful, and not just further
instances of "legitimized" gov't waste
(like some of the famous waste in the
80s).
" V hfdt afogx nfvw ufo axb (o)(o) " - Gtnjv
====================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "Stou Sandalski" <tangui [EMAIL PROTECTED]>
Subject: Re: U-571 movie (OT)
Date: Sat, 29 Apr 2000 15:45:30 -0700
That was a rhetorical question...
Stou
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Darren New wrote:
> >
> > Stou Sandalski wrote:
> > > But which Hollywood movie has had more then 2% truth in it?
> >
> > Apollo-13?
>
> Hmm, Shindlers List, Mississippi (sp?) Burning, The Great Gatsby....
>
> Tom
> --
> Want your academic website listed on a free websearch engine? Then
> please check out http://tomstdenis.n3.net/search.html, it's entirely
> free
> and there are no advertisements.
------------------------------
Date: Sat, 29 Apr 2000 23:49:09 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: Janet and John learn about bits (was Re: Problems with OAP-L3)
Tom St Denis wrote:
>
> Richard Heathfield wrote:
> >
> > [Disclaimer: I'm not a cryptologist.]
> >
>
> When you do something like
>
> long a = 16304791;
>
> You need not convert it to hex to store it.
I agree entirely. I was not arguing that you needed to.
> My complaint about the
> waste of space is that a permutation is normally stored as
>
> int perm[10] = { ... }
>
> and you store them serially (even as 4 bits you are wasting space).
I'm not exactly sure what you mean. If you're saying that a number such
as 16304791 is being stored as
int perm[10] = { 0, 0, 1, 6, 3, 0, 4, 7, 9, 1 } then I'd have to
heartily agree that this is a blatant waste of space.
>
> My point was why doesn't he use a permutation of a power of two and not
> waste space? Like 0..7 or 0..15 ?
I thought that was my point too.
> > It is therefore more efficient to store values in base 16 than in base
> > 10. More values can be stored in fewer bytes, because no bits are
> > wasted.
>
> This is not true.
It very much depends how you're storing it. Consider the number
16304791, which is suitably random :-)
If we store it like this:
unsigned long num = 16304791;
then base simply isn't an issue, and your objection is correct. But that
wasn't what I thought you meant. I was under the impression that you
were complaining about:
unsigned char num[] = { 0x16, 0x30, 0x47, 0x91 }; /* binary coded
decimal (almost!) - wastes 6 combinations per nybble */
as opposed to
unsigned char num[] - { 0xF8, 0xCA, 0x97 }; which is clearly more
efficient, as it uses all the bits available to it.
So perhaps we're in violent agreement?
> > If we have two cryptography applications, one of which uses its memory
> > efficiently, runs on my PII/400 at an acceptable speed, and offers me
> > reliable security, and the other which doesn't use its memory
> > efficiently, runs on my 400 MHz box at a speed which even its author
> > says is far too slow, and is based on source code which has not been
> > published and therefore has not had the chance to be validated by the
> > cryptographic community - thus making its security untrustworthy - which
> > application do you think anyone with a brain will buy?
>
> Or just use. Why do you have to buy good crypto programs?
I agree entirely. Just roll your own...
> If you have enough time on your hands you can even write your own.
Ah, I don't have enough time on my hands. But I'm trying to write my own
anyway <g>. Unfortunately, I'm too inexperienced in cryptanalysis to
perform serious cryptanalytic attacks on my own code, let alone other
people's. (I've cracked a couple of 'unbreakable' algorithms presented
to me by other would-be cryptographers, but these were only 'kid-sister
unbreakable', of course.)
>
> Mr Szopa has some thinking todo about making his algorithm(s) not only
> public but efficient.
>
Possibly, but that's not his main problem. He has some really serious
thinking to do about his ability to deal with fellow professionals in a
professional way. It seems that anyone who dares take issue with him is
instantly killfiled - in a mysterious and magical process which allows
Mr Szopa to read their posts anyway, presumably so that he can killfile
them again, and again, and again.
When he learns to talk to grown-ups as if they are grown-ups, I suspect
he can look forward to some excellent help from the heavyweight computer
scientists in this newsgroup (Doug Gwyn and so on) in making his
algorithm efficient.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
34 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (63
to go)
------------------------------
From: "Monolo" <[EMAIL PROTECTED]>
Subject: What are SBoxes?
Date: Sat, 29 Apr 2000 15:49:20 -0700
Stupid question, and I am sorry. What is an S-Box? I have seen it on several
posts. Thanks!
JJ
------------------------------
From: [EMAIL PROTECTED] (Ron Yakmile)
Subject: Re: the security of scramdisk
Date: Sat, 29 Apr 2000 23:01:05 GMT
[EMAIL PROTECTED] (EP847) wrote:
>From what i have read, scramdisk is secure if a strong algorithm and password,
>etc. are used. Can anyone tell me if there are any flaws in it that weaken
>security? i am talking about version 2.02h
Sarah Dean has uncovered some relatively minor issues that you should be
aware of.
Main page: http://www.fortunecity.com/skyscraper/true/882/
Scramdisk issues:
http://www.fortunecity.com/skyscraper/true/882/CertainOTFESecurityFlaws.htm
--
"Ron Yakmile" is actually 6759 243810 <[EMAIL PROTECTED]>.
012 3456789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
