Cryptography-Digest Digest #720, Volume #11 Sat, 6 May 00 21:13:01 EDT
Contents:
Re: quantum crypto breakthru? (Diet NSA)
Re: Crypto Export ("John E. Kuslich")
Re: quantum crypto breakthru? (Diet NSA)
Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net" (George
Edwards)
Re: KRYPTOS Something new ? ("John E. Kuslich")
Re: Crypto Export ("Adam Durana")
Re: Tempest Attacks with EMF Radiation ("Marty")
Re: GPS encryption turned off (Paul Schlyter)
Re: Fresco transmits my name (was: Spammed after just visiting a site) (jepler epler)
Re: Two basic questions (Mario Kenly)
Re: Crypto Export (Jerry Park)
Re: Deciphering Playfair (long) (Michael Jarrells)
Re: SBOX program using ideas from CA and ST (CAST design) (Terry Ritter)
Re: I saw this in /. and I thought of you (all) (Neil Padgett)
Re: Is this random? (Guy Macon)
----------------------------------------------------------------------------
Subject: Re: quantum crypto breakthru?
From: Diet NSA <[EMAIL PROTECTED]>
Date: Sat, 06 May 2000 15:15:44 -0700
In article <
[EMAIL PROTECTED]>, Roger <
[EMAIL PROTECTED]> wrote:
>And these new schemes combine QC with conventional crypto,
>I assume?
It is possible to do it this way but it is
not required. See :
http://arxiv.org/abs/quant-ph/0001046
http://arxiv.org/abs/quant-ph/0003104
>
>The proofs I've seen seem to all assume perfect equipment,
>and are invalid if the equipment has the slightest flaws.
Under Shannon's definition, the OTP
(which is a basis for quantum crypto) has
been proven to be informationally secure.
In practice, though, OTPs have actually
been broken, and the security of quantum
crypto will, likewise, depend on the
quality of its implementation and use.
However, even if there are vulnerabilities
in a particular q.c. set-up, it may still be
impossible (at least using existing
technology) for a potential eavesdropper
to gain enough info. Yet, traditionally,
quantum key distribution protocols *are*
susceptible to MITM attacks. The first
paper I cited above, for example,
discusses a way to avoid the MITM
problem.
>> It is rumored (e.g., in Singh's book) that the NSA is
developing
>> quantum encrypted fiber optic networks for the Pentagon.
>
>Could be misinformation. Or maybe they have excess funds in
>their budget.
>From funding patterns, the news, etc., it
does appear that the NSA is interested in
fiber optic networks and quantum crypto,
but I don't know if they are creating a
set-up for the Pentagon.
>Can you give a cite for that amazing quote?
>
>
This is just a joke which I stole from the
TV show "Latenight with Conan O'Brien".
"If we do not prevent highly classified secrets from being stolen,
then how are we going to sell them to the Chinese?"
- Madeleine Albright (addressing recent thefts)
========================================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: Crypto Export
Date: Sat, 6 May 2000 15:19:03 -0700
Ok, here is MY take on the subject for what it's worth:
THE REASON, and the ONLY reason the US government opposes export of strong
cryptography is because they (gov't agencies) are able to easily break
almost any cryptography at any time and those responsible for breaking those
codes want to foster the illusion that the government is afraid of popular
cryptographic programs like PGP in order to encourage their use.
The reasoning behind this conclusion is simple: None of the other
explanations I have heard make any sense whatsoever!
This would not be the first time the US government has used creative
misinformation in order to foster its goals. US history is rife with other
examples.
Remember Star Wars?? Total baloney designed to cause the Ruskies to spend
money beyond their means.
In a related matter, Leo Marks describes in his masterpiece "Between Silk
and Cyanide" how the British spies were told their main goal, even more
important than blowing up factories or airfields, was to cut telephone
lines. The reason, to cause the enemy to send enigma traffic over the
airwaves where it could be intercepted and read.
In this case, force the ignorant e-mail user to encrypt in his favorite
512bit elliptic curve frammis doobis public key reverse Sbox Fiestal gizmo
algorithm so the traffic can be easily read.
I know, I know. The idea is far out but no more ridiculous than the
"official" reasoning (you know, to prevent terrorists from having strong
crypto for crissake!!).
JK http://www.crak.com Password Recovery
Stou Sandalski <tangui [EMAIL PROTECTED]> wrote in message
news:RVvQ4.1276$[EMAIL PROTECTED]...
> Well its almost the end of my school year (25days left) and in government
> everyone had to pick a pro/con topic (like abortion, legalization of weed,
> gun control laws... etc.) and write a paper on it; giving both sides and
> stating one's own opinion. Now naturaly I picked US laws against export
of
> strong crypto systems. Now my problem is that I need to include actual
> facts., statistics, even quotes and I have material against export control
> laws, but I can't find arguments for the export control laws (officialy
> arguments that is, papers and things writen by actual people)...
>
> Does anyone here know where I can get some material like that? Also are
> there any cell phones currently produced or that have been produced that
> have the clipper chip or any similar key-escrow dealie in them?
>
> thanks
>
> Stou
>
>
>
>
------------------------------
Subject: Re: quantum crypto breakthru?
From: Diet NSA <[EMAIL PROTECTED]>
Date: Sat, 06 May 2000 15:24:05 -0700
In article <fgrieu-
[EMAIL PROTECTED]
le.fr>, Francois Grieu <
[EMAIL PROTECTED]> wrote:
>I wonder how QC by itself helps against the adversary cutting
the
>link, inserting a receiver and a transmitter just like the ones
of
>the legitimate receiver and transmitter, and intercepting the
>message without even getting noticed. Any pointer ? I want to
>understand these things.
>
>
See, for example, my last reply to Roger,
the "Security?" section of the link which
Roger gave in message 14, and :
http://www.qubit.org/intros/crypt.html
"If we do not prevent highly classified secrets from being stolen,
then how are we going to sell them to the Chinese?"
- Madeleine Albright (addressing recent thefts)
========================================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: George Edwards <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Date: Sat, 6 May 2000 23:28:14 +0100
In article <[EMAIL PROTECTED]>, JCA <Jose_Castejon-
[EMAIL PROTECTED]> writes
>ng
>like that) encrypted messages to friends in the UK a few times per night.
>Hopefully
>the MI5 will realize soon, after attempting to crack a few of them, how futile
>their
>efforts are.
As I said, if we all put headers or sigs
or duff paras:
Nuke iraq spy no10 blair riot communist security kill abduct
livingstone
in with loads of keys, we will screw up the system. Its completely
impossible to run. Anyway, menwith hill already reads this stuff. (Have
a nice day you guys, and why not try right hand drive cars in l'il old
england?)
--
George Edwards
Nuke iraq spy no10 blair riot communist security kill abduct
livingstone
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: KRYPTOS Something new ?
Date: Sat, 6 May 2000 15:37:31 -0700
The presence of feedback may worsen the condition. The "lag inside the
loop" comes to mind.
Your certainly don't want the negative feedback loop phase shift to get
close to 180 degrees if the gain is greater than unity. Er, that is, unless
your goal is to build an oscillator.
JK http://www.crak.com Password Recovery Software
JK
Lincoln Yeoh <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In the absence of feedback many systems oscillate or behave erratically.
>
> Cheerio,
> Link.
> ****************************
> Reply to: @Spam to
> lyeoh at @[EMAIL PROTECTED]
> pop.jaring.my @
> *******************************
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: Crypto Export
Date: Sat, 6 May 2000 18:59:49 -0400
> The expressed reason for export restrictions is to prevent other countries
from
> obtaining crypto developed in the United States. (Hence, most United
States
> citizens/corporations will not even develop it). But that only forces
> citizens/corporations in other countries to develop the crypto standards.
>
> Why would the United States want other countries to develop the standard
> security products for the Internet? It makes no sense.
So what if other countries develop standards? Unless US companies can use
it freely, it won't catch on. So having export controls on crypto helps
prevent such standards from catching on. And that is in the best interests
of several government agencies. Several other people have posted the same
basic idea to this thread, read some of those.
------------------------------
Reply-To: "Marty" <[EMAIL PROTECTED]>
From: "Marty" <[EMAIL PROTECTED]>
Subject: Re: Tempest Attacks with EMF Radiation
Date: Sat, 6 May 2000 16:48:57 -0700
I agree.
EMF is commonly used when referring to RF as well as dynamic B or E
fields which are in transition to/from propagating RF. Usually, when
dynamic B or E fields effectively remain near field they are simply
referred to as B or E fields. All time changing B or E fields are
potential sources of RF though. Depends on context.
-Marty
Guy Macon <[EMAIL PROTECTED]> wrote in message
news:8f0pl8$[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Richard Herring) wrote:
>
> >I've still never seen anyone competent use "EMF" to mean
> >"electric & magnetic field".
>
> Pleased to meet you! I am a counterexample!
>
> I am competent (see [ http://users.deltanet.com/~guymacon ] for
evidence.)
>
> I sometimes use the term as described. I often use EMI or RFI (which
> are not exactly the same thing but may be close enough) or the phrase
> "EM Field" so as to not have my meaning confused with Eletromotive
force,
> but I do use EMF to mean electromagnetic field.
>
> What really ticks me off is Asynch Transfer mode. Uh, fellows, the
> acronym "ATM" is already taken...
>
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: GPS encryption turned off
Date: 7 May 2000 00:37:57 +0200
In article <[EMAIL PROTECTED]>,
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> Paul Schlyter wrote:
>
>> Also: many GPS receivers (including my own Garmin 12XL) seem to try
>> to solve for longitude and latitude more accurately than for altitude.
>
> I suspect this is because most of us live in the flat parts of the world.
> If the receivers had been designed in Nepal, where every morning the
> 10-year-old girl climbs down 3000 feet of mountain, fills a bucket of
> water, and brings it back for breakfast, the receivers would concentrate
> on altitude ;-)
Yep, I noted that when hiking in mountaneous areas: if you want to hike
from A to B, the horizontal distance often mattered less than the
vertical distance (= altitude difference) !
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (jepler epler)
Subject: Re: Fresco transmits my name (was: Spammed after just visiting a site)
Date: Sun, 07 May 2000 00:26:50 GMT
>greg <[EMAIL PROTECTED]> wrote:
>> This is how they have narrowed the recent Lovebug virus down to the
>> servers at Manilla.
>
On 6 May 2000 14:05:33 GMT, Mark Wooding
<[EMAIL PROTECTED]> wrote:
>This is probably simple traffic analysis, which SSL doesn't attempt to
>frustrate.
Actually, it's from a comment in the second line of the .vbs script.
Who knows if they have any "traffic analysis". Anyway, the virus doesn't
propogate via SSL, so presuambly Greg is off his rocker about this claim.
Jeff
------------------------------
From: [EMAIL PROTECTED] (Mario Kenly)
Subject: Re: Two basic questions
Date: Sun, 07 May 2000 00:32:37 GMT
kidwalden <[EMAIL PROTECTED]> wrote:
>Forgive me, I'm just starting to learn about crypto to keep from
>becoming bored stiff at school. I have two basic questions:
>
>Why don't people just use bad spelling and/or grammer before encrypting
>messages? If my plain text reads "We-uns gonna tack purl harber
>toonite" and I take reasonable trouble to not be consistent in my
>misspellings, it seems like even a simple substitution cipher would
>throw off most machines for a long time.
You're not the first to think of this strategy. An eminent cryptographer
named David Scott, who sometimes frequents this newsgroup, is an expert in
composing just the sort of cryptanalysis-resistive text you describe.
--
"Mario Kenly" is actually 0356 719842 <[EMAIL PROTECTED]>.
01234 56789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: Jerry Park <[EMAIL PROTECTED]>
Subject: Re: Crypto Export
Date: Sat, 06 May 2000 19:34:50 -0500
Adam Durana wrote:
> > The expressed reason for export restrictions is to prevent other countries
> from
> > obtaining crypto developed in the United States. (Hence, most United
> States
> > citizens/corporations will not even develop it). But that only forces
> > citizens/corporations in other countries to develop the crypto standards.
> >
> > Why would the United States want other countries to develop the standard
> > security products for the Internet? It makes no sense.
>
> So what if other countries develop standards? Unless US companies can use
> it freely, it won't catch on. So having export controls on crypto helps
> prevent such standards from catching on. And that is in the best interests
> of several government agencies. Several other people have posted the same
> basic idea to this thread, read some of those.
Please note that we are talking of export restrictions, not import restrictions.
US companies can freely use crypto developed in other countries.
That is why US policy makes no sense whatsoever.
Many seem to think that if the US establishes a policy, there must be some sense
to it. There really doesn't have to be. Consider that the FBI, CIA and NSA were
all hurt by the 'I Love You' email virus/worm. You would think that security
agencies would not use email clients which could damage their systems -- it
would make no sense, and it doesn't make any sense. Nevertheless, they
apparently do use insecure email clients.
------------------------------
From: Michael Jarrells <[EMAIL PROTECTED]>
Subject: Re: Deciphering Playfair (long)
Date: Thu, 04 May 2000 21:11:47 -0400
Reply-To: [EMAIL PROTECTED]
Colin Barker wrote:
> >This is the ciphertext as given. There is a possibility that the
> >original ciphertext has a character in the middle of the repeating QLQL,
> >but this can not be confirmed. In my copy it looks like it may be an X,
>
> No, it should be QLAQL. And as Jim Gillogly has pointed out, there are other
> typos/incorrect encoding as well.
>
Thank you for your input. I suspected there were typographical errors,
but wasn't sure where or what they were.
--
Michael Jarrells
1991 KTM TXC 300
http://jarrells.cjb.net
mailto:[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: SBOX program using ideas from CA and ST (CAST design)
Date: Sun, 07 May 2000 00:44:55 GMT
On Sat, 6 May 2000 21:57:31 GMT, in <[EMAIL PROTECTED]>, in
sci.crypt Tim Tyler <[EMAIL PROTECTED]> wrote:
>Tom St Denis <[EMAIL PROTECTED]> wrote:
>[...]
>: In my sboxgen.c (http://www.tomstdenis.com/sboxgen.c) I use a bunch of
>: tables to speed up the WT code.
>
>Be aware that there's the Fast Walsh Transform - which is a bit like a FFT.
>
>Ritter describes this clearly
If he's not using FWT, then apparently I have not made myself very
clear at all. The page I have which does the Boolean function
nonlinearity measurement in JavaScript
http://www.io.com/~ritter/JAVASCRP/NONLMEAS.HTM
obviously includes the source code -- yes, in JavaScript, but that is
much like C. It should be directly readable with View, Page Source or
equivalent.
>- and there's a description and algorithm in
>a book called "Topics in Advanced Scientific Computation", by
>Richard E. Crandall.
The Crandall exposition is just a few pages (pp.167-170) and doesn't
do much for me, but I never know how others take these things.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Neil Padgett)
Subject: Re: I saw this in /. and I thought of you (all)
Date: Sun, 07 May 2000 01:03:14 GMT
On Fri, 05 May 2000 10:41:12 +0100, arnold yau
<[EMAIL PROTECTED]> wrote:
>> I didn't see the point in having a go at thise specially as no
>> algorithm has been posted (just a tiny fragment of plaintext).
>
>well... one incentive would be the astronomical amount of $25.00 in gift
>certificate, but I am not paritcularly tempted to spend hours on it
>either.
>
>One point I think is worth making is that even though this may not be
>'real' cryptography (as in the secret lies within the key, not the
>algorithm), but if it could leave the Big Brother scratching their heads
[clip]
Iis this a true cryptographic method? Can I encode any message I wish
using this so called strong crypto. I don't know, because we don't
know anything about the method. To illustrate my problem with the
contest, I propose the following contest:
Encoded in the following is a secret message. It is very difficult.
I'm not going to give a prize. (I haven't got any money.) Determine
the secret message and you win. Oh, and I'm not going to give you any
idea what the message is about. :)
--Begin Ciphertext--
The quick brown fox jumps of the lazy dog. Prime Minster Chretien
announced today he will be returning to Ottawa on Wednesday. Now is
the time for all good men to come to the aid of their party.
--End Ciphertext--
Is anyone else realizing the stupidity of this (and the
http://www.jdueck.org/challenge.html) challenge?
Neil
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Is this random?
Date: 06 May 2000 21:05:49 EDT
In article <Wa0R4.4700$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote:
>
>Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
>> I've come across a number generator written in java which claims to be
>> "truly random" number generator (not a PRNG)... Could someone tell me
>> how accurate (or inaccurate) this claim is?
>
>This seems to resemble the thinking behind java.security.SecureRandom,
>which when created without a seed, generates one by launching threads,
>putting them to sleep, and timing when they're awakened. So, the
>obvious question is why you wouldn't just use the standard function,
>which can tap random devices on machines which have them.
>
>As far as the listed example goes, I don't think it generates random
>bytes. The thread will only be woken up on clock ticks, which means
>there's a finite amount of times count can be incremented. Random
>would also imply that count should have an equal chance of being any
>of the allowable values for an int at any given time. I'm not
>convinced that count ever takes on the full range of 32 bit values. At
>a guess, I'd say it's biased towards the lower ones.
Hmmm. If even the LSB is random, one could run the routine 32 times
and construct a 32 bit random value. I suspect that the LSB is biased,
though.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
