Cryptography-Digest Digest #743, Volume #11 Tue, 9 May 00 15:13:00 EDT
Contents:
Re: quantum crypto breakthru? (Francois Grieu)
Re: An argument for multiple AES winners (David Eppstein)
Re: Any good attorneys? (Jerry Coffin)
Re: F function. ([EMAIL PROTECTED])
Re: RSA ([EMAIL PROTECTED])
Re: quantum crypto breakthru? (Mike Rosing)
More on Pi and randomness (JCA)
Re: quantum crypto breakthru? (Francois Grieu)
Re: quantum crypto breakthru? (Roger Schlafly)
Re: An argument for multiple AES winners (Mok-Kong Shen)
Re: An argument for multiple AES winners (Mok-Kong Shen)
Re: Any good attorneys? (Joaquim Southby)
Re: Any good attorneys? (Joaquim Southby)
Re: Generator for ElGamal? (David A. Wagner)
Re: Encryption code or addons for VB? (Ichinin)
Re: Any good attorneys? (Joaquim Southby)
Re: Why no civilian GPS anti-spoofing? / proposal (Dave Ashley)
Re: Why no civilian GPS anti-spoofing? / proposal (Dave Ashley)
Re: F function. (David A. Wagner)
Re: Prime Generation in C,C++ or Java ("Dann Corbit")
Re: Any good attorneys? ("Trevor L. Jackson, III")
UK issue; How to determine if a file contains encrypted data? ("JoeC")
----------------------------------------------------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: quantum crypto breakthru?
Date: Tue, 09 May 2000 18:59:41 +0200
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> Measuring the state (interceptor's receiver) interferes with the
> state, and the quantum-cryptographic protocol used by the
> legitimate communicants detects that interference has occurred.
I do understand why passively eavesdropping a communication link
is made impossible with QC (eavesdropping destroys the message
being transmitted)
However, what about active eavesdropping ?
Alice sends a message to Bob using QC. The transmitter she uses and the
receiver he uses are devices sending or receiving traditional binary
data over optical fiber using QC with the appropriate protocol, and
hypothetically have no cryptographic key (secret) in the traditional
sense.
Now Eve buys a transmitter identical to Alice's, and a receiver
identical to Bob's. She breaks the optical fiber between Alice and Bob,
and installs her transmitter on the side connected to Bob's receiver,
and her receiver on the side connected to Alice's transmitter. Eve
connects the electrical 'receive data' output of her receiver to the
'transmit data' input of her transmitter, and to her computer. She now
eavesdrop the communication between Alice and Bob.
Am I missing something ?
Francois Grieu
------------------------------
From: [EMAIL PROTECTED] (David Eppstein)
Subject: Re: An argument for multiple AES winners
Date: 9 May 2000 09:55:50 -0700
"Scott Fluhrer" <[EMAIL PROTECTED]> writes:
> > Also, Hitachi has written to NIST claiming that they have patent
> > coverage on ideas implemented in all 5 AES candidates apart from
> > Rijndael....
> Q: Is this new information since the AES3 conference? That is, has Hitachi
> given more information since then?
Yes. See
http://csrc.nist.gov/encryption/aes/round2/comments/20000410-sharano.pdf
for Hitachi's letter to NIST, and
http://patent.womplex.ibm.com/details?&pn=US04982429__ and
http://patent.womplex.ibm.com/details?&pn=US05103479__
for the actual patents.
Basically, Hitachi seems to be trying to claim a patent on any block
cipher that uses a circular shift (rot) operation, despite prior art
such as the rotations in DES's key schedule, the rotations by multiples
of 32 bits (why shouldn't that count?) in GDES, and rotations within
16-bit blocks in Madryga. GOST may also count, I'm not sure -- it has
some half-block rotations very similar to the Hitachi patent, but the
patent filing date is April 1989 and Schneier's book only lists "1989"
as the GOST publication date.
--
David Eppstein UC Irvine Dept. of Information & Computer Science
[EMAIL PROTECTED] http://www.ics.uci.edu/~eppstein/
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Date: Tue, 9 May 2000 11:16:53 -0600
In article <[EMAIL PROTECTED]>, padgett-
[EMAIL PROTECTED] says...
> Patent office exists in its own world (not this one). Used to be that one
> requirement for issuance was a working model, evidently this is no longer
> true as there is one on file at the moment that refers to a FTL device
> (US06025810).
That requirement was done away with LONG ago, though it's still
required for anybody wanting to patent a perpetual-motion device.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: F function.
Date: Tue, 09 May 2000 17:19:08 GMT
I am intrested in this bit:
> Your comments on finding the inverse of the function
> seem to contain some confusions. First, it is not
> bijective, so there isn't an inverse
Answer: That's what i was proving, i assumed that the calculated powers
being equal was a direct sign of non-invertibility.
>Second you
> seem to be mis-applying the Euclidean algorithm.
> Also, the integers mod 256 do not form a finite field.
This really intrests me, What is a finite field then?
I thought the Extended Euclidean algorithm is for solving problems of
the nature:
if m=m^ed mod n where e is known, then to calculate d you do:
d=e^0(n) mod n
Is there a problem with this?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RSA
Date: Tue, 09 May 2000 17:25:07 GMT
In article <[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
>
>
> [EMAIL PROTECTED] wrote:
> >
> > Sorry, i think you missed my question, through my badd phrasing.
> >
> > 1.) Does RSA produce an evenly-distrubuted range of output values,
(that
> > looks random, but of course isn't.)?
>
> Not really, it depends on what you are encrypting. Remember that the
M
> is the base, if the order of the group formed by using M as a base is
> smaller/larger then for any other M then they will have statistical
> biases in their sub-groups.
>
> For example 45 is a primitive generator mod 257, but 44 is not,
compare
> the two tables
>
> 45^x mod 257
> 44^x mod 257
>
> To get a better idea.
>
> Tom
>
Hold on, if it the output, for some base raised to some exponent, is
bias for the modulo of a product of two primes, couldn't this be used
to recover the plain-text?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: quantum crypto breakthru?
Date: Tue, 09 May 2000 11:30:27 -0500
Francois Grieu wrote:
> I do understand why passively eavesdropping a communication link
> is made impossible with QC (eavesdropping destroys the message
> being transmitted)
>
> However, what about active eavesdropping ?
>
> Alice sends a message to Bob using QC. The transmitter she uses and the
> receiver he uses are devices sending or receiving traditional binary
> data over optical fiber using QC with the appropriate protocol, and
> hypothetically have no cryptographic key (secret) in the traditional
> sense.
> Now Eve buys a transmitter identical to Alice's, and a receiver
> identical to Bob's. She breaks the optical fiber between Alice and Bob,
> and installs her transmitter on the side connected to Bob's receiver,
> and her receiver on the side connected to Alice's transmitter. Eve
> connects the electrical 'receive data' output of her receiver to the
> 'transmit data' input of her transmitter, and to her computer. She now
> eavesdrop the communication between Alice and Bob.
>
> Am I missing something ?
No, I don't think so. If the data isn't encrypted using the QC, then
the tap gets it in the clear. If the data is encrypted, then it's
via a OTP. The tap can listen to the data, but they can't decode it.
The key is sent via QC, and that's what prevents the attacker's ability
to read the traffic. But they could copy the data, and hope to steal
the key somehow sometime in the future. Usually the key is destroyed
after
being used, so that's rarely a problem. The encrypted data might be
tapable that way, but the tap would have to be installed after the key
was negotiated, otherwise Alice and Bob would know there's a tap in
progress.
Patience, persistence, truth,
Dr. mike
------------------------------
From: JCA <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: More on Pi and randomness
Date: Tue, 09 May 2000 10:30:20 -0700
I have just had a look into Bailey and Crandall's recently announced
paper
"On the Random Character of Fundamental Constant Expressions." I can't
claim to understand it all, but it sure looks very interesting.
Something that is not clear to me is how to tie down normalcy
(normalness?
normality?) to randomness. So, although the decimal expansion of Pi (not
proven
yet to be normal) looks attractive in this respect, those of
Champernowne and
Copelan-Erdos numbers (which are known to be normal to base 10) do not.
To
put it in a different way: I wouldn't use the decimal expansions of
these two numbers
for cryptographic purposes, but I would certainly be tempted to do so
with Pi,
provided I can choose where to start in the expansion.
Comments are welcome.
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: quantum crypto breakthru?
Date: Tue, 09 May 2000 19:46:15 +0200
In article <[EMAIL PROTECTED]>, Mike Rosing
<[EMAIL PROTECTED]> wrote:
> The key is sent via QC, and that's what prevents the attacker's
> ability to read the traffic.
If do understand that if Alice and Bob manage to exchange a key in an
untapable way, they are safe.
> The encrypted data might be tapable (..), but the tap would have
> to be installed after the key was negotiated, otherwise Alice and
> Bob would know there's a tap in progress.
How, if Eve negociates a key KA with Alice, another KB with Bob,
deciphers the message sent by Alice using KA, and reciphers it with KB
for Bob ? My hypothecial active eavesdropping setup in unchanged,
provided the key generation and en/de/cipherement is built into the
transmitter/receiver.
Francois Grieu
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: quantum crypto breakthru?
Date: Tue, 09 May 2000 11:00:46 -0700
Francois Grieu wrote:
> > The encrypted data might be tappable (..), but the tap would have
> > to be installed after the key was negotiated, otherwise Alice and
> > Bob would know there's a tap in progress.
>
> How, if Eve negociates a key KA with Alice, another KB with Bob,
> deciphers the message sent by Alice using KA, and reciphers it with KB
> for Bob ? My hypothecial active eavesdropping setup in unchanged,
> provided the key generation and en/de/cipherement is built into the
> transmitter/receiver.
No, QC doesn't do anything about that. The QC purists would even say
that you are cheating to use keys, since part of the point of QC
is to get security without the probabilistic considerations that
usually accompany use of keys.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: An argument for multiple AES winners
Date: Tue, 09 May 2000 20:13:43 +0200
David Eppstein wrote:
> "Scott Fluhrer" <[EMAIL PROTECTED]> writes:
> > > Also, Hitachi has written to NIST claiming that they have patent
> > > coverage on ideas implemented in all 5 AES candidates apart from
> > > Rijndael....
>
> > Q: Is this new information since the AES3 conference? That is, has Hitachi
> > given more information since then?
>
> Yes. See
> http://csrc.nist.gov/encryption/aes/round2/comments/20000410-sharano.pdf
> for Hitachi's letter to NIST, and
> http://patent.womplex.ibm.com/details?&pn=US04982429__ and
> http://patent.womplex.ibm.com/details?&pn=US05103479__
> for the actual patents.
That means that the AES winner is very likely to have patent problems,
analogous to a new born with some genetical weakness. I am personally
very much surprised by this fact. (I have been too lazy to scan through
materials on the NIST page about AES, excepting those directly
describing the various algorithms. On the other hand, I have subscribed
to 4 mailing lists pertaining to crypto, with one specific about AES. Yet
I have never got any informations of the sort above before.)
> Basically, Hitachi seems to be trying to claim a patent on any block
> cipher that uses a circular shift (rot) operation, despite prior art
> such as the rotations in DES's key schedule, the rotations by multiples
> of 32 bits (why shouldn't that count?) in GDES, and rotations within
> 16-bit blocks in Madryga. GOST may also count, I'm not sure -- it has
> some half-block rotations very similar to the Hitachi patent, but the
> patent filing date is April 1989 and Schneier's book only lists "1989"
> as the GOST publication date.
It is appalling that such a basic primitive computing function ever
gets patented. Eqally astonishing is that this stuff apparently has
escaped the eyes of competent experts who write books and
publish papers in the science of crypto. For otherwise the issue
would have come up at the very beginning of the AES project and
there would at least be ample time to deal with the problem before
the final decision on the AES winner. (BTW, doesn't RC5 also use
rotations? If yes, wouldn't RSA have to pay money to Hitachi?)
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: An argument for multiple AES winners
Date: Tue, 09 May 2000 20:13:51 +0200
Runu Knips wrote:
> Yep. The Twofish paper states that this algorithm
> is free of patents, but who can say that for sure ?
> Patents are a big problem. I hope that all the
> three major algorithms left (Rijandel, Serpent,
> Twofish) are free of such problems.
>
> Btw, if at all, "all over the world" means US. I
> don't think we'll have much problems with this
> in europe.
A well-intended hope is fine, but unfortunately it
doesn't eliminate the probability of problems
actually cropping up, I suppose.
M. K. Shen
------------------------------
From: Joaquim Southby <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Date: 9 May 2000 18:08:59 GMT
In article <8f85u8$36p$[EMAIL PROTECTED]> Bill Unruh,
[EMAIL PROTECTED] writes:
>They are liable for the answers they give-- ie it would be a real legal
>opinion rather than the stuff you get on the net, and tehy could get
>sued if someone followed their opinion and got into trouble.
>Also lawyers, and the law in general, do not like dealing in
>abstractions, but in definite cases. Circumstances can change the
>correct advice. (Go to a lawyer in a law school. They publish articles
>and make their reputations by dealing in generalities :-).
>
Actually, I've had no problems in getting lawyers in my acquaintance to
hold forth on legal matters. Of course, that might be because they felt
so secure in the truth of their opinions on the subject matter that they
had little fear of liability. You raise an interesting possibility,
though.
OTOH, my best friend can't put a floppy into a computer, yet she will
often lecture me on her views of information technology. Maybe I've just
chosen the wrong lawyers to hang around with.
------------------------------
From: Joaquim Southby <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Date: 9 May 2000 18:23:04 GMT
In article <[EMAIL PROTECTED]> Trevor L. Jackson,
[EMAIL PROTECTED] writes:
>> In the case under discussion, though, wouldn't the originator of the
>> tainted software still be culpable, no matter what the chain of
>> distribution looked like?
>
>I do not believe so. Until the product crossed the jurisdictional boundary, there
>was no
>infringement. The originator had no part in the infringing act, so cannot be
>culpable.
>Do we indict the miner who exhumed the lump of lead ore from which a murderous bullet
>was
>fashioned?
>
If the miner is the one with the most money, he will almost certainly be
chosen as the defendant in a civil suit nowadays, regardless of his
actual culpability. Good point on the infringement thing. I keep
forgetting where and who people are doing things in this discussion.
>
>There is no principle of equity that justifies the imposition of restrictions upon the
>actions of persons not subject to (outside of) the jurisdiction of the imposing
>agency.
>
There's the rub -- is the owner of that website with the tainted software
outside the jurisdiction in question if he participates in a transaction
with someone who is inside that jurisdiction? It's been pretty simple
for most of history because of the physical nature of the goods involved
in the transaction: you either took possession of the goods in one
jurisdiction or another. With the server now in one jurisdiction and the
client in the other, where does the transaction take place?
>If the US really needs to inhibit the importation of infringing software it is up to
>the
>US to inspect all data transfers that cross the border. The history of Radio Free
>Europe
>is a fertile ground for researching this kind of conflict. Also the state laws
>against
>pornography have not fared well when imposed upon web sites in other states.
>
Would the porno thing be because those are states' laws and not federal
laws? The feds supposedly have jurisdiction in interstate commerce, not
the individual states.
>> We agree that the downloader, being within the patent
>> jurisdiction, is liable for infringement no matter what, but is the
>> provider of the software acting within that jurisdiction also? I think a
>> case could be made for that.
>
>How so? Is every web site subject to every jurisdiction? I don't think you can make
>a
>reasoned case for implicating the source.
>
My argument would be the transaction location thing I outlined above. I
believe that the same interpretation used in assessing sales tax will be
used in this case.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: Generator for ElGamal?
Date: 9 May 2000 10:42:05 -0700
In article <8f9ehm$dfm$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
> Incidentally, in the section on ElGamal he also doesn't talk
> about making sure p-1 has a large factor, so the implementation I was
> looking at picked a random p and a random g. That more or less
> follows Schneier's presentation, but is horribly insecure...
I'm not sure it is so insecure after all.
If you pick a random prime p and a random g in (Z/pZ)^*,
then -- with high probability -- o(g) (the order of g) will
have a large prime factor; and I think this suffices for the
security El Gamal encryption.
Indeed, if a prime q divides p-1, then Pr[q | o(g)] >= 1 - 1/q,
so the only bad case is when p-1 has no large factors -- but I
believe this bad case happens only with very small probability.
Still, you should check the above reasoning for yourself.
I might be making some elementary mistake.
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Encryption code or addons for VB?
Date: Tue, 09 May 2000 10:14:04 +0200
Try CryptPak, but you have to REALLY search for it (The
version containing the VB examples), the authors webpage
have dissaperared. It is compatible with Delphi, VB, C++
and Java - think it is THE most flexible lib i've seen.
Unfortunately it have no Public key crypto support.
Regards,
Glenn
------------------------------
From: Joaquim Southby <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Date: 9 May 2000 18:26:39 GMT
In article <[EMAIL PROTECTED]> Eric Lee Green, [EMAIL PROTECTED]
writes:
>> In the case under discussion, though, wouldn't the originator of the
>> tainted software still be culpable, no matter what the chain of
>> distribution looked like?
>
>Yes, the part of the U.S. Code that I quoted earlier says that manufacture of
>a patented product without permission of the patent-holder is prohibited.
>
Hi, Eric --
In this case, we were discussing the scenario where the originator lives
in a jurisdiction where the patent isn't recognized. He (or others) then
make it available on a website that can be reached from jurisdictions
where the patent *is* recognized. Is he liable?
------------------------------
From: Dave Ashley <[EMAIL PROTECTED]>
Subject: Re: Why no civilian GPS anti-spoofing? / proposal
Date: Tue, 09 May 2000 18:19:54 GMT
> The issue that scares me is that ineffective security provisions
displace
> effective ones. But pointing out the ineffectiveness is identical to
pointing
> out a vulnerability, which often generates a hysterical reaction.
That
> hysteria, denial, is the real security threat. Purposeful ignorance.
An ex-girlfriend of mine would often accuse me of "pecking" behavior
(in the context of avoiding certain topics of conversation). I didn't
know what she meant, but she explained that when chickens feel
threatened (fox in the henhouse, for example), they begin pecking at
anything convenient. It doesn't solve the problem, and it is a nervous
reflex that makes the chicken feel good but will not prevent it from
being eaten. I would call the "denial" a form of "pecking behavior".
It won't stop a bomb from making it aboard, but gosh all those security
checkpoints with guards sporting spotless blue uniforms LOOK impressive.
Peck, peck, peck.
> In another incident, I was in a McDonald's with engineering
students,
> > and one of them discussed how easy it would be to wipe out the
> > McDonald's with a pistol. I indicated that it was not so easy,
because
> > after the first shot, people start running. He then pondered at
length
> > the problem of how one would get everyone in the McDonald's, given
the
> > human tendency to avoid being shot.
>
> We can be sure he was an engineering or hard science student because
he was
> considering the problem "in vacuo". The hard part wouldn't be the
moving
> targets, but the targets that shoot back. In this context "ignoring
> resistance" takes on a completely different meaning. ;-)
>
The "shooting targets" scenario is the basis for the liberalization of
CCW permits. In every state where such laws are passed, violent crime
goes down. Guns are not the answer, but you should either have 0% of
the populace armed or 100%. It is the numbers in between those extremes
that cause problems. Since, as a practical matter, we can't bring it
down to 0%, 10% buys you less crime than 0.01%. I'm not sure you can
win the "shooting target" game. This is a new twist on the problem.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Dave Ashley <[EMAIL PROTECTED]>
Subject: Re: Why no civilian GPS anti-spoofing? / proposal
Date: Tue, 09 May 2000 18:24:30 GMT
> > A Maglite probably doesn't have enough volume to present a serious
threat, but
> > these days anyone can produce a C:\ prompt on an LCD screen from
less than
> > 1/2" cubed. That leaves the rest of the laptop for more energetic
uses.
I'm not sure that a laptop packed with energetic Play-Dough won't down
an airliner. Commercial explosives are quite powerful. I think 16 oz.
will get you near-guaranteed success. However, that question is out of
my league.
I would not minimize the trauma of decompression--not a flight I'd want
to be on--but in most cases you are right, it does not down the bird.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: F function.
Date: 9 May 2000 10:56:01 -0700
In article <8f9h9o$hm8$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
> This really intrests me, What is a finite field then?
Check a math text, but basically, something where + and * behave
many of the same properties as in the real numbers: i.e., (F,*) is
a finite abelian group with identity 1, and (F,+) is another finite
abelian group with identity 0, and *,+ satisfy the distributive laws
(e.g., a*(b+c) = a*b + a*c).
It turns out that every finite field is isomorphic to GF(p^n)
where p is prime and n is arbitrary. GF(p) is essentially Z/pZ,
the integers modulo a prime p. GF(p^n) for n>1 is slightly more
interesting; see a math textbook.
> I thought the Extended Euclidean algorithm is for solving problems of
> the nature:
>
> if m=m^ed mod n where e is known, then to calculate d you do:
>
> d=e^0(n) mod n
This is wrong. First, you want Euclid's theorem (a generalization
of Fermat's little theorem), which says that x^{\phi(n)} = 1 mod n
for all x in (Z/nZ)^*. Thus, if ed = 1 mod \phi(n), then
(x^e)^d = x mod n for all x. Now the extended Euclidean algorithm
gives you a way to calculate d = e^{-1} mod \phi(n) from e and \phi(n).
Read, e.g., Knuth for more details. (Isn't this in the FAQ?)
------------------------------
From: "Dann Corbit" <[EMAIL PROTECTED]>
Subject: Re: Prime Generation in C,C++ or Java
Date: Tue, 9 May 2000 11:38:11 -0700
"Lewis-Oakes" <[EMAIL PROTECTED]> wrote in message
news:8f6s6l$cbi$[EMAIL PROTECTED]...
> Is there a quick and relatively short algorithm in any of these languages
> for generating primes? The primes do not have to be huge, to the order of
5
> to ten digits in decimal.
Try these:
ftp://38.168.214.175/pub/bitcount/KPRIME.C
ftp://38.168.214.175/pub/bitcount/PRIME.CPP
ftp://38.168.214.175/pub/bitcount/SIEVE.C
ftp://38.168.214.175/pub/bitcount/SIEVE0.C
10 digits worth will take several minutes and quite a bit of memory.
--
C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
"The C-FAQ Book" ISBN 0-201-84519-9
C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
------------------------------
Date: Tue, 09 May 2000 15:02:15 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Eric Lee Green wrote:
> Joaquim Southby wrote:
> > >Mostly because it is hard to analyze products as slippery as freeware. Since
>there's
> > >no money involves the author has no knowledge of the users, and may not have any
>form
> > >of contact with the majority of the users because there can be an arbitrarily
>large
> > >number of intermediaries who copy the software (with the blanket permission of the
> > >author), and who might be better characterized as "the distributor".
> > >
> > In the case under discussion, though, wouldn't the originator of the
> > tainted software still be culpable, no matter what the chain of
> > distribution looked like?
>
> Yes, the part of the U.S. Code that I quoted earlier says that manufacture of
> a patented product without permission of the patent-holder is prohibited.
No, because the U.S. Code does not apply to non-resident non-citizens.
>
>
> > >A logical extension of this line of reasoning leads to the conclusion that while
>one
> > >cannot sell or give away patented technology within the patent jurisdiction, one
> > >could make it available for download. If we presume that the software is offered
>
> Presumably one would have had to "manufacture" an instance of the software in
> order to place it online for download. I wouldn't underestimate what a good
> lawyer can do to meaning of the word "manufacture" in a legal context.
But it is legal to "manufacture" patented software outside the jurisdiction of the
patent.
I think you dropped a critical bit of the context of the issue.
------------------------------
From: "JoeC" <[EMAIL PROTECTED]>
Subject: UK issue; How to determine if a file contains encrypted data?
Date: Tue, 9 May 2000 20:03:36 +0100
If I was to hide a PGP or similar encrypted message within the least
significant bits of a JPEG, and the normal PGP/whatever headers had been
removed, is there any way to determine if that file contains encrypted data?
Maybe through some sort of statistical or other determination of
non-randomness?
I'm not suggesting this is original thought, since I know its not, but I was
wondering what the situation would be in regard to the pending UK
legislation on encryption. Because if it can't even be proven that a file
contains hidden data then this makes a complete mockery of the requirement
to reveal keys, since the defence would be 'this is an entirely innocent
picture, there is no key, and you cant even show any encrypted data'.
Or did I miss something? I'm a newbie to all this so apologies if I've
missed a previous thread covering this.
Joe
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
