Cryptography-Digest Digest #344, Volume #12 Wed, 2 Aug 00 23:13:01 EDT
Contents:
Re: counter as IV? (David A. Wagner)
Re: Skipjack (tomstd)
Re: Elliptic Curves encryption ("Trevor L. Jackson, III")
Re: Software package locking (Roadkill)
Re: Just Curious. Are girls/women interested (David A Molnar)
Re: Software package locking ("Trevor L. Jackson, III")
Re: New William Friedman Crypto Patent (filed in 1933) ("Trevor L. Jackson, III")
Re: Encrypting a String to another String containing only certain characters (John
Savard)
Re: Sending Messages in Morse Code (John Savard)
Re: Skipjack ("Douglas A. Gwyn")
Re: Sending Messages in Morse Code (Terry Ritter)
Re: Just Curious. Are girls/women interested (Roadkill)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: counter as IV?
Date: 2 Aug 2000 18:11:02 -0700
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> > I think there is a miscommunication here. The XOR function is not a
> > pseudorandom function.
>
> Of course not. You replaced the XOR in my original example with
> a pseudo-random function F. XOR(K,N) and XOR(K,N+1) have a fairly
> simple relationship, which you thought could permit a related-key
> attack.
Ok, sorry. I see that the misunderstanding was purely mine. Please
accept my apologies.
> I was observing that F(K,N) and F(K,N+1) also have some
> known relationship (F and N are known constants), but not as simple,
> and wondered why that did not similarly permit a related-key attack.
Think of it this way. We could also say that 3DES(K,N) and 3DES(K,N+1)
also have some relationship, since 3DES and N are known; but that doesn't
mean that there is any relationship we can exploit, when K is unknown.
That's just intended to be intuition, but maybe it helps?
Probably I'm repeating myself, but the main reason I believe that the
relationship between F(K,N) and F(K,N+1) does not permit related-key
attacks is that I think one can prove the construction secure when using
F() in this way to generate per-block block cipher keys. I don't know
if that answered your question satisfactorily or not.
------------------------------
Subject: Re: Skipjack
From: tomstd <[EMAIL PROTECTED]>
Date: Wed, 02 Aug 2000 18:35:09 -0700
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>"David A. Wagner" wrote:
>> Maybe I'm missing something here, but it seems there is a real
>> question here, no?
>
>The question might be, what is the most effective way to use the
>bits of the key -- should some of them be used to generate S-
boxes?
>To answer the question one first has to know how to cryptanalyze
>these systems. For the cryptanalytic approach I was working on,
>the answer is that the more *variety in structure*, the harder
the
>crack, so the most effective way to use key bits would be to
make
>irregularities in structure. E.g., use some of them to
determine
>the number of rounds, etc. It may be that somebody somewhere
has
>a more fundamental insight into this kind of cryptanalysis and
>might not have as much trouble with variable structure, but I
>don't see how it wouldn't pose a significant problem.
Does the idea of "weak-keys" ever come across your minds? If
the key specifies the number of rounds then obviously some keys
must specify lower amounts of rounds...
etc...
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Date: Wed, 02 Aug 2000 22:13:43 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Elliptic Curves encryption
Roger Schlafly wrote:
> "Trevor L. Jackson, III" wrote:
> > > there is a huge difference between these statements:
> > > (1) Crypto protocol X has been proven secure.
> > > (2) Experimental evidence indicates that X is secure.
> >
> > What evidence can we conceive of that will fit into (2)? Note that we're
>discussing
> > experiments, which implies repeatability. Historical factors (lack of weakness
> > detection over periods of time) do not count as experiments.
>
> Some fields are more restrictive than others about what passes
> for experiments. Some people do argue that failure to break
> a cipher like DES is evidence for its security.
>
> But besides that, ciphers are often judged by heuristic tests
> and experiments. Eg, someone might encrypt a few gigabytes of
> data, and subject the ciphertext to some tests for randomness.
> If 51% of the bits are ones, and statistical theory says that
> no more than 50.001% should be ones, then that is evidence that
> the cipher is flawed. Otherwise, it is evidence that the cipher
> is good. (Not very good evidence in the latter case, but there
> are more sophisticated tests that people have more confidence in.)
I agree with everything you've said. However, but none of it fits into (2). The only
experimental evidence we can conceive of is that which indicates that X is insecure.
The
complement appears to be inconceivable without some rigorous theory of crypto strength.
Such a theory would need to contradict some of the limits on computability I think.
------------------------------
From: Roadkill <[EMAIL PROTECTED]>
Subject: Re: Software package locking
Date: 3 Aug 2000 02:20:22 -0000
Trevor L. Jackson, III wrote:
>
> I've been on both sides of this fence, so I have some sympathy for both camps.
I have been on one side of the fence and think the other side sucks ;-)
> For example, breakpoints and single steps are powerful analytic tools that can
>overcome
> any kind of obfuscation or encryption. But what if the program interferes with the
> breakpoint handler? Let's say it stomps on the breakpoint vector at many places
>within
> the code. And it stomps on the vector with a value that is critical to the
>operation of
> the program. Let's say it uses the breakpoint trap as a replacement for the system
> services trap (int 21 in PC-DOS lingo).
int 21 have always been a welcome place to link my own routines to. The
first single step approach I have seen was in JBird (You needed CopyIIPC
to copy it (until I converted it to a DOS excecutable <grin>)). In the
boot sector it would set up the single step interrupt (int 1) and before
executing an instruction, xor the first byte of it with a special value.
That was nice to see! Of course by replacing the single step interrupt I
had decoded the whole program code in a jiffy.
Then there was Titus the Fox, which had a nice .exe encoding scheme. The
loader (in the same exe, like pklite) would flush the interrupt vector
table (at offset 0:0L400) and disable all IRQ's except one (don't
remember which) and then contained some dummy code that would never get
executed until e.g. a timer interrupt arived. It had some HLT
instructions set to ensure the dummy code (which looked quite
convincing) didn't get executed. After the timer interrupt some other
code got executed that decoded and relocated the whole exe. I cracked it
to get the machine dependend game level codes. Even ripped the code so
you could execute this program to show you all the codes. Really nice.
Of course a lot of programs would have their own keyboard handler (int
9). Like all sierra games (which were HARD to crack because the volume
files were interpreted in some obcene adventure game engine which I
didn't have the debugging tools to!). I wrote a special program for that
that would agressively replace the interrupt vector of the keyboard and
switch between the game input and the debugger input by the press of a
simple key. Also had a key designated to resetting the screen, because
most programs would print black on black or do even worse things to your
monitor.
Then there was the most challening program I ever cracked named
Starcontrol II. It was a really great program to. It is a shame that I
never bought it because now I can't get it anymore. Fortunatly I know
someone with the original Starcontrol III which never wend below $55 in
Holland and it also has SC1&2 on the CD I heard. $55 is just to much for
any game I think. $30 is nice for a great game, $10 for a great game of
a few years old. Well, its protection. I have to recheck my loader code
for it, but it did nasty things with int 3 (break point) and also
scrambled its code after use. It also used a lot of overlays and
probably had some checksum check (but I always crack around them so
whenever the crack has taken place everything will look nice as it
should). Overlays are hell with MS debug that I used. Especialy if they
are not loaded with int 21/4b03 IIRL. One mistake it made is that it did
a call for the current time. I trapped it, did some int 3 adjustments
and set new breakpoints and thus moved from overlay to overlay until it
asked for the user to input the correct planet. I looked it up in memory
and fed it to the keyboard buffer of the program. I feel really proud
now :-)
I guess I just used 'other' interrupts to break the program instead
where I wanted to and when using the debugger avoid any messing up of
the IV table and emulate the int 3's in the code. I was a DOS cracker of
course. Never got over what happened with Windows really nor could get
my hands on a decent Windows debugger or programming language (I had
TASM and TC). Doesn't matter really because you can copy manuals and
cd's easily nowadays with Nero and programs like such (for which keycode
generators exist on the net, so you don't have to buy it if your writer
doesn't come supplied with any decent burner software). And there seems
to be software to run cd games from your harddisk because I can never
find my cd's and my cd player is very noisy and consumes a lot of
batteries on my laptop. Therefor copy protections really SUCK.
Starcontrol II didn't run under Windows 95 however because of all of the
neat tricks it used. At least that is what someone told me.
> Then we add linkage through the BIOS. Calling parts of the BIOS code, especially
>with
> an eye to using the results of the call/jmp not just threading flow of control
>through
> the ROM.
That is really nice, if you want your product to be totally incompatible
with a lot of different computers. Better get a good helpdesk and a good
customers support if you do this! BIOS is only good for checksums/hashes.
> Then we add routines that detect the identity of the spawning process and respond to
>the
> debugger by writing to its memory space causing faults within the debugger code (just
> which program is the debugger, and which is the debugee?) Most of the powerful
> debuggers are fairly well known. It's not hard to fingerprint them -- easier than
> fingerprinting protocol stacks.
That is nice. Never heard of it. But couldn't a powerful debugger hide
itself from the application? I always believed the software cracker would
always win because it would be first in memory and thus have control of
the complete machine. I think a good debugger is undetectable
(especially on platforms like windows NT where you can't write or read
other programs code).
> Then we add routines to detect clock skew. If the debugger soaks up an appreciable
> amount of CPU time this will be detectable. If it ever waits for user input it will
>be
> easily detectable. Certainly a debugger could be written to fully simulate the real
> time clock, freezing it when the program was paused, but the debugger cannot control
>its
> impact upon the CPU cache and cache-line to address line mapping is fairly obvious.
> Thus variations are detectable.
Might also work. Until you get a new processor with a larger cache. This
aproach will probably result in mayor compatibility problems again. AMD
Athon K7 e.g. has a larger cache and different instructions that an
stupid Intel PIII.
> Then we add checksum layers. Note that in a large software package checksum layers
>can
> be undetectable. The key is to not visibly react when a checksum failure is
>detected,
> but to quietly change operation mode. Perhaps some pieces of perfectly reasonable
> application code get overwritten with garbage. (Or breakpoints)
Over writting code with garbage and delayed loading of (encrypted) code
is nice.
> Then we add communication layers for applications that have connections. Systems
>under
> attack can silently produce a syndrome that is detectable at the other end. Systems
> that have been modified can indicate the change in status. It's gets very
>interesting
> to have an unsuspecting cracker hammering away on software that that has reported
> distress to a human in real time. The human can do things to the hacker's mind that
>do
> not bear contemplation. I have been in remote control of software under attack. It
>is
> enormously entertaining.
Wouldn't a firewall help against this? No software cracker should be
without a firewall! They shouldn't even have their modem turned on when
cracking.
> How deep do you want to bury the application under layers of security? Note that it
>is
> pointless to cause the attacker more trouble than writing the application from
>scratch
> would cost. This is why 97DES is a nonstarter. The benefit is not worth the cost.
The only sure way for keeping people from totally cracking your software,
is to make sure it totally sucks and nobody wants it. And IMHO copy
protections do make a program suck. That is why I broke them in my teenage
years. Even with software I got legally. And of course, never made any
money of it! That would have been very *bad*.
"Software crackers are a noble race".
Regards,
Roadkill
P.S. I like these sorts of posts from you. I have seen them before..
--
"If you're so special, why aren't you dead" - Kim Deal
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Just Curious. Are girls/women interested
Date: 3 Aug 2000 02:21:20 GMT
Joseph Ashwood <[EMAIL PROTECTED]> wrote:
> full of men/boys that also happened to be one of the highest concentrations
> of intelligence on the internet, and proclaiming your femaleness, of course
> you were going to get a rise from the crowd. I could go on, but if we're
wouldn't intelligence be a factor moderating the "rise from the crowd"?
or am I just being naive?
besides which, I am sceptical that sci.crypt is one of the highest
concentrations of intelligence "on the internet."
there seem to be two questions at least here
Q1) Are there women engaged in the science of cryptology (the original
poster's question)?
A1) Yes. see all the other posts.
Q2) Are there any women reading or posting to this newsgroup?
A2) How are you going to establish beyond a reasonable doubt that
some e-mail address here maps to a woman?
It seems that a question we might be able to answer would be
"is anyone reading this group willing to identify herself as a woman?"
Well, we have one example -- one succint proof of female presence.
The question is in something like NP. Probably we could come up with a way
for someone to identify herself without giving away anything other than
the fact that she reads.
We could then become more ambitious and reach out to an analogue of #P :
"how many lurkers/posters are willing to identify themselves as women?"
Practically, we could maybe use some kind of cryptographic voting scheme
in which parties vote for "woman" or for something else. I suppose that
since #P is in PSPACE, that there's also a (computational) zero-knowledge
proof for this kind of question, although it's not clear to me exactly how
it would go.
and of course, I could identify myself as a woman along with anyone else,
so even if we answered these questions the answers wouldn't mean so much.
> gonna go that route, perhaps we should take it off group.
>> BTW is "Hey baby what's your prime" a classic joke or something? I spent
>> a long time on my answer.
> I think it's just a dumb pick-up line, I've heard worse, I've actually
> watched as worse ones worked.
Crypto jokes, now pickup lines? Heavens. We need a talk.crypto.culture to
handle this overflow...
-David
------------------------------
Date: Wed, 02 Aug 2000 22:39:51 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Software package locking
Most of this misses the point, which is that software security is possible in some
degree.
Whether software security is desirable is not subject to debate -- some people desire
it.
Whether software security _should_be_ desirable is something to discuss with a priest.
Andru Luvisi wrote:
> "Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
> [snip]
> > First, let's dispose of some trivial cases. If the program has a lesser privilege
>level
> > than the attacker, the attacker is probably going to win fairly quickly. Thus a
>secure
> > program probably needs root/ring 0/etc. capabilities. Of course the attacker can
>always
> > use more sophisticated hardware, such as an in-circuit emulator, to gain an
>unmatchable
> > advantage, but if the attacker's testing platform matches the run-time platform
>then the
> > program has a chance.
> [snip]
>
> By requiring that your program runs as root/in ring 0/whatever, you
> are increasing the security dangers associated with a user running
> your product, and decreasing its value to your users. The fact that a
> program is able to run non-root is a security *feature* which is
> valuable to its users.
No.
Some software runs best at user (minimal) privilege levels and some needs setuid root.
Consider the Microsoft(tm) application packages that require administrator membership
(not
administrator privilege, membership in the administrator's group) to be installed. My
queries
to Microsoft(tm)'s technical support as to exactly what security rules the
administrator
authority is used too override have never been acknowledged, much less answered. Do
people
care? Hardly.
Consider all the games that require a special video/disk/network driver, with its
associated
special privileges, to run effectively.
Using system level resources does not unilaterally reduce value to users. *Misusing*
resources of any type decreases value.
>
> [snip]
> > For example, breakpoints and single steps are powerful analytic tools that can
>overcome
> > any kind of obfuscation or encryption. But what if the program interferes with the
> > breakpoint handler? Let's say it stomps on the breakpoint vector at many places
>within
> > the code. And it stomps on the vector with a value that is critical to the
>operation of
> > the program. Let's say it uses the breakpoint trap as a replacement for the system
> > services trap (int 21 in PC-DOS lingo).
> [snip]
>
> What happens when some bug in the program which is tickled by
> something in one user's hardware or software configuration goes off?
> Would you rather have the user junk your software, or use a debugger
> to figure out what action it is that is causing the problem and then
> send you a detailed bug report you can use to fix the problem?
Har. Warning: suspension of disbelief failure!
Users willing to debug large applications without source code are <ahem> rare.
>
>
> By making a debugger unusable, you are making your software less
> valuable to your users.
No.
I am making sure that the software they purchase and run is the software they bought.
What do
you think software security is all about?
>
>
> [snip]
> > Then we add linkage through the BIOS.
> [snip]
> > Then we add routines that detect the identity of the spawning process and respond
>to the
> > debugger by writing to its memory space causing faults within the
> > debugger
> [snip]
> > _Simulate_ debugging yourself. Make patches but remove them before
> > the program runs and restore them when it halts.
> [snip]
> > Then we add routines to detect clock skew.
> [snip]
> > Then we add checksum layers.
> [snip]
>
> And all this costs time and money, which you need to charge your users
> for. Do you think they like the idea of paying your developers to sit
> around writing all these things, rather than creating that new feature
> they need?
Depends on the application. If it provides a strategic advantage they will happily
pay for
security features that prevent competitors from using it.
> "Oh gee, this program can't do this basic thing I need it
> to, but I can't copy it! Boy do I feel like I got my money's worth!"
What has copy protection got to do with it? Did you read the message to which you
replied?
>
> They will have this reaction *every* time some feature they want is
> missing, and since you can't give them everything they will ever want,
> it *will* happen.
No.
They bought the software knowing what it is.
> If your competition is less concerned than you are
> about this "threat", and spend less time and money implementing this
> "security", they will spend less money to get the same features, and
> stability, and with the same money they will be able to have more
> features and stability.
Har.
You haven't sold much software, have you?
>
>
> [snip]
> > Then we add communication layers for applications that have connections. Systems
>under
> > attack can silently produce a syndrome that is detectable at the
> > other end.
> [snip]
> > How would you feel if your debugger's memory display window suddenly started
>chatting
> > with you? You might reconsider your attack.
> [snip]
>
> ...or tell the entire world that your product invades people's
> privacy. That makes your product *much* less valuable to your users.
Oh. I thought you were paranoid. I see that you are actually psychotic. I'll leave
you in
you own world and you leave me in mine, OK?
>
>
> [snip]
> > The point of all these layers is to eliminate the various classes of attack. The
> > objective is _not_ to make uncrackable software. The objective is to make
>software that
> > take so long to crack that when it breaks no one cares.
> >
> > Just like in crypto.
>
> Unfortunately, in the process you are doing things which are really
> bad for both you and your users.
No.
I think not. My customers think not. My your prescience needs tuning.
>
>
> You are increasing your development cost and time.
>
> You are decreasing the resources you can devote to improving
> stability, security, and features.
No.
Security is a feature.
>
>
> You are decreasing the value of your product to your customers.
No.
They _pay_ for software security. They _ask_ for it. If I don't provide it, they
will find
someone who will.
>
>
> At some point, your development cost will become greater than what
> your customers are willing to pay, and that will not leave you in a
> good place.
Could be. I'm not worried.
------------------------------
Date: Wed, 02 Aug 2000 22:44:12 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: New William Friedman Crypto Patent (filed in 1933)
Roger Schlafly wrote:
> Bruce Schneier wrote:
> > William Friedman filed a patent application for an Enigma-like
> > encryption device in 1933. The Patent Office awarded the patent this
> > month:
> > http://www.patents.ibm.com/details?&pn=US06097812__&s_all=1
>
> Cool. This beats Lemelson just getting a patent on the computer
> controlled assembly line that he supposedly invented in 1955.
> If Friedman retained the rights and his heirs were working the
> system optimally, they'll have some continuation applications
> pending.
>
> The NSA sat on this one for a long time. Can it be that there were
> some WWII secrets that were encrypted with this that were still
> secret in the 1990s?
>
> The patent is assigned to the USA.
In re patent silliness, I recently learned that the patent office refused an
application by the Wright brothers on HTA flight. That's gotta be
embarrassing.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Encrypting a String to another String containing only certain characters
Date: Thu, 03 Aug 2000 02:44:58 GMT
On Wed, 2 Aug 2000 20:11:38 +0200, "Martin Claviez"
<[EMAIL PROTECTED]> wrote, in part:
>Can I encrypt any string to another string that is containing only certain
>characters ?
>For example I want to encrypt any string and the resulting string should
>only contain
>numbers or letters and NO special characters like ?,!,^,(,), ... and so on.
>Where can I found an algorithm for this task ?
>A strong crypt routine is not required but is welcome.
If your string as input contains, for example, only printable ASCII
characters, having 95 possible values, and you want to have an output
string containing only characters from a set of 36, then the way to
convert between the two is to think of it as if you were converting a
number between two different bases.
Find values of m and n such that 95^m is just slightly less than 36^n.
Then, you can convert your input characters in blocks of m into blocks
of n output characters. The input characters are assigned codes from 0
to 94, and the output ones are assigned codes from 0 to 35, and the
input characters represent a base-95 number; so, you take the code for
the first character to start your total, then multiply by 95 and add
the code for the second character, and so on, to convert your block of
characters to a number. Then you keep dividing by 36 and taking the
remainder to create your output characters - or you can use other
techniques that are faster than division.
John Savard (teneerf <-)
Now Available! The Secret of the Web's Most Overused Style of Frames!
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: sci.math
Subject: Re: Sending Messages in Morse Code
Date: Thu, 03 Aug 2000 02:47:10 GMT
To keep everyone happy, I have added to my starting page on data
compression
http://home.ecn.ab.ca/~jsavard/mi0601.htm
a few extra lines of text about arithmetic compression, and I have
discussed Tunstall codes as well, since my Morse armor idea reminded
someone on comp.compression of them.
John Savard (teneerf <-)
Now Available! The Secret of the Web's Most Overused Style of Frames!
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Skipjack
Date: Wed, 02 Aug 2000 22:50:23 -0400
tomstd wrote:
> Does the idea of "weak-keys" ever come across your minds? If
> the key specifies the number of rounds then obviously some keys
> must specify lower amounts of rounds...
I took it for granted that one would constrain the structure
parameters so that a certain minimum amount of complexity
was guaranteed.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Crossposted-To: sci.math
Subject: Re: Sending Messages in Morse Code
Date: Thu, 03 Aug 2000 02:52:35 GMT
On Wed, 02 Aug 2000 18:15:15 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (JimD) wrote:
>On Wed, 02 Aug 2000 02:42:05 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote:
>[...]
> what we
>>normally think of as "Morse code" is International Morse, as
>>standardized in Europe. It is good but not ideal for English.
>
>Why not? There are symbols for the most common punctuation
>as well as most accented letters for other languages.
The International Morse that we know uses two keying lengths -- dot
(length 1) and dash (length 3) -- with dot-length spacing between dots
and dashes in a single character.
American Morse was only partly like that: Some characters (e.g., C,
O, R, Y, Z) had a longer spacing mid-character.
"In Europe, an Austrian, Frederick Gerke, developed a variation
of the Morse code that was adopted there. Many of the letters are the
same in both codes. However, Gerke simplified the code by using only
one space length and only two pulse lengths ('dits' and 'dahs').
Gerke's code was easier to learn than Morse's, but it was somewhat
slower. One interesting character is the letter 'O,' which is three
dahs in Gerke's code. This is much longer than Morse's O, which is a
pair of dits. Morse made O short because O is the fourth most common
letter in English. However, in German, O is an uncommon letter,
ranking only 16th, and for this reason was made long."
Rutledge, D. 1999. The Electronics of Radio. Cambridge University
Press. p. 308.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Roadkill <[EMAIL PROTECTED]>
Subject: Re: Just Curious. Are girls/women interested
Date: 3 Aug 2000 02:52:40 -0000
Dave Ashley informed kindly:
>
>Please explain the "If you're so special, why aren't you dead?" quote.
I nicked the full lyrics from <http://lenny.dyadel.net/breeders.htm>:
========
***I just wanna get along***
We were rich once
Before your head exploded
Imagine doing just what the Big Bang did
The whole world
Knew it was loaded
Wave bye-bye 'cause it ain't ever coming down now
I just wanna get along [2x]
I look up
The heads fly over
I see a boy I know: his hair's on fire
The whole world I discovered
If you're so special why aren't you dead
I just wanna get along [3x]
Wave bye-bye 'cause it ain't never coming down
I just wanna get along [3x]
=======
I really liked Kim Deal and maybe even was a bit in love with her at
some point. I liked her in the Pixies, the Breeders and even have
some obsure album from the Amps. It is just really nice music to
listen to, even though it is a bit old. Unfortunately Kim (or her
sister, which was also in the band the Breeders) was arrested for
have possesion of cannabis (which is legal in Holland BTW), so I
haven't heard from her for a while :-( A real same for such a nice
artist to spend her time in some filty jail. She had an album called
'Pod' with a poppy on the covert (from which they scrape opium or
something IIRC), so maybe that is why they went after her.
I'll be looking if I can find some more info on Kim Deal. I really
wonder what happened to her, maybe some fanpage knows :-)
Regards,
Roadkill (Oh, since 'roadkill' is by definition already dead, I can
be 'special' <grin>. And I just thought is was a good question for a
girl to ask a boy. It's sure nicer that telling someone to "get
lost" and it somewhat puts them down where they should be).
--
"If you're so special, why aren't you dead" - Kim Deal
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
