Cryptography-Digest Digest #543, Volume #13 Wed, 24 Jan 01 19:13:01 EST
Contents:
Re: Snake Oil (Matthew Montchalin)
RC4 Security ("EE")
Re: 3G crypto algorithms (Mok-Kong Shen)
Re: Echelon in Asia. (Mok-Kong Shen)
Re: finding inverses and factoring (Splaat23)
Barrett Modular Reduction with large x ([EMAIL PROTECTED])
Re: Any cryptoanalysis available for 'polymorphic ciphers'? (Splaat23)
Re: TSEPRNG, a secure RNG ? (Dan Parisien)
Re: finding inverses and factoring (Bryan Olson)
Re: Why Microsoft's Product Activation Stinks (Splaat23)
Re: TSEPRNG, a secure RNG ? (Splaat23)
----------------------------------------------------------------------------
From: Matthew Montchalin <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism,us.misc
Subject: Re: Snake Oil
Date: Wed, 24 Jan 2001 14:16:09 -0800
On Wed, 24 Jan 2001, Anthony Stephen Szopa wrote:
|It's 2001.
Okay.
|You cannot lie anymore these days and not get caught.
|
|Take my encryption software. Give it a go. Prove to us you can
|break it. Give us your most tenuous reasonable explanation on how
|you would go about it.
Humans are always the weakest link. If bribery doesn't work, there
are *other* ways to get through to anyplace.
------------------------------
From: "EE" <[EMAIL PROTECTED]>
Subject: RC4 Security
Date: Wed, 24 Jan 2001 16:31:50 -0500
I have two questions:
1. How can someone know the amount of bits of an encryption?
2. How can someone determine if an encrypted file or an encryption algorithm
is secure?
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: 3G crypto algorithms
Date: Wed, 24 Jan 2001 23:32:47 +0100
Arturo wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]>wrote:
>
> >In a town not too far from mine there is an
> >Echelon station.
>
> Hmmm, you mean Bad Aibling? Or maybe some other I didnīt hear about?
> Details, please. Iīm interested in the matter (you can post here or drop me
> some bytes at [EMAIL PROTECTED]; PGP keys available at keyservers).
Yes, near Bad Aibling there are a number of spherical domes
that contain the equipments for interception. Sometime back
there were some reports about the station in the newspapers
but I can't find the references for you now. Because of the
rumours (or not, I don't know, nor apparently any other
outsiders) of the activities of commercial espionage, the
station accepted to be visited by a high rank German government
officer, who was assured by the persons there that there never
had been such activities. I don't know much more than the above.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Echelon in Asia.
Date: Wed, 24 Jan 2001 23:32:40 +0100
Abe Lin wrote:
>
> We've been seeing a bit about echlon, but I haven't heard anything
> in Asia yet. Given Chinese Government's nature, they'd really surprise
> me if they don't have one.
The technique is certainly within the reach of many countries
since quite a time. There is no reason to assume that the
less democratic countries have less interest in that, though
they may not have sufficient resources to build big systems
comparable in size to Echelon. For example, after the
unification of Germany it was discovered that East Germany
had had in Berlin a (small) station intercepting among others
communications from the office of the Chancellor of West
Germany.
M. K. Shen
=========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Splaat23 <[EMAIL PROTECTED]>
Subject: Re: finding inverses and factoring
Date: Wed, 24 Jan 2001 22:38:56 GMT
Really fascinating. Thanks for the clarification: now that I look at
it, I wonder why my brain decided to shut off. ;)
Let me disagree with you agreeing with me now. Looking at it, I do not
think knowledge of a generator of (Zn*)* would help, because if it did
it would prove to be a new attack on RSA. Let me elaborate:
phi(phi(n)) is close to n for most n. Therefore, any guess in Zn has a
very high chance of being in Zn*, and has a very high chance of being
in (Zn*)* (I hope that terminology is correct, or else I really sound
like an idiot).
Actually, the algebra doesn't seem right - just missing parens. It
should read:
F(x) = g1^(g2^x) mod n
F(x + y) = F(x)^(g2^y)
= (g1^(g2^x))^(g2^y)
= g1^(g2^x * g2^y)
= g1^(g2^(x + y))
Anyway, enough said. If you have an IQ > 50, you'd be good to take
anything I post with an industrial-size can of salt.
- Andrew
In article <94nh3e$608$[EMAIL PROTECTED]>,
David A Molnar <[EMAIL PROTECTED]> wrote:
>
> Splaat23 <[EMAIL PROTECTED]> wrote:
> > What exactly do you mean by a generator for the subgroup "the
exponents
> > mod n"? I was not aware such a generator exists at all, much less
with
> > all n. My best guess is, however, that a generator such as this
would
> > facilitate factoring of phi(n), which would be Bad.
>
> Sorry for being imprecise.
>
> Let me try again.
>
> We can compute g^x mod n. The exponent x is taken mod phi(n). It is
> because we do not know phi(n) in RSA that finding d from e is hard.
But
> the integers mod phi(n) themselves form a group, of order phi(phi
(n)).
> So it makes sense to ask about elements "of the exponents" which
generate
> subgroups of this group Z_phi(n)^*.
>
> Put another way, suppose I take (g1^g2), then (g1^g2)^g2, and so on.
This
> will generate values g1^x1, g1^x2, ... where the xi run through a
subgroup
> of the "group of exponents" Z_phi(n)^*
>
> I agree with you that giving away g2 looks fishy, but I'm wondering if
> anyone knows.
>
> > But I cannot answer the remaining questions. I ask forgiveness for
my
> > lack of knowledge ;) I guess a question I have for you is why do you
> > need/want to send out this type of data?
>
> Consider the function F(x) = g1^(g2^x) mod n. g1 and n are known, but
> phi(n) is secret. It seems to me that given F(x) and g2^y, you can
compute
> F(x+y) as follows:
>
> F(x+y) = g1^(g2^x)^(g2^y)
> = g1^(g2^x * g2^y)
> = g1^(g2^(x +y))
>
> (unless I'm messing up my algebra, which is *quite* possible).
>
> Here g2^y is just given to you - you don't know phi(n). Someone else
who
> does know phi(n) gave it to you.
>
> From F(x+y) x, and F(x) it seems impractical to obtain F(y). Even if
you
> have g2^x mod phi(n) it seems impractical to obtain F(y). Why?
>
> To obtain F(y) from F(x+y) and F(x) or g2^x you would need to
> compute g2^{-x}. This is difficult because phi(n) is not known,
> and g2^{-x} is taken mod phi(n).
>
> Taking discrete logs is hard as well because the factorization
of
> n is not known.
>
> I originally had this confused with F'(x) = (g1^g2)^x and wanted to
> produce a scheme where anyone could evaluate F'(x) by dint of
knowledge of
> g1 and g2, and then later raising F'(x) to the power g2^y would yield
> F'(x+y). But I realize now that (g1^g2)^x is just g1^(g2 * x).
>
> With this new F(x), I'm no longer sure that it is efficiently
> evaluable without knowledge of phi(n). Certainly for a constant c, I
can
> compute g1^(g2^c) by computing g1^g2 and raising to the g2 power c
times
> - this is too slow. But it's not clear to me how to get from g1^
(g2^k) to
> g1^(g2^2k). Actually, now that I think about it, I think this is
similar
> to the construction used for the time-lock puzzle of Rivest, Shamir,
and
> Wagner...which means that no such efficient exponentiation may exist.
>
> as to why I want such an F() ? It's a bit like a strong
> one-way function in the sense of Rabi and Sherman. Those imply all
sorts
> of things like signatures and key agreement, and there's an existence
> proof for them, so it would be nice to have something concrete.
>
> Thanks,
> -David
>
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED]
Subject: Barrett Modular Reduction with large x
Date: Wed, 24 Jan 2001 22:41:08 GMT
Hi. I'm messing with RSA in JavaScript and found that Barrett's modular
reduction (from the Handbook of Applied Cryptography, CRC Press) is an
excellent shortcut, speeding my modular exponentiation by about a
factor of 10.
The trouble is, the algorithm is only specified for x < b ^ 2k
How can I change the algorithm to use a larger mu, something around b ^
4k? (b is the radix base and k is the order of magnitude of m)
Here's Barrett's modular reduction algorithm (see citation below):
Input: positive integers x = (x_sub_2k-1 ... x1 x0),
m=(m_sub_k-1 ... m1 m0) with m_sub_k-1 != 0
mu=(b ^ 2k)/m
output: r=x mod m
q1<-x / (b ^ (k-1))
q2<-q1 * mu
q3<-q2/(b ^ (k+1))
r1<-x mod b^(k+1)
r2<-q3 * m mod b^(k+1)
r<-r1-r2
if r < 0 then r<- r + b^(k+1)
while r >= m do r<- r-m
return r
from the Handbook of Applied Cryptography, by A. Menezes, P. van
Oorschot, and S. Vanstone, CRC Press, 1996. For further information,
see www.cacr.math.uwaterloo.ca/hac
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Splaat23 <[EMAIL PROTECTED]>
Subject: Re: Any cryptoanalysis available for 'polymorphic ciphers'?
Date: Wed, 24 Jan 2001 22:54:23 GMT
It's "security through obscurity" developed into a process. I don't
know about anyone here, but _I_ would not trust an algorithm which was
designed from the ground up not to thwart standard cryptanalysis, like
modern secure block ciphers do, but instead try to avoid them.
1) I think this would be susceptible to methods used to analyze ciphers
whose internals are unknown.
2) I think it would certainly be susceptible to related-key attacks.
3) And obviously he has never heard of linear cryptanalysis.
But regardless of any of those it seems unnecessary given today's
secure block ciphers. Why does everyone want to reinvent the wheel?
Maybe if the consumers weren't so gullible and ignorant we could avoid
stuff like this.
- Andrew
In article <94k7c9$212d$[EMAIL PROTECTED]>,
"Jakob Jonsson" <[EMAIL PROTECTED]> wrote:
> > Hello, on
> > http://www.identification.de/crypto/descript.html
> > a method is described which the authors call 'polymorphic
> > encryption'. They claim it to be the most secure algorithm on the
> > market. Of course, this is a site where the authors want to promote
> > their product. So, has anyone made an independent cryptoanalysis of
> > it?
>
> Actually, I doubt that there are any cryptographers who are willing
to waste
> their time on it. The page is crammed with errors, misconceptions, and
> unjustified claims, e.g.:
>
> "Since there is a rumour that the NSA is trying to prevent the use of
secure
> ciphers, it is relatively likely that all algorithms supported by the
NSA
> imply some kind of shortcut."
>
> "It is usually claimed that long keys slow down the algorithm too
much.
> That's true because execution time increases at least by the key size
at the
> power of two."
>
> "What if both data and the actual encryption algorithm are undefined
in the
> beginning. An Opponent who wants to break your key feels deprived of
any
> constant. Working with variables only quickly becomes pretty complex.
> Commonly known ciphers use one key - say one variable. A mathematic
equation
> comprising two variables cannot be solved! For cryptography, there is
of
> course a solution - but the only way to find it is to search
exhaustively
> the whole keyspace. This problem is one-dimensional for common
ciphers and
> two-dimensional for the Polymorphic Cipher."
>
> "The Polymorphic Method is among the strongest ciphers available
today and
> it's probably the strongest."
>
> Probably not. In fact, I doubt this guy can tell the conceptual
difference
> between RSA and DES.
>
> Jakob
>
>
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Dan Parisien <[EMAIL PROTECTED]>
Subject: Re: TSEPRNG, a secure RNG ?
Reply-To: [EMAIL PROTECTED]
Date: Wed, 24 Jan 2001 23:14:55 GMT
Splaat23 wrote:
> However, do _you_ know how the OS task scheduler is written?
I'll find out. That is a good point.
> I imagine it uses some sort of deterministic algorithm, since
> computers are deterministic devices.
I assumed that much.
> once sufficient entropy has been collected, hash and
> key a PRNG with that hash.
that's what i do... maybe you _do_ need the code.
(I'm actually pretty offended by the statement not to produce the source)
> Input such as your algorithm can output can
> be fed to a PRNG like Yarrow
That's what I'm trying to avoid...
I'll get more input on this... I think the theory behind this prng is
sound...
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: finding inverses and factoring
Date: Wed, 24 Jan 2001 23:09:06 GMT
David A Molnar wrote:
> I recall that in RSA, knowledge of d alone, combined with e and n, is
> enough to derive phi(n) and factor. I don't recall the proof,
> unfortunately - so I apologize if this post turns out to be trivial.
Not exactly trivial. The method I know of is much like the
Miller-Rabin test. While raising a random base to e*d-1, see
if you get a non-trivial square root of 1 along the way. If so,
take the gcd(n, square_root1 + 1) and that's a factor. If not,
repeat.
Below is Python code for the algorithm. (Python has arbitrary
size long integers built in.)
> Suppose I publish n, g1 a generator of some subgroup in n, and g2 a
> generator of some subgroup of "the exponents mod n", which have order
> phi(n). Further I publish g1^(g2^x) and g2^x. The value n is made
public,
> but phi(n) is not revealed. Can phi(n) be feasibly determined?
I assume you mean choose a random x and publish g2^x mod phi(n).
Without x that doesn't seem very helpful. With x, I don't know.
--Bryan
|
| # Python code for factoring RSA modulus n using e and d
|
| def gcd(x, y):
| """Return the GCD of x and y."""
| while x>0:
| x, y = y%x, x
| return y
|
| def split_using_e_and_d(n, e, d):
| """Given a composite n and e, d such that
| e*d mod lambda(n) == 1, return a non-trival factor of n.
| Loops out or asserts false on bad inputs.
| """
| s = e * d - 1
| # Remove factors of 2 from exponent s
| while s & 1 == 0:
| s = s >> 1
| # Try bases until we find a factor
| for base in xrange(1, 999, 2):
| # Realy we should set base randomly
| a = pow(long(base), s, n)
| if a == 1:
| # Darn, we got to 1 without finding a square root
| continue
| # Keep squaring until we hit 1.
| while a != 1 and a != n-1:
| b = a
| a = a * a % n
| if a == 1:
| # Got it
| return gcd(n, b + 1)
| # Darn, the square root we found was -1.
| assert(0), "Something is very wrong."
|
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Splaat23 <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Wed, 24 Jan 2001 23:23:09 GMT
He doesn't consider XORing two files together to be significant. That's
easy! He considers XORing two files together, one of which happens to
be generated by a PRNG to be significant. Innovation, what a sight! I
wish I had his foresight to create a slow, unwieldy stream cipher that
has no market to acquire and no use.
He was not stupid for showing it to Microsoft. He's stupid for
believing that not a soul could think it up independently! I love his
lack of understanding of the laws of causation: "I sent my [simple,
bad] program [that could be thought up by any 9-year old reading _AC_]
to Microsoft, and years later they come out with something remotely
similiar, therefore they are liars and thieves!"
Note, I think Microsoft's patenting of this, if that's what they really
intend to do, is silly, like most tech patents, but that's OT.
Enough bashing of Mr. Szopa. From his past posting history (which I had
the urge to view and regret my stupidity), Mr. Szopa will disregard
anything we say here and continue to believe his own superiority over
us mere mortals.
- Andrew
In article <[EMAIL PROTECTED]>,
Richard Heathfield <[EMAIL PROTECTED]> wrote:
> [Sorry to reply to Joe's post when I'm really addressing the issues
> raised by Mr Szopa. Mr Szopa's article hasn't hit my newsfeed yet and
> may not do so for some time...]
>
> > "Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Richard Heathfield wrote:
> > > >
> > > > Anthony Stephen Szopa wrote:
> > > > >
> > > > <snip over 200 lines>
> > > > >
> > > > > So that's all I have to say for a while.
> > > >
> > > > Is that a promise?
> > >
> > >
> > > Here is a guy who spits on the souls of anyone for no damned
reason.
>
> I guess it wasn't a promise after all. (sigh)
>
> > >
> > > I told you that I am the inventor that will save people tens or
> > > hundreds of billions of dollars in lost revenue and you verbally
> > > shit on me with your sarcasm.
>
> You do a good line in invective. Perhaps you should switch from crypto
> to politics.
>
> > > Did you develope an anti-piracy computer software module that will
> > > prevent perhaps half at a minimum of the illegal copying of
> > > computer software in the world?
>
> Certainly not. I wouldn't dream of writing such a pointless program.
>
> > > Do you know how important a contribution this is?
>
> It's completely insignificant to those who have already realised that
MS
> has, for years, been using the very best copy protection of all - i.e.
> products that don't work, products that corrupt files, products that
> hang the machine... Why would anyone with the slightest semblance of
> common sense *want* to copy programs like that?
>
> > > I can prove that I did this. And if I eventually do prove it
> > > publicly everyone will know you are a fool. But most importantly
> > > you will know. I think you probably already know you are a fool.
>
> If you really were conned by MS, I sympathise (like Joe), but am
stunned
> by your naivete.
>
> 1) Copy protection doesn't work. sci.crypt already knows this. Why
don't
> you?
> 2) Microsoft is well-known for exploiting anything it can exploit.
>
> > > I am certainly one of a very very few and perhaps the only person
in
> > > the world who can prove that they did it before MS.
>
> You're the guy with the proprietary no-source-code-provided technique
> for XORing two files together, yes? The one with the front end that
> looks like something the cat dragged in? The one you said was so
> innovative?
>
> > > I am not going
> > > to divulge my thought processes here or my plans or my actions
> > > regarding the implications of this situation at this time, as I
have
> > > said.
>
> Excellent.
>
> > > I am actively pursuing my interests.
> > >
> > > I think I read that there is about $50 billion dollars worth of
> > > computer software piracy going on every year.
>
> Well, people will play those games, I suppose.
>
> If you don't want people to steal your software, give it away. It's
that
> simple.
>
> > > You must be a real high achiever to top this. Tell your friends
> > > what a proud soul you are and give them the example you posted
here
> > > and explain to them why you are the one to be so sarcastic.
>
> Righty-ho, I'll do that.
>
> > > What are your qualifications?
>
> I can write a program to XOR two files together. Does that count? (It
> seems to be a significant achievement from your point of view, if I
> correctly recall your proud boasts of about three months back.)
>
> > > I would tell them that you are a high risk gambler and that they
> > > should stay as far away from you as possible.
>
> Interesting. I have made exactly two serious bets in my entire life.
In
> each case, I calculated the probability of my winning to be 1.0. In
each
> case, I won the bet. If the probability of victory is < 1.0, I don't
> bet.
>
> > > You just can't believe that I did what I say I did, can you?
>
> Yes, I can believe that you could design a copy protection protocol
> (albeit an inherently flawed protocol, as all such schemes are). What
I
> was having difficulty with was your stupidity in showing it to
> Microsoft.
>
> > > You think you can
> > > make the jump and take the leap to ridicule me.
>
> You're doing fine all by yourself.
>
> > > You have no proof that I am lying.
>
> "The wicked flee when no man pursueth." (Prov 28:1)
>
> I have not accused you of lying. I am quite prepared to believe that
you
> have invented a copy protection protocol. I can even take a guess as
to
> how it might work. The potential software pirate has to shuffle some
> cards, yes?
>
> The fact that you deny lying without being accused of it, however, is
in
> itself deeply suspicious.
>
> > > Yet you risk your reputation.
>
> That's all right. My reputation on sci.crypt is "cute and fluffy, and
> has at least quarter of a brain, if not slightly more, but can't
> cryptanalyse anything harder than Vigenere", and I'm certainly
prepared
> to risk that. Strangely, your reputation on sci.crypt seems to be even
> worse than mine. Odd, that.
>
> > > As I said, you have
> > > poor judgment although you have calculated that you are on solid
> > > ground. Quicksand, yes. You are in quicksand and there will be
no
> > > one to come to your aid. Just wait and see.
>
> /me checks his immediate environment...
>
> Aarrgghh! You're right! Quicksand! I'm sinking! Quick, somebody...
SAVE
> ME! SAVE ME! Don't leave me to a horrible death!!!
>
> Oh, hang on, it's okay, it's just carpet. Panic over.
>
> > > If and when the proof comes out I hope someone brings it to you
> > > attention.
>
> Well, you could always post the source to alt.sources.crypto. I'll see
> it there, I expect. Oh, can you make sure it works in Linux please?
> Thanks.
>
> > > I was waiting for a worm to show their slime. You finally showed
up.
>
> It is not surprising that a purveyor of snake oil should see the world
> in terms of long thin creatures.
>
> > >
> > > What is a fool? A fool is a person who plays an Eric Clapton song
> > > on their own guitar. He plays the song perhaps even as good as
Eric
> > > Clapton. And then he thinks he is as great an artist as Eric
> > > Clapton.
>
> By that definition, Eric Clapton is a fool - which I don't believe.
> Therefore, the definition is wrong.
>
> > > You are an even greater fool than this because you would play the
> > > air guitar while listening to Eric Clapton and really believe you
> > > are as great a musician and artist as Eric Clapton.
>
> Actually, I play a pretty mean "Layla", but I wouldn't claim to be in
> the same league as EC.
>
> > >
> > > Can you feel your heart literally shrinking? You will.
>
> Do you literally mean "literally" literally?
>
> > > Gee, you didn't get any more significant information from me about
> > > my claim?
> > >
> > > Too bad.
>
> Ah! You caught me out! Yes! I was trying to do industrial espionage
over
> Usenet, like all the best spies, but the ever-clever Mr Szopa was too
> smart for me, and foiled my cunning plan. I am exactly as chagrined,
> chastised, and chastened as I ought to be.
>
> I sometimes wonder what planet you're on. On my home account (not this
> account, you understand), I killfiled you well over a year ago. That
may
> have been a mistake, as you are proving to be a plentiful, albeit
> unwitting, source of humour. Mind you, I suppose sci.crypt can live
> without regular flame battles between us, so perhaps it's just as
well.
>
> --
> Richard Heathfield
> "Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
> C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
> K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html
>
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Splaat23 <[EMAIL PROTECTED]>
Subject: Re: TSEPRNG, a secure RNG ?
Date: Wed, 24 Jan 2001 23:54:26 GMT
I'd like to apologize. My response was a little rash. My request not to
be sent the source code is just one of reflex - in this case,
pseudocode or a good description is MUCH more useful.
Anyway, I can't figure out exactly why you are trying to avoid
something like Yarrow. The advantage of Yarrow is that it clearly
separates entropy collection from number generation. Its approach is
very modular. Your idea (which, in all likelihood, does contain some
real entropy, even in the face of attacks) would fit right in to
Yarrow's entropy collection process, which would protect against a lot
of attacks that the designers of Yarrow know about.
- Andrew
In article <PlJb6.118149$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Splaat23 wrote:
>
> > However, do _you_ know how the OS task scheduler is written?
>
> I'll find out. That is a good point.
>
> > I imagine it uses some sort of deterministic algorithm, since
> > computers are deterministic devices.
>
> I assumed that much.
>
> > once sufficient entropy has been collected, hash and
> > key a PRNG with that hash.
>
> that's what i do... maybe you _do_ need the code.
> (I'm actually pretty offended by the statement not to produce the
source)
>
> > Input such as your algorithm can output can
> > be fed to a PRNG like Yarrow
>
> That's what I'm trying to avoid...
>
> I'll get more input on this... I think the theory behind this prng is
> sound...
>
Sent via Deja.com
http://www.deja.com/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
