Cryptography-Digest Digest #360, Volume #14 Tue, 15 May 01 18:13:01 EDT
Contents:
3rd announcement for ECC 2001 (Alfred John Menezes)
Re: TC15 analysis ("Tom St Denis")
Re: Not a realistic thing to do......Why? ("Tom St Denis")
Re: DSA, ECDSA, RSA (Anton Stiglic)
Re: TC15 analysis ("Tom St Denis")
Re: OAP-L3: "The absurd weakness." (Darren New)
taking your PC in for repair? WARNING: What will they find? ("EE Support")
Evidence Eliminator works great. Beware anybody who claims it doesn't work
(propaganda) ("EE Support")
Re: Probablistic Algorithms For Square Roots of QRs in Z/n (Anton Stiglic)
Re: Evidence Eliminator works great. Beware anybody who claims it doesn't work
(propaganda) (Ahab)
Re: taking your PC in for repair? WARNING: What will they find? (Ahab)
Re: OAP-L3: "The absurd weakness." (John Savard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Alfred John Menezes)
Subject: 3rd announcement for ECC 2001
Date: 15 May 2001 19:36:19 GMT
THE 5TH WORKSHOP ON ELLIPTIC CURVE CRYPTOGRAPHY (ECC 2001)
University of Waterloo, Waterloo, Canada
September 17, 18 & 19 2001
Third Announcement May 15, 2001
ECC 2001 is the fifth in a series of annual workshops dedicated to the
study of elliptic curve cryptography and related areas. The main themes
of ECC 2001 will be:
- The discrete logarithm and elliptic curve discrete logarithm problems.
- Provably secure discrete log-based cryptographic protocols for
encryption, signatures and key agreement.
- Efficient software and hardware implementation of elliptic curve
cryptosystems.
- Deployment of elliptic curve cryptography.
It is hoped that the meeting will encourage and stimulate further
research on the security and implementation of elliptic curve
cryptosystems and related areas, and encourage collaboration between
mathematicians, computer scientists and engineers in the academic,
industry and government sectors.
There will be approximately 15 invited lectures (and no contributed
talks), with the remaining time used for informal discussions. There
will be both survey lectures as well as lectures on latest research
developments.
SPONSORS:
Certicom Corp.
Communications and Information Technology Ontario
MasterCard International
MITACS
Mondex International Limited
University of Waterloo
ORGANIZERS:
Alfred Menezes (Certicom Corp.)
Edlyn Teske (University of Waterloo)
Scott Vanstone (University of Waterloo)
CONFIRMED SPEAKERS:
Dan Bernstein (University of Illinois Chicago, USA)
Dan Bleichenbacher (Lucent Technologies, USA)
Dan Boneh (Stanford University, USA)
Dan Brown (Certicom Corp., Canada)
Gerhard Frey (University of Essen, Germany)
Pierrick Gaudry (Ecole Polytechnique, France)
Darrel Hankerson (Auburn University, USA)
Ueli Maurer (ETH, Switzerland)
Alfred Menezes (Certicom Corp., Canada)
Tatsuaki Okamoto (NTT, Japan)
Jean Marc Robert (Gemplus, Canada)
Victor Shoup (IBM, Switzerland)
Alice Silverberg (Ohio State University, USA)
Brian Snow (National Security Agency, USA)
Jerome Solinas (National Security Agency, USA)
Annegret Weng (University of Essen, Germany)
CONFERENCE PROGRAM
There will be sixteen invited lectures, each of 60 minutes duration
including time for questions. All lectures will be held on the campus
of the University of Waterloo. The tentative titles of the lectures
are:
Bernstein A software implementation of elliptic curve cryptography
Bleichenbacher On the generation of DSA one-time keys
Boneh New and unique applications for elliptic curve cryptography
Brown A security analysis of the elliptic curve digital signature
algorithm
Frey Algebraic-geometric discrete logarithms: An overview
Gaudry Algorithms for point counting on elliptic and hyperelliptic
curves
Hankerson Performance comparisons of elliptic curve systems in
software
Maurer Indistinguishability proofs and quasi-randomness
Menezes Cryptographic implications of Weil descent
Okamoto Generic conversions for constructing IND-CCA2 public-key
encryption in the random oracle model
Robert To be announced
Shoup The evolution of public key encryption
Silverberg Elliptic curves: The state of the art
Snow We need more assurance in security products
Solinas A family of curves with compact parameters
Weng The CM-method for hyperelliptic curves
Further details of the program and lecture room will be given in the
fourth announcement on June 30, 2001.
The lectures will begin at 9:00 am on September 17 and conclude at
4:30 pm on September 19.
REGISTRATION
There will be a registration fee this year of $300 Cdn or $200 US
($150 Cdn or $100 US for full-time graduate students). PLEASE REGISTER
AS SOON AS POSSIBLE AS SPACE IS LIMITED FOR THIS WORKSHOP; REGISTRATION
IS ON A FIRST-COME FIRST-SERVE BASIS. We cannot process a registration
until all fees are paid in full. The deadline for all fees to be
paid and registration completed has been set for the 3rd of
September, 2001. To register, complete, in full, the attached
REGISTRATION FORM and return it along with your payment to:
Mrs. Frances Hannigan, C&O Dept., University of Waterloo, Waterloo,
Ontario, Canada N2L 3G1. Confirmation of your registration will be
sent by email when payment is received in full.
========================cut from here=================================
ECC 2001 CONFERENCE REGISTRATION FORM
Fullname:
_________________________________________________________
Affiliation:
_________________________________________________________
Address:
_________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
E-Mail Address:
_________________________________________________________
Telephone #:
_________________________________________________________
Registration Fee: Please check the appropriate box:
[ ] Registration .......$300.00 CAD ..............$________
[ ] Registration .......$200.00 USD ..............$________
[ ] Full-time Student ..$150.00 CAD ..............$________
[ ] Full-time Student ..$100.00 USD ..............$________
Registration Fee includes Banquet: Attending [ ] Yes [ ] No
Vegetarian [ ] Yes [ ] No
Extra Banquet tickets ..$ 50.00 CAD or $ 35.00 USD per ticket:
[ ] x $50.00 CAD ..........$________
[ ] x $35.00 USD ..........$________
TOTAL AMOUNT PAYABLE: ............................$________
**Make Cheque/Money Order Payable to: ECC 2001
Credit Card Payments:
[ ] Visa [ ] MasterCard
Cardholder's Name: ________________________________________________
Card Number: ______________________________________________________
Expiration Date: __________________________________________________
Signature: ________________________________________________________
Additional Information: ___________________________________________
=========================cut from here===============================
TRAVEL
Kitchener-Waterloo is approximately 100km/60miles from Pearson
International Airport in Toronto. Ground transportation to
Kitchener-Waterloo can be pre-arranged with Airways Transit.
TRANSPORTATION TO AND FROM TORONTO AIRPORT PROVIDED BY AIRWAYS TRANSIT
It is advisable to book your transportation between the Pearson Airport,
Toronto, and Waterloo in advance to receive the advance booking rate of
$32 CAD per person, one way, with Airways Transit (open 24 hours a day).
This is a door-to-door service; they accept cash (Cdn or US funds),
MasterCard, Visa and American Express.
Upon arrival:
Terminal 1: proceed to Ground Transportation Booth, Arrivals Level,
Area 2.
Terminal 2: proceed to Airways Transit desk, Arrivals Level, Area E.
Terminal 3: proceed to Ground Transportation Booth, Arrivals Level,
between doors B and C.
Complete the form below and send by mail or fax well in advance of your
arrival to Airways Transit. They will not fax confirmations: your fax
transmission record is confirmation of your reservation.
You can also book on-line at: http://www.airwaystransit.com/reservation.html
providing that the information on the form below is complete. Please make
sure to quote "ECC Conference" to receive the conference rate.
=========================cut from here=================================
AIRWAYS TRANSIT ADVANCE BOOKING FORM - ECC 2001
ARRIVAL INFORMATION:
____________________________________________________________
Surname First name
____________________________________________________________
Toronto Arrival Date Airline Flight #
____________________________________________________________
Arrival Time Arriving From
____________________________________________________________
Destination in Kitchener/Waterloo No. in party
DEPARTURE INFORMATION:
____________________________________________________________
Surname First name
____________________________________________________________
Toronto Departure Date Airline Flight #
____________________________________________________________
Departure Time Flight # Destination
____________________________________________________________
Pickup From No. in party
____________________________________________________________
Signature Date
Send or Fax to:
Airways Transit
99A Northland Road
Waterloo, Ontario
Canada, N2V 1Y8
Fax: (519) 886-2141
Telephone: (519) 886-2121
=============================cut form here================================
ACCOMMODATIONS
There is a limited block of rooms set aside on a first-come first-serve
basis at the Waterloo Inn and the Comfort Inn for the evenings of
September 15, 16, 17 and 18. Please make your reservations prior
to August 5, 2001, directly with the hotel.
Comfort Inn
190 Weber Street North
Waterloo, Ontario
Canada N2J 3H4
Phone: (519) 747-9400
- $84 Cdn plus taxes/night for a single or double room
- please quote "ECC 2001" or "#12028" when making your reservation.
Waterloo Inn
475 King Street North
Waterloo, Ontario
Canada N2J 2Z5
Phone: (519) 884-0222
Fax: (519) 884-0321
Toll Free: 1-800-361-4708
Website: www.waterlooinn.com
- $112 Cdn plus taxes/night for a single or double room
- please quote "ECC 2001 Conference" when making your reservation.
Other hotels close to the University of Waterloo are:
Destination Inn
547 King Street North
Waterloo, Ontario
Canada N2L 5Z7
Phone: (519) 884-0100
Fax: (519) 746-8638
Approx rate: $77 Cdn plus taxes/night
Best Western
St. Jacobs Country Inn
50 Benjamin Road, East
Waterloo, Ontario
Canada N2V 2J9
Phone: (519) 884-9295
Website: www.stjacobscountryinn.com
Approx rate: $109-119 Cdn plus taxes/night
The Waterloo Hotel
2-4 King Street North
Waterloo, Ontario
Canada N2J 1N8
Phone: (519) 885-2626
Approx rate: $112-130 Cdn plus taxes/night
HOTEL TO CONFERENCE TRANSPORTATION
A shuttle to/from the campus will be available each day of the
conference from the Waterloo Inn only. The following schedule is
tentative only, final times will be posted in the fourth announcement.
Monday, September 17th
Waterloo Inn to Federation Hall: 7:30 am & 8:00 am
Federation Hall to Banquet: 5:00 pm & 6:00 pm
Banquet location to Waterloo Inn: 9:00 pm & 10:00 pm
Tuesday, September 18th
Waterloo Inn to Federation Hall: 7:30 am & 8:00 am
Federation Hall to Waterloo Inn: 6:00 pm & 6:30 pm
Wednesday, September 19th
Waterloo Inn to Federation Hall: 7:30 am & 8:00 am
Federation Hall to Waterloo Inn: 5:00 pm
For further information or to return your Registration, please contact:
Mrs. Frances Hannigan
Department of Combinatorics & Optimization
University of Waterloo
Waterloo, Ontario, Canada N2L 3G1
e-mail: [EMAIL PROTECTED]
Fax: (519) 725-5441
Phone: (519) 888-4027
If you did not receive this announcement by email and would like to be
added to the mailing list for the third announcement, please send email
to [EMAIL PROTECTED] The announcements are also available
from the web site www.cacr.math.uwaterloo.ca
========================================================================
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: TC15 analysis
Date: Tue, 15 May 2001 20:16:24 GMT
"Scott Fluhrer" <[EMAIL PROTECTED]> wrote in message
news:9drhq3$vaa$[EMAIL PROTECTED]...
>
> Tom St Denis <[EMAIL PROTECTED]> wrote in message
> news:4zeL6.76746$[EMAIL PROTECTED]...
> > I started my analysis of TC15 (more than just poking). I am looking for
> low
> > hamming weight differentials (i.e low active sbox count).
> I just verified that there are no single round iterative differentials (at
> any probability level) with hamming weight 6 or less.
May I ask *how* you analyzed it. That's more meaningful then just the
results.
> My next step: two round iterative differentials...
Ahh keen.
So you found 1R differentials with 7 active sboxes? That would be 16*7=112
active sboxes ... way over the 64 limit.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Not a realistic thing to do......Why?
Date: Tue, 15 May 2001 20:19:11 GMT
"Keill Randor" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in article
> <%_VL6.92784$[EMAIL PROTECTED]> :
>
> >>
> >> I AM comparing the system I have to an OTP, and it IS realistic to do
so.
> >
> >If you seriously believe that you need a new line of work.
> >
> >> If you want security, then ANY system that is crackable, as far as I am
> >concerned, is not good enough. (Granted, I am not a good enough
> >mathematician to make much of a dent in PKI, though if I got together
with a
> >decent mathematician and a programmer, we might be able to work something
> >out). As for symmetrical systems, though, as far as I am concerned if
it's
> >crackable its not very good....
> >
> >Again if you believe this you will never be a serious cryptographer.
> >
> >> I need to get the system I have made into a program, and see just how
fast
> >it really is, at it's most basic. (It pretty nmuch is an OTP) - (It'll
> >still be far more secure than Rijndael).
> >
> >"pretty much an OTP" is a meaningless bloody term. For <insert some
> >figureheads name> sake why must sci.crypt go thru this every week.
> >
> >Either it is an OTP or it's NOTHING LIKE AN OTP. There is no
"quasi-otp".
> >
>
> The reason why I said "pretty much" is that it CAN be an OTP, if you wish
to use it as such....
You're funny. You don't get it do ya. Your system is either an OTP or it
is not. There is no "like an OTP".
If you had a half clue about crypto you would know that.
Tom
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: DSA, ECDSA, RSA
Date: Tue, 15 May 2001 17:11:40 -0400
The best way to analyze such algorithms is to look at the most
expensive operations that are used (mod exps are the most expensive,
then comes computing inverses, one mod mul or mod addition is cheap
and negligible compared to these other operations. Hash functions
are also cheap and negligible compared to mod exps.).
So in DSA you have a public generator g, and a public key
y = g^s mod p, corresponding to a private key s.
You work in the subgroup of order q of Z*_p, p and q
are publicly known. You also have a known hash function h.
Let us say that q is 160 bit long and that p is 1024 bits long.
To compute a signature on a message m, you pick a random
value k and compute A = g^k mod p,
then set B = k^{-1}*(h(m) + sA) mod q,
the signature is (A, B).
The verification is:
compute u = B^{-1}*h(m) mod q and v = A*B^{-1} mod q,
then verify if A = (g^u)*(y^v).
The verification works on legitimate signatures since
(g^u)*(y^v) = (g^{B^{-1}*h(m)}) * ((g^s)^{A*B^{-1})
= g^(B^{-1}(h(m) + s*A)
= g^(k*(h(m) + sA)^{-1} * (h(m) + sA))
= g^k = A
Now, the signature requires you to pick 1 random 160 bit
value (this can be expensive if you don't have easy access
to randomness) and to compute 1 mod exp (g^k mod p)
as well as 1 inverse mod q (k^{-1}), along with a multiplication
and an addition. So if you can get randomness in an efficient
matter, the most costly operation is the mod exp. Note
that you your exponent is of size 160 bits, this is about
1024/160 ~= 6.4 times faster then if you had a 1024 bit exponent.
Note as well that you can precompute these exponentiations
and inverses, (but also note that I think there might be a
patent on that).
The verification involves 1 inverse mod q and 2 mod p exps
(with 160 bit exponents).
Now let's look at RSA with a N = pq, N of size 1024 bits.
Signature on m is
h(m)^d mod p, where d is a secret, 1024 bit exponent.
Verification is checking if
(h(m)^d)^e mod p == 1
e is the verification key, it is such that e*d == 1 mod phi(n),
you can choose the private/public key pair so that e is small,
such as e = 3, in which case computing a^e is like computing
a*a*a, and is negligible to a "full" mod exp and verification
is super fast. Computing the signature is less efficient than
for DSA, the mod exp you do is with a 1024 bit exponent.
When you use elliptic curves, you usually talk in the additive
group notation. And the expensive operation becomes multiplication
of a point by a scalar. But a multiplication of a point by a
scalar can be made about 4 times more efficient than a mod exp
with a 160 bit q (with some patented technology), for a curve with
security comparable to that of a subgroup of order 160 bit with p
1024 bits.
Hope I gave you enaugh information and hints to work on what you
wanted to figure out.
-- Anton
Gary Silverman wrote:
>
> Without starting a religious war, could anyone comment on relative speed
> difference between the 3 NIST approaved digital sign algorithms? Please
> provide a reference if possible.
>
> For each, I'm interested in:
> signing speed
> verifying speed
>
> So, an example could be....
>
> RSA DSA ECDSA
> sign 14 10 8
> verify 2 20 4
>
> The numbers indicate the time it takes for the operation to be done.
>
> I realize that different implementations could alter actual performance
> (in addition to all of the other things like what OS, what kind of
> hardware, etc...). If anyone has experience using various platforms
> that would be great too. But, I'm more interested in performance due to
> the algorithm as opposed to the implementation.
>
> Thanks kindly,
>
> Gary
--
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: TC15 analysis
Date: Tue, 15 May 2001 21:31:46 GMT
"Scott Fluhrer" <[EMAIL PROTECTED]> wrote in message
news:9drhq3$vaa$[EMAIL PROTECTED]...
>
> Tom St Denis <[EMAIL PROTECTED]> wrote in message
> news:4zeL6.76746$[EMAIL PROTECTED]...
> > I started my analysis of TC15 (more than just poking). I am looking for
> low
> > hamming weight differentials (i.e low active sbox count).
> I just verified that there are no single round iterative differentials (at
> any probability level) with hamming weight 6 or less.
>
> My next step: two round iterative differentials...
Also I forgot to ask ... you are analyzing the May 12th copy right? (new
sbox copy).
Tom
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker,talk.politics.crypto
Subject: Re: OAP-L3: "The absurd weakness."
Date: Tue, 15 May 2001 21:39:24 GMT
Anthony Stephen Szopa wrote:
> Just do this one point. Or choose perhaps a simpler one like,
> "Scramble is a group" and tell us what you mean and how this
> somehow supports your claims.
Heck, i'm neither a mathematician nor a cryptographer, but I remember
what a group is from high-school algebra. Reading sci.crypt has taught
me why it's helpful if your encryption operations aren't groups.
If you don't know what a group is, maybe you should look it up, rather
than pretending the flaw isn't clearly expressed.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
This is top-quality raw fish, the Rolls-Rice of Sushi!
------------------------------
From: "EE Support" <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: taking your PC in for repair? WARNING: What will they find?
Date: Tue, 15 May 2001 22:33:35 +0100
By now you will have witnessed the mass hysteria about Evidence Eliminator.
Do you want to know why this is happening?
You are witnessing "Dis-Information" (propaganda)
Evidence Eliminator is a really easy-to-use one click program which is fully
proven to defeat all forensic analysis software.
It can defeat even the tools used by the US Secret Service, and the USA
Customs Service and LAPD.
You can get a copy of this software with a lifetime license for free
downloads. Everlasting protection available now.
Evidence Eliminator is so amazing you can even get a 30-day money back
guarantee on the software AND keycodes, protected by your credit card
company. You can buy total lifetime protection for just $149 - truly
incredible value.
Try Evidence Eliminator today and see why there are so many false messages
on the Internet telling you not to try it.
You have nothing to lose and everything to gain. We can clean your hard
drive so well that even the FBI-type software could not get evidence back
from it.
http://www.evidence-eliminator.com/main.shtml
--
Best Regards,
The Evidence Eliminator Support Team
http://www.evidence-eliminator.com/support.shtml
--
Technical Support Questions: Before submitting additional questions,
please make sure you have searched the Evidence Eliminator
KnowledgeBase online which can answer most questions instantly at
http://www.evidence-eliminator.com/support/kb/search.shtml
------------------------------
From: "EE Support" <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Evidence Eliminator works great. Beware anybody who claims it doesn't work
(propaganda)
Date: Tue, 15 May 2001 22:33:36 +0100
By now you will have witnessed the mass hysteria about Evidence Eliminator.
Do you want to know why this is happening?
You are witnessing "Dis-Information" (propaganda)
Evidence Eliminator is a really easy-to-use one click program which is fully
proven to defeat all forensic analysis software.
It can defeat even the tools used by the US Secret Service, and the USA
Customs Service and LAPD.
You can get a copy of this software with a lifetime license for free
downloads. Everlasting protection available now.
Evidence Eliminator is so amazing you can even get a 30-day money back
guarantee on the software AND keycodes, protected by your credit card
company. You can buy total lifetime protection for just $149 - truly
incredible value.
Try Evidence Eliminator today and see why there are so many false messages
on the Internet telling you not to try it.
You have nothing to lose and everything to gain. We can clean your hard
drive so well that even the FBI-type software could not get evidence back
from it.
http://www.evidence-eliminator.com/main.shtml
--
Best Regards,
The Evidence Eliminator Support Team
http://www.evidence-eliminator.com/support.shtml
--
Technical Support Questions: Before submitting additional questions,
please make sure you have searched the Evidence Eliminator
KnowledgeBase online which can answer most questions instantly at
http://www.evidence-eliminator.com/support/kb/search.shtml
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Probablistic Algorithms For Square Roots of QRs in Z/n
Date: Tue, 15 May 2001 17:49:16 -0400
Note that if p is prime and p = 3 mod 4, and a is a quadratic
residue mod p, then
a^{(p+1)/4} is a square root mod p of a.
For p = 1 mod 4, only probabilistic algorithms are known.
-- Anton
Don Leclair wrote:
>
> >Anyone have a heuristic or probabilistic Algorithm?
>
> As a previous poster remarked, there are fast algorithms when working a field of
> prime order. If the order is composite you have to factor it.
>
> For square roots in Z/p the Tonelli-Shanks algorithm is the best I've used.
>
> Search on Google for "tonelli shanks".
>
> It's probabilistic in that you have to find a quadratic nonresidue by guessing
> and calculating the Legendre symbol. In practice only a few tries are required.
>
> I have implemented it and it is very fast. The search on Google should turn up
> pseudo-code and/or source.
>
> Don Leclair
--
___________________________________
Anton Stiglic <[EMAIL PROTECTED]>
Software developer & Cryptologist.
Zero-Knowledge Systems Inc.
___________________________________
------------------------------
Date: 15 May 2001 21:46:35 -0000
From: Ahab <Use-Author-Address-Header@[127.1]>
Subject: Re: Evidence Eliminator works great. Beware anybody who claims it doesn't
work (propaganda)
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
=====BEGIN PGP SIGNED MESSAGE=====
Thought this was just another forged post, but look at the headers. Posted
from ntl in Nottingham. Actual official spam.
Spam report id 25014645 sent to: [EMAIL PROTECTED]
- --
Regards,
Ahab
ahab<at>nym<dot>alias<dot>net
#Ahab on DALnet
And on the third day, God said:
"Let there be div(D)=Pf, div(B)=0, curl(E)=-dB/dt, curl(H)=jf+dD/dt"
=====BEGIN PGP SIGNATURE=====
Version: N/A
iQEVAwUBOwGmkvQGip6C6USdAQFn3Qf+OenGwPlPG6lL+M6mrNAGoeTEJwzmh1d2
7gdgBmMvKnpNwLC/HO7lgm6KSEKOXpMs6qz0OoZPB6XxTmT7VP+qRUFWSqDlxiHK
/7KxUqVRS3+P8VeD/4dIyIE3sNnhiWGVBPw/Tdghp8ppv1OQCYSvEK6SmJvzWXww
rfRnTZVtxyCeebrRZkpMGwx81Bt9mH8ZFA1uZ1/G3HfqSFYrLaiQuJ6yjTJPbD3u
gDiKQ3OASYcAUqJtTiFDXxNUhSp6mnAg6vw1LB8bEOy+tAPSZ8soT1Fe16kMgyXa
6gwTcW2mp48hX5qIRpOU0ir2VeLtZhGJDOiyOc+xISJk+2ZYgk8ccA==
=wmxe
=====END PGP SIGNATURE=====
------------------------------
Date: 15 May 2001 21:48:30 -0000
From: Ahab <Use-Author-Address-Header@[127.1]>
Subject: Re: taking your PC in for repair? WARNING: What will they find?
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
=====BEGIN PGP SIGNED MESSAGE=====
Spam report id 25014753 sent to: [EMAIL PROTECTED]
- --
Regards,
Ahab
ahab<at>nym<dot>alias<dot>net
#Ahab on DALnet
And on the third day, God said:
"Let there be div(D)=Pf, div(B)=0, curl(E)=-dB/dt, curl(H)=jf+dD/dt"
=====BEGIN PGP SIGNATURE=====
Version: N/A
iQEVAwUBOwGm5PQGip6C6USdAQEB6wgAurNukVN+q7I9YuMPpt/QbivQV4wRxazD
uVCJ7FswD/Y902djg1GVxGW+q78bfPIOde71MCJfVoEnb6UyMKnKlUSPI9FS9Gnk
M8fdIm69wcAL9XkfQUXUSTEADq5PC41hAy+3OteXsL4iTk9LqbLGav4bLnOW343C
ibxeyxJ5hr/jDHa6CvIjqTyYNqg3mI8DP5+Li0R04wSB3I3VzZOsA2y4uoo3arcN
3+mwu3VfnwZKCVe+Chw8YDnZtOf9Xi4o8XqreOWpu+PLCFc5IkUGnYv9pOXn/bmg
8+Vp2CHjIVWvsOpz9jPAvPnbHsVXZHta2NnHerAfCtikH6+nEVDd8w==
=NDpV
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: alt.hacker,talk.politics.crypto
Subject: Re: OAP-L3: "The absurd weakness."
Date: Tue, 15 May 2001 22:05:37 GMT
On Tue, 15 May 2001 12:59:47 -0700, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote, in part:
>I can't discuss what you are talking about if you cannot
>communicate it.
Well, he did make one specific claim:
>>Yes, the fact that your method is almost totally unused does save you from
>>extensive analisys. If a government really wanted to beat your method, it would
>>NOT take long.( I'd attack the stored key files -- large unweildy and
>>vulnerable they are.
so he basically appears to admit your program is secure against an
attacker who can only intercept ciphertext (provided the person using
the program chooses to generate a large enough key file) but it leaves
information on the hard disk that can be used to crack messages. (In
comparison, in PGP, the copy of your secret key on the hard disk is
encrypted by a pass phrase.)
John Savard
http://home.ecn.ab.ca/~jsavard/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
