Re: Run a remailer, go to jail?
http://www.freedom-to-tinker.com/archives/000336.html Quoting: Here is one example of the far-reaching harmful effects of these bills. Both bills would flatly ban the possession, sale, or use of technologies that conceal from a communication service provider ... the existence or place of origin or destination of any communication. Let's not be hasty. On the upside, it would outlaw NAT! - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Keysigning @ CFP2003
I must be out of touch - since when did PGP key signing require a photo id? It's rather efficient if you want to sign a large number of keys of people you mostly do not know personally. Assuming, of course, that the ID is of a sort for which you have an is-a-forgery oracle. Has anyone ever weighted a PGP key's certification value as a function of how many keys it's know to have certified? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: AES-128 keys unique for fixed plaintext/ciphertext pair?
... We can ask what is the probability of a collision between f and g, i.e. that there exists some value, x, in S such that f(x) = g(x)? But then you didn't answer your own question. You gave the expected number of collisions, but not the probability that at least one exists. That probability the sum over k from 1 to 2^128 of (-1)^(k+1)/k!, or about as close to 1-1/e as makes no difference. But here's the more interesting question. If S = Z/2^128 and F is the set of all bijections S-S, what is the probability that a set G of 2^128 randomly chosen members of F contains no two functions f1, f2 such that there exists x in S such that f1(x) = f2(x)? G is a relatively miniscule subset of F but I'm thinking that the fact that |G| = |S| makes the probability very, very small. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Micropayments, redux
No, it doesn't. It doesn't take unlimited time for lottery-based payment schemes to average out; finite time suffices to get the schemes to average out to within any desired error ratio. Strictly speaking, the average will come within your error tolerance of the expected value *with probability near 1*. In an infinite number of trials, it will come within your tolerance *with probability 1*. Neither case is a guarantee that it will come that close to the expected value. The expected risk-to-revenue ratio goes down like 1/sqrt(N), where N is the number of transactions. Consequently, it's easy for banks to ensure that the system will adequately protect their interests. Expected, yes. But the absolute upper bound on loss does not. These quibbles may be of interest only to mathematicians and insurers. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: M-209 for sale on EBay
There's an M-209 for sale on EBay: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=726499988 Interestingly enough, some people are blocked for legal reasons from getting to it. Even more interestingly, connecting from a Department of Energy network IP address with a .gov domain name gets me a message about blocked due to legal restrictions in your home country. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cryptographic privacy protection in TCPA
The basic idea of using zero-knowledge proofs to create an unlikable anonymous credentials system ... [sic] ! - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: building a true RNG
2) I can't prove that a standard hash function such as SHA1 generates all possible codes, but I consider it likely. It would be quite shocking if a strong hash function such as SHA1 generated fewer codes than a weak function such as H0. I think you could do a probabilistic proof similar to the DES is not a group quasi-proof. To test a hash function h() whose range is S, let F be the set of balanced functions from S - {0, 1}. (Balanced meaning that each f in F maps exactly half of S to 0 and half to 1.) If you can contrive to choose many members of F at random, and compose them with h for many arguments of h, you should be able to set confidence limits on how much of S is covered by h. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Quantum crypto broken?
The Oxford announcement doesn't present quite the risk implied. Cloning in their case results in an energy loss of 1/2 which is easily detected through various means including error rate. You have to conserve of energy ... Excuse me. If you duplicate the input photon, you duplicate its wavelength as well as its polarization state. Therefore you have two output photons each of the same energy as the original. The energy is supplied by the excitation of the atoms in the crystal. Think of it as a toned-down laser. Every now and then, your duplicator must absorb other otherwise scatter an input photon, but I'm sure you needn't lose 1/2 of them. But I agree that the use of this device can be detected by the communicating parties. Matt Crawford (former quantum mechanic) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Schneier on Bernstein factoring machine
Businesses today could reasonably be content with their 1024-bit keys, and military institutions and those paranoid enough to fear from them should have upgraded years ago. To me, the big news in Lucky Green's announcement is not that he believes that Bernstein's research is sufficiently worrisome as to warrant revoking his 1024-bit keys; it's that, in 2002, he still has 1024-bit keys to revoke. Does anyone else notice the contradiction in these two paragraphs? First Bruce says that businesses can reasonably be content with 1024 bit keys, then he appears shocked that Lucky Green still has a 1024 bit key? Why is it so awful for Lucky to still have a key of this size, if 1024 bit keys are good enough to be reasonably content about? No contradiction at all. [M]ilitary institutions and those paranoid enough to fear from them should have upgraded years ago. Anyone paranoid enough to think Bernstein's back-of-the-very-large-envelope calculation makes a 1024-bit key insecure should have already been concerned enough to think that SOMEthing would do so. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [linux-elitists] Re: Looking back ten years: AnotherCypherpunksfailure (fwd)
There are other problems with using IPsec for VoIP.. In many cases you are sending a large number of rather small packets of data. In this case, the extra overhead of ESP can potentially double the size of your data. HOW small? You'd already be adding IP+UDP+RTP headers (20 [or 40] + 8 + 12 = 40 [or 60] bytes). Using ESP with authentication would add another 22, plus possible explicit IV and padding, if needed -- call it 30? 20ms of uncompressed telephone quality data is 160 bytes ... - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Stego applications for other file types
I think there must be some sort of steganography tools in the Microsoft Office Suite. I say this because people often tell me they are sending me a Word or Powerpoint file with important information in it, but I've yet to discover any. :-) [Moderator's note: I couldn't resist forwarding it. --Perry] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
Is there even development on the PGP (product) line? AFAIK they (NAI) have not release PGP 7.x in source form. Worse, there are a couple of bugs I found in 6.5.8 when I was porting it to Tru64, but who knows if anyone is listening over at NAI. Years ago I bought a few copies of commercial PGP with support. I sent in three separate bug reports, some of them dead simple to reproduce, and never got anything back except placebo talk. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: CFP: PKI research workshop
As I never tire of saying, PKI is the ATM of security. Meaning that has a certain niche relevance, but is claimed by proponents to be the answer to every need, and is the current magic word for shaking the money tree. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: FBI-virus software cracks encryption wall
If they only cover Windoze (which is likely) the result will be that the criminal / paranoid / privacy freak / hacker community will just plain migrate to another OS... Which would be good for the world, don't you think? When outlaws use Linux, Linux will be outlawed. And I'm not being entirely facetious -- the US has a long history of things being criminalized only after groups in low favor took them up. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Which internet services were used?
A german TV news magazine (ZDF spezial) just mentioned that the terrorists prepared and coordinated also by using the internet, but no details were told. [Moderator: I've listened to virtually all the news conferences made so far. The FBI has yet to make any such statement. The only details I've heard are that the terrorists have elaborate web sites to recruit and solicit donations. Far short of operational use of the internet. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Did the US defeat wiretapping success?
Senator Hatch was interviewed by national media on Tuesday and stated that the US government had voice intercepts of calls talking about success with two targets. He was later criticized for talking about the intercepts. Hm, criticized? Why not indicted? (a) Whoever knowingly and willfully communicates, furnishes, [ ... 18 USC 798 ...] Depends where he said it. They shall in all cases, except treason, felony and breach of the peace, be privileged from arrest during their attendance at the session of their respective Houses, and in going to and returning from the same; and for any speech or debate in either House, they shall not be questioned in any other place. - Article 1, Section 6 Somehow I doubt that it was not a speech or debate in the senate. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]