RE: One time pads

[Trei, Peter]

 David E. Weekly[SMTP:[EMAIL PROTECTED]]
 
 Naive question here, but what if you made multiple one time pads (XORing
 them all together to get your true key) and then sent the different pads
 via different mechanisms (one via FedEx, one via secure courier, one via
 your best friend)? Unless *all* were compromised, the combined key would
 still be secure.
 
 As for PKI being secure for 20,000 years, it sure as hell won't be if
 those
 million-qubit prototypes turn out to be worth their salt. Think more like
 5-10 years. In fact, just about everything except for OTP solutions will
 be
 totally, totally fucked. Which means that you should start thinking about
 using OTP *now* if you have secrets you'd like to keep past when an
 adversary of yours might have access to a quantum computer. I'd put 50
 years
 as an upper bound on that, 5 years as a lower.
 
 -d
 
Not quite right. My understanding is that quantum 
computing can effectively halve the length of a 
symmettric key, but that does not take it down to zero. 

Thus, a 256 bit key would, in a QC world, be as secure
as a 128 bit key today, which is to say, pretty good.

It's the asymmetric algorithms which have problems.

Peter

Re: For everything else, there's MasterCard.

[Steve Furlong]

On Wednesday 16 October 2002 15:41, Thoenen, Peter Mr. EPS wrote:
(re hunting people)
 If anything, this is more wasteful and degrading as you are not
 eating the meat...

Speak for yourself.

-- 
Steve FurlongComputer Condottiere   Have GNU, Will Travel

Vote Idiotarian --- it's easier than thinking

Re: Using mobile phone masts to track things

[Scribe]

Steve Schear wrote:
 At 06:33 PM 10/15/2002 +1300, [EMAIL PROTECTED] (Peter Gutmann) 
 wrote:
 
 Scribe [EMAIL PROTECTED] writes:

 The technology 'sees' the shapes made when radio waves emitted by 
 mobile
 phone masts meet an obstruction. Signals bounced back by immobile 
 objects,
 such as walls or trees, are filtered out by the receiver. This allows
 anything moving, such as cars or people, to be tracked. [snip]

 Isn't this what CDMA already does using RAKE receivers (different fingers
 track multiple signals, so it uses multipath as a feature rather than a
 problem). [snip]

 Yes, this is very similar to a RAKE receiver.  Its also similar to the 
 passive radar systems the U.S. recently accused a former Soviet republic 
 of selling to Iraq.  Passive radars are particularly good at spotting 
 current generation stealth aircraft.  Being passive, typically using 
 distant powerful shortwave broadcast signals, means its much harder to 
 spot the receiving sites.

Nice explanatory picture at... 
http://www.pcquest.com/content/technology/101081001.asp

The (over-a-year-old) article also states:
The downside is that you cant make out whether the plane is a spy plane 
or not.

However various companies are working on making it viable for detecting 
stealth aircraft. For instance, Roke Manor Research (www.roke.co.uk), 
UK-based has developed sensor technologies which can work with cellphone 
base stations to detect stealth aircraft.

Detecting moving objects is one (simple) thing. Tracking them while 
identifying the type of object (stealth plane vs civilian, motorbike vs 
car, etc) is a different issue, naturally.
What kind of resolution can be obtained from a few hundred meters (say, 
for mass-public-monitoring-services) if grounded base stations can make 
out high-altitude aircraft?

Further, are there any known defenses against this kind of passive 
technology yet? Solitary surveillance aircrafts would surely have a harder 
time achieving countermeasures than a person on a cellphone amongst a 
crowd of bystanders. Intereference? Decoys?

anonymity ok with Albertsons

[Major Variola (ret)]

The Sunnyvale Albertsons has those stupid loyalty cards again, after a
period without.
The card has a prominent Privacy Policy block, whose text is defeated by
the asterisked
italicized phrase, Except when compelled by law.

But amazingly, it has a box, too: I don't wish to fill out this form.
But please issue me an Albertson's Preferred Savings Card

Cool.

RE: For everything else, there's MasterCard.

[Trei, Peter]

 Thoenen, Peter  Mr.  EPS[SMTP:[EMAIL PROTECTED]]
 wrote:
 
 If you were a *enlightened* vegan, you would see this as no different that
 shooting a deer or eating a hamburger.  I believe they would argue animals
 don't consent to be killed for sport or food either.  If anything, this is
 more wasteful and degrading as you are not eating the meat...just pure
 sport.
 
If the sniper were non-human, they might have a case.
However, I am not. I am a human being, and value the lives of
members of my own species above those of non-humans.

 Not speaking my opinion here, but happen to live with a vegan who preaches
 to me the evils of my ways (mostly for humour now) at every meal.
 
Ah, but has he/she/it reached 5th level? They don't eat anything which
casts a shadow. http://207.195.217.127/vegontv/1995to1999.html

Peter

 -Peter
 
  From: Trei, Peter [mailto:[EMAIL PROTECTED]]
   Major Variola (ret)[SMTP:[EMAIL PROTECTED]] writes:
   Rifle and scope: $1,200
   Box of .223 Hollowpoint: $6.99
   Tarot Deck: $2.95
   Scoring an FBI analyst: priceless
   Some things are priceless.  For everything else, there's MasterCard.
   Dedicated to Eunice Squeal Like a Pig Stone
   
  I fail to see how anyone, anytime, anywhere, can support 
  the hunting of random non-consenting humans for sport.
  
  Peter Trei

Re: One time pads

[Bill Frantz]

At 7:52 AM -0700 10/16/02, David Howe wrote:
OTP is the best choice for something that must be secret for all time,
no matter what the expense.
anything that secure for 20,000 years will be sufficient for, go for
PKI instead :)

OTP is also good when:

(1) You can solve the key distribution problem.
(2) You need a system with a minimum of technology (e.g. no computers)
(3) You need high security.

The Solvet spies are a case in point.  The only incriminating evidence they
had with them was the pad itself.  Given the small size of their messages,
(they didn't throw Microsoft word files around), their pads could also be
physically small.  The necessary calculations could be performed with
pencil and paper, and the incriminating intermediate results burned.  And
the system, used correctly, provided high security.  Of course, when they
started using it as a Two Time Pad, the NSA was able to decode messages as
shown by the Verona intercepts.

Cheers - Bill


-
Bill Frantz   | The principal effect of| Periwinkle -- Consulting
(408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave.
[EMAIL PROTECTED] | fair use.  | Los Gatos, CA 95032, USA

RE: For everything else, there's MasterCard.

[Trei, Peter]

 Major Variola (ret)[SMTP:[EMAIL PROTECTED]] writes:
 
 Rifle and scope: $1,200
 Box of .223 Hollowpoint: $6.99
 Tarot Deck: $2.95
 Scoring an FBI analyst: priceless
 Some things are priceless.  For everything else, there's MasterCard.
 Dedicated to Eunice Squeal Like a Pig Stone
 
I fail to see how anyone, anytime, anywhere, can support 
the hunting of random non-consenting humans for sport.

Peter Trei

sniping as performance art

[Major Variola (ret)]

 From: Trei, Peter [EMAIL PROTECTED]
 I fail to see how anyone, anytime, anywhere, can support
 the hunting of random non-consenting humans for sport.

Maybe its a PETA activist making a point...

COG in the news

[Declan McCullagh]

today...

GOVERNMENT OPERATIONS
The American Enterprise Institute for Public Policy Research (AEI) and the 
Brookings Institution (BI)
2nd and final meeting of the Continuity of Government Commission to
formulate recommenditions for the countinuty of the three branches
of government in the event of a terrorist attack.
Location: BI, 1775 Massachusetts Ave., NW. 10 a.m.
Contact: Carrie Rieger, 202-862-7164; e-mail, [EMAIL PROTECTED];
 http://www.aei.org/inv021016.htm

Schneier on the commons

[Marcel Popescu]

Security is a commons.  Like air and water and radio spectrum, any
individual's use of it affects us all.  The way to prevent people from
abusing a commons is to regulate it.  Companies didn't stop dumping
toxic wastes into rivers because the government asked them
nicely.  Companies stopped because the government made it illegal to do
so.

Would someone please explain him the wonderful invention called private
property, and the way it solves the tragedy of the commons?

Mark

Re: One time pads

[David Howe]

at Wednesday, October 16, 2002 2:01 PM, Sarad AV
[EMAIL PROTECTED] was seen to say:
 Though it has a large key length greater than or equal
 to the plain text,why would it be insecure if we can
 use a good pseudo random number generators,store the
 bits produced on a taper proof medium.
because you have replaced a OTP (provably secure) with a PRNG stream
cypher (only as secure as the PRNG). he isn't saying that stream cyphers
can't be secure - just that they aren't OTP.
There is also no point in distributing the output of a PRNG as a
tamperproof tape - you just run the PRNG at both sides, in sync.
if you use a *real* RNG, then you can do the tape disribution thing and
it *will* be a OTP - but its the tape distribution that is the difficult
bit (as he points out in the article)

 why do we always have to rely on the internet for
 sending the pad?If it is physically carried to the
 receiver we can say for sure if P or R is intercepted.
two obvious points are
1. it isn't aways possible to ensure secure delivery - if a courier is
compromised or falls asleep and the tape is substituted with another,
a mitm attack can be made transparently.
2. if the parties are physically remote, they may not have time to
exchange tapes securely; unless there is a airplane link directly or
indirectly between the sites, it may be days or weeks in transit.

 can some one answer the issues involved that one time
 pads is not a good choice.
OTP is the best choice for something that must be secret for all time,
no matter what the expense.
anything that secure for 20,000 years will be sufficient for, go for
PKI instead :)

Re: Using mobile phone masts to track things

[Steve Schear]

At 06:33 PM 10/15/2002 +1300, [EMAIL PROTECTED] (Peter Gutmann) wrote:
Scribe [EMAIL PROTECTED] writes:

 The technology 'sees' the shapes made when radio waves emitted by mobile
 phone masts meet an obstruction. Signals bounced back by immobile objects,
 such as walls or trees, are filtered out by the receiver. This allows
 anything moving, such as cars or people, to be tracked. Previously, radar
 needed massive fixed equipment to work and transmissions from mobile phone
 masts were thought too weak to be useful.

Isn't this what CDMA already does using RAKE receivers (different fingers
track multiple signals, so it uses multipath as a feature rather than a
problem).  Presumably, with rather more signal processing than is simply used
to improve signal quality, it'd be possible to use the capability to track
interfering objects.


Yes, this is very similar to a RAKE receiver.  Its also similar to the 
passive radar systems the U.S. recently accused a former Soviet republic of 
selling to Iraq.  Passive radars are particularly good at spotting current 
generation stealth aircraft.  Being passive, typically using distant 
powerful shortwave broadcast signals, means its much harder to spot the 
receiving sites.

steve

Re: One time pads

[David E. Weekly]

Naive question here, but what if you made multiple one time pads (XORing
them all together to get your true key) and then sent the different pads
via different mechanisms (one via FedEx, one via secure courier, one via
your best friend)? Unless *all* were compromised, the combined key would
still be secure.

As for PKI being secure for 20,000 years, it sure as hell won't be if those
million-qubit prototypes turn out to be worth their salt. Think more like
5-10 years. In fact, just about everything except for OTP solutions will be
totally, totally fucked. Which means that you should start thinking about
using OTP *now* if you have secrets you'd like to keep past when an
adversary of yours might have access to a quantum computer. I'd put 50 years
as an upper bound on that, 5 years as a lower.

-d


- Original Message -
From: David Howe [EMAIL PROTECTED]
To: Email List: Cypherpunks [EMAIL PROTECTED]
Sent: Wednesday, October 16, 2002 7:52 AM
Subject: Re: One time pads


 at Wednesday, October 16, 2002 2:01 PM, Sarad AV
 [EMAIL PROTECTED] was seen to say:
  Though it has a large key length greater than or equal
  to the plain text,why would it be insecure if we can
  use a good pseudo random number generators,store the
  bits produced on a taper proof medium.
 because you have replaced a OTP (provably secure) with a PRNG stream
 cypher (only as secure as the PRNG). he isn't saying that stream cyphers
 can't be secure - just that they aren't OTP.
 There is also no point in distributing the output of a PRNG as a
 tamperproof tape - you just run the PRNG at both sides, in sync.
 if you use a *real* RNG, then you can do the tape disribution thing and
 it *will* be a OTP - but its the tape distribution that is the difficult
 bit (as he points out in the article)

  why do we always have to rely on the internet for
  sending the pad?If it is physically carried to the
  receiver we can say for sure if P or R is intercepted.
 two obvious points are
 1. it isn't aways possible to ensure secure delivery - if a courier is
 compromised or falls asleep and the tape is substituted with another,
 a mitm attack can be made transparently.
 2. if the parties are physically remote, they may not have time to
 exchange tapes securely; unless there is a airplane link directly or
 indirectly between the sites, it may be days or weeks in transit.

  can some one answer the issues involved that one time
  pads is not a good choice.
 OTP is the best choice for something that must be secret for all time,
 no matter what the expense.
 anything that secure for 20,000 years will be sufficient for, go for
 PKI instead :)

Mixmaster 2.9b40 released

[Len Sassaman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

The Mixmaster development team is pleased to announce the release of
Mixmaster 2.9b40. This release is expected to become Mixmaster 2.9rc1.

We believe this to be the most stable release of Mixmaster 2.9-beta to
date. Further development on Mixmaster 2.9.0 is frozen. Unless there are
major client security issues or server security or reliability issues
discovered in this release, we will proceed with the release process for
Mixmaster 2.9.

If you discover any issues that need to be addressed before the rc
releases, please report them either via the SourceForge bug tracker, or on
the mixmaster-devel mailing list.

Source files are available at http://www.sf.net/projects/mixmaster and
ftp://mixmaster.anonymizer.com.

Development on Mixmaster 3.0 is ongoing. Thanks to everyone who has
contributed to this project!


- --Len.








-BEGIN PGP SIGNATURE-
Comment: OpenPGP Encrypted Email Preferred.

iQIVAwUBPa3BCkoKgUld5ID8AQKOww/9HhEKPyShTuXraiBev5awCFIJJI8BPlwP
m3HM9lS7YM4dqJND905MycTEg73ljJrVJ9NsszbBVosa5p0YRWnA+edR50PqRDhU
ENWj59R+Cj+/yBHXZ0JRY2twrIXCxti2/7CsjMyQAuo7MPrZ4LuRG6MLFXZvPrCz
QQVhYO0QARY9HI2xFWNI9UBfsJvS4Zv0gEucV49DMDjkFSDoSETxBY8cZ+VzmVRx
vorwZKdQix4T+JVD8ynkUnhYLq/nw/ny0QhuIrhzgl9rDBUAhq2TsxdHehJuyKrL
Aj7AP0UhbxikqnCW7XK6VwaZLOCBEkQkjcjVr4GcoM233KLgAKRdXELewMBFq+ir
4c6KdQleuoIBtFhGQQohC4iHGfbc3S9rIgF6MuiqSr6vWcAaKm4dhzv0vAytL+Yl
+Rp3L50mFks2CDN7z0h/6UJmLfkgocXM2O6xHa7hd3EvbT0Lmh5L/0d+1GMmSdwL
mTOjIbq1jBIwWjYlGmplyfkUCLGp9Dlv+7WRO0ginL3uYVxdTBKvjzQyZOOV8ZoQ
VdENZCAw3ZwFu7Vy6ZufKnUPwDs2Iq5xyXEDHVkwHuxUEz9T4PuPDMewTv0h8/qQ
Axjr6bIq5smxK2pXMkplKgWrkzHAkHZ7Qpw5Im8VCDfz6gsgaRhFnqGvhzHNcxBt
MpOjZZiPOvQ=
=kY0/
-END PGP SIGNATURE-

One time pads

[Sarad AV]

hi,

An extract frm this months cryptogram goes as below.


On the other hand, if you ever find a product that
actually uses a one-time pad, it is almost certainly
unusable and/or insecure.
So, let me summarize.  One-time pads are useless for
all but very specialized applications, primarily
historical and non-computer.  And almost any system
that uses a one-time pad is insecure.  It will claim 
to use a one-time pad, but actually use a two-time pad
(oops).  Or it will claims to use a one-time pad, but
actually use a steam cipher.  Or it will use a
one-time pad, but won't deal with message
re-snchronization and re-transmission attacks.  Or it
will ignore 
message authentication, and be susceptible to
bit-flipping attacks and 
the like.  Or it will fall prey to keystream reuse
attacks.  Etc., 
etc., etc.
-

Though it has a large key length greater than or equal
to the plain text,why would it be insecure if we can
use a good pseudo random number generators,store the
bits produced on a taper proof medium.

how about this way

P=Plain text 
C=Cipher text 
R=Pseudo random bits(the pad)

To transmit a secret frm point A to Point B 

Choose ur agent-Send cipher text(C) to B. 
If( Cipher text C is intercepted,do not send R.) 

without R, C cannot be decrypted 

Else(If C is securely transmitted to point B,choose an
agent and send R to point B) 

If R is intercepted the secret remains safe,since they
donot have C. 
If initially C was intercepted ,R is not send,another
pad is chosen. 

It is assumed that the agent is trust worthy.Also the
agent has to send receipt 
for the safe arrival of C at point B before R is
transmitted. 
It is also assumed that cryptographical secure pseudo
random numbers are use. 


Cryptography does not address the problem of dishonest
users-does it?

The difficulty for attaining highest security is more.

why do we always have to rely on the internet for
sending the pad?If it is physically carried to the
receiver we can say for sure if P or R is intercepted.


can some one answer the issues involved that one time
pads is not a good choice.
Thank you

Regards Sarath.

__
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos  More
http://faith.yahoo.com

For everything else, there's MasterCard.

[Major Variola (ret)]

Rifle and scope: $1,200
Box of .223 Hollowpoint: $6.99
Tarot Deck: $2.95
Scoring an FBI analyst: priceless

Some things are priceless.  For everything else, there's MasterCard.

---
Dedicated to Eunice Squeal Like a Pig Stone

Re: commericial software defined radio (to 30 Mhz, RX only)

[Morlock Elloi]

Does this run on linux? 

Also, if regular cheapo PC sounboards can digitize 30 MHz (and Nyquist says
this requires 60 MHz sampling rate) then some product managers need ...
flogging.



=
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Faith Hill - Exclusive Performances, Videos  More
http://faith.yahoo.com

RE: One time pads and Quantum Computers

[Bill Stewart]

  David E. Weekly[SMTP:[EMAIL PROTECTED]]
  As for PKI being secure for 20,000 years, it sure as hell won't be if
  those million-qubit prototypes turn out to be worth their salt.
  Think more like 5-10 years. In fact, just about everything except
  for OTP solutions will be totally, totally fucked.

At 02:50 PM 10/16/2002 -0400, Trei, Peter wrote:
Not quite right. My understanding is that quantum
computing can effectively halve the length of a
symmettric key, but that does not take it down to zero.
Thus, a 256 bit key would, in a QC world, be as secure
as a 128 bit key today, which is to say, pretty good.
It's the asymmetric algorithms which have problems.

Yeah.  What we have to do for that is start thinking about ways
to apply Kerberos and similar technologies to real-world problems
besides the inside-an-organization ones they were originally designed for.

  David E. Weekly[SMTP:[EMAIL PROTECTED]]
  Which means that you should start thinking about
  using OTP *now* if you have secrets you'd like to keep past when an
  adversary of yours might have access to a quantum computer. ...

OTPs won't help a bit for that problem.
They're fine for transmitting new data if you've already sent a pad,
but they're useless for storing secrets, because you can only decrypt
something if you've got the pad around, and you have to burn the pad after 
use.
Storing the encrypted secret message on your regular computers
while keeping the pad locked up in the safe is unlikely to be
any more convenient than keeping the plaintext locked up in the safe.
I suppose you could secret-share a one-time-pad,
but you could just as easily secret-share the secret message.

Re: commericial software defined radio (to 30 Mhz, RX only)

[Harmon Seaver]

   Does this run on linux? 


On Tue, Oct 15, 2002 at 02:40:33PM -0700, Major Variola (ret) wrote:
 The WR-G303i is the first of our G3
  Series of software defined receivers.
 
  A Software Defined Receiver (SDR) is
  such where demodulation and last IF
   (intermediate frequency) processing are done entirely in
   software. Usually this means using a DSP, but in the case of
   the G303i, this processing is done on a personal computer
   using a sound card (most modern PCs are now faster and
   more powerful than many DSPs were only a few years
   ago). So, if you own a PC, the chances are that you already
   own an important part of a Software Defined Receiver!
 
 http://www.grove-ent.com/WR303i.html
 
 Technical Specifications
 
 
Frequency
range
  9 kHz to 30 MHz
Tuning
resolution
  1 Hz
Modes
  AM, AMN, AMS, LSB,
  USB, CW, FM3, FM6,
  FMN
  (The optional Professional
  Demodulator also includes
  DSB and ISB modes.)

-- 
Harmon Seaver   
CyberShamanix
http://www.cybershamanix.com

War is just a racket ... something that is not what it seems to the
majority of people. Only a small group knows what its about. It is
conducted for the benefit of the very few at the expense of the
masses.  --- Major General Smedley Butler, 1933

Our overriding purpose, from the beginning through to the present
day, has been world domination - that is, to build and maintain the
capacity to coerce everybody else on the planet: nonviolently, if
possible, and violently, if necessary. But the purpose of US foreign
policy of domination is not just to make the rest of the world jump
through hoops; the purpose is to faciliate our exploitation of
resources.
- Ramsey Clark, former US Attorney General
http://www.thesunmagazine.org/bully.html

Re: One time pads and Quantum Computers

[David E. Weekly]

   David E. Weekly[SMTP:[EMAIL PROTECTED]]
   Which means that you should start thinking about
   using OTP *now* if you have secrets you'd like to keep past when an
   adversary of yours might have access to a quantum computer. ...

 OTPs won't help a bit for that problem.
 They're fine for transmitting new data if you've already sent a pad,
 but they're useless for storing secrets, because you can only decrypt
 something if you've got the pad around, and you have to burn the pad after
 use.

Yes, sorry -- I should have clarified as you should start thinking about
encrypting data transmissions using OTP *now* if you'd like to send secrets
you'd like to keep... -- destroying both pads after transmission should be
obvious. I wasn't attempting to address secure data storage.

-d

Re: One time pads

[Sam Ritchie]

ACTUALLY, quantum computing does more than just halve the effective key
length. With classical computing, the resources required to attack a given
key grow exponentially with key length. (a 128-bit key has 2^128
possibilities, 129 has 2^129, etc. etc. you all know this...)
With quantum computing, however, the complexity of an attack grows only
polynomially. Hence a MUCH MUCH more agreeable time frame for brute force
attacks. Good stuff, eh?
~~SAM

 From: Trei, Peter [EMAIL PROTECTED]
 Date: Wed, 16 Oct 2002 14:50:03 -0400
 To: David Howe [EMAIL PROTECTED], Email List: Cypherpunks
 [EMAIL PROTECTED], 'David E. Weekly' [EMAIL PROTECTED]
 Subject: RE: One time pads
 
 David E. Weekly[SMTP:[EMAIL PROTECTED]]
 
 Naive question here, but what if you made multiple one time pads (XORing
 them all together to get your true key) and then sent the different pads
 via different mechanisms (one via FedEx, one via secure courier, one via
 your best friend)? Unless *all* were compromised, the combined key would
 still be secure.
 
 As for PKI being secure for 20,000 years, it sure as hell won't be if
 those
 million-qubit prototypes turn out to be worth their salt. Think more like
 5-10 years. In fact, just about everything except for OTP solutions will
 be
 totally, totally fucked. Which means that you should start thinking about
 using OTP *now* if you have secrets you'd like to keep past when an
 adversary of yours might have access to a quantum computer. I'd put 50
 years
 as an upper bound on that, 5 years as a lower.
 
 -d
 
 Not quite right. My understanding is that quantum
 computing can effectively halve the length of a
 symmettric key, but that does not take it down to zero.
 
 Thus, a 256 bit key would, in a QC world, be as secure
 as a 128 bit key today, which is to say, pretty good.
 
 It's the asymmetric algorithms which have problems.
 
 Peter