RE: One time pads
David E. Weekly[SMTP:[EMAIL PROTECTED]] Naive question here, but what if you made multiple one time pads (XORing them all together to get your true key) and then sent the different pads via different mechanisms (one via FedEx, one via secure courier, one via your best friend)? Unless *all* were compromised, the combined key would still be secure. As for PKI being secure for 20,000 years, it sure as hell won't be if those million-qubit prototypes turn out to be worth their salt. Think more like 5-10 years. In fact, just about everything except for OTP solutions will be totally, totally fucked. Which means that you should start thinking about using OTP *now* if you have secrets you'd like to keep past when an adversary of yours might have access to a quantum computer. I'd put 50 years as an upper bound on that, 5 years as a lower. -d Not quite right. My understanding is that quantum computing can effectively halve the length of a symmettric key, but that does not take it down to zero. Thus, a 256 bit key would, in a QC world, be as secure as a 128 bit key today, which is to say, pretty good. It's the asymmetric algorithms which have problems. Peter
Re: For everything else, there's MasterCard.
On Wednesday 16 October 2002 15:41, Thoenen, Peter Mr. EPS wrote: (re hunting people) If anything, this is more wasteful and degrading as you are not eating the meat... Speak for yourself. -- Steve FurlongComputer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking
Re: Using mobile phone masts to track things
Steve Schear wrote: At 06:33 PM 10/15/2002 +1300, [EMAIL PROTECTED] (Peter Gutmann) wrote: Scribe [EMAIL PROTECTED] writes: The technology 'sees' the shapes made when radio waves emitted by mobile phone masts meet an obstruction. Signals bounced back by immobile objects, such as walls or trees, are filtered out by the receiver. This allows anything moving, such as cars or people, to be tracked. [snip] Isn't this what CDMA already does using RAKE receivers (different fingers track multiple signals, so it uses multipath as a feature rather than a problem). [snip] Yes, this is very similar to a RAKE receiver. Its also similar to the passive radar systems the U.S. recently accused a former Soviet republic of selling to Iraq. Passive radars are particularly good at spotting current generation stealth aircraft. Being passive, typically using distant powerful shortwave broadcast signals, means its much harder to spot the receiving sites. Nice explanatory picture at... http://www.pcquest.com/content/technology/101081001.asp The (over-a-year-old) article also states: The downside is that you cant make out whether the plane is a spy plane or not. However various companies are working on making it viable for detecting stealth aircraft. For instance, Roke Manor Research (www.roke.co.uk), UK-based has developed sensor technologies which can work with cellphone base stations to detect stealth aircraft. Detecting moving objects is one (simple) thing. Tracking them while identifying the type of object (stealth plane vs civilian, motorbike vs car, etc) is a different issue, naturally. What kind of resolution can be obtained from a few hundred meters (say, for mass-public-monitoring-services) if grounded base stations can make out high-altitude aircraft? Further, are there any known defenses against this kind of passive technology yet? Solitary surveillance aircrafts would surely have a harder time achieving countermeasures than a person on a cellphone amongst a crowd of bystanders. Intereference? Decoys?
anonymity ok with Albertsons
The Sunnyvale Albertsons has those stupid loyalty cards again, after a period without. The card has a prominent Privacy Policy block, whose text is defeated by the asterisked italicized phrase, Except when compelled by law. But amazingly, it has a box, too: I don't wish to fill out this form. But please issue me an Albertson's Preferred Savings Card Cool.
RE: For everything else, there's MasterCard.
Thoenen, Peter Mr. EPS[SMTP:[EMAIL PROTECTED]] wrote: If you were a *enlightened* vegan, you would see this as no different that shooting a deer or eating a hamburger. I believe they would argue animals don't consent to be killed for sport or food either. If anything, this is more wasteful and degrading as you are not eating the meat...just pure sport. If the sniper were non-human, they might have a case. However, I am not. I am a human being, and value the lives of members of my own species above those of non-humans. Not speaking my opinion here, but happen to live with a vegan who preaches to me the evils of my ways (mostly for humour now) at every meal. Ah, but has he/she/it reached 5th level? They don't eat anything which casts a shadow. http://207.195.217.127/vegontv/1995to1999.html Peter -Peter From: Trei, Peter [mailto:[EMAIL PROTECTED]] Major Variola (ret)[SMTP:[EMAIL PROTECTED]] writes: Rifle and scope: $1,200 Box of .223 Hollowpoint: $6.99 Tarot Deck: $2.95 Scoring an FBI analyst: priceless Some things are priceless. For everything else, there's MasterCard. Dedicated to Eunice Squeal Like a Pig Stone I fail to see how anyone, anytime, anywhere, can support the hunting of random non-consenting humans for sport. Peter Trei
Re: One time pads
At 7:52 AM -0700 10/16/02, David Howe wrote: OTP is the best choice for something that must be secret for all time, no matter what the expense. anything that secure for 20,000 years will be sufficient for, go for PKI instead :) OTP is also good when: (1) You can solve the key distribution problem. (2) You need a system with a minimum of technology (e.g. no computers) (3) You need high security. The Solvet spies are a case in point. The only incriminating evidence they had with them was the pad itself. Given the small size of their messages, (they didn't throw Microsoft word files around), their pads could also be physically small. The necessary calculations could be performed with pencil and paper, and the incriminating intermediate results burned. And the system, used correctly, provided high security. Of course, when they started using it as a Two Time Pad, the NSA was able to decode messages as shown by the Verona intercepts. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
RE: For everything else, there's MasterCard.
Major Variola (ret)[SMTP:[EMAIL PROTECTED]] writes: Rifle and scope: $1,200 Box of .223 Hollowpoint: $6.99 Tarot Deck: $2.95 Scoring an FBI analyst: priceless Some things are priceless. For everything else, there's MasterCard. Dedicated to Eunice Squeal Like a Pig Stone I fail to see how anyone, anytime, anywhere, can support the hunting of random non-consenting humans for sport. Peter Trei
sniping as performance art
From: Trei, Peter [EMAIL PROTECTED] I fail to see how anyone, anytime, anywhere, can support the hunting of random non-consenting humans for sport. Maybe its a PETA activist making a point...
COG in the news
today... GOVERNMENT OPERATIONS The American Enterprise Institute for Public Policy Research (AEI) and the Brookings Institution (BI) 2nd and final meeting of the Continuity of Government Commission to formulate recommenditions for the countinuty of the three branches of government in the event of a terrorist attack. Location: BI, 1775 Massachusetts Ave., NW. 10 a.m. Contact: Carrie Rieger, 202-862-7164; e-mail, [EMAIL PROTECTED]; http://www.aei.org/inv021016.htm
Schneier on the commons
Security is a commons. Like air and water and radio spectrum, any individual's use of it affects us all. The way to prevent people from abusing a commons is to regulate it. Companies didn't stop dumping toxic wastes into rivers because the government asked them nicely. Companies stopped because the government made it illegal to do so. Would someone please explain him the wonderful invention called private property, and the way it solves the tragedy of the commons? Mark
Re: One time pads
at Wednesday, October 16, 2002 2:01 PM, Sarad AV [EMAIL PROTECTED] was seen to say: Though it has a large key length greater than or equal to the plain text,why would it be insecure if we can use a good pseudo random number generators,store the bits produced on a taper proof medium. because you have replaced a OTP (provably secure) with a PRNG stream cypher (only as secure as the PRNG). he isn't saying that stream cyphers can't be secure - just that they aren't OTP. There is also no point in distributing the output of a PRNG as a tamperproof tape - you just run the PRNG at both sides, in sync. if you use a *real* RNG, then you can do the tape disribution thing and it *will* be a OTP - but its the tape distribution that is the difficult bit (as he points out in the article) why do we always have to rely on the internet for sending the pad?If it is physically carried to the receiver we can say for sure if P or R is intercepted. two obvious points are 1. it isn't aways possible to ensure secure delivery - if a courier is compromised or falls asleep and the tape is substituted with another, a mitm attack can be made transparently. 2. if the parties are physically remote, they may not have time to exchange tapes securely; unless there is a airplane link directly or indirectly between the sites, it may be days or weeks in transit. can some one answer the issues involved that one time pads is not a good choice. OTP is the best choice for something that must be secret for all time, no matter what the expense. anything that secure for 20,000 years will be sufficient for, go for PKI instead :)
Re: Using mobile phone masts to track things
At 06:33 PM 10/15/2002 +1300, [EMAIL PROTECTED] (Peter Gutmann) wrote: Scribe [EMAIL PROTECTED] writes: The technology 'sees' the shapes made when radio waves emitted by mobile phone masts meet an obstruction. Signals bounced back by immobile objects, such as walls or trees, are filtered out by the receiver. This allows anything moving, such as cars or people, to be tracked. Previously, radar needed massive fixed equipment to work and transmissions from mobile phone masts were thought too weak to be useful. Isn't this what CDMA already does using RAKE receivers (different fingers track multiple signals, so it uses multipath as a feature rather than a problem). Presumably, with rather more signal processing than is simply used to improve signal quality, it'd be possible to use the capability to track interfering objects. Yes, this is very similar to a RAKE receiver. Its also similar to the passive radar systems the U.S. recently accused a former Soviet republic of selling to Iraq. Passive radars are particularly good at spotting current generation stealth aircraft. Being passive, typically using distant powerful shortwave broadcast signals, means its much harder to spot the receiving sites. steve
Re: One time pads
Naive question here, but what if you made multiple one time pads (XORing them all together to get your true key) and then sent the different pads via different mechanisms (one via FedEx, one via secure courier, one via your best friend)? Unless *all* were compromised, the combined key would still be secure. As for PKI being secure for 20,000 years, it sure as hell won't be if those million-qubit prototypes turn out to be worth their salt. Think more like 5-10 years. In fact, just about everything except for OTP solutions will be totally, totally fucked. Which means that you should start thinking about using OTP *now* if you have secrets you'd like to keep past when an adversary of yours might have access to a quantum computer. I'd put 50 years as an upper bound on that, 5 years as a lower. -d - Original Message - From: David Howe [EMAIL PROTECTED] To: Email List: Cypherpunks [EMAIL PROTECTED] Sent: Wednesday, October 16, 2002 7:52 AM Subject: Re: One time pads at Wednesday, October 16, 2002 2:01 PM, Sarad AV [EMAIL PROTECTED] was seen to say: Though it has a large key length greater than or equal to the plain text,why would it be insecure if we can use a good pseudo random number generators,store the bits produced on a taper proof medium. because you have replaced a OTP (provably secure) with a PRNG stream cypher (only as secure as the PRNG). he isn't saying that stream cyphers can't be secure - just that they aren't OTP. There is also no point in distributing the output of a PRNG as a tamperproof tape - you just run the PRNG at both sides, in sync. if you use a *real* RNG, then you can do the tape disribution thing and it *will* be a OTP - but its the tape distribution that is the difficult bit (as he points out in the article) why do we always have to rely on the internet for sending the pad?If it is physically carried to the receiver we can say for sure if P or R is intercepted. two obvious points are 1. it isn't aways possible to ensure secure delivery - if a courier is compromised or falls asleep and the tape is substituted with another, a mitm attack can be made transparently. 2. if the parties are physically remote, they may not have time to exchange tapes securely; unless there is a airplane link directly or indirectly between the sites, it may be days or weeks in transit. can some one answer the issues involved that one time pads is not a good choice. OTP is the best choice for something that must be secret for all time, no matter what the expense. anything that secure for 20,000 years will be sufficient for, go for PKI instead :)
Mixmaster 2.9b40 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, The Mixmaster development team is pleased to announce the release of Mixmaster 2.9b40. This release is expected to become Mixmaster 2.9rc1. We believe this to be the most stable release of Mixmaster 2.9-beta to date. Further development on Mixmaster 2.9.0 is frozen. Unless there are major client security issues or server security or reliability issues discovered in this release, we will proceed with the release process for Mixmaster 2.9. If you discover any issues that need to be addressed before the rc releases, please report them either via the SourceForge bug tracker, or on the mixmaster-devel mailing list. Source files are available at http://www.sf.net/projects/mixmaster and ftp://mixmaster.anonymizer.com. Development on Mixmaster 3.0 is ongoing. Thanks to everyone who has contributed to this project! - --Len. -BEGIN PGP SIGNATURE- Comment: OpenPGP Encrypted Email Preferred. iQIVAwUBPa3BCkoKgUld5ID8AQKOww/9HhEKPyShTuXraiBev5awCFIJJI8BPlwP m3HM9lS7YM4dqJND905MycTEg73ljJrVJ9NsszbBVosa5p0YRWnA+edR50PqRDhU ENWj59R+Cj+/yBHXZ0JRY2twrIXCxti2/7CsjMyQAuo7MPrZ4LuRG6MLFXZvPrCz QQVhYO0QARY9HI2xFWNI9UBfsJvS4Zv0gEucV49DMDjkFSDoSETxBY8cZ+VzmVRx vorwZKdQix4T+JVD8ynkUnhYLq/nw/ny0QhuIrhzgl9rDBUAhq2TsxdHehJuyKrL Aj7AP0UhbxikqnCW7XK6VwaZLOCBEkQkjcjVr4GcoM233KLgAKRdXELewMBFq+ir 4c6KdQleuoIBtFhGQQohC4iHGfbc3S9rIgF6MuiqSr6vWcAaKm4dhzv0vAytL+Yl +Rp3L50mFks2CDN7z0h/6UJmLfkgocXM2O6xHa7hd3EvbT0Lmh5L/0d+1GMmSdwL mTOjIbq1jBIwWjYlGmplyfkUCLGp9Dlv+7WRO0ginL3uYVxdTBKvjzQyZOOV8ZoQ VdENZCAw3ZwFu7Vy6ZufKnUPwDs2Iq5xyXEDHVkwHuxUEz9T4PuPDMewTv0h8/qQ Axjr6bIq5smxK2pXMkplKgWrkzHAkHZ7Qpw5Im8VCDfz6gsgaRhFnqGvhzHNcxBt MpOjZZiPOvQ= =kY0/ -END PGP SIGNATURE-
One time pads
hi, An extract frm this months cryptogram goes as below. On the other hand, if you ever find a product that actually uses a one-time pad, it is almost certainly unusable and/or insecure. So, let me summarize. One-time pads are useless for all but very specialized applications, primarily historical and non-computer. And almost any system that uses a one-time pad is insecure. It will claim to use a one-time pad, but actually use a two-time pad (oops). Or it will claims to use a one-time pad, but actually use a steam cipher. Or it will use a one-time pad, but won't deal with message re-snchronization and re-transmission attacks. Or it will ignore message authentication, and be susceptible to bit-flipping attacks and the like. Or it will fall prey to keystream reuse attacks. Etc., etc., etc. - Though it has a large key length greater than or equal to the plain text,why would it be insecure if we can use a good pseudo random number generators,store the bits produced on a taper proof medium. how about this way P=Plain text C=Cipher text R=Pseudo random bits(the pad) To transmit a secret frm point A to Point B Choose ur agent-Send cipher text(C) to B. If( Cipher text C is intercepted,do not send R.) without R, C cannot be decrypted Else(If C is securely transmitted to point B,choose an agent and send R to point B) If R is intercepted the secret remains safe,since they donot have C. If initially C was intercepted ,R is not send,another pad is chosen. It is assumed that the agent is trust worthy.Also the agent has to send receipt for the safe arrival of C at point B before R is transmitted. It is also assumed that cryptographical secure pseudo random numbers are use. Cryptography does not address the problem of dishonest users-does it? The difficulty for attaining highest security is more. why do we always have to rely on the internet for sending the pad?If it is physically carried to the receiver we can say for sure if P or R is intercepted. can some one answer the issues involved that one time pads is not a good choice. Thank you Regards Sarath. __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com
For everything else, there's MasterCard.
Rifle and scope: $1,200 Box of .223 Hollowpoint: $6.99 Tarot Deck: $2.95 Scoring an FBI analyst: priceless Some things are priceless. For everything else, there's MasterCard. --- Dedicated to Eunice Squeal Like a Pig Stone
Re: commericial software defined radio (to 30 Mhz, RX only)
Does this run on linux? Also, if regular cheapo PC sounboards can digitize 30 MHz (and Nyquist says this requires 60 MHz sampling rate) then some product managers need ... flogging. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com
RE: One time pads and Quantum Computers
David E. Weekly[SMTP:[EMAIL PROTECTED]] As for PKI being secure for 20,000 years, it sure as hell won't be if those million-qubit prototypes turn out to be worth their salt. Think more like 5-10 years. In fact, just about everything except for OTP solutions will be totally, totally fucked. At 02:50 PM 10/16/2002 -0400, Trei, Peter wrote: Not quite right. My understanding is that quantum computing can effectively halve the length of a symmettric key, but that does not take it down to zero. Thus, a 256 bit key would, in a QC world, be as secure as a 128 bit key today, which is to say, pretty good. It's the asymmetric algorithms which have problems. Yeah. What we have to do for that is start thinking about ways to apply Kerberos and similar technologies to real-world problems besides the inside-an-organization ones they were originally designed for. David E. Weekly[SMTP:[EMAIL PROTECTED]] Which means that you should start thinking about using OTP *now* if you have secrets you'd like to keep past when an adversary of yours might have access to a quantum computer. ... OTPs won't help a bit for that problem. They're fine for transmitting new data if you've already sent a pad, but they're useless for storing secrets, because you can only decrypt something if you've got the pad around, and you have to burn the pad after use. Storing the encrypted secret message on your regular computers while keeping the pad locked up in the safe is unlikely to be any more convenient than keeping the plaintext locked up in the safe. I suppose you could secret-share a one-time-pad, but you could just as easily secret-share the secret message.
Re: commericial software defined radio (to 30 Mhz, RX only)
Does this run on linux? On Tue, Oct 15, 2002 at 02:40:33PM -0700, Major Variola (ret) wrote: The WR-G303i is the first of our G3 Series of software defined receivers. A Software Defined Receiver (SDR) is such where demodulation and last IF (intermediate frequency) processing are done entirely in software. Usually this means using a DSP, but in the case of the G303i, this processing is done on a personal computer using a sound card (most modern PCs are now faster and more powerful than many DSPs were only a few years ago). So, if you own a PC, the chances are that you already own an important part of a Software Defined Receiver! http://www.grove-ent.com/WR303i.html Technical Specifications Frequency range 9 kHz to 30 MHz Tuning resolution 1 Hz Modes AM, AMN, AMS, LSB, USB, CW, FM3, FM6, FMN (The optional Professional Demodulator also includes DSB and ISB modes.) -- Harmon Seaver CyberShamanix http://www.cybershamanix.com War is just a racket ... something that is not what it seems to the majority of people. Only a small group knows what its about. It is conducted for the benefit of the very few at the expense of the masses. --- Major General Smedley Butler, 1933 Our overriding purpose, from the beginning through to the present day, has been world domination - that is, to build and maintain the capacity to coerce everybody else on the planet: nonviolently, if possible, and violently, if necessary. But the purpose of US foreign policy of domination is not just to make the rest of the world jump through hoops; the purpose is to faciliate our exploitation of resources. - Ramsey Clark, former US Attorney General http://www.thesunmagazine.org/bully.html
Re: One time pads and Quantum Computers
David E. Weekly[SMTP:[EMAIL PROTECTED]] Which means that you should start thinking about using OTP *now* if you have secrets you'd like to keep past when an adversary of yours might have access to a quantum computer. ... OTPs won't help a bit for that problem. They're fine for transmitting new data if you've already sent a pad, but they're useless for storing secrets, because you can only decrypt something if you've got the pad around, and you have to burn the pad after use. Yes, sorry -- I should have clarified as you should start thinking about encrypting data transmissions using OTP *now* if you'd like to send secrets you'd like to keep... -- destroying both pads after transmission should be obvious. I wasn't attempting to address secure data storage. -d
Re: One time pads
ACTUALLY, quantum computing does more than just halve the effective key length. With classical computing, the resources required to attack a given key grow exponentially with key length. (a 128-bit key has 2^128 possibilities, 129 has 2^129, etc. etc. you all know this...) With quantum computing, however, the complexity of an attack grows only polynomially. Hence a MUCH MUCH more agreeable time frame for brute force attacks. Good stuff, eh? ~~SAM From: Trei, Peter [EMAIL PROTECTED] Date: Wed, 16 Oct 2002 14:50:03 -0400 To: David Howe [EMAIL PROTECTED], Email List: Cypherpunks [EMAIL PROTECTED], 'David E. Weekly' [EMAIL PROTECTED] Subject: RE: One time pads David E. Weekly[SMTP:[EMAIL PROTECTED]] Naive question here, but what if you made multiple one time pads (XORing them all together to get your true key) and then sent the different pads via different mechanisms (one via FedEx, one via secure courier, one via your best friend)? Unless *all* were compromised, the combined key would still be secure. As for PKI being secure for 20,000 years, it sure as hell won't be if those million-qubit prototypes turn out to be worth their salt. Think more like 5-10 years. In fact, just about everything except for OTP solutions will be totally, totally fucked. Which means that you should start thinking about using OTP *now* if you have secrets you'd like to keep past when an adversary of yours might have access to a quantum computer. I'd put 50 years as an upper bound on that, 5 years as a lower. -d Not quite right. My understanding is that quantum computing can effectively halve the length of a symmettric key, but that does not take it down to zero. Thus, a 256 bit key would, in a QC world, be as secure as a 128 bit key today, which is to say, pretty good. It's the asymmetric algorithms which have problems. Peter