arachne-digest Wednesday, January 12 2000 Volume 01 : Number 940 ---------------------------------------------------------------------- Date: Tue, 11 Jan 2000 11:30:18 -0400 From: "Samuel W. Heywood" <[EMAIL PROTECTED]> Subject: Re: Secure web sites On Tue, 11 Jan 2000 04:33:18 +0100 (CET), Petri <[EMAIL PROTECTED]> wrote: > On Mon, 10 Jan 2000, Samuel W. Heywood wrote: >> There is only one "public key" that I know about. It looks like this and >> everyone either has a copy or can readily generate a copy by recalling the >> scheme by which the characters are ordered: >> ABCDEFGHIJKLMNOPQRSTUVWXYZ > [SNIP] >> ZABCDEFGHIJKLMNOPQRSTUVWXY > This sounds very unlike RSA - RSA does not use character, but rather huge > nimbers derived from primes blaha blah. This key you showed me looks more > like Vigenere which is something entirely different. The system I was describing above is used for ciphering with OTP, one-time-pads, conventionally consisting of code pages with randomly generated five-character groups. The "public key" is used only for deriving the character appearing at the coordinates defined by the the encoded character and the "real" character. Someone else described this system of encryption as "synchronous". This method of encryption is among the most secure known. It is far more secure than RSA and SSL. This system has the disadvantage of requiring all members of the secret net to be supplied with the code pages by some secure manner, such as by dead-drop or by hand-delivery by an authorized courier. As long as the code pages are not compromised, and as long as no one has any idea as to what kind of information may be contained in the encrypted messages, a brief encrypted message simply cannot be decoded by any means, regardless of the vast resources of the would-be code-breakers. The reason for this is that a short series of randomly-generated characters could represent an almost infinite set of possible texts that would make sense. With this system encryption and decryption is always done with the private key. The public key is used only to determine the character appearing at the coordinates defined by the encrypted character and the corresponding "real" character. Everyone has the same public key. The public key is of no value to the would-be code-breaker if the only information he has is the encrypted text. If, however, the code-breaker has an encrypted message known to have been sent from an enemy observation post whose location is known, (i.e. by DF fix) and if the code-breaker knows what kind of activity the enemy observer has most probably reported, and if he knows the standard format that the enemy uses for his observation reports, then the code breaker can easily deduce what is in the encrypted message. Knowing all of that, the code-breaker can re-construct the enemy's secret code page. The enemy is of course aware of this, and for that reason, the enemy will not use the same code-page more than once. The allies were able to break the Nazi enigma code because the Nazis were not smart enough to think of resorting to a different setup for their enciphering machines for each transmission. The allies correctly guessed that on a certain date each year all of the Nazi field commanders would send an encoded message to Hitler wishing him a happy birthday, and that the secret messages on that day would contain standard formalized birthday greetings that are appropriate for a person of lower rank to say to a high-ranking superior. Hence, it was easy to reconstruct the setup on a captured enigma engine. >> With the system I am thinking of, only we and our fellow members of the secret >> net have access to OUR secret key. Everyone has the same public key, but only >> we members of the secret net have the private key. > Yes, this is what public-key systems are about. Everyone can encrypt data > with the public one and only you guys with the secret one can read it. The type of system I was describing is entirely different. Messages are encrypted and decrypted with the private key. The public key is used only for determining the character appearing at the coordinates defined by the "real" character and the encrypted character. >> With the type of crypto system that I am thinking of, the public key, as >> shown above, is the same for everyone - everyone including eavesdroppers and >> spies know how to generate the pubic key. Therefore the public key need not >> be exchanged because it is already known, and there is nothing secret about it. >> In my way of thinking, any key needed for crypto purposes and required to be >> passed somehow among members of the secret communications net is a "private >> key". It seems a contradiction in terms to refer to a "public key" as one that >> must be exchanged among the members of the secret net. > The people with the secret key should also have a copy of the public one, > just because I say so. =) >> In the system I am referring to, a code page, conventionally consisting of >> randomly generated five-letter groups is used by the secret net for >> encryption and decyption. The messages generated from the code sheet and > Uh....well....what happens if someone who shouldn't be able to decrypt > stuff, needs to encrypt something? (like, in the case of RSA in SSL) Good question. The system I have described would not be practical for use by secure web sites because there would be no practical means for rapid and secure transmission of the secret code pages. > See it this way: > Encrypts with public key > SERVER <-X------------------------------ CLIENT <- CC number sent > | | to shopiing site > | |- an eavesdropper recieves the > | encrypted data. He has al- > | ready got the public key. > | Still, he can't find out your > | credit card number. [this is the strength of SSL] > | > | Decrypts with secret key > ----------------------------> CC number used ----| > | > Securely transmitted to BANK | > Draws money from card <--------------------------| >> I agree that the method of encrytion described above would not be secure >> if there did not exist a secure method of exchanging passwords among the >> members of the secret net. > You usually don't send the secret key in public-key systems. >> I still do not understand how data can be exchanged securely without first >> having exchanged passwords or pass phrases in a secure manner. > See the mathematics for RSA - > <http://world.std.com/~franl/crypto/rsa-guts.html>. Note that nothing is > 100% secure when it comes to encryption (except for a technique called OTP > pads), but RSA is very very very very very very secure. The other cryptos > (except DES) in SSL are also secure - if good keylengths are used. This > makes SSL very secure. >> A secret key system remains highly secure as long as the code page is not >> compromised. People who use the secret key systems usually will afford >> themselves even higher levels of security by using a different code page >> for a different day or hour. > This is ture. But with SSL you don't want to exchange secret keys - you > have no secure way of doing so. So you say, "Hello RSA" and everythings > works securely =) >> I think we have different concepts as to >> what a "public key" is. We are talking about two different things. Hence >> my difficulty in comprehending the concepts you are presenting. > Yeah, I noticed it now =/ > Public key: EVERYONE can get it. It's no secret. Used in SSL when you SEND > data. Can ONLY be decrypted with SECRET key. > Secret key: only the SSL server has it, to decrypt what it recieves. Noone > else. > Any clearer? This is still somewhat confusing to me because, although it has been well explained as to how the system is used, I still don't understand how it works. In other words, I think I know enough now in order to use the system, but I don't know enough to understand what I am doing. I feel like a child that has been taught how to use a jack to lift up the wheel of a car and without first having been taught a science lesson on the physics of levers. The child will only marvel at the work he can do with the jack, but he will not learn anything about the principle involved, unless he is curious enough to ask questions and can be given the guidance to the right answers. The child will keep pestering the adults with his questions until the most basic principles are explained and demonstrated. From that point on, the child is equipped with the knowledge to conduct further investigations and experiments on his own. My attitude is like that of the curious child. Sam Heywood > /petri - -- This mail was written by user of Arachne, the Alternative WWW Browser ------------------------------ Date: Tue, 11 Jan 2000 19:24:38 +0000 From: "Mel Evans, Registered Arachne User" <[EMAIL PROTECTED]> Subject: Re: Arachne on TV and arcademachine (!! Warning !!) Hi Gangue, I have learned there is an equivalent in/out plug to SCART on some US tv sets. I have NO other details other than it exists. As a general caution, do NOT try to open the back of a tv set UNLESS you know what you are doing (or a monitor for that matter, the principles are the same) and High Voltages are present at various stages within a tv or monitor. This is why many computer shops will not attempt to repair a monitor! Computer gurus are happy to play with the +-5volt lines and 12v lines on a computer mother/daughterboards, but sensibly steer clear of the EHT lines inside video boxes. Incidentally, although holding authorisation to work on HV systems at Grid level (up to 475 Kilovolts, YES! Kv) and to work on live sytems at my employers, I'm still not immune to shock! It's like being married, the marriage licence doesn't make you an expert, nor does it protect you from an angry wife! Sorry LD VBG 8>) Arachne, the Internet Suite and Browser for DOS, supports tables, graphics, animations, forms, HTML 4.0 Transitional Pages and more. Visit Mel's UK Arachne Pages for details and FREE Download. Kick-start a 386/486, or use on a Pentium for superb browsing! http://www.arachne4dos.freeserve.co.uk e-mail to: [EMAIL PROTECTED] or: [EMAIL PROTECTED] http://www.bccscotland.freeserve.co.uk Web Pages of |British Caravanners Club, Scotland| http://www.euramcom.freeserve.co.uk Mel's Ham Radio Equivalents Pages http://www.webtheon.freeserve.co.uk Webtheon Internet Design ------------------------------ Date: Tue, 11 Jan 2000 15:51:49 -0400 From: "Samuel W. Heywood" <[EMAIL PROTECTED]> Subject: Re: MIME64 decoding (Was: UNIVESA adaptor) On Tue, 11 Jan 2000 18:01:08 +0100 (MET), Bernie <[EMAIL PROTECTED]> wrote: > Hans-Juergen wrote: >> This brings up a question for me: Are the Arachne mail users on >> this list able to decode a "base64"-encoded attachment with InSight? >> As far as I know the UUENCODE/DECODE.EXE delivered with Arachne can >> only handle this method and not "base64" - but perhaps I'm wrong? > Not that I've ever used the mailreader but there's atleast a function in > the code called "base64" so I would guess so. By using MIME64.EXE, 23,436 bytes, I have successfully decoded some attachments to email retrieved by some non-Arachne DOS email programs. I don't know where my copy of MIME64.EXE came from. Sam Heywood - -- This mail was written by user of Arachne, the Alternative WWW Browser ------------------------------ Date: Tue, 11 Jan 2000 15:32:08 -0400 From: "Samuel W. Heywood" <[EMAIL PROTECTED]> Subject: Re: Secure web sites On Tue, 11 Jan 2000 09:11:04 -0500, Roger Turk wrote: > Let me give you my idea of public key/private key usage by going back about > 40 years. This is in the day where encryption was performed by mechanical > crypto machines that had a number of rotors that could each be assembled in > various manners. As the encrypter typed the plain text message, the crypto > machine would generate a letter, increment the rotor so that if the same key > was typed, a different letter would be generated. There would be literally > thousands of ways the rotors could be assembled. The message would be the 5 > character group messages that Sam Heywood mentioned. <snip> Hello Roger: What you have described above is the type of machine that incorporates the technology of the Nazi "enigma" machine, as I understand it. I did not realize that many similar types of machines were in common use around that time. According to my understanding, I believe the "enigma" machine used private key encoding only. Instructions for the setup for the gears and rotors would be sent by secure means, such as by dead drop or by courier. I found the rest of your post concerning private and public keys also very informative. Thanx. Sam Heywood - -- This mail was written by user of Arachne, the Alternative WWW Browser ------------------------------ Date: Wed, 12 Jan 2000 00:39:59 +0200 From: Or Botton <[EMAIL PROTECTED]> Subject: Re: Arachne on TV and arcademachine (!! Warning !!) Gregory J. Feig wrote: > in addition, anyone who doesn't have > these connectors (both in Europe and North America) will never > try to install one, unless we already are technician types who have > experience inside TV sets......I think you can rest easy....we > have heard your warning, and (you will notice that I echo your > warning at this top, I did not discount it) no one will carelessly > do this...... When you mentioned europe/US you seemed to forget Middle east. I'm very intrested in trying to do this.. I dont know much in electronics.. and that plug doesnt exist in Israeli TV sets. (though its still PAL. We got the Antenne plug.). Any idea on what I should try to do? ..or should I just drop the idea and get one of those expensive VGA-to-TV commercial convertors? (which seems to work only with Windows. Thats what they all state on the box, anyway.) I think that I should mention again that I have what seems to be a cable with one of its ends is a stereo A/V plugs, and in the other side a SCART plug. Since my television has a stereo A/V plugs in addition to the PAL antenne plug, is it a good chance to add "SCART support" to my TV using this cable? or should I still try to buy a commercial thing? :) Or Botton [EMAIL PROTECTED] - - "Truth is stranger than fiction, because fiction has to make sense." - ----------------------------- http://members.xoom.com/dsdp/ ------------------------------ Date: Tue, 11 Jan 2000 15:17:52 -0400 From: "L.D. Best" <[EMAIL PROTECTED]> Subject: test file * This message is in MIME format. - --MIME-multipart-message-boundary-947621873 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit * These files were sent from Arachne, WWW browser for DOS. * If your e-mail client has problems with decoding of * this message, please contact your system administrator. - -- Arachne V1.50;s.r.c., NON-COMMERCIAL copy, http://home.arachne.cz/ - --MIME-multipart-message-boundary-947621873 Content-Type: application/octet-stream ;name=test.fle Content-ID: arachne-namespace/r:\junk\test.fle Content-Transfer-Encoding: base64 VGhpcyBpcyBhIHRlc3QgZmlsZS4gIEkgdXNlZCB0byBiZSBhYmxlIHRvIGVuY29kZS9kZWNv ZGUgQmFzZV82NA0KYnV0IG5vdyBJIGRvbid0IHNlZSB0aGUgcHJvZ3JhbXMgdG8gZG8gaXQu ICBUaHVzIEkgd2lsbCB0ZXN0Lg0K - --MIME-multipart-message-boundary-947621873-- ------------------------------ Date: Tue, 11 Jan 2000 15:37:19 -0400 From: "L.D. Best" <[EMAIL PROTECTED]> Subject: Re: (OT) memory management... was, Load EPPPD on COMPAQ 590 Clarence, Have you ever heard of "gremlins?" My life seems to be infested with them! Last night I hunted through every .cfg file I could find in Arachne, and could *not* find ANY mention of epppd.exe despite doing text search on "ppp" and visual search. Today I read your message, go to Arachne.cfg, and the line almost jumps out of the screen and bites me! I can't test it out yet though. I did the QEMM work-around in the cable boot segment. I'll have to go there and test some more stuff, to make certain everything I'm likely to use while in Arachne boot config will run without EMS. Ain't comp-puters funz?? l.d. ==== On Mon, 10 Jan 2000 21:35:51 -0800, Clarence Verge wrote: > L.D. Best wrote: >> BUT ... [hanging my head in shame] I can't find any of the messages >> about how that's done. > Hi L.D.; > I seem to recall suggesting that you COULD do better than rely on QEMM's > Optimize. Sure, if you remove the EMS page frame you can't use QEMM's > Stealth Rom or Stealth D*space but who cares as long as you come out ahead. <G> > Anyway, to load EPPPD high, I think you just put Loadhi in front of it in > Arachne.cfg. i.e. Connection @Loadhi EPPPD.exe >>PPP.log - -- Arachne V1.50;s.r.c., NON-COMMERCIAL copy, http://home.arachne.cz/ ------------------------------ Date: Tue, 11 Jan 2000 15:48:21 -0400 From: "L.D. Best" <[EMAIL PROTECTED]> Subject: Re: arachne-digest V1 #931 Good question, Sam! On Mon, 10 Jan 2000 21:42:52 -0400, Samuel W. Heywood wrote: > Oh, no, not at all. Would it not be less expensive for me just to > replace the old 386sx motherboard and power supply instead of buying an > oscilloscope? If you're going to replace power supply, it is often cheaper just to replace the entire case -- new ones come with power supply built in, and I've found them cheaper than buying power supply only. Honest! Particularly older style power supplies. As for replacing the old 386xs mobo, you can't. You can only upgrade. And that *can* be a problem, depending upon what cards you currently use in your system. Some of [many??] the new mobos out there are decidedly short on ISA slots. If your current cards are ISA, you may end up having to replace some of them. If you have, however, an E/IDE HDD and are using controller card now, you can toss that card out the window since FDD & IDE are built into mobo. If you have comm card in current system, that can be tossed too ... since COM1, COM2, PS/2 mouse, LPT1, LPT2, etc. are also built into the new mobos. On the other hand, high tech oscilloscopes that would have costs $10K a few years ago are probably available in a smaller package and for less than $100. <G> For checking power supplies, and mobo power switches, you don't need an oscilloscope, though. I bought my little multi-meter [ac/dc amps, resistance, voltage, etc] for less than $10 and it works just fine checking out voltages on systems I work with. Nowadays even *I* can afford to buy a bunch of "fancy equipment" that allows me to get in over my head. };> l.d. - -- Arachne V1.50;s.r.c., NON-COMMERCIAL copy, http://home.arachne.cz/ ------------------------------ Date: Tue, 11 Jan 2000 16:18:24 -0400 From: "L.D. Best" <[EMAIL PROTECTED]> Subject: Re: Log Files [was Re: no packet driver found Glenn, I only wish. The bold face works only if Arachne is working. If you have crashed, and reboot and go back to Arachne -- and want to use history list to check out where you were and what was going on -- you're flat out SOL. Or try following a link from e-mail and going back to history list to find that link again; it won't be there. :( There are other circumstances where whole areas "fall out" of the history.lst file, or never get into it. I think it's the latter, actually ... some stuff is stored one place, and then eventually transferred to history.lst unless it's certain stuff that won't ever get transferred because it's kept somewhere else?? l.d. ==== On Mon, 10 Jan 2000 22:14:02 -0500, Glenn McCorkle wrote: > On Mon, 10 Jan 2000 16:23:52 -0400, L.D. Best wrote: <snip> >> I believe the History. lst as currently configured was also set up more >> for debugging and beta testing than for end-user utility. I'm hoping >> that 1.60 will have a history list that actually shows you the last >> place you visited, the place that made you crash in the first place. <G> > In a manner of speaking, it does this now. > When we press the backspace key. > The most recent page visited is in bold-face. > -- - -- Arachne V1.50;s.r.c., NON-COMMERCIAL copy, http://home.arachne.cz/ ------------------------------ Date: Tue, 11 Jan 2000 17:13:34 -0400 From: "Samuel W. Heywood" <[EMAIL PROTECTED]> Subject: Re2: Secure web sites On Tue, 11 Jan 2000 09:11:04 -0500, Roger Turk wrote: > Let me give you my idea of public key/private key usage by going back about > 40 years. This is in the day where encryption was performed by mechanical > crypto machines that had a number of rotors that could each be assembled in > various manners. As the encrypter typed the plain text message, the crypto > machine would generate a letter, increment the rotor so that if the same key > was typed, a different letter would be generated. There would be literally > thousands of ways the rotors could be assembled. The message would be the 5 > character group messages that Sam Heywood mentioned. > Everybody had machines capable of decoding the message and anyone that had a > radio receiver tuned to the proper frequency could receive the message, > however, in order to decode the message, the recipient had to know how the > rotors were assembled by the sender. Obviously, the sender could not send a > plain text message giving instructions on how to assemble the rotors, yet, > the sender had to tell the intended recipient how to assemble his/her > rotors. This was done at the beginning of the message before the 5 character > groups started, thus: > ALPHA ROMEO ALPHA CHARLIE HOTEL ... (etc.) > This is the PUBLIC KEY. Everyone who received the message received the > Public Key. The people to whom the message was intended would pull out their > code book, turn to the page for the date (and possibly time) the message was > originated, and see that under rotor 1, ALPHA meant to assemble parts a, b, > c, and under rotor 2, ROMEO meant to assemble parts e, f, g, etc. The code > book page is the PRIVATE KEY. A person receiving the message who didn't know > how to set up the rotors, i.e., did not have the PRIVATE KEY, would have to > try the thousands of combinations of rotors in order to decode the message. <snip> Hello again, Roger: This seems like a very secure system. The disadvantage is that the code books having the secret instructions would have to be disseminated to each intended recipient by some secure means. The public key provides references to a particular set of secret instructions on how to assemble the ciphering wheels and gears for each transmission. Of course those who are not in possession of the secret instructions cannot decipher the message. The type of system used by SSL and RSA has the advantage of not requiring any method for secure transmission of any key or code book. For this reason, I cannot understand how RSA or SSL could possibly meet any high standard for security. Sam Heywood - -- This mail was written by user of Arachne, the Alternative WWW Browser ------------------------------ Date: Tue, 11 Jan 2000 15:02:37 -0800 From: "Gregory J. Feig" <[EMAIL PROTECTED]> Subject: Re: Geralds Monitor Problem On Tue, 11 Jan 2000 12:27:29 -0500, Roger Turk wrote: > Gregy and Gerald, > In Scott Mueller's, "Upgrading and Repairing PCs" 6th Edition, Page 1137, it > states, > "Monitor ID Pins > The following table shows the settings used for the Monitor ID bits for > several different IBM displays. By sensing which of these four pins are > grounded, the video adapter can determine what type of display is attached. > This is especially used with regards to monochrome or color display > detection. In this manner, the VGA or XGA circuitry can properly select the > color mapping and image size to suit the display." > The table shows: > Display: 9517 > Size: 17-inch > Type: Color > ID0: Ground > ID1: No Pin > ID2: Ground > ID3: Ground > Hope this helps. Roger .........thanks.....I think mi copy if also 6th edition....I'll check that... gregy - -- This mail was written by user of Arachne, the Ultimate Internet Client ------------------------------ Date: Tue, 11 Jan 2000 15:29:43 -0800 From: "Gregory J. Feig" <[EMAIL PROTECTED]> Subject: Re: Arachne on TV and arcademachine (!! Warning !!) On Wed, 12 Jan 2000 00:39:59 +0200, Or Botton wrote: > Gregory J. Feig wrote: >> in addition, anyone who doesn't have >> these connectors (both in Europe and North America) will never >> try to install one, unless we already are technician types who have >> experience inside TV sets......I think you can rest easy....we >> have heard your warning, and (you will notice that I echo your >> warning at this top, I did not discount it) no one will carelessly >> do this...... > When you mentioned europe/US you seemed to forget Middle east. > I'm very intrested in trying to do this.. I dont know much in > electronics.. and that plug doesnt exist in Israeli TV sets. > (though its still PAL. We got the Antenne plug.). > Any idea on what I should try to do? ..or should I just drop > the idea and get one of those expensive VGA-to-TV commercial > convertors? (which seems to work only with Windows. Thats what > they all state on the box, anyway.) > I think that I should mention again that I have what seems to be > a cable with one of its ends is a stereo A/V plugs, and in the other > side a SCART plug. Since my television has a stereo A/V plugs > in addition to the PAL antenne plug, is it a good chance to add > "SCART support" to my TV using this cable? or should I still > try to buy a commercial thing? :) Or ........that A/V plug set is exactly what I was talking about as "north american" setup.....FYI, the Video input to your set will accept a VGA-type signal...a VGA-type signal is similar to a standard Video signal.....the differences are in the Horizontal and Vertical Scan frequencies....to get these frequencies to match your TV set frequencies, the Video Card driver is written to poke the proper values into the Video Card registers, and then the Video Card will output the frequencies that your TV set reads.....that is what the DOS techniques all do.....upwards from DOS (Win, OS2, etc), you could do the same, but writing the drivers is much more difficult. You MUST ensure, that your load back your proper Computer Monitor drivers whenever you switch back to that, because driving a Monitor with the wrong frequencies can burn it up...... gregy BTW....the standard VGA-to-TV adaptors work differently, and are now selling for under $100..... - -- This mail was written by user of Arachne, the Ultimate Internet Client ------------------------------ Date: Tue, 11 Jan 2000 17:45:24 -0500 From: Roger Turk <[EMAIL PROTECTED]> Subject: Re: Secure web sites Sam Heywood wrote: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- On Tue, 11 Jan 2000 09:11:04 -0500, Roger Turk wrote: > Let me give you my idea of public key/private key usage by going back about > 40 years. This is in the day where encryption was performed by mechanical > crypto machines that had a number of rotors that could each be assembled in > various manners. As the encrypter typed the plain text message, the crypto > machine would generate a letter, increment the rotor so that if the same key > was typed, a different letter would be generated. There would be literally > thousands of ways the rotors could be assembled. The message would be the 5 > character group messages that Sam Heywood mentioned. <snip> Hello Roger: What you have described above is the type of machine that incorporates the technology of the Nazi "enigma" machine, as I understand it. I did not realize that many similar types of machines were in common use around that time. According to my understanding, I believe the "enigma" machine used private key encoding only. Instructions for the setup for the gears and rotors would be sent by secure means, such as by dead drop or by courier. I found the rest of your post concerning private and public keys also very informative. Thanx. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Hi Sam, The machine that I described was, indeed, a German invention and used by the Nazis. I wanted to refer to the machine as the "enigma" machine also, but the more I thought about it the more I was less certain about the "name" of it and the more certain that the "enigma" machine was the machine used by the British to process the various rotor assemblies without actually assembling the rotor. The world's first decoding computer! The encrypting method used by these machines was, until computers became readily available, a very secure process. More highly classified material could, and was, double and triple encrypted and the private keys afforded more security as the classification increased. As an old Navy man, I can attest that machines similar to this were used by the U. S. Navy well into the 1960's and I would not be surprised if some countries are still using this machine today. The instructions on how to set up the rotors *has* to be included in the encoded message. If a troop position is overrun and the machine, rotors, and keys captured, you can't wait to send new keys to all the other units by courier, runner or swimmer. You have to have a way of changing the encryption with each message, thus the "public key" that is sent with each message. Also, all originators of messages would not use the same rotor arrangement. Imagine the field day that would be had if *all* encrypted messages sent in one day were based on the same rotor assembly and that code was broken! The problem that the Nazis had was that they were so confident that the code couldn't be broken that they did not change rotors very frequently. Another thing is that most encrypted messages don't require immediate action --- they have to do with planning or actions days or months away, so that gives cryptographers time to "play" with encrypted messages. There is a book published by the U. S. Naval Institute titled "Double-edged Sword," about the Navy's code breaking efforts in the Pacific during World War 2. Being successful in breaking someone's code is a double-edged sword as you don't want to show up everywhere they are going, yet you want to hinder their success. Roger Turk Tucson, Arizona USA ------------------------------ Date: Tue, 11 Jan 2000 23:51:16 +0100 (CET) From: [EMAIL PROTECTED] (Richard Menedetter) Subject: Re: Re2: Secure web sites Hi "Samuel W. Heywood" <[EMAIL PROTECTED]> wrote: SH> The type of system used by SSL and RSA has the advantage of not requiring SH> any method for secure transmission of any key or code book. For this SH> reason, I cannot understand how RSA or SSL could possibly meet any high SH> standard for security. What particular thing don't you understand ?? PS: There is some kind of transfer. The browser has a built in list of certification authorities. Thos can sign keys from servers. If the browser encounters a key which is signed by a known CA, than it will proceed, if not, than a window pops up, and asks you what to do. As long as strong crypto (eg 128 bit or 3des with 3*56) is used, and CAs are careful signing server keys, there's no vulnerability I could think of. So where's the point on wich you could comproize this scheme ? SH> Sam Heywood CU, Ricsi - -- Richard Menedetter <[EMAIL PROTECTED]> [ICQ: 7659421] {RSA-PGP Key avail.} - -=> If it ain't broke, hit it harder <=- ------------------------------ Date: Tue, 11 Jan 2000 15:57:39 -0800 From: "Gregory J. Feig" <[EMAIL PROTECTED]> Subject: re: secure web sites ALL.....my original suggestion still holds....go to DrDobbsJournal www.ddj.com and you will find links to their authors, or you can but their CDROM and get the whole schlomoggin on you own drive... the subject is fascinating, and has been covered volumnously in that magazine..... gregy - -- This mail was written by user of Arachne, the Ultimate Internet Client ------------------------------ Date: Tue, 11 Jan 2000 15:52:33 -0800 From: "Gregory J. Feig" <[EMAIL PROTECTED]> Subject: Re: Re2: Secure web sites On Tue, 11 Jan 2000 17:13:34 -0400, Samuel W. Heywood wrote: - -------------snip---------- > Hello again, Roger: > This seems like a very secure system. The disadvantage is that the code > books having the secret instructions would have to be disseminated to each > intended recipient by some secure means. The public key provides references > to a particular set of secret instructions on how to assemble the ciphering > wheels and gears for each transmission. Of course those who are not in > possession of the secret instructions cannot decipher the message. > The type of system used by SSL and RSA has the advantage of not requiring > any method for secure transmission of any key or code book. For this reason, > I cannot understand how RSA or SSL could possibly meet any high standard for > security. Sam .......we shipped those type of documents by accountability armed couriers.....nowdays, YOU, with your encryption program, generate your private key, and you NEVER send it anywhere...at the same time, you generate your public key, and you send that....... gregy - -- This mail was written by user of Arachne, the Ultimate Internet Client ------------------------------ Date: Tue, 11 Jan 2000 15:36:07 -0800 From: "Gregory J. Feig" <[EMAIL PROTECTED]> Subject: Re: test file On Tue, 11 Jan 2000 15:17:52 -0400, L.D. Best wrote: > * These files were sent from Arachne, WWW browser for DOS. > * If your e-mail client has problems with decoding of > * this message, please contact your system administrator. L.D. .........got it, and read it gregy - -- This mail was written by user of Arachne, the Ultimate Internet Client ------------------------------ Date: Tue, 11 Jan 2000 18:01:58 -0400 From: "Samuel W. Heywood" <[EMAIL PROTECTED]> Subject: Re3: Secure web sites On Tue, 11 Jan 2000 09:11:04 -0500, Roger Turk wrote: > ALPHA ROMEO ALPHA CHARLIE HOTEL ... (etc.) > This is the PUBLIC KEY. Everyone who received the message received the > Public Key. The people to whom the message was intended would pull out their Why should the transmitting station broadcast the PUBLIC KEY? The reference numbers for each specific set of instructions for the ciphering gear setup for any given date/time group should have been previously provided to all operators during the pre-mission briefing. In case a code book and a ciphering machine were compromised, the enemy would be able to exploit such captured material to his maximum advantage simply by setting it up in accordance with all the hints freely provided in the PUBLIC KEY that is being broadcast in the clear. Sam Heywood - -- This mail was written by user of Arachne, the Alternative WWW Browser ------------------------------ Date: Tue, 11 Jan 2000 18:37:57 -0500 From: Roger Turk <[EMAIL PROTECTED]> Subject: Re: Geralds Monitor Problem Also check out: www.repairfaq.org/sam/ffmon.htm :-(((( ! Roger Turk Tucson, Arizona USA ------------------------------ Date: Tue, 11 Jan 2000 20:20:45 +0200 From: Sergei Kolodka <[EMAIL PROTECTED]> Subject: Re: New search engine. "L.D. Best" wrote: > Sergei, > > Thanks much for the "heads up!" I went, took a look, gave it a try, > placed it on my hotlist, and spent toooooooo much time seeing where it > led. <G> > > Yah done good! > > l.d. > ==== I do not check yet, is Arachne website exist in list ? Sergei ------------------------------ End of arachne-digest V1 #940 *****************************
