At 10:01 PM -0500 9/3/99, William H. Geiger III wrote:
>In <v04210152b3f61485313b@[192.168.248.7]>, on 09/03/99
> at 05:20 PM, Dave Del Torto <[EMAIL PROTECTED]> said:
>
> >Does anyone (or you, Bruce?) have a URL handy to/for an paper (by Paul
> >Brown in the UK?) speculating on a RNG weakness in Solitiare's (Bruce's
> >playing card cipher)? I've been searching the web unsuccessfully. The
> >paper may mention it as "Pontifex", as it was referred to in
> >"Cryptonomicon." The implication is that it may not be as secure as I'd
> >hoped, and that I should *not* train some human rights people on how to
> >use it in the field...
>
>Hi Dave,
>
>I did some searching through my digital library. Take a look at:
>
>http://www.hedonism.demon.co.uk/paul/solitaire/index.html
>
Security concerns aside, I'd question Solitiare's suitability for
field use by human rights people. First of all it is very tedious to
use and a single mistake can be difficult to recover from. Second,
just receiving or attempting to transmit ciphertext could be enough
to get you into serious trouble in some places.
In the most hostile situations, it might be best to come up with a
few code phrases for "Situation is deteriorating" ,"Get me out of
here" and "I am communicating under duress" and discourage any other
attempt at secret communications. If field workers do feel safe using
secret communication, but cannot bring in or access computer
equipment, the classic (i.e. paper) onetime pad might be a good
choice.
If a field worker might have access to a computer in country but
would not be in a position to use PGP, I'd suggest CipherSaber, which
is based on RC4 and is simple enough to program from memory (see
http://ciphersaber.gurus.com). Almost all PCs come with Qbasic built
in or on the CD-ROM. I haven't tried it, but CipherSaber should fit
easily into most of the newer graphing calculators (The $200 TI-92+
even has a qwerty keyboard. See http://www.ti.com/calc).
I'd be interested in hearing more about what human rights workers need.
Arnold Reinhold
