Cryptography-Digest Digest #322, Volume #9 Thu, 1 Apr 99 20:13:04 EST
Contents:
Re: True Randomness & The Law Of Large Numbers ("Douglas A. Gwyn")
Re: Is initial permutation in DES necessary? ("Douglas A. Gwyn")
Re: North Korean A3 code (Mike Andrews)
Re: True Randomness & The Law Of Large Numbers ("Douglas A. Gwyn")
Re: Random Walk ("Douglas A. Gwyn")
Re: Alert: "HAPPY99.EXE" e-mail/newsgroup virus (Chuck Grimsby)
Q: encryption-friendly hard disk controllers or drives (Ralph Bauchman)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Thu, 01 Apr 1999 23:56:44 GMT
"R. Knauer" wrote:
> I have seen repeated comments on sci.crypt that bit bias is the most
> important thing in determining the non-randomness of a process. These
> people claim that you can determine bit bias from the output of a
> TRNG. That means they are measuring (Sn / n) and equating it to p for
> large n, claiming that if (Sn / n) = p = 1/2, that the TRNG is
> reasonable certain not to be non-random. Some even go so far as to
> claim that (Sn / n) = 1/2 is proof that the TRNG is random, but these
> people do not understand the difference between a necessary and a
> sufficient condition.
> So don't give me this "strawman" crap. I have been on sci.crypt far
> too long to be accused of that. Just go back to the archives and find
> out for yourself how many people have made the assertion that a
> measurement of (Sn / n) = 1/2 determines rules out non-randomness.
Why don't you do that, since it would be some defense against
the "strawman" accusation.
I don't recall seeing anybody making such a "newbie" claim.
01010101010101010101... has no "bit bias" (as R. Knauer seems
to use the term), but I can't imagine anybody claiming that
it would be good output from a keystream generator.
> First someone has to demonstrate in a convincing manner that
> statistics can even be used to describe true randomness. It is
> interesting to note that such demonstration has not been forthcoming
> thus far.
That's because you're operating on false premises;
apart from you yourself, nobody is suggesting that
"statistics can be used to describe true randomness".
What you seemed to be disputing was the validity of
statistical testing of RNG output, which is a radically
different issue.
Statistical testing can be used to cast doubt on a claim
(hypothesis, condition for correct operation, whatever)
that a supposed RNG under test is a good one. It has
been explained repeatedly how this is done in general,
but nobody is likely to, nor should they, post a textbook
on introductory statistics to give you all the gory
details and examples.
> No one has convincingly demonstrated that statistics has
> anything to do with true randomness, other than the *appearance* of
> randomness as in pseudorandomness.
That might be because your use of the terms "true randomness" and
"pseudorandomness" doesn't make much sense. Apparently, by "true
randomness" you mean some process that *you* know is operating in
strict accordance with some specific stochastic model, although no
evidence is available to substantiate such "knowledge", whereas by
"pseudorandomness" you mean some process that others are willing
to subject to actual tests to check whether it is in fact likely
to be operating in accordance with the model. If so, your notion
of "true randomness" is a theological one. Practical people have
to test whether their systems are operating correctly; or more
precisely, to do their best to detect when their systems are *not*
operating correctly.
> BTW, I just ordered that book by Trivola from the public library and
> with any kind of luck I will get it in time for the weekend. For the
> record it should be noted that until recently I too was a proponent of
> the position that statistical tests can be used to demonstrate that a
> process was not truly random.
Make sure you don't start out with that misconception -- that's
not what statisticians maintain! What we do say is that a
properly conducted statistical test can provide *evidence*
relevant to that hypothesis. Because probabilities are involved
(*in the process or model itself*), it would be incorrect to
claim certainty either way. But what *can* be done is to cast
reasonable doubt (at a quantifiable level) when observations
consistently are relatively unlikely under the model. So if
there is, say, 1 chance in a million that we would have obtained
a certain score (autocorrelation, perhaps) if generator A were
working correctly and 1 chance in 10 for generator B, if we had
to pick which generator is working properly (and have no other
relevant information), the rational choice is generator B.
The tests do not *prove* (with certainty) that generator A is
malfunctioning, and they certainly don't show that generator B
is working properly (1 chance in 10 is not great), but if we
have to make a choice, B is by far the best bet. (Often in
practice we're in a position to do further testing, obtaining
more evidence to help us make the decision.)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Is initial permutation in DES necessary?
Date: Thu, 01 Apr 1999 23:25:20 GMT
Paul Koning wrote:
> Perhaps "good enough for the time". But "stronger than anyone could
> have come up with"? Clearly not, because a system with the same
> properties but a civilized key size would have been better. And
> of course that was the original proposal; the key was shortened
> later on.
Yes, and the S-boxes were strengthened.
It's called "engineering".
------------------------------
From: [EMAIL PROTECTED] (Mike Andrews)
Subject: Re: North Korean A3 code
Date: 1 Apr 1999 23:55:44 GMT
Reply-To: [EMAIL PROTECTED]
Jim Dunnett ([EMAIL PROTECTED]) wrote in article
<[EMAIL PROTECTED]>:
: On Thu, 01 Apr 1999 17:04:08 GMT, [EMAIL PROTECTED]
: (John Savard) wrote:
: >[EMAIL PROTECTED] (Jim Dunnett) wrote, in part:
: >
: >>The Chinese also have a system which codes a subset of the
: >>ideograms of Mandarin into 5-figure (letter?) groups.
: >
: >I know there's a system that takes Chinese characters into four digit
: >groups: and the book Codebreaker in the Far East shows that the system also
: >has a three-letter version. There is also a conversion of Chinese telegraph
: >code into two 8-bit characters, but it is seldom used in comparison to
: >GuoBiao and Big 5.
: Thanks for that. I stand corrected: as you say it was four
: digits.
: Presumably GuoBiao and Big-5 are expanded (popular) updates.
: Incidentally, anyone know where I could obtain a copy of an
: old-fashioned merchant-shipping code, either to buy in book form
: or to download?
I have the two-volume codebook which is publised as Hydrographic
Office publication somethingorother. Sorry; I'm in my office, and
the books are at home. It's presumably published by various countries
in their national languages, such that the codegroups and meanings
have the same mappings in all language variations.
I'm copying myself on this so that I can look it up when I get home.
--
Mike Andrews | speaking for himself
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Fri, 02 Apr 1999 00:03:12 GMT
Franzen wrote:
> As I understand the hypothetical TRNG concept, it cannot generate
> non-randomness. Since it is hypothetical, it cannot suffer process
> failure either.
You know, you may be onto something there. This so-called "TRNG"
seems to be defined by R. Knauer as an RNG that he somehow "knows"
is functioning correctly (as an RNG), *no matter what the evidence*.
Or, in Bayesian terms, if one is a priori *certain* (P==1) about
a claim, then no matter what the likeihood ratio from observations,
one is also a posteriori certain about the claim. But the rest of
us have to work without a priori certainty, so the likelihood ratio
*does* have relevance for *us*.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Random Walk
Date: Fri, 02 Apr 1999 00:17:27 GMT
"R. Knauer" wrote:
> Just ask why it is that after nearly a century of investigation by the
> best minds on Earth, no one has advanced a satisfactory mathematical
> explanation for the true randomness found in quantum physics. Could
> that be taken as prima facie evidence that true randomness or its lack
> cannot be calculated mathematically?
No, and that hasn't even been a tack that theoreticians have taken.
The official party line, from around 1930 through 1970 at least,
was that "there is no point is worrying about *why* QM works, if
we know *how* it works". That could go a long way toward explaining
why the "why" is not well known. When it comes to truly fundamental
physical theory, what constitutes an "explanation" requires careful
study in its own right.
There have been researchers looking into such questions, however.
There are actually some pretty good papers about entropy in QM
available on the net.
A point that is generally agreed is that whatever is going on at
the quantum superposition level, it is inconsistent with standard
probability theory (a la Feller, for example), although it is
usually described in probabilistic terms.
But this isn't the newsgroup for discussing physics.
------------------------------
From: [EMAIL PROTECTED] (Chuck Grimsby)
Crossposted-To:
comp.lang.pascal.delphi.misc,comp.databases.paradox,comp.databases.ms-access
Subject: Re: Alert: "HAPPY99.EXE" e-mail/newsgroup virus
Date: Fri, 02 Apr 1999 00:18:21 GMT
Shameless repost from comp.risks:
Date: Tue, 30 Mar 1999 16:51:23 -0800
From: Rob Slade <[EMAIL PROTECTED]>
Subject: Melissa macro virus
A report prepared by Robert M. Slade
The following is an attempt to bring together the information about
the Melissa virus. It is taken from the most reliable available
sources. Additional sites have been listed at the end of the article.
I have not added a copyright line to this message in order to allow it
to be used as needed. I will be posting the latest updated version of
this article at
http://sun.soci.niu.edu/~rslade/melissa.txt and
http://victoria.tc.ca/techrev/melissa.txt.
The virus, generally referred to as W97M.Melissa.A (with some
variations:
Symantec, in a rather strained effort to be cute, seems to be calling
it "Mailissa"), is a MS Word macro virus. This means that, if you
don't use Word, you are safe. Completely safe. (Except for being
dependent upon other people who might slow their/your mail server
down. More on that later.) If you need to look at MS Word documents,
there is a document viewer available (free, as it happens) from
Microsoft. This viewer will not execute macros, so it is safe from
infection.
In the messages about Melissa, there have been many references to the
mythical and non-existent "Good Times" virus. Note that simply
reading the text of a message still cannot infect you. However, note
also that many mailers, in the name of convenience, are becoming more
and more automated, and much of this automation concerns running
attached files for you. As Padgett Peterson, author of one of the
best macro virus protection tools, has stated, "For years we have been
saying you could not get a virus just by "opening E-Mail. That bug is
being fixed."
Melissa does not carry any specifically damaging payload. If the
message is triggered there will be text added to the active document.
The mailout function can cause a large number of messages to be
generated very quickly, and this has caused the shutdown of a number
of corporate mail servers.
If you have Word set with macros disabled, then the virus will not
active. However, relying on this protection is a very dangerous
proposition. Previous macro viruses have also killed macro protection
in Word, and this one does as well.
The name "Melissa" comes from the class module that contains the
virus. The name is also used in the registry flag set by the virus.
The virus is spread, of course, by infected Word documents. What has
made it the "bug du jour" is that it spreads *itself* via e-mail. We
have known about viruses being spread as attachments to e-mail for a
long time, and have been warning people not to execute attachments (or
read Word documents sent as attachments) if you don't know where they
came from. Happy99 is a good example: it has spread very widely in
the past month by sending itself out as an e-mail attachment whenever
it infects a system.
Melissa was originally posted to the alt.sex newsgroup. At that time
it was LIST.DOC, and purported to be a list of passwords for sex
sites. I have seen at least one message theorizing that Melissa is
someone's ill-conceived punishment for viewers of pornography. This
hypothesis is extremely unlikely. Sending a virus to a sex related
newsgroup seems to be a reliable way to ensure that a number of stupid
people will read and/or execute your program, and start your new virus
off with a bang. (No pun intended.)
If you get a message with a Melissa infected document, and do whatever
you need to do to "invoke" the attachment, and have Word on your
system as the default program for .doc files, Word starts up, reads in
the document, and the macro is ready to start. If you have Word's
"macro security" enabled (which is not the default) it will tell you
that there is a macro in the document. Few people understand the
import of the warning, and there is no distinction between legitimate
macros and macro viruses.
Because of a technical different between normal macros and "VBA
objects," if you ask for a list of the macros in the document, Melissa
will not show up. It will be visible if you use the Visual Basic
Editor, but only after you have loaded the infected file.
Assuming that the macro starts executing, several things happen.
The virus first checks to see if Word 97 (Word 8) or Word 2000 (Word
9) is running. If so, it reduces the level of the security warnings
on Word so that you will receive no future warnings. In Word97, the
virus disables the Tools/Macro menu commands, the Confirm Conversions
option, the MS Word macro virus protection, and the Save Normal
Template prompt. It "upconverts" to Word 2000 quite nicely, and there
disables the Tools/Macro/Security menu.
Specifically, under Word 97 it blocks access to the Tools|Macro menu
item, meaning you cannot check any macros. It also turns off the
warnings for conversion, macro detection, and to save modifications to
the NORMAL.DOT file. Under Word 2000 it blocks access to the menu
item that allows you to raise your security level, and sets your macro
virus detection to the lowest level, that is, none. (Since the access
to the macro security menu item is blocked, I do not know how this
feature can be reversed, other than programmatically or by
reinstallation.)
After this, the virus checks for the
HKEY_CURRENT_USER\Software\Microsoft\Office\Melissa?\ registry key
with a value of "... by Kwyjibo". (The "kwyjibo" entry seems to be a
reference to the "Bart the Genius" episode of the "Simpsons"
television program where this word was used to win a Scrabble match.)
If this is the first time you have been infected (and this "first
time" business is slightly complicated), then the macro starts up
Outlook, in the background, and sends itself as an attachment to the
"top" 50 names in *each* of your address lists. (Melissa will *not*
use Outlook Express.) Most people have only one (the default is
"Contacts"), but if you have more than one then Outlook will send more
than 50 copies of the message. Outlook also sorts address lists such
that mailing lists are at the top of the list, so this can get a much
wider dispersal than just fifty copies of the message/virus. There
was also a mention on one message about MAPI and Exchange servers,
which may give access to a very large number of mailing lists. From
other reports, though, people who use Exchange mail server are being
particularly hard hit. Then again, people who use Exchange are
probably also standardized on Word and Outlook.
Some have suggested setting this registry key as a preventive measure,
but note that it only prevents the mailout. It does not prevent
infection. If you are infected, and the registry key is removed at a
later date, then a mailout will be triggered the next time an infected
document is read.
Once the messages have been sent, the virus sets the Melissa flag in
the registry, and looks for it to check whether or not to send itself
out on subsequent infections. If the flag does not persist, then
there will be subsequent mass mailings. Because the key is set in
HKEY_CURRENT_USER, system administrators may have set permissions such
that changes made are not saved, and thus the key will not persist.
In addition, multiple users on the same machine will likely each
trigger a separate mailout, and the probability of cross infection on
a common machine is very high.
Since it is a macro virus, it will infect your NORMAL.DOT, and will
infect all documents thereafter. The macro within NORMAL.DOT is
"Document_Close()" so that any document that is worked on will be
infected when it is closed. When a document is infected the macro
inserted is "Document_Open()" so that the macro runs when the document
is opened.
Note that *not* using Outlook does not protect you from the virus, it
only means that the 50 copies will not be automatically sent out. If
you use Word but not Outlook, you will still be infected, and may
still send out infected documents on your own. The virus also will
not invoke the mailout on Mac systems, but definitely can be stored
and resent from Macs. At this time I do not have reliable information
about whether it can reproduce on Macs (there is one report that it
does), but the likelihood is that it can.
Vesselin Bontchev has noted that the virus never explicitly terminates
the Outlook program. It is possible that multiple copies may be
invoked, and may create memory problems. However, this has not been
confirmed, and is not probable given the "first time" flag that is
set.
The message appears to come from the person just infected, of course,
since it really is sent from that machine. This means that when you
get an "infected" message it will probably appear to come from someone
you know and deal with. The subject line is "Important Message From:
[name of sender]" with the name taken from the registration settings
in Word. The test of the body states "Here is that document you asked
for ... don't show anyone else ;-)". Thus, the message is easily
identifiable: that subject line, the very brief message, and an
attached Word document (file with a .doc extension to the filename).
If you receive a message of this form *DO NOT OPEN THE DOCUMENT WITH
WORD!* If you do not have alternate means or competent virus
assistance, the best recourse is to delete the message, and
attachment, and to send a message to the sender alerting them to the
fact that they are, very likely, infected. Please note all the
specifics in this paragraph, and do not start a panic by sending
warnings to everyone who sends you any message with an attachment.
However, please also note that, as with any Word macro virus, the
source code travels with the infection, and it will be very easy to
create modifications to Melissa. (The source code has already been
posted to one Web site.) We will, no doubt very soon, start seeing
many Melissa variants with different subjects and messages. There is
already one similar Excel macro virus, called "Papa." The virus
contains the text "Fred Cohen" and "all.net," leading one rather
ignorant reporter to assume that Fred was the author. Dr. Cohen was
the first person to do formal research into viral programs.
There is a message that is displayed approximately one time in sixty.
The exact trigger is if the current system time minute field matches
the current system time day of the month field when the virus is run.
In that case, you will "Twenty-two points, plus triple-word-score,
plus fifty points for using all my letters. Game's over. I'm outta
here." typed into your document. (This is another reference to the
"Simpsons" episode referred to earlier.)
One rather important point: the document passed is the active
document, not necessarily the original posted on alt.sex. So, for
example, if I am infected, and prepare some confidential information
for you in Word, and send you an attachment with the Word document,
containing sensitive information that neither you nor I want made
public (say, the fact that Bill Gates is a jerk for having designed
the technology this way), and you read it in Word, and you have
Outlook on your machine, then that document will be mailed out to the
top 50 people in your address book.
Rather ironically, a clue to the identity of the perpetrator may have
come from the identification number embedding scheme recently admitted
by Microsoft as having been included with Office and Windows 98.
[Traced to an AOL user, apparently... PGN]
A number of fixes for mail servers and mail filtering systems have
been devised very quickly. However, note that not all of these have
fully tested or debugged. One version that I saw would trap most of
the warning messages about Melissa.
Note that any Word document can be infected, and that an infected user
may unintentionally send you an infected document. All Word
documents, and indeed all Office files, should be checked for
infection before you load them.
Information and antiviral updates (some URLs are wrapped):
http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html
http://www.ciac.org/ciac/bulletins/j-037.shtml
ftp://ftp.complex.is/pub/macrdef2.zip
http://www.complex.is/f-prot/f-prot.html
http://chkpt.zdnet.com/chkpt/hud0007500a/www.zdnet.com/zdnn/stories/
news/0,4586,2233030,00.html
http://www.zdnet.com/zdnn/special/melissavirus.html
http://www.symantec.com/techsupp/mailissa.html
http://www.antivirus.com/vinfo/security/sa032699.htm
http://www.avp.com/melissa/melissa.html
http://www.microsoft.com/security/bulletins/ms99-002.asp
http://www.sendmail.com/blockmelissa.html
ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
http://www.innosoft.com/iii/pmdf/virus-word-emergency.html
http://www.sophos.com/downloads/ide/index.html#melissa
http://www.avertlabs.com/public/datafiles/valerts/vinfo/melissa.asp
http://www.pcworld.com/cgi-bin/pcwtoday?ID=10302
http://www.internetnews.com/bus-news/article/0,1087,3_89011,00.html
http://cnn.com/TECH/computing/9903/29/melissa.copycat.idg/
http://www.pcworld.com/cgi-bin/pcwtoday?ID=10308
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
==============================
On Wed, 31 Mar 1999 17:08:24 -0500, "Arvin Meyer" <[EMAIL PROTECTED]> wrote:
>I don't know about the $350K, but I can tell you that both MS and Intel were
>bit hard by Melissa last weekend. As a precaution I suggest you read the
>following from Woody Leonhard's Windows Office Watch:
>
>~~~~~~~~~Begin Post~~~~~~~~~~~~
> THE NOT SO LOVELY MELISSA VIRUS ~~~~~~~~~~~~~~~~~~~~~~~
> The bombshell for Friday afternoon (US time) was a new Word
> 97 and Word 2000 (currently being widely tested) virus that
> uses Microsoft Outlook (not Outlook Express) to send itself
> out to lots of people very fast and right under your nose.
> As a result it's spread like wildfire in company email
> systems and across the Internet - causing havoc in places
> you would not expect like Microsoft and Intel among many.
> See
>
>http://chkpt.zdnet.com/chkpt/hud0007500a/www.zdnet.com/zdnn/stories/news/0,4
>586,2233030,00.html
> for Fridays report.
>
> The virus is called 'Melissa' or more properly
> W97M/Melissa.A (there's no official name and you'll also
> see it called W97M_Melissa or W97M.Mailissa.A ) after the
> name of class module that contains the macro virus. The
> module is set to run each time an infected document is
> opened and sometimes when closed too.
>
> As usual there has been a lot of panicked and ill informed
> reports about what this virus does so we've worked over the
> weekend to see what it really does, how you can protect
> yourself and what to do if you've already been infected by
> the Melissa virus. We'll also squash some of the rumors
> and misunderstandings that are out there.
>
>
> THE MAIN WARNING - PLEASE READ THIS ~~~~~~~~~~~~~~~~~~~
> First the main and important warning in brief ...
>
> If you receive a message from ANYONE at all - it doesn't
> matter who it might be:
>
> * with the subject line 'Important Message from <name of sender>'
>
> * and an Word document attached (of any name but probably LIST.DOC)
>
> Then DELETE THE MESSAGE, do NOT open the Word document.
>
> This simple advice will remove the virus infected document
> and stop it spreading. If everyone would follow that
> advice the Melissa virus will be stopped dead in its
> tracks.
>~~~~~~~~~~~End Post~~~~~~~~~~~~~
>-----
>Arvin Meyer
>[EMAIL PROTECTED]
>
>Markku Nevalainen wrote in message <[EMAIL PROTECTED]>...
>>Sundial Services wrote:
>>>
>>> There is a Win32 program circulating around the Net which contains a
>>> virus that will attach itself to every e-mail message and newsgroup post
>>> you happen to make. Or it will send a message shortly afterward. Tidy
>>> thing... it even keeps a log of its activities!
>>>
>>
>>Isn't this a slightly outdated info? It's more than month ago when
>>Happy99 came in. And in the age of 30 days these new super viruses
>>are already worn with years.
>>
>>The hottest new virus from last thursday/friday is Melissa (Word
>>macrovirus) and Papa (Excel macrovirus).
>>
>>I heard that FBI has promised $350.000 to anyone who will point
>>out the writer of Melissa virus.
>>
>>Markku Nevalainen
>
======
Please Post Any Replies To This Message Back To the Newsgroup.
There are "Lurkers" around who can benefit by our exchange!
------------------------------
From: Ralph Bauchman <[EMAIL PROTECTED]>
Subject: Q: encryption-friendly hard disk controllers or drives
Date: Thu, 01 Apr 1999 16:33:24 -0700
Anyone know of any hard disk controllers or drives themselves that
are "encryption-friendly" ? That is, might there be controllers/ drives
with a built-in or easily-added-on encryption feature? I'm thinking
along the lines of a controller with an empty IC socket designed to
hold an encryption IC. Plug in chip, load with key somehow then
e/d occurs as data flows into/out of drive transparent to user. If
one loaded the key via an iButton port over a wire straight to the
chip the system itself need not even be aware of its existance.
Ralph
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
