Cryptography-Digest Digest #801, Volume #8 Sun, 27 Dec 98 05:13:04 EST
Contents:
Encrypted video games... help help (grimmy)
cryptomani (Branko Ivancic)
Re: S-Tools 4 and PGP 5.5.3a (Anonymous)
Re: S-Tools 4 and PGP 5.5.3a (this time the URL is inclosed) (Anonymous)
Microsoft SGC (SSL), CrytoAPI? ("denis bider")
Meditations on a Cordless Phone
User Caused Scramdisk problem (Red)
Re: Microsoft SGC (SSL), CrytoAPI? ("R H Braddam")
Re: Meditations on a Cordless Phone (Paul Rubin)
crypt-o-text (zuldare)
Re: Cryptography FAQ (01/10: Overview)
Re: cryptomani
Re: cryptomani (Terry Ritter)
--- sci.crypt charter: read before you post (weekly notice) (D. J. Bernstein)
Re: Encrypted video games... help help (fungus)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (grimmy)
Subject: Encrypted video games... help help
Date: Sat, 26 Dec 1998 18:21:42 -0800
I am researching a paper on software piracy in relation to some SC
rulings on the matter. I recently discovered how Capcom makes use of
encrypted ROMs to protect their data from pirate pcb's.. Anyone have any
info the encryption Capcom uses, bitwise or anything? I appreciate any
help I can get!
------------------------------
From: [EMAIL PROTECTED] (Branko Ivancic)
Subject: cryptomani
Date: Sat, 26 Dec 1998 23:22:08 GMT
I won to learn and understand if possibly all about cryptology so if
there is anyone that could show me the way and sites for downloading
faqs, i searched but found nothing but philosophers out there
tnx
------------------------------
From: Anonymous <[EMAIL PROTECTED]>
Subject: Re: S-Tools 4 and PGP 5.5.3a
Date: 27 Dec 1998 00:33:29 +0100
Try this site for the links you're asking about. It up most evenings
for a few hours and all weekend.
------------------------------
From: Anonymous <[EMAIL PROTECTED]>
Subject: Re: S-Tools 4 and PGP 5.5.3a (this time the URL is inclosed)
Date: 27 Dec 1998 00:35:43 +0100
http://hookah.ddns.org
------------------------------
From: "denis bider" <[EMAIL PROTECTED]>
Subject: Microsoft SGC (SSL), CrytoAPI?
Date: Sun, 27 Dec 1998 00:48:50 GMT
Has anyone had any experiences with the security of Microsoft's SGC
implementation? (Or, which is the same thing, Microsoft's SSL implementation
without the export limitations) Or about Microsoft's CryptoAPI?
Having read www.counterpane.com/pptp-pressrel.html, I am reconsidering my
decision as to whether or not to use Microsoft's cryptographic technology in
our products.
If you have any experiences, or if you know of an independent analysis of
Microsoft's technology, please comment.
--
denis bider ([EMAIL PROTECTED], [EMAIL PROTECTED])
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Meditations on a Cordless Phone
Date: 27 Dec 98 01:27:09 GMT
It's interesting to note all the different features of those new 900 MHz
cordless phones.
Some, although they operate in the 900 MHz band, are still conventional
analogue phones.
Others digitize the voice, and have "65,000 security codes", or even
"16,000,000" security codes, that are merely ID numbers which the handset
and base use to recognize each other.
Then, even higher up, are telephones using spread spectrum technology. I'm
suspecting that the spread spectrum sequence may not necessarily be a
secret one, so even at this level the security provided only comes from
obscurity.
Some top-of-the-line cordless phones do offer, as one Sony unit claims,
"digital voice encryption". So the feature is available, but so far only
in stratospheric models.
In any event, a DES chip that runs at digital audio speeds is fairly
expensive, and doesn't really belong in a consumer product that doesn't
need it.
However, it would be nice if the base used a challenge-response protocol
to verify the identity of the handset...
and, as far as encryption goes, one would think that even a cheap digital
cordless telephone could *attempt* to encrypt its signal, using just a
really simple algorithm like the following:
1) Replace the bytes of the bitstream by using a key-dependent
substitution table with 256 8-bit entries.
2) XOR the output of a shift register with the bitstream.
3) Replace the bytes of the bitstream using another key-dependent
substitution table with 256 8-bit entries.
Now, I have a question.
We know that step 2 by itself - or, for that matter, step 1 by itself -
provides no real security. But surrounding step 2 by steps 1 and 3 makes
up for the great weakness of step 2, its linearity.
Does such a simple and quick encryption scheme as the one I've outlined
(assuming the initial state of the shift register, and the S-box contents,
are produced from a key of reasonable length using a good algorithm) have
any real security at all?
I don't recall seeing an attack on this type of cipher in the literature.
Yet, it's an extremely simple case, that can be used in situations where
the ciphers known to be secure are unavailable, for cost reasons, and
where high security is not required.
John Savard
------------------------------
From: [EMAIL PROTECTED] (Red)
Subject: User Caused Scramdisk problem
Date: Sun, 27 Dec 1998 01:48:58 GMT
Hope you can help:
I attempted to create a scamdisk partition on D drive but aborted
partway through the encryption process.
The drive letter "e" was allocated to the part formatted drive.
Both the original "d" and "e" drive show up in explorer but neither
are accessable, with the error message -"unable to mount devise".
In scram disk this shows up as Drive E
I have successfully encrypted the original "d" drive and allocatted
the drive as a "d". But if I try to revert this partition back to dos
I get the unable to mount drives eror message and the drive is
allocated a "e"
My question - How can I revert back to dos on the original drive?
Trust you can help,
Red
------------------------------
From: "R H Braddam" <[EMAIL PROTECTED]>
Subject: Re: Microsoft SGC (SSL), CrytoAPI?
Date: Sat, 26 Dec 1998 20:14:31 -0600
denis bider wrote in message ...
>Has anyone had any experiences with the security of
Microsoft's SGC
>implementation? (Or, which is the same thing,
Microsoft's SSL implementation
>without the export limitations) Or about Microsoft's
CryptoAPI?
>
>Having read www.counterpane.com/pptp-pressrel.html, I
am reconsidering my
>decision as to whether or not to use Microsoft's
cryptographic technology in
>our products.
>
>If you have any experiences, or if you know of an
independent analysis of
>Microsoft's technology, please comment.
>
>--
>denis bider ([EMAIL PROTECTED], [EMAIL PROTECTED])
>
The only experience I have with it is from compiling
the ENUMALGS example in the SDK samples and running it.
My system is supposed to be upgraded to 128 bit
security, but Enumalgs.exe reports only 40-bit RC2 and
RC4. No other encryption algorithms at any strength.
Oddly, it reports 128-bit hashes. That is when
specifying the RSA_FULL provider. IE4 help about
reports 128 bit encryption, but I can't find a way to
select encryption strength or even verify 128 bit
capability.
--
Rick [EMAIL PROTECTED]
Murphy's Law is the only sure thing in the universe.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Meditations on a Cordless Phone
Date: Sun, 27 Dec 1998 02:15:44 GMT
In article <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>In any event, a DES chip that runs at digital audio speeds is fairly
>expensive, and doesn't really belong in a consumer product that doesn't
>need it.
You're not talking about CD quality audio in a cordless phone. The
bit rates are fairly low. The phones all have microprocessors and
doing some reasonable or fairly reasonable encryption in software (or
on some corner of a some ASIC in the phone) that's fast enough for
this purpose is pretty simple. There's no reason to mess with bad
crypto algorithms unless they're going to cause you fewer regulatory
hassles.
For software voice encryption source code, see www.lila.com/nautilus/
------------------------------
From: zuldare <[EMAIL PROTECTED]>
Subject: crypt-o-text
Date: Sat, 26 Dec 1998 21:28:20 -0500
I have heard that the encryption program Crypt-o-Text is
"brainless to crack."
If this is true, and it probably is, can someone tell me how to get
started? thanks.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Cryptography FAQ (01/10: Overview)
Date: 27 Dec 98 01:47:35 GMT
Karl-Friedrich Lenz ([EMAIL PROTECTED]) wrote:
: Have you tried contacting the editors of the old FAQ?
Yes, since my last post in this thread ... and I suffered the same fate as
you experienced; the mail bounced. I wonder who is posting the FAQ, if
that isn't a real E-mail address?
I've gone through the FAQ, and found that while there are a few things I
would like to add, and the bibliography could be updated to include the
2nd editions of both Schneier and Koblitz, most of the FAQ has held up
very well.
"What is the AES?" and some information about the "Better DES Challenge"
and the EFF cracker that won it are probably the most obvious things to
add. Probably, though, some of the technical stuff that I'm not current on
- what is the current state of factoring, for example - is more urgently
in need of an update.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: cryptomani
Date: 27 Dec 98 01:42:07 GMT
Branko Ivancic ([EMAIL PROTECTED]) wrote:
: I won to learn and understand if possibly all about cryptology so if
: there is anyone that could show me the way and sites for downloading
: faqs, i searched but found nothing but philosophers out there
I think my site, at
http://members.xoom.com/quadibloc/index.html
has some factual material on it, not just philosophy, although it doesn't
advance to the highly technical stuff.
John Savard
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: cryptomani
Date: Sun, 27 Dec 1998 03:32:27 GMT
On Sat, 26 Dec 1998 23:22:08 GMT, in <[EMAIL PROTECTED]>,
in sci.crypt [EMAIL PROTECTED] (Branko Ivancic) wrote:
>I won to learn and understand if possibly all about cryptology so if
>there is anyone that could show me the way and sites for downloading
>faqs, i searched but found nothing but philosophers out there
Allow me to suggest my introduction to cryptography:
http://www.io.com/~ritter/LEARNING.HTM
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Crossposted-To: talk.politics.crypto
Subject: --- sci.crypt charter: read before you post (weekly notice)
Date: 27 Dec 1998 06:00:40 GMT
sci.crypt Different methods of data en/decryption.
sci.crypt.research Cryptography, cryptanalysis, and related issues.
talk.politics.crypto The relation between cryptography and government.
The Cryptography FAQ is posted to sci.crypt and talk.politics.crypto
every three weeks. You should read it before posting to either group.
A common myth is that sci.crypt is USENET's catch-all crypto newsgroup.
It is not. It is reserved for discussion of the _science_ of cryptology,
including cryptography, cryptanalysis, and related topics such as
one-way hash functions.
Use talk.politics.crypto for the _politics_ of cryptography, including
Clipper, Digital Telephony, NSA, RSADSI, the distribution of RC4, and
export controls.
What if you want to post an article which is neither pure science nor
pure politics? Go for talk.politics.crypto. Political discussions are
naturally free-ranging, and can easily include scientific articles. But
sci.crypt is much more limited: it has no room for politics.
It's appropriate to post (or at least cross-post) Clipper discussions to
alt.privacy.clipper, which should become talk.politics.crypto.clipper at
some point.
There are now several PGP newsgroups. Try comp.security.pgp.resources if
you want to find PGP, c.s.pgp.tech if you want to set it up and use it,
and c.s.pgp.discuss for other PGP-related questions.
Questions about microfilm and smuggling and other non-cryptographic
``spy stuff'' don't belong in sci.crypt. Try alt.security.
Other relevant newsgroups: misc.legal.computing, comp.org.eff.talk,
comp.org.cpsr.talk, alt.politics.org.nsa, comp.patents, sci.math,
comp.compression, comp.security.misc.
Here's the sci.crypt.research charter: ``The discussion of cryptography,
cryptanalysis, and related issues, in a more civilised environment than
is currently provided by sci.crypt.'' If you want to submit something to
the moderators, try [EMAIL PROTECTED]
---Dan
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: Encrypted video games... help help
Date: Sun, 27 Dec 1998 07:54:49 -0100
grimmy wrote:
>
>
> I am researching a paper on software piracy in relation to some SC
> rulings on the matter. I recently discovered how Capcom makes use of
> encrypted ROMs to protect their data from pirate pcb's.. Anyone have
> any info the encryption Capcom uses, bitwise or anything? I
> appreciate any help I can get!
AFAIK it isn't very sopisticated, they just combined the address
with the data in some way. It was done back in the days when a lot
of arcade machines used the same pcbs and people used to copy the
latest ROMs and put them in old machines, or buy cheaper games
and put the ROMs from more expensive games in the box.
The arcade machine emulators floating round the 'net need to deal
with these ROMs, and they've got source code available (or you
could just ask the authors about this). Check with the people
in alt.games.mame
PS: I just noticed the MAME web site has had "all of Capcom's
ROMS removed". Coincidence?
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
