Cryptography-Digest Digest #804, Volume #8 Sun, 27 Dec 98 17:13:03 EST
Contents:
Re: Session keys in Elliptic Curve (Anonymous)
Re: Highly structured info. (XML) and decryption (Harpy-36)
Re: U.S. Spying On Friend And Foe ("Steve Sampson")
Re: [Q. newbie] Authentication/Digital Signatures (Thomas Harte)
Re: Session keys in Elliptic Curve (Harpy-36)
CipherSaber user-interface code available (TPascal Delphi 3.0) (marek jedlinski)
Re: U.S. Spying On Friend And Foe (Jonah Thomas)
Re: U.S. Spying On Friend And Foe ("Steve Sampson")
Re: Meditations on a Cordless Phone (Jim Dunnett)
Re: Encryption Basics (Jim Dunnett)
Re: Encryption Basics (David Hamilton)
Re: ppdd - Encrypted filesystem (incl root filesystem) for Linux - rev 0.6 available
("Alexander Majarek, Sascha, SAM")
----------------------------------------------------------------------------
From: Anonymous <[EMAIL PROTECTED]>
Subject: Re: Session keys in Elliptic Curve
Date: 27 Dec 1998 16:34:52 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Mr. Tines wrote:
>> Mr. Tines wrote:
>> >In the simple case of elliptic curve encryption where
>> >there is a known generator point P, with secret key x,
>> >and public key P,P*x then key exchange could be
>> >accomplished by taking random r and transmitting P*r,
>> >and using (P*x)*r as the session key - so to that extent
>> >the EC algorithm participates in the key generation.
>>
>> So the session key itself is not completely random?
>
>A random number (r) times a constant (P*x) is just
>a re-scaled random number (or given that we're
>working in a finite arithmetic, a random number over
>a shuffled range). There's no loss of entropy; the
>session key P*x*r has as much entropy as the original r.
There is as much entropy as with the original r, however
the session key is not completely random since it can be
mathematically reconstructed. Completely random session
key would be unrecoverable, right?
>> Instead of transmitting a random session key, you transmitting
>> the instructions for reconstructing the session key, namely
>> the random value x and use the non-random session key for
>> the bulk cipher itself, correct? Sorry, I want to be sure
>> about this, I'm not a mathemagician nor a cryptographer.
>
>Here, x is the secret key; the originator of the message
>has P and P*x, and can multiply (P*x) with r to get the
>session key and P with r. The recipient can multiply
>P*r with his secret x to recover the session key.
Sorry, typo.
Forgive me for being a bonehead, but could you please
detail this a bit further? For this approach to work,
the comstant (P*x) must be something from which the
x can't be easily determined by knowing P.
How do you attain security, ie achieve that the
secret part remains secret and only the recipient
can recover the session key?
Could you explain briefly how elliptic curve asymmetric
cryptography works, in laymans terms? Please?
>> With 160 bit elliptic curve key, if you want a 256 bit
>> session key with enough randomness, how large must the
>> random x be, and what would be an acceptable method for
>> generating such value? PRNG augmented with true randomness
>> and hash that? If so, must the algorithm go up to 256 bits?
>
>What I would do would be to generate 256 bits of
>entropy, slice into two 128-bit halves, expand each
>to 160 bits using SHA-1 or RIPEM, and transmitting two
>packets, P*r1 and P*r2. Then concentrate the entropy
>down again by using MD5(P*x*r1)+MD5(P*x*r2) (where +
>denotes concatentaion of bit-streams, and MD5 denotes
>an agreed 128-bit hash) as the 256-bit session key.
Am I correct in understanding that r is the result of
this process of slicing and concentrating, and altough
you transmit two packets, the original 256 bits of
entropy are never used as r, not even when encrypting?
Then comes to the question, how to generate
256 bits of entropy, provided you need to
generate it transparently and in software?
>> >HAVAL can generate 256 bit output as does TIGER - or you
>> >can partition your entropy between two 128-bit generators,
>> >and build half a key from each.
>>
>> ...and GOST. But what are the reputations of these algorithms?
>
>I've seen essentially no discussion of the detailed
>merits of any of these. Message digest algorithms
>tend to be overlooked in comparison with the more
>glamorous encryption algorithms. If asked to plump
>for one over the others, I'd probably go for TIGER
>purely on Biham's repuation, but on nothing more
>scientific than that. I would not commit to their
>security.
This is unfortunate. Good message digest algorithm
would be valuable. Maybe NSA comes up with something
capable for 256 bits when the AES cipher is decided.
Or maybe Counterpane would take up on cue.
>I'm not sure what you mean by SHA1x.
Sorry, was trying to refer to double width SHA-1.
- --EO
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.0.2
iQEVAwUBNoY1NMgXRmWyooNRAQFwOAf/X33njX1Cm+LFb2sxmgFKiP4tcgJdLfkY
UtSohoeI9lSjXLGDfZ3fX9xsb3+P4h4NKCjlU1G1JQiThMYiZzBoyVLL1/2Kepx8
pzfSw3nK8IkStciGhl09iSWd9qbKn3pcNBwf3iTywaVJe/AHBWe+5eYWMTNu+zoi
diLmmDMjE+lHLdy2t78348ZEqV5HLA00tYroP6/HcMjg9EujMJMdbgGQA5plStJv
S3AaWIWU87gWM4JmrtN+NNd+XzfRYY6q30ESGSNcnygwvWUJ59tB2/x6xMuPkVZ9
BkkVCnCGMdHj1MPbWwX/lOHIiF5x/ru/FHSl1061CxMbt0LnaK8twg==
=sxhp
=====END PGP SIGNATURE=====
------------------------------
From: Harpy-36 <[EMAIL PROTECTED]>
Subject: Re: Highly structured info. (XML) and decryption
Date: Sun, 27 Dec 1998 08:04:28 -1000
Anders W. Tell wrote:
>
> Hi,
>
> I have a few questions concerning encryption/code breaking of highly
> structured information
> and especially the emerging internet/web standard XML.
>
> This standard have number of properties which make it easier to guess a
> large parts of
> a message plaintext. An example:
>
> <?xml version="1.0" standalone="no" encoding="UTF-8"?>
> <!DOCTYPE IDL SYSTEM "theschema.dtd">
> <ROOT>
> <COMMENT> text text text...</COMMENT>
> <COMMENT> text text text...</COMMENT>
> </ROOT>
>
> Here the message have a well defined start (the ?xml tag),
> a reference the structure of the rest of the message on second row
> (DOCTYPE)
> and all information is enclosed on tags (ROOT and COMMENT)
>
> My first question is are current encyption algoritms and key lengths
> enough to handle this class of highly stuctutured messages when
> their schemas are knowned ?
Yes.
> Could someone point me to any resources where this issue have been
> dealt with/researched or is this already a well known problem in the
> "crypt"
> community ?
It is already well known. Cipher block chaining or cipher feedback modes
use an Initialization Vector to alter the first block with a
pseudo-random number so that this common header is obfuscated. Then
subsequent blocks are chained with earlier blocks to carry along this
uniqueness. If this technique is not used and Electronic Code Book Mode
is used, then your concern is correct: headers would make it easier to
detect a correct cryptanalysis.
------------------------------
From: "Steve Sampson" <[EMAIL PROTECTED]>
Subject: Re: U.S. Spying On Friend And Foe
Date: Sun, 27 Dec 1998 11:48:21 -0600
If they would have executed him, like the law provides, all this
whining would be blowing in the wind.
He knew the consequences of getting caught. I think we should
execute him before we give him back to the Zionists. Or maybe
give him back to the Zionists after first giving him to the Arabs.
What you fail to understand sir, is that Americans die every year,
and their proxies die every year in this game. Only in America does
anyone feel sorry for a spy, and want to reward them, rather than
kill them, as most societies do. Write your Congressman, and
Senator. Tell them to insist that we kill all spies, no other sentence.
Lacking that, the Zionists should pay us 10 Billion for the information
they stole. Then we can maybe trade him for one of our Americans
in their prison. Maybe...
Mark Adkins wrote in message ...
>You know, I wasn't going to post this, but I've just caught part of a
>debate on C-SPAN regarding whether Jonathan Pollard should be released
>early, and I was offended by the sanctimonious bleating of people like
>David Klinghoffer of National Review, who have the audacity to compare
>the revelation of technical intelligence to a foreign ally by Pollard
>to the case of Aldrich Ames. The United States has some nerve! (For
>those who may be interested, I am neither Jewish nor pro-Israel. I
>simply find the hypocrisy of the United States Government appalling.)
------------------------------
From: Thomas Harte <[EMAIL PROTECTED]>
Subject: Re: [Q. newbie] Authentication/Digital Signatures
Date: 27 Dec 1998 18:23:08 GMT
In sci.crypt you wrote:
> > In other words, are there any
> > _pure_ authentication/signature protocols that exist in their
> > own right, divorced from any potential cryptographic use?
>
> Look up "Chaff and Winnowing".
Thanks, I found http://theory.lcs.mit.edu/~rivest/chaffing-980701.txt.
It is an interesting concept, but what it provides is confidentiality
by exploiting authentication, seemingly to circumvent the regulations
on encryption. Thus effective encryption is achieved (somewhat akin
to steganography) without using encryption.
I should perhaps have been a trifle more clear in my posting. I was
wondering if there is a means of _publicly_ verifying an authenticated
message by means of an authentication/signature-only protocol, viz. one
that enables the public at large to verify that Alice, say, is the sender of
a
particular message (e.g. by using "reverse" public-key cryptography), but
that does not rely on public-key cryptography as this is, _per se
_,
a form of encryption and thus subject to encryption laws.
Has anyone come up with public verification software (e.g. for
on
purposes)? "One-way digital signatures" (by this I mean that they cannot be
turned around and used for encryption)?
Thomas.
------------------------------
From: Harpy-36 <[EMAIL PROTECTED]>
Subject: Re: Session keys in Elliptic Curve
Date: Sun, 27 Dec 1998 10:33:00 -1000
Anonymous wrote:
>> Mr. Tines wrote:
>> >In the simple case of elliptic curve encryption where
>> >there is a known generator point P, with secret key x,
>> >and public key P,P*x then key exchange could be
>> >accomplished by taking random r and transmitting P*r,
>> >and using (P*x)*r as the session key - so to that extent
>> >the EC algorithm participates in the key generation.
>>
>> So the session key itself is not completely random?
>
>A random number (r) times a constant (P*x) is just
>a re-scaled random number (or given that we're
>working in a finite arithmetic, a random number over
>a shuffled range). There's no loss of entropy; the
>session key P*x*r has as much entropy as the original r.
There is as much entropy as with the original r, however
the session key is not completely random since it can be
mathematically reconstructed. Completely random session
key would be unrecoverable, right?
>> Instead of transmitting a random session key, you transmitting
>> the instructions for reconstructing the session key, namely
>> the random value x and use the non-random session key for
>> the bulk cipher itself, correct? Sorry, I want to be sure
>> about this, I'm not a mathemagician nor a cryptographer.
>
>Here, x is the secret key; the originator of the message
>has P and P*x, and can multiply (P*x) with r to get the
>session key and P with r. The recipient can multiply
>P*r with his secret x to recover the session key.
Sorry, typo.
Forgive me for being a bonehead, but could you please
detail this a bit further? For this approach to work,
the comstant (P*x) must be something from which the
x can't be easily determined by knowing P.
How do you attain security, ie achieve that the
secret part remains secret and only the recipient
can recover the session key?
Could you explain briefly how elliptic curve asymmetric
cryptography works, in laymans terms? Please?
- --EO
Your confusion is understandable, since multiplication would seem
to laymen to be something which is easy to invert. It is not,
when used in the Elliptic Curve Public Key Cryptosystem.
(EC-PKC). This cryptosystem uses mathematics which is
more advanced than that used for the RSA-PKC. It
uses multi-dimensional space with projective
geometry in a finite group. The following
explanation of the EC-PKC is given in
laymans' terms, and so, it leaves
out the most impressive ideas
which have made it a
practical way to
send messages
securely.
Most
cryptosystems
use the one dimensional
"number line" which is familiar to
high school graduates. Elliptic curves
are used in 2 or 3 dimensional spaces which
makes it more difficult to break. And these spaces
are not ordinary space, they are in projective space,
like in a movie projector, where squares are transformed
into non-squares. Also, the math is define for ADDITION and
not for multiplication. There is an additive inverse, called
subtraction, but since there is no multiplication, there is no
division. When Mr. Tines wrote about "using (P*x)*r as the session key"
he appears to be using multiplication, but really it is addition done
many times. In the EC-PKC there are ADDITION FORMULAE AND DOUBLING
FORMULAE which are used to do a pseudo-multiplication. To add 2
points on a curve, (x1, y1) + (x2, y2) you do NOT add x1 + x2
you need to used a formula which is much bigger, but which
is easy to use. Also, square roots need to be calculated
for some numbers. There is an easy way to take square
roots in an "additive group" if the number is a
"quadratic residue". There is an easy way to
determine if a number is a quadratic
residue. We have now left the
laymans' terms so let's just
define these terms because
they are simple ideas.
An additive group is
basically a set of
numbers where
only addition
is useable.
A
quadratic
residue is a
number which is
left over after squaring
a number in a finite field.
For example, in the field of 5:
1^2 = 1 mod 5
2^2 = 4 mod 5
3^2 = 4 mod 5
4^2 = 1 mod 5
So 1 and 4 are quadratic residues
and 2 and 3 are quadratic non-residues.
Many laymen know that there are 2 square roots
for numbers: sqrt(4) = 2 or -2. So also there are
2 square roots of quadratic residues: Sqrt(1) is 1
or 4 (mod 5). Now back to the EC-PKC. Given an x coordinate
we can calculate 2 y coordinates from the equation of the curve:
y^2 = x^3 + x + 3 mod n, for example. You see that you will need to take
a square root of y^2 to get the y coordinate. To "multiply" a point
P times a number r you can use the "addition formula" r times, or
you can speed things up by using the doubling formula too. For
example, if x=9 you can double P 3 times and add x to that
result. Then you only do 4 operations instead of 9.
Now that you have been shown some important
features of the math involved, we are
to encrypt a message.
Suppose
a message m
is encoded as
a point on a curve:
(x3, y3) where each coordinate
is a 170 bit number. (Points not
on the curve are never used). The
message is sent securely if two people
share a public key. This information will
include the equation of the curve, which is used
with numbers less than the modulus n. Please see:
http://www.dice.ucl.ac.be/crypto/biblio_ell.html
A point on the curve, G, is called a generator and this
is publicly known. For Bob to send Alice a message, he uses
Alice's public key. Alice creates a public point on the curve,
P = a*G, and tells this to everyone. Alice keeps "a" secret, and
nobody can calculate it during this century. Bob makes up a pseudo-
random number x, and calculates G*x. The message m is added to P*x and
he sends the ciphertext to Alice (G*x, m+P*x). Alice can decrypt it by
multiplying (G*x) by "a" and subtracting the result from m+P*x.
------------------------------
From: [EMAIL PROTECTED] (marek jedlinski)
Crossposted-To: talk.politics.crypto
Subject: CipherSaber user-interface code available (TPascal Delphi 3.0)
Date: Sun, 27 Dec 1998 20:14:34 GMT
Having developed my own CipherSaber implementation in TurboPascal and
Delphi 3, I have now created a web page with in-my-own-words explanation of
what it takes to write a CipherSaber program and detailed explanation of
the cipher algorithm in (hopefully) plain English. The RC4 itself is not
distributed, but for anyone who'd like to write their own CipherSaber in
Pascal or a derivative language, I have posted the fully-working source
code for the DOS and Win95 implementations. Just drop your own RC4.PAS unit
(necessary documentation and the unit's Interface section is included in
the distribution) and you're done, no need to repeat the tiresome task of
error checking, passphrase verifying, etc. The source code is public
domain; so are the contents of the web page itself. Please copy freely.
The page is in its first draft. I will very much appreciate any comments,
especially reports of any inaccuracies in my descriptions of the ciphering
process.
The URL:
http://www.lodz.pdi.net/~eristic/free/ciphersaber.html
.marek jedlinski
--
General Frenetics, Discorporated: http://www.lodz.pdi.net/~eristic/
PGP public key: send blank email with "get pgp_key" as subject line.
"There is a wicked pretense that one has been informed. But no such
thing has truly occurred! A mere slogan, an empty litany. No arguments
are heard, no evidence is weighed. It isn't news at all, only a source
of amusement for idlers." (Gibson-Sterling, The Difference Engine)
------------------------------
From: Jonah Thomas <[EMAIL PROTECTED]>
Subject: Re: U.S. Spying On Friend And Foe
Date: Sun, 27 Dec 1998 21:03:42 GMT
This is offtopic here, but anyway...
[EMAIL PROTECTED] () wrote:
>Steve Sampson ([EMAIL PROTECTED]) wrote:
>: If they would have executed him, like the law provides, all this
>: whining would be blowing in the wind.
>I know that some people advocating the release of Johnathan Pollard have
>claimed that he gave satellite information to Israel as a result of its
>being withheld by anti-Semites in cabinet posts relating to defence.
>However, I have also heard that the current CIA director objects to his
>release, and that may be with good reason.
>Thus, I do not know the facts of this particular issue.
It is quite clear that he was a citizen of the USA and committed treason.
What isn't so clear is how justified he was in committing treason.
The problem is that we almost certainly have a great many other US
citizens committing similar treason who are not in prison.
>During the period before the establishment of the State of Israel in 1948,
>it occasionally happened that young Arab men would amuse themselves wit
>girls among the small Jewish population then in what was called Palestine.
>As the men were Muslims, and the girls non-Muslim, the criminal justice
>system did not operate to protect them.
>This is reason enough for us to acknowledge that the Jewish people have
>the right to defend themselves by means of wahtever force is necessary,
It certainly is not! That's a silly argument.
>even if the end result is that the Arabs of Palestine end up in the same
>unenviable situation as the First Nations population of North America.
The invaders in north america were lucky, they had vastly superior
technology and they quickly had the advantage of much larger population.
While Israel might be able to deny education and technology to
palestinians similar to the way the Philistines did to israelites in
Samson's time, it's an unstable situation. It isn't practical to rely on
that sort of luck. Israel needs to either kill off its arab enemies or
make some sort of peace with them.
>The history of the Arab-Israeli conflict, marked as it is by the frequent
>resort of the forces hostile to Israel to the cruel and cowardly expedient
>of terrorism, the dependence of nations making war against Israel on
>weapons obtained from behind the Iron Curtain, and the general hostility
>of much of the Islamic world to the United States, Western Europe, and the
>world's other leading civilized countries, would seem to make it
>abundantly clear on which side right lies in the conflict between Israel
>and its neighbors.
This isn't a matter of right and wrong, it's a matter of wrong and wrong.
Israel's problems with its neighbors don't justify treason by US citizens.
>The option of peace with the Jewish people was _always_ open to the Arab
>nations.
Too bad it isn't open for palestinians now.
>John Savard
------------------------------
From: "Steve Sampson" <[EMAIL PROTECTED]>
Subject: Re: U.S. Spying On Friend And Foe
Date: Sun, 27 Dec 1998 15:22:05 -0600
[EMAIL PROTECTED] wrote
>Steve Sampson ([EMAIL PROTECTED]) wrote:
>Thus, I do not know the facts of this particular issue.
Let's put it this way. If an Israeli man came to the U.S. and
raped a woman, and then cut off her parents heads, what
should we do? Should we bow to the Israeli Minister, or
should we keep our laws, and the convict incarcerated?
>However, the way in which you have used the term "Zionists" to refer to
>Israel indicates that you are in error about other facts.
>
>During the period before the establishment of the State of Israel in 1948,
>it occasionally happened that young Arab men would amuse themselves wit
>girls among the small Jewish population then in what was called Palestine.
>As the men were Muslims, and the girls non-Muslim, the criminal justice
>system did not operate to protect them.
So the whole middle-east crisis is the result of Arabs screwing non-Arabs?
If we release the Israeli spy, then we should also release all the other
spies, and get rid of the spying laws, as being too unfair. Israel can have
their
spy, but not for free.
My solution is, for Israel to pay us 10 Billion, and we will give them their
spy back. That's 10 Billion, and 10 years of U.S. Taxpayer aid revoked.
We can deal under those lump-sum terms.
------------------------------
From: [EMAIL PROTECTED] (Jim Dunnett)
Subject: Re: Meditations on a Cordless Phone
Date: Sun, 27 Dec 1998 21:14:18 GMT
Reply-To: Jim Dunnett
On 27 Dec 98 01:27:09 GMT, [EMAIL PROTECTED] () wrote:
>It's interesting to note all the different features of those new 900 MHz
>cordless phones.
>
>Some, although they operate in the 900 MHz band, are still conventional
>analogue phones.
>
>Others digitize the voice, and have "65,000 security codes", or even
>"16,000,000" security codes, that are merely ID numbers which the handset
>and base use to recognize each other.
>
>Then, even higher up, are telephones using spread spectrum technology. I'm
>suspecting that the spread spectrum sequence may not necessarily be a
>secret one, so even at this level the security provided only comes from
>obscurity.
They're designed only to be secure against casual
interception by someone with a radio scanner, not
against governmental organisations.
You might say that's about all you want, as said
governmental organisation would probably find it
easier to tap the landline rather than the radio.
If you want it secure end-to-end, then I would think
you'd have to persuade yourself and your correspondents
to spend heavy money on hardware.
--
Regards, Jim. | A drunk man is more likely to find a
olympus%jimdee.prestel.co.uk | woman attractive. So if all else fails,
dynastic%cwcom.net | get him drunk.
nordland%aol.com | - Dr Patrick McGhee, who coaches women
marula%zdnetmail.com | on successful dating.
Pgp key: wwwkeys.uk.pgp.net:11371
------------------------------
From: [EMAIL PROTECTED] (Jim Dunnett)
Subject: Re: Encryption Basics
Date: Sun, 27 Dec 1998 21:14:17 GMT
Reply-To: Jim Dunnett
On Sun, 20 Dec 1998 15:16:33 GMT, [EMAIL PROTECTED] (David
Hamilton) wrote:
>Your stuff may be free but there is a cost associated with all free software.
Please elucidate...!
--
Regards, Jim. | A drunk man is more likely to find a
olympus%jimdee.prestel.co.uk | woman attractive. So if all else fails,
dynastic%cwcom.net | get him drunk.
nordland%aol.com | - Dr Patrick McGhee, who coaches women
marula%zdnetmail.com | on successful dating.
Pgp key: wwwkeys.uk.pgp.net:11371
------------------------------
From: [EMAIL PROTECTED] (David Hamilton)
Subject: Re: Encryption Basics
Date: Sun, 27 Dec 1998 21:58:06 GMT
=====BEGIN PGP SIGNED MESSAGE=====
[EMAIL PROTECTED] (Aman) wrote:
>On Sun, 20 Dec 1998 15:16:33 GMT, [EMAIL PROTECTED] (David
>Hamilton) wrote:
>>Your stuff may be free but there is a cost associated with all free
>>software.
>I would be particularly interested what cost is associated with
>"free" Scramdisk, in your view..
>
>Thanks.
>
>Aman.
As you know Aman, the word 'cost' has a number of meanings. In my copy of the
Pocket Oxford Dictionary (a small dictionary), it gives the following as
examples of usage (there are others but I've given just 3):
1) It cost her 5 UK Pounds.
2) It cost him much effort.
3) It cost him his life.
There are costs involved with all software. There may be a charge for the
software (eg 'Windows 98 cost her 60 UK Pounds'). And this is what we
normally think of when talking about software and cost. But, there may a
nasty, consequential cost of installing faulty software (eg 'that software
caused my system to crash/ruined my data'). So, in this case, there would be
a cost in time/effort to recover. There is a cost in getting to know how to
properly use software - this time/effort could be large or small depending on
the functions used by individuals. There could be costs associated with the
fact that the software may not work as it should/claims. The costs here could
be minor or major, the costs could be time/effort and/or money - it is
possible to think of examples of both. eg A spreadsheet scroll bar not
working may have a minor cost. eg An investment program incorrectly
calculating a moving average may cost an investor thousands of pounds. It is
possible to be dramatic and say that faulty software has cost lives ... but I
can't think of any examples of this.
Here is a personal example. PGP has cost me time/effort. Besides learning how
to use the software, I've tested the wipe function in versions 2.6.3i and
5.5.3i because of reported problems with it. This cost me time/effort even
though my versions of PGP were free.
In the case of Scramdisk, I'm not a current user. (If I have the need for the
kinds of thing that Scramdisk does, it will be on my shortlist.) And if I use
Scramdisk in the future, I would learn how to use it properly and I might
want to test parts of it before using it seriously. This would cost me
time/effort.
And I've left the 'best' cost of 'free Scramdisk' until last. There is a
development and support cost; certainly in time/effort, and maybe financial
too. Now, I wonder who meets that cost? For the uninitiated, the answer is
Aman and Sam. (Yes, I know I've ignored the contribution of the developers
of the algorithms in Scramdisk but I've gone on for long enough.)
Please note that I'm not complaining about the costs of using free software:
I'm just saying that these costs exist. And the fact that there are costs
associated with free software doesn't stop me from being grateful to those,
in the crypto community, who provide quality free software.
Regards.
David Hamilton. Only I give the right to read what I write and PGP allows me
to make that choice. Use PGP now.
I have revoked 2048 bit RSA key ID 0x40F703B9. Please do not use. Do use:-
2048bit rsa ID=0xFA412179 Fp=08DE A9CB D8D8 B282 FA14 58F6 69CE D32D
4096bit dh ID=0xA07AEA5E Fp=28BA 9E4C CA47 09C3 7B8A CE14 36F3 3560 A07A EA5E
Both keys dated 1998/04/08 with sole UserID=<[EMAIL PROTECTED]>
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
Comment: Signed with RSA 2048 bit key
iQEVAwUBNoasPso1RmX6QSF5AQFOjwf/Srq3PH1//laOxwd8seH2Xm6LERaWjqle
37pZv70yxq2CI2POPH1QOQkJnSteo1Os1aUfARZgE6BLNW6gtP07awK0Mpe2BmaD
z9GkSrQFDZJpSZn6oxM9gtJLJI2plObpxjYWkstUhd731yhpT9xuC2vug1Augoy6
31cJFZHrh7dszfc2wAhzw6gk7BoHTZrknBJUlAqGFI5n5MmPEn3DQvjdChJQioEZ
SpbbZD80hRaGZRMe9mYXCN7ixWKFI/nkU6vJEhhytqPKPPhWLrgJKSKH024pkwJq
krHBQsnE+ae0f6rW30K5mHHf0chz2VFYhEaArDLOA3+P8Ips7znNzg==
=a16y
=====END PGP SIGNATURE=====
------------------------------
From: "Alexander Majarek, Sascha, SAM" <[EMAIL PROTECTED]>
Subject: Re: ppdd - Encrypted filesystem (incl root filesystem) for Linux - rev 0.6
available
Date: Sun, 27 Dec 1998 19:52:32 +0100
Has anybody considered building something like this (ie root filesystem
encryption) for Win X (95/98/NT) systems ???
... sounds GREAT!
Greetings,
SAM
--
*************************************************
ThinkTank (FN 157681i, HG Wien)
Quinta da Friedali, Jedleseer Str. 25, A-1210 Wien
Tel: +43-1-271 44 00-0; FAX: 43-1-271 44 00-20
http://www.ThinkTank.at mailto:[EMAIL PROTECTED]
PGP-Key: http://www.ThinkTank.at/ttank.pgp
*************************************************
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
