Cryptography-Digest Digest #200, Volume #9 Mon, 8 Mar 99 03:13:04 EST
Contents:
Re: Has anyone given easy-to-understand descriptions of encryption methods? (John
Savard)
Re: British Crypto Fascists (R. Knauer)
Re: wipe free space (Albert P. Belle Isle)
Re: RNG = encryption ("Steve Sampson")
Re: British Crypto Fascists (R. Knauer)
Quantum PRNG (R. Knauer)
Re: checksum algorithm ? (wtshaw)
Re: RNG = encryption (wtshaw)
CRYPTO, TRADEMARKS, BRAND NAMES & DOMAIN NAMING ([EMAIL PROTECTED])
Re: Testing Algorithms [moving off-topic] (Somniac)
Re: Client-server encryption key negotiation...? ("Chris Odom")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Has anyone given easy-to-understand descriptions of encryption methods?
Date: Sun, 07 Mar 1999 21:38:49 GMT
[EMAIL PROTECTED] wrote, in part:
>I've been searching the Web and Usenet for some time, but I have not found
>what I've been looking for--a detailed description of encryption methods in
>language that I can understand. It would be nice to read a description of a
>particular algorithm, say blowfish, broken down into steps and described in
>terms understandable to people who don't already know the jargon of
>cryptography or advanced mathematics.
My web site comes as close to what you are looking for as anything on
the Web might, if I may be so bold as to say so myself.
I definitely avoid advanced mathematics wherever possible. As for the
jargon of cryptography, you should be able to pick up some of that
from my pages as well, but I've striven to be as nontechnical as
possible.
John Savard (teneerf is spelled backwards)
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: British Crypto Fascists
Date: Mon, 08 Mar 1999 01:10:30 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 07 Mar 1999 23:01:43 GMT, [EMAIL PROTECTED] (Haldor) wrote:
>>I wonder if anyone behind this nonsense knows anything about crypto.
>>The only reason crime pays is that the people fighting it are stupider
>>than criminals.
>I think we all know the answer to that question. Here in Canada they
>are hemming and hawing over the question as well, also by earnest but
>ignorant bureaucrats and politicians.
The only reason the truth wins out is that it is not embraced by
criminals, and that by definition includes all politicians.
Bob Knauer
============================================================================
"The smallest minority on earth is the individual. Those who deny individual
rights cannot claim to be defenders of minorities."
-- Ayn Rand
------------------------------
From: [EMAIL PROTECTED] (Albert P. Belle Isle)
Subject: Re: wipe free space
Date: Mon, 08 Mar 1999 01:35:47 GMT
Reply-To: [EMAIL PROTECTED]
On 7 Mar 1999 18:46:55 -0000, brandon <[EMAIL PROTECTED]> wrote:
>Over the last year or so I've come across lots of different programs for wiping
>free space on hard disks. First there was BCwipe, then Eraser, Scramdisk, PGP,
>even Norton Utilities has this option if I remember correctly.
>
>Some programs take a very long time to complete (eraser for example), while
>others are quite brisk little buggers. Are the quickies not doing a proper job?
>or are the long hauls doing unnecessary overtime? Obviously the best one takes
>the least time possible to do the job properly.
>
>Can anyone shed light on this one? Which is the best program to use?
>
Brandon:
For a given number of overwrites-per-sector with pre-determined
patterns, all overwrite functions should be limited by the disk
transfer rate (PIO3, PIO4, UltraDMA33, UltraDMA66, etc.).
Consequently, for the same disk accessed through the same driver by
the same operating system, the overwrite rate to a given standard
should be the same for all the programs which you're trying.
If one appears to magically complete its passes at a higher rate
(usually accompanied by much-less-or-no disk activity), it usually
means yet another clueless implementation without cache-flushing of
each overwrite data buffer.
The "diskwipe.c" module in 32-bit PGP 5.5 for Windows was apparently
written by a "Windows programmer" who didn't understand exactly what
those nifty-looking mapped file functions in the Win32 API really do.
Consequently, all its "secure file-wiping" isn't.
(Hint - they "commit" to VCACHE - not flush to disk. You can see the
same mistake in the memory allocation/deallocation part of the beta
source code for Bruce Schneier's "Yarrow" PRNG.)
The old reliable 16-bit PGP2.63 has properly-written cache-flushing
calls, and works reliably under DOS. However, many people peddling
"Windows front-ends" for it are apparently oblivious to the fact that
Win95's VCACHE ignores 16-bit cache-flushing calls (contrary to
assurances of "backwards compatibility" by MSFT technical personnel).
Consequently, when run in a Win95 DOS-box (under the control of a
"front-end" or not) PGP 2.63's "secure wiping" isn't, either.
The most straightforward way to implement overwriting of all
uncommitted clusters on a disk is to create a file (or set of files
for multi-gigabyte free spaces) that fills the free space; overwrite
it to the desired standard; and then unlink.
(In the case of Sanitizing per DOD 5220.22-M, the standard requires
readback-verification, which further slows things down and is often
omitted in so-called "military-grade disk-wiping" products.)
You'd be amazed at how many "Windows programmers" can't manage enough
understanding of their platform to accomplish this simple task. Just
use any sector-reading hex viewer on the disk before and after the
"wiping", and you can easily see who's who.
Then you have the people who think that this is the way to "wipe the
Windows swapfile" by doing the afore-mentioned to get those particular
clusters which the Win32 virtual memory management routines have
released at the moment (as opposed to wiping _all_ of the swapfile).
Then there are the folks who think "file slack" is just the tail of
the last cluster of a file, and leave un-wiped the scavanged plaintext
in the _interiors_ of the kinds of compound files created by Word,
Excel, and other such applications.
Etc., etc., etc.
I guess fantasizing about "uncrackable ciphers" is more fun than
learning about and plugging all the covert channels in a real-world
implementation that real people hope to trust.
Albert P. BELLE ISLE
Cerberus Systems, Inc.
================================================
ENCRYPTION SOFTWARE
with Forensic Software Countermeasures
http://www.cerberus-sys.com/~infosec/
================================================
------------------------------
From: "Steve Sampson" <[EMAIL PROTECTED]>
Subject: Re: RNG = encryption
Date: Sun, 7 Mar 1999 20:38:32 -0600
An encryption algorithm has plaintext as an input,
and ciphertext as an output. It depends on a repeatable
random process that is based on a key or starting point.
The random process being more secure than the key.
You couldn't simplify that to it being nothing more than a
random number generator.
[EMAIL PROTECTED] wrote
>Alot [sic] of people ask about RNG's, but am I wrong in saying:
>
>An encryption algorithm is just a RNG based on a key (K) and some plaintext
>(P)? And it's entropy (apparent randomness to those without the key, or
maybe
>the plaintext) is the output of the cipher, and not deterministic of it's
>strength.
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: British Crypto Fascists
Date: Mon, 08 Mar 1999 01:09:02 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 7 Mar 1999 13:03:56 -0600, "Steve Sampson"
<[EMAIL PROTECTED]> wrote:
>Nietzche also frowned on men using "So" to open a sentence.
>I believe he questioned their manhood, as it is girlish in nature.
I frown on people who use "Nietzche" to open a sentence, and I am one
up on Nietzche - I am still alive and he is dead.
Bob Knauer
============================================================================
"The smallest minority on earth is the individual. Those who deny individual
rights cannot claim to be defenders of minorities."
-- Ayn Rand
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Quantum PRNG
Date: Mon, 08 Mar 1999 03:16:49 GMT
Reply-To: [EMAIL PROTECTED]
In the book "Explorations In Quantum Computing" by Colin Williams and
Scott Clearwater, there is a CD-ROM which offers simulations of actual
quantum computation. You get to simulate various qauntum computers,
like the Feynmann computer, and do other neat quantum calculations
including the factorization of (small) integers.
There is also a quantum random number algorithm, but because the
simulation is based on a PRNG - necessarily since your computer is a
classical computer - those "random numbers" it produces are not truly
random.
My question is whether such simulations of quantum random number
generation are as close as one can get to true random number
generation from a deterministic machine. If so, what are their
significance to crypto.
Bob Knauer
============================================================================
"The smallest minority on earth is the individual. Those who deny individual
rights cannot claim to be defenders of minorities."
-- Ayn Rand
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: checksum algorithm ?
Date: Sun, 07 Mar 1999 23:20:13 -0600
In article <[EMAIL PROTECTED]>, Alex <[EMAIL PROTECTED]> wrote:
> hi,
>
> i am just mucking around making a sercret key encryption program and i
> was wondering where i could find some checksum algorithms to choose from
> ?
>
> basically i need an algorithm which generates a single positive integer
> (32 bit) from an array of positive integers (32 bit). this array can be
> of any length.
>
The simplest thing you could do is sum all through all your entries mod 2
the number of 1's in each of the 32 positions of the array. The result
would be 32 bits. For example, the first bit of the checksum would be
arrived at by getting all the first bits of the entries. Every bit in the
array would affect the checksum.
Such a system is crude, and it would be easy to implement.
--
Truth is whole in the least of its parts.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: RNG = encryption
Date: Sun, 07 Mar 1999 23:35:33 -0600
In article <ONGE2.702$[EMAIL PROTECTED]>, "Steve Sampson"
<[EMAIL PROTECTED]> wrote:
> An encryption algorithm has plaintext as an input,
> and ciphertext as an output.
You are correct, Sir.
> It depends on a repeatable
> random process that is based on a key or starting point.
> The random process being more secure than the key.
Wrong: In an ideal cipher, all of the security is in the key. And, I'm
not even considering a OTP.
Wrong again: Something cannot be repeatable and random. And, in a
pseudorandom process, the security is solely in the seeds, given the
process would be considered known in questions of strength.
--
Truth is whole in the least of its parts.
------------------------------
From: [EMAIL PROTECTED]
Subject: CRYPTO, TRADEMARKS, BRAND NAMES & DOMAIN NAMING
Date: Mon, 08 Mar 1999 06:55:51 GMT
List:
As this list may be aware, also by the work of Michael Froomkin (cited
below, [Fro99]), there is a gentle war brewing between the camps of
trademarks and Internet Domain Names -- the so-called DNS/TM mess.
Can crypto help? Even with existing DNS-server systems? My answer is yes. As
discussed and referenced below, a solution to the DNS/TM question cannot rely
on Internet routing -- since simple DNS name routing is argued to be too
frail to justify relying upon it as a business identification that could be
viewed as a trademark. And, insisting on such use (as WIPO and others
propose) would just open up the Internet to unchecked fraud in address names,
in various forms.
However, a solution [Ger99a] to the DNS/TM question could rely on
cryptographic certificates and their legal significance in "business server
certificates" -- which is additional to an Internet Domain Name and thus
would not impose any additional privacy/regulation burden whatsoever upon
private DNS registrants. Further, such business server certificates (which
can be self-issued, X.509, Meta-Certificates, etc.) would have other
purposes, as they would naturally provide a basis for SSL in certification
and encryption services.
This posting references and unites various sides of these issues, in a recent
discussion in relationship to WIPO and ICANN. It also references the web
version of the paper [Ger99a] that I submitted for presentation at the WIPO
Meeting this week, on March 10th, in Washington D.C. -- from a technical
perspective, but with a link to the legal aspects. Comments and questions are
welcome, also in private.
Thanks,
Ed Gerck
______________________________________________________________________
Dr.rer.nat. E. Gerck [EMAIL PROTECTED]
======================================================================
Subject: Re: TRADEMARKS, BRAND NAMES & DOMAIN NAMING
Date: Sun, 07 Mar 1999 21:13:48 -0800
From: Ed Gerck <[EMAIL PROTECTED]>
To: Boylan P <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
Boylan P wrote:
>
> In response to Ed Gerck's paper:
>
> An international agreement is clearly needed, and WIPO (World Intellectual
> Property Organisation) to which most countries in the world below and
> which manages most current international copyright conventions, seems
> the only realistic forum within which to negotiate one.
Boylan:
I agree with this first paragraph. My paper to WIPO [Ger99a] questioned
"how" should that be done, not "if".
That is why the paper [Ger99a] aimed first at the technical
qualification of Internet Domain Names -- what are they? Of course, if
Internet Domain Names do not obey the properties that trademarks must
obey by the very agreements enforced by WIPO member States, then
comparing both "names" is like comparing apples with oranges.
As I argued over eight points in my exposition to WIPO [Ger99a],
Internet Domain Names do not technically qualify to be trademarks under
WIPO's own terms -- so, they can neither be compared and treated as such
nor should they be regulated by a trademark agreement. However, as I
also argued in the conclusions of [Ger99a], Internet Domain Names could
be endowed with additional qualities that could make this *new* type of
object fall within the category governed by trademark agreements --
which should IMO address the concerns of WIPO members and the US
Government as presented by NTIA.
On another direction, my exposition to ICANN [Ger99b] used actual
trademark infringement data supplied by Bell Atlantic and DNS
registration data supplied by NSI. Using only their data, Bell Atlantic
had previously requested ICANN to impose regulations with less privacy
for DNS registrations -- in order to provide more security for trademark
owners. They cited near 600 infringement cases within nine months.
However, using also NSI's data I pointed out that Bell Atlantic's
alleged 600 infringement cases for their famous mark "BELL" accounted
only for 0.04% of the Internet Domain Names registered by NSI in the
same period. Since privacy is a long term asset and security is a short
term goal [Ger98a], encroaching on the privacy of 99.96% of all users is
thus hardly justifiable in this case. The exposition at [Ger99b] cites
other objections to the call for more regulation and less privacy in
Internet Domain Name registration.
However, there IMO a much more serious issue that has been hardly
mentioned in the whole debate of DNS-trademark issue -- and that has its
roots in what you comment at the end of your posting. First, however,
let me comment on your next paragraphs.
>
> A number of legal jurisdictions (including British courts) have already
> made it clear that they will support brand name and trade mark owners
> against others attempting to register or use these as domain names, either
> in a misleading way for purposes of trade, or in order to hold the
> trademark owner hostage (as happened in the early days of domain
> registration).
Agreed -- which shows that we do not need so much new Internet-specific
regulations in order to support what is already clear. Ignoring this
fact brings about two perils:
(i) That any new law or agreement may clash with the current ones, since
they will need to address the same issues -- already clear enough to
courts. To be effective, legislation has to be a clear and consistent
corpus -- redundancy, in law, is not beneficial.
(ii) That regulation should not be casuistic -- and, rules should be as
technologically neutral as possible, specially in a digital society that
develops capability exponentially according to Moore's law.
So, the question here is not only what are the new problems we need to
solve -- but, which does the already existing corpus of regulation
cannot handle?
> In contrast with this view, it is hard to see what are the
> benefits of allowing anyone who feels like to register and use a
> well-established and respected name in a misleading or perhaps openly
> criminal way.
The benefits are none -- however, the answer is already provided by your
very sentence. If anyone anyone feels like registering and using a
well-established and respected name in an openly criminal way ... then
that way is already openly criminal and subject to criminal laws.
So, the very fact that we can *identify* the use as criminal or abusive
will allow such laws to be applied, without any need for further
regulation.
In contrast with this view, I may say in a paraphrase, it is hard to see
what are the benefits of imposing a Damocles' sword and expensive
litigation [Fro99], together with less privacy [Ger99b], to 99.96% of
all users that are trademark-respecting in the name of 0.04% of
miscreants -- which are anyway hidden by false identities and proxies as
well-known and hardly distinguishable even in family circles [Boh97].
> I understand and sympathise with the US tradition of freedom of speech,
> but don't see that the American Constitution was intended to protect a
> fraudster who seeks to make money out of the trust that citizen's may have
> in a well-established and respected name. If anyone can register an
> e-commerce site under a domain name that uses a major brand name or
> perhaps even an absolutely identical name to that of a well-established
> and -respected business but in a different top level domain (e.g.
> as Amazon.net, or with the future expansion of top level domains, perhaps
> even Amazon.books) the opportunity for fraud would be very great.
This is IMO the leading misconception here -- that by typing an Internet
Domain Name you go to the destination that *you think* is connected with
that name. This is not true on several counts, argued in [Ger99a].
The most important reason against this is technical and has to with what
might be called a "referential theory of meaning" -- which looks logical
and intuitive but which is not true, as proved by Frege (a German
mathematician) in 1910. This is dealt with in [Ger99a] in item (VIII).
For example, if I type the Domain Name "www.gifts.com" -- what do they
sell?
Presents -- as the English word "gift"? No, perhaps they distribute
poison as the German word for it (and pronunciation) is the same. Or
perhaps, they simply count all visitor's URLs (which they can
automatically collect upon entry) as the "General Insurrection on
Free-Trade Support" movement -- whatever that name may mean to them. As
another example, if an Internet Domain Name is www.amazon.com -- do they
sell trips to the Amazon?
>
> On a different point in relation to Ed Gerck's comments, surely the use of
> trademarks for legitimate purposes WITHIN e.g. an on-line shopping
> catalogue is completely different? Manufacturers etc. owning brand names
> and trademarks have always accepted that retailers will need to display
> brand names and trademarks prominently within retail stores and related
> print and TV advertising, and for obvious reasons such use has never been
> regarded as unlawful breaches of trademark etc. law.
>
> E.g. Hoover has always tried to protect their trade name from becoming a
> "generic" term for any old vacuum cleaner, but certainly don't try to ban
> retailers from telling customers that they are selling a genuine "Hoover"
> brand cleaner, not some other maker's vacuum cleaner.
This is, IMO, the main issue here -- and, a most forgotten one.
As WIPO RFC3 declares, "The exclusive right to the use of the mark
enables the owner to prevent others from misleading consumers into
wrongly associating products with an enterprise from which they do not
originate."
This is well and fine and, indeed, if Internet Domain Names would be
business identifiers then they should allow customers to associate
products with a business. But, they do not. Not only Internet Domain
Names can be faked, hijacked, hacked, etc. but they are worth nothing in
terms of site identification or even routing identification without some
form of *added* authentication -- such as a digital certificate.
Further, even if the site XYZ.com is authenticated to belong to ABC Corp
-- what are the site's contents? What does it sell?
At the end, if the site sells ABC's products without a valid license
then it may be closed down very effectively just by applying the current
laws and regulations. Or, if it uses a digital certificate with the
legal name of "ABC Corp." -- even if it sells other brands.
But, as I argue, all to the extent of judicial protection granted by
existing business names and trademarks. And, without any needed
extension of the complex trademark rules over a non-trademark system
such as Internet Domain Names -- which, as I show in [Ger99], are on the
same trust level as a cloud mirage on the Sahara when used as business
identifiers.
However, how about the twilight zone between Internet Domain Names and
trademarks? Which may not all have a clear-cut answer for all parties
involved -- as this very discussion proves. However, can we disambiguate
these concepts in each one's own terms and apply them in a general
framework?
This question can be rephrased as: how can we *identify* what is a
trademark and what is an Internet Domain Name?
In this form, I recognize it as a problem usually found in networks of
networks -- such as the Internet. Where we need a non self-referential
concept of identification -- indeed, to say that "to identify is to
compare with an identity" will not go very far in this context. As
defined in [Ger98b], "to identify is to look for coherence" -- where the
identity coherence (or, connection) is just one type of identification.
In the theory, unless one is satisfied with a simple Yes/No answer as
provided by identification level I-1 (is there coherence? Yes or No?),
one must go at least to identification level I-2, where one has four
answers -- all valid: Distinguished, Ambiguous, Obscure, Formless. To
avoid repetitions, I refer the reader to [Ger98b] for definitions and
examples.
The Distinguished and Formless levels of identification are easy to
handle in this case -- they are either clear-cut or unperceived.
However, how about the Ambiguous and even Obscure cases?
Besides the *existing* legal framework I argued for above, a workable
technical identification solution for the DNS-trademark conflict over
their Ambiguous cases is further proposed in the conclusions of [Ger99a]
in terms of the *added* authentication.
To identify the Obscure cases, a security implementation as a service to
customers is further discussed in item (VIII) of [Ger99b] -- also
showing that it is a viable solution.
I believe that the above treatment can provide a general framework for
dealing with the trademark issues in relationship to Internet Domain
Names -- since it addresses the basic question here: their
identification. Otherwise, an apple will always be a bad orange and vice
versa.
Cheers,
Ed Gerck
> Patrick J. Boylan
>
> City University, Frobisher Crescent, Barbican, London EC2Y 8HB, UK;
> phone: +44-171-477.8750, fax:+44-171-477.8887;
> Home: "The Deepings", Gun Lane, Knebworth, Herts. SG3 6BJ, UK;
> phone & fax: +44-1438-812.658;
> E-mail: [EMAIL PROTECTED]; Web site: http://www.city.ac.uk/artspol/
====================================================
REFRENCES:
[Boh97] Bohm, N. "Authentication, Reliability and Risks", in
http://www.mcg.org.br/auth_b1.htm - 1997.
[Fro99] Froomkin, M. "A critique of RFC3" in
http://www.law.miami.edu/~amf/critique.htm - 1999.
[Ger98a] Gerck, E., "Dr. Faust's Internet Dilemma", in
http://www.mcg.org.br/faust.htm - 1998.
[Ger98b] Gerck, E., "What is identification, that we can identify it?",
in http://www.mcg.org.br/coherence.txt - 1998.
[Ger99a] Gerck, E., "Arguments for recalling WIPO RFC3", in
http://www.mcg.org.br/wiporfc3.txt - 1999.
[Ger99b] Gerck, E., "ICANN Draft Accreditation Guidelines: Comments", in
http://www.mcg.org.br/wiporfc3.txt - 1999.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Somniac <[EMAIL PROTECTED]>
Subject: Re: Testing Algorithms [moving off-topic]
Date: Tue, 02 Mar 1999 02:08:20 -1000
Dave Knapp wrote:
>
> Patrick Juola wrote:
> >
> > Good answer. Now, the *next* question -- what's the minimum energy
> > of a photon?
>
> In order to know that, I've got to know the size of the Universe. What
> is it? Then I'll tell you.
>
> -- Dave
>
> P.S. I'm serious. Go look up "blackbody radiation" and you'll see why.
Here is an example calculation:
A radio antenna 1000 km long makes photons with a wavelength L as
long as the antenna. The energy of the photon is
e=hc/L
h is planck's constant
c is speed of light in a vacuum
e = 2^-100 joules
____________________________________
A wavelength of a lighthour 10^9 km : e = 2^-120 J
One lightyear : e= 2^-160 J
16 billion lightyears: e = 2^-194 J
------------------------------
From: "Chris Odom" <[EMAIL PROTECTED]>
Subject: Re: Client-server encryption key negotiation...?
Date: Mon, 8 Mar 1999 02:04:18 -0600
Paul Pedriana wrote in message <[EMAIL PROTECTED]>...
>The problem is that the client and server need to set
>up a key to use for encryption/decryption. How can they
>agree on a key in a secure way. It seems that if the
>server merely sends the key, a packet sniffer can
>easily obtain it.
If you use public key encryption, there is no need to hide the key or
transport it in a secure manner. The key would only be good for encryption,
not decryption. The "intro to crypto" file that comes with PGP has a good
explanation of this.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
