Cryptography-Digest Digest #580, Volume #9 Sat, 22 May 99 13:13:02 EDT
Contents:
Bass-O-Matic (PGP 1.0 symmetric cipher) (David Crick)
Re: Reasons for controlling encryption ("Steve Sampson")
Re: HushMail -- Free Secure Email ([EMAIL PROTECTED])
Re: HushMail -- Free Secure Email ([EMAIL PROTECTED])
Re: Thought question: why do public ciphers use only simple ops like shift and
XOR? (Terry Ritter)
Re: Have you seen this code? ([EMAIL PROTECTED])
Re: Bass-O-Matic (PGP 1.0 symmetric cipher) (Michael)
Re: HushMail -- Free Secure Email (Chem-R-Us)
Re: DSA (Digital Signature Standard) and the Schnorr Patents (Piso Mojado)
Re: Have you seen this code? (Chris Monico)
Re: RSA Cryptography Question (Chris Monico)
Re: HushMail -- Free Secure Email ("Steve Sampson")
----------------------------------------------------------------------------
From: David Crick <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Bass-O-Matic (PGP 1.0 symmetric cipher)
Date: Sat, 22 May 1999 11:31:24 +0100
Hi,
There was some interest after I posted info. about the PGP 1.0
cipher. I've read in places that it was found to be "weak", and
of course the keylength is laughable these days. However I'd still
be interested in people's modern-day analysis of this cipher
(perhaps the new "toy" cipher to give to budding cryptologists?)
Source is at http://www.dcs.ex.ac.uk/~dacrick/pgp10src.zip
This is NOT the original ZIP file, and so the signature will not
verify using the original executable at .... /~dacrick/pgp10.zip
David.
--
+-------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] http://members.tripod.com/vidcad/ |
| Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
| PGP Public Keys: 2048-bit RSA: 0x22D5C7A9 4096-DH/DSS: 0x87C46DE1 |
+-------------------------------------------------------------------+
------------------------------
From: "Steve Sampson" <[EMAIL PROTECTED]>
Subject: Re: Reasons for controlling encryption
Date: Sat, 22 May 1999 07:35:18 -0500
It never fails to sadden me, that your messages are nothing
more than advertising of your homebrew program, void of
anything meaningful to add to the discussion at hand.
What a waste.
SCOTT19U.ZIP_GUY wrote
------------------------------
Date: Sat, 22 May 1999 08:59:42 -0400
From: [EMAIL PROTECTED]
Subject: Re: HushMail -- Free Secure Email
Is HushMail realated to a New Zealand Product called InvisiMail?
Terry Ritter wrote:
>
> On Fri, 21 May 1999 18:43:49 -0700, in <[EMAIL PROTECTED]>,
> in sci.crypt Chem-R-Us <[EMAIL PROTECTED]> wrote:
>
> >Terry Ritter wrote:
> >>
> >> If this ends up being practical, it could obsolete PGP in many cases,
> >> and might change the practical situation for cryptography more than
> >> any court decision.
> >
> >Hmm... Requires Java. OK, I can live with that.
> >
> >Hmm... Requires Javascript. Not real excited about that. AT ALL...
> >Turning on Javascript just to send encrypted email to other hushmail
> >people is not my idea of simple and easy, and certainly not secure
> >(from an machine security view). Leaving my browser Javascript
> >enabled all the time is a definite security NO-NO!!
> >
> >For the windoze weenies, it's just another false sense of security
> >product. For serious Unix people, it's just more crap.
> >
> >Mixmaster remailers. Now there's some email security.
> >
> >My $0.02
> >
> >--
> >Chem-R-Us
>
> HushMail requires JavaScript? Really?
>
> OK, I tried it: I turned off JavaScript in my Netscape 4.5, closed
> all copies, restarted the program, checked that JavaScript was off,
> and went back to HushMail. Everything came up fine. I entered my
> user ID, then my passphrase, then selected my test email and read it.
>
> As far as I can see, everything works fine *without* JavaScript.
>
> I then went back through these pages looking at source. Their main
> page does have a JavaScript routine, which appears to be checking for
> MSIE version, since the system will not work on early browsers. That
> routine may not need to execute at all.
>
> So we see that having JavaScript off is *not* a problem for *my* poor
> little Win95 system. But I don't know, maybe it *is* a problem for
> "serious Unix people" and their systems which are so much more capable
> than mine.
>
> ---
> Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
> Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
> Free Encrypted Email www.hushmail.com [EMAIL PROTECTED]
------------------------------
Date: Sat, 22 May 1999 09:09:18 -0400
From: [EMAIL PROTECTED]
Subject: Re: HushMail -- Free Secure Email
Terry Ritter wrote:
> 3) And since all messages flow through the same system, if we *ever*
> *do* find a fingerprint difference, we know who to blame. That is a
> surprisingly significant advantage in crypto: Normally we never know
> when we are being screwed or by whom.
This may be somewhat over-broad. The parallel with the US Post Office
is obvious. PO regs are draconian (the PO is the eldest bureacracy in
the US Gov't). In essence the regs state that while in the USPS has
custody of your mail, nobody touches the it. No way, no how, no body.
But the regs do not address Others to whom the USPS will temporarily
surrender custody of your mail.
What think?
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Thought question: why do public ciphers use only simple ops like
shift and XOR?
Date: Mon, 17 May 1999 08:12:55 GMT
On Fri, 14 May 1999 04:23:02 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (John Savard) wrote:
>[...]
>Since we need a "conventional" design to get the ball rolling even in
>this kind of system (i.e., for initial key exchange, agreement on the
>choice of ciphers, communicating which ciphers are currently to be
>used) if it is _hopeless_ to rely on the security of a single-cipher
>system, even if that single cipher is too slow and complicated for
>regular use, it seems that the "why bother" argument comes back in
>force.
I have long suggested using 3-key Triple-DES as the general starting
cipher. (Is that a "single cipher" or is it three?)
Of course we absolutely depend upon *any* single cipher we use. That
is why we should allow users (or security officers) to select whatever
starting cipher they want.
While I am willing to assign a possible strength of zero to any
cipher, I am *also* willing to believe that *some* ciphers have
strength, especially when used in protected situations like
multi-cipher "stacks."
>Ultimately, even with your multiple cipher scheme used in pure
>form - say, for a fixed link, where the choice of ciphers etc. is all
>arranged in advance by courier - we still have to cross our fingers
>and assume *some* degree of strength for the ciphers being used; but
>that does not mean that your scheme can't succeed in making that
>assumption - even if still not _provable_ - a lot more plausible.
A major advantage of using multiple ciphers is the ability to reason
that if a cipher is broken, we will soon terminate that break by using
another cipher.
To see the worth of a system which frequently changes ciphers "at
random," imagine that Germany and Japan were using such a system in
WWII, and then imagine how difficult it would have been for the US to
attack those systems. Now it is our information we wish to protect,
and we should have the common sense to not commit the very same folly
of continuing to use a system which we are convinced is "unbreakable."
>I certainly do think, too, that it is unfair to fault you for not
>spelling out all the little details needed to make this general kind
>of scheme workable: naturally, you want to be in a position to take
>the credit for - and perhaps even patent and sell commercially - the
>resulting system.
I suppose it is conceivable that I could profit from such a system,
but this is very early days. There are many details to consider, and
the point of a broad-stroke description is to thrash out the gross
features of the design before we rush off and start coding it up.
Like any other non-student, before I can decide to actually put a
great deal of time into a professional implementation (again!), I
would have to consider just how all that work could be compensated.
Since people aren't paying for ciphers, and we don't have an industry
of cipher construction, it is hard to see how one could expect much
return at all. Some people do sacrifice themselves for a while, but
inevitably that cannot continue forever.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Have you seen this code?
Date: Sat, 22 May 1999 14:19:53 GMT
> Hi. I am anything but a cryptologist, but I have a question for
> those in the profession. I have noticed that the white supremacists
> on the net post in some kind of code. They are long strings of
> nonesense sentences using English words. They often post several
> messeges one after the other (because only some of the words are
> used? )
>
> Does this code sound familiar? I'm not crazy about racists, and
> I would love to frustrate them by spreading the key to their code.
>
I personally wouldn't be bother with them. Maybe they are just ROT13
encoding... Check if there is a PGP signature also.
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: Michael <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Bass-O-Matic (PGP 1.0 symmetric cipher)
Date: Sat, 22 May 1999 11:15:04 -0400
Simson Garfinkel addresses Bass-O-Matic in his "PGP Pretty Good
Privacy"; O'Reilly & Associates; ISBN 1-56592-098-8
David Crick wrote:
>
> Hi,
>
> There was some interest after I posted info. about the PGP 1.0
> cipher. I've read in places that it was found to be "weak", and
> of course the keylength is laughable these days. However I'd still
> be interested in people's modern-day analysis of this cipher
> (perhaps the new "toy" cipher to give to budding cryptologists?)
>
> Source is at http://www.dcs.ex.ac.uk/~dacrick/pgp10src.zip
>
> This is NOT the original ZIP file, and so the signature will not
> verify using the original executable at .... /~dacrick/pgp10.zip
>
> David.
>
> --
> +-------------------------------------------------------------------+
> | David Crick [EMAIL PROTECTED] http://members.tripod.com/vidcad/ |
> | Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
> | M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
> | PGP Public Keys: 2048-bit RSA: 0x22D5C7A9 4096-DH/DSS: 0x87C46DE1 |
> +-------------------------------------------------------------------+
--
Michael
---
NOTE: Reply_To has been forged to foil SPAM.
Please reply via this NewsGroup.
------------------------------
From: Chem-R-Us <[EMAIL PROTECTED]>
Subject: Re: HushMail -- Free Secure Email
Date: Sat, 22 May 1999 08:53:54 -0700
Terry Ritter wrote:
>
> On Fri, 21 May 1999 22:08:40 -0700, in <[EMAIL PROTECTED]>,
> in sci.crypt Chem-R-Us <[EMAIL PROTECTED]> wrote:
>
> >IF I enable both Java and Javascript (netscape 4.5 on Linux), the
> >sign-in process goes without a flaw, as does accessing and reading
> >email. If I disable Java or Javascript, then the screen just turns
> >purplish and dies (ala NT's BSOD - which is very disconcerting).
> >Re-enabling both is the only way to get the site to work.
>
> Yet you were willing -- even eager -- to assume that disabling
> JavaScript did not work on *my* Win95; perhaps it is now time to
> consider some sort of problem in *your* far-superior Linux.
>
> With JavaScript supposedly turned off in my browser, the JavaScript
> pages on my site just sit there: they show no results. My guess is
> that JavaScript really *is* turned off, just like it says. Imagine
> that! And yet HushMail still works for me. So what are we to think?
That perhaps you are a small minded individual who is obsessed with
the idea that he has some sort of upper-hand in a ridiculous OS
debate. My comments were simply to demonstrate that Unix is much
more security oriented that any Gatesware OS ever developed. Somehow
you have confused being able to run Javascript without stoppage
website with OS superiority. You are obviously confused.
> >The site does claim to be in beta, so a little latitude should be
> >allowed for growing pains. However, since this is crypto (the domain
> >of the security conscious to the irrationally paranoid), exactly how
> >much anamolous behavior is considered allowable?
>
> Yes, it is a new system, still in beta, and deserves some time to
> settle down. Yet there *is* no anomalous behavior on *my* system.
> That may be a clue....
Yes. I did fail to include that crypto is also the domain of the
self-appointed experts like yourself. The people who falsely believe
that they know what they are doing and that all around them are
inferior. Sorry - my mistake.
> Perhaps the browser of the same name is in fact different. Maybe the
> next Linux version will fix your problem. Or maybe the HushMail guys
> can find the problem and work around it.
Well, now that's the first intelligent thing you've written.
Developing a system to run on Xwindows is completely different from
developing one to run on Gateware! There's hope for you yet.
> I think calling is fine to validate keys. But how often have you
> actually done that?
Every time I want to be sure that the keys have not been subverted
and that I am actually dealing with the individual in question. As
in all of the time. It ain't that hard. The only time I resort to
snail mail is when I'm dealing with individuals from outside the US.
> And some would argue that calling someone you do
> not know and cannot verify is not much authentication at all.
I did include the irrationally paranoid, didn't I? It is hard to
imagine that someone's telephone line would be subverted in order to
intercept a single key verification call.
> On the other hand, reading from a website is definitely *not* fine.
> The path may be subverted and the fingerprint changed in transit.
Yes, that is correct. So is believing what you read on a website -
like believing what the Hushmail people tell you and then
advertising it in a sig on your posts.
> You say that HushMail is currently "laughable." But accepting either
> one of the above certification techniques is more "laughable" than you
> are apparently willing to admit. Yet that's what you call "security."
It certainly is better security than accepting what the Hushmail
people say at face value. I guess that I should make you aware that
there is not absolute security - now even wit Ritter products. Now
you know. I apologize for bursting your bubble.
> And that is better -- although certainly not perfect.
And what, pray tell, is perfect?
> 1) You can look at the source.
Uh-huh. And what does that prove?
You can look at the source for PGP, but how can you be sure that the
executable you downloaded for your Gatesware system is built from
those same sources?
I use PGP 5.0i built from the sources sources that I have, in fact,
read (and latered for my own convenience). The downloadable binaries
build to 700K each for PGP and PGPK. Yet building them from the
sources yields 660K binaries. Have you put that much effort into
verifying Hushmail performs as indicated (especially since you have
decided to advertise it so rigorously)?
> 2) You can see the fingerprint of *your* key now. The remaining step
> is to display the fingerprint of the key used for encryption. That is
> not such a big step. We shall see if that is implemented. Indeed,
> maybe I just missed it.
You can see the fingerprint of *a* key now. Since the system is
entirely internal to Hushmail, how can you be sure that it is, in
fact, being used or, at least, being used securely?
> 3) And since all messages flow through the same system, if we *ever*
> *do* find a fingerprint difference, we know who to blame. That is a
> surprisingly significant advantage in crypto: Normally we never know
> when we are being screwed or by whom.
Uh-huh. And how often do you plan to verify fingerprints. Not as
often as I verify PGP keys, I'll bet.
> The real difference between PGP and HushMail is that most users will
> never use PGP at all, to say nothing of using it securely. If we are
> to bring cryptography into society, we must get many ordinary users to
`> use crypto every day. HushMail (or something like it) just might
do
> that; PGP never, ever, will.
Use Hushmail to contact whom? Other hushmail folks. That means
convincing them they need secure mail and then getting them to sign
up for a Hushmail account. That is every bit as difficult as
convincing them to understand and use PGP.
Using a security product and using it securely are two different
things entirely. There was a thread on alt.security.pgp where a
supposed lawyer was convinced that Scramdisk didn't perform as
advertised and went on to berate the product - only to find out that
using the product securely meant being security conscious in all
that you do. His client did not do that and only used a simple 7
char password.
The thread was benmeficial in that closer scrutiny of it revbealed a
minor security flaw in Scramdisk whereby it leaked info to a .vxd
file was uncovered. I'm sure that the developers of Scramdisk are
working to resolve that flaw (how are your security products
reviewed for flaws?).
The idea of simple and easy security for the masses is *IDIOTIC* at
best. Any security consultant is painfully aware of that. I'm
surprised that you are not. Perhaps that is a clue not to invest in
your services. Security is only for those who are willing to invest
the time and effort in achieving that goal. For the rest, there is
simply the hope that nothing really needs to be secure.
--
Chem-R-Us
------------------------------
From: Piso Mojado <[EMAIL PROTECTED]>
Subject: Re: DSA (Digital Signature Standard) and the Schnorr Patents
Date: Sat, 22 May 1999 09:20:44 -1000
Roger Schlafly wrote:
> * Yes, DSS was intended for authentication, not confidentiality.
> Most crypto people have now come around to the view that
> encryption and signature keys should be separate.
>
> * Although DSA does not explicitly give a confidentiality method
> (encryption or key agreement), the closely related Diffie-Hellman
> methods are well-known and widely used. Use of DSA does not
> inhibit confidentiality.
The DSA can be used for confidentiality by using the
Chosen Signature tactic. Generate 256 signatures and
choose the one that has 8 bits that match your confidential
message. Send the chosen signature and the recipient can recover the
chosen 8 bits of confidential text. It can be plaintext or
ciphertext in those 8 bits. The 8 bits can be contiguous
or scattered around the signature in bit positions
that are known by the sender and recipient.
------------------------------
From: [EMAIL PROTECTED] (Chris Monico)
Subject: Re: Have you seen this code?
Date: Fri, 21 May 99 21:08:38 GMT
In article <7i59kk$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Nicholas Landau) wrote:
>
>Hi. I am anything but a cryptologist, but I have a question for
>those in the profession. I have noticed that the white supremacists
>on the net post in some kind of code. They are long strings of
>nonesense sentences using English words. They often post several
>messeges one after the other (because only some of the words are
>used? )
>
>Does this code sound familiar? I'm not crazy about racists, and
>I would love to frustrate them by spreading the key to their code.
I'd love to help you, but I've never seen it. Reproducing their
ignorant views here on sci.crypt is inappropriate (even if it is some
kind of cipher-text), but email me a copy of some of it (the more you
can put together, the better the chance I can crack it) and I'd love
to take a stab at cracking it. I suspect it's weak enough that it
shouldn't be too tough.
------------------------------
From: [EMAIL PROTECTED] (Chris Monico)
Subject: Re: RSA Cryptography Question
Date: Fri, 21 May 99 21:03:02 GMT
In article <[EMAIL PROTECTED]>,
Emmanuel BRESSON <[EMAIL PROTECTED]> wrote:
>Hideo Shimizu wrote:
>
>> Because, for all m<n
>>
>> m ^ phi(n) equiv m mod n
>
>oooouuups... Of course you meant:
> m^phi(n) == 1 mod n
>
Hmmm, methinks that's not quite right either:
phi(15)=2*4=8 and
5^8 = (5^2)^4 == 10^4 = 100^2 == 10^2 == 10 (mod 15)
In particular, it's true only for invertible elements of Z_n.
But what is true and important is:
m^{phi(n)+1}==m (mod n) for all m.
------------------------------
From: "Steve Sampson" <[EMAIL PROTECTED]>
Subject: Re: HushMail -- Free Secure Email
Date: Sat, 22 May 1999 11:39:38 -0500
Take it to another group. No one reads all that crap you append to
your signature anyway. Get a life, move on...
Thanks,
Steve
Chem-R-Us wrote in message <[EMAIL PROTECTED]>...
>Terry Ritter wrote:
>>
>> On Fri, 21 May 1999 22:08:40 -0700, in <[EMAIL PROTECTED]>,
>> in sci.crypt Chem-R-Us <[EMAIL PROTECTED]> wrote:
>>
>> >IF I enable both Java and Javascript (netscape 4.5 on Linux), the
>> >sign-in process goes without a flaw, as does accessing and reading
>> >email. If I disable Java or Javascript, then the screen just turns
>> >purplish and dies (ala NT's BSOD - which is very disconcerting).
>> >Re-enabling both is the only way to get the site to work.
>>
>> Yet you were willing -- even eager -- to assume that disabling
>> JavaScript did not work on *my* Win95; perhaps it is now time to
>> consider some sort of problem in *your* far-superior Linux.
>>
>> With JavaScript supposedly turned off in my browser, the JavaScript
>> pages on my site just sit there: they show no results. My guess is
>> that JavaScript really *is* turned off, just like it says. Imagine
>> that! And yet HushMail still works for me. So what are we to think?
>
>
>That perhaps you are a small minded individual who is obsessed with
>the idea that he has some sort of upper-hand in a ridiculous OS
>debate. My comments were simply to demonstrate that Unix is much
>more security oriented that any Gatesware OS ever developed. Somehow
>you have confused being able to run Javascript without stoppage
>website with OS superiority. You are obviously confused.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
