Cryptography-Digest Digest #585, Volume #9 Sun, 23 May 99 17:13:02 EDT
Contents:
Re: Biprime Cryptography, Part II (Aidan Skinner)
Re: ASDIC ([EMAIL PROTECTED])
Re: DSA (Digital Signature Standard) and the Schnorr Patents (Vin McLellan)
Re: HushMail -- Free Secure Email (William Hugh Murray)
Re: HushMail -- Free Secure Email (William Hugh Murray)
Re: ASDIC ("�ke Hellgren")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Aidan Skinner)
Subject: Re: Biprime Cryptography, Part II
Date: 23 May 1999 19:28:33 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 20 May 1999 05:14:49 +0800, Nathan Kennedy <[EMAIL PROTECTED]> wrote:
>free software/open source/freeware et al mess. As for RSA, if
>the trademark remains an alternative name will probably have to
>be used. Of course, "biprime cryptography" is a start.
"The Scottish Cipher"?
- Aidan (who doesn't think it has any relation to Scotland at all, but
is willing to be proved wrong)
--
http://www.skinner.demon.co.uk/aidan/
Real men whistle ed commands at 300 baud into a can.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.cable-tv,alt.satellite.tv.crypt,alt.satellite.tv.europe.hacks
Subject: Re: ASDIC
Date: Sun, 23 May 1999 20:22:17 GMT
In article <g%Q13.2021$[EMAIL PROTECTED]>,
"�ke Hellgren" <[EMAIL PROTECTED]> wrote:
> Hi
> Try to write to Sky Television.
> Don't forget to ask nicely.
>
> Best Regards
> �ke Hellgren
>
> The home of ** UNISAT**
> Mail: [EMAIL PROTECTED]
> ICQ # 7796243
> Head Site: http://www.calmarecomputer.se/unisat
> Mirror Site: http://home2.swipnet.se/~w-24791
> Mirror Site: http://user.tninet.se/~zwy975d
> Skint wrote in message <7i8gri$bg7$[EMAIL PROTECTED]>...
> >Can anyone tell me what the ASDIC program is and how to get at it ?
> >Cheers IA.
> >
> >
> >
Dont you mean ASIC ??
ASDIC was an experimental sonar device developed by the Royal
Navy in WW2..........
>
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: Vin McLellan <[EMAIL PROTECTED]>
Reply-To: The, Prtivacy, Guild
Crossposted-To: talk.politics.crypto,alt.security.pgp,comp.security.pgp.discuss
Subject: Re: DSA (Digital Signature Standard) and the Schnorr Patents
Date: Sun, 23 May 1999 15:50:40 -0300
Vin McLellan <[EMAIL PROTECTED]> wrote:
>>[...] I hesitate to get into this, since I'm not qualified to judge
>>the viability of Prof. Schnorr's case, or even to effectively present
>>his technical arguments, but Schnorr's claims -- to judge from their
>>impact on DSA adoption, US crypto policy, and specifically the NSA's
>>strategy for managing the US standards process to ensure universal
>>government access to crypto keys (GAK) -- are neither trivial nor
>>vacuous.
>>
>> I think it is misleading to suggest that they are.
[long discussion of Schnorr, DSA, etc. snipped]
Roger Schlafly <[EMAIL PROTECTED]> offered....
>Several points in response [...]
>* All this spook conspiracy talk belongs in the X-files. The specs
>for Fortezza have been declassified. Sure, the NSA has some
>GAK-related motives, but these grand conspiracy theories just
>haven't panned out.
Actually, I don't think of the NSA's plots to deny everyone
but themselves (and those they dub worthy) access to strong un-GAKed
commercial cryptography as a conspiracy, per se. NSA officials acted
upon a fairly open if Byzantine strategy. It was hatched by men who
obviously believe that Western liberal society is best safeguarded if
the US can continue to gleen the benefits of the huge passive
eavesdropping net that has for decades sustained America's
geo-political dominance.
I think they're wrong, and I think their efforts are futile,
but no one can deny they have effectively stalled widespread use of
strong crypto for a fifteen years, and will for a bit longer.
Conspirators? Well, the NSA's strategists are of a class and
generation which believes that narrow "national security" interests
and military goal-tending can better safeguard American and Western
cultural dominance than a fairly-won hegemony in a flourishing and
open capitalist market.
Despite Dr. Schlafly's derision, one need to subscribe to the
Professor Moriarty School of Historical Interpretation to acknowledge
the reality of the NSA's long campaign to block the commercial
adoption of software-based public-key-based crypto in computer and
commmunications systems. When the Schnorr patents and the DSA came to
the fore, their proclaimed goal was to supplant strong PKC with with
the NSA's own silicon-only Capstone for key-enchange. When that
failed, they attempted to legislate "key escrow." And when that
failed, they promoted "key recovery." Export control, unpredictable
and subjective in application, effectively bludgeoned the vendors into
line.)
This is not some "X Files" action/adventure script, and I take
mild offense at the suggestion.
This is simply what everyone in this industry has lived through in
the past decade. The outline of Bill Crowell's strategy is vivid still
in the BXA export regs, the Wassenaar Arrangement, and the regular
Congressional testimony of Mr. Reinsch, Mr. Freeh, Mr. Lee, and Ms.
McNamara.
Dr. Schlafly, as he has prosecuted his long campaign against
RSA in the standards orgs as well as the courts, has doubtless rubbed
shoulders with a number of well-known NSA reps with similar goals, if
different motives. While a bit less forward these days, they still
dominate much of the process -- the ABA's witless claims of X.9
independence to the contrary.
>* Claus Schnorr is a brilliant man, but he is not an expert in US
>patent law.
Maybe true -- although I suspect that Claus Schnorr's study of
international and US patent law has been as intense and deep as Roger
Schlafly's own not-inconsiderable scholarship as a layman in law.
>* Schnorr sold his patent rights to Siemens and RSADSI, so his
>opinion is irrelevant. Others are enforcing the patent.
>
>* RSADSI does NOT claim that practice of the DSA infringes
>Schnorr's patent. RSADSI lawyers have specifically repudiated
>such coverage in open court. Anyone who thinks that there is some
>nonzero chance that the Schnorr patent covers DSA is uninformed.
I said before that the question is today largely academic, and
I hope Prof. Schnorr has benefited handsomely from his alliance with
RSA and SDTI (for whom I have long been a consultant). But what was
proposed in '90,'91,'92 as strategy to warp the market (the NSA's
DSA/Capstone scheme) was effectively blocked with political tactics,
the 1992 RSA threat of a challenge to DSA based on the Schnorr patents
prominent among them. That a weapon is not used does not mean it was
useless.
More to the point, while Prof. Schnorr argues that his US
patent covers DSA, I suspect that even patent experts who disagree
with him on that point might nevertheless conceed (or at least worry)
that his broader European and Japanese patents are more likely to
cover the DSA. If the Schnorr patents had been used to challenge the
DSA, the suit could as easily be filed in Europe -- where Courts may
be less susceptable to the suggestion that the NSA created the DSS in
a novel burst of generosity and community service.
Again, in 1992, at least two firms of patent law specialists
hired by NIST to review the prospect of defending the DSA against a
Schnorr challenge declared themselves uncertain of the outcome of any
court case. Then, those opinions had a significant impact on US
policy.
>* Yes, DSS was intended for authentication, not confidentiality.
>Most crypto people have now come around to the view that
>encryption and signature keys should be separate.
>
>* Although DSA does not explicitly give a confidentiality method
>(encryption or key agreement), the closely related Diffie-Hellman
>methods are well-known and widely used. Use of DSA does not
>inhibit confidentiality.
You are taking the NSA's DSA out of the historical context
within which it was proposed.
Eight years ago, the standardization of the DSA in the DSS --
in the face of the already widespread acceptance of RSA (which offers
both authetication and key-management) as a de facto industry standard
-- was explicitly intended to inhibit vendor (and user) access to
confidentiality.
In those days, of course, Diffie-Hellman was also patented and
commercially licensed, first by PTP, then by Cylink (where former NSA
Deputy Director William P. Crowell is now president.)
Putting aside the relative efficiency of RSA for signature
verification, I don't doubt that, at that time, the widespread
adoption of the DSA paired with Diffie-Hellman for PKI
(key-management) would have been no more welcomed by the NSA than the
widespread use of RSAPKC was.
Back then, you didn't see any willingness to permit X.9 or the
ISO to standardize on D-H for PKI either, did you? Not likely. DSA
was expected and intended to be paired with GAKed Capstone
key-management. And the simple goal of that strategy -- phrased
somewhat differently by its advocates, of course;-) -- was to leave
every confidential digital communication stained with the possibility
that LEAs or "national security" agencies might be eavesdropping.
In telephonic society, most citizens here and abroad live with
something close to that, I admit -- but to extend it into the digital
culture would break down many of the enclaves that today exist for
both personal and commercial confidentiality.
I've always thought you had to rate a limousine inside the
Beltway to believe that high finance and commercial trade -- the
e-commerce we count on for 21st Century prosperity -- could flourish
under those conditions. The necessity of personal privacy is more
debatable, but thankfully (by my lights), one is unlikely without the
other.
>* We may soon find out whether historians will find that patents
>contributed to the spread of strong crypto. The MIT/RSA patent
>runs out in Sept. 2000. My guess is that use of strong crypto will
>go up at that time, not down.
The context of this discussion is different. The issue is not
whether patents contributed to the spread of strong crypto -- although
I think a good case can be made for that in the US -- but rather
whether the existance of defensible patents on PKC staved off the US
government's systemic assault on crypto-enabled confidentiality when
the issue was still in doubt.
Cryptography has never been allowed to be wholly, or even largely, a
creature of the market. The political strictures upon its use, rather
than the market's appetite for its functionality, was always the
defining factor. The Schnorr patents, with the threat they posed to
the DSA, played a timely and important role in balking the NSA's
campaign for government access to keys.
(I beg the readers pardon for my apparent pretentiousness. Crypto
politics is a big topic which requires glib reference to big ideas and
complex history. I don't think young people or newbies are well served
if we deny or forget our own experience, however, which is why I
entertain you with these recollections.)
Surete,
_Vin
========
"Cryptography is like literacy in the Dark Ages. Infinitely potent,
for good and ill... yet basically an intellectual construct, an idea,
which by its nature will resist efforts to restrict it to bureaucrats
and others who deem only themselves worthy of such Privilege."
_A Thinking Man's Creed for Crypto _vbm
* Vin McLellan + The Privacy Guild + <[EMAIL PROTECTED]> *
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Subject: Re: HushMail -- Free Secure Email
Date: Sun, 23 May 1999 20:35:21 GMT
This is a multi-part message in MIME format.
==============DF5617F28F17FFDB8AC113AD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
John Kennedy wrote:
>
> On Sun, 23 May 1999 16:57:56 GMT, William Hugh Murray
> <[EMAIL PROTECTED]> wrote:
>
> >If I were the NSA, I think that I would buy hushmail now while the
> >price is still low and while I can still hope to do so secretly.
> >
> >In any case, it seems to me that hushmail is a third party in which I
> >would have to have at least as much trust as I have in MIT. It seems to
> >me that they have a smaller claim to such trust as an institution and
> >that vetting and demonstrating their implementation will be more
> >difficult. What am I missing?
>
> I think it is possible to implement a hushmail type system where the
> only trust required is in one's ability to evaluate the source code
> and strong crypto.
>
> Are you saying you need to trust MIT because they hold public PGP
> keys?
> But you don't really have to trust them, nor should you for
> something very important. Yes they can fiddle with the keys if they
> choose, but you can verify the fingerprint of your targets key. No
> trust in MIT neccessary.
>
No but MIT is trusted to some degree as the source of the code. That is
to say, most people who download PGP do not do all of the necessary
tests to ensure that they got reliable code. It is sort of like
science; most of us do not repeat all of the experiments that we rely
upon.
As Lincoln said, you can fool some of the people all of the time. If
one is in the contract carrier business, one is not motivated to do
that. However, if one is in the police state business, the FUD
business, or the surveillance business, that is enough.
As it stands now, NSA can read any message that it wants but it cannot
read every message that it wants. If they want to keep a secret which
messages it has read, that reduces further what it can read. That is,
it must break codes, not merely fingers.
> If the source code of a hushmail type system is sound then I don't see
> that it matters if the NSA owns the system. If it's not sound, lack of
> ownership won't be an obstacle for the NSA.
Necessary but not sufficient. At a minimum, every user must validate
the applet everytime they use/download it. In practice, it is likely
that most users will never do it, much less always to it. This is
different from PGP where one downloads and validates, once, and then
uses, in a separate step not obvious to the carrier.
Similarly, most users will rely very heavily on the same third party for
public keys. Few will ever check a key out-of-channel, much less ensure
that they, and the software, are using the intended key for each
message.
It seems to me that the problem is a human one rather than a technical
one. "There are human solutions for technical problems but there are no
technical solutions for human problems."
>
> --
>
> John Kennedy
>
> --
>
William Hugh Murray
New Canaan, Connecticut
==============DF5617F28F17FFDB8AC113AD
Content-Type: text/x-vcard; charset=us-ascii;
name="whmurray.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for William Hugh Murray
Content-Disposition: attachment;
filename="whmurray.vcf"
begin:vcard
n:Murray;William Hugh
tel;fax:800-690-7952
tel;home:203-966-4769
tel;work:203-966-4769
x-mozilla-html:FALSE
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
fn:William Hugh Murray
end:vcard
==============DF5617F28F17FFDB8AC113AD==
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Subject: Re: HushMail -- Free Secure Email
Date: Sun, 23 May 1999 20:49:42 GMT
This is a multi-part message in MIME format.
==============0A7CAEB7CB93EB5175649A6F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
John Kennedy wrote:
>
> On 23 May 99 14:35:01 GMT, [EMAIL PROTECTED] () wrote:
>
> >John Kennedy ([EMAIL PROTECTED]) wrote:
> >: On Sat, 22 May 1999 11:18:07 +0100, David Crick <[EMAIL PROTECTED]>
> >: wrote:
> >
> >: >Total security would also require users to be running 128-bit crypto
> >: >browsers, something which isn't clearly stated on the web site.
> >
> >: >public/private keys are stored on their server, encrypted with Blowfish.
> >
> >: Assuming the source code checks out, I don't see how this can be a
> >: scam nor why a 128-bit crypto browser would be required.
> >
> >A 128-bit browser certainly isn't required for operation. I suppose one
> >could be required for adequate security if it was used for setup.
> >
> >: Having both keys will not allow anyone to decrypt your message if they
> >: don't have the passphrase, will it?
> >
> >No, the passphrase is used to protect encrypted copies of the keys. Having
> >your private key is enough to allow decryption of all your incoming mail.
>
> Wow thanks, clearly I've been laboring under a fundamental
> misconception.
>
> I'm new at this, but I want to understand it properly.
>
> As I review the PGP manual I see it says the private key is protected
> by the passphrase. Does that mean essentially that the private key has
> been conventionally encrypted with the passphrase?
>
> So now it seems to me that one of the requirements for a hushmail
> system to be secure is that the system only holds an encrypted copy of
> your private key,...
Ideally, for security, not even that. However, to enable one to
retrieve mail from anywhere, an encrypted copy of the key would have to
be stored on the server and then retrieved for use.
> which cannot be used to decrypt your mail without
> your passphrase. You should be able to verify that the client side
> program follows this proceedure without compromising your passphrase,
> and then your mail is secure from the people running the system.
>
> Am I getting warmer?
Close, but no cigar. PGP compresses the pass-phrase into 128 bits and
uses that for the block-cipher key to protect the private key. [Note
that if there is not 128 bits of entropy in the pass-phrase, that would
reduce the cost of attack.]
>
> And to prevent the man-in-the-middle issue, don't both parties need to
> be able to verify a fingerprint of the other's public key as with PGP?
Yes, out of channel.
> How could that requirement be addressed in a hushmail type system? Is
> it addressed? If it's at the hushmail site I've missed it my initial
> browsing.
Don't know and suspect that it isn't.
>
> Thanks for your help, I appreciate it.
>
> --
>
> John Kennedy
>
> --
>
> The causal world imposes a nonarbitrary distinction between detecting in one's
>visual array
> the faint outline of a partly camouflaged stalking predator and not detecting it
>because of
> alternative interpretative procedures. Nonpropagating designs are removed from the
> population, whether they believe in naive realism or that everything is an arbitrary
>social
> construction.
>
> (Tooby and Cosmides, in _The Adapted Mind_, Barkow,
>Cosmides and Tooby, editors )
>
> -------
>
> Best Anarchy Links:
>
> David Friedman -> http://www.best.com/~ddfr/
> Niels Buhl -> http://www.math.ku.dk/~buhl/
> Billy Beck -> http://www.mindspring.com/~wjb3/promise.html
> --------
==============0A7CAEB7CB93EB5175649A6F
Content-Type: text/x-vcard; charset=us-ascii;
name="whmurray.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for William Hugh Murray
Content-Disposition: attachment;
filename="whmurray.vcf"
begin:vcard
n:Murray;William Hugh
tel;fax:800-690-7952
tel;home:203-966-4769
tel;work:203-966-4769
x-mozilla-html:FALSE
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
fn:William Hugh Murray
end:vcard
==============0A7CAEB7CB93EB5175649A6F==
------------------------------
From: "�ke Hellgren" <[EMAIL PROTECTED]>
Crossposted-To: alt.cable-tv,alt.satellite.tv.crypt,alt.satellite.tv.europe.hacks
Subject: Re: ASDIC
Date: Sun, 23 May 1999 22:41:43 +0200
Just my idea. :)
[EMAIL PROTECTED] wrote in message <7i9o1o$n8s$[EMAIL PROTECTED]>...
>In article <g%Q13.2021$[EMAIL PROTECTED]>,
> "�ke Hellgren" <[EMAIL PROTECTED]> wrote:
>> Hi
>> Try to write to Sky Television.
>> Don't forget to ask nicely.
>>
>> Best Regards
>> �ke Hellgren
>>
>> The home of ** UNISAT**
>> Mail: [EMAIL PROTECTED]
>> ICQ # 7796243
>> Head Site: http://www.calmarecomputer.se/unisat
>> Mirror Site: http://home2.swipnet.se/~w-24791
>> Mirror Site: http://user.tninet.se/~zwy975d
>> Skint wrote in message <7i8gri$bg7$[EMAIL PROTECTED]>...
>> >Can anyone tell me what the ASDIC program is and how to get at it ?
>> >Cheers IA.
>> >
>> >
>> >
>Dont you mean ASIC ??
>ASDIC was an experimental sonar device developed by the Royal
>Navy in WW2..........
>>
>
>
>--== Sent via Deja.com http://www.deja.com/ ==--
>---Share what you know. Learn what you don't.---
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
