Cryptography-Digest Digest #583, Volume #9 Sun, 23 May 99 11:13:02 EDT
Contents:
Re-post (Off Topic) ("rosi")
Data dependant bit permutation ([EMAIL PROTECTED])
Re: HushMail -- Free Secure Email
Re: HushMail -- Free Secure Email
Re: HushMail -- Free Secure Email (John Kennedy)
Re: Biprime Cryptography, Part II (wtshaw)
ASDIC ("Skint")
Re: ASDIC ("�ke Hellgren")
Re: Cryptonomicon Review (David Wadsworth)
SV: Europe and USA encryption export restrictions ("Claes & Gunn Irene")
Re: HushMail -- Free Secure Email (David Crick)
SV: Oh! Before I get some sleep is DES international yet? ("Claes & Gunn Irene")
Re: HushMail -- Free Secure Email (John Kennedy)
Can I have some opinions please? (Pwrk)
Re: HushMail -- Free Secure Email
Re: HushMail -- Free Secure Email
----------------------------------------------------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re-post (Off Topic)
Date: Sat, 22 May 1999 17:50:14 -0400
Sorry to post here (again). However, some people might be interested or know
people who might.
I am offering my cryptographic invention for 'free', i.e. If you are
interested in paying for the filing and maintenance in exchange for the
exclusive patent rights, please go to the news group
alt.inventors
and look for a thread, subject titled:
Cryptographic Invention
Sorry for any inconvenience this causes.
--- (My Signature)
P.S.
Last I checked the previous post could be seen but now I can't.
Sorry to waste the bandwidth. I always seem to have problems
to have my server working right.
------------------------------
From: [EMAIL PROTECTED]
Subject: Data dependant bit permutation
Date: Sun, 23 May 1999 01:55:45 GMT
I found in ICE a keyed bit-permutation which is quite interesting to
look at. It doesn't however deter differntial analysis well.
Are there any data-dependant bit permutations of the same genre out
there?
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: HushMail -- Free Secure Email
Date: 23 May 99 03:10:44 GMT
[EMAIL PROTECTED] wrote:
: Other than that, it is of great importance (and the only real way of
: being sure that hushmail is what it's pretending to be) that their
: source is analysed COMPLETELY.
I could be worrying needlessly, but of course it's just as important to
compare the object code against the source, to ensure they match. That it
doesn't let me download first, and install (maybe after upgrading my
browser later) later, completely off-line, is worrisome.
This doesn't prove there's anything wrong, but obviously it will provoke
some concern.
And compiling a list of the E-mail addresses of people interested in
encrypting their communications...
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: HushMail -- Free Secure Email
Date: 23 May 99 03:15:17 GMT
Roger Schlafly ([EMAIL PROTECTED]) wrote:
: Terry Ritter wrote in message <[EMAIL PROTECTED]>...
: >But even if not, if the code was developed outside the US, how is
: >*importing* it a problem?
: I don't know. If circumventing the US export laws were that simple,
: Microsoft and others would user a foreign unit to develop outside the
: US.
Well, Sun does do something like that.
Essentially, the export laws prohibit a U.S. resident or citizen from
- exporting cryptographic software,
- writing such software while abroad,
- directly assisting people abroad who are writing such software,
- having foreign employees write such software abroad.
But they *can* purchase encryption software from a foreign firm, whether
it is off-the-shelf, or _custom-designed to their specifications_. That is
the only "loophole" in the export laws as they now stand, and it takes
good legal advice to walk through it.
John Savard
------------------------------
From: [EMAIL PROTECTED] (John Kennedy)
Subject: Re: HushMail -- Free Secure Email
Reply-To: [EMAIL PROTECTED]
Date: Sun, 23 May 1999 04:22:01 GMT
On Sat, 22 May 1999 11:18:07 +0100, David Crick <[EMAIL PROTECTED]>
wrote:
>Total security would also require users to be running 128-bit crypto
>browsers, something which isn't clearly stated on the web site.
>
>public/private keys are stored on their server, encrypted with Blowfish.
>
>Assuming this isn't some Three Letter Agency scam (*g*), they appear
>to have reproduced the nym system, but without the remailing.
Assuming the source code checks out, I don't see how this can be a
scam nor why a 128-bit crypto browser would be required.
Having both keys will not allow anyone to decrypt your message if they
don't have the passphrase, will it? So it would seem to me that the
only requirements here are that the hushmail crypto is strong and that
your passphrase is not compromised. What does a 128-bit crypto
browser have to do with that? The passphrase should not be
transmitted, period.
Am I missing something?
It seems to me that this product is clearly technically feasible and
can in principle be known to be safe if the implementation is sound
and public.
I think the approach holds great promise for making encryption more
common by making it more easily accessible.
--
John Kennedy
--
The causal world imposes a nonarbitrary distinction between detecting in one's visual
array
the faint outline of a partly camouflaged stalking predator and not detecting it
because of
alternative interpretative procedures. Nonpropagating designs are removed from the
population, whether they believe in naive realism or that everything is an arbitrary
social
construction.
(Tooby and Cosmides, in _The Adapted Mind_, Barkow,
Cosmides and Tooby, editors )
=======
Best Anarchy Links:
David Friedman -> http://www.best.com/~ddfr/
Niels Buhl -> http://www.math.ku.dk/~buhl/
Billy Beck -> http://www.mindspring.com/~wjb3/promise.html
========
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Biprime Cryptography, Part II
Date: Sun, 23 May 1999 00:47:26 -0600
In article <[EMAIL PROTECTED]>, kurt wismer
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> > >
> > These are poor classification choices since symmetry can refer to many
> > different qualities of algorithms.
>
> maybe you and i use asymmetric differently... i thought it was
> understood that an asymmetric algorithm was one which you could not
> decrypt a message with the same key used to encrypt the message...
My objection is as I stated, symmetry is a useful concept beyond whether
something is public key or not.
>
> > Given the choices, "Conventional
> > Encryption," is a better term for all other than Public Key algorithms,
> > and has been used by some authors.
>
> i would agree that conventional encryption is a good term... but for
> public key algorithms, "public key" doesn't really convey the fact that
> there are at least 2 keys and that messages encrypted with one can only
> be decrypted with the other... the concept of asymmetry says more about
> this than the term "public key" does...
I think it fails to suggest clearly what is really happening. We need to
keep searching.
> another possibility might be to describe them as 2-key systems, though
> that would actually be inventing a new term rather than using ones like
> symmetric and asymmetric algorithms which already enjoy some use in the
> community... (don't shoot the messenger)
There are many possible algorithms that use multiple necessary keys. The
public-private set of keys suggests strange possible names like
Complementary Keypair Encryption. Perhaps the primes concept could be
added in something like Prime Oriented Keypair Encryption, POKE.
--
Weathermen prosphesize and insurance companies predict, while both pretend to be doing
the other to get an audience.
------------------------------
From: "Skint" <[EMAIL PROTECTED]>
Crossposted-To: alt.cable-tv,alt.satellite.tv.crypt,alt.satellite.tv.europe.hacks
Subject: ASDIC
Date: Sat, 22 May 1999 12:52:29 +0100
Can anyone tell me what the ASDIC program is and how to get at it ?
Cheers IA.
------------------------------
From: "�ke Hellgren" <[EMAIL PROTECTED]>
Crossposted-To: alt.cable-tv,alt.satellite.tv.crypt,alt.satellite.tv.europe.hacks
Subject: Re: ASDIC
Date: Sun, 23 May 1999 12:45:36 +0200
Hi
Try to write to Sky Television.
Don't forget to ask nicely.
Best Regards
�ke Hellgren
The home of ** UNISAT**
Mail: [EMAIL PROTECTED]
ICQ # 7796243
Head Site: http://www.calmarecomputer.se/unisat
Mirror Site: http://home2.swipnet.se/~w-24791
Mirror Site: http://user.tninet.se/~zwy975d
Skint wrote in message <7i8gri$bg7$[EMAIL PROTECTED]>...
>Can anyone tell me what the ASDIC program is and how to get at it ?
>Cheers IA.
>
>
>
------------------------------
From: David Wadsworth <[EMAIL PROTECTED]>
Subject: Re: Cryptonomicon Review
Date: Tue, 18 May 1999 07:27:15 +0100
In article <[EMAIL PROTECTED]>, Alan J. Robinson
<[EMAIL PROTECTED]> writes
>The breaking of the Enigma code for German U boat messages was of such
>overwhelming importance to the Allied war effort because of staggering
>losses of supply ships from the U.S, that when the Enigma code was
>finally broken in early 1943, Churchill mounted a DISINFORMATION
>campaign so that the Germans would not realize the code had been
>cracked. The Enigma papers in the British Public Records Office were
>declassified in 1975, 30 years after the war ended. In a book that I
>read in 1980 written by a journalist going throughout the archives there
>was a footnote referencing this disinformation campaign.
I did read in one of the books on the subject of what appears to be a
clever piece of disinformation at the time. The Germans interrogated a
captured prisoner of war, who 'let slip' that allied aircraft were
detecting and homing in to the radiated local oscillator of the radar
warning receiver carried by the submarines. There was also a reference
in the memoirs of one of the U-boat captains to receiving an urgent
message telling him to switch off this receiver until further notice,
because of this. Thus they believed they had found the reason so many
submarines were being sunk, and also were persuaded to turn off one of
their defences against aircraft attack! In the unlikely event that they
realised they had been fooled, this would have helped to discredit any
true information they got by such interrogations.
Similarly they were led to believe that the allies could detect
periscopes and conning towers from the air at great distances by using
infra-red, and spent a great deal of effort modifying them using special
coatings.
--
David Wadsworth | Tonto.... I've got a feeling we're not in Kansas
[EMAIL PROTECTED] | anymore .....The Lone Ranger of Oz
------------------------------
From: "Claes & Gunn Irene" <[EMAIL PROTECTED]>
Subject: SV: Europe and USA encryption export restrictions
Date: Sun, 23 May 1999 14:12:42 +0200
Use the browser Opera from www.operasoftware.com.
There you have 128 bit SSL.
==============================
Nils Zonneveld <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi,
>
> I have to admit that I know very little about encryption, but what I do
> know is that today browser software for europe is equipped only with 40
> bits encryption. Due to USA export restrictions the 128 bits encryption
> version is not available. This makes on-line banking[1] impossible and
> cripples e-commerce.
>
> There are in fact European made encryption algorithms that offer more
> protection then 40 bits and even go further then 128 bits. What I do not
> understand is that these algorithms are not used in the European
> versions of browser software.
>
> That way on-line banking becomes a possibility and e-commerce within
> Europe would be encouraged. This way one would create a incompatibility
> between Europe and USA encryption algorithms used in browser software,
> but that is the fault of the USA government.
>
> Does anyone have a clue why there is still no decent encryption in
> European browser software? Technically it is a piece of cake to use
> European based algorithms. There seem to be a lot of political
> obstructions, that hinder the protection of european consumers.
>
>
> [1] on-line banking in this context, transactions over the internet in
> stead of a direct dail-in to the bank-computers.
>
>
> --
> M.v.g.
>
> Nils Zonneveld
> --------------------------------------------------------------------------
---
> "Misschien is niets geheel waar, en zelfs dat niet"
> (Maybe nothing is completely true and even that is to question)
> Multatuli (Eduard Douwes Dekker) - Idee 1
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Subject: Re: HushMail -- Free Secure Email
Date: Sun, 23 May 1999 13:17:45 +0100
John Kennedy wrote:
>
> On Sat, 22 May 1999 11:18:07 +0100, David Crick <[EMAIL PROTECTED]>
> wrote:
>
> >Total security would also require users to be running 128-bit crypto
> >browsers, something which isn't clearly stated on the web site.
> >
> >public/private keys are stored on their server, encrypted with Blowfish.
> >
> >Assuming this isn't some Three Letter Agency scam (*g*), they appear
> >to have reproduced the nym system, but without the remailing.
>
> Assuming the source code checks out, I don't see how this can be a
> scam
There's the old problem of "The source code looks OK, but how do we
know that the implementation is running off a straight compile of
the source code". Do we know the people who run this service?
Remember the Swiss crypto company.
Also, we now have a single point of attack - Hushmail.
> nor why a 128-bit crypto browser would be required.
>
> Having both keys will not allow anyone to decrypt your message if they
> don't have the passphrase, will it? So it would seem to me that the
> only requirements here are that the hushmail crypto is strong and that
> your passphrase is not compromised. What does a 128-bit crypto
> browser have to do with that? The passphrase should not be
> transmitted, period.
>
> Am I missing something?
Part of the process requires a SSL connection to transmit information
between you and Hushmail. If you're only using 40-bit encryption for
this, then this is part of the process is weakened.
> It seems to me that this product is clearly technically feasible and
> can in principle be known to be safe if the implementation is sound
> and public.
See above comments, although I agree that the protocols involved seem
sound.
> I think the approach holds great promise for making encryption more
> common by making it more easily accessible.
agreed.
David.
--
+-------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] http://members.tripod.com/vidcad/ |
| Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
| PGP Public Keys: 2048-bit RSA: 0x22D5C7A9 4096-DH/DSS: 0x87C46DE1 |
+-------------------------------------------------------------------+
------------------------------
From: "Claes & Gunn Irene" <[EMAIL PROTECTED]>
Subject: SV: Oh! Before I get some sleep is DES international yet?
Date: Sun, 23 May 1999 14:32:28 +0200
DES (and 3DAE) MD4 (and MD5 ) --and more if those algorithms are used all
over the world .. so call them 2international".
But even so you are probobly NOT allowed to put your program on the web or
export it because the "funny" legal situation in US.
In for example here in Norway many companies/privat persons are using 64 bit
DES ..and 128/192 bit 3DES, usaually minimum 1024 bit RSA, MD5, SHA-1.
We even have browsers working eith 128 bit SSL.
I think this goes for most contries outside US ..... (that is probably why
your intelligence service in US invented Wassenar).
Bill Unruh <[EMAIL PROTECTED]> wrote in message
news:7hd8v8$rid$[EMAIL PROTECTED]...
> In <7h7q53$6c1$[EMAIL PROTECTED]> "WarlockD"
<[EMAIL PROTECTED]> writes:
>
> >I just got a hold of WindowsCE toolkit and making a simple crypt program
> >that uses a MD4 hash and DES to encrypt, want to post it on a web site,
but
> >don't want to be arrested for treason:P
>
> >Anyone happen to know if DES is international algorithm? (I know MD4
isn't,
> >or if its copyrighted:P) If not, anyone know where or how you can
"weaken"
> >encryption algorithms so they are exportable? I am not too concerned
with
> >the security end as much as the legal end:P
>
> Talk to a lawyer for legal advice, not anewsgroup.
>
> However, some comments.
> a) It does not matter if the algorithm is "international". ALL crypto, no
matter where it
> comes from, must have a license to be exported.
> b) Some crypto has an easier time getting a license. (There are no rules
on this-- it
> is up to the discression of the Dept of Commerce, but loosely stated, 56
bit or less
> effective strength gets an easier time of it.)
>
> c) The recent 9th district court ruling MAY invalidate the law in the 9th
district.
> Check with a lawyer.
>
> d) MD4 is an authentication hash. Thre are no export restrictions on it
itself. However if you
> incorporate it into a program to make a cryptosystem
> eg a program which does
> O(n)=I(n)^MD4(key+O(n-1))
> where O(n) is the nth output block and I(n) is the nth input block, then
> it is illegal, sccording to the regulations, to post it without a license.
>
>
>
>
------------------------------
From: [EMAIL PROTECTED] (John Kennedy)
Subject: Re: HushMail -- Free Secure Email
Reply-To: [EMAIL PROTECTED]
Date: Sun, 23 May 1999 14:33:48 GMT
On Sun, 23 May 1999 13:17:45 +0100, David Crick <[EMAIL PROTECTED]>
wrote:
>John Kennedy wrote:
>>
>> On Sat, 22 May 1999 11:18:07 +0100, David Crick <[EMAIL PROTECTED]>
>> wrote:
>>
>> >Total security would also require users to be running 128-bit crypto
>> >browsers, something which isn't clearly stated on the web site.
>> >
>> >public/private keys are stored on their server, encrypted with Blowfish.
>> >
>> >Assuming this isn't some Three Letter Agency scam (*g*), they appear
>> >to have reproduced the nym system, but without the remailing.
>>
>> Assuming the source code checks out, I don't see how this can be a
>> scam
>
>There's the old problem of "The source code looks OK, but how do we
>know that the implementation is running off a straight compile of
>the source code". Do we know the people who run this service?
>Remember the Swiss crypto company.
>
>Also, we now have a single point of attack - Hushmail.
The source code runs on the client side as I understand it, so in fact
you can know what code is being run. That's how it should, and can in
principle work.That being the case I don't see that it matters if the
NSA is running Hushmail. If the app is correct the Hushmail people
can't read the mail without cracking strong crypto.
And I wouldn't expect this to remain a single point of attack, it
looks easy and cheap for anyone to implement so I'd expect the same
kind of proliferation as in other web-based email, if there's any
demand for it, and I think there is. So new encrypted mail services
will pop up and older services may well decide to add encryption.
>
>> nor why a 128-bit crypto browser would be required.
>>
>> Having both keys will not allow anyone to decrypt your message if they
>> don't have the passphrase, will it? So it would seem to me that the
>> only requirements here are that the hushmail crypto is strong and that
>> your passphrase is not compromised. What does a 128-bit crypto
>> browser have to do with that? The passphrase should not be
>> transmitted, period.
>>
>> Am I missing something?
>
>Part of the process requires a SSL connection to transmit information
>between you and Hushmail. If you're only using 40-bit encryption for
>this, then this is part of the process is weakened.
Your messages are only compromised if your passphrase is compromised
which ought not and need not be the case. The encryption and decrytion
is done client side, and it is verifiably strong.
>
>> It seems to me that this product is clearly technically feasible and
>> can in principle be known to be safe if the implementation is sound
>> and public.
>
>See above comments, although I agree that the protocols involved seem
>sound.
Oops, I just thought of a hole that I'm not sure is plugged. You're
vulnerable to a man-in-the-middle trap where when you try to mail to X
they hand you a different key - one of their's - to encrypt to,
decrypt the message, then re-encrpt it to X and pass it along. X gets
the message intact (or modified!) and thinks it has not been
compromised.
With PGP you avoid this trap by verifying a fingeprint of your
correspondent's key, but I don't recall seeing anything about such a
proceedure at Hushmail, nor do I see offhand how it can be safely
done. Since the keys apparently don't persist client side, how would
you ever know if you were being passed a bad one? It now seems to me
that you would at least need to keep a list of verified fingerprints
client side.
Does anyone know if this hole is plugged on Hushmail?
--
John Kennedy
--
The causal world imposes a nonarbitrary distinction between detecting in one's visual
array
the faint outline of a partly camouflaged stalking predator and not detecting it
because of
alternative interpretative procedures. Nonpropagating designs are removed from the
population, whether they believe in naive realism or that everything is an arbitrary
social
construction.
(Tooby and Cosmides, in _The Adapted Mind_, Barkow,
Cosmides and Tooby, editors )
=======
Best Anarchy Links:
David Friedman -> http://www.best.com/~ddfr/
Niels Buhl -> http://www.math.ku.dk/~buhl/
Billy Beck -> http://www.mindspring.com/~wjb3/promise.html
========
------------------------------
From: [EMAIL PROTECTED] (Pwrk)
Subject: Can I have some opinions please?
Date: 23 May 1999 14:04:24 GMT
I don't know much (or anything really) about encryption.
A few years ago, I wrote a program to scramble files.
I havn't used it much, but I would like opinions.
Could some of you try it out and point out it's strength and weaknesses?
It's a dos-based, command-line driven EXE file, Less than 7k.
Just email me at [EMAIL PROTECTED] and ask for I copy.
(Don't ask for source code, I lost that ages ago.)
Thank you.
---
Of all the things I've lost, I miss my mind the most...
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: HushMail -- Free Secure Email
Date: 23 May 99 14:35:01 GMT
John Kennedy ([EMAIL PROTECTED]) wrote:
: On Sat, 22 May 1999 11:18:07 +0100, David Crick <[EMAIL PROTECTED]>
: wrote:
: >Total security would also require users to be running 128-bit crypto
: >browsers, something which isn't clearly stated on the web site.
: >public/private keys are stored on their server, encrypted with Blowfish.
: Assuming the source code checks out, I don't see how this can be a
: scam nor why a 128-bit crypto browser would be required.
A 128-bit browser certainly isn't required for operation. I suppose one
could be required for adequate security if it was used for setup.
: Having both keys will not allow anyone to decrypt your message if they
: don't have the passphrase, will it?
No, the passphrase is used to protect encrypted copies of the keys. Having
your private key is enough to allow decryption of all your incoming mail.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: HushMail -- Free Secure Email
Date: 23 May 99 14:38:04 GMT
David Crick ([EMAIL PROTECTED]) wrote:
: Part of the process requires a SSL connection to transmit information
: between you and Hushmail. If you're only using 40-bit encryption for
: this, then this is part of the process is weakened.
Ah. I think that the SSL connection is only used to ensure you're
recieving an authentic copy of the Hushmail software, not to transmit keys
that should be secret, in which case having a 40-bit browser is *not* a
serious compromise of the potential security of this system.
John Savard
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
