Cryptography-Digest Digest #610, Volume #9 Fri, 28 May 99 11:13:02 EDT
Contents:
Re: The BRUCE SCHNEIER Tirade ([EMAIL PROTECTED])
Re: The BRUCE SCHNEIER Tirade (Patrick Juola)
Re: AES tweaks (SCOTT19U.ZIP_GUY)
Re: The BRUCE SCHNEIER Tirade (SCOTT19U.ZIP_GUY)
Re: evaluation cryptographic algorithms (SCOTT19U.ZIP_GUY)
Re: The BRUCE SCHNEIER Tirade (SCOTT19U.ZIP_GUY)
Re: The BRUCE SCHNEIER Tirade (Bob Silverman)
Re: Review of Scottu19 (Thomas Pornin)
Re: NSA proves banks use poor crypto (SCOTT19U.ZIP_GUY)
Re: Review of Scottu19 (SCOTT19U.ZIP_GUY)
Re: The BRUCE SCHNEIER Tirade (SCOTT19U.ZIP_GUY)
Re: The BRUCE SCHNEIER Tirade ("Sam Simpson")
Re: The BRUCE SCHNEIER Tirade (Patrick Juola)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 13:05:46 GMT
> Which is why one time pads have been, and presumably still are used.
>
> Which is why I was puzzled by the comment attributed to Schneier that
> they are unusable.
>
> Yes, I understand that they are no replacement for public key
> cryptography, but in the right situation they are possibly superior if
> provably secure.
Doi, OTP are only secure if the message and key are the same length, and
the key is random. Here is the stipulation, you must sent the key in a
secure manner, so why not send the message that way.
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: 28 May 1999 10:45:16 -0400
In article <7im4b9$g7t$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>
>> Which is why one time pads have been, and presumably still are used.
>>
>> Which is why I was puzzled by the comment attributed to Schneier that
>> they are unusable.
>>
>> Yes, I understand that they are no replacement for public key
>> cryptography, but in the right situation they are possibly superior if
>> provably secure.
>
>Doi, OTP are only secure if the message and key are the same length, and
>the key is random. Here is the stipulation, you must sent the key in a
>secure manner, so why not send the message that way.
Because you might have the key before you have the message.
And you might have the facilities to keep huge volumes of key
absolutely secure against anything while waiting for the message
to come into existence.
And you might find the cost of key storage to be less than the expected
cost of a cyphertext-only break of your message.
... And I *might* win the lottery. Comparable chances.
-kitten
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: AES tweaks
Date: Fri, 28 May 1999 14:05:15 GMT
In article <7il7q4$4ja$[EMAIL PROTECTED]>, "Vedat Hallac"
<[EMAIL PROTECTED]> wrote:
>> Taka a long file of your chioce but many thousands of bytes in length use
>>any AES candidate and use CBC with an IV of your choice.
>>... You know have a file that matches
>>exactly the original file except for a few blocks in the area of where you
>>twiddled the bit.
>Hmmm... I thought this was a good thing. It only shows that error
>propagation of this method is limited to the next block. If the encrypting
>end is a teller machine, and the decrypting end is the bank, do you want all
IF there is an error the communications protocal should retransmit the
packet. I also feel if there is an error all the way to the bank I would
rather have the whole transaction invalid so it can be done over. But I see
many people are happy trying to uses messages that contain errors.
If your happy with this next time you get a binary file off the net that has
a minor errot feel free to use it.
>transactions after one bit of transmission error to fail? Or try to
>resynchronize at that point? I think not. All the CBC mode does is to make a
>block in the stream dependent on all the previous blocks, preventing threats
>like erasing or adding transactions to the stream in this kind of
>application.
>
Actually it shows just the opposite in CBC mode people are under the
delusion that all previous blocks are related but that is the illusion as my
test shows. But don't feel bad your the product of the successful propaganda
companing of our NSA. To bad it has not worked on the chinese as good as
it has been working on our on people.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 14:52:39 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Johnny Bravo)
wrote:
>On Fri, 28 May 1999 05:19:36 GMT, [EMAIL PROTECTED]
>(SCOTT19U.ZIP_GUY) wrote:
>
>> Actually Bruce likes to attack new commers. But if you claim you have
>>a OTP then the key has to be changed each time the file is used. About
>>the only way you could do it is to give each cutomer a unique CD full of
>>different random data for each user.
>
> And if you want to send that data to someone, you will need a CD
>pair for everyone you want to communicate with. So if you have a
>network of 100 people, you would need 10,000 CDs for them to send data
>back and forth. This is where the impracticality comes in. And once
>you use up all the data on the CDs you will need to issue more pairs,
>ugh. And if you have a channel secure enough to send CDs through, you
>could just as easily send the data through that channel.
>
> Johnny Bravo
>
Sorry Mr Bravo but your making the assumption that I have 100 people
I want to talk with I don't. Also the disks can be sent in advance before
the messages. The NSA could send agents in the fiedd with large memories
in there tiny devices so the agent only communicates with one central
source. If agent A wants to send a message to agent B he first sends it
to the Central source and that group relies it to B so you don't need all the
CD that you think you need. IF the NSA does not use this simple method
it is beause the managers running the NSA are to stupid. This is one method
I would use for field agents. But it is quite possible the top managers in the
NSA are a bunch of dolts and such methods would imped Clintons wholesale
transfer of technology to the Chinese.
Sorry to disappoint my fans but this is a case where scottNu is not the best
but I am big enough to do what is right thats more than I can say for a
bearicrat where the money pussy and party comes before all else.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: evaluation cryptographic algorithms
Date: Fri, 28 May 1999 14:16:26 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Johnny Bravo) wrote:
>On Thu, 27 May 1999 20:09:07 +0200, [EMAIL PROTECTED]
>(Andreas / Detlef Stieger) wrote:
>
>>Hi everyone.
>>
>>I always wondered how cryptoscientists evaluate their algorithms.
>>
>>I think it is dangerous just to look at the number of possible keys and to
>>calculate how long it would take to check all the keys if all computers in
>>the world would join calculation power 24 hours a day, seven days a week.
>>("Exhaustionsmethode")
>
> This does provide an upper bound though. If you show that a brute
>force attack can search the entire keyspace in 5 minutes on a P150,
>then your crypto is weak no matter how good the algorithm is.
>
>>How must an encryption algorithm be so that it can be evaluated as "strong"
>>(besides that is has to have a large number of possible keys) I heard of
>>assymetric keys and so on...
>
> Assymmetric/symmetric are just ways of describing how the data is
>encrypted. A symmetric key is used for both encrypting and
>decrypting the data, it isn't used for email type purposes much
>because you still have to find a secure way for the receiver to get
>the key. Asymmetric keys use two different keys, what you encrypt
>with one you can only decrypt with the other. This lets you give one
>key out and people can send you mail only you can read. This also
>works in reverse, you can use your secret key and sign a message, then
>anyone with the key you gave away can read and verify your signature.
>Asymmetric encryption is slower than symmetric, so some systems (like
>PGP) use both. It uses a fast symmetric encryption with a random key
>to encode the message, then it used the asymmetric encryption to
>encode the symmetric key and both are sent along. The receiver uses
>his asymmetric key and finds out the random key, then that key is used
>to decrypt the message.
> symmetric keys are stronger per bit than asymmetric keys, to use PGP
>as an example it uses 128 bit symmetric keys to encrypt the data and
>then much larger asymmetric keys (128 bits symmetric is worth about 3k
>asymmetric)
>
>>I would also like to know what, providing that an algorithm is "strong", can
>>make him "weak"?
>>(publicating the source code, attack algorithms, new and faster
>>computers...)
>
> There is no "strong" crypto that can be made weak by describing the
>algorithm or showing the source code. If there is a flaw that can be
>found by examining the source, it was never strong to begin with
>(mainly because that flaw could be found by accident by an attacker).
Actually the above is not ture. SInce the NSA which is some one compedent
in the field does the best to hide there source code. Yes people like to see
it when it is being studied but ideally it is best to hide it. No one in
public knows the many methods they code ther CYPRIS chips with. I also
think if we told the japanese in WWII that navajo was being used for crypto in
the war they may have been able to break it. But we counted on the irragance
of the Japanese to only let a few people even look at the code. Where if they
would have broadcast some openly to there puplic it would have been broken.
> For most asymmetric ciphers the "better" attack algorithm would be a
>much faster method of factoring 150+ digit numbers. The defense is
>usually a larger key, if someone finds a way of factoring large prime
>a million times faster than is now possible, making the number 6
>digits longer provides the same security as before at a very small
>increase in encryption time.
> As it is, asymmetric keys are usually set up with massive overkill
>just in case this kind of breakthrough occurs. With millions of
>computers working 24/7, you would likely see the death of the Earth
>due to the Sun expanding into a Red Giant before you see a decently
>sized key cracked.
Actually they keep changing this target number it seems SUNS burn
up faster than people think so they keep moving the numbers up each year
so it is hardly overkill.
> Computers keep getting faster, but there is a bounding limit as far
>as science can determine. It's that the electrons on the chips still
>can't move faster than light so much concern isn't given to this. And
>for the most part, you only have to encrypt messages for your
>lifetime, you will hardly care if some cracker breaks 128 bit IDEA 500
>years from now with his quantum computer. By the time this happens we
>will be using the same quantum computers to generate keys just as fast
>and as large in proportion to computing power that we do today.
> As far as someone "breaking the system" on an algorithm, this is
>always a possibility. There is very little we can do about this kind
>of attack other than letting as many experts in the field have a try
>at the systems we are using. The longer the algorithms can withstand
>attack the more secure they are believed to be, not a guarantee, but
>there are no guarantees with crypto.
>
> Johnny Bravo
>
I can guarntee that the NSA can break ROT13
so ther are some guarntees.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 15:05:23 GMT
In article <7im4b9$g7t$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
>> Which is why one time pads have been, and presumably still are used.
>>
>> Which is why I was puzzled by the comment attributed to Schneier that
>> they are unusable.
>>
>> Yes, I understand that they are no replacement for public key
>> cryptography, but in the right situation they are possibly superior if
>> provably secure.
>
>Doi, OTP are only secure if the message and key are the same length, and
>the key is random. Here is the stipulation, you must sent the key in a
>secure manner, so why not send the message that way.
>
>Tom
Tom
Your a nice guy but THINK what if your going on a trip to say CHINA and meet
a nice lady. SHe gives you a randomly generated CD. that plays music the data
key is hidden using stegoraphy(bad spelling). Five year later you get hired by
The US to program SAFE arm and fusing for the ICBM's we are pointing at RED
CHINA. She has a sister vist you one day and says this lady has your baby and
she wants it to be safe. This sister shows you a program to extract they key
so you can use. Then at work you use this OTP and send it to the nice lady in
china who has your baby the NSA intercepts this message but being provable
sercure they get no where. You know knowing your baby is safe destroy the CD.
Sound far fetched. Then did you see the movie base on a true story Madam
Butterfly. It is even more strange since it is true.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 13:19:44 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> The BRUCE SCHNEIER Tirade
>
> BRUCE SCHNEIER is president of Counterpane Systems and says:
>
> A true one-time pad is... unusable? Why: because no one has shown
how
> it can be done yet?
>
> Let me begin by asking Mr. Schneier why the OTP is unusable?
>
> Next, let me ask Mr. SCHNEIER if he possesses a copy of OAP-L3
> encryption software? I certainly did not provide him with one.
>
> In one breath Mr. SCHNEIER says that Ciphile Software is "pretending"
> then in the next he claims: "whatever that means." Mr. SCHNEIER, do
> you know what you are talking about when you trash Original Absolute
> Privacy - Level3 Encryption Software?
>
> Is it the mark of a professional to make assertions about something he
> does not know anything about?
Actually, Bruce Schneier knows so much more than you do about
cryptography that a comparison isn't fair.
It is not he who is indulging in a tirade and being unprofessional.
It is you.
Did you forget to take your Lithium today?
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Thomas Pornin)
Subject: Re: Review of Scottu19
Date: 28 May 1999 14:06:02 GMT
According to SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]>:
[insults in erratic syntax]
Major resistance to getting a clue. Using insults when short of ideas.
'Hopeless' comes to mind. Discussing with you is not interesting any more.
--Thomas Pornin
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: talk.politics.crypto
Subject: Re: NSA proves banks use poor crypto
Date: Fri, 28 May 1999 14:35:26 GMT
In article <[EMAIL PROTECTED]>, Karel
Wouters <[EMAIL PROTECTED]> wrote:
>On Fri, 28 May 1999, Gurripato [x=3DNospam] wrote:
>
>> On Thu, 27 May 1999 18:57:43 +0200, Ronald Benedik
>> <[EMAIL PROTECTED]> wrote:
>>=20
>> >Steven Alexander wrote:
>> >>=20
>> >> Even though this story comes from a respected source, it is highly
>> >> questionable. Foreign countries would have a serious problem with a U=
>=2ES.
>> >> government agency attacking foreign banks.
>> >
>> >I don`t know of any bank outside the U.S. implememting more than the
>> >standard (i guess 56 bit) banking encryption. At least not in Austria.
>> >If they were using the new high tech availavle then why the Y2K problem?
>> >Why not taking his money from a bank in switzerland?
>> >What can they do if this is successful?
>> >nothing.
>>=20
>> =09There are several banks in Spain using 128 bit encryption.
>> See for example Banco Bilbao Vizcaya (https://www.bbvnet.com/bbvnet/),
>> one of Spain=B4s largest banks. Some others=B4 https websites can be see=
>n
>> at http://www.ugr.es/~aquiran/cripto/enlaces.htm#servsegu (those with
>> "128" are the ones using 128-bit encryption).
>>=20
>I agree; there are a lot of banks outside the US, using strong encryption.
>There's a company here in Belgium, (http://www.ficsgrp.com) that
>implements Electronic Services Delivery for banks.
>It say it uses 168 bits encryption (3DES). I also know that they
>use 1024 bits RSA for authentication.
>These guys have customers in Belgium, Australia, the Netherlands,=20
>Greece, the Czech Republic, Germany, Poland, Switzerland , Austria
>and many more. =20
>
>They have been looking at elliptic curve crypto and I suspect that they
>will implement the AES winner also.
>
If they implement the AES winner then they will score points with Clinton
and NSA. Don't these guys ever learn.
>regards;
>
>Karel w=20
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Review of Scottu19
Date: Fri, 28 May 1999 14:31:01 GMT
In article <7ilkki$932$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Thomas Pornin) wrote:
>According to SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]>:
>> Then you don't look very hard becasue scott19u can not be
>> implemented in a eleagant(what does elagnat mean any way) readable
>> ANSI C way and even start to run as fast as it does on my PC. But if
>> your good at assembly you can speed it up by a factor if ten.
>
>-- Such a statement is false. If you can speed up an algorithm by a
>factor of ten in assembly, then you do not know how to produce C code,
>or your compiler is the dumbest ever (which djgpp is not). For some
>things, a factor of 4 is understandable (the integer multiplications and
>divisions on Intel, for instance).
>
>But incompetence is so common that it cannot be considered as a crime.
>
If your so dam nonincomperence then show me. You are making statements
you can't back up. You just irragantly think C is hot shit and it is fine but
only as a tool.
>
>-- Anyway we are speaking documentation. You may use whatever
>implementation you want, but your 'C code' cannot be considered as any
>form of documentation. In my view, your algorithm is undisclosed, and
>you provide only some sort of binary that is supposed to implement it.
>Do you trust binaries produced by other people ? Some people do not,
>especially guys who want security.
>
Good we need people like you protecting our secrets. You can even help
the spin doctors save Renos ass by using your logic to prove nothing of value
was given to the chinese. Maybe your limited brain is incapable of following
logic in other than some narrow way in which you use C but other people
might have a higher IQ and then would be capable to understanf what was done,
>Therefore scott19u will remain a toy for loonies, as long as you keep
>this 'I am God, my code is Truth and if you do not like it you are dumb'
>attitude. This is no great loss for science, in my opinion, but this is
>YOUR fault. Accept it and stop whining about the crypto gods who do not
>like your code and have been hired by the NSA to prevent people from
>trusting your products.
>
I guess your in the Hamilion crowd of being to dumb to understand if not
spoon feed to you so you attack it with out any basis other than saying it
is not in a form your low IQ brain can follow so there for it is weak. Well I
am sure Bruce and the Crypto Gods would agree with you However they
can't break it. Sorry you keep thinking I am God. To set the record straight
one more time. " I AM NOT GOD" though at one time thought about becoming
a morman since many departments on base I use to work it was the only way
to get a head. They even think they are going to be GODS it was an atttactive
lure but like I said before I am not god at kissing ass or chasing carrots.
(no offense inteded to mormans I may even join when that temporary band on
multiple marridges is lefted)
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 14:41:44 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>On Fri, 28 May 1999 02:39:55 +0200, fungus
><[EMAIL PROTECTED]> wrote:
>
>>
>>
>>Anthony Stephen Szopa wrote:
>>>
>>> A true one-time pad is... unusable? Why: because no one has shown how
>>> it can be done yet?
>>>
>>
>>Very, very simple.
>>
>>A one time pad has a key which is a big as the message. If you
>>can securely transmit the key to the other party then you obviously
>>don't need cryptography - you could just send the message by the
>>same route.
>
>Nope. You may pass the pad through a window that may not even exist at
>the time you need a message transmitted.
>
>>
>>> Let me begin by asking Mr. Schneier why the OTP is unusable?
>>>
>>
>>See above.
>
>I don't know what Schneier meant, but your point above is not valid.
>
>
>
I think he meant don't use it since it is PROVABLE secure. A practical
OTP would not be good for his bottom line. How would he convence people
to pay large bucks for his systems if the only provable secure and I think
unpatieented system that any one could sale is a OTP. It would also make
the work of his associates in the NSA have a harder time breaking things.
But true it is bulky and hard to transmit since key has to be passes in
advance.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 15:38:34 +0100
You can send the pad prior to message transmission (on CD via a
secure courier for example).
--
Sam Simpson
Comms Analyst
http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
If you're wondering why I don't reply to Sternlight, it's because
he's kill filed. See http://www.openpgp.net/FUD for why!
<[EMAIL PROTECTED]> wrote in message
news:7im4b9$g7t$[EMAIL PROTECTED]...
>
> > Which is why one time pads have been, and presumably still are
used.
> >
> > Which is why I was puzzled by the comment attributed to Schneier
that
> > they are unusable.
> >
> > Yes, I understand that they are no replacement for public key
> > cryptography, but in the right situation they are possibly
superior if
> > provably secure.
>
> Doi, OTP are only secure if the message and key are the same
length, and
> the key is random. Here is the stipulation, you must sent the key
in a
> secure manner, so why not send the message that way.
>
> Tom
> --
> PGP public keys. SPARE key is for daily work, WORK key is for
> published work. The spare is at
> 'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
> 'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
>
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: 28 May 1999 11:46:06 -0400
In article <7im8ba$1m5s$[EMAIL PROTECTED]>,
SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
>In article <7im3l3$2eu$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Patrick Juola)
>wrote:
>>In article <7il5gs$2lk0$[EMAIL PROTECTED]>,
>>SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
>>>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>>>>The BRUCE SCHNEIER Tirade
>>>>
>>>>
>>>>
>>>>BRUCE SCHNEIER is president of Counterpane Systems and says:
>>>>
>>>>"One-time pads don't make sense for mass-market encryption products.
>>>>They may work in pencil-and-paper spy scenarios, they may work on the
>>>>U.S.-Russia teletype hotline, but they don't work for you. Most
>>>>companies that claim they have a one-time pad actually do not. They
>>>>have something they think is a one-time pad. A true one-time pad is
>>>>provably secure (against certain attacks), but is also unusable.
>>>>
>>>
>>> Actually Bruce likes to attack new commers.
>>
>>Actually, Bruce is very supportive of "new commers"[sic]. (I feel I can
>>speak to this as I was one of Chris Hall's teachers.) Unfortunately
>>from the point of view of the newcomers, he knows substantially more than
>>they do. Depending on how secure your ego is, you can either view
>>this as a chance to learn or a chance to post rubbish. Your call.
>
> Unless we have been reading different posts (or drinking different booze)
>from what I see Bruce has a great hatred for the competition of any kind
>he seems to respect only ass kissers and in case you have not noticed
>I am not an ass kisser. If he was of the opposite gender maybe will could
>work something out.
He seems to have great respect for the competent. What that has to do
with your sexuality is something I can only (fail to, alas) avoid
speculating upon.
-kitten
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
