Cryptography-Digest Digest #830, Volume #9 Mon, 5 Jul 99 00:13:04 EDT
Contents:
Re: Secure link over Inet if ISP is compromized. (S.T.L.)
Re: Crypto Books on CD-ROM (David A Molnar)
Re: RSA Padding (S.T.L.)
More secure UNIX style authentication ([EMAIL PROTECTED])
Re: RNG/PRNG paper for reading+editing ([EMAIL PROTECTED])
Re: The One-Time Pad Paradox ([EMAIL PROTECTED])
Re: RNG/PRNG paper for reading+editing (Yoni Kramel)
Re: Quantum Computers ([EMAIL PROTECTED])
Encrypting software in the movie "The Saint"??? (Maze)
Re: Quantum Computers (David A Molnar)
Re: MP3 Security Requirements? ("Lyal Collins")
Re: Crypto Books on CD-ROM (Bruce Schneier)
Re: Crypto Books on CD-ROM (Bruce Schneier)
Re: Crypto Books on CD-ROM (David A Molnar)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (S.T.L.)
Subject: Re: Secure link over Inet if ISP is compromized.
Date: 04 Jul 1999 21:18:22 GMT
***BEGIN JABIBBIAN NONSENSE***
Patrick Juola wrote in message <7liecm$sdb$[EMAIL PROTECTED]>...
>In article <7lhmni$9ti$[EMAIL PROTECTED]>,
>Gene Sokolov <[EMAIL PROTECTED]> wrote:
>>
>>Patrick Juola <[EMAIL PROTECTED]> wrote in message
>>news:7lgduf$p3p$[EMAIL PROTECTED]...
>>> In article <7lgcjq$g5r$[EMAIL PROTECTED]>, Else <[EMAIL PROTECTED]> wrote:
>>> >
>>> >Patrick Juola wrote in message <7lfspi$mij$[EMAIL PROTECTED]>...
>>> >>In article <7lfi2r$38f$[EMAIL PROTECTED]>,
>>> >>Gene Sokolov <[EMAIL PROTECTED]> wrote:
***END JABIBBIAN NONSENSE***
This is the most disgusting piece of quoted Jabbiban nonsense that I've ever
seen. This _includes_ conversations on sci.physics.relativity between SRians
and kooks. Please, snip this gunk when you can!
-*---*-------
S.T.L. ===> [EMAIL PROTECTED] <=== BLOCK RELEASED! 2^3021377 - 1 is PRIME!
Quotations: http://quote.cjb.net Main website: http://137.tsx.org MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 F00FC7C8
E-mail block is gone. It will return if I'm bombed again. I don't care, it's
an easy fix. Address is correct as is. The courtesy of giving correct E-mail
addresses makes up for having to delete junk which gets through anyway. Join
the Great Internet Mersenne Prime Search at http://entropia.com/ips/ Now my
.sig is shorter and contains 3379 bits of entropy up to the next line's end:
-*---*-------
Card-holding member of the Dark Legion of Cantorians, the Holy Order of the
Catenary, the Great SRian Conspiracy, the Triple-Sigma Club, the Union of
Quantum Mechanics, the Polycarbonate Syndicate, the Roll-Your-Own Crypto
Alliance, and People for the Ethical Treatment of Digital Tierran Organisms
Avid watcher of "World's Most Terrifying Causality Violations", "When Kaons
Decay: World's Most Amazing CP Symmetry Breaking Caught On [Magnetic] Tape",
"World's Scariest Warp Accidents", "World's Most Energetic Cosmic Rays", and
"When Tidal Forces Attack: Caught on Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #10: Thou Shalt Conserve Electric Charge.
I have a feeling that someone will attack my .sig. Aren't you predictable?
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Crypto Books on CD-ROM
Date: 4 Jul 1999 21:00:28 GMT
[EMAIL PROTECTED] wrote:
> Has anyone seen this yet? It seems like there must be some catch.
> For those interested, this was at
I have this CD. Let me preface these remarks by noting that I
ordered the CD almost as soon as it appeared. It may be that
I suffer from first version glitches.
The CD does contain the books advertised. Unfortunately, the
software used to view them makes reading these books a chore.
Frequently diagrams do not immediately appear when scrolling
through text, requiring much clicking in the window before
they finally appear (if they ever do). The same is true
for mathematical formulae set off from the text. This is
highly annoying.
In addition, while all the books are there, some parts are
difficult to get to. That is, sometimes I will click the
"next page" button and find myself elsewhere than intended.
Sometimes I will end up in a different book entirely.
A poster a few months ago mentioned that he had found
inconsistencies between the paper _Handbook of Applied
Cryptography_ and the version on the CD. I don't own HAC
and so have not verified this.
The CD does have keyword search capabilities - this is
helpful when trying to look up, say, "blum blum shub
random number generator." There are also annotation
and bookmark facilities. I haven't tested the annotations
(marking up books isn't my style), but the bookmarks
seem to work.
Probably the biggest drawback is that reading the books
with the supplied software is not a comfortable nor
a particularly fun experience. Nor does the speed
of searching yet approach scanning a table of contents
and flipping to the right page.
I'd say the CD is worth about what DDJ is asking.
You get access to a valuable, searchable reference
at some cost in convenience. It also saves download
time for the RSA CryptoBytes and MilCryp papers.
If you're just starting, though, I would suggest
buying a paper copy of your chosen intro book.
-David Molnar
------------------------------
From: [EMAIL PROTECTED] (S.T.L.)
Subject: Re: RSA Padding
Date: 04 Jul 1999 21:08:37 GMT
<<You must pad RSA messages otherwise they will fall victim to frequency
analysis. >>
How is frequency analysis done on an RSA message? I've never heard of frequency
analysis being applicable to RSA, only chosen-plaintext attacks.
-*---*-------
S.T.L. ===> [EMAIL PROTECTED] <=== BLOCK RELEASED! 2^3021377 - 1 is PRIME!
Quotations: http://quote.cjb.net Main website: http://137.tsx.org MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 F00FC7C8
E-mail block is gone. It will return if I'm bombed again. I don't care, it's
an easy fix. Address is correct as is. The courtesy of giving correct E-mail
addresses makes up for having to delete junk which gets through anyway. Join
the Great Internet Mersenne Prime Search at http://entropia.com/ips/ Now my
.sig is shorter and contains 3379 bits of entropy up to the next line's end:
-*---*-------
Card-holding member of the Dark Legion of Cantorians, the Holy Order of the
Catenary, the Great SRian Conspiracy, the Triple-Sigma Club, the Union of
Quantum Mechanics, the Polycarbonate Syndicate, the Roll-Your-Own Crypto
Alliance, and People for the Ethical Treatment of Digital Tierran Organisms
Avid watcher of "World's Most Terrifying Causality Violations", "When Kaons
Decay: World's Most Amazing CP Symmetry Breaking Caught On [Magnetic] Tape",
"World's Scariest Warp Accidents", "World's Most Energetic Cosmic Rays", and
"When Tidal Forces Attack: Caught on Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #9: Entropy Never Decreases In A Closed System.
------------------------------
From: [EMAIL PROTECTED]
Subject: More secure UNIX style authentication
Date: Sun, 04 Jul 1999 17:35:50 -0400
Hello all,
As I'm sure most know, UNIX uses a method of password authentication
with DES. It takes a string of NULL characters and uses the user's
password as DES's key. (here I am omitting the SALT value, which has no
relevance to my question) The encrypted NULL string is saved to the
/etc/passwd (or shadow if you are smart). When a user logs in, it
encrypts the NULL str with the password that they entered. That
encrypted text is then compared to the one in /etc/passwd (shadow) to
authenticate the login. My question is, if the algorithm was changed
from DES to something a little more modern (and hopefully secure) like
IDEA or CAST, would that create a more secure algorithm? One thing I
could think of that would make this method insecure: does the way that
UNIX verifies it's logins rely on the DES algorithm, and if I change it
to another algorithm, would the algorithm itself be insecure when
encrypting a string of just NULLs?
Thanks for your time,
Clay Culver
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RNG/PRNG paper for reading+editing
Date: Sun, 04 Jul 1999 20:41:35 GMT
<snip>
Howdy, I am a high school student as well. I have some things to poing
out about your post.
1) Include the paper or URL in your post. It makes it easier to read :)
2) All cryptography revolves around random or pseudo-random
functions/permutations etc.. The link is assumed.
3) You will have to read online papers to learn anything in crypto.
They don't teach this in school, except for university. I would
suggest some books as well (Like from CRC press).
Anyways gimme the link for the paper and I will read it.
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Date: Sun, 04 Jul 1999 05:50:15 -0400
From: [EMAIL PROTECTED]
Subject: Re: The One-Time Pad Paradox
Jim Gillogly wrote:
> You're now back in the dicey business of
> pre-qualifying pads because of perceived patterns, but that's
> a much lower risk than giving away 1/8 of your message.
>
> And, of course, you still wouldn't ever actually be in that
> position, for the same reason that the oxygen in your office
> didn't leap into the opposite corner a moment ago.
This raises a question of intent vs action with respect to filtering key
pads. If I _intend_ to filter keypads, but because my filter criteria
is fairly wide, never expect to _actually_ filter a pad, then I've given
the adversay who is aware of my policy some information about all of the
messages I've sent.
The same issue applies to ciphertext filtration. Even if I never
_actually_ discard a ciphertext and re-encrypt, my _intention_ to do so,
if known to the adversary, weakens my security.
If my messages average one page, about 2500 characters, I'll have 20K
bits per message. If I reject all ciphertexts that are pure ASCII text
derived from a pad with 8-bit bytes, I'll have a one in (128/256)^2500
chance of rejecting a message. Since that fraction has ~700 zeros
between the decimal point and the first signifigant figure, it is
effectively zero. It is not identically zero, but it _rounds_ to zero
under any sane criteria.
So, my filtration has weakened my security by an amount that rounds to
zero.
------------------------------
From: [EMAIL PROTECTED] (Yoni Kramel)
Subject: Re: RNG/PRNG paper for reading+editing
Date: Sun, 04 Jul 1999 21:51:52 GMT
Eli <[EMAIL PROTECTED]> wrote:
><!doctype html public "-//w3c//dtd html 4.0 transitional//en">
><html>
Please check your newsreader settings.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Quantum Computers
Date: Sun, 04 Jul 1999 22:16:06 GMT
In article <7liris$94m$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Patrick Juola) wrote:
> In article <7liolq$1en8$[EMAIL PROTECTED]>,
> SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
> >In article <7lie5g$scq$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Patrick Juola) wrote:
> >>I'm a college professor (for my sins). Part of my penance involves
> >>educating the incorrect. The rest of it involves grading papers
and
> >>tests.
> >>
> >>
> >
> > Yes I can see your sins much better know. I also have a better
> >appreication for the saying that those that can't do teach.
>
> Yes? And what team do you coach, Mr. Scott?
>
> -kitten
>
I'm sorry, is this turning in to a slanging match or is it just me...?
The amount of knowledge I have on QC could proably fit on to the back
of a postage stamp, but foolishly I thought I would read into something
that may in some ways broarden my horizons and give me something to
discuss at work when it gets boring. All I am able to find is a group
of supposedly intelligent people slagging others off in some vague
attempt to embiggen themselves and prove something. Well you did. Your
all nothing but a bunch of sissy little girls bikkering in the
playground.
Retorts of any kind to this would greatly be appeciated from those
enguaging in the original stem of conversation and even those looking
in from the outside. It might be interesting to see what the regular
people of the world would have to say about the supposed community that
many of you purport to be apart of...
Ta Ta for now.....Gromularixis
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Maze)
Subject: Encrypting software in the movie "The Saint"???
Date: Sun, 04 Jul 1999 18:49:41 -0500
Hi,
One of my favorite movies is "The Saint" with Val Kilmer.
My guess is that you have seen it. I'm a little curious in the software
that he (The Saint) is using on his Apple PB5300c. Especially the
encrypting software he's using to communicate with the Russian bad guys. I
like the part when he is encrypting a picture file and you see the picture
transforming into some blurred image and loads into an email as a
attachment.
My question is: Does this software exist or is it just fiction?? I mean,
the other stuff he uses is a little to good to be true. Like when he
transfers pictures taken with his digital camera onto the powerbook. Takes
him a couple of seconds to do this when in reality it takes a bit longer.
Do you have any clues to as if this encryption software exists??
Regards
maze
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Quantum Computers
Date: 4 Jul 1999 23:50:44 GMT
[EMAIL PROTECTED] wrote:
> I'm sorry, is this turning in to a slanging match or is it just me...?
Every now and then it does. I think if you look at the other
posts in this thread, or if you consider the other threads
in this group, you will find that the signal makes up for
such noise.
I almost wrote something about "community", but that would
be more noise. Maybe we need a sci.crypt.d for such threads.
-David
------------------------------
From: "Lyal Collins" <[EMAIL PROTECTED]>
Subject: Re: MP3 Security Requirements?
Date: Mon, 5 Jul 1999 11:51:44 +1000
See various companies like:
Tragoes
Intertrust,
Digimarc
BlueSpike
RightsExchange
C-dilla
- the websites are fairly intuitively named...
Payments are easier to solve provided you do not constrain your thinking to
credit cards (1970's paper based business rules) or stored value (e-purses,
ecash etc).
The electronic payments industry has vast economies of scale for
account-based payments, so I would think that's an obvious start point.
It also depends if you want banks actively involved in the payment and or
authentication process. As banks have passive payment services in place (ie
they take a passive role), either option will work for Internet or removable
media distribution.
Indeed, several electronic payment standards already have authentication and
confidentiality processes which are well known and tested.
Few people understand how to take them to the internet arena, so we start
building parallel solutions -again.
Thierry Moreau wrote in message <[EMAIL PROTECTED]>...
>Hi everyone!
>
>As I understand it, the MP3 standard changes the way recorded
>music and songs can be distributed. The traditional
>distribution for recorded music involved a physical media,
>(record, audio cassette, or CD), and a distribution network
>handling physical goods. Home-based copying of recorded music
>has been possible since the introduction of the audio cassette.
>That's illegal but small scale fraud (taken individually), and
>the audio quality is poor (defective substitute for the
>original). Counterfeit CDs (like counterfeit videos) were a
>problem before the advent of the MP3. That's organized fraud
>and the good faith consumer is somehow defrauded, even if the
>counterfeit CD quality is good.
>
>So what really changes is the following:
>
> 1 OBSOLESCENCE FOR THE MUSIC RETAILER. Distribution of
> recorded music on the Internet bypasses the traditional
> distribution channels.
>
> 2 PAYMENTS FOR DIGITAL CONTENTS. Distribution of recorded
> music on the Internet to the good faith consumer requires
> some royalty payment mechanism.
>
> 3 BETTER QUALITY HOME-BASED COPYING. The quality of
> home-based illegal copying is as good as the original.
>
> 4 NEW COUNTERFEITURE REPRESSION CHALLENGES. The organized
> fraud (illegal distribution of MP3 from unauthorized web
> site) is deemed to be more visible, simply because it is
> Internet based, but potentially more difficult to sanction
> (how to close an illegal web site in a remote country).
>
>For this sci.crypt newsgroup, the important issue is number 2,
>Payments for digital contents.
>
> - Anyone has any pointers to relevant technologies?
>
> - What about distributing music (for a fee) to teenagers who
> don't have a credit card?
>
> - What is the experience with payments for digital contents
> in other application areas?
>
> - Am I right in suspecting that the MP3 technology forums
> barely addressed the issue from an IT security technology
> perspective?
>
>The other issues can hardly be assisted with IT security
>techniques. Watermarking of MP3 recorded music is kind of
>useless.
>
>- Thierry Moreau
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: Crypto Books on CD-ROM
Date: Mon, 05 Jul 1999 02:33:16 GMT
On Sun, 04 Jul 1999 19:51:59 GMT, [EMAIL PROTECTED] wrote:
>Yesterday I received an interesting solicitation in the mail from
>Dr. Dobb's Journal. They were advertising a bunch of "essential books"
>CD-ROMS.
>
>One of particular interest to sci.crypt readers is the "Essential
>Books on Cryptography and Security CD-ROM". For less than $100,
>it claims to have complete text for the following books:
>
>* Schneier, Applied Cryptography 2nd Ed.
>* Stinson, Cryptography: Theory and Practice
>* van Oorschot, Vanston & Menezes, Handbook of Applied Cryptography
>* Denning, Cryptography and Data Secruty
>* Meyer & Matyas, A New Dimension in Computer Data Security
>* Demillo, Applied Cryptology
>* Gustavus Simmons (ed.), Contemporary Cryptology
>* Friedman, Military Cryptanalysis, Volumes I-IV
>
>This seems like an incredible resource for anyone interested in
>cryptography. All it would take would be a copy of Kahn's
>_The Codebreakers_ to be a comprehensive introduction.
>
>Has anyone seen this yet? It seems like there must be some catch.
No catch. They asked my publisher if they could include my book, and
my publisher said "yes."
Honestly, while the CD-ROM is great for searching, but you're going to
want paper to read.
Still, it's great deal.
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: Crypto Books on CD-ROM
Date: Mon, 05 Jul 1999 02:31:37 GMT
It's worth buying the new version of the CD-ROM. All the books are in
pdf format, and the hyperlinking actually works. I found the first
version almost useless, but I like this version.
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Crypto Books on CD-ROM
Date: 5 Jul 1999 03:45:38 GMT
Bruce Schneier <[EMAIL PROTECTED]> wrote:
> It's worth buying the new version of the CD-ROM. All the books are in
> pdf format, and the hyperlinking actually works. I found the first
> version almost useless, but I like this version.
Thanks for the good news! Now I need to figure out how to
swing an upgrade from DDJ. :-)
-David
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
