Cryptography-Digest Digest #108, Volume #10 Wed, 25 Aug 99 10:13:07 EDT
Contents:
Re: passphrases (Tom St Denis)
Re: One-time pad encryption. (Tony L. Svanstrom)
Re: CRYPTO DESIGN MY VIEW (SCOTT19U.ZIP_GUY)
Re: Where to find (SCOTT19U.ZIP_GUY)
Re: cryptographic DLL (Greg)
Re: cryptographic DLL (Ruud de Rooij)
Re: CRYPTO DESIGN MY VIEW (Mok-Kong Shen)
Re: cryptographic DLL (Tom St Denis)
MUM Revisited (Gary)
Re: cryptographic DLL ([EMAIL PROTECTED])
Canadian Crypto Update!!! ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: passphrases
Date: Wed, 25 Aug 1999 03:10:28 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> It has been said that it's wise to change your passphrase often to
stay
> secure.
> However, consider this:
>
> Lets assume you pick a very good passphrase that has sufficient
entropy
> (i.e. many random characters, numbers, and punct.) that you can easily
> remember. Since this passphrase cant be guessed or brute forced in a
> resonable time, your data will remain secure for a long time.
>
> But, if there is a hole in your implementation such that the key can
be
> recovered (like a key logger, swapfile, slack disk, EMI, etc.), then
it
> doesn't matter how often you change your passphrase, you're screwed!!
>
> Therefore, as long as you have no holes and a very good passphrase,
you
> don't have to change it.
>
> Any opinions?
Well you have a very good point, however remember that some attacks
take much less time then complete utter brute force. I agree with you
to use one good long password, but I do change it from time to time,
just to be 'ultra-safe'.
Tom
--
PGP 6.5.1 Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Subject: Re: One-time pad encryption.
Date: Wed, 25 Aug 1999 05:50:00 +0200
Jim Dunnett <[EMAIL PROTECTED]> wrote:
> >What you describe sounds like what the Russians did around WW2; it
> >was broken in a project called Venona. See "Spycatcher" by Peter
> >Wright for some modest amount of detail.
>
> Or 'Venona' The Greatest Secret of the Cold War by Nigel West for a lot
> more detail. (Harper Collins ISBN 0 00 257000 9)
NSA - The VENONA Home Page:
<http://www.nsa.gov:8080/docs/venona/index.html>
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---���---���-----------------------------------------------���---���---
\O/ \O/ �1999 <http://www.svanstrom.com/> \O/ \O/
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: CRYPTO DESIGN MY VIEW
Date: Wed, 25 Aug 1999 05:34:36 GMT
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <[EMAIL PROTECTED]>
wrote:
>SCOTT19U.ZIP_GUY wrote:
>>
>> In article <[EMAIL PROTECTED]>, Mok-Kong Shen
> <[EMAIL PROTECTED]> wrote:
>
>> >Evidently I haven't yet succeeded to fully convey my ideas to you
>> >(no blame tp you but rather to me myself). Let me try to formulate
>> >my question more simply:
>> >
>> >Suppose the input file is
>> >
>> > ......abcq
>> >
>> >and it gets compressed to a file as follows (the dots in the two
>> >cases don't have the same meaning):
>> >
>> > ......... xxxxxxxx xxxxxxx0 10110010
>> >
>> >and we know that 0 10110010 is the Huffman code of q. So this file
>> >decompresses back to
>> >
>> > ......abcq
>> >
>> >Am I right?? Now what does a file with (the last byte above is removed)
>> >
>> > ......... xxxxxxxx xxxxxxx0
>> >
>> >decompress to?? Which one of the following possible cases holds?
>> >
>> >(1) ......abc is the decompression result, with no error message.
>> >
>> >(2) ......abc is the decompression result, with an error message.
>> >
>> >(3) The program simply aborts.
>> >
>> >(4) Others. (Please detail in this case.)
>> >
>> >Thank you in advance.
>>
>> I took the liberty of showing what was above since you don't seem to read
>> what I wrote
>> >> xxxxxxxx xxxxxxx_ is a valid bit stream that can lead to
>> >> xxxxxxxx xxxxxxx0 for most cases this is finally compress file
>>
>> if you look carefully your code kind of matches the case above
>> so it would most likely match ...abc
>
>I like to have a more definite answer, not a probabilistic kind
>of answer. Since you are the author of your program, could you
>kindly say whether the answer is surely (1) or (2), i.e. without or
>with error message? This has namely fairly important bearing on what
>we have been discussiog up till now. Thanks.
>
Lets say for the sake of arument the last 3 x's are the c symbol
you would get ...abc as the output of the decompressed file. There
should be no errors. Look I am not perfect the code is test code but
it has been tested for all 2 byte files. My machine slow and several
test files. IF you find one that does not work let me know. The decompression
portion was a lot easier than the compression portion. I use a specail version
of scott16u that used this compression decompression routines to exchange
messages with my son so it is getting lost of tests.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]>
Subject: Re: Where to find
Date: Wed, 25 Aug 1999 05:11:11 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Tim Redburn) wrote:
> On Mon, 23 Aug 1999 06:25:54 GMT, [EMAIL PROTECTED]
> (SCOTT19U.ZIP_GUY) wrote:
>
> >In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Tim Redburn) wrote:
> <snip>
> > But is still was over one million bytes. There is a patch
> >for this.
> <snip>
>
> The point I was making is that there ARE suggestions that the
> algorithm might not be a strong as claimed. Yes they are only
> suggestions - no-one has yet demonstrated a concrete weakness.
>
>
Tim you don't have to like it. But it is a not
a static product. I am not sure you have used MS
word of whatever but I will make improvement in
many areas. The thing that will not change as long
as the name stays scott19u is the encryption method
where any single S-table can be used and the fact that
it is using wrapped PCBC the form of key my change
the amount of padding and such. But I will make
a routine so users can still use there old key to
read or write. The number of options is going up.
like it or not.
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: cryptographic DLL
Date: Wed, 25 Aug 1999 05:33:34 GMT
> > He wants to make a statement- he wants to go to jail.
> >
> > And such a waste of a youthful life. So much tyranny to fight, so
> > little time.
>
> I most certainly do not. Besides I am a crypto-nobody. Ask Eli Biham
> or Ron Rivest who 'Tom St Denis' is ...
>
> I am not trying to make a stmt or anything else.
But in an earlier post, you said, and I quote:
Thanks for the concern, however I am trying to make a statement...
So naturally, I thought you ment you were trying to make a statement.
And while you think it is all quite interesting, I must tell you I
would never attempt the same here in America. We got a mad man hell
bent on power as our chief executive and an AG who burns babies to
death. I don't think they would be much concerned about throwing my
ass in jail.
Now in Canada, that is a nother matter. It all depends on how MUCH
your government wants to enforce the law. Frankly, I am a bit amused
by your naive attitude toward the whole issue, but I will enjoy
following the developments. Please, keep us informed. If you cannot,
please have the family attorney do so for you. By the way, have you
considered who would pick up the bill for your attorney, or is legal
aid free in Canada?
I suppose your family will hurt financially at first, until your book
goes to print- the one you will write in prison about your dealings
with your government on the export laws. I'm sure it will be a best
seller. :)
Putting all pun aside, in all honesty, if I were young and single like
you, I may actually do something like that, but only if it were
revolutionary and really struck to the core of my conscious. But if
you look at Phil Zimmerman as a model, you will note he followed every
law, and he was still harrassed at customs, still taken before a judge
for more than a year, and finally his book sold and he is well set with
a major software company. But it all takes time, playing by the book,
and lots of courage- not to do it, but to keep at it.
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council is a Democracy. NO APPEALS! Welcome to the NWO.
Criminals=Crime. Armies=Tyranny. The 2nd amendment is about tyranny.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Ruud de Rooij <*@spam.ruud.org>
Subject: Re: cryptographic DLL
Date: 25 Aug 1999 08:36:30 +0200
Reply-To: *@spam.ruud.org
[EMAIL PROTECTED] (JPeschel) writes:
> > David A Molnar <[EMAIL PROTECTED]> writes:
>
> >* but any crypto developed in Canada by Canadians (or other non-U.S.
> >citizens outside the U.S.) _may_ be exported from Canada by Canadians (or
> >other non-U.S. citizens) w/o license.
> >
> >So if none of your code was written in the U.S., you should be fine.
>
> I don't think so. Of the commercial Canadian crypto products I've looked at
> each of the company's involved complied with US export regulations.
> That Tom is giving away his code, I think, makes little difference.
Another complication is that Tom is publishing his code from a web
server which is physically located in the US, as far as I can tell.
- Ruud de Rooij.
--
ruud de rooij | *@spam.ruud.org | http://ruud.org | http://weer.moonblade.net
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: CRYPTO DESIGN MY VIEW
Date: Wed, 25 Aug 1999 08:55:11 +0200
SCOTT19U.ZIP_GUY wrote:
>
> > <[EMAIL PROTECTED]> wrote:
> >
> >> >Evidently I haven't yet succeeded to fully convey my ideas to you
> >> >(no blame tp you but rather to me myself). Let me try to formulate
> >> >my question more simply:
> >> >
> >> >Suppose the input file is
> >> >
> >> > ......abcq
> >> >
> >> >and it gets compressed to a file as follows (the dots in the two
> >> >cases don't have the same meaning):
> >> >
> >> > ......... xxxxxxxx xxxxxxx0 10110010
> >> >
> >> >and we know that 0 10110010 is the Huffman code of q. So this file
> >> >decompresses back to
> >> >
> >> > ......abcq
> >> >
> >> >Am I right?? Now what does a file with (the last byte above is removed)
> >> >
> >> > ......... xxxxxxxx xxxxxxx0
> >> >
> >> >decompress to?? Which one of the following possible cases holds?
> >> >
> >> >(1) ......abc is the decompression result, with no error message.
> >> >
> >> >(2) ......abc is the decompression result, with an error message.
> >> >
> >> >(3) The program simply aborts.
> >> >
> >> >(4) Others. (Please detail in this case.)
> >> >
> >> >Thank you in advance.
> >>
> >> I took the liberty of showing what was above since you don't seem to read
> >> what I wrote
> >> >> xxxxxxxx xxxxxxx_ is a valid bit stream that can lead to
> >> >> xxxxxxxx xxxxxxx0 for most cases this is finally compress file
> >>
> >> if you look carefully your code kind of matches the case above
> >> so it would most likely match ...abc
> >
> >I like to have a more definite answer, not a probabilistic kind
> >of answer. Since you are the author of your program, could you
> >kindly say whether the answer is surely (1) or (2), i.e. without or
> >with error message? This has namely fairly important bearing on what
> >we have been discussiog up till now. Thanks.
> >
> Lets say for the sake of arument the last 3 x's are the c symbol
> you would get ...abc as the output of the decompressed file. There
> should be no errors. Look I am not perfect the code is test code but
> it has been tested for all 2 byte files. My machine slow and several
> test files. IF you find one that does not work let me know. The decompression
> portion was a lot easier than the compression portion. I use a specail version
> of scott16u that used this compression decompression routines to exchange
> messages with my son so it is getting lost of tests.
Thank you. I am happy that some real progress has been made in our
discussion. What you wrote above shows (more exactly, I 'suppose')
that you designed your program in such a way that, on decompression,
it decodes as far as it can. If on encountering the end of the file
the buffer is not empty (the buffer contains bits that have not yet
formed a complete, i.e. valid, Huffman code) it terminates nonetheless
without complaining. This can indeed be a very useful stategy in some
number of computer applications. However, I am not sure that it is
similarly good for the applications we are discussing. Hence, to go
further, I like first to ask an additional question in order to be
sure that my direction of argumentation is not wrong:
What does a file with (last bit of the previous file is flipped)
......... xxxxxxxx xxxxxxx1
decompress to?? It also decompresses to ......abc. Am I right?? From
my understanding of the discussion materials till now, I can see
no reason why the answer should be 'no'. But this leads to an
essential problem. Viewed from a different standpoint, it can
namely be said that a file is correctly decompressible if and only
if ALL the bits the file can be interpreted as Huffman codes and
converted back to characters of the input alphabet. In the present
case (assuming you have nothing against what I said above) it means
then that a not decompressible file gets decompressed by your
program and that without any errror messages. Do you see what the
consequence of this can be under the topic of the present thread?
M. K. Shen
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: cryptographic DLL
Date: Wed, 25 Aug 1999 10:17:28 GMT
In article <[EMAIL PROTECTED]>,
*@spam.ruud.org wrote:
> Another complication is that Tom is publishing his code from a web
> server which is physically located in the US, as far as I can tell.
Any good free Canadian servers?
Tom
--
PGP 6.5.1 Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Gary <[EMAIL PROTECTED]>
Subject: MUM Revisited
Date: Wed, 25 Aug 1999 08:36:21 -0400
Any good reference material for functions using boolean operations and
rotates?
This function (defined by the following extract from C source):
#define RotateLeft(A) (A=((A<<1)|(A>>31)))
#define ShiftRight(A) (A>>=1)
unsigned long f(unsigned long a,unsigned long b)
{
unsigned long s,i;
s=0;
for(i=0;i<32;i++)
{
if(a&1) s^=b;
RotateLeft(b);
ShiftRight(a);
}
return s;
}
My analysis has shown that this function is both associative and
commutative.
This analysis also leads me to conjecture an element has an inverse if and
only if the number of bits set is odd.
1 is the identity.
I'm trying to use this function as a replacement for exponetation in a DH
type
public key system. Similar method to the Matrix Univertible Message (MUM) I
posted and nicely smashed to smithereens earlier.
And while I can't find a solution for B given the pair f(A,B) and A (where A
has no inverse), somebody else probably knows how to.
Any refernce on boolean matrices would also be helpful.
[a0 a1][b0 b1] [((a0&b0)^(a1&b2)) ((a0&b1)^(a1&b3))]
[ ][ ]=[ ]
[a2 a3][b2 b3] [((a2&b0)^(a3&b2)) ((a2&b1)^(a3&b3))]
& logical and
^ logical exclusive or
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: cryptographic DLL
Date: Wed, 25 Aug 1999 12:19:07 GMT
In article <7pvv7e$6ee$[EMAIL PROTECTED]>,
Greg <[EMAIL PROTECTED]> wrote:
>
> > > He wants to make a statement- he wants to go to jail.
> > >
> > > And such a waste of a youthful life. So much tyranny to fight, so
> > > little time.
> >
> > I most certainly do not. Besides I am a crypto-nobody. Ask Eli
Biham
> > or Ron Rivest who 'Tom St Denis' is ...
> >
> > I am not trying to make a stmt or anything else.
>
> But in an earlier post, you said, and I quote:
>
> Thanks for the concern, however I am trying to make a statement...
>
> So naturally, I thought you ment you were trying to make a statement.
> And while you think it is all quite interesting, I must tell you I
> would never attempt the same here in America. We got a mad man hell
> bent on power as our chief executive and an AG who burns babies to
> death. I don't think they would be much concerned about throwing my
> ass in jail.
>
> Now in Canada, that is a nother matter. It all depends on how MUCH
> your government wants to enforce the law. Frankly, I am a bit amused
> by your naive attitude toward the whole issue, but I will enjoy
> following the developments. Please, keep us informed. If you cannot,
> please have the family attorney do so for you. By the way, have you
> considered who would pick up the bill for your attorney, or is legal
> aid free in Canada?
>
> I suppose your family will hurt financially at first, until your book
> goes to print- the one you will write in prison about your dealings
> with your government on the export laws. I'm sure it will be a best
> seller. :)
>
> Putting all pun aside, in all honesty, if I were young and single like
> you, I may actually do something like that, but only if it were
> revolutionary and really struck to the core of my conscious. But if
> you look at Phil Zimmerman as a model, you will note he followed every
> law, and he was still harrassed at customs, still taken before a judge
> for more than a year, and finally his book sold and he is well set
with
> a major software company. But it all takes time, playing by the book,
> and lots of courage- not to do it, but to keep at it.
>
> --
> The US is not a democracy - US Constitution Article IV Section 4.
> Democracy is the male majority legalizing rape.
> UN Security Council is a Democracy. NO APPEALS! Welcome to the NWO.
> Criminals=Crime. Armies=Tyranny. The 2nd amendment is about tyranny.
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
>
This may be a dumb question, but isn't it legal for him to distribute
the dll at least? The reason I'm asking is that there are a number of
cryptographic toolkits that are available worldwide, such as RSA's
CryptC and CryptJ. Now, since they don't encrypt anything by
themselves, that should make it exportable. I could just be real
ignorant, though.
Casey
Btw: I love that "So much tyrany to fight, so little time" quote Greg.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Canadian Crypto Update!!!
Date: Wed, 25 Aug 1999 12:34:41 GMT
Just for you Tom, here's a link that I just found.
http://securityportal.com/closet/closet19990825.html
According to the article, any and all encryption products can be
imported/exported from Canada. Woo-Hoo!!!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
