Cryptography-Digest Digest #126, Volume #10 Sat, 28 Aug 99 16:13:03 EDT
Contents:
Re: Can americans export crypto when in another country? (SCOTT19U.ZIP_GUY)
Re: Can americans export crypto when in another country? (SCOTT19U.ZIP_GUY)
More Pathetic BS (was Re: Ciphile Software) (Anthony Stephen Szopa)
Re: Can americans export crypto when in another country? (SCOTT19U.ZIP_GUY)
Re: How to apply for security clearance? (JTong1995)
Re: NEW THREAD on compression
Re: 512 bit number factored (Bob Silverman)
Re: NIST AES FInalists are.... ("rosi")
Re: receiving a piece of message (Keith A Monahan)
Re: More Pathetic BS (was Re: Ciphile Software) (David A Molnar)
Re: passphrases (Anton Stiglic)
Re: Fooling Key Escrow (fungus)
Re: CryptoAPI (Ian Miller)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: talk.politics.misc,talk.politics.crypto
Subject: Re: Can americans export crypto when in another country?
Date: Sat, 28 Aug 1999 13:39:00 GMT
In article <wgu20.935833197@riemann>, [EMAIL PROTECTED] (W.G. Unruh)
wrote:
>"Trevor Jackson, III" <[EMAIL PROTECTED]> writes:
>
>>Anthony Stephen Szopa wrote:
>
>
>>Don't use the term "export" as you and I understand it. Use the term as
> defined
>>by the regs. These definitions are unrelated.
>
>
>No. Regulations cannot define terms-- that is for the supporting
>legislations. If it uses export undefined, then export retains is normal
>meaning. The regulations cannot then define "export" as "picking your
>nose" no matter how objectionable the government may find the latter.
>The regulations can try to clarify the definition, but it must retain
>some link to its ordinary meaning.
>As far as I know, the legislation does not define export as a special
>term, and thus the regulations must have some link to the oridinary
>meaning of that term.
>>Yes.
>
>>N.B., the typical attitude of a legislator is "You can craft a law to do
>>anything". Rationality is not a constraint legislators admit.
>>Constitutionality is not a constraint legislators admit.
>
>But regulations are not legislation. Regulations cannot "do anything".
>They can only do what the legislation allows them to do.
>
>
>>Then the bureaucrats ignore the letter and spirit of the law and create the
>>regs.
>
>Then they run into trouble in the courts.
>
As Clinton has showed by his bizzare definations of "be" and "alone"
and as a lawyer once told me. Words are such that they purposely can
be interputted many ways. If this were not so there would be no lawyers
and if one had a religion based on the bible there would be only one religion
instead of the many that seem willing to kill to push there on interpatation
of the word of God.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Can americans export crypto when in another country?
Date: Sat, 28 Aug 1999 13:50:23 GMT
In article <wgu20.935831481@riemann>, [EMAIL PROTECTED] (W.G. Unruh)
wrote:
>[EMAIL PROTECTED] (Michael D. Crawford) writes:
>
>>Hi,
>
>>I'm an American citizen, presently living in the US, and I've been
>>wanting for a while to port Speak Freely to the Be operating system.
>>See http://www.speakfreely.org and http://www.be.com
>
>>Speak Freely includes encryption, so if I port that while I'm in the US
>>I can't contribute my changes back to the original source archives,
>>which are in Switzerland.
>
>>But I may be moving to Canada in a few months (I'm marrying a Canadian
>>woman). Once I'm in Canada, as long as I create my port of the crypto
>>software while I'm in Canada (so I never bring the crypto Speak Freely
>>into the US, and don't take it back out again), can I export the crypto
>>back to Switzerland without violating US laws?
>
>
>For legal advice see a lawyer. Do not base decisions which could cost
>you 10 years of your life on advice on the net.
>
>But given tht let me make some comments (note I am NOT a lawyer).
>The US restricts the export of crypto or crypto technology, whether free
>or not, out of the country. This includes the expertise which you have.
>Ie, now that you have announced to the net that you have some crypto
>additions to Freely, the US could well arrest you and argue that the
>crypto which you legally (under Canadian law) exported from Canada, was
>actually developed in the USA and was thus exported from the USA to
>Canada when you left the USA and then reexported from Canada. While your
>export to Canada was legal, they might argue that your reexport to
>oether countries was not. So, as a defense you would have to be able to
>show that you did not have a crypto product when you left the USA, and
Maybe I am worng but I use to hear the saying that you are innoccent
till proven guilty. What this crap about you have to prove you did not have
the crypto product with you when you left the country. I can't even prove that
last year I don't take a plane to China and give them our nuclear secrets.
Did something happen to out justice system that you are guilty to proven
otherwise. I know that is the fact with traffic laws in most staes but that
is only becasue the term "infraction" was invented to get around that
damn 'Constitrution" that gets in the way of the police state we are
rapiddly becomming.
>that the development and production of the product occured after you
>went to Canada, and was thus out of US control.
>Now, as a criminal case, the onus is on the gov't to prove that you
>exported it "beyond reasonable doubt" However considering the costs to
>you, you should be able to demonstrate almost beyond reasonable doubt
>that you did not export it, but developed it independently in Canada.
>
>Also, read the laws ( there are referenced to botht he US and Canadian
>regulations on axion.physics.ubc.ca/ppp-linux.html) and talk to a lawyer
>with some expertise in this kind of thing.
>
>
>>I expect to travel to the US frequently on business and it would be a
>>drag to get arrested for some free software work I do while in Canada.
>
>>Canada itself has some export controls, but according to the Crypto Law
>>Survey at:
>
>>http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm
>
>>crypto is not export controlled if the software is in the public domain,
>
>Note in this context "public domain" does not mean what it means in teh
>copyright act, but is a special technical term defined in the Export
>Control List regulations.
>
>>which is the case for the original speak freely and will be true for my
>>changes.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: More Pathetic BS (was Re: Ciphile Software)
Date: Sat, 28 Aug 1999 01:36:59 -0700
Reply-To: [EMAIL PROTECTED]
More Pathetic BS (was Re: Ciphile Software)
"Here's an example of a claim which I find "very strange" :
"Uses no mathematical equations so there are none of the associated
security risks!"
I find it difficult to conceive of encryption which can't be expressed
by the equation
C = E(M)
where C is the ciphertext, M is the message, and E is the encryption
mechanism. The web page says that the system is related to the
one-time-pad; well, in that case, a possible expansion of the above
equation could be
C = (pad part) XOR M
where (pad part) is one of the many pseudo-one-time-pads generated by
the software. The thing is, I don't know this for sure. It is only
conjecture, since the site does not elaborate what it means by "not
using any mathematical equations." Nor do I know what the security
risks of using equations are."
"I find it difficult to conceive... I don't know this for sure."
This is an attempt to say something intelligent about OAP-L3?
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Can americans export crypto when in another country?
Date: Sat, 28 Aug 1999 14:02:34 GMT
In article <wgu20.935832917@riemann>, [EMAIL PROTECTED] (W.G. Unruh)
wrote:
>[EMAIL PROTECTED] (Michael D. Crawford) writes:
>
>
>>What I would like to do is specifically port some crypto software
>>(that's already written; I'd just be doing a port) and then give it back
>>to its originator. I'd be bringing the crypto in from Switzerland to
>>Canada, modifying it, and sending it back to Switzerland. The code is
>>public domain (open source, not GPL'ed or anything - truly public
>>domain) but I know for sure if I did the work in the US I couldn't send
>>it back.
>
>I cannot see how US export law would apply at all. you are not exporting
>your crypto knowledge even when you leave the USA. You are at best
>exporting your porting knowledge. Read teh EAR, and especially look for
>anything which talks about "technical assistance".
>While the USA could well hold you to US law, it would still need to have
>a case to present to the court that you had violated some term in the
>regulations. See if there is such a term.
>
Are the lawyers you folks know really so dumb that they base there advice
on the issued regualations. I know an old lawyer who said the really good
lawyers when fighting in court use tha actual laws since the regualations
are in fact no better than the actaul law when push comes to shove. The
letter of the law means a hell of a lot more than the regualtions in court.
Or have things changed recently such that regulations mean more than
the actual law.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (JTong1995)
Subject: Re: How to apply for security clearance?
Date: 28 Aug 1999 14:34:40 GMT
The GAO has reported that the US Defense Investigative service is running about
200,000 investigations behind. Secret clearences are usually quick and easy,
but an SBI (Special Background Investigation) for a TS/SCI clearence runs 6 -8
months for someone in the military (highest priority) to 1.5 - 2 years for a
contractor.Typically, a large defense contractor (e.g., Lockheed Martin) will
offer an extra $10,000 in base salary to someone that already has a valid SBI
(they are good for 7 years). Otherwise, the person hired without one can't
work on the project he/she was hired for and gets to sit in a room doing "busy
work" for a year.....
Jeffrey Tong [EMAIL PROTECTED]<Jeffrey Tong>
PGP 5 Key available for download at WWW.PGP.COM Key ID: BFF6BFC1
Fingerprint: 6B29 1A18 A89A CB54 90B9 BEA3 E3F0 7FFE BFF6 BFC1
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: NEW THREAD on compression
Date: 28 Aug 99 15:26:15 GMT
SCOTT19U.ZIP_GUY ([EMAIL PROTECTED]) wrote:
: At least if you always have a file that
: decompresses the attacker does not know for sure that you did not send
: a binary file.
That is a valid point, but there is a flaw in your approach. There's
always the chance that somewhere in the decrypted message there will be a
string of too many zeroes in a row. Or, there might not be enough zeroes
at the end of the message, causing it to end in the middle of a symbol.
I suppose that one could do what you want this way:
Ensure that the Huffman code in use contains at least one symbol as long
as eight bits.
After the message is compressed, note how many bits remain in the last
byte. Pad those bits by filling them with the start of a symbol that is at
least one bit longer than the remaining bits.
That will do it, but it will mean the probabilities of that final partial
symbol are uneven.
In any event, key bits are cheap - one should definitely ensure that one
is using a very long key if one is aiming at security.
John Savard
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: 512 bit number factored
Date: Sat, 28 Aug 1999 14:46:00 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> 4. Algorithmic breakthroughs are possible. RSA 512 was thought totally
> unbreakable just a few years ago.
> Don Johnson
>
More deceit and lies.
If, by "a few years ago", you mean 15 years, I will agree.
The parallel quadratic sieve changed that.
We have known sine the mid-80's the level of effort needed for 512
bit keys when attacked by QS. However, computers were not
fast enough nor abundant enough at that time to consider doing it.
We have known since about 1990 the level of effort needed for
512 bit keys when attacked by NFS. We could have done
RSA-155 back in 1991 with sufficient effort (albeit much greater
effort than was used recently; we needed to learn how to
fine tune NFS to get good performance and climbing that learning curve
took time)
It has been well known since 1990 that 512 bit keys were breakable
and within computer capabilities.
And even now we could have done RSA-155 with QS rather than
NFS at a cost of only about a factor of 4 to 5.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: NIST AES FInalists are....
Date: Sat, 28 Aug 1999 13:40:08 -0400
Dear Helger,
Thanks for the wonderful post and excellent points.
Quite agree. Machine model. In multi-state, the space (or A) is, IMO,
different from conventional notion of space. Yet that too may have
certain limits in the sense: how machine model models the problem.
I can be wrong, as always.
Thanks again for the message.
--- (My Signature)
Helger Lipmaa wrote in message <[EMAIL PROTECTED]>...
>rosi wrote:
>
>> Memory is not just memory for practical purposes, am I right?
>>
>> Still the basics. We've got to put stuff in memory. I doubt if we could
>> fill up '2^n memory' in less time in the general case, or in particular
>> cases that interest us. I favor the view that complexity is in that of
the
>> description. If the description does not 'allow' parallelism or speed
>> up (in the conventional manner), I doubt if we can do any more.
>>
>> Trade-off up to a point, IMO. Still the same thing.
>>
>> --- (My Signature)
>>
>> >
>> >If you arrange the memory as a binary tree -- or as a butterfly -- then
>> >the time cost to access memory goes as O(log Memory), which suggests
that
>> >the right formula is Cost = Time * Memory * log Memory.
>
>Very much depends on the machine model and on the desiderata... On the
other
>hand, most of the calculations in the VLSI industry are made in units AT,
>where A is area (space) and T is time complexity. There's several good
>reasons for it. For example, it is somewhat simpler to prove lower bounds
on
>AT than on AT*log A (proofs from communication complexity carry naturally
>over, cf the book of Kushilevitz and Nisan, "Communication
>Complexity"). E.g., any VLSI computing the equality function EQ(x,y) of two
>n-bit strings x and y has AT>=n^2.
>
>Helger
>
>
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: receiving a piece of message
Date: 28 Aug 1999 18:40:10 GMT
Giff,
Thanks for taking the time to explain it. I understand it now...
Keith
Frank Gifford ([EMAIL PROTECTED]) wrote:
: >
: >When you say standard encryption, are we including CBC in that description?
: >Because most of the CBC implementations I have seen look like this for the
: >CBC decryption function.
: >
: >
: >oldiv = original first IV
: >
: >for (length=0 to bufferlength)
: >{
: >
: > newiv = data = srcbuffer // ciphertext
: >
: > ECB_Decrypt(data, key)
: >
: > outputbuffer = data xor oldiv // plaintext after xor
: >
: > oldiv = newiv
: >}
: >
: >So looking at this function, you need to have the ciphertext block prior
: >to the current block in order to have the iv to decrypt the current block.
: >
: >Without the oldiv, the very first(and subsequent) decryption(s) would
: >fail.
: Let's follow the code with a bad IV:
: First block gets correct data input and encryption. It is XORed with the
: bad IV, for an incorrect output.
: Second block gets correct data input and encryption. It is XORed with what
: was the input to the first block (which was correct). The output for the
: second block is correct. It's easy to see that other blocks are correct also.
: You should try it and see it happen. CBC has a self-correcting property
: so that only two blocks get mangled instead of everything from that point on.
: If "they" wish to brute-force your message, they only need a few blocks of
: your message, not the entire thing. If you were forced to brute force a
: message encrypted by David's program, you would need to work on the entire
: message - regardless of its length.
: -Giff
: --
: Too busy for a .sig
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: More Pathetic BS (was Re: Ciphile Software)
Date: 28 Aug 1999 19:05:18 GMT
In sci.crypt Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> "I find it difficult to conceive... I don't know this for sure."
> This is an attempt to say something intelligent about OAP-L3?
No it is not. It is an attempt to answer Dr. Jeff's question on "why
hasn't anyone looked at OAP-L3" by describing my personal reactions to the
claims on the ciphile web site. It is not an attempt to pass judgement on
the software itself -- my point is that there's not enough information on
the site to make such a judgement, and what is up there does not make
sense out of context.
Since then you have noted that a more complete description is available as
part of the OAPL3 package. It would be nice if that description were up on
the web site, but until then I've just e-mailed you asking for a copy.
Hopefully this will enable me to say something intelligent about OAP-L3.
Thanks,
-David
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: passphrases
Date: Fri, 27 Aug 1999 13:07:37 -0400
Usualy, when you are authenticating yourself with a password
in some network system, you are on a system A trying to get into
system B, if the password goes on the clear, someone listening
the line between A and B could get your password. When you
change your password to get to system B, you usualy change it
from system B itself, so there is no line for which an eyesdroper
could spy on!
anton
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: Fooling Key Escrow
Date: Sat, 28 Aug 1999 18:49:20 -0100
Gary wrote:
>
> Are there cryptographic systems that can produce decoy keys for
> key-escrow that yield a decoy message?
>
It's very very difficult to do with normal ciphers. The odds
against finding a workable key are long to say the least.
OTOH, you could store two different message in the "ciphertext",
and output the harmless one if the key isn't correct. You're
relying on the ignorance of the investigators though...
> Can it only be feasibly done with One Time Pad (OTP)?
>
OTP is easy...
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED] (Ian Miller)
Subject: Re: CryptoAPI
Date: Sat, 28 Aug 1999 20:12:56 +0100
In article <7q6cnu$o4v$[EMAIL PROTECTED]>,
Greg <[EMAIL PROTECTED]> wrote:
>> Want my opinion? Don't use MS crypto libs...
>
>And for another reason- the crypto API provider DLLs require a
>signature that comes from Redmond.
To be fair to Microsoft, I am sure that did not have any choice about this.
Either they had to make it require a signature and have the signatures
subject to export controls, or the whole of Windows would have wound up
subject to export controls. [I did enquire about this, shortly after the
scheme was announced. The signatures _are_ subject to cryptography export
control.]
The end effect is that anything using the cryptoAPI has to have
Big-Brother-Inside to be exportable. This is very discouraging to
developers to the point that it is an irrelevance.
Ian
The address above is temporary. For a currently valid address see:-
http://www.bifroest.demon.co.uk/address.html
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
