Cryptography-Digest Digest #148, Volume #10 Tue, 31 Aug 99 06:13:02 EDT
Contents:
Re: Can I export software that uses encryption as copy protection? (Eric Lee Green)
Re: WinZip 7.0 (JPeschel)
Re: Which of these books are better ? (David A Molnar)
Re: public key encryption - unlicensed algorithm (Tony L. Svanstrom)
Re: WT Shaw temporarily sidelined (JPeschel)
Re: I HOPE AM WRONG (Boris Kazak)
Re: Can I export software that uses encryption as copy protection? (SCOTT19U.ZIP_GUY)
Re: HIV testing (Michael =?iso-8859-1?Q?=D8stergaard?= Pedersen)
Re: I HOPE AM WRONG (SCOTT19U.ZIP_GUY)
Re: Workshop in Paris on Watermarking and Copyright enforcement (SCOTT19U.ZIP_GUY)
Statue for Enigma hero (Nick Battle)
Re: Workshop in Paris on Watermarking and Copyright enforcement (Soeren Mors)
Re: WT Shaw temporarily sidelined (SCOTT19U.ZIP_GUY)
Hardware - Software Implementation of Pseudo Random Generators (Markus Schneider)
----------------------------------------------------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Crossposted-To: misc.legal.computing
Subject: Re: Can I export software that uses encryption as copy protection?
Date: Mon, 30 Aug 1999 22:25:19 -0700
Timur Tabi wrote:
> Excuse me, but would it be possible for one of you answer my original
> question? There are 20 posts on this thread, and none of them answer my
> question!!!!!!!!!!!!!!!
The answer is yes, you can export it, but you probably want to run it
past BEX to verify whether you need an export license or not (I couldn't
answer that question, though some on this forum probably could). The
number of bits is not going to be a problem, since it cannot be used as
a general-purpose encryption/decryption tool and you are using the
decryption for authentication purposes, not to decrypt end-user data.
As for not addressing your question, we did address your question, then
moved on to more interesting things such as whether what you're doing is
a good idea or not (grin).
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
^^^^^^^ Burdening Microsoft with SPAM!
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: WinZip 7.0
Date: 31 Aug 1999 06:20:44 GMT
David Hamer <[EMAIL PROTECTED]> writes:
>Can anyone point me towards a password-recovery utility - freeware
>or shareware - for WinZip v7.0 ?
There are plenty of free zip crackers out there. Some are
brute-force or dictionary crackers; another popular one is
Conrad's implementation of the Biham/Kocher known-plaintext
attack.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Which of these books are better ?
Date: 31 Aug 1999 05:36:36 GMT
JaeYong Kim <[EMAIL PROTECTED]> wrote:
> for both conceptional understanding and mathematical understanding..
> 1. Applied Cryptography, Bruce Schneier
Does an excellent job of giving intuition, motivation, and examples for
protocols, such as bit commitment and zero-knowledge proofs. Very
good, but now slightly dated overview of block ciphers and hash functions
(e.g. no AES candidates). The intro to modular arithmetic and number
theory is accessible to most anyone. Complete reference list.
Downside : no proofs. In some places it omits details, e.g. what
kinds of parameters to choose for a BBS generator. This isn't that big a
deal, since complete references are always given -- but you need to know
to look them up.
I think it's a great book for anyone to start with. If I had to implement
a system as a professional, I'd also want the Handbook.
> 2. Handbook of Applied cryptography, Menezes et al
Covers all the details that Applied Crypto doesn't, at the price of being
slightly narrower in scope. No proofs, but does more to mathematically
justify why each algorithm works. Much less chatty than _Applied Crypto_.
If I had to implement an algorithm "for real", I would want the
appropriate chapter of this book + the original paper.
> 3. Cryptography: Theory and Practice, Stinson
Have only skimmed it. It looks more like a textbook, with exercises,
proofs, and so on.
-David
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Subject: Re: public key encryption - unlicensed algorithm
Date: Tue, 31 Aug 1999 09:18:52 +0200
Paul Rubin <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> shivers <[EMAIL PROTECTED]> wrote:
> >>Have you looked at the SET protocol ?
> >
> >no, I've never heard of it - is it any good? I.e. strong and unlicensed?
>
> SET is a specialized and very complicated protocol being pushed by Visa
> for credit card transactions. See www.setco.org for details. It is like
> EDI for online credit card processing, with special message fields for all
> kinds of purchase-specific data such as the amount of gas left in the tank
> of a rental car when you return it. It is almost certainly not what you
> want.
SET is kept alive even though that they should give up on it, it's taken
years to develop and when they finally got the software working locally
they found that developer A, developer B... all looked upon the standard
differently so dev. A and dev. Bs software can't talk to eachother.
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---���---���-----------------------------------------------���---���---
\O/ \O/ �1999 <http://www.svanstrom.com/> \O/ \O/
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: WT Shaw temporarily sidelined
Date: 31 Aug 1999 07:05:22 GMT
[EMAIL PROTECTED] (John Savard) writes:
>But he is in the hospital, and IIRC he is of advanced age.
I'd heard WT is in his fifties, and that better damn well not
be advanced age! :-)
Anyway, I have a virtual vodka chilling for him in the ice-box.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: I HOPE AM WRONG
Date: Mon, 30 Aug 1999 23:21:12 -0400
Reply-To: [EMAIL PROTECTED]
Douglas A. Gwyn wrote:
>
> Boris Kazak wrote:
> > C'est une idee vraiment superbe, moi je suis entierement d'accord.
> > Le seul obstacle, quand meme mineur, sera le fact que je suis
> > d'origine Russe et ne suis pas si proficient en langue Francaise
> > que les parleurs natives.
> > Parlant un argot cryptographique, le langue Russe avec son
> > alphabet cyrillique est une approximation beaucoup plus proche a
> > un ideal du ciphre forte. Meme les cracqueurs ordinatrices ne
> > pourront pas reconnaitre un tel texte parmi le abondance des
> > caracteres non-ASCII. Voila!
> > Au bientot BNK
>
> It is a really superb idee, me I agree entirely The only obstacle,
> when same minor, will be the fact that I am of Russian origin and am
> not if proficient in French language that the speakers native.
> Speaking a cryptographic slang, the Russian language with its
> Cyrillic
> alphabet is an approximation much nearer has a ideal ciphre strong.
> Same the cracqueurs ordinatrices will not be able reconnaitre such a
> text among the abundance of the characters non-ASCII. Veiled!
> The so long BNK.
>
> Cracquers ordinaire aren't a big eavesdropping threat.
> As to Cyrillic, or Russian, it has lower per-character
> entropy than English, but of course to convey the same
> information the total information content of a message
> has to be nearly the same in either language.
============================
By "cracqueurs ordinatrices" I mean *computerized crackers*,
since "ordinateur" is the French for *computer* (or at least it
was so about 20 years ago).
The problem with these computerized gadgets is that they will
signal a success when the ciphertext will decode to ASCII. This
makes me think that Cyrillic encoding, using the non-ASCII half
of ANSI codetable, will easily throw such a gadget offtrack.
And imagine, one can mix Latin and Cyrillic alphabet in the same
message...poor computer will go bananas!
Best wishes BNK
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: misc.legal.computing
Subject: Re: Can I export software that uses encryption as copy protection?
Date: Tue, 31 Aug 1999 09:35:54 GMT
In article <[EMAIL PROTECTED]>, Eric
Lee Green <[EMAIL PROTECTED]> wrote:
>"Trevor Jackson, III" wrote:
>> Eric Lee Green wrote:
>> > Yawn. That's the code you binary-patch a "JMP" around. I know (former)
>> > crackers who used to do that in their sleep. (Or at least at a time of
>> > night when they SHOULD have been asleep!).
>>
>> Yup. And then you find the app silently fails to operate because the
> footprint of the stomp is
>> necessary to its continued functionality.
>
>Yes, those are the tricky ones (grin). They require doing a
>search-and-replace of all the places that do a "movem" from the stomped
>place to instead have a movem from wherever we hid our copy of the
>stomped place (grin).
>
>> > > If the app fights the debugger hard enough your patch effort will be
> larger than the
>> > > effort required to write the application from scratch.
>> > Congratulations, you just discovered that crackers aren't sane! The more
>> > effort it takes, the more prestige that crackers get by breaking it, and
>> > the more they'll trumpet the fact and feature your product on "warez"
>> > sites.
>> No. You are assuming the software, once stripped of its protection, can be
> executed on any
>> machine. That is trivially false.
>
>Really? (shrug). Proof by assertation, I guess. Unfortunately, I haven't
>found an example of something uncrackable, just things that a
>cost-benefit analysis says no sane person wants to crack. Of course, the
>problem with that statement is assuming that all people are sane, a
>statement which does not hold up (read the local newspaper if you doubt
>me :-).
>
Actually it is not that hard to write "unbreakable code". Most people do
it wrong. By what you do is you take a major portion of your executable
code that needs to be protected. Encrypt that whole portion by something
like scott16u. When you are done the executable that you are delivering
is actaully made up of the decryption program and the modified encrypted
protion of your file. THere is nothing to jump around. When one enters the
correct key the major portion of the executable is decrypted and when
the program jumps to the major part of code it runs. IF the wrong key is
entered then when it jumps to the area of decrypted code the program
is random and anything can happpen. How ever even with that some one
can use a debugger and if they "already have" the correct key they can dump
out the portion of the executable that is know corrected and save it to a
file. But if they already have a key there is not much you can do except slow
them down from making pirated copies of your program.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Michael =?iso-8859-1?Q?=D8stergaard?= Pedersen <[EMAIL PROTECTED]>
Subject: Re: HIV testing
Date: Tue, 24 Aug 1999 10:45:00 +0200
> There is no newsgroup to discuss social implications of cryptographic
> technology, as far as I know.
Well, this is definetly not the one...
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: I HOPE AM WRONG
Date: Tue, 31 Aug 1999 09:55:58 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>Douglas A. Gwyn wrote:
>>
>> Boris Kazak wrote:
>> > C'est une idee vraiment superbe, moi je suis entierement d'accord.
>> > Le seul obstacle, quand meme mineur, sera le fact que je suis
>> > d'origine Russe et ne suis pas si proficient en langue Francaise
>> > que les parleurs natives.
>> > Parlant un argot cryptographique, le langue Russe avec son
>> > alphabet cyrillique est une approximation beaucoup plus proche a
>> > un ideal du ciphre forte. Meme les cracqueurs ordinatrices ne
>> > pourront pas reconnaitre un tel texte parmi le abondance des
>> > caracteres non-ASCII. Voila!
>> > Au bientot BNK
>>
>> It is a really superb idee, me I agree entirely The only obstacle,
>> when same minor, will be the fact that I am of Russian origin and am
>> not if proficient in French language that the speakers native.
>> Speaking a cryptographic slang, the Russian language with its
>> Cyrillic
>> alphabet is an approximation much nearer has a ideal ciphre strong.
>> Same the cracqueurs ordinatrices will not be able reconnaitre such a
>> text among the abundance of the characters non-ASCII. Veiled!
>> The so long BNK.
>>
>> Cracquers ordinaire aren't a big eavesdropping threat.
>> As to Cyrillic, or Russian, it has lower per-character
>> entropy than English, but of course to convey the same
>> information the total information content of a message
>> has to be nearly the same in either language.
>----------------------------
>By "cracqueurs ordinatrices" I mean *computerized crackers*,
>since "ordinateur" is the French for *computer* (or at least it
>was so about 20 years ago).
>The problem with these computerized gadgets is that they will
>signal a success when the ciphertext will decode to ASCII. This
>makes me think that Cyrillic encoding, using the non-ASCII half
>of ANSI codetable, will easily throw such a gadget offtrack.
>And imagine, one can mix Latin and Cyrillic alphabet in the same
>message...poor computer will go bananas!
>
>Best wishes BNK
It depends. I am not sure it will throw as big wrench in the works
as you think. Code breakers are not totally stupid and don't necessarily
play by the rules of the ones who write crypto. FOR example I have read
that some of the major players invovled with breaking Purple during the
war did not speak or understand Japanese. There are many weakness
that are common in "modern crypto" whose main use is to give the
code cracker entry to the text. For example look at PGP there is a
test to "AID" the user in a first check to see if the correct key is entered
so that the users not will have to wait the extra second or two to be told
that the key used was wrong. How thoughtful of the designers. Also thoughtful
of many designers is the use of Error recovery code. It is of little use the
the user to have a zipped file that has a few blocks of wrong code if an error
occurrs. But of great help to the code breaker to know that only a small
protion of the file needs to be exaimined for a solution. Another feature
that is so helpful for the attacker in something like PGP is to use a
compressor that is not "one to one" again the only use for this would
be to help the attacker know if the correct file was decrypted. What the
hell use is it to anyone else. Go ahead use your alphabet of choice.
The decrypted file may be verifyable by the enemy why prior to any
actaull thought of what the underlying message is. Modern crypto
is very helpful to those in charage. Especaily with all the modern
"features" to help with erroy recovery or key checking.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.lang.java.security,comp.graphics.misc,rec.arts.movies.tech
Subject: Re: Workshop in Paris on Watermarking and Copyright enforcement
Date: Tue, 31 Aug 1999 10:09:40 GMT
In article <[EMAIL PROTECTED]>, Robert Harley <[EMAIL PROTECTED]>
wrote:
>
>Louis Granboulan <[EMAIL PROTECTED]> writes:
>> Workshop on Watermarking and Copyright enforcement
>> [...] We will focus on the following issues:
>>
>> * Insertion of a watermark in a document (image, music, java bytecode,
>> etc.). Ideally, this mark should be invisible and impossible to erase.
>
>This is clearly impossible and such claims for watermarking should be
>ranked alongside similar bogus claims, like compression programs
>that can supposedly compress every file.
>
>A lesser claim like "almost invisible and quite difficult to erase"
>would have the distinct advantage of not being nonsense.
>
>Bye,
> Rob.
Actually since the public is very controlable if you forced every one to
use something like Mircrosoft Word (which virus makers love) you
can easily make it mark the document in hidden way so that the average
user would have no idea.
As for your statement about "bogus claims, like compression programs
that can supposedly compress every file." I think my compression method
on "http://members.xoom.ecil/compress.htm" can compress every finite
file that is not to large that the operating system can't handle it.
But before you get all huffy. It is "one to one". That is every file
compresses to a unique file. And every file decompresses to a unique
file. However it is does not violate the counting therom since the average
compression of a random file actaully makes the output file longer.
Also it may seem strange to you but the decompression portion actaully
makes the average random file longer too. It just makes the file longer on
the average than the compression.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Nick Battle <[EMAIL PROTECTED]>
Subject: Statue for Enigma hero
Date: Tue, 31 Aug 1999 09:19:31 GMT
>From Saturday's Guardian newspaper:
http://www.newsunlimited.co.uk/uk_news/story/0,3604,77366,00.html
"A campaign has been launched to erect a
statue of a little-known sailor whose heroic
act helped to save thousands of lives and
shorten the second world war by at least a
year.
Able seaman Colin Grazier drowned in 1942
after recovering codebooks from a U-boat
enabling codebreakers at Bletchley Park - the
forerunner of GCHQ - to continue reading
enemy military communications encrypted by
the German Enigma machine."
Cheers,
-nick
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Soeren Mors <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.java.security,comp.graphics.misc,rec.arts.movies.tech
Subject: Re: Workshop in Paris on Watermarking and Copyright enforcement
Date: 31 Aug 1999 11:26:39 +0200
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> Actually since the public is very controlable if you forced every one to
> use something like Mircrosoft Word (which virus makers love) you
> can easily make it mark the document in hidden way so that the average
> user would have no idea.
If we only had to protect oursleves against the average user, crypto
would be a lot simpler.
> As for your statement about "bogus claims, like compression programs
> that can supposedly compress every file." I think my compression method
> on "http://members.xoom.ecil/compress.htm" can compress every finite
> file that is not to large that the operating system can't handle it.
> But before you get all huffy. It is "one to one". That is every file
> compresses to a unique file. And every file decompresses to a unique
> file. However it is does not violate the counting therom since the average
> compression of a random file actaully makes the output file longer.
> Also it may seem strange to you but the decompression portion actaully
> makes the average random file longer too. It just makes the file longer on
> the average than the compression.
Your use of the word compression is interesting to say the least. I
wouldn't call it compression if the file actualy got larger.
--
Soeren Mors
Student of Computer Science at DAIMI [EMAIL PROTECTED]
For security this message has been encrypted with double ROT13
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: WT Shaw temporarily sidelined
Date: Tue, 31 Aug 1999 10:15:46 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(JPeschel) wrote:
> [EMAIL PROTECTED] (John Savard) writes:
>
>>But he is in the hospital, and IIRC he is of advanced age.
>
>I'd heard WT is in his fifties, and that better damn well not
>be advanced age! :-)
>
>Anyway, I have a virtual vodka chilling for him in the ice-box.
>
>Joe
>
>
Thats nice Joe But I have a real beer I can give him if I
get to see him. None of that low octane diet virtual crap.
Did you ever notice the recent studys saying how good alcohol
is for ones health. He my actaully need a few beers.
And I may have found the cure he needs. But it would
help to know the problem first.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Markus Schneider <[EMAIL PROTECTED]>
Subject: Hardware - Software Implementation of Pseudo Random Generators
Date: Tue, 31 Aug 1999 11:27:59 +0200
Reply-To: [EMAIL PROTECTED]
As Ph.D. student working in the area of stream ciphers I am
interested in some implementation questions concerning pseudo random
sequence generators. Maybe someone knows some references or can answer
the following questions directly.
1. Which hardware is best for high-speed LFSR-based keystream
generation? What keystream rates can be obtained in hardware
design?
2. What keystream rates are obtained usually, if the keystream
generator is designed in software?
Thanks in advance for your help.
Markus
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
