Cryptography-Digest Digest #562, Volume #10 Sat, 13 Nov 99 05:13:04 EST
Contents:
Re: Proposal: Inexpensive Method of "True Random Data" Generation
([EMAIL PROTECTED])
Re: Public Key w/o RSA? ("Roger Schlafly")
Re: Security Precautions in Communicating Audit Results using Information Networks
("Markku J. Saarelainen")
Re: RC4 in Kremlin US version 2.21 to tom st denis ([EMAIL PROTECTED])
Re: real random number generator idea -- any criticisms? (Tom St Denis)
Re: Public Key w/o RSA? (John Kennedy)
Re: smartcard idea? (Hideo Shimizu)
Re: Need technique for about 24 bytes (wtshaw)
Some interesting encryption related data .... ("Markku J. Saarelainen")
Enigma Machine: fair market value (zenlight)
Re: Public Key w/o RSA? ("Trevor Jackson, III")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Sat, 13 Nov 1999 02:21:19 GMT
Coen Visser wrote:
> It is a definition: call a string random when it is incompressible.
> I am talking about (all) finite strings, using a fixed Universal
Turing
> Machine, compressibility defined + O(1).
In another strand of the thread I argue that this
definition doesn't make sense. We cannot use a
notion of compressibility that ignores constant
differences because for "a string", the numbers
we want to compare _are_ constants.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: Public Key w/o RSA?
Date: Fri, 12 Nov 1999 18:11:16 -0800
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> There have been several; for example, systems based on elliptic curves
> are in vogue now. RSA is the oldest PK encryption scheme that, for
> sufficiently large key size, is secure against known methods of attack.
No, Diffie-Hellman is older and just as secure. The RSA folks
learned about PK cryptography from the DH paper. IMO, DH
is also easier to understand.
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,soc.culture.russian,soc.culture.europe
Subject: Re: Security Precautions in Communicating Audit Results using Information
Networks
Date: Fri, 12 Nov 1999 21:27:42 +0000
Herb Gorman wrote:
> Personal security on the net is easy, and software which will encrypt and
> forward documents through chained anonymous remailers is easy to obtain and
> use. Anonymity is indeed as close as your mouse!
>
> --
> Herb Gorman
>
>
HAHAHAHAHAHAAAAAAA
Many of these remailers are managed by certain intelligence agencies. Nothing
there is anonymous. HAHAHAHAHAAA
The internet is a kind of huge electronic postal system with many "postmen".
These "postmen" are computer systems. However, your postcards (when your emails
are not encrypted - your are not using sealed envelops) can be read by
object-oriented programs that analyze your messages for humans and your
postcards can also be read by human beings with expert system assistants. No
wonder that the internet is one of most critical elements of the certain
intelligence agency's information collection strategy among many other
programs/activities. I think that the small boy would not like to put his
business at risk by using postcards, when communicating confidential business
information with his clients and business partners. Quite, frankly, your ISP is
only one of these "postmen". There are people who are using postcards when
sending "logic diagrams", "layout plans" and many other design and development
(R&D) to their internal locations and/or to suppliers/customers on the
internet.
People are focusing on some firewall issues, while, at the same time, they are
ignoring basic communication security factors.
The small boy is alive.
P.S. See my earlier posting for facts.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RC4 in Kremlin US version 2.21 to tom st denis
Date: Sat, 13 Nov 1999 03:10:04 GMT
>
> RC4 does not have an CBC mode, it's an RNG damnit.
>
> Tom
Yes Tom, RC4 should not have a CBC mode but in Kremlin v 2.21 there is
a dark CBC mode for RC4 !!! It's A BUG in the implementation of RC4 !!
Look at Kremlin 2.21 to be sure
Alex
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: real random number generator idea -- any criticisms?
Date: Sat, 13 Nov 1999 03:29:38 GMT
In article <80f8g1$bev$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> Make an initial call to ::GetTickCount(). Keep calling the function
> repeatedly until the value changes, incrementing a counter each time.
> Take the LSB of the counter and use that as a bit of randomness. The
> resolution of the win32 function ::GetTickCount is about 10ms for NT,
> 55ms for 95.
I took your idea, added a self-shrinking generator and got
int rng(void)
{
long a, b;
a = GetTickCount();
while (a == GetTickCount())
b ^= 1;
return b & 1;
}
int get_bit(void)
{
int a, b;
do {
a = rng(); b = rng();
} while (a == b);
return b;
}
I have a demo program showing it off if anyone wants to see. I ran it
alone under windows [no other visible tasks] and got an even
distribution [not alternating digits]. It probably works better with
the more apps loaded..
If anyone wants the demo code or source just let me know.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: John Kennedy <[EMAIL PROTECTED]>
Subject: Re: Public Key w/o RSA?
Date: Fri, 12 Nov 1999 22:36:45 -0500
On 12 Nov 1999 23:48:03 GMT, David A Molnar <[EMAIL PROTECTED]>
wrote:
> > And if so, then why is RSA in
>> particular so popular?
>
>Name recognition. Ease of explanation. Ease of prototype implementation.
>PGP used RSA. There's an entire company dedicated to commercializing RSA.
>That kind of thing, I'd expect.
Well also RSA has been used more extensively than any othe public key
system and thus has a proven track record that other systems can't
match yet. That's worth something.
-
John Kennedy
The Wild Shall Wild Remain!
http://members.xoom.com/rational1/wild/
------------------------------
From: Hideo Shimizu <[EMAIL PROTECTED]>
Subject: Re: smartcard idea?
Date: Sat, 13 Nov 1999 12:33:49 +0900
Hi
I don't have correct year, but about 10 years ago,
Japanese smart card vendor Toshiba (also famous about note pc)
create smartcard with number keypad and LCD display.
Unfortunatelly, it has so early and high cost that
Toshiba didn't make it product. Toshiba is one of the oldest
smart card manufacturer in Japan.
In Japan, a book about development story have published
(only Japanese). Now, we can see it at 23rd floor of
headquarter building of Toshiba in Tokyo, Japan.
Hideo Shimizu
TAO, Japan
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Need technique for about 24 bytes
Date: Fri, 12 Nov 1999 23:00:36 -0600
In article <[EMAIL PROTECTED]>, Caesar Valenti
<[EMAIL PROTECTED]> wrote:
> I am in need of finding source code that will encode (and decode, of
> course) a string of about 24 characters. Out of necessity, the string
> will only consist of the 36 alpha numeric characters (case insensitive)
> The encrypted string is also limited to the same 36 characters. The
> encrypted string should be about the same size as the original.
>
> The code should relatively short and easy to implement. Security is a
> moderate concern; however I can accept 99.99% security for the general
> population (in this group, probably more like 20%!).
>
> I know this is a newbie question. I am extremely new to this, so be
> gentle. I will be getting a copy of Applied Cryptology this weekend,
> and will review it. Any ideas? Possibly RC4? XOR? or???
The obvious thing about base 36 is that it is 6 squared, allowing for an
algorithm in hexits, base six information units. This means that you can
work with a block of 48 hexits if you wish. There is lots of room for new
development there.
A base translation method is available in which input is a multiple of 11
hexits and output is a multiple of 6 base 27 characters, doubled to be
input/output of base 36/27 of 11/12 characters. It would work for 22
characters input, 24 characters output.
Acceptable criteria allow for designs for output in base 20 or base 15 as
well, the later input/output length ratio being 3 to 4 characters, or
multiple, 24 to 32 for example.
You seem to want to specify a security level....something a little hard to do.
Folks, here is a real problem, something for which all the hot algorithms
are totally inappropriate. But, the easy way out is to go ahead with
something that is not aimed at custom fit, but that of a Russian Boot.
--
Defend Privacy....tell an official now and then that something is none of their
business.
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,comp.security.firewalls,soc.culture.italian,soc.culture.china
Subject: Some interesting encryption related data ....
Date: Sat, 13 Nov 1999 01:01:18 +0000
2nd DISCLAIMER: This unencrypted message may have been intercepted and
read by several individuals and agencies before you have read it.
Check out also ... alt.politics.org.cia soc.culture.russian sci.crypt
======
The story of a small boy .... - sealed envelops ....
About twenty years ago, there was a small boy (9-11 years old or so),
who had his penpals around the world - the Soviet Union, the United
Kingdom, Australia, Germany and many other European nations. He wrote
his letters on a paper and then mailed these letters in sealed envelops
and he received letters from his international friends in sealed
envelops. He did not use postcards. In today's world, there are many
executives in governments, businesses and other organizations, who email
their secrets in postcards. How has the world changed? Or was this young
child just smarter than many today's executives?
The small boy and different languages ...
About twenty years ago, the small boy communicated with many penpals
around the world in different languages. He used sealed envelops and
took these envelops to the post office. In today's business environment,
there are many executives that are using postcards (unencrypted email
messages), while emailing their business information such as design and
development documents to their internal penpals or external business
contacts through the TCP/IP network. They may be using many different
languages, but without any sealed envelops. And then there are those
object-oriented applications that take these postcards and use
electronic language dictionaries to provide this translated information
for futher analysis by humans and their software assistants.
The small boy and books ...
The small boy went also to the library and read books and news without
anybody really knowing what he read. But today's many business
executives are using many TCP/IP based communication tools to retrieve
their desired business information on the Internet on daily basis, while
ignoring the fact that their business intentions are being recorded on
databases by commercial enterprises and intelligence agencies. And of
course, as we know, the CIA (PIGS) are operating in the concert with
specific intelligence groups in specific commercial enterprises.
Some additional information ...
If you fax your fax to the Kremlin, it most likely will be intercepted
by the CIA/NSA and then transmitted through the satellite link to the
NSA's mainframes in Fort Meade + other places, the NSA's headquarters +
other places, and then processed to a text file from the fax image file
using a variety of high-grade OCR software applications. After this your
fax shall be analyzed by many object-oriented programs that are using
specific keyword tables and historical communication databases for
classifying this communication. In addition, the person's ID shall be
analyzed by similar applications and then evaluated for his/her
importance for futher analysis. After these analysis have been
completed, a person and communication shall be assigned specific
classification and depending on the nature and importance of a person
and accumulated data communications around the world, additional actions
and/or collection activities shall be initiated.
=====
and then there is the Wassenaar ....
"Encryption and many cryptography technologies are very important for
any future electronic commerce applications and implementations. It is
the recommendation to decline the acceptance of any Wassenaar Agreement
(http://www.wassenaar.org) terms on encryption controls and to support
the strongest cryptography in all commercial Internet communications
globally. The role of the Internet is already critical in most
international enterprises and corporations. However, due to the open
infrastructure and individuals' principal lack of the security knowledge
and consciousness, quite often critical business messages are sent
without any encryption protection, which makes corporations extremely
vulnerable. It is a common public knowledge that some specific
intelligence agencies are using the Internet and other intelligence
collection methods to acquire and collect specific technology and
business intelligence for specific commercial and business enterprises.
Some of most popular encryption applications have backdoors and their
development projects have been supported and influenced by certain
specific intelligence-interest groups. In the future's electronic
commerce environment these encryption methods and technologies shall
become even more important for any corporation anywhere around the world
and it is highly recommended to avoid using any of the most popular
and/or free encryption applications for any business and commercial
purposes."
=====
But who is M ?
After an encryption expert from another continent made some negative
statements regarding to the U.S. government's business intelligence
activities, M made his lightly positive remark directly to the list.
Immediately, after sending his positive message, he received many
congratulatory messages from certain individuals supporting his point of
view. This was in the summer of 1995 - already more than four years ago.
Since that some strange events started occurring. There are more facts
than anybody would want to guess. It is very interesting indeed. M has
discovered the truth on his own and by himself. So it is no surprise
that this list consists many supporters of the U.S. government's
business espionage network. And M is just an ordinary man with the
capability to make accurate judgments. So who is M?
Some stated facts ...
* The CIA is operating a wide and deep intelligence network in
international businesses in all regions. The objective of this network
is to steal economic, business and technological information and data
for the benefit of certain U.S. corporations. 031599
* The CIA's former and current agents are promoting their services to
certain U.S. companies in order to collect specific business
intelligence for these companies (their "clients"). There have been
meetings, where some self-acknowledged CIA agents have performed this
promoting. 031599
======
In 1994, I emailed an email message to my friend in Kuala Lumpur,
Malaysia indicating something like "I and my associates might be
interested in cooperating in some development efforts .." - this friend
had received a part of his management education in the U.K. - and
almost immediately after sending this email message a person (most
likely with the CIA/NSA) calls to me (located in the NA) and starts
asking more details of these associates .. this person was a totally
different person from my friend in Kuala Lumpur .. and I must have hung
up the telephone .. and actually these associates never existed ...
CHEESE .. and did you know that the author of a popular encryption
application was actually a member of the internet related information
security committee (.. easy to guess whose ..) in the beginning of this
decade ..
======
I used a popular search engine and used the following keywords
"neuroscience" and "neural system". I had not used these keywords
earlier with any search engines or in any internet communications. In
fact, this was my first time to use "neuroscience" on the internet. Few
days after using these keywords, I received in mail a magazine
addressing many interesting neuroscience and neural network related
topics. I have never before received any neuroscience magazines. So
somebody took my IP communication ID#, my keyword information that I
used with the search engine and got my postal address from data
retailers -- and sold/provided this information to a company /
institution. It was clear this was a commercially orchestrated process
by certain companies. I do not think that the CIA/NSA would have been
involved in this, because, most likely, the CIA/NSA took my IP
communication property before these communications ever reached any
servers of the search engine company. This just appeared to be one very
fast commercially handled scheme.
=====================================================
NOTE: "I disagree with what you say, but I will defend to the death
your right to say it."
1st DISCLAIMER: No thought written in this message is a statement of any
organization by which I am employed or for which I work.
2nd DISCLAIMER: This unencrypted message may have been intercepted and
read by several individuals and agencies before you have read it.
NOTE: "A leader listens; responds; follows up and inspires others to
action!"
=====================================================
------------------------------
From: zenlight <[EMAIL PROTECTED]>
Subject: Enigma Machine: fair market value
Date: Sat, 13 Nov 1999 06:35:21 GMT
Does anyone know what the fair market value of
an enigma machine is?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Sat, 13 Nov 1999 03:07:49 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Public Key w/o RSA?
John Kennedy wrote:
> On 12 Nov 1999 23:48:03 GMT, David A Molnar <[EMAIL PROTECTED]>
> wrote:
>
> > > And if so, then why is RSA in
> >> particular so popular?
> >
> >Name recognition. Ease of explanation. Ease of prototype implementation.
> >PGP used RSA. There's an entire company dedicated to commercializing RSA.
> >That kind of thing, I'd expect.
>
> Well also RSA has been used more extensively than any othe public key
> system and thus has a proven track record that other systems can't
> match yet. That's worth something.
In what sense does PGP have a proven track record? I'd expect the people with
the resources to actually dent PGP to keep their mouths shut no matter how far
they got against it. Do you have authoritative information that indicates
that no one has dented PGP, or are you make the assumption based on the fact
that no one has made a credible claim to have done so?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
