Cryptography-Digest Digest #807, Volume #10 Wed, 29 Dec 99 15:13:01 EST
Contents:
Re: Video card reconfiguration ("Julien Dumesnil")
Where can I get DVD Decoding Software? ([EMAIL PROTECTED])
Re: Where can I get DVD Decoding Software? ("anonymous intentions")
Re: Where can I get DVD Decoding Software? (Troed)
Re: Secure Delete Not Smart (Jim)
Re: Economic Espionage Act of 1996 and the U.S.A. government's violations (Jim)
Re: Secure Delete Not Smart (Mark D)
Re: More idiot "security problems" ("Trevor Jackson, III")
Re: Encryption: Do Not Be Complacent (jose)
AES wise? (Anonymous)
Diffie-Hellman ("Daniel Roethlisberger")
Re: Grounds for Optimism (David Crick)
Re: AES wise? (John Savard)
Advise on / e-money / e-cash / anon-cash / please (pgp651)
Re: File format for CipheSaber-2? (Johnny Bravo)
Cryptography in Tom Clancy (John Savard)
Re: Attacks on a PKI (Anne & Lynn Wheeler)
Re: Attacks on a PKI (Anne & Lynn Wheeler)
----------------------------------------------------------------------------
From: "Julien Dumesnil" <[EMAIL PROTECTED]>
Subject: Re: Video card reconfiguration
Date: Wed, 29 Dec 1999 18:36:59 +0100
> Doesn't seem likely to me.
>
> Why not get Motorola's AIM evaluation board, development libraries, etc.
John,
I'm sure I've read this info somewhere (don't remember where tho...)
Anyway the idea is _not_ to use specialised hardware. but to use a board
that could
be bought through any computer hardware reseller... And reprogram it to be
faster than
any PIII at doing cypher manipulation.
Don't know if you get my drift...
Regards,
julien
------------------------------
From: [EMAIL PROTECTED]
Subject: Where can I get DVD Decoding Software?
Date: Wed, 29 Dec 1999 17:14:02 GMT
I am looking for a software program that will decode the DVD protection
that is enabled on many DVD disks. I have heard so much talk on this,
and I must have this program. I'm sure it's floating around out there,
but if anyone knows of where I can download a DVD copy protection
decoder, that would be great.
Thanks
ICQ# 42616768
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "anonymous intentions" <[EMAIL PROTECTED]>
Subject: Re: Where can I get DVD Decoding Software?
Date: Wed, 29 Dec 1999 09:37:30 -0600
You must have just missed it. Someone posted it in either sci.crypt or
alt.security.pgp this morning. Dec 29 1999 ~7am PST I would check these
groups (sync) on the usenet again it was 23K and it was the source code and
mak file. Though it sounds like people are going down for posting it, and of
course, you could be a fed. Find it while you can.
:)
<[EMAIL PROTECTED]> wrote in message news:84df0i$1lq$[EMAIL PROTECTED]...
> I am looking for a software program that will decode the DVD protection
> that is enabled on many DVD disks. I have heard so much talk on this,
> and I must have this program. I'm sure it's floating around out there,
> but if anyone knows of where I can download a DVD copy protection
> decoder, that would be great.
>
> Thanks
>
> ICQ# 42616768
>
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Troed)
Subject: Re: Where can I get DVD Decoding Software?
Reply-To: [EMAIL PROTECTED]
Date: Wed, 29 Dec 1999 17:39:53 GMT
[EMAIL PROTECTED] wrote:
>I am looking for a software program that will decode the DVD protection
>that is enabled on many DVD disks. I have heard so much talk on this,
>and I must have this program. I'm sure it's floating around out there,
>but if anyone knows of where I can download a DVD copy protection
>decoder, that would be great.
Infoseek gives a nice list if you ask it for "DeCSS"
(By not giving you a direct link I'm making it a bit harder for the
lawyers who at this very moment are trying to make linking to other
sites illegal)
___/
_/
Nazister, rasister och andra dårar - ger bara sig själva kalla kårar
------------------------------
From: [EMAIL PROTECTED] (Jim)
Subject: Re: Secure Delete Not Smart
Date: Wed, 29 Dec 1999 17:57:44 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 28 Dec 1999 23:52:00 -0500, "Trevor Jackson, III" <[EMAIL PROTECTED]>
wrote:
>Jim wrote:
>> >The best answer is to never store plaintext. The information must be encrypted as
>> >it is stored. Disk encryption software does this for you.
>>
>> So you're recommending that one always works within an enciphered volume
>> or partition?
>>
>> If so, ought you to secure delete plaintext versions which have not
>> been taken outside the enciphered volume?
>
>That is unnecessary. The principle of an encrypted volume is that an Opponent can be
>handed the entire volume and will not be able to recover any plaintext. Everything
>written to the physical volume is encrypted. So there is no need to scrub plantext
>files sored within the virtual (encrypted) volume. They are safe.
>
>If you need to scrub files within the encrypted volume you need a better volume
>encryption software.
Of course. Duh!!!!!!
I still do it though, don't know why. Reflex probably.
--
Jim,
nordland at lineone.net
------------------------------
From: [EMAIL PROTECTED] (Jim)
Crossposted-To: alt.politics.org.cia
Subject: Re: Economic Espionage Act of 1996 and the U.S.A. government's violations
Date: Wed, 29 Dec 1999 17:57:45 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 29 Dec 1999 00:14:12 -0600, "John E. Gwyn" <[EMAIL PROTECTED]>
wrote:
>Eric Chomko wrote:
>> Ah yes, another Americanism of the English language: shutter.
>
>Even in America, it should have been "shudder".
>Our public school systems have not been doing a good job.
Nor here. Most of them can't even spell their bloody names
when they leave school.
--
Jim,
nordland at lineone.net
------------------------------
From: Mark D <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: Secure Delete Not Smart
Date: Wed, 29 Dec 1999 12:30:06 -0500
Guy Macon wrote:
>
> In article <84b21n$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Frank Gifford)
>wrote:
>
> >All this stuff about overwriting files assumes that the drive is working
> >properly. Suppose that after you had put your top secret formula for
> >Coca-Cola on your hard drive, it started to go bad. The read/write head,
> >being a physical device, starts to drift away from the proper track and now
> >it is a little more to the outside than it used to be. Now when you write
> >data, it's writing a little towards one side of the track, but the other
> >side of the track still contains your Coca-Cola formula.
>
> Minor correction; modern drives do not depend on mechanical tolerances.
> They servo to the center of the track. Everything else you said is 100%
> correct, because servos can go bad and be off to one side of the track.
So here's your solution: burn all your information to cd, and if you
want to 'secure delete' it, you just smash the cd. Since they're only
about a buck a piece, it would be fairly inexpensive.
------------------------------
Date: Wed, 29 Dec 1999 13:23:39 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: More idiot "security problems"
Terry Ritter wrote:
> On Tue, 28 Dec 1999 16:07:20 -0000, in
> <84an5g$p3a$[EMAIL PROTECTED]>, in sci.crypt "Brian Gladman"
> <[EMAIL PROTECTED]> wrote:
>
> >"CLSV" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
>
> >[...]
> >You are right - I was being loose with definitions for convenience. But use
> >any definition you wish (all now, all now and in the past, all past, present
> >and future,...) consistently and there is still a conclusion that I would
> >not trust as valid.
> >
> >I suspect the rule is already too general and should refer to 'design'
> >rather than 'create' as you suggested in your previous post. I also suspect
> >that there needs to be active involvement of all members of the group in the
> >design process. But these are all problems with the language of the
> >original rule.
>
> Personally, I have found it very difficult to write something which
> cannot be misunderstood. Much of what we write depends upon context,
> and a reader has their own context (and agenda).
>
> But "the original rule" was from Schneier:
>
> >>>>A corollary is that: "Anyone can create an encryption algorithm that
> >>>>he himself cannot break."
I suspect the intended meaning of this quote contains a strong degree of temporal
locality. Thus the suffix "at the time of creation" may be appropriate.
Given that the history of crypto is littered with attacks that were created
specifically to defeat one cipher or a specific class of cipher, we should expect
novel attacks to succeed novel ciphers. The principle that good ciphers are
created by people good at breaking ciphers is fundamentally the same as the
process for generating new primes. One mixes together all the known attacks
(known primes), add a minor tweak or to (+1), and produce a new cipher. Either
you missed an attack (a small prime skipped) or a new attack will evolve to
address the new cipher (a large prime found).
While primality is invariant with respect to time (the discovery of more primes)
cipher resistance to attack changes as the set of attacks grows. Thus at the
time a new cipher is designed it may not be breakable with the collection of
existing attacks. But a new attack may be created precisely because a novel
cipher is immune to attack by the existing collection.
Even the designer of the cipher needs to have the cipher available to construct
an attack upon it. Thus the crack of a carefully designed cipher will occur
after the design process is complete. (This ignores the iterative aspect of the
design process).
The quote can also be interpreted to indicate that an encryption algorithm is not
completely created until the designer has exhausted both the existing set of
attacks that are available, and his own capacity for inventing new attacks.
However, this interpretation is flawed in that the design process used by a good
cryptographer may never halt. He may be much better at cracking ciphers than he
is at inventing algorithms, in which case he will probably never complete the
design cycle.
Also, it is unreasonable to assume that a designer can determine when his
capacity to invent attacks upon his cipher is exhausted. First there is a
conflict of motivation in that he wanted the cipher to be strong and it takes a
very serious effort to swap roles and become one's own adversary. Secondly,
creativity is notoriously non-monotonic. It happens in fits and starts. The gap
may be minutes or decades. So there is no way that a designer can tell when he's
"done" except by giving up. A break might be right over his analytic horizon,
but there's no way to predict that. (c.f., the number of Nobel prizes awarded
for dealing with "trivial roots" or the equivalent in previous works).
The first and second factors interact synergistically because the second, "I give
up" is a subjective decision, and this allows the first factor, motivation, to
influence the termination conditions of the design process.
> which is specifically restricted to individuals, producing the clear
> implication that groups do not have the same limitation. They do.
Group behavior thumb rules:
"An aristocracy is defined by the condition that one person's opinion is better
than all the others.
"A democracy is defined by the condition that one person's opinion is just as
good as any others.
"Individual behavior is motivated by sex, group behavior by food". Are ciphers
more closely related to sex or food? ;-)
------------------------------
From: jose <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,talk.politics.crypto,talk.politics.misc,talk.politics.drugs
Subject: Re: Encryption: Do Not Be Complacent
Date: Wed, 29 Dec 1999 13:30:14 -0500
Jim wrote:
> On Mon, 27 Dec 1999 18:07:50 -0800, Anthony Stephen Szopa <[EMAIL PROTECTED]>
> wrote:
>
> >I would create several specific words and phrases that convey the
> >exact same meaning. I guess the best security would be to assign
> >certain numbers to represent certain words and phrases. Then have
> >any of several numbers represent the exact same word or phrase.
>
> Seems that what you are describing is enciphered code.
>
> I.e. code your message from a codebook (if you can still find
> one) then encipher it.
nope, sounds more like the original author has accepted the fact that messages are
likely to be decoded one way or another, but their meaning may still be hidden by
the age old trick of a poorly known vocabulary. *shrug* simple trick, kids use it
all the time, why should you stop because you are an adult?
for a clear example of this, look at various MicroSoft memos that got out during
their recent federal trial. some euphamisms and less blunt discussion of tactics
would have saved them a lot of hassel.
jose nazario [EMAIL PROTECTED]
------------------------------
Date: 29 Dec 1999 18:41:04 -0000
Subject: AES wise?
From: [EMAIL PROTECTED] (Anonymous)
Hi,
Two thoughts:
1) Given the record of Blowfish having no attacks against the full
algorithm, why do none of the AES candidates use fully key-dependant
S-boxes? Is it because it is tough to make an f-function fully bijective
that way, or is it just cumbersome to prove protection against differential
analysis, or what? (NSA seems to dislike random, unknown S-boxes) Ok,
Twofish uses S-boxes, however from only half the key. Are there any
little-known attacks (that someone can reference) against Blowfish because
of the random S-boxes?
2) It would seem that creating only one algorithm for ALL purposes for
ALL implementations is a little silly. Others posting to this group have
asked "why not choose more than one winner." That is not what I am saying. I
say that the AES goal is flawed: Why did NIST not just call for two
algorithms? (One for high security, and one for implementations where
resources are low.) Even just two versions of the same algorithm?
Just questions,
jp
For an unpatented algorithm that makes extensive use of S-boxes, see:
http://www.deja.com/getdoc.xp?AN=553635567
------------------------------
From: "Daniel Roethlisberger" <[EMAIL PROTECTED]>
Subject: Diffie-Hellman
Date: Wed, 29 Dec 1999 20:00:36 +0100
Trying to understand Diffie-Hellman in order to implement it, I stumbled
across the following sentence in Applied Cryptography: "... agree on a large
prime, n and g, such that g is primitive mod n". Now my English is no good
when it comes to mathematical terms. What does _primitive_ exactly mean? If
n is the large prime, what is g? As it says later on in the chapter, g can
be chosen as small as possible (ie. a one-digit number), and doesn't even
have to be primitive. But I am still puzzled what primitive means,
mathematically.
Furthermore, is it safe to use the same n and g all the time (ie.
hardcoded), or do I have to generate new ones from time to time?
Any help is much appreciated, as well as pointers to good docs, free
implementations and big number libraries, or other relevant information.
Regards,
Dan
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Subject: Re: Grounds for Optimism
Date: Wed, 29 Dec 1999 19:04:31 +0000
My comment then, is whether we should go for a cipher like MARS or
Twofish, which try and include as many complications against
cryptanalysis as possible, rather than a cipher like RC6 or Rijndael
that are simpler and concentrate on diffusion, etc. (Please accept
my apologies for these gross simplifications of the candidates!)
Much has been made of Serpent's apparent "safety margin" - cited
as approximately double the number of rounds.
However, the best attack on anything anywhere near as complicated
as the full Twofish is on 5 rounds, by the authors. Twofish has
16 rounds - more than *triple*. Plus of course, it is far faster
(in software) than Serpent.
David.
--
+-------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] http://members.tripod.com/vidcad/ |
| Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
| ICQ#: 46605825 PGP Public Keys: RSA 0x22D5C7A9 DH/DSS 0xBE63D7C7 |
+-------------------------------------------------------------------+
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: AES wise?
Date: Wed, 29 Dec 1999 12:11:22 GMT
[EMAIL PROTECTED] (Anonymous) wrote, in part:
>Ok,
>Twofish uses S-boxes, however from only half the key. Are there any
>little-known attacks (that someone can reference) against Blowfish because
>of the random S-boxes?
I agree that a genuinely key-dependent S-box is a good idea. The ones
in Twofish result from a very simple manipulation of a fixed S-box, so
they aren't in the same class.
But the desired algorithm was to be useful in almost any circumstance,
including smart cards: and RAM is much more expensive than ROM. Also,
a fully random S-box will occasionally wind up with a "bad" value by
accident (such as 0, 1, 2, ... or some linear function thereof, or
something close to it), and this risk, although very low for an S-box
of any size, may be on people's minds.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Date: 29 Dec 1999 19:34:40 -0000
From: pgp651 <Use-Author-Address-Header@[127.1]>
Subject: Advise on / e-money / e-cash / anon-cash / please
Crossposted-To: misc.legal,us.legal,alt.security.pgp
I would like to find information about account in non - usa jurisdiction, the
account should be free of any influences from usa government. Find location
which is usa judgment proof. The easy [ internet & wire ] transfer / payment is
a must.
The every day account keeping by internet link as a standard future. The
account not need to be ANON but must be judgment proof from usa jurisdictions.
Should be able to open it by internet transaction / application. The wire
transfer transaction should be settled in about 24 Hr.
To recap :
- NON usa jurisdiction,
- MUST be secure from USA influences but must not be ANON [ can be ANON ]
- FAST in & out transactions
- Transactions non-frequent, asset protection primary objective
With above basic requirements, is it possible to find one ?
Any help would be appreciated.
pgp651
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: File format for CipheSaber-2?
Date: Wed, 29 Dec 1999 14:31:53 GMT
On 28 Dec 1999 20:36:07 EST, [EMAIL PROTECTED] (Guy Macon) wrote:
>> Since you have to give the recipient your key beforehand, that is
>>when you give them the number of mixings to be used. It will vary per
>>person as hardware differs widely from one person to the next.
>
>I would like to avoid having to tell the recipient a passprase and a
>number. Doing so adds a large memorization burden for a small increase
>in security.
Not really a large memorization problem, just put all your passwords
and numbers in a file and encipher it with a personal private
passphrase. Then you only have to remember one passphrase, but I
admit it seem clumsy.
>Yes, but they CAN handle CipherSaber-2 encrypted messages if the number
>of repeats is 1, and the format is proper. This is a desirable property.
You could make it the last two bytes of the IV. Rather than make it
the same every time, it could vary from say 75% to 125% of the optimal
value (pick at random), and just make sure the rest of the IV is
properly computed. This drops the effective length of the IV by 5
bits or so if the N value is around 4000. Most of us won't send
enough messages to the same recipient in a lifetime to get a birthday
hit on the IV value, even with 75 bits instead of 80.
For proper security IVs should just work from a start value and
increment per message anyway. This easily allows a shared key to be
used, one person uses odd IV values, the other uses the evens without
risking an IV collision between them. This would allow each party to
send more than enough messages with just one key between them.
Best Wishes,
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Cryptography in Tom Clancy
Date: Wed, 29 Dec 1999 12:43:12 GMT
A while back I commented on "ruthless.com" which seemed ostensibly
opposed to cryptographic export, but which illustrated the hazards of
key escrow.
His latest novel, "Rainbow Six", has the Russians copying the STU-III:
they used a less powerful speech compression/digitization algorithm,
but they copied the encryption _exactly_...allowing the Americans to
break it (they having gone on to the STU-IV).
Actually, there is a successor to the STU-III, but it is called the
STE, and it is claimed to be intended for greater bandwidth instead of
higher security. Thus, I suppose that "STE-II" would have been a more
accurate designation for a future fictional secure telephone.
There are reasons to believe that the Soviet Union had copied some
U.S. encryption technology in the past, for example the description of
a shift-register based device on Joerg Drobick's web site (which seems
to have disappeared)...although that seems to have only a superficial
resemblance to U.S. devices, which hopefully were considerably more
complicated than a plain shift register, which is - and was - known to
be insecure. (The book "The Pueblo Surrender" might also be cited, but
the theory it advances for the Pueblo incident seems difficult to take
seriously, for technical reasons alone.)
But the purpose of a novel is to entertain, so a few technical
implausibilities, as long as they help to advance the plot, are not to
be concerned about. (In fact, of course, I would expect that the
STU-III would not be that "close" to being breakable that even the NSA
could do so a decade hence; that would be irresponsible underdesign.)
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Subject: Re: Attacks on a PKI
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Wed, 29 Dec 1999 19:54:40 GMT
"Lyal Collins" <[EMAIL PROTECTED]> writes:
> Authentication of individuals using PKI is about as strong as the passwords
> they use to control access to their priate key.
>
> Why not stick to passwords and integrity checking databases, for
> non-ecommerce uses?
>
> Lyal
strictly shared secret based systems tend to have the shared secret in
a lot more places and have a lot simpler exploit modes ... shared
secrets can be be attacked with social engineering (i.e. call the
person and tell them you are bank examiner and need to test the bank's
security & ask them for their bank account number and their mother's
maiden name ... or call and tell them you are the ISP security
manager and need to test their login account).
Account Authority Digital Signature (AADS) public key ... eliminates
those exploit modes, preserves existing authentication business
processes and establishes the basis for parameterized risk management.
In the paramemterized risk management portion ... the AADS public
protocol and processes can be the same across a wide-range of business
processes & requirements ... but the risk parameters are adjusted
based on the integrity level of the environment housing the private
key and doing the digital signing (simple example is credit limit and
transaction authorization are different whether the private key is a
PC housing with password access ... or a seperate 140-3 smartcard with
both PIN and biometrics).
This is easily generalized to authentication infrastructure ... using
the same infrastructure for things like financial transactions, web
access, & ISP login (straight-forward RADIUS enhancement) ... all
sharing the same technology infrastructure and level of integrity
adjusted to meet the requirements of the business.
--
--
Anne & Lynn Wheeler | [EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.garlic.com/~lynn/ http://www.adcomsys.net/lynn/
------------------------------
Subject: Re: Attacks on a PKI
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Wed, 29 Dec 1999 19:57:40 GMT
... and of course ... lots of AADS description and discussion at
http://www.garlic.com/~lynn/
& recent X9.59/AADS announcement
http://www.garlic.com/~lynn/99.html#224
--
--
Anne & Lynn Wheeler | [EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.garlic.com/~lynn/ http://www.adcomsys.net/lynn/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
