Cryptography-Digest Digest #842, Volume #10 Wed, 5 Jan 00 15:13:01 EST
Contents:
Re: Square? (Tom St Denis)
is signing a signature with RSA risky? (Pascal Scheffers)
Re: meet-in-the-middle attack for triple DES ([EMAIL PROTECTED])
Re: "Variable size" hash algorithm? ("Peter K. Boucher")
Re: Secure Delete Smart (Henry)
Re: Square? ("Andrej Madliak")
Re: Square? ("Andrej Madliak")
Re: Square? (David Wagner)
Re: Truly random bistream (Medical Electronics Lab)
Unsafe Advice in Cryptonomicon (John Savard)
Re: Change of number bases (wtshaw)
How to obtain updated SSL certificate for Navigator-3? (Sundial Services)
Re: Change of number bases (James Muir)
Re: Change of number bases (Mok-Kong Shen)
Re: Unsafe Advice in Cryptonomicon (Steve K)
Re: Truly random bistream (CLSV)
Re: REQ: Applied Crypto source disc ("Jason C. Hartley")
Re: Change of number bases (Mok-Kong Shen)
Is DES still used for ATM transactions ???? ("Buchinger Reinhold")
Re: Truly random bistream (Jim)
Re: Secure Delete Smart (Jim)
Re: Unsafe Advice in Cryptonomicon (Mok-Kong Shen)
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Square?
Date: Wed, 05 Jan 2000 17:15:36 GMT
In article <84v0lv$rsu$[EMAIL PROTECTED]>,
"Andrej Madliak" <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi!
>
> Who knows something about the "Square" algorithm, it's
> strenght/weaknesses and attacks against it?
All I know is in the paper 'The Block Cipher: Square' they have an
attack for anything under 6 rounds. I can send copies to anyone who
asks. Just email me at [EMAIL PROTECTED] and request it [or a list of all
the papers I have].
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Pascal Scheffers)
Subject: is signing a signature with RSA risky?
Date: Wed, 05 Jan 2000 16:25:02 GMT
With RSA, there is the risk that if you encrypt before signing the
other can fake a message. This is described on p473 of Applied
Cryptography 2nd.Ed.
I think I understand the math, which then implies that -if- I sign
another signature, the same trick can be done.
I was wondering if this is an issue for time-stamping services? A
timestamp gives you the most value if time-stamp a contract
*including* the signatures on that contract.
This would basically mean that (if both parties agree) a new document
can be made, say a patentable idea, with a much older timestamp. not
good.
This can be prevented if the public key exponent is fixed, which it
usually is. AFAIK, having a fixed exponent is just a recomendation, I
don't know if CAs enforce it.
It is probably not an *easy* trick to do, but still...
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: meet-in-the-middle attack for triple DES
Date: Wed, 05 Jan 2000 17:32:02 GMT
> My main point is that with a key stream supplying the keys to
> a block encryption algorithm the analyst will not be able to
> determine these keys, excepting brute forcing a certain number
> of these (depending on the strength of the key stream generation)
> necessary for inferencing the key stream. For the large number
> of plaintext ciphertext pairs assumed to be available for doing
> attacks of the sort mentioned in this thread as well as
> differential analysis etc. become 'by definition' not available with
> the variable key scheme. Now consider what I mentioned above about
> brute forcing a certain number of the keys. Doesn't brutefocing a
> single one of these mean in the original context attacking the
> triple DES without employing any clever techniques such as
> meet-in-the-middle, i.e. a practially infeasible effort? From this
> one sees that the key stream used in fact doesn't need to be
> particularly strong. Of course, in a crypto system one should
> attempt to do the best at each and every place. That's why I
> nevertheless added a cautious assumption about the difficulty of
> infering the key stream. I have yet made no thought of concrete
> implementations but suppose that one viable way is to use a DES as
> a generator of random bit sequences. I conjecture that there
> wouldn't be tremendous degradation of speed, particularly if
> everything runs in hardware. Anyway, I personally find it a little
> bit surprising that using variable keys appears not to have been
> considered hithertofore at least as a discutable potentially
> viable means of defense.
>
> M. K. Shen
Isn't this an example of OFB or counter mode? Generate a keystream using a
key and IV and then combine the key stream with the plain text. The normal
way is to combine with the XOR. The XOR is quite simple and has seveal
weaknesses. The most dangerous is reuse of the IV/key combination.
Instead of XOR, a block cipher could be used. Each new block would be
encrypted with the next key in the keystream. The downside would be the key
setup in the block cipher. The key setup would have to be done for each
block.
A related idea would be to use the key stream as the round keys of the block
cipher. RC6 seems to lend itself to this idea. Instead of generating a
fixed set of round keys and using them for every block, the key schedule
would just keep spitting out round keys for every round of every block.
A danger with this idea is key schedule attacks. If any related, weak,
equivelent, or looping keys exist, this mode would most likely be quite
weak. Extensive analysis would be needed to define the strength of this
mode.
The RC6 key schedule is highly recursive, that is each new key depends on
multiple previous keys. The property makes is difficult to go backwards or
forwards in the keystream with only partial information. Gaining full
information on the state of the key schedule is more diffucult than just
guessing the orginal key.
With this mode, if an attacker guesses the key for one block then it does not
help with other blocks. Guessing the key for multiple blocks should be
harder than guessing the orginal key.
--Matthew
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Wed, 05 Jan 2000 10:44:45 -0700
From: "Peter K. Boucher" <[EMAIL PROTECTED]>
Subject: Re: "Variable size" hash algorithm?
Tim Tyler wrote:
>
> Peter K. Boucher <[EMAIL PROTECTED]> wrote:
>
> : Why not have your program measure the entropy of the input [...]
>
> Hmm, this first stage looks like it might be a little bit tricky to perform.
I believe there are freeware or copyleft programs out there that perform
some measure of entropy or another.
--
Peter
------------------------------
From: Henry <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: Secure Delete Smart
Date: Wed, 05 Jan 2000 12:42:11 -0500
Why go to all the trouble when you can absolutely destroy portable magnetic
media records by passing the media near a powerful magnet? [Has the added
advantage of permitting the re-use of the media] As for Hard Drives, there
is simple software available which completely overwrites a file you wish
deleted [instead of just obscuring the file name] making it impossible to
recover, or, of course, there is always the Format command which wipes the
entire disk beyond recovery.
"John G. Otto" wrote:
> > Guy Macon wrote:
> >> Mark D wrote:
> >> So here's your solution: burn all your information to cd, and if you
> >> want to 'secure delete' it, you just smash the cd. Since they're only
> >> about a buck a piece, it would be fairly inexpensive.
>
> Sand them, first. :B-)
>
> > I actually do this, but I use floppies and toss them in the fireplace
> > (I know, bad gasses, but it's just one floppy and it mostly goes up
> > the stack if you toss it in deep).
>
> Not too bad. If it's hot enough, the heat alone destroys the
> magnetic pattern, and the "bad gasses".
>
> Some places, I've heard, take their old hard drives apart and
> drop the platters in acid to eat up the metal oxide coatings.
> --
> John G. Otto Nisus Software, Engineering
> http://www.nisus.com SuperSleuth QUED/M
> http://www.mathhelp.com GIA Nisus Writer
> http://www.infoclick.com Easy Alarms Mail Keeper
> Opinions expressed are not those of Nisus Software.
------------------------------
From: "Andrej Madliak" <[EMAIL PROTECTED]>
Subject: Re: Square?
Date: Wed, 5 Jan 2000 15:19:29 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Hi!
Sorry - I forgot to mention - It's part of the SCRAMDISK software
(http://www.scramdisk.clara.net/) and the authors are J. Daemon and
V. Rijmen. It's a block cipher. There are some implementations on the
net (incl. one in Java), but I'm nut sure about the sites.
Andrej
Mok-Kong Shen wrote in message <[EMAIL PROTECTED]>...
>Andrej Madliak wrote:
>>
>> Who knows something about the "Square" algorithm, it's
>> strenght/weaknesses and attacks against it?
>
>I suggest that such questions be always accompanied with references,
>i.e. where (in which paper, journal, internet news article) one met
>with the names in question that are presumably not very well-known.
>
>M. K. Shen
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
Comment: Quis custodiet ipsos custodes?
iQA/AwUBOHNE4IaZUlJQw2ggEQLj7gCgmIw3Y4iPv9QzwzJkxpiwvN80uSMAnA/C
qpu9r+SDTS4FosRU98tvCQPM
=FHzp
=====END PGP SIGNATURE=====
------------------------------
From: "Andrej Madliak" <[EMAIL PROTECTED]>
Subject: Re: Square?
Date: Wed, 5 Jan 2000 18:33:40 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Addendum to my previous post:
The URL for Square is:
http://www.esat.kuleuven.ac.be/~rijmen/square/index.html
Andrej
Mok-Kong Shen wrote in message <[EMAIL PROTECTED]>...
>Andrej Madliak wrote:
>>
>> Who knows something about the "Square" algorithm, it's
>> strenght/weaknesses and attacks against it?
>
>I suggest that such questions be always accompanied with references,
>i.e. where (in which paper, journal, internet news article) one met
>with the names in question that are presumably not very well-known.
>
>M. K. Shen
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
Comment: Quis custodiet ipsos custodes?
iQA/AwUBOHNyZIaZUlJQw2ggEQJpcwCgjUP5naDod+08nlX9AROVLpDGXqYAoPc/
LHP9tFBZnwqoGGhqY5KRrh+V
=348s
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Square?
Date: 5 Jan 2000 10:16:02 -0800
In article <84v0lv$rsu$[EMAIL PROTECTED]>,
Andrej Madliak <[EMAIL PROTECTED]> wrote:
> Who knows something about the "Square" algorithm, it's
> strenght/weaknesses and attacks against it?
Instead of Square, I'd suggest considering Rijndael, a successor of
Square that has received a good deal of analysis thanks the fact that
it is currently one of the five AES candidates.
But frankly, I wouldn't suggest using a cipher as new as either Square
or Rijndael for production purposes unless it were absolutely necessary.
What's wrong with Triple-DES or Blowfish?
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: Truly random bistream
Date: Wed, 05 Jan 2000 12:14:45 -0600
Tim Tyler wrote:
> It /may/ not be impossible. It's just that nobody knows whether it's
> possible or not.
I claim it is. The proof may not be good enough for some, but for
practical applications it looks pretty good to me. Check out the
paper highlighted under /dev/random on http://www.terracom.net/~eresrch
> Perhaps, perhaps not. It depends on your "this" - since the original
> poster did not specify an application and instead asked after a "truly"
> random bitstream - an entity whose existence some regard in much the same
> light as they would a perpetual motion machine.
There are many ways to define "random", and many ways to measure it.
If the measurements match the definition, then it's close enough.
> Even if radioactive decay /were/ perfectly random, there is no known way
> of amplifying it to a macroscopic scale while demonstrably avoiding every
> possibility of non-random influence from the environment - so whether
> radioactivity itself is completely random or not is not very relevant.
It is easy to prove this false. See the above paper.
or go here: http://www.helsbreth.org/random/smokerng/detecting_random.html
> Of course for cryptographic protocols, you *can't* possibly trust the
> randomness of anything you download from the internet - since your
> opponent may be monitoring and/or influencing your download.
Obviously.
>
> : I thought one of the fundamentals of quantum behaviour is this randomness.
>
> That depends on who you talk to. The MWI interpretation of quantum
> physics effectively has no randomness in it at all, for example.
Theory that allows the manipulation of reality to perform work are
useful. MWI isn't useful.
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Unsafe Advice in Cryptonomicon
Date: Wed, 05 Jan 2000 11:18:09 GMT
Well, I finally finished the book.
At one point, the hero manages to avoid the villains reading what his
computer is doing by not using the display on his laptop computer.
However, although the display is the _easiest_ target, given a
competent adversary, the actual computations the computer is
performing, signals to and from the keyboard, signals to and from the
hard drive, and so on, are also targets, and thus, TEMPEST-type
precautions deal with *all* RF emissions from a computing device.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Change of number bases
Date: Wed, 05 Jan 2000 13:07:38 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> Given a representation of the information as a sequence of digits
> in base b1, one first permutes the digits in some way (not
> necessarily sophisticated, e.g. a classical transposition). Then
> one divides the sequence into blocks of certain convenient length.
> Each block is a number in base b1. One converts such numbers to
> base b2 and concatenate them. The whole information is thus a
> sequence of digits in base b2. One can repeat, if one like, the
> same operations with base b3, b4 etc. The last base could be
> the same as b1, so that if one starts from a bit sequence one
> finishes with another bit sequence of generally different length.
> Obviously the transformation is nonlinear in general. It is fairly
> clumsy for manual work but should be rather simple to program.
>
In part, this is what happens in Base Translation. Certain bases are more
convenient to manipulate than others, anc I have worked to remove the
clumsy part. Generally, different bases are used; a form of compression
could be a byproduct.
Such processes do tear at the bit-only mentality one sees as it treats
base-2 as just one more option. The paper on the subject is close to
submission, after several preliminary cleanup efforts. The theory is
certainly simple enough, but the ciphertext results are at least
interesting.
Three bases seems the most useful, so that original format is two steps
removed, and some degrees of weirdness from unapparent bases can be
introjected.
--
Considering that the best guess is that Jesus was born in 4 BC,
for the purists, fate worshipers, and absolute prognosticators,
you all missed your boat fome time ago, as hype mongers rejoice.
------------------------------
Date: Wed, 05 Jan 2000 11:56:13 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: How to obtain updated SSL certificate for Navigator-3?
It seems that both Netscape and Microsoft have decided that SSL site
certificates are a great way to "persuade" people to upgrade to the
latest version of their (increasingly-bloated) products.
I happen to like and to prefer Navigator 3, but its site-certificates
expire on December 31st. How can I obtain new certificates? (I have
actually downloaded ... ick ... Communicator 4.)
On another subject: what are the security risks of the people who will
simply turn-off the reminder messages and continue to want to use
"expired" certificates for years to come?
I see no reason at all, except marketing, why certificates should
"expire" anyway. Bits don't wear out...
====================================================================
Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259
mailto:[EMAIL PROTECTED] (PGP public key available.)
> Why =shouldn't= it be quick and easy to keep your database online?
> ChimneySweep(R): "Click click, it's fixed!" {tm}
> http://www.sundialservices.com/cs3web.htm
------------------------------
From: James Muir <[EMAIL PROTECTED]>
Subject: Re: Change of number bases
Date: Wed, 05 Jan 2000 18:47:48 GMT
Interesting idea but utilimately the cipher blocks will be represented
in binary. Have you considered this?
-James
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> From a recent discussion involving number bases other than powers
> of 2, I came up with the following 'raw' idea and would like to know
> whether it could eventually be of some practical use:
>
> Given a representation of the information as a sequence of digits
> in base b1, one first permutes the digits in some way (not
> necessarily sophisticated, e.g. a classical transposition). Then
> one divides the sequence into blocks of certain convenient length.
> Each block is a number in base b1. One converts such numbers to
> base b2 and concatenate them. The whole information is thus a
> sequence of digits in base b2. One can repeat, if one like, the
> same operations with base b3, b4 etc. The last base could be
> the same as b1, so that if one starts from a bit sequence one
> finishes with another bit sequence of generally different length.
> Obviously the transformation is nonlinear in general. It is fairly
> clumsy for manual work but should be rather simple to program.
>
> M. K. Shen
> --------------------------
> http://home.t-online.de/home/mok-kong.shen
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Change of number bases
Date: Wed, 05 Jan 2000 20:22:19 +0100
wtshaw wrote:
>
> In part, this is what happens in Base Translation. Certain bases are more
> convenient to manipulate than others, anc I have worked to remove the
> clumsy part. Generally, different bases are used; a form of compression
> could be a byproduct.
I am yet not familiar with your work in detail. For the scheme I
described there unfortunately couldn't be any compression. This is
because when one converts a number from a base to another (for
certain block sizes of digits) the range of the input must be
smaller than or equal to that the output, otherwise there could be
overflows. So, if one starts with a bit sequence and ends with a
bit sequence (initial and final bases are both powers of 2) via
a number of base changes in the manner I posted, the resulting
sequence is necessarily longer. Thus I surmise you might have
employed some techniques better than what I described.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Subject: Re: Unsafe Advice in Cryptonomicon
Date: Wed, 05 Jan 2000 19:22:18 GMT
On Wed, 05 Jan 2000 11:18:09 GMT, [EMAIL PROTECTED] (John Savard)
wrote:
>Well, I finally finished the book.
>
>At one point, the hero manages to avoid the villains reading what his
>computer is doing by not using the display on his laptop computer.
>
>However, although the display is the _easiest_ target, given a
>competent adversary, the actual computations the computer is
>performing, signals to and from the keyboard, signals to and from the
>hard drive, and so on, are also targets, and thus, TEMPEST-type
>precautions deal with *all* RF emissions from a computing device.
>
>John Savard (jsavard<at>ecn<dot>ab<dot>ca)
>http://www.ecn.ab.ca/~jsavard/crypto.htm
I noticed that. Also that the laptop in question was located about
one inch from the antenna. It took some "willing suspension of
disbelief" to let it slide by.
Stephenson was also a little liberal in calling all EM emissions
monitoring "Van Eck phreaking". Actually the Van Eck devices are
modified TV recievers (more or lesse) that reconstruct images from
video display noise. Presumably, more advanced gizmos that monitor
(for instance) keyboard noise and bus noise have different names...
:o)
Steve K
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP key 0x5D016218
All others have been revoked.
------------------------------
From: CLSV <[EMAIL PROTECTED]>
Subject: Re: Truly random bistream
Date: Wed, 05 Jan 2000 19:29:03 +0000
Medical Electronics Lab wrote:
>> Nigel Fitchard <[EMAIL PROTECTED]> wrote:
>>: I would like to get hold of a truly random bitstream - about 2^24 bits long
>>: should be plenty. Does anyone know if such a thing exists for download ?
> Tim Tyler wrote:
> > It /may/ not be impossible. It's just that nobody knows whether it's
> > possible or not.
> I claim it is. The proof may not be good enough for some, but for
What is your proof? In the (quite readable) paper describing a
useful experiment I read:
"Although uniformity was achieved relatively early, it was found
that local and long-range correlations persisted in later samples."
> practical applications it looks pretty good to me. Check out the
> paper highlighted under /dev/random on http://www.terracom.net/~eresrch
I could certainly be good enough for many applications.
Including crypto.
> > Perhaps, perhaps not. It depends on your "this" - since the original
> > poster did not specify an application and instead asked after a "truly"
> > random bitstream - an entity whose existence some regard in much the same
> > light as they would a perpetual motion machine.
> There are many ways to define "random", and many ways to measure it.
> If the measurements match the definition, then it's close enough.
Yes, and there are many ways to define "proof".
This way of reasoning doesn't lead to anything.
> > Even if radioactive decay /were/ perfectly random, there is no known way
> > of amplifying it to a macroscopic scale while demonstrably avoiding every
> > possibility of non-random influence from the environment - so whether
> > radioactivity itself is completely random or not is not very relevant.
> It is easy to prove this false. See the above paper.
I don't think the paper claims that the experiment
achieves perfect randomness, and that is its power.
It is an honest report of what can be done with only
limited resources. And it is quite impressive but there
is no need to stretch the definition of "proof" and
"randomness" and claim that the experiment produces
true random numbers.
Regards,
Coen Visser
------------------------------
From: "Jason C. Hartley" <[EMAIL PROTECTED]>
Subject: Re: REQ: Applied Crypto source disc
Date: Wed, 05 Jan 2000 19:31:05 GMT
LBMyers wrote:
>
> Jason C. Hartley <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > First off, you suck.
> > Secondly, I am so profoundly lazy you have no idea. In a moment of
> > clarity, recently, I quit my job after lunch. I would have quit long
> > ago, but I was too lazy. So now 40 bucks means a lot of Taco Bell.
> > Plus, if you don't pay for something then never use it because you're
> > too lazy, you don't feel like you wasted any money. Dontcha love
> > that?
> >
> So basically you are a foul-mouthed, lazy, thief who wants to steal
> othere people's work. Have I got it right.
Yes, I want to steal freely-distributed software, I already said I'm
more lazy than you can possibly begin to fathom, and you got me
pegged- I am foul-mouthed.
Btw, what the hell is a "thief who want to steal other people's work?"
All I wanted was the contents of the disc. Not a bunch of witless
moralizing. My goodness.
Thank you LB "Redundant" Myers.
P.S. To everyone else, I truly apologize for my pointless banter. But
how could I resist? They were callin' me names. *grin*
-Jason the lazy, foul-mouthed thief
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Change of number bases
Date: Wed, 05 Jan 2000 20:38:48 +0100
James Muir wrote:
>
> Interesting idea but utilimately the cipher blocks will be represented
> in binary. Have you considered this?
In fact, in my humble opinion probably the most useful case of
applying this scheme is to start with a bit sequence (initial base
power of 2) and end with a bit sequence (final base power of 2).
The intermediate bases serve simply to effect the transformation.
The indisputable position of binary systems in contemporary
computing leaves little room for other choices. (The characters
one enters via keyboard are invariably turned into bytes. Thus
one almost necessarily starts with a bit sequence.)
M. K. Shen
------------------------------
From: "Buchinger Reinhold" <[EMAIL PROTECTED]>
Subject: Is DES still used for ATM transactions ????
Date: Tue, 4 Jan 2000 14:41:31 +0100
Hello !!
I simply want to know, if DES is still used for ATM transactions in Europe
(and US).
Thank's a lot for your help !!!!
Reinhold Buchinger
------------------------------
From: [EMAIL PROTECTED] (Jim)
Subject: Re: Truly random bistream
Date: Wed, 05 Jan 2000 19:54:15 GMT
Reply-To: Jim
On 05 Jan 2000 08:42:10 GMT, [EMAIL PROTECTED] (TohuVohu) wrote:
>I don't see why this is impossible. Isn't radioactive decay "random" enough
>for this?
Nothing is _absolutely_ random; no clock is _absolutely_ accurate;
nothing can go from one level to another _absolutely_ instantaneously;
etc; etc...
--
Jim Dunnett.
nordland at lineone.net
amadeus at netcomuk.co.uk
------------------------------
From: [EMAIL PROTECTED] (Jim)
Crossposted-To: alt.privacy
Subject: Re: Secure Delete Smart
Date: Wed, 05 Jan 2000 19:54:16 GMT
Reply-To: Jim
On Wed, 05 Jan 2000 12:42:11 -0500, Henry <[EMAIL PROTECTED]> wrote:
>Why go to all the trouble when you can absolutely destroy portable magnetic
>media records by passing the media near a powerful magnet? [Has the added
>advantage of permitting the re-use of the media]
This is not considered safe at all by military/government.
>As for Hard Drives, there
>is simple software available which completely overwrites a file you wish
>deleted [instead of just obscuring the file name] making it impossible to
>recover, or, of course, there is always the Format command which wipes the
>entire disk beyond recovery.
Dangerous. Read the paper by Peter Gutman, Dept of Computer Science,
University of Auckland, NZ, on this subject.
--
Jim Dunnett.
nordland at lineone.net
amadeus at netcomuk.co.uk
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Unsafe Advice in Cryptonomicon
Date: Wed, 05 Jan 2000 21:03:05 +0100
John Savard wrote:
>
> However, although the display is the _easiest_ target, given a
> competent adversary, the actual computations the computer is
> performing, signals to and from the keyboard, signals to and from the
> hard drive, and so on, are also targets, and thus, TEMPEST-type
> precautions deal with *all* RF emissions from a computing device.
In view of tempest related attacks, that I guess could only be
eliminated in rather clumsy ways, it would appear reasonable to
have some components of one's encryption system to be mechanical
ones, hence without emissions. This would mean sort of renascence
of the classical devices. Or am I speculating on an entirely wrong
track?
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
