Cryptography-Digest Digest #35, Volume #11 Wed, 2 Feb 00 02:13:02 EST
Contents:
Re: Does the NSA have ALL Possible PGP keys? (Tom St Denis)
Re: How to password protect files on distribution CD (Wally Whacker)
Re: Reducing swap file use in Windows 98 ("Henny Youngman")
Re: KEA gains something with RSA instead of D-H (John Savard)
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Wed, 02 Feb 2000 04:03:40 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> [EMAIL PROTECTED] (John Savard) wrote, in part:
> >Tom St Denis <[EMAIL PROTECTED]> wrote, in part:
>
> >>saying that everything out there is
> >>broken despite the fact he can't prove any of it.
>
> >Then there's that fellow who started out in this group by posting
that
> >IDEA is fatally weak, and only his wonderful cipher with an S-box
with
> >65,536 entries is any good. Now do you wonder why we have such an
> >attitude towards that other fellow?
>
> Oops. I confused you with Tim Tyler.
While I enjoy the good flame-fest as much as the next guy, clean your
sights next time?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Wally Whacker <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.unix,comp.security
Subject: Re: How to password protect files on distribution CD
Date: 01 Feb 2000 21:21:18 -0800
There is a solution:
Don't give the user the CD. Have it run remotely over the net with an X-Server or
web browser. Cracked code problem solved. It still allows illegal usage, even
over the net, but it's much easier to monitor and control.
I think in the long run, piracy has helped computer companies. Just my
opinion.
Here's one to chew on: Software you buy, install and run completely on
your computer will go the way of the horse and buggy. Once Internet
speeds can support good interactive use, who wants the hassle of
installing software, figuring out problems, re-installing every time
Windows needs re-installing etc? Apps over the net will be point and
clock GO!
Wally
--
Strangers in your computer? Don't be the last one to find out.
HTTP://HACKERWHACKER.COM
Security Link of the Hour:
http://packetstorm.securify.com/100.shtml
------------------------------
From: "Henny Youngman" <[EMAIL PROTECTED]>
Subject: Re: Reducing swap file use in Windows 98
Date: Tue, 1 Feb 2000 23:04:43 -0700
I wonder if that will do any good. Windows will still write to the swap
file in a way that is very unpredictable. Besides, the swap file, in my
pinion is just one of many security holes un Windows 98 and perhaps not the
worst.
HY
cedric frost <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I found this tip for reducing Windows' dependency on the swap file
directed
> at those wishing to improve system performance, but I thought it would be
> worth mentioning here since it can potentially reduce the risk of Windows
> swapping keys, plaintext or other sensitive data out to disk.
>
> "Windows 98 added a new feature, PageFile_Call_Async_Manager, that allows
> the Memory Manager to asynchronously write out page file (swap file)
buffers
> during periods of time when VFAT file system activity is not busy...
> You can disable this feature, causing the system to behave as Windows 95
> does, at some cost in overall system performance. Add the following entry
to
> the System.ini file under its [386Enh] section:
>
> [386Enh]
> ConservativeSwapfileUsage=1
> "
> The original text is at http://m1.aol.com/axcel216/98-4.htm
>
> Cedric
>
>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: KEA gains something with RSA instead of D-H
Date: Wed, 02 Feb 2000 06:17:51 GMT
On Wed, 02 Feb 2000 01:19:25 +0000, David Hopwood
<[EMAIL PROTECTED]> wrote, in part:
>Normally, DH is not used with fixed public values for each side.
>Using ephemeral keys is much less practical for RSA, because RSA key pair
>generation requires finding two large primes, which for secure key sizes
>is *much* slower than a modexp.
Yes, that was my mistake, which I noted in later responses to my own
post. Since two of the private keys are ephemeral, the security
advantage I was thinking of is already present with DH. (The other two
are persistent so that they can be certified.)
>I don't see how KEA [KEA] can be adapted to use RSA without completely
>redesigning it, but maybe I'm missing something.
>How were you intending to adapt KEA to use RSA?
I was simply thinking that A sends session key 1 to B using B's public
key, B sends session key 2 to A using A's public key, and then the XOR
of the two session keys is actually used for the message.
To me, that seemed like the "RSA equivalent" of KEA, even if it had
fewer steps. I freely admit that my thoughts on the matter were on a
simplistic level.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
