Cryptography-Digest Digest #61, Volume #11 Mon, 7 Feb 00 01:13:01 EST
Contents:
Re: permission to do crypto research (Troed)
Re: permission to do crypto research (Paul Rubin)
Re: permission to do crypto research ("Charles R. Lyttle")
question about PKI... (Palmpalmpalm)
Re: NSA opens up to US News (John Savard)
Re: NSA opens up to US News (John Savard)
Maybe a simple question ("Dave VanHorn")
Re: Any information about CAST ? (Alex MacPherson)
Re: permission to do crypto research (H. Peter Anvin)
Re: Maybe a simple question (Jim Gillogly)
Re: Maybe a simple question ("Dave VanHorn")
Re: TLS: What is the purpose of the client certificate request? (Anuj Seth)
Re: NIST, AES at RSA conference ("Douglas A. Gwyn")
Re: Does the NSA have ALL Possible PGP keys? (Eric Lee Green)
Re: Maybe a simple question (Jim Gillogly)
Re: permission to do crypto research (Xcott Craver)
Re: Court cases on DVD hacking is a problem for all of us (Eric Lee Green)
Re: Maybe a simple question ("Dave VanHorn")
Re: question about PKI... ("Joseph Ashwood")
Re: NSA opens up to US News (wtshaw)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Troed)
Crossposted-To: talk.politics.crypto
Subject: Re: permission to do crypto research
Reply-To: [EMAIL PROTECTED]
Date: Sun, 06 Feb 2000 23:45:17 GMT
[EMAIL PROTECTED] (David Wagner) wrote:
>As far as I can tell, the DeCSS cases are effectively writing the law --
>so keep a close eye on them!
... and please make your voices heard. I'm luckily not a US citizen
myself, but if I had been I would have done more than I can do now.
I'm still interested in the parallells with the GSM crypto hack - they
have a lot in common.
___/
_/
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Crossposted-To: talk.politics.crypto,misc.int-property,misc.legal.computing
Subject: Re: permission to do crypto research
Date: 6 Feb 2000 23:45:30 GMT
In article <87k55g$i5o$[EMAIL PROTECTED]>,
Roger Schlafly <[EMAIL PROTECTED]> wrote:
>According to US copyright law on "circumvention of copyright
>protection systems" (17 US 1201), certain encryption research
>is permissable only if "the person made a good faith effort to
>obtain authorization before the circumvention".
Is the US Copyright Patrol supposed to have jurisdiction in Norway?
------------------------------
From: "Charles R. Lyttle" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,misc.int-property,misc.legal.computing
Subject: Re: permission to do crypto research
Date: Mon, 07 Feb 2000 01:16:05 GMT
wtshaw wrote:
>
> In article <87k55g$i5o$[EMAIL PROTECTED]>, "Roger Schlafly"
> <[EMAIL PROTECTED]> wrote:
>
> > According to US copyright law on "circumvention of copyright
> > protection systems" (17 US 1201), certain encryption research
> > is permissable only if "the person made a good faith effort to
> > obtain authorization before the circumvention".
> >
> > Now I know the law is silly, but does anyone have experience
> > with authorization requests? Eg, if you write to Microsoft
> > and ask for permission to hack Windows for research
> > purposes, what does Microsoft say? Has anyone asked for
> > permission to crack DVD/CSS encryption?
> >
> > The law also tries to distinguish whether a published crack
> > advances research or facillitates infringement. Does anyone
> > know of this distinction being drawn in a practical situation?
> > (Some of these issues will arise in the NY DeCSS case.)
>
> You simply structure the quiery appropriately, like "Let me know if you
> have any objection my studying how such and such program works."
>
> No comment, then you have the freedom to study how everything works,
> including using any tools to assist you in that pursuit. Any other
> ambigious response will be something you can hang your hat on. A blanket
> NO would be easily recognized as unreasonable since all users need to know
> something about how a program/system works.
>
> What we see is industry trying to revive a dead fish, but do not play
> their game with a baited breath; learn all you can with the abilities that
> you have. Be prepared to play stupid; that is how the big guys do it in a
> bind.
> --
> A big-endian and a little-endian have been spotted sitting at a
> campfire nibling on bytes and pointing at each other as they
> argued about who got hit with the most errors.
Thats the old "Unless Otherwise Directed" ploy;) Such as "Unless
otherwise directed we are going to bill your credit card $50 each
month." Send it at the end of a long letter that looks like SPAM or junk
snail mail.
It is common on the internet today. If you don't "unsubscribe" from
digital domain, for example, they will proceed to market data they
collect on you.
So it must be leagal and binding.
--
Russ Lyttle, PE
<http://www.flash.net/~lyttlec>
Thank you Melissa!
Not Powered by ActiveX
------------------------------
From: [EMAIL PROTECTED] (Palmpalmpalm)
Subject: question about PKI...
Date: 07 Feb 2000 01:25:37 GMT
Hi, does anybody kindly answer my question?
What method does the PKI product provide for mobile users?
When users move to another computer, do they have to bring their own private
key and certificate always?
Thanks in advance.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: NSA opens up to US News
Date: Mon, 07 Feb 2000 01:05:29 GMT
On Sun, 6 Feb 2000 15:54:30 -0700, "Henny Youngman"
<[EMAIL PROTECTED]> wrote, in part:
>Saying the NSA had a computer failure is like saying
[the city of]
>Phoenix
[, Arizona]
>had a restaurant failure.
>No way "ALL" or even a large portion of NSA's computers went south at the
>same time.
Maybe their *network* went down, and so they couldn't use the
computers, even if the computers _themselves_ were working. I could
*indeed* imagine that the NSA might have their mighty array of Crays
and the like connected to a network, and the people using them would
do so from PC-like machines. In fact, I'm rather sure that is what was
meant.
And the article also contained a reference to an ambitious NSA network
plan that didn't quite work out well.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: NSA opens up to US News
Date: Mon, 07 Feb 2000 01:10:30 GMT
On Sun, 06 Feb 2000 15:32:18 GMT, [EMAIL PROTECTED] (Dave
Hazelwood) wrote, in part:
>http://www.usnews.com/usnews/issue/000214/nsa.htm
An interesting article. Of course, it implies that the NSA *can* crack
PGP, if "computer technology" is a "storm that is looming in the
distance, but which hasn't struck yet". Or that not everybody is using
it or something equivalent.
Maybe I should take down my web page before everyone finds out how to
improve their ciphers...or even convert binary data, coded with
something like PGP, into letters of the alphabet for subsequent coding
on the older cipher machines that have greater physical security than
a PC. On the other hand, the NSA should not be encouraged to waste the
taxpayer's money by investing in, say, an octupling of their present
computer power (ahead of schedule, that is). Now, if they want to
research quantum computing, that would at least be something _useful_.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: "Dave VanHorn" <[EMAIL PROTECTED]>
Subject: Maybe a simple question
Date: Mon, 07 Feb 2000 01:39:25 GMT
I'm looking for a function that will encrypt a cc# so it can be compared
later to another encrypted cc#. There should be no feasable way to reverse
the process and come up with the cleartext, but if "1234" = EEQWR#%!@%^#
then the next time I encrypt "1234", the answer needs to be the same.
Can anyone point me to a linux program that does this?
------------------------------
From: Alex MacPherson <[EMAIL PROTECTED]>
Subject: Re: Any information about CAST ?
Date: Sun, 06 Feb 2000 20:38:15 -0500
James,
You can take a look here at Queen's University.
http://saturn.ee.queensu.ca:8000/cast/
Alex MacPherson
James wrote:
> CAST is a royalty-free encryption algorithm for non-commercial uses. I'm interested
>in it and want
> more detailed information on it (design/implementation..). Could anyone tell me
>where I can find
> information about CAST ? Thanks a lot.
------------------------------
From: [EMAIL PROTECTED] (H. Peter Anvin)
Crossposted-To: talk.politics.crypto,misc.int-property,misc.legal.computing
Subject: Re: permission to do crypto research
Date: 6 Feb 2000 18:10:11 -0800
Reply-To: [EMAIL PROTECTED] (H. Peter Anvin)
Followup to: <87l12q$96o$[EMAIL PROTECTED]>
By author: [EMAIL PROTECTED] (Paul Rubin)
In newsgroup: talk.politics.crypto
>
> Is the US Copyright Patrol supposed to have jurisdiction in Norway?
>
Seems like they think so. The Norwegian Storting is apparently having
some issues with it, as well as the behaviour of their own police
(Økokrim.)
-hpa
--
<[EMAIL PROTECTED]> at work, <[EMAIL PROTECTED]> in private!
"Unix gives you enough rope to shoot yourself in the foot."
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Maybe a simple question
Date: Mon, 07 Feb 2000 03:00:21 +0000
Dave VanHorn wrote:
>
> I'm looking for a function that will encrypt a cc# so it can be compared
> later to another encrypted cc#. There should be no feasable way to reverse
> the process and come up with the cleartext, but if "1234" = EEQWR#%!@%^#
> then the next time I encrypt "1234", the answer needs to be the same.
>
> Can anyone point me to a linux program that does this?
echo "1234" | md5sum
It's smarter if you have a secret "salt":
echo "BigSecret: 1234" | md5sum
That way attackers can't guess a cc# to see whether it's the right one.
--
Jim Gillogly
Mersday, 17 Solmath S.R. 2000, 02:58
12.19.6.16.17, 7 Caban 5 Pax, Fourth Lord of Night
------------------------------
From: "Dave VanHorn" <[EMAIL PROTECTED]>
Subject: Re: Maybe a simple question
Date: Mon, 07 Feb 2000 03:40:14 GMT
> It's smarter if you have a secret "salt":
>
> echo "BigSecret: 1234" | md5sum
>
> That way attackers can't guess a cc# to see whether it's the right one.
How secure is this really?
Is there somewhere where I can read up on attacks against MD5?
------------------------------
From: Anuj Seth <[EMAIL PROTECTED]>
Subject: Re: TLS: What is the purpose of the client certificate request?
Date: Mon, 07 Feb 2000 04:21:46 GMT
Hi,
> Yes, the server certificate authenticates the server and the client
> certificate authenticates the client. I don't understand your final
> question about authenticating the user.
That's what I thought as well! About, the question you didn't understand
let me rephrase it -- The server requests the client for the
certificate. The client sends the certificate across to the server. Now,
how is the server supposed to authenticate the client? Basically, the
server should be able to access the CA to get the CA's public key. The
CA's public key will be used to authenticate the user (If I'm correct).
I've read the X.509 standard but couldn't figure out how to connect to
the CA to get the CA's public key. Could someone let me know how it is
to be done?
Thanks,
With Regards,
Anuj Seth
Visit my homepage at http://anujseth.tripod.com/
--
With Regards,
Anuj Seth
Visit my homepage at http://anujseth.tripod.com/
--
With Regards,
Anuj Seth
Visit my homepage at http://anujseth.tripod.com/
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST, AES at RSA conference
Date: Mon, 07 Feb 2000 04:59:04 GMT
Terry Ritter wrote:
> "Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
> >Actually the statement that it is strictly stronger can be
> >easily contradicted, using XOR (eXclusive-OR), where
> >regardless of the keys chosen multiple encipherment is
> >strictly equivalent to a single encipherment with the XOR of
> >the keys.
> First of all, only a one-time-pad (OTP) acts like that.
It's true even for Vigenere encipherment (although the
resulting period is the LCM of the component periods,
so it is strictly true only when the repeating keys have
the same length).
> Since each cipher transforms its "plaintext" to ciphertext,
> we expect each to contribute strength.
If you're going to presuppose the answer, of course you will
arrive at the conclusion you're after. But such arguments
aren't proofs.
Here is another counterexample: simple substitution
with random alphabet (permutation). Composing any
number of these yields a cipher of exactly the same
class; whatever "strength" is supposed to mean, it
is evidently not increased by the multiple encipherments.
An interesting question is, is there some natural
counterexample wherein the overall "strength"
(which I guess means difficulty in expert cryptanalysis)
is actually *reduced* by composing encipherments?
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Sun, 06 Feb 2000 22:15:57 -0700
"Douglas A. Gwyn" wrote:
> Eric Lee Green wrote:
> > Even if the number of accepted keys was reduced to some ridiculously small
> > number by those tests and the limits of the PRNG, like, say, 2^128, ...
>
> I had in mind the possibility of the actual number of possible keys
> being reduced to a much smaller (tractable) number, maybe 2^32.
The PGP source code is widely available for download, and if you wish,
you can download a copy and crytanalyze the PRNG yourself. In fact,
people have done so, when I was browsing through papers on
crytographic-quality PRNG's so that I could implement one that was
halfway strong I found at least one paper crytanalyzing the PGP PRNG.
But (shrug), conspiracy theories are much easier to cope with. None of
that icky THINKING stuff involved. And lord knows that most people
prefer not to think, it makes their heads hurt.
--
Eric Lee Green [EMAIL PROTECTED]
http://members.tripod.com/e_l_green/
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Maybe a simple question
Date: Mon, 07 Feb 2000 05:15:10 +0000
Dave VanHorn wrote:
> > It's smarter if you have a secret "salt":
> >
> > echo "BigSecret: 1234" | md5sum
> >
> > That way attackers can't guess a cc# to see whether it's the right one.
>
> How secure is this really?
> Is there somewhere where I can read up on attacks against MD5?
How secure do you need it? Nobody has a complete attack on MD5 yet,
though there is a nice attack on its compression function and thus
it's deprecated for new work in favor of SHA1. However, since it's
still intact overall, there's no panic in removing it from existing
applications. I suggested it because you asked for a Linux program,
and this is one that should be on most off-the-CDROM installations.
If you want more safety, use the equivalent SHA-1 program, which
you'll need to compile yourself. You can use OpenSSL, SSLeay, my
free source, or several other versions available around the Web.
--
Jim Gillogly
Mersday, 17 Solmath S.R. 2000, 05:11
12.19.6.16.17, 7 Caban 5 Pax, Fourth Lord of Night
------------------------------
From: [EMAIL PROTECTED] (Xcott Craver)
Crossposted-To: talk.politics.crypto,misc.int-property,misc.legal.computing
Subject: Re: permission to do crypto research
Date: 7 Feb 2000 05:14:18 GMT
wtshaw <[EMAIL PROTECTED]> wrote:
>
>You simply structure the quiery appropriately, like "Let me know if you
>have any objection my studying how such and such program works."
>
>No comment, then you have the freedom to study how everything works,
>including using any tools to assist you in that pursuit.
^^^^^^^^^^^^^^^
Not quite. *Distributing* programs to circumvent a copyright
protection measure is flat-out against this law, with no
research exemptions. Thus, you might have permission to *use*
tools that try to crack copy protection mechanisms, but will you
be able to download or buy those tools?
I'm sure you'll be able to obtain debuggers, or other general
purpose tools which _could_ be used for circumvention, but there
are also very special-purpose attack programs used by researchers,
like Fabien Petitcolas's StirMark, a program which subtly warps
an image with the intended purpose of misaligning any digital
watermarks hidden inside.
I should check to see if there are any standard tools for
jiggling watermarks out of video files; I'm sure that any such
tools would be seriously frowned upon by the MPAA.
-S
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Court cases on DVD hacking is a problem for all of us
Date: Sun, 06 Feb 2000 22:24:42 -0700
Michael Kagalenko wrote:
> I wonder how the data transfer rate required for DVD playback compres
> with data transfer rate of tape drives. May be, DVDs can be copied to
> digital tape ?
You would need a minimum of a NS-20 tape drive. Nope, that wouldn't
work, because NS-20 tape drives transfer data at a rate of 1 megabyte
per second on their best days. Not to mention that NS-20 media costs
$35, which is about the same that a DVD movie costs in the first place.
An Ecrix VXA would probably work better, since it transfers data at
around 2.5 megabytes per second (check out http://www.linuxtapecert.org
for some benchmark data that we've done on various tape drives), but it
uses 8mm media that costs $69 apiece. Again, a DVD movie costs around
$35. Whoopsie daisy!
Well, let's see. DDS-4 DAT (4mm) will do, hmm, 2.5 megabytes per second,
and the media costs around $30 apiece. Of course, the drives themselves
currently cost anywhere from $1100 to $1500. Yeah, I can see people
spending thousands of dollars on tape drives in order to pirate DVD
movies onto media that's not much cheaper than just buying the bloody
movie in the first place.
--
Eric Lee Green [EMAIL PROTECTED]
http://members.tripod.com/e_l_green/
------------------------------
From: "Dave VanHorn" <[EMAIL PROTECTED]>
Subject: Re: Maybe a simple question
Date: Mon, 07 Feb 2000 05:24:15 GMT
> How secure do you need it?
Well, I was thinkging on that.
Credit card numbers all have relatively few digits, and the account range
tables (which limit your choices) are publicly known, so I guess it's plenty
secure. Someone could conceivably run every possible number against the
hash, and come up with a match eventually..
In my application, they would then have the genuine credit card number used
by someone to secure a dialup account where they sent a ton of spam, or
otherwise abused the net. IOW, the card number (probably stolen or forged)
of a scumbag.
Big prize eh?
I think you've given me a good handle on the problem. Thanks :)
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: question about PKI...
Date: Sun, 6 Feb 2000 21:34:20 -0000
While your question doesn't seem to make as much sense as
possible, because there is a great diversity in PKI. In
spite of this I believe that the answer you are seeking is
that each time a user moves to a new system their private
key/certificate must be loaded onto that machine, although
the transfer may be transparent depending on the particulars
involved.
Joe
"Palmpalmpalm" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi, does anybody kindly answer my question?
>
> What method does the PKI product provide for mobile users?
> When users move to another computer, do they have to bring
their own private
> key and certificate always?
>
> Thanks in advance.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: NSA opens up to US News
Date: Sun, 06 Feb 2000 22:46:50 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
...
> Maybe I should take down my web page before everyone finds out how to
> improve their ciphers...or even convert binary data, coded with
> something like PGP, into letters of the alphabet for subsequent coding
> on the older cipher machines that have greater physical security than
> a PC. ...
Converting binary data to letters is not particularily difficult; I
already have anounced examples of Onega, 64 to 38, and Santa Maria, 64 to
27. Consider PGP, chained to a base translation cipher, chained to a
machine. Of couse to do the mechanical step requires that attendant be
*chained* to the device and promised a bowl of gruel if the job is
completed correctly. ;)
--
A big-endian and a little-endian have been spotted sitting at a
campfire nibling on bytes and pointing at each other as they
argued about who got hit with the most errors.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
