Cryptography-Digest Digest #120, Volume #11 Mon, 14 Feb 00 11:13:01 EST
Contents:
Re: Predicting the next random number (John Savard)
Re: Associative Symmetric Encryption (John Savard)
Quastion about RSA function. Help!!!! (ant)
RE: Associative Symmetric Encryption (Gary)
Re: PKI's and CA's (David P Jablon)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Jerry Coffin)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Bob Silverman)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Tom McCune)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Tony L. Svanstrom)
Re: Guaranteed Public Key Exchanges (No Brainer)
Re: Guaranteed Public Key Exchanges (No Brainer)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Jerry Coffin)
Re: Guaranteed Public Key Exchanges (No Brainer)
Re: Guaranteed Public Key Exchanges (No Brainer)
Is there a list for this newsgroup? (No Brainer)
Re: UK publishes 'impossible' decryption law (Dave Hazelwood)
Re: CHEATING AT PARADISE POKER ("Trevor Jackson, III")
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Casper H.S. Dik - Network
Security Engineer)
Re: Does the NSA have ALL Possible PGP keys? ("Trevor Jackson, III")
Re: Does the NSA have ALL Possible PGP keys? ("Trevor Jackson, III")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Predicting the next random number
Date: Mon, 14 Feb 2000 13:17:48 GMT
On Mon, 14 Feb 2000 08:16:39 GMT, [EMAIL PROTECTED] wrote, in part:
>Hey, I was just curious, but if someone came up with a way to predict
>the numbers from ANY pseudo random number generator, would the NSA
>come and take them away for some reason that I can currently fathom???
They'd have to stand in line behind Las Vegas.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Associative Symmetric Encryption
Date: Mon, 14 Feb 2000 13:18:49 GMT
On Mon, 14 Feb 2000 07:24:52 -0500, Gary <[EMAIL PROTECTED]>
wrote, in part:
>such that
>Ea(Eb(P))==Eb(Ea(P))
You mean commutative.
And no, I don't think much has been achieved in this area.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: ant <[EMAIL PROTECTED]>
Subject: Quastion about RSA function. Help!!!!
Date: Mon, 14 Feb 2000 16:07:56 +0000
Who knows why Y^d(mod n) is the reverse function for original RSA
function : X^e(mod n).
Write me please....
------------------------------
From: Gary <[EMAIL PROTECTED]>
Subject: RE: Associative Symmetric Encryption
Date: Mon, 14 Feb 2000 09:01:07 -0500
Oops Sorry, yes I should have said commutative.
>===== Original Message From [EMAIL PROTECTED] (John
Savard) =====
>On Mon, 14 Feb 2000 07:24:52 -0500, Gary <[EMAIL PROTECTED]>
>wrote, in part:
>
>>such that
>>Ea(Eb(P))==Eb(Ea(P))
>
>You mean commutative.
>
>And no, I don't think much has been achieved in this area.
>
>John Savard (teneerf <-)
>http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (David P Jablon)
Subject: Re: PKI's and CA's
Date: Mon, 14 Feb 2000 14:16:10 GMT
In article <MTdp4.24552$[EMAIL PROTECTED]>,
Lyal Collins <[EMAIL PROTECTED]> wrote:
>in answer to 2:
>Since the Private key associated with your Public Key is protected by a
>password, you can't improve protection using software.
Software can help by moving the password-cracking vulnerability from
an untrustworthy client to a more secure remote server. Take a look at
the PKI roaming solutions, which specifically avoid storing the private
key on the local workstation.
>Embedded systems, such as a smartcard, can perfrom a more robust password
>verification than can be acheived in software, provided password-entry
>protection is implemented in the embedded hardware. A tamper-evident
>PINpad/reader, or possibly a tamper evident, type approved biometrics
>sensor/reader combination may do the trick.
>
>But, we are all stuck with passwords for now.
Given this problem, I presented a survey of some of the roaming
solutions at RSA 2000. (slides at <www.IntegritySciences.com/rsa2000.html>)
The talk also discussed how SPEKE and related zero-knowledge password
methods can be eliminate some of the traditional problems
associated with passwords.
>What the public/private key is used for after your password is verified is
>immaterial if the password is compromised or spoofed, especially on second
>or sunsequent logons.
>
>lyal
>
>
>[EMAIL PROTECTED] wrote in message <880lq7$t8g$[EMAIL PROTECTED]>...
>>I am trying to understand PKI and the role of the
>>CA's, toolkits etc. Here are a few of my queries,
>>can any one help?
>>
>>1) To have use PKI technology you need CSP's.
>>Where do these come from (not who makes them). Do
>>they get installed when you go to the CA?
>>
>>2) When logging on to send a secure message how
>>can the computer verify that it is you by any
>>more than a password and therefore bypass the
>>main problem that "passwords are notoriously easy
>>to crack".
>>
>>3) When a secure message is sent is everything
>>verified with the CA at the time? And the
>>recievers CA?
>>
>>4) do CA's sell the "middleware" or "toolkits" so
>>the PKI may be used across applications
>>
>>As you can probably tell I am rather confused!
>>Any help oon any of these issues or other related
>>issues that you think are important would be very
>>much appreciated.
>>
>>Thank you
>>
>>Philly
======================================================
David P. Jablon
Integrity Sciences, Inc.
[EMAIL PROTECTED]
<http://www.IntegritySciences.com>
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Mon, 14 Feb 2000 07:22:01 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... ]
> Proving and doing something about it isn't the same. It's not always
> easy to get people to move away from something that isn't secure enough
> when they haven't had any problems with it.
Pardon my pointing it out, but a few years ago, roughly the same thing
was done to the _root_ DNS servers. I.e. they didn't just redirect
one particular site -- they (more or less) redirected the entire
Internet. As it happens, they set up a direct mirror of the root
servers first, and redirected it to them, so the only real effect was
that Network Solutions' machines sat idle for a while and somebody
else did the work, but it was entirely clear to anybody who was paying
attention that they could have done just about anything they wanted
anywhere on the Internet.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Mon, 14 Feb 2000 14:40:38 GMT
In article <888hp2$6sp$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
<snip>
> "Wat up whats up to all my nigs ya know who ya are n #2600 and
> whats up all my #sesame nigs and
> call rigger if ya come here bc he is the gayest fuck ;)
> 718-815-4674 all chans are on a irc server lol
>
> - -tek
> pBK > * also irc.segments.org ;)"
>
> I wonder how long it'll take them to notice...Hhhm, would you
> trust RSA with your data security now? ;)
Will anyone trust YOU now???
Our website address is www.rsasecurity.com and has been so
for some time. www.rsa.com is no longer a valid URL.
>
> Cheers,
>
> Sam Simpson
> Communications Analyst
> - -- http://www.scramdisk.clara.net/ for ScramDisk hard-drive
> encryption & Delphi Crypto Components. PGP Keys available at the
> same site.
> -----BEGIN PGP SIGNATURE-----
> Version: 6.0.2ckt http://members.tripod.com/IRFaiad/
>
> iQA/AwUBOKfGEe0ty8FDP9tPEQLCfwCeJqdmB4SHoiOfAkJPAZZgBUi607oAn1gq
> dClIr8r2gIYflVDnnyb4hfqY
> =KLet
> -----END PGP SIGNATURE-----
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Mon, 14 Feb 2000 15:08:40 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In article <889455$ivh$[EMAIL PROTECTED]>, Bob Silverman <[EMAIL PROTECTED]>
wrote:
>Our website address is www.rsasecurity.com and has been so
>for some time. www.rsa.com is no longer a valid URL.
You must have a mirror, redirect, or ? at rsa.com. I have a long standing
link to your FAQ that always goes through - I'm a little obsessive about
checking my links and keeping them up to date. And right now, your site is
responding to rsa.com, such as my current web location:
http://www.rsa.com/downloads/
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.5.3
Comment: http://Tom.McCune.net or http://home.twcny.rr.com/tmccune1
iQA/AwUBOKgbIA2jfaGYDC35EQL3wgCg2uNKM/9U0jRUbfPWcfJjL3AfLOcAn0Bt
OFmXYVsxihpqy4N5X8XPsKQC
=i7aB
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Mon, 14 Feb 2000 16:20:24 +0100
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <888hp2$6sp$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > I wonder how long it'll take them to notice...Hhhm, would you
> > trust RSA with your data security now? ;)
>
> Will anyone trust YOU now???
>
> Our website address is www.rsasecurity.com and has been so
> for some time. www.rsa.com is no longer a valid URL.
If I wanted to be mean then I'd ask you, Bob, who's going to trust an
organization who lies about their old domainname not being in use when
it's very clear to everyone else that it is... but that wouldn't be me
(the ones that know me, please shut up ;)
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---���---���-----------------------------------------------���---���---
\O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: No Brainer <[EMAIL PROTECTED]>
Subject: Re: Guaranteed Public Key Exchanges
Date: Mon, 14 Feb 2000 23:14:06 +0800
Paul,
On Fri, 11 Feb 2000 15:14:14 -0500, Paul Koning <[EMAIL PROTECTED]> wrote:
<snip>
> The issue is: how you you bootstrap this? I.e., how do you get that
> first key, the one from A? The same problem exists in X.509 and similar
> certificate systems, the only difference is that these use trees while
> the WOT uses graphs.
Good question...
Is there a 100% secure way to download say, an x509.3 signed executable that
encapsulates a public key?
Without middle-man intervention?
------------------------------
From: No Brainer <[EMAIL PROTECTED]>
Subject: Re: Guaranteed Public Key Exchanges
Date: Mon, 14 Feb 2000 23:20:44 +0800
Mike,
On Thu, 10 Feb 2000 12:17:10 -0600, Mike Rosing <[EMAIL PROTECTED]>
wrote:
> In one thread you asked how to do it securely. One out of band method
> is a newspaper. Take out an ad in the classfied section an just publish
> the ascii text of your public key. It's easy enough for anyone to check
> that.
I see your point Mike...it can be difficult.
Since the beginning of the Internet, hasn't there yet been a method that
duplicates the paper in the example above? For example, is there a 100% secure
way to download a public key or executable using x509.3 cert's and CA's etc etc?
At least if you can download the public key securely then you know you have the
key of the person (as long as you trust the person who has given you the e-mail
address)?
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Mon, 14 Feb 2000 08:31:22 -0700
In article <889455$ivh$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> Will anyone trust YOU now???
>
> Our website address is www.rsasecurity.com and has been so
> for some time. www.rsa.com is no longer a valid URL.
Here's what Network Solutions says in response to a whois lookup of
"rsa.com":
RSA Data Security, Inc. (RSA-DOM)
100 Marine Parkway, Suite 500
Redwood City, CA 94065
Domain Name: RSA.COM
Administrative Contact, Technical Contact, Zone Contact:
Pablo, Archie (AP2786) [EMAIL PROTECTED]
415-595-8782 (FAX) 415-595-1873
Billing Contact:
De La Cruz, Ramon (RD2761) [EMAIL PROTECTED]
415-595-8782 (FAX) 415-595-1873
Record last updated on 06-Nov-1998.
Record created on 08-Jun-1990.
Database last updated on 13-Feb-2000 22:28:58 EST.
Domain servers in listed order:
RSA.COM 192.80.211.33
DNS1.NCAL.VERIO.NET 204.247.247.20
DNS2.NCAL.VERIO.NET 207.20.247.20
NS1.VERIO.NET 204.91.99.140
========================= end of quote ====================
In short, "rsa.com" most assuredly IS a valid domain name at the
present time. If you (here I'm using "you" to refer to RSA Data
Security collectively, not necessarily you personally) don't want it
to be, you need to contact Network Solutions and get it removed. It
will continue to exist until or unless you either explicitly get it
removed, or else NSI notices that the bill for that domain hasn't been
paid, and shuts it down themselves. Speaking from experience, the
latter is unlikely to happen in a timely fashion, with either NSI or
nearly any other sort of provider.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: No Brainer <[EMAIL PROTECTED]>
Subject: Re: Guaranteed Public Key Exchanges
Date: Mon, 14 Feb 2000 23:29:22 +0800
Darren,
On Thu, 10 Feb 2000 21:28:04 GMT, Darren New <[EMAIL PROTECTED]> wrote:
<snip>
> Right. My point is that even if I'm standing face-to-face with you, and you
> have your public key on a floppy in your hand, how do you know you're giving
> it to the right person? Your question as originally phrased is meaningless -
> that you know nothing about the person you're trying to exchange keys with.
> What you *do* know about the person is what you have to lever to get a
> secure exchange. If you know nothing, then you have no reason to even talk
> to that person in plaintext let alone via cyphers.
OK, now you're getting paranoid :)
Let's say someone you know and trust has provided you with an e-mail address,
either verbally, via a previous e-mail or via a newspaper article. As far as you
can tell, the e-mail address you have in your hand DOES belong to the person you
wish to communicate with (and trust).
Now if I have someone's e-mail address, how do I securely get their public key?
In other posts I have asked about using x509.3 cert's with CA's etc etc (without
middle man intervention) but I am wondering if there is another type of
solution.
If it is easier to securely download an exe (?) then could that executable be
used in real time to download the public key?
------------------------------
From: No Brainer <[EMAIL PROTECTED]>
Subject: Re: Guaranteed Public Key Exchanges
Date: Mon, 14 Feb 2000 23:34:25 +0800
Erik,
On Fri, 11 Feb 2000 08:21:49 -0500, Erik <[EMAIL PROTECTED]> wrote:
<snip>
> There are several approaches:
>
> 1) The public keys are signed by a trusted third party's private key,
> and downloaded from him.
Can this be made MITM proof?
TIA.
------------------------------
From: No Brainer <[EMAIL PROTECTED]>
Subject: Is there a list for this newsgroup?
Date: Mon, 14 Feb 2000 23:38:03 +0800
To all,
I was wondering if there is a list server for this newsgroup?
TIA.
------------------------------
From: [EMAIL PROTECTED] (Dave Hazelwood)
Crossposted-To: talk.politics.crypto
Subject: Re: UK publishes 'impossible' decryption law
Date: Mon, 14 Feb 2000 15:48:57 GMT
The world as we know it has finally gone out of its fucking mind.
Perhaps it is time for people who really understand the digital
era to take the reins of power?
Send those funny old men in their wigs out to pasture once and for
all??
"NoSpam" <[EMAIL PROTECTED]> wrote:
>Se also http://news.bbc.co.uk/hi/english/sci/tech/newsid_638000/638041.stm
>
>"UK publishes 'impossible' decryption law"
>
>FLASH - FOR IMMEDIATE USE
>
>FOUNDATION FOR INFORMATION POLICY RESEARCH (www.fipr.org)
>
>=========================================================
>
>News Release Thurs 10th Feb 2000
>
>=========================================================
>
>Today Britain became the only country in the world to publish a law which
>
>could imprison users of encryption technology for forgetting or losing
>
>their keys. The Home Office's "REGULATION OF INVESTIGATORY POWERS" (RIP)
>
>bill has been introduced in Parliament: it regulates the use of
>
>informers, requires Internet Service Providers to maintain "reasonable
>
>interception capabilities", and contains powers to compel decryption
>
>under complex interlocking schemes of authorisation.
>
>Caspar Bowden, director of Internet policy think-tank FIPR said, "this law
>
>could make a criminal out of anyone who uses encryption to protect their
>
>privacy on the Internet."
>
>"The DTI jettisoned decryption powers from its e-Communications Bill
>
>last year because it did not believe that a law which presumes someone
>
>guilty unless they can prove themselves innocent was compatible with the
>
>Human Rights Act. The corpse of a law laid to rest by Stephen Byers
>
>has been stitched up and jolted back into life by Jack Straw"
>
>
>
>Decryption Powers: Comparison with Part.III of Draft E-Comms Bill (July 99)
>
>------------------------------------------------------------------------
>
>The Home Office have made limited changes that amount to window-dressing,
>
>but the essential human rights issue remains:
>
>(Clause 46): authorities must have "reasonable grounds to believe" the key
>
>is in possession of a person (previously it had to "appear" to authorities
>
>that person had a key). This replaces an subjective test with one requiring
>
>objective evidence, but leaves unaffected the presumption of guilt if
>
>reasonable grounds exist.
>
>(Clause 49): to prove non-compliance with notice to decrypt, the prosecution
>
>must prove person "has or has had" possession of the key. This satisfies the
>
>objection to the case where a person may never have had possession of the
>
>key ("encrypted e-mail out of the blue"), but leaves unchanged the essential
>
>reverse-burden-of-proof for someone who has forgotten or irreplaceably lost
>
>a key. It is logically impossible for the defence to show this reliably.
>
>
>
>HUMAN RIGHT CHALLENGE "INEVITABLE"
>
>==================================
>
>As part of the consultation on the draft proposals last year FIPR and
>
>JUSTICE jointly obtained a Legal Opinion from leading human rights
>
>experts (http://www.fipr.org/ecomm99/pr.html) which found that requiring
>
>the defence to prove that they do not possess a key was a likely breach of
>
>the European Convention of Human Rights.
>
>Mr.Bowden commented, "following the recent liberalisation of US export
>
>laws, as tens of thousands of ordinary computer users start to use
>
>encryption, a test-case looks inevitable after the Human Rights Act comes
>
>into force in October."
>
>
>
>R.I.P. RESURRECTS KEY ESCROW BY INTIMIDATION ?
>
>==============================================
>
>Bowden said: "after trying and failing to push through mandatory
>
>key-escrow, then voluntary key-escrow, it now looks like the government
>
>is resorting to key-escrow through intimidation."
>
>
>
>
------------------------------
Date: Mon, 14 Feb 2000 10:56:59 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: rec.gambling.poker
Subject: Re: CHEATING AT PARADISE POKER
Joseph Ashwood wrote:
> Their statements are almost all fluff.
>
> The facts they do give:
> Their choice of using modular division in their so-called
> random number generation leads to a bias towards the low
> order cards, this results in a tendancy for the cards that
> started at the top of the deck to end at the top.
>
>
> Their choice of using the C/C++ rand() function allows for a
> good cryptographer to begin computing the future values
> without too much difficulty.
I think the description of modular division was an illustration of why
they do _not_ use a simple rand() function.
>
>
> They state where they get their random seeds from, it's
> almost a joke it's so poor. The low order bits of the
> counter on a computer are only random when sampled at
> suitably random, fairly distant intervals, if their doing it
> to get the stated 17 bits per second it's no longer random.
Implicitly the timings are gated by the user's actions. Since they
sample the clocks on the client's PCs when the client sends up a packet,
which means when a user takes an action, it appears to be similar to
mouse movements of keyboard timing.
Certainly there will be packets automatically generated at predictable
intervals, and those timings do not provide any entropy. But neither do
they reduce the entropy.
lacking a detailed analysis of their system I cannot proclaim it sound,
but it appears they have a grasp of the fundamental issues and are
addressing them in reasonable ways. I also appears that they have
either not commented on their security, or are ignoring it. A MITM
attack upon the RNG (at their ISP for instance), might be reasonably
simple and very effective.
------------------------------
From: [EMAIL PROTECTED] (Casper H.S. Dik - Network Security Engineer)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: 14 Feb 2000 10:39:50 GMT
[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]
[EMAIL PROTECTED] (Tony L. Svanstrom) writes:
><[EMAIL PROTECTED]> wrote:
>> I wonder how long it'll take them to notice...Hhhm, would you trust RSA
>> with your data security now? ;)
>I do agree with the subject-line; I LOVE THIS. :-)
>55 minutes and counting.
It's DNS poisoning; not site defacement.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
------------------------------
Date: Mon, 14 Feb 2000 11:11:29 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Johnny Bravo wrote:
> On Sun, 13 Feb 2000 13:41:11 -0800, "tiwolf" <[EMAIL PROTECTED]> wrote:
>
> >Considering the money spent by groups like the NSA, CIA, DIA, and others on
> >tech, software, and humans i think that the government is more than willing
> >to break codes to read all email regardless if it is about my grocery list
> >that I am emailing to my wife. You are all assuming that the government does
> >not really care what is in the majority of email as opposed the government
> >wanting the capability or the ability to read all email regardless of what
> >is in it.
>
> And you are assuming that the government has unlimited energy, computing
> resources, manpower and is not bound by the laws of physics or
> mathematics. In short you are claiming that the government is God. Prove
> it.
No proof is necessary. If the government actually had god-like capabilities, not
only would resistance be futile, but the motivation to resist would be missing.
Why hide from god?
------------------------------
Date: Mon, 14 Feb 2000 11:15:33 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> Anonymous <[EMAIL PROTECTED]> wrote:
> > There are a couple of interesting threads on talk.politics.crypto
> > originating from a cryptographer with www.filesafety.com. They
> > purport that the NSA has ALL POSSIBLE keys for PGP and that all PGP
> ^^^^^^^^^^^^^
> like all the emotionally-heated previous answers have made plausible, it
> is very unlikely that the NSA stores all possible keys
>
> > encrypted netmail has been "transparent" for at least two years to
> > the NSA and certain elements of the military and FBI. The
> > cryptographic basis for this alleged total compromise of PGP is
> > discussed.
>
> I'm not a cryptographer, but obviously most of the so-called
> cryptographers here seem to be a bit naive. Here are some reasons why
> your claims could - to some extend - be right:
>
> - It is reasonable to assume that the NSA is able to run very fast and
> exhaustive dictionary attacks against the passwords that secure the
> private key.
>
> - It is reasonable to assume that the NSA is able to obtain any private
> key stored on the harddisk of any individual at home, if he/she is the
> specific target of an attack.
>
> - It is reasonable that the NSA does extensively research stealth viruses
> and trojan horses that report back passwords and private keys via the
> Internet on demand (low chance of detection) or automatically (higher
> chance of detection).
>
> - It is also reasonable that such trojan horses or viruses would not be
> detected by virus researchers or security experts. They don't write "You
> have been infected by a virus" on the screen, don't change any data etc.
> They can be very small and self-modifying, might be able to destruct
> themselves when certain detection tools are used, use data tunneling
> tchniques for communication to outside, can encrypt parts of themself to
> hide what they are supposed to do when activated, etc. The NSA surely has
> experts that reverse engineer whole software packages, so writing such
> virus beasts might be relaxing trivial for them.
>
> - There's a slight possibility that the NSA or any other secret agency
> has launched such viruses to prepare future electronic warfare or gain
> PGP keys and other information. This probably would clash with some US
> laws, that's why I'm talking about a possibility only.
>
> - Due to its popularity and high security, PGP is the target # 1 for any
> secret agency.
>
> Take all these factors together, add a little bit of sane (?) paranoia,
> and the result will be:
>
> 1. It is very likely that the NSA can read any PGP encrypted mail a
> person has written, that is of special interest and under targeted
> investigation of the NSA.
>
> 2. There's a possibility to some degree merely depending on the NSA's
> will to break the law (and eventually be catched while doing this), that
> the NSA is able to read almost any mail encrypted by PGP, because they
> have obtained the key and password of most PGP users by side-channel
> attacks.
>
> Why should the NSA bother to break the encryption of PGP when it can
> obtain the private keys and passwords so easily and much cheaper? It
> seems obvious, that there has been a paradigm change. As it seems the NSA
> now does no longer try to force insecure crypto into the public by
> proposing them as standard or frightening cryptographers. Instead, it is
> more likely, that they have focused on non-cryptanalytic attacks, which
> are much cheaper, easier and more effective.
This is a claim distinct from the statement that NSA has "all possible
keys". It amounts to the claim that the NSA has or can obtain all keys in
use. While this claim cannot be refuted by size-of-the-universe
calculations, it still requires substantial support to be credible.
To me it looks pretty nekkid.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
