Cryptography-Digest Digest #124, Volume #11 Tue, 15 Feb 00 02:13:01 EST
Contents:
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Jere Hakanen)
Re: Guaranteed Public Key Exchanges (David A Molnar)
Re: Predicting the next random number (David A Molnar)
Re: Has some already created a DATA DIODE? (Terry Ritter)
Re: Which compression is best? (Tim Tyler)
What are these Rot-45, Rot-13, Rot-5 algorithms? ([EMAIL PROTECTED])
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (stanislav shalunov)
Re: Guaranteed Public Key Exchanges (Darren New)
Re: Guaranteed Public Key Exchanges (Ralph Hilton)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Robert Hallgren)
Re: Does the NSA have ALL Possible PGP keys? ("Douglas A. Gwyn")
Re: Basic Crypto Question 3 ("Douglas A. Gwyn")
Re: Predicting the next random number ("Douglas A. Gwyn")
Re: Funniest thing I've seen in ages - RSA.COM hacked :) ("Douglas A. Gwyn")
Re: Which compression is best? ("Douglas A. Gwyn")
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Beretta)
Re: help DES encryption ("Douglas A. Gwyn")
Re: Newbie - Determining encryption Bit Level ("Douglas A. Gwyn")
Re: Large Floating Point Library? (John M. Gamble)
Re: Basic Crypto Question 3 (David Wagner)
Re: Predicting the next random number (Dan O.)
Re: What are these Rot-45, Rot-13, Rot-5 algorithms? (Eric Lee Green)
Re: Predicting the next random number (Dan O.)
BCH Implementation ([EMAIL PROTECTED])
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Tony L. Svanstrom)
Re: Predicting the next random number (Tony L. Svanstrom)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Tony L. Svanstrom)
Re: Predicting the next random number (Tony L. Svanstrom)
----------------------------------------------------------------------------
From: Jere Hakanen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Tue, 15 Feb 2000 02:41:39 +0200
[EMAIL PROTECTED] wrote:
> And just for curiosity: Can anyone confirm the hack on www.rsa.com or was
> this a hoax?
http://www.2600.com/hacked_pages/2000/02/www.rsa.com/
Jere Hakanen
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Guaranteed Public Key Exchanges
Date: 15 Feb 2000 00:32:25 GMT
Dan Day <[EMAIL PROTECTED]> wrote:
> One could say that the whole field of encryption is an
> exercise in rigorous paranoia.
Unfortunately, right now it is only an attempt at rigorizing
paranoia. :-(
-David
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Predicting the next random number
Date: 15 Feb 2000 00:30:07 GMT
John Savard <[EMAIL PROTECTED]> wrote:
> My fault for not reading carefully enough...I thought he just said
> "ANY random number generator". (Of course, there are those video slot
> machines; I'm not sure, but I would suspect _they_ might use PRNGs.)
One interesting question -- there are casinos in Las Vegas which
advertise claims such as :
"100+% payout on X% of our slot machines!"
which, I think, means something along the lines of "if you play one of
the machines in the lucky X% of our machines over a long period of time,
you will tend to make back your money and more."
One way to guarantee these odds might be to use PRNGs and then adjust
the stream in order to get the desired properties. Indeed, we had
several high-profile gaming fraud cases in which slot machine repairmen
ended up adjusting machines in their favor. (I live in Vegas, but I'm
a transplant. I don't actually know anything about the city).
So you'll note that which machines are in the lucky X% of slot machines
are not specified in the advertising claim. Sometimes you can see people
in casinos hopping from machine to machine, hoping that they will find
one of the 100+ payout machines.
The interesting question : what if the X% of lucky machines isn't fixed?
What if the "lucky" machines exist, but the choice of lucky machines
changes? often? So often that you'll be on a lucky machine, play, and
then the machine changes and is no longer lucky?
Using PRNGs, you update the PRNG in the machine to do your new bidding.
Is there a way to adjust odds like this on the fly without using PRNGs,
and without alerting the player that the machine just had a personality
change?
Thanks,
-David
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Has some already created a DATA DIODE?
Date: Tue, 15 Feb 2000 01:01:48 GMT
On Mon, 14 Feb 2000 16:45:19 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (John Savard) wrote:
>[...]
>>The first system in the literature did use 2 LCG's with an M-M
>>combiner. But if the LCG had been thought strong, there would have
>>been no need for a combiner. The point of the combiner, then, was to
>>add strength. It failed.
>
>No; the attack given in the literature was not as trivial as the one
>against a single LCG. So it did add strength.
That hardly matters. It was broken.
>Since a super-weak LCG
>was used - all the output, and not just the most significant bits,
>were used - the attack was possible.
*That* attack, perhaps.
>[...]
>It is true that the buffer, unlike the one in DynSub or alleged RC4,
>doesn't consist of all 256 values uniformly. Is this what you mean?
Only partly: Obviously a combiner must be balanced. Across each
possible input value, each particular result must occur the same
number of times. But there is more, in that the linear relationships
in the driving system must be obscured.
>If so, the cure is obvious: use a big buffer.
It might have to be a *big* buffer.
>>One alternative is to just use strong generators. But if we have
>>strong generators we don't need the M-M combiner.
>
>Ah, but can you be sure the generator is strong?
Right. The whole point of using M-M is to protect weakness. It has
not worked. There is no reason to believe it will work.
>[...]
>>But what does M-M bring to the party? Shall we simply XOR two LCG's
>>and claim that system is strong? If we have a weak system and XOR it
>>with another weak system, what do we expect to get?
>
>XOR two LCGs, and you get an LCG.
Not true: LCG XOR LCG is just that. It happens to be weak, and
probably does represent some larger LCG, but we would not know that
from its structure.
>This is not true about an M-M
>generator.
We don't know that.
>Suddenly, all the leaked information disappears: each byte
>of output could be produced by many different combinations of input
>from the generators themselves.
But the very same statement could be made about LCG's, and you already
know they are weak, which also means your argument is weak.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Which compression is best?
Reply-To: [EMAIL PROTECTED]
Date: Tue, 15 Feb 2000 00:48:23 GMT
I, Tim Tyler <[EMAIL PROTECTED]> wrote:
[plaintext diffusion using rolling XOR?]
: If don't compress (but do XOR) [...when testing a decrypted file...]
: you will find that this gives a space of 256 possible files through which
: to search in order to identify the correct text.
[...]
: XORing with words - rather than bytes - doesn't appear to work, either.
: More work is required to recover the plaintext - but if there's a
: non-trivial quantity of english text involved - it should be possible.
I believe I was overestimating the difficulties here. After a byte (or
word) of garbage, the plaintext rolls out with no difficulty whatsoever.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
You cannot propell yourself forwards by patting yourself on the back.
------------------------------
From: [EMAIL PROTECTED]
Subject: What are these Rot-45, Rot-13, Rot-5 algorithms?
Date: Tue, 15 Feb 2000 01:52:41 GMT
What are these Rot-45, Rot-13, Rot-5 encryption algorithms?
How do they work? Any libraries available?
Dinesh
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
From: stanislav shalunov <[EMAIL PROTECTED]>
Date: Tue, 15 Feb 2000 02:12:26 GMT
Bob Silverman <[EMAIL PROTECTED]> writes:
> Our website address is www.rsasecurity.com and has been so
> for some time. www.rsa.com is no longer a valid URL.
Apparently, I'm talking to a mirror (judging by the email). That
seems silly, but anyway:
If you [RSA] wanted to phase out http://www.rsa.com/, it should have
been set to redirect to http://www.rsasecurity.com/, not to mirror it.
Your posting is the second time I see this www.rsasecurity.com hostname.
First time was when I was sent a UCE by RSA.
DNS cache poisoning happens. You may not even be able to do much
about it, in some circumstances. But if you don't want that domain
because somebody poisoned the DNS cache, here's a nickel, I'll buy
rsa.com from you and deal with the problem.
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Guaranteed Public Key Exchanges
Date: Tue, 15 Feb 2000 02:15:33 GMT
Or, to be even more susinct:
If there are multiple people who can read mail to and send mail from the
same address (both your intended recipient and the MITM), and you have no
way to distinguish them, then no, you have no way of communicating with only
one of them. Simple, yes? :-)
------------------------------
From: Ralph Hilton <[EMAIL PROTECTED]>
Subject: Re: Guaranteed Public Key Exchanges
Date: Tue, 15 Feb 2000 03:45:18 +0100
Reply-To: [EMAIL PROTECTED]
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
On Tue, 15 Feb 2000 02:15:33 GMT, Darren New <[EMAIL PROTECTED]> wrote:
>Or, to be even more susinct:
>
>If there are multiple people who can read mail to and send mail from the
>same address (both your intended recipient and the MITM), and you have no
>way to distinguish them, then no, you have no way of communicating with
>only one of them. Simple, yes? :-)
No. By using the DH key exchange from a publicly announced message one can
get a return of several messages each with part of a key, One creates a
full key for each of the respondents. One uses each of the keys thus
obtained as a one-time pad for a message detailing future security.
Thus one has separated out one's respondents and know, given adequate key
and encryption methodologies, that one is only communicating at any time
to only one of the identities.
Having established the secure communication line to each one can establish
by detailed interrogation who the actual original intended recipient is if
one has sufficient data and mutual contacts.
If one doesn't know anything much about the person and you have no mutual
aquaintances then I can't see a lot of reason to want to talk to them in
such a secure fashion.
Can you give a realistic scenario where one would not be able to
differentiate?
=====BEGIN PGP SIGNATURE=====
Version: 6.5.1ckt
iQA/AwUBOKivpkCdrg0RcyHQEQII4gCdEplf+6RL3yDi2/qlRIXv78qcNZMAoOIp
bfy6xZLTuVEd/r89tVj2lZ7W
=1ARY
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Robert Hallgren)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 15 Feb 2000 04:13:46 GMT
Jerry Coffin <[EMAIL PROTECTED]> wrote:
> Here's what Network Solutions says in response to a whois lookup of
> "rsa.com":
>
> RSA Data Security, Inc. (RSA-DOM)
> 100 Marine Parkway, Suite 500
> Redwood City, CA 94065
>
> Domain Name: RSA.COM
[...]
> In short, "rsa.com" most assuredly IS a valid domain name at the
> present time.
But how do you kow that www.rsa.com is a valid host-URL based on that
info? Nobody has denied that rsa.com is a valid domain, but that's a
completely different matter. Just because a domain.com exists doesn't
mean there has to be a host answering to www.domain.com.
Robert
--
Robert Hallgren <[EMAIL PROTECTED]>
PGP: http://www.lipogram.com/pgpkey.asc
EC07 1340 70A1 5F31 56DF EAD8 B443 2B62 D63E BD39
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Tue, 15 Feb 2000 04:23:04 GMT
W A Collier wrote:
> They can "really want to" all they like, but they cant change fundamental
> nature of NP-Hard and other mathematic concepts upon which modern crypto
> is based. Try reading up before you make a jackass out of yourself
> again.
Be careful when you say such things -- the security of any actual
instance of a cryptosystem cannot be based on "NP-Hard"ness.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Basic Crypto Question 3
Date: Tue, 15 Feb 2000 04:27:09 GMT
David Wagner wrote:
> Well, you need to use independent keys if you are to have any hope
> of robustness [1].
My point is that key "independence" is crucial and not automatic.
It needs to be *proven* for the particular concatenation one has
in mind. Otherwise, one is just trusting to luck.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Predicting the next random number
Date: Tue, 15 Feb 2000 04:29:02 GMT
[EMAIL PROTECTED] wrote:
> Hey, I was just curious, but if someone came up with a way to predict
> the numbers from ANY pseudo random number generator, would the NSA
> come and take them away for some reason that I can currently fathom???
No. Why would you think they would?
Of course, your hypothesis is a fantasy anyway.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Tue, 15 Feb 2000 04:38:47 GMT
Robert Hallgren wrote:
> We already knew that DNS of today is unsecure. So what are they
> trying to prove that we didn't already know?
Such vandals only try to "prove" their worth to their twisted selves.
In actuality, they are of negative worth to society.
The entire Internet Protocol suite in common use is riddled with
security flaws. We can, as with other products, put it to use
anyway, while working on an improved replacement. In fact, we
have such a replacement (IPv6) ready to go, but customers are not
beating on the doors of software vendors such as Microsoft demanding
that they implement IPv6 immediately, so we could switch to a safer
Internet. To the contrary, they eat up "enhancements" to browser
protocols, etc., preferring glitzy gee-whiz appearance to security.
It is largely a *consumer education* problem, which won't improve
so long as most people get their "information" from the entertainment
media.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Which compression is best?
Date: Tue, 15 Feb 2000 04:44:32 GMT
"SCOTT19U.ZIP_GUY" wrote:
> Even the French are starting to wake up to the fact we steal business
> secrets fron them so we can stay a super power.
The French have been in that particular line of business longer than
almost anyone else. Many governments have a policy of assisting their
own country's businesses via espionage. Indeed, in some countries it
is hard to distinguish between government and business.
------------------------------
From: Beretta <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Tue, 15 Feb 2000 04:46:24 GMT
On Mon, 14 Feb 2000 14:42:54 -0500, lurker <[EMAIL PROTECTED]> wrote:
>On Mon, 14 Feb 2000 14:40:38 GMT, Bob Silverman <[EMAIL PROTECTED]> wrote:
>
>
>^^^^^^^^^^^^^^
>>In article <888hp2$6sp$[EMAIL PROTECTED]>,
>> [EMAIL PROTECTED] wrote:
>
>[snip]
>
>>> I wonder how long it'll take them to notice...Hhhm, would you
>>> trust RSA with your data security now? ;)
>>
<snip>
What in the hell does the breach of a webserver have to do with the strength of the
RSA's
ciphers?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: help DES encryption
Date: Tue, 15 Feb 2000 04:47:39 GMT
John Myre wrote:
> What's wrong with 800-17.pdf at the same site as below?
> > http://csrc.nist.gov/nistpubs/800-20.pdf
Nothing, apparently; thanks! I couldn't find a link to it when
I looked last time.
http://csrc.nist.gov/nistpubs/800-17.pdf
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Newbie - Determining encryption Bit Level
Date: Tue, 15 Feb 2000 04:50:29 GMT
Brian Bosh wrote:
> How do you determine the encryption bit rate is?
Time how long it takes to run a known amount of data through the
encryption system and divide. Duuh.
------------------------------
From: [EMAIL PROTECTED] (John M. Gamble)
Subject: Re: Large Floating Point Library?
Date: 15 Feb 2000 05:50:20 GMT
In article <[EMAIL PROTECTED]>,
Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
>Clockwork wrote:
>
>> There are numerous large integer libraries, but does anyone know of a large
>> floating point library?
>
>There are several packages that implement quad-precision floating point values.
>Some use paired doubles and can represent numbers such as 1+1e-200 and others
>simply provide a wider mantissa.
>
>A search for "quad" should turn up several such libraries.
>
>
Just out of curiousity, what is the status of freelip these days?
-john
February 28 1997: Last day libraries could order catalogue cards
from the Library of Congress.
--
Pursuant to US Code, Title 47, Chapter 5, Subchapter II, '227,
any and all unsolicited commercial E-mail sent to this address
is subject to a download and archival fee in the amount of $500
US. E-mailing denotes acceptance of these terms.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Basic Crypto Question 3
Date: 14 Feb 2000 21:55:16 -0800
In article <[EMAIL PROTECTED]>,
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> David Wagner wrote:
> > Well, you need to use independent keys if you are to have any hope
> > of robustness [1].
>
> My point is that key "independence" is crucial and not automatic.
> It needs to be *proven* for the particular concatenation one has
> in mind. Otherwise, one is just trusting to luck.
Proven? I'm lost. It should be as easy as simply *choosing* your keys
from the right distribution. What's there to prove? If I choose my
key k = <k_1,k_2> from a uniform distribution on K_1 \times K_2, then
k_1 will be independent of k_2, no? What I missing?
------------------------------
From: [EMAIL PROTECTED] (Dan O.)
Subject: Re: Predicting the next random number
Date: Tue, 15 Feb 2000 06:17:34 GMT
In article <88a6mf$uju$[EMAIL PROTECTED]>, David A Molnar
<[EMAIL PROTECTED]> wrote:
> John Savard <[EMAIL PROTECTED]> wrote:
> > My fault for not reading carefully enough...I thought he just said
> > "ANY random number generator". (Of course, there are those video slot
> > machines; I'm not sure, but I would suspect _they_ might use PRNGs.)
>
> One interesting question -- there are casinos in Las Vegas which
> advertise claims such as :
>
> "100+% payout on X% of our slot machines!"
>...
> The interesting question : what if the X% of lucky machines isn't fixed?
> What if the "lucky" machines exist, but the choice of lucky machines
> changes? often? So often that you'll be on a lucky machine, play, and
> then the machine changes and is no longer lucky?
>
> Using PRNGs, you update the PRNG in the machine to do your new bidding.
> Is there a way to adjust odds like this on the fly without using PRNGs,
> and without alerting the player that the machine just had a personality
> change?
All you need to do is define the payouts over a fixed interval such as 24
hours of normal play. Whatever the casino sets for their take there is
still some X% probability that a given machine will pay out more than it
takes in.
--
Dan Oetting <[EMAIL PROTECTED]>
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: What are these Rot-45, Rot-13, Rot-5 algorithms?
Date: Mon, 14 Feb 2000 23:34:36 -0700
[EMAIL PROTECTED] wrote:
> What are these Rot-45, Rot-13, Rot-5 encryption algorithms?
> How do they work? Any libraries available?
These are ways of obscuring text so that it can be easily decoded by
anybody (without any keys) but is not out in plain view where it can
offend prudish people.
The basic mechanism is to take each ASCII character in the message and
add 5 or 13 or 45 to it. The result looks like gibberish until the
recipient subtracts 5 or 13 or 45 from it.
Most newsreaders of yore were capable of applying ROT13 to a message
both at posting and reading time, upon request.
--
Eric Lee Green [EMAIL PROTECTED]
http://members.tripod.com/e_l_green/
------------------------------
From: [EMAIL PROTECTED] (Dan O.)
Subject: Re: Predicting the next random number
Date: Tue, 15 Feb 2000 06:34:18 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(John Savard) wrote:
> [EMAIL PROTECTED] (Guy Macon) wrote, in part:
>
> >I was under the impression that Las Vegas never uses Pseudorandom.
>
> My fault for not reading carefully enough...I thought he just said
> "ANY random number generator". (Of course, there are those video slot
> machines; I'm not sure, but I would suspect _they_ might use PRNGs.)
Back in my college days one of the EE grads wrote a craps game for a
desktop programmable calculator. Figuring he probably used the builtin
PRNG I wrote my own simulator on an identical machine, memorized a short
play list, and made a fortune that quickly vanished in an arithmetic
overflow.
--
Dan Oetting <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED]
Subject: BCH Implementation
Date: Tue, 15 Feb 2000 06:31:38 GMT
Hello,
My gold is to implement BCH Error detection and correction inside FPGA.
1. I would like u to help me find information about BCH Error detection
and correction.
2. If any one can direct me to VHDL code for that implementation.
3. I don't mind to buy a VHDL core for implement if over FPGA, So if any
one know a company that sale this kind of core please direct me to there
site.
I will really appreciate if any one will help me.
Thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Tue, 15 Feb 2000 07:55:19 +0100
Beretta <[EMAIL PROTECTED]> wrote:
> On Mon, 14 Feb 2000 14:42:54 -0500, lurker <[EMAIL PROTECTED]> wrote:
>
> >On Mon, 14 Feb 2000 14:40:38 GMT, Bob Silverman <[EMAIL PROTECTED]> wrote:
> >
> >
> >^^^^^^^^^^^^^^
> >>In article <888hp2$6sp$[EMAIL PROTECTED]>,
> >> [EMAIL PROTECTED] wrote:
> >
> >[snip]
> >
> >>> I wonder how long it'll take them to notice...Hhhm, would you
> >>> trust RSA with your data security now? ;)
> >>
> <snip>
>
> What in the hell does the breach of a webserver have to do with the
> strength of the RSA's ciphers?
They claim to be "The most trusted name in e-Security"...
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---���---���-----------------------------------------------���---���---
\O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Subject: Re: Predicting the next random number
Date: Tue, 15 Feb 2000 07:55:23 +0100
David A Molnar <[EMAIL PROTECTED]> wrote:
> Is there a way to adjust odds like this on the fly without using PRNGs,
> and without alerting the player that the machine just had a personality
> change?
Of course there is, the machines are already in a big network... The personality
part isn't really a problem if you know how the people playing 'em think.
/Tony... live a couple of months in Vegas, and comes back every year...
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---���---���-----------------------------------------------���---���---
\O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Tue, 15 Feb 2000 07:55:24 +0100
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> Robert Hallgren wrote:
> > We already knew that DNS of today is unsecure. So what are they
> > trying to prove that we didn't already know?
>
> Such vandals only try to "prove" their worth to their twisted selves.
> In actuality, they are of negative worth to society.
>
> The entire Internet Protocol suite in common use is riddled with security
> flaws. We can, as with other products, put it to use anyway, while
> working on an improved replacement. In fact, we have such a replacement
> (IPv6) ready to go, but customers are not beating on the doors of software
> vendors such as Microsoft demanding that they implement IPv6 immediately,
> so we could switch to a safer Internet. To the contrary, they eat up
> "enhancements" to browser protocols, etc., preferring glitzy gee-whiz
> appearance to security. It is largely a *consumer education* problem,
> which won't improve so long as most people get their "information" from
> the entertainment media.
Exactly, so by having a cpl of "bad guys" bring the business using the
Internet to their knees the lost money will force companies to do
something about the security.
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---���---���-----------------------------------------------���---���---
\O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Subject: Re: Predicting the next random number
Date: Tue, 15 Feb 2000 08:05:45 +0100
David A Molnar <[EMAIL PROTECTED]> wrote:
> Is there a way to adjust odds like this on the fly without using PRNGs,
> and without alerting the player that the machine just had a personality
> change?
Of course there is, the machines are already in a big network... The personality
part isn't really a problem if you know how the people playing 'em think.
/Tony... lived a couple of months in Vegas, and comes back every year...
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---���---���-----------------------------------------------���---���---
\O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
