Cryptography-Digest Digest #125, Volume #11 Tue, 15 Feb 00 07:13:01 EST
Contents:
NSA Polygraph Screening Exposed (Anonymous remailer)
Re: DVD crypt Q (Stephen Lee - Post replies please)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Beretta)
OAP-L3 Encryption Software - Complete Help Files at web site (Anthony Stephen Szopa)
Re: Does the NSA have ALL Possible PGP keys? ("tiwolf")
Re: Does the NSA have ALL Possible PGP keys? ("tiwolf")
Re: Does the NSA have ALL Possible PGP keys? ("tiwolf")
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Scott Contini)
Textbook Exercises ("Ghislaine Resplandy")
Re: Does the NSA have ALL Possible PGP keys? ("tiwolf")
Re: Guaranteed Public Key Exchanges ("Lyal Collins")
Re: help DES encryption ("mati")
Re: Funniest thing I've seen in ages - RSA.COM hacked :) ([EMAIL PROTECTED])
Re: UK publishes 'impossible' decryption law (Anonymous Sender)
RSA Cryptography Today FAQ (1/1) ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Anonymous remailer)
Date: 15 Feb 2000 07:16:10 -0000
Subject: NSA Polygraph Screening Exposed
Crossposted-To: alt.politics.org.nsa
NSA Polygraph Screening Exposed
*******************************
If you are assigned to NSA or pending assignment, you need to know about the deception
behind the DoD polygraph test. The test has no scientific validity whatsoever, and it
depends on the polygrapher tricking the subject (you) into making damaging admissions.
See "The Lying Game: National Security and the Test for Espionage and Sabotage" on the
Federation of American Scientists website:
http://www.fas.org/sgp/othergov/polygraph/maschke.html
While the article discusses the use of this test by the Department of Energy, it's the
same test used by NSA and other DoD agencies.
------------------------------
From: Stephen Lee - Post replies please <[EMAIL PROTECTED]>
Crossposted-To: rec.video.dvd.tech
Subject: Re: DVD crypt Q
Date: 15 Feb 2000 07:21:32 GMT
Thanks for all the replies. I'll try to read up more on css and
css-auth.
No, I'm not a journalist nor a lawyer, just somebody who wants to
learn more about the issue...
Stephen
------------------------------
From: Beretta <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Tue, 15 Feb 2000 08:05:40 GMT
On Tue, 15 Feb 2000 07:55:19 +0100, [EMAIL PROTECTED] (Tony L. Svanstrom) wrote:
<snip>
>> What in the hell does the breach of a webserver have to do with the
>> strength of the RSA's ciphers?
>
>They claim to be "The most trusted name in e-Security"...
>
>
> /Tony
Do they claim to encrypt thier webservers? No.. Didn't think so.. So let me ask again,
what in the hell does the breach of a webserver have to do with the strength of RSA's
ciphers...
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Tue, 15 Feb 2000 00:04:46 -0800
OAP-L3: Original Absolute Privacy - Level3 Encryption Software -
Complete Help Files at web site
Includes complete detailed explanation of entire encryption
software package: theory, operation, etc.
http://www.ciphile.com
------------------------------
From: "tiwolf" <[EMAIL PROTECTED]>
Crossposted-To: misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Tue, 15 Feb 2000 00:20:26 -0800
Did I say government is god, only that many in government wish to control
god-like power. They would really like to be all knowing, but they will
settle for reading everyone email.
Trevor Jackson, III wrote in message <[EMAIL PROTECTED]>...
>Johnny Bravo wrote:
>
>> On Sun, 13 Feb 2000 13:41:11 -0800, "tiwolf" <[EMAIL PROTECTED]> wrote:
>>
>> >Considering the money spent by groups like the NSA, CIA, DIA, and others
on
>> >tech, software, and humans i think that the government is more than
willing
>> >to break codes to read all email regardless if it is about my grocery
list
>> >that I am emailing to my wife. You are all assuming that the government
does
>> >not really care what is in the majority of email as opposed the
government
>> >wanting the capability or the ability to read all email regardless of
what
>> >is in it.
>>
>> And you are assuming that the government has unlimited energy,
computing
>> resources, manpower and is not bound by the laws of physics or
>> mathematics. In short you are claiming that the government is God.
Prove
>> it.
>
>No proof is necessary. If the government actually had god-like
capabilities, not
>only would resistance be futile, but the motivation to resist would be
missing.
>Why hide from god?
>
>
------------------------------
From: "tiwolf" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Tue, 15 Feb 2000 00:24:02 -0800
I don't care about prime numbers, what I do know is the extent to which
governments want to be able to read the hearts of men that they control.
Since science cant give them that ability yet they want to be able to read
all email and computer information, as well as listen into all telephone
calls. Whether they actually need to or not. They want the power because the
power exist even if only in their own mind.
Johnny Bravo wrote in message ...
>On Sun, 13 Feb 2000 23:45:53 -0800, "tiwolf" <[EMAIL PROTECTED]> wrote:
>
>>You are assuming that you and everyone else here know the full extent of
>>current computer power and storage mediums.
>
> You are incorrect, I'm assuming that the limit for computer storage is
>less than 4096 bits of information per quark. Seems a pretty safe
>assumption, if you can even posit a possible theoretical method for
>storing and retrieving data in a more compact manner than 4096 bits in one
>quark I'll concede the point.
>
>>You are also assuming that there
>>are no mathematical programs that do away with the needs for the PGP
codes.
>
> That is not the topic under discussion. I didn't mention anything about
>orbital mind control lasers that can read your thoughts and send them to
>the NSA either.
>
>>You assume a lot.
>
> Ahem.
>
>>I for one know nothing about computer and crypto breaking,
>
> Then how can you know that I'm assuming a lot if you have no idea what a
>reasonable assumption is?
>
>>but I do know that give resources and time nothing is truly impossible.
>
> Really? Give any possible method you can think of for finding the
>biggest prime number. Assume infinite resources and time. Take all the
>screens you need, and feel free to write it in plain english, just an
>outline will do.
>
> Johnny Bravo
>
------------------------------
From: "tiwolf" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Tue, 15 Feb 2000 00:32:10 -0800
No I am saying that once man thought the earth was the center of the solar
system, now time, thought , research and a good amount of money show us
differently. I am also not saying that all codes are broken, I am only
saying that the code that are not yet broke will in time be broken. The only
code that is will never be broke is the code that man never develops.
PS Have any of you ever considered that the code breakers of old sat around
looking at random bits of intelligence until they were able to find
something that fit and then over time pieced together a key to the code they
could not break before. Most of this was not done with computer yet humans
with paper, slide rules, pencils, and a lot of time did it. Do you really
think that people today are not willing to put in the time to break codes
that you believe are unbreakable?
James Felling wrote in message <[EMAIL PROTECTED]>...
>
>
>tiwolf wrote:
>
>> You are assuming that you and everyone else here know the full extent of
>> current computer power and storage mediums.
>
>No he is not. He is assuming that the storage devices the NSA uses are
made of
>atoms( a fairly safe assumption), and they can store 512 bits per atom with
in
>the storage system( a very generous amount -- ridiculously so), and that
all
>atoms in the storage device are used for this purpose.( This is so far
beyond
>present day tech so as to be laughable)
>
>> You are also assuming that there
>> are no mathematical programs that do away with the needs for the PGP
codes.
>
>True. If the codes have all been completely broken we are screwed. Mind
you
>that probably means that the NSA is capable of breaking any code in
existence in
>near zero time. I feel that they are ahead of the present tech by a bit,
but I
>don't think they are that far ahead. What you say seems to imply that any
>coding now used is fatally comprimised -- since there are other large and
well
>funded intelegence organizations devoted to SIGINT/ coding this certianly
>implies that any major government can read anything they want off of any
>encrypted file they wish. Since the governments in question are not
behaving in
>a manner indicitive of this I feel thqat you r assertion is unfounded.
>
>>
>> You assume a lot. I for one know nothing about computer and crypto
breaking,
>
>Yep.
>
>>
>> but I do know that give resources and time nothing is truly impossible.
>
>Really? So Godel's incompleteness theorem is totally invalid, and a precise
>decimal expression of pi (all the way to the "end")can be made if I throw
enough
>money at it, and one can construct all regular polygons with compas and
>straightedge
>Thanks for your illuminating post.
>
>
>>
>> Johnny Bravo wrote in message
>> <[EMAIL PROTECTED]>...
>> >On Sun, 13 Feb 2000 13:46:34 -0800, "tiwolf" <[EMAIL PROTECTED]>
wrote:
>> >
>> >>You are assuming that they would be using current disks as a meduim for
>> >>storage,
>> >
>> > Ok, for the sake of argument I'll pretend that the NSA has a
>> >sooper-seekrit storage medium, so compact that they can fit 512 bits of
>> >information onto a single atom. There are not enough atoms in the
>> >Universe to store all the 512 bit PGP keys. When you are talking about
>> >the 4096 bit keys you would run out of room even if you managed to fit
>> >4096 bits of info onto the smallest known sub-atomic particles.
>> >
>> >>or that they would even need the whole lot of keys in the first
>> >>place.
>> >
>> > Without the keys, how can the lookup your key? That is what this
thread
>> >is about.
>> >
>> > Johnny Bravo
>
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: 15 Feb 2000 08:36:59 GMT
In article <[EMAIL PROTECTED]>,
Beretta <[EMAIL PROTECTED]> wrote:
>On Tue, 15 Feb 2000 07:55:19 +0100, [EMAIL PROTECTED] (Tony L. Svanstrom) wrote:
>
><snip>
>>> What in the hell does the breach of a webserver have to do with the
>>> strength of the RSA's ciphers?
>>
>>They claim to be "The most trusted name in e-Security"...
>>
>>
>> /Tony
>
>Do they claim to encrypt thier webservers? No.. Didn't think so.. So let me ask again,
>what in the hell does the breach of a webserver have to do with the strength of RSA's
>ciphers...
>
>
Perhaps that is not the right question to ask, since RSA Security is not
just a cryptography company (they'll be the first to tell you that). In
fact, "RSA Security" doesn't really do much cryptographic research nowadays in
comparison to "RSA Data Security" several years ago. The company named
"RSA Security" is a merger of "Security Dynamics" and "RSA Data Security".
"Security Dynamics" was not a cryptography company, and "RSA Security" should
not be thought of a cryptography company either (although the do do SOME
cryptography). Believe me, I worked there during the merger, and they
definitely were de-emphasizing cryptography.
So you need to rephrase your question!
Scott
------------------------------
From: "Ghislaine Resplandy" <[EMAIL PROTECTED]>
Subject: Textbook Exercises
Date: Tue, 15 Feb 2000 09:35:26 +0100
I am trying to study cryptography and I would like your help to answer the
following questions:
1) Why do MD4. Md5 and SHS require padding of messages that are already a
multiple of 512 bits?
2) In DSS, other than saving users the trouble of calculating their own p, q
and g, why is there an efficiency gain if the value p, q and g are constant,
determined in the specification?
3) In mod n arithmetic, the quotient of two numbers r and m is a number q
such that mq = r mod n. Given r, m and n how can you find q? How many q's
are there? Under what conditions is q unique?
Thanks a lot for your assistance
Ghislaine
------------------------------
From: "tiwolf" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Tue, 15 Feb 2000 00:39:49 -0800
Mr. Collier I am only thinking that history is filled with governments bent
on gain the knowledge that men wish to hide. Knowing this do you really that
governments are really not going to eventually put enough effort into
breaking the unbreakable. It is only a matter of time and money Mr. Collier.
PS Once upon a time educated men said that the earth was flat and man would
never fly with the birds. I am not a scholar, I am however a good observer
of history and history show us that governments want control.
W A Collier wrote in message ...
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>says...
>> Does anyone here really think that any cryto program self made or
commercial
>> is not broken already or can't be broken given a little effort by the NSA
>> geeks. I know that someone might use some type of cryto that might give
them
>> trouble for a while, but if they really want to I think that the NSA
geeks
>> can break it.
>
>They can "really want to" all they like, but they cant change fundamental
>nature of NP-Hard and other mathematic concepts upon which modern crypto
>is based. Try reading up before you make a jackass out of yourself
>again.
>
------------------------------
From: "Lyal Collins" <[EMAIL PROTECTED]>
Subject: Re: Guaranteed Public Key Exchanges
Date: Tue, 15 Feb 2000 19:45:39 +1100
No
No Brainer wrote in message <[EMAIL PROTECTED]>...
>Paul,
>
>On Fri, 11 Feb 2000 15:14:14 -0500, Paul Koning <[EMAIL PROTECTED]> wrote:
>
><snip>
>
>> The issue is: how you you bootstrap this? I.e., how do you get that
>> first key, the one from A? The same problem exists in X.509 and similar
>> certificate systems, the only difference is that these use trees while
>> the WOT uses graphs.
>
>Good question...
>
>Is there a 100% secure way to download say, an x509.3 signed executable
that
>encapsulates a public key?
>
>Without middle-man intervention?
>
>
>
------------------------------
From: "mati" <[EMAIL PROTECTED]>
Subject: Re: help DES encryption
Date: Tue, 15 Feb 2000 09:25:17 GMT
Hi,
I have allready find an online step by step example of DES encryption
at http://www.aci.net/kalliste/des.htm
that's all
thanks
David
mati <[EMAIL PROTECTED]> wrote in message
news:gVSo4.6941$[EMAIL PROTECTED]...
> Hi,
>
> i am trying to implement the DES algorithm. I have use the des-how-to by
> Matthew Fischer. I have completed the coding but it doesn't give me the
good
> result.
>
> Could someone provide me DES encryption examples with step by step results
> (subkeys, R[i], L[i], etc.) in order to locate the problems?
>
> many thanks in advance
>
> David
>
>
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Tue, 15 Feb 2000 10:50:34 GMT
Bob shoots from the hip without thinking: <889455$ivh$[EMAIL PROTECTED]>,
> In article <888hp2$6sp$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
>
> <snip>
>
> > "Wat up whats up to all my nigs ya know who ya are n #2600 and
> > whats up all my #sesame nigs and
> > call rigger if ya come here bc he is the gayest fuck ;)
> > 718-815-4674 all chans are on a irc server lol
> >
> > - -tek
> > pBK > * also irc.segments.org ;)"
> >
> > I wonder how long it'll take them to notice...Hhhm, would you
> > trust RSA with your data security now? ;)
>
> Will anyone trust YOU now???
I should imagine so, thanks for the enquiry.
> Our website address is www.rsasecurity.com and has been so
> for some time. www.rsa.com is no longer a valid URL.
It isn't? Well that's a direct contrast to an e-mail from "Jason
Thompson, Web Development Project Manager, RSA Security Inc." - but I
guess you know best, huh Bob?
In fact you'd note (if you'd have taken the time to look) that
RSASECURITY.COM is just an ANAME for RSA.COM.
So we've had a couple of DNS poison attacks in the past couple of
days. Mirrors at:
http://www.attrition.org/mirror/attrition/2000/02/12/www.rsa.com/
and more recently:
http://www.attrition.org/mirror/attrition/2000/02/13/www.rsa.com/
Fond regards,
Sam.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Tue, 15 Feb 2000 07:00:55 -0500
From: Anonymous Sender <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: UK publishes 'impossible' decryption law
>>> [snip] In other words, the Police cannot prove that I haven't
>>> handed over the keys but I can still keep my secrets safe if I
>>> want to.
>>
>> Unfortunately, they don't have to prove anything. *You* have to prove
>> you don't have the key(s).
>
> If were innocent I *can't* prove I know the other keys because they
> are completely random. Neither can the police prove that I am
> withholding one.
>
> So the question is whether the police is prepared to lock up a lot
> of innocent people simply because they encrypted their files with a
> particular algorithm.
They are. Innocence is irrelevant. Remember, Britian now has cameras
slaved to face-matching software and photo-databases watching the public
at large. It's almost comical to watch everything depicted in "1984"
actually become reality in Britian (and British-flavored nations
NZ/Aus/Canada). And of course now that the subjects have been disarmed
the tyranny will get much worse.
I do like the idea of sending each member of Parliment an encrypted email
the fetching the Crypto Cops on him or her. But somehow I figure The Powers
That Be will be exempt from this law they've inflicted on the People just
as they are most others.
Steve
------------------------------
Crossposted-To:
talk.politics.crypto,alt.security.ripem,sci.answers,talk.answers,alt.answers,news.answers
Subject: RSA Cryptography Today FAQ (1/1)
from: [EMAIL PROTECTED]
reply-to: [EMAIL PROTECTED]
Date: 15 Feb 2000 12:06:01 GMT
Archive-name: cryptography-faq/rsa/part1
Last-modified: 1997/05/21
An old version of the RSA Labs' publication "Answers to Frequently Asked
Questions about Today's Cryptography" used to be posted here until May
1997. These postings were not sponsored or updated by RSA Labs, and
for some time we were unable to stop them. While we hope the information
in our FAQ is useful, the version that was being posted here was quite
outdated. The latest version of the FAQ is more complete and up-to-date.
Unfortunately, our FAQ is no longer available in ASCII due to its
mathematical content. Please visit our website at
http://www.rsa.com/rsalabs/ to view the new version of the FAQ with your
browser or download it in the Adobe Acrobat (.pdf) format.
RSA Labs FAQ Editor
[EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
