Cryptography-Digest Digest #148, Volume #11 Fri, 18 Feb 00 05:13:01 EST
Contents:
Re: NSA Linux and the GPL (John Savard)
Re: I stole also the diary and calendar of Markku J. Saarelainen (John Savard)
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Tony L. Svanstrom)
Re: OAP-L3 Encryption Software - Complete Help Files at web site ("Joseph Ashwood")
Re: NSA Linux and the GPL (Jerry Coffin)
Re: Keys & Passwords. (Serge Paccalin)
Re: UK publishes 'impossible' decryption law ([EMAIL PROTECTED])
Re: Netscape security? ("Lassi Hippeläinen")
We Finns were smarter... Re: My background - Markku Juhani Saarelainen - few
additional findings ("Lassi Hippeläinen")
Re: EOF in cipher??? (Mok-Kong Shen)
Re: Q: Division in GF(2^n) (Mok-Kong Shen)
Re: Processor speeds. (Mok-Kong Shen)
Re: I stole also the diary and calendar of Markku J. Saarelainen (Mok-Kong Shen)
Re: Does the NSA have ALL Possible PGP keys? ("tiwolf")
Re: Does the NSA have ALL Possible PGP keys? ("tiwolf")
RC4 and Salt and Pepper (RavingCow)
RC4 and Salt and Pepper (RavingCow)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: NSA Linux and the GPL
Date: Fri, 18 Feb 2000 06:51:55 GMT
On Thu, 17 Feb 2000 22:06:20 -0500, "Adam Durana"
<[EMAIL PROTECTED]> wrote, in part:
>The bigger question is why is the NSA wasting thier time with Linux? If I
>were them I would work on something like OpenBSD, or maybe FreeBSD since
>OpenBSD is based in Canada. I guess the NSA is just being trendy.
It *is* true that BSD is generally considered a more secure operating
system than Linux. But Linux has improved considerably since its early
releases.
However, the NSA might have wanted the security part to be written
from scratch, so that any known flaws in BSD would not be a problem.
Also, Linux is ahead of BSD in another area: it is more
POSIX-compliant.
Whatever else one makes of the news item, I think it is a feather in
Linux' cap.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: talk.politics.european-union
Subject: Re: I stole also the diary and calendar of Markku J. Saarelainen
Date: Fri, 18 Feb 2000 06:55:11 GMT
On Fri, 18 Feb 2000 05:14:09 GMT, "William A. Nelson"
<[EMAIL PROTECTED]> wrote, in part:
>Basically, Markku J. Saarelainen was indeed planted by the Soviet
>intelligence to Finland in the late 1960's.
I thought Markku J. Saarelainen was someone you made up, and now
you're admitting that the real name of the person making all these
posts to sci.crypt that belong (if they belong anywhere) in
alt.politics.org.nsa was "William A. Nelson".
Or maybe William A. Nelson is someone Markku J. Saarelainen is making
up, because his condition is getting worse in the absence of proper
medication...unfortunately, people are getting past caring.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Fri, 18 Feb 2000 08:28:11 +0100
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> Otherwise we will just have to consider you unprofessional,
> irresponsible, ignorant, and possibly stupid.
>
> This goes for the rest of you superficial critics, also.
What will we see next, that "after testing our claims among the best of
the Internet no serious cryptographer has anything bad to say about our
software"? Which you are saying simply because you label everyone that
has anything bad to say as "unprofessional, irresponsible, ignorant, and
possibly stupid [...] superficial critics"?
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---ôôô---ôôô-----------------------------------------------ôôô---ôôô---
\O/ \O/ ©1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Thu, 17 Feb 2000 23:31:26 -0000
Crossposted-To: talk.politics.crypto,alt.privacy
Maybe if you supplied actual information instead of your
uselss drivel about how you can't even convert bytes to bits
properly, someone might give you specific examples of why
your useless crap is useless crap.
Joe
"Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in
message news:[EMAIL PROTECTED]...
> Convince us. Prove your position. Demonstrate that the
software
> is "garbage."
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: NSA Linux and the GPL
Date: Fri, 18 Feb 2000 01:01:40 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... ]
> I'm sure that is true, at present. But there was a news item that the
> NSA has commissioned a private firm to modify Linux so that it would
> be a secure enough operating system for the NSA to use.
I suspect the news item was giving a mildly screwed up version of
things. Unless I'm mistaken, one of the commercial Linux vendors IS
working at getting Linux put on the evaluated products list with a
rating of something like C1 or thereabouts.
The NSA is involved with evaluating products according to the orange
book criteria, but the criteria is intended primarily for use BY other
agencies such as the military.
I strongly suspect that many (perhaps most) of the orange book is
largely inapplicable to computers used inside the NSA -- I suspect an
even stronger partitioning between classified and (the rare bit of)
unclassified information than applies to the rest of the world. I
don't know for sure, but it wouldn't surprise me even simple things
like payrolls are classified inside the NSA, where they're merely "For
Official Use Only" throughout, for example, most of the military.
In short, I strongly suspect that use inside the NSA wasn't being
discussed nearly as much as evaluation by the NSA for government use
requiring a trusted computer system.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Serge Paccalin <[EMAIL PROTECTED]>
Subject: Re: Keys & Passwords.
Date: Fri, 18 Feb 2000 09:15:37 +0100
On/Le Thu, 17 Feb 2000 23:15:05 +0100, [EMAIL PROTECTED]
wrote/a écrit
in/dans sci.crypt...
> John wrote:
> >
> > This may be a stupid question. Let's assume, for the sake of
> > argument, we have found a good encrypter. How important is the
> > choice of a password? I have often heard that if you had a
> > password like athxa or bthxb, it is not good because there is
> > repitition.
>
> Not seldom one is limited to the input of maximal 8 characters.
> I prefer to use in that case 8 characters from the set {a-z, 0-9},
> determined mechanically (in a rather inelegant way). But the problem
> is that there is some probability that one forgets such sequences.
> So I keep a secure copy for the eventual worst case. This is
> certainly far from ideal. Does someone know a better solution?
The only solution I know is to code a passphrase into a shorter
string:
- keep the 1st letter of every word
- keep any punctuation
- use digits if there are numbers...
Here's an example:
2bon2b,t'stq...
("To be or not to be, that's the question...")
--
___________
_/ _ \_`_`_`_) Serge PACCALIN
\ \_L_) [EMAIL PROTECTED]
-'(__) L'hypothèse la plus élaborée ne saurait remplacer
_/___(_) la réalité la plus bancale. -- San-Antonio
------------------------------
From: [EMAIL PROTECTED]
Date: 18 Feb 2000 08:28:12 -0000
Subject: Re: UK publishes 'impossible' decryption law
Crossposted-To: talk.politics.crypto
>>>> the police *do* need to prove something: they need to show that I
>>>> did have the key. i.e., it would not (under the current proposal)
>>>> be a crime not to decrypt encrypted material when suitably told
>>> to do so unless the police could show that you once had the key.
>>> What if the accused has forgotten the key. Or mislaid the
>>> container of the key?
>>
>> According to the law, you get two years´ paid vacion, courtesy of Her
>> Majesty´s prisons. And if you happen to tell anybody about it, you
>> get a five-year bonus.
>
> Yes, thats the reason why english police is called the politest of europe
> (or even the whole world). You are not put into prison, you're just
> on vacation. Sad I'm not living in the kingdom...
>
> This law is idiotic. Why has anyone the right to read some data when,
> for example, they are my diary, or my poems ? I've the right to have
> some secrets ! And I've the right to store them electronically, if I
> want.
Citizens have rights.
People living under the Crown of England are not citizens, they are subjects.
Subjects don't have rights.
In the end, the only rights you have are the rights you're willing to fight
for. Anything else the government will gladly strip from you in the name of
"the public good" or "saving the children".
Crypto threatens a government's ability to control the masses. This is
intolerable to a government and so must be co-opted, subverted, or destroyed.
Mao said it best - "All power ultimately comes from the barrel of a gun."
Any firearm can be used as a weapon. The US govt considers crypto to be dangerous
enough that it is classified as a "munition". What does that tell you?
------------------------------
From: "Lassi Hippeläinen" <"lahippel$does-not-eat-canned-food"@ieee.org>
Subject: Re: Netscape security?
Date: Fri, 18 Feb 2000 08:37:11 GMT
Glenn Larsson wrote:
>
> Lassi Hippeläinen wrote:
> > "...I'm not sure if it is legal in Sweden..."
>
> *Why* would it be illegal?
>
> Regards,
> Glenn
The Swedes and the Norwegians have lately had friendly relationships,
somewhat in the same manner as the Protestants and the Catholics in
Northern Ireland. Especially now that the Telia-Telenor merger ended in
divorce.
OK, it was a Scandinavian inside joke...
-- Lassi
------------------------------
From: "Lassi Hippeläinen" <"lahippel$does-not-eat-canned-food"@ieee.org>
Subject: We Finns were smarter... Re: My background - Markku Juhani Saarelainen - few
additional findings
Date: Fri, 18 Feb 2000 08:51:58 GMT
Who is this guy? A troll?
William A. Nelson wrote:
>
> I, William A. Nelson, learned from few people who had worked with Markku J.
> Saarelainen or played with him that he actually never used any swear words. He just
> was there. After studying his background in detail he has not made any negative
> remarks or comments unless these statements have been justified in the past for
> some reason. I went through all his personal emails and other records and did not
> find any swearing or other bad words. They told me that he had never bad mouthed
> anybody behind their backs. The character had to be modified slightly just to add
> few words for increased effectiveness to attract few crazy Finnish people to attack
> the character.
"Few crazy"? Ordinary Finns didn't bother even then...
> It worked better than it was ever expected. After my complete
> research, I concluded that Markku J. Saarelainen was not really Finnish at all
> (actually, in his few messages to Russia in 1996 and 1997, he had indicated that he
> was from the USSR or something) and when he was in Finland in 1980's most Finnish
> people were aggressive toward his behavior (which is very strange indeed).
By 1996 the USSR had been gone for three years! But if he was from
there, it wouldn't be surprising that we didn't treat him nicely. The
Soviets were never that popular over here. Especially not in the '80s.
> It is my
> conclusion that he was a plant in a family in Finland since 1960's and then moved
> around the world with the totally different DNA and much higher IQ than typically
> Finnish people have. I accessed his IQ test results in few databases and found out
> that his logical and thinking IQ was around 156 and his emotional IQ was over 97 %
> of all people. He indeed was the plant.
Totally different DNA is not possible. Humans have 98% the same DNA as
apes... And IQ 156 would be above *any* nation's average, right?
>
> Greetings,
>
> William A. Nelson
-- Lassi
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Fri, 18 Feb 2000 09:57:08 +0100
Douglas A. Gwyn wrote:
>
> The basic C standard I/O functions such as getc/putc operate on
> bytes, always; when the stream was opened as a text stream, there
> is (on many non-POSIX systems) additional mapping between the
> program internal data and external data. For example, newline
> pseudo-characters are introduced between text records in a fixed-
> record format environment, or for MS-DOS, CR,LF pairs are replaced
> by a single NL internally, and ^Z might be interpreted as ending
> the text stream (which was the cause of this thread). No such
> mapping is performed when the file was opened as a binary stream.
To be sure that I didn't misunderstand, I like to ask whether the
code (from KR):
while ((C = getc(fp)) != EOF)
.........
needs to be modified or using rb is sufficient for taking care of
the presence of any bit combinations in the file. Thanks.
M. K. Shen
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Division in GF(2^n)
Date: Fri, 18 Feb 2000 09:57:21 +0100
Runu Knips wrote:
>
> Mok-Kong Shen wrote:
> > Paul Koning wrote:
> > > Well, certainly patenting mathematics is as absurd as patenting
> > > genetics, but both seem to be permitted by the US patent office
> > > these days. [...]
> > > But you don't need to worry about most of the cases you mentioned.
> > > School math is clearly not patentable -- it's not "novel". [...]
> >
> > I am not quite sure of that. I can't see e.g. that using the relation
> > 1/B = B^(2^n-2) is anything that qualify as 'novel' at all. (It is
>
> But patenting mathematics is essentially the same as patenting
> software, which is possible in the U.S., too ! If you state that
> mathematic ideas shouldn't be patentable, you have to say also
> that algorithms can't get patented, don't you ? At least I can
> see no basic difference between these two. Where is there the
> frontier ?
>
> Patenting genetics is only the final step. I think if I find
> a new star or a new animal, I'll try to patent them, too. Oh
> I'm becoming sarcastic...
I think that there should be certain 'principal' distinctions
about what are patentable and what not. Laws, if I don't err,
should weigh between interests of the individuals and the interests
of the society as a whole. In situations where something is to
the disadvantages of the society, than interests of the individuals
have to be sacrificed. I personally am against patenting algorithms
in general. Imagine the situation where there are a lots of patents
on how to solve partial differential equations. The advance of
technology would be greatly hampered, wouldn't it? I believe naming
the particular methods of solution after the persons who find them
is an appropriate way of 'rewarding' these in this case. Further,
imagine cases where a surgeon patents his techniques (say cutting
into the heart from a certain point), where an architect patents
buildings of round base, where a cook patents putting pepper into
certain dishes, etc. etc. etc. It is evident that we shouldn't
allow everything to be patentable, isn't it? The principle of
rewarding shouldn't always apply. (Consider even the law prohibiting
smuggling. Allowing smuggling would 'reward' the smugglers of
their efforts in transporting the commodities, wouldn't it?)
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Processor speeds.
Date: Fri, 18 Feb 2000 09:56:37 +0100
John wrote:
>
> How many MIPS does a pentium 3 perform? How many does the
> fastest super computer perform?
I can't answer this interesting questions but like to note that
(1) MIPS depends on the MHZ of the chip (2) MIPS gives only
a rather rough comparison, other factors affecting the speed
being the algorithm in relation to the hardware structure (3)
It seems in my view that since quite a time using a cluster
of small computers is much more economical than a big computer,
but there apparently are 'fans' on both sides of the issue (very
probably the lobbying of big computer manufacturers is also
involved here) (4) Even the diverse so-called benchmarks normally
give results more or less different from one another.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: I stole also the diary and calendar of Markku J. Saarelainen
Date: Fri, 18 Feb 2000 10:10:38 +0100
William A. Nelson wrote:
>
> I stole also the diary and calendar of Markku J. Saarelainen. This diary
That a person pretends to be someone (real or virtual) else, even
though might have a bit of parallel with transforming a bit sequence
into another as is done in cryptology, is certainly and definitely
not what interests this group. Check whether there are other
internet groups where your posts are appropriate.
M. K. Shen
------------------------------
From: "tiwolf" <[EMAIL PROTECTED]>
Crossposted-To: misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Fri, 18 Feb 2000 01:53:32 -0800
My ability to think is clear, there is nothing impossible only tasks which
we are not yet equipped to perform. While those here claim that it can't be
done I say that if it has not yet been done it will be done eventually.
Other argue the philosophy that God does not know the highest form of pi or
even that there is an end to pi for God to know. Since that is the argument,
I argue that God inspires innovation and thought therefore, God knows all of
pi string. If God was willing he could tell us the whole string, we would
die before he finished speaking but God would still be telling our corpses
the pi string. We are finite, God is infinite.
Trevor Jackson, III wrote in message <[EMAIL PROTECTED]>...
>tiwolf wrote:
>
>> Now Johnny who is blatant stupidity, you claim that even God does not
know
>> what the highest number is. Given that God is created all things in the
>> universe, and inspired human creativity and invention, how can you say
that
>> God does not know what the highest number is. That would be an indication
of
>> limit and according to the philosophical debate and my religious up
bringing
>> God is limitless in power and knowledge.
>
>The true issue appears at last. Your upbringing is interfering with your
>ability to think. It's a reasonably popular excuse these days.
>
>
------------------------------
From: "tiwolf" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Fri, 18 Feb 2000 01:58:32 -0800
Considering recent reports indicate that we destroyed every museum piece the
Yugo army had and what were essentially card board cutouts ( or inflated
tank mockups?) of tanks and armor our forward observes did a great job and
JSTARS was worth every penny. Talk about smart bombs.
W A Collier wrote in message ...
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>says...
>> As a follow up to this, there have been occasional mentions in the
>> press both throughout the Gulf conflict (not the Desert Storm one but
>> the later missile launches...) and during the Nato bombing of Kosovo
>> referring to interception and decryption of `bad guy' communications
>> by the allies. In some cases specific mention has been made of
>> `decryption' ...
>>
>> [Sorry I can't provide citations right now...]
>>
>> I'm curious, if PGP and similar widely available freeware and
>> commercial packages are so secure why aren't the Iraqis, Serbs, etc
>> etc using them?
>>
>> Of are they using them and we are still cracking them?
>
>They were using what they wre trained on and had paid for: Good used
>(compromised) Russian crypto gear from the early 1970's. They spent
>their modernization on planes and tanks, not on logistics and commo
>(C3I). Consequently, thats where we attacked and crushed them: C3I and
>logistics. Aside from that, traffic analysis (somethein that famous
>agency is quite good at) combined with Radio DF and satellite and JSTARS
>imagery, and adding in decent HUMINT (Special forces and cavaly scout and
>Marien Recon forward sections) can paint a very good picture of an enemy,
>his forces, their dsiposition and probable intent - without much or any
>crypto breaks.
>
------------------------------
From: RavingCow <[EMAIL PROTECTED]>
Subject: RC4 and Salt and Pepper
Date: Fri, 18 Feb 2000 20:35:05 +1100
Just a quick (I hope) question regarding RC4:
If I am encrypting plaintext M using password P and a random 256-bit
salt S, given all possible cipertexts with all possible salts, (ie 2^256
cipertexts, all with the same message and password, just a different
256-bit salt,) how much of the plaintext/password can be found/attacked?
What if you are only given half that amount of ciphertexts? (randomly
chosen)
Thanks in Advanced,
--RavingCow
---
"When all else fails, throw another megavolt over it."
RavingCow
---
[EMAIL PROTECTED]
PGP: 33D2 A90C D908 2607 0C91 4316 2E39 81AA
------------------------------
From: RavingCow <[EMAIL PROTECTED]>
Subject: RC4 and Salt and Pepper
Date: Tue, 15 Feb 2000 22:22:34 +1100
Just a quick (I hope) question regarding RC4:
If I am encrypting plaintext M using password P and a random 256-bit
salt S, given all possible cipertexts with all possible salts, (ie 2^256
cipertexts, all with the same message and password, just a different
256-bit salt,) how much of the plaintext/password can be found/attacked?
What if you are only given half that amount of ciphertexts? (randomly
chosen)
Thanks in Advanced,
--RavingCow
---
"When all else fails, throw another megavolt over it."
RavingCow
---
[EMAIL PROTECTED]
PGP: 33D2 A90C D908 2607 0C91 4316 2E39 81AA
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
