Cryptography-Digest Digest #171, Volume #11 Mon, 21 Feb 00 01:13:01 EST
Contents:
Re: OAP-L3 Encryption Software - Complete Help Files at web site
([EMAIL PROTECTED])
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Peter Rabbit)
Markku J. Saarelainen is William A. Nelson - vetakaa turpaan jokaista ("William A.
Nelson")
Re: Markku J. Saarelainen is not a Jew and has never been - he is just a ("Markku
J. Saarelainen")
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Chuck)
Re: Question about OTPs ("Stephen M. Gardner")
Re: Markku J. Saarelainen is not a Jew and has never been - he is just a ("Markku
J. Saarelainen")
Re: Markku J. Saarelainen is William A. Nelson - vetakaa turpaan jokaista USAlaista
! ("Igor S.")
US secret agents work at Microsoft claims French intelligence report (Dave Hazelwood)
Re: Swapfile Overwriter: R.I.P. (Dave Hazelwood)
Re: Question about OTPs (Ralph Hilton)
Re: Does the NSA have ALL Possible PGP keys? (John Savard)
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Terry Ritter)
Re: EOF in cipher??? ("Douglas A. Gwyn")
Re: EOF in cipher??? ("Douglas A. Gwyn")
Re: NSA Linux and the GPL ("Douglas A. Gwyn")
Re: NIST publishes AES source code on web ("Douglas A. Gwyn")
Re: NIST publishes AES source code on web ("Douglas A. Gwyn")
Game of General - Dictionary - Language and Updates ("Markku J. Saarelainen")
Re: NIST publishes AES source code on web ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Mon, 21 Feb 2000 00:00:51 GMT
> Do you also think that no one should be interested in a utility
> program that will overwrite a file completely where each BIT is
> overwritten first with one's (every byte to 11111111) and then the
> entire file is overwritten again with zeros (every byte to 00000000)
> to effectively wipe out any trace of the original data contained in
> the file?
Look, as I've already told you, I am not a cryptographer, but even I know
that this method is not secure. Take a look at http://
www.cs.auckland.ac.nz/~pgut001/secure_del.html for better methods and a
quick overview on secure file deletion.
Greetings,
Erich Steinmann
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Peter Rabbit <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Mon, 21 Feb 2000 00:56:20 GMT
Anthony Stephen Szopa wrote:
>
> "Tony L. Svanstrom" wrote:
> >
> > Peter Rabbit <[EMAIL PROTECTED]> wrote:
> >
> > > Hey guys, give the guy a break. If you think is programme is snake oil
> > > then it should not be hard to show just that. Until then it is unfair to
> > > judge his prog. out of hand. Maybe he's on to something. You all seem to
> > > forget that before "Chris" the world was flat!
> >
> > Just take a look at this site...
> >
> > /Tony
> > --
> > /\___/\ Who would you like to read your messages today? /\___/\
> > \_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
> > --oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
> > DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
> > ---ôôô---ôôô-----------------------------------------------ôôô---ôôô---
> > \O/ \O/ ©1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
>
> I think he has done better than that: he may have the software.
>
> You are NOT talking to a fool when you address Mr. Rabbit.
>
> So you better be careful you don't blow your cover with him like
> you have already done with me.
I am not taking anybody's side here. All I am stating is: Investigate
before judging and then prove what you are asserting. That goes for both
sides. If your program stands the test of time and analysis... COOL, if
not... TOO BAD! I think if you want to silence your critics, publish
your algo. I know that IDEA, BLOWFISH, RC4 etc. are all available in
algo form to be analyzed and criticized. It might teach you or them
something. I don't know.
Peter Rabbit
------------------------------
From: "William A. Nelson" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.soviet,soc.culture.nordic,soc.culture.german,soc.culture.ukrainian,soc.culture.israel,soc.culture.china,alt.2600
Subject: Markku J. Saarelainen is William A. Nelson - vetakaa turpaan jokaista
Date: Mon, 21 Feb 2000 01:14:57 GMT
Markku J. Saarelainen is William A. Nelson - vetakaa turpaan jokaista
USAlaista !
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.israel,soc.culture.russian,soc.culture.soviet,soc.culture.german,soc.culture.nordic,soc.culture.china,alt.2600
Subject: Re: Markku J. Saarelainen is not a Jew and has never been - he is just a
Date: Mon, 21 Feb 2000 01:53:19 GMT
Milta tuntuu saada palkaa valtiolta tai muilta yrityksilta ja tietaa
samalla etta mina olen ollut palkatta yli vuoden, vaikka olen tehnyt
hommaa muille 24 tuntia paivassa ja teidan USAn suurlahetysto on
auttanut minun pahinta vihollistani minun erossa asuvaa vaimoa -
vetakaa vaan turpaan sita Esko Ahoa ja kaikkia muita USAlaisia -
prosessi on jo aloitettu!
Vetakaa turpaan jokaista USAlaista !
------------------------------
From: Chuck <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Sun, 20 Feb 2000 18:13:31 -0600
On Sun, 20 Feb 2000 22:35:44 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote:
>
>On Sun, 20 Feb 2000 09:26:45 -0600, in
><[EMAIL PROTECTED]>, in sci.crypt Chuck
><[EMAIL PROTECTED]> wrote:
>
>>[...]
>>In the privacy and encryption communities, an algorithm or
>>implementation is considered guilty until proven innocent.
>
>But in cryptography there *can* *be* *no* "proven innocent." About
>the best we get is "not proven weak," and we just get that when people
>run out of attack ideas, or when something must be chosen on schedule.
I really didn't want to get into all that. <g>
>>[...]
>>Of all the algorithms subjected to rigorous analysis
>>over the past 15 years, there are fewer than ten survivors that are
>>trusted well enough by governments to be used in military and
>>spy-vs-spy communications.
>
>That value sounds way, way low.
There may be a lot of oddballs in small places, but from what I've
read it appears that only a handful of algorithms make up the lion's
share of military & intelligence encryption. Am I wrong? If so I'd
like to know just for curiosity's sake what other algorithms besides
the usual (IDEA, 3DES, possibly Blowfish) are in widespread use by the
military and intelligence agencies around the world?
------------------------------
From: "Stephen M. Gardner" <[EMAIL PROTECTED]>
Subject: Re: Question about OTPs
Date: Sun, 20 Feb 2000 20:25:02 -0600
Bill Unruh wrote:
> In <[EMAIL PROTECTED]> Arthur Dardia <[EMAIL PROTECTED]> writes:
>
> In a OTP, no byte of the one time pad should ever be reused in any way.
> If a byte is used for any purpose, throw it away and never use it again.
"In any way"? You'll be in a fine mess when you use up all 256 of them! ;-)
Perhaps you want to restate this a little more carefully? ;-)
--
Take a walk on the wild side: http://www.metronet.com/~gardner/
There is a road, no simple highway, between the dawn and the
dark of night. And if you go no one may follow. That path is
for your steps alone.
The Grateful Dead ("Ripple")
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.israel,soc.culture.russian,soc.culture.soviet,soc.culture.german,soc.culture.nordic,soc.culture.china,alt.2600
Subject: Re: Markku J. Saarelainen is not a Jew and has never been - he is just a
Date: Mon, 21 Feb 2000 02:38:47 GMT
Vakoilkaa jokaista USAlaista Euroopassa niin paljon kuin haluatte --- ei
haittaa mitaan -- nothing matters any longer - olen kokenut saman
taalla USAssa -- USALAISET OVAT VIHOLLISIAMME -- lukekaa minun
aikaisemmat viestini - olen menossa SOTAAN ! Goodbye good relations
between Finland and the U.S.A !
Taalta jostain --- tarkka-ampuja Tuntemattomasta Sotilaasta !
Sotaisin Terveisin,
Markku Alias J. Saarelainen
P.S. Alias = William A. Nelson
------------------------------
From: "Igor S." <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.soviet,soc.culture.nordic,soc.culture.german,soc.culture.ukrainian,soc.culture.israel,soc.culture.china,alt.2600
Subject: Re: Markku J. Saarelainen is William A. Nelson - vetakaa turpaan jokaista
USAlaista !
Date: Sun, 20 Feb 2000 21:42:14 -0500
William A. Nelson wrote in message <[EMAIL PROTECTED]>...
>
>Markku J. Saarelainen is William A. Nelson - vetakaa turpaan jokaista
>USAlaista !
duh :-)
>
------------------------------
From: [EMAIL PROTECTED] (Dave Hazelwood)
Subject: US secret agents work at Microsoft claims French intelligence report
Date: Mon, 21 Feb 2000 02:57:27 GMT
An intelligence report out of France has accused US secret agents of
collaborating with computer giant Microsoft in developing a software
that would allow Washington to spy on communications around the world.
Drawn up by the intelligence arm of the French Defense Ministry, the
Strategic Affairs Delegation (DAS), the report was quoted the
newsletter Le Monde du Renseignement (Intelligence World) on Friday.
The report claims that agents from the National Security Agency, NSA
helped install secret programmes in Microsoft software which is
currently in use in no less than 90 percent of all computers.
The NSA protects communications for the US government, and also
intercepts electronic messages for the Defence Department and other US
intelligence agencies, the newsletter said.
According to the report, "it would seem that the creation of Microsoft
was largely supported, not least financially, by the NSA, and that IBM
was made to accept the (Microsoft) MS-DOS operating system by the same
administration".
It also said that the Pentagon was Microsoft's biggest client in the
world.
------------------------------
From: [EMAIL PROTECTED] (Dave Hazelwood)
Subject: Re: Swapfile Overwriter: R.I.P.
Date: Mon, 21 Feb 2000 03:01:38 GMT
Go get Scramdisk....it has one to wipe both freespace and
the swapfile.
[EMAIL PROTECTED] (Steve K) wrote:
>From the bad news / bad news department:
>
>The EULA for Scorch has changed, to prohibit integrated use with
>external applications.
>
>In compliance with this, Visual Fantasy has withdrawn Swapfile
>Overwriter, which re-boots Win9.x to DOS and runs Scorch to overwrite
>win386.swp.
>
>Not a problem for old timers who know what a command line is and how
>to write a batch file, but maybe someone wants to write a utility to
>replace the combination of Swapfile Overwriter and Scorch, for the
>point-and-click crowd?
>
>Visual Fantasy (Where Swapfile Overwriter used to live):
>http://www.kagi.com/vfstudio/faq.htm
>
>Iolo Davidson's RealDelete page (good stuff):
>http://www.bonaventura.free-online.co.uk/realdelete/
>
>:o\
>
>
>Steve
>
>---Continuing freedom of speech brought to you by---
> http://www.eff.org/ http://www.epic.org/
> http://www.cdt.org/
>
>PGP key 0x5D016218
>All others have been revoked.
------------------------------
From: Ralph Hilton <[EMAIL PROTECTED]>
Subject: Re: Question about OTPs
Date: Mon, 21 Feb 2000 04:25:37 +0100
Reply-To: [EMAIL PROTECTED]
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
On Sun, 20 Feb 2000 18:26:16 GMT, [EMAIL PROTECTED] (Jim)
wrote:
>On Sun, 20 Feb 2000 10:30:25 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
>wrote:
>
>>ChenNelson wrote:
>>> Actually, in my lab class I think I've stumbled across a very
>>> efficient way of generating a OTP. Take an oscilloscope, hook it to an
>>> A/D board on the computer, and have the oscilloscope record noise.
>>> Then, for all voltages >0 output a 1, and all voltages <0 record a 0
>>> (or the other way around). ...
>>
>>Where is the source of that "noise"? I bet there is a substantial
>>component at 60Hz (in the US, 50Hz in Europe).
>
>Eggsackly! Better to use FM radio or TV noise.
Also the least significant bit from the A/D rather than the MSB.
=====BEGIN PGP SIGNATURE=====
Version: 6.5.1ckt
Comment: New KeyID 0xACEC0DE1 19.2.00 http://pgpkeys.mit.edu:11371
iQA/AwUBOLCiFGkmQi6s7A3hEQIRbQCfUzYj4liOFZX+0x0jkqysmkaV2NAAoNS5
jjISmVCuzNiN56po9YS06cRI
=sAaO
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: misc.survivalism,comp.security.pgp.discuss
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Mon, 21 Feb 2000 03:59:59 GMT
On Thu, 17 Feb 2000 06:52:44 -0800, "tiwolf" <[EMAIL PROTECTED]>
wrote, in part:
>Now Johnny who is blatant stupidity, you claim that even God does not know
>what the highest number is. Given that God is created all things in the
>universe, and inspired human creativity and invention, how can you say that
>God does not know what the highest number is. That would be an indication of
>limit and according to the philosophical debate and my religious up bringing
>God is limitless in power and knowledge.
God, being perfect, has correct knowlege about mathematics. Thus, He
knows all the properties of all the integers. And He also knows the
truth about "the largest integer": there is no such thing. Anyone who
thinks he knows what the largest integer is is a fool, and God is no
fool.
However, He does know all the transfinite numbers, and whether the
Continuum Hypothesis is true or not. And there is at least one body of
opinion concerning the transfinite numbers that does postulate a
largest transfinite number, denoted by a capital omega - rather
appropriately. So perhaps there can be a largest _number_, if one
leaves the real line to include the transfinites.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Mon, 21 Feb 2000 04:31:39 GMT
On Sun, 20 Feb 2000 18:13:31 -0600, in
<[EMAIL PROTECTED]>, in sci.crypt Chuck
<[EMAIL PROTECTED]> wrote:
>On Sun, 20 Feb 2000 22:35:44 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote:
>
>>On Sun, 20 Feb 2000 09:26:45 -0600, in
>><[EMAIL PROTECTED]>, in sci.crypt Chuck
>><[EMAIL PROTECTED]> wrote:
>>>[...]
>>>Of all the algorithms subjected to rigorous analysis
>>>over the past 15 years, there are fewer than ten survivors that are
>>>trusted well enough by governments to be used in military and
>>>spy-vs-spy communications.
>>
>>That value sounds way, way low.
>
>There may be a lot of oddballs in small places, but from what I've
>read it appears that only a handful of algorithms make up the lion's
>share of military & intelligence encryption. Am I wrong? If so I'd
>like to know just for curiosity's sake what other algorithms besides
>the usual (IDEA, 3DES, possibly Blowfish) are in widespread use by the
>military and intelligence agencies around the world?
I doubt that any of the "open" ciphers are used for serious military
communications. Military ciphers are almost universally secret, which
means that we cannot even name the algorithms being used. The
widely-touted advantages of "open" cipher designs are not universally
appreciated.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Mon, 21 Feb 2000 05:27:57 GMT
"Trevor Jackson, III" wrote:
> So, you are now the final arbiter of "interesting"?
No, but I do have an interest in the dissemination of
accurate information about C.
> Get stuffed.
So that's your response to being wrong?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Mon, 21 Feb 2000 05:32:59 GMT
Mok-Kong Shen wrote:
> A non-expert has to wait till the heated dispute of
> the diverse experts settles before being able to know the truth,
> doesn't he?
No, that's why you were born with a brain of your own.
The "heated dispute" was not a dispute among experts,
who are in agreement on all the major issues involved.
You can check who is and is not a reliable source of
information on the subject by checking what they say
against reference material, in this case the standard
defining the programming language. If you want to
learn more about the C programming language, there are
several suitable sources, including a book co-authored
by the original inventor of the language.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NSA Linux and the GPL
Date: Mon, 21 Feb 2000 05:35:08 GMT
John Savard wrote:
> Doubtless, one could add a sort of MLS to Linux with a few changes to
> the kernel ...
No, sorry. You don't get a secure system by tweaking an insecure one.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES source code on web
Date: Mon, 21 Feb 2000 05:42:39 GMT
John Savard wrote:
> ... applying the adjective "thankfully" to a
> statement that the U.S. hasn't ratified a treaty that would obligate
> it only to do much less than it already voluntarily does in the way of
> export control was the one thing that puzzled me.
Ahh.. The problem with ratifying treaties is that it *does* have
force of law, and that law is hard to change. The various
Administration policies on control of cryptology are easier to
change, as we have recently seen, and have legal basis only in
limited domains where Congress or the Constitution has previously
given the Executive branch the authority to impose such controls.
Also, I would be equally or even more "thankful" if the Executive
failed to adopt some such package of controls, as I was that W.A.
was not ratified.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES source code on web
Date: Mon, 21 Feb 2000 05:52:55 GMT
Mok-Kong Shen wrote:
> ... the US lobbyed to have the crypto clauses put in.
> (A high official came to Bonn for that.)
Note that the US Congress had immediately prior to that told the
US Executive branch that such controls, especially key escrow
provisions, were not the will of the People of the US. But
this Administration has the longstanding habit of all Liberal
Democrats of believing that it knows what is best for others and
will keep trying to get its way regardless of the absence of a
mandate to do so.
> Making strong crypto of 128/256 bits (entirely) freely available
> to the terrorist countries does not only contradict its previous
> wishes (while lobbying) but also evidently goes in a direction
> diametrically opposite to the aim and spirit of Wassenaar as a whole
> (crypto is only a part of the issues contained in the Agreement).
> Why it does this is not yet very clear (in the sense of understandable
> proofs) to me.
The politics may not be clear, but the technical point has always
been obvious that such restrictions do not significantly impede
the Bad Guys (who can tunnel in their own strong crypto), while
they do significantly impair the freedom and privacy of the Good
Guys. Perhaps there is a feeling among the decision makers that
the ploy of removing more and more freedom in the name of "law
enforcement" is not fooling so many citizens these days.
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,alt.2600,alt.math,soc.culture.russian,soc.culture.nordic,soc.culture.soviet
Subject: Game of General - Dictionary - Language and Updates
Date: Mon, 21 Feb 2000 05:56:08 GMT
I have updated the Game of General web page:
http://homestead.virtualjerusalem.com/waeg/gameofm.html
I also added the dictionary or the code book of the game (the phonetics
of the game is KMOALEXT):
http://homestead.virtualjerusalem.com/waeg/files/langm.htm
Hopefully, those people in export regulations understand that anybody
can communicate in any language and you really do not reveal what you
are saying.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES source code on web
Date: Mon, 21 Feb 2000 06:06:02 GMT
Mok-Kong Shen wrote:
> ... in conformity with the fact that governments (plural) don't seem
> to like to see advancements of the science of cryptology in the
> public ...
Nor do they like to see anyone other than themselves making
advances in offensive or defensive military weaponry, nor in
several similar areas. But what a government "likes" is not
particularly relevant; it's what it can *do* about it.
> Cf. the history (in the sixties, if I remember correctly)
> that crypto publications should be suppressed or (as is later
> implemented) the manuscripts are subject to voluntary presentation
> by the journal editors to the authorities for prior 'review'.
I think you refer to *one* incident where an NSA employee on
his own initiative contacted symposium attendees about vetting
their presentations. Suppression was clearly not within the
legal authority of the Agency nor indeed of any part of the US
government. As one result of the flap that occurred, several
publishers agreed to voluntarily submit potentially dangerous
articles for Agency review, but would not be bound to abide by
the Agency recommendations. There was precedent for this, for
example, David Kahn's "The Codebreakers" was published minus a
couple of items that could have adversely impacted on national
security.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
