Cryptography-Digest Digest #185, Volume #11 Wed, 23 Feb 00 07:13:01 EST
Contents:
I have added few images of my notebooks to alt.politics.org.cia ("Markku J.
Saarelainen")
need help! decryption (jamie)
Re: Passwords secure against dictionary attacks? (John Underwood)
Re: OAP-L3 Encryption Software - Complete Help Files at web site ("Douglas A. Gwyn")
Re: need help! decryption (Elgar)
Re: EOF in cipher??? (Mok-Kong Shen)
Re: Processor speeds. (Mok-Kong Shen)
Re: Passwords secure against dictionary attacks? ("Steve Coath")
cannot understand CFB mode code.. ([EMAIL PROTECTED])
Re: Passwords secure against dictionary attacks? ("Ken Hagan")
Transmitting ciphered data ("Markus Eiber")
First announcement for ECC 2000 (Alfred John Menezes)
Re: Passwords secure against dictionary attacks? ([EMAIL PROTECTED])
Re: Passwords secure against dictionary attacks? (Michel Dalle)
Re: need help! decryption (Runu Knips)
Re: I am really scared of my NT ([EMAIL PROTECTED])
Re: Stuck on code-breaking problem - help appreciated ("jdc")
Re: Does the NSA have ALL Possible PGP keys? ("csabine")
----------------------------------------------------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To:
alt.2600,soc.culture.russian,soc.culture.soviet,soc.culture.nordic,soc.culture.europe,soc.culture.german,soc.culture.ukrainian,soc.culture.china
Subject: I have added few images of my notebooks to alt.politics.org.cia
Date: Wed, 23 Feb 2000 07:05:31 GMT
I have added few images of my notebooks to
alt.politics.org.cia
all these are intelligence related .. I still have hundreds of pages of
my notebooks that I have to review for you ..
other posted diary and notebook entries are at
http://homestead.virtualjerusalem.com/waeg/Diaries.html
Visit also the Game of General (M) (updated with the language - actually
I can teach the language to you more clearly - it is quite simple but
very effective) at
http://homestead.virtualjerusalem.com/waeg/gameofm.html
Best regards,
Markku
------------------------------
From: jamie <[EMAIL PROTECTED]>
Subject: need help! decryption
Date: Wed, 23 Feb 2000 07:48:36 GMT
This arrived in my email and I have no idea what it is, can someone tell
me how to decypher it?
Thanx in advance...
Subject:
�u�ꪺ�G�ơA�ЧA�ڤ@��������
From:
Nothing <[EMAIL PROTECTED]>
�@�@�z�n�A�ܩ�p�A���Z�z�_�Q�����H�ɶ��A�o�ä��O�@�ʼs�i�H�A�ӬO�o�ͦb�ڪB
�ͨ��W���@��u�ꪺ�G�ơA���M�ڨä��{�ѱz�A�z���l���}�]�O�ڱq�����W�Ҩ��o
���A���٬O�n�бz���I�ɶ��N�o�ӬG�Ƭݧ��A�p�G�i�H���ܡA�бN�o�ʫH�ǵ��z���B
�͡A���M�H���d�@���D���P�z�L���A���p�G�x�W��q���D�~��p���A�֤]�����O�ҤU
�@���d�@�|���|�N�o�ͦb�ڭ̪��B�͡СЬƦܬO�ڭ̦ۤv���W�A�Ц@�P�n�D�ڭ̪��F
���Ψ�x���A�P��u�|�b���|�ɥ����šA���Ǩ����θq�����סA�ˤ��p�u����@�I��
��b�ڭ̳o�Ǥp�Ѧʩm���W�A���ڭ̥i�H���@�ӧK���ߪ����ҡC
�@�@�H�U�O�����̩Ҽg�����A�H���γ\���ǿ��r�A�����L�����ƤH�A�ڨä��[����
���ק�A�H���I���A�бz�@�ߧ⥦�ݧ��C
�M�o�{�ѬO�b�_���������W,���@�ѧڭ̲᪺�ܶ}��,���ͤ����ڭ̤~���D�ڭ̦����O
�p���x��]���ڭ̤��ۯd�U�q�T�覡,��ӧڭ̤����q�L�F�X���q��,���@�ѱߤW�ڨ{
�l�j�F,�p���n�a�ڥh�Y�F��,�]���ڭ̴N���X�ӦY�d�],����p,�p��ڷQ�����x�p�٥i
�R,�b�Y���������D�p�x�a�x,�p�x�@��,��өp�O�@�Ө�����j�x�k��,�@�ӤH���Φb�~
���ȿ��i���ۤv,���ɭԣx��ı�x�ۤv�M�p��_�ө��֤Ӧh�F,�^�h����ڭ̤S����F
�@��,�p�i�D�کp�Q�ǭ^��n�ڱЩp,�ڵ����F�p�i�D�p�ڣx½Ķ���S���Υi�H�ɩp,�p
ť�F�ܰ���,��өp�i�D�ک��ѭn�^�O���x�����a,�i��|�h�X��,�^�ӫ�|���q�ܵ���,
�ڧi�D�p�^�ӫ�@�_�h�ۺq,�p�����F��.
�P���@�x�U�ȥx�_�U�_�F�B,�Ѯ��I��N,���q�ܵ��p����p�H�b�x�_,��^��,�ڰ�
�p�n�h�ۺq��?�p�����F��,��ӧڬ��F�t�~�T�Ӻ��ͥh�ۺq,�ڭ̨��@�Ѱۺq�ۣx�ܶ}
��,�P���T�x���ڭ̦b�u�W�I�F��,���ѤѮ�]�O�S�O�x�N,�~���٤U�_�F�B,�p�i�D��
�Q��t�@�Ӻ��ͥh���R,�n�ڸ�p�@�_�h,�ڰݩp������?�p�^���ڦ]���ڤH�n,�ӥB�h�x
�ܥi�H�O�@�p,�ӥB�p�]���|�L��,�i�O���٬O���~���ӧN�F,�ڥu�Q�h�Y�d�]���Q�h��
�R,��өp���I�������i�O�٬O�i�D�ڨ����M�j�a���X�h�Y�d�]�n�F,�p���D�ڷQ�Y��
��,���n�a�ڥh�Y�@�a�n�Y�x��,���@�ѧڬ�F�D�c��x�ܥ�,������p���q�F�ڤ@�U,
���۹�ڻ�,����~~~�A�n�l�l��!!�ڤ]���F��!�^���p�ڥ��ӴN�O�l�l��!!���M���|�j
�a���R�O?�p���۹�ڻ���r!��r!�]���p�y�֫p��!��ӧڭ̴N��t�~��Ӻ��ͥh�Y�d
�],�e�p�^�a�x���W,�ڭ̦b�M�ӤU��F�@�|,�p�i�D�ڷQ�^�̪�i��|�^�O���x�����a,
�ڻ��S���Y�ڭ��٬O�i�H�ܱ`�����x,�^�a��즭�W�ڤ~�ε�!!
�ıߤ��I�h�_��ť�����p�x�d��,�p���ڦn��!!�Ψ�{�b�٨S���n�ڻ��ְ_��,��
�n�d�x�n���е���!!ť���d����ڰ��W�^�F�p�q��,�p�|�گu�|��,�گ��F���ݩp����n
�d�x�r?�p�i�D�ڦ��Ӻ��ͭn�ЦY����n�a�p��ڥh,�ڻ��L�S���{�ѧ�,�p���p���i�D
�L�L�F�r?�گ��۰ݩp����C������ͥX�h���n�ڳ��r!�p�����x���]���ڭn�O�@�p�r!!
����...�ڬ�M�ܦ��p�x�p��Z�F�ڧi�D�p!!��F�@�U,�p�i�D�ڦ��Ӻ��ͱH�Ӥ����p,��
���ڤ]�n��,�p�s�ڧ֤W��,�ڭ̴N�b�����W��F�_��,�p��Ӥ��ǤF�L��,�b��ѫǤ�,��
�i�D�p�ک��ѭn�^�]�ߤF,�]���ڦѪ��n�}���W�Ӹ��ڦ^�a,�p���ڦn�����l��!!�ڧi�D
�p�]���L�n�W�x�_�B�z�Ʊ����K��!��өp���{�l�j�F,�ڻ��n�r,�ڭ̥h�Y�F��h�h�L
�Y�n�F,�ڬ��F���ɦb��ѫǤ��x�@�ӪB��,�O�ڦb�����W�{�ѣx�n��!!�p�e�����ܵ���,
�ݧ�2/2��p�ͤ�,���ڦp�G�^�a�N�������p�y���F,�ڧi�D�p�ڷ|�W��,�p�ݤF�ڨ⦸,��
�֩w�x�^���F�p,�p�e�F�ڤ@�i���y,�p�ݧڵ��|�Y�d�]�ɭn�Ƨ���?�]�����ѥh�Y�d�]
�ɩp�]�S�Ƨ�,�ڶ}�����x�i�D�p�Ѧ�t,�ݤ��X�ӣx��!!��ӧڭ̸�t�@�Ӻ��ͬ��b��
�s���B��,���M���h�p���x�a�豵�p,���ѣx�p��x�S�O�x�i�R,�b���W�p�i�D�ڦn�N��!!
�٦n���{��,�ڧ⼯������b���B������,��ӧڭ̴N�M�ڣx�t�@�Ӧn�ͤ@�_�����B�h
�C�毸.
�M�Ӵd�@�x�}�l�N�b���ɵo��,�Ӧ����N�o�ˮ����x��F�p��,�U�F���ڭ̪u�۰���
�ǣx�����D�樫,�ڭ̦�������,�p���b�کM�B�ͣx�᭱,�گ��ۧi�D�p,�n���n���b�ڭ�
�����r!�p�����n�p�����ѭn���ڣx�p��Z,��ť�F��p�̯��F�@�U,��Ө��h�ڭ̴N��
�@���u,�ڨ��Ĥ@��,�ڣx�n�ͨ��ĤG��,�өp���̫᭱,���ۨ���,ť��F�G�s�@�n,�ڬݵ�
������p���W,�a�F�X�B��,���t��w��ˤF�U��,�e���N�b�p�G�p�x�U�b�����ӤF�L�h,
���ɣx�ڶ̲��F,���R�xݴ�����q���x�e��,�������F�U��,�B�Ͱ��W��p�q�������U��
�F�X��,�p��ۧڣx��i�D�ڳ۵ۧڣx�W�l,�@�n�n�x�ϧ�......,���ɧڣx�ߦ��۳Q�����x
�I�h,�ڮ��_������q�ܵ��@�@�E,�M�ἷ��ĵ��B�z��q,�ڣx�B�ͤ����x�|�����q��
�x����,�����q���i�D�ڣx�B��,�L�u�x���O�G�N�x,�]���L�Ӳ֥��O�κεۤF,���ɣx��
�S�h�z�����q��,�ݵ۩p�G�գx�y,�ᦱ�x�U�b��,�ڣx�ⴤ�̩p�o�����x�ݵ�,�p�x�L�B
�a�էi�D�کp�n�h,�M�ӧګo�u��w���p,���@���n���e����F,�i�O�]���먮�����F,��
�g�b�F�L�h,���ޥ��L��,�⨮�����������@���L��,�n���e����p�e��F��|.
�ڮ��۩p�x�ҥ����p����,�M�p���p�x�a��,���ɣx��,�߲z�Y�u�Ʊ�p�ଡ��,�ڶi�h
�ݤF�p,���W�����F�ޤl,�p�٫ܲM��,�i�O�o�O�h�W�x����,�ڴ��۩p�x��,�i�D�p�S�ƣx,
�p�|�n�x,�p�i�D�ڦn�h�n�h�n�h......��ͫ��۩p�xX�����i�D��,�p�x���ֵij����F,��
�}�M�|��,�}�M�s���x���v�]���j,���ɣx�ڹ���ĵo�F�@,�u�n�p���ۧ��@�N���U�p�@
���l���@���l�x�Ӥu!!�p�x�a�ݫ�Ӥ]�ӤF,���pñ�U�F�}�M�P�N��,���f���F�U��x��
�ͰQ�ۦp��h�ʳo��N,�ӧکM�B�ͫh�Mĵ��b������,�Q�@�I�h��ͧi�D�D�کp��
�J�F,�b�����,�Q�G�I�Q�����p�ߤU�F�j�a��....,�ڨ��i�h���F�p�̫�@��,���۩p�B�N
�x��,�ڲ��\�����x�y,�Ѱ�!!����ѤѷݬO�p���x�������a���F�o,�ڣx�߲z�R���F����
�x����M���̤�......�M��|�I�h�کM�B�ͦ^�h���B���h�o��,�ݵۨ��W��x�⳻�x�w��
�U,�Q�ۭ��~���p�Ӳ{�b�p�w�g���ڻ��h,�ڣx���\�S�����x�y�F�U��,�^�a��ڨS��,
�]���@�����N�O�p���ףx���@�}!�ڷPı�ۤv�x�ߪȵ��b�@�_,�j�f�x�h�I�l,���W�K�I
�h�M�B�ͷP�h�F��|���k�����ͩM�˹�x���f��,�q���]�ӤF,�ڭ̤@�_���F����,�q
�����ͩӻ{�ۤv�}���ӲֺεۤF,�i�O���S�p��,�p�g���F�r!�o���x�n���ȱo,
���ѧڱa�F�o�̷R�Y�x�F��h���o,�n�n���q�ܵ��ڭn�ڬݬP���|���ɱ߳��x���ɩM
�P�����x����ɳ�,�ݧ���ڦn�ͮ�,�]�������x�O�̮ڥ��O�S���L�����͵�,�u���D��
�O�H�x���p,�p�g�O��ˮa�x�����������S��,�o�x���˦]���l���r�~�J��,�i�O��ı�x
���dz��O�o�߸̭��x�h��,�o���Q�i�D�j�a�x�Ʊ�,���������x�O�ۤ��o�|�P�ףx�O�q
�i�D�j�a�h�����o��Ʊ��O?�x�_�������̪�ѬO�b�����H,�o�w�g���O�Ĥ@���ĤG��
�x�Ʊ��F����o�����ڭ̣x�F���h�ﵽ�o��Ʊ��O?�����x�O���ٻ��p�g�O�]���{���~
�Q���������x,�o�ڥ����O�ƹ�x�u��,�گu�x�n�ͮ�!!�ٻ����ɣx�ɳt�u���G�Q����,�p
�G�u���G�Q�������سt�צ^�a�ۤH����?�ڬO���ɣx�����ҤH,�ڥi�H�O�ҳo���藍�O
�ƹ�x�u��!!
�ڼg�o��,�u�O�Ʊ�z�L�����x�O�q�i�D�C�ӤH���F�u�ۥ~,�٦������ڭ̣x��q��
�D,�]���ڧƱ�p�g�x���ȱo,�Ʊ�o�x����h��_���|�N��,���j�a�`�N�o�ǰ��D,�]��
��ڭ̣x�F��������x�ѨM���D!�٦�������|�x�H���n�ѬO�X�F�Ʊ��N�|�����d��,
���Ѥ����q���εۤF,���F��H�M�I�~,���Ȥ]�O�D�`�x�M�I,����ԫe�x�Ш|�S������
�x���n�O?�G��@��O�p�x�i�O��,�M�J�ݻţx�O�G��G��O�p�x�ͤ�,�Ʊ樺�@�ѴN�O
�p�x�q��,�U�@���Ʊ�ڭ��ٯవ�û��x�B��,�ڷ|�û��^���۩p.....�Ʊ�p�b����]�L
�x�n!!
�@�B�I1.29
------------------------------
From: John Underwood <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: Wed, 23 Feb 2000 01:07:19 +0000
On Tue, 22 Feb 2000 at 23:29:35, Ilya <[EMAIL PROTECTED]>
wrote in alt.security.pgp:
(Reference: <zZEs4.2145$[EMAIL PROTECTED]>)
>
>Is it secure to take two words and join them together, such as:
>
>crypto/life cyber@machine green-dog Loud!Music
>
>I find that they are really easy to remember, especially if the word
>combination has some meaning to the user. I have been told that such
>combinations are vulnerable to dictionary attacks. I think that they are not
>vulnerable to dictionary attacks since the password is not a word, it combines
>two words and is meaningless and can only be brute-forced.
>
>Any input on that?
It would have been considerably safer before you published your
intention of doing that. (Unless, of course, this is a double bluff).
--
John Underwood
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Wed, 23 Feb 2000 07:55:13 GMT
Tim Tyler wrote:
> Any algorithm that comes with a mathematical proof that it's unbreakable
> is unlikely to be analysed by the world's leading codebreakers.
> Instead it is likely to be dismissed out-of-hand - as the output of
> someone with little idea about the nature of the field.
To the contrary, if it is published in a reputable peer-reviewed
technical journal, it will be looked at *very* closely, to see
what assumptions it depends on. There are already actual examples;
go to the Google search engine and enter the phrase "Provable
Security".
------------------------------
From: Elgar <[EMAIL PROTECTED]>
Subject: Re: need help! decryption
Date: Wed, 23 Feb 2000 03:01:42 -0500
Reply-To: [EMAIL PROTECTED]
i don't have the software, but no doubt it's chinese, probably the
big5 encoding.
elgar
jamie wrote:
>
> This arrived in my email and I have no idea what it is, can someone tell
> me how to decypher it?
>
> Thanx in advance...
>
> Subject:
> �u�ꪺ�G�ơA�ЧA�ڤ@��������
> From:
> Nothing <[EMAIL PROTECTED]>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Wed, 23 Feb 2000 09:11:01 +0100
Douglas A. Gwyn wrote:
>
> Mok-Kong Shen wrote:
> > ... Imagine the case I am going to have a major surgical operation
> > and I hear the surgeons disputing about which knifes should
> > properly be used!
>
> If that were an Internet newsgroup dispute, you would be a fool
> to think that it was an argument among surgeons. It would be an
> argument among perhaps a surgeon or two (who would agree on the
> main points) and a bunch of people who would not be allowed
> anywhere near a real operating room (except as patients).
You may be right. Still, in the hypothetical case described you
couldn't blame me for my inability to distinguish a real surgeon
from an imitated one. A few times I read in newpapers that
somebody, putting on doctor's clothings, went through patients'
rooms in hospitals and 'examined' female patients!
In internet newsgroups and mailing lists, one not seldem sees
some non-experts 'demonstrate' their 'profound' knowledge, in
order to show-off as experts. On the other hand, there are real
experts who 'smash' on postings of non-experts when they detect
the slightest mistakes of the latter and also do other kinds of
manoevres, with the intention to show-off as even 'much bigger'
real experts. From the substantial difference in knowledge you
could imagine how difficult the position of the non-experts is
in their debates with the real experts in such cases. Sometimes
these real experts, who highly desire to grow in size rapidly,
even behave very poorly. (I personally expect though that the
quality of behaviour of a scientist should be positively
correlated to the quantity of his knowledge.) Being a non-expert
(and besides one with rather poor knowledge), I have gathered
in the past a few unforgettable experiences in my encounter
with the 'expansionist' real experts. Once in a mailing list one
of them answered to an article I posted and, without saying
any scientific matter to the topic concerned, demanded that I went
off the mailing list. (I conjecture that he probably did that as
a 'reaction' to a previous discussion which he apparently didn't
like very much. There are indications that I probably remain on
his 'black list' even today.)
That's sad, but that's life, isn't it?
M. K. Shen
==========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Processor speeds.
Date: Wed, 23 Feb 2000 09:10:54 +0100
Joseph Ashwood wrote:
>
> > Can you name a manufacturer?
> Sega Dreamcast is the one that comes to mind, there's also
> Playstation 2, and Dolphin fairly soon. The problem I see is
> the available memory, generally <=8MB
I believe that's not a too big bottleneck. I can still remember
the old times of PC where I was very delighted when one day my
hardware colleague took away my 16 MHZ PC and gave me one of 40
MHZ and 2MB of memory. If it is convenient to generate code to
run with PVM and similar software, then reasonable cluster computing
should be possible.
M. K. Shen
------------------------------
From: "Steve Coath" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: Wed, 23 Feb 2000 09:09:26 -0000
Ilya <[EMAIL PROTECTED]> wrote in message
news:zZEs4.2145$[EMAIL PROTECTED]...
>
>
> Is it secure to take two words and join them together, such as:
>
> crypto/life cyber@machine green-dog Loud!Music
>
> I find that they are really easy to remember, especially if the word
> combination has some meaning to the user. I have been told that such
> combinations are vulnerable to dictionary attacks. I think that they are
> not vulnerable to dictionary attacks since the password is not a word, it
> combines two words and is meaningless and can only be brute-forced.
>
> Any input on that?
In a previous job I used to handle some extremely classified material. Our
passwords used to be randomly generated for us every week and usually took
the form of a jumbled mass of random letters, numbers and characters.
You could end of with something such as : Az\\-+.tdhB*
Extremely difficult to guess, but also extremely difficult to remember. So
everyone used to write them down and keep them in their pockets.
------------------------------
From: [EMAIL PROTECTED]
Subject: cannot understand CFB mode code..
Date: Wed, 23 Feb 2000 10:03:25 GMT
Hi,
I am looking at the CFB64 mode for blowfish in
Eric's libbf...I cannot understand one thing..
printf("testing blowfish in cfb64 mode\n");
BF_set_key(&key,16,cbc_key);
memset(cbc_in,0,40);
memset(cbc_out,0,40);
memcpy(iv,cbc_iv,8);
n=0;
BF_cfb64_encrypt((unsigned char *)
cbc_data,cbc_out,(long)13,
&key,iv,&n,BF_ENCRYPT);
BF_cfb64_encrypt((unsigned char *)&(cbc_data
[13]),&(cbc_out[13]),len-13,
&key,iv,&n,BF_ENCRYPT);
why is there two levels of encryption here...and
whatis so special about the number 13 that was
chosen in the second encryption line..??
Pls help..I am a rookie in crypt prog..
Thx,
Arni
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Ken Hagan" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: Wed, 23 Feb 2000 10:10:53 -0000
"Ilya" <[EMAIL PROTECTED]> wrote in message
news:zZEs4.2145$[EMAIL PROTECTED]...
> Is it secure to take two words and join them together, such as:
>
> crypto/life cyber@machine green-dog Loud!Music
>
> I think that they are not vulnerable to dictionary attacks since the
> password is not a word, it combines two words and is meaningless
> and can only be brute-forced.
You don't seem to be getting much cryptographic analysis here.
I think it's safe, and I (light-heartedly) challenge anyone to describe
how they could attack it.
The one-way hash from "what you type" to "whatever the system stores
for comparison against" ought to distribute evenly across its space of
possible hashes. Therefore, for any password, however constructed, one
wrong answer is as bad as another. Guessing part of the password doesn't
help.
Using "real words" as the building blocks is usually said to reduce
the strength because it reduces the number of possible plaintexts.
In the extreme case of "only using proper words", a dictionary attack
with only a million or so words (the whole dictionary) would always
succeed.
However, for the scheme you describe, the closest we could come to
a "dictionary" is as follows.
1 Take a dictionary with various capitalisations like "hello", "Hello"
and "HELLO".
2 Add "forms" like telephone numbers, car licence plate numbers, dates
(in all the common orderings, like MM/DD/YY), ZIP codes etc.
3 Take some random punctuation characters.
Now, permute all of the above in every way. For an initial dictionary of a
few thousand "real words", this has now become a dictionary of around
a billion. That is probably out of reach for most crackers, and it wasn't
much of a dictionary. Here in the UK, people are likely to add postcodes
(like "SW1 1AA"), national insurance numbers (like "AB 12 34 56 78 X")
and their lottery numbers into the melting pot. I think the problem rapidly
becomes hopeless, even for the NSA.
If someone knows you, they might be able to prepare a better dictionary,
but I expect you can pick "elements" such that they'd have to be a close
personal friend to even get close -- and close is not good enough. I can
think of password elements that have never left my imagination, but which
are (for me) an obvious part of my identity, and ideal for the purpose.
------------------------------
From: "Markus Eiber" <[EMAIL PROTECTED]>
Subject: Transmitting ciphered data
Date: Wed, 23 Feb 2000 12:28:37 +0100
Hi there,
I am looking for some aspects on how ciphering data might influence the
efficiency of transmission systems.
Are there any references on this topic?
--
Markus Eiber
Werner-Heisenberg-Weg 106
85579 Neubiberg
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Alfred John Menezes)
Subject: First announcement for ECC 2000
Date: 23 Feb 2000 11:07:01 GMT
==============================================================================
THE 4TH WORKSHOP ON ELLIPTIC CURVE CRYPTOGRAPHY (ECC 2000)
University of Essen, Essen, Germany
October 4, 5 & 6 2000
First Announcement February 23, 2000
ECC 2000 is the fourth in a series of annual workshops dedicated to the
study of elliptic curve cryptography and related areas. The main themes
of ECC 2000 will be:
- The discrete logarithm and elliptic curve discrete logarithm problems.
- Provably secure discrete log-based cryptographic protocols for
encryption, signatures and key agreement.
- Efficient software and hardware implementation of elliptic curve
cryptosystems.
- Deployment of elliptic curve cryptography.
It is hoped that the meeting will encourage and stimulate further
research on the security and implementation of elliptic curve
cryptosystems and related areas, and encourage collaboration between
mathematicians, computer scientists and engineers in the academic,
industry and government sectors.
There will be approximately 15 invited lectures (and no contributed
talks), with the remaining time used for informal discussions. There
will be both survey lectures as well as lectures on latest research
developments.
SPONSORS:
Certicom Corp.
Communications and Information Technology Ontario
CV Cryptovision
Infineon
Innovationscluster neue Medien (Minist. SWWF, NRW)
MasterCard International
Metris
Mondex International Limited
Siemens AG
University GH Essen
University of Waterloo
ORGANIZERS:
Gerhard Frey (University of Essen)
Steven Galbraith (University of Essen)
Alfred Menezes (University of Waterloo)
Scott Vanstone (University of Waterloo)
CONFIRMED SPEAKERS:
Pierrick Gaudry (LIX, France)
Erwin Hess (Siemens, Germany)
Ansgar Heuser (BSI, Germany)
Arjen Lenstra (Citibank, USA)
Peter Montgomery (Microsoft, USA)
Christof Paar (Worcester Polytechnic Institute, USA)
Phil Rogaway (University of California at Davis, USA)
Scott Vanstone (University of Waterloo, Canada)
SPEAKERS WHO HAVE TENTATIVELY ACCEPTED:
Neal Koblitz (University of Washington, USA)
Victor Shoup (IBM, Zurich)
LOCAL ARRANGEMENTS:
Essen is the largest city in the Ruhr region, and is about a 20-minute
drive from Dusseldorf International airport. The second announcement will
be made on May 1, and will include registration and local (i.e., hotel &
transportation) information. If you did not receive this announcement by
email and would like to be added to the mailing list for the second
announcement, please send email to [EMAIL PROTECTED] The
announcements are also available from the web sites:
www.cacr.math.uwaterloo.ca
and
www.exp-math.uni-essen.de/~galbra/ecc2000.html
==============================================================================
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: Wed, 23 Feb 2000 11:15:47 GMT
In article <zZEs4.2145$[EMAIL PROTECTED]>,
Ilya <[EMAIL PROTECTED]> wrote:
>
>
> Is it secure to take two words and join them together, such as:
>
> crypto/life cyber@machine green-dog Loud!Music
>
> I find that they are really easy to remember, especially if the word
> combination has some meaning to the user. I have been told that such
> combinations are vulnerable to dictionary attacks. I think that they are
> not vulnerable to dictionary attacks since the password is not a word, it
> combines two words and is meaningless and can only be brute-forced.
>
> Any input on that?
They are not vulnerable to dictionary attacks by most of the common
brute-force tools, as these rather try a few permutations and appending
strings like ".1" or "-6". They are vulnerable to more sophisticated
dictionary attacks, especially when somebody knows how many words you
usually append.
If you put the special characters inside of some words, the resulting
passphrase will no longer be vulnerable. You can use a pattern of
distributing lower and uppercase letters and special chars, as long as
you don't publish it. So for example:
cry9?pto/life cy@bermachine green-dog Lo#udMusic
was very secure before it was published.
Never use any keyboard patterns or "tricks" like writing a bad passphrase
one line of letters above, like someone has proposed. They are *all* in
the dictionaries.
Best regards,
Erich Steinmann
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Michel Dalle)
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: Wed, 23 Feb 2000 11:24:41 GMT
In article <newscache$c6pdqf$ci5$[EMAIL PROTECTED]>, "Ken Hagan"
<[EMAIL PROTECTED]> wrote:
>"Ilya" <[EMAIL PROTECTED]> wrote in message
>news:zZEs4.2145$[EMAIL PROTECTED]...
>> Is it secure to take two words and join them together, such as:
>>
>> crypto/life cyber@machine green-dog Loud!Music
>>
>> I think that they are not vulnerable to dictionary attacks since the
>> password is not a word, it combines two words and is meaningless
>> and can only be brute-forced.
>
>You don't seem to be getting much cryptographic analysis here.
>I think it's safe, and I (light-heartedly) challenge anyone to describe
>how they could attack it.
Let's say a 'common' dictionary contains 50.000 words.
So, combining two words would take 2.500.000.000 combinations,
and inserting some non-alphanumeric character would multiply this
by 32. Of course, this doesn't take into account size limitations etc,
but let's say we end up with 80.000.000.000 "words".
So, for a fast PC doing about 50.000 crypts per second, it would
take about 18 days, 12 hours and 27 minutes to walk through the
dictionary.
Of course, it might be that you'll be using less than 10.000 words,
which brings the necessary time to 17 hours and 47 minutes...but
if you use uppercase first letters too, it would take 4 times longer.
So this password scheme isn't as secure as you might think -
assuming a "would-be attacker" knows the scheme :)
Or is my reasoning/math wrong here ?
Michel.
------------------------------
Date: Wed, 23 Feb 2000 12:47:07 +0100
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: need help! decryption
jamie wrote:
> This arrived in my email and I have no idea what it is, can someone tell
> me how to decypher it?
>
> Thanx in advance...
Congratulations ! Thats very probably spam in some foreign language !!
:)
(Japanese, Korean, Chinese, or whatever)
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: I am really scared of my NT
Date: Wed, 23 Feb 2000 11:39:26 GMT
In article <88v0c1$k1n$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Someone should come out with a crypto gaurd-ring to protect all the
> ports and physical access of a windows 98/NT w/s. The whole thing is so
> shaky and insecure...
I'm not using any Windows, so I don't know the applications, but on my
computer I'm using a virus detection tool that scans for suspicious
system calls instead of specific viruses, and a stream watching tool that
watches all outgoing TCP/IP and UDP traffic. There are also tools or
operating system services that can register any changes made to system
directories.
However, I still thinks it's unlikely that I'd detect an attack by a
Trojan Horse or virus this way. Operating systems have too many holes...
Regards,
Erich Steinmann
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "jdc" <[EMAIL PROTECTED]>
Subject: Re: Stuck on code-breaking problem - help appreciated
Date: Wed, 23 Feb 2000 11:57:52 -0000
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote
> > It's in the front cover of an old society records book (1860-1888)
>
> Masonic?
The society in question isn't, but we think the code might be.
> Perhaps some FreeMason could assist.
One has, and hasn't got any further than us.
> > ... it *may* be upside down.
>
> But then the dots would precede words instead of following them,
> which doesn't seem likely.
Ah.... good point.
jdcxxx
------------------------------
From: "csabine" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Wed, 23 Feb 2000 12:02:17 -0000
Mmmm
Lets assume for a moment that tiwolf is correct. The government do know all
the codes and every bit of conversation that is carried out around the
world. In this 'tiwolf' universe:
All the mafia warlords have been locked up.
All the drug dealers have been dealt with.
80% of 'intents to murder' have have been pre-empted.
All child pornographers have been exposed.
Blackmailers have been thrown in jail.
Extortionists have been ex-communicated.
etc, etc
But, alas, this 'tiwolf' universe does not exist. I think that perhaps this
is proof enough that mathematical laws are still holding out. And that
government employees are, after all, only human and not demi-gods.
Just my two pennorth worth (this is an English(UK) idiom)
Colin.
tiwolf wrote in message ...
>Anything is possible given time, money, and talent. Government has nothing
>to do with it. In this case the government desire to control along with
>access to money (tax payers), and (through the obscene spending of the
>taxpayers money) talent. This makes the probability high that people will
>break any code given the right equipment and time.
>
>
>Johnny Bravo wrote in message ...
>>On Tue, 15 Feb 2000 00:24:02 -0800, "tiwolf" <[EMAIL PROTECTED]> wrote:
>>
>>>I don't care about prime numbers,
>>
>> So your opinion is "anything is possible for the government, even those
>>things which are impossible." Let me guess, you are posting from
>>misc.survivalism, and you think the government has unlimited godlike
>>powers.
>> You've already admitted that you don't have a single clue about the
>>topic under discussion. Why you feel this makes your opinion more
>>informed than actual fact is beyond me. You should have quit while you
>>were ahead.
>>
>> Johnny Bravo
>>
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
