Cryptography-Digest Digest #212, Volume #11 Mon, 28 Feb 00 04:13:02 EST
Contents:
Re: NSA Linux and the GPL ("John E. Kuslich")
Re: Cryonics and cryptanalysis ("John Enright")
Re: CRC-16 Reverse Algorithm ? ("Marty")
Re: CRC-16 Reverse Algorithm ? (Terry Ritter)
The former CIA directors are just playing roles .. they are involved in the covert
action (John)
Re: Does the NSA have ALL Possible PGP keys? (Thor Kottelin)
Re: blowfish and questions..??? (Martin Kahlert)
Re: The former CIA directors are just playing roles .. they are involved in the
covert action ("Lassi Hippel�inen")
Re: DES algorithm ("ink")
Re: Cryonics and cryptanalysis ("Trevor Jackson, III")
Re: How to Annoy the NSA ("Trevor Jackson, III")
----------------------------------------------------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: NSA Linux and the GPL
Date: Sun, 27 Feb 2000 22:16:33 -0700
More in support of Justice Department action for this slacker John Deutch.
I rest my case!
JK
>From the Inspector general's report on the security violations:
=========================================
108. (U/ /FOUO) On November 21, 1995, DCI Deutch signed a CIA classified
information non-disclosure agreement concerning a sensitive operation.
Several provisions pertain to the proper handling of classified information
and appear to be relevant to Deutch's practices:
I hereby acknowledge that I have received a security indoctrination
concerning the nature and protection of classified information, ....
I have been advised that ... negligent handling of classified information by
me could cause damage or irreparable injury to the United States ....
I have been advised that any breach of this agreement may result in the
termination of any security clearances I hold; removal from any position or
special confidence and trust requiring such clearances; or the termination
of my employment or other relationships with the Departments or Agencies
that granted my security clearance or clearances ....
I agree that I shall return all classified materials which have, or may come
into my possession or for which I am responsible because of such access ...
upon the conclusion of my employment ....
I have read this Agreement carefully and my questions, if any, have been
answered.
OIG also obtained similar, non-disclosure agreements signed by Deutch during
his employment at DoD.
WHAT LAWS, REGULATIONS, AGREEMENTS, AND POLICIES HAVE POTENTIAL APPLICATION?
109. (U) Title 18 United States Code (U.S.C.) � 793, "Gathering,
transmitting or losing defense information" specifies in paragraph (f):
Whoever, being entrusted with or having lawful possession or control of any
document, writing,... or information, relating to national defense ...
through gross negligence permits the same to be removed from its proper
place of custody ... shall be fined under this title or imprisoned not more
than ten years, or both.
110. (U) Title 18 U.S.C. � 798, "Disclosure of classified information"
specifies in part:
Whoever, knowingly and willfully ... uses in any manner prejudicial to the
safety or interest of the United States ... any classified information ...
obtained by the processes of communication intelligence from the
communications of any foreign government, knowing the same to have been
obtained by such processes ... shall be fined under this title or imprisoned
not more than ten years, or both.
111. (U) Title 18 U.S.C. � 1924, "Unauthorized removal and retention of
classified documents or material" specifies:
Whoever, being an officer, employee, contractor or consultant of the United
States, and, by virtue of his office, employment, position or contract,
becomes possessed of documents or materials containing classified
information of the United States, knowingly removes such documents or
materials without authority and with the intent to retain such documents or
materials at an unauthorized location shall be fined not more than $1,000,
or imprisoned for not more than one year, or both.
112. (U) The National Security Act of 1947, CIA Act of 1949, and Executive
Order (E.O.) 12333 establish the legal duty and responsibility of the DCI,
as head of the United States intelligence community and primary advisor to
the President and the National Security Council on national foreign
intelligence, to protect intelligence sources and methods from unauthorized
disclosure.
113. (U) Director of Central Intelligence Directive (DCID) 1/ 16, effective
July 19, 1988, "Security Policy for Uniform Protection of Intelligence
Processed in Automated Information Systems and Networks," reiterates the
statutory authority and responsibilities assigned to the DCI for the
protection of intelligence sources and methods in Section 102 of the
National Security Act of 1947, E.O.s 12333 and 12356, and National Security
Decision Directive 145 and cites these authorities as the basis for the
security of classified intelligence, communicated or stored in automated
information systems and networks.
114. (U) DCID 1/21, effective July 29, 1994, "Physical Security Standards
for Sensitive Compartmented Information Facilities (SCIFs) specifies in
paragraph 2:
All [Sensitive Compartmented Information] must be stored within accredited
SCIFs. Accreditaticn is the formal affirmation that the proposed facility
meets physical security standards imposed by the DCI in the physical
security standards manual that supplements this directive.
115. (U/ /FOUO) Headquarters Regulation (HR) 10-23, Storage of Classified
Information or Materials. Section C (1)specifies:
Individual employees are responsible for securing classified information or
material in their possession in designated equipment and areas when not
being maintained under immediate personal control in approved work areas.
116. (U/ /FOUO) HR 10-24, "Accountability and Handling of Collateral
Classified Material," prescribes the policies, procedures, and
responsibilities associated with the accountability and handling of
collateral classified material. The section concerning individual employee
responsibilities states:
Agency personnel are responsible for ensuring that all classified material
is handled in a secure manner and that unauthorized persons are not afforded
access to such material.
117. (U/ /FOUO) HR 10-25, "Accountability and Handling of Classified
Material Requiring Special Control," sets forth policy, responsibilities,
and procedures that govern the transmission, control, and storage of
Restricted Data, treaty organization information, cryptographic materials,
and Sensitive Compartmented Information. The section states:
Individuals authorized access to special control materials are responsible
for observing the security requirements that govern the transmission,
control, and storage of said materials. Further, they are responsible for
ensuring that only persons having appropriate clearances or access approvals
are permitted access to such materials or to the equipment and facilities in
which they are stored.
John E. Kuslich <[EMAIL PROTECTED]> wrote in message
news:Vjkt4.825$[EMAIL PROTECTED]...
> No, no...
>
> Anyone who obtains a security clearance has the rules explained to him IN
NO
> UNCERTAIN TERMS!!! These rules are periodically repeated during security
> breifings after which all the participants are required to sign documents
> indicating that they understand the rules and that they may be imprisoned,
> sometimes after secret court hearings, if they violate these rules.
>
> I have seen individuals fired for simply forgetting to lock a safe while
the
> left the room. Many ordinary defense workers are periodically scared
half
> to death by these spooks and their draconian penalties. How can this guy
> get away with activities that would have landed the rest of us in jail for
a
> long time?
>
> I have seen marine guards pull weapons on ordinary folk for simply not
> showing a visitor's pass in the micro-second or two allowed after a young
> marine made the request. I have heard stories of "detainees" in the
> basement at Fort Meade. Smart asses who challenged the wrong authority at
> the wrong time and lived a weekend incommunicado and scared that they
might
> never see the light of day.
>
> Anyone who has ever submitted to this process knows what I am talking
about.
> He knew the rules, he deliberately violated these rules. THAT IS A
> VIOLATION OF THE LAW (Title 18, I believe).
>
> He ought to serve time. If I had done what he did, I would have
served...I
> guarantee!!
>
> JK http://www.crak.com
>
>
> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > "John E. Kuslich" wrote:
> > > Why is has John Deutch not been arrested and charged with violations
> > > of the law regarding care of classified information?????????
> >
> > To what "law" are you referring? We have laws about espionage and
> > sedition, but no Official Secrets Act.
> >
> > I agree that it was a terrible, inexcusable mistake, and should
> > keep anyone from ever again putting Deutsch in a position of trust,
> > but I don't see how he can be punished under the law.
>
------------------------------
From: "John Enright" <[EMAIL PROTECTED]>
Subject: Re: Cryonics and cryptanalysis
Date: Sun, 27 Feb 2000 22:27:26 -0700
Yeesh what a morbid subject. Sounds more like the Star Trek transporter to
me, or something out of Tron. If one could 'digitize' a human being, one
could be transported at light speed to just about anywhere (make sure you
get transported with plenty of ECC data!! <grin>).
Then there's a darker side, such as perfect clones.
And then comes the moral dilemma. Does Man have a soul? Since we're
talking about a purely physically process here, and the soul resides in an
unquantifiable spirit realm, does this effectively separate your soul from
your body? Basically, the 'you' would be ripped out (i.e. you're dead, no
matter if your body lives on). I sure as hell hope for better things than
living forever in this body. ;) Cryonics is a fruitless pursuit stemming
from a lack of faith, hope, trust, and belief in God. Everybody dies, but
there is hope. I'll get off my soapbox now, but hey, I wasn't the one who
originally posted the off-topic sci-fi in the first place.
------------------------------
Reply-To: "Marty" <[EMAIL PROTECTED]>
From: "Marty" <[EMAIL PROTECTED]>
Subject: Re: CRC-16 Reverse Algorithm ?
Date: Sun, 27 Feb 2000 20:57:23 -0800
Terry, You gave a better explanation than I had. David is persistent, maybe
at the
end of it all he will be more enlightened.
-Marty
Terry Ritter <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> On 27 Feb 2000 15:25:11 -0800, in
> <89cbon$v9s$[EMAIL PROTECTED]>, in sci.crypt
> [EMAIL PROTECTED] (David A. Wagner) wrote:
>
> >In article <[EMAIL PROTECTED]>, Terry Ritter <[EMAIL PROTECTED]>
wrote:
> >> [EMAIL PROTECTED] (David A. Wagner) wrote:
> >> >Yes, 111..11 -> 111..10 (if the incoming data bit is zero;
> >> >assuming Fibonacci configuration, not Galois). Right?
> >>
> >> Right.
> >>
> >> >Right. Now, if 111..11 -> 111..10 under input bit zero, then
> >> >111..11 -> 111..10 xor 1 = 111..11 under input bit one. No?
> >>
> >> No.
> >>
> >> In a shift-left CRC, 0's always shift in, and this is independent of
> >> the data value. the only way the rightmost bit gets set to a 1 is
> >> from the poly add.
> >
> >Ok. That looks like the source of the confusion, then. Thanks.
> >
> >See my earlier quoted comments -- I was assuming we were talking
> >about a Fibonacci configuration (what CRC folks seem to call "forward"
> >CRC), rather than a Galois configuration (what CRC folks seem to be
> >calling a "reverse" CRC, if I understand correctly). This seems to
> >be where we diverged.
>
> Yeah. We "diverged" when some of us were talking about CRC, and
> others of us were not.
>
>
> >As far as I can see, it remains true that the all-ones state is bad
> >for Fibonacci ("forward"?) if you xor the incoming data bit along with
> >the feedback taps to get your new state-bit.
>
> Obviously, that is not CRC.
>
>
> >But the poster was
> >apparently talking about Galois / "reverse" configuration.
>
> I know quite a few different various configurations for CRC. But the
> CRC result is unambiguous.
>
> CRC does use LFSR operations. But not all forms of LFSR are CRC. I
> don't know whether we can do a CRC in the other LFSR form. Maybe we
> can, but we had better get the same result from it. Which means that
> it had better detect both leading 1's and 0's.
>
>
> >I think.
> >
> >Right?
>
> No.
>
> ---
> Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
> Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
>
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: CRC-16 Reverse Algorithm ?
Date: Mon, 28 Feb 2000 07:42:39 GMT
On Sun, 27 Feb 2000 20:57:23 -0800, in <#IF5Piag$GA.57@cpmsnbbsa04>,
in sci.crypt "Marty" <[EMAIL PROTECTED]> wrote:
>Terry, You gave a better explanation than I had. David is persistent, maybe
>at the
>end of it all he will be more enlightened.
I am not overly hopeful.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: John <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.soviet,soc.culture.europe,soc.culture.nordic,soc.culture.italian,soc.culture.french,soc.culture.spain,alt.security
Subject: The former CIA directors are just playing roles .. they are involved in the
covert action
Date: Mon, 28 Feb 2000 08:05:48 +0000
In article <[EMAIL PROTECTED]>, Markku J. Saarelainen
<[EMAIL PROTECTED]> writes
>
>Actually, I am just me, Markku J. Saarelainen. I have not been doing whatever
>you are saying. So just read my messages. They are based on my records, notes
>and other proof. Actually, I had some difficulties reading your Finnish
>message...
>
>
Why does that *not* surprise me?
(BTW the only thing missing in the message are the umlauts, but that
should be no trouble to a Finn who would know which letters carry them).
How about the question in English- did you also have a problem with
that?
--
John
------------------------------
From: Thor Kottelin <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Mon, 28 Feb 2000 10:15:12 +0200
Dead Kennedy wrote:
>
> If nothing else, PGP encryption ain't making things any easier for the
> spooks at the
> nsa.
I'd like to respond to this by quoting Phil Zimmermann:
"If a nonconformist tried to assert his privacy by using an envelope for
his mail, it would draw suspicion. Perhaps the authorities would open his
mail to see what he�s hiding. Fortunately, we don�t live in that kind of
world, because everyone protects most of their mail with envelopes. So no
one draws suspicion by asserting their privacy with an envelope. There�s
safety in numbers. Analogously, it would be nice if everyone routinely
used encryption for all their email, innocent or not, so that no one drew
suspicion by asserting their email privacy with encryption. Think of it as
a form of solidarity." - Phil Zimmermann on PGP
So actually, as long as only a small percentage of mail users actually use
PGP, those "nonconformists" are probably very easy to single out and
concentrate other intelligence efforts on.
Follow-ups narrowed.
Thor
--
If you send me email, please use PGP or OpenPGP.
My public keys can be downloaded from key servers.
Web hosting is available at <URL:http://www.virtualis.com/vr/tkotteli/>.
------------------------------
From: [EMAIL PROTECTED] (Martin Kahlert)
Subject: Re: blowfish and questions..???
Date: 28 Feb 2000 08:25:07 GMT
Reply-To: [EMAIL PROTECTED]
In article <#5$rK7Xg$GA.252@cpmsnbbsa05>,
"Joseph Ashwood" <[EMAIL PROTECTED]> writes:
>> Am I missing some thing here??
> Looking at it, it appears that cryptix is Java and the libbf
> is in C. This is probably the source of your problems, Java
> uses Unicode, C generally uses ASCII, the byte values are
> different, as well as perhaps having different sizes for
> characters.
Perhaps Java uses another endianess (network order?).
Be carefull with singed/unsigned types, too.
Bye,
Martin.
--
The early bird gets the worm. If you want something else for
breakfast, get up later.
------------------------------
From: "Lassi Hippel�inen" <"lahippel$does-not-eat-canned-food"@ieee.org>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.soviet,soc.culture.europe,soc.culture.nordic,soc.culture.italian,soc.culture.french,soc.culture.spain,alt.security
Subject: Re: The former CIA directors are just playing roles .. they are involved in
the covert action
Date: Mon, 28 Feb 2000 08:34:01 GMT
John wrote:
<...>
> (BTW the only thing missing in the message are the umlauts, but that
> should be no trouble to a Finn who would know which letters carry them).
>
> How about the question in English- did you also have a problem with
> that?
In fact there are some minor spelling errors, too, but none that would
prevent understanding the content. An expert like "Markku" will no doubt
be able to point them out for you :->
-- Lassi
------------------------------
From: "ink" <[EMAIL PROTECTED]>
Subject: Re: DES algorithm
Date: Mon, 28 Feb 2000 09:38:00 +0100
Bodo Moeller wrote...
>ink <[EMAIL PROTECTED]>:
>
>> [...] I found that article very interesting - can
>> you tell me what is wrong with it?
>
>Triple-DES with three DES keys does not give the full security that
>one might expect of the keylength, 168 bits. There are meet-in-the-middle
>attacks which reduce the attacker's work to about an equivalent
>of twice the DES key-length (but memory requirements are higher than
>for brute force key-search). This makes three-key triple-DES
>about as secure as two-key triple-DES. To claim that two-key
>triple-DES has the security of single-DES ("... about 2^56-bit
>secure") is nonsense.
That helped a lot. Thanks!
ink
--
You couldn't get a clue during the clue mating season in a
field full of horny clues if you smeared your body with clue
musk and did the clue mating dance. (Edward Flaherty)
------------------------------
Date: Mon, 28 Feb 2000 04:00:51 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Cryonics and cryptanalysis
John Savard wrote:
> On Sat, 26 Feb 2000 11:49:40 -0800, "Ralph C. Merkle"
> <[EMAIL PROTECTED]> wrote, in part:
>
> >But can people be described by bits? In the past several years, quite a
> >few authors have pointed out that a sufficiently precise description of
> >a human being -- a description in bits -- provides a "snapshot" of that
> >human being at a specific point in time. Given the "snapshot," we could
> >in
> [principle]
> >restore the human being.
>
> Given nothing more than bits, all you could do, even in principle, is
> create a copy of the original human being. That copy would be a real
> human being, but its existence would not allow the consciousness of
> the original to resume existence and be the recipient of the sense
> impressions of the copy.
There are a couple issues with this thesis. There's the problem of waking up
after normal sleep, or even a coma. The person who wakes up has the same
memories as the person who went to sleep, so we assume they are the "original
consciousness". But we can't prove it or even substantiate it. We just
assume it. Is there are reason to invalidate the assumption given
record/replay with fidelity better than 8 hours of sleep?
The other issue is that, given adequate fidelity, the recorded/replayed
consciousness(es) cannot tell the difference. Even the original cannot
assert any distinguishing characteristic except perhaps a toe tag.
>
>
> This, surely, is obvious. Because anything that can be done with a
> stream of bits _once_ can also be done _twice_.
Niven assumed that making a copy was destructive of the original in that some
RNA from the original was required to activate the copy. That makes the
story work, but it dodges the question. Given adequate fidelity, there's no
measurable difference between the copy and the original. So we'd have to
treat both as originals. A poor copy could easily be considered "only a
copy". But a good copy, i.e., the only kind worth making, would be
indistinguishable in principle from the original.
------------------------------
Date: Mon, 28 Feb 2000 04:05:16 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: How to Annoy the NSA
"Donald S. Crankshaw" wrote:
> "Trevor Jackson, III" wrote:
>
> >
> > Thank you for the insights. Are you able to comment on the slope of the
> > quantum operation time? If we need to project the performance of QC into
> > the future we need an estimate of the rate of change in the fundamental
> > operating frequency in order to stay safely on the upper side of the
> > feasibility boundary.
> >
> > The the slope is not apparent, perhaps you could explain the basis for the
> > 10 ns per operation? I.e., what is taking that time? If, for example, it
> > is all speed-of-light delays than scaling the device down would affect the
> > operating frequency. But if there is some intrinsic "settling/sensing" time
> > per operation then scaling the device down could actually be counter
> > productive. What's going on during an "operation"?
>
> The operation time that I'm using is based on the Rabi oscillation
> time. This is the time it takes to rotate a qubit between the states
> of |0> and |1> and back again. The term rotate is used since the
> qubit may be in superpositions of the |0> and |1> states, so it
> doesn't just become |0>, then |1>, and then back again. It goes
> through a continuous change of where it's a|0> + b|1>, where a^2 + b^2
> = 1.
>
> The rotation is performed by applying some perturbation to the qubit.
> In our case, the perturbation is an oscillating magnetic field. We
> can speed up the qubit rotation simply by increasing the field
> oscillation magnitude. What's the limit? Well, if we increase the
> magnitude too much, we disturb the bias point that makes the qubit
> operate in the way we want it to. We probably couldn't increase speed
> by more than 5 times this way. We could change the bias point to
> something which could allow faster oscillation, but there are all
> sorts of other considerations that would come into play then.
>
> Alternatively, we can adjust the design of the qubit. The operation
> time is also affected by the physical parameters of the quantum
> system. For a simple physical system (say an atom with two energy
> states), you're stuck with whatever Hamiltonian nature gives you. For
> a solid state system, one which you design, the parameters you choose
> determine what the quantum system looks like, and you can in principle
> adjust these so that it can perform its operations more quickly.
> However, this is not as easy as it sounds. The parameters are chosen
> not just to speed up the quantum operation, but also to increase the
> decoherence time (the time the system remains quantum), to make the
> system easy to measure, to make it less vulnerable to certain types of
> noise, etc.
>
> In short, it's a hard question to answer for just my own system: it
> doesn't simply scale. I can't even hazard a guess at what parameters
> you have to modify for other systems. Thus, I really can't tell you
> how quickly quantum computers will increase in speed. To be honest,
> it's not really a hot topic in the QC community. You just need a high
> enough Q, that's (decoherence time)/(operation time), that you can do
> error correction. After that, the real challenge is to increase the
> number of qubits you can put in a quantum register. Of course, that's
> only important once you've demonstrated a qubit and a quantum gate,
> which most of the current proposals have yet to do.
>
> Sincerely,
>
> Donald S. Crankshaw
> http://www.mit.edu/~dscrank
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
