Cryptography-Digest Digest #213, Volume #11 Mon, 28 Feb 00 07:13:00 EST
Contents:
Re: On jamming interception networks (Mok-Kong Shen)
Re: How do I get the key from the passphrase in DES? (Hideo Shimizu)
Re: Are "self-shredding" files possible? (jungle)
Re: I had a .mil account until I told about it here on the USENET in 2000 or a
little before ... they seemed to have canceled it .. [EMAIL PROTECTED] .. probably
the same people who have been trying to control me ... ("ink")
Re: On jamming interception networks ("Douglas A. Gwyn")
Re: Cryonics and cryptanalysis ("Douglas A. Gwyn")
Re: The former CIA directors are just playing roles .. they are involved in the
covert action (John)
Re: EOF in cipher??? ("Douglas A. Gwyn")
Re: NSA Linux and the GPL ("Douglas A. Gwyn")
RSA deppading ("Yo")
Re: Cryonics and cryptanalysis (John Savard)
Re: Cryonics and cryptanalysis (John Savard)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On jamming interception networks
Date: Mon, 28 Feb 2000 10:24:30 +0100
Douglas A. Gwyn wrote:
>
> > ... the hex strings of 'unknown' nature would actually cause their
> > resource-consuming analysis mechinery to 'run'.
>
> As I said, you have a badly flawed model of how interception works.
> Untargeted communications are not analyzed jsut because they might
> be encrypted.
I think you are only partly right. Certainly the persons running the
networks know they 'should' concentrate their efforts to reasonable
targets. The real problem is whether determining the targets is
possible. The (commonly believed) fact that they intercept a
huge spectrum of communications is an evidence of the impossibility.
I suppose it is evident to any gangster/terrorist that he should
never send his message from a 'constant' site. It is probably quite
difficult for the commercial firms to adopt the same stategy
to defeat espionage effected by the big machineries. For these I
agree it is fine to use very strong encryptions. The success of
the networks in the past has been 'thanks to the foolies of the
managers', in my humble opinion. But, anyway, it is a fact that
the networks are intercepting lots, big lots, of communications
of common people and we have to take measures to protect ourselves.
Using good encryption is one way. Jamming the networks is another
way. The suggestion aims at exhausting their resources through
giving them an excessive amount of work to do. If one day I send
you a mail containing ciphertexts, how could they exclude that
it doesn't contain highly sensitive materials that are of interest
to them? Some plausible exclusion is feasible, but for that one
needs supplementary informations. I don't believe that they
are 'seriously' scanning messages containing sensitive words like
'bombs' etc. For, assuming they have certain minimum of IQ, they
must know that a terrorist would never put such words in cleartext
in his messages. (So, 'bombs' could in fact be on their 'negative'
list in the jargon of information retrieval.) They certainly work
on encrypted messages, since the probability that these contain
secrets is 'by definition' high. Then they look at, within the
capacity of their resources remaining, other communications 'in
general'. Here some targets can indeed be established, for example
the large commercial firms. When the personal of these are dumb
engough as to talk about secret matters without strong voice
encryption, it shouldn't be a enormous surprise that they fail
sometimes in competitions. On the other hand, gangsters/terrorists
can't be targeted in the common sense within the framework of work
of the big machineries, I believe. Here some very 'fine' work
of the police is necessary. Police does employ interception, but
only as one means among many.
M. K. Shen
------------------------------
From: Hideo Shimizu <[EMAIL PROTECTED]>
Subject: Re: How do I get the key from the passphrase in DES?
Date: Mon, 28 Feb 2000 16:55:17 +0900
For such a purpose, PKCS #5 'Password-Based Cryptography Standard' is
useful. You can get the document from
http://www.rsasecurity.com/rsalabs/pkcs/
Amit IG wrote:
>
> I want to know the technique used for deriving the 64-bit key from an
> arbitrary length passphrase. The key is then used in DES.
> Thanks
> Amit
Hideo Shimizu
TAO, Japan
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,alt.security.scramdisk,comp.security.misc,comp.security.pgp.discuss
Subject: Re: Are "self-shredding" files possible?
Date: Mon, 28 Feb 2000 09:55:18 GMT
every time you will have the option to disable the unwanted ACTIONS [ hack,
fuck, rev eng, hammer ... ]
for security - none
for privacy - none,
end result - not needed ...
Thomas Moore wrote:
>
> Does anyone know if it's possible to make a file "self-shredding?" I'm
> thinking of something along the lines of PGP's self-decrypting file type.
> I'm a regular on the groups that this question is posted to and have never
> read about this topic.
>
> I imagine being able to add or tag the "self-shredder" to a file, then
> letting the user (this could be password protected or not) shred it after
> any number of uses, or maybe after just one use. Files could also self-shred
> after a certain time period - run them after such and such date and they
> would just shred.
>
> Maybe this idea just isn't possible. I'm not a programmer so I really don't
> know. Please reply if you have any feedback.
------------------------------
From: "ink" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.soviet,soc.culture.nordic,soc.culture.europe,alt.security,alt.2600,alt.2600.hackers
Subject: Re: I had a .mil account until I told about it here on the USENET in 2000 or
a little before ... they seemed to have canceled it .. [EMAIL PROTECTED] .. probably
the same people who have been trying to control me ...
Date: Mon, 28 Feb 2000 10:59:29 +0100
Markku J. Saarelainen schrieb in Nachricht
<[EMAIL PROTECTED]>...
>
>Actually I am 32 years old. Whatever you mean with your words: "skeidaa"
"puuholkkiin"
>and few others, it is really your matter and not mine. I must say that my
Finnish
>language is not perfect for some reasons. You can just take your dick and
put it to your
>mouth. I am just telling my story and stating facts and factual statements
based on my
>extensive analysis and research. I have been a researcher (as one of my
careers) since
>1990 (so over ten years ..or actually much longer but in one way..) and I
have records to
>prove this, but I do not say where..! So I am with KGB.
>
>So you and your opinions are really irrelevant and do not matter in any
way.
>
>Best regards,
>
>Markku
>
>loopy wrote:
>
>> fI noticed the date was Fri, 25 Feb 2000 07:29:53 GMT, when I gazed on my
300$ rolex.
>> That's when Markku J. Saarelainen <[EMAIL PROTECTED]> wrote:
>>
>> Markku, jos minakin olisin hikinen ruma keski-ikainen mies, kai minakin
>> hopisisin kaikkea skeidaa, yrittaisin saada elamani
mielenkiintoisemmaksi...
>> voi raukkaa, ei taida laakitys olla ihan kohdallaan.. kuule arvaatko mika
on
>> se aani kun pikku trolli nimelta Markku tippuu kaiverrettuun puuholkkiin?
>>
>> PLONK
>>
>> --
>> "... the Mayo Clinic, named after its founder, Dr. Ted Clinic ..."
>> -- Dave Barry
>
Would you two mind taking this to private e-mail? The rest of
us here is not interested, I think.
Thank you.
Kurt
--
You couldn't get a clue during the clue mating season in a
field full of horny clues if you smeared your body with clue
musk and did the clue mating dance. (Edward Flaherty)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: On jamming interception networks
Date: Mon, 28 Feb 2000 10:49:30 GMT
Mok-Kong Shen wrote:
> ... But, anyway, it is a fact that
> the networks are intercepting lots, big lots, of communications
> of common people and we have to take measures to protect ourselves.
> Using good encryption is one way. Jamming the networks is another
> way. The suggestion aims at exhausting their resources ...
There still seems to be some confusion. The "networks" *are* lots
of communications. If you mean, government intelligence agencies,
they're the least of your problems -- the intelligence agencies
aren't interested in, and can't afford to be interested in, the
vast majority of traffic among ordinary people; however, criminals
*are* interested in any information that can help them steal from
you (including stealing your identity) and work scams against you.
It makes sense to protect against that threat by using encryption.
But attacking the networks themselves by increasing the junk that
is transmitted just raises costs for everybody without protecting
anybody.
> giving them an excessive amount of work to do. If one day I send
> you a mail containing ciphertexts, how could they exclude that
> it doesn't contain highly sensitive materials that are of interest
> to them?
The intelligence agencies are not interested in anything you send
me, I assure you, unless you have are on their watch list. If your
messages are being watched, the analysts will be able to sort the
information from the chaff.
> .. They certainly work on encrypted messages, since the
> probability that these contain secrets is 'by definition' high.
No! First: routine traffic is not of interest no matter what its
format. (Much Internet traffic is binary data; that doesn't make
it automatically interesting.) Second: under your proposed plan,
the probability that an encrypted attachment to a message would
contain interesting information would be even *lower* that it is
now.
Instead of wasting effort and injuring the infrastructure by
working against imagined threats, it would be far better to work
to establish *universal secure communication*. That would
automatically solve even the problem you're worried about (if it
*is* a problem), as a side effect of solving the *real* problems
of communication interception.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Cryonics and cryptanalysis
Date: Mon, 28 Feb 2000 11:00:46 GMT
John Enright wrote:
> And then comes the moral dilemma. Does Man have a soul? Since we're
> talking about a purely physically process here, and the soul resides
> in an unquantifiable spirit realm, does this effectively separate
> your soul from your body?
On the hypothesis under discussion, the copied person would be
indistinguishable from the original in every observable way.
The "soul" theory refers to something that could not be detected,
so a practical person would have to say that it doesn't matter --
at least, not in *this* world.
But it is an untenable hypothesis to start with, so your
cherished religious beliefs are safe on this score.
------------------------------
From: John <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.soviet,soc.culture.europe,soc.culture.nordic,soc.culture.italian,soc.culture.french,soc.culture.spain,alt.security
Subject: Re: The former CIA directors are just playing roles .. they are involved in
the covert action
Date: Mon, 28 Feb 2000 11:05:52 +0000
In article <[EMAIL PROTECTED]>, Lassi Hippeläinen
<"lahippel$does-not-eat-canned-food"@ieee.org> writes
>John wrote:
><...>
>> (BTW the only thing missing in the message are the umlauts, but that
>> should be no trouble to a Finn who would know which letters carry them).
>>
>> How about the question in English- did you also have a problem with
>> that?
>
>In fact there are some minor spelling errors, too, but none that would
>prevent understanding the content. An expert like "Markku" will no doubt
>be able to point them out for you :->
>
Thanks Lassi- there speaks a real Finn! :-)
(BTW the typos make the use of automatic translation just a little bit
more difficult don't they/ :-))
Cheers
--
John
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Mon, 28 Feb 2000 11:23:59 GMT
David Thompson wrote:
> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote :
> > Mok-Kong Shen wrote:
> > > I am ignorant of what the C standard specifies. Question: Does
> > > 'binary' require the file to be multiple of words or just any
> > > multiple of bytes will do?
> > The latter.
> I think you're mistaken. C90 7.9.2, unchanged in C99 7.19.2p3,
> allows the implementation to pad stored binary streams
> (normally disk files) with null characters = zero-value bytes;
> AFAIK this is to allow file granularity > 1 byte.
Yes, binary streams can have padding at the end on some systems,
but Shen asked if the C standard *required* binary-stream files
to have size that is a multiple of the system's wordsize instead
of an arbitrary number of bytes, and the answer is no. In fact,
most modern file systems do not include padding in the content
of files. However, the possibility of padding (usually to fill
out the last block or fixed-length record) is worth keeping in
mind, for the rare instances where it could get in the way (e.g.
trying to interpret padding as valid data), so thanks for
bringing this point up.
> As examples, I believe RT-11 rounded to 512-byte blocks, ...
That's correct. RT-11 file sizes are in blocks, not bytes.
(RT-11 lives! Mentec still licenses it, and has made minor
enhancements including fixing Y2K problems.)
> True. Although a really lame implementation could decide
> that fseek() always, or sometimes, fails due to "error".
This issue comes up every so often, and my response is always
that I would not expect such an implementation to be "vetted"
by conformance testing, because it does not provide the
specified functionality. Errors are meant to be exceptional,
not constant.
> And a system with >2GB files that wants to keep 'long'
> 32-bits has to use f{get,set}pos instead of fseek,ftell.
You mean programs on such a system. Anyway, they don't have
to, unless they need to handle such large files. Utility
programs need to be prepared for anything, but applications
might have control over the files they deal with.
I can't recall the last time I needed to use tell/seek.
"Tell" seems to imply that the program has lost track of what
it was doing. "Seek" has three uses: BOF (rewind, which I do
occasionally have a use for), EOF (which usually is addressed
by opening the file in append mode), and random-access fixed
records (which really ought to be calls on a database manager).
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NSA Linux and the GPL
Date: Mon, 28 Feb 2000 11:36:23 GMT
"John E. Kuslich" wrote:
> More in support of Justice Department action for this slacker
> John Deutch.
> I rest my case!
But the issue is whether the DCI could be successfully prosecuted
for "removal" of the classified information, when he is the one
who is authorized to designate the appropriate storage. At the
very least, his defense could be that such designation (which
we're *assuming* wasn't covered by documentation) was implicit in
his actions.
As to security guidelines, one can't legally be prosecuted for
violating guidelines, just for violating laws. Guideline
violations are dealt with by disciplinary action, as indicated
in the access document that Deutch (like everybody else in the
business) had signed. I imagine him saying "So fire me!"
Don't get me wrong; if he acted as the *media reports* seem to
indicate, it was extremely bad judgment on his part, although it
is doubtful that a prosecution would succeed. However, the news
media is not to be trusted -- in dozens of stories where I've
had detailed first-hand knowledge, they have never yet reported
the facts accurately. Today's "news" is about entertainment,
not enlightenment.
------------------------------
From: "Yo" <[EMAIL PROTECTED]>
Subject: RSA deppading
Date: Mon, 28 Feb 2000 12:09:30 +0100
Does anybody know what is "RSA deppading" ? when does it apply?
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Cryonics and cryptanalysis
Date: Mon, 28 Feb 2000 11:46:10 GMT
On Mon, 28 Feb 2000 11:00:46 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote, in part:
>John Enright wrote:
>> And then comes the moral dilemma. Does Man have a soul? Since we're
>> talking about a purely physically process here, and the soul resides
>> in an unquantifiable spirit realm, does this effectively separate
>> your soul from your body?
>On the hypothesis under discussion, the copied person would be
>indistinguishable from the original in every observable way.
>The "soul" theory refers to something that could not be detected,
>so a practical person would have to say that it doesn't matter --
>at least, not in *this* world.
That depends on who is doing the observing. People have an inside as
well as an outside, and it is precisely the "soul" that observes from
the inside. Even the fact that a=b and a=c implies b=c allows logic to
reach the "soul", as noted in another post of mine in this thread.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Cryonics and cryptanalysis
Date: Mon, 28 Feb 2000 11:43:41 GMT
On Mon, 28 Feb 2000 04:00:51 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote, in part:
>Is there are reason to invalidate the assumption given
>record/replay with fidelity better than 8 hours of sleep?
>The other issue is that, given adequate fidelity, the recorded/replayed
>consciousness(es) cannot tell the difference. Even the original cannot
>assert any distinguishing characteristic except perhaps a toe tag.
>But a good copy, i.e., the only kind worth making, would be
>indistinguishable in principle from the original.
I am assuming, for the sake of argument, that it is possible to make
_perfect_ copies. And, it certainly is true that a perfect copy is
indistinguishable _from the outside_ from the original. As well, a
perfect copy would not be able to determine that he is not the
original by searching his memories.
Then, what is the problem?
People have an *inside* as well as an outside.
If "all we have are bits", which means, for example, that we are not
able to use any of the matter from which the brain of the original was
composed, and we don't have an ongoing connection to the original's
living brain (so that, while someone was conscious, wires that could
only carry bits were used to allow the individual to transfer his
consciousness to a prosthetic brain), then what we have in such a case
is information, stored on a medium such as magnetic tape.
As I noted, what one can do with bits once, one can do twice.
Since "things equal to the same thing are equal to each other", (or,
if a=b and a=c, then b=c) the proof now follows quite simply.
Person A has died, but been recorded for posterity.
Two teams, simultaneously, from copies of this recording, create two
perfect copies of A. Let us call them B and C.
B and C are identical, just as B is identical to A and C is identical
to A.
However, B is not C. They are not physically connected. What is sensed
by B is recorded in B's memory; what is sensed by C is recorded in C's
memory.
Hence, it is not true that B is C. Thus, it cannot be true that A is B
_and_ A is C. Thus, the fact that a perfect copy of A is produced from
the recording of A is not sufficient to imply that that copy _is_ A,
since if that were true, it would be implied that B is A and C is A,
which implies B is C, which is false.
Thus, it is not reasonable for me to hope that, after I close my eyes
in death, that the production of a perfect copy of me from bits alone
will enable _me_ to open my eyes again and continue having experiences
and sense impressions.
Now, of course, I suppose one might reply that "if you believe in a
soul, then you probably also believe in an afterlife, and cryonics is
naturally not of interest to you". This, however, assumes too much. It
requires religious faith to take the afterlife seriously. As to the
reality of my own consciousness, that is something I experience
directly every day, and I have no more opportunity to doubt its
existence than I do that of the nose on my face.
The vocabulary of computing, in any case, is now adequate to address
the issue, even if imperfectly. I am not just matter or electricity,
but neither am I just information - a program. I am _an executing
instance of a program_, and it is the particular instance that needs
to continue that I may live.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
