Cryptography-Digest Digest #467, Volume #11 Sun, 2 Apr 00 16:13:01 EDT
Contents:
Re: I will make ANY software for ANYBODY (Ichinin)
Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL" ("PJS")
Re: Stolen Enigma (David Wadsworth)
Re: Hash/Mixing SPRN (Scott Nelson)
Another question about blowfish (Jan Krumsiek)
Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL" (JimD)
Re: new Echelon article (JimD)
Re: Stolen Enigma (JimD)
Re: Using Am-241 to generate random numbers (Jerry Coffin)
Re: Stolen Enigma (John Savard)
Re: Stolen Enigma (Jim Reeds)
Re: Observer 26/3/2000: "It's RIP basic human rights as 'worst UK legislation ever'
looms" (Jarvis N. Brand)
Re: Another question about blowfish (Tom St Denis)
Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL"
([EMAIL PROTECTED])
Re: Using Am-241 to generate random numbers ("Jed Rothwell")
----------------------------------------------------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: I will make ANY software for ANYBODY
Date: Fri, 31 Mar 2000 01:26:19 +0200
Tony L. Svanstrom wrote:
> Hey... porting the OS of Commodore 64 (whatever it's called) to the
> Palmplatform and then pushing Palm IIIc as a Gameboykiller... :-)
Intresting, The C64 had 64K, Free from 0800-A000 =
38912 bytes + 4096 (C000-D000) + ~20K in the diskdrive
buffer (Although the device requires a FS). If you also
disable the OS (A000-BFFF) you get an additional 8K's
of memory. = 51200 bytes free.
IIRC the linux kernel is only a few KB's (So it's
theoretically possible) then all the surrounding
stuff could reside on the diskdrive. X would be out
of question...
Personally, i'd love to mount /dev/1541 :o)
Regards,
Glenn
(Think of it - CD /Home/Root -"Press play on tape" :o)
------------------------------
From: "PJS" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.politics.censorship
Subject: Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL"
Date: Sun, 2 Apr 2000 18:33:14 +0100
Stormshadow wrote in message <8c7bf6$jqh$[EMAIL PROTECTED]>...
>"PJS" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> If they were done in the traditional way, with a men in berets waving
guns
>> and making statements about a victory for people's freedom and so on, you
>> may be right, but imagine if Straw were simply run over in the street or
>> shot by someone completely anonymous.
>I don't know about you, but I get a bit suspicious every time a
high-profile
>political or economical figure suffers a lethal "accident", even if I have
no
>way of knowing what really happened. But really, do we have that much to
hide
>that we need to kill to keep our files encrypted? As I said, there are
other
>methods of persuasion. Bitch like hell to your MPs. After all, they _are_
>supposed to represent you.
===========
Given that it's a contest of us vs. the party whips, it's probably a waste
of time.
--
Will the last person to be eaten
by the Fnord please turn the light out?
------------------------------
From: David Wadsworth <[EMAIL PROTECTED]>
Subject: Re: Stolen Enigma
Date: Sun, 2 Apr 2000 18:30:48 +0100
In article <[EMAIL PROTECTED]>, Rick Smith <[EMAIL PROTECTED]>
writes
>
>
>Gary Watson wrote:
>>
>> CNN is reporting that someone has stolen the Enigma machine from the
>> Blechley Park exhibit in the UK. They say it's one of 3 in the world.
>> Although it's a fairly obnoxious crime, you would think that they would
>> padlock something so valuable before opening the place to the public.
>
>Hmm. I seem to remember seeing 3 different Enigma machines (including
>one rigged up for visitors to use) on display at the NSA Museum in
>Maryland. So the "3 in the world" sounds like careless reportage.
>
>Rick.
>[EMAIL PROTECTED]
>"Internet Cryptography" at www.visi.com/crypto
Yes, I was surprised at the claim in UK papers of 'only three left in
the world', and also at the estimated value of 100000 UK Pounds. I seem
to remember reading of Enigma machines going at auction for 3000 UK
pounds a few years ago. Of course it could be one of only three Enigma
machines of *that* particular type, and the value could be due to the
associated history e.g if it was captured from a U-boat. This would not
reflect the value to the thief, if anything it could make it more
difficult to dispose of,
Cheers
--
David Wadsworth | Tonto.... I've got a feeling we're not in Kansas
[EMAIL PROTECTED] | anymore .....The Lone Ranger of Oz
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Subject: Re: Hash/Mixing SPRN
Reply-To: [EMAIL PROTECTED]
Date: Sun, 02 Apr 2000 17:38:15 GMT
On Sat, 01 Apr 2000 18:12:09 GMT, [EMAIL PROTECTED] wrote:
>I have asked this question before...sadly no one replied..it may be too
>easy for you guys to answer...but would appreciate a response...
>What is the mathematical/logical basis for using Hash functions (MD5 and
>SHA1) in a Pseudo Random Generator...
>
Secure hashing functions are generally only used in
cryptographically secure pseudo random number generators (CSPRNG)
There, it's for security reasons. Once seeded,
a CSPRNG should produce as many bits as needed with
a security equal to the underlying hash function.
These are mainly used when the amount of entropy
available isn't enough to cover the demand for random bits.
>Does the mixing of the input seed bits into the Hash mixer increaes the
>entropy and makes the output data more random?
Don't know what you mean by "input seed bits"
If they don't change, then the amount of entropy doesn't
change, and the randomness of the output doesn't change.
If however, you have data which has additional entropy,
then adding it to the hash will make the output more
unguessable.
>Is there any mathematical analysis or proof of this...
>or is it just a sound practice?
>
It's easy to prove that a hash of an unknown state
will produce more than one possible output. Just
hash the numbers 1-100, and you'll see that you get
100 different outputs.
It's also easy to prove that there's a limit to how unguessable
the output is (it can't be bigger than the size of the output.)
We can use statistical methods to show that secure hashing
functions are collision resistant, which means they are
very good at preserving entropy. Unfortunately,
the same thing which makes them secure,
also makes them difficult to analyze in depth.
Not really sure if any of that actually answers your
questions or not.
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
From: Jan Krumsiek <[EMAIL PROTECTED]>
Subject: Another question about blowfish
Date: Sun, 02 Apr 2000 17:30:14 GMT
i have another question about blowfish:
i want to encrypt a string which's length is not a multiple of 8.
i tried to do this in the following way:
let's say i got a 20-bytes string, i first encrypted the first 16
bytes. than i copied the last 4 bytes into a new char array, set the
other bytes of that array to 0 and encrypted the array. at last i
copied back the first 4 bytes of the help-array into the original array.
this did not work!! what's wrong?? how can i realise this??
Jan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (JimD)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.politics.censorship
Subject: Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL"
Reply-To: JimD
Date: Sun, 02 Apr 2000 16:46:06 GMT
On Fri, 31 Mar 2000 10:54:20 +0300, "Stormshadow" <[EMAIL PROTECTED]> wrote:
>"PJS" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> If they were done in the traditional way, with a men in berets waving guns
>> and making statements about a victory for people's freedom and so on, you
>> may be right, but imagine if Straw were simply run over in the street or
>> shot by someone completely anonymous.
>I don't know about you, but I get a bit suspicious every time a high-profile
>political or economical figure suffers a lethal "accident", even if I have no
>way of knowing what really happened. But really, do we have that much to hide
>that we need to kill to keep our files encrypted? As I said, there are other
>methods of persuasion. Bitch like hell to your MPs. After all, they _are_
>supposed to represent you.
In Finland, that may be so. Here they represent whoever can pay them
the most.
--
Jim Dunnett.
dynastic at cwcom.net
He who laughs last doesn't
get the joke.
------------------------------
From: [EMAIL PROTECTED] (JimD)
Subject: Re: new Echelon article
Reply-To: JimD
Date: Sun, 02 Apr 2000 16:46:08 GMT
On Sat, 1 Apr 2000 13:39:33 -0700, Jerry Coffin <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] says...
>
>[ ... ]
>
>> >> You'd need a hell of a lot of computing power to store a 10-minute call.
>> >
>> >What makes you think that? Digital cell phones typically use only 8
>> >to 14 KBps, so you're looking at roughly 4.5 to 8.2 megabytes of
>> >storage for a 10 minute call. It obviously takes a bit of capability
>> >to intercept the call at all, but once you've done that, storing the
>> >information is pretty trivial.
>>
>> OK I'll buy that, but what are you going to do with it then?
>
>That depends on what you were monitoring and why you were
>intercepting it in the first place...
>
>> By the time you've broken the crypto and got it back to audio,
>> the information it contains is stale.
>
>Maybe. Or maybe not. It might be Jane Blow asking her husband to
>pick up some sugar on the way home from work, in which case you
>probably never cared about it at all...
But you won't know that until you've broken it and reduced it
to audio!
--
Jim Dunnett.
dynastic at cwcom.net
He who laughs last doesn't
get the joke.
------------------------------
From: [EMAIL PROTECTED] (JimD)
Subject: Re: Stolen Enigma
Reply-To: JimD
Date: Sun, 02 Apr 2000 16:46:08 GMT
On Sun, 2 Apr 2000 15:58:44 +0100, "Gary Watson" <[EMAIL PROTECTED]> wrote:
>CNN is reporting that someone has stolen the Enigma machine from the
>Blechley Park exhibit in the UK. They say it's one of 3 in the world.
>Although it's a fairly obnoxious crime, you would think that they would
>padlock something so valuable before opening the place to the public.
There's a hell of a lot more than three around. I saw two plus a
TYPEX at a recent GCHQ open day.
--
Jim Dunnett.
dynastic at cwcom.net
He who laughs last doesn't
get the joke.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Using Am-241 to generate random numbers
Date: Sun, 2 Apr 2000 11:49:29 -0600
In article <8c6e8t$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... ]
> I believe that you are right. There really is no difference.
>
> (Oops! Sorry! I thought that I was in soc.religion.quaker.
> make that "If you lack the mentality to understand my arguments
> I am not going to bother enlightening you." <grin>)
ROFL.
> I still don't see the advantages of using a telescope. Why not
> use one of the many cheaper alternative keyspaces that both parties
> can access?
I honestly don't either -- when I entered this particular thread, it
was only to comment that IF you decided to do this, it seemed to me
that an optical telescope and a CCD camera would be a lot more
practical than trying to build your own radio-telescope. I still
think that much is true, but I'll openly admit that the whole basic
notion seems highly impractical at best -- I certainly wouldn't plan
on using it for any critical communication or anything like that.
In fairness to the question I originally addressed, a radio-telescope
probably would have one advantage: a radio-telescope would be able to
collect input even in weather that prevented using an optical
telescope.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Stolen Enigma
Date: Sun, 02 Apr 2000 17:17:11 GMT
On Sun, 02 Apr 2000 15:48:58 GMT, Rick Smith <[EMAIL PROTECTED]> wrote,
in part:
>Gary Watson wrote:
>> CNN is reporting that someone has stolen the Enigma machine from the
>> Blechley Park exhibit in the UK. They say it's one of 3 in the world.
>> Although it's a fairly obnoxious crime, you would think that they would
>> padlock something so valuable before opening the place to the public.
>Hmm. I seem to remember seeing 3 different Enigma machines (including
>one rigged up for visitors to use) on display at the NSA Museum in
>Maryland. So the "3 in the world" sounds like careless reportage.
Not necessarily. The Engima machine came in several different
varieties. Some are fairly common, with hundreds of specimens still in
existence, but it is entirely possible that the particular machine
stolen belongs to a specific type of which only three specimens are
known to survive.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (Jim Reeds)
Subject: Re: Stolen Enigma
Date: Sun, 2 Apr 2000 18:02:12 GMT
Apparently the stolen Enigma was an "Abwehr" Enigma, as
described in a recent Cryptologia article. I can well
believe that there are only 3 (or maybe now, 2) Abwehr
Enigmas left in the world. A garden variety Wehrmacht
Enigma, like my friend Fred bought a decade or so back,
costs as much a new car, I suppose, and is no great rarity.
But this one was different.
--
Jim Reeds, AT&T Labs - Research
Shannon Laboratory, Room C229, Building 103
180 Park Avenue, Florham Park, NJ 07932-0971, USA
[EMAIL PROTECTED], phone: +1 973 360 8414, fax: +1 973 360 8178
------------------------------
From: Jarvis N. Brand <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.politics.censorship
Subject: Re: Observer 26/3/2000: "It's RIP basic human rights as 'worst UK legislation
ever' looms"
Reply-To: [EMAIL PROTECTED]
Date: Sun, 02 Apr 2000 18:27:32 +0000
(NB newsgroups trimmed slightly)
On Sat, 1 Apr 2000 04:42:07 +0100, Neil Horlock
<[EMAIL PROTECTED]> wrote:
>In an article <[EMAIL PROTECTED]> of
>great significance, NoSpam <[EMAIL PROTECTED]> stipulated:
>>Specifically, the bill stipulates that if a message or device traced to you
>>contains encrypted data, you can be required by a statutory order to hand
>>over the key needed to decrypt that data. If you have lost or forgotten that
>>key, you will be presumed to be guilty of an offence and required to prove
>>to a court that you have indeed lost or forgotten it. If convicted, you will
>>go down for two years.
>
>One reason why I have no plans on using PGP.
So let's clarify this. You refuse to stand up for your rights because
you foresaw that someone would attack those rights?! On this principle
I presume that you never lock your house because you can anticipate
that you'll be burgled sooner or later anyway.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Another question about blowfish
Date: Sun, 02 Apr 2000 18:47:03 GMT
Jan Krumsiek wrote:
>
> i have another question about blowfish:
>
> i want to encrypt a string which's length is not a multiple of 8.
>
> i tried to do this in the following way:
> let's say i got a 20-bytes string, i first encrypted the first 16
> bytes. than i copied the last 4 bytes into a new char array, set the
> other bytes of that array to 0 and encrypted the array. at last i
> copied back the first 4 bytes of the help-array into the original array.
> this did not work!! what's wrong?? how can i realise this??
Basically that's what you do, but the block size of the left over is 8
bytes, not four. So even though you only copied four bytes in, you have
to copy the entire plaintext. So your output [ciphertext] will always
be a multiple of 8 [or the block size in general]
Also try looking up a chaining mode such as CBC or PCBC.
BTW My lib CryptoBag handles all the "handling-packaging" of
ciphertext/plaintext. The source is online, so you may want to check it
out. http://24.42.86.123/cb.html
Tom
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.politics.censorship
Subject: Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL"
Date: 2 Apr 2000 19:52:14 +0100
In uk.politics.censorship PJS <[EMAIL PROTECTED]> wrote:
> -----------
> Given that it's a contest of us vs. the party whips, it's probably a waste
> of time.
Personally I'd think that if enough MP's got letters from their
consituents asking that they vote against the legislation then they
might start to take action
see http://www.stand.org.uk/ for details of how to complain
RjL
------------------------------
From: "Jed Rothwell" <[EMAIL PROTECTED]>
Subject: Re: Using Am-241 to generate random numbers
Date: Sun, 2 Apr 2000 15:58:00 -0400
Guy Macon wrote:
> [1] A very large collection of keys that are freely accessable by anyone
> (including any attacker) who wishes access. These could be stars,
> pages from published books, usenet posts, etc.
Actually, cosmic noise would *not* be available after the fact, an important
point. It is not recorded anywhere, so if the attacker misses it, it is gone
forever. Pages from books and usenet posts stick around and might be
recovered later. If someone told the attacker the key a week after he
intercepted the message, and the one-time pad was a usenet message, he could
probably did it up. If the one-time pad was a star at a given location in
the sky, even after he learned the coordinates it would be too late.
>
> [2] A method for the sender and reciever to pick the same
star/bookpage/etc
> without the attacker knowing which one was picked.
I have not addressed this issue. It would be the same problem with any
secret key exchange.
> Thinking about it, if you consider your property safe (can the attacker
> who intercepts your TCP/IP packets see which way your telescope is
> pointed?) . . .
I think it would harder to see the telescope, especially a radiotelescope
hidden under a hood or roof. Anyway, if the hypothetical attacker did not
have access to your e-mail and TCP/IP packets, you would have have nothing
to fear from him, and you might as well send the messages in plaintext.
> >Another rich source of random noise might be the human genome data.. . .
>
> This has the same flaw as usenet posts. An attacker might observe you and
> your correspondent looking at the same section of the human genome and
> downloading the same gene sequence. Unless you download the whole thing,
> which is just as hard as downloading all usenet posts.
Ah, I had in mind that you would purchase the entire genome set on high
density DVDs. I believe it will be available in that medium. Probably
expensive, I guess. I have no idea how many disks it would fill up. I
suppose for that matter you could purchase 100 Hollywood movies on DVD and
mix up the data streams, but I think the genome data looks more random to
start with. Digitalized movies probably have a lot of structure. (The genome
might also, for all I know.)
- Jed
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
