Cryptography-Digest Digest #468, Volume #11 Sun, 2 Apr 00 19:13:01 EDT
Contents:
Re: The lightest side of cryptology (Tom St Denis)
Re: Observer 26/3/2000: "It's RIP basic human rights as 'worst UK legislation ever'
looms" (Dave Bird)
Des security ? (schack01)
Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - (Thor Arne
Johansen)
Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - Who is
trying to silence our program? It's not working...) (Svend Olaf Mikkelsen)
Re: Improvement on Von Neumann compensator? (Guy Macon)
University Job Bank - new website (University Job Bank)
Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - (NFN NMI L.)
TEA? ("Simon Johnson")
Cryptography FAQ (01/10: Overview) ([EMAIL PROTECTED])
Cryptography FAQ (02/10: Net Etiquette) ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: The lightest side of cryptology
Date: Sun, 02 Apr 2000 21:08:46 GMT
Same for me. I am on ICQ and my UIN is 46838187. Gimme a shout if you
want.
Tom
Joseph Ashwood wrote:
>
> I think the best recommendation would be to talk to people
> from the newsgroup off group, ask questions. You'll find
> that many of us are at least as interesting off group as on.
> You'll also find that very little of the really good stuff
> gets posted. If you (or anyone else) wants, I'm available
> via e-mail ([EMAIL PROTECTED]), ICQ (4107766), AOL IM
> (holomntn), or Yahoo IM (holomntn).
> Joe
>
> "Jaime Cardoso" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > When I read the post that started this thread I was very
> please with it.
> >
> > I subscribe this NG to see if I can learn something about
> criptography
> > but, the only posts I can't understand any of the
> interesting posts.
> >
> > Althouw the jokes are good, can anyone post some pointers
> to informtion
> > about cript algoritms and common atacks?
> >
> > PS. Please don't recomed any books (buy books => money <
> house morgage +
> > food)
> >
> > file://JaimeC
> >
------------------------------
From: Dave Bird <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.politics.censorship
Subject: Re: Observer 26/3/2000: "It's RIP basic human rights as 'worst UK legislation
ever' looms"
Date: Sun, 2 Apr 2000 19:51:08 +0100
In art<[EMAIL PROTECTED]>, Jarvis N. Brand writes:
>On Sat, 1 Apr 2000 04:42:07 +0100, Neil Horlock wrote:
>>NoSpam <[EMAIL PROTECTED]> stipulated:
>>>
>>>Specifically, the bill stipulates that if a message or device traced to you
>>>contains encrypted data, you can be required by a statutory order to hand
>>>over the key needed to decrypt that data. If you have lost or forgotten that
>>>key, you will be presumed to be guilty of an offence and required to prove
>>>to a court that you have indeed lost or forgotten it. If convicted, you will
>>>go down for two years.
>>
>>One reason why I have no plans on using PGP.
>
>So let's clarify this. You refuse to stand up for your rights because
>you foresaw that someone would attack those rights?! On this principle
>I presume that you never lock your house because you can anticipate
>that you'll be burgled sooner or later anyway.
I thought this was extreme, too. The situation is changed so that the
government can attack the privacy of a limited number of people under
warrant, and hide the names of those attacked but not the total number.
The situation was that they could read 100% and trawl if you didn't
secure it.
The new situation is (slightly) better.
|~/ |~/
~~|;'^';-._.-;'^';-._.-;'^';-._.-;'^';-._.-;||';-._.-;'^';||_.-;'^'0-|~~
P | Woof Woof, Glug Glug ||____________|| 0 | P
O | Who Drowned the Judge's Dog? | . . . . . . . '----. 0 | O
O | answers on *---|_______________ @__o0 | O
L |<a href="news:alt.religion.scientology"></a>_____________|/_______| L
www.xemu.demon.co.uk 2B0D 5195 337B A3E6 DDAC BD38 7F2F FD8E 7391 F44F
------------------------------
From: schack01 <[EMAIL PROTECTED]>
Subject: Des security ?
Date: Sun, 02 Apr 2000 22:03:18 GMT
I most admit that im a newbie in crytology!
Is there any weakness of des algoritm
( standard 56 bit key, 64 bit plain & cipher block )
Ie all "ff" or all "00" plain data weakness ?
Is brute-force the only known solution to find a key ?
In brute-force, are there any way of reduce the 2^56 rounds ?
Ive heard it can be broken down to 2^48 rounds , true ?
Regards
Schack
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Thor Arne Johansen <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,alt.security.pgp
Subject: Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator -
Date: Mon, 03 Apr 2000 00:53:16 +0200
Hello all,
"Thomas J. Boschloo" wrote:
>
> EE Support wrote:
> >
> > We contend it does not. Overwriting all zeros practically trashes
> > files on the disk.
> >
> > Can you prove us wrong? Is there any method to simply and reliably
> > decode from any disk surface the primary 0/1 patterns from RLL, etc
> > encoding, after a single zero overwrite? We think there is none.
> > Please prove us wrong and we will beat it.
>
I agree 100%
> Maybe the area close to the written track will still get magnetized by
> the previous data, but you can't just set a treshold. You'll have to set
> at least three treshold. One for going from 0->0 (very low magnetic
> treshold), 0->1 (higher), 1->0 (still higher depending on time of last
> wipe) and 1-1 (highest).
High intersymbol inteference (ISI) will make this very hard. Disks use
complex modulation/encoding schemes to handle this. (PRML/DFE).
>
> Hope this makes sense to the guys at sci.crypt and I am sure we'll hear
> if I just had a brain fart.
>
> > (Disks
> > >generally use some form of run-length limited encoding). To handle all
> > >possible disk encoding schemes types requires a particular sequence of 35
> > >overwrite passes. You could reduce this if you knew the which disk encoding
> > >scheme was used (1,7)RLL, (2,7)RLL or MFM. If you want to know about
> > >overwriting data or how easy it is to recover overwritten data I can
> > >recommend the following paper.
I would challenge anyone to produce evidence that overwritten data, can
be recovered. There seem to be some sort of consensus that reading
overwritten data can easily be recovered. Most of the descriptions on
how to do this is quasi-science at the best, and mindless techno-ranting
at the worst.
Mr. Gutmans paper is the best description of secure deletion I've seen
so far (even though I still think overwriting is a secure way to erase
data from magnetic media). However the paper is not a writeup on
successful recovery of overwritten data, it is merely describing some of
the processes and techniques to consider.
Why recovering overwritten data is almost impossible:
NONLINEARITY, Spindle Jitter, Clock Jitter, PRML encoding, poor signal
to noise, correlated noise.
Now, this could also be judged as techno ranting :), but if you look
into it, these things makes it incredibly hard (almost impossible), to
recover overwritten data.
> > >
> > >http://www.cs.auckland.ac.nz/~pgut001/secure_del.html
> > >
> > >Don't buy or write a secure file deletion program until you've read it.
> > >
Best regards,
Thor Arne Johansen
------------------------------
From: [EMAIL PROTECTED] (Svend Olaf Mikkelsen)
Crossposted-To: alt.privacy,alt.security.pgp
Subject: Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - Who
is trying to silence our program? It's not working...)
Date: Sun, 02 Apr 2000 22:49:02 GMT
Thor Arne Johansen <[EMAIL PROTECTED]> wrote:
>I would challenge anyone to produce evidence that overwritten data, can
>be recovered. There seem to be some sort of consensus that reading
>overwritten data can easily be recovered. Most of the descriptions on
>how to do this is quasi-science at the best, and mindless techno-ranting
>at the worst.
Well, in Danish newsgroups it is quite often stated that the Norwegian
company Ibas can do that :-)
--
Svend Olaf
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Improvement on Von Neumann compensator?
Date: 02 Apr 2000 18:58:38 EDT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Mok-Kong Shen)
wrote:
>Sorry, my point concerning 'continuous process' was wrong (my
>thought at the time of writing betrayed me). However, the other
>point, namely that concerning physical realization, seems to be valid.
>On the other hand, I like to have a point you raised (if I
>understand correctly) more explicitly expressed as follows. The
>position of any particle that can be measured and the clock one
>uses are obviously subject to bounded precisions of the instruments
>involved. Further, most values have to be truncated, since we can't
>record most of the real numbers exactly (with an infinite or almost
>infinite number of digits) even if we had had perfect instruments.
>So, even if we KNOW (which we can't, I am afraid) that the Brownian
>motion being observed is indeed truly random, would one be able to
>extract from that truly random informations in practice? In other
>words, wouldn't the above mentioned imperfection in measurement
>and recording essentially falsify our results? (This would also
>apply to random numbers obtained from other physical sources.)
There is an escape clause that will let you remove the bias and keep
the randomness. As a thought experiment, imagine that I obtained
N bits of "random" data from the following (possibly to certainly
biased) sources:
HotBits (time between atomic decays in a radioisotope)
Laverand (the position of the lava in a bunch of lava lights)
Intel chipset RNG (thermal noise source disturbing phase locked loop)
The best available pseudorandom generator (is there a concensus as to
which one is "best", or is this another "depends on what you want"
questions?)
Now XOR them together. The only bias that will remain is a bias that
is shared by all four sources. Also, if any one of the four is true
random, the output will be true random.
------------------------------
From: University Job Bank <[EMAIL PROTECTED]>
Subject: University Job Bank - new website
Date: Sun, 02 Apr 2000 22:52:35 GMT
New website has been launched -- University Job Bank for students,
recent grads and professionals:
http://www.UJobBank.com
Two sister websites:
Postdoctoral positions: http://www.post-docs.com
Graduate Assistantships: http://www.GradAsst.com
Hope this helps.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (NFN NMI L.)
Subject: Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator -
Date: 02 Apr 2000 23:00:13 GMT
<<Now, this could also be judged as techno ranting :), but if you look
into it, these things makes it incredibly hard (almost impossible), to
recover overwritten data.>>
Peter Gutmann disagrees. In his paper, if I remember correctly, he notes that
recovering data is mostly possible.
-*---*-------
S.T. "andard Mode" L.
STL's Quotation Archive: http://quote.cjb.net
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: TEA?
Date: Sun, 2 Apr 2000 20:47:43 +0100
Would a modified version of TEA, using a 16-bit block, and 32-bit key,be
proportionally as strong as its 64-bit block, 128-bit key counterpart?
Secondly, Is the addition mod 2^32 in TEA?
------------------------------
Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers
Subject: Cryptography FAQ (01/10: Overview)
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: 02 Apr 2000 23:09:37 GMT
Archive-name: cryptography-faq/part01
Last-modified: 1999/06/27
This is the first of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read this part before the rest. We
don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in the last part.
Disclaimer: This document is the product of the Crypt Cabal, a secret
society which serves the National Secu---uh, no. Seriously, we're the
good guys, and we've done what we can to ensure the completeness and
accuracy of this document, but in a field of military and commercial
importance like cryptography you have to expect that some people and
organizations consider their interests more important than open
scientific discussion. Trust only what you can verify firsthand.
And don't sue us.
Many people have contributed to this FAQ. In alphabetical order:
Eric Bach, Steve Bellovin, Dan Bernstein, Nelson Bolyard, Carl Ellison,
Jim Gillogly, Mike Gleason, Doug Gwyn, Luke O'Connor, Tony Patti,
William Setzer. We apologize for any omissions.
Archives: sci.crypt has been archived since October 1991 on
ripem.msu.edu, though these archives are available only to U.S. and
Canadian users. Another site is rpub.cl.msu.edu in /pub/crypt/sci.crypt/
from Jan 1992.
The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto,
sci.answers, and news.answers every 21 days.
The fields `Last-modified' and `Version' at the top of each part track
revisions.
1999: There is a project underway to reorganize, expand, and update the
sci.crypt FAQ, pending the resolution of some minor legal issues. The
new FAQ will have two pieces. The first piece will be a series of web
pages. The second piece will be a short posting, focusing on the
questions that really are frequently asked.
In the meantime, if you need to know something that isn't covered in the
current FAQ, you can probably find it starting from Ron Rivest's links
at <http://theory.lcs.mit.edu/~rivest/crypto-security.html>.
If you have comments on the current FAQ, please post them to sci.crypt
under the subject line Crypt FAQ Comments. (The crypt-comments email
address is out of date.)
Table of Contents
=================
1. Overview
2. Net Etiquette
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
2.2. Do political discussions belong in sci.crypt?
2.3. How do I present a new encryption scheme in sci.crypt?
3. Basic Cryptology
3.1. What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key?
3.2. What references can I start with to learn cryptology?
3.3. How does one go about cryptanalysis?
3.4. What is a brute-force search and what is its cryptographic relevance?
3.5. What are some properties satisfied by every strong cryptosystem?
3.6. If a cryptosystem is theoretically unbreakable, then is it
guaranteed analysis-proof in practice?
3.7. Why are many people still using cryptosystems that are
relatively easy to break?
3.8. What are the basic types of cryptanalytic `attacks'?
4. Mathematical Cryptology
4.1. In mathematical terms, what is a private-key cryptosystem?
4.2. What is an attack?
4.3. What's the advantage of formulating all this mathematically?
4.4. Why is the one-time pad secure?
4.5. What's a ciphertext-only attack?
4.6. What's a known-plaintext attack?
4.7. What's a chosen-plaintext attack?
4.8. In mathematical terms, what can you say about brute-force attacks?
4.9. What's a key-guessing attack? What's entropy?
5. Product Ciphers
5.1. What is a product cipher?
5.2. What makes a product cipher secure?
5.3. What are some group-theoretic properties of product ciphers?
5.4. What can be proven about the security of a product cipher?
5.5. How are block ciphers used to encrypt data longer than the block size?
5.6. Can symmetric block ciphers be used for message authentication?
5.7. What exactly is DES?
5.8. What is triple DES?
5.9. What is differential cryptanalysis?
5.10. How was NSA involved in the design of DES?
5.11. Is DES available in software?
5.12. Is DES available in hardware?
5.13. Can DES be used to protect classified information?
5.14. What are ECB, CBC, CFB, and OFB encryption?
6. Public-Key Cryptography
6.1. What is public-key cryptography?
6.2. How does public-key cryptography solve cryptography's Catch-22?
6.3. What is the role of the `trapdoor function' in public key schemes?
6.4. What is the role of the `session key' in public key schemes?
6.5. What's RSA?
6.6. Is RSA secure?
6.7. What's the difference between the RSA and Diffie-Hellman schemes?
6.8. What is `authentication' and the `key distribution problem'?
6.9. How fast can people factor numbers?
6.10. What about other public-key cryptosystems?
6.11. What is the `RSA Factoring Challenge?'
7. Digital Signatures
7.1. What is a one-way hash function?
7.2. What is the difference between public, private, secret, shared, etc.?
7.3. What are MD4 and MD5?
7.4. What is Snefru?
8. Technical Miscellany
8.1. How do I recover from lost passwords in WordPerfect?
8.2. How do I break a Vigenere (repeated-key) cipher?
8.3. How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...]
8.4. Is the UNIX crypt command secure?
8.5. How do I use compression with encryption?
8.6. Is there an unbreakable cipher?
8.7. What does ``random'' mean in cryptography?
8.8. What is the unicity point (a.k.a. unicity distance)?
8.9. What is key management and why is it important?
8.10. Can I use pseudo-random or chaotic numbers as a key stream?
8.11. What is the correct frequency list for English letters?
8.12. What is the Enigma?
8.13. How do I shuffle cards?
8.14. Can I foil S/W pirates by encrypting my CD-ROM?
8.15. Can you do automatic cryptanalysis of simple ciphers?
8.16. What is the coding system used by VCR+?
9. Other Miscellany
9.1. What is the National Security Agency (NSA)?
9.2. What are the US export regulations?
9.3. What is TEMPEST?
9.4. What are the Beale Ciphers, and are they a hoax?
9.5. What is the American Cryptogram Association, and how do I get in touch?
9.6. Is RSA patented?
9.7. What about the Voynich manuscript?
10. References
10.1. Books on history and classical methods
10.2. Books on modern methods
10.3. Survey articles
10.4. Reference articles
10.5. Journals, conference proceedings
10.6. Other
10.7. How may one obtain copies of FIPS and ANSI standards cited herein?
10.8. Electronic sources
10.9. RFCs (available from [FTPRF])
10.10. Related newsgroups
------------------------------
Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers
Subject: Cryptography FAQ (02/10: Net Etiquette)
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: 02 Apr 2000 23:09:39 GMT
Archive-name: cryptography-faq/part02
Last-modified: 94/06/13
This is the second of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read the first part before the rest.
We don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in the last part.
The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto,
sci.answers, and news.answers every 21 days.
Contents:
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
2.2. Do political discussions belong in sci.crypt?
2.3. How do I present a new encryption scheme in sci.crypt?
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
Read news.announce.newusers and news.answers for a few weeks. Always
make sure to read a newsgroup for some time before you post to it.
You'll be amazed how often the same question can be asked in the same
newsgroup. After a month you'll have a much better sense of what the
readers want to see.
2.2. Do political discussions belong in sci.crypt?
No. In fact some newsgroups (notably misc.legal.computing) were
created exactly so that political questions like ``Should RSA be
patented?'' don't get in the way of technical discussions. Many
sci.crypt readers also read misc.legal.computing, comp.org.eff.talk,
comp.patents, sci.math, comp.compression, talk.politics.crypto,
et al.; for the benefit of people who don't care about those other
topics, try to put your postings in the right group.
Questions about microfilm and smuggling and other non-cryptographic
``spy stuff'' don't belong in sci.crypt either.
2.3. How do I present a new encryption scheme in sci.crypt?
``I just came up with this neat method of encryption. Here's some
ciphertext: FHDSIJOYW^&%$*#@OGBUJHKFSYUIRE. Is it strong?'' Without a
doubt questions like this are the most annoying traffic on sci.crypt.
If you have come up with an encryption scheme, providing some
ciphertext from it is not adequate. Nobody has ever been impressed by
random gibberish. Any new algorithm should be secure even if the
opponent knows the full algorithm (including how any message key is
distributed) and only the private key is kept secret. There are some
systematic and unsystematic ways to take reasonably long ciphertexts
and decrypt them even without prior knowledge of the algorithm, but
this is a time-consuming and possibly fruitless exercise which most
sci.crypt readers won't bother with.
So what do you do if you have a new encryption scheme? First of all,
find out if it's really new. Look through this FAQ for references and
related methods. Familiarize yourself with the literature and the
introductory textbooks.
When you can appreciate how your cryptosystem fits into the world at
large, try to break it yourself! You shouldn't waste the time of tens
of thousands of readers asking a question which you could have easily
answered on your own.
If you really think your system is secure, and you want to get some
reassurance from experts, you might try posting full details of your
system, including working code and a solid theoretical explanation, to
sci.crypt. (Keep in mind that the export of cryptography is regulated
in some areas.)
If you're lucky an expert might take some interest in what you posted.
You can encourage this by offering cash rewards---for instance, noted
cryptographer Ralph Merkle is offering $1000 to anyone who can break
Snefru-4---but there are no guarantees. If you don't have enough
experience, then most likely any experts who look at your system will
be able to find a flaw. If this happens, it's your responsibility to
consider the flaw and learn from it, rather than just add one more
layer of complication and come back for another round.
A different way to get your cryptosystem reviewed is to have the NSA
look at it. A full discussion of this procedure is outside the scope
of this FAQ.
Among professionals, a common rule of thumb is that if you want to
design a cryptosystem, you have to have experience as a cryptanalyst.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
