Cryptography-Digest Digest #488, Volume #11 Tue, 4 Apr 00 19:13:01 EDT
Contents:
Re: enigma returned ([EMAIL PROTECTED])
Re: Q: Entropy (Mok-Kong Shen)
Re: Q: Entropy (Mok-Kong Shen)
Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - Who is trying
to silence our program? It's not working...) (Skeptic)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (DMc)
Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - Who is trying
to silence our program? It's not working...) (Skeptic)
Re: Q: Entropy ("Joseph Ashwood")
Re: Hysteresis? (Alan Gottschald)
Re: enigma returned (John Savard)
Re: NSA (John Savard)
Re: Hysteresis? (Alan Gottschald)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (lordcow77)
Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - (Thor Arne
Johansen)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: enigma returned
Date: Tue, 04 Apr 2000 21:13:38 GMT
[EMAIL PROTECTED] wrote:
> I have just heard (21.30 04/04/00)that a 50 year old man from Bedford,
> England, has been arrested for the theft of the enigma machine from
> Bletchley Park. No further details known.
Presumedly, he just finished reading _Applied Cryptography_ and
decided he needed a better cipher. :)
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: Tue, 04 Apr 2000 23:33:03 +0200
John Savard wrote:
>
> (And, just as the entropy of numbers created by throwing dice is known
> exactly, on an _a priori_ basis, the argument for the security of the
> true one-time pad is not affected by the limitation on knowing the
> entropy of _some_ types of sequence.)
After reflecting a bit more about tossing a perfect coin, I
believe there is a paradox whose explanation I don't yet know.
If a perfect coin is tossed n times, it generates a bit
sequence of length n. How much entropy should I ascribe to
that sequence? Note that the result is one of the binary numbers
in the interval 0 to 2^n-1. Each of these numbers has an equal
chance of turning up in my experiment. Suppose by chance I get
the number 0, i.e. all n bits are 0. Should I still consider the
sequence to have some entropy and, in particular, the same
entropy as a sequence having an apparently fairly random pattern
of 0 and 1? Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: Tue, 04 Apr 2000 23:57:05 +0200
Joseph Ashwood wrote:
>
> > There is no new language. I remain in the domain of
> English. In
> > such situations I am not sure of the entropy remaining the
> same.
> > For I could exchange some nouns or verbs such that the new
> sentence
> > does not have any sense in the real world, even though it
> remains
> > to be correct grammatically. (For instance, one
> substitutes 'cat'
> > for 'computer', 'eat' for 'invent' etc.) In that case the
> > probability of that sentence occuring in the language (as
> ensemble
> > of sentences formulated by people) would be much smaller
> than the
> > original, I believe.
>
> It depends on how your convolution of English works. If it
> is a simple substitution (e.g. take the dictionary, replace
> each word with the word after it), if the subsitution is
> known to the attacker, the entropy of the message remains
> the same as the english version, if the substitution is
> determined on an individual message masis, it's more
> complex. I was a bit unclear on how you were doing the
> substitution, I was under the impression taht it might be a
> complete translation maintaining grammar, leading to some
> ambiguity as to whether there was a 1 to 1 relationship. The
> likelihood of it being a sensible sentence is actually a
> non-issue, because you are changing the language, given that
> you must consider it within the language (substitution) of
> your message. For example considering "Je parle seulement
> anglais" in english is useless, but considering it in French
> it becomes an at least somewhat sensible sentence (I used
> http://babel.altavista.com to translate "I speak only
> english" from English to French). The sentence will have
> approximately the same amount of entropy as it's English
> translation so around 20-bits, however since I don't know
> French the French version may have various issues that make
> it non-standard French, and I also don't know if there is a
> 1-1 onto relationship between those sentences.
I don't think that 1-1 is essential in the present context, but
it simplifies the matter, I suppose. The replacement I have
in mind is simply rather arbitrarily chosen by a human who is
conversant in the language but who doesn't care to render the
new sentence unconditionally meaningful in the real world, i.e.
he just randomly makes his choice, with words that happen to
come to his mind. For instance, the original sentence is
With further developments in AI, a computer will be able to
diagnose all kinds of human diseases.
Now suppose that he chooses to replace the noun in the main
clause with 'cat' and the verb with 'eat'.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Skeptic)
Crossposted-To: alt.privacy,alt.security.pgp
Subject: Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - Who is
trying to silence our program? It's not working...)
Date: Tue, 04 Apr 2000 16:08:20 -0600
In article <[EMAIL PROTECTED]>, Thor Arne Johansen <[EMAIL PROTECTED]>
wrote:
> Hello all,
>
> "Thomas J. Boschloo" wrote:
> >
> > EE Support wrote:
> > >
> > > We contend it does not. Overwriting all zeros practically trashes
> > > files on the disk.
> > >
> > > Can you prove us wrong? Is there any method to simply and reliably
> > > decode from any disk surface the primary 0/1 patterns from RLL, etc
> > > encoding, after a single zero overwrite? We think there is none.
> > > Please prove us wrong and we will beat it.
> >
>
> I agree 100%
does it make a difference to overwrite all 0's rather than all 1's, or is
it just a polarity change on the media?
>
> > Maybe the area close to the written track will still get magnetized by
> > the previous data, but you can't just set a treshold. You'll have to set
> > at least three treshold. One for going from 0->0 (very low magnetic
> > treshold), 0->1 (higher), 1->0 (still higher depending on time of last
> > wipe) and 1-1 (highest).
>
> High intersymbol inteference (ISI) will make this very hard. Disks use
> complex modulation/encoding schemes to handle this. (PRML/DFE).
>
> >
> > Hope this makes sense to the guys at sci.crypt and I am sure we'll hear
> > if I just had a brain fart.
> >
> > > (Disks
> > > >generally use some form of run-length limited encoding). To handle all
> > > >possible disk encoding schemes types requires a particular sequence of 35
> > > >overwrite passes. You could reduce this if you knew the which disk
encoding
> > > >scheme was used (1,7)RLL, (2,7)RLL or MFM. If you want to know about
> > > >overwriting data or how easy it is to recover overwritten data I can
> > > >recommend the following paper.
>
> I would challenge anyone to produce evidence that overwritten data, can
> be recovered. There seem to be some sort of consensus that reading
> overwritten data can easily be recovered. Most of the descriptions on
> how to do this is quasi-science at the best, and mindless techno-ranting
> at the worst.
>
> Mr. Gutmans paper is the best description of secure deletion I've seen
> so far (even though I still think overwriting is a secure way to erase
> data from magnetic media). However the paper is not a writeup on
> successful recovery of overwritten data, it is merely describing some of
> the processes and techniques to consider.
>
> Why recovering overwritten data is almost impossible:
> NONLINEARITY, Spindle Jitter, Clock Jitter, PRML encoding, poor signal
> to noise, correlated noise.
>
> Now, this could also be judged as techno ranting :), but if you look
> into it, these things makes it incredibly hard (almost impossible), to
> recover overwritten data.
>
>
> > > >
> > > >http://www.cs.auckland.ac.nz/~pgut001/secure_del.html
> > > >
> > > >Don't buy or write a secure file deletion program until you've read it.
> > > >
>
> Best regards,
>
> Thor Arne Johansen
--
�Skeptical comments belong to author alone.�
------------------------------
From: DMc <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Tue, 04 Apr 2000 22:13:34 GMT
On Tue, 04 Apr 2000 13:13:32 -0700, lordcow77
<[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, DMc
><[EMAIL PROTECTED]> wrote:
>>
>> Fascinating bull hockey; Take the simple Park and Miller
>minimal
>>standard generator with an initial seed of 1. Now tell me the 1
>073
>>741 825th seed value without running the generator.
>>
>
>Not true; the nth iterate of a LCG can be calculated based
>solely on the seed value to the generator. Hint: think modular
>exponentiation.
>
This is the stuff that makes me crazy. Do what you say you can do and
maybe I will understand. An engineer made the same claim in a magazine
article several years ago, and he was not even close.
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Skeptic)
Crossposted-To: alt.privacy,alt.security.pgp
Subject: Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - Who is
trying to silence our program? It's not working...)
Date: Tue, 04 Apr 2000 16:13:29 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> On Wed, 15 Mar 2000 22:15:17 +0000, Withheld <[EMAIL PROTECTED]>
> wrote:
>
> >[cut]
> >>I fantasize that your data is stored on hard disk tracks for a long time
> >>before it gets wiped (esp. with new users of your still improving
> >>software). So the magnetic data will leak over to the surface area next
> >>to the track. Then you overwrite with zero's once! That leaves traces of
> >>the previous data next to the track. Above a certain treshold the data
> >>will have been 1 and below it will have been 0. Not very commercially
> >>intesting until your product apeared, but it doesn't sound difficult to
> >>recover IMO.
> >>
> >>Better would be to steal the random data collection from the source of
> >>pgp 6.5.1i or use Jarrow from counterpane to generate some
> >>cryptographically strong random data and use it to overwrite previous
> >>data on the harddisk. It doesn't have to be 10Gig strong for a 10Gig
> >>harddrive, but hashing the initial random value a few times should do
> >>the job. At no loss of speed (maybe 0.01% due to the hashing) you now
> >>overwrite the previous data more securely than just by overwritting with
> >>zero's only. That would be great.
> >>
> >>Maybe the area close to the written track will still get magnetized by
> >>the previous data, but you can't just set a treshold. You'll have to set
> >>at least three treshold. One for going from 0->0 (very low magnetic
> >>treshold), 0->1 (higher), 1->0 (still higher depending on time of last
> >>wipe) and 1-1 (highest).
> >
> >I hope I'm not being ignorant here, but is a stream of random data
> >entirely necessary? Given you are trying to mask residues from previous
> >data, wouldn't a succession of alternating patterns 101010101010...
> >followed by 0101010101... do the same thing - blur any residues until it
> >was meaningless. Using memory blocks you could define this pattern and
> >then dump it into disk blocks wherever you wanted. Once this pattern had
> >been followed a suitable number of times it could all be overwritten
> >with 00000000 to clear the disk.
> >
> >Unless I've misunderstood the point, this would result in so many
> >possible thresholds for what was there before the multiple wipe passes
> >that it would be impossible to get anything meaningful from it at all?
> >
> >[cut]
>
> Hi
> A problem is RLL and encoding etc.
>
> The data sent to the disk isn't the same as the data physically
> written.
>
> Disks use encoding systems to maximise the on/off states available to
> the heads at a certain speed.
>
> What goes to the disk as
> 010101010101010101010101010
>
> Is magnetically saved more like
> 000000011111100000111111111
>
> We still think secure software overwriting trashes the data and nobody
> has found a practical way to beat our Evidence Eliminator software
> yet.
why not overwrite all 1's?
>
> --
> Regards,
> EE Support
> [EMAIL PROTECTED] (remove NO_SP_AM for e-mail)
> http://www.evidence-eliminator.com/
--
�Skeptical comments belong to author alone.�
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: Tue, 4 Apr 2000 14:56:02 -0700
Absolutely, of course that is assuming that you are tossing
the coin in a way that does not decrease the entropy (an
example of one that will cause bias even in an unbiased coin
is dropping it on one side). Whether or not the sequence has
an apparent order to it, does not increase or decrease the
actual entropy.
Joe
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> John Savard wrote:
> >
> > (And, just as the entropy of numbers created by throwing
dice is known
> > exactly, on an _a priori_ basis, the argument for the
security of the
> > true one-time pad is not affected by the limitation on
knowing the
> > entropy of _some_ types of sequence.)
>
> After reflecting a bit more about tossing a perfect coin,
I
> believe there is a paradox whose explanation I don't yet
know.
> If a perfect coin is tossed n times, it generates a bit
> sequence of length n. How much entropy should I ascribe to
> that sequence? Note that the result is one of the binary
numbers
> in the interval 0 to 2^n-1. Each of these numbers has an
equal
> chance of turning up in my experiment. Suppose by chance I
get
> the number 0, i.e. all n bits are 0. Should I still
consider the
> sequence to have some entropy and, in particular, the same
> entropy as a sequence having an apparently fairly random
pattern
> of 0 and 1? Thanks.
>
> M. K. Shen
------------------------------
From: net.netscape@agottschald (Alan Gottschald)
Crossposted-To: alt.privacy,alt.security.pgp
Subject: Re: Hysteresis?
Date: Tue, 04 Apr 2000 22:40:07 GMT
"Scotty" <[EMAIL PROTECTED]> wrote:
>ISTR it overwrote more than once. In fact, if it didn't do that, the fact
>that it was random wouldn't make much difference, since you can read
>directly whether a 1 or 0 was the overwrite bit, and the deviation of the
>signal from 1 or 0 directly gives you the previous contents. Isn't
>hysteresis a wonderful thing :(
Yes I agree in theory it's possible to detect the differences in the
levels. There is a point though in the number of overwrites where the
difference is lost in the inherent noise, some of which is caused by
the inconsistancy of the media.
Depending how paranoid you are you may considder a whole host of
measures to obfuscate your data such as encryption of the orignal or
even double encryption with different methods (des and pgp say) you
could even have one level of encryption built into the disk driver.
Even pickup the delete call and call your own multiple random
overwrite. I'm sure I've missed something.
I guess, how far you want to go to make your "deleted" files
unreadable depends on how damaging it would be to you if someone else
could use them.
When does the cost excede the potential damage, or even the cost of
destroying the media.
I have read disks for evidence, in the past and it is time consumeing
even when all the info is still there and you have the tools.
>
>Alan Gottschald wrote in message <[EMAIL PROTECTED]>...
>>I seem to remember in the good old days when sercurity was less of an
>>issue we had a nice little utility from Norton I think, I even wrote
>>one my self, that would write a random pattern over selected files or
>>even disks. Now I'm not saying that it is imposible to to read what
>>what's left but I suspect that is would be as good as.
>>
>>
>>Remember if you want to keep something secret don't put it on a
>>computer, don't write it down and don't tell anyone.
>>
>>"Scotty" <[EMAIL PROTECTED]> wrote:
>>
>>>
>>>G. R. Bricker wrote in message <01bf9d2d$df081040$4b06ebd0@default>...
>>>>I surmise that hysteresis effects would leave traces of the previous
>>>>condition of the "bit" on magnetic media. A bit which has been
>overwritten
>>>>once in its lifetime would probably have a measurable trace of residual
>>>>magnetism from its previous condition. However, how you would measure
>this
>>>>I don't know. The level would be pretty low. As for bits which have been
>>>>overwritten many times, I have absolutely no idea how each separate
>"write"
>>>>could be determined.
>>>> G.R. Bricker
>>>
>>>When a 1 overwrites a 1 you get about 1.05 and 0.95 when it overwrites a
>0.
>>>The drive circuitry digitises that to give 1. That 10% difference is easy
>to
>>>measure if you sample it with an oscilloscope before the signal is
>processed
>>>by the drive circuitry. This is not rocket science.
>>>
>>>
>>>
>>>
>>>>
>>>>Thor Arne Johansen <[EMAIL PROTECTED]> wrote in article
>>>><[EMAIL PROTECTED]>...
>>>>> Hello all,
>>>>>
>>>>> "Thomas J. Boschloo" wrote:
>>>>> >
>>>>> > EE Support wrote:
>>>>> > >
>>>>> > > We contend it does not. Overwriting all zeros practically trashes
>>>>> > > files on the disk.
>>>>
>>>
>>
>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: enigma returned
Date: Tue, 04 Apr 2000 22:44:22 GMT
[EMAIL PROTECTED] wrote, in part:
>I have just heard (21.30 04/04/00)that a 50 year old man from Bedford,
>England, has been arrested for the theft of the enigma machine from
>Bletchley Park. No further details known.
So it wasn't a college prank, which is what I was hoping.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: NSA
Date: Tue, 04 Apr 2000 22:47:24 GMT
"Stou Sandalski" <tangui [EMAIL PROTECTED]> wrote, in part:
>Hey I was looking at the NSA website today (and that FAQ) and one thing that
>struc me as kind of strange was that they do a lot of crap for the
>community, way too much... (for christ sake they recycle their flourescent
>bulbs so "no mercury polutes maryland").
Well, if you look at the FAS website, you'll see a beancounter report
on the NSA that complained they didn't farm out enough work to a
Federal program that hires blind people to do stuff. So because
they're a U.S. Government agency, they have to be on their toes in
this area.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: net.netscape@agottschald (Alan Gottschald)
Crossposted-To: alt.privacy,alt.security.pgp
Subject: Re: Hysteresis?
Date: Tue, 04 Apr 2000 22:54:41 GMT
[EMAIL PROTECTED] (wtshaw) wrote:
>In article <[EMAIL PROTECTED]>, net.netscape@agottschald
>(Alan Gottschald) wrote:
>
>> Remember if you want to keep something secret don't put it on a
>> computer, don't write it down and don't tell anyone.
>>
>There are reasonable ways to secure information on a computer, but most do
>not realize what is essential for that to occur. Start by replacing *a*
>computer with one that can support a tolerable level of real security;
>same is for the system, and encryption methods, the actual algorithm only
>important when everything else is in order.
My point was not how secure each was or how secure it could be made
but that if you wished to keep it secret keep it to your self. However
the order I ware them has significance. I assumed the most secure
computer and the written is both encrypted and hidden the least secure
it whoever you tell. Human weaknesses being what it is...
Algorithms and loyalties assumed to be the best...
------------------------------
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
From: lordcow77 <[EMAIL PROTECTED]>
Date: Tue, 04 Apr 2000 16:03:15 -0700
In article <[EMAIL PROTECTED]>, DMc
<[EMAIL PROTECTED]> wrote:
>>Not true; the nth iterate of a LCG can be calculated based
>>solely on the seed value to the generator. Hint: think modular
>>exponentiation.
>>
>This is the stuff that makes me crazy. Do what you say you can
do and
>maybe I will understand. An engineer made the same claim in a
magazine
>article several years ago, and he was not even close.
>
It's proven in _Seminumerical Algorithms_.
http://www.iro.umontreal.ca/~lecuyer/papers.html has some papers
on psuedorandom number generation in general. Pick up one of the
survey papers.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Thor Arne Johansen <[EMAIL PROTECTED]>
Subject: Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator -
Date: Wed, 05 Apr 2000 01:42:50 +0200
Guy Macon wrote:
>
> Absense of evidence is not evidence of absense.
>
Certainly not.
But I stress the point that AFAIK there is no evidence/scientific
papers describing a successful experiment reading overwritten data.
The "HOWTO's" we can find on the Internet vary greatly in accuracy
regarding
the challenges involved actually read overwritten data.
For example Scotty writes:
"When a 1 overwrites a 1 you get about 1.05 and 0.95 when it
overwrites a 0. The drive circuitry digitises that to give 1. That 10%
difference is easy to measure if you sample it with an oscilloscope
before the signal is processed by the drive circuitry.
This is not rocket science."
This phenomenon is called Hard/Easy transition shift. It is true
that the amplitude of a pulse can depend on the previous magnetization
of the media.
One of the problems however is that one transition IS NOT the same as
one bit.
Modern harddrives operate with PW50/T between 2.5 and 3. PW50 is the
pulsewidth
from the heads at 50% amplitude. T is the bit time. This means that they
fit
~3 bits in the time/space for from one transition.
The way disks deal with this is that assume a particular SHAPE for
isolated
transitions (target pulse), and that isolated transitions iteract in a
linear
fashion (the resulting signal from multiple transitions is the
superposition of
individual transitions).
This assumption does not really hold. First of all the resulting
transition (as
is exist off the head) differs from the target pulse. Secondly,
superposition
does not hold because the write process is non-linear.
Drive manufacturers get away with it using precompensation, and heavy
equalization.
Furthermore, using this technique (Partial Response) really 'use' all
available
signal to noise ratio.
The point I'm trying to make is that after overwriting data, the
residual from the old data is seriously attenuated, and seriously
(nonlinearly) distorted.
To decode this residual requires a completely different approach than
traditional
decoding/demodulation, and my point is that I have not found anything in
literature
indicating that it is even possible.
>
> >Why recovering overwritten data is almost impossible:
> >NONLINEARITY, Spindle Jitter, Clock Jitter, PRML encoding, poor signal
> >to noise, correlated noise.
>
> These effects, when they happen during the original writing or the
> attempted overwriting, make it *easier* to recover data. If the
> overwriting bit is off center and only partially covers the original
> bit, the job of recovery is made simpler.
>
> These techniqes do not apply if you use the methods detailed by Peter
> Gutmann in [ http://www.cs.auckland.ac.nz/~pgut001/secure_del.html ].
> Magnetic force microscopy lacks nonlinearity, Spindle Jitter, Clock
> Jitter, PRML encoding, poor signal to noise, and correlated noise.
I was not referring to spindle/clock jitter in the read process, but
rather
during the overwrite process. Besides even the traditional (inductive)
read
process is linear. The problem is with the write process.
>
> >Now, this could also be judged as techno ranting :), but if you look
> >into it, these things makes it incredibly hard (almost impossible), to
> >recover overwritten data.
>
> I have a lot of obsolete and partially related experience in this area
> as an engineer who has worked with the original 30MB/30MB Winchester
> mainframe disk drives, 9 track mainframe tape drives, timelapse video
> recorders, phillips cassette data recorders, spacebourn data recorders
> for the space shuttle, and most recently DVD-RAMs. None of this
> experience is with modern disk drives, but I understand the basics,
> and have recovered "erased" data from these various recoding devices
> using fine iron powder and a good microscope. I have also failed to
> recover the data many times. This opsolete technique wouldn't work
> withy modern disk drives, of course - a quick calculation shows that
> the features are too small for that. It is important to realize that
> we had plenty of nonlinearity, Spindle Jitter, Clock Jitter, poor
> signal to noise, and correlated noise, and that this did not prevent
> recovery.
I should also clearify that I'm not talking about residual signals due
to
track mis-registering (TMR). In these cases the residual does not
undergo any
transformation. If you used a traditional read head, you would get a
weaker
signal mixed with the new data. However you can get around this using a
high resolution magnetic force microscope.
When I say overwritten data, I really mean overwritten data, just as if
we
had perfect servos. I am still convinced that under these circumstances
overwritten data is next to impossible to recover.
Best regards,
Thor Arne Johansen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
