Cryptography-Digest Digest #921, Volume #11 Fri, 2 Jun 00 15:13:01 EDT
Contents:
Re: Q: Session key generation (Paul Koning)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May ("Demon")
Re: Self Shrinking LFSR (Terry Ritter)
TC3 Update (tomstd)
Re: Good ways to test. (tomstd)
Re: Pollard's algorithm for computing discrete logs (Anton Stiglic)
Re: Powers of s-boxes and other functions (Jim Steuert)
Re: Contest rule proposal (Mike Rosing)
Re: Contest rule proposal ("Adam Durana")
Re: Powers of s-boxes and other functions (tomstd)
Re: Finding primitive polynomials via the Berlekamp method? (Mike Rosing)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Jim)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Jim)
Re: Self Shrinking LFSR (Mike Rosing)
Re: Can we say addicted? (wtshaw)
Re: Contest rule proposal ("Adam Durana")
Re: Contest rule proposal ("Paul Pires")
----------------------------------------------------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Q: Session key generation
Date: Fri, 02 Jun 2000 13:54:04 -0400
Baruch Even wrote:
>
> In article <[EMAIL PROTECTED]>, Mok-Kong Shen
> <[EMAIL PROTECTED]> wrote:
> >
> > Suppose one uses a block cipher with a certain key size and needs a lot
> > of session keys each day, then it seems desirable to have some
> > systematic method of obtaining these.
I would say just the opposite. If you have a systematic
way to generate a multiple of keys, that means you're
risking *all* those keys if one of them is broken.
How large that risk is depends on how easily the
"system" you're using can be reproduced by an attacker.
Normal practice is that you generate sessions keys
one by one. Those might be locally generated random
numbers (in cases like PGP) or cooperatively generated
ones (D-H key agreement or mechanisms like that, in cases
of communication in real time like SSL or IPsec).
> Supposedly the session keys are generated from a PRNG, as most users
> do not have an hardware RNG. This requires that the PRNG is a good
> one, as far as I remember, the usual definition is "Attacker is given all but
> one bit, and guesses that bit with probability more than half" (this defines
> a broken PRNG).
>
> I would think that it would be advisable to use external events as entropy
> source, anything from keyboard, mouse and hard-drive timings. One
> should be wary however from using only off-the-shelf stuff as the
> application is the driving force. If the machine is also a web-server the
> attacker can guess that no keyboard or mouse is working and by forcing
> the load of the webserver up or down can try (how to do that is beyond me)
> guess the harddrive timings. Possibly internal network timings and the
> room background noise could be used to "enhance" this.
Absolutely. You need a cryptographically strong generator,
which means some source of external entropy coupled with a
cryptographically strong way of extending the bitstream.
The Linux /dev/random driver is an example, as is Yarrow.
The webserver case is an interesting problem. Some will have
hardware crypto assist, in which case a hardware RNG may come
with that package (it often does in current generation
crypto accelerator chips). Alternatively, I/O timing can
be used, with caution, provided you use a very fine grained
timer such as the CPU cycle counter and NOT a millisecond
(or worse) elapsed time timer -- and only a fraction of a bit
or at best a few bits of entropy per event.
paul
------------------------------
From: "Demon" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Fri, 2 Jun 2000 19:10:41 +0100
"David Boothroyd" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> The Regulation of Investigatory Powers Bill has nothing to do with
stopping
> computer virus programs. It simply regulates what state bodies can do in
> investigating communications for illegal activity.
>
> The proposals in the Bill are exactly the same as the ones Labour
suggested
> before the election so there really isn't anything for anyone to get
> worked up about.
Completely wrong. http://www.fipr.org/rip/ReverseCrux.htm
In the past, the Labour party took a rather different view of encryption. In
its 1995 policy paper ``Communicating Britain's Future'' it stated:
The only power we would wish to give to the authorities, in order to pursue
a defined legitimate anti-criminal purpose, would be to enable decryption to
be demanded under ****judicial warrant**** (in the same way that a warrant
is required in order to search someone's home).
A RIP S.46 decryption notice is very far from a judicial warrant.
a) a judicial warrant is authorised by a judge, not by SoS (if it is for
intercepted material)
b) a judicial warrant would not reverse the burden of proof
Oh, BTW - in opposition, Labour supported judicial authorisation for
interception warrants too. Until Jack Straw that is.
>The Conservatives were planning mandatory key escrow.
That was de facto Labour policy too from 1st May 97 until April 98, when
Barbara Roche brought us "voluntary" key-escrow. What a brilliant idea that
was.
http://www.fipr.org/rip/FIPR%20Lords%202nd%20reading%20briefing.htm
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Self Shrinking LFSR
Date: Fri, 02 Jun 2000 18:13:07 GMT
On Fri, 02 Jun 2000 17:32:22 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (Scott Nelson) wrote:
>[...]
>I've been unable to locate a definitive reference for
>the meanings of primitive and irreducible, so can nether confirm
>nor deny it. However, it's clear that to be maximal
>length a polynomial must be both primitive and irreducible.
http://www.io.com/~ritter/GLOSSARY.HTM#Irreducible
Irreducible
A polynomial only evenly divisible by itself and 1. The
polynomial analogy to integer primes. Often used to generate a residue
class field for polynomial operations.
[...]
http://www.io.com/~ritter/GLOSSARY.HTM#Primitive
Primitive
A value within a finite field which, when taken to increasing
powers, produces all field values except zero. A primitive binary
polynomial will be irreducible, but not all irreducibles are
necessarily primitive.
http://www.io.com/~ritter/GLOSSARY.HTM#PrimitivePolynomial
Primitive Polynomial
An irreducible polynomial, primitive within a given field, which
generates a maximal length sequence in linear feedback shift register
(LFSR) applications.
All primitive polynomials are irreducible, but irreducibles are not
necessarily primitive, unless the degree of the polynomial is a
Mersenne prime. One way to find a primitive polynomial is to select an
appropriate Mersenne prime degree and find an irreducible using
Algorithm A of Ben Or: [...]
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
Subject: TC3 Update
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 02 Jun 2000 11:24:06 -0700
I changed TC3 to use 128x128 sboxes (multiplicative inverse in
the galois field 2^128 mod p) instead of the hybrid F function.
With 4 rounds my cipher is provably secure against diff and
linear attacks since the LP/DP max for both is 2^-126.
I have a more complete "key schedule" to avoid weak keys.
The cipher is slow, but conceptually simple and provably secure.
It's at http://www.tomstdenis.com/tc3.c
I am betting there is something I overlooked, so cutos to the
first person to break it.
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: Good ways to test.
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 02 Jun 2000 11:25:32 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Terry
Ritter) wrote:
>
>On 2 Jun 2000 16:06:01 GMT, in
<[EMAIL PROTECTED]>,
>in sci.crypt [EMAIL PROTECTED] (Mark Wooding) wrote:
>
>>John <[EMAIL PROTECTED]> wrote:
>>
>>> Are there any resources, preferrably on the Net, that can
help test
>>> the strength of an encryption system?
>
>There is -- and can be -- no test which can find all possible
>weaknesses in a system.
>
>
>>The most effective resource is a Good Cryptanalyst. Several
of these
>>can be contacted using the Net. They grow on trees.
>
>Unfortunately, cryptanalysts can't know the strength of a system
>unless they can break it. If they can't break it, the system
may be
>weak anyway.
Conversely just because they can break it, doesn't mean it's
insecure.
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Pollard's algorithm for computing discrete logs
Date: Fri, 02 Jun 2000 14:29:04 -0400
Mike Rosing wrote:
>
> Jesper Stocholm wrote:
> >
> > I'm trying to implement Pollard's algorithm for discrete logs - but I
> > have a little problem:
> >
> > I have to partition the Group into 3 sections (S1, S2 and S3). However -
> > the book I use (Handbook of Applied Cryptography) just says,
> > that "some care must be exercised in selecting the partition" - which
> > doesn't help me much.
> >
> > How do I choose the right partition of the Group ?
>
> It's arbitrary. Just make each group about the same size. You can have
> more sections too, if you have 4, then the last 2 bits of a result can
> determine which group the result goes into.
You are mistaken, it's *not* arbitrary. You need to create 3 sets, S1,
S2
and S3. Then, you define a sequence of group elements x0, x1, ... by
x0 = 1,
x_{i+1} = f(xi) =def= o b*xi if xi is in S1,
o (xi)^2 if xi is in S2,
o a*xi, if xi is in S3,
where a and b are generators of the group in question (the group is
presumed
to be cyclic).
Now, it's not hard to see that if S2 contains 1, then you are *screwed*!
In fact, you'll get x0 = 1, x1 = 1, x2 = 1, x3 = 1, .... This is the
example
that the HAC states you should avoid, and demonstrates that you have to
choose
the sets carefully, not arbitrary.
Now the question was, is there any other thing you have to avoid when
creating
defining S1, S2 and S3. It's a good question. Probably by just
thinking about
it more carefully you can figure it out (I'm to lazy to do so...:), or
maybe
they talk about it in the initial paper which I don't have a copy of
("Monte Carlo methods for index computation (mod p)", Mathematics of
Computation,
32 (1978), 918-924).
Patience, persistence, truth and observation,
Mr. anton
------------------------------
From: Jim Steuert <[EMAIL PROTECTED]>
Subject: Re: Powers of s-boxes and other functions
Date: Fri, 02 Jun 2000 14:25:13 -0400
> tomstd wrote:
>
> Words of caution. Permutation polynomials form terrible sboxes.
Hi Tom again,
But even small s-boxes can make excellent permutations for iterating.
In my previous reply I showed that they can be easily composed to
form powers, and thus iterate huge counts in logarithmic time.
They can also be made to have very long cycles. If an s-box has several
cycles internal to it (as in a->b, b->c, c->d, d->a) or in permutation cycle
notation, ( ...(abcd)...) and each internal cycle is of a different prime
length,
then the entire s-box will not cycle until the product of those primes.
As an mxm s-box has 2^m inputs, then the requirement is that the sum
of those primes add up to less that 2^m. Which makes for a very long
cycle for easily designed s-boxes.
Tom, did the composition cycle length ever come up in your study of
s-boxes?
Thanks,
Jim Steuert
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Contest rule proposal
Date: Fri, 02 Jun 2000 13:21:53 -0500
Andru Luvisi wrote:
> I'm not sure if that is more or less restrictive than what I was
> proposing, but I would be fine with that as well.
>
> You hit the nail quite squarely on the head: Why should we give a
> designer no cost analysis when he won't give us the algorithm for no
> cost?
You usually can't publish anything about a patent until after you get
it. So the person holding the patent has already spent *real* money
and time on the cipher. If it gets broken in the contest, it's a waste
of money! If it doesn't get broken in the contest, the patent holder
gets some free analysis, by amatures.
I would think that any use for purposes of the contest should be easy
to grant. It does not interfere with the *use* of the patent in any
application, for which the patent holder wants to get paid.
I see this as a win-win situation for everyone. If we amatures can
break a patented cipher, it'll never get used. Patent holders will
be more careful about design, and might even hire a few people here
to analyze ciphers for them. This helps all of us, and makes the
place more friendly too.
Patience, persistence, truth,
Dr. mike
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: Contest rule proposal
Date: Fri, 2 Jun 2000 14:27:51 -0400
The whole purpose of the contest is for people to practice design and
analysis. And since any good design involves a good deal of analysis, I
would say that this contest is more concerned with analysis than anything
else. The contest is not however a place for a person to find a free cipher
for a system they are designing, or a place to prove the security of your
cipher. If a cipher makes it through the six week period and then is
retired, that suggests that it could be secure. But by no means should
anyone rate the security of their cipher by saying "my cipher made it
through the sci.crypt cipher contest". And of course if you don't want to
give free analysis, you don't have to. The contest is set up for people who
want to practice design and analysis and nothing more, and allowing people
to submit patented material does not hinder either of those two objectives.
- Adam
"Andru Luvisi" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Adam Durana" <[EMAIL PROTECTED]> writes:
> > I think everyone that submitted a cipher has put it up for public
> > discussion. That is the whole point of the contest, to put your cipher
> > online so people can find it and analyze it. With Chutzpah, I believe
that
> > the paper said there were patents pending, and I think that's a
perfectly
> > fair thing to do. The author of the cipher wants people to analyze the
> > cipher, but at the same time he does not want to loose control of it.
It
> > never occurred to me that this might be an issue, but you are right,
there
> > should be a new rule concerning this. Not a rule prohibiting the
submission
> > of a patented cipher, but a rule that states that all patented material
> > included in a submission should be accompanied by a statement (from the
> > patent holder of course) that allows free use of the material for the
> > purposes of the contest. Does that make everyone happy?
>
> Not particularly. The point here is: Why should we be giving someone
> cost free analysis when they won't give us the algorithm cost free?
>
> Requiring an explicit statement of patents pending will help people
> avoid accidently using a patented algorithm, but it does nothing to
> address the problem above.
>
> Andru
> --
> --------------------------------------------------------------------------
> | Andru Luvisi | http://libweb.sonoma.edu/ |
> | Programmer/Analyst | Library Resources Online |
> | Ruben Salazar Library |-----------------------------------------|
> | Sonoma State University | http://www.belleprovence.com/ |
> | [EMAIL PROTECTED] | Textile imports from Provence, France |
> --------------------------------------------------------------------------
------------------------------
Subject: Re: Powers of s-boxes and other functions
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 02 Jun 2000 11:38:17 -0700
In article <[EMAIL PROTECTED]>, Jim Steuert
<[EMAIL PROTECTED]> wrote:
>
>
>> tomstd wrote:
>>
>> Words of caution. Permutation polynomials form terrible
sboxes.
>
>Hi Tom again,
> But even small s-boxes can make excellent permutations for
iterating.
>In my previous reply I showed that they can be easily composed
to
>form powers, and thus iterate huge counts in logarithmic time.
>
> They can also be made to have very long cycles. If an s-box
has several
>cycles internal to it (as in a->b, b->c, c->d, d->a) or in
permutation cycle
>notation, ( ...(abcd)...) and each internal cycle is of a
different prime
>length,
>then the entire s-box will not cycle until the product of those
primes.
>As an mxm s-box has 2^m inputs, then the requirement is that
the sum
>of those primes add up to less that 2^m. Which makes for a very
long
>cycle for easily designed s-boxes.
> Tom, did the composition cycle length ever come up in your
study of
>s-boxes?
Yea, in Sboxgen you can choose to make single cycle sboxes, but
I find they are rare... about 1/3 of a % of all 8x8 sboxes are
single cycle...
You will also want to look at fixed points when you look at the
disjoint cycles.
Of course it is possible to take several shorter length cycles
and join them into a permutation (Cauchy Theory) but don't ask
how. I can't think right now...
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Finding primitive polynomials via the Berlekamp method?
Date: Fri, 02 Jun 2000 13:34:54 -0500
lordcow77 wrote:
> But for a polynomial defined over an arbitrary finite field, we
> might not neccesarily want to use coefficients in GF(2) or we
> might not be able to efficiently factor the maximum cycle length
> (p^n-1) in order to use the standard algorithm. It seems to be
> that Berlekamp's algorithm would not require such a
> factorization and could be implemented easily using traditional
> linear algebra methods to determine the nullspace. Such methods
> would be even more efficient over GF(2); moreover, the
> dimensions of the matrix would not neccesarily be very large,
> growing in size as n^2.
I'm not following this well. By an arbitrary field you mean GF(p^n)?
All the factors of x^(p^n)-1 are the irreducible cyclotomic polynomials
in p[x]. Searching for primitive ones at random is pretty easy.
Finding
specific ones via Terry's method looks even easier. Are you trying to
find all of them? That sounds hard :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (Jim)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Fri, 02 Jun 2000 17:48:03 GMT
Reply-To: Jim
On Thu, 1 Jun 2000 19:52:30 +0100, "Scotty" <[EMAIL PROTECTED]> wrote:
>Think about it, unknown to you, a friend whom you communicate with
>regularly, is arrested in a drugs bust. The police turn up and want your
>keys to decrypt all your communications. How will that look to a jury if you
>forget your keys? The police can say you have been in regular communication
>with a known drug dealer and they suspect your trips abroad have been used
>to import drugs etc. On the 'balance of probability' it looks already as if
>you're guilty of refusing a reasonable request to hand over your keys.
And if you've been into drug-dealing in a big way, the two years
in jail is cheap at the price...
--
amadeus at netcomuk.co.uk
nordland at lineone.net
g4rga at thersgb.net
------------------------------
From: [EMAIL PROTECTED] (Jim)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Fri, 02 Jun 2000 17:48:04 GMT
Reply-To: Jim
On Fri, 02 Jun 2000 15:46:30 +0100, Adrian Kennard <[EMAIL PROTECTED]>
wrote:
>Dave Howe wrote:
>>
>> In our last episode (<alt.security.pgp>[Wed, 31 May 2000 08:41:29
>> +0100]), George Edwards <[EMAIL PROTECTED]> said :
>> >How on earth can anyone prove that you HAVEN'T forgotten your key,
>> >unless you suvsequently use it? I see huge legal bills on this, all fees
>> >for the solicitors.
>> They don't have to - it is up to you to prove you have; *that* is what
>> is so worrying.....
>
>Proving you have forgotton a key *should* be easy though - surely.
>
>"Hmmm, nope, I cant remember it" - proved.
"I can't remember whether I've forgotten it or not"
--
amadeus at netcomuk.co.uk
nordland at lineone.net
g4rga at thersgb.net
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Self Shrinking LFSR
Date: Fri, 02 Jun 2000 13:48:17 -0500
Scott Nelson wrote:
> You may be right.
> I've been unable to locate a definitive reference for
> the meanings of primitive and irreducible, so can nether confirm
> nor deny it. However, it's clear that to be maximal
> length a polynomial must be both primitive and irreducible.
In another thread Terry Ritter pointed at his glossary that gives
a consise definition. Irreducible is a prime polynomial - it has no
factors. Primitive is a maximal order polynomial, it is also
irreducible.
The order of a polynomial (P) can be found by taking any other
polynomial of
lesser degree (X) times itself until you get 1. That is, X^m mod P = 1
means P has order m. When m = p^n-1, it is maximal length.
> It may take a /bit/ longer than a couple of weeks to brute
> force the dense 32 bit ML sequences.
It's not that hard. You can easily find if a polynomial is irreducible.
To test if it's primitive, you need to see if x^(factors of p^n-1) = 1
mod P. If so, it's not primitive. For p == 2, you only need 9 billion
checks for brute force, so I'd think the whole thing can be done in
a day on a reasonable PC. There are faster ways to do this, a few
months
ago someone posted the URL for a paper that showed some efficient
methods
for checking if polynomials are primitive.
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Can we say addicted?
Date: Fri, 02 Jun 2000 12:18:15 -0600
In article <#t57U#Kz$GA.332@cpmsnbbsa06>, "Joseph Ashwood"
<[EMAIL PROTECTED]> wrote:
> > You too? O, well, it's better than drugs, I suppose.
> Then you need to get some better drugs. (Just for the record I have in my
> life used 2 drugs, adrenalin, and caffeine, so don't take me too seriously
> on the subject).
> Joe
At times, surely your choices can be good for you.
After events of the past year, I find being alive a high. Things are
better as I continue to recover. If you do anything to loose your good
heath, if you have it, you are stupid.
Someone asked if GWB was affected by recreational pharmalogical pursuits,
if the stuff even came near to meeting spec.
--
If you wonder worry about the future enough to adversely limit
yourself in the present, you are a slave to those who sell security.
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: Contest rule proposal
Date: Fri, 2 Jun 2000 14:50:00 -0400
> You hit the nail quite squarely on the head: Why should we give a
> designer no cost analysis when he won't give us the algorithm for no
> cost?
Well like Terry said you don't have to, but that would give ciphers using
patented ideas an unfair advantage. Also this contest is supposed to be
fun, no one is getting paid to do anything. And just because you post your
cipher in the contest does not mean it will get any analysis, so requiring
someone to give their idea away for analysis which may or may not take place
is silly. Personally I think intellectual property is ridiculous, but I am
not about to force this belief one someone who thinks otherwise. The only
fair thing to do is allow people to submit their patented ciphers along with
a statement that says all the patented material maybe used freely within the
context of this contest. Also people analyze patented ciphers all the time
for free, for example take RC5. I am not sure if it is patented,
copyrighted or what, but I do know there are restrictions on its use, and
that people still spend their time analyzing it.
- Adam
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Contest rule proposal
Date: Fri, 2 Jun 2000 11:54:47 -0700
Mike Rosing <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
<Snip>
> I would think that any use for purposes of the contest should be easy
> to grant. It does not interfere with the *use* of the patent in any
> application, for which the patent holder wants to get paid.
You don't need a grant. I have no more rights or remedies in the context of
this contest than any one else has. There is no issue here! There is no
hazzard to be avoided.
This is a contest! Is nailing a pariah sign to a applicants head good
experimental protocol ?
> I see this as a win-win situation for everyone. If we amatures can
> break a patented cipher, it'll never get used. Patent holders will
> be more careful about design, and might even hire a few people here
> to analyze ciphers for them. This helps all of us, and makes the
> place more friendly too.
That is precicely how I see myself.
You amatures are the only avenue we inventors have. Not to mention the fact
that we is you. There has to be an entry point for new concepts. I'll keep
looking.
> Patience, persistence, truth,
You don't know how much I appreciate it.
Paul
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
