Cryptography-Digest Digest #954, Volume #11 Tue, 6 Jun 00 09:13:00 EDT
Contents:
Re: Could RC4 used to generate S-Boxes? (Runu Knips)
Re: Some dumb questions (Volker Hetzer)
Re: Could RC4 used to generate S-Boxes? (Runu Knips)
Re: A Family of Algorithms, Base78Ct (Mok-Kong Shen)
Re: Question about recommended keysizes (768 bit RSA) (Runu Knips)
Re: Some dumb questions (Mok-Kong Shen)
Some new books (Mok-Kong Shen)
Re: Observer 4/6/2000: "Your privacy ends here" ("Clive D.W. Feather")
Re: Multiplication in Storin (Mark Wooding)
Re: DES -- Annoyed (Mark Wooding)
Re: Observer 4/6/2000: "Your privacy ends here" (Phil Bradshaw)
Re: Towards an attack on Storin (Mark Wooding)
Re: DES -- Annoyed (Hideo Shimizu)
Re: Could RC4 used to generate S-Boxes? (Guy Macon)
Re: Cryptographic voting (Guy Macon)
Re: RC4 and ciphersaber for the clueless newbie. (Guy Macon)
Re: Question about recommended keysizes (768 bit RSA) (Tom McCune)
Re: Favorite Cipher Contest Entry (Mark Wooding)
Re: Multiplication in Storin (tomstd)
Re: Call for evaluating and testing a stream cipher program (tomstd)
Re: Favorite Cipher Contest Entry (tomstd)
Re: Multiplication in Storin (Mark Wooding)
Re: Observer 4/6/2000: "Your privacy ends here" (Paul Shirley)
Re: Observer 4/6/2000: "Your privacy ends here" (Ellen Mizzell)
----------------------------------------------------------------------------
Date: Tue, 06 Jun 2000 10:11:24 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Could RC4 used to generate S-Boxes?
Terry Ritter wrote:
> On Mon, 05 Jun 2000 21:40:35 GMT, in <8hh6of$mvr$[EMAIL PROTECTED]>, in
> sci.crypt Simon Johnson <[EMAIL PROTECTED]> wrote:
> >In Applied Cryptography V2 (AC2), it says an 8x8 s-box may be enough?
> >What would you suggest?
> A single 8x8 may not be enough. A single box probably will have to be
> used repeatedly for each block, and that provides opportunity for
> attack. It is best to use multiple boxes.
Or to use the sbox as only one of the operations of the cipher.
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Some dumb questions
Date: Tue, 06 Jun 2000 08:26:30 +0000
Mok-Kong Shen wrote:
>
> I like very much to know how to 'conretely' answer the
> following certainly dumb questions:
>
> 1. If a bit sequence has a certain known small bias in
> frequency but is uncorrelated, how can one exploit
> that fact to analyse messages encrypted with xor?
By "bias in frequency" I assume you mean that the frequency
of some pattern is higher than expected?
In the simple example (more ones than zeroes) the attacker
knows that by assuming a keystream of only ones there will
be more correct bits than if he assumes only zeroes.
Even for more complicated biases it's possible to assign
probabilities to certain keystreams. It's simply a matter of
calculating with probabilities.
> 2. If an ideal OTP is misused, in that it is used a small
> number n of times, how is one going to attack, if
> absolutely no known plaintext is available?
You xor the two ciphertexts together and the keystream falls out.
What remains is a message encrypted with a decidedly nonrandom key.
Greetings!
Volker
--
The early bird gets the worm. If you want something else for
breakfast, get up later.
------------------------------
Date: Tue, 06 Jun 2000 10:24:34 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Could RC4 used to generate S-Boxes?
Simon Johnson wrote:
> Strictly by definition, RC4 does have an s-box; One value get
> substituted for another.
Hmm. For me, a s-box is an operation of the form:
f(x) -> y
where f is bijective and should have some other good properties
already discussed in this thread.
The main point about it is, that it is an operation or function,
not a dynamically changing mapping, i.e. for the same x you
always get the same y.
Too, of all simple operations I know, the s-box is the ideal
operation from the viewpoint of a cryptographer; it offers both
confusion and diffusion, plus it offers ideal properties
against cryptanalytic attacks.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A Family of Algorithms, Base78Ct
Date: Tue, 06 Jun 2000 10:53:34 +0200
wtshaw wrote:
> Mok-Kong Shen<[EMAIL PROTECTED]> wrote:
> >
> > Through the time I saw you several times mentioning GVA but I have
> > never understood what that scheme really performs. Could you give
> > a pointer or post a sketch to the group? Thnaks.
>
> http://www.radiofreetexas.com/wts/
I see that the multistage (i.e. iterated) use of the Jefferson cylinder
with the aid of a key is indeed a nice idea.
M. K. Shen
------------------------------
Date: Tue, 06 Jun 2000 10:43:12 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy.anon-server,alt.security.pgp
Subject: Re: Question about recommended keysizes (768 bit RSA)
"Thomas J. Boschloo" wrote:
> [...] Help me!
Well normally I would say "Okay, take the worst prediction you can find,
then use the double size and at least you've done everything you could
ever do."
On the other hand, RSA with 4096 bits is pretty slow ! If performance
matters, 1024 or 1536 or 2048 bits will be far more comfortable.
Because with RSA, performance is a problem, you'll have to estimate in
the performance against security gap.
Btw, the RSA patent will expire in September.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Some dumb questions
Date: Tue, 06 Jun 2000 11:04:19 +0200
Volker Hetzer wrote:
> Mok-Kong Shen wrote:
> >
> > 1. If a bit sequence has a certain known small bias in
> > frequency but is uncorrelated, how can one exploit
> > that fact to analyse messages encrypted with xor?
> By "bias in frequency" I assume you mean that the frequency
> of some pattern is higher than expected?
> In the simple example (more ones than zeroes) the attacker
> knows that by assuming a keystream of only ones there will
> be more correct bits than if he assumes only zeroes.
> Even for more complicated biases it's possible to assign
> probabilities to certain keystreams. It's simply a matter of
> calculating with probabilities.
But to proceed from that knowledge to get the plaintext in ASCII
is a long way that is not apparent at all. That's why I stressed to
desire 'concrete' answers. It would help if a clear sequence of
precisely defined steps for performing the task (a practical good
recipe) could be given.
> > 2. If an ideal OTP is misused, in that it is used a small
> > number n of times, how is one going to attack, if
> > absolutely no known plaintext is available?
> You xor the two ciphertexts together and the keystream falls out.
> What remains is a message encrypted with a decidedly nonrandom key.
Yes, you get the xor of two messages. But how to go further from
that point (there is no known plaintext whatever)?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Some new books
Date: Tue, 06 Jun 2000 11:14:08 +0200
Depending on the direction of interest, I suppose that some
of you may like to bookmark the following:
D. Bouwmeester et al. (Eds), The physics of quantum
information. Springer, 2000.
J. E. Haynes, H. Klehr, Venona. Yale Uinv. Press, 1999.
M. K. Shen
------------------------------
From: "Clive D.W. Feather" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Tue, 6 Jun 2000 10:08:11 +0100
Reply-To: "Clive D.W. Feather" <[EMAIL PROTECTED]>
In article <[EMAIL PROTECTED]>, Brian {Hamilton Kelly}
<[EMAIL PROTECTED]> writes
>The word comes from "hidden writing"; one of the earliest examples of
>such would probably have been the ancient Greek skytale.
The skytale wasn't steganography, it was a mechanism for a simple
transposition cypher.
The earliest example of stego that I can think of is when a message was
tattooed on a slave's scalp, and then the sender waited for his hair to
grow before sending him to the recipient (with the verbal message "shave
my head").
--
Clive D.W. Feather | Internet Expert | Work: <[EMAIL PROTECTED]>
Tel: +44 20 8371 1138 | Demon Internet | Home: <[EMAIL PROTECTED]>
Fax: +44 20 8371 1037 | Thus plc | Web: <http://www.davros.org>
Written on my laptop; please observe the Reply-To address
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Multiplication in Storin
Date: 6 Jun 2000 09:12:44 GMT
tomstd <[EMAIL PROTECTED]> wrote:
> How exactly is your matrix multiplication a non-linear component
> in Storin? I don't get that. You use multiplication in the set
> of integers modulo 2^24 (page 2, point 2) as the primary non-
> linear step...
>
> But addition/multiplication in the set of integers is not non-
> linear if I am not mistaken. (of course I am mostlikely mistaken
> which is why I am posting this).
It depends on your point of view. If your idea of linear is integer
arithmetic, then yes the multiplication is completely linear. However,
the key mixing and `linear transform' are most emphatically not. It's
on my mind that a plausible avenue of attack would be to look from this
angle and produce an approximation for the other two steps, but the
`linear transformation' looks quite horrible and the fact that the key
addition involves secret numbers doesn't help either.
The other point of view is to consider GF(2) arithmetic to be linear, at
which point the multiplication is certainly a long way from it.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: DES -- Annoyed
Date: 6 Jun 2000 09:14:15 GMT
tomstd <[EMAIL PROTECTED]> wrote:
> I will glady just copy/paste/credit someone elses code for
> 3des...
Catacomb has triple-DES code.
http://www.excessus.demon.co.uk/misc-hacks/index.html#catacomb
A new version is in the works, with lots of bugs fixed, new ciphers, key
sharing, and stuff.
-- [mdw]
------------------------------
From: Phil Bradshaw <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Tue, 6 Jun 2000 10:33:42 +0100
In article <[EMAIL PROTECTED]>, Clive D.W. Feather
<[EMAIL PROTECTED]> writes
>In article <[EMAIL PROTECTED]>, Brian {Hamilton Kelly}
><[EMAIL PROTECTED]> writes
>>The word comes from "hidden writing"; one of the earliest examples of
>>such would probably have been the ancient Greek skytale.
>
>The skytale wasn't steganography, it was a mechanism for a simple
>transposition cypher.
>
>The earliest example of stego that I can think of is when a message was
>tattooed on a slave's scalp, and then the sender waited for his hair to
>grow before sending him to the recipient (with the verbal message "shave
>my head").
>
'bout as quick as Royal Mail then...
--
Phil Bradshaw
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Towards an attack on Storin
Date: 6 Jun 2000 09:39:20 GMT
tomstd <[EMAIL PROTECTED]> wrote:
> I might possibly have a valid idea for starting a differential
> attack (this attack may not be valid, but I think it is):
Could you please be more specific about what things are differences,
which pairs you're talking about and so on?
-- [mdw]
------------------------------
From: Hideo Shimizu <[EMAIL PROTECTED]>
Subject: Re: DES -- Annoyed
Date: Tue, 06 Jun 2000 18:42:33 +0900
See my page http://www.yokohama.tao.go.jp/shimizu/des_test.html
This page generates test vector using JavaScript.
I only tests on IE 4.0 using D.R. Stinson's book sample.
Hideo Shimizu
TAO, Japan
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Could RC4 used to generate S-Boxes?
Date: 06 Jun 2000 06:06:48 EDT
Simon Johnson wrote:
>
>
>Strictly by definition, RC4 does have an s-box; One value get
>substituted for another. Wether it slowly evolves makes no difference
>to its name; it is still an s-box. However, like one of you stated, it
>is not an S-Box in the fiestel sense of the word.
>
Could you post the definition of "S-box" and "S-Box in the fiestel
sense of the word"? I am confused.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: sci.math
Subject: Re: Cryptographic voting
Date: 06 Jun 2000 06:11:28 EDT
Jim Ferry wrote:
>
>
>I was wondering if there's a way for a small group of people
>(less than 100) to vote cryptographically.
If you don't mind losing the concept of a secret ballot (you
know the totals but not who voted each way), you could just
post PGP signed votes in a newsgroup or mailing list.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: RC4 and ciphersaber for the clueless newbie.
Date: 06 Jun 2000 06:14:00 EDT
John E. Kuslich wrote:
>
>
>Guy, if you ever work out a hardware implementation of RC4, please
contact
>me about the speed you are able to achieve.
>
>We have done some really fast assembler RC4 but the need for speed
never
>ends. If you have a fast microcontroller implementation, I want to
see it.
>
>JK http://www.crak.com You can get my e-mail address there...I
don't want
>any more spam than I have already.
>
You got it.
------------------------------
Crossposted-To: alt.security.pgp
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: Question about recommended keysizes (768 bit RSA)
Date: Tue, 06 Jun 2000 10:53:05 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In article <[EMAIL PROTECTED]>, Runu Knips
<[EMAIL PROTECTED]> wrote:
<snip>
>On the other hand, RSA with 4096 bits is pretty slow ! If performance
>matters, 1024 or 1536 or 2048 bits will be far more comfortable.
<snip>
4096 bit RSA keys are not slow on modern computers - even 8k keys are
tolerable:
http://www.McCune.cc/PGPpage2.htm#Speed
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.5.1
Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm
iQA/AwUBOTzYSQ2jfaGYDC35EQJ+UQCg2c6T1dCcsDTgcN3To1psrgCJLz0AoNIk
Mk4L1anUMBN6XSWiXstY0K1i
=1zPm
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Favorite Cipher Contest Entry
Date: 6 Jun 2000 12:31:39 GMT
Runu Knips <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > I was reviewing the ciphers in the cipher contest and listing them in
> > favorite order. [...] What are other peoples favorites?
>
> I agree that Storin had the nicest structure of all ciphers yet, I
> especially liked the nifty 'x ^= x >> 12' in it.
That has an interesting history.
I started off using a rotation, and I did some experiments to decide on
the best rotation size to use, by measuring three-round avalanche (see
the `sac.c' program). I think that 12 bits was best, but went to 11
because it was relatively prime to the word size 24.
Then I read the manual for the target platform, rather than just
guessing and talking to other people, and I noticed that rotates of more
than a single bit weren't supported in the instruction set, and
therefore had to be synthesized from shifts and ors, which made the
linear step almost as expensive as the matrix multiply! Discovering
that the linear step I invented as a replacement was actually more
efficient at promoting avalanche was a pleasant surprise: in particular,
it means that Storin is `complete' after only two rounds, although the
probabilities are badly biased at that point; strict avalanche needs the
extra round.
Hmm... I think I *might* be able to see a four-round attack with a
little more than 2^{144} work and minimal chosen plaintexts.
Use my two-round truncated differential which I presented elsewhere in
this newsgroup (and is in the latest version of the paper [1]). The
differential is something like
(100000, 100000, 100000, 000000) ->
(abcabc ^ 000100, defdef, ghighi ^ 000100, jkljkl ^ 000100)
(probability 1), where each letter is an unknown hex digit.
This is followed by a key-mixing step in the third round which doesn't
affect the difference. So far, so good. There are two more rounds to
go.
I can peel back the final round, as far as the key mixing step at the
beginning, simply by guessing (or, actually, exhaustively searching for)
the postwhitening key and doing a partial decrypt. This requires 2^{96}
work. How can I tell whether my guess is correct?
Well, actually, the key mixing and linear transform `almost' commute if
I apply the linear transformation to the round key:
L(K_{L(k)}(x)) = L(x ^ k ^ (k >> 12))
= x ^ k ^ (k >> 12) ^ (x >> 12) ^ (k >> 12) ^ (k >> 24)
= K_k(L(x))
(k >> 24 = 0; the k >> 12 terms cancel.)
There's now one key mixing step and a matrix multiply between my
(guessed) ciphertext and the output of the two-round truncated
differential. I'm losing track of what's happening, though, so I'll
draw a diagram:
Round 1 \
Key mix |
Multiply |
Linear | The truncated differential gets us this far.
Round 2 | (Costs 2 chosen plaintexts.)
Key mix |
Multiply | We should be able to use this to verify key guesses.
Linear |
Round 3 |
Key mix /
Multiply
Linear Commute with the key mix, and work backwards. No cost.
Round 4
Key mix
Multiply \ Work backwards with the guessed key.
Linear / No cost.
Post-whiten
Key mix Guessed this key (costs 2^{96} work).
Now, I guess the least significant 12 bits of each of the key words
mixed in at the start of round four. This costs a further 2^{48} work,
bringing me up to my 2^{144} budget. I can now recover the least
significant halves of the words fed into the matrix in round three,
which means I can fill in the blanks of the truncated differential.
Now, I can start choosing higher-order bits of the round-4 key such that
I can see the differential. If I can't do this, it means that one of my
guesses must have been wrong. If I can do it, then I've recovered two
round keys, and the rest of the cipher is easy.
Does that make sense? Have I made a mistake? Can it be improved
further? (I'm quite happy to have broken the four-round barrier.)
[1] Wooding, M., `Storin: a Block Cipher for Digital Signal Processors',
http://www.excessus.demon.co.uk/crypto/storin.ps.gz
-- [mdw]
------------------------------
Subject: Re: Multiplication in Storin
From: tomstd <[EMAIL PROTECTED]>
Date: Tue, 06 Jun 2000 04:42:11 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Mark Wooding) wrote:
>tomstd <[EMAIL PROTECTED]> wrote:
>
>> How exactly is your matrix multiplication a non-linear
component
>> in Storin? I don't get that. You use multiplication in the
set
>> of integers modulo 2^24 (page 2, point 2) as the primary non-
>> linear step...
>>
>> But addition/multiplication in the set of integers is not non-
>> linear if I am not mistaken. (of course I am mostlikely
mistaken
>> which is why I am posting this).
>
>It depends on your point of view. If your idea of linear is
integer
>arithmetic, then yes the multiplication is completely linear.
However,
>the key mixing and `linear transform' are most emphatically
not. It's
>on my mind that a plausible avenue of attack would be to look
from this
>angle and produce an approximation for the other two steps, but
the
>`linear transformation' looks quite horrible and the fact that
the key
>addition involves secret numbers doesn't help either.
>
>The other point of view is to consider GF(2) arithmetic to be
linear, at
>which point the multiplication is certainly a long way from it.
>
>-- [mdw]
However multiplication has good properties which are 'directed'
which is a bad thing. For example the lsb is linear (AND) and
the next bit is a tad less linear...
Not to mention that interpolation attacks could go right thru
the matrix (maybe not the round key xor).
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: Call for evaluating and testing a stream cipher program
From: tomstd <[EMAIL PROTECTED]>
Date: Tue, 06 Jun 2000 05:06:45 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>I think you did not read the description. The reason
I "postprocess" the BBS is
>that it is very slow. I think you missed the very principle of
the scheme. In
>fact you can run it and find out for yourself how fast it is.
>
>Instead of emotional outbursts do you have any specific idea
how to break it?
Ok I will break it down for you.
BBS = Theoretically Secure (based on factoring the modulus,
etc..)
L o BBS = Not Theoretically Secure (based on L).
Therefore why don't you just use a LFSR or something? If you
change the output of a BBS you ****LOSE**** it's theoretical
properties since you are not working with a BBS anymore.
I.e Why use the BBS then?
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: Favorite Cipher Contest Entry
From: tomstd <[EMAIL PROTECTED]>
Date: Tue, 06 Jun 2000 05:03:04 -0700
In article <[EMAIL PROTECTED]>, Runu Knips
<[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] wrote:
>> I was reviewing the ciphers in the cipher contest and listing
them in
>> favorite order. [...] What are other peoples favorites?
>
>I agree that Storin had the nicest structure of all ciphers
yet, I
>especially liked the nifty 'x ^= x >> 12' in it.
>
>
Why?
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Multiplication in Storin
Date: 6 Jun 2000 12:49:49 GMT
tomstd <[EMAIL PROTECTED]> wrote:
> However multiplication has good properties which are 'directed' which
> is a bad thing. For example the lsb is linear (AND) and the next bit
> is a tad less linear...
Indeed. If the multiplication were perfect, I wouldn't need eight
rounds, or the other bells and whistles like the linear transformation.
> Not to mention that interpolation attacks could go right thru the
> matrix (maybe not the round key xor).
I thought interpolation attacks were about interpolating relationships
in GF(2^n), not over the integers.
Integer addition (with carries) and XOR interact in a slightly nonlinear
way (enough to protect RC5 from an unhappy fate in a mod 3 attack, for
example). Integer multiplication is basically lots of additions done at
different bit offsets. It makes the effect much more pronounced near
the top end of the result, and the linear transformation should (in
theory) provide the low end with the same benefits.
-- [mdw]
------------------------------
From: Paul Shirley <[EMAIL PROTECTED]>
Reply-To: Paul Shirley <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Tue, 6 Jun 2000 13:23:12 +0100
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <mok-
[EMAIL PROTECTED]> writes
>Much better: Include several lines of random hex digits that look like
>the ciphertext of some top secrets. I posted this scheme sometime
>back in sci.crypt.
Or better yet: construct a program to create random messages wrapped to
look like ciphertext based on a key. You can safely tell the plods
there's no key... (or even give them it: it won't decode anything;) yet
prove to a court the 'message' is random by regenerating it.
Remember: one of the problems with this law is the presumption of guilt,
ensuring a defence is vital in any attempt to wreck it.
--
Paul Shirley: reply address may change at short notice.
cc'ed news posts *unwelcome*
------------------------------
From: Ellen Mizzell<[email protected]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: 6 Jun 2000 13:55:55 +0100
Reply-To: [email protected]
In article <[EMAIL PROTECTED]>, Clive D.W. Feather
<[EMAIL PROTECTED]> wrote:
>
> The earliest example of stego that I can think of is when a message was
> tattooed on a slave's scalp, and then the sender waited for his hair to
> grow before sending him to the recipient (with the verbal message "shave
> my head").
>
So the Wonderland cookie labelled "Eat me", which turned out to contain
information enabling hypergrowth, was an instance of steganography?
--
Ellen Mizzell
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
