Cryptography-Digest Digest #992, Volume #11 Fri, 9 Jun 00 21:13:01 EDT
Contents:
Re: do you need unrestricted FREE S/MIME certificate ? than read message (jungle)
Re: Cryptographic voting (zapzing)
Re: Updated: Evidence Eliminator Dis-Information Center (Includes info on false SPAM
accusations) ([EMAIL PROTECTED])
Re: Cryptographic voting (zapzing)
Re: Double Encryption Illegal? (Simon Johnson)
Large S-Boxes (Simon Johnson)
Re: randomness tests (Mok-Kong Shen)
Re: Extending the size of polyalphabetic substitution tables (Mok-Kong Shen)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (zapzing)
Re: Updated: Evidence Eliminator Dis-Information Center (Includes info on false SPAM
accusations) (EE Detractor)
evidence eliminator ASSHOLE is back ([EMAIL PROTECTED])
Comments on "Encase" forum about EE ([EMAIL PROTECTED])
Re: Large S-Boxes (zapzing)
Re: Updated: Evidence Eliminator Dis-Information Center (Includes info on false SPAM
accusations) ([EMAIL PROTECTED])
Re: Large S-Boxes (David A. Wagner)
Re: Comments on "Encase" forum about EE ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: do you need unrestricted FREE S/MIME certificate ? than read message
Date: Fri, 09 Jun 2000 18:21:59 -0400
it's normal ...
you need to import CA server certificate first ...
first top option ...
Lincoln Yeoh wrote:
>
> On Mon, 05 Jun 2000 11:34:18 -0400, jungle <[EMAIL PROTECTED]> wrote:
>
> >do you need unrestricted FREE S/MIME certificate ? than read message ...
> >--
> >To protect privacy, use encryption ALL the time. Free S/MIME & PGP at:
> >https://secure.openca.org/ http://web.mit.edu/network/pgp.html
>
> Somehow the certificate is invalid on my Netscape 3 browser.
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Cryptographic voting
Date: Fri, 09 Jun 2000 22:37:19 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
>
> zapzing wrote:
>
> > Surprisingly, I think I have come up with a protocol
> > that will fulfill this requirement, to a certain
> > extent, but it needs a trusted party to set it up.
> >
> > Say there are N voters. The trusted party (T) produces
> > a large number of sets of N public/private key pairs.
> > Each time an election is held, one set will be used up
> > (in this sense it is like OTP). Each voter gets exactly
> > one private key from the set, and each voter gets all
> > the public keys.
> >
> > People broadcast their votes anonymously, they are
> > encrypted with their private keys, and they have some
> > sort of standardized header for identification
> > purposes. After the votes are cast and everyone is
> > sure all the votes have been seen, people broadcast
> > anonymously their private keys. After that, anyone
> > can claim they made any vote they want, and noone
> > could know differntly, but everyone will know the
> > outcome of the election.
> >
> > Unfortunately there is a vulnerable period between
> > when people broadcast their votes and when they
> > broadcast their public keys. I think this could
> > maybe be fixed, but I'm not sure how.
> >
> > I would also like to get rid of T, but not
> > sure how to do that either.
>
> The point of trusted party is indeed the highly critical point. If the
> existence of a trusted party can be assumed, then implementations
> of voting schemes are feasible or even quite practical. If one
> doesn't have that, I just can't yet imagine that a perfect voting
> scheme can be constructed. (Note that the trusted party must
> be in a position to identify you to be indeed who you claim to be.)
Of course if you had a trusted party who could
be trusted all the time, it would be trivial
to set up an anonymous voting system like this.
My scheme is only a little better in that T
only needs to be trusted at the beginning. The
main reason I bring it up is because putting
T's responsibility all at the beginning is the
first step to eliminating him entirely.
That second step may be a doozy, though.
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
alt.security.pgp,comp.security.firewalls,alt.privacy.anon-server,alt.privacy
Subject: Re: Updated: Evidence Eliminator Dis-Information Center (Includes info on
false SPAM accusations)
Date: Fri, 09 Jun 2000 22:52:59 +0100
On Fri, 09 Jun 2000 20:45:50 +0100, EE Support
<[EMAIL PROTECTED]> wrote:
>Hi all,
snipped
> It has become commonly said by posters
>to these newsgroups that the ones posting the "anti-Evidence
>Eliminator" messages in all their disguises, are wearing badges and
>intend to compromise your privacy and security, by stopping you
>downloading a free Evidence Eliminator.
What else explains the absolutely rabid hatred displayed towards EE by
these miscreants who slander and malign to an extent that I have never
seen done against any piece of software before?
To find out the merits of EE is very simple: download the trial
version and see for yourself. Simple, eh?
I've used it now for a few months and wouldn't be without. It WORKS!
In closing, let me beat the idiots to the punch: Yes! I am a covert
agent of EE. I have paid mucho bucks to Freedom Net just so I can
propagate EE spam -- YOU MORONS!
Outside of that -- have a good day, MORONS!
- Beguine -
>Our updated Dis-Information centre URL is:
>
>http://www.evidence-eliminator.com/dis-information.shtml
>
>Hope this helps,
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Cryptographic voting
Date: Fri, 09 Jun 2000 22:49:31 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
>
> Mark Wooding wrote:
>
> > There's some interesting work happening at IBM on voting systems.
See,
> > for example, `A Secure and Optimally Efficient Multi-Authority
Election
> > Scheme', by R. Cramer, R. Gennaro and B. Schoenmakers, at
> >
> > http://www.research.ibm.com/security/election.ps
>
> Thanks for providing the pointer.
>
> May I reiterate my point concerning trusted party, which is on a basic
> level? The trusted party has to do something with me, before I can
> vote, right? How can it be sure that I am 'really' the person with the
> name that I claim to have, and perphaps with all the other data that
> combine to (hopefully) be unique to a physical person, like birth
> place, birth date, name of parents, etc.? Or is that immaterial in
> such voting? (I happen to know of persons who have lived decades
> with identity papers carrying other family names, even one whose
> false identification was apparently known to the authorities but
> was for some unknown reason tolerated by them.)
As far as cryptography goes, I think it would be
sufficient if we assumed that the "entity" which
votes is "whatever it is that knows such and such
an authentication key". Not to say that your
objections are not important, just that they are
not relevant to the cryptographic issues involved
(which is another way of saying that I have
absolutely no idea how that would be done,
although I admit it is very important)
If you're talking about a small group of
people, everyone could meet face to face and
physically hand each other floppies with their
authentication keys on them.
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Crossposted-To: comp.databases.oracle
Subject: Re: Double Encryption Illegal?
Date: Fri, 09 Jun 2000 22:56:35 GMT
In article <8hrbrf$a5b$[EMAIL PROTECTED]>,
Crypto-Boy <[EMAIL PROTECTED]> wrote:
> On page 10-10 and 10-14 of the Oracle Advanced Security
Administrator's
> Guide (from release 8.1.6 December 1999), it says the following (in
bold
> no less):
>
> "Warning: You can use SSL encryption in combination with another
Oracle
> Advanced Security authentication method. When you do this, you must
> disable any non-SSL encryption to comply with government regulations
> prohibiting double encryption."
>
> Since when is it illegal to double encrypt in the US? I don't believe
> this is true.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Nor do i,
Triple-Des is allowed, so this is just wrong. :)
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Large S-Boxes
Date: Fri, 09 Jun 2000 23:11:47 GMT
I think i'm flogging a dead-horse here, but i'm after evidence in 'a
dummies guide to' style to the pro's and con's of randomly generated S-
boxes.
I'm thinking 16x16 for a block-cipher i'm devolping (don't hold u're
breath, i don't have 1/2 a clue what i'm doing :), i just having fun.)
Thanxs,
Simon Johnson
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: randomness tests
Date: Sat, 10 Jun 2000 01:33:01 +0200
[EMAIL PROTECTED] wrote:
> i read about FIPS PUB 140-1, any implementation around?
>
> can anyone suggest me any tests?
I suggest that you also do Maurer's universal test, which is described
together with the FIPS tests and a couple of other tests in Menezes'
Handbook of Applied Cryptography.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Extending the size of polyalphabetic substitution tables
Date: Sat, 10 Jun 2000 01:33:15 +0200
[EMAIL PROTECTED] wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> > But if you have the same high quality S-boxes, wouldn't it be
> > better if you could use more of them?? (In the original context
> > I was discussing using a larger substitution tabl, nothing more.
> > There was no implication that enlarging the table is necessarily
> > coupled with a degradation of the quality of the individual column
> > of the table. There is in fact no such coupling.)
>
> I have never designed S-Boxes, but the good people at IBM spent a very
> long time designed the Lucifer and DES S-Boxes, at which time the people
> at the NSA helped tweak the S-Boxes to make them more resistant to
> attacks not known at IBM. It seems to me that designing good S-Boxes
> takes time, and to double both dimensions of S-Boxes will make it more
> than four times as difficult to make good S-Boxes. So, a degredation of
> quality would not be unreasonable. If one has resources to devote to
> making S-Boxes both large and well-tuned, all the better. :)
A large amount of knowledge about S-boxes has been accumulated
since the time of DES. Witness alone how many of the AES candidates
have such. Apparently the design of these ciphers were not started
a dozen of years before in anticipation of the AES contest due to
the presumably extreme difficulties of obtaining good S-boxes. And
in the time before AES was started, a number of block ciphers with
quite well-known names have been made available and these have
S-boxes. That is not to imply at all that their design is simple but
only that high quality S-boxes are well within the current state of
the art (i.e. not exclusively reserved for IBM or the three-lettered
agencies). Allow me on the other hand to hint on the fact that we
are currently arguing on a point that is at some distance away from
the classical substitution tables. My original intention was merely
to establish the thesis that (1) employing larger ones of these
classical table is good idea and (2) it is not difficult to use these
in practice. (I did speculate, while writing the article, on the eventual
possibility of a little bit of utility of the same in the context of modern
S-boxes, but any implication in that direction was never actually
stated in there.) If you don't have objections on these points, then,
for my part, I would be fully satisfied. I mean we need not necessarily
expand our domain of discourse to include the modern S-boxes
(even though that related stuff could be (more) interesting, in view
of the fact that the classical substitution tables are nowadays less
popular than they once were in practice).
> > I wonder how you got the association with OTP at all in this thread.
> > A classical polyalalphabetical substitution has by itself nothing to
> > do with OTP. In fact OTP was invented much much later than that.
> > There is of course on the other hand no exclusion in usage of the
> > two, i.e. you can use both in combination. But that is not relevant
> > here, isn't it?
>
> Well, no, not relevant to the S-Box case (afaik) -- however,
> polyalphabetic substitution is *exactly* like OTP, iff one ensures the
> key does not repeat. If the key does repeat (based on a reading of
> Gaines this is how most were used), no matter the size of the
> polyalphabetic substition tables, I can deduce an equivalent OTP given
> only the key and the tables. Thus, (in the classical polyalphabetic
> usage!) it is equivalent to the OTP. (Well, heck -- even if the key does
> not repeat, given the key and the tables I can devise an equivalent OTP.
> If the key repeats, a cryptographer could trivially retrieve plaintext
> and (a) key without knowledge of tables, key, or plaintext.)
I see that here is a terminological problem. OTP, at least when the
term is used in our group, refers to a nonrepeating set of truly random
bits or key letters. Note the term 'truly random', which is actually
arguable in a practical context (there were a couple of times very long
discussions in our group on 'true randomness'). But one could
roughly substitute it, for our purposes here, with 'very high quality
random'. Now it is commonly agreed, as far as I know, that a
classical polyalphabetical substitution table is (very) far from being
adequate for generating such truly random sequences. (If you are
not convinced of that, you are certainly free to start a new thread
and present your arguments to the group. But I strongly suggest
that you don't entertain such an idea.) To put it in another way, the
'standard' meaning of OTP is not any arbitrary pad that is used
only one time, but is a very special pad that has to possess the
true randomness property and is used only one time. This
explains the big difference between your usage of the term OTP
and my usage of the same term and hence the cause of the
misunderstanding between us hithertofore. I suppose we could
put aside that point now, unless you object.
M. K. Shen
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Crossposted-To: uk.media.newspapers,uk.legal,alt.security.pgp
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Fri, 09 Jun 2000 23:16:21 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Mark Wooding) wrote:
(snip)
>
> The SSH protocol is already fairly RIP-resistant. SSH2 understands
> authenticated ephemeral Diffie-Hellman, which is an even better way of
> ensuring that past sessions can't be reconstructed.
>
I agree, If I understand it correctly, it sounds
like the SSH protocol is equivalent to burning the
paper that a message is written on after you read it.
> [1] In theory. There is specific protection for signing keys in the
> Bill, but the issue of keys protected by passphrases is fuzzy.
> Whether the passphrase can be demanded is unknown. This might be
> clarified in the Code of Conduct, but that doesn't exist.
Graph isomorphism can also be used to make
an authentication protocol, and I honestly
can't see how an isomorphism between two
graphs could be used to encrypt anything,
if you don't know the isomorphism.
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: EE Detractor <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,comp.security.firewalls,alt.privacy.anon-server,alt.privacy
Subject: Re: Updated: Evidence Eliminator Dis-Information Center (Includes info on
false SPAM accusations)
Date: Fri, 09 Jun 2000 18:01:22 -0500
On Fri, 09 Jun 2000 20:45:50 +0100, EE Support
<[EMAIL PROTECTED]> wrote:
>It has become commonly said by posters
>to these newsgroups that the ones posting the "anti-Evidence
>Eliminator" messages in all their disguises, are wearing badges and
>intend to compromise your privacy and security, by stopping you
>downloading a free Evidence Eliminator.
Mostly it's been said by you, as a way to evade hard questions and
concerns that have been raised by the regulars about the product and
the company.
Care to explain why Evidence Eliminator is coming under this kind of
"attack" and not, say, PGP or Scramdisk or the thousands of other
high-level security products on the web????
------------------------------
From: [EMAIL PROTECTED]
Subject: evidence eliminator ASSHOLE is back
Date: Sat, 10 Jun 2000 00:09:36 GMT
This is not an advertising forum, period. I know
of no other legitimate company, ala Norton, etc.
that would intrude on newsgroup readers like this
unprofessional clown. I urge others to join in
total distain for these tactics. By the way,
check out the Internic WHOIS for this goof
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
alt.security.pgp,comp.security.firewalls,alt.privacy.anon-server,alt.privacy
Subject: Comments on "Encase" forum about EE
Date: Fri, 9 Jun 2000 17:19:20 -0700
Look at what I found on the Guidance Software ("Encase") forum when I
searched for "Evidence Eliminator". Both threads are interesting.
http://www.guidancesoftware.com/ubb/Forum1/HTML/000183.html (Topic: BC Wipe
and/or Evidence Eliminator 4.5?)
http://www.guidancesoftware.com/ubb/Forum1/HTML/000176.html (Topic: Evidence
Eliminator Software)
Oh yeah, silly me, I forgot that EE is in COLLUSION with Encase, and these
posts are meant to MAKE us believe that EE is a threat to forensic software.
Geez, conspiracies sure are complicated :)
EE support -
I have a question about the following post:
=== (Post on Topic: Evidence Eliminator Software) ===
FYI: I've done some experimenting with Evidence Eliminator. Sometimes you're
able to view previous internet history by viewing certain .DAT files.
==================
NY State Police
Computer Crime Unit
=== (End post) ===
1. EE, are you aware of this?
2. What is the security risk of .DAT files from Norton Utilities Image? They
facilitate (extremely well) the complete unformatting of a HD, so does that
mean that they contain info re. internet history (or worse)? Should I not
run Image? Please don't say it's so!.
3. On an unrelated note, try this: after doing your best wipe, put your
cursor in the Windows "Address toolbar" of the taskbar (you may have to
enable it first). Press Ctrl-Up and see what you get. In some cases, I get
ancient history even after wiping all there can be wiped (short of my entire
HD :)
Please comment
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Subject: Re: Large S-Boxes
Date: Sat, 10 Jun 2000 00:38:26 GMT
In article <8hrtja$nte$[EMAIL PROTECTED]>,
Simon Johnson <[EMAIL PROTECTED]> wrote:
>
>
> I think i'm flogging a dead-horse here, but i'm after evidence in 'a
> dummies guide to' style to the pro's and con's of randomly generated
S-
> boxes.
>
> I'm thinking 16x16 for a block-cipher i'm devolping (don't hold u're
> breath, i don't have 1/2 a clue what i'm doing :), i just having fun.)
>
Well the DES s-boxes are quite small. They are
designed to be optimal against differential
cryptograpohy, but they are in the lowest
9-16% of the similar sized sboxes in terms
of resitance to linear cryptography. So much,
I say,for trying to design them optimally.
Big random sboxes are resistant to both
differential and linear crypto :)
And it's easy for mere mortals to "design" them.
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
alt.security.pgp,comp.security.firewalls,alt.privacy.anon-server,alt.privacy
Subject: Re: Updated: Evidence Eliminator Dis-Information Center (Includes info on
false SPAM accusations)
Date: Sat, 10 Jun 2000 00:52:15 +0100
On Fri, 09 Jun 2000 18:01:22 -0500, EE Detractor <[EMAIL PROTECTED]>
wrote:
>On Fri, 09 Jun 2000 20:45:50 +0100, EE Support
><[EMAIL PROTECTED]> wrote:
>
>>It has become commonly said by posters
>>to these newsgroups that the ones posting the "anti-Evidence
>>Eliminator" messages in all their disguises, are wearing badges and
>>intend to compromise your privacy and security, by stopping you
>>downloading a free Evidence Eliminator.
>
>Mostly it's been said by you, as a way to evade hard questions and
>concerns that have been raised by the regulars about the product and
>the company.
>
It has been said by a number of us.
>Care to explain why Evidence Eliminator is coming under this kind of
>"attack" and not, say, PGP or Scramdisk or the thousands of other
>high-level security products on the web????
>
Because cops can force the passwords to these things out of you, or
your ass goes to jail for contempt of court. They even have ways of
finding evidence scattered around on the main, unhidden, drive. The
average person simply doesn't begin to know enough about the
architecture of Windows to find all of the nooks and crannies where
passwords, damning evidence, etc., could be hiding, just waiting for
Encase to find it.
The difference between these "other" security measures and EE is that
EE DESTROYS the evidence in such a fashion that it can NEVER be
recovered again -- IF you heed EE's instructions.
That's why you and the rest of the "cop" brigade fear it.
Let me remind you of one thing about cops. Do you know who it was who
turned over all the Jewish children in France to the Nazis for
extermination? The gendarmes. In each country the cops helped scoop
up the innocent women and children for the death camps. Why? "Because
if we didn't do it, someone else would have to. No matter what, there
has to be the order of law during these difficult times."
Screw cops! They'd do the same thing here in America. Cops are cops,
whether they speak English, French, German or Swahili.
- The Thistle -
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: Large S-Boxes
Date: 9 Jun 2000 18:00:20 -0700
In article <8hrtja$nte$[EMAIL PROTECTED]>,
Simon Johnson <[EMAIL PROTECTED]> wrote:
> I think i'm flogging a dead-horse here, but i'm after evidence in 'a
> dummies guide to' style to the pro's and con's of randomly generated S-
> boxes.
Don't hold your breath waiting for ``a dummy's guide to cipher design.''
There's no such thing, and for a good reason. Cipher design is subtle,
and designing ciphers without any training in the field invites disaster.
This truly isn't meant as a flame, but if you think you need such a
``dummy's guide'', you might take that as a hint that you probably
shouldn't be doing cipher design!
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
alt.security.pgp,comp.security.firewalls,alt.privacy.anon-server,alt.privacy
Subject: Re: Comments on "Encase" forum about EE
Date: Sat, 10 Jun 2000 01:07:18 +0100
On Fri, 9 Jun 2000 17:19:20 -0700, [EMAIL PROTECTED] wrote:
>
>
>Look at what I found on the Guidance Software ("Encase") forum when I
>searched for "Evidence Eliminator". Both threads are interesting.
>
>http://www.guidancesoftware.com/ubb/Forum1/HTML/000183.html (Topic: BC Wipe
>and/or Evidence Eliminator 4.5?)
>http://www.guidancesoftware.com/ubb/Forum1/HTML/000176.html (Topic: Evidence
>Eliminator Software)
>
>Oh yeah, silly me, I forgot that EE is in COLLUSION with Encase, and these
>posts are meant to MAKE us believe that EE is a threat to forensic software.
>Geez, conspiracies sure are complicated :)
>
>EE support -
>I have a question about the following post:
>
>=== (Post on Topic: Evidence Eliminator Software) ===
>
>FYI: I've done some experimenting with Evidence Eliminator. Sometimes you're
>able to view previous internet history by viewing certain .DAT files.
>------------------
>NY State Police
>Computer Crime Unit
>
>=== (End post) ===
>
>1. EE, are you aware of this?
>2. What is the security risk of .DAT files from Norton Utilities Image? They
>facilitate (extremely well) the complete unformatting of a HD, so does that
>mean that they contain info re. internet history (or worse)? Should I not
>run Image? Please don't say it's so!.
>
>3. On an unrelated note, try this: after doing your best wipe, put your
>cursor in the Windows "Address toolbar" of the taskbar (you may have to
>enable it first). Press Ctrl-Up and see what you get. In some cases, I get
>ancient history even after wiping all there can be wiped (short of my entire
>HD :)
>
>Please comment
>
>
>
Ha! Very good! The pigs and the nosey bastards who try to ruin other
people's lives with their "data recovery," are worried. What better
recommendation is there?
Hey, Freemon, did your EE bribery check come on time this week? Mine
was late. : )
- The Thistle -
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
