Cryptography-Digest Digest #170, Volume #12 Thu, 6 Jul 00 15:13:00 EDT
Contents:
Re: MP3 encryption and patent 6,081,597 (Frank M. Siegert)
Re: Crypto jokes? (potentially OT) ("Douglas A. Gwyn")
Need help decrypting/decompressing text ([EMAIL PROTECTED])
Re: cray and time needed to attack (Mike Rosing)
Security in UMTS??? (=?iso-8859-1?Q?Tom=E1s?= Perlines Hormann)
Beginner Questions ("AC")
Re: Any crypto jokes? (potentially OT) ("Joseph Ashwood")
SafeIT - Untrusted encryption program. ([EMAIL PROTECTED])
Re: Crypto jokes? (potentially OT) ("Jeff Moser")
Re: Beginner Questions ("Joseph Ashwood")
Re: Prime Numbers? ([EMAIL PROTECTED])
Re: Hash and Entropy (wtshaw)
Strange & weak but intresting (Simon Johnson)
Re: SafeIT - Untrusted encryption program. ("Adam Durana")
Re: RC4 source code (tomstd)
Re: TC5 Completed Paper (tomstd)
Re: TC5 Completed Paper (tomstd)
University Job Bank - Free Job Posting/Search (UJobBank.com)
Re: Data compression and encryption (SCOTT19U.ZIP_GUY)
Re: A thought on OTPs ("Douglas A. Gwyn")
Re: Has RSADSI Lost their mind? (Eric Lee Green)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Frank M. Siegert)
Subject: Re: MP3 encryption and patent 6,081,597
Date: Thu, 06 Jul 2000 16:13:02 GMT
On Thu, 06 Jul 2000 14:56:05 GMT, Kent Briggs <[EMAIL PROTECTED]>
wrote:
>Did anyone see this NY Times article:
>http://www.nytimes.com/library/tech/00/07/biztech/articles/03pate.html
>
>I don't pretend to understand the math in the patent (see uspto.gov) but
>I don't see how they prevent this from being hacked since as always, the
>decryption has to occur on the client's machine.
Not at all, for this the DMCA outlaws any 'hacking' software or
changes to circumvent the protection scheme. This forms a legal
barrier - at least in the US of A.
Taking only the technical aspects into account: Still I doubt that
this will secure the data in any way - you can always plug some
hardware to the sound card, even before the DAC, so you get the
unencrypted full quality audio stream. And since MP3 encoding of an
already MP3 encoded stream (decoded to raw sound) does not degrade the
quality further this forms a perfectly suitable methode to strip ANY
copy protection with only basic knowledge of electronics needed.
Of course it is quite possible to 'tack' into the stream somewhere in
the software layers, e.g. at the DirectSound level (Windows) or in the
kernel (Linux - should there be a player on this platform). At this
stage the stream is also full decrypted.
And for as long as there is no tamperproof decryption equipment build
into our ear or brain stem (maybe by genetics or nanotechnology, I
would call such a biochip 'anti-babelfish' ;-) as its purpose it is
pervent others for hearing what I hear) there is always a plain stream
to record again.
- Frank
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Crypto jokes? (potentially OT)
Date: Thu, 6 Jul 2000 15:07:40 GMT
[EMAIL PROTECTED] wrote:
> How many cryptographerS does it take to change a light bulb?
SDFJI PHJKL FFIOQ ERUEM DASIO ADOII WPPXF AOIXC AOSDD ISIXX
------------------------------
From: [EMAIL PROTECTED]
Subject: Need help decrypting/decompressing text
Date: Thu, 06 Jul 2000 16:20:17 GMT
Hello,
Not exactly cryptography, but...
I have a CD of "The History of Civilization" - an 11 volume set with
about 11,000 pages of text. Unfortunately, the search/viewing
application is terrible and I'd like to write my own. But... The text
appears to be compressed (11,000 pages = 25MB seems like a reasonable
compressed size).
The question is - assuming I have most of the plaintext (from the
viewing app.), but I don't know the exact plaintext because of
formatting codes, etc. And, I don't know the exact compression scheme.
So, how would I go about trying to reverse engineer the compression so
that I can put together my own viewer - what is a good way to attack
this problem?
Some other details:
1. The compressed text doesn't seem to have any header or any
other "hints", but there are several supporting files that may or may
not be tables or dictionaries.
2. The errors in the string table of the .exe refer to FLY errors. I'm
assuming that FLY is the compression/search/indexing scheme and not a
way to describe a really cool error.
Any help would be greatly appreciated. Thanks,
kel
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: cray and time needed to attack
Date: Thu, 06 Jul 2000 11:38:41 -0500
Jerry Coffin wrote:
> It appears that the MO4 version of the T90 (which appears to be the
> most recent version) uses something like 15 ns SRAMs for its main
> memory. At the present time, you can get 3 ns SRAMs off the shelf
> from Motorola, and the L2 cache of a 1 GHz Pentium III or Athlon runs
> at a 2 ns cycle time. Though it'll undoubtedly be a few years before
> it's produced, technology is currently known to reduce that still
> further -- by close to two more orders of magnitude if money was no
> object at all.
Along these lines, Kryotech just announced a 1.4GHz Athalon which will
have the L2 cache running at processor speed, or about 700 picosecond
cycle times. This will be available for about $3k for a basic system,
and only $5k for a complete one, sometime in the next couple of months.
I would say supercomputers are on the desktop now. It may be a while
before a full Cray type architecture is inside a chip running at these
speeds, but clearly it's possible. If there was a market for it, it'd
be built tomorrow!
Patience, persistence, truth,
Dr. mike
------------------------------
From: =?iso-8859-1?Q?Tom=E1s?= Perlines Hormann <[EMAIL PROTECTED]>
Subject: Security in UMTS???
Date: Thu, 06 Jul 2000 19:08:46 +0200
Does anybody of you have a clue how security will be handled in UMTS or
similar?
By security I mean authentication of the subscriber and encryption of
the data transmitted (privacy).
Is it already standardized? Is it going to be open or hidden from the
world's knowledge as in GSM? Where can I find more info about it?
Thanks...
--
Quick answering: mailto:[EMAIL PROTECTED]
Check it out: http://www.weh.rwth-aachen.de/~tomas
Do it Now!
:o) Tomás Perlines (o:
------------------------------
From: "AC" <[EMAIL PROTECTED]>
Subject: Beginner Questions
Date: Thu, 6 Jul 2000 18:59:27 +0200
Reply-To: "AC" <[EMAIL PROTECTED]>
This is a multi-part message in MIME format.
=======_NextPart_000_000D_01BFE77C.4EB97080
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi
Excuse my ignorance but cryptography is only a hobby for me.
A couple of posts talk about 1024 bit prime numbers. Do these numbers =
have 128 digits (1024/8)?
Also, what is the most efficient, time wise, to handle 100+ digit =
numbers in C++? I have set up an array to hold each digit of a number =
but this seems cumbersome and is terribly slow.
Thanks.
--=20
AC
=======_NextPart_000_000D_01BFE77C.4EB97080
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type><BASE=20
href=3D"file://C:\Program Files\Common Files\Microsoft =
Shared\Stationery\">
<META content=3D"Microsoft FrontPage Express 2.0" name=3DGENERATOR>
<STYLE>pBODY {
BACKGROUND-POSITION: left top; BACKGROUND-REPEAT: repeat-y; COLOR: =
#000000; FONT-FAMILY: Times New Roman; FONT-SIZE: 12pt; FONT-WEIGHT: =
bold; MARGIN-LEFT: 50px; MARGIN-TOP: 25px
}
</STYLE>
<META content=3D"MSHTML 5.00.2314.1000" name=3DGENERATOR></HEAD>
<BODY bgColor=3D#ffffff>
<DIV>
<DIV>Hi</DIV>
<DIV> </DIV>
<DIV>Excuse my ignorance but cryptography is only a hobby for me.</DIV>
<DIV> </DIV>
<DIV>A couple of posts talk about 1024 bit prime numbers. Do these =
numbers have=20
128 digits (1024/8)?</DIV>
<DIV> </DIV>
<DIV>Also, what is the most efficient, time wise, to handle 100+ digit =
numbers=20
in C++? I have set up an array to hold each digit of a number but this =
seems=20
cumbersome and is terribly slow.</DIV>
<DIV> </DIV>
<DIV>Thanks.</DIV>
<DIV><BR>-- <BR>AC</DIV></DIV>
<P></P></BODY></HTML>
=======_NextPart_000_000D_01BFE77C.4EB97080==
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Any crypto jokes? (potentially OT)
Date: Thu, 6 Jul 2000 10:26:02 -0700
<[EMAIL PROTECTED]> wrote in message news:8k1ol9$p2k$[EMAIL PROTECTED]...
> Does any body know any crypto-related jokes, or have links to websites
> that contain them?
Does Szopa count? Oops, sorry I don't know him, forget I said anything.
Joe
------------------------------
From: [EMAIL PROTECTED]
Subject: SafeIT - Untrusted encryption program.
Date: Thu, 06 Jul 2000 17:15:51 GMT
Hi there tekkies.
I have come across a company that sells an encryption program which
primary function is to encrypt email. The company is Softnet Security
and they spread knowledge of the products by a studied mouth-to-mouth.
They are based in Bahamas (to get closer to the us market? yea sure).
The program costs $10 USD (not much but PGP is for free).
But the thing that make me want to post this all over sci.crypt
is that the symmetric key algorithm used in their program are a 'trade
secret'. Sure it's legal to do so, but not acceptable. The users buy
the program and thinks it's safe, but it might not. It it's safe, prove
it!
I hope they dare to publish their algorithm to the public. Othervice, I
hope someone else does.
Related links:
SafeIT
http://www.safeit.com/
Friend-of-a-Friend Marketing
http://www.friend-of-a-friend.com/
SafeIT from Softnet Security is not to be mixed up with SafeIT from
Computer Associates.
/ foo, 99% human 2% machine
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Jeff Moser" <[EMAIL PROTECTED]>
Subject: Re: Crypto jokes? (potentially OT)
Date: Thu, 6 Jul 2000 12:30:22 -0500
>
> How may cryptographer does it take to change a light bulb?
None, the key to the room was lost :-)
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Beginner Questions
Date: Thu, 6 Jul 2000 10:34:05 -0700
> A couple of posts talk about 1024 bit prime numbers. Do these numbers have
128 digits (1024/8)?
That depends on your definition of digit, assuming that like most humans you
mean decimal digits, then no, they will have 1024/(log(10)) (where log is
performed base 2), or approximately 300 digits. If however you want bytes,
then your answer of 128 is correct.
> Also, what is the most efficient, time wise, to handle 100+ digit numbers
in C++?
> I have set up an array to hold each digit of a number but this seems
cumbersome and is terribly slow.
Actually that is the fast approach, but for the fastest methods, I'd
generally suggest going with something a very smart person (which
immediately excludes me :) has written, usually Miracl
(http://indigo.ie/~mscott/).
Joe
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Prime Numbers?
Date: Thu, 06 Jul 2000 17:38:10 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
...
> ? What on Earth are you guys talking about? n!+1 is not necessarily
> prime even if n is prime, and the product of all primes less than n
> plus 1 is not necessarily a prime. While Euclid's proof is valid, its
> formula doesn't necessarily evaluate to a prime, just to some number
> that has a *prime factor* bigger than the assumed largest prime n.
>
I understand the distinction now, thank you. I had read an explanation
of Euclid's proof in an article in Scientifc American july 1988 p. 120,
it goes like this: (it's in the form of a dialogue between 2 people who
pan for primes on the bank of the Continuum river)
...
TYRO: Hey mister! How far downstream do the primes go?
YUKE: Why, boy, all the way to the Sea of Infinity.
TYRO: I don't believe you. Here we are at the millions and I haven't
seen color all day.
YUKE: You tenderfeet have to be told everything. Look, suppose you
came to the largest prime. No more after that, right?
TYRO: Uh, right.
YUKE: Call it n. You take and form the product of all primes there are
right up to n. Ok? That's 2x3x5x...xn. Now add 1 to the product and
call the number you finally get p.
TYRO: Don't tell me that p is a prime!
YUKE: Sure is. Prime as all get-out. Look, you can't divide it by 2
because there's 1 left over, you can't divide it by 3 because there's 1
left over. There's always 1 left over, right up to n. There's just no
getting around it.
TYRO: Gosh, I guess that's what keeps you going.
...
So the article is misleading when it says that this p will always be a
prime?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Hash and Entropy
Date: Thu, 06 Jul 2000 11:23:46 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (JPeschel) wrote:
> [EMAIL PROTECTED] (wtshaw) wrires, in part:
>
> >The biggest problem is that the word can be taken to be opposite in
> >meaning, such as "raising" a structure means.... to build it, or tear it
> >down.
>
> Nope, raising and razing are two different words.
>
> >...which means that other words are better used, or that improper use is
> >simply based on a poor understanding of physics.
>
> or a poor understanding of English.
I know that they are two different words, but chose to bait the hook.
It's the sound thing like emmigrate and immigrate. In spoken context,
relying on minor spelling differences are inadequate. That was really my
point, mispelled on purpose, that something is a whole, or a hole,
depending on what you think of it.
The danger is that some will try to fix the problem with "Introphy."
--
Ralph Nader must not be a politician, he makes sense. Those that
hype confusion about understandable issues are the anarchists.
------------------------------
Subject: Strange & weak but intresting
From: Simon Johnson <[EMAIL PROTECTED]>
Date: Thu, 06 Jul 2000 10:56:33 -0700
My math teacher was talking to me today about cryptography. And
he remebered some project he did in university about 'number-
chains'. These's things have a proper name, though i can't
remeber what it is? - Any offers :D
Basically, u set out an algorithm which tests the properties of
a number, then you perform an operation on the number you
tested, then you feed that back, to the original function.
To demostrate:
Function F(x)
Is x prime, if so, F(x + 2) mod 256
Is x odd, if so F((x-2) mod 256
Is X even, if so F(x-1) mod 256
End function.
So if the intial input is 3, then we trace each iteration:
3-5-3 (loop)
Take another input, 4:
4-3-5-3 -> This collides with the 3-5-3 loop.
Take another input, 10:
10-9-7-9-7 (loop)
Now here's where encryption comes in:
Take x number of loops. Each loop represents the possibilities
that a single characters can be. To encrypt, you take a letter,
than randomly choose on of the values in the loop. To decrypt,
you have the loops stored, and you know which numbers belong to
each loop.
Intresting, like i say, but i invisige it not being very secure.
A known plain-text attack could recover the loops working on a
small value of X. The cipher would quickly fall to character
frequency analysis after that initial attack.
Any other attacks?
Now my tutor said this: Take cycles that don't merge, and call
that the key. Then subsitute letters, with to make an even
distribution of character.
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: SafeIT - Untrusted encryption program.
Date: Thu, 6 Jul 2000 14:04:48 -0400
"With SafeITT the user will achieve 100 % security for his/her e-mail
communication." There are a bunch of other such lines around that site that
makes me wonder about the company. They either don't know much about
information security, or they are lying to customers. Both cases seem very
bad.
- Adam
<[EMAIL PROTECTED]> wrote in message
news:8k2ers$7qv$[EMAIL PROTECTED]...
> Hi there tekkies.
>
> I have come across a company that sells an encryption program which
> primary function is to encrypt email. The company is Softnet Security
> and they spread knowledge of the products by a studied mouth-to-mouth.
> They are based in Bahamas (to get closer to the us market? yea sure).
> The program costs $10 USD (not much but PGP is for free).
>
> But the thing that make me want to post this all over sci.crypt
> is that the symmetric key algorithm used in their program are a 'trade
> secret'. Sure it's legal to do so, but not acceptable. The users buy
> the program and thinks it's safe, but it might not. It it's safe, prove
> it!
>
> I hope they dare to publish their algorithm to the public. Othervice, I
> hope someone else does.
>
> Related links:
>
> SafeIT
> http://www.safeit.com/
>
> Friend-of-a-Friend Marketing
> http://www.friend-of-a-friend.com/
>
> SafeIT from Softnet Security is not to be mixed up with SafeIT from
> Computer Associates.
>
> / foo, 99% human 2% machine
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
Subject: Re: RC4 source code
From: tomstd <[EMAIL PROTECTED]>
Date: Thu, 06 Jul 2000 11:13:08 -0700
=?ISO-8859-1?Q?H=E4m=E4l=E4inen?= Panu <[EMAIL PROTECTED]> wrote:
>Hi!
>
>Does anyone know where I could find fast RC4 source
>code (C-Code, portable or optimized for Pentiums)?
if you want super fast RC4 you will need asm coded not c
coded.... but C code RC4 is rather TRIVIAL...
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Subject: Re: TC5 Completed Paper
From: tomstd <[EMAIL PROTECTED]>
Date: Thu, 06 Jul 2000 11:14:38 -0700
[EMAIL PROTECTED] (David A. Wagner) wrote:
>TC5 is very pretty in its simplicity, but alas, it can be
distinguished
>from random with 2^33 chosen plaintexts.
>
>TC5 is a four-round Feistel with a bijective round function,
and there
>are generic attacks on such constructions known in the
literature.
>
>Here is one. Consider the encryption of a plaintext (L,R).
Let X
>denote the input to the F-function in the third round, and Y=F
(X) the
>output. Then we can recover Y xor F(R) from the plaintext
>and its corresponding ciphertext by just xor-ing appropriate
quantities.
>
>Consider 2^33 chosen plaintexts of the form (L_i,R), where R is
fixed
>and L_i varies over 2^33 values. Let c = F(R); c is unknown
but fixed.
>Then X_i = R xor F(L_i xor c) is a bijective function of L_i,
and hence
>all the X_i's are distinct. Consequently, all the Y_i's should
be
>distinct if we're using TC5, since the F-function is bijective.
>
>Next we recover Y_i xor c from the plaintexts and their
encryptions.
>This allows us to verify whether all the Y_i's are distinct.
For the
>cipher TC5, the Y_i's will all be distinct, guaranteed. For an
ideal
>cipher (a random permutation), the inferred Y_i values will be
distributed
>like 2^33 independently chosen 64-bit values, so by the
birthday paradox,
>with good probability there will be collision between the
suggested Y_i's
>if we've got a cipher on our hands.
>
>This lets us distinguish TC5 from an ideal cipher with 2^33
chosen texts.
>
>As a possible fix, it appears that using 8 rounds at every
stage instead
>of 4 provides a more than adequate defense against this attack.
>
Maybe I am missing something (ascii math is hard to read) but
how does knowing one round output help distinguis this cipher
from random?
Can you help clear this up?
Tom
>
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Subject: Re: TC5 Completed Paper
From: tomstd <[EMAIL PROTECTED]>
Date: Thu, 06 Jul 2000 11:15:41 -0700
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
>I've taken a brief look at it, and I must say that except for
the speed
>(which can be worked on), it's actually a rather nice cipher. I
do slightly
>disagree with some of your analysis (I showed you before that
the equations
>for even linear analysis aren't always correct), so for
security I'd
>recommend upping the rounds to 10, which would of course slow
it more, but
>it looks like a good amount of hardware could be thrown at it
easily. It's
>definitely a very good cipher for such a relatively early
development for
>you (in terms of your age, and in terms of you time spent
learning). I'll do
>some more looking at it tonight.
I don't see how you can disagree. The LPmax of the 16-bit
feistels F function is 16/256 and that's a fact. So the best
single IO correlation has a prob of (16/256)^(r/2) and that's a
fact too.
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: UJobBank.com <[EMAIL PROTECTED]>
Crossposted-To: sci.chem.analytical,sci.energy,sci.electronics.design
Subject: University Job Bank - Free Job Posting/Search
Date: Thu, 06 Jul 2000 18:29:57 GMT
FYI.
University Job Bank < http://www.UJobBank.com > provides free services
to all universities/colleges to advertising jobs including faculty,
staff and postdoctoral positisions, graduate assistantships, and
internships and other job opportunities.
Students/job seekers can post resume for free at University Resume Bank
<http://www.UJobBank.com/resume>
Please share the information with your colleagues and students.
Regards,
--
============================================
Find a job at the University Job Bank
http://www.UJobBank.com
UJobBank - Jobs for U
============================================
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Data compression and encryption
Date: 6 Jul 2000 18:35:55 GMT
[EMAIL PROTECTED] (Dido Sevilla) wrote in
<[EMAIL PROTECTED]>:
>
>This is just one question I thought up while waiting for the typhoon out
>here to blow away. Do all cryptologic transformations modify the
>information content of a message, e.g. make a message compress better or
>worse than the unencrypted message for some given compression
>algorithm? If so, then by how much? It seems that at the very least,
>the one-time pad would serve to increase the information content of a
>message such that it would be nearly impossible to compress by any means
>after encryption, provided the OTP was properly produced. The
>transformation involved in the one-time pad would end up turning the
>data into random noise from the point of view of someone without the
>key. Thus, any Huffman tree of the output of a proper OTP message would
>be almost perfectly balanced and wouldn't compress at all. Since the
>security of the OTP is what all cryptosystems aspire to, am I correct in
>asserting that all encryption systems must increase the information
>content of any message by an amount proportional to the size of the key
>used? Therefore, if any data compression is to be performed on data to
>be encrypted, it should be done *before* any encryption.
>
>Any links on information theory and encryption that discuss this topic
>in further detail?
Check out my compression site. Most people never really think much
about compression and encryption and how the two interact!
Yes in general it is best to compress before you encrypt.
But most compression schemes are such that they add information
to a file. Forunately it is easy to test if your stuck with such
a compression method. Compression that is written to be used
before encryption should not add information to a file. To test
a compression decompression set of routinge to see that they don't
add information. let X be a valid binary file if
for all X,
if decompress ( compress ( X )) == X
and if cmpress (decompess (X )) == X
then no information was added.
OR
If for files of a certain type. Like files of only
a limited character set then any any file X in that set
For all X,
decompress ( compress ( X ) == X
and for all binary files of type Y
compress ( decompress ( Y )) == Y
>
>--
>Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
>ICSM-F Development Team +63 (917) 4458925
>University of the Philippines Diliman
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS **no JavaScript allowed**
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed ** JavaScript OK**
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction
of the truth."
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: A thought on OTPs
Date: Thu, 6 Jul 2000 18:04:37 GMT
Mok-Kong Shen wrote:
> Also I asked sometime back whether there are good tests for
> independence in practice but failed to get a concrete answer.
I think you got answers, but just didn't like them.
"Independence" of events is a theoretical notion used in models.
It is not directly testable, but its consequences are testable
with the usual statistical tools of hypothesis testing.
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Has RSADSI Lost their mind?
Date: Thu, 06 Jul 2000 18:59:00 GMT
[EMAIL PROTECTED] wrote:
>
> Below is a couple of messages posted to the OpenSSL users mailing list.
> Seems someone down at RSADSI has lost it.
No, this is typical behavior for RSADSI. They have a habit of sending out
threatening BS letters at the slightest provocation, such as when they
recently threatened to sue a Canadian citizen for violating the patent on the
RSA public key encryption algorithm.
In September, the RSA public key encryption algorithm becomes public domain,
and the whole thing becomes moot. RSADSI has not earned themselves friends by
their behavior (especially by refusing to license the RSA PK algorithm to
other toolkit makers), and is likely to be out of the toolkit business shortly
thereafter unless they can persuade some hapless souls that RC5 and RC6 are
worth licensing (in preference to Blowfish/Twofish). Luckily (for them, not
for us), they have purchased Verisign and thus will continue to be a going
concern... a pity, that. Oh well, at least they provide Rivest with a living
beyond the meagre salary of a college professor... I guess they do SOMETHING
good (well, firing the only first-class talent they have really WOULD be
stupid!).
> I found the part about them
> *owning* EAY quite amusing. I wounder if anyone bothered telling him that
> he is considered owned property of RSADSI.
Yeah right :-). But there are some legal concerns about what happens to
software when its current owner decides to revoke the open source license.
There are some legal scholars who believe that, since no money changed hands,
the open source license is a "gift offer" rather than a contract, and thus can
be revoked at any time. That obviously is not a notion that I (or the Free
Software Foundation) agree with, but some day somebody is going to try to test
it in a court of law.
> I just got off the phone with, among others, John Riley at RSA. He's
> claiming things like (paraphrased):
>
> "It's flat out illegal to use OpenSSL for Commercial purposes" "Even if
> you use OpenSSL, it still uses RSA technologies that you have to pay
> royalties for (regardless whether it uses RSA encryption or not)" "We own
> EAY, thus we own SSLeay/OpenSSL"
>
> He's leaning on us to pay $70K up front, plus $636 in royalty fees for
> every copy of our product that we sell!!
For U.S. purposes, that's the royalty rate for BSafe. That is why I am not
using RSA encryption currently, and that is also why I shall use RSA
encryption after September as much as possible.
It is certainly legal to use OpenSSL for commercial purposes, as long as you
remove the RSA PK encryption portion from the actual source code. Also remove
RC5 support from it, that's another RSADSI-patented algorithm. Also remove
IDEA support from it, that's patented by another group.
Note that, after September, it's perfectly legal to put the RSA PK encryption
portion back in, since it enters the public domain at that time.
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
