Cryptography-Digest Digest #497, Volume #12 Mon, 21 Aug 00 15:13:00 EDT
Contents:
Re: Hidden Markov Models on web site! (Mok-Kong Shen)
Re: blowfish problem (Richard Bos)
Re: My unprovability madness. (Future Beacon)
Re: Bytes, octets, chars, and characters ([EMAIL PROTECTED])
Re: Bytes, octets, chars, and characters (Richard Bos)
help needed to break KRYPTOS ([EMAIL PROTECTED])
Re: Bytes, octets, chars, and characters (Dan Pop)
Re: Cryptography and Content Protection (Adriano Prado)
Re: Cryptography and Content Protection (Adriano Prado)
Re: OTP using BBS generator? (Bryan Olson)
Re: Directions (Mike Rosing)
What is required of "salt"? (John Myre)
Re: Bytes, octets, chars, and characters ("Douglas A. Gwyn")
Re: My unprovability madness. (Bob Silverman)
Re: Directions (Adriano Prado)
Re: My unprovability madness. ("Douglas A. Gwyn")
Re: OTP using BBS generator? (Mok-Kong Shen)
Re: Cryptography and Content Protection (Matthew Skala)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Hidden Markov Models on web site!
Date: Mon, 21 Aug 2000 18:27:31 +0200
John Savard wrote:
>
> Having heard from some posts that the concept of "Hidden Markov
> Models" is relevant to cryptanalysis, I did some web searching, and
> gained enough understanding to put a partial introduction on my web
> page at
>
> http://home.ecn.ab.ca/~jsavard/co041003.htm
The page was not accessible. Could you please look
after the matter?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Richard Bos)
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Date: Mon, 21 Aug 2000 16:19:45 GMT
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote:
> I rarely read clc, but even in my infrequent visits I've noted a variety of
> languages discussed.
I've never noted anything discussed reliably except ISO C and, every now
and then, from an antiquarian POV almost, K&R C.
I've noted a lost of one-timers posting questions about MS C, Borland C,
GCC C, C++, Fortran, Pascal, Ada, and even English, but these generally
get pointed to a more appropriate newsgroup, because we're just not
specialised in those languages or dialects.
> The forum description
I suppose you mean the charter? There is no such thing. c.l.c predates
their existence.
> may limit the context to ISO C, but the
> practice in clc indicates otherwise.
Not among the regulars.
> Now if you want to advocate the creation of
> comp.lang.iso-c I wouldn't object.
Heh. I wish you luck. In getting it used properly even more than in
getting it created.
> Problem is that the standard is supposed to define _the_ language, but any
> individual user ends up with _a_ language. And there are multiple ISO C
> standards. Is it your position that programs written in compliance with C89 are
> not C?
Yes, though possibly "old" C. But any ISO C standard will do, and even
K&R; it's just that we'll assume the most usual standard (atm still C89,
though that will change sooner or later) unless you state otherwise. But
_non_-standard C is not C in the context of comp.lang.c unless the
non-standard bits are immaterial to the problem.
Richard
------------------------------
From: Future Beacon <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.physics,sci.optics
Subject: Re: My unprovability madness.
Date: Mon, 21 Aug 2000 12:21:08 -0400
If you want me to respond with information, answers, or my slant on
things, this is not a constructive message. You may believe that
there is no possible mathematical system that meets my requirements,
but a question about that would have been much more profitable than
this mean attack. Dealing with this kind of discourteousness is
too high a price to pay for your conversation.
When you find out what systems I use, I hope you remember what you
have said to me today. I also hope you are young enough to recover
from you anti-social personality disorder.
Jim Trek
Future Beacon Technology
http://eznet.net/~progress
[EMAIL PROTECTED]
On Mon, 21 Aug 2000, Bob Silverman wrote:
> In article <[EMAIL PROTECTED]>,
> Future Beacon <[EMAIL PROTECTED]> wrote:
> >
> >
>
> <snip>
>
> >
> > It seems to me that we are not talking about the same thing. The
> > foundations of any system must include definitions and may include
> > axioms. If we get weird results that cause us problems or poorly
> > serve our purposes, the only place to go is back to the foundations
> > of the system (at least in my opinion). If we assume that the
> > foundation is great, we're done. But to me and a few others
> > undecidable questions are not acceptable within a mathematical
> > system (at least one that I would want to use).
>
> You say "undecidable questions are not acceptable".
>
> Yet undecidable questions are *unavoidable* in any sufficiently
> rich axiomatic system. This is the crux of Goedel's work.
"Sufficiently rich" must include something YOU want. NO?
> Do you accept the (5) basic axioms of Peano arithmetic? Then you
> *must* accept the fact that there are true statements within this
> system that can not be proved. What you *want* is irrelevant.
>
>
> > For me, the purpose
> > of math is to decide things.
>
> This statement is vacuous.
>
>
> --
> Bob Silverman
> "You can lead a horse's ass to knowledge, but you can't make him think"
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.lang.c
Subject: Re: Bytes, octets, chars, and characters
Date: Mon, 21 Aug 2000 16:22:40 GMT
In article <8nrj1l$3sf$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
Clark S. Cox III ([EMAIL PROTECTED]) wrote:
> > In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
> > > <8nq0uk$[EMAIL PROTECTED]> ([EMAIL PROTECTED]):
> > > >playte, chawmp (on a 32-bit machine), word (on a 16-bit
machine),
> > > >half-word (on a 32-bit machine).
> > >
> > > Ok, I'm confused now. I though a word was always 2 bytes on
whatever
> > > architecture you happen to be living?
>
> > I was under the impression that a word was 16-bits on a 16-bit
> > machine, 32 on a 32-bit machine, etc.
>
> Terminology varies. In some 32-bit architectures, 16 and 32 bits are
> halfword and word respectively; in others they are word and doubleword
> or word and longword.
>
> >And that in C/C++, 'int' usually corresponded to a word.
>
> Usually, but not necessarily, it corresponds to whatever is the
> hardware's most "natural" representation of integers.
...That allows for a numerical range of -32767 to 32768 or something
like that...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Richard Bos)
Crossposted-To: comp.lang.c
Subject: Re: Bytes, octets, chars, and characters
Date: Mon, 21 Aug 2000 16:52:23 GMT
[EMAIL PROTECTED] wrote:
> In article <8nrj1l$3sf$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > In article <[EMAIL PROTECTED]>,
> Clark S. Cox III ([EMAIL PROTECTED]) wrote:
> > >And that in C/C++, 'int' usually corresponded to a word.
> >
> > Usually, but not necessarily, it corresponds to whatever is the
> > hardware's most "natural" representation of integers.
>
> ...That allows for a numerical range of -32767 to 32768 or something
> like that...
At least. It's certainly allowed to be larger; just no (well, one unit,
but no bits) smaller.
Richard
------------------------------
From: [EMAIL PROTECTED]
Subject: help needed to break KRYPTOS
Date: Mon, 21 Aug 2000 16:57:08 GMT
Hello everibody,
i need a theorethical help to continue attacking
the last 97 chars of the KRYPTOS sculpture.
Here is my problem:
i've seen a particular pattern in the ciphertext:
...DIAWINFNBF...
(maybe all of interested people have noticed it...)
such a pattern is special becaus, if you SUBTRACT
every chars from the immediate following one, you obtain
a 4-chars-repeating pattern:
...?FSWMFSWM...
(the subtraction has to be executed by using the
normal alphabet ABCDEFG... and performed MODULO-26).
That means that ...IAWI... is the same pattern of ...NFBN...
but translated 5 chars apart in the alphabet ABCDEFGH...
Such a pattern is VERY-UNLIKELY...(i've computed a probability
of about 1/16000, do you agree??) and i think it is a
kind of SIGN of the encryption method used by J.Sanborn.
My very LIMITED crypto-knowledge made me thought about the following
two methods:
- Cipher-Text AutoKey
- Progressive Vigenere Key
Can anyone help me telling me
WHICH OTHER METHOD EXISTS that may produce
such a singular pattern ?
Furthermore, i think that such a pattern indicates that Sanborn
made use of the NORMAL alphabet ONLY...do you agree??
I know that the last 97 chars are still unsolved...
but i think that any cryptographer finds KRYPTOS
a very fascinating challenge, and i think that there are still a lot
of you working on it... so, i am ready to collaborate with
any one interested in the enigma...
Thanks a lot in advance.
Ferdinando
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Dan Pop)
Crossposted-To: comp.lang.c
Subject: Re: Bytes, octets, chars, and characters
Date: 21 Aug 2000 16:49:46 GMT
In <8nrhsi$te5$[EMAIL PROTECTED]> [EMAIL PROTECTED] (John Winters) writes:
>In article <8nrds8$jsv$[EMAIL PROTECTED]>, Dan Pop <[EMAIL PROTECTED]> wrote:
>>In <8nqjkq$fq5$[EMAIL PROTECTED]> [EMAIL PROTECTED] (John Winters) writes:
>>
>>>Definitely not - a word is the natural size of number for manipulation
>>>of the machine - sometimes a little hard to pin down. The misconception
>>>that a word is two bytes comes from the every-computer-is-a-PC-running-DOS
>>>brigade.
>>
>>It's even older than that. It was first introduced by the PDP-11.
>>The VAX, a 32-bit machine that predates the PC, had 16-bit words
>>"inherited" from its predecessor, the PDP-11.
>
>Ah, I know 16 bit words are older than that - it was the misconception
>that I was talking about.
Me too.
Dan
--
Dan Pop
CERN, IT Division
Email: [EMAIL PROTECTED]
Mail: CERN - IT, Bat. 31 1-014, CH-1211 Geneve 23, Switzerland
------------------------------
From: Adriano Prado <[EMAIL PROTECTED]>
Subject: Re: Cryptography and Content Protection
Date: Mon, 21 Aug 2000 17:17:57 GMT
In article <8nkp21$fv9$[EMAIL PROTECTED]>,
"Scott Fluhrer" <[EMAIL PROTECTED]> wrote:
>
> Adriano Prado <[EMAIL PROTECTED]> wrote in message
> news:8njsbt$b7n$[EMAIL PROTECTED]...
> > Ok, let me be clearer...
> >
> > What is my 'system':
> >
> > Alice is a point-of-sale printer (the one used in supermarket).
> > Bob is a computer.
> >
> > What I need:
> > The printer respond to a set of defined commands.
> > This commands are sent by the computer via a RS-232 serial port.
> >
> > There are some of these commands that are restrict, the computer has
> > to send a key that is unique to each printer so it can be accepted.
> > That is, the same computer communicates with more than one printer,
> > but for each one it has to send a specific key.
> >
> > So, if one wants to use such set of commands, he has to call me,
> > send the serial number of the machine, and then I compute the key.
> > I pass the key by fax or e-mail. He then enter with the key in the
> > communication program who will send (the key) to the printer.
> > The printer should be able to see if the key is right for its serial
> > number.
> If that's the case, who's the attacker? What is he trying to do? If
you
> can basicly trust everything (the computer, the serial line), then
it's all
> straightforward -- no real crypto necessary. However, until you have
a
> solid attack model, I can't state that definitively.
>
> --
> poncho
>
>
There are some (printer) extra commands (like some reports) that are
only available if the user pay for it. That is, the commands are
already implemented in the firmware, but to use it, I'd like to send a
key to the printer. The printer should compute the key, based on its
serial number, to see if it matches.
The attacker is one who would like to use these commands without paying
for the key.
I was thinking in use the same process Unix uses to encrypt its
passwords. The problem is that the serial number has only five or six
numbers and with this method one who know a little about crypt would
crack it too easily...
I was thinking in use a simple method, like Caesar crypt, adding a
number to each char (e.g., adding 1: test -> uftu). Of sure there would
be improvements on this, but one who hack the firmware would find how
to compute it...
So... do you have any guess in what should I do?
--
Adriano
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Adriano Prado <[EMAIL PROTECTED]>
Subject: Re: Cryptography and Content Protection
Date: Mon, 21 Aug 2000 17:40:03 GMT
There are some (printer) extra commands (like some reports) that are
only available if the user pay for it. That is, the commands are
already implemented in the firmware, but to use it, I'd like to send a
key to the printer. The printer should compute the key, based on its
serial number, to see if it matches.
The attacker is one who would like to use these commands without paying
for the key.
I was thinking in use the same process Unix uses to encrypt its
passwords. The problem is that the serial number has only five or six
numbers and with this method one who know a little about crypt would
crack it too easily...
I was thinking in use a simple method, like Caesar crypt, adding a
number to each char (e.g., adding 1: test -> uftu). Of sure there would
be improvements on this, but one who hack the firmware would find how
to compute it...
So... do you have any guess in what should I do?
In article <oFon5.2085$[EMAIL PROTECTED]>,
"Lyalc" <[EMAIL PROTECTED]> wrote:
> who is trusting what here?
> What is the desired outcome, commercially, and technically?
>
> If the shopkeeper is trusting the printer to say "transaction denied"
> thereby getting the cusotmer to pay with another means (another card,
or
> cash perhaps), what stops a false printer being susbtituted, which
prints
> "transaction denied" every 5th (or ratio of your choice) transaction?
>
> Lyal
>
> Adriano Prado wrote in message <8njsc3$b7s$[EMAIL PROTECTED]>...
> >Ok, let me be clearer...
> >
> >What is my 'system':
> >
> >Alice is a point-of-sale printer (the one used in supermarket).
> >Bob is a computer.
> >
> >What I need:
> >The printer respond to a set of defined commands.
> >This commands are sent by the computer via a RS-232 serial port.
> >
> >There are some of these commands that are restrict, the computer has
> >to send a key that is unique to each printer so it can be accepted.
> >That is, the same computer communicates with more than one printer,
> >but for each one it has to send a specific key.
> >
> >So, if one wants to use such set of commands, he has to call me,
> >send the serial number of the machine, and then I compute the key.
> >I pass the key by fax or e-mail. He then enter with the key in the
> >communication program who will send (the key) to the printer.
> >The printer should be able to see if the key is right for its serial
> >number.
> >
> >capisce?
> >
> >
> >thanx!!!!
> >
>
>
--
Adriano Prado
[EMAIL PROTECTED]
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: OTP using BBS generator?
Date: Mon, 21 Aug 2000 17:35:26 GMT
Mok-Kong Shen wrote:
>
> Bryan Olson wrote:
> >
> > Mok-Kong Shen wrote:
> >
> > > To put the assumptions explicit:
> > [...]
> > > (3) The apriori
> > > probability of the opponent guessing the message is zero.
> >
> > How could that ever hold?
>
> You are right in questioning that. A contrived 'theoretical'
> case is that the spy cast a perfect die to determine (out
> of the blue) what he wants to talk to his colleagues.
So in that case the guessing chance is
1 / (number of sides on die).
The question is how could it be zero. The only was I see it
happening is if the attacker has such bad disinformation
about our message space that he assigns zero probability to
ever message that is in fact possible.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Directions
Date: Mon, 21 Aug 2000 12:46:28 -0500
Adriano Prado wrote:
>
> Hi all,
>
> I'm reading some papers and some books about cryptography, but I think
> I'll least some months before I become familiar to this subject.
>
> So, I'd like a direction in my study so I can follow the right path.
>
> I wanna make a simple algorithm that computes a password to a specific
> machine. This machine communicates with a computer via RS-232... but
> it's not important. What matters here is that each machine has an
> unique serial number that can be retrieved by a computer.
That's actually most important. Is the link "secure" in the sense that
it is unlikely anyone has tapped it? Or is the link "insecure" such
as an internet connection? If the first case applies, then you only
need to study symmetric crypto (single key). In the second case you
should also look at public key crypto.
Patience, persistence, truth,
Dr. mike
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: What is required of "salt"?
Date: Mon, 21 Aug 2000 11:44:00 -0600
I'm wondering what (cryptographic) properties "salt" has to have.
Let me begin by restricting the question to salt as used in
password files. This might be the original Unix-style file,
or it might be some verifier-based setup.
The main purpose of salt, as I understand it, is to ensure
that entries for the same password aren't the same (or rather,
that the adversary cannot tell that the entries are for the
same password). Is there more?
Usually I see the assumption that the salt is "random". I
don't see, however, why this is so. For example, what would
be wrong with using a simple counter to generate salt values?
Or, what if the salt were the concatenation of the user name
and the server name (or address)? Is there a reason to
change the salt when we change the password?
JM
------------------------------
Crossposted-To: comp.lang.c
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Bytes, octets, chars, and characters
Date: Mon, 21 Aug 2000 17:19:07 GMT
Paul Schlyter wrote:
> Yep -- a word is X bits on an X-bit machine, that's the rule.
That is a tautology. The real question is, what is meant
by "X" in calling a computer an "X-bit machine"? I have
encountered real cases where no matter what you use for X,
it could be disputed.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.physics,sci.optics
Subject: Re: My unprovability madness.
Date: Mon, 21 Aug 2000 18:11:02 GMT
In article <Pine.LNX.4.21L2.0008211206170.24354-
[EMAIL PROTECTED]>,
Future Beacon <[EMAIL PROTECTED]> wrote:
>
>
> If you want me to respond with information, answers, or my slant on
> things, this is not a constructive message. You may believe that
> there is no possible mathematical system that meets my requirements,
What I *believe* or what you *believe* is irrelevant!
What matter is what is *true*.
> but a question about that would have been much more profitable than
> this mean attack.
Attack? What attack? I quote what I said:
====================================================
You say "undecidable questions are not acceptable".
Yet undecidable questions are *unavoidable* in any sufficiently
rich axiomatic system. This is the crux of Goedel's work.
Do you accept the (5) basic axioms of Peano arithmetic? Then you
*must* accept the fact that there are true statements within this
system that can not be proved. What you *want* is irrelevant.
=========================================================
There is no "attack" in what I wrote above. Saying that what you want
to be true is irrelevant to mathematics is a statement about
math and not about you!
> For me, the purpose
> of math is to decide things.
This statement is vacuous.
========================================================
Nor is this an attack. Saying that a vague assertion is vacuous
may be a criticism of the statement, but it is not an "attack" on you.
Or do you equate "criticism of my statements" with "attack on me"??
> Dealing with this kind of discourteousness is
> too high a price to pay for your conversation.
You have a strange notion of "discourteous".
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Adriano Prado <[EMAIL PROTECTED]>
Subject: Re: Directions
Date: Mon, 21 Aug 2000 18:22:49 GMT
In article <[EMAIL PROTECTED]>,
Mike Rosing <[EMAIL PROTECTED]> wrote:
> Adriano Prado wrote:
> >
> > Hi all,
> >
> > I'm reading some papers and some books about cryptography, but I
think
> > I'll least some months before I become familiar to this subject.
> >
> > So, I'd like a direction in my study so I can follow the right path.
> >
> > I wanna make a simple algorithm that computes a password to a
specific
> > machine. This machine communicates with a computer via RS-232... but
> > it's not important. What matters here is that each machine has an
> > unique serial number that can be retrieved by a computer.
>
> That's actually most important. Is the link "secure" in the sense
that
> it is unlikely anyone has tapped it? Or is the link "insecure" such
> as an internet connection? If the first case applies, then you only
> need to study symmetric crypto (single key). In the second case you
> should also look at public key crypto.
>
> Patience, persistence, truth,
> Dr. mike
>
Thanks dr. mike!!! My system is the one you described 1st. Now I now
where to start my research.
Well, as I wrote in another thread, bellow I explain what is my system;
just in case...
My system is a point-of-sale printer (the one used in supermarket).
There are some (printer) extra commands (like some reports) that are
only available if the user pay for it. That is, the commands are
already implemented in the firmware, but to use it, I'd like to send a
key to the printer. The printer should compute the key, based on its
serial number, to see if it matches.
The attacker is one who would like to use these commands without paying
for the key.
I was thinking in use the same process Unix uses to encrypt its
passwords. The problem is that the serial number has only five or six
numbers and with this method one who know a little about crypt would
crack it too easily...
I was thinking in use a simple method, like Caesar crypt, adding a
number to each char (e.g., adding 1: test -> uftu). Of sure there would
be improvements on this, but one who hack the firmware would find how
to compute it...
Adriano________________
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Crossposted-To: sci.math,sci.physics,sci.optics
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: My unprovability madness.
Date: Mon, 21 Aug 2000 17:37:18 GMT
Future Beacon wrote:
> ... mean attack. Dealing with this kind of discourteousness ...
> On Mon, 21 Aug 2000, Bob Silverman wrote:
What Bob Silverman said was correct and not especially "mean"
or "discourteous".
> > In article <[EMAIL PROTECTED]>,
> > Future Beacon <[EMAIL PROTECTED]> wrote:> > >
> > > ... But to me and a few others undecidable questions are
> > > not acceptable within a mathematical system (at least one
> > > that I would want to use).
> > You say "undecidable questions are not acceptable".
> > Yet undecidable questions are *unavoidable* in any sufficiently
> > rich axiomatic system. This is the crux of Goedel's work.
> "Sufficiently rich" must include something YOU want. NO?
No, it means merely that it is capable of expressing ordinary
number theory (arithmetic with variables). Goedel's result
showed that if your axiomatic system is sufficient to support
work in number theory, then it necessarily is capable of
expressing some true statement that cannot be proved within
that axiomatic system. Not many mathematicians would agree
to work in a weaker axiomatic system than that, not even the
Intuitionists (who do accept some other limitations).
> > > For me, the purpose of math is to decide things.
> > This statement is vacuous.
I think I would have said "irrelevant", but "vacuous" is close.
A true scientist accepts demonstrated facts, or else he looks
closely into the details of the demonstration to identify
where an error was made. If you can indeed find an error in
Goedel's incompleteness theorem, many people would be very
happy, because it is unsettling to many. But just not wanting
it to be true is not a valid argument against it.
I'm not sure why this was suddenly cross-posted to newsgroups
like sci.crypt.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: OTP using BBS generator?
Date: Mon, 21 Aug 2000 21:05:32 +0200
Bryan Olson wrote:
>
> Mok-Kong Shen wrote:
> >
> > Bryan Olson wrote:
> > >
> > > Mok-Kong Shen wrote:
> > >
> > > > To put the assumptions explicit:
> > > [...]
> > > > (3) The apriori
> > > > probability of the opponent guessing the message is zero.
> > >
> > > How could that ever hold?
> >
> > You are right in questioning that. A contrived 'theoretical'
> > case is that the spy cast a perfect die to determine (out
> > of the blue) what he wants to talk to his colleagues.
>
> So in that case the guessing chance is
>
> 1 / (number of sides on die).
>
> The question is how could it be zero. The only was I see it
> happening is if the attacker has such bad disinformation
> about our message space that he assigns zero probability to
> ever message that is in fact possible.
>
First of all the 'zero' is understood in the sense of
probability theory not in the sense of number theory.
At the time the spy makes up a list for casting a die,
he has free choice out of a practically unlimited topics
to be mapped to the die. The die may also be cast a
multiple times (thus having a larger event space) to
render the probability you mentioned arbitrarily small.
Once the topic is selected, he has yet a free choice
of messages (content). So before the timepoint where
his huge neuronal network starts to compose the message,
even the spy himself doesn't know what that message is.
So I think that justifies to ascribe a probability 0.
(There 'could' be on the other hand a means for the
opponent to guess this message: through 'reading' his
mind at distance, an action claimed to be possible by
persons of a certain psychology-related field in which
I have unfortunately no confidence at all. An article
I happened to read long time ago reported namely that
the well-known agency BGK and its famous counterpart
both conducted experiments in that field.)
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Matthew Skala)
Subject: Re: Cryptography and Content Protection
Date: 21 Aug 2000 11:41:59 -0700
In article <8nro7g$qqh$[EMAIL PROTECTED]>, Adriano Prado <[EMAIL PROTECTED]> wrote:
>There are some (printer) extra commands (like some reports) that are
>only available if the user pay for it. That is, the commands are
>already implemented in the firmware, but to use it, I'd like to send a
>key to the printer. The printer should compute the key, based on its
>serial number, to see if it matches.
If the printer can compute the password based on its serial number, and
the only thing that changes from one printer to the next is the serial
number, then someone who reverse engineers one printer will be able to
generate passwords for all the printers.
It would be better to give the "unlocking authority" a public/private key
pair. The printers all contain the public key. To unlock a printer, the
authority signs a certificate saying "such-and-such printer can be
unlocked". Then the printer can check the signature and check that the
number matches its own. Printers do not contain enough knowledge to
generate their own certificates, so an attacker who breaks into one
printer will not be able to gain control of any others.
>The attacker is one who would like to use these commands without paying
>for the key.
What you want to do is immoral anyway, of course. I certainly wouldn't
buy a hardware device that was deliberately crippled just so the vendor
would have an excuse to charge me even more money.
>I was thinking in use the same process Unix uses to encrypt its
>passwords. The problem is that the serial number has only five or six
>numbers and with this method one who know a little about crypt would
>crack it too easily...
The fundamental problem is that if the printer contains enough knowledge
to generate the passwords, then a compromise of one printer will
compromise all the printers. You need a system that won't do
that. Public key is one option.
Another alternative would be to *not* generate the passwords
algorithmically at all. Just generate the password randomly for each
printer when you manufacture it, and store the password in the
printer. Then when the buyer pays for the password, look it up in a
database. That way, again, a compromise of one printer won't give any
information about others. Technically, this is even *more* secure, since
it offers information theoretic security - even a break of the
cryptosystem can't give the adversary enough information to generate
passwords.
>So... do you have any guess in what should I do?
IMHO, you shouldn't do this at all, but if you do think you want to do it,
randomly generated passwords stored in the printers, or public key crypto,
seem like the logical choices.
Be warned that your users will figure out how to break your system in
short order anyway. For instance, they could clone the part of the
machine that knows the serial number from one printer to others, then pay
for the password for that serial number, and use it in all the printers.
--
Matthew Skala
[EMAIL PROTECTED] I'm recording the boycott industry!
http://www.islandnet.com/~mskala/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
