Cryptography-Digest Digest #555, Volume #12 Mon, 28 Aug 00 10:13:00 EDT
Contents:
Re: Bytes, octets, chars, and characters (Richard Bos)
R: R: Test on pseudorandom number generator. ("Cristiano")
R: R: Test on pseudorandom number generator. ("Cristiano")
R: Test on pseudorandom number generator. ("Cristiano")
Re: PRNG Test Theory (Runu Knips)
Re: Looking for Book Recommendations (Charles Blair)
Re: Steganography vs. Security through Obscurity (Runu Knips)
could someone post public key that is tempered ? (jungle)
Re: Serious PGP v5 & v6 bug! ("Ken Jones")
noone can provide public key that is tempered ? (jungle)
Re: PGP Personal Privacy 6.5.3 $14.95 (jungle)
Re: New Site, Purple/Enigma/Sigaba/Russia Emulators (John Savard)
Re: CAST-Cipher / CAST-Algorithm ("Martin 'SirDystic' Wolters")
Re: Serious PGP v5 & v6 bug! ([EMAIL PROTECTED])
Re: Excerpt of SECRETS AND LIES available on-line (Daniel Leonard)
Re: Looking for Book Recommendations (David A Molnar)
Re: SHA-1 test request (Daniel Leonard)
Stream Cipher ([EMAIL PROTECTED])
Additional fix to ADK bug (John Savard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Richard Bos)
Crossposted-To: comp.lang.c
Subject: Re: Bytes, octets, chars, and characters
Date: Mon, 28 Aug 2000 11:10:44 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> uint12_t specifies an unsigned integer type with width
> exactly 12 bits, no padding, and twos-complement representation.
I think not... uint12_t is unsigned, so two's- or anyone's-complement is
irrelevant to it. Nor can I find a requirement of lack of padding.
Note that two's complement is not required for int12_t, either.
Richard
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: R: R: Test on pseudorandom number generator.
Date: Mon, 28 Aug 2000 13:18:24 +0200
> The normal way to use a LCG is to convert the entire internal state
> into a float, or even to use the state itself as an integer. Since
> using the entire state is "normal," that is the way statistical tests
> must be applied to get the "normal" results.
OK this is the best way, but if I need only 8 bits? I think the best is take
the 8 msb.
Only when I apply my test to PRNG I need to consider only the 8 msb, but
when I run FIPS PUB 140-2, Maurer and Diehard I take the whole integer as is
without any modification.
> Similarly, Diehard expects to see 32-bit integers, not 40 (unless it
> has been modified). If we expect tests to have some meaning, we must
> give the test the data in a format it expects. Then each test can
> tell us about the particular characteristics it detects.
Diehard read a (big) file. If I generate a file n bytes length, I think is
not a problem how I generate the same n bytes, the problem is how generate
each byte (as you say in the first paragraph).
I appreciate very much your considerations, but my original question is: if
"URAND" and "random" are bad generators, why any test don't detect this?
Thank you.
Cristiano
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: R: R: Test on pseudorandom number generator.
Date: Mon, 28 Aug 2000 13:19:18 +0200
> Cristiano wrote:
> > >So the expected number of matches is approximately 10^8*10^6*2^-40,
which is about 91.
> > OK. But if URAND pass all statistical test I think is better, for
> > cryptographics applications, to have few duplicated keys!
>
> The point is that URAND miserably fails the statistical test.
Why do you say this? It fail only my simple collision test (but I'm not a
cryptologist)!
All the 4 generators pass the tests (Diehard, Maurer and FIPS PUB 140-2).
May be I have found a brand new hard test for PRNG?
Note on diehard: after some test with diehard, I see that URAND fail some
p-value in "OQSO" and fail big in "DNA" while Mother pass these tests (but
fail some other p-value).
> If you just want unique numbers, use a simple counter.
As a joke!
> If you want numbers that cannot be distinguished from a
> random sequence, then you have to accept occasional
> duplication.
This observation is right! Good!
Now I'd like to calculate the statistic for the number of collisions: if the
expected collisions are 90.95 and I want to calculate chi-square statistics,
how many degrees of freedom I must consider?
Thank you very much for your valuable help.
Bye.
Cristiano
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: R: Test on pseudorandom number generator.
Date: Mon, 28 Aug 2000 13:19:23 +0200
> It doesn't work that way. None of these "sophisticated" tests confirm
goodness,
> they just highlight badness from time to time. You have a problem with one
of
> the best PRNG tests availiable. You failed a sanity check on your numbers
by an
> experienced professional, Douglas Gwyn, address that... or not.
I am afraid to not be able to make myself understand in english (do you
speak italian? :-))
All PRNG reported in the table pass all test (Diehard, Maurer's universal
statistical test and FIPS PUB 140-2), only few sequences fail the tests
(about 1-2% of the times). For this I suspect that something is "strange"!
I don't have any problem with any PRNG tests, all generators are good
(according to statistical test).
> I'd like to play with your code and diehard. But I don't wan't to compile
your
> source. Do you have an executable that will run under DOS or in a DOS
window and
> some simple instructions on proper use?
My prog run under Windows 98 and is too big to translate for DOS, but this
is the very simple generator (by D. E. Knuth):
unsigned char URAND(void) //
{
static unsigned long m2=0,ia,ic,mic,iy;
if(!m2) {
unsigned long m=1; iy=_lrand(); // _lrand() generate a 32 bits
integer
double halfm;
do { m2=m; m=m2<<1; } while(m>m2); halfm=m2;
ia=8*int(halfm*atan(1.)/8.)+5;
ic=2*int(halfm*(.5-sqrt(3.)/6.))+1;
mic=(m2-ic)+m2;
}
iy*=ia; if(iy>mic) iy=(iy-m2)-m2;
iy+=ic; if(iy/2>m2) iy=(iy-m2)-m2;
return iy>>24; // Take only the 8 msb
}
Can you tell me something?
Cristiano
------------------------------
Date: Mon, 28 Aug 2000 14:12:04 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: PRNG Test Theory
[EMAIL PROTECTED] wrote:
> Perhaps this PRNG could be degenerative, slow, cumbersome, but it's a
> neat idea.
Well.
The main problem with it is IMHO that you mix the test for a thing
and the thing itself. AFAIK tests for randomness are not easy, and
even if they say 'this is random', they still might be wrong.
Just imagine you switch a single bit of the state of your generator.
Will the resulting stream after this bit really look completely
different than the original, will it be truely independent from the
first stream ? Unfortunately I don't know much about these tests,
but I would be surprised if it would be this way.
------------------------------
Subject: Re: Looking for Book Recommendations
From: [EMAIL PROTECTED] (Charles Blair)
Date: Mon, 28 Aug 2000 12:12:51 GMT
Knuth's CONCRETE MATHEMATICS has a chapter on number theory, but
it may not cover all the material you need.
I think Herstein is considered one of the more advanced books.
ABSTRACT ALGEBRA is intended to be easier than TOPICS. An alternative
(possibly out of print but check libraries) is Birkhoff and Maclane,
SURVEY OF MODERN ALGEBRA.
------------------------------
Date: Mon, 28 Aug 2000 14:14:07 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Steganography vs. Security through Obscurity
"Douglas A. Gwyn" wrote:
> Runu Knips wrote:
> > So stenography does NOT require obscurity. It only hides the
> > fact if there is an encrypted message OR if there is random
> > data.
>
> No, that's wrong. Some successful steganographic schemes hide
> the message without encrypting it; the method of hiding itself
> uses a crypto key, but that is used to select sites, modes,
> etc., while the data itself is used directly.
Okay, but then it is a mixture of crypto and steno, because
there is already a key in it.
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: could someone post public key that is tempered ?
Date: Mon, 28 Aug 2000 08:16:45 -0400
could someone post public key that is tempered & pgp will not detect it ?
------------------------------
From: "Ken Jones" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 & v6 bug!
Date: Mon, 28 Aug 2000 08:05:56 -0400
=====BEGIN PGP SIGNED MESSAGE=====
(de-lurking)
Actually, no. The additional key allows for decrypting, not
encrypting.
- --
Cheers,
Ken
- --
PGP Encrypted mail encouraged
PGP Key available on public servers
PGP Fingerprint: 8C89 399B FA80 6969 76F4 2A98 58D1 041B
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
| -----BEGIN PGP SIGNED MESSAGE-----
| Hash: SHA1
|
| Nathan Williams wrote:
| > -----BEGIN PGP SIGNED MESSAGE-----
| > I'm not sure I agree with that. There is no need for a
"enterprise"
| > environment to have to use the ADK system to have a key
escrow.
| > Company policy could simply require that employees use keys
furnished
| > by the IT or security departments. They would keep copies of
both
| > keys and of its passphases. Simple solution that allows for
the use
| > of PGP without adding the complexity( and therefore the added
risk)
| > of a an ADK.
|
| this way employer will be able not only read employees messages
but also
| sing messages in name of employee
|
| == <EOF> ==
| Disastry http://i.am/disastry/
| http://disastry.dhs.org/pgp.htm <-- PGP half-Plugin for
Netscape
| remove .NOSPAM.NET for email reply
| -----BEGIN PGP SIGNATURE-----
| Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk
v1.7.1
|
|
iQA/AwUBOan7pDBaTVEuJQxkEQJNZQCg2E/Wamb7/unsvXe8W+s3EkStW08An1v4
| popsa/0hhiG6ldaBCJKlkJnJ
| =Tq2R
| -----END PGP SIGNATURE-----
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.5.1
Comment: When crypto is outlawed, only outlaws jvyy unir pelcgb.
iQEVAwUBOapVoLSq8Y1dHedVAQFdeQgAlrFtGKiIwfyj97iFNfeIMC0ZyFSlFHGw
zZqDt3wd3MAnzAh8fWb5snqgmwy9CG7AgrKGFCgCzlzn6XbYdTvxi9lJNlx6LpnN
pBu3fomj/Qdtrta6H2LE+Z6ENQ0pkTOCskmumfwcH/Ga0BjGdAOFZeQLTq/RFE3I
DnS3b4aMERmBMvUTQGgILDWSV/ka5UySMLUD2bI4LzfLTbSMPDluCFQPCorwVY9h
MY0mxHYRJAZ3BfCR90nvnjpQK2rym79l8CIKgXVW+wDt0kdTAmd/7fCAic1Wm8ly
YbFcVsUnj707+6DXikTx4zSYINfYAL2bhL7ND+2T5xYq3IxEYSKWPg==
=NYL4
=====END PGP SIGNATURE=====
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: noone can provide public key that is tempered ?
Date: Mon, 28 Aug 2000 08:17:54 -0400
could someone post public key that is tempered & pgp will not detect it ?
noone can provide public key that is tempered & pgp will not detect it ?
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP Personal Privacy 6.5.3 $14.95
Date: Mon, 28 Aug 2000 08:23:37 -0400
to support good will demonstrated by PGP creator ...
I thought that this is understandable for anyone, but is not ...
gleu wrote:
====
> So, please enlighten me - why would I want to buy PGP when it is
> free on the net ?
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: New Site, Purple/Enigma/Sigaba/Russia Emulators
Date: Mon, 28 Aug 2000 12:36:06 GMT
On Sun, 27 Aug 2000 13:33:44 -0700, Charles Petersen
<[EMAIL PROTECTED]> wrote, in part:
>From what I've been told, they're all relatively weak, so superencipherment
>probably wouldn't help all that much. Though I really don't know, anyone
>else have comments?
If you:
- allowed the rotor wirings and internal wirings to be generated
randomly from a key
- converted input plaintexts to sequences of the 26 letters, for
encryption, after compression, and by an efficient method (such as the
one on my web site, in 'From 47 bits to 10 letters')
- did not mix algorithms with different size alphabets (i.e., a
26-symbol rotor machine and a 32-symbol telecipher), and allowed
features such as space -> X on enciphering and X -> space on
deciphering to be disabled
then in some cases significant cryptographic strength is available
from these historic designs. Combining, say, CORAL with Sigaba under
these conditions would be, I think, quite reasonable.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Martin 'SirDystic' Wolters" <[EMAIL PROTECTED]>
Subject: Re: CAST-Cipher / CAST-Algorithm
Date: Mon, 28 Aug 2000 14:26:48 +0200
>> can anyone of you send or tell me where to get a good description of
>the
>> (function of the) CAST-Cypher / CAST-Algorithm (256-bit version
>pereferred).
Description:
RFC 2612
An implementation as a DLL is available from
www.roe.ch
------------------------------
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
From: [EMAIL PROTECTED]
Subject: Re: Serious PGP v5 & v6 bug!
Date: Mon, 28 Aug 2000 12:47:50 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Ken Jones wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> (de-lurking)
> Actually, no. The additional key allows for decrypting, not
> encrypting.
> Ken
did you read Nathan's text ?
I think you did not...
he suggests tu use employer made keys instead of ADKs.
then employer can not only decrypt but also sign.
> <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> | -----BEGIN PGP SIGNED MESSAGE-----
> | Hash: SHA1
> |
> | Nathan Williams wrote:
> | > -----BEGIN PGP SIGNED MESSAGE-----
> | > I'm not sure I agree with that. There is no need for a "enterprise"
> | > environment to have to use the ADK system to have a key escrow.
> | > Company policy could simply require that employees use keys furnished
> | > by the IT or security departments. They would keep copies of both
> | > keys and of its passphases. Simple solution that allows for the use
> | > of PGP without adding the complexity( and therefore the added risk)
> | > of a an ADK.
> |
> | this way employer will be able not only read employees messages but also
> | sing messages in name of employee
> | Disastry
== <EOF> ==
Disastry http://i.am/disastry/
remove .NOSPAM.NET for email reply
=====BEGIN PGP SIGNATURE=====
Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
iQA/AwUBOapDUzBaTVEuJQxkEQIBVgCfVbrKV7RrMD56Cb6ZrKq1HzPxAKQAn1eo
+qSFk/5YfIuEjOMfyTTyk6dX
=1Z3g
=====END PGP SIGNATURE=====
------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: Re: Excerpt of SECRETS AND LIES available on-line
Date: Mon, 28 Aug 2000 12:52:03 GMT
On Thu, 24 Aug 2000, Bruce Schneier wrote:
> A couple of weeks ago, someone asked about on-line distribution of my
> latest book. I just noticed that Chapter 3 is up on Amazon:
>=20
>=20
> http://www.amazon.com/exec/obidos/ts/book-excerpt/0471253111/ref=3Dpm_dp_=
ln_b_3/103-9091257-0055007
[snip]
>=20
> Cheers,
> Bruce
> **********************************************************************
> Bruce Schneier, Counterpane Internet Security, Inc. Tel: 408-556-2401
> 3031 Tisch Way, Suite 100PE, San Jose, CA 95128 Fax: 408-556-0889
> Free crypto newsletter. See: http://www.counterpane.com
>=20
I am a little confuse about your part making the difference between:
1- publishing a paper about a security hole
and
2- making a tool to exploit said hole.
I heard sysadmin horror stories about this scheme. The sysadmin knows
about the hole (read the paper, found it himself, whatever...) but needs
budget to fix it (new hardware, new software, whatever...). Management is
not convice that the hole will be exploited (but by Murphy's law, it
will), so they do not give him the budget.
Isn't the fact that a tool exist to exploit a security hole a better
argument in getting things fixed ?
Probably Yahoo, eBay and al. knew about the DDoS flaw, but choose (wrongly
or rigthly) not to fix it, does the DDoS attack in a sense made the
sysadmins happy ? Did it show that security must not be an aftertough in
the design of such "technology" ?
Can electronic security be ameliorated through this "weapons race" ?
Thank you for answering,
BTW, your defenition of script kiddies was hilarious, so right, so well
written, so well said.
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW :
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Looking for Book Recommendations
Date: 28 Aug 2000 13:14:36 GMT
[EMAIL PROTECTED] wrote:
> "Elementary Number Theory" by G.A Jones and J.M.
> Jones
> "Elementary Number Theory and its Applications"
> by K.H. Rosen
Koblitz covers most of the number theory you are likely to need
in a way that is on a par with most of the intro number theory
texts that I've seen. So I wouldn't necessarily expect these to be
"easier," although a different presentation always helps.
Of these two, I'd lean towards the Rosen book because his "Classical
Introduction to Modern Number Theory" is so good.
I've also been told that Niven & Zuckerman is a good book (it was
recommended reading for a cryptography course).
> "Abstract Algebra" by Israel N. Herstein
> "Topics in Algebra" by Israel N. Herstein
If you check the deja archives for sci.math, the topic "What's a good
abstract algebra book?" pops up frequently. I remember that the above
are suggested. another one is Birkhoff and MacLane. Still another is
Dummitt and Foote.
The 'Math 101' course here at Harvard uses _A First Course in Abstract
Algebra_ by Fraleigh. Friends of mine report that they had good
experiences with the book; it seems to be aimed at someone seeing
the material for the first time who is still developing mathematical
sophistication.
By the way, you want a book which will tell you about finite fields. Some
abstract algebra books (such as M. Artin's _Algebra_, which is what I know
from class) seem to include a good deal of group theory; this is important
but I have yet to see the Sylow theorems used in cryptography. :\
On the other hand, you need to know group theory in order to really
understand what's going on with Z_n^*.
The classic reference for finite fields is Lidl and Niderriter. There are
two editions extant - the Encyclopedia of Math edition and a standalone
book. The standalone book includes applications, such as the theory of
LFSRs and how they relate to polynomials. Most of the conferences you'll
see on "Coding theory and Cryptography" cover this kind of material.
It's not the cryptography that Koblitz is doing, but it's worth checking
out regardless.
-David
------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: Re: SHA-1 test request
Date: Mon, 28 Aug 2000 13:34:34 GMT
On 25 Aug 2000, S. T. L. wrote:
> Hi again, sci.crypt regulars.
> I'm trying to improve/debug my SHA1.EXE program that I wrote in C, and I =
need
> to make sure that it treats huge files properly. (It can be downloaded f=
rom
> http://members.aol.com/stl137/download.html ) Could someone independentl=
y
> (i.e. using a program known to be rock-solid for huge files; regular
> certification doesn't seem to do this) find the hash of a 1,000,000,000 b=
yte
> file consisting of the character 'a' ? If such a hash agreed with my
> SHA1.EXE's results, that would give me a huge boost of confidence in my
> program's accuracy. I think that I'm using unsigned long longs correctly=
, but
> I may have missed something.
>=20
> Thanks.
>=20
> -*---*-------
> S.T.L. My Quotes Page * http://quote.cjb.net * leads to my NEW site.
> My upgraded Book Reviews Page: * http://sciencebook.cjb.net *
> Optimized pngcrush executable now on my Download page!
> Long live pngcrush! :->
>=20
With the following programs:
- my own implementation of SHA1, as posted at
http://megasun.bch.umontreal.ca/~leonard/SHA1.java
- Sun own implementation, part of Java Security API
I get:
- 0xd0f3e4f2f31c665abbd8f518e848d5cb80ca78f7 done in 252864 milliseconds
- 0xd0f3e4f2f31c665abbd8f518e848d5cb80ca78f7 done in 232644 milliseconds
respectively.
The test program is pasted after my signature. I cannot really assume the
rock-solidness of my program, but it does agree with Sun implementation
(which I assume is rock-solid, probably like many many others that relies=
=20
on it).
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW :
import java.security.*;
public class SHA1 {
private static void print(byte[] hash) {
System.out.print("0x");
for (int i =3D 0; i < hash.length; i++) {
System.out.print(Integer.toHexString((hash[i] >> 4) & 0xf));
System.out.print(Integer.toHexString((hash[i] ) & 0xf));
}
System.out.println();
}
private static void memset(byte[] array, byte value) {
int len =3D array.length;
if (len > 0) {
array[0] =3D value;
}
for (int i =3D 1; i < len; i +=3D i) {
System.arraycopy(array, 0, array, i, ((len - i) < i) ? (len -
i) : i);
}
}
public static void main(String[] args) throws Exception {
Security.addProvider(new fork.crypto.Fork());
MessageDigest mdFork =3D MessageDigest.getInstance("SHA1", "Fork");
MessageDigest mdSUN =3D MessageDigest.getInstance("SHA1", "SUN"); =
=20
byte[] test =3D new byte[1000000];
memset(test, (byte) 'a');
long now =3D System.currentTimeMillis();
for (int i =3D 0; i < 1000; i++) {
mdFork.update(test);
}
now =3D System.currentTimeMillis() - now;
print(mdFork.digest());
System.out.println("done in " + now + " milliseconds");
now =3D System.currentTimeMillis();
for (int i =3D 0; i < 1000; i++) {
mdSUN.update(test);
}
now =3D System.currentTimeMillis() - now;
print(mdSUN.digest());
System.out.println("done in " + now + " milliseconds");
}
} =20
------------------------------
From: [EMAIL PROTECTED]
Subject: Stream Cipher
Date: Mon, 28 Aug 2000 13:38:07 GMT
Hi all!
Stream Cipher using OTP and Random Number Generator approach.
Delphi source code and executable can be download at
www.alex-encryption.de
Regards.
Alex.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Additional fix to ADK bug
Date: Mon, 28 Aug 2000 13:58:03 GMT
In a reply to a post by David Sternlight on comp.security.pgp.discuss,
I note that another modification to PGP, in addition to the bug fixes
I've seen mentioned, would help to repair the problem:
<quote>
The corrections to the bug include:
- ensuring that PGP, when sending a message, won't accept unsigned
ADKs any longer, and
- ensuring that PGP, when sending a message, will notify the user if
asked if (legitimate) ADKs are being used.
If someone is using PGP in a company, with an ADK, obviously, they can
be given a copy of the public ADK. Therefore, PGP should notify users
if they recieve a message, and it is encrypted with an ADK other than
those that the user's copy of PGP is tied to.
But what if the sender works for a company? Obviously, the recipient
won't have those ADKs in the lists of ones he must encrypt to.
So PGP should distinguish betwen ADKs associated with the sender and
the recipient, so that any added recipient ADKs will sound a warning -
in this way, although the recipient can't prevent a message from being
read, such a breach can be detected after one message.
A new, incompatible, format for ADK blocks that includes this
capability, if it is not present already, would be one way to further
deal with this vulnerability.
<unquote>
Essentially, a sender ADK is one imposed by the sender's employer or
government, and a recipient ADK is one imposed by the recipient's
employer or government. Distinguishing them, by ensuring that all ADKs
obtained from a version of the recipient's key block are labelled as
recipient ADKs, allows the recipient to at least detect that a
fraudulent ADK has been inserted, by checking the recipient ADKs in an
incoming message against those on his list (which may include ADKs
which are no longer active, but which had been in the past, with
appropriate reminder or warning messages).
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
