Cryptography-Digest Digest #639, Volume #12 Fri, 8 Sep 00 21:13:00 EDT
Contents:
Re: RSA patent expiration party still on for the 20th (No User)
Re: Camellia, a competitor of AES ? (Mok-Kong Shen)
Re: Losing AES Candidates Could Be a Good Bet? (Mok-Kong Shen)
Re: Carnivore article in October CACM _Inside_Risks (Matthew Montchalin)
Re: Carnivore article in October CACM _Inside_Risks ("dog7")
Re: Camellia, a competitor of AES ? (Mok-Kong Shen)
Re: could you please tell me how this calculation has been obtained ?
([EMAIL PROTECTED])
Re: Carnivore article in October CACM _Inside_Risks ("Joshua R. Poulson")
Re: Singhs Cipher Challenge ("Mike")
Re: Carnivore article in October CACM _Inside_Risks (Roger Schlafly)
Re: Carnivore article in October CACM _Inside_Risks ("Joshua R. Poulson")
Re: could you please tell me how this calculation has been obtained ? (jungle)
Re: PRNG (S. T. L.)
Security of whitening alone? (Andru Luvisi)
Re: How weak is the encryption in the old NORTON NAVIGATOR (NORTON FILE MANAGER)
(Lronscam)
Re: Camellia, a competitor of AES ? (John Savard)
Re: Camellia, a competitor of AES ? (David A Molnar)
Re: Losing AES Candidates Could Be a Good Bet? (David A Molnar)
Re: Losing AES Candidates Could Be a Good Bet? (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
Date: Fri, 8 Sep 2000 15:10:15 -0500
From: No User <[EMAIL PROTECTED]>
Subject: Re: RSA patent expiration party still on for the 20th
[EMAIL PROTECTED] (Rich Wales) wrote:
>Does development of a product, using patented technology, during
>the validity period of the patent, count as an infringement (under
>US law) if the product is kept strictly internal and is not put to
>any actual productive use until after the patent has expired?
US law, read literally, gives the patent-holder an absolute right to
exclude any unlicensed person from making or using the invention for
any reason except certain kinds of biological research necessary for
compliance with FDA laws.
However, U.S. courts have carved out their own "experimental use"
exception. According to this rule, you can use an invention for the
~sole~ purpose of "gratifying a philosophical taste or curiosity or
for instruction or amusement."
Keeping the invention internal and unproductive for the term of the
patent is not enough to claim the experimental use defense; if you
were actually trying to develop a product for later public release (as
opposed to merely playing around to see if you could get the invention
to work), the courts would probably regard that as infringement.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Camellia, a competitor of AES ?
Date: Fri, 08 Sep 2000 23:57:20 +0200
Mok-Kong Shen wrote:
>
> The designers of E2 has produced a new cipher named
> Camellia which is claimed to have good performances:
>
> http://info.isl.ntt.co.jp/Publications/sac_camellia.pdf
Sorry, the URL should have been:
http://info.isl.ntt.co.jp/camellia/Publications/sac_camellia.pdf
or better first access:
http://info.isl.ntt.co.jp/camellia/
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: Sat, 09 Sep 2000 00:05:35 +0200
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > "Douglas A. Gwyn" wrote:
> > > So long as one's own contribution does not actually
> > > weaken the system (which is easier to do than one
> > > might think).
> > For any non-trivial modern cipher (not of the snakeoil
> > category), the chance of having a superencipherment that
> > weakens it is negligible in my humble view, ...
>
> There is always the possibility of "destructive resonance"
> at interfaces in a pipeline of algorithms; see "Predicting
> the Output of a Linear Congruential Generator Encrypted
> with ElGamal" by John A. Malley for an example. Another
> example would be somebody who takes a secure cipher and
> uses it to seed an insecure one, or to generate OTP key
> that is then reused for multiple messages. The mere fact
> of a secure subsystem being a component does not guarantee
> that the overall system is secure.
If, say, you could design a module that, put in front
of one of the AES finalists, would weaken it by substantial
amounts, I am sure your could deliver a paper to NIST
that generates certain surprise. (Well, on the other hand,
it's too late. They don't accept such stuffs any more,
having probably already decided on the winner.)
M. K. Shen
------------------------------
From: Matthew Montchalin <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security,talk.politics.crypto,or.general
Subject: Re: Carnivore article in October CACM _Inside_Risks
Date: Fri, 8 Sep 2000 14:47:01 -0700
On Fri, 8 Sep 2000, MichaelC wrote:
|An amazing fact is that this is precisely what has happened over here.
|I've been rejected from jury duty twice now because I let loose the
|dangerous and obviously subversive information that I had a college
|degree after being asked about it point blank. The lawyer didn't even
|ask what my major was, whether it had any relevence to the trial. I
|was just given a summary dismissal and a direction to leave the room.
Been there. (And I'll bet I've been dismissed off more juries than
you have. The running count is six dismissals so far.) You realize that
admitting you have a computer is the first nail on your coffin?
|We have juries sitting now who's sole attribute is being too stupid
|to get out of jury duty.
That's one way of looking at it.
<snip>
|An intelligent, randomly selected jury of individuals who can see through
|claims of pseudo-scientific claims made by the defense, or a jury composed
|of individuals who do not even know how to spell the word hypothesis? IMO,
|jury screening should cosist of three questions:
|
|1. Are you or were you ever a police officer?
But that question *is* asked with great regularity.
|2. Do you know or have you ever made the aquaintence of the defendent or
|defendent's family/group?
Another common question.
|3. Do you have an interest in this case which would bias your judgement
|in any way (a VP for a soap company sitting on a jury that was suing
|soap manufacturers for some type of product defect, for example)?
Yes, another common question.
|Other than that, it should be open roads. Unfortunately prospective
|jurors are asked everything from their sexual preferences to their
|political opinions, as if these kinds of things had any relevence to the
|trial. The intelligent are quickly whittled away, leaving a core of
|individuals who are, how can I say this kindly, *not* likely to choose
|rocket science as a career.
Yes, but some of us who decide to be blunt and forthcoming during the
voir dire do so because we realize that our fellow jurors can do the
job just as well as we can. (In the assembly room where you get to
play cards and talk with the other jurors prior to voir dire, I was
pleased to note that most of my fellow jurors were college educated,
or retired teachers. Hey, otoh, maybe I am lucky enough to live
in a county that the ignoramuses weren't able to figure out where
the courthouse was, let alone make it to the jury assembly room
and wait for them to be summoned for a voir dire...)
------------------------------
From: "dog7" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security,talk.politics.crypto,or.general
Subject: Re: Carnivore article in October CACM _Inside_Risks
Date: Fri, 8 Sep 2000 14:53:45 -0700
"Joshua R. Poulson" <[EMAIL PROTECTED]> wrote in message
news:8pbhqn$[EMAIL PROTECTED]...
> "dog7" <[EMAIL PROTECTED]> wrote in message
news:fgbu5.24741$[EMAIL PROTECTED]...
> > "Joshua R. Poulson" <[EMAIL PROTECTED]> wrote in message
> > news:8pb8li$[EMAIL PROTECTED]...
> > > Actually, paranoia is a debilitating irrational fear, and caution
> > > is the "reasonable" form of this condition.
> > >
> > > After all, that's the difference between any true "phobic" and
> > > a person who just doesn't like some things but can tolerate them.
>
> > So what you are saying is that libertarians are paranoid? I guess the
> > description fits...
>
> Have you proven them to be debilitated to the point where they cannot
> survive in the ambient social climate or are you just a major league
> asshole?
I'm a major league asshole. But, unlike paranoids and Libertarians, I'm
functional.
>The description fits.
It fits many people
>
> --jrp
>
>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Camellia, a competitor of AES ?
Date: Sat, 09 Sep 2000 00:36:32 +0200
David Eppstein wrote:
> I don't see anything about whether this cipher is public domain or
> patent-restricted. Until that situation is clarified, Camellia is at a
> major disadvantage with respect to any of the five AES finalists.
They say the following (in the press release):
NTT and Mitsubishi will propose Camellia in response to
calls for contributions from ISO/IEC JTC 1/SC27 and are
aiming at adoption as a international standard.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: could you please tell me how this calculation has been obtained ?
Crossposted-To: alt.security.pgp
Date: Fri, 08 Sep 2000 22:34:42 GMT
In sci.crypt Your Name <[EMAIL PROTECTED]> wrote:
> On Thu, 7 Sep 2000 20:43:32 -0400, Lronscam
> <[EMAIL PROTECTED]> wrote:
>
>>And if there are only 1 million keys on the public key servers then you
>>know that there are less people using PGP. How many people have only one
>>key?
>
> And, how many people use PGP but have never put a key on a server?
> Me, for one.
Someone must have added you, then:
$ pgpk -a [EMAIL PROTECTED]
Retreiving hkp:/horowitz.surfnet.nl:[EMAIL PROTECTED]
Looking up host horowitz.surfnet.nl
Establishing connection
Sending request
Receiving data
Cleaning up
Complete.
Adding keys:
Key ring: '[EMAIL PROTECTED]'
Type Bits KeyID Created Expires Algorithm Use
pub 1024 0x085B85D1 1996-11-18 ---------- RSA Sign & Encrypt
uid Rich Eramian <[EMAIL PROTECTED]>
1 matching key found
--
Dan Nelson
[EMAIL PROTECTED]
------------------------------
From: "Joshua R. Poulson" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security,talk.politics.crypto,or.general
Subject: Re: Carnivore article in October CACM _Inside_Risks
Date: Fri, 8 Sep 2000 14:12:06 -0700
Reply-To: "Joshua R. Poulson" <[EMAIL PROTECTED]>
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Joshua R. Poulson" wrote:
> > Actually, paranoia is a debilitating irrational fear, and caution
> > is the "reasonable" form of this condition.
> Reasonable in that it is controllable (not debilitating), or reasonable
> in that it is rational?
Reasonable in that it is rational.
> Debilitating fear is a fact of some lives and some situations. C.f.,
> "Detached reflection is not called for in the face of an upraised
> knife." -- Brandeis I think,
Yeah, but that's hardly paranoia.
> Irrationality would seem the be the characteristic of a diagnosis of
> paranoia, but that leaves little space for professional attitudes that
> aren't completely rational, but may be completely functional and quite
> valuable.
Then it's not paranoia, but rather just being odd.
--jrp
------------------------------
Reply-To: "Mike" <.>
From: "Mike" <[EMAIL PROTECTED]>
Subject: Re: Singhs Cipher Challenge
Date: Fri, 8 Sep 2000 18:45:57 -0400
Jim Gillogly wrote in message <[EMAIL PROTECTED]>...
>Mike wrote:
>> Thanks. I am registered with eGroups but whenever I log in I get this
>> message :
>>
>> The moderators have not yet approved your
>> membership to this group. You may still
>> update your membership options or unsubscribe.
>>
>> Am I doing anything wrong ?
>
>Beats me. I've forwarded your message to a guy who I think
>is one of the moderators.
>
>--
> Jim Gillogly
> Sterday, 17 Halimath S.R. 2000, 19:51
> 12.19.7.9.11, 13 Chuen 14 Mol, Second Lord of Night
Thanks for help !!!!! :-)
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security,talk.politics.crypto,or.general
Subject: Re: Carnivore article in October CACM _Inside_Risks
Date: Fri, 08 Sep 2000 15:43:36 -0700
Matthew Montchalin wrote:
> Been there. (And I'll bet I've been dismissed off more juries than
> you have. The running count is six dismissals so far.) You realize that
> admitting you have a computer is the first nail on your coffin?
>
> |We have juries sitting now who's sole attribute is being too stupid
> |to get out of jury duty.
Reforming the jury system is getting a little off-topic. The
point here is that we cannot expect a jury to decide on its
own the likelihood of Carnivore evidence being faked. Either
we trust the FBI, or we have some sort of system in place for
independently checking that Carnivore is doing what it is
supposed to be doing.
The latter is a computer security problem or sorts (if the FBI
cooperates). What would it take? A source code review by a
couple of experts? Open source? Independent review of configuration
files by employees of AOL (or other ISP)? Checking server logs
for other irregularities?
Also, will the judge understand what he is ordering? If we don't
understand just what Carnivore does, what is the likelihood that
the judge know what he is ordering?
------------------------------
From: "Joshua R. Poulson" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security,talk.politics.crypto,or.general
Subject: Re: Carnivore article in October CACM _Inside_Risks
Date: Fri, 8 Sep 2000 15:05:21 -0700
Reply-To: "Joshua R. Poulson" <[EMAIL PROTECTED]>
"dog7" <[EMAIL PROTECTED]> wrote in message
news:Qgdu5.24911$[EMAIL PROTECTED]...
> I'm a major league asshole. But, unlike paranoids and Libertarians, I'm
> functional.
I know plenty of libertarians that lead perfectly normal
lives holding down normal jobs and paying normal taxes.
So where do you derive your insulting valuation of a
class of people identified only by a set of beliefs?
What do you want? Cookie cutter nuclear families?
--jrp
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: could you please tell me how this calculation has been obtained ?
Date: Fri, 08 Sep 2000 19:24:48 -0400
wrong, you did ...
all servers have your key [ Rich Eramian aka freeman at shore dot net ] ...
the question is open
&
it has been directed to 2 top PGP & NAI management persons ...
in the recent [ 25 aug ] ap article by peter svensson, he is writing,
wallach said, that pgp is used by 7 million people ...
could you please tell me how this calculation has been obtained ?
how accurate this number is ?
Your Name wrote:
>
> On Thu, 7 Sep 2000 20:43:32 -0400, Lronscam
> <[EMAIL PROTECTED]> wrote:
>
> >And if there are only 1 million keys on the public key servers then you
> >know that there are less people using PGP. How many people have only one
> >key?
>
> And, how many people use PGP but have never put a key on a server?
> Me, for one.
>
> Rich Eramian aka freeman at shore dot net
------------------------------
From: [EMAIL PROTECTED] (S. T. L.)
Subject: Re: PRNG
Date: 08 Sep 2000 23:46:27 GMT
/* DIEHARDC ok (no 0.00 no 1.00) */
This is not the way to interpret DieHard results.
-*---*-------
S.T.L. My Quotes Page: http://quote.cjb.net
Book Reviews Page: http://sciencebook.cjb.net
Turbo-nifty interlaced interpolated PNG demo: http://interpng.cjb.net
Coming soon: pngacc, a PNG optimizer!
Long live pngcrush!
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Security of whitening alone?
Date: 08 Sep 2000 16:40:18 -0700
Assuming one has a well known good random transformation, for example
DES encryption with a well known key, what attacks can you see against
the following algorithm?
Let p(x) be the transformation. Let q(x) be the inverse transformation.
Let the 128 bit key k have a left part, l, and a right part r.
^ means xor.
E_k(x) = p(x^l)^r
D_k(y) = q(x^r)^l
In other words, the key is *only* used for whitening before and after
applying the transformation.
Andru
--
Andru Luvisi, Programmer/Analyst
------------------------------
From: Lronscam <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,alt.security.scramdisk,alt.computer.security,alt.security,comp.security.misc
Subject: Re: How weak is the encryption in the old NORTON NAVIGATOR (NORTON FILE
MANAGER)
Date: Fri, 8 Sep 2000 20:15:46 -0400
The addy of [EMAIL PROTECTED], In article ID
<8p4ibs$n9p$[EMAIL PROTECTED]>, On or about Wed, 06 Sep 2000 04:48:12
GMT,
HeWhoCannotBeNamed says...
>It lets you encrypt files/folders. It's several years old, but I still use it
>as a great file manager in WIN95 (and works in win98, at least for me). I
>don't know much at all about encryption, but I'm wondering whether I have
>decent safety by encrypting my confidential files with this program (if my
>laptop gets stolen). I don't know of anyway to find out what kind of
>encryption algorithm it uses. I can't find out from Norton, since the
>program is about 5 years old.
I don't have an answer to your question except in general form. If you
really care about security then get Scram Disk for a well established HD
encryption program. It is free for the taking.
I wouldn't trust much from those generalized commercial programs. They
don't care about your safety beyond the casual uncovering of your files,
as far as I can tell.
You would have to know about the algorithm involved to really know how
secure your files really are in Norton Navigator. Even then, since it
isn't open source you will have no way of knowing if there are any back
doors involved. I suspect highly that such commercialized closed-
source programs have back doors. Although I am lacking hard proof of such
accusations.
--
*___________________________*
Web page summary: http://www.entheta.net
The best overall site: http://www.xenu.net
Chris Owen's well researched site:
http://www.demon.co.uk/castle/audit/index.html.
The name says it all: http://www.ronthewarhero.org
Co$ book list:http://www.cs.cmu.edu/~dst/Library
Real player files of Co$, pickets, LRH, etc:
http://www.xenutv.com
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Camellia, a competitor of AES ?
Date: Sat, 09 Sep 2000 00:12:52 GMT
On Fri, 08 Sep 2000 11:01:42 -0700, David Eppstein
<[EMAIL PROTECTED]> wrote, in part:
>I don't see anything about whether this cipher is public domain or
>patent-restricted. Until that situation is clarified, Camellia is at a
>major disadvantage with respect to any of the five AES finalists.
>A hint towards their attitude on intellectual property can be found at the
>copyright statement on that page, which seems to be claiming copyright on
>the URLs (not just the content of the pages), and generously allows people
>to use those copyrighted URLs (while reserving the right to change terms).
Well, I know that some other sites do that, like the Kobol web site
about Battlestar Galactica. But, yes, I would think it very likely
that the cipher is not freely available, given the appearance of the
documentation for E2.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Camellia, a competitor of AES ?
Date: 9 Sep 2000 00:16:40 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> NTT and Mitsubishi will propose Camellia in response to
> calls for contributions from ISO/IEC JTC 1/SC27 and are
> aiming at adoption as a international standard.
This is nice, but does it tell us whether Camellia will be released to the
public domain ? i.e. does the ISO require standardized algorithms to be
unpatented? (it seems not, since previous ISO standards included RSA, but
I'm not familiar with this process).
-David
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: 9 Sep 2000 00:24:32 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> There is always the possibility of "destructive resonance"
> at interfaces in a pipeline of algorithms; see "Predicting
> the Output of a Linear Congruential Generator Encrypted
> with ElGamal" by John A. Malley for an example. Another
> example would be somebody who takes a secure cipher and
> uses it to seed an insecure one, or to generate OTP key
> that is then reused for multiple messages. The mere fact
> of a secure subsystem being a component does not guarantee
> that the overall system is secure.
Another cautionary tale involves using a linear congruential generator to
produce pseudo-random numbers for use with DSS.
See
``Pseudo-Random'' Number Generation within Cryptographic Algorithms:
the DSS Case
M. Bellare, S. Goldwasser and D. Micciancio
http://www-cse.ucsd.edu/users/mihir/papers/dss-lcg.html
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: 9 Sep 2000 00:42:37 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in <39B92750.4E99AFBB@t-
online.de>:
>>
>> I see you have not tried my suggestion or you would see how
>> little mixing is done using standard chaining in opposite
>> directions. I have made technigues for chainging in two directions
>> but they do not invovle the standard 3 letter chainning modes
>> approved the the US FIPS stuff.
>> If you check out my site there is explanation of my code even
>> people who can't turn off JavaScritpt can use it now. Look
>> under Horces disscussion. Also pointers to newer versions that
>> may be easier to compile incuding a german version.
>
>I explicitly mentioned a chaining mode that is not 'standard'
>(i.e. not found in the textbooks), didn't I?
>
Good for you it about time.
>I repeat my suggestion: If you like to have people of the
>group to be interested to your stuffs at all, then you have
>to post a good description to the group.
>
>M. K. Shen
>
And I will reapeat mine it is in the website plus the code is
know also done by a German so maybe even you can understand
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction
of the truth."
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
