Cryptography-Digest Digest #689, Volume #12 Fri, 15 Sep 00 21:13:01 EDT
Contents:
Re: Diffie-Hellman Questions (DJohn37050)
Re: DH -> 3DES (DJohn37050)
Re: "Secrets and Lies" at 50% off ("David C. Barber")
Re: SDMI Crypto Challenge ("David C. Barber")
Re: Lossless compression defeats watermarks (Matthew Skala)
Error in CryptLib 3 by Peter Gutmann ???!!! ([EMAIL PROTECTED])
Re: Looking for Implementation Site ("rosi")
Specially for Dr. mike (with regard to patience, persistence, truth, ("rosi")
Re: Disappearing Email redux (Tommy the Terrorist)
Re: "Secrets and Lies" at 50% off (Tom St Denis)
Re: 20 suggestions for cryptographic algorithm designers (John Savard)
Re: "Secrets and Lies" at 50% off (Vernon Schryver)
Re: DH -> 3DES (Tom St Denis)
Re: SDMI Crypto Challenge (Tom St Denis)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 15 Sep 2000 21:13:57 GMT
Subject: Re: Diffie-Hellman Questions
The order of the generator should be a large prime. See IEEE P1363. There are
lots of mines to avoid.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: DH -> 3DES
Date: 15 Sep 2000 21:14:52 GMT
Possible as in before the galaxy freezes?
Don Johnson
------------------------------
From: "David C. Barber" <[EMAIL PROTECTED]>
Crossposted-To: comp.security,comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: Fri, 15 Sep 2000 14:36:13 -0700
I find Bruce's post to be On Topic for this group.
*David Barber*
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:8prii3$sla$[EMAIL PROTECTED]...
> I know you are well intentioned but for the same reason I don't like
> other spammers, I would suggest that you don't do this.
>
> If you want to talk about your book by all means go ahead, but you
> really are spamming this group.
>
> Just my two cents, and seriously no offence intended.
>
> Tom
------------------------------
From: "David C. Barber" <[EMAIL PROTECTED]>
Subject: Re: SDMI Crypto Challenge
Date: Fri, 15 Sep 2000 14:43:11 -0700
Just as a [wild] guess, they don't have 16 tracks of good music to offer at
the time.
Of course, "good" is a subjective term anyway. The band probably liked
every track they recorded, given the amount of effort it takes to get even
one track down.
*David Barber*
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:8prpdq$520$[EMAIL PROTECTED]...
> Why not release good music that people will not mind buying instead of
> selling rubish and hoping for some DMCA to protect you? Personally
> most cds have 16 tracks of pure garbage and two tracks you may actually
> like. Why not make an entire cd of good music. Paying 15 to 25 bucks
> for a cd is not terrible, given that it's worth it. Anyways, backto
> Napster :-)
------------------------------
From: [EMAIL PROTECTED] (Matthew Skala)
Subject: Re: Lossless compression defeats watermarks
Date: 15 Sep 2000 14:36:26 -0700
In article <[EMAIL PROTECTED]>,
Mike Rosing <[EMAIL PROTECTED]> wrote:
>If something is unique, then proof of ownership should be easy.
>A watermark isn't really needed. Proof of authorship is something
>different, and duplication of watermarks becomes a problem. I think
>crypto can help with the duplication problem, but nothing can
>stop removal.
The watermarks I was referring to are the kind that are meant to be hard
to remove - like those embedded in audio or video by "content
protection" schemes. The idea is supposed to be that if (for
instance) you connect the output of a DVD player to a recording device,
the recording device will detect the watermark and refuse to record the
signal, so that you have a hard time duplicating the content on the
DVD. If you force your recording device to record the content anyway,
playback devices are supposed to detect the watermark and refuse to play
the signal if it's recorded on consumer-recordable media. There's also
some talk of giving every "legitimate" copy of some content its own unique
watermark, so that then if "stolen" copies do get circulated, they can be
traced back to the original "thief".
The people who want to use this kind of watermark have a stake in seeing
that the watermarks aren't perceptible (because if they are, they'll
degrade the content quality and be hard to sell to the public) but also a
stake in seeing that they're hard to remove (because if they aren't,
people will be able to "steal" content easily). These two goals are
fundamentally in conflict.
Proof of ownership or authenticity would be better served by a signature.
By the way, the title of this message is of course an error - I meant to say
"lossy compression defeats watermarks".
--
Matthew Skala
[EMAIL PROTECTED] I'm recording the boycott industry!
http://www.islandnet.com/~mskala/
------------------------------
From: [EMAIL PROTECTED]
Subject: Error in CryptLib 3 by Peter Gutmann ???!!!
Date: Fri, 15 Sep 2000 21:46:36 GMT
Sorry for my English.
The following code "hangs up" under Windows NT - Visual Studio 6.0 SP3.
I'm using Peter Gutmann's CryptLib 3.0, downloaded from:
ftp://ftp.franken.de/pub/crypt/cryptlib/beta/cl30beta02.zip
on 30/08/2000.
The program causes an exception randomly. It rarely finishes the 100
times loop without causing the exception.
===================================================================
#define CHECKCODE(st) if (st){ char Txt[100]; sprintf (Txt,"Error %u
Line:%u ", st, __LINE__);\
MessageBox (NULL, Txt,"Error", MB_OK);}
void TestLib(void)
{
int status;
status = cryptInit();
status = cryptAddRandom( NULL, CRYPT_RANDOM_SLOWPOLL );
for (int i=0;i<100;++i)
{
// Create the public key
CRYPT_CONTEXT privKeyContext;
status = cryptCreateContext( &privKeyContext,
CRYPT_ALGO_RSA, CRYPT_MODE_PKC );
CHECKCODE (status);
status = cryptSetAttributeString( privKeyContext,
CRYPT_CTXINFO_LABEL, "Ga", 2);
CHECKCODE (status);
status = cryptGenerateKeyEx (privKeyContext,1024/8);
CHECKCODE (status);
status = cryptDestroyContext (privKeyContext);
CHECKCODE (status);
}
status = cryptEnd();
CHECKCODE (status);
}
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: Looking for Implementation Site
Date: Fri, 15 Sep 2000 19:53:10 -0400
Dear osiris,
Thanks for the reply.
If you are trying to point out a conflict in the two follow-ups, or
just a bit humorous, your point is very well taken. I really want to
thank you for giving me the chance of clarifying this.
If you are serious, use e-mail please. Thank you.
A partner does not have to be in a country/region as defined by
me as 'development site'. Things can be worked out if we can be
sure we break no laws. But such a site will be very desirable. As
to the geological difficulties, they may be overcome as well.
--- (My Signature)
root@localhost wrote in message <[EMAIL PROTECTED]>...
>rosi wrote:
>>
>> Looking for a place (for the development) in a country where
>> there is NO or little restrictions on cryptographic products with
>> regard to using, importing, exporting, etc. Anybody who would
>> partner and host such a site, please let me know. One that is
>> closest to the U.S. is the most desirable.
>>
>
>Ooops, I don't think I will be able to participate. Sorry.
>To have troubled you.
>
>-m-
>
>> --- (My Signature)
>
>--
> If children don't know why their grandparents did what they
>did, shall those children know what is worth preserving and what
>should change?
>
> http://www.cryptography.org/getpgp.htm
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Specially for Dr. mike (with regard to patience, persistence, truth,
Date: Fri, 15 Sep 2000 20:05:58 -0400
Dear Dr. mike,
Please let me start on a light note.
First, thank you for your patience in 'keep it that way!'. If you
enjoy doing it, please do.
Second, you, if I may ask, persist in what?
Third, what is the truth that is being carried in the post of yours?
Fourth, I feel greatly honored that you can find the time to reply
to my post, and let all people know you do not know what the
Announcement means. But you don't have to waste your precious
time with me. Go working on more important things. Serious! See
any post by rosi, just mark it as visited (and no one will doubt you
really did. Believe me).
Before I go at length here, let me explain why this post.
Let me tell you, it is always a debate in such situations. Do I
let it alone or should I feed this frenzy that the very persons
fanning on this are at the same time pleading that this be stopped?
I do not intent to fan the fire. This will be the last I post on this
issue concerning the Announcement, from which I intend to have
the fire moved away.
I moved this away from the thread of the Announcement for this
has little to do with the Announcement. I picked you of all those
replied in that thread is because you have such an 'Ode-of-Joy' type
slogan, and also because you are the only one that explicitly bears
the title Dr.
People who earned a PhD, must be intelligent, logical, communi-
catible. (Believe my this line of logic is sound). Therefore you can,
I believe, understand things better than most other people, even
though you Nope'd on the Announcement:
ROSi has decided to venture past concept into
implementation.
I do not blame you. You may have been born into the English speaking
world and my native tongue is not English.
But, if you care to, explain to the whole wide world, what you
do not understand about:
ROSi has decided to venture past concept into
implementation
??? Please do not play naivte. :) 'I just meant that I do/did not
understand'. Well, there is the post from Paul Rubin. I did not see
you post and say: No, I did not keep an archive. As in a message I
sent to people recently: I do not just read sheer words.
I am pretty much following the convention in Sigh!Crap'd that has
been followed by one that cried I did not. There were announcements
of some software package, which may include (2+x)DES for some x
in the range of 0 and 1 exclusive. So if that announcement was fine,
why wasn't mine. Is it that we all have to announce things of the grade
of (2+x)DES and nothing else? Why it is fine to announce the building
of a black list, or red list, or stupid list, but an announcement like mine
will have to be kind of made illegal to be blacklisted into triggering a
legal one? (BTW, 'stupid list' is a list keeping the names of stupid
people in the world, in case some do not know the right interpretation)
Dear Dr. mike, I find it is always a fabulous thing to let other
people have the last words. I give you the chance. I hope that you,
as the holder of PhD, will treasure that chance.
Thank you very much not for anything but serciously taking that
chance and making it the last words. Thank you again for taking
that chance seriously. And thank you one more time for making that
the last words.
--- (My Signature)
'Patience, persistence, truth,' --- Quotation from Dr. mike
P.S.
If you intend another thing: change the slogan, please let me
know to avoid my misquoting.
Also, when you have your last words, please be careful. Do not
play it: What's the big deal. Everyday there are people doing
implementation. First of all, it legitimates my post. There are
people posting to announce new products, new directions in
research etc. (you too perhaps?). Secondly, you trap yourself.
You did understand 'what the heck' that is about, but you
deliberately lied. So just be careful. Thanks.
------------------------------
From: Tommy the Terrorist <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,uk.legal
Subject: Re: Disappearing Email redux
Date: 15 Sep 2000 23:03:11 GMT
In article <[EMAIL PROTECTED]> Dan Kegel,
[EMAIL PROTECTED] writes:
>If you're worried about them holding keys for you, Disappearing Inc
>will cheerfully sell you a keyserver appliance you can run at your
>company. (The appliance can run without sending any data to outside
>servers, and you should be able to run it on an isolated network if
>you're paranoid.) That should take care of any worries about key
>escrow and trusting third parties, shouldn't it?
>All they guarantee is that the key is deleted from the servers
>and the plugins securely, and that no software from Disappearing Inc.
>makes plaintext copies of the key or the message.
Your statement is interesting, and _might_ ameliorate the problems I
suggested. I should point out, however, that I did not see either of the
above points at the company Web site when I looked at it. It is
important that such guarantees be given directly to customers in
unambiguous language on the main site from which the software is sold,
because from what news I've seen, statements made about privacy from
employees or others speaking off the tops of their heads in E-mail or
Usenet have no legal impact; the company is free to simply say "well, he
was wrong", and move on. As it is we've seen considerable evidence on
this group alt.privacy that companies can violate any privacy policy they
establish with a free hand, and suffer only the humiliation of having to
retroactively change their policy (to correspond to what they did) if the
FTC really feels like making an issue out of it. Or they can alter the
policy at their own initiative without penalty, or sell their assets and
let someone else alter the policy... well, you get the idea.
It is for that reason that the "keyserver appliance" you mention could be
important. However, the way that you describe this as being expensive (I
presume) hardware for a company to choose to buy may make it irrelevant.
Spying on people depends on what they _DO_, not what they _COULD_ do. A
person can have the right to set an 8-character password but it does
little good if it's his username - likewise, a company may feel that this
"disappearing e-mail" is securely deleted but what good does that do if
they happen not to buy this server and a remote site is subpoenaed for
the key, and told that under penalty of felony charges for "obstruction
of justice" that they are not allowed to tell anyone that they were
subpoenaed for the key? [and I tend to suspect that "being subpoenaed
for the key" will be an interaction that goes sort of like "Put your
hands on top of your head and wait for us to copy the hard drive ...
we'll find the right one later ..."]
Alternatively, the police could just continually tap the line between the
mirrored servers you mentioned. Sure, they'd need a warrant for that.
Do you suppose that it's more likely than not that ONE KEY sent between
those servers could be useful evidence in a criminal investigation?
For instance, the key used for E-mail messages sent by state police
agents posing as pedophiles and trading child pornography attachments
with each other, who the FBI claims to believe really are pedophiles when
going to court? Alternatively, there's always new legal theory. Are you
sure that the list of keys --- which are information regarding how to
open E-mail messages --- are absolutely positively NOT going to be
interpretable by a judge (sitting in a little locked courtroom in the FBI
building with no public audience) to be "envelope information" rather
than "content" and hence not even subject to search warrant requirements?
Keep in mind, for instance, that there is ALREADY the precedent that the
numbers you type on a phone during a conversation, such as credit card
numbers, calling card numbers, or numbers sent to a third party to make a
new call, are "envelope information" and NOT protected by any need for a
warrant. Last but not least, since I see this thread is in uk.legal I'm
wondering if one of the mirrored servers is in the UK, in which case
under that fascist-accursed R.I.P. bill you already *know* that the
communications to that server back and forth *will* be tapped, and it's
just a question of what is done with them!
The free standing key server, or some equivalent, seems like an
indispensible part of making this work at all.
Even if a person has the server, it is still CRUCIAL and as yet
unspecified that I can see either by you or on the Web site, is how the
key is generated. Is there one key per message? One key per date? The
source of randomicity --- is someone actually pressing buttons on that
key server like in PGP to establish a random number, or does it use a
"random" number generator? (And if so, how many "random" numbers are
there and how hard are they to guess...?) You see how all these basic
issues that a PGP user could simply look to the source for remain
unspecified and worrisome to the wary, cynical alt.privacy reader who has
learned to expect that his worst expectations will always be surpassed.
Even PGP has been found to have dangerous vulnerabilities and outright
fail to encrypt usefully on certain platforms, and that is a program that
supposedly was exposed to the highest scrutiny. And especially when the
key server sounds like a hardware "black box", a person wonders what is
being hidden inside. I might remind you that the record on this topic,
for instance with "56 bit" Netscape that turned out to be 40 bits and 16
zeroes, or "encrypted" cell phones that included a field with many
zeroes, or even the inability of the otherwise politically powerful DVD
movie industry to set up some encryption that a couple of teenagers
couldn't break in their free time, is not encouraging at all.
>Disappearing Inc's service is for use between parties that agree not
>to archive mail. If you don't trust someone to not archive mail,
>the Disappearing Inc. tool won't help you.
>If you don't want a third party to archive your email, don't let them
>get their hands on it.
While this doesn't seem to relate directly to the above issues (I'm
worried more about whether the KEYS are archived, intercepted, or
regenerated) I still find such a statement to be rather notable in the
context of the HTML-based interface...
P.S. Those keys deleted securely from the plugins...... how hard would
it be for a program, say a Netscape plug-in, to (ahem) copy a diagnostic
string from another plug-in I.E. YOUR PLUG-IN and (ahem) happen to upload
that while sending its producer "useful diagnostic information" about
what other plug-ins are running at a given moment? How many E-mails
would that key unlock? I realize that PGP could be attacked (and
probably is...) in similar ways but this plug-in idea just gives me the
creeps, since it seems to put the information in a tightly constrained
place and time with certain access of other code to it (I think... could
be wrong)
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: comp.security,comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: Sat, 16 Sep 2000 00:20:15 GMT
In article <8pu4r4$2ie4$[EMAIL PROTECTED]>,
"David C. Barber" <[EMAIL PROTECTED]> wrote:
> I find Bruce's post to be On Topic for this group.
If spamming about non-free cryptobooks is on topic all the power to him.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: 20 suggestions for cryptographic algorithm designers
Date: Sat, 16 Sep 2000 00:01:40 GMT
On Fri, 15 Sep 2000 10:13:50 -0700, Roger Schlafly
<[EMAIL PROTECTED]> wrote, in part:
>John Savard wrote:
>> I don't want to start a religious war here, but if you use
>> big-endian, the description of your algorithm will be easier to
>> understand, and less likely to be ambiguous by accident.
>Like what kinds of algorithms? Big-endian might be easier in
>a debugger, but I've never seen an algorithm description that
>was easier to understand in big-endian (unless the algorithm
>itself has some big-endian bias built in).
I'm thinking of algorithms that were designed with a *little-endian*
bias built in. These might confuse people who, due to being native
speakers of English, instead of, say, Arabic, have a big-endian bias
built into themselves.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Vernon Schryver)
Crossposted-To: comp.security,comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: 15 Sep 2000 18:05:20 -0600
In article <8pu1fv$a0t$[EMAIL PROTECTED]>,
Bill Unruh <[EMAIL PROTECTED]> wrote:
> ...
>You raised a possibly legitimate point, in asking whether the community
>felt that post was appropriate. The consensus was that it was ...
>From someone who should know better, that is so wrong that it is offensive.
It is so difficult to measure consensus in newsgroups that except in
extreme cases it is impossible. Almost any claim about consensus in a
newsgroup with non-trivial readership should be viewed as at best hyperbole.
> but then there is lots that is posted that I do not like, but just
>ignore. That is one of the "expenses" of a free public forum.
That's true, but it implies that most people who do not like the author's
regular price announcements have been silent. That bears not only on
claims about any consensus, but also on the financial interests of the
author. Just as I abruptly stopped buying from ComputerLiteracy when
Fatbrain refused to stop sending me targeted email announcements of
wonderful discounts, I'm less instead of more likely to buy this book.
Besides, isn't the book more about computer security than cyphers?
If so, no matter how interesting, valuable and low priced it is, the book
is not strictly relevant to sci.crypt.
>Is it "fair"? Sure. If you realise that the purpose of these things is
>to be a public forum in which people can try things and see what the
>response is. This is not some public debate where all sides must be
>given equal airtime. This is a discussion group where the topics for
>discussion are determined by the interests of the group. Sometimes they
>wander far afield, and have to be brought back.
> ...
So how about bringing the topics back from hawking a book?
The only effects that could have been expected from the latest announcement
are a flamewar about spam, pushing slow purchasers to buy the book now,
and offending others. Regardless of later announcements, anyone interested
in the book would surely check current prices from the two advertised
vendors as well others that have not been mentioned (and that are not
infamous email spammers).
Recall the endlessly repeated announcements of prices for another of
author's books a few years ago. When I finally got around to buying a
copy, I found that his special prices were not as good as I had inferred.
That's not to say he's other than honest, but that he can't and doesn't
know everything about how his books are sold.
> ...
>But what is the purpose of this post?
My purpose is to ask that all of you stop talking about prices for that
book. Two copies of essentially the same announcement, "vendors X and Y
have good prices; check for yourself," were sufficient. His announcments
meet the official "substantially identical" criterion and I estimate he
has reached BI ~= 8. (Not that there is any danger of a response from
the spam cancellers or his ISP's, or that I couldn't name some frequent
sci.crypt authors with 3 digit BI's.)
Please also reflect on cults of personality, both positive and negative.
I trust that the author appreciates those behind the letter writing
campaign to the Pope for his beatification little more than those who
demonize him.
Vernon Schryver [EMAIL PROTECTED]
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: DH -> 3DES
Date: Sat, 16 Sep 2000 00:46:42 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> Possible as in before the galaxy freezes?
> Don Johnson
To quote my earlier message in this thread
"There are so few weak DES keys that checking is generally not
required. You can though, test and reject them if you like..."
So shut up.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: SDMI Crypto Challenge
Date: Sat, 16 Sep 2000 00:50:11 GMT
In article <8pu587$2ij6$[EMAIL PROTECTED]>,
"David C. Barber" <[EMAIL PROTECTED]> wrote:
> Just as a [wild] guess, they don't have 16 tracks of good music to
offer at
> the time.
Then don't sell an entire cd until you do.
> Of course, "good" is a subjective term anyway. The band probably
liked
> every track they recorded, given the amount of effort it takes to get
even
> one track down.
Liked as in it would get them money. Nuff said really. I buy a cd
about once every three weeks, and get about 50 mp3s from napster in the
same time. So at 16 : 50 I think I am about covering the 5cents it
costs to make a cd.... let's figure the math.
50 mp3s is about 3 cds... each cd costs about 20 bucks, but cost 5cents
to make... so 1(20.00) - 3(0.05) = 19.85$ then by this account they owe
me 19 bucks :-)
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
