Cryptography-Digest Digest #696, Volume #12 Sun, 17 Sep 00 01:13:01 EDT
Contents:
Re: ExCSS Source Code (David A. Wagner)
MY "DSC" (SCOTT19U.ZIP_GUY)
Re: Music Industry wants hacking information for cheap (Scott Craver)
Re: SDMI Crypto Challenge (Scott Craver)
Re: SDMI Crypto Challenge (Scott Craver)
Re: More Bleh from a Blahish person. ;) ("Douglas A. Gwyn")
Re: Tying Up Loose Ends - Correction ("Douglas A. Gwyn")
Re: Intel's 1.13 MHZ chip ("Douglas A. Gwyn")
Re: ExCSS Source Code ("Douglas A. Gwyn")
Re: Tying Up Loose Ends - Correction (SCOTT19U.ZIP_GUY)
Re: QUESTION ABOUT ALGORITHMS ("Big Boy Barry")
Re: RSA?? ("David Fabian")
Re: Double Encryption Illegal? (wtshaw)
Re: Lossless compression defeats watermarks ("G. Orme")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: ExCSS Source Code
Date: 16 Sep 2000 18:09:38 -0700
Bryan Olson <[EMAIL PROTECTED]> wrote:
> If I had a way to control the player market, I think I could
> figure out a more profitable strategy than giving away
> licenses to my competitors without charge.
If you wanted to control the player market to make sure no players that
could skip past commercials became available on the open market, one
way to do that would be to use CSS licensing. Fees are not the only
form of restrictions found in licenses!
(Actually, I do not think it is without charge; I believe there is a $10k
fee, and a great amount of potential liability incurred by the licensee.
But that's not essential here.)
It is in this sense that the CSS license could arguably be viewed as
player control. If you prefer to call it as content control, that's fine,
call it what you like, but it doesn't change one of the most fundamental
issues in the DVD DMCA case: does the DMCA have the effect of preventing
me from exercising my fair use rights?
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: MY "DSC"
Date: 17 Sep 2000 01:13:03 GMT
When one encrypts or compresses as in a BWT one can get stuck
with a varible that points to the postion in the string. THe
varible which has a value 0 to N-1 where N is the lenght of
string may need to be added to the file. I have code which
maps any binary 8bite file to a file with a long attached that
will always be in the correct range. THis is value in BWT compressions
when an encryption has occured and the enemy is testing a key
why shorten the false solution space to an attacker. A way waste
space by not using a routine like this it is at my website
THe neat part is if a file is 256 bytes long you not only never
combine to a file longer than 257 bytes but many times you
combine to make a shorter file.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: Music Industry wants hacking information for cheap
Date: 17 Sep 2000 01:33:32 GMT
Daniel Leonard <[EMAIL PROTECTED]> wrote:
>On Wed, 13 Sep 2000, David C. Barber wrote:
>
>> (SDMI for the not completely informed is Secure Digital Music Initiative.
>> The concept is that they can embed information into the music stream that
>> cannot be filtered out, will survive various
>> decompression/recompression/format conversions, and will still tell SDMI
>> compliant players not to play or allow copies. This is all while the rest
>> of the world chugs along on MP3.)
>
>As someone said here no long ago, intercept and record the data stream
>between the apps that does the decyphering and the driver for the
>videocard, you will get the plaintext...
This won't work. The technology in question is not encryption,
but steganography. The "plaintext" contains within it the
"don't play me" label, and it is not removed before being sent
to the speakers.
>Daniel L=E9onard
-S
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: SDMI Crypto Challenge
Date: 17 Sep 2000 01:43:24 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
>
>If I can play the audio on my comp I can rip it. Plain and simple.
>And since MP3 technology already exists I can re-encode it to a
>suitable form.
I think you might be confusing SDMI with encryption. This
is not audio encryption, but audio watermarking. When you
rip the CD to your hard drive and MP3 compress it, the
"don't record me" labels will (they hope) survive inside
the music. Then, later, some black-box MP3 recorder will
refuse to make a copy of it.
>Why not release good music that people will not mind buying instead of
>selling rubish and hoping for some DMCA to protect you?
Kids are forking out gobs of cash as it is, that's why.
Maybe it's a search for a cause: any slump in sales our
recording industry might blame on MP3 piracy rather than a
preponderance of NKOTB-type bands.
Heard an interview this past year with Billy Corgan, who
pointed out that we pass through this musical dark side
periodically, and in fact we need it. Good music appears
almost as an immune response, after we are sick to death of
airbrushed pop. When we forget, the industry sinks back
into airbrushed pop.
>most cds have 16 tracks of pure garbage and two tracks you may actually
>like. Why not make an entire cd of good music. Paying 15 to 25 bucks
>for a cd is not terrible, given that it's worth it. Anyways, backto
>Napster :-)
TWENTY-FIVE BUCKS? I haven't bought music in a long time.
>Tom
-S
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: SDMI Crypto Challenge
Date: 17 Sep 2000 01:45:51 GMT
Jim Gillogly <[EMAIL PROTECTED]> wrote:
>
>There are no details at http://www.hacksdmi.com yet, so I don't know
>whether they're planning to make the algorithms and/or source code
>available, or whether it's another of these bogus CYA "Here's some
>content, can you read it?" challenges.
Well,
The challenge data does consist solely of content, no
described algorithms, no embedding/detecting software.
You can't even tell if you succeeded in cracking the scheme
unless you submit what you think is a cracked file to them.
They'll run the detector on it themselves and mail you the
results. It seems as if they won't do this until much later,
maybe after the challenge is over!
And you only have 3 weeks. But this is stego, not crypto.
> Jim Gillogly
-S
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: More Bleh from a Blahish person. ;)
Date: Sat, 16 Sep 2000 21:55:58 -0400
Simon Johnson wrote:
> What i'm saying is this (not sure if this has been proven/disproven):
> Every mapping of n bits to n bits has a function that will describe it.
> Does this make any sense?
It makes sense, but with the standard mathematical meanings of the
terms it is false. A function is a relation such that each member
of the domain is associated with exactly one member of the range
(although a range member may be the image of more than one domain
member). Thus the mapping (4 bits identified by index number):
0->1, 0->3, 1->2, 3->0
fails to be a function on two counts: 0 maps to more than one
member of the range, and 2 has no corresponding range member.
Every relation between two finite sets, function or not, can be
described explicitly, as I did for the example relation above.
> So like: Say we wanted a 8x8 s-box. Instead of using a fixed table, we
> could use an maths function. let F(X) = X + 1 mod 256. We take x and
> compute F(X), F(X) then substitues x. If this doesn't make sense, i
> give up ;)
Some S-boxes can be described in simple algebraic terms, while
others require more complicated expressions.
> Does a function exist that can describe every s-box?
Any *given* S-box can be described by an explicit algebraic
function, essentially the equivalent of:
if input is 0000 then output is 100100;
if input is 0001 then output is 110010;
if input is 0010 then output is 010001;
etc.
It is evidently easier just to give a table.
> If so, then some of these functions must duplicate the *best*
> s-boxes one can produce.
We don't know what that means. How do you measure the "goodness"
of an S-box in isolation?
If you mean that some such functions are "better balanced" and
"less linear" than others, sure; discussions based on that have
been proceeding in other threads of sci.crypt. Just how
critical those properties really are to the impenetrability of
an overall system has been the subject of some debate.
> Say i found such a function in GF(2^32). I could then use this one
> function as my entire f-function, in a Feistel based cipher. Lets say i
> added the round key to the plain-text chunk being encrypted, mod
> (2^32). How many rounds would this require before the best linear and
> differential attack requires more known plain-text blocks than exist?
How does the key come into play? If I understand what you propose,
32 bits of known plaintext would suffice to recover the key. That's
the problem with using a single fixed, known S-box that has the
same output width as input width. It's perfectly invertible.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Tying Up Loose Ends - Correction
Date: Sat, 16 Sep 2000 21:58:21 -0400
"SCOTT19U.ZIP_GUY" wrote:
> [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
> >... one can simply create an end-of-file symbol in
> >the Huffman scheme and then fill to whatever boundary
> >one wants.
> Yes and that minor changes greatly reduce the secruity
> of the thing your encrypting. But It is obvious you don't
> see how.
It would be infinitely more useful to simply tell us how.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Intel's 1.13 MHZ chip
Date: Sat, 16 Sep 2000 22:08:24 -0400
Jerry Coffin wrote:
> Let's see if I've got this straight. You're trying to imply ...
No, I'm saying that you have invented a picture of how major
computer procurements have occured in the NSA that if true
would constitute malfeasance on the part of high-ranking
public officials, without providing any evidence to back it up.
Such accusations are serious matters, not to be made frivolously.
Indeed, you could be running afoul of the libel laws.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: ExCSS Source Code
Date: Sat, 16 Sep 2000 22:10:47 -0400
David A Molnar wrote:
> Also the licensing of players. Since you can't build a player without
> implementing CSS.
Actually, you could -- e.g. ship a copy of the disk data off via
high-speed link to some existing player and ship back the audio
in a non-CSS encoded form. Probably not feasible any time soon,
but someday things like this might be done.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Tying Up Loose Ends - Correction
Date: 17 Sep 2000 02:38:52 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in <[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" wrote:
>> [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
>> >... one can simply create an end-of-file symbol in
>> >the Huffman scheme and then fill to whatever boundary
>> >one wants.
>> Yes and that minor changes greatly reduce the secruity
>> of the thing your encrypting. But It is obvious you don't
>> see how.
>
>It would be infinitely more useful to simply tell us how.
>
One if you use a random key what is the chance that the
decompression will even hit the stop code. If it does not
then you obviously can reject that candidate. Of course if you
want to just say a few lines and pad to a million bytes then
you may hit the stop code. But where does one get these nice
random bytes. The only safe way to use a stop code is for short
messages with lots of varible length random padding. But to pad
just a couple of bytes. Means when one is testing a random key
if the stop code is hit it must be in some fixed range. Not very
likely to occur. Don't for get with laws like RIP if one uses
compression and encryption one may have to come up with a key to
stay out of jail. If only one key decrypts and uncompresses you
could be in trouble if you get remember it or if you can and its
stuff you don't want big brother to stick his nose into.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Big Boy Barry" <[EMAIL PROTECTED]>
Subject: Re: QUESTION ABOUT ALGORITHMS
Date: Sun, 17 Sep 2000 03:47:37 GMT
If someone publsihes an algorithm, can someone else patent it?
"Melinda Harris" <[EMAIL PROTECTED]> wrote in message
news:hBKw5.30993$[EMAIL PROTECTED]...
> Ladies and Gentlemen
> Can anyone tell me how to patent an algorithm. Where to go. What to sign
and
> how much it costs???
> Any response would be greatly appreciated
> EIA
>
>
------------------------------
From: "David Fabian" <[EMAIL PROTECTED]>
Subject: Re: RSA??
Date: Sat, 16 Sep 2000 23:06:24 -0500
Rich Wales <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Someone (I'm not sure who) wrote:
>
> > > > Can any government in the world crack [RSA]?
>
> Bill Unruh replied:
>
> > > If they can, they have not told anyone.
>
> Doug Stell replied:
>
> > Nor would they tell anyone. It would clearly be in their
> > best interest (the interest of national security) if they
> > could crack it and everyone else (the bad guys) thought
> > it was secure enough to feel comfortable using it.
>
> OK, how about this little thought experiment. Suppose you somehow
> stumbled upon an easy solution to one of the "hard" math problems that
> form the basis for modern cryptography -- factorization, discrete
> logarithms, etc. If your discovery were to become common knowledge,
> it would render much of the present-day crypto infrastructure useless.
>
> What would you do?
>
> Would you post your work to the net immediately, before any government
> agency had a chance to suppress it -- figuring that everyone currently
> depending on encryption needed to know about the problem ASAP, and
> perhaps hoping to secure fame and fortune for yourself (or at least
> make it impossible for anyone -- spooks, organized crime, etc. -- to
> pressure or threaten you regarding dissemination of your discovery)?
This would compromise: (1) e-commerce and government communication,
and (2) all previously-intercepted-but-not-yet-deciphered communication.
You would become notorious, but possibly face charges of treason, for
compromising national security.
> Would you keep your discovery a deeply guarded secret forever -- for
> fear of what it would do to human rights groups which depend on PGP,
> or because it could lead to a collapse of a world economy dependent
> on secure e-commerce, or perhaps out of a concern over what your own
> government's spooks might decide to do to you covertly if they ever
> found out about your work?
This is the safest choice, if you are worried about losing your own life.
> Would you try to report your work to your own government's security
> people, to make sure they knew about it (in case they didn't already)
> -- even though this might well mean you would be forbidden to speak a
> word about it to anyone else, might find travel restrictions imposed
> upon you, or could even become the target of foreign spies or crime
> bosses eager to get their hands on your discovery?
You would help your country compromise others' data, while alerting
it to the danger of relying on RSA for its own data.
You would probably get hired by your government; but, as in any case
where you are privy to such sensitive information, your take certain risks.
> Would you do something else altogether?
>
> Rich Wales [EMAIL PROTECTED] http://www.webcom.com/richw/
> PGP 2.6+ key generated 2000-08-26; all previous encryption keys REVOKED.
> RSA, 2048 bits, ID 0xFDF8FC65, print 2A67F410 0C740867 3EF13F41 528512FA
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: comp.databases.oracle
Subject: Re: Double Encryption Illegal?
Date: Sat, 16 Sep 2000 21:56:15 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
...
> You meant it should be triple, like 3-DES??
>
> M. K. Shen
When a person uses 3-DES, they are single encrypting with 3-DES. An
algorithm can be made of any conbination of steps. When two or more
pieces are combined, the result is one piece. Consider that such a
request, regulation, standard, whim, or pipe dream to limit so called
double encryption is a fog to confuse whereever possible; ambiguity shows
dualism of purpose.
--
Rats! (What Gov. Bush is apt to say the morning after the election)
------------------------------
From: "G. Orme" <[EMAIL PROTECTED]>
Subject: Re: Lossless compression defeats watermarks
Date: Sun, 17 Sep 2000 05:07:12 GMT
"David A Molnar" <[EMAIL PROTECTED]> wrote in message
news:8q08oh$773$[EMAIL PROTECTED]...
> G. Orme <[EMAIL PROTECTED]> wrote:
> > fequencies too high or low to be noticed by the listener. In a movie one
> > could make a digitial signal in say a corner of the picture that was in
say
> > every tenth frame, which spelled out a code. It might be a particular
> > sequence of hues for example.
>
> This is exactly the sort of stuff which is vulnerable to lossy
> compression. What happens when JPEG decides that all of the hues you chose
> as a watermark are indistinguishable to the human eye and replaces them
> all with one color?
>
> -david
G. I think it would be a matter of trial and error to see what survived the
compression process. In another example one might add a small shape in a
movie in selected frames, and the list of frame numbers represents the
coding.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
