Cryptography-Digest Digest #758, Volume #12 Sat, 23 Sep 00 23:13:00 EDT
Contents:
Re: A Note on news groups. (SCOTT19U.ZIP_GUY)
Re: Music Industry wants hacking information for cheap (Scott Craver)
Re: New Strong Password-Authentication Software (Thomas Wu)
Re: What am I missing? (Scott Craver)
Re: A Note on news groups. (MIchael Erskine)
Re: Please verify (John Savard)
Re: How many possible keys does a Playfair cipher have? (John Savard)
Re: Please verify (John Savard)
Re: Please verify (John Savard)
Re: Big CRC polynomials? ("bubba")
Re: New Strong Password-Authentication Software (Benjamin Goldberg)
Re: A Note on news groups. ("Paul Pires")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: A Note on news groups.
Date: 24 Sep 2000 01:04:30 GMT
[EMAIL PROTECTED] (John A. Malley) wrote in
<[EMAIL PROTECTED]>:
>Paul Pires wrote:
>>
>> I don't know if anyone else has noticed but Usenet has been
>> acting stranger than usual lately. Particularly on the west coast.
>>
>> news-west.usenetserver.com
>>
>> From what I have been able to find out, a major player out west
>> has had problems, is trying to rebuild, and has off-loaded much
>> of their traffic to the east cost servers, mucking them up too.
>>
>> I see missing posts, Re: 's to new topics where the root post is
>> missing and reply's to reply's of some of my posts where I can't see
>> the first reply.
>
>I noticed this, too. I am also on the West Coast of the U.S.
>Gaps in threads appeared this week when viewing sci.crypt postings via
>news.compuserve.com.
>
>John A. Malley
>[EMAIL PROTECTED]
>
>>
>> Paul
I thought I read an article a while back that stated USENET is dying
and the transmissons interfers with other webstuff that people use
more frequently so it is not given the retransmission priority it
once had. I know is a lie "the interfer part" but how many
people use telenet any more. And yet here in El Paso the USENET stuff
is off for days when I call my ISP they act surprised since they
feel so few people use it I was the first to complain.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: Music Industry wants hacking information for cheap
Date: 24 Sep 2000 01:36:04 GMT
zapzing <[EMAIL PROTECTED]> wrote:
>
>So do you really beieve that *all* of
>the recording, copying, and playing equip.
>will be SDMI compliant ??? What if I want to
>put a private surveillance camera in my
>own house ???
You seem to be a bit confused about what SDMI is. The "DM"
in "SDMI" stands for DIGITAL MUSIC. SDMI is not going to be
applied to camcorders or TVs, but to portable devices for
playing digital music.
Also, you seem to be a bit confused about what watermarking is.
This won't prevent you from recording your own stuff, like
with a camera or a microphone.
Even if you connected a surveillance camera to a digital video
recording device with DVD watermark detection (which would be
stupid overkill, considering the low quality of the camera,)
it wouldn't somehow refuse to record. Input from your camera
won't have any watermark magically embedded in it! The
proposed DVD watermarking scheme would only refuse to record
something that has already been marked, "do not record."
>That the entertainment industry has a right to
>protect it's patents, I agree. That they have a
>right to protect them in this way, which would
>be so intrusive into people's lives that it's
>ridiculous, I disagree.
You don't think they have the legal power to do so? It's
very simple: if you want to manufacture and sell DVD
recorders, legally, you need to license their patents.
They won't let you use their patents unless you agree to
incorporate DVD watermark detection.
>Void where prohibited by law.
-S
------------------------------
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: New Strong Password-Authentication Software
Date: 23 Sep 2000 19:10:50 -0700
[EMAIL PROTECTED] (Bill Unruh) writes:
> In <[EMAIL PROTECTED]> Philip MacKenzie
><[EMAIL PROTECTED]> writes:
>
> ]*** PAK SOFTWARE AVAILABLE FOR DOWNLOAD ***
>
> ]Lucent has just released code for telnet and ftp with authentication
> ]based on the new PAK protocol, presented at the Eurocrypt 2000
> ]conference. PAK is a protocol for strong password-authenticated
> ]key exchange (much like EKE, SPEKE, and SRP) but has also
> ]been PROVEN secure (as secure as Diffie-Hellman in the
> ]random oracle model). If you believe that security proofs
>
> What is the difference between PAK and SRP say?
My biased opinion (insert smiley) is that the protocols accomplish the
same broad objectives, with different math. PAK alters the D-H
residues before sending them, SRP alters the D-H session key computation
afterwards. PAK is more like EKE and SPEKE in that both client and
server know the same password, while SRP is verifier-based, so the
server's secret isn't enough to impersonate a client. I believe there
is a variant of PAK called PAK-X that does this too, with a few more
protocol rounds and modexps. The PAK paper should have more details
on variants.
PAK has a security proof against active attacks, SRP's security proof
currently only covers passive attacks. On the other hand, SRP has
withstood years of analysis by some very smart people.
> ]are important (I certainly do), then you should consider
> ]checking out this new software. It is free for non-commercial use.
There are many choices for strong password protocols these days, and
more are continually being developed. Most of the differences are
in terms of efficiency, round complexity, whether or not the protocol
is verifier-based, depth of standardization, licensing terms, and
level of proven security. IMHO, there's enough variety to satisfy
anyone, and thus no real excuse to use a weak protocol (e.g. broken
challenge-response protocols or encrypt-and-send-password protocols)
anymore. The relatively small differences between these protocols is
swamped by the enormous difference between strong password protocols
in general and the broken authentication protocols that still plague
security software today.
--
Tom Wu * finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/srp/
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: What am I missing?
Date: 24 Sep 2000 02:11:07 GMT
Sagie <[EMAIL PROTECTED]> wrote:
>
>Funny fact: most music compressors nowadays are based on advanced
>psycho-acoustic models. In plain english it means that compression is
>achieved by removing inaudible information. The SDMI watermark is
>supposedly inaudible, but it is also supposedly resistent to MP3
>compression (which is based on a psycho-acoustic model). So this may
>mean one (or more) of the following:
I don't think it implies any of the following:
>1. SDMI watermark is not truly an inaudible watermark. We are all going
>to be fucked and receive screwed up music in exchange for our hardly-
>earned money.
Download the samples and listen to them. Can you hear anything?
There are a number of embedding methods that survive compression
and which are inaudible. Some schemes are bad, tho, and you can
hear the mark, but others are not so bad.
And I think you meant to say "hard" instead of "hardly." Me,
I work hard for me money. Maybe on weekends I hardly work.
>2. SDMI watermark is not truly resistent to MP3. They are trying to
>scare us all and make us think that our jolly MP3 days are over, but
>they're really not.
They do indeed survive MP3 compression. That is probably their
main design goal.
>3. SDMI watermark might slip through MP3 compression, but it really has
>no chance of resisting an advanced futuristic compression, whose nature
>is unknown at the time of designing the current watermark technology
>(i.e. *NOW*).
Possibility 4: compression is not perfect, and of course does
not remove ALL inaudible information. There are lots of
subtle modifications you can make to music that a compressor
can not remove.
Many of these schemes are based on techniques that clearly can't
be compressed out. And anything that survives MP3 or AAC
compression is going to survive subsequent codecs for a long time.
>In the information age there is no such thing as a "common case". I
>suppose RIAA thought that in the common case people would not download
>music as MP3s (well they sure were wrong, weren't they?).
Yes, that was an important lesson for the music industry.
I cringe whenever I see a cryptographic attack dismissed as
"too theoretical," or requiring programs most people don't
have. It's mostly just denial.
The L0pht had this problem with Microsoft, who wouldn't take
seriously their attacks on NT's password system. So they put
a nice GUI on it and made it publicly available.
>Yeah, but as I said before, I doubt if the SDMI watermark will resist
>new technology compression.
I'm pretty confident it will. Many clever methods will
survive anything the compression people can come up with.
You should read some papers on audio embedding methods,
and then see if you have any doubts.
>> It will allow you to do the former but not the latter---that
>> takes signal processing know-how. But then again, you gain
>> that kind of know-how partially by experimenting with these
>> things.
>
>Oh yeah. You got to be a DSP wiz to click menus... NOT!
I don't think you understand the amount of work that is
required to defeat a watermark, if you don't know the algorithm.
As important as it is to examine the clips, and to experiment boldly,
you're not just going to find it merely by examining the clip in
an audio tool, by clicking buttons.
Here's a challenge for you: watermark an image in Photoshop
using Digimarc's watermarking plug-in (last I checked this came free
with Photoshop,) and see if you can gain ANY INFORMATION WHATSOEVER
about how the watermark works just by clicking any of those buttons.
Throw in a program to do various tranforms like DCTs or FFTs if
you want.
The Digimarc mark is not garbage, but actually a very coherent
pattern that encodes a string of bits. 20 bucks says you'll never
find what those bits are, using this approach.
>The guy can run a frequency analysis, check the stereo image, see the
>magnitude level of the watermark signal, and that's only the beginning
>of it (all within a couple of clicks here and there). If this is not
>analysis then I don't know what is.
You don't know what is, I'm afraid. You must do more than just
"look" at the signal in various ways. You must actually try to
figure out what it means, how it is embedded, how it will be
different for different audio clips. You're merely describing
ways to get information about the audio, and while this information
is important _for_ analysis, it alone won't suddenly reveal the
hidden message to you.
Analogy: a couple years ago some guy started hawking a calculator
program in this group that could do conversion to binary and other
bases. His pitch was that we could take ciphertext, convert it
to base 3, or base 7, or base 2, and maybe if we just keep doing
this and "looking" at it we'll just see some crucial pattern.
Of course, with data encrypted w/ any modern cipher, you will
not ever spot a pattern by dicking around with a calculator.
Or by dicking around with some more advanced tools.
-S
------------------------------
From: MIchael Erskine <[EMAIL PROTECTED]>
Subject: Re: A Note on news groups.
Date: Sat, 23 Sep 2000 22:10:12 -0400
Paul Pires wrote:
>
> I don't know if anyone else has noticed but Usenet has been
> acting stranger than usual lately. Particularly on the west coast.
>
> news-west.usenetserver.com
>
> From what I have been able to find out, a major player out west
> has had problems, is trying to rebuild, and has off-loaded much
> of their traffic to the east cost servers, mucking them up too.
>
> I see missing posts, Re: 's to new topics where the root post is missing
> and reply's to reply's of some of my posts where I can't see the first reply.
>
> I have recently been flamed for ignoring reply's and I just want everybody
> to know that for us west coasters, things aren't going smoothly.
>
> Of course, this might be a blessing in disguise.
>
> Paul
Paul;
Things are not going smoothly on any news servers anywhere these days.
Same things are showing everywhere.
Major players everywhere are having problems. Perhaps six or eight
weeks
ago on a Saturday morning AOL reported they had been hacked on CNN.
The report played only thru the morning watch. It said that the AOL
spokes person had stated AOL had been hacked thru some mail script
or something. We weren't to worry though because they only got to about
thirty employees accounts AND THE CREDIT CARD NUMBERS.
Yep nothing to worry about. They stopped reporting it at about noon.
-m-
--
If children don't know why their grandparents did what they
did, shall those children know what is worth preserving and what
should change?
http://www.cryptography.org/getpgp.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Please verify
Date: Sun, 24 Sep 2000 02:23:19 GMT
On Sat, 23 Sep 2000 22:08:48 +0100, "Dr Evil" <[EMAIL PROTECTED]>
wrote, in part:
>> The only possible scenarios are:
>>
>> 1.) The person used a *very* weak pass phrase, something that a dictionary
>> attack would easily get
>> 2.) The RNG used to generate the key was severely bugged (or something
>> similar)
>
>How do you know? Do you work for the NSA in precisely the appropriate
>department, or have you mathematically proved something about the security
>of RSA?
Why do you need to work for the NSA?
This wasn't about the NSA cracking someone's 4096-bit key in 17 hours
with their computers.
This was about an ordinary person like you or I cracking a 4096-bit
key in 17 hours on a couple of Athlons.
I'm sure that if just anyone could do that, the word would be out.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: How many possible keys does a Playfair cipher have?
Date: Sun, 24 Sep 2000 02:10:02 GMT
On Sat, 23 Sep 2000 15:06:50 -0700, David Empey
<[EMAIL PROTECTED]> wrote, in part:
>"Douglas A. Gwyn" wrote:
>> John Savard wrote:
>> > [EMAIL PROTECTED] (Alex) wrote, in part:
>> > >How many possible keys does a Playfair cipher have?
>> > 25! , or more if the letter to omit can be varied as well.
>> However, many of those keys are equivalent (in the sense that they
>> will produce the same encipherment). So the answer is 24!, unless
>> somebody can find some more equivalences.
>How about reflection around the main diagonal? Wouldn't that work?
>Or did you already include that in your figure?
Obviously, 24! is derived from 25! by changing the starting point, so
indeed you also have a valid correction: 24!/2, since neither parity
reversal nor decimation will yield the same cipher.
Sorry, that isn't quite right. While parity reversal and decimation
don't work because moving one down and one left when the letters are
in the same column or row wouldn't work,
reflection about the main diagonal doesn't work because when the two
letters are _not_ in the same row or column, each takes it's own row,
and the column of the other letter. This rule distinguishes between
rows and columns.
So D. A. Gwyn had the right answer.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Please verify
Date: Sun, 24 Sep 2000 02:24:53 GMT
On Sat, 23 Sep 2000 22:05:45 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote, in part:
>Not to mention brute force searching of a RSA key is a very stupid idea.
True, but factoring one would take longer than 17 hours on an Athlon
too.
It was *his own key*, so he probably just brute-force searched for the
part of his pass phrase he couldn't remember. That would make sense.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Please verify
Date: Sun, 24 Sep 2000 02:21:45 GMT
On Sat, 23 Sep 2000 15:37:12 GMT, [EMAIL PROTECTED] (JAMES
LANKTON) wrote, in part:
>but now a friend told me, he had tried a brute force attack on his own key
>using a cluster with four athlon 1 ghz and each 1 gb of ram (linux of course
>;) ) and it took about 17 hours to get the 4096 bit key.
Since it was his own key, maybe he remembered parts of his pass phrase
or something like that.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "bubba" <[EMAIL PROTECTED]>
Subject: Re: Big CRC polynomials?
Date: Sun, 24 Sep 2000 02:43:28 GMT
Try this experiment on a scaled down example. Use CRC, use checksum.
Evaluate ALL files. Obviously the results will be equal, because each check
code aliases to the same number of different files. It is not really that
hard.
Maybe I will write a program to demonstrate.
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:8qighe$v1s$[EMAIL PROTECTED]...
> In article <An2z5.3775$[EMAIL PROTECTED]>,
> "bubba" <[EMAIL PROTECTED]> wrote:
> > I must disagree.
> >
> > Say you have many files, each 2^20 bytes in length and you are going
> to use
> > 256 check bits.
> >
> > The set of files of length 2^20 consists of 2^8388608 unique files
> but
> > there are only
> > 2^256 check codes. So each check code, weather sum of CRC, is share
> among
> > 2^8388352
> > files. So many, many files have the same check, and that why neither
> check
> > scheme is perfect.
> >
> > The superiority of either check scheme depends on the differences in
> the
> > files. In the case
> > of my unstated assumption of random data, I believe that I can
> demonstrate
> > (perhaps with
> > a smaller example) that neither is better. But if the files are all
> almost
> > identical, and
> > the differences are limited to a single burst of 256 bits or less,
> the CRC
> > is better because
> > it will always distinguish the files.
>
> I strongly disagree. Try this math "1 xor 1 xor 1 xor 1 = 1 xor 1".
> So four differences are the same as two differences...A CRC has the
> property that even/odds errors will not always result in the same
> checksum.
>
> At either case, if you need a 128-bit checksum use MD4 or MD5 or alike.
>
> Tom
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: New Strong Password-Authentication Software
Date: Sun, 24 Sep 2000 02:54:31 GMT
Thomas Wu wrote:
[snip]
> PAK is more like EKE and SPEKE in that both client and server know the
> same password, while SRP is verifier-based, so the server's secret
> isn't enough to impersonate a client.
Saying that the SRP server doesn't know enough to impersonate a client
implies that a PAK server does... I don't know much about either
protocol, but does this mean that a person with access to the data files
of a PAK server can impersonate the client to another PAK server, or
does it mean that he has the password in the clear?
That last possibility sounds very bad.
--
... perfection has been reached not when there is nothing left to
add, but when there is nothing left to take away. (from RFC 1925)
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: A Note on news groups.
Date: Sat, 23 Sep 2000 19:59:15 -0700
Thanks for the note.
You'd think that if they can grant public access TV they could
at least keep this forum alive. The internet seems to be sinking
to the level of expectation of the lowest common denominator.
We'll have shock wave and streaming media but no conversation.
If this forum goes away, I guess us addicts can always try the virtual bimbo
chat rooms :-)
Paul
MIchael Erskine <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Paul Pires wrote:
> >
> > I don't know if anyone else has noticed but Usenet has been
> > acting stranger than usual lately. Particularly on the west coast.
> >
> > news-west.usenetserver.com
> >
> > From what I have been able to find out, a major player out west
> > has had problems, is trying to rebuild, and has off-loaded much
> > of their traffic to the east cost servers, mucking them up too.
> >
> > I see missing posts, Re: 's to new topics where the root post is missing
> > and reply's to reply's of some of my posts where I can't see the first
reply.
> >
> > I have recently been flamed for ignoring reply's and I just want everybody
> > to know that for us west coasters, things aren't going smoothly.
> >
> > Of course, this might be a blessing in disguise.
> >
> > Paul
>
> Paul;
>
> Things are not going smoothly on any news servers anywhere these days.
>
> Same things are showing everywhere.
>
> Major players everywhere are having problems. Perhaps six or eight
> weeks
> ago on a Saturday morning AOL reported they had been hacked on CNN.
>
> The report played only thru the morning watch. It said that the AOL
> spokes person had stated AOL had been hacked thru some mail script
> or something. We weren't to worry though because they only got to about
> thirty employees accounts AND THE CREDIT CARD NUMBERS.
>
> Yep nothing to worry about. They stopped reporting it at about noon.
>
> -m-
>
> --
> If children don't know why their grandparents did what they
> did, shall those children know what is worth preserving and what
> should change?
>
> http://www.cryptography.org/getpgp.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
